Exemplo n.º 1
0
func (o *Overlay) deletePolicies(policies map[string]netlink.XfrmPolicy) error {
	var lastErr error
	for _, policy := range policies {
		if err := netlink.XfrmPolicyDel(&policy); err != nil {
			logrus.Errorf("Failed to delete policy: %+v, %v", policy, err)
			lastErr = err
		} else {
			logrus.Infof("Deleted policy: %+v", policy)
		}
	}
	return lastErr
}
Exemplo n.º 2
0
func destroyTunnel(dst net.IP) (net.IP, error) {
	// Determine the src and dst ips for the tunnel
	key := dst.String()
	tunnel := getTunnel(dst.String())
	if tunnel == nil {
		s := fmt.Sprintf("Failed to find tunnel to dst %s", dst)
		glog.Errorf(s)
		return nil, fmt.Errorf(s)
	}

	src := opts.src

	srcNet := netlink.NewIPNet(tunnel.Src)
	dstNet := netlink.NewIPNet(tunnel.Dst)

	glog.Infof("Destroying Tunnel: %v, %v", tunnel.Src, tunnel.Dst)

	for _, state := range getStates(tunnel.Reqid, src, dst, 0, 0, nil, nil) {
		// crate xfrm state rules
		err := netlink.XfrmStateDel(&state)
		if err != nil {
			glog.Errorf("Failed to delete state %v: %v", state, err)
		}
	}

	for _, policy := range getPolicies(tunnel.Reqid, src, dst, srcNet, dstNet) {
		// create xfrm policy rules
		err := netlink.XfrmPolicyDel(&policy)
		if err != nil {
			glog.Errorf("Failed to delete policy %v: %v", policy, err)
		}
	}

	index, err := getLinkIndex(src)
	if err != nil {
		glog.Errorf("Failed to get link for address: %v", err)
	} else {

		// del source route to tunnel ips device
		route := &netlink.Route{
			Scope:     netlink.SCOPE_LINK,
			Src:       tunnel.Src,
			Dst:       dstNet,
			LinkIndex: index,
		}
		err = netlink.RouteDel(route)
		if err != nil {
			glog.Errorf("Failed to delete route %v: %v", route, err)
		}
	}

	// del IP address to loopback device
	lo, err := netlink.LinkByName("lo")
	if err != nil {
		glog.Errorf("Failed to get loopback device: %v", err)
	} else {
		err = netlink.AddrDel(lo, &netlink.Addr{IPNet: srcNet})
		if err != nil {
			glog.Errorf("Failed to delete %v from loopback: %v", tunnel.Src, err)
		}
	}
	if tunnel.SrcPort != 0 {
		deleteEncapListener(getListener(key))
		releasePort(tunnel.SrcPort)
	}
	unreserveIP(tunnel.Src)
	unreserveIP(tunnel.Dst)
	removeTunnel(key)
	glog.Infof("Finished destroying tunnel: %v, %v", tunnel.Src, tunnel.Dst)
	return opts.external, nil
}