1c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh/* $NetBSD: session.c,v 1.7.6.2 2007/08/01 11:52:22 vanhu Exp $ */ 20a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 30a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* $KAME: session.c,v 1.32 2003/09/24 02:01:17 jinmei Exp $ */ 40a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 50a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 60a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 70a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * All rights reserved. 8c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * 90a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Redistribution and use in source and binary forms, with or without 100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * modification, are permitted provided that the following conditions 110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * are met: 120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 1. Redistributions of source code must retain the above copyright 130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer. 140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 2. Redistributions in binary form must reproduce the above copyright 150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer in the 160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * documentation and/or other materials provided with the distribution. 170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 3. Neither the name of the project nor the names of its contributors 180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * may be used to endorse or promote products derived from this software 190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * without specific prior written permission. 20c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * 210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * SUCH DAMAGE. 320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "config.h" 350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/types.h> 370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/param.h> 380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/time.h> 390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/socket.h> 400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if HAVE_SYS_WAIT_H 410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# include <sys/wait.h> 420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifndef WEXITSTATUS 440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# define WEXITSTATUS(s) ((unsigned)(s) >> 8) 450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifndef WIFEXITED 470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang# define WIFEXITED(s) (((s) & 255) == 0) 480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include PATH_IPSEC_H 510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <stdlib.h> 530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <stdio.h> 540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <string.h> 550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <errno.h> 560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_UNISTD_H 570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <unistd.h> 580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <signal.h> 600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/stat.h> 610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <paths.h> 620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <netinet/in.h> 640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <resolv.h> 650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "libpfkey.h" 670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "var.h" 690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "misc.h" 700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "vmbuf.h" 710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "plog.h" 720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "debug.h" 730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "schedule.h" 750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "session.h" 760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "grabmyaddr.h" 770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "evt.h" 780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "cfparse_proto.h" 790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_var.h" 800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_xauth.h" 810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_cfg.h" 820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "admin_var.h" 830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "admin.h" 840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "privsep.h" 850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "oakley.h" 860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "pfkey.h" 870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "handler.h" 880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "localconf.h" 890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "remoteconf.h" 900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "backupsa.h" 910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_NATT 920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "nattraversal.h" 930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 95c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "algorithm.h" /* XXX ??? */ 970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "sainfo.h" 990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void close_session __P((void)); 101c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehstatic void check_rtsock __P((void *)); 1020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void initfds __P((void)); 1030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void init_signal __P((void)); 1040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int set_signal __P((int sig, RETSIGTYPE (*func) __P((int)))); 1050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void check_sigreq __P((void)); 106c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehstatic void check_flushsa_stub __P((void *)); 1070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void check_flushsa __P((void)); 1080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int close_sockets __P((void)); 1090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 110c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehstatic fd_set mask0; 111c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehstatic fd_set maskdying; 1120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int nfds = 0; 1130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic volatile sig_atomic_t sigreq[NSIG + 1]; 114c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehstatic int dying = 0; 1150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 1170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangsession(void) 1180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 119c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh fd_set rfds; 1200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct timeval *timeout; 1210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error; 122c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct myaddrs *p; 1230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char pid_file[MAXPATHLEN]; 1240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang FILE *fp; 1250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pid_t racoon_pid = 0; 126c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh int i; 1270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* initialize schedular */ 1290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sched_init(); 130f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 131c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh init_signal(); 132f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh 1330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_ADMINPORT 1340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (admin_init() < 0) 135c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh exit(1); 136f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh#endif 1370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 138c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh initmyaddr(); 1390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 140c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (isakmp_init() < 0) 141c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh exit(1); 1420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 143c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh initfds(); 1440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 145f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh#ifdef ENABLE_NATT 146f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh natt_keepalive_init (); 147f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh#endif 1480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 149c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (privsep_init() != 0) 150c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh exit(1); 151c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 152c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh for (i = 0; i <= NSIG; i++) 153c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh sigreq[i] = 0; 154c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* write .pid file */ 156c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh racoon_pid = getpid(); 157c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (lcconf->pathinfo[LC_PATHTYPE_PIDFILE] == NULL) 1580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strlcpy(pid_file, _PATH_VARRUN "racoon.pid", MAXPATHLEN); 159c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh else if (lcconf->pathinfo[LC_PATHTYPE_PIDFILE][0] == '/') 1600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strlcpy(pid_file, lcconf->pathinfo[LC_PATHTYPE_PIDFILE], MAXPATHLEN); 1610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else { 1620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strlcat(pid_file, _PATH_VARRUN, MAXPATHLEN); 1630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strlcat(pid_file, lcconf->pathinfo[LC_PATHTYPE_PIDFILE], MAXPATHLEN); 164c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 1650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang fp = fopen(pid_file, "w"); 1660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (fp) { 1670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (fchmod(fileno(fp), 1680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) == -1) { 1690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang syslog(LOG_ERR, "%s", strerror(errno)); 1700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang fclose(fp); 1710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang exit(1); 1720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 173c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh fprintf(fp, "%ld\n", (long)racoon_pid); 174c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh fclose(fp); 1750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else { 1760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 1770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "cannot open %s", pid_file); 1780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 180f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh while (1) { 181c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (dying) 182c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh rfds = maskdying; 183c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh else 184c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh rfds = mask0; 185c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 1860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 1870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * asynchronous requests via signal. 1880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * make sure to reset sigreq to 0. 1890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 1900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang check_sigreq(); 1910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* scheduling */ 1930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang timeout = schedular(); 1940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 195c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh error = select(nfds, &rfds, (fd_set *)0, (fd_set *)0, timeout); 1960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (error < 0) { 1970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (errno) { 1980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case EINTR: 1990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 2000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 2010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 2020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to select (%s)\n", 2030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strerror(errno)); 2040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 2050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /*NOTREACHED*/ 2070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 209c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#ifdef ENABLE_ADMINPORT 210c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if ((lcconf->sock_admin != -1) && 211c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh (FD_ISSET(lcconf->sock_admin, &rfds))) 212c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh admin_handler(); 213c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#endif 214c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 215c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh for (p = lcconf->myaddrs; p; p = p->next) { 216c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (!p->addr) 217c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh continue; 218c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (FD_ISSET(p->sock, &rfds)) 219c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh isakmp_handler(p->sock); 2200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 222c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (FD_ISSET(lcconf->sock_pfkey, &rfds)) 223c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh pfkey_handler(); 224c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 225c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (lcconf->rtsock >= 0 && FD_ISSET(lcconf->rtsock, &rfds)) { 226c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (update_myaddrs() && lcconf->autograbaddr) 227c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh check_rtsock(NULL); 228c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh else 229c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh initfds(); 230c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 2310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 2330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* clear all status and exit program. */ 2350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void 2360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangclose_session() 2370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 238c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#ifdef ENABLE_FASTQUIT 2390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang flushph2(); 240c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#endif 2410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang flushph1(); 2420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang close_sockets(); 2430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang backupsa_clean(); 2440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 245c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_INFO, LOCATION, NULL, "racoon shutdown\n"); 246f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh exit(0); 2470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 2480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 249c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehstatic void 250c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehcheck_rtsock(unused) 251c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh void *unused; 252c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh{ 253c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh isakmp_close(); 254c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh grab_myaddrs(); 255c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh autoconf_myaddrsport(); 256c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh isakmp_open(); 257c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 258c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* initialize socket list again */ 259c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh initfds(); 260c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh} 261c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 262c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehstatic void 263c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehinitfds() 264c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh{ 265c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct myaddrs *p; 266c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 267c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh nfds = 0; 268c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 269c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh FD_ZERO(&mask0); 270c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh FD_ZERO(&maskdying); 271c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 272c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#ifdef ENABLE_ADMINPORT 273c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (lcconf->sock_admin != -1) { 274c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (lcconf->sock_admin >= FD_SETSIZE) { 275c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, "fd_set overrun\n"); 276c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh exit(1); 277c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 278c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh FD_SET(lcconf->sock_admin, &mask0); 279c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* XXX should we listen on admin socket when dying ? 280c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh */ 281c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#if 0 282c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh FD_SET(lcconf->sock_admin, &maskdying); 283c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#endif 284c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh nfds = (nfds > lcconf->sock_admin ? nfds : lcconf->sock_admin); 285c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 286c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#endif 287c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (lcconf->sock_pfkey >= FD_SETSIZE) { 288c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, "fd_set overrun\n"); 289c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh exit(1); 290c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 291c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh FD_SET(lcconf->sock_pfkey, &mask0); 292c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh FD_SET(lcconf->sock_pfkey, &maskdying); 293c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh nfds = (nfds > lcconf->sock_pfkey ? nfds : lcconf->sock_pfkey); 294c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (lcconf->rtsock >= 0) { 295c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (lcconf->rtsock >= FD_SETSIZE) { 296c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, "fd_set overrun\n"); 297c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh exit(1); 298c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 299c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh FD_SET(lcconf->rtsock, &mask0); 300c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh nfds = (nfds > lcconf->rtsock ? nfds : lcconf->rtsock); 301c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 302c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 303c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh for (p = lcconf->myaddrs; p; p = p->next) { 304c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (!p->addr) 305c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh continue; 306c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (p->sock >= FD_SETSIZE) { 307c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, "fd_set overrun\n"); 308c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh exit(1); 309c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 310c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh FD_SET(p->sock, &mask0); 311c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh nfds = (nfds > p->sock ? nfds : p->sock); 312c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 313c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh nfds++; 314c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh} 315c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 3160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int signals[] = { 3170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang SIGHUP, 3180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang SIGINT, 3190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang SIGTERM, 3200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang SIGUSR1, 3210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang SIGUSR2, 3220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang SIGCHLD, 3230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 0 3240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang}; 3250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 3270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * asynchronous requests will actually dispatched in the 3280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * main loop in session(). 3290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 3300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih WangRETSIGTYPE 3310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangsignal_handler(sig) 3320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int sig; 3330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 334c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* Do not just set it to 1, because we may miss some signals by just setting 335c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * values to 0/1 336c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh */ 337c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh sigreq[sig]++; 3380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 3390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* XXX possible mem leaks and no way to go back for now !!! 3420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 3430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void reload_conf(){ 3440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error; 3450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_HYBRID 3470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((isakmp_cfg_init(ISAKMP_CFG_INIT_WARM)) != 0) { 348c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 3490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "ISAKMP mode config structure reset failed, " 3500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "not reloading\n"); 3510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 3520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 3540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 355c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh save_sainfotree(); 3560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* TODO: save / restore / flush old lcconf (?) / rmtree 3580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 359c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh/* initlcconf();*/ /* racoon_conf ? ! */ 3600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 361c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh save_rmconf(); 362c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh initrmconf(); 3630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 364c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* Do a part of pfkey_init() ? 365c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * SPD reload ? 366c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh */ 367c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 3680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang save_params(); 3690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = cfparse(); 3700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (error != 0){ 3710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "config reload failed\n"); 3720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* We are probably in an inconsistant state... */ 3730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 3740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang restore_params(); 3760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 377c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#if 0 3780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (dump_config) 3790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dumprmconf (); 3800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 3810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 382c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* 383c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * init_myaddr() ? 384c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * If running in privilege separation, do not reinitialize 385c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * the IKE listener, as we will not have the right to 386c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * setsockopt(IP_IPSEC_POLICY). 387c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh */ 388c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (geteuid() == 0) 389c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh check_rtsock(NULL); 3900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Revalidate ph1 / ph2tree !!! 3920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * update ctdtree if removing some ph1 ! 3930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 3940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang revalidate_ph12(); 3950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Update ctdtree ? 3960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 3970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 398c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh save_sainfotree_flush(); 399c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh save_rmconf_flush(); 4000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 4010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void 4030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangcheck_sigreq() 4040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 405c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh int sig; 4060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 407c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* 408c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * XXX We are not able to tell if we got 409c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * several time the same signal. This is 410c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * not a problem for the current code, 411c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * but we shall remember this limitation. 412c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh */ 4130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (sig = 0; sig <= NSIG; sig++) { 4140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (sigreq[sig] == 0) 4150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang continue; 4160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 417c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh sigreq[sig]--; 4180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch(sig) { 4190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case 0: 4200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 421c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 422c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* Catch up childs, mainly scripts. 423c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh */ 4240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case SIGCHLD: 425c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh { 426c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh pid_t pid; 427c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh int s; 428c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 429c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh pid = wait(&s); 430c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 431c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh break; 4320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef DEBUG_RECORD_MALLOCATION 434c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* 435c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * XXX This operation is signal handler unsafe and may lead to 4360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * crashes and security breaches: See Henning Brauer talk at 4370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * EuroBSDCon 2005. Do not run in production with this option 4380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * enabled. 4390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 4400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case SIGUSR2: 4410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang DRM_dump(); 4420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 4440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case SIGHUP: 4460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* Save old configuration, load new one... */ 4470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang reload_conf(); 4480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case SIGINT: 451c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh case SIGTERM: 452c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_INFO, LOCATION, NULL, 4530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "caught signal %d\n", sig); 454c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh EVT_PUSH(NULL, NULL, EVTT_RACOON_QUIT, NULL); 455c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh pfkey_send_flush(lcconf->sock_pfkey, 456c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh SADB_SATYPE_UNSPEC); 457c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#ifdef ENABLE_FASTQUIT 4580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang close_session(); 459c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#else 460c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh sched_new(1, check_flushsa_stub, NULL); 461c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh#endif 462c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh dying = 1; 4630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 466c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_INFO, LOCATION, NULL, 4670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "caught signal %d\n", sig); 4680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 4690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 4720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 473c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh/* 474c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * waiting the termination of processing until sending DELETE message 475c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh * for all inbound SA will complete. 476c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh */ 477c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehstatic void 478c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehcheck_flushsa_stub(p) 479c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh void *p; 480c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh{ 481c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 482c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh check_flushsa(); 483c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh} 484c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 485c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehstatic void 486c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehcheck_flushsa() 487c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh{ 488c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh vchar_t *buf; 489c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct sadb_msg *msg, *end, *next; 490c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh struct sadb_sa *sa; 491c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh caddr_t mhp[SADB_EXT_MAX + 1]; 492c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh int n; 493c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 494c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh buf = pfkey_dump_sadb(SADB_SATYPE_UNSPEC); 495c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (buf == NULL) { 496c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_DEBUG, LOCATION, NULL, 497c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "pfkey_dump_sadb: returned nothing.\n"); 498c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh return; 499c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 500c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 501c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh msg = (struct sadb_msg *)buf->v; 502c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh end = (struct sadb_msg *)(buf->v + buf->l); 503c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 504c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh /* counting SA except of dead one. */ 505c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh n = 0; 506c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh while (msg < end) { 507c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (PFKEY_UNUNIT64(msg->sadb_msg_len) < sizeof(*msg)) 508c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh break; 509c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh next = (struct sadb_msg *)((caddr_t)msg + PFKEY_UNUNIT64(msg->sadb_msg_len)); 510c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (msg->sadb_msg_type != SADB_DUMP) { 511c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh msg = next; 512c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh continue; 513c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 514c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 515c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (pfkey_align(msg, mhp) || pfkey_check(mhp)) { 516c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 517c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "pfkey_check (%s)\n", ipsec_strerror()); 518c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh msg = next; 519c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh continue; 520c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 521c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 522c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh sa = (struct sadb_sa *)(mhp[SADB_EXT_SA]); 523c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (!sa) { 524c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh msg = next; 525c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh continue; 526c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 527c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 528c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (sa->sadb_sa_state != SADB_SASTATE_DEAD) { 529c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh n++; 530c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh msg = next; 531c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh continue; 532c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 533c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 534c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh msg = next; 535c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 536c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 537c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (buf != NULL) 538c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh vfree(buf); 539c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 540c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (n) { 541c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh sched_new(1, check_flushsa_stub, NULL); 542c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh return; 543c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 544c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 545c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh close_session(); 546c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh} 547c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 5480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void 5490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanginit_signal() 5500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 5510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int i; 5520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (i = 0; signals[i] != 0; i++) 5540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (set_signal(signals[i], signal_handler) < 0) { 5550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to set_signal (%s)\n", 5570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strerror(errno)); 5580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang exit(1); 5590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 5610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int 5630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangset_signal(sig, func) 5640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int sig; 5650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang RETSIGTYPE (*func) __P((int)); 5660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 5670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sigaction sa; 5680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memset((caddr_t)&sa, 0, sizeof(sa)); 5700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sa.sa_handler = func; 5710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sa.sa_flags = SA_RESTART; 5720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (sigemptyset(&sa.sa_mask) < 0) 5740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 5750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (sigaction(sig, &sa, (struct sigaction *)0) < 0) 5770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return(-1); 5780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 5800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 5810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int 5830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangclose_sockets() 5840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 585c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh isakmp_close(); 5860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang pfkey_close(lcconf->sock_pfkey); 5870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef ENABLE_ADMINPORT 5880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (void)admin_close(); 5890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 5900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 5910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 5921c71527b277e2dc256262da2ed2169c566c5bf4dChia-chi Yeh 593