[ovs-dev] [PATCH v2] ovs-monitor-ipsec: LibreSwan autodetect paths.

Wed, 20 Mar 2024 11:05:29 -0700 

In v4.0, LibreSwan changed a default paths that had been hardcoded in
ovs-monitor-ipsec, breaking some uses of this script. This patch adds
support for both old and newer versions by auto detecting the version
of LibreSwan and then choosing the correct path.

Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1975039
Reported-by: Qijun Ding <[email protected]>
Fixes: d6afbc00d5b3 ("ipsec: Allow custom file locations.")
Signed-off-by: Mike Pattrick <[email protected]>
---
v2: Don't extract variables from ipsec script
---
 ipsec/ovs-monitor-ipsec.in | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in
index 7945162f9..6a71d4f2f 100755
--- a/ipsec/ovs-monitor-ipsec.in
+++ b/ipsec/ovs-monitor-ipsec.in
@@ -21,6 +21,7 @@ import re
 import subprocess
 import sys
 from string import Template
+from packaging.version import parse
 
 import ovs.daemon
 import ovs.db.idl
@@ -457,14 +458,25 @@ conn prevent_unencrypted_vxlan
     CERTKEY_PREFIX = "ovs_certkey_"
 
     def __init__(self, libreswan_root_prefix, args):
+        # Collect version infromation
+        self.IPSEC = libreswan_root_prefix + "/usr/sbin/ipsec"
+        proc = subprocess.Popen([self.IPSEC, "--version"],
+                                stdout=subprocess.PIPE,
+                                encoding="latin1")
+        pout, perr = proc.communicate()
+
+        v = re.match("^Libreswan (.*)$", pout)
+        if v and parse(v.group(1)) >= parse("4.0"):
+            ipsec_d = args.ipsec_d if args.ipsec_d else "/var/lib/ipsec/nss"
+        else:
+            ipsec_d = args.ipsec_d if args.ipsec_d else "/etc/ipsec.d"
+
         ipsec_conf = args.ipsec_conf if args.ipsec_conf else "/etc/ipsec.conf"
-        ipsec_d = args.ipsec_d if args.ipsec_d else "/etc/ipsec.d"
         ipsec_secrets = (args.ipsec_secrets if args.ipsec_secrets
                         else "/etc/ipsec.secrets")
         ipsec_ctl = (args.ipsec_ctl if args.ipsec_ctl
                         else "/run/pluto/pluto.ctl")
 
-        self.IPSEC = libreswan_root_prefix + "/usr/sbin/ipsec"
         self.IPSEC_CONF = libreswan_root_prefix + ipsec_conf
         self.IPSEC_SECRETS = libreswan_root_prefix + ipsec_secrets
         self.IPSEC_D = "sql:" + libreswan_root_prefix + ipsec_d
-- 
2.39.3

_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to