From 830ffffb6c1cb485b1aeb09d5787ea877126c851 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zoran=20Peri=C4=8Di=C4=87?= Date: Sun, 26 Jan 2020 02:58:06 +0100 Subject: [PATCH] Add patach for setting custom vici socket path. --- ...p-Make-vici-socket-path-configurable.patch | 93 +++++++++++++++++++ frr.spec | 2 + 2 files changed, 95 insertions(+) create mode 100644 0001-nhrp-Make-vici-socket-path-configurable.patch diff --git a/0001-nhrp-Make-vici-socket-path-configurable.patch b/0001-nhrp-Make-vici-socket-path-configurable.patch new file mode 100644 index 0000000..cdebab6 --- /dev/null +++ b/0001-nhrp-Make-vici-socket-path-configurable.patch @@ -0,0 +1,93 @@ +From 354196c027e81affb05163a6c3676eef1ba06dd9 Mon Sep 17 00:00:00 2001 +From: Zoran Pericic +Date: Sat, 25 Jan 2020 19:38:39 +0100 +Subject: [PATCH] nhrp: Make vici socket path configurable +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +nhrp: Configure vici socket path using + +configure --with-vici-socket=/var/run/charon.vici + +If not specified default to /var/run/charon.vici + +Signed-off-by: Zoran Peričić +--- + configure.ac | 8 ++++++++ + doc/user/installation.rst | 4 ++++ + nhrpd/README.nhrpd | 3 ++- + nhrpd/vici.c | 2 +- + 4 files changed, 15 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 3cc74c411..8e86ba87f 100755 +--- a/configure.ac ++++ b/configure.ac +@@ -139,6 +139,13 @@ AC_ARG_WITH([yangmodelsdir], [AS_HELP_STRING([--with-yangmodelsdir=DIR], [yang m + ]) + AC_SUBST([yangmodelsdir]) + ++AC_ARG_WITH([vici-socket], [AS_HELP_STRING([--with-vici-socket=PATH], [vici-socket (/var/run/charon.vici)])], [ ++ vici_socket="$withval" ++], [ ++ vici_socket="/var/run/charon.vici" ++]) ++AC_DEFINE_UNQUOTED([VICI_SOCKET], ["$vici_socket"], [StrongSWAN vici socket path]) ++ + AC_ARG_ENABLE(tcmalloc, + AS_HELP_STRING([--enable-tcmalloc], [Turn on tcmalloc]), + [case "${enableval}" in +@@ -2512,6 +2519,7 @@ group for vty sockets : ${enable_vty_group} + config file mask : ${enable_configfile_mask} + log file mask : ${enable_logfile_mask} + zebra protobuf enabled : ${enable_protobuf:-no} ++vici socket path : ${vici_socket} + + The above user and group must have read/write access to the state file + directory and to the config files in the config file directory." +diff --git a/doc/user/installation.rst b/doc/user/installation.rst +index 0fd33eace..ee06578b7 100644 +--- a/doc/user/installation.rst ++++ b/doc/user/installation.rst +@@ -380,6 +380,10 @@ options to the configuration script. + Look for YANG modules in `dir` [`prefix`/share/yang]. Note that the FRR + YANG modules will be installed here. + ++.. option:: --with-vici-socket ++ ++ Set StrongSWAN vici interface socket path [/var/run/charon.vici]. ++ + Python dependency, documentation and tests + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +diff --git a/nhrpd/README.nhrpd b/nhrpd/README.nhrpd +index 569b3f446..8bb5f69be 100644 +--- a/nhrpd/README.nhrpd ++++ b/nhrpd/README.nhrpd +@@ -126,7 +126,8 @@ Integration with strongSwan + + Contrary to opennhrp, Quagga/NHRP has tight integration with IKE daemon. + Currently strongSwan is supported using the VICI protocol. strongSwan +-is connected using UNIX socket (hardcoded now as /var/run/charon.vici). ++is connected using UNIX socket (default /var/run/charon.vici use configure ++argument --with-vici-socket= to change). + Thus nhrpd needs to be run as user that can open that file. + + Currently, you will need patched strongSwan. The working tree is at: +diff --git a/nhrpd/vici.c b/nhrpd/vici.c +index 2dc05a4aa..86554f53d 100644 +--- a/nhrpd/vici.c ++++ b/nhrpd/vici.c +@@ -478,7 +478,7 @@ static int vici_reconnect(struct thread *t) + if (vici->fd >= 0) + return 0; + +- fd = sock_open_unix("/var/run/charon.vici"); ++ fd = sock_open_unix(VICI_SOCKET); + if (fd < 0) { + debugf(NHRP_DEBUG_VICI, + "%s: failure connecting VICI socket: %s", __func__, +-- +2.26.2 + diff --git a/frr.spec b/frr.spec index 63405f1..0dc0035 100644 --- a/frr.spec +++ b/frr.spec @@ -35,6 +35,7 @@ Patch0002: 0002-enable-openssl.patch Patch0003: 0003-disable-eigrp-crypto.patch Patch0004: 0004-fips-mode.patch Patch0006: 0006-python-version.patch +Patch0060: 0001-nhrp-Make-vici-socket-path-configurable.patch %description FRRouting is free software that manages TCP/IP based routing protocols. It takes @@ -73,6 +74,7 @@ autoreconf -ivf --disable-babeld \ --with-moduledir=%{_libdir}/frr/modules \ --with-crypto=openssl \ + --with-vici-socket=/run/strongswan/charon.vici \ --enable-fpm %make_build MAKEINFO="makeinfo --no-split" PYTHON=%{__python3}