From 06b5b618380f8a036d2422d8cc79498c6f0e93d1 Mon Sep 17 00:00:00 2001
From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Tue, 5 Jul 2011 21:57:27 +0200
Subject: [PATCH] install PASS and DROP shunt policies via PFKEYv2 interface

---
 src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index e32866a..75336f2 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1649,7 +1649,18 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
 	pol->sadb_x_policy_len = PFKEY_LEN(sizeof(struct sadb_x_policy));
 	pol->sadb_x_policy_id = 0;
 	pol->sadb_x_policy_dir = dir2kernel(direction);
-	pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
+	switch (type)
+	{
+		case POLICY_IPSEC:
+			pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
+			break;
+		case POLICY_PASS:
+			pol->sadb_x_policy_type = IPSEC_POLICY_NONE;
+			break;
+		case POLICY_DROP:
+			pol->sadb_x_policy_type = IPSEC_POLICY_DISCARD;
+			break;
+	}
 #ifdef HAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY
 	/* calculate priority based on selector size, small size = high prio */
 	pol->sadb_x_policy_priority = routed ? PRIO_LOW : PRIO_HIGH;
-- 
2.7.4