projects / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4332cd7) | patch
Include the destination net in the policy priority calculation.
authorTobias Brunner <tobias@strongswan.org>
Tue, 7 Dec 2010 10:58:09 +0000 (11:58 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 7 Dec 2010 11:14:50 +0000 (12:14 +0100)
commite6f42b0721b3376f04f6bef8287abe0188342619
treeae945ad60a821efc1ab807b6dacf5c7dd54fd3abtree | snapshot
parent4332cd7f95ae93fbe4e3f6328c2b819c262ae049commit | diff
Include the destination net in the policy priority calculation.

The resulting priorities are as follows:

    IPv6               IPv4
    routed   normal    routed   normal
max 4096(+3) 2048(+3)  4096(+3) 2048(+3)
min 3072     1024      3840     1792

Where min is for a policy between two single hosts and max is
for /0 on both ends (lower priorities are preferred by the kernel).
(+3) applies for cases where no protocol and no ports are defined.
src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c diff | blob | history
src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c diff | blob | history
strongSwan - IPsec VPN