1 files changed, 32 insertions, 3 deletions

diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h
index d566da3ec..e3b59e656 100644
--- a/src/libcharon/config/child_cfg.h
+++ b/src/libcharon/config/child_cfg.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2017 Tobias Brunner
+ * Copyright (C) 2008-2018 Tobias Brunner
  * Copyright (C) 2016 Andreas Steffen
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -135,11 +135,13 @@ struct child_cfg_t {
 	 * @param local			TRUE for TS on local side, FALSE for remote
 	 * @param supplied		list with TS to select from, or NULL
 	 * @param hosts			addresses to use for narrowing "dynamic" TS', host_t
+	 * @param log			FALSE to avoid logging details about the selection
 	 * @return				list containing the traffic selectors
 	 */
 	linked_list_t *(*get_traffic_selectors)(child_cfg_t *this, bool local,
 											linked_list_t *supplied,
-											linked_list_t *hosts);
+											linked_list_t *hosts, bool log);
+
 	/**
 	 * Get the updown script to run for the CHILD_SA.
 	 *
@@ -190,6 +192,13 @@ struct child_cfg_t {
 	hw_offload_t (*get_hw_offload) (child_cfg_t *this);
 
 	/**
+	 * Get the copy mode for the DS header field to use for the CHILD_SA.
+	 *
+	 * @return				IP header copy mode
+	 */
+	dscp_copy_t (*get_copy_dscp) (child_cfg_t *this);
+
+	/**
 	 * Action to take if CHILD_SA gets closed.
 	 *
 	 * @return				close action
@@ -218,7 +227,7 @@ struct child_cfg_t {
 	uint32_t (*get_reqid)(child_cfg_t *this);
 
 	/**
-	 * Optional mark for CHILD_SA.
+	 * Optional mark to set on policies/SAs.
 	 *
 	 * @param inbound		TRUE for inbound, FALSE for outbound
 	 * @return				mark
@@ -226,6 +235,14 @@ struct child_cfg_t {
 	mark_t (*get_mark)(child_cfg_t *this, bool inbound);
 
 	/**
+	 * Optional mark the SAs should apply after processing packets.
+	 *
+	 * @param inbound		TRUE for inbound, FALSE for outbound
+	 * @return				mark
+	 */
+	mark_t (*get_set_mark)(child_cfg_t *this, bool inbound);
+
+	/**
 	 * Get the TFC padding value to use for CHILD_SA.
 	 *
 	 * @return				TFC padding, 0 to disable, -1 for MTU
@@ -317,6 +334,12 @@ enum child_cfg_option_t {
 
 	/** Set mark on inbound SAs */
 	OPT_MARK_IN_SA = (1<<6),
+
+	/** Disable copying the DF bit to the outer IPv4 header in tunnel mode */
+	OPT_NO_COPY_DF = (1<<7),
+
+	/** Disable copying the ECN header field in tunnel mode */
+	OPT_NO_COPY_ECN = (1<<8),
 };
 
 /**
@@ -331,6 +354,10 @@ struct child_cfg_create_t {
 	mark_t mark_in;
 	/** Optional outbound mark */
 	mark_t mark_out;
+	/** Optional inbound mark the SA should apply to traffic */
+	mark_t set_mark_in;
+	/** Optional outbound mark the SA should apply to traffic */
+	mark_t set_mark_out;
 	/** Mode to propose for CHILD_SA */
 	ipsec_mode_t mode;
 	/** TFC padding size, 0 to disable, -1 to pad to PMTU */
@@ -353,6 +380,8 @@ struct child_cfg_create_t {
 	char *updown;
 	/** HW offload mode */
 	hw_offload_t hw_offload;
+	/** How to handle the DS header field in tunnel mode */
+	dscp_copy_t copy_dscp;
 };
 
 /**