Merge branch 'pacifica' of http://git.vyatta.com/vyatta-cfg-vpn into pacifica

author: bharat <bharat@git.vyatta.com> 2012-10-04 11:57:20 -0700
committer: bharat <bharat@git.vyatta.com> 2012-10-04 11:57:20 -0700
commit: 1efd83dfa5851c82205357e8342747e0b7e1686d (patch)
tree: d8913e52094b6a569c5c3add63b6d35580442030
parent: 9f7b0b20d1730983c0c285718d2581811ab20c0b (diff)
parent: e1d9e468b36d421c9b0d371882e4301ad9a8fc29 (diff)
download: vyatta-cfg-vpn-1efd83dfa5851c82205357e8342747e0b7e1686d.tar.gz
vyatta-cfg-vpn-1efd83dfa5851c82205357e8342747e0b7e1686d.zip
3 files changed, 39 insertions, 4 deletions
diff --git a/debian/changelog b/debian/changelog
index 4040d00..78f7a3d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+vyatta-cfg-vpn (0.12.103) unstable; urgency=low
+
+  * Bugfix 8358: Handle vti tunnel src, dst changing while the bind
+    tunnel name stays the same.
+
+ -- Saurabh Mohan <saurabh@vyatta.com>  Tue, 18 Sep 2012 12:51:32 -0700
+
 vyatta-cfg-vpn (0.12.102) unstable; urgency=low
 
   * Bugfix 8289: Vti mark values should be implicit
diff --git a/scripts/vtiIntf.pm b/scripts/vtiIntf.pm
index 4844873..79d1551 100755
--- a/scripts/vtiIntf.pm
+++ b/scripts/vtiIntf.pm
@@ -30,6 +30,7 @@ use strict;
 
 # Collect set of existing Vti's.
 my %existingVtiName = ();
+my %existingVtibyName = ();
 my %existingVtiMark = ();
 my @VtiMarks;
 my $vtiMarkBase = 0x90000000;
@@ -46,6 +47,7 @@ sub discoverVtiIntfs {
     		$existingVtiName{$key} = $name;
     		$existingVtiMark{$key} = $mark;
     		$VtiMarks[$mark-$vtiMarkBase] = 1;
+            $existingVtibyName{$name} = 1;
     	}
     }
 }
@@ -140,4 +142,23 @@ sub freeVtiMark {
 	return 0;
 }
 
+sub isVtibynamepresent {
+    my ($name) = @_;
+    if (exists $existingVtibyName{$name} ) {
+        return $existingVtibyName{$name};
+    }
+    return 0;
+}
+
+sub deleteVtibyname {
+    my ($name) = @_;
+    if (exists $existingVtibyName{$name} ) {
+        delete $existingVtibyName{$name};
+    }
+}
+
+sub getVtibyNames {
+    return (\%existingVtibyName);
+}
+
 1;
diff --git a/scripts/vyatta-vti-config.pl b/scripts/vyatta-vti-config.pl
index 28ae548..2d3bcf9 100755
--- a/scripts/vyatta-vti-config.pl
+++ b/scripts/vyatta-vti-config.pl
@@ -124,7 +124,6 @@ if (!$vcVPN->exists('ipsec site-to-site') ) {
         my $tunName = $vcVPN->returnValue("ipsec site-to-site peer $peer vti bind");
         my $change = 0;
 
-        $vtiVpns{ $tunName } = 1;
         # Check local address is valid.
         if (!defined($lip)) {
             print STDERR "$vti_cfg_err local-address not defined.\n";
@@ -145,6 +144,8 @@ if (!$vcVPN->exists('ipsec site-to-site') ) {
 			    "tunnel name is empty.\n");
 	    }
         }
+        $vtiVpns{ $tunName } = 1;
+
         if (exists $binds{ $tunName }) {
                 vti_die(["vpn","ipsec","site-to-site","peer",$peer,"vti","bind"],
                     "vti bind $tunName already used.\n");
@@ -152,7 +153,7 @@ if (!$vcVPN->exists('ipsec site-to-site') ) {
             $binds{ $tunName } = 1;
         }
 
-        $gencmds .= "# For peer $peer local $lip.\n";
+        $gencmds .= "# For peer $peer local $lip, $tunName.\n";
         #
         # Get the tunnel parameters.
         #
@@ -168,7 +169,7 @@ if (!$vcVPN->exists('ipsec site-to-site') ) {
         # description.
         my $description = $vcIntf->returnValue("vti $tunName description");
 
-        # Check if the tunnel exists already.
+        # Check if the tunnel exists already: by tunnel addresses.
         my $vtiPresent = vtiIntf::isVtinamepresent($peer, $lip);
         if (defined($vtiPresent) && !($vtiPresent eq "")) {
             if ($vtiPresent ne $tunName) {
@@ -176,6 +177,7 @@ if (!$vcVPN->exists('ipsec site-to-site') ) {
 		my $currMark = vtiIntf::isVtimarkpresent($peer, $lip);
 		$gencmds .= "sudo /sbin/ip link delete $vtiPresent &> /dev/null\n";
 		$gencmds .= iptableDelMark($peer, $lip, $currMark);
+		vtiIntf::deleteVtibyname($vtiPresent);
                 $change = 1;
             }
         }
@@ -193,6 +195,7 @@ if (!$vcVPN->exists('ipsec site-to-site') ) {
         }
 
         vtiIntf::deleteVtinamepresent($peer, $lip);
+	vtiIntf::deleteVtibyname($tunName);
         if ($change eq 0) {
             next;
         }
@@ -279,14 +282,18 @@ sub cleanupVtiNotConfigured {
     # for all remaining entries in the Vtinamepresent hash
     # remove them from the system.
     my $localVtiNames = vtiIntf::getVtiNames();
+    my $localVtibyNames = vtiIntf::getVtibyNames();
     while (my ($tunKey, $presentVtiName) =  each(%$localVtiNames) ) {
         my ($remote, $local) = vtiIntf::extractRemoteLocal($tunKey);
         my $existingMark = vtiIntf::isVtimarkpresent($remote, $local);
         $gencmds .= "# For peer $remote local $local.\n";
-        $gencmds .= "sudo /sbin/ip link delete $presentVtiName &> /dev/null\n";
         $gencmds .= iptableDelMark($remote, $local, $existingMark);
         vtiIntf::freeVtiMark($existingMark);
     }
+    for my $name (keys %$localVtibyNames) {
+	$gencmds .= "#For tunnel name $name.\n";
+        $gencmds .= "sudo /sbin/ip link delete $name &> /dev/null\n";
+    }
 }
 
 sub execGenCmds {
author	bharat <bharat@git.vyatta.com>	2012-10-04 11:57:20 -0700
committer	bharat <bharat@git.vyatta.com>	2012-10-04 11:57:20 -0700
commit	1efd83dfa5851c82205357e8342747e0b7e1686d (patch)
tree	d8913e52094b6a569c5c3add63b6d35580442030
parent	9f7b0b20d1730983c0c285718d2581811ab20c0b (diff)
parent	e1d9e468b36d421c9b0d371882e4301ad9a8fc29 (diff)
download	vyatta-cfg-vpn-1efd83dfa5851c82205357e8342747e0b7e1686d.tar.gz vyatta-cfg-vpn-1efd83dfa5851c82205357e8342747e0b7e1686d.zip