diff options
| author | Philippe Guibert <philippe.guibert@6wind.com> | 2019-07-16 15:21:29 +0200 |
|---|---|---|
| committer | Philippe Guibert <philippe.guibert@6wind.com> | 2021-04-09 18:29:58 +0200 |
| commit | 40307370446db46a08096368332aa21bd3f0ab71 (patch) | |
| tree | 31f0131eeb691f320e8ed796dae33ec9bd174425 /nhrpd | |
| parent | Merge pull request #8432 from ton31337/fix/use_bool_for_use32bit_asn (diff) | |
| download | frr-40307370446db46a08096368332aa21bd3f0ab71.tar.xz frr-40307370446db46a08096368332aa21bd3f0ab71.zip | |
nhrpd: lookup appropriate ipsec path
lookup appropriate ipsec path. there are systems where the path where
the charon.vici file is not in standard paths. For that, 'ipsec
--piddir' may help in solving the path.
result of ipsec --piddir is as follow for example:
'
/etc/ike/ipsec.d/run
'
Note that the assumption is done that even if there are several
instances of strongswan across the vrfs, the charon.vici path file is
the same across vrfs. Consequently, as there is a thread per vrf that
performs vici initialisation, and file path retrieval is part of the
vici initialisation procedure, in order to avoid intempestive system
calls, use a boolean 'vici_charon_filepath_done' to avoid doing
unnecessary calls.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Diffstat (limited to 'nhrpd')
| -rw-r--r-- | nhrpd/vici.c | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/nhrpd/vici.c b/nhrpd/vici.c index 9b117ddf0..c21e01601 100644 --- a/nhrpd/vici.c +++ b/nhrpd/vici.c @@ -470,10 +470,44 @@ static void vici_register_event(struct vici_conn *vici, const char *name) vici_submit(vici, obuf); } +static bool vici_charon_filepath_done; +static bool vici_charon_not_found; + +static char *vici_get_charon_filepath(void) +{ + static char buff[1200]; + FILE *fp; + char *ptr; + char line[1024]; + + if (vici_charon_filepath_done) + return (char *)buff; + fp = popen("ipsec --piddir", "r"); + if (!fp) { + if (!vici_charon_not_found) { + flog_err(EC_NHRP_SWAN, + "VICI: Failed to retrieve charon file path"); + vici_charon_not_found = true; + } + return NULL; + } + /* last line of output is used to get vici path */ + while (fgets(line, sizeof(line), fp) != NULL) { + ptr = strchr(line, '\n'); + if (ptr) + *ptr = '\0'; + snprintf(buff, sizeof(buff), "%s/charon.vici", line); + } + pclose(fp); + vici_charon_filepath_done = true; + return buff; +} + static int vici_reconnect(struct thread *t) { struct vici_conn *vici = THREAD_ARG(t); int fd; + char *file_path; vici->t_reconnect = NULL; if (vici->fd >= 0) @@ -481,6 +515,11 @@ static int vici_reconnect(struct thread *t) fd = sock_open_unix(VICI_SOCKET); if (fd < 0) { + file_path = vici_get_charon_filepath(); + if (file_path) + fd = sock_open_unix(file_path); + } + if (fd < 0) { debugf(NHRP_DEBUG_VICI, "%s: failure connecting VICI socket: %s", __func__, strerror(errno)); |