[strongSwan-dev] patch proposal: ignore acquire
Emeric POUPON
emeric.poupon at stormshield.eu
Tue Oct 20 11:12:44 CEST 2015
Hi Tobias,
Thanks again for you support.
> 2) The FreeBSD kernel could be extended so policies may optionally be
> ordered by priorities provided by the IKE daemon. Instead of just
> appending new policies at the end of the list they would get
> inserted based on the assigned priority (after policies with the
> same priority, so nothing would change if an IKE daemon does not
> assign priorities). If policies were sorted by increasing priority
> and if the same member were added to the sadb_x_policy struct that
> is used on Linux (sadb_x_policy_priority) there wouldn't even be
> any changes required in strongSwan's PF_KEY plugin.
Indeed it looks like the best solution.
Fortunately it seems the changes required to support the priority field are quite small.
I will try to make a proper patch to support this on freeBSD.
Regards,
Emeric
More information about the Dev
mailing list