1 files changed, 51 insertions, 0 deletions

diff --git a/debian/patches/tac_connect_set_dscp.patch b/debian/patches/tac_connect_set_dscp.patch
new file mode 100644
index 0000000..3eea978
--- /dev/null
+++ b/debian/patches/tac_connect_set_dscp.patch
@@ -0,0 +1,51 @@
+--- a/libtac/include/libtac.h
++++ b/libtac/include/libtac.h
+@@ -130,6 +130,7 @@ extern int tac_readtimeout_enable;
+ /* connect.c */
+ extern int tac_timeout;
+ 
++void tac_set_dscp(uint8_t val);
+ int tac_connect(struct addrinfo **, char **, int);
+ int tac_connect_single(struct addrinfo *, const char *, struct addrinfo *, int);
+ char *tac_ntop(const struct sockaddr *);
+--- a/libtac/lib/connect.c
++++ b/libtac/lib/connect.c
+@@ -34,6 +34,13 @@
+ /* Pointer to TACACS+ connection timeout */
+ int tac_timeout = 5;
+ 
++unsigned int tac_dscp = 0;
++
++void tac_set_dscp(uint8_t val) {
++    /* Value should already be left shifted by 2 bits (those are used for ECN) */
++    tac_dscp = val;
++}
++
+ /* Returns file descriptor of open connection
+    to the first available server from list passed
+    in server table.
+@@ -91,6 +98,24 @@ int tac_connect_single(struct addrinfo *
+         return LIBTAC_STATUS_CONN_ERR;
+     }
+ 
++    switch (server->ai_family) {
++        case AF_INET:
++            rc = setsockopt(fd, IPPROTO_IP, IP_TOS, &tac_dscp, sizeof tac_dscp);
++            break;
++        case AF_INET6:
++            rc = setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, &tac_dscp, sizeof tac_dscp);
++            break;
++        default:
++            rc = 0;
++    }
++    if (rc < 0) {
++        TACSYSLOG((LOG_ERR,"%s: setsockopt(%s) error: %s", __FUNCTION__,
++            server->ai_family == AF_INET ? "IP_TOS" : "IPV6_TCLASS",
++            strerror(errno)))
++        close(fd);
++        return LIBTAC_STATUS_CONN_ERR;
++    }
++
+     /* get flags for restoration later */
+     flags = fcntl(fd, F_GETFL, 0);
+