}
int
-no_remote_configs()
+no_remote_configs(ignore_anonymous)
+ int ignore_anonymous;
{
struct remoteconf *p;
+#if !TARGET_OS_EMBEDDED
+ static const char default_idv[] = "macuser@localhost";
+ static const int default_idv_len = sizeof(default_idv) - 1;
+#endif
TAILQ_FOREACH(p, &rmtree, chain) {
- if (p->remote->sa_family == AF_UNSPEC) /* anonymous */
+ if (ignore_anonymous) {
+ if (p->remote->sa_family == AF_UNSPEC) /* anonymous */
+ continue;
+ }
+#if !TARGET_OS_EMBEDDED
+ // ignore the default btmm ipv6 config thats always present in racoon.conf
+ if (p->remote->sa_family == AF_INET6 &&
+ p->idvtype == IDTYPE_USERFQDN &&
+ p->idv != NULL &&
+ p->idv->l == default_idv_len &&
+ strncmp(p->idv->v, default_idv, p->idv->l) == 0) {
continue;
+ }
+#endif
return 0;
}
return 1;
static struct sched *check_rtsock_sched = NULL;
int terminated = 0;
+static void
+reinit_socks (void)
+{
+ isakmp_close();
+ close(lcconf->rtsock);
+ initmyaddr();
+ if (isakmp_open() < 0) {
+ plog(LLV_ERROR2, LOCATION, NULL,
+ "failed to reopen isakmp sockets\n");
+ }
+ initfds();
+}
+
int
session(void)
{
/* scheduling */
timeout = schedular();
-
+ // <rdar://problem/7650111> Workaround: make sure timeout is playing nice
+ if (timeout) {
+ if (timeout->tv_usec < 0 || timeout->tv_usec > SELECT_USEC_MAX ) {
+ timeout->tv_sec += ((__typeof__(timeout->tv_sec))timeout->tv_usec)/SELECT_USEC_MAX;
+ timeout->tv_usec %= SELECT_USEC_MAX;
+ }
+ if (timeout->tv_sec > SELECT_SEC_MAX /* tv_sec is unsigned */) {
+ timeout->tv_sec = SELECT_SEC_MAX;
+ }
+ if (!timeout->tv_sec && !timeout->tv_usec) {
+ timeout->tv_sec = 1;
+ }
+ }
+
if (dying)
rfds = maskdying;
else
continue;
default:
plog(LLV_ERROR2, LOCATION, NULL,
- "failed select (%s)\n",
- strerror(errno));
- /* serious socket problem - close all listening sockets and re-open */
- if (lcconf->autograbaddr) {
- isakmp_close();
- initfds();
- sched_new(5, check_rtsock, NULL);
- } else {
- isakmp_close_sockets();
- isakmp_open();
- initfds();
- }
+ "failed select (%s) nfds %d\n",
+ strerror(errno), nfds);
+ reinit_socks();
+ update_fds = 0;
continue;
}
/*NOTREACHED*/
break;
}
if (error == -2) {
- if (lcconf->autograbaddr) {
- /* serious socket problem - close all listening sockets and re-open */
- isakmp_close();
- initfds();
- sched_new(5, check_rtsock, NULL);
- continue;
- } else {
- isakmp_close_sockets();
- isakmp_open();
- initfds();
- continue;
- }
+ reinit_socks();
+ update_fds = 0;
}
if (FD_ISSET(lcconf->sock_pfkey, &rfds))
#endif /* __APPLE__ */
initfds();
#if TARGET_OS_EMBEDDED
- if (no_remote_configs()) {
+ if (no_remote_configs(TRUE)) {
EVT_PUSH(NULL, NULL, EVTT_RACOON_QUIT, NULL);
pfkey_send_flush(lcconf->sock_pfkey, SADB_SATYPE_UNSPEC);
#ifdef ENABLE_FASTQUIT
return;
}
+#if !TARGET_OS_EMBEDDED
+ // abort exit if policies/config/control state is still there
+ if (vpn_control_connected() ||
+ policies_installed() ||
+ !no_remote_configs(FALSE)) {
+ return;
+ }
+#endif
+
close_session();
#if !TARGET_OS_EMBEDDED
if (lcconf->vt)
if (lcconf->auto_exit_sched != NULL) { /* exit scheduled? */
if (lcconf->auto_exit_state != LC_AUTOEXITSTATE_ENABLED
|| vpn_control_connected() /* vpn control connected */
- || policies_installed()) /* policies installed in kernel */
+ || policies_installed() /* policies installed in kernel */
+ || !no_remote_configs(FALSE)) /* remote or anonymous configs */
SCHED_KILL(lcconf->auto_exit_sched);
} else { /* exit not scheduled */
if (lcconf->auto_exit_state == LC_AUTOEXITSTATE_ENABLED
&& !vpn_control_connected()
- && !policies_installed())
+ && !policies_installed()
+ && no_remote_configs(FALSE))
if (lcconf->auto_exit_delay == 0)
auto_exit_do(NULL); /* immediate exit */
else
projects / apple / ipsec.git / commitdiff
