On Tue, 31 Oct 2017, Hao Chen wrote:
[root@xcvms196 configs]# ip x p
src 10.0.146.196/32 dst 10.0.161.34/32
dir out priority 2080 ptype main
mark -1/0xffffffff
Oops, it should never have -1 there. turned out we couldn't really
test for -1 because it is an unsigned int.
Please try the attached patch. It works for me on 3.22, but I think
it should work fine on 3.20 as well.
Paul
diff --git a/programs/pluto/connections.c b/programs/pluto/connections.c
index 2c61def16..08f0cb6de 100644
--- a/programs/pluto/connections.c
+++ b/programs/pluto/connections.c
@@ -1215,6 +1215,9 @@ static bool preload_wm_cert_secrets(const struct
whack_message *wm)
static void mark_parse(char *wmmark, struct sa_mark *sa_mark) {
char *mask_start = strstr(wmmark,"/");
+ if (strneq(wmmark, "-1", 2)) {
+ sa_mark->unique = TRUE;
+ }
sa_mark->val = strtol(wmmark, &mask_start, 0);
if (mask_start != wmmark && *mask_start == '/')
sa_mark->mask = strtol(mask_start + 1, NULL, 0);
@@ -2040,8 +2043,7 @@ struct connection *instantiate(struct connection *c,
const ip_address *him,
d->log_file = NULL;
d->log_file_err = FALSE;
- if (c->sa_marks.in.val == UINT_MAX) {
- /* -1 means unique marks */
+ if (c->sa_marks.in.unique) {
d->sa_marks.in.val = global_marks;
d->sa_marks.out.val = global_marks;
global_marks++;
diff --git a/programs/pluto/connections.h b/programs/pluto/connections.h
index 86e521820..8e880f757 100644
--- a/programs/pluto/connections.h
+++ b/programs/pluto/connections.h
@@ -211,6 +211,7 @@ struct spd_route {
struct sa_mark {
uint32_t val;
uint32_t mask;
+ bool unique;
};
struct sa_marks {
struct sa_mark in;
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
