From 40307370446db46a08096368332aa21bd3f0ab71 Mon Sep 17 00:00:00 2001
From: Philippe Guibert <philippe.guibert@6wind.com>
Date: Tue, 16 Jul 2019 15:21:29 +0200
Subject: nhrpd: lookup appropriate ipsec path

lookup appropriate ipsec path. there are systems where the path where
the charon.vici file is not in standard paths. For that, 'ipsec
--piddir' may help in solving the path.

result of ipsec --piddir is as follow for example:
'
/etc/ike/ipsec.d/run
'

Note that the assumption is done that even if there are several
instances of strongswan across the vrfs, the charon.vici path file is
the same across vrfs. Consequently, as there is a thread per vrf that
performs vici initialisation, and file path retrieval is part of the
vici initialisation procedure, in order to avoid intempestive system
calls, use a boolean 'vici_charon_filepath_done' to avoid doing
unnecessary calls.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
---
 nhrpd/vici.c | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

(limited to 'nhrpd')

diff --git a/nhrpd/vici.c b/nhrpd/vici.c
index 9b117ddf0..c21e01601 100644
--- a/nhrpd/vici.c
+++ b/nhrpd/vici.c
@@ -470,16 +470,55 @@ static void vici_register_event(struct vici_conn *vici, const char *name)
 	vici_submit(vici, obuf);
 }
 
+static bool vici_charon_filepath_done;
+static bool vici_charon_not_found;
+
+static char *vici_get_charon_filepath(void)
+{
+	static char buff[1200];
+	FILE *fp;
+	char *ptr;
+	char line[1024];
+
+	if (vici_charon_filepath_done)
+		return (char *)buff;
+	fp = popen("ipsec --piddir", "r");
+	if (!fp) {
+		if (!vici_charon_not_found) {
+			flog_err(EC_NHRP_SWAN,
+				 "VICI: Failed to retrieve charon file path");
+			vici_charon_not_found = true;
+		}
+		return NULL;
+	}
+	/* last line of output is used to get vici path */
+	while (fgets(line, sizeof(line), fp) != NULL) {
+		ptr = strchr(line, '\n');
+		if (ptr)
+			*ptr = '\0';
+		snprintf(buff, sizeof(buff), "%s/charon.vici", line);
+	}
+	pclose(fp);
+	vici_charon_filepath_done = true;
+	return buff;
+}
+
 static int vici_reconnect(struct thread *t)
 {
 	struct vici_conn *vici = THREAD_ARG(t);
 	int fd;
+	char *file_path;
 
 	vici->t_reconnect = NULL;
 	if (vici->fd >= 0)
 		return 0;
 
 	fd = sock_open_unix(VICI_SOCKET);
+	if (fd < 0) {
+		file_path = vici_get_charon_filepath();
+		if (file_path)
+			fd = sock_open_unix(file_path);
+	}
 	if (fd < 0) {
 		debugf(NHRP_DEBUG_VICI,
 		       "%s: failure connecting VICI socket: %s", __func__,
-- 
cgit v1.2.3