From 9fa04cd2b2e77a32bee61d5ebb64295ff05b7e8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ermal=20Lu=E7i?= Date: Sun, 4 Oct 2009 18:31:00 +0000 Subject: * Properly clean up SADB entries when uninstalling/updating policy rules. * Fix xml configuration of groups on neighbors. --- config/openbgpd/openbgpd.inc | 33 +++++++++++++++++++++++---------- config/openbgpd/openbgpd_neighbors.xml | 4 ++-- 2 files changed, 25 insertions(+), 12 deletions(-) (limited to 'config') diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc index d105a80e..35abc398 100644 --- a/config/openbgpd/openbgpd.inc +++ b/config/openbgpd/openbgpd.inc @@ -84,13 +84,12 @@ function openbgpd_install_conf() { if($neighbor['groupname'] == $group['name']) { $conffile .= " neighbor {$neighbor['neighbor']} {\n"; $conffile .= " descr \"{$neighbor['descr']}\"\n"; + $setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n"; if($neighbor['md5sigpass']) { - $setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n"; $setkeycf .= "add {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000 -A tcp-md5 \"{$neighbor['md5sigpass']}\";\n"; $conffile .= " tcp md5sig password {$neighbor['md5sigpass']}\n"; } if($neighbor['md5sigkey']) { - $setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n"; $setkeycf .= "add {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000 -A tcp-md5 0x{$neighbor['md5sigkey']};\n"; $conffile .= " tcp md5sig key {$neighbor['md5sigkey']}\n"; } @@ -112,13 +111,12 @@ function openbgpd_install_conf() { if($neighbor['groupname'] == "") { $conffile .= "neighbor {$neighbor['neighbor']} {\n"; $conffile .= " descr \"{$neighbor['descr']}\"\n"; + $setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n"; if ($neighbor['md5sigpass']) { - $setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n"; $setkeycf .= "add {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000 -A tcp-md5 \"{$neighbor['md5sigpass']}\";\n"; $conffile .= " tcp md5sig password {$neighbor['md5sigpass']}\n"; } if ($neighbor['md5sigkey']) { - $setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n"; $setkeycf .= "add {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000 -A tcp-md5 0x{$neighbor['md5sigkey']};\n"; $conffile .= " tcp md5sig key {$neighbor['md5sigkey']}\n"; } @@ -162,12 +160,10 @@ function openbgpd_install_conf() { exec("chmod u+rw /usr/local/etc/bgpd.conf"); // TCP-MD5 support on freebsd. See tcp(5) for more - if ($neighbor['md5sigpass'] <> "" || $neighbor['md5sigkey'] <> "") { - $fd = fopen("{$g['tmp_path']}/bgpdsetkey.conf", "w"); - fwrite($fd, $setkeycf ); - fclose($fd); - exec("setkey -f {$g['tmp_path']}/bgpdsetkey.conf"); - } + $fd = fopen("{$g['tmp_path']}/bgpdsetkey.conf", "w"); + fwrite($fd, $setkeycf ); + fclose($fd); + exec("setkey -f {$g['tmp_path']}/bgpdsetkey.conf"); // bgpd process running? if so reload, elsewise start. if(is_openbgpd_running() == true) { @@ -197,6 +193,23 @@ function openbgpd_put_raw_config($conffile) { } function deinstall_openbgpd() { + global $config, $g; + + if($config['installedpackages']['openbgpd']['config']) + $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0]; + if($config['installedpackages']['openbgpdneighbors']['config']) + $openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config']; + $setkeycf = ""; + if(is_array($openbgpd_neighbors)) { + foreach($openbgpd_neighbors as $neighbor) + $setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n"; + } + // Clear all SADB entries used. + $fd = fopen("{$g['tmp_path']}/bgpdsetkey.conf", "w"); + fwrite($fd, $setkeycf ); + fclose($fd); + exec("setkey -f {$g['tmp_path']}/bgpdsetkey.conf"); + exec("rm /usr/local/etc/rc.d/bgpd.sh"); exec("rm /usr/local/www/openbgpd_status.php"); exec("killall bgpd"); diff --git a/config/openbgpd/openbgpd_neighbors.xml b/config/openbgpd/openbgpd_neighbors.xml index cd2cffd9..2ab52bf0 100644 --- a/config/openbgpd/openbgpd_neighbors.xml +++ b/config/openbgpd/openbgpd_neighbors.xml @@ -173,7 +173,7 @@ } $newoptions['option'][$counter]['name'] = ""; $newoptions['option'][$counter]['value'] = ""; - $pkg['fields']['field'][2]['options'] = $newoptions; + $pkg['fields']['field'][4]['options'] = $newoptions; $counter = 0; foreach($pkg['fields']['field'] as $field) { if($field['name'] == "group") { @@ -185,7 +185,7 @@ } else { $newoptions['option'][0]['name'] = ""; $newoptions['option'][0]['value'] = ""; - $pkg['fields']['field'][2]['options'] =$newoptions; + $pkg['fields']['field'][4]['options'] =$newoptions; } -- cgit v1.2.3