func (o *Overlay) deletePolicies(policies map[string]netlink.XfrmPolicy) error { var lastErr error for _, policy := range policies { if err := netlink.XfrmPolicyDel(&policy); err != nil { logrus.Errorf("Failed to delete policy: %+v, %v", policy, err) lastErr = err } else { logrus.Infof("Deleted policy: %+v", policy) } } return lastErr }
func destroyTunnel(dst net.IP) (net.IP, error) { // Determine the src and dst ips for the tunnel key := dst.String() tunnel := getTunnel(dst.String()) if tunnel == nil { s := fmt.Sprintf("Failed to find tunnel to dst %s", dst) glog.Errorf(s) return nil, fmt.Errorf(s) } src := opts.src srcNet := netlink.NewIPNet(tunnel.Src) dstNet := netlink.NewIPNet(tunnel.Dst) glog.Infof("Destroying Tunnel: %v, %v", tunnel.Src, tunnel.Dst) for _, state := range getStates(tunnel.Reqid, src, dst, 0, 0, nil, nil) { // crate xfrm state rules err := netlink.XfrmStateDel(&state) if err != nil { glog.Errorf("Failed to delete state %v: %v", state, err) } } for _, policy := range getPolicies(tunnel.Reqid, src, dst, srcNet, dstNet) { // create xfrm policy rules err := netlink.XfrmPolicyDel(&policy) if err != nil { glog.Errorf("Failed to delete policy %v: %v", policy, err) } } index, err := getLinkIndex(src) if err != nil { glog.Errorf("Failed to get link for address: %v", err) } else { // del source route to tunnel ips device route := &netlink.Route{ Scope: netlink.SCOPE_LINK, Src: tunnel.Src, Dst: dstNet, LinkIndex: index, } err = netlink.RouteDel(route) if err != nil { glog.Errorf("Failed to delete route %v: %v", route, err) } } // del IP address to loopback device lo, err := netlink.LinkByName("lo") if err != nil { glog.Errorf("Failed to get loopback device: %v", err) } else { err = netlink.AddrDel(lo, &netlink.Addr{IPNet: srcNet}) if err != nil { glog.Errorf("Failed to delete %v from loopback: %v", tunnel.Src, err) } } if tunnel.SrcPort != 0 { deleteEncapListener(getListener(key)) releasePort(tunnel.SrcPort) } unreserveIP(tunnel.Src) unreserveIP(tunnel.Dst) removeTunnel(key) glog.Infof("Finished destroying tunnel: %v, %v", tunnel.Src, tunnel.Dst) return opts.external, nil }