Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packets
authorMartin Willi <martin@revosec.ch>
Wed, 6 Feb 2013 14:19:32 +0000 (15:19 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 6 Feb 2013 14:36:36 +0000 (15:36 +0100)
src/libcharon/plugins/stroke/stroke_config.c
src/starter/args.c
src/starter/confread.h
src/starter/keywords.h
src/starter/keywords.txt
src/starter/starterstroke.c
src/stroke/stroke_msg.h

index 0f40356..7bca94d 100644 (file)
@@ -235,7 +235,7 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg
                                                         msg->add_conn.other.allow_any,
                                                         msg->add_conn.other.ikeport,
                                                         msg->add_conn.fragmentation,
-                                                        0);
+                                                        msg->add_conn.ikedscp);
        add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, NULL);
        return ike_cfg;
 }
index 390062a..5fbf518 100644 (file)
@@ -33,6 +33,7 @@ typedef enum {
        ARG_TIME,
        ARG_ULNG,
        ARG_ULLI,
+       ARG_UBIN,
        ARG_PCNT,
        ARG_STR,
        ARG_LST,
@@ -146,6 +147,7 @@ static const token_info_t token_info[] =
        { ARG_MISC, 0, NULL  /* KW_MOBIKE */                                           },
        { ARG_MISC, 0, NULL  /* KW_FORCEENCAPS */                                      },
        { ARG_ENUM, offsetof(starter_conn_t, fragmentation), LST_fragmentation         },
+       { ARG_UBIN, offsetof(starter_conn_t, ikedscp), NULL                            },
        { ARG_TIME, offsetof(starter_conn_t, sa_ike_life_seconds), NULL                },
        { ARG_TIME, offsetof(starter_conn_t, sa_ipsec_life_seconds), NULL              },
        { ARG_TIME, offsetof(starter_conn_t, sa_rekey_margin), NULL                    },
@@ -399,6 +401,21 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base,
                        }
                }
                break;
+       case ARG_UBIN:
+               {
+                       char *endptr;
+                       u_int *u = (u_int *)p;
+
+                       *u = strtoul(kw->value, &endptr, 2);
+
+                       if (*endptr != '\0')
+                       {
+                               DBG1(DBG_APP, "# bad binary value: %s=%s", kw->entry->name,
+                                        kw->value);
+                               return FALSE;
+                       }
+               }
+               break;
        case ARG_TIME:
                {
                        char *endptr;
index a0f6234..8dd5608 100644 (file)
@@ -148,6 +148,7 @@ struct starter_conn {
                ipsec_mode_t    mode;
                bool            proxy_mode;
                fragmentation_t fragmentation;
+               u_int           ikedscp;
                sa_option_t     options;
                time_t          sa_ike_life_seconds;
                time_t          sa_ipsec_life_seconds;
@@ -246,4 +247,3 @@ extern starter_config_t *confread_load(const char *file);
 extern void confread_free(starter_config_t *cfg);
 
 #endif /* _IPSEC_CONFREAD_H_ */
-
index f776f33..4a96a41 100644 (file)
@@ -43,6 +43,7 @@ typedef enum {
        KW_MOBIKE,
        KW_FORCEENCAPS,
        KW_FRAGMENTATION,
+       KW_IKEDSCP,
        KW_IKELIFETIME,
        KW_KEYLIFE,
        KW_REKEYMARGIN,
@@ -186,4 +187,3 @@ typedef enum {
 } kw_token_t;
 
 #endif /* _KEYWORDS_H_ */
-
index 1f16412..cd964b0 100644 (file)
@@ -41,6 +41,7 @@ aaa_identity,      KW_AAA_IDENTITY
 mobike,                   KW_MOBIKE
 forceencaps,       KW_FORCEENCAPS
 fragmentation,     KW_FRAGMENTATION
+ikedscp,           KW_IKEDSCP,
 ikelifetime,       KW_IKELIFETIME
 lifetime,          KW_KEYLIFE
 keylife,           KW_KEYLIFE
index 4f9e8fb..9d09645 100644 (file)
@@ -181,6 +181,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
        msg.add_conn.mobike = conn->options & SA_OPTION_MOBIKE;
        msg.add_conn.force_encap = conn->options & SA_OPTION_FORCE_ENCAP;
        msg.add_conn.fragmentation = conn->fragmentation;
+       msg.add_conn.ikedscp = conn->ikedscp;
        msg.add_conn.ipcomp = conn->options & SA_OPTION_COMPRESS;
        msg.add_conn.install_policy = conn->install_policy;
        msg.add_conn.aggressive = conn->aggressive;
@@ -330,4 +331,3 @@ int starter_stroke_configure(starter_config_t *cfg)
        }
        return 0;
 }
-
index e972a59..b2df887 100644 (file)
@@ -262,6 +262,7 @@ struct stroke_msg_t {
                        int close_action;
                        u_int32_t reqid;
                        u_int32_t tfc;
+                       u_int8_t ikedscp;
 
                        crl_policy_t crl_policy;
                        int unique;