From 695112d7b8ea96f1c38f255cf404dfd661671e8d Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Wed, 3 Jun 2015 17:17:15 +0200 Subject: kernel-pfkey: When adding policies do an update if they already exist This may be the case when SAs are reestablished after a crash of the IKE daemon. --- src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c') diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 3b32ba553..50b804c01 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -2357,6 +2357,7 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this, pfkey_msg_t response; size_t len; ipsec_mode_t proto_mode; + status_t status; memset(&request, 0, sizeof(request)); @@ -2444,7 +2445,15 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this, this->mutex->unlock(this->mutex); - if (pfkey_send(this, msg, &out, &len) != SUCCESS) + status = pfkey_send(this, msg, &out, &len); + if (status == SUCCESS && !update && out->sadb_msg_errno == EEXIST) + { + DBG1(DBG_KNL, "policy already exists, try to update it"); + free(out); + msg->sadb_msg_type = SADB_X_SPDUPDATE; + status = pfkey_send(this, msg, &out, &len); + } + if (status != SUCCESS) { return FAILED; } -- cgit v1.2.3