kernel-netlink: When adding a policy do an update if it already exists
This may be the case when SAs are reestablished after a crash of the IKE daemon. We could actually always do updates. The kernel doesn't care, the only difference is the possible EEXIST if XFRM_MSG_NEWPOLICY is used. The advantage of not doing this, though, is that we get a warning in the log if a policy already exists, as that should usually not be the case.
This commit is contained in:
parent
695112d7b8
commit
dc2fa791e4
|
@ -2059,6 +2059,7 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
|
|||
ipsec_sa_t *ipsec = mapping->sa;
|
||||
struct xfrm_userpolicy_info *policy_info;
|
||||
struct nlmsghdr *hdr;
|
||||
status_t status;
|
||||
int i;
|
||||
|
||||
/* clone the policy so we are able to check it out again later */
|
||||
|
@ -2153,7 +2154,14 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
|
|||
}
|
||||
this->mutex->unlock(this->mutex);
|
||||
|
||||
if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS)
|
||||
status = this->socket_xfrm->send_ack(this->socket_xfrm, hdr);
|
||||
if (status == ALREADY_DONE && !update)
|
||||
{
|
||||
DBG1(DBG_KNL, "policy already exists, try to update it");
|
||||
hdr->nlmsg_type = XFRM_MSG_UPDPOLICY;
|
||||
status = this->socket_xfrm->send_ack(this->socket_xfrm, hdr);
|
||||
}
|
||||
if (status != SUCCESS)
|
||||
{
|
||||
return FAILED;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue