diff options
| -rw-r--r-- | nhrpd/nhrp_interface.c | 6 | ||||
| -rw-r--r-- | nhrpd/nhrp_nhs.c | 15 | ||||
| -rw-r--r-- | nhrpd/vici.c | 4 |
3 files changed, 14 insertions, 11 deletions
diff --git a/nhrpd/nhrp_interface.c b/nhrpd/nhrp_interface.c index a328a91b1..9f531cf6b 100644 --- a/nhrpd/nhrp_interface.c +++ b/nhrpd/nhrp_interface.c @@ -464,15 +464,13 @@ void nhrp_interface_set_protection(struct interface *ifp, const char *profile, { struct nhrp_interface *nifp = ifp->info; - if (nifp->ipsec_profile) - { + if (nifp->ipsec_profile) { vici_terminate_vc_by_profile_name(nifp->ipsec_profile); free(nifp->ipsec_profile); } nifp->ipsec_profile = profile ? strdup(profile) : NULL; - if (nifp->ipsec_fallback_profile) - { + if (nifp->ipsec_fallback_profile) { vici_terminate_vc_by_profile_name(nifp->ipsec_fallback_profile); free(nifp->ipsec_fallback_profile); } diff --git a/nhrpd/nhrp_nhs.c b/nhrpd/nhrp_nhs.c index 2a871ee08..de1bdbd16 100644 --- a/nhrpd/nhrp_nhs.c +++ b/nhrpd/nhrp_nhs.c @@ -116,12 +116,15 @@ static int nhrp_reg_timeout(struct thread *t) } r->timeout <<= 1; - if (r->timeout > 64) - { - //Remove the ipsec connection if it is there, it can get re-established later - if(r->peer && r->peer->vc && r->peer->vc->ike_uniqueid) - { - debugf(NHRP_DEBUG_COMMON, "Terminating IPSec Connection for %d\n", r->peer->vc->ike_uniqueid); + if (r->timeout > 64) { + /* If registration fails repeatedly, this may be because the + * IPSec connection is not working. Close the connection so it + * can be re-established correctly + */ + if (r->peer && r->peer->vc && r->peer->vc->ike_uniqueid) { + debugf(NHRP_DEBUG_COMMON, + "Terminating IPSec Connection for %d\n", + r->peer->vc->ike_uniqueid); vici_terminate_vc_by_ike_id(r->peer->vc->ike_uniqueid); r->peer->vc->ike_uniqueid = 0; } diff --git a/nhrpd/vici.c b/nhrpd/vici.c index cce3947ee..fc51fe236 100644 --- a/nhrpd/vici.c +++ b/nhrpd/vici.c @@ -525,6 +525,7 @@ void vici_terminate(void) void vici_terminate_vc_by_profile_name(char *profile_name) { struct vici_conn *vici = &vici_connection; + vici_submit_request(vici, "terminate", VICI_KEY_VALUE, "ike", strlen(profile_name), profile_name, VICI_END); } @@ -532,7 +533,8 @@ void vici_terminate_vc_by_profile_name(char *profile_name) void vici_terminate_vc_by_ike_id(unsigned int ike_id) { struct vici_conn *vici = &vici_connection; - char ike_id_str[10]={0}; + char ike_id_str[10]; + snprintf(ike_id_str, sizeof(ike_id_str), "%d", ike_id); vici_submit_request(vici, "terminate", VICI_KEY_VALUE, "ike-id", strlen(ike_id_str), ike_id_str, VICI_END); |