child-sa: Pass the number of total policies tied to an SA to the kernel
authorMartin Willi <martin@revosec.ch>
Tue, 24 Dec 2013 10:27:59 +0000 (11:27 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 4 Jun 2014 14:32:11 +0000 (16:32 +0200)
This will be useful if the kernel backend has to know how many policies
follow an SA install, for example if it must install all policies concurrently.

src/libcharon/sa/child_sa.c
src/libstrongswan/ipsec/ipsec_types.h

index bbf6259..a7d7b73 100644 (file)
@@ -847,6 +847,14 @@ METHOD(child_sa_t, add_policies, status_t,
                priority = this->trap ? POLICY_PRIORITY_ROUTED
                                                          : POLICY_PRIORITY_DEFAULT;
 
+               enumerator = create_policy_enumerator(this);
+               while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
+               {
+                       my_sa.policy_count++;
+                       other_sa.policy_count++;
+               }
+               enumerator->destroy(enumerator);
+
                /* enumerate pairs of traffic selectors */
                enumerator = create_policy_enumerator(this);
                while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
index 6851f91..1a4656b 100644 (file)
@@ -122,6 +122,8 @@ struct ipsec_sa_cfg_t {
        ipsec_mode_t mode;
        /** unique ID */
        u_int32_t reqid;
+       /** number of policies of the same kind (in/out/fwd) attached to SA */
+       u_int32_t policy_count;
        /** details about ESP/AH */
        struct {
                /** TRUE if this protocol is used */