-static void
-check_rtsock(p)
- void *p;
-{
- int tentative_failures;
-
- check_rtsock_sched = NULL;
- grab_myaddrs();
- isakmp_close_unused();
-
- autoconf_myaddrsport();
- isakmp_open(&tentative_failures);
-
- /* initialize socket list again */
- initfds();
- HANDLE_TENTATIVE_INTF_FAILURES();
-}
-
-static void
-initfds()
-{
- struct myaddrs *p;
-
- nfds = 0;
-
- FD_ZERO(&mask0);
- FD_ZERO(&maskdying);
-
-#ifdef ENABLE_ADMINPORT
- if (lcconf->sock_admin != -1) {
- if (lcconf->sock_admin >= FD_SETSIZE) {
- plog(LLV_ERROR2, LOCATION, NULL, "fd_set overrun - admin socket\n");
- exit(1);
- }
- FD_SET(lcconf->sock_admin, &mask0);
- /* XXX should we listen on admin socket when dying ?
- */
-#if 0
- FD_SET(lcconf->sock_admin, &maskdying);
-#endif
- nfds = (nfds > lcconf->sock_admin ? nfds : lcconf->sock_admin);
- }
-#endif
-#ifdef ENABLE_VPNCONTROL_PORT
- {
- struct vpnctl_socket_elem *elem;
-
- if (lcconf->sock_vpncontrol != -1) {
- if (lcconf->sock_vpncontrol >= FD_SETSIZE) {
- plog(LLV_ERROR2, LOCATION, NULL, "fd_set overrun - vpncontrol socket\n");
- exit(1);
- }
- FD_SET(lcconf->sock_vpncontrol, &mask0);
- nfds = (nfds > lcconf->sock_vpncontrol ? nfds : lcconf->sock_vpncontrol);
- }
-
- LIST_FOREACH(elem, &lcconf->vpnctl_comm_socks, chain) {
- if (elem->sock != -1) {
- if (elem->sock >= FD_SETSIZE) {
- plog(LLV_ERROR2, LOCATION, NULL, "fd_set overrun vpnctl_comm socket\n");
- exit(1);
- }
- FD_SET(elem->sock, &mask0);
- nfds = (nfds > elem->sock ? nfds : elem->sock);
- }
- }
- }
-#endif
-
- if (lcconf->sock_pfkey >= FD_SETSIZE) {
- plog(LLV_ERROR2, LOCATION, NULL, "fd_set overrun - pfkey socket\n");
- exit(1);
- }
- FD_SET(lcconf->sock_pfkey, &mask0);
- FD_SET(lcconf->sock_pfkey, &maskdying);
- nfds = (nfds > lcconf->sock_pfkey ? nfds : lcconf->sock_pfkey);
- if (lcconf->rtsock >= 0) {
- if (lcconf->rtsock >= FD_SETSIZE) {
- plog(LLV_ERROR2, LOCATION, NULL, "fd_set overrun - rt socket\n");
- exit(1);
- }
- FD_SET(lcconf->rtsock, &mask0);
- nfds = (nfds > lcconf->rtsock ? nfds : lcconf->rtsock);
- }
-
- for (p = lcconf->myaddrs; p; p = p->next) {
- if (!p->addr)
- continue;
- if (p->sock < 0)
- continue;
- if (p->sock >= FD_SETSIZE) {
- plog(LLV_ERROR2, LOCATION, NULL, "fd_set overrun - isakmp socket\n");
- exit(1);
- }
- FD_SET(p->sock, &mask0);
- nfds = (nfds > p->sock ? nfds : p->sock);
- }
- nfds++;
-}
-
-
-static int signals[] = {
- SIGHUP,
- SIGINT,
- SIGTERM,
- SIGUSR1,
- SIGUSR2,
- SIGCHLD,
- SIGPIPE,
- 0
-};
-
-/*
- * asynchronous requests will actually dispatched in the
- * main loop in session().
- */
-RETSIGTYPE
-signal_handler(sig, sigi, ctx)
- int sig;
- siginfo_t *sigi;
- void *ctx;
-{
-#if 0
- plog(LLV_DEBUG, LOCATION, NULL,
- "%s received signal %d from pid %d uid %d\n\n",
- __FUNCTION__, sig, sigi->si_pid, sigi->si_uid);
-#endif
-
- /* Do not just set it to 1, because we may miss some signals by just setting
- * values to 0/1
- */
- sigreq[sig]++;
- if ( sig == SIGTERM ){
- terminated = 1;
- }
-}
-
-static void
-check_sigreq()
-{
- int sig;
- int tentative_failures;
-
- /*
- * XXX We are not able to tell if we got
- * several time the same signal. This is
- * not a problem for the current code,
- * but we shall remember this limitation.
- */
- for (sig = 0; sig <= NSIG; sig++) {
- if (sigreq[sig] == 0)
- continue;
-
- sigreq[sig]--;
- switch(sig) {
- case 0:
- return;
-
- /* Catch up childs, mainly scripts.
- */
- case SIGCHLD:
- {
- pid_t pid;
- int s;
-
- pid = wait(&s);
- }
- break;
-
-#ifdef DEBUG_RECORD_MALLOCATION
- /*
- * XXX This operation is signal handler unsafe and may lead to
- * crashes and security breaches: See Henning Brauer talk at
- * EuroBSDCon 2005. Do not run in production with this option
- * enabled.
- */
- case SIGUSR2:
- DRM_dump();
- break;
-#endif
-
- case SIGUSR1:
- case SIGHUP:
-#ifdef ENABLE_HYBRID
- if ((isakmp_cfg_init(ISAKMP_CFG_INIT_WARM)) != 0) {
- plog(LLV_ERROR, LOCATION, NULL,
- "ISAKMP mode config structure reset failed, "
- "not reloading\n");
- return;
- }
-#endif
- if ( terminated )
- break;
-
- /*
- * if we got a HUP... try graceful teardown of sessions before we close and reopen sockets...
- * so that info-deletes notifications can make it to the peer.
- */
- if (sig == SIGHUP) {
- flushph2(true);
- flushph1(true);
- }
- /* Save old configuration, load new one... */
- isakmp_close();
- close(lcconf->rtsock);
- if (cfreparse(sig)) {
- plog(LLV_ERROR2, LOCATION, NULL,
- "configuration read failed\n");
- exit(1);
- }
- if (lcconf->logfile_param == NULL && logFileStr[0] == 0)
- plogreset(lcconf->pathinfo[LC_PATHTYPE_LOGFILE]);
-
- initmyaddr();
- isakmp_cleanup();
- isakmp_init(true, &tentative_failures);
- HANDLE_TENTATIVE_INTF_FAILURES();
- initfds();
-#if TARGET_OS_EMBEDDED
- if (no_remote_configs(TRUE)) {
- EVT_PUSH(NULL, NULL, EVTT_RACOON_QUIT, NULL);
- pfkey_send_flush(lcconf->sock_pfkey, SADB_SATYPE_UNSPEC);
-#ifdef ENABLE_FASTQUIT
- close_session();
-#else
- sched_new(1, check_flushsa_stub, NULL);
-#endif
- dying = 1;
- }
-#endif
- break;
-
- case SIGINT:
- case SIGTERM:
- plog(LLV_INFO, LOCATION, NULL,
- "caught signal %d\n", sig);
- EVT_PUSH(NULL, NULL, EVTT_RACOON_QUIT, NULL);
- pfkey_send_flush(lcconf->sock_pfkey,
- SADB_SATYPE_UNSPEC);
- if ( sig == SIGTERM ){
- terminated = 1; /* in case if it hasn't been set yet */
- close_session();
- }
- else
- sched_new(1, check_flushsa_stub, NULL);
-
- dying = 1;
- break;
-
- default:
- plog(LLV_INFO, LOCATION, NULL,
- "caught signal %d\n", sig);
- break;
- }
- }
-}
projects / apple / ipsec.git / blobdiff