* Properly clean up SADB entries when uninstalling/updating policy rules.

* Fix xml configuration of groups on neighbors.
author: Ermal Luçi <eri@pfsense.org> 2009-10-04 18:31:00 +0000
committer: Ermal Luçi <eri@pfsense.org> 2009-10-04 18:31:00 +0000
commit: 9fa04cd2b2e77a32bee61d5ebb64295ff05b7e8c (patch)
tree: 4030bdf1039466196ef69bf0ed3c1663092837ae /config/openbgpd
parent: eee5bc4a12d04fca359b9cd8785d9942d0c45362 (diff)
download: pfsense-packages-9fa04cd2b2e77a32bee61d5ebb64295ff05b7e8c.tar.gz
pfsense-packages-9fa04cd2b2e77a32bee61d5ebb64295ff05b7e8c.tar.bz2
pfsense-packages-9fa04cd2b2e77a32bee61d5ebb64295ff05b7e8c.zip
2 files changed, 25 insertions, 12 deletions
diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc
index d105a80e..35abc398 100644
--- a/config/openbgpd/openbgpd.inc
+++ b/config/openbgpd/openbgpd.inc
@@ -84,13 +84,12 @@ function openbgpd_install_conf() {
             if($neighbor['groupname'] == $group['name']) {
               $conffile .= "		neighbor {$neighbor['neighbor']} {\n";
               $conffile .= "		descr \"{$neighbor['descr']}\"\n";
+	      $setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n";
               if($neighbor['md5sigpass']) {
-		$setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n";
 		$setkeycf .= "add {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000 -A tcp-md5 \"{$neighbor['md5sigpass']}\";\n";
                 $conffile .= "		tcp md5sig password {$neighbor['md5sigpass']}\n";
 	      }
               if($neighbor['md5sigkey']) {
-		$setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n";
 		$setkeycf .= "add {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000 -A tcp-md5 0x{$neighbor['md5sigkey']};\n";
                 $conffile .= "		tcp md5sig key {$neighbor['md5sigkey']}\n";
 	      }
@@ -112,13 +111,12 @@ function openbgpd_install_conf() {
         if($neighbor['groupname'] == "") {
           $conffile .= "neighbor {$neighbor['neighbor']} {\n";
           $conffile .= "		descr \"{$neighbor['descr']}\"\n";
+	  $setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n";
 	  if  ($neighbor['md5sigpass']) {
-		$setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n";
 		$setkeycf .= "add {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000 -A tcp-md5 \"{$neighbor['md5sigpass']}\";\n";
 		$conffile .= "	tcp md5sig password {$neighbor['md5sigpass']}\n";
 	  }
 	  if ($neighbor['md5sigkey']) {
-		$setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n";
 		$setkeycf .= "add {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000 -A tcp-md5 0x{$neighbor['md5sigkey']};\n";
 		$conffile .= "	tcp md5sig key {$neighbor['md5sigkey']}\n";
 	  }
@@ -162,12 +160,10 @@ function openbgpd_install_conf() {
 	exec("chmod u+rw /usr/local/etc/bgpd.conf");
 	
 	// TCP-MD5 support on freebsd. See tcp(5) for more
-	if ($neighbor['md5sigpass'] <> "" || $neighbor['md5sigkey'] <> "") {
-		$fd = fopen("{$g['tmp_path']}/bgpdsetkey.conf", "w");
-		fwrite($fd, $setkeycf );
-		fclose($fd);
-		exec("setkey -f {$g['tmp_path']}/bgpdsetkey.conf");
-	}
+	$fd = fopen("{$g['tmp_path']}/bgpdsetkey.conf", "w");
+	fwrite($fd, $setkeycf );
+	fclose($fd);
+	exec("setkey -f {$g['tmp_path']}/bgpdsetkey.conf");
 
 	// bgpd process running?  if so reload, elsewise start.
 	if(is_openbgpd_running() == true) {
@@ -197,6 +193,23 @@ function openbgpd_put_raw_config($conffile) {
 }
 
 function deinstall_openbgpd() {
+	global $config, $g;
+
+	if($config['installedpackages']['openbgpd']['config'])
+		$openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0];
+	if($config['installedpackages']['openbgpdneighbors']['config'])
+		$openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config'];
+	$setkeycf = "";
+	if(is_array($openbgpd_neighbors)) {
+		foreach($openbgpd_neighbors as $neighbor)
+			$setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n";
+	}
+	// Clear all SADB entries used.
+	$fd = fopen("{$g['tmp_path']}/bgpdsetkey.conf", "w");
+        fwrite($fd, $setkeycf );
+        fclose($fd);
+        exec("setkey -f {$g['tmp_path']}/bgpdsetkey.conf");
+
 	exec("rm /usr/local/etc/rc.d/bgpd.sh");
 	exec("rm /usr/local/www/openbgpd_status.php");
 	exec("killall bgpd");
diff --git a/config/openbgpd/openbgpd_neighbors.xml b/config/openbgpd/openbgpd_neighbors.xml
index cd2cffd9..2ab52bf0 100644
--- a/config/openbgpd/openbgpd_neighbors.xml
+++ b/config/openbgpd/openbgpd_neighbors.xml
@@ -173,7 +173,7 @@
 			}	
 			$newoptions['option'][$counter]['name'] = "";
 			$newoptions['option'][$counter]['value'] = "";		
-			$pkg['fields']['field'][2]['options'] = $newoptions; 
+			$pkg['fields']['field'][4]['options'] = $newoptions;
 			$counter = 0;
 			foreach($pkg['fields']['field'] as $field) {
 				if($field['name'] == "group") {
@@ -185,7 +185,7 @@
 		} else {
 			$newoptions['option'][0]['name'] = "";
 			$newoptions['option'][0]['value'] = "";
-			$pkg['fields']['field'][2]['options'] =$newoptions;
+			$pkg['fields']['field'][4]['options'] =$newoptions;
 		}
 	</custom_php_command_before_form>
 	<custom_php_deinstall_command>
author	Ermal Luçi <eri@pfsense.org>	2009-10-04 18:31:00 +0000
committer	Ermal Luçi <eri@pfsense.org>	2009-10-04 18:31:00 +0000
commit	9fa04cd2b2e77a32bee61d5ebb64295ff05b7e8c (patch)
tree	4030bdf1039466196ef69bf0ed3c1663092837ae /config/openbgpd
parent	eee5bc4a12d04fca359b9cd8785d9942d0c45362 (diff)
download	pfsense-packages-9fa04cd2b2e77a32bee61d5ebb64295ff05b7e8c.tar.gz pfsense-packages-9fa04cd2b2e77a32bee61d5ebb64295ff05b7e8c.tar.bz2 pfsense-packages-9fa04cd2b2e77a32bee61d5ebb64295ff05b7e8c.zip