kernel-pfkey: Add support for new policy priority class
authorTobias Brunner <tobias@strongswan.org>
Tue, 13 May 2014 10:19:41 +0000 (12:19 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 19 Jun 2014 12:20:33 +0000 (14:20 +0200)
src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c

index 9bddb13..1037d99 100644 (file)
 #define SOL_UDP IPPROTO_UDP
 #endif
 
-/** default priority of installed policies */
-#define PRIO_BASE 512
+/** base priority for installed policies */
+#define PRIO_BASE 384
 
 #ifdef __APPLE__
 /** from xnu/bsd/net/pfkeyv2.h */
@@ -583,6 +583,9 @@ static inline u_int32_t get_priority(policy_entry_t *policy,
                        priority <<= 1;
                        /* fall-through */
                case POLICY_PRIORITY_DEFAULT:
+                       priority <<= 1;
+                       /* fall-trough */
+               case POLICY_PRIORITY_PASS:
                        break;
        }
        /* calculate priority based on selector size, small size = high prio */