static struct aa_namespace *alloc_namespace(const char *prefix,
const char *name)
{
struct aa_namespace *ns;
ns = kzalloc(sizeof(*ns), GFP_KERNEL);
AA_DEBUG("%s(%p)\n", __func__, ns);
if (!ns)
return NULL;
if (!policy_init(&ns->base, prefix, name))
goto fail_ns;
INIT_LIST_HEAD(&ns->sub_ns);
rwlock_init(&ns->lock);
ns->unconfined = aa_alloc_profile("unconfined");
if (!ns->unconfined)
goto fail_unconfined;
ns->unconfined->sid = aa_alloc_sid();
ns->unconfined->flags = PFLAG_UNCONFINED | PFLAG_IX_ON_NAME_ERROR |
PFLAG_IMMUTABLE;
ns->unconfined->ns = aa_get_namespace(ns);
return ns;
fail_unconfined:
kzfree(ns->base.hname);
fail_ns:
kzfree(ns);
return NULL;
}
void
init(void)
{
app_init();
doi_init();
exchange_init();
group_init();
ipsec_init();
isakmp_doi_init();
libcrypto_init();
timer_init();
/* The following group are depending on timer_init having run. */
conf_init();
connection_init();
/* This depends on conf_init, thus check as soon as possible. */
log_reinit();
/* policy_init depends on conf_init having run. */
policy_init();
/* Depends on conf_init and policy_init having run */
cert_init();
crl_init();
sa_init();
transport_init();
virtual_init();
udp_init();
nat_t_init();
udp_encap_init();
vendor_init();
}
int main(int argc, char** argv) {
struct timeval start, end;
uint32_t time;
int i;
if (argc != 3) {
printf("Usage: ./client thread_num policy_num\n");
exit(1);
}
g_thread_num = atoi(argv[1]);
g_policy_num = atoi(argv[2]);
if (policy_init() < 0) {
printf("policy init failed\n");
exit(1);
}
init_coding();
message_init();
if (g_thread_num > 0) {
pthread_t* tid = (pthread_t*)malloc(sizeof(pthread_t) * g_thread_num);
struct work* w = (struct work*)malloc(sizeof(struct work) * g_thread_num);
gettimeofday(&start, NULL);
for (i = 0; i < g_thread_num; i++) {
w[i].start = i * (g_policy_num / g_thread_num);
w[i].end = (i + 1) * (g_policy_num / g_thread_num);
w[i].end = w[i].end > g_policy_num ? g_policy_num : w[i].end;
pthread_create(tid + i, NULL, PushRules, w + i);
}
for (i = 0; i < g_thread_num; i++) {
pthread_join(tid[i], NULL);
}
gettimeofday(&end, NULL);
} else {
struct work w;
gettimeofday(&start, NULL);
w.start = 0;
w.end = g_policy_num;
PushRules(&w);
gettimeofday(&end, NULL);
}
time = 1000000 * (end.tv_sec - start.tv_sec) + (end.tv_usec - start.tv_usec);
printf("policy num %d, time %fms\n", g_policy_num, time / 1000.0);
return 0;
}
extern void #MARK_init(void);
void init_extensions(void) {
ah_init();
addrtype_init();
comment_init();
2connmark_init();
conntrack_init();
2dscp_init();
2ecn_init();
esp_init();
hashlimit_init();
helper_init();
icmp_init();
iprange_init();
length_init();
limit_init();
mac_init();
multiport_init();
#2mark_init();
owner_init();
physdev_init();
pkttype_init();
policy_init();
realm_init();
sctp_init();
standard_init();
state_init();
tcp_init();
2tcpmss_init();
2tos_init();
2ttl_init();
udp_init();
unclean_init();
CLASSIFY_init();
CONNMARK_init();
DNAT_init();
LOG_init();
#DSCP_init();
ECN_init();
MASQUERADE_init();
MIRROR_init();
NETMAP_init();
NFQUEUE_init();
NOTRACK_init();
REDIRECT_init();
REJECT_init();
#MARK_init();
}
/* Reinitialize, either after a SIGHUP reception or by FIFO UI cmd. */
void
reinit(void)
{
log_print("isakmpd: reinitializing daemon");
/*
* XXX Remove all(/some?) pending exchange timers? - they may not be
* possible to complete after we've re-read the config file.
* User-initiated SIGHUP's maybe "authorizes" a wait until
* next connection-check.
* XXX This means we discard exchange->last_msg, is this really ok?
*/
#if defined(INSECURE_RAND)
/* Reinitialize PRNG if we are in deterministic mode. */
if (regrand)
srandom(seed);
#endif
/* Reread config file. */
conf_reinit();
log_reinit();
/* Reread the policies. */
policy_init();
/* Reinitialize certificates */
cert_init();
crl_init();
/* Reinitialize our connection list. */
connection_reinit();
/*
* Rescan interfaces (call reinit() in all transports).
*/
transport_reinit();
/*
* XXX "These" (non-existent) reinitializations should not be done.
* cookie_reinit ();
* ui_reinit ();
*/
sa_reinit();
}
/**
* alloc_namespace - allocate, initialize and return a new namespace
* @prefix: parent namespace name (MAYBE NULL)
* @name: a preallocated name (NOT NULL)
*
* Returns: refcounted namespace or NULL on failure.
*/
static struct aa_namespace *alloc_namespace(const char *prefix,
const char *name)
{
struct aa_namespace *ns;
ns = kzalloc(sizeof(*ns), GFP_KERNEL);
AA_DEBUG("%s(%p)\n", __func__, ns);
if (!ns)
return NULL;
if (!policy_init(&ns->base, prefix, name))
goto fail_ns;
INIT_LIST_HEAD(&ns->sub_ns);
rwlock_init(&ns->lock);
/* released by free_namespace */
ns->unconfined = aa_alloc_profile("unconfined");
if (!ns->unconfined)
goto fail_unconfined;
ns->unconfined->flags = PFLAG_UNCONFINED | PFLAG_IX_ON_NAME_ERROR |
PFLAG_IMMUTABLE;
/*
* released by free_namespace, however __remove_namespace breaks
* the cyclic references (ns->unconfined, and unconfined->ns) and
* replaces with refs to parent namespace unconfined
*/
ns->unconfined->ns = aa_get_namespace(ns);
atomic_set(&ns->uniq_null, 0);
return ns;
fail_unconfined:
kzfree(ns->base.hname);
fail_ns:
kzfree(ns);
return NULL;
}
/* This function initializes the virtual memory system with the specified
* "maximum resident" limit on the number of pages that may be in the address
* space. This function does the following:
*
* 1) Set aside a range of addresses for use by the user-space virtual memory
* system.
*
* 2) Initialize other virtual memory system state.
*
* 3) Clear the entire Page Table to all 0s.
*
* 4) Initialize the page replacement policy.
*
* 5) Open the swap file /tmp/cs24_pagedev_<pid>, extend it to be the full
* size of the virtual address space (NUM_PAGES * PAGE_SIZE), and arrange
* for the file to be deleted when the program terminates.
*
* 6) Install the SIGSEGV and SIGALRM handlers.
*
* 7) Start the SIGALRM timer interrupt.
*/
void * vmem_init(unsigned _max_resident) {
struct sigaction action;
struct itimerval itimer;
/* Set up the address range we will use. */
vmem_start = (void *) VIRTUALMEM_ADDR_START;
vmem_end = vmem_start + (NUM_PAGES * PAGE_SIZE);
fprintf(stderr, "\"Physical memory\" is in the range %p..%p\n * %d pages"
" total, %d maximum resident pages\n", vmem_start, vmem_end,
NUM_PAGES, max_resident);
/* Initialize the values that record how many pages are resident in
* physical memory, and the maximum number of pages that may be resident.
*/
num_resident = 0;
max_resident = _max_resident;
num_faults = 0;
/* Clear the entire page table. */
memset(page_table, 0, sizeof(page_table));
/* Initialize the page replacement policy. */
if (policy_init() == -1) {
fprintf(stderr, "policy_init: failed to initialize\n");
abort();
}
/* Open the swap file */
sprintf(swapfile, "/tmp/cs24_pagedev_%05d", getpid());
fd_swapfile = open(swapfile, O_RDWR | O_CREAT, 0600);
if (fd_swapfile < 0) {
perror(swapfile);
abort();
}
/* Immediately unlink it so it will go away when this process terminates */
if (unlink(swapfile) < 0) {
perror(swapfile);
abort();
}
/* Extend the file to include the entire address space */
if (lseek(fd_swapfile, NUM_PAGES * PAGE_SIZE, SEEK_SET) < 0) {
perror("lseek");
abort();
}
if (write(fd_swapfile, "x", 1) < 1) {
perror(swapfile);
abort();
}
/* Set up and install the seg-fault signal handler */
memset(&action, 0, sizeof(action));
action.sa_sigaction = sigsegv_handler;
action.sa_flags = SA_SIGINFO | SA_ONSTACK;
/* Mask timer signals during the SIGSEGV handler */
sigemptyset(&action.sa_mask);
sigaddset(&action.sa_mask, SIGALRM);
if (sigaction(SIGSEGV, &action, (struct sigaction *) 0) < 0) {
perror("sigaction(SIGSEGV)");
exit(1);
}
/* Set up and install the timer signal handler */
memset(&action, 0, sizeof(action));
action.sa_sigaction = sigalrm_handler;
action.sa_flags = SA_SIGINFO | SA_ONSTACK;
if (sigaction(SIGALRM, &action, (struct sigaction *) 0) < 0) {
perror("sigaction(SIGALRM)");
exit(1);
}
/* Start the periodic timer! */
itimer.it_interval.tv_sec = TIMESLICE_SEC;
itimer.it_interval.tv_usec = TIMESLICE_USEC;
itimer.it_value.tv_sec = TIMESLICE_SEC;
itimer.it_value.tv_usec = TIMESLICE_USEC;
if (setitimer(ITIMER_REAL, &itimer, (struct itimerval *) 0) < 0) {
perror("setitimer");
exit(1);
}
return vmem_start;
}
int main(int argc, char **argv)
{
pthread_t sigth;
sigset_t sigblock;
int logflags = 0;
int ret = 1;
debug_init();
sigemptyset(&sigblock);
sigaddset(&sigblock, SIGHUP);
sigaddset(&sigblock, SIGINT);
sigaddset(&sigblock, SIGTERM);
#ifdef ENABLE_VT
sigaddset(&sigblock, SIGPIPE);
#endif
pthread_sigmask(SIG_BLOCK, &sigblock, NULL);
if (conf_parse(&conf, argc, argv))
return 1;
if (conf.debug_level > 0)
logflags = LOG_PERROR;
openlog(basename(argv[0]), LOG_PID|logflags, LOG_DAEMON);
syslog(LOG_INFO, "%s v%s started (%s)", PACKAGE_NAME, PACKAGE_VERSION,
entity_string[conf.mip6_entity]);
#ifdef ENABLE_VT
if (vt_init() < 0)
goto vt_failed;
#endif
/* if not debugging, detach from tty */
if (conf.debug_level == 0)
daemon_start(1);
else {
/* if debugging with debug log file, detach from tty */
if (conf.debug_log_file) {
daemon_start(1);
ret = debug_open(conf.debug_log_file);
if (ret < 0) {
fprintf(stderr, "can't init debug log:%s\n",
strerror(-ret));
goto debug_failed;
}
dbg("%s started in debug mode\n", PACKAGE_NAME);
} else {
dbg("%s started in debug mode, not detaching from terminal\n",
PACKAGE_NAME);
}
conf_show(&conf);
}
srandom(time(NULL));
if (rr_cn_init() < 0)
goto rr_cn_failed;
if (policy_init() < 0)
goto policy_failed;
if (taskqueue_init() < 0)
goto taskqueue_failed;
if (bcache_init() < 0)
goto bcache_failed;
if (mh_init() < 0)
goto mh_failed;
if (icmp6_init() < 0)
goto icmp6_failed;
if (xfrm_init() < 0)
goto xfrm_failed;
cn_init();
if ((is_ha() || is_mn()) && tunnelctl_init() < 0)
goto tunnelctl_failed;
if (is_ha() && ha_init() < 0)
goto ha_failed;
if (is_mn() && mn_init() < 0)
goto mn_failed;
#ifdef ENABLE_VT
if (vt_start(conf.vt_hostname, conf.vt_service) < 0)
goto vt_start_failed;
#endif
if (pthread_create(&sigth, NULL, sigh, NULL))
goto sigth_failed;
pthread_join(sigth, NULL);
ret = 0;
sigth_failed:
#ifdef ENABLE_VT
vt_fini();
vt_start_failed:
#endif
if (is_mn())
mn_cleanup();
mn_failed:
if (is_ha())
ha_cleanup();
ha_failed:
if (is_ha() || is_mn())
tunnelctl_cleanup();
tunnelctl_failed:
cn_cleanup();
xfrm_cleanup();
xfrm_failed:
icmp6_cleanup();
icmp6_failed:
mh_cleanup();
mh_failed:
bcache_cleanup();
bcache_failed:
taskqueue_destroy();
taskqueue_failed:
policy_cleanup();
policy_failed:
rr_cn_failed:
debug_close();
debug_failed:
#ifdef ENABLE_VT
vt_failed:
#endif
syslog(LOG_INFO, "%s v%s stopped (%s)", PACKAGE_NAME, PACKAGE_VERSION,
entity_string[conf.mip6_entity]);
closelog();
return ret;
}