Skip to content

Commit

Permalink
Accept existing XMRF policies and update them intead of raising errors
Browse files Browse the repository at this point in the history
  • Loading branch information
@txomon
txomon committed Aug 20, 2020
1 parent d5c4faf commit d9b84c1
Showing 1 changed file with 12 additions and 6 deletions.
18 changes: 12 additions & 6 deletions backend/ipsec/handle_xfrm.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ func AddXFRMPolicy(myLease, remoteLease *subnet.Lease, dir netlink.Dir, reqID in

dst := remoteLease.Subnet.ToIPNet()

policy := netlink.XfrmPolicy{
policy := &netlink.XfrmPolicy{
Src: src,
Dst: dst,
Dir: dir,
Expand All @@ -47,14 +47,20 @@ func AddXFRMPolicy(myLease, remoteLease *subnet.Lease, dir netlink.Dir, reqID in
Reqid: reqID,
}

log.Infof("Adding ipsec policy: %+v", tmpl)

policy.Tmpls = append(policy.Tmpls, tmpl)

if err := netlink.XfrmPolicyAdd(&policy); err != nil {
return fmt.Errorf("error adding policy: %+v err: %v", policy, err)
existingPolicy, err := netlink.XfrmPolicyGet(policy)
if err != nil {
log.Infof("Adding ipsec policy: %+v", tmpl)
if err := netlink.XfrmPolicyAdd(policy); err != nil {
return fmt.Errorf("error adding policy: %+v err: %v", policy, err)
}
} else {
log.Info("Updating ipsec policy %+v with %+v", existingPolicy, policy)
if err := netlink.XfrmPolicyUpdate(policy); err != nil {
return fmt.Errorf("error updating policy: %+v err: %v", policy, err)
}
}

return nil
}

Expand Down

0 comments on commit d9b84c1

Please # to comment.