1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
|
/* $OpenBSD: sasyncd.h,v 1.19 2018/04/10 15:58:21 cheloha Exp $ */
/*
* Copyright (c) 2005 Håkan Olsson. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This code was written under funding by Multicom Security AB.
*/
#include <netinet/in.h> /* in_port_t and sa_family_t */
#include <sys/queue.h>
enum RUNSTATE { INIT = 0, SLAVE, MASTER, FAIL };
#define CARPSTATES { "INIT", "SLAVE", "MASTER", "FAIL" }
struct syncpeer;
struct timespec;
struct cfgstate {
enum RUNSTATE runstate;
enum RUNSTATE lockedstate;
int debug;
int verboselevel;
u_int32_t flags;
char *carp_ifname;
char *carp_ifgroup;
int carp_ifindex;
char *sharedkey;
int sharedkey_len;
int pfkey_socket;
int route_socket;
char *listen_on;
in_port_t listen_port;
sa_family_t listen_family;
int peercnt;
LIST_HEAD(, syncpeer) peerlist;
};
/* flags */
#define FM_STARTUP 0x0000
#define FM_NEVER 0x0001
#define FM_SYNC 0x0002
#define FM_MASK 0x0003
/* Do not sync SAs to/from our peers. */
#define SKIP_LOCAL_SAS 0x0004
/* Control isakmpd or iked */
#define CTL_NONE 0x0000
#define CTL_ISAKMPD 0x0008
#define CTL_IKED 0x0010
#define CTL_DEFAULT CTL_ISAKMPD
#define CTL_MASK 0x0018
extern struct cfgstate cfgstate;
extern int carp_demoted;
#define SASYNCD_USER "_isakmpd"
#define SASYNCD_CFGFILE "/etc/sasyncd.conf"
#define CARP_DEFAULT_INTERVAL 10
#define SASYNCD_DEFAULT_PORT 500
/*
* sasyncd "protocol" definition
*
* Message format:
* u_int32_t type
* u_int32_t len
* raw data
*/
/* sasyncd protocol message types */
#define MSG_SYNCCTL 0
#define MSG_PFKEYDATA 1
#define MSG_MAXTYPE 1 /* Increase when new types are added. */
#define CARP_DEC -1
#define CARP_INC 1
#define CARP_DEMOTE_MAXTIME 60
/* conf.c */
int conf_parse_file(char *);
/* carp.c */
int carp_init(void);
void carp_check_state(void);
void carp_demote(int, int);
void carp_update_state(enum RUNSTATE);
void carp_set_rfd(fd_set *);
void carp_read_message(fd_set *);
const char* carp_state_name(enum RUNSTATE);
void control_setrun(void);
/* log.c */
/*
* Log levels for log_msg(level, ...) roughly means:
* 0 = errors and other important messages
* 1 = state changes, ctl message errors and dis-/connecting peers
* 2 = configuration and initialization messages
* 3 = PF_KEY logging
* 4 = misc network
* 5 = crypto
* 6 = timers
*/
void log_init(char *);
void log_msg(int, const char *, ...)
__attribute__((__format__ (printf, 2, 3)));
void log_err(const char *, ...)
__attribute__((__format__ (printf, 1, 2)));
/* monitor.c */
pid_t monitor_init(void);
void monitor_loop(void);
void monitor_carpdemote(void *);
void monitor_carpundemote(void *);
/* net.c */
void dump_buf(int, u_int8_t *, u_int32_t, char *);
void net_ctl_update_state(void);
int net_init(void);
void net_handle_messages(fd_set *);
int net_queue(struct syncpeer *, u_int32_t, u_int8_t *, u_int32_t);
void net_send_messages(fd_set *);
int net_set_rfds(fd_set *);
int net_set_pending_wfds(fd_set *);
void net_shutdown(void);
/* pfkey.c */
int pfkey_init(int);
int pfkey_queue_message(u_int8_t *, u_int32_t);
void pfkey_read_message(fd_set *);
void pfkey_send_message(fd_set *);
void pfkey_set_rfd(fd_set *);
void pfkey_set_pending_wfd(fd_set *);
int pfkey_set_promisc(void);
void pfkey_shutdown(void);
void pfkey_snapshot(void *);
/* timer.c */
void timer_init(void);
void timer_next_event(struct timespec *);
void timer_run(void);
int timer_add(char *, u_int32_t, void (*)(void *), void *);
|
