diff options
Diffstat (limited to 'src/starter')
| -rw-r--r-- | src/starter/starter.c | 927 | ||||
| -rw-r--r-- | src/starter/starterstroke.c | 213 |
2 files changed, 603 insertions, 537 deletions
diff --git a/src/starter/starter.c b/src/starter/starter.c index ee7eae3bd..88e190e1d 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -55,534 +55,595 @@ static unsigned int _action_ = 0; static void fsig(int signal) { - switch (signal) - { + switch (signal) + { case SIGCHLD: - { - int status; - pid_t pid; - char *name = NULL; - - while ((pid = waitpid(-1, &status, WNOHANG)) > 0) - { - if (pid == starter_pluto_pid()) - name = " (Pluto)"; - if (pid == starter_charon_pid()) - name = " (Charon)"; - if (WIFSIGNALED(status)) - DBG(DBG_CONTROL, - DBG_log("child %d%s has been killed by sig %d\n", - pid, name?name:"", WTERMSIG(status)) - ) - else if (WIFSTOPPED(status)) - DBG(DBG_CONTROL, - DBG_log("child %d%s has been stopped by sig %d\n", - pid, name?name:"", WSTOPSIG(status)) - ) - else if (WIFEXITED(status)) - DBG(DBG_CONTROL, - DBG_log("child %d%s has quit (exit code %d)\n", - pid, name?name:"", WEXITSTATUS(status)) - ) - else - DBG(DBG_CONTROL, - DBG_log("child %d%s has quit", pid, name?name:"") - ) - - if (pid == starter_pluto_pid()) - starter_pluto_sigchild(pid); - if (pid == starter_charon_pid()) - starter_charon_sigchild(pid); - } - } - break; - - case SIGPIPE: - /** ignore **/ - break; - - case SIGALRM: - _action_ |= FLAG_ACTION_START_PLUTO; - _action_ |= FLAG_ACTION_START_CHARON; - break; - - case SIGHUP: - _action_ |= FLAG_ACTION_UPDATE; - break; - - case SIGTERM: - case SIGQUIT: - case SIGINT: - _action_ |= FLAG_ACTION_QUIT; - break; - - case SIGUSR1: - _action_ |= FLAG_ACTION_RELOAD; - _action_ |= FLAG_ACTION_UPDATE; - break; - - default: - plog("fsig(): unknown signal %d -- investigate", signal); - break; + { + int status; + pid_t pid; + char *name = NULL; + + while ((pid = waitpid(-1, &status, WNOHANG)) > 0) + { + if (pid == starter_pluto_pid()) + name = " (Pluto)"; + if (pid == starter_charon_pid()) + name = " (Charon)"; + if (WIFSIGNALED(status)) + DBG(DBG_CONTROL, + DBG_log("child %d%s has been killed by sig %d\n", + pid, name?name:"", WTERMSIG(status)) + ) + else if (WIFSTOPPED(status)) + DBG(DBG_CONTROL, + DBG_log("child %d%s has been stopped by sig %d\n", + pid, name?name:"", WSTOPSIG(status)) + ) + else if (WIFEXITED(status)) + DBG(DBG_CONTROL, + DBG_log("child %d%s has quit (exit code %d)\n", + pid, name?name:"", WEXITSTATUS(status)) + ) + else + DBG(DBG_CONTROL, + DBG_log("child %d%s has quit", pid, name?name:"") + ) + if (pid == starter_pluto_pid()) + starter_pluto_sigchild(pid); + if (pid == starter_charon_pid()) + starter_charon_sigchild(pid); + } + } + break; + + case SIGPIPE: + /** ignore **/ + break; + + case SIGALRM: + _action_ |= FLAG_ACTION_START_PLUTO; + _action_ |= FLAG_ACTION_START_CHARON; + break; + + case SIGHUP: + _action_ |= FLAG_ACTION_UPDATE; + break; + + case SIGTERM: + case SIGQUIT: + case SIGINT: + _action_ |= FLAG_ACTION_QUIT; + break; + + case SIGUSR1: + _action_ |= FLAG_ACTION_RELOAD; + _action_ |= FLAG_ACTION_UPDATE; + break; + + default: + plog("fsig(): unknown signal %d -- investigate", signal); + break; } } static void usage(char *name) { - fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>] " - "[--debug|--debug-more|--debug-all]\n"); - exit(1); + fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>] " + "[--debug|--debug-more|--debug-all]\n"); + exit(1); } int main (int argc, char **argv) { - starter_config_t *cfg = NULL; - starter_config_t *new_cfg; - starter_conn_t *conn, *conn2; - starter_ca_t *ca, *ca2; + starter_config_t *cfg = NULL; + starter_config_t *new_cfg; + starter_conn_t *conn, *conn2; + starter_ca_t *ca, *ca2; - struct stat stb; + struct stat stb; - char *err = NULL; - int i; - int id = 1; - struct timeval tv; - unsigned long auto_update = 0; - time_t last_reload; - bool no_fork = FALSE; + char *err = NULL; + int i; + int id = 1; + struct timeval tv; + unsigned long auto_update = 0; + time_t last_reload; + bool no_fork = FALSE; - /* global variables defined in log.h */ - log_to_stderr = TRUE; - base_debugging = DBG_NONE; + /* global variables defined in log.h */ + log_to_stderr = TRUE; + base_debugging = DBG_NONE; /* parse command line */ - for (i = 1; i < argc; i++) + for (i = 1; i < argc; i++) + { + if (streq(argv[i], "--debug")) { - if (streq(argv[i], "--debug")) - { - base_debugging |= DBG_CONTROL; - } - else if (streq(argv[i], "--debug-more")) - { - base_debugging |= DBG_CONTROLMORE; - } - else if (streq(argv[i], "--debug-all")) - { - base_debugging |= DBG_ALL; - } - else if (streq(argv[i], "--nofork")) - { - no_fork = TRUE; - } - else if (streq(argv[i], "--auto-update") && i+1 < argc) - { - auto_update = atoi(argv[++i]); - if (!auto_update) - usage(argv[0]); - } - else - { - usage(argv[0]); - } + base_debugging |= DBG_CONTROL; } - - /* Init */ - init_log("ipsec_starter"); - cur_debugging = base_debugging; - - signal(SIGHUP, fsig); - signal(SIGCHLD, fsig); - signal(SIGPIPE, fsig); - signal(SIGINT, fsig); - signal(SIGTERM, fsig); - signal(SIGQUIT, fsig); - signal(SIGALRM, fsig); - signal(SIGUSR1, fsig); - - plog("Starting strongSwan %s IPsec [starter]...", ipsec_version_code()); - - /* verify that we can start */ - if (getuid() != 0) + else if (streq(argv[i], "--debug-more")) { - plog("permission denied (must be superuser)"); - exit(1); + base_debugging |= DBG_CONTROLMORE; } - - if (stat(PLUTO_PID_FILE, &stb) == 0) + else if (streq(argv[i], "--debug-all")) { - plog("pluto is already running (%s exists) -- skipping pluto start", PLUTO_PID_FILE); + base_debugging |= DBG_ALL; } - else + else if (streq(argv[i], "--nofork")) { - _action_ |= FLAG_ACTION_START_PLUTO; + no_fork = TRUE; } - if (stat(CHARON_PID_FILE, &stb) == 0) + else if (streq(argv[i], "--auto-update") && i+1 < argc) { - plog("charon is already running (%s exists) -- skipping charon start", CHARON_PID_FILE); + auto_update = atoi(argv[++i]); + if (!auto_update) + usage(argv[0]); } else { - _action_ |= FLAG_ACTION_START_CHARON; - } - if (stat(DEV_RANDOM, &stb) != 0) - { - plog("unable to start strongSwan IPsec -- no %s!", DEV_RANDOM); - exit(1); + usage(argv[0]); } + } - if (stat(DEV_URANDOM, &stb)!= 0) - { - plog("unable to start strongSwan IPsec -- no %s!", DEV_URANDOM); - exit(1); - } + /* Init */ + init_log("ipsec_starter"); + cur_debugging = base_debugging; - cfg = confread_load(CONFIG_FILE); - if (!cfg) - { - plog("unable to start strongSwan -- errors in config"); - exit(1); - } + signal(SIGHUP, fsig); + signal(SIGCHLD, fsig); + signal(SIGPIPE, fsig); + signal(SIGINT, fsig); + signal(SIGTERM, fsig); + signal(SIGQUIT, fsig); + signal(SIGALRM, fsig); + signal(SIGUSR1, fsig); - /* determine if we have a native netkey IPsec stack */ - if (!starter_netkey_init()) - { - plog("nor netkey IPSec stack detected"); - exit(1); - } + plog("Starting strongSwan %s IPsec [starter]...", ipsec_version_code()); - last_reload = time(NULL); + /* verify that we can start */ + if (getuid() != 0) + { + plog("permission denied (must be superuser)"); + exit(1); + } - if (stat(STARTER_PID_FILE, &stb) == 0) - { - plog("starter is already running (%s exists) -- no fork done", STARTER_PID_FILE); - exit(0); - } + if (stat(PLUTO_PID_FILE, &stb) == 0) + { + plog("pluto is already running (%s exists) -- skipping pluto start", PLUTO_PID_FILE); + } + else + { + _action_ |= FLAG_ACTION_START_PLUTO; + } + if (stat(CHARON_PID_FILE, &stb) == 0) + { + plog("charon is already running (%s exists) -- skipping charon start", CHARON_PID_FILE); + } + else + { + _action_ |= FLAG_ACTION_START_CHARON; + } + if (stat(DEV_RANDOM, &stb) != 0) + { + plog("unable to start strongSwan IPsec -- no %s!", DEV_RANDOM); + exit(1); + } - /* fork if we're not debugging stuff */ - if (!no_fork) + if (stat(DEV_URANDOM, &stb)!= 0) + { + plog("unable to start strongSwan IPsec -- no %s!", DEV_URANDOM); + exit(1); + } + + cfg = confread_load(CONFIG_FILE); + if (!cfg) + { + plog("unable to start strongSwan -- errors in config"); + exit(1); + } + + /* determine if we have a native netkey IPsec stack */ + if (!starter_netkey_init()) + { + plog("nor netkey IPSec stack detected"); + exit(1); + } + + last_reload = time(NULL); + + if (stat(STARTER_PID_FILE, &stb) == 0) + { + plog("starter is already running (%s exists) -- no fork done", STARTER_PID_FILE); + exit(0); + } + + /* fork if we're not debugging stuff */ + if (!no_fork) + { + log_to_stderr = FALSE; + + switch (fork()) { - log_to_stderr = FALSE; + case 0: + { + int fnull = open("/dev/null", O_RDWR); - switch (fork()) + if (fnull >= 0) { - case 0: - { - int fnull = open("/dev/null", O_RDWR); - - if (fnull >= 0) - { - dup2(fnull, STDIN_FILENO); - dup2(fnull, STDOUT_FILENO); - dup2(fnull, STDERR_FILENO); - close(fnull); - } - } - break; - case -1: - plog("can't fork: %s", strerror(errno)); - break; - default: - exit(0); + dup2(fnull, STDIN_FILENO); + dup2(fnull, STDOUT_FILENO); + dup2(fnull, STDERR_FILENO); + close(fnull); } + } + break; + case -1: + plog("can't fork: %s", strerror(errno)); + break; + default: + exit(0); + } } /* save pid file in /var/run/starter.pid */ { - FILE *fd = fopen(STARTER_PID_FILE, "w"); + FILE *fd = fopen(STARTER_PID_FILE, "w"); - if (fd) - { - fprintf(fd, "%u\n", getpid()); - fclose(fd); - } + if (fd) + { + fprintf(fd, "%u\n", getpid()); + fclose(fd); + } } for (;;) { - /* - * Stop pluto/charon (if started) and exit - */ - if (_action_ & FLAG_ACTION_QUIT) - { - if (starter_pluto_pid()) - starter_stop_pluto(); - if (starter_charon_pid()) - starter_stop_charon(); - starter_netkey_cleanup(); - confread_free(cfg); - unlink(STARTER_PID_FILE); - unlink(INFO_FILE); + /* + * Stop pluto/charon (if started) and exit + */ + if (_action_ & FLAG_ACTION_QUIT) + { + if (starter_pluto_pid()) + starter_stop_pluto(); + if (starter_charon_pid()) + starter_stop_charon(); + starter_netkey_cleanup(); + confread_free(cfg); + unlink(STARTER_PID_FILE); + unlink(INFO_FILE); #ifdef LEAK_DETECTIVE - report_leaks(); + report_leaks(); #endif /* LEAK_DETECTIVE */ - close_log(); - plog("ipsec starter stopped"); - exit(0); - } + close_log(); + plog("ipsec starter stopped"); + exit(0); + } - /* - * Delete all connections. Will be added below - */ - if (_action_ & FLAG_ACTION_RELOAD) + /* + * Delete all connections. Will be added below + */ + if (_action_ & FLAG_ACTION_RELOAD) + { + if (starter_pluto_pid() || starter_charon_pid()) + { + for (conn = cfg->conn_first; conn; conn = conn->next) { - if (starter_pluto_pid() || starter_charon_pid()) + if (conn->state == STATE_ADDED) + { + if (conn->keyexchange == KEY_EXCHANGE_IKEV2) { - for (conn = cfg->conn_first; conn; conn = conn->next) - { - if (conn->state == STATE_ADDED) - { - if (conn->keyexchange == KEY_EXCHANGE_IKEV2) - starter_stroke_del_conn(conn); - else - starter_whack_del_conn(conn); - conn->state = STATE_TO_ADD; - } - } - for (ca = cfg->ca_first; ca; ca = ca->next) - { - if (ca->state == STATE_ADDED) - { - starter_whack_del_ca(ca); - ca->state = STATE_TO_ADD; - } - } + if (starter_charon_pid()) + { + starter_stroke_del_conn(conn); + } } - _action_ &= ~FLAG_ACTION_RELOAD; + else + { + if (starter_pluto_pid()) + { + starter_whack_del_conn(conn); + conn->state = STATE_TO_ADD; + } + } + } } + for (ca = cfg->ca_first; ca; ca = ca->next) + { + if (ca->state == STATE_ADDED) + { + if (starter_pluto_pid()) + { + starter_whack_del_ca(ca); + ca->state = STATE_TO_ADD; + } + } + } + } + _action_ &= ~FLAG_ACTION_RELOAD; + } - /* - * Update configuration - */ - if (_action_ & FLAG_ACTION_UPDATE) + /* + * Update configuration + */ + if (_action_ & FLAG_ACTION_UPDATE) + { + err = NULL; + DBG(DBG_CONTROL, + DBG_log("Reloading config...") + ); + new_cfg = confread_load(CONFIG_FILE); + + if (new_cfg) + { + /* Switch to new config. New conn will be loaded below */ + if (!starter_cmp_defaultroute(&new_cfg->defaultroute + , &cfg->defaultroute)) + { + _action_ |= FLAG_ACTION_LISTEN; + } + + if (!starter_cmp_pluto(cfg, new_cfg)) + { + plog("Pluto has changed"); + if (starter_pluto_pid()) + starter_stop_pluto(); + _action_ &= ~FLAG_ACTION_LISTEN; + _action_ |= FLAG_ACTION_START_PLUTO; + } + else { - err = NULL; - DBG(DBG_CONTROL, - DBG_log("Reloading config...") - ) - new_cfg = confread_load(CONFIG_FILE); + /* Only reload conn and ca sections if pluto is not killed */ - if (new_cfg) + /* Look for new connections that are already loaded */ + for (conn = cfg->conn_first; conn; conn = conn->next) + { + if (conn->state == STATE_ADDED) { - /* Switch to new config. New conn will be loaded below */ - if (!starter_cmp_defaultroute(&new_cfg->defaultroute - , &cfg->defaultroute)) + for (conn2 = new_cfg->conn_first; conn2; conn2 = conn2->next) + { + if (conn2->state == STATE_TO_ADD && starter_cmp_conn(conn, conn2)) { - _action_ |= FLAG_ACTION_LISTEN; + conn->state = STATE_REPLACED; + conn2->state = STATE_ADDED; + conn2->id = conn->id; + break; } + } + } + } - if (!starter_cmp_pluto(cfg, new_cfg)) + /* Remove conn sections that have become unused */ + for (conn = cfg->conn_first; conn; conn = conn->next) + { + if (conn->state == STATE_ADDED) + { + if (conn->keyexchange == KEY_EXCHANGE_IKEV2) + { + if (starter_charon_pid()) { - plog("Pluto has changed"); - if (starter_pluto_pid()) - starter_stop_pluto(); - _action_ &= ~FLAG_ACTION_LISTEN; - _action_ |= FLAG_ACTION_START_PLUTO; + starter_stroke_del_conn(conn); } - else + } + else + { + if (starter_pluto_pid()) { - /* Only reload conn and ca sections if pluto is not killed */ - - /* Look for new connections that are already loaded */ - for (conn = cfg->conn_first; conn; conn = conn->next) - { - if (conn->state == STATE_ADDED) - { - for (conn2 = new_cfg->conn_first; conn2; conn2 = conn2->next) - { - if (conn2->state == STATE_TO_ADD - && starter_cmp_conn(conn, conn2)) - { - conn->state = STATE_REPLACED; - conn2->state = STATE_ADDED; - conn2->id = conn->id; - break; - } - } - } - } - - /* Remove conn sections that have become unused */ - for (conn = cfg->conn_first; conn; conn = conn->next) - { - if (conn->state == STATE_ADDED) - { - if (conn->keyexchange == KEY_EXCHANGE_IKEV2) - starter_stroke_del_conn(conn); - else - starter_whack_del_conn(conn); - } - } - - /* Look for new ca sections that are already loaded */ - for (ca = cfg->ca_first; ca; ca = ca->next) - { - if (ca->state == STATE_ADDED) - { - for (ca2 = new_cfg->ca_first; ca2; ca2 = ca2->next) - { - if (ca2->state == STATE_TO_ADD - && starter_cmp_ca(ca, ca2)) - { - ca->state = STATE_REPLACED; - ca2->state = STATE_ADDED; - break; - } - } - } - } - - /* Remove ca sections that have become unused */ - for (ca = cfg->ca_first; ca; ca = ca->next) - { - if (ca->state == STATE_ADDED) - starter_whack_del_ca(ca); - } + starter_whack_del_conn(conn); } - confread_free(cfg); - cfg = new_cfg; - } - else - { - plog("can't reload config file: %s -- keeping old one"); + } } - _action_ &= ~FLAG_ACTION_UPDATE; - last_reload = time(NULL); - } + } - /* - * Start pluto - */ - if (_action_ & FLAG_ACTION_START_PLUTO) - { - if (cfg->setup.plutostart && !starter_pluto_pid()) + /* Look for new ca sections that are already loaded */ + for (ca = cfg->ca_first; ca; ca = ca->next) + { + if (ca->state == STATE_ADDED) { - DBG(DBG_CONTROL, - DBG_log("Attempting to start pluto...") - ) - - if (starter_start_pluto(cfg, no_fork) == 0) + for (ca2 = new_cfg->ca_first; ca2; ca2 = ca2->next) + { + if (ca2->state == STATE_TO_ADD && starter_cmp_ca(ca, ca2)) { - starter_whack_listen(); - } - else - { - /* schedule next try */ - alarm(PLUTO_RESTART_DELAY); + ca->state = STATE_REPLACED; + ca2->state = STATE_ADDED; + break; } + } } - _action_ &= ~FLAG_ACTION_START_PLUTO; + } - for (ca = cfg->ca_first; ca; ca = ca->next) + /* Remove ca sections that have become unused */ + for (ca = cfg->ca_first; ca; ca = ca->next) + { + if (ca->state == STATE_ADDED) { - if (ca->state == STATE_ADDED) - ca->state = STATE_TO_ADD; + if (starter_pluto_pid()) + { + starter_whack_del_ca(ca); + } } + } + } + confread_free(cfg); + cfg = new_cfg; + } + else + { + plog("can't reload config file: %s -- keeping old one"); + } + _action_ &= ~FLAG_ACTION_UPDATE; + last_reload = time(NULL); + } - for (conn = cfg->conn_first; conn; conn = conn->next) - { - if (conn->state == STATE_ADDED) - conn->state = STATE_TO_ADD; - } + /* + * Start pluto + */ + if (_action_ & FLAG_ACTION_START_PLUTO) + { + if (cfg->setup.plutostart && !starter_pluto_pid()) + { + DBG(DBG_CONTROL, + DBG_log("Attempting to start pluto...") + ); + + if (starter_start_pluto(cfg, no_fork) == 0) + { + starter_whack_listen(); } + else + { + /* schedule next try */ + alarm(PLUTO_RESTART_DELAY); + } + } + _action_ &= ~FLAG_ACTION_START_PLUTO; + + for (ca = cfg->ca_first; ca; ca = ca->next) + { + if (ca->state == STATE_ADDED) + ca->state = STATE_TO_ADD; + } + + for (conn = cfg->conn_first; conn; conn = conn->next) + { + if (conn->state == STATE_ADDED) + conn->state = STATE_TO_ADD; + } + } - /* - * Start charon - */ - if (_action_ & FLAG_ACTION_START_CHARON) + /* + * Start charon + */ + if (_action_ & FLAG_ACTION_START_CHARON) + { + if (cfg->setup.charonstart && !starter_charon_pid()) + { + DBG(DBG_CONTROL, + DBG_log("Attempting to start charon...") + ); + if (starter_start_charon(cfg, no_fork)) { - if (cfg->setup.charonstart && !starter_charon_pid()) - { - DBG(DBG_CONTROL, - DBG_log("Attempting to start charon...") - ) - if (starter_start_charon(cfg, no_fork)) - { - /* schedule next try */ - alarm(PLUTO_RESTART_DELAY); - } - } - _action_ &= ~FLAG_ACTION_START_CHARON; + /* schedule next try */ + alarm(PLUTO_RESTART_DELAY); } + } + _action_ &= ~FLAG_ACTION_START_CHARON; + } - /* - * Tell pluto to reread its interfaces - */ - if (_action_ & FLAG_ACTION_LISTEN) + /* + * Tell pluto to reread its interfaces + */ + if (_action_ & FLAG_ACTION_LISTEN) + { + if (starter_pluto_pid()) + { + starter_whack_listen(); + _action_ &= ~FLAG_ACTION_LISTEN; + } + } + + /* + * Add stale conn and ca sections + */ + if (starter_pluto_pid() || starter_charon_pid()) + { + for (ca = cfg->ca_first; ca; ca = ca->next) + { + if (ca->state == STATE_TO_ADD) { - starter_whack_listen(); - _action_ &= ~FLAG_ACTION_LISTEN; + if (starter_pluto_pid()) + { + starter_whack_add_ca(ca); + ca->state = STATE_ADDED; + } } + } - /* - * Add stale conn and ca sections - */ - if (starter_pluto_pid() || starter_charon_pid()) + for (conn = cfg->conn_first; conn; conn = conn->next) + { + if (conn->state == STATE_TO_ADD) { - for (ca = cfg->ca_first; ca; ca = ca->next) + if (conn->id == 0) + { + /* affect new unique id */ + conn->id = id++; + } + if (conn->keyexchange == KEY_EXCHANGE_IKEV2) + { + if (starter_charon_pid()) { - if (ca->state == STATE_TO_ADD) - { - starter_whack_add_ca(ca); - ca->state = STATE_ADDED; - } + starter_stroke_add_conn(conn); } + } + else + { + if (starter_pluto_pid()) + { + starter_whack_add_conn(conn); + } + } + conn->state = STATE_ADDED; - for (conn = cfg->conn_first; conn; conn = conn->next) + if (conn->startup == STARTUP_START) + { + if (conn->keyexchange == KEY_EXCHANGE_IKEV2) { - if (conn->state == STATE_TO_ADD) - { - if (conn->id == 0) - { - /* affect new unique id */ - conn->id = id++; - } - if (conn->keyexchange == KEY_EXCHANGE_IKEV2) - starter_stroke_add_conn(conn); - else - starter_whack_add_conn(conn); - conn->state = STATE_ADDED; - - if (conn->startup == STARTUP_START) - { - if (conn->keyexchange == KEY_EXCHANGE_IKEV2) - starter_stroke_initiate_conn(conn); - else - starter_whack_initiate_conn(conn); - } - else if (conn->startup == STARTUP_ROUTE) - { - if (conn->keyexchange == KEY_EXCHANGE_IKEV2) - starter_stroke_route_conn(conn); - else - starter_whack_route_conn(conn); - } - } + if (starter_charon_pid()) + { + starter_stroke_initiate_conn(conn); + } + } + else + { + if (starter_pluto_pid()) + { + starter_whack_initiate_conn(conn); + } + } + } + else if (conn->startup == STARTUP_ROUTE) + { + if (conn->keyexchange == KEY_EXCHANGE_IKEV2) + { + if (starter_charon_pid()) + { + starter_stroke_route_conn(conn); + } + } + else + { + if (starter_pluto_pid()) + { + starter_whack_route_conn(conn); + } } + } } + } + } - /* - * If auto_update activated, when to stop select - */ - if (auto_update) - { - time_t now = time(NULL); + /* + * If auto_update activated, when to stop select + */ + if (auto_update) + { + time_t now = time(NULL); - tv.tv_sec = (now < last_reload + auto_update) - ? (last_reload + auto_update-now) : 0; - tv.tv_usec = 0; - } + tv.tv_sec = (now < last_reload + auto_update) + ? (last_reload + auto_update-now) : 0; + tv.tv_usec = 0; + } - /* - * Wait for something to happen - */ - if (select(0, NULL, NULL, NULL, auto_update ? &tv : NULL) == 0) - { - /* timeout -> auto_update */ - _action_ |= FLAG_ACTION_UPDATE; - } + /* + * Wait for something to happen + */ + if (select(0, NULL, NULL, NULL, auto_update ? &tv : NULL) == 0) + { + /* timeout -> auto_update */ + _action_ |= FLAG_ACTION_UPDATE; } + } - return 0; + return 0; } diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index 67a0995a3..6fd83840a 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -36,138 +36,143 @@ #include "confread.h" #include "files.h" -static char* push_string(stroke_msg_t **strm, char *string) +static char* +push_string(stroke_msg_t **strm, char *string) { - stroke_msg_t *stroke_msg; - size_t string_length; - - if (string == NULL) - { - return NULL; - } - stroke_msg = *strm; - string_length = strlen(string) + 1; - stroke_msg->length += string_length; - - stroke_msg = realloc(stroke_msg, stroke_msg->length); - strcpy((char*)stroke_msg + stroke_msg->length - string_length, string); - - *strm = stroke_msg; - return (char*)(u_int)stroke_msg->length - string_length; + stroke_msg_t *stroke_msg; + size_t string_length; + + if (string == NULL) + { + return NULL; + } + stroke_msg = *strm; + string_length = strlen(string) + 1; + stroke_msg->length += string_length; + + stroke_msg = realloc(stroke_msg, stroke_msg->length); + strcpy((char*)stroke_msg + stroke_msg->length - string_length, string); + + *strm = stroke_msg; + return (char*)(u_int)stroke_msg->length - string_length; } static int send_stroke_msg (stroke_msg_t *msg) { - struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE }; - int sock; - int byte_count; - char buffer[64]; - - sock = socket(AF_UNIX, SOCK_STREAM, 0); - if (sock < 0) - { - plog("socket() failed: %s", strerror(errno)); - return -1; - } - if (connect(sock, (struct sockaddr *)&ctl_addr, - offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0) - { - plog("connect(charon_ctl) failed: %s", strerror(errno)); - close(sock); - return -1; - } - - /* send message */ - if (write(sock, msg, msg->length) != msg->length) - { - plog("write(charon_ctl) failed: %s", strerror(errno)); - close(sock); - return -1; - } - while ((byte_count = read(sock, buffer, sizeof(buffer)-1)) > 0) - { - buffer[byte_count] = '\0'; - plog("%s", buffer); - } - if (byte_count < 0) - { - plog("read() failed: %s", strerror(errno)); - } + struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE }; + int sock; + int byte_count; + char buffer[64]; + + sock = socket(AF_UNIX, SOCK_STREAM, 0); + if (sock < 0) + { + plog("socket() failed: %s", strerror(errno)); + return -1; + } + if (connect(sock, (struct sockaddr *)&ctl_addr, + offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0) + { + plog("connect(charon_ctl) failed: %s", strerror(errno)); + close(sock); + return -1; + } + /* send message */ + if (write(sock, msg, msg->length) != msg->length) + { + plog("write(charon_ctl) failed: %s", strerror(errno)); close(sock); - return 0; + return -1; + } + while ((byte_count = read(sock, buffer, sizeof(buffer)-1)) > 0) + { + buffer[byte_count] = '\0'; + plog("%s", buffer); + } + if (byte_count < 0) + { + plog("read() failed: %s", strerror(errno)); + } + + close(sock); + return 0; } -static char * +static char* connection_name(starter_conn_t *conn) { - /* if connection name is '%auto', create a new name like conn_xxxxx */ - static char buf[32]; - - if (streq(conn->name, "%auto")) - { - sprintf(buf, "conn_%ld", conn->id); - return buf; - } - return conn->name; + /* if connection name is '%auto', create a new name like conn_xxxxx */ + static char buf[32]; + + if (streq(conn->name, "%auto")) + { + sprintf(buf, "conn_%ld", conn->id); + return buf; + } + return conn->name; } -int starter_stroke_add_conn(starter_conn_t *conn) +int +starter_stroke_add_conn(starter_conn_t *conn) { - stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); - int res; + stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); + int res; - msg->length = sizeof(stroke_msg_t); - msg->type = STR_ADD_CONN; + msg->length = sizeof(stroke_msg_t); + msg->type = STR_ADD_CONN; - msg->add_conn.name = push_string(&msg, connection_name(conn)); + msg->add_conn.name = push_string(&msg, connection_name(conn)); - msg->add_conn.me.id = push_string(&msg, conn->left.id); - msg->add_conn.me.cert = push_string(&msg, conn->left.cert); - msg->add_conn.me.address = push_string(&msg, inet_ntoa(conn->left.addr.u.v4.sin_addr)); - msg->add_conn.me.subnet = push_string(&msg, inet_ntoa(conn->left.subnet.addr.u.v4.sin_addr)); - msg->add_conn.me.subnet_mask = conn->left.subnet.maskbits; + msg->add_conn.me.id = push_string(&msg, conn->left.id); + msg->add_conn.me.cert = push_string(&msg, conn->left.cert); + msg->add_conn.me.address = push_string(&msg, inet_ntoa(conn->left.addr.u.v4.sin_addr)); + msg->add_conn.me.subnet = push_string(&msg, inet_ntoa(conn->left.subnet.addr.u.v4.sin_addr)); + msg->add_conn.me.subnet_mask = conn->left.subnet.maskbits; - msg->add_conn.other.id = push_string(&msg, conn->right.id); - msg->add_conn.other.cert = push_string(&msg, conn->right.cert); - msg->add_conn.other.address = push_string(&msg, inet_ntoa(conn->right.addr.u.v4.sin_addr)); - msg->add_conn.other.subnet = push_string(&msg, inet_ntoa(conn->right.subnet.addr.u.v4.sin_addr)); - msg->add_conn.other.subnet_mask = conn->right.subnet.maskbits; + msg->add_conn.other.id = push_string(&msg, conn->right.id); + msg->add_conn.other.cert = push_string(&msg, conn->right.cert); + msg->add_conn.other.address = push_string(&msg, inet_ntoa(conn->right.addr.u.v4.sin_addr)); + msg->add_conn.other.subnet = push_string(&msg, inet_ntoa(conn->right.subnet.addr.u.v4.sin_addr)); + msg->add_conn.other.subnet_mask = conn->right.subnet.maskbits; - res = send_stroke_msg(msg); - free(msg); - return res; + res = send_stroke_msg(msg); + free(msg); + return res; } -int starter_stroke_del_conn(starter_conn_t *conn) +int +starter_stroke_del_conn(starter_conn_t *conn) { - return 0; + return 0; } -int starter_stroke_route_conn(starter_conn_t *conn) +int +starter_stroke_route_conn(starter_conn_t *conn) { - stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); - int res; - - msg->length = sizeof(stroke_msg_t); - msg->type = STR_INSTALL; - msg->install.name = push_string(&msg, connection_name(conn)); - res = send_stroke_msg(msg); - free(msg); - return res; + stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); + int res; + + msg->length = sizeof(stroke_msg_t); + msg->type = STR_INSTALL; + msg->install.name = push_string(&msg, connection_name(conn)); + res = send_stroke_msg(msg); + free(msg); + return res; } -int starter_stroke_initiate_conn(starter_conn_t *conn) +int +starter_stroke_initiate_conn(starter_conn_t *conn) { - stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); - int res; - - msg->length = sizeof(stroke_msg_t); - msg->type = STR_INITIATE; - msg->initiate.name = push_string(&msg, connection_name(conn)); - res = send_stroke_msg(msg); - free(msg); - return res; + stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); + int res; + + msg->length = sizeof(stroke_msg_t); + msg->type = STR_INITIATE; + msg->initiate.name = push_string(&msg, connection_name(conn)); + res = send_stroke_msg(msg); + free(msg); + return res; } |