diff options
| author | tobhe <tobhe@cvs.openbsd.org> | 2021-02-08 16:13:59 +0000 |
|---|---|---|
| committer | tobhe <tobhe@cvs.openbsd.org> | 2021-02-08 16:13:59 +0000 |
| commit | b896a833b64b0fb75bb6241689d63e46288ed8b8 (patch) | |
| tree | 1c19b4dea3cf71f8183c26548989d74bcd676025 /sbin/iked/iked.c | |
| parent | d7b01587a06b2e96a1faca53a520f7e1c0db0947 (diff) | |
Clean up kernel IPsec flows and security associations on shutdown.
Discussed with sthen@
ok patrick@
Diffstat (limited to 'sbin/iked/iked.c')
| -rw-r--r-- | sbin/iked/iked.c | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/sbin/iked/iked.c b/sbin/iked/iked.c index 202879bc58c..b4a13353974 100644 --- a/sbin/iked/iked.c +++ b/sbin/iked/iked.c @@ -1,4 +1,4 @@ -/* $OpenBSD: iked.c,v 1.52 2020/12/17 20:43:07 tobhe Exp $ */ +/* $OpenBSD: iked.c,v 1.53 2021/02/08 16:13:58 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -43,12 +43,13 @@ void parent_shutdown(struct iked *); void parent_sig_handler(int, short, void *); int parent_dispatch_ca(int, struct privsep_proc *, struct imsg *); int parent_dispatch_control(int, struct privsep_proc *, struct imsg *); +int parent_dispatch_ikev2(int, struct privsep_proc *, struct imsg *); int parent_configure(struct iked *); static struct privsep_proc procs[] = { { "ca", PROC_CERT, parent_dispatch_ca, caproc, IKED_CA }, { "control", PROC_CONTROL, parent_dispatch_control, control }, - { "ikev2", PROC_IKEV2, NULL, ikev2 } + { "ikev2", PROC_IKEV2, parent_dispatch_ikev2, ikev2 } }; __dead void @@ -341,8 +342,10 @@ parent_sig_handler(int sig, short event, void *arg) break; case SIGTERM: case SIGINT: - die = 1; - /* FALLTHROUGH */ + log_info("%s: stopping iked", __func__); + config_setreset(ps->ps_env, RESET_EXIT, PROC_IKEV2); + config_setreset(ps->ps_env, RESET_ALL, PROC_CERT); + break; case SIGCHLD: do { int len; @@ -445,6 +448,21 @@ parent_dispatch_control(int fd, struct privsep_proc *p, struct imsg *imsg) return (0); } +int +parent_dispatch_ikev2(int fd, struct privsep_proc *p, struct imsg *imsg) +{ + struct iked *env = p->p_ps->ps_env; + + switch (imsg->hdr.type) { + case IMSG_CTL_EXIT: + parent_shutdown(env); + default: + return (-1); + } + + return (0); +} + void parent_shutdown(struct iked *env) { |