static void *jpsd_mgmt_thrd(void * arg)
{
int err = 0;
int i;
int start = 1;
jpsd_tdf_domain_init();
while (1) {
mgmt_exiting = false;
printf("mgmt connect: initialized\n");
if (start == 1) {
err = jpsd_mgmt_init(1);
bail_error(err);
} else {
while ((err = jpsd_mgmt_init(0)) != 0) {
jpsd_deinit();
sleep(2);
}
}
err = jpsd_mgmt_main_loop();
complain_error(err);
err = jpsd_deinit();
complain_error(err);
printf("mgmt connect: de-initialized\n");
start = 0;
}
bail:
printf("jpsd_mgmt_thrd: exit\n");
return NULL;
}
void * geodbd_mgmt_func(void * arg)
{
int err = 0;
int start = 1;
/* Connect/create GCL sessions, initialize mgmtd i/f
*/
while (1)
{
geodbd_exiting = false;
printf("geodbd connect: initialized\n");
if (start == 1) {
err = geodbd_mgmt_process(1);
bail_error(err);
} else {
while ((err = geodbd_mgmt_process(0)) != 0) {
geodbd_deinit();
sleep(2);
}
}
err = main_loop();
complain_error(err);
err = geodbd_deinit();
complain_error(err);
printf("mgmt connect: de-initialized\n");
start = 0;
}
bail:
printf("adnsd_mgmt_func: exit\n");
return NULL;
}
int
md_uf_delete_context(const char *uf_name)
{
int err = 0;
uf_context_data_t *context = NULL;
file_path_t uf_dir = {0};
bail_null(uf_name);
err = md_uf_find_context(uf_name, &context);
bail_error(err);
bail_null(context);
context->valid = 0;
context->consumed = 0;
context->cfg_updated = 0;
bzero(context->uf_name, sizeof(context->uf_name));
safe_free(context->url);
safe_free(context->crypto_key);
safe_free(context->type);
if (context->poll_event) {
/* delete this timer */
err = lew_event_delete(md_lwc, &(context->poll_event));
complain_error(err);
context->poll_event = NULL;
}
bail:
snprintf(uf_dir, sizeof(uf_dir), "/nkn/tmp/uf/%s", uf_name);
lf_remove_tree(uf_dir);
return err;
}
int
md_uf_timer_callback(int fd,
short event_type,
void *data,
lew_context *ctxt)
{
int err = 0;
uf_context_data_t *context = (uf_context_data_t *) data;
err = md_uf_refresh_file(NULL, NULL, context->uf_name, "0");
complain_error(err);
/* add timer again even if error occured */
if (context->refresh_interval > 0) {
context->next_refresh_time = lt_curr_time() + context->poll_frequency/1000;
err = lew_event_reg_timer(md_lwc,
&(context->poll_event),
(context->callback),
(void *) (context),
(context->poll_frequency));
bail_error(err);
}
bail:
return err;
}
/**
* aa_capable - test permission to use capability
* @task: task doing capability test against (NOT NULL)
* @profile: profile confining @task (NOT NULL)
* @cap: capability to be tested
* @audit: whether an audit record should be generated
*
* Look up capability in profile capability set.
*
* Returns: 0 on success, or else an error code.
*/
int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap,
int audit)
{
int error = profile_capable(profile, cap);
if (!audit) {
if (COMPLAIN_MODE(profile))
return complain_error(error);
return error;
}
return audit_caps(profile, task, cap, error);
}
int
md_uf_update_timer(uf_context_data_t *context)
{
int err = 0;
if (context->poll_event) {
/* delete this timer */
err = lew_event_delete(md_lwc, &(context->poll_event));
complain_error(err);
context->poll_event = NULL;
}
context->cfg_updated = 0;
if (context->valid == 0) {
goto bail;
}
/* refresh file force-fully now */
err = md_uf_refresh_file(NULL, NULL, context->uf_name, "1");
complain_error(err);
/* adding timer with to trigger timer at scheduled */
if (context->refresh_interval > 0) {
context->next_refresh_time = lt_curr_time() + context->poll_frequency/1000;
err = lew_event_reg_timer(md_lwc,
&(context->poll_event),
(context->callback),
(void *) (context),
(context->poll_frequency));
bail_error(err);
}
bail:
return err;
}
/**
* audit_caps - audit a capability
* @profile: profile confining task (NOT NULL)
* @task: task capability test was performed against (NOT NULL)
* @cap: capability tested
* @error: error code returned by test
*
* Do auditing of capability and handle, audit/complain/kill modes switching
* and duplicate message elimination.
*
* Returns: 0 or sa->error on success, error code on failure
*/
static int audit_caps(struct aa_profile *profile, struct task_struct *task,
int cap, int error)
{
struct audit_cache *ent;
int type = AUDIT_APPARMOR_AUTO;
struct common_audit_data sa;
struct apparmor_audit_data aad = {0,};
COMMON_AUDIT_DATA_INIT(&sa, CAP);
sa.aad = &aad;
sa.tsk = task;
sa.u.cap = cap;
sa.aad->op = OP_CAPABLE;
sa.aad->error = error;
if (likely(!error)) {
/* test if auditing is being forced */
if (likely((AUDIT_MODE(profile) != AUDIT_ALL) &&
!cap_raised(profile->caps.audit, cap)))
return 0;
type = AUDIT_APPARMOR_AUDIT;
} else if (KILL_MODE(profile) ||
cap_raised(profile->caps.kill, cap)) {
type = AUDIT_APPARMOR_KILL;
} else if (cap_raised(profile->caps.quiet, cap) &&
AUDIT_MODE(profile) != AUDIT_NOQUIET &&
AUDIT_MODE(profile) != AUDIT_ALL) {
/* quiet auditing */
return error;
}
/* Do simple duplicate message elimination */
ent = &get_cpu_var(audit_cache);
if (profile == ent->profile && cap_raised(ent->caps, cap)) {
put_cpu_var(audit_cache);
if (COMPLAIN_MODE(profile))
return complain_error(error);
return error;
} else {
aa_put_profile(ent->profile);
ent->profile = aa_get_profile(profile);
cap_raise(ent->caps, cap);
}
put_cpu_var(audit_cache);
return aa_audit(type, profile, GFP_ATOMIC, &sa, audit_cb);
}
/**
* profile_capable - test if profile allows use of capability @cap
* @profile: profile being enforced (NOT NULL, NOT unconfined)
* @cap: capability to test if allowed
* @sa: audit data (MAY BE NULL indicating no auditing)
*
* Returns: 0 if allowed else -EPERM
*/
static int profile_capable(struct aa_profile *profile, int cap,
struct common_audit_data *sa)
{
int error;
if (cap_raised(profile->caps.allow, cap) &&
!cap_raised(profile->caps.denied, cap))
error = 0;
else
error = -EPERM;
if (!sa) {
if (COMPLAIN_MODE(profile))
return complain_error(error);
return error;
}
return audit_caps(sa, profile, cap, error);
}
/**
* audit_caps - audit a capability
* @sa: audit data
* @profile: profile being tested for confinement (NOT NULL)
* @cap: capability tested
* @error: error code returned by test
*
* Do auditing of capability and handle, audit/complain/kill modes switching
* and duplicate message elimination.
*
* Returns: 0 or sa->error on success, error code on failure
*/
static int audit_caps(struct common_audit_data *sa, struct aa_profile *profile,
int cap, int error)
{
struct audit_cache *ent;
int type = AUDIT_APPARMOR_AUTO;
aad(sa)->error = error;
if (likely(!error)) {
/* test if auditing is being forced */
if (likely((AUDIT_MODE(profile) != AUDIT_ALL) &&
!cap_raised(profile->caps.audit, cap)))
return 0;
type = AUDIT_APPARMOR_AUDIT;
} else if (KILL_MODE(profile) ||
cap_raised(profile->caps.kill, cap)) {
type = AUDIT_APPARMOR_KILL;
} else if (cap_raised(profile->caps.quiet, cap) &&
AUDIT_MODE(profile) != AUDIT_NOQUIET &&
AUDIT_MODE(profile) != AUDIT_ALL) {
/* quiet auditing */
return error;
}
/* Do simple duplicate message elimination */
ent = &get_cpu_var(audit_cache);
if (profile == ent->profile && cap_raised(ent->caps, cap)) {
put_cpu_var(audit_cache);
if (COMPLAIN_MODE(profile))
return complain_error(error);
return error;
} else {
aa_put_profile(ent->profile);
ent->profile = aa_get_profile(profile);
cap_raise(ent->caps, cap);
}
put_cpu_var(audit_cache);
return aa_audit(type, profile, sa, audit_cb);
}
/**
* aa_audit - Log a profile based audit event to the audit subsystem
* @type: audit type for the message
* @profile: profile to check against (NOT NULL)
* @gfp: allocation flags to use
* @sa: audit event (NOT NULL)
* @cb: optional callback fn for type specific fields (MAYBE NULL)
*
* Handle default message switching based off of audit mode flags
*
* Returns: error on failure
*/
int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
struct common_audit_data *sa,
void (*cb) (struct audit_buffer *, void *))
{
BUG_ON(!profile);
if (type == AUDIT_APPARMOR_AUTO) {
if (likely(!sa->aad->error)) {
if (AUDIT_MODE(profile) != AUDIT_ALL)
return 0;
type = AUDIT_APPARMOR_AUDIT;
} else if (COMPLAIN_MODE(profile))
type = AUDIT_APPARMOR_ALLOWED;
else
type = AUDIT_APPARMOR_DENIED;
}
if (AUDIT_MODE(profile) == AUDIT_QUIET ||
(type == AUDIT_APPARMOR_DENIED &&
AUDIT_MODE(profile) == AUDIT_QUIET))
return sa->aad->error;
if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
type = AUDIT_APPARMOR_KILL;
if (!unconfined(profile))
sa->aad->profile = profile;
aa_audit_msg(type, sa, cb);
if (sa->aad->type == AUDIT_APPARMOR_KILL)
(void)send_sig_info(SIGKILL, NULL,
sa->u.tsk ? sa->u.tsk : current);
if (sa->aad->type == AUDIT_APPARMOR_ALLOWED)
return complain_error(sa->aad->error);
return sa->aad->error;
}
/**
* aa_audit - Log a profile based audit event to the audit subsystem
* @type: audit type for the message
* @profile: profile to check against (NOT NULL)
* @sa: audit event (NOT NULL)
* @cb: optional callback fn for type specific fields (MAYBE NULL)
*
* Handle default message switching based off of audit mode flags
*
* Returns: error on failure
*/
int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
void (*cb) (struct audit_buffer *, void *))
{
BUG_ON(!profile);
if (type == AUDIT_APPARMOR_AUTO) {
if (likely(!aad(sa)->error)) {
if (AUDIT_MODE(profile) != AUDIT_ALL)
return 0;
type = AUDIT_APPARMOR_AUDIT;
} else if (COMPLAIN_MODE(profile))
type = AUDIT_APPARMOR_ALLOWED;
else
type = AUDIT_APPARMOR_DENIED;
}
if (AUDIT_MODE(profile) == AUDIT_QUIET ||
(type == AUDIT_APPARMOR_DENIED &&
AUDIT_MODE(profile) == AUDIT_QUIET))
return aad(sa)->error;
if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
type = AUDIT_APPARMOR_KILL;
aad(sa)->label = &profile->label;
aa_audit_msg(type, sa, cb);
if (aad(sa)->type == AUDIT_APPARMOR_KILL)
(void)send_sig_info(SIGKILL, NULL,
sa->type == LSM_AUDIT_DATA_TASK && sa->u.tsk ?
sa->u.tsk : current);
if (aad(sa)->type == AUDIT_APPARMOR_ALLOWED)
return complain_error(aad(sa)->error);
return aad(sa)->error;
}
int
md_nkn_ethtool(const char *intf_name,
nkn_ethtool_cmd_t cmd, uint32_t *data)
{
int err = 0;
tstring *output = NULL;
tstr_array *ret_params = NULL;
const char *cmd_str = NULL;
const char* oper = NULL;
int32_t status = 0;
struct ethtool_value edata;
int need_change = 0;
bail_null(intf_name);
bail_null(data);
if (cmd == NKN_ETHTOOL_GRO_SET) {
oper = *data? "on":"off";
cmd_str = "gro";
err = lc_launch_quick_status(&status, &output, true, 5
,"/usr/sbin/ethtool", "-K"
,intf_name, cmd_str, oper);
bail_error(err);
memset(&edata, 0, sizeof(struct ethtool_value));
edata.cmd = ETHTOOL_GFLAGS;
if (!md_nkn_ethtool_ioctl(intf_name, &edata)) {
if(*data && !(ETH_FLAG_LRO & edata.data)) {
edata.data |= ETH_FLAG_LRO;
need_change = 1;
lc_log_basic(LOG_NOTICE, "Enabling RSC/LRO for intf '%s'\n", intf_name);
}
else if (!*data && (ETH_FLAG_LRO & edata.data)) {
edata.data &= ~ETH_FLAG_LRO;
need_change = 1;
lc_log_basic(LOG_NOTICE, "Disabling RSC/LRO for intf '%s'\n", intf_name);
}
else {
need_change = 0;
}
if (need_change) {
edata.cmd = ETHTOOL_SFLAGS;
md_nkn_ethtool_ioctl(intf_name, &edata);
}
}
complain_error(status);
} else if (cmd == NKN_ETHTOOL_GRO_GET) {
uint32_t gro_idx = 0;
const char *gro_status = NULL;
str_value_t gro = {0};
err = lc_launch_quick_status(&status, &output, true,3,
"/usr/sbin/ethtool", "-k",
intf_name);
bail_error(err);
complain_error(status);
err = ts_tokenize(output, '\n', '\\', '"', 0, &ret_params);
bail_error(err);
err = tstr_array_linear_search_prefix_str(ret_params, "generic-receive-offload:",
false, true, 0, &gro_idx);
bail_error(err);
gro_status = tstr_array_get_str_quick(ret_params, gro_idx);
bail_null(gro_status);
sscanf(gro_status, "generic-receive-offload: %s", gro);
*data = (!strcmp(gro, "on")) ? 1 : 0;
}
if (cmd == NKN_ETHTOOL_GSO_SET) {
oper = *data? "on":"off";
cmd_str = "gso";
err = lc_launch_quick_status(&status, &output, true, 5
,"/usr/sbin/ethtool", "-K"
,intf_name, cmd_str, oper);
bail_error(err);
memset(&edata, 0, sizeof(struct ethtool_value));
edata.cmd = ETHTOOL_GGSO;
if (!md_nkn_ethtool_ioctl(intf_name, &edata)) {
if(*data && !(NETIF_F_GSO & edata.data)) {
edata.data |= NETIF_F_GSO;
need_change = 1;
lc_log_basic(LOG_NOTICE, "Enabling GSO for intf '%s'\n", intf_name);
}
else if (!*data && (NETIF_F_GSO & edata.data)) {
edata.data &= ~NETIF_F_GSO;
need_change = 1;
lc_log_basic(LOG_NOTICE, "Disabling GSO for intf '%s'\n", intf_name);
}
else {
need_change = 0;
}
if (need_change) {
edata.cmd = ETHTOOL_SGSO;
md_nkn_ethtool_ioctl(intf_name, &edata);
}
}
complain_error(status);
} else if (cmd == NKN_ETHTOOL_GSO_GET) {
uint32_t gso_idx = 0;
const char *gso_status = NULL;
str_value_t gso = {0};
err = lc_launch_quick_status(&status, &output, true,3,
"/usr/sbin/ethtool", "-k",
intf_name);
bail_error(err);
complain_error(status);
err = ts_tokenize(output, '\n', '\\', '"', 0, &ret_params);
bail_error(err);
err = tstr_array_linear_search_prefix_str(ret_params, "generic-segmentation-offload:",
false, true, 0, &gso_idx);
bail_error(err);
gso_status = tstr_array_get_str_quick(ret_params, gso_idx);
bail_null(gso_status);
sscanf(gso_status, "generic-segmentation-offload: %s", gso);
*data = (!strcmp(gso, "on")) ? 1 : 0;
}
if (cmd == NKN_ETHTOOL_TSO_SET) {
oper = *data? "on":"off";
cmd_str = "tso";
err = lc_launch_quick_status(&status, &output, true, 5
,"/usr/sbin/ethtool", "-K"
,intf_name, cmd_str, oper);
bail_error(err);
memset(&edata, 0, sizeof(struct ethtool_value));
edata.cmd = ETHTOOL_GTSO;
if (!md_nkn_ethtool_ioctl(intf_name, &edata)) {
if(*data && !(NETIF_F_TSO & edata.data)) {
edata.data |= NETIF_F_TSO;
need_change = 1;
lc_log_basic(LOG_NOTICE, "Enabling TSO for intf '%s'\n", intf_name);
}
else if (!*data && (NETIF_F_TSO & edata.data)) {
edata.data &= ~NETIF_F_TSO;
need_change = 1;
lc_log_basic(LOG_NOTICE, "Disabling TSO for intf '%s'\n", intf_name);
}
else {
need_change = 0;
}
if (need_change) {
edata.cmd = ETHTOOL_STSO;
md_nkn_ethtool_ioctl(intf_name, &edata);
}
}
complain_error(status);
} else if (cmd == NKN_ETHTOOL_TSO_GET) {
uint32_t tso_idx = 0;
const char *tso_status = NULL;
str_value_t tso = {0};
err = lc_launch_quick_status(&status, &output, true,3,
"/usr/sbin/ethtool", "-k",
intf_name);
bail_error(err);
complain_error(status);
err = ts_tokenize(output, '\n', '\\', '"', 0, &ret_params);
bail_error(err);
err = tstr_array_linear_search_prefix_str(ret_params, "tcp-segmentation-offload:",
false, true, 0, &tso_idx);
bail_error(err);
tso_status = tstr_array_get_str_quick(ret_params, tso_idx);
bail_null(tso_status);
sscanf(tso_status, "tcp-segmentation-offload: %s", tso);
*data = (!strcmp(tso, "on")) ? 1 : 0;
}
bail:
tstr_array_free(&ret_params);
ts_free(&output);
return err;
}
