proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-05 02:46:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

nhrpd: Close IPSec connection when tunnel protection removed

Browse Source 
Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
This commit is contained in:
Gaurav Goyal 2021-03-11 13:49:12 +13:00 committed by Reuben Dowle
parent 4cbaf956f6
commit 083bbfaebf
4 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nhrpd/nhrp_interface.c
View File

@ -465,11 +465,17 @@ void nhrp_interface_set_protection(struct interface *ifp, const char *profile,
struct nhrp_interface *nifp = ifp->info;
if (nifp->ipsec_profile)
{
vici_terminate_vc_by_profile_name(nifp->ipsec_profile);
free(nifp->ipsec_profile);
}
nifp->ipsec_profile = profile ? strdup(profile) : NULL;
if (nifp->ipsec_fallback_profile)
{
vici_terminate_vc_by_profile_name(nifp->ipsec_fallback_profile);
free(nifp->ipsec_fallback_profile);
}
nifp->ipsec_fallback_profile =
fallback_profile ? strdup(fallback_profile) : NULL;

3
nhrpd/nhrp_nhs.c
View File

@ -122,7 +122,8 @@ static int nhrp_reg_timeout(struct thread *t)
if(r->peer && r->peer->vc && r->peer->vc->ike_uniqueid)
{
debugf(NHRP_DEBUG_COMMON, "Terminating IPSec Connection for %d\n", r->peer->vc->ike_uniqueid);
vici_terminate_vc(r->peer->vc->ike_uniqueid);
vici_terminate_vc_by_ike_id(r->peer->vc->ike_uniqueid);
r->peer->vc->ike_uniqueid = 0;
}
r->timeout = 2;
}

3
nhrpd/nhrpd.h
View File

@ -400,7 +400,8 @@ void nhrp_vc_reset(void);
void vici_init(void);
void vici_terminate(void);
void vici_terminate_vc(unsigned int ike_id);
void vici_terminate_vc_by_profile_name(char *profile_name);
void vici_terminate_vc_by_ike_id(unsigned int ike_id);
void vici_request_vc(const char *profile, union sockunion *src,
union sockunion *dst, int prio);

12
nhrpd/vici.c
View File

@ -522,14 +522,18 @@ void vici_terminate(void)
{
}
void vici_terminate_vc(unsigned int ike_id)
void vici_terminate_vc_by_profile_name(char *profile_name)
{
struct vici_conn *vici = &vici_connection;
vici_submit_request(vici, "terminate", VICI_KEY_VALUE, "ike",
strlen(profile_name), profile_name, VICI_END);
}
void vici_terminate_vc_by_ike_id(unsigned int ike_id)
{
struct vici_conn *vici = &vici_connection;
char ike_id_str[10]={0};
snprintf(ike_id_str, sizeof(ike_id_str), "%d", ike_id);
debugf(NHRP_DEBUG_VICI,"ike_id_str = %s", ike_id_str);
vici_submit_request(vici, "terminate", VICI_KEY_VALUE, "ike-id",
strlen(ike_id_str), ike_id_str, VICI_END);
}