diff options
author | Kim Hagen <khagen@multi-development.com> | 2014-09-04 11:34:33 +0200 |
---|---|---|
committer | Kim Hagen <khagen@multi-development.com> | 2014-09-04 11:34:33 +0200 |
commit | 379098c4c340b5bea669c768e6e882ece3438683 (patch) | |
tree | ebe9cef8389355402e462e074e48231496e7b3ae /scripts/vyos-update-nhrp.pl | |
parent | def221226078b4f92d68031555d0f5e5759019d7 (diff) | |
download | vyos-nhrp-379098c4c340b5bea669c768e6e882ece3438683.tar.gz vyos-nhrp-379098c4c340b5bea669c768e6e882ece3438683.zip |
Add check if tunnel is in use by NHRP and some code cleaning
Diffstat (limited to 'scripts/vyos-update-nhrp.pl')
-rw-r--r-- | scripts/vyos-update-nhrp.pl | 36 |
1 files changed, 22 insertions, 14 deletions
diff --git a/scripts/vyos-update-nhrp.pl b/scripts/vyos-update-nhrp.pl index 0b1ee43..e04503e 100644 --- a/scripts/vyos-update-nhrp.pl +++ b/scripts/vyos-update-nhrp.pl @@ -34,7 +34,7 @@ use Vyatta::Interface; use strict; use warnings; -my ($set_nhrp, $set_ipsec, $get_esp_gr_names, $get_ike_gr_names, $set_iptables, $del_iptables, $tun); +my ($checkref, $set_nhrp, $set_ipsec, $get_esp_gr_names, $get_ike_gr_names, $set_iptables, $del_iptables, $tun); my $conffile = '/etc/opennhrp/opennhrp.conf'; my $ipsecfile = '/etc/opennhrp/opennhrp.ipsec'; @@ -46,6 +46,18 @@ EOF exit 1; } +sub checkref { + my $config_nhrp_tun = new Vyatta::Config; + + $config_nhrp_tun->setLevel("protocols nhrp tunnel"); + my @nhrp_tunnels = $config_nhrp_tun->listNodes(); + + if ($tun ~~ @nhrp_tunnels) { + print ("WARNING: Can't delete tunnel $tun, it is in use by NHRP config.\n"); + exit 1; + } +} + sub get_esp_groups { my $group_names = ""; my $esp_groups = new Vyatta::Config; @@ -413,8 +425,8 @@ sub ipsec_config { } push(@conf_file, "\n"); } - } - } + } + } push(@conf_file, "\n"); return @conf_file; @@ -436,16 +448,10 @@ sub create_nhrp_iptables { } sub delete_nhrp_iptables { - my $config_tun = new Vyatta::Config; - - $config_tun->setLevel("interfaces tunnel"); - - if ( $config_tun->exists("$tun local-ip")) { - system ("sudo iptables -D OUTPUT -j VYOS_NHRP_${tun}_OUT_HOOK") == 0 or die "System call failed: $!"; - system ("sudo iptables -D VYOS_NHRP_${tun}_OUT_HOOK 1") == 0 or die "System call failed: $!"; - system ("sudo iptables -D VYOS_NHRP_${tun}_OUT_HOOK 1") == 0 or die "System call failed: $!"; - system ("sudo iptables -X VYOS_NHRP_${tun}_OUT_HOOK") == 0 or die "System call failed: $!"; - } + system ("sudo iptables -D OUTPUT -j VYOS_NHRP_${tun}_OUT_HOOK") == 0 or die "System call failed: $!"; + system ("sudo iptables -D VYOS_NHRP_${tun}_OUT_HOOK 1") == 0 or die "System call failed: $!"; + system ("sudo iptables -D VYOS_NHRP_${tun}_OUT_HOOK 1") == 0 or die "System call failed: $!"; + system ("sudo iptables -X VYOS_NHRP_${tun}_OUT_HOOK") == 0 or die "System call failed: $!"; } # @@ -453,15 +459,17 @@ sub delete_nhrp_iptables { # GetOptions ( + "checkref" => \$checkref, "set_ipsec" => \$set_ipsec, "set_nhrp" => \$set_nhrp, "get_esp_gr_names" => \$get_esp_gr_names, "get_ike_gr_names" => \$get_ike_gr_names, "set_iptables" => \$set_iptables, "del_iptables" => \$del_iptables, - "tun=s" => \$tun + "tun=s" => \$tun ) or usage (); +checkref() if $checkref; print get_esp_groups() if $get_esp_gr_names; print get_ike_groups() if $get_ike_gr_names; configure_nhrp_ipsec() if $set_ipsec; |