[PATCH] Add SPD Priority for PF_KEY Interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The attached patch allows a priority to be specified in an SADB_X_SPDADD PF_KEY message so that the policy can be placed at a location other than the end of the list. The priority is interpreted in exactly the same way as it is for the XFRM interface.

The patch is against 2.6.5. Please contact me if there are any questions.

Brian Buesker
Engineer
QUALCOMM
5775 Morehouse Dr.
San Diego, CA 92121

Email: bbuesker@qualcomm.com

For compliance with the GPL license:
Person making the patch: Brian Buesker
Date of Patch: April 13, 2004

WARRANTY DISCLAIMER: LIMITATION OF LIABILITY. THE SOFTWARE AND CONTENT ARE PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED REPRESENTATIONS, GUARANTEES, OR WARRANTIES, INCLUDING BUT NOT LIMITED TO SUCH REPRESENTATION, GUARANTEES OR WARRANTIES REGARDING THE USABILITY, SUITABILITY, CONDITION, OPERATION OR ACCURACY THEREOF.

ALL OTHER WARRANTIES AND CONDITIONS (EXPRESS, IMPLIED OR STATUTORY) ARE HEREBY DISCLAIMED, SUCH WARRANTIES AND CONDITIONS INCLUDING WITHOUT LIMITATION, ALL WARRANTIES AND CONDITIONS OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, COMPATIBILITY, AND SECURITY OR ACCURACY. 
diff -aru linux-2.6.5.orig/include/linux/pfkeyv2.h linux-2.6.5/include/linux/pfkeyv2.h
--- linux-2.6.5.orig/include/linux/pfkeyv2.h	2004-04-05 08:26:44.117851868 -0700
+++ linux-2.6.5/include/linux/pfkeyv2.h	2004-04-05 08:27:12.121681700 -0700
@@ -181,7 +181,7 @@
 	uint8_t		sadb_x_policy_dir;
 	uint8_t		sadb_x_policy_reserved;
 	uint32_t	sadb_x_policy_id;
-	uint32_t	sadb_x_policy_reserved2;
+	uint32_t	sadb_x_policy_priority;
 } __attribute__((packed));
 /* sizeof(struct sadb_x_policy) == 16 */
 
diff -aru linux-2.6.5.orig/net/key/af_key.c linux-2.6.5/net/key/af_key.c
--- linux-2.6.5.orig/net/key/af_key.c	2004-04-05 08:26:54.360692320 -0700
+++ linux-2.6.5/net/key/af_key.c	2004-04-05 08:27:12.133680342 -0700
@@ -1872,6 +1872,7 @@
 
 	xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
 		      XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
+	xp->priority = pol->sadb_x_policy_priority;
 
 	sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 
 	xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr);
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux