From: Martin Willi <martin@revosec.ch>
Date: Tue, 24 Dec 2013 10:27:59 +0000 (+0100)
Subject: child-sa: Pass the number of total policies tied to an SA to the kernel
X-Git-Tag: 5.2.0dr6~22^2~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b09bd6c29e5619375c4d023484d84f4f7d6bc8b;p=thirdparty%2Fstrongswan.git

child-sa: Pass the number of total policies tied to an SA to the kernel

This will be useful if the kernel backend has to know how many policies
follow an SA install, for example if it must install all policies concurrently.
---

diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index bbf6259c2a..a7d7b7305d 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -847,6 +847,14 @@ METHOD(child_sa_t, add_policies, status_t,
 		priority = this->trap ? POLICY_PRIORITY_ROUTED
 							  : POLICY_PRIORITY_DEFAULT;
 
+		enumerator = create_policy_enumerator(this);
+		while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
+		{
+			my_sa.policy_count++;
+			other_sa.policy_count++;
+		}
+		enumerator->destroy(enumerator);
+
 		/* enumerate pairs of traffic selectors */
 		enumerator = create_policy_enumerator(this);
 		while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
diff --git a/src/libstrongswan/ipsec/ipsec_types.h b/src/libstrongswan/ipsec/ipsec_types.h
index 6851f916ae..1a4656b04f 100644
--- a/src/libstrongswan/ipsec/ipsec_types.h
+++ b/src/libstrongswan/ipsec/ipsec_types.h
@@ -122,6 +122,8 @@ struct ipsec_sa_cfg_t {
 	ipsec_mode_t mode;
 	/** unique ID */
 	u_int32_t reqid;
+	/** number of policies of the same kind (in/out/fwd) attached to SA */
+	u_int32_t policy_count;
 	/** details about ESP/AH */
 	struct {
 		/** TRUE if this protocol is used */