void
close_log(void)
{
if (log_to_syslog)
closelog();
close_peerlog();
}
void close_log(void)
{
if (log_to_syslog)
closelog();
if (pluto_log_fp != NULL) {
(void)fclose(pluto_log_fp);
pluto_log_fp = NULL;
}
close_peerlog();
}
void do_whacklisten()
{
fflush(stderr);
fflush(stdout);
close_peerlog(); /* close any open per-peer logs */
libreswan_log("listening for IKE messages");
listening = TRUE;
daily_log_reset();
reset_adns_restart_count();
set_myFQDN();
find_ifaces();
load_preshared_secrets();
load_groups();
}
static void do_whacklisten(void)
{
fflush(stderr);
fflush(stdout);
close_peerlog(); /* close any open per-peer logs */
#ifdef USE_SYSTEMD_WATCHDOG
pluto_sd(PLUTO_SD_RELOADING, SD_REPORT_NO_STATUS);
#endif
libreswan_log("listening for IKE messages");
listening = TRUE;
daily_log_reset();
set_myFQDN();
find_ifaces();
load_preshared_secrets();
load_groups();
#ifdef USE_SYSTEMD_WATCHDOG
pluto_sd(PLUTO_SD_READY, SD_REPORT_NO_STATUS);
#endif
}
/*
* initialize a helper.
*/
static void init_crypto_helper(struct pluto_crypto_worker *w, int n)
{
int fds[2];
#ifndef HAVE_LIBNSS
int errno2;
#endif
/* reset this */
w->pcw_pid = -1;
if(socketpair(PF_UNIX, SOCK_STREAM, 0, fds) != 0) {
loglog(RC_LOG_SERIOUS, "could not create socketpair for helpers: %s",
strerror(errno));
return;
}
w->pcw_helpernum = n;
w->pcw_pipe = fds[0];
#ifdef HAVE_LIBNSS
w->pcw_helper_pipe = fds[1];
#endif
w->pcw_maxbasicwork = 2;
w->pcw_maxcritwork = 4;
w->pcw_work = 0;
w->pcw_reaped = FALSE;
w->pcw_dead = FALSE;
TAILQ_INIT(&w->pcw_active);
/* set the send/received queue length to be at least maxcritwork
* times sizeof(pluto_crypto_req) in size
*/
{
int qlen = w->pcw_maxcritwork * sizeof(struct pluto_crypto_req) + 10;
if(setsockopt(fds[0], SOL_SOCKET, SO_SNDBUF,&qlen, sizeof(qlen))==-1
|| setsockopt(fds[0],SOL_SOCKET,SO_SNDBUF,&qlen,sizeof(qlen))==-1
|| setsockopt(fds[1],SOL_SOCKET,SO_RCVBUF,&qlen,sizeof(qlen))==-1
|| setsockopt(fds[1],SOL_SOCKET,SO_RCVBUF,&qlen,sizeof(qlen))==-1) {
loglog(RC_LOG_SERIOUS, "could not set socket queue to %d", qlen);
return;
}
}
/* flush various descriptors so that they don't get written twice */
#ifndef HAVE_LIBNSS
fflush(stdout);
fflush(stderr);
close_log();
close_peerlog();
#endif
/* set local so that child inheirits it */
pc_helper_num = n;
#ifdef HAVE_LIBNSS
int thread_status;
thread_status = pthread_create((pthread_t*)&w->pcw_pid, NULL, pluto_helper_thread, (void*)w);
if(thread_status!=0) {
loglog(RC_LOG_SERIOUS, "failed to start child, error = %d" , thread_status);
w->pcw_pid= -1;
close(fds[1]);
close(fds[0]);
w->pcw_dead = TRUE;
return;
}
else{
openswan_log("started helper (thread) pid=%ld (fd:%d)", w->pcw_pid, w->pcw_pipe);
}
#else
w->pcw_pid = fork();
errno2 = errno;
if(w->pcw_pid == 0) {
/* this is the CHILD */
int fd;
int maxfd;
struct rlimit nf;
int i, arg_len = 0;
/* diddle with our proc title */
memset(global_argv[0], '\0', strlen(global_argv[0])+1);
arg_len += strlen(global_argv[0]);
for(i = 1; i < global_argc; i++) {
if(global_argv[i]) {
int l = strlen(global_argv[i]);
memset(global_argv[i], '\0', l);
arg_len += l;
}
global_argv[i]=NULL;
}
snprintf(global_argv[0], arg_len, "pluto helper %s #%3d "
, pluto_ifn_inst, n);
if(getenv("PLUTO_CRYPTO_HELPER_DEBUG")) {
snprintf(global_argv[0], arg_len,
"pluto helper %s #%3d (waiting for GDB) ",
pluto_ifn_inst, n);
sleep(60); /* for debugger to attach */
sprintf(global_argv[0], "pluto helper %s #%3d "
, pluto_ifn_inst, n);
}
if(getrlimit(RLIMIT_NOFILE, &nf) == -1) {
maxfd = 256;
} else {
maxfd = nf.rlim_max;
}
/* in child process, close all non-essential fds */
for(fd = 3; fd < maxfd; fd++) {
if(fd != fds[1]) close(fd);
}
pluto_init_log();
init_rnd_pool();
load_oswcrypto();
free_preshared_secrets();
#ifdef DEBUG
openswan_passert_fail = helper_passert_fail;
debug_prefix='!';
#endif
pluto_crypto_helper(fds[1], n);
exit(0);
/* NOTREACHED */
}
/* open the log files again */
pluto_init_log();
if(w->pcw_pid == -1) {
loglog(RC_LOG_SERIOUS, "failed to start child, error = %s"
, strerror(errno2));
close(fds[1]);
close(fds[0]);
w->pcw_dead = TRUE;
return;
}
/* PARENT */
openswan_log("started helper pid=%d (fd:%d)", w->pcw_pid, w->pcw_pipe);
/* close client side of socket pair in parent */
close(fds[1]);
#endif
}
