diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2014-06-19 14:24:48 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2014-06-19 14:24:48 +0200 |
| commit | 73b22aa842ae0f32d3aaeb79101894cc719ceaf2 (patch) | |
| tree | 339752432f0230a2c3d656e4022bfdbf00363be0 /src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | |
| parent | 3bf98189d7d5b1207f746c86059d241cc025179a (diff) | |
| parent | 2ef6f57456a2ef4411d5109c2db27f1ac7a37158 (diff) | |
| download | strongswan-73b22aa842ae0f32d3aaeb79101894cc719ceaf2.tar.bz2 strongswan-73b22aa842ae0f32d3aaeb79101894cc719ceaf2.tar.xz | |
Merge branch 'passthrough-policies-priority'
Introduces a new priority class for policies, which allows us to install
passthrough policies with a strictly higher priority than IPsec
policies, which was not the case previously depending on the traffic
selectors.
Diffstat (limited to 'src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c')
| -rw-r--r-- | src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 9bddb13a1..1037d9946 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -135,8 +135,8 @@ #define SOL_UDP IPPROTO_UDP #endif -/** default priority of installed policies */ -#define PRIO_BASE 512 +/** base priority for installed policies */ +#define PRIO_BASE 384 #ifdef __APPLE__ /** from xnu/bsd/net/pfkeyv2.h */ @@ -583,6 +583,9 @@ static inline u_int32_t get_priority(policy_entry_t *policy, priority <<= 1; /* fall-through */ case POLICY_PRIORITY_DEFAULT: + priority <<= 1; + /* fall-trough */ + case POLICY_PRIORITY_PASS: break; } /* calculate priority based on selector size, small size = high prio */ |