diff options
author | Marco Pfatschbacher <mpf@cvs.openbsd.org> | 2006-09-01 01:13:26 +0000 |
---|---|---|
committer | Marco Pfatschbacher <mpf@cvs.openbsd.org> | 2006-09-01 01:13:26 +0000 |
commit | 20975bad116829cb66dcc32a951ca71e7c4dc108 (patch) | |
tree | 48f39a3b8da063d418ee10a7bfdc9e1c289ba586 | |
parent | 50bb55282c7b6fe248bae95ae189f300b9e9dc4e (diff) |
Teach sasyncd to set isakmpd into active or passive mode, according
to our current carp state.
Based on a diff by ho@.
OK ho@, hshoexer@, deraadt@
-rw-r--r-- | usr.sbin/sasyncd/carp.c | 17 | ||||
-rw-r--r-- | usr.sbin/sasyncd/monitor.c | 67 | ||||
-rw-r--r-- | usr.sbin/sasyncd/monitor.h | 41 | ||||
-rw-r--r-- | usr.sbin/sasyncd/pfkey.c | 3 | ||||
-rw-r--r-- | usr.sbin/sasyncd/sasyncd.c | 4 | ||||
-rw-r--r-- | usr.sbin/sasyncd/sasyncd.h | 14 |
6 files changed, 130 insertions, 16 deletions
diff --git a/usr.sbin/sasyncd/carp.c b/usr.sbin/sasyncd/carp.c index 32151a2037b..06b35b4c309 100644 --- a/usr.sbin/sasyncd/carp.c +++ b/usr.sbin/sasyncd/carp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: carp.c,v 1.5 2006/06/02 20:31:48 moritz Exp $ */ +/* $OpenBSD: carp.c,v 1.6 2006/09/01 01:13:25 mpf Exp $ */ /* * Copyright (c) 2005 Håkan Olsson. All rights reserved. @@ -41,6 +41,7 @@ #include <string.h> #include <unistd.h> +#include "monitor.h" #include "sasyncd.h" int carp_demoted = 0; @@ -170,6 +171,7 @@ carp_update_state(enum RUNSTATE current_state) cfgstate.runstate = current_state; if (current_state == MASTER) pfkey_set_promisc(); + isakmpd_setrun(); net_ctl_update_state(); } } @@ -252,3 +254,16 @@ carp_init(void) return 0; } + +/* Enable or disable isakmpd connection checker. */ +void +isakmpd_setrun(void) +{ + if (cfgstate.runstate == MASTER) { + if (monitor_isakmpd_active(1)) + log_msg(0, "failed to activate isakmpd"); + } else { + if (monitor_isakmpd_active(0)) + log_msg(0, "failed to passivate isakmpd"); + } +} diff --git a/usr.sbin/sasyncd/monitor.c b/usr.sbin/sasyncd/monitor.c index 53f082165a4..5b87dbeefd3 100644 --- a/usr.sbin/sasyncd/monitor.c +++ b/usr.sbin/sasyncd/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.10 2006/08/31 12:55:02 mpf Exp $ */ +/* $OpenBSD: monitor.c,v 1.11 2006/09/01 01:13:25 mpf Exp $ */ /* * Copyright (c) 2005 Håkan Olsson. All rights reserved. @@ -29,17 +29,20 @@ #include <sys/types.h> #include <sys/ioctl.h> #include <sys/socket.h> +#include <sys/stat.h> #include <sys/sysctl.h> #include <sys/wait.h> #include <net/pfkeyv2.h> #include <errno.h> +#include <fcntl.h> #include <pwd.h> #include <signal.h> #include <string.h> #include <stdlib.h> #include <unistd.h> +#include "monitor.h" #include "sasyncd.h" struct m_state { @@ -52,6 +55,8 @@ volatile sig_atomic_t sigchld = 0; static void got_sigchld(int); static void sig_to_child(int); static void m_priv_pfkey_snap(int); +static void m_priv_isakmpd_activate(void); +static void m_priv_isakmpd_passivate(void); static ssize_t m_write(int, void *, size_t); static ssize_t m_read(int, void *, size_t); @@ -169,14 +174,18 @@ monitor_loop(void) /* Get the data. */ m_priv_pfkey_snap(m_state.s); break; - case MONITOR_CARPINC: carp_demote(CARP_INC, 1); break; - case MONITOR_CARPDEC: carp_demote(CARP_DEC, 1); break; + case MONITOR_ISAKMPD_ACTIVATE: + m_priv_isakmpd_activate(); + break; + case MONITOR_ISAKMPD_PASSIVATE: + m_priv_isakmpd_passivate(); + break; } } @@ -278,6 +287,16 @@ monitor_get_pfkey_snap(u_int8_t **sadb, u_int32_t *sadbsize, u_int8_t **spd, return 0; } +int +monitor_isakmpd_active(int active) +{ + u_int32_t cmd = + active ? MONITOR_ISAKMPD_ACTIVATE : MONITOR_ISAKMPD_PASSIVATE; + if (write(m_state.s, &cmd, sizeof cmd) < 1) + return -1; + return 0; +} + /* Privileged */ static void m_priv_pfkey_snap(int s) @@ -367,6 +386,48 @@ m_priv_pfkey_snap(int s) return; } +static void +m_priv_isakmpd_fifocmd(const char *cmd) +{ + struct stat sb; + int fd = -1; + + if ((fd = open(ISAKMPD_FIFO, O_WRONLY)) == -1) { + log_err("m_priv_isakmpd_fifocmd: open(%s)", ISAKMPD_FIFO); + goto out; + } + if (fstat(fd, &sb) == -1) { + log_err("m_priv_isakmpd_fifocmd: fstat(%s)", ISAKMPD_FIFO); + goto out; + } + if (!S_ISFIFO(sb.st_mode)) { + log_err("m_priv_isakmpd_fifocmd: %s not a fifo", ISAKMPD_FIFO); + goto out; + } + + if (write(fd, cmd, strlen(cmd)) == -1) { + log_err("m_priv_isakmpd_fifocmd write"); + goto out; + } + out: + if (fd != -1) + close(fd); + /* No values returned. */ + return; +} + +static void +m_priv_isakmpd_activate(void) +{ + m_priv_isakmpd_fifocmd("M active\n"); +} + +static void +m_priv_isakmpd_passivate(void) +{ + m_priv_isakmpd_fifocmd("M passive\n"); +} + ssize_t m_write(int sock, void *buf, size_t len) { diff --git a/usr.sbin/sasyncd/monitor.h b/usr.sbin/sasyncd/monitor.h new file mode 100644 index 00000000000..10cf767e307 --- /dev/null +++ b/usr.sbin/sasyncd/monitor.h @@ -0,0 +1,41 @@ +/* $OpenBSD: monitor.h,v 1.1 2006/09/01 01:13:25 mpf Exp $ */ + +/* + * Copyright (c) 2005 Håkan Olsson. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#define MONITOR_GETSNAP 1 +#define MONITOR_CARPINC 2 +#define MONITOR_CARPDEC 3 +#define MONITOR_ISAKMPD_ACTIVATE 4 +#define MONITOR_ISAKMPD_PASSIVATE 5 + +#define ISAKMPD_FIFO "/var/run/isakmpd.fifo" + +pid_t monitor_init(void); +void monitor_loop(void); + +int monitor_get_pfkey_snap(u_int8_t **, u_int32_t *, u_int8_t **, + u_int32_t *); +int monitor_isakmpd_active(int); diff --git a/usr.sbin/sasyncd/pfkey.c b/usr.sbin/sasyncd/pfkey.c index 5e79c09d05b..2fac3058668 100644 --- a/usr.sbin/sasyncd/pfkey.c +++ b/usr.sbin/sasyncd/pfkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkey.c,v 1.17 2006/08/31 17:28:33 mpf Exp $ */ +/* $OpenBSD: pfkey.c,v 1.18 2006/09/01 01:13:25 mpf Exp $ */ /* * Copyright (c) 2005 Håkan Olsson. All rights reserved. @@ -46,6 +46,7 @@ #include <unistd.h> #include "sasyncd.h" +#include "monitor.h" #include "net.h" struct pfkey_msg diff --git a/usr.sbin/sasyncd/sasyncd.c b/usr.sbin/sasyncd/sasyncd.c index f1f665db18a..0cca8426af6 100644 --- a/usr.sbin/sasyncd/sasyncd.c +++ b/usr.sbin/sasyncd/sasyncd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sasyncd.c,v 1.12 2006/06/02 20:31:48 moritz Exp $ */ +/* $OpenBSD: sasyncd.c,v 1.13 2006/09/01 01:13:25 mpf Exp $ */ /* * Copyright (c) 2005 Håkan Olsson. All rights reserved. @@ -75,6 +75,8 @@ sasyncd_run(pid_t ppid) return -1; } + isakmpd_setrun(); + signal(SIGINT, sasyncd_stop); signal(SIGTERM, sasyncd_stop); signal(SIGHUP, sasyncd_stop); diff --git a/usr.sbin/sasyncd/sasyncd.h b/usr.sbin/sasyncd/sasyncd.h index 5e285c9e699..f2564f60c5c 100644 --- a/usr.sbin/sasyncd/sasyncd.h +++ b/usr.sbin/sasyncd/sasyncd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sasyncd.h,v 1.10 2006/06/02 20:09:43 mcbride Exp $ */ +/* $OpenBSD: sasyncd.h,v 1.11 2006/09/01 01:13:25 mpf Exp $ */ /* * Copyright (c) 2005 Håkan Olsson. All rights reserved. @@ -96,13 +96,6 @@ extern int carp_demoted; #define MSG_MAXTYPE 1 /* Increase when new types are added. */ - -enum { - MONITOR_GETSNAP, - MONITOR_CARPINC, - MONITOR_CARPDEC -}; - #define CARP_DEC -1 #define CARP_INC 1 @@ -140,8 +133,6 @@ pid_t monitor_init(void); void monitor_loop(void); void monitor_carpdemote(void *); void monitor_carpundemote(void *); -int monitor_get_pfkey_snap(u_int8_t **, u_int32_t *, u_int8_t **, - u_int32_t *); /* net.c */ void dump_buf(int, u_int8_t *, u_int32_t, char *); @@ -171,6 +162,9 @@ void timer_next_event(struct timeval *); void timer_run(void); int timer_add(char *, u_int32_t, void (*)(void *), void *); +/* carp.c */ +void isakmpd_setrun(void); + #if defined (GC_DEBUG) /* Boehms GC */ void *GC_debug_malloc(size_t, char *, int); |