child-sa: Replace reqid based marks by "unique" marks

[strongswan.git] / src / libstrongswan / ipsec / ipsec_types.h

diff --git a/src/libstrongswan/ipsec/ipsec_types.h b/src/libstrongswan/ipsec/ipsec_types.h
index 6851f91..fa122af 100644 (file)
--- a/src/libstrongswan/ipsec/ipsec_types.h
+++ b/src/libstrongswan/ipsec/ipsec_types.h
@@ -90,7 +90,9 @@ enum policy_type_t {
  * High-level priority of a policy.
  */
 enum policy_priority_t {
-       /** Default priority */
+       /** Priority for passthrough policies */
+       POLICY_PRIORITY_PASS,
+       /** Priority for regular IPsec policies */
        POLICY_PRIORITY_DEFAULT,
        /** Priority for trap policies */
        POLICY_PRIORITY_ROUTED,
@@ -122,6 +124,8 @@ struct ipsec_sa_cfg_t {
        ipsec_mode_t mode;
        /** unique ID */
        u_int32_t reqid;
+       /** number of policies of the same kind (in/out/fwd) attached to SA */
+       u_int32_t policy_count;
        /** details about ESP/AH */
        struct {
                /** TRUE if this protocol is used */
@@ -165,9 +169,9 @@ struct mark_t {
 };
 
 /**
- * Special mark value that uses the reqid of the CHILD_SA as mark
+ * Special mark value that uses a unique mark for each CHILD_SA
  */
-#define MARK_REQID (0xFFFFFFFF)
+#define MARK_UNIQUE (0xFFFFFFFF)
 
 /**
  * Try to parse a mark_t from the given string of the form mark[/mask].