From 4b09bd6c29e5619375c4d023484d84f4f7d6bc8b Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Tue, 24 Dec 2013 11:27:59 +0100
Subject: child-sa: Pass the number of total policies tied to an SA to the
 kernel

This will be useful if the kernel backend has to know how many policies
follow an SA install, for example if it must install all policies concurrently.
---
 src/libcharon/sa/child_sa.c           | 8 ++++++++
 src/libstrongswan/ipsec/ipsec_types.h | 2 ++
 2 files changed, 10 insertions(+)

(limited to 'src')

diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index bbf6259c2..a7d7b7305 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -847,6 +847,14 @@ METHOD(child_sa_t, add_policies, status_t,
 		priority = this->trap ? POLICY_PRIORITY_ROUTED
 							  : POLICY_PRIORITY_DEFAULT;
 
+		enumerator = create_policy_enumerator(this);
+		while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
+		{
+			my_sa.policy_count++;
+			other_sa.policy_count++;
+		}
+		enumerator->destroy(enumerator);
+
 		/* enumerate pairs of traffic selectors */
 		enumerator = create_policy_enumerator(this);
 		while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
diff --git a/src/libstrongswan/ipsec/ipsec_types.h b/src/libstrongswan/ipsec/ipsec_types.h
index 6851f916a..1a4656b04 100644
--- a/src/libstrongswan/ipsec/ipsec_types.h
+++ b/src/libstrongswan/ipsec/ipsec_types.h
@@ -122,6 +122,8 @@ struct ipsec_sa_cfg_t {
 	ipsec_mode_t mode;
 	/** unique ID */
 	u_int32_t reqid;
+	/** number of policies of the same kind (in/out/fwd) attached to SA */
+	u_int32_t policy_count;
 	/** details about ESP/AH */
 	struct {
 		/** TRUE if this protocol is used */
-- 
cgit v1.2.3