child-sa: Pass the number of total policies tied to an SA to the kernel

This will be useful if the kernel backend has to know how many policies
follow an SA install, for example if it must install all policies concurrently.

2 files changed, 10 insertions, 0 deletions

diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index bbf6259c2..a7d7b7305 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -847,6 +847,14 @@ METHOD(child_sa_t, add_policies, status_t,
 		priority = this->trap ? POLICY_PRIORITY_ROUTED
 							  : POLICY_PRIORITY_DEFAULT;
 
+		enumerator = create_policy_enumerator(this);
+		while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
+		{
+			my_sa.policy_count++;
+			other_sa.policy_count++;
+		}
+		enumerator->destroy(enumerator);
+
 		/* enumerate pairs of traffic selectors */
 		enumerator = create_policy_enumerator(this);
 		while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
diff --git a/src/libstrongswan/ipsec/ipsec_types.h b/src/libstrongswan/ipsec/ipsec_types.h
index 6851f916a..1a4656b04 100644
--- a/src/libstrongswan/ipsec/ipsec_types.h
+++ b/src/libstrongswan/ipsec/ipsec_types.h
@@ -122,6 +122,8 @@ struct ipsec_sa_cfg_t {
 	ipsec_mode_t mode;
 	/** unique ID */
 	u_int32_t reqid;
+	/** number of policies of the same kind (in/out/fwd) attached to SA */
+	u_int32_t policy_count;
 	/** details about ESP/AH */
 	struct {
 		/** TRUE if this protocol is used */