diff options
| -rw-r--r-- | nhrpd/nhrp_nhs.c | 8 | ||||
| -rw-r--r-- | nhrpd/nhrpd.h | 2 | ||||
| -rw-r--r-- | nhrpd/vici.c | 13 |
3 files changed, 23 insertions, 0 deletions
diff --git a/nhrpd/nhrp_nhs.c b/nhrpd/nhrp_nhs.c index 9ed03098a..31f20c067 100644 --- a/nhrpd/nhrp_nhs.c +++ b/nhrpd/nhrp_nhs.c @@ -117,7 +117,15 @@ static int nhrp_reg_timeout(struct thread *t) r->timeout <<= 1; if (r->timeout > 64) + { + //Remove the ipsec connection if it is there, it can get re-established later + if(r->peer && r->peer->vc && r->peer->vc->ike_uniqueid) + { + debugf(NHRP_DEBUG_COMMON, "Terminating IPSec Connection for %d\n", r->peer->vc->ike_uniqueid); + vici_terminate_vc(r->peer->vc->ike_uniqueid); + } r->timeout = 2; + } thread_add_timer_msec(master, nhrp_reg_send_req, r, 10, &r->t_register); return 0; diff --git a/nhrpd/nhrpd.h b/nhrpd/nhrpd.h index a36d0c445..37a9e338c 100644 --- a/nhrpd/nhrpd.h +++ b/nhrpd/nhrpd.h @@ -125,6 +125,7 @@ enum nhrp_notify_type { struct nhrp_vc { struct notifier_list notifier_list; uint32_t ipsec; + uint32_t ike_uniqueid; uint8_t updating; uint8_t abort_migration; @@ -399,6 +400,7 @@ void nhrp_vc_reset(void); void vici_init(void); void vici_terminate(void); +void vici_terminate_vc(unsigned int ike_id); void vici_request_vc(const char *profile, union sockunion *src, union sockunion *dst, int prio); diff --git a/nhrpd/vici.c b/nhrpd/vici.c index 86554f53d..2b5e0e56c 100644 --- a/nhrpd/vici.c +++ b/nhrpd/vici.c @@ -200,6 +200,7 @@ static void parse_sa_message(struct vici_message_ctx *ctx, nhrp_vc_ipsec_updown( sactx->child_uniqueid, vc); + vc->ike_uniqueid = sactx->ike_uniqueid; } } else { nhrp_vc_ipsec_updown(sactx->child_uniqueid, 0); @@ -521,6 +522,18 @@ void vici_terminate(void) { } +void vici_terminate_vc(unsigned int ike_id) +{ + struct vici_conn *vici = &vici_connection; + char ike_id_str[10]={0}; + snprintf(ike_id_str, sizeof(ike_id_str), "%d", ike_id); + debugf(NHRP_DEBUG_VICI,"ike_id_str = %s", ike_id_str); + + + vici_submit_request(vici, "terminate", VICI_KEY_VALUE, "ike-id", + strlen(ike_id_str), ike_id_str, VICI_END); +} + void vici_request_vc(const char *profile, union sockunion *src, union sockunion *dst, int prio) { |