sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-11-28 00:00:40 -05:00
Code Issues Projects Releases Wiki Activity

kernel-pfkey: When adding policies do an update if they already exist

Browse Source 
This may be the case when SAs are reestablished after a crash of the
IKE daemon.
This commit is contained in:
Tobias Brunner 2015-06-03 17:17:15 +02:00
parent 1bc2549914
commit 695112d7b8
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
View File

@ -2357,6 +2357,7 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this,
pfkey_msg_t response; pfkey_msg_t response;
size_t len; size_t len;
ipsec_mode_t proto_mode; ipsec_mode_t proto_mode;
status_t status;
memset(&request, 0, sizeof(request)); memset(&request, 0, sizeof(request));
@ -2444,7 +2445,15 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this,
this->mutex->unlock(this->mutex); this->mutex->unlock(this->mutex);
if (pfkey_send(this, msg, &out, &len) != SUCCESS) status = pfkey_send(this, msg, &out, &len);
if (status == SUCCESS && !update && out->sadb_msg_errno == EEXIST)
{
DBG1(DBG_KNL, "policy already exists, try to update it");
free(out);
msg->sadb_msg_type = SADB_X_SPDUPDATE;
status = pfkey_send(this, msg, &out, &len);
}
if (status != SUCCESS)
{ {
return FAILED; return FAILED;
} }