summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarco Pfatschbacher <mpf@cvs.openbsd.org>2006-09-01 01:13:26 +0000
committerMarco Pfatschbacher <mpf@cvs.openbsd.org>2006-09-01 01:13:26 +0000
commit20975bad116829cb66dcc32a951ca71e7c4dc108 (patch)
tree48f39a3b8da063d418ee10a7bfdc9e1c289ba586
parent50bb55282c7b6fe248bae95ae189f300b9e9dc4e (diff)
Teach sasyncd to set isakmpd into active or passive mode, according
to our current carp state. Based on a diff by ho@. OK ho@, hshoexer@, deraadt@
-rw-r--r--usr.sbin/sasyncd/carp.c17
-rw-r--r--usr.sbin/sasyncd/monitor.c67
-rw-r--r--usr.sbin/sasyncd/monitor.h41
-rw-r--r--usr.sbin/sasyncd/pfkey.c3
-rw-r--r--usr.sbin/sasyncd/sasyncd.c4
-rw-r--r--usr.sbin/sasyncd/sasyncd.h14
6 files changed, 130 insertions, 16 deletions
diff --git a/usr.sbin/sasyncd/carp.c b/usr.sbin/sasyncd/carp.c
index 32151a2037b..06b35b4c309 100644
--- a/usr.sbin/sasyncd/carp.c
+++ b/usr.sbin/sasyncd/carp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: carp.c,v 1.5 2006/06/02 20:31:48 moritz Exp $ */
+/* $OpenBSD: carp.c,v 1.6 2006/09/01 01:13:25 mpf Exp $ */
/*
* Copyright (c) 2005 Håkan Olsson. All rights reserved.
@@ -41,6 +41,7 @@
#include <string.h>
#include <unistd.h>
+#include "monitor.h"
#include "sasyncd.h"
int carp_demoted = 0;
@@ -170,6 +171,7 @@ carp_update_state(enum RUNSTATE current_state)
cfgstate.runstate = current_state;
if (current_state == MASTER)
pfkey_set_promisc();
+ isakmpd_setrun();
net_ctl_update_state();
}
}
@@ -252,3 +254,16 @@ carp_init(void)
return 0;
}
+
+/* Enable or disable isakmpd connection checker. */
+void
+isakmpd_setrun(void)
+{
+ if (cfgstate.runstate == MASTER) {
+ if (monitor_isakmpd_active(1))
+ log_msg(0, "failed to activate isakmpd");
+ } else {
+ if (monitor_isakmpd_active(0))
+ log_msg(0, "failed to passivate isakmpd");
+ }
+}
diff --git a/usr.sbin/sasyncd/monitor.c b/usr.sbin/sasyncd/monitor.c
index 53f082165a4..5b87dbeefd3 100644
--- a/usr.sbin/sasyncd/monitor.c
+++ b/usr.sbin/sasyncd/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.10 2006/08/31 12:55:02 mpf Exp $ */
+/* $OpenBSD: monitor.c,v 1.11 2006/09/01 01:13:25 mpf Exp $ */
/*
* Copyright (c) 2005 Håkan Olsson. All rights reserved.
@@ -29,17 +29,20 @@
#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
+#include <sys/stat.h>
#include <sys/sysctl.h>
#include <sys/wait.h>
#include <net/pfkeyv2.h>
#include <errno.h>
+#include <fcntl.h>
#include <pwd.h>
#include <signal.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
+#include "monitor.h"
#include "sasyncd.h"
struct m_state {
@@ -52,6 +55,8 @@ volatile sig_atomic_t sigchld = 0;
static void got_sigchld(int);
static void sig_to_child(int);
static void m_priv_pfkey_snap(int);
+static void m_priv_isakmpd_activate(void);
+static void m_priv_isakmpd_passivate(void);
static ssize_t m_write(int, void *, size_t);
static ssize_t m_read(int, void *, size_t);
@@ -169,14 +174,18 @@ monitor_loop(void)
/* Get the data. */
m_priv_pfkey_snap(m_state.s);
break;
-
case MONITOR_CARPINC:
carp_demote(CARP_INC, 1);
break;
-
case MONITOR_CARPDEC:
carp_demote(CARP_DEC, 1);
break;
+ case MONITOR_ISAKMPD_ACTIVATE:
+ m_priv_isakmpd_activate();
+ break;
+ case MONITOR_ISAKMPD_PASSIVATE:
+ m_priv_isakmpd_passivate();
+ break;
}
}
@@ -278,6 +287,16 @@ monitor_get_pfkey_snap(u_int8_t **sadb, u_int32_t *sadbsize, u_int8_t **spd,
return 0;
}
+int
+monitor_isakmpd_active(int active)
+{
+ u_int32_t cmd =
+ active ? MONITOR_ISAKMPD_ACTIVATE : MONITOR_ISAKMPD_PASSIVATE;
+ if (write(m_state.s, &cmd, sizeof cmd) < 1)
+ return -1;
+ return 0;
+}
+
/* Privileged */
static void
m_priv_pfkey_snap(int s)
@@ -367,6 +386,48 @@ m_priv_pfkey_snap(int s)
return;
}
+static void
+m_priv_isakmpd_fifocmd(const char *cmd)
+{
+ struct stat sb;
+ int fd = -1;
+
+ if ((fd = open(ISAKMPD_FIFO, O_WRONLY)) == -1) {
+ log_err("m_priv_isakmpd_fifocmd: open(%s)", ISAKMPD_FIFO);
+ goto out;
+ }
+ if (fstat(fd, &sb) == -1) {
+ log_err("m_priv_isakmpd_fifocmd: fstat(%s)", ISAKMPD_FIFO);
+ goto out;
+ }
+ if (!S_ISFIFO(sb.st_mode)) {
+ log_err("m_priv_isakmpd_fifocmd: %s not a fifo", ISAKMPD_FIFO);
+ goto out;
+ }
+
+ if (write(fd, cmd, strlen(cmd)) == -1) {
+ log_err("m_priv_isakmpd_fifocmd write");
+ goto out;
+ }
+ out:
+ if (fd != -1)
+ close(fd);
+ /* No values returned. */
+ return;
+}
+
+static void
+m_priv_isakmpd_activate(void)
+{
+ m_priv_isakmpd_fifocmd("M active\n");
+}
+
+static void
+m_priv_isakmpd_passivate(void)
+{
+ m_priv_isakmpd_fifocmd("M passive\n");
+}
+
ssize_t
m_write(int sock, void *buf, size_t len)
{
diff --git a/usr.sbin/sasyncd/monitor.h b/usr.sbin/sasyncd/monitor.h
new file mode 100644
index 00000000000..10cf767e307
--- /dev/null
+++ b/usr.sbin/sasyncd/monitor.h
@@ -0,0 +1,41 @@
+/* $OpenBSD: monitor.h,v 1.1 2006/09/01 01:13:25 mpf Exp $ */
+
+/*
+ * Copyright (c) 2005 Håkan Olsson. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#define MONITOR_GETSNAP 1
+#define MONITOR_CARPINC 2
+#define MONITOR_CARPDEC 3
+#define MONITOR_ISAKMPD_ACTIVATE 4
+#define MONITOR_ISAKMPD_PASSIVATE 5
+
+#define ISAKMPD_FIFO "/var/run/isakmpd.fifo"
+
+pid_t monitor_init(void);
+void monitor_loop(void);
+
+int monitor_get_pfkey_snap(u_int8_t **, u_int32_t *, u_int8_t **,
+ u_int32_t *);
+int monitor_isakmpd_active(int);
diff --git a/usr.sbin/sasyncd/pfkey.c b/usr.sbin/sasyncd/pfkey.c
index 5e79c09d05b..2fac3058668 100644
--- a/usr.sbin/sasyncd/pfkey.c
+++ b/usr.sbin/sasyncd/pfkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkey.c,v 1.17 2006/08/31 17:28:33 mpf Exp $ */
+/* $OpenBSD: pfkey.c,v 1.18 2006/09/01 01:13:25 mpf Exp $ */
/*
* Copyright (c) 2005 Håkan Olsson. All rights reserved.
@@ -46,6 +46,7 @@
#include <unistd.h>
#include "sasyncd.h"
+#include "monitor.h"
#include "net.h"
struct pfkey_msg
diff --git a/usr.sbin/sasyncd/sasyncd.c b/usr.sbin/sasyncd/sasyncd.c
index f1f665db18a..0cca8426af6 100644
--- a/usr.sbin/sasyncd/sasyncd.c
+++ b/usr.sbin/sasyncd/sasyncd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sasyncd.c,v 1.12 2006/06/02 20:31:48 moritz Exp $ */
+/* $OpenBSD: sasyncd.c,v 1.13 2006/09/01 01:13:25 mpf Exp $ */
/*
* Copyright (c) 2005 Håkan Olsson. All rights reserved.
@@ -75,6 +75,8 @@ sasyncd_run(pid_t ppid)
return -1;
}
+ isakmpd_setrun();
+
signal(SIGINT, sasyncd_stop);
signal(SIGTERM, sasyncd_stop);
signal(SIGHUP, sasyncd_stop);
diff --git a/usr.sbin/sasyncd/sasyncd.h b/usr.sbin/sasyncd/sasyncd.h
index 5e285c9e699..f2564f60c5c 100644
--- a/usr.sbin/sasyncd/sasyncd.h
+++ b/usr.sbin/sasyncd/sasyncd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sasyncd.h,v 1.10 2006/06/02 20:09:43 mcbride Exp $ */
+/* $OpenBSD: sasyncd.h,v 1.11 2006/09/01 01:13:25 mpf Exp $ */
/*
* Copyright (c) 2005 Håkan Olsson. All rights reserved.
@@ -96,13 +96,6 @@ extern int carp_demoted;
#define MSG_MAXTYPE 1 /* Increase when new types are added. */
-
-enum {
- MONITOR_GETSNAP,
- MONITOR_CARPINC,
- MONITOR_CARPDEC
-};
-
#define CARP_DEC -1
#define CARP_INC 1
@@ -140,8 +133,6 @@ pid_t monitor_init(void);
void monitor_loop(void);
void monitor_carpdemote(void *);
void monitor_carpundemote(void *);
-int monitor_get_pfkey_snap(u_int8_t **, u_int32_t *, u_int8_t **,
- u_int32_t *);
/* net.c */
void dump_buf(int, u_int8_t *, u_int32_t, char *);
@@ -171,6 +162,9 @@ void timer_next_event(struct timeval *);
void timer_run(void);
int timer_add(char *, u_int32_t, void (*)(void *), void *);
+/* carp.c */
+void isakmpd_setrun(void);
+
#if defined (GC_DEBUG)
/* Boehms GC */
void *GC_debug_malloc(size_t, char *, int);