|
|
@@ -69,8 +69,10 @@ func NlHandle() *netlink.Handle {
|
|
|
func getSupportedNlFamilies() []int {
|
|
|
fams := []int{syscall.NETLINK_ROUTE}
|
|
|
if err := loadXfrmModules(); err != nil {
|
|
|
- log.Warnf("Could not load necessary modules for IPSEC rules: %v", err)
|
|
|
- return fams
|
|
|
+ if checkXfrmSocket() != nil {
|
|
|
+ log.Warnf("Could not load necessary modules for IPSEC rules: %v", err)
|
|
|
+ return fams
|
|
|
+ }
|
|
|
}
|
|
|
return append(fams, syscall.NETLINK_XFRM)
|
|
|
}
|
|
|
@@ -84,3 +86,13 @@ func loadXfrmModules() error {
|
|
|
}
|
|
|
return nil
|
|
|
}
|
|
|
+
|
|
|
+// API check on required xfrm modules (xfrm_user, xfrm_algo)
|
|
|
+func checkXfrmSocket() error {
|
|
|
+ fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, syscall.NETLINK_XFRM)
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+ syscall.Close(fd)
|
|
|
+ return nil
|
|
|
+}
|
Madhu Venugopal