From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 13 May 2014 10:17:09 +0000 (+0200)
Subject: kernel-netlink: Add support for new policy priority class
X-Git-Tag: 5.2.0rc1~26^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f1675e4e291e98145acf274e7b8376601eac953a;p=thirdparty%2Fstrongswan.git

kernel-netlink: Add support for new policy priority class
---

diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 1e250d0048..8642b8c0d6 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -70,8 +70,8 @@
 #define SOL_UDP IPPROTO_UDP
 #endif
 
-/** Default priority of installed policies */
-#define PRIO_BASE 512
+/** Base priority for installed policies */
+#define PRIO_BASE 384
 
 /** Default lifetime of an acquire XFRM state (in seconds) */
 #define DEFAULT_ACQUIRE_LIFETIME 165
@@ -606,6 +606,9 @@ static inline u_int32_t get_priority(policy_entry_t *policy,
 			priority <<= 1;
 			/* fall-through */
 		case POLICY_PRIORITY_DEFAULT:
+			priority <<= 1;
+			/* fall-through */
+		case POLICY_PRIORITY_PASS:
 			break;
 	}
 	/* calculate priority based on selector size, small size = high prio */