From 8bc99ae906fb3db92ed03cd549d5d733b668544f Mon Sep 17 00:00:00 2001 From: Alessandro Boch Date: Mon, 25 Jul 2016 12:02:30 -0700 Subject: [PATCH] Check for advertise IP when deriving ipsec nodes - We need to compare the node notification IP with the advertise address otherwise when the advertise address is different from the local address (this is for the public address outside of the host that maps 1-to-1 to the local private address) the local IP will be acocunted as an ipsec host and extra states will be programmed for it. Signed-off-by: Alessandro Boch --- libnetwork/drivers/overlay/encryption.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libnetwork/drivers/overlay/encryption.go b/libnetwork/drivers/overlay/encryption.go index 6a97149af0..6c8573bbf4 100644 --- a/libnetwork/drivers/overlay/encryption.go +++ b/libnetwork/drivers/overlay/encryption.go @@ -95,7 +95,7 @@ func (d *driver) checkEncryption(nid string, rIP net.IP, vxlanID uint32, isLocal switch { case isLocal: if err := d.peerDbNetworkWalk(nid, func(pKey *peerKey, pEntry *peerEntry) bool { - if !lIP.Equal(pEntry.vtep) { + if !aIP.Equal(pEntry.vtep) { nodes[pEntry.vtep.String()] = pEntry.vtep } return false