diff options
| author | Mohit Mehta <mohit.mehta@vyatta.com> | 2010-01-28 14:04:37 -0800 |
|---|---|---|
| committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2010-01-28 14:04:37 -0800 |
| commit | 62b4829b1f4952fc708bbcf11d04caa75fadbdc7 (patch) | |
| tree | a74fb33ec4dcdd51d37eef5e278e1629b6fbf905 /scripts | |
| parent | 4457d6e964b82073719b48cb94d78662fbeeb794 (diff) | |
| download | vyatta-cfg-vpn-62b4829b1f4952fc708bbcf11d04caa75fadbdc7.tar.gz vyatta-cfg-vpn-62b4829b1f4952fc708bbcf11d04caa75fadbdc7.zip | |
remove dead code. we use 'ipsec update' to update changes to connections now
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/vpn-config.pl | 247 |
1 files changed, 0 insertions, 247 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index bcc0c0e..68d431d 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -1044,140 +1044,6 @@ sub write_config { close $output_secrets; } -sub partial_restart { - my ( $vcVPN, $conn_down, $conn_delete, $conn_replace, $conn_add, $conn_up ) = - @_; - - my $debug = 0; - - # - # - # Print configuration trees if debug enabled - # - - if ($debug) { - print "Modified configuration:\n"; - printTree(); - print "\n"; - print "\nUnmodified configuration:\n"; - printTreeOrig(); - print "\n"; - } - - # - # Add and modify connections individually - # - my %peers = $vcVPN->listNodeStatus('ipsec site-to-site peer'); - while ( my ( $peer, $peer_status ) = each %peers ) { - - if ( $peer_status eq 'added' ) { - my @tunnels = $vcVPN->listNodes("ipsec site-to-site peer $peer tunnel"); - foreach my $tunnel (@tunnels) { - addConnection( $peer, $tunnel, $conn_add, $conn_up ); - } - } elsif ( $peer_status eq 'changed' ) { - my $restart_all_tunnels = 0; - if ( - $vcVPN->isChangedOrDeleted( - "ipsec site-to-site peer $peer authentication") - ) - { - $restart_all_tunnels = 1; - } elsif ( - $vcVPN->isChangedOrDeleted("ipsec site-to-site peer $peer ike-group") ) - { - $restart_all_tunnels = 1; - } elsif ( - $vcVPN->isChangedOrDeleted("ipsec site-to-site peer $peer local-ip") ) - { - $restart_all_tunnels = 1; - } - my %tunnels = - $vcVPN->listNodeStatus("ipsec site-to-site peer $peer tunnel"); - while ( my ( $tunnel, $tunnel_status ) = each %tunnels ) { - - #first identify state change in disable node - my $state; - my $cur_state_disable = $vcVPN->exists( - "ipsec site-to-site peer $peer tunnel $tunnel disable"); - my $old_state_disable = $vcVPN->listOrigNodes( - "ipsec site-to-site peer $peer tunnel $tunnel disable"); - if ( defined $old_state_disable ) { - $old_state_disable = 1; - } else { - $old_state_disable = 0; - } - if ( $cur_state_disable && $old_state_disable ) { - - #no change, disabled - #suppress any action - $state = 0; - } elsif ( $cur_state_disable && !$old_state_disable ) { - - #change, enabled->disabled - #change replace to delete - $state = 1; - } elsif ( !$cur_state_disable && $old_state_disable ) { - - #change, disabled->enabled - #change, change replace to add - $state = 2; - } elsif ( !$cur_state_disable && !$old_state_disable ) { - - #no change, enabled - #change, noop - $state = 3; - } - - my $conn = "peer-$peer-tunnel-$tunnel"; - $conn =~ s/peer-@/peer-/; - if ( $tunnel_status eq 'added' ) { - if ( $state == 0 || $state == 1 ) { - - #noop - } else { - addConnection( $peer, $tunnel, $conn_add, $conn_up ); - } - } elsif ( $tunnel_status eq 'changed' ) { - if ( $state == 1 ) { - deleteConnection( $conn, $conn_down, $conn_delete ); - } elsif ( $state == 2 ) { - addConnection( $peer, $tunnel, $conn_add, $conn_up ); - } else { - replaceConnection( $peer, $tunnel, $conn_down, $conn_replace, - $conn_up ); - } - } elsif ( $tunnel_status eq 'deleted' ) { - deleteConnection( $conn, $conn_down, $conn_delete ); - } elsif ( $tunnel_status eq 'static' ) { - if ( $restart_all_tunnels - || dependenciesChanged( $vcVPN, $peer, $tunnel ) ) - { - replaceConnection( $peer, $tunnel, $conn_down, $conn_replace, - $conn_up ); - } - } - } - } elsif ( $peer_status eq 'deleted' ) { - my @tunnels = - $vcVPN->listOrigNodes("ipsec site-to-site peer $peer tunnel"); - foreach my $tunnel (@tunnels) { - my $conn = "peer-$peer-tunnel-$tunnel"; - $conn =~ s/peer-@/peer-/; - deleteConnection( $conn, $conn_down, $conn_delete ); - } - } elsif ( $peer_status eq 'static' ) { - my @tunnels = $vcVPN->listNodes("ipsec site-to-site peer $peer tunnel"); - foreach my $tunnel (@tunnels) { - if ( dependenciesChanged( $vcVPN, $peer, $tunnel ) ) { - replaceConnection( $peer, $tunnel, $conn_down, $conn_replace, - $conn_up ); - } - } - } - } -} - sub vpn_exec { my ( $command, $desc ) = @_; @@ -1245,119 +1111,6 @@ sub vpn_log { close $logfile; } -sub addConnection { - my ( $peer, $tunnel, $conn_add, $conn_up ) = @_; - my $conn = "peer-$peer-tunnel-$tunnel"; - $conn =~ s/peer-@/peer-/; - push( @$conn_add, $conn ); - if ( $peer ne '0.0.0.0' ) { - push( @$conn_up, $conn ); - } -} - -sub replaceConnection { - my ( $peer, $tunnel, $conn_down, $conn_replace, $conn_up ) = @_; - my $conn = "peer-$peer-tunnel-$tunnel"; - $conn =~ s/peer-@/peer-/; - push( @$conn_down, $conn ); - push( @$conn_replace, $conn ); - if ( $peer ne '0.0.0.0' ) { - push( @$conn_up, $conn ); - } -} - -sub deleteConnection { - my ( $conn, $conn_down, $conn_delete ) = @_; - push( @$conn_down, $conn ); - push( @$conn_delete, $conn ); -} - -sub isFullRestartRequired { - my ($vcVPN) = @_; - - my $restartf = 0; - - # - # Check for configuration differences - # - # - # See what has been changed - # - if ( $vcVPN->isChangedOrDeleted('ipsec copy-tos') ) { - - # - # Top level system parameter modified; full restart required - # - - $restartf = 1; - } elsif ( $vcVPN->isChangedOrDeleted('ipsec logging') ) { - - # - # Top level system parameter modified; full restart required - # - - $restartf = 1; - } elsif ( $vcVPN->isChangedOrDeleted('ipsec ipsec-interfaces') ) { - - # - # Top level system parameter modified; full restart required - # - - $restartf = 1; - } elsif ( $vcVPN->isChangedOrDeleted('ipsec nat-traversal') ) { - - # - # Top level system parameter modified; full restart required - # - - $restartf = 1; - } elsif ( $vcVPN->isChangedOrDeleted('ipsec nat-networks') ) { - - # - # Top level system parameter modified; full restart required - # - # FIXME: in reality this global doesn't affect every tunnel - - $restartf = 1; - } elsif ( hasLocalWildcard( $vcVPN, 0 ) != hasLocalWildcard( $vcVPN, 1 ) ) { - - # local wild card has changed. this affects ipsec-interfaces. - $restartf = 1; - } - - return $restartf; -} - -sub dependenciesChanged { - my ( $vcVPN, $peer, $tunnel ) = @_; - my $auth_mode = - $vcVPN->returnValue("ipsec site-to-site peer $peer authentication mode"); - if ( defined($auth_mode) && $auth_mode eq 'rsa' ) { - if ( $vcVPN->isChangedOrDeleted('rsa-keys local-key') ) { - return 1; - } - my $rsa_key_name = $vcVPN->returnValue( - "ipsec site-to-site peer $peer authentication rsa-key-name"); - if ( $vcVPN->isChangedOrDeleted("rsa-keys rsa-key-name $rsa_key_name") ) { - return 1; - } - } - - my $ike_group = - $vcVPN->returnValue("ipsec site-to-site peer $peer ike-group"); - if ( $vcVPN->isChangedOrDeleted("ipsec ike-group $ike_group") ) { - return 1; - } - - my $esp_group = $vcVPN->returnValue( - "ipsec site-to-site peer $peer tunnel $tunnel esp-group"); - if ( $vcVPN->isChangedOrDeleted("ipsec esp-group $esp_group") ) { - return 1; - } - - return 0; -} - sub printTree { my ( $vc, $path, $depth ) = @_; |