0

我们为libcharon编写了一个插件,可以调用我们的代码。这在我们的应用程序和 strongswan 之间创建了一些不必要的耦合,因为我们正在使用这个插件编译 strongswan。

我们称这个插件为 MyPlugin。它的配置如下:

$ cat /etc/strongswan/strongswan.d/charon/myplugin.conf
myplugin {

    # Whether to load the plugin. Can also be an integer to increase the
    # priority of this plugin.
    load = yes

    proxy
    {
        # Should send to proxy
          send_to_proxy = yes
    }
    log
    {
                # Should save to file
                  log_path = /var/log/myplugin.log
                  log_ips = yes
    }
}

我们希望通过将此插件编译为我们应用程序的一部分,实现 strongswan 接口来扭转这种依赖关系。

问题是,strongswan 支持这个吗?插件可以部署在 strongswan 已经运行的机器上,并让 strongswan 加载并使用它吗?如何?

我们在 CentOS 6 上运行 strongswan 5.1.5。

4

1 回答 1

0

Yes, you can do this. However, there are some caveats:

  • strongSwan does not provide any stable APIs. So this only works safely if you compile your plugin against the headers of the strongSwan version that's eventually loading the plugin.
  • You will need config.h from the build you are compiling against (or of an equivalently configured build for the same platform). When compiling the plugin, you pass the path to it via -include.
  • Loading the plugin via config snippet requires an appropriate strongswan.conf file (i.e. enable modular plugin loading and include the config snippets in strongswan.d where you place a snippet for your plugin - the default should work fine).
  • There might be licensing issues with third-party plugins, whether out-of-tree or not (strongSwan is licensed under the GPLv2, however, a commercial license is available).

You can find an example of an out-of-tree plugin here.

于 2020-01-13T15:36:32.167 回答