diff options
| author | Gaurav Goyal <gaurav.goyal@4rf.com> | 2021-03-11 01:46:37 +0100 |
|---|---|---|
| committer | Reuben Dowle <reuben.dowle@4rf.com> | 2021-03-17 04:56:46 +0100 |
| commit | 4cbaf956f6d711d5ec39b7e62bf0ee1085d96a16 (patch) | |
| tree | 608d00d8825ff88a2c97e17ff2c71777e5ccb8b7 /nhrpd/vici.c | |
| parent | Merge pull request #8258 from volta-networks/feat_ldp_snmp_with_stats (diff) | |
| download | frr-4cbaf956f6d711d5ec39b7e62bf0ee1085d96a16.tar.xz frr-4cbaf956f6d711d5ec39b7e62bf0ee1085d96a16.zip | |
nhrpd: Retry IPSec if NHRP is repeatedly failing
This prevents a failed IPSec connection from preventing DMVPN from working.
A failure situation can be reproduced using a Cisco peer, and and disabling then
re-enabling the tunnel IPSec protection (after the IPSec connection has
already been established).
Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
Diffstat (limited to '')
| -rw-r--r-- | nhrpd/vici.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/nhrpd/vici.c b/nhrpd/vici.c index 86554f53d..2b5e0e56c 100644 --- a/nhrpd/vici.c +++ b/nhrpd/vici.c @@ -200,6 +200,7 @@ static void parse_sa_message(struct vici_message_ctx *ctx, nhrp_vc_ipsec_updown( sactx->child_uniqueid, vc); + vc->ike_uniqueid = sactx->ike_uniqueid; } } else { nhrp_vc_ipsec_updown(sactx->child_uniqueid, 0); @@ -521,6 +522,18 @@ void vici_terminate(void) { } +void vici_terminate_vc(unsigned int ike_id) +{ + struct vici_conn *vici = &vici_connection; + char ike_id_str[10]={0}; + snprintf(ike_id_str, sizeof(ike_id_str), "%d", ike_id); + debugf(NHRP_DEBUG_VICI,"ike_id_str = %s", ike_id_str); + + + vici_submit_request(vici, "terminate", VICI_KEY_VALUE, "ike-id", + strlen(ike_id_str), ike_id_str, VICI_END); +} + void vici_request_vc(const char *profile, union sockunion *src, union sockunion *dst, int prio) { |