ipsec-332.100.1.tar.gz

[apple/ipsec.git] / ipsec-tools / racoon / session.c

diff --git a/ipsec-tools/racoon/session.c b/ipsec-tools/racoon/session.c
index 1f9dee4a883d4a805e9827c787a0a19de5f9aefc..14ea97e908b4155d5bb0688ce813cd58cf0f24e7 100644 (file)
--- a/ipsec-tools/racoon/session.c
+++ b/ipsec-tools/racoon/session.c
@@ -68,11 +68,11 @@
 #include <netinet/ip.h>
 #include <netinet/ip_icmp.h>
 
-#include <resolv.h>
 #include <TargetConditionals.h>
 #include <vproc_priv.h>
 #include <dispatch/dispatch.h>
 #include <xpc/xpc.h>
+#include <os/transaction_private.h>
 
 #include "libpfkey.h"
 
@@ -110,6 +110,8 @@
 #include <libproc.h>
 
 
+#define IKEv1_TRANSACTION      "IKEv1_Transaction"
+
 extern pid_t racoon_pid;
 extern int launchdlaunched;
 static void close_session (int);
@@ -130,6 +132,8 @@ dispatch_queue_t main_queue;
 
 static NEPolicySessionRef policySession = NULL;
 
+static os_transaction_t g_ikev1_transaction = NULL;
+
 /*
  * This is used to (manually) update racoon's launchd keepalive, which is needed because racoon is (mostly) 
  * launched on demand and for <rdar://problem/8768510> requires a keepalive on dirty/failure exits.
@@ -315,13 +319,15 @@ session(void)
                                "cannot open %s", pid_file);
                }
        }
+
+       if (g_ikev1_transaction == NULL) {
+               g_ikev1_transaction = os_transaction_create(IKEv1_TRANSACTION);
+       }
        
-       xpc_transaction_begin();
-       
-#if !TARGET_OS_EMBEDDED
+#if !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
        // enable keepalive for recovery (from crashes and bad exits... after init)
        (void)launchd_update_racoon_keepalive(true);
-#endif // !TARGET_OS_EMBEDDED
+#endif // !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
                
     // Off to the races!
     if (!terminated) {
@@ -343,14 +349,17 @@ close_session(int error)
        ike_session_flush_all_phase1(false);
        close_sockets();
 
-       xpc_transaction_end();
+       if (g_ikev1_transaction != NULL) {
+               os_release(g_ikev1_transaction);
+               g_ikev1_transaction = NULL;
+       }
        
-#if !TARGET_OS_EMBEDDED
+#if !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
        // a clean exit, so disable launchd keepalive
        (void)launchd_update_racoon_keepalive(false);
-#endif // !TARGET_OS_EMBEDDED
+#endif // !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 
-       plog(ASL_LEVEL_INFO, "racoon shutdown\n");
+       plog(ASL_LEVEL_NOTICE, "racoon shutdown\n");
        exit(0);
 }
 
@@ -426,17 +435,17 @@ check_flushsa()
                return;
        }
 
-#if !TARGET_OS_EMBEDDED
+#if !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
        if (lcconf->vt)
                vproc_transaction_end(NULL, lcconf->vt);
-#endif
+#endif // !(TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
     close_session(0);
 }
 
 void
 auto_exit_do(void *p)
 {
-       plog(ASL_LEVEL_DEBUG, 
+       plog(ASL_LEVEL_NOTICE,
                                "performing auto exit\n");
 #if ENABLE_NO_SA_FLUSH
        close_session(0);
@@ -536,7 +545,7 @@ check_sigreq()
                 if (lcconf->logfile_param == NULL && logFileStr[0] == 0)
                     plogresetfile(lcconf->pathinfo[LC_PATHTYPE_LOGFILE]);
                                            
-#if TARGET_OS_EMBEDDED
+#if (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
                 if (no_remote_configs(TRUE)) {
 #if ENABLE_NO_SA_FLUSH
                     close_session(0);
@@ -550,13 +559,13 @@ check_sigreq()
                     dying();
 #endif /* ENABLE_NO_SA_FLUSH */
                 }
-#endif
+#endif // (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR)
 
                 break;
                 
             case SIGINT:
             case SIGTERM:                      
-                plog(ASL_LEVEL_INFO, 
+                plog(ASL_LEVEL_NOTICE, 
                      "caught signal %d\n", sig);
 #if ENABLE_NO_SA_FLUSH
                 close_session(0);
@@ -575,7 +584,7 @@ check_sigreq()
                 break;
                 
             default:
-                plog(ASL_LEVEL_INFO, 
+                plog(ASL_LEVEL_NOTICE, 
                      "caught signal %d\n", sig);
                 break;
                }
@@ -591,7 +600,7 @@ RETSIGTYPE
 signal_handler(int sig, siginfo_t *sigi, void *ctx)
 {
 #if 0
-    plog(ASL_LEVEL_DEBUG, 
+    plog(ASL_LEVEL_NOTICE,
          "%s received signal %d from pid %d uid %d\n\n",
          __FUNCTION__, sig, sigi->si_pid, sigi->si_uid);
 #endif