nhrpd: When IPsec profile is added or deleted, reset the vc and re-check peer

Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>

diff --git a/nhrpd/nhrp_interface.c b/nhrpd/nhrp_interface.c
index 9f531cf6be09d5a50ae619d1bcd7c4c921538f41..b348cc0deff4bf157d51a99caca6e586fc0c47a5 100644 (file)
--- a/nhrpd/nhrp_interface.c
+++ b/nhrpd/nhrp_interface.c
@@ -466,18 +466,20 @@ void nhrp_interface_set_protection(struct interface *ifp, const char *profile,
 
        if (nifp->ipsec_profile) {
                vici_terminate_vc_by_profile_name(nifp->ipsec_profile);
+               nhrp_vc_reset();
                free(nifp->ipsec_profile);
        }
        nifp->ipsec_profile = profile ? strdup(profile) : NULL;
 
        if (nifp->ipsec_fallback_profile) {
                vici_terminate_vc_by_profile_name(nifp->ipsec_fallback_profile);
+               nhrp_vc_reset();
                free(nifp->ipsec_fallback_profile);
        }
        nifp->ipsec_fallback_profile =
                fallback_profile ? strdup(fallback_profile) : NULL;
 
-       notifier_call(&nifp->notifier_list, NOTIFY_INTERFACE_ADDRESS_CHANGED);
+       notifier_call(&nifp->notifier_list, NOTIFY_INTERFACE_IPSEC_CHANGED);
 }
 
 void nhrp_interface_set_source(struct interface *ifp, const char *ifname)

diff --git a/nhrpd/nhrp_peer.c b/nhrpd/nhrp_peer.c
index 5e9929adeb78ca154f12146f5e1d5b9dec89e502..0d589e305668b97b079a691688e4de578a73e507 100644 (file)
--- a/nhrpd/nhrp_peer.c
+++ b/nhrpd/nhrp_peer.c
@@ -147,6 +147,10 @@ static void nhrp_peer_ifp_notify(struct notifier_block *n, unsigned long cmd)
        case NOTIFY_INTERFACE_ADDRESS_CHANGED:
                notifier_call(&p->notifier_list, NOTIFY_PEER_IFCONFIG_CHANGED);
                break;
+       case NOTIFY_INTERFACE_IPSEC_CHANGED:
+               __nhrp_peer_check(p);
+               notifier_call(&p->notifier_list, NOTIFY_PEER_IFCONFIG_CHANGED);
+               break;
        case NOTIFY_INTERFACE_MTU_CHANGED:
                notifier_call(&p->notifier_list, NOTIFY_PEER_MTU_CHANGED);
                break;

diff --git a/nhrpd/nhrpd.h b/nhrpd/nhrpd.h
index 66ca1eabfd80cdeb30764fe51ca7a5f1c8eeb455..3655463152e1666403b9efa84f6b909814d40de0 100644 (file)
--- a/nhrpd/nhrpd.h
+++ b/nhrpd/nhrpd.h
@@ -105,6 +105,7 @@ enum nhrp_notify_type {
        NOTIFY_INTERFACE_ADDRESS_CHANGED,
        NOTIFY_INTERFACE_NBMA_CHANGED,
        NOTIFY_INTERFACE_MTU_CHANGED,
+       NOTIFY_INTERFACE_IPSEC_CHANGED,
 
        NOTIFY_VC_IPSEC_CHANGED,
        NOTIFY_VC_IPSEC_UPDATE_NBMA,

diff --git a/nhrpd/vici.c b/nhrpd/vici.c
index fc51fe23670ccf45acb2de91e1a242957a83ec3e..9b117ddf0d91bfa1aac01748c5191d43f8b43f80 100644 (file)
--- a/nhrpd/vici.c
+++ b/nhrpd/vici.c
@@ -526,6 +526,7 @@ void vici_terminate_vc_by_profile_name(char *profile_name)
 {
        struct vici_conn *vici = &vici_connection;
 
+       debugf(NHRP_DEBUG_VICI, "Terminate profile = %s", profile_name);
        vici_submit_request(vici, "terminate", VICI_KEY_VALUE, "ike",
                    strlen(profile_name), profile_name, VICI_END);
 }
@@ -536,6 +537,7 @@ void vici_terminate_vc_by_ike_id(unsigned int ike_id)
        char ike_id_str[10];
 
        snprintf(ike_id_str, sizeof(ike_id_str), "%d", ike_id);
+       debugf(NHRP_DEBUG_VICI, "Terminate ike_id_str = %s", ike_id_str);
        vici_submit_request(vici, "terminate", VICI_KEY_VALUE, "ike-id",
                    strlen(ike_id_str), ike_id_str, VICI_END);
 }