diff options
| author | Zoran Pericic <zpericic@netst.org> | 2020-01-25 19:38:39 +0100 |
|---|---|---|
| committer | Zoran Peričić <zpericic@netst.org> | 2020-10-12 19:34:53 +0200 |
| commit | 354196c027e81affb05163a6c3676eef1ba06dd9 (patch) | |
| tree | 21ba82f823b772d559f1d0b4a3a92fa136dca3c5 | |
| parent | Merge pull request #6927 from donaldsharp/16_coverity (diff) | |
| download | frr-354196c027e81affb05163a6c3676eef1ba06dd9.tar.xz frr-354196c027e81affb05163a6c3676eef1ba06dd9.zip | |
nhrp: Make vici socket path configurable
nhrp: Configure vici socket path using
configure --with-vici-socket=/var/run/charon.vici
If not specified default to /var/run/charon.vici
Signed-off-by: Zoran Peričić <zpericic@netst.org>
| -rwxr-xr-x | configure.ac | 8 | ||||
| -rw-r--r-- | doc/user/installation.rst | 4 | ||||
| -rw-r--r-- | nhrpd/README.nhrpd | 3 | ||||
| -rw-r--r-- | nhrpd/vici.c | 2 |
4 files changed, 15 insertions, 2 deletions
diff --git a/configure.ac b/configure.ac index 3cc74c411..8e86ba87f 100755 --- a/configure.ac +++ b/configure.ac @@ -139,6 +139,13 @@ AC_ARG_WITH([yangmodelsdir], [AS_HELP_STRING([--with-yangmodelsdir=DIR], [yang m ]) AC_SUBST([yangmodelsdir]) +AC_ARG_WITH([vici-socket], [AS_HELP_STRING([--with-vici-socket=PATH], [vici-socket (/var/run/charon.vici)])], [ + vici_socket="$withval" +], [ + vici_socket="/var/run/charon.vici" +]) +AC_DEFINE_UNQUOTED([VICI_SOCKET], ["$vici_socket"], [StrongSWAN vici socket path]) + AC_ARG_ENABLE(tcmalloc, AS_HELP_STRING([--enable-tcmalloc], [Turn on tcmalloc]), [case "${enableval}" in @@ -2512,6 +2519,7 @@ group for vty sockets : ${enable_vty_group} config file mask : ${enable_configfile_mask} log file mask : ${enable_logfile_mask} zebra protobuf enabled : ${enable_protobuf:-no} +vici socket path : ${vici_socket} The above user and group must have read/write access to the state file directory and to the config files in the config file directory." diff --git a/doc/user/installation.rst b/doc/user/installation.rst index 0fd33eace..ee06578b7 100644 --- a/doc/user/installation.rst +++ b/doc/user/installation.rst @@ -380,6 +380,10 @@ options to the configuration script. Look for YANG modules in `dir` [`prefix`/share/yang]. Note that the FRR YANG modules will be installed here. +.. option:: --with-vici-socket <path> + + Set StrongSWAN vici interface socket path [/var/run/charon.vici]. + Python dependency, documentation and tests ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/nhrpd/README.nhrpd b/nhrpd/README.nhrpd index 569b3f446..8bb5f69be 100644 --- a/nhrpd/README.nhrpd +++ b/nhrpd/README.nhrpd @@ -126,7 +126,8 @@ Integration with strongSwan Contrary to opennhrp, Quagga/NHRP has tight integration with IKE daemon. Currently strongSwan is supported using the VICI protocol. strongSwan -is connected using UNIX socket (hardcoded now as /var/run/charon.vici). +is connected using UNIX socket (default /var/run/charon.vici use configure +argument --with-vici-socket= to change). Thus nhrpd needs to be run as user that can open that file. Currently, you will need patched strongSwan. The working tree is at: diff --git a/nhrpd/vici.c b/nhrpd/vici.c index 2dc05a4aa..86554f53d 100644 --- a/nhrpd/vici.c +++ b/nhrpd/vici.c @@ -478,7 +478,7 @@ static int vici_reconnect(struct thread *t) if (vici->fd >= 0) return 0; - fd = sock_open_unix("/var/run/charon.vici"); + fd = sock_open_unix(VICI_SOCKET); if (fd < 0) { debugf(NHRP_DEBUG_VICI, "%s: failure connecting VICI socket: %s", __func__, |