diff options
| author | Saurabh Mohan <saurabh.mohan@vyatta.com> | 2012-09-18 12:51:03 -0700 |
|---|---|---|
| committer | Saurabh Mohan <saurabh.mohan@vyatta.com> | 2012-09-18 12:51:03 -0700 |
| commit | e95a7cdb1fc869eaa2e63736e32db2ba5c8956f2 (patch) | |
| tree | dd0ccb4c7e6e659fbf7b5ea59f986118f0f18826 | |
| parent | 1a59e8708bb86801e916370cfbaf369ebd68ac09 (diff) | |
| download | vyatta-cfg-vpn-e95a7cdb1fc869eaa2e63736e32db2ba5c8956f2.tar.gz vyatta-cfg-vpn-e95a7cdb1fc869eaa2e63736e32db2ba5c8956f2.zip | |
Bugfix 8358: Handle vti tunnel src, dst changing while the bind tunnel name stays the same.
Fix the case when case the <peer,local-address> pairing changes but the tunnel
is still bound to the same vti tunnel interface name(vtiXX).
In that case when doing the cleanup do not delete the vti tunnel of the same
name.
Also fixed 8264: When the vti bind interface name is deleted.
| -rwxr-xr-x | scripts/vtiIntf.pm | 21 | ||||
| -rwxr-xr-x | scripts/vyatta-vti-config.pl | 15 |
2 files changed, 32 insertions, 4 deletions
diff --git a/scripts/vtiIntf.pm b/scripts/vtiIntf.pm index 4844873..79d1551 100755 --- a/scripts/vtiIntf.pm +++ b/scripts/vtiIntf.pm @@ -30,6 +30,7 @@ use strict; # Collect set of existing Vti's. my %existingVtiName = (); +my %existingVtibyName = (); my %existingVtiMark = (); my @VtiMarks; my $vtiMarkBase = 0x90000000; @@ -46,6 +47,7 @@ sub discoverVtiIntfs { $existingVtiName{$key} = $name; $existingVtiMark{$key} = $mark; $VtiMarks[$mark-$vtiMarkBase] = 1; + $existingVtibyName{$name} = 1; } } } @@ -140,4 +142,23 @@ sub freeVtiMark { return 0; } +sub isVtibynamepresent { + my ($name) = @_; + if (exists $existingVtibyName{$name} ) { + return $existingVtibyName{$name}; + } + return 0; +} + +sub deleteVtibyname { + my ($name) = @_; + if (exists $existingVtibyName{$name} ) { + delete $existingVtibyName{$name}; + } +} + +sub getVtibyNames { + return (\%existingVtibyName); +} + 1; diff --git a/scripts/vyatta-vti-config.pl b/scripts/vyatta-vti-config.pl index 28ae548..2d3bcf9 100755 --- a/scripts/vyatta-vti-config.pl +++ b/scripts/vyatta-vti-config.pl @@ -124,7 +124,6 @@ if (!$vcVPN->exists('ipsec site-to-site') ) { my $tunName = $vcVPN->returnValue("ipsec site-to-site peer $peer vti bind"); my $change = 0; - $vtiVpns{ $tunName } = 1; # Check local address is valid. if (!defined($lip)) { print STDERR "$vti_cfg_err local-address not defined.\n"; @@ -145,6 +144,8 @@ if (!$vcVPN->exists('ipsec site-to-site') ) { "tunnel name is empty.\n"); } } + $vtiVpns{ $tunName } = 1; + if (exists $binds{ $tunName }) { vti_die(["vpn","ipsec","site-to-site","peer",$peer,"vti","bind"], "vti bind $tunName already used.\n"); @@ -152,7 +153,7 @@ if (!$vcVPN->exists('ipsec site-to-site') ) { $binds{ $tunName } = 1; } - $gencmds .= "# For peer $peer local $lip.\n"; + $gencmds .= "# For peer $peer local $lip, $tunName.\n"; # # Get the tunnel parameters. # @@ -168,7 +169,7 @@ if (!$vcVPN->exists('ipsec site-to-site') ) { # description. my $description = $vcIntf->returnValue("vti $tunName description"); - # Check if the tunnel exists already. + # Check if the tunnel exists already: by tunnel addresses. my $vtiPresent = vtiIntf::isVtinamepresent($peer, $lip); if (defined($vtiPresent) && !($vtiPresent eq "")) { if ($vtiPresent ne $tunName) { @@ -176,6 +177,7 @@ if (!$vcVPN->exists('ipsec site-to-site') ) { my $currMark = vtiIntf::isVtimarkpresent($peer, $lip); $gencmds .= "sudo /sbin/ip link delete $vtiPresent &> /dev/null\n"; $gencmds .= iptableDelMark($peer, $lip, $currMark); + vtiIntf::deleteVtibyname($vtiPresent); $change = 1; } } @@ -193,6 +195,7 @@ if (!$vcVPN->exists('ipsec site-to-site') ) { } vtiIntf::deleteVtinamepresent($peer, $lip); + vtiIntf::deleteVtibyname($tunName); if ($change eq 0) { next; } @@ -279,14 +282,18 @@ sub cleanupVtiNotConfigured { # for all remaining entries in the Vtinamepresent hash # remove them from the system. my $localVtiNames = vtiIntf::getVtiNames(); + my $localVtibyNames = vtiIntf::getVtibyNames(); while (my ($tunKey, $presentVtiName) = each(%$localVtiNames) ) { my ($remote, $local) = vtiIntf::extractRemoteLocal($tunKey); my $existingMark = vtiIntf::isVtimarkpresent($remote, $local); $gencmds .= "# For peer $remote local $local.\n"; - $gencmds .= "sudo /sbin/ip link delete $presentVtiName &> /dev/null\n"; $gencmds .= iptableDelMark($remote, $local, $existingMark); vtiIntf::freeVtiMark($existingMark); } + for my $name (keys %$localVtibyNames) { + $gencmds .= "#For tunnel name $name.\n"; + $gencmds .= "sudo /sbin/ip link delete $name &> /dev/null\n"; + } } sub execGenCmds { |