summaryrefslogtreecommitdiff
path: root/scripts/vyos-update-nhrp.pl
diff options
context:
space:
mode:
authorKim Hagen <khagen@multi-development.com>2014-09-04 11:34:33 +0200
committerKim Hagen <khagen@multi-development.com>2014-09-04 11:34:33 +0200
commit379098c4c340b5bea669c768e6e882ece3438683 (patch)
treeebe9cef8389355402e462e074e48231496e7b3ae /scripts/vyos-update-nhrp.pl
parentdef221226078b4f92d68031555d0f5e5759019d7 (diff)
downloadvyos-nhrp-379098c4c340b5bea669c768e6e882ece3438683.tar.gz
vyos-nhrp-379098c4c340b5bea669c768e6e882ece3438683.zip
Add check if tunnel is in use by NHRP and some code cleaning
Diffstat (limited to 'scripts/vyos-update-nhrp.pl')
-rw-r--r--scripts/vyos-update-nhrp.pl36
1 files changed, 22 insertions, 14 deletions
diff --git a/scripts/vyos-update-nhrp.pl b/scripts/vyos-update-nhrp.pl
index 0b1ee43..e04503e 100644
--- a/scripts/vyos-update-nhrp.pl
+++ b/scripts/vyos-update-nhrp.pl
@@ -34,7 +34,7 @@ use Vyatta::Interface;
use strict;
use warnings;
-my ($set_nhrp, $set_ipsec, $get_esp_gr_names, $get_ike_gr_names, $set_iptables, $del_iptables, $tun);
+my ($checkref, $set_nhrp, $set_ipsec, $get_esp_gr_names, $get_ike_gr_names, $set_iptables, $del_iptables, $tun);
my $conffile = '/etc/opennhrp/opennhrp.conf';
my $ipsecfile = '/etc/opennhrp/opennhrp.ipsec';
@@ -46,6 +46,18 @@ EOF
exit 1;
}
+sub checkref {
+ my $config_nhrp_tun = new Vyatta::Config;
+
+ $config_nhrp_tun->setLevel("protocols nhrp tunnel");
+ my @nhrp_tunnels = $config_nhrp_tun->listNodes();
+
+ if ($tun ~~ @nhrp_tunnels) {
+ print ("WARNING: Can't delete tunnel $tun, it is in use by NHRP config.\n");
+ exit 1;
+ }
+}
+
sub get_esp_groups {
my $group_names = "";
my $esp_groups = new Vyatta::Config;
@@ -413,8 +425,8 @@ sub ipsec_config {
}
push(@conf_file, "\n");
}
- }
- }
+ }
+ }
push(@conf_file, "\n");
return @conf_file;
@@ -436,16 +448,10 @@ sub create_nhrp_iptables {
}
sub delete_nhrp_iptables {
- my $config_tun = new Vyatta::Config;
-
- $config_tun->setLevel("interfaces tunnel");
-
- if ( $config_tun->exists("$tun local-ip")) {
- system ("sudo iptables -D OUTPUT -j VYOS_NHRP_${tun}_OUT_HOOK") == 0 or die "System call failed: $!";
- system ("sudo iptables -D VYOS_NHRP_${tun}_OUT_HOOK 1") == 0 or die "System call failed: $!";
- system ("sudo iptables -D VYOS_NHRP_${tun}_OUT_HOOK 1") == 0 or die "System call failed: $!";
- system ("sudo iptables -X VYOS_NHRP_${tun}_OUT_HOOK") == 0 or die "System call failed: $!";
- }
+ system ("sudo iptables -D OUTPUT -j VYOS_NHRP_${tun}_OUT_HOOK") == 0 or die "System call failed: $!";
+ system ("sudo iptables -D VYOS_NHRP_${tun}_OUT_HOOK 1") == 0 or die "System call failed: $!";
+ system ("sudo iptables -D VYOS_NHRP_${tun}_OUT_HOOK 1") == 0 or die "System call failed: $!";
+ system ("sudo iptables -X VYOS_NHRP_${tun}_OUT_HOOK") == 0 or die "System call failed: $!";
}
#
@@ -453,15 +459,17 @@ sub delete_nhrp_iptables {
#
GetOptions (
+ "checkref" => \$checkref,
"set_ipsec" => \$set_ipsec,
"set_nhrp" => \$set_nhrp,
"get_esp_gr_names" => \$get_esp_gr_names,
"get_ike_gr_names" => \$get_ike_gr_names,
"set_iptables" => \$set_iptables,
"del_iptables" => \$del_iptables,
- "tun=s" => \$tun
+ "tun=s" => \$tun
) or usage ();
+checkref() if $checkref;
print get_esp_groups() if $get_esp_gr_names;
print get_ike_groups() if $get_ike_gr_names;
configure_nhrp_ipsec() if $set_ipsec;