[apple/network_cmds.git] / racoon.tproj / main.c

/*	$KAME: main.c,v 1.48 2002/11/20 02:06:07 itojun Exp $	*/

/*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the project nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/random.h>
#include <sys/sysctl.h>

#include <netinet/in.h>

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <limits.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#include <paths.h>
#include <err.h>

/*
 * If we're using a debugging malloc library, this may define our
 * wrapper stubs.
 */
#define	RACOON_MAIN_PROGRAM
#include "gcmalloc.h"

#include "var.h"
#include "misc.h"
#include "vmbuf.h"
#include "plog.h"
#include "debug.h"

#include "cfparse.h"
#include "isakmp_var.h"
#include "remoteconf.h"
#include "localconf.h"
#include "session.h"
#include "oakley.h"
#include "pfkey.h"
#include "crypto_openssl.h"
#include "backupsa.h"
#ifndef HAVE_ARC4RANDOM
#include "arc4random.h"
#endif

int f_foreground = 0;	/* force running in foreground. */
int f_local = 0;	/* local test mode.  behave like a wall. */
int vflag = 1;		/* for print-isakmp.c */
static int loading_sa = 0;	/* install sa when racoon boots up. */

#define RACOON_VERSION	"20001216 sakane@kame.net"
#ifdef RACOON_PKG_VERSION
static char version0[] = "@(#)package version " RACOON_PKG_VERSION ;
static char version[] = "@(#)internal version " RACOON_VERSION ;
#else
static char version[] = "@(#)racoon 20001216 " RACOON_VERSION ;
#endif
static pid_t racoon_pid = 0;

int main __P((int, char **));
static void usage __P((void));
static void parse __P((int, char **));
static void restore_params __P((void));
static void save_params __P((void));
static void saverestore_params __P((int));
static void cleanup_pidfile __P((void));

void
usage()
{
	printf("usage: racoon [-BdFv%s] %s[-f (file)] [-l (file)] [-p (port)]\n",
#ifdef INET6
		"46",
#else
		"",
#endif
#ifdef ENABLE_ADMINPORT
		"[-a (port)] "
#else
		""
#endif
		);
	printf("   -B: install SA to the kernel from the file "
		"specified by the configuration file.\n");
	printf("   -d: debug level, more -d will generate more debug message.\n");
	printf("   -F: run in foreground, do not become daemon.\n");
	printf("   -v: be more verbose\n");
#ifdef INET6
	printf("   -4: IPv4 mode.\n");
	printf("   -6: IPv6 mode.\n");
#endif
#ifdef ENABLE_ADMINPORT
	printf("   -a: port number for admin port.\n");
#endif
	printf("   -f: pathname for configuration file.\n");
	printf("   -l: pathname for log file.\n");
	printf("   -p: port number for isakmp (default: %d).\n", PORT_ISAKMP);
	exit(1);
}

extern int cfparse(void);

int
main(ac, av)
	int ac;
	char **av;
{
	int error;

	if (geteuid() != 0) {
		errx(1, "must be root to invoke this program.");
		/* NOTREACHED*/
	}

	/*
	 * Don't let anyone read files I write.  Although some files (such as
	 * the PID file) can be other readable, we dare to use the global mask,
	 * because racoon uses fopen(3), which can't specify the permission
	 * at the creation time.
	 */
	umask(077);
	if (umask(077) != 077) {
		errx(1, "could not set umask");
		/* NOTREACHED*/
	}

#ifdef DEBUG_RECORD_MALLOCATION
	DRM_init();
#endif

	initlcconf();
	initrmconf();
	oakley_dhinit();
	eay_init_error();

	parse(ac, av);

	ploginit();
	(void)arc4random();	/* XXX test if random number is available */

#ifdef RACOON_PKG_VERSION
	plog(LLV_INFO, LOCATION, NULL, "%s\n", version0);
#endif
	plog(LLV_INFO, LOCATION, NULL, "%s\n", version);
	plog(LLV_INFO, LOCATION, NULL, "@(#)"
	    "This product linked %s (http://www.openssl.org/)"
	    "\n", eay_version());

	if (pfkey_init() < 0) {
		errx(1, "something error happened "
			"while pfkey initializing.");
		/* NOTREACHED*/
	}

	/*
	 * in order to prefer the parameters by command line,
	 * saving some parameters before parsing configuration file.
	 */
	save_params();
	error = cfparse();
	if (error != 0)
		errx(1, "failed to parse configuration file.");
	restore_params();

#ifdef IKE_NAT_T
	/* Tell the kernel which port to use for UDP encapsulation */
	{
		int udp_port = PORT_ISAKMP_NATT;
		if (sysctlbyname("net.inet.ipsec.esp_port", NULL, NULL, &udp_port, sizeof(udp_port)) != 0)
			errx(1, "couldn't set net.inet.ipsec.esp_port to %d. (%s)",
				udp_port, strerror(errno));
	}
#endif

	/*
	 * install SAs from the specified file.  If the file is not specified
	 * by the configuration file, racoon will exit.
	 */
	if (loading_sa && !f_local) {
		if (backupsa_from_file() != 0)
			errx(1, "something error happened "
				"SA recovering.");
	}

	if (f_foreground)
		close(0);
	else {
		const char *pid_file = _PATH_VARRUN "racoon.pid";
		FILE *fp;

		if (daemon(0, 0) < 0) {
			errx(1, "failed to be daemon. (%s)",
				strerror(errno));
		}
		/*
		 * In case somebody has started inetd manually, we need to
		 * clear the logname, so that old servers run as root do not
		 * get the user's logname..
		 */
		if (setlogin("") < 0) {
			plog(LLV_ERROR, LOCATION, NULL,
				"cannot clear logname: %s\n", strerror(errno));
			/* no big deal if it fails.. */
		}
		racoon_pid = getpid();
		fp = fopen(pid_file, "w");
		if (fp) {
			if (fchmod(fileno(fp),
				S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) == -1) {
				syslog(LOG_ERR, "%s", strerror(errno));
				fclose(fp);
				exit(1);
			}
			fprintf(fp, "%ld\n", (long)racoon_pid);
			fclose(fp);
		} else {
			plog(LLV_ERROR, LOCATION, NULL,
				"cannot open %s", pid_file);
		}
		if (!f_local) {
			if (atexit(cleanup_pidfile) < 0) {
				plog(LLV_ERROR, LOCATION, NULL,
					"cannot register pidfile cleanup");
			}
		}
	}

	session();

	exit(0);
}

static void
cleanup_pidfile()
{
	pid_t p = getpid();

	/* if it's not child process, clean everything */
	if (racoon_pid == p) {
		const char *pid_file = _PATH_VARRUN "racoon.pid";

		(void) unlink(pid_file);
	}
}

static void
parse(ac, av)
	int ac;
	char **av;
{
	extern char *optarg;
	extern int optind;
	int c;
#ifdef YYDEBUG
	extern int yydebug;
#endif

	pname = strrchr(*av, '/');
	if (pname)
		pname++;
	else
		pname = *av;

	while ((c = getopt(ac, av, "dFp:a:f:l:vZB"
#ifdef YYDEBUG
			"y"
#endif
#ifdef INET6
			"46"
#endif
			)) != -1) {
		switch (c) {
		case 'd':
			loglevel++;
			break;
		case 'F':
			printf("Foreground mode.\n");
			f_foreground = 1;
			break;
		case 'p':
			lcconf->port_isakmp = atoi(optarg);
			break;
		case 'a':
#ifdef ENABLE_ADMINPORT
			lcconf->port_admin = atoi(optarg);
			break;
#else
			fprintf(stderr, "%s: the option is disabled "
			    "in the configuration\n", pname);
			exit(1);
#endif
		case 'f':
			lcconf->racoon_conf = optarg;
			break;
		case 'l':
			plogset(optarg);
			break;
		case 'v':
			vflag++;
			break;
		case 'Z':
			/*
			 * only local test.
			 * To specify -Z option and to choice a appropriate
			 * port number for ISAKMP, you can launch some racoons
			 * on the local host for debug.
			 * pk_sendadd() on initiator side is always failed
			 * even if this flag is used.  Because there is same
			 * spi in the SAD which is inserted by pk_sendgetspi()
			 * on responder side.
			 */
			printf("Local test mode.\n");
			f_local = 1;
			break;
#ifdef YYDEBUG
		case 'y':
			yydebug = 1;
			break;
#endif
#ifdef INET6
		case '4':
			lcconf->default_af = AF_INET;
			break;
		case '6':
			lcconf->default_af = AF_INET6;
			break;
#endif
		case 'B':
			loading_sa++;
			break;
		default:
			usage();
			/* NOTREACHED */
		}
	}
	ac -= optind;
	av += optind;

	if (ac != 0) {
		usage();
		/* NOTREACHED */
	}

	return;
}

static void
restore_params()
{
	saverestore_params(1);
}

static void
save_params()
{
	saverestore_params(0);
}

static void
saverestore_params(f)
	int f;
{
	static u_int16_t s_port_isakmp;
#ifdef ENABLE_ADMINPORT
	static u_int16_t s_port_admin;
#endif

	/* 0: save, 1: restore */
	if (f) {
		lcconf->port_isakmp = s_port_isakmp;
#ifdef ENABLE_ADMINPORT
		lcconf->port_admin = s_port_admin;
#endif
	} else {
		s_port_isakmp = lcconf->port_isakmp;
#ifdef ENABLE_ADMINPORT
		s_port_admin = lcconf->port_admin;
#endif
	}
}
Commit	Line	Data
ac2f15b3	1	/* $KAME: main.c,v 1.48 2002/11/20 02:06:07 itojun Exp $ */
7ba0088d A	2
	3	/*
	4	* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
	5	* All rights reserved.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	* 1. Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	* 2. Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in the
	14	* documentation and/or other materials provided with the distribution.
	15	* 3. Neither the name of the project nor the names of its contributors
	16	* may be used to endorse or promote products derived from this software
	17	* without specific prior written permission.
	18	*
	19	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
	20	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	21	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	22	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
	23	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	24	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	25	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	27	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	28	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	29	* SUCH DAMAGE.
	30	*/
	31
	32	#include <sys/types.h>
	33	#include <sys/param.h>
	34	#include <sys/socket.h>
	35	#include <sys/stat.h>
	36	#include <sys/random.h>
ac2f15b3	37	#include <sys/sysctl.h>
7ba0088d A	38
	39	#include <netinet/in.h>
	40
	41	#include <stdlib.h>
	42	#include <stdio.h>
	43	#include <string.h>
	44	#include <errno.h>
	45	#include <limits.h>
	46	#ifdef HAVE_UNISTD_H
	47	#include <unistd.h>
	48	#endif
	49	#include <paths.h>
	50	#include <err.h>
	51
	52	/*
	53	* If we're using a debugging malloc library, this may define our
	54	* wrapper stubs.
	55	*/
	56	#define RACOON_MAIN_PROGRAM
	57	#include "gcmalloc.h"
	58
	59	#include "var.h"
	60	#include "misc.h"
	61	#include "vmbuf.h"
	62	#include "plog.h"
	63	#include "debug.h"
	64
	65	#include "cfparse.h"
	66	#include "isakmp_var.h"
	67	#include "remoteconf.h"
	68	#include "localconf.h"
	69	#include "session.h"
	70	#include "oakley.h"
	71	#include "pfkey.h"
	72	#include "crypto_openssl.h"
	73	#include "backupsa.h"
ac2f15b3 A	74	#ifndef HAVE_ARC4RANDOM
	75	#include "arc4random.h"
	76	#endif
7ba0088d A	77
	78	int f_foreground = 0; /* force running in foreground. */
	79	int f_local = 0; /* local test mode. behave like a wall. */
	80	int vflag = 1; /* for print-isakmp.c */
	81	static int loading_sa = 0; /* install sa when racoon boots up. */
	82
	83	#define RACOON_VERSION "20001216 sakane@kame.net"
	84	#ifdef RACOON_PKG_VERSION
	85	static char version0[] = "@(#)package version " RACOON_PKG_VERSION ;
	86	static char version[] = "@(#)internal version " RACOON_VERSION ;
	87	#else
	88	static char version[] = "@(#)racoon 20001216 " RACOON_VERSION ;
	89	#endif
	90	static pid_t racoon_pid = 0;
	91
	92	int main __P((int, char **));
	93	static void usage __P((void));
	94	static void parse __P((int, char **));
	95	static void restore_params __P((void));
	96	static void save_params __P((void));
	97	static void saverestore_params __P((int));
	98	static void cleanup_pidfile __P((void));
	99
	100	void
	101	usage()
	102	{
	103	printf("usage: racoon [-BdFv%s] %s[-f (file)] [-l (file)] [-p (port)]\n",
	104	#ifdef INET6
	105	"46",
	106	#else
	107	"",
	108	#endif
	109	#ifdef ENABLE_ADMINPORT
	110	"[-a (port)] "
	111	#else
	112	""
	113	#endif
	114	);
	115	printf(" -B: install SA to the kernel from the file "
	116	"specified by the configuration file.\n");
	117	printf(" -d: debug level, more -d will generate more debug message.\n");
	118	printf(" -F: run in foreground, do not become daemon.\n");
	119	printf(" -v: be more verbose\n");
	120	#ifdef INET6
	121	printf(" -4: IPv4 mode.\n");
	122	printf(" -6: IPv6 mode.\n");
	123	#endif
	124	#ifdef ENABLE_ADMINPORT
	125	printf(" -a: port number for admin port.\n");
	126	#endif
	127	printf(" -f: pathname for configuration file.\n");
	128	printf(" -l: pathname for log file.\n");
	129	printf(" -p: port number for isakmp (default: %d).\n", PORT_ISAKMP);
	130	exit(1);
	131	}
	132
ac2f15b3 A	133	extern int cfparse(void);
ac2f15b3 A	134
7ba0088d A	135	int
	136	main(ac, av)
	137	int ac;
	138	char **av;
	139	{
	140	int error;
	141
	142	if (geteuid() != 0) {
	143	errx(1, "must be root to invoke this program.");
	144	/* NOTREACHED*/
	145	}
	146
	147	/*
	148	* Don't let anyone read files I write. Although some files (such as
	149	* the PID file) can be other readable, we dare to use the global mask,
	150	* because racoon uses fopen(3), which can't specify the permission
	151	* at the creation time.
	152	*/
	153	umask(077);
	154	if (umask(077) != 077) {
	155	errx(1, "could not set umask");
	156	/* NOTREACHED*/
	157	}
	158
	159	#ifdef DEBUG_RECORD_MALLOCATION
	160	DRM_init();
	161	#endif
	162
	163	initlcconf();
	164	initrmconf();
	165	oakley_dhinit();
	166	eay_init_error();
	167
	168	parse(ac, av);
	169
	170	ploginit();
ac2f15b3	171	(void)arc4random(); /* XXX test if random number is available */
7ba0088d A	172
	173	#ifdef RACOON_PKG_VERSION
	174	plog(LLV_INFO, LOCATION, NULL, "%s\n", version0);
	175	#endif
	176	plog(LLV_INFO, LOCATION, NULL, "%s\n", version);
	177	plog(LLV_INFO, LOCATION, NULL, "@(#)"
	178	"This product linked %s (http://www.openssl.org/)"
	179	"\n", eay_version());
	180
	181	if (pfkey_init() < 0) {
	182	errx(1, "something error happened "
	183	"while pfkey initializing.");
	184	/* NOTREACHED*/
	185	}
	186
	187	/*
	188	* in order to prefer the parameters by command line,
	189	* saving some parameters before parsing configuration file.
	190	*/
	191	save_params();
	192	error = cfparse();
	193	if (error != 0)
	194	errx(1, "failed to parse configuration file.");
	195	restore_params();
	196
ac2f15b3 A	197	#ifdef IKE_NAT_T
	198	/* Tell the kernel which port to use for UDP encapsulation */
	199	{
	200	int udp_port = PORT_ISAKMP_NATT;
	201	if (sysctlbyname("net.inet.ipsec.esp_port", NULL, NULL, &udp_port, sizeof(udp_port)) != 0)
	202	errx(1, "couldn't set net.inet.ipsec.esp_port to %d. (%s)",
	203	udp_port, strerror(errno));
	204	}
	205	#endif
	206
7ba0088d A	207	/*
	208	* install SAs from the specified file. If the file is not specified
	209	* by the configuration file, racoon will exit.
	210	*/
	211	if (loading_sa && !f_local) {
	212	if (backupsa_from_file() != 0)
	213	errx(1, "something error happened "
	214	"SA recovering.");
	215	}
	216
	217	if (f_foreground)
	218	close(0);
	219	else {
	220	const char *pid_file = _PATH_VARRUN "racoon.pid";
	221	FILE *fp;
	222
	223	if (daemon(0, 0) < 0) {
	224	errx(1, "failed to be daemon. (%s)",
	225	strerror(errno));
	226	}
	227	/*
	228	* In case somebody has started inetd manually, we need to
	229	* clear the logname, so that old servers run as root do not
	230	* get the user's logname..
	231	*/
	232	if (setlogin("") < 0) {
	233	plog(LLV_ERROR, LOCATION, NULL,
	234	"cannot clear logname: %s\n", strerror(errno));
	235	/* no big deal if it fails.. */
	236	}
	237	racoon_pid = getpid();
	238	fp = fopen(pid_file, "w");
	239	if (fp) {
	240	if (fchmod(fileno(fp),
	241	S_IRUSR \| S_IWUSR \| S_IRGRP \| S_IROTH) == -1) {
	242	syslog(LOG_ERR, "%s", strerror(errno));
	243	fclose(fp);
	244	exit(1);
	245	}
	246	fprintf(fp, "%ld\n", (long)racoon_pid);
	247	fclose(fp);
	248	} else {
	249	plog(LLV_ERROR, LOCATION, NULL,
	250	"cannot open %s", pid_file);
	251	}
	252	if (!f_local) {
	253	if (atexit(cleanup_pidfile) < 0) {
	254	plog(LLV_ERROR, LOCATION, NULL,
	255	"cannot register pidfile cleanup");
	256	}
	257	}
	258	}
	259
	260	session();
	261
	262	exit(0);
	263	}
	264
	265	static void
	266	cleanup_pidfile()
	267	{
	268	pid_t p = getpid();
	269
	270	/* if it's not child process, clean everything */
271	if (racoon_pid == p) {
272	const char *pid_file = _PATH_VARRUN "racoon.pid";
273
274	(void) unlink(pid_file);
275	}
276	}
277
278	static void
279	parse(ac, av)
280	int ac;
281	char **av;
282	{
283	extern char *optarg;
284	extern int optind;
285	int c;
286	#ifdef YYDEBUG
287	extern int yydebug;
288	#endif
289
290	pname = strrchr(*av, '/');
291	if (pname)
292	pname++;
293	else
294	pname = *av;
295
296	while ((c = getopt(ac, av, "dFp:a:f:l:vZB"
297	#ifdef YYDEBUG
298	"y"
299	#endif
300	#ifdef INET6
301	"46"
302	#endif
303	)) != -1) {
304	switch (c) {
305	case 'd':
306	loglevel++;
307	break;
308	case 'F':
309	printf("Foreground mode.\n");
310	f_foreground = 1;
311	break;
312	case 'p':
313	lcconf->port_isakmp = atoi(optarg);
314	break;
315	case 'a':
316	#ifdef ENABLE_ADMINPORT
317	lcconf->port_admin = atoi(optarg);
318	break;
319	#else
320	fprintf(stderr, "%s: the option is disabled "
321	"in the configuration\n", pname);
322	exit(1);
323	#endif
324	case 'f':
325	lcconf->racoon_conf = optarg;
326	break;
327	case 'l':
328	plogset(optarg);
329	break;
330	case 'v':
331	vflag++;
332	break;
333	case 'Z':
334	/*
335	* only local test.
336	* To specify -Z option and to choice a appropriate
337	* port number for ISAKMP, you can launch some racoons
338	* on the local host for debug.
339	* pk_sendadd() on initiator side is always failed
340	* even if this flag is used. Because there is same
341	* spi in the SAD which is inserted by pk_sendgetspi()
342	* on responder side.
343	*/
344	printf("Local test mode.\n");
345	f_local = 1;
346	break;
347	#ifdef YYDEBUG
348	case 'y':
349	yydebug = 1;
350	break;
351	#endif
352	#ifdef INET6
353	case '4':
354	lcconf->default_af = AF_INET;
355	break;
356	case '6':
357	lcconf->default_af = AF_INET6;
358	break;
359	#endif
360	case 'B':
361	loading_sa++;
362	break;
363	default:
364	usage();
365	/* NOTREACHED */
366	}
367	}
368	ac -= optind;
369	av += optind;
370
371	if (ac != 0) {
372	usage();
373	/* NOTREACHED */
374	}
375
376	return;
377	}
378
379	static void
380	restore_params()
381	{
382	saverestore_params(1);
383	}
384
385	static void
386	save_params()
387	{
388	saverestore_params(0);
389	}
390
391	static void
392	saverestore_params(f)
393	int f;
394	{
395	static u_int16_t s_port_isakmp;
396	#ifdef ENABLE_ADMINPORT
397	static u_int16_t s_port_admin;
398	#endif
399
400	/* 0: save, 1: restore */
401	if (f) {
402	lcconf->port_isakmp = s_port_isakmp;
403	#ifdef ENABLE_ADMINPORT
404	lcconf->port_admin = s_port_admin;
405	#endif
406	} else {
407	s_port_isakmp = lcconf->port_isakmp;
408	#ifdef ENABLE_ADMINPORT
409	s_port_admin = lcconf->port_admin;
410	#endif
411	}
412	}