Sign In
golang
/
flannel
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Accept existing XMRF policies and update them intead of raising errors

Javier Domingo Cansino 4 years ago
parent
d5c4faf63f
commit
e7682f1341
1 changed files with 17 additions and 6 deletions
Split View Show Diff Stats
  1. 17 6
      backend/ipsec/handle_xfrm.go

+ 17 - 6
backend/ipsec/handle_xfrm.go
View File 

@@ -16,8 +16,10 @@
 
 package ipsec
 
 
 import (
 
+	"errors"
 
 	"fmt"
 
 	"net"
 
+	"syscall"
 
 
 	log "github.com/golang/glog"
 
 	"github.com/vishvananda/netlink"
 
@@ -30,7 +32,7 @@ func AddXFRMPolicy(myLease, remoteLease *subnet.Lease, dir netlink.Dir, reqID in
 
 
 	dst := remoteLease.Subnet.ToIPNet()
 
 
-	policy := netlink.XfrmPolicy{
 
+	policy := &netlink.XfrmPolicy{
 
 		Src: src,
 
 		Dst: dst,
 
 		Dir: dir,
 
@@ -47,14 +49,23 @@ func AddXFRMPolicy(myLease, remoteLease *subnet.Lease, dir netlink.Dir, reqID in
 
 		Reqid: reqID,
 
 	}
 
 
-	log.Infof("Adding ipsec policy: %+v", tmpl)
 
-
 
 	policy.Tmpls = append(policy.Tmpls, tmpl)
 
 
-	if err := netlink.XfrmPolicyAdd(&policy); err != nil {
 
-		return fmt.Errorf("error adding policy: %+v err: %v", policy, err)
 
+	if existingPolicy, err := netlink.XfrmPolicyGet(policy); err != nil {
 
+		if errors.Is(err, syscall.ENOENT) {
 
+			log.Infof("Adding ipsec policy: %+v", tmpl)
 
+			if err := netlink.XfrmPolicyAdd(policy); err != nil {
 
+				return fmt.Errorf("error adding policy: %+v err: %v", policy, err)
 
+			}
 
+		} else {
 
+			return fmt.Errorf("error getting policy: %+v err: %v", policy, err)
 
+		}
 
+	} else {
 
+		log.Info("Updating ipsec policy %+v with %+v", existingPolicy, policy)
 
+		if err := netlink.XfrmPolicyUpdate(policy); err != nil {
 
+			return fmt.Errorf("error updating policy: %+v err: %v", policy, err)
 
+		}
 
 	}
 
-
 
 	return nil
 
 }