private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst,
traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
- mark_t mark, bool routed)
+ mark_t mark, policy_priority_t priority)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg, *out;
this->policies->insert_last(this->policies, policy);
}
- if (routed)
+ if (priority == POLICY_PRIORITY_ROUTED)
{
/* we install this as a %trap eroute in the kernel, later to be
* triggered by packets matching the policy (-> ACQUIRE). */
msg = (struct sadb_msg*)request;
/* FIXME: SADB_X_SAFLAGS_INFLOW may be required, if we add an inbound policy for an IPIP SA */
- build_addflow(msg, satype, spi, routed ? NULL : src, routed ? NULL : dst,
- policy->src.net, policy->src.mask, policy->dst.net, policy->dst.mask,
- policy->src.proto, found != NULL);
+ build_addflow(msg, satype, spi,
+ priority == POLICY_PRIORITY_ROUTED ? NULL : src,
+ priority == POLICY_PRIORITY_ROUTED ? NULL : dst,
+ policy->src.net, policy->src.mask, policy->dst.net,
+ policy->dst.mask, policy->src.proto, found != NULL);
this->mutex->unlock(this->mutex);
METHOD(kernel_ipsec_t, del_policy, status_t,
private_kernel_klips_ipsec_t *this, traffic_selector_t *src_ts,
traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
- mark_t mark, bool unrouted)
+ mark_t mark, policy_priority_t priority)
{
unsigned char request[PFKEY_BUFFER_SIZE];
struct sadb_msg *msg = (struct sadb_msg*)request, *out;
policy_entry_destroy(policy);
/* decrease appropriate counter */
- unrouted ? found->trapcount-- : found->activecount--;
+ priority == POLICY_PRIORITY_ROUTED ? found->trapcount--
+ : found->activecount--;
if (found->trapcount == 0)
{
projects / strongswan.git / blobdiff