diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2015-06-03 17:17:15 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2015-08-13 10:49:16 +0200 |
| commit | 695112d7b8ea96f1c38f255cf404dfd661671e8d (patch) | |
| tree | d562570f1bda6ea0cf9f2d99ddafb22d5ae318cb /src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | |
| parent | 1bc25499142adf5af44e6fca911d489e5b5129bf (diff) | |
| download | strongswan-695112d7b8ea96f1c38f255cf404dfd661671e8d.tar.bz2 strongswan-695112d7b8ea96f1c38f255cf404dfd661671e8d.tar.xz | |
kernel-pfkey: When adding policies do an update if they already exist
This may be the case when SAs are reestablished after a crash of the
IKE daemon.
Diffstat (limited to 'src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c')
| -rw-r--r-- | src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 3b32ba553..50b804c01 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -2357,6 +2357,7 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this, pfkey_msg_t response; size_t len; ipsec_mode_t proto_mode; + status_t status; memset(&request, 0, sizeof(request)); @@ -2444,7 +2445,15 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this, this->mutex->unlock(this->mutex); - if (pfkey_send(this, msg, &out, &len) != SUCCESS) + status = pfkey_send(this, msg, &out, &len); + if (status == SUCCESS && !update && out->sadb_msg_errno == EEXIST) + { + DBG1(DBG_KNL, "policy already exists, try to update it"); + free(out); + msg->sadb_msg_type = SADB_X_SPDUPDATE; + status = pfkey_send(this, msg, &out, &len); + } + if (status != SUCCESS) { return FAILED; } |