[PATCH] Add SPD Priority for PF_KEY Interface

From: Brian Buesker
Date: Tue Apr 13 2004 - 13:16:35 EST


The attached patch allows a priority to be specified in an SADB_X_SPDADD PF_KEY message so that the policy can be placed at a location other than the end of the list. The priority is interpreted in exactly the same way as it is for the XFRM interface.

The patch is against 2.6.5. Please contact me if there are any questions.

Brian Buesker
Engineer
QUALCOMM
5775 Morehouse Dr.
San Diego, CA 92121

Email: bbuesker@xxxxxxxxxxxx

For compliance with the GPL license:
Person making the patch: Brian Buesker
Date of Patch: April 13, 2004

WARRANTY DISCLAIMER: LIMITATION OF LIABILITY. THE SOFTWARE AND CONTENT ARE PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED REPRESENTATIONS, GUARANTEES, OR WARRANTIES, INCLUDING BUT NOT LIMITED TO SUCH REPRESENTATION, GUARANTEES OR WARRANTIES REGARDING THE USABILITY, SUITABILITY, CONDITION, OPERATION OR ACCURACY THEREOF.

ALL OTHER WARRANTIES AND CONDITIONS (EXPRESS, IMPLIED OR STATUTORY) ARE HEREBY DISCLAIMED, SUCH WARRANTIES AND CONDITIONS INCLUDING WITHOUT LIMITATION, ALL WARRANTIES AND CONDITIONS OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, COMPATIBILITY, AND SECURITY OR ACCURACY. diff -aru linux-2.6.5.orig/include/linux/pfkeyv2.h linux-2.6.5/include/linux/pfkeyv2.h
--- linux-2.6.5.orig/include/linux/pfkeyv2.h 2004-04-05 08:26:44.117851868 -0700
+++ linux-2.6.5/include/linux/pfkeyv2.h 2004-04-05 08:27:12.121681700 -0700
@@ -181,7 +181,7 @@
uint8_t sadb_x_policy_dir;
uint8_t sadb_x_policy_reserved;
uint32_t sadb_x_policy_id;
- uint32_t sadb_x_policy_reserved2;
+ uint32_t sadb_x_policy_priority;
} __attribute__((packed));
/* sizeof(struct sadb_x_policy) == 16 */

diff -aru linux-2.6.5.orig/net/key/af_key.c linux-2.6.5/net/key/af_key.c
--- linux-2.6.5.orig/net/key/af_key.c 2004-04-05 08:26:54.360692320 -0700
+++ linux-2.6.5/net/key/af_key.c 2004-04-05 08:27:12.133680342 -0700
@@ -1872,6 +1872,7 @@

xp->action = (pol->sadb_x_policy_type == IPSEC_POLICY_DISCARD ?
XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
+ xp->priority = pol->sadb_x_policy_priority;

sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr);