diff options
| author | Saurabh Mohan <saurabh.mohan@vyatta.com> | 2012-06-11 17:50:22 -0700 |
|---|---|---|
| committer | Saurabh Mohan <saurabh.mohan@vyatta.com> | 2012-06-11 17:50:22 -0700 |
| commit | bead91b5a008bf8c999db2cc59e34bbe640bcaa0 (patch) | |
| tree | 25fd304e7bf05907bd37f367f42e0e915bc2cfc5 | |
| parent | d519a894fcb07ed08577b7be9dfdb3efeafa980c (diff) | |
| download | vyatta-cfg-vpn-bead91b5a008bf8c999db2cc59e34bbe640bcaa0.tar.gz vyatta-cfg-vpn-bead91b5a008bf8c999db2cc59e34bbe640bcaa0.zip | |
VTI: Add support call for checking for vti interface name.
| -rwxr-xr-x | scripts/vti-up-down.sh | 2 | ||||
| -rwxr-xr-x | scripts/vyatta-vti-config.pl | 37 | ||||
| -rw-r--r-- | templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def | 2 |
3 files changed, 39 insertions, 2 deletions
diff --git a/scripts/vti-up-down.sh b/scripts/vti-up-down.sh index efa4118..60fc191 100755 --- a/scripts/vti-up-down.sh +++ b/scripts/vti-up-down.sh @@ -14,4 +14,4 @@ down-client) *) ;; esac - +exit 0 diff --git a/scripts/vyatta-vti-config.pl b/scripts/vyatta-vti-config.pl index aa1efee..57fded4 100755 --- a/scripts/vyatta-vti-config.pl +++ b/scripts/vyatta-vti-config.pl @@ -43,11 +43,13 @@ my $result = 0; my $updown=""; my $intfName=""; my $action=""; +my $checkref=""; GetOptions( "updown" => \$updown, "intf=s" => \$intfName, "action=s" => \$action, + "checkref" => \$checkref, ); @@ -68,6 +70,19 @@ if ($updown ne '') { } # +# --checkref --intf=<intfName> +# Return 1 if the interface reference exits. +# +if ($checkref ne '' ) { + if (!(defined $intfName) || $intfName eq '' ) { + # invalid + exit -1; + } + my $rval = vti_check_reference($intfName); + exit $rval; +} + +# # Prepare Vyatta::Config object # use Vyatta::Config; @@ -174,8 +189,28 @@ sub vti_handle_updown { use Vyatta::Config; my $vcIntf = new Vyatta::Config(); $vcIntf->setLevel('interfaces'); - my $disabled = $vcIntf->exists("vti $intfName disabled"); + my $disabled = $vcIntf->existsOrig("vti $intfName disabled"); if (!defined($disabled) || ! $disabled) { system("sudo /sbin/ip link set $intfName $action\n"); } } + +sub vti_check_reference { + my ($intfName) = @_; + use Vyatta::Config; + my $vcVPN = new Vyatta::Config(); + $vcVPN->setLevel('vpn ipsec site-to-site'); + my @peers = $vcVPN->listNodes('peer'); + if (@peers == 0) { + return 0; + } + foreach my $peer (@peers) { + if (! $vcVPN->exists("peer $peer vti")) { + next; + } + if ( $vcVPN->exists("peer $peer vti bind $intfName")) { + return 1; + } + } + return 0; +} diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def index 0841bd2..807ae5a 100644 --- a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def @@ -13,3 +13,5 @@ update: delete: sudo iptables -t mangle -D PREROUTING -s $VAR(../../@) -p esp -j MARK --set-mark $VAR(@) sudo iptables -t mangle -D PREROUTING -s $VAR(../../@) -p udp --dport 4500 -j MARK --set-mark $VAR(@) + # need a exit 0 because if there is no iptables entry then we want to keep the commit going. + exit 0 |