69 lines
2.4 KiB
Diff
69 lines
2.4 KiB
Diff
From 1280a299c696ed925d02ad93d1af9af9dcf43621 Mon Sep 17 00:00:00 2001
|
|
From: root <root@dm4.st.test2.hr>
|
|
Date: Sat, 25 Jan 2020 19:38:39 +0100
|
|
Subject: [PATCH] nhrp: Configure vici socket path using configure
|
|
--with-vici-socket=/var/run/charon.vici (default)
|
|
|
|
---
|
|
configure.ac | 8 ++++++++
|
|
nhrpd/README.nhrpd | 3 ++-
|
|
nhrpd/vici.c | 2 +-
|
|
3 files changed, 11 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/configure.ac b/configure.ac
|
|
index c8371f304..2ef1c3fea 100755
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -139,6 +139,13 @@ AC_ARG_WITH([yangmodelsdir], [AS_HELP_STRING([--with-yangmodelsdir=DIR], [yang m
|
|
])
|
|
AC_SUBST([yangmodelsdir])
|
|
|
|
+AC_ARG_WITH([vici-socket], [AS_HELP_STRING([--with-vici-socket=DIR], [vici-socket (/var/run/charon.vici)])], [
|
|
+ vici_socket="$withval"
|
|
+], [
|
|
+ vici_socket="/var/run/charon.vici"
|
|
+])
|
|
+AC_DEFINE_UNQUOTED([VICI_SOCKET], ["$vici_socket"], [StrongSWAN vici interface])
|
|
+
|
|
AC_ARG_ENABLE(tcmalloc,
|
|
AS_HELP_STRING([--enable-tcmalloc], [Turn on tcmalloc]),
|
|
[case "${enableval}" in
|
|
@@ -2410,6 +2417,7 @@ group for vty sockets : ${enable_vty_group}
|
|
config file mask : ${enable_configfile_mask}
|
|
log file mask : ${enable_logfile_mask}
|
|
zebra protobuf enabled : ${enable_protobuf:-no}
|
|
+vici socket path : ${vici_socket}
|
|
|
|
The above user and group must have read/write access to the state file
|
|
directory and to the config files in the config file directory."
|
|
diff --git a/nhrpd/README.nhrpd b/nhrpd/README.nhrpd
|
|
index 569b3f446..8bb5f69be 100644
|
|
--- a/nhrpd/README.nhrpd
|
|
+++ b/nhrpd/README.nhrpd
|
|
@@ -126,7 +126,8 @@ Integration with strongSwan
|
|
|
|
Contrary to opennhrp, Quagga/NHRP has tight integration with IKE daemon.
|
|
Currently strongSwan is supported using the VICI protocol. strongSwan
|
|
-is connected using UNIX socket (hardcoded now as /var/run/charon.vici).
|
|
+is connected using UNIX socket (default /var/run/charon.vici use configure
|
|
+argument --with-vici-socket= to change).
|
|
Thus nhrpd needs to be run as user that can open that file.
|
|
|
|
Currently, you will need patched strongSwan. The working tree is at:
|
|
diff --git a/nhrpd/vici.c b/nhrpd/vici.c
|
|
index d6105b71d..86023e1f8 100644
|
|
--- a/nhrpd/vici.c
|
|
+++ b/nhrpd/vici.c
|
|
@@ -478,7 +478,7 @@ static int vici_reconnect(struct thread *t)
|
|
if (vici->fd >= 0)
|
|
return 0;
|
|
|
|
- fd = sock_open_unix("/var/run/charon.vici");
|
|
+ fd = sock_open_unix(VICI_SOCKET);
|
|
if (fd < 0) {
|
|
debugf(NHRP_DEBUG_VICI,
|
|
"%s: failure connecting VICI socket: %s",
|
|
--
|
|
2.24.1
|
|
|