diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2016-04-06 15:17:06 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2016-04-15 10:39:01 +0200 |
| commit | 254726b59e4053e0f587c1f11697dc2f46dfea61 (patch) | |
| tree | ae9a820be06f830bc77228472dec464a69ec26c4 /src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | |
| parent | 4e59618382d3e96f5a0039f18f3620c6435b8247 (diff) | |
| download | strongswan-254726b59e4053e0f587c1f11697dc2f46dfea61.tar.bz2 strongswan-254726b59e4053e0f587c1f11697dc2f46dfea61.tar.xz | |
kernel-pfkey: Add support for manual priorities
Also orders policies with equals priorities by their automatic priority.
Diffstat (limited to 'src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c')
| -rw-r--r-- | src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 31 |
1 files changed, 24 insertions, 7 deletions
diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 8de33d33e..be223b7d9 100644 --- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -409,6 +409,9 @@ struct policy_sa_t { /** Priority assigned to the policy when installed with this SA */ uint32_t priority; + /** Base priority assigned to the policy when installed with this SA */ + uint32_t auto_priority; + /** Type of the policy */ policy_type_t type; @@ -2603,7 +2606,10 @@ METHOD(kernel_ipsec_t, add_policy, status_t, /* cache the assigned IPsec SA */ assigned_sa = policy_sa_create(this, id->dir, data->type, data->src, data->dst, id->src_ts, id->dst_ts, data->sa); - assigned_sa->priority = get_priority(policy, data->prio); + assigned_sa->auto_priority = get_priority(policy, data->prio); + assigned_sa->priority = data->manual_prio ? data->manual_prio : + assigned_sa->auto_priority; + /* insert the SA according to its priority */ enumerator = policy->used_by->create_enumerator(policy->used_by); @@ -2613,11 +2619,19 @@ METHOD(kernel_ipsec_t, add_policy, status_t, { break; } - /* prefer SAs with a reqid over those without */ - if (current_sa->priority == assigned_sa->priority && - (!current_sa->sa->cfg.reqid || assigned_sa->sa->cfg.reqid)) + if (current_sa->priority == assigned_sa->priority) { - break; + /* in case of equal manual prios order SAs by automatic priority */ + if (current_sa->auto_priority > assigned_sa->auto_priority) + { + break; + } + /* prefer SAs with a reqid over those without */ + if (current_sa->auto_priority == assigned_sa->auto_priority && + (!current_sa->sa->cfg.reqid || assigned_sa->sa->cfg.reqid)) + { + break; + } } update = FALSE; } @@ -2761,7 +2775,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t, policy_sa_t *mapping, *to_remove = NULL; enumerator_t *enumerator; bool first = TRUE, is_installed = TRUE; - uint32_t priority; + uint32_t priority, auto_priority; size_t len; ipsec_sa_t assigned_sa = { .src = data->src, @@ -2797,11 +2811,14 @@ METHOD(kernel_ipsec_t, del_policy, status_t, /* remove mapping to SA by reqid and priority, if multiple match, which * could happen when rekeying due to an address change, remove the oldest */ - priority = get_priority(policy, data->prio); + auto_priority = get_priority(policy, data->prio); + priority = data->manual_prio ? data->manual_prio : auto_priority; enumerator = policy->used_by->create_enumerator(policy->used_by); while (enumerator->enumerate(enumerator, (void**)&mapping)) { if (priority == mapping->priority && + auto_priority == mapping->auto_priority && + data->type == mapping->type && ipsec_sa_equals(mapping->sa, &assigned_sa)) { to_remove = mapping; |