proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-07 17:18:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

nhrpd: Close IPSec connection when tunnel protection removed

Browse Source 
Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
This commit is contained in:
Gaurav Goyal 2021-03-11 13:49:12 +13:00 committed by Reuben Dowle
parent 4cbaf956f6
commit 083bbfaebf
4 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nhrpd/nhrp_interface.c
View File

@ -465,11 +465,17 @@ void nhrp_interface_set_protection(struct interface *ifp, const char *profile,
struct nhrp_interface *nifp = ifp->info; struct nhrp_interface *nifp = ifp->info;
if (nifp->ipsec_profile) if (nifp->ipsec_profile)
{
vici_terminate_vc_by_profile_name(nifp->ipsec_profile);
free(nifp->ipsec_profile); free(nifp->ipsec_profile);
}
nifp->ipsec_profile = profile ? strdup(profile) : NULL; nifp->ipsec_profile = profile ? strdup(profile) : NULL;
if (nifp->ipsec_fallback_profile) if (nifp->ipsec_fallback_profile)
{
vici_terminate_vc_by_profile_name(nifp->ipsec_fallback_profile);
free(nifp->ipsec_fallback_profile); free(nifp->ipsec_fallback_profile);
}
nifp->ipsec_fallback_profile = nifp->ipsec_fallback_profile =
fallback_profile ? strdup(fallback_profile) : NULL; fallback_profile ? strdup(fallback_profile) : NULL;

3
nhrpd/nhrp_nhs.c
View File

@ -122,7 +122,8 @@ static int nhrp_reg_timeout(struct thread *t)
if(r->peer && r->peer->vc && r->peer->vc->ike_uniqueid) if(r->peer && r->peer->vc && r->peer->vc->ike_uniqueid)
{ {
debugf(NHRP_DEBUG_COMMON, "Terminating IPSec Connection for %d\n", r->peer->vc->ike_uniqueid); debugf(NHRP_DEBUG_COMMON, "Terminating IPSec Connection for %d\n", r->peer->vc->ike_uniqueid);
vici_terminate_vc(r->peer->vc->ike_uniqueid); vici_terminate_vc_by_ike_id(r->peer->vc->ike_uniqueid);
r->peer->vc->ike_uniqueid = 0;
} }
r->timeout = 2; r->timeout = 2;
} }

3
nhrpd/nhrpd.h
View File

@ -400,7 +400,8 @@ void nhrp_vc_reset(void);
void vici_init(void); void vici_init(void);
void vici_terminate(void); void vici_terminate(void);
void vici_terminate_vc(unsigned int ike_id); void vici_terminate_vc_by_profile_name(char *profile_name);
void vici_terminate_vc_by_ike_id(unsigned int ike_id);
void vici_request_vc(const char *profile, union sockunion *src, void vici_request_vc(const char *profile, union sockunion *src,
union sockunion *dst, int prio); union sockunion *dst, int prio);

12
nhrpd/vici.c
View File

@ -522,14 +522,18 @@ void vici_terminate(void)
{ {
} }
void vici_terminate_vc(unsigned int ike_id) void vici_terminate_vc_by_profile_name(char *profile_name)
{
struct vici_conn *vici = &vici_connection;
vici_submit_request(vici, "terminate", VICI_KEY_VALUE, "ike",
strlen(profile_name), profile_name, VICI_END);
}
void vici_terminate_vc_by_ike_id(unsigned int ike_id)
{ {
struct vici_conn *vici = &vici_connection; struct vici_conn *vici = &vici_connection;
char ike_id_str[10]={0}; char ike_id_str[10]={0};
snprintf(ike_id_str, sizeof(ike_id_str), "%d", ike_id); snprintf(ike_id_str, sizeof(ike_id_str), "%d", ike_id);
debugf(NHRP_DEBUG_VICI,"ike_id_str = %s", ike_id_str);
vici_submit_request(vici, "terminate", VICI_KEY_VALUE, "ike-id", vici_submit_request(vici, "terminate", VICI_KEY_VALUE, "ike-id",
strlen(ike_id_str), ike_id_str, VICI_END); strlen(ike_id_str), ike_id_str, VICI_END);
} }