kernel-netlink: Order policies with equal priorities by their automatic priority
authorTobias Brunner <tobias@strongswan.org>
Wed, 6 Apr 2016 12:40:28 +0000 (14:40 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 15 Apr 2016 08:39:00 +0000 (10:39 +0200)
commit869f4e90b1b86e7d25b5624d2906d803327f2a7f
treef181222a1573b6cbea67a5699569423b8430f008
parentea27163ee122f593374d04eebbc4a9debad59243
kernel-netlink: Order policies with equal priorities by their automatic priority

This allows using manual priorities for traps, which have a lower
base priority than the resulting IPsec policies.  This could otherwise
be problematic if, for example, swanctl --install/uninstall is used while
an SA is established combined with e.g. IPComp, where the trap policy does
not look the same as the IPsec policy (which is now otherwise often the case
as the reqids stay the same).

It also orders policies by selector size if manual priorities are configured
and narrowing occurs.
src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c