From 9b552a7a61947a9d4d8f09b70a2032a0668d07a1 Mon Sep 17 00:00:00 2001
From: Alessandro Boch <aboch@users.noreply.github.com>
Date: Wed, 25 May 2016 11:10:56 -0700
Subject: [PATCH] Allow SPI to be passed in policy template (#127)

- It is part of the ID and it is needed when you
  program policies for different SAs which share
  same src and dst

Signed-off-by: Alessandro Boch <aboch@docker.com>
---
 xfrm_policy.go       | 5 +++--
 xfrm_policy_linux.go | 2 ++
 xfrm_policy_test.go  | 3 ++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/xfrm_policy.go b/xfrm_policy.go
index 26e0edd..c97ec43 100644
--- a/xfrm_policy.go
+++ b/xfrm_policy.go
@@ -43,12 +43,13 @@ type XfrmPolicyTmpl struct {
 	Src   net.IP
 	Proto Proto
 	Mode  Mode
+	Spi   int
 	Reqid int
 }
 
 func (t XfrmPolicyTmpl) String() string {
-	return fmt.Sprintf("{Dst: %v, Src: %v, Proto: %s, Mode: %s, Reqid: 0x%x}",
-		t.Dst, t.Src, t.Proto, t.Mode, t.Reqid)
+	return fmt.Sprintf("{Dst: %v, Src: %v, Proto: %s, Mode: %s, Spi: 0x%x, Reqid: 0x%x}",
+		t.Dst, t.Src, t.Proto, t.Mode, t.Spi, t.Reqid)
 }
 
 // XfrmPolicy represents an ipsec policy. It represents the overlay network
diff --git a/xfrm_policy_linux.go b/xfrm_policy_linux.go
index e35cdc0..c3d4e42 100644
--- a/xfrm_policy_linux.go
+++ b/xfrm_policy_linux.go
@@ -75,6 +75,7 @@ func (h *Handle) xfrmPolicyAddOrUpdate(policy *XfrmPolicy, nlProto int) error {
 		userTmpl.XfrmId.Daddr.FromIP(tmpl.Dst)
 		userTmpl.Saddr.FromIP(tmpl.Src)
 		userTmpl.XfrmId.Proto = uint8(tmpl.Proto)
+		userTmpl.XfrmId.Spi = nl.Swap32(uint32(tmpl.Spi))
 		userTmpl.Mode = uint8(tmpl.Mode)
 		userTmpl.Reqid = uint32(tmpl.Reqid)
 		userTmpl.Aalgos = ^uint32(0)
@@ -240,6 +241,7 @@ func parseXfrmPolicy(m []byte, family int) (*XfrmPolicy, error) {
 				resTmpl.Src = tmpl.Saddr.ToIP()
 				resTmpl.Proto = Proto(tmpl.XfrmId.Proto)
 				resTmpl.Mode = Mode(tmpl.Mode)
+				resTmpl.Spi = int(nl.Swap32(tmpl.XfrmId.Spi))
 				resTmpl.Reqid = int(tmpl.Reqid)
 				policy.Tmpls = append(policy.Tmpls, resTmpl)
 			}
diff --git a/xfrm_policy_test.go b/xfrm_policy_test.go
index 83280bf..f7d661b 100644
--- a/xfrm_policy_test.go
+++ b/xfrm_policy_test.go
@@ -147,7 +147,7 @@ func compareTemplates(a, b []XfrmPolicyTmpl) bool {
 	}
 	for i, ta := range a {
 		tb := b[i]
-		if !ta.Dst.Equal(tb.Dst) || !ta.Src.Equal(tb.Src) ||
+		if !ta.Dst.Equal(tb.Dst) || !ta.Src.Equal(tb.Src) || ta.Spi != tb.Spi ||
 			ta.Mode != tb.Mode || ta.Reqid != tb.Reqid || ta.Proto != tb.Proto {
 			return false
 		}
@@ -190,6 +190,7 @@ func getPolicy() *XfrmPolicy {
 		Dst:   net.ParseIP("127.0.0.2"),
 		Proto: XFRM_PROTO_ESP,
 		Mode:  XFRM_MODE_TUNNEL,
+		Spi:   0xabcdef99,
 	}
 	policy.Tmpls = append(policy.Tmpls, tmpl)
 	return policy