kernel-netlink: Use the same priority range for trap and regular policies
authorTobias Brunner <tobias@strongswan.org>
Tue, 11 Oct 2016 12:30:21 +0000 (14:30 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 8 Feb 2017 09:36:38 +0000 (10:36 +0100)
commit0e9d6c46050452e9be1b3df93fa7589d5db42e8a
treefa4eaaabbe655b52369cc32e700e459f78bcc5e7
parent6606393b8c359de0b23c019a8875f7fa484964a5
kernel-netlink: Use the same priority range for trap and regular policies

While trap and regular policies now often look the same (mainly because
reqids are kept constant) trap policies still need to have a lower priority
than regular policies to handle unroute/route correctly if e.g. IPComp
is used or the mode changes.  But if we use a completely different
priority range that's lower than that of regular policies it is not possible
to install overlapping trap policies.  By differentiating trap from
regular policies via the priority's LSB this issue is avoided while
still maintaining the proper ordering of trap and regular policies.

Fixes #1243.
src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c