void
domaininit(void)
{
struct domain *dp;
struct protosw *pr;
static struct timeout pffast_timeout;
static struct timeout pfslow_timeout;
#undef unix
/*
* KAME NOTE: ADDDOMAIN(route) is moved to the last part so that
* it will be initialized as the *first* element. confusing!
*/
#ifndef lint
ADDDOMAIN(unix);
#ifdef INET
ADDDOMAIN(inet);
#endif
#ifdef INET6
ADDDOMAIN(inet6);
#endif /* INET6 */
#if defined (KEY) || defined (IPSEC) || defined (TCP_SIGNATURE)
pfkey_init();
#endif /* KEY || IPSEC */
#ifdef MPLS
ADDDOMAIN(mpls);
#endif
#ifdef NATM
ADDDOMAIN(natm);
#endif
#ifdef IPSEC
#ifdef __KAME__
ADDDOMAIN(key);
#endif
#endif
#if NBLUETOOTH > 0
ADDDOMAIN(bt);
#endif
ADDDOMAIN(route);
#endif
for (dp = domains; dp; dp = dp->dom_next) {
if (dp->dom_init)
(*dp->dom_init)();
for (pr = dp->dom_protosw; pr < dp->dom_protoswNPROTOSW; pr++)
if (pr->pr_init)
(*pr->pr_init)();
}
if (max_linkhdr < 16) /* XXX */
max_linkhdr = 16;
max_hdr = max_linkhdr + max_protohdr;
max_datalen = MHLEN - max_hdr;
timeout_set(&pffast_timeout, pffasttimo, &pffast_timeout);
timeout_set(&pfslow_timeout, pfslowtimo, &pfslow_timeout);
timeout_add(&pffast_timeout, 1);
timeout_add(&pfslow_timeout, 1);
}
/* void */
int
ipsec_init(void)
{
int error = 0;
unsigned char seed[256];
#ifdef CONFIG_IPSEC_ENC_3DES
extern int des_check_key;
/* turn off checking of keys */
des_check_key=0;
#endif /* CONFIG_IPSEC_ENC_3DES */
KLIPS_PRINT(1, "klips_info:ipsec_init: "
"KLIPS startup, Openswan KLIPS IPsec stack version: %s\n",
ipsec_version_code());
error |= ipsec_proc_init();
#ifdef SPINLOCK
ipsec_sadb.sadb_lock = SPIN_LOCK_UNLOCKED;
#else /* SPINLOCK */
ipsec_sadb.sadb_lock = 0;
#endif /* SPINLOCK */
#ifndef SPINLOCK
tdb_lock.lock = 0;
eroute_lock.lock = 0;
#endif /* !SPINLOCK */
error |= ipsec_sadb_init();
error |= ipsec_radijinit();
error |= pfkey_init();
error |= register_netdevice_notifier(&ipsec_dev_notifier);
#ifdef CONFIG_IPSEC_ESP
openswan_inet_add_protocol(&esp_protocol, IPPROTO_ESP);
#endif /* CONFIG_IPSEC_ESP */
#ifdef CONFIG_IPSEC_AH
openswan_inet_add_protocol(&ah_protocol, IPPROTO_AH);
#endif /* CONFIG_IPSEC_AH */
/* we never actually link IPCOMP to the stack */
#ifdef IPCOMP_USED_ALONE
#ifdef CONFIG_IPSEC_IPCOMP
openswan_inet_add_protocol(&comp_protocol, IPPROTO_COMP);
#endif /* CONFIG_IPSEC_IPCOMP */
#endif
error |= ipsec_tunnel_init_devices();
#ifdef CONFIG_SYSCTL
error |= ipsec_sysctl_register();
#endif
#ifdef CONFIG_IPSEC_ALG
ipsec_alg_init();
#endif
get_random_bytes((void *)seed, sizeof(seed));
prng_init(&ipsec_prng, seed, sizeof(seed));
return error;
}
/* void */
int
ipsec_klips_init(void)
{
int error = 0;
unsigned char seed[256];
#ifdef CONFIG_KLIPS_ENC_3DES
extern int des_check_key;
/* turn off checking of keys */
des_check_key=0;
#endif /* CONFIG_KLIPS_ENC_3DES */
KLIPS_PRINT(1, "klips_info:ipsec_init: "
"KLIPS startup, Openswan KLIPS IPsec stack version: %s\n",
ipsec_version_code());
error |= ipsec_proc_init();
#ifdef SPINLOCK
ipsec_sadb.sadb_lock = SPIN_LOCK_UNLOCKED;
#else /* SPINLOCK */
ipsec_sadb.sadb_lock = 0;
#endif /* SPINLOCK */
#ifndef SPINLOCK
tdb_lock.lock = 0;
eroute_lock.lock = 0;
#endif /* !SPINLOCK */
error |= ipsec_sadb_init();
error |= ipsec_radijinit();
error |= pfkey_init();
error |= register_netdevice_notifier(&ipsec_dev_notifier);
#ifdef CONFIG_KLIPS_ESP
openswan_inet_add_protocol(&esp_protocol, IPPROTO_ESP);
#endif /* CONFIG_KLIPS_ESP */
#ifdef CONFIG_KLIPS_AH
openswan_inet_add_protocol(&ah_protocol, IPPROTO_AH);
#endif /* CONFIG_KLIPS_AH */
/* we never actually link IPCOMP to the stack */
#ifdef IPCOMP_USED_ALONE
#ifdef CONFIG_KLIPS_IPCOMP
openswan_inet_add_protocol(&comp_protocol, IPPROTO_COMP);
#endif /* CONFIG_KLIPS_IPCOMP */
#endif
error |= ipsec_tunnel_init_devices();
#if defined(NET_26) && defined(CONFIG_IPSEC_NAT_TRAVERSAL)
/* register our ESP-UDP handler */
if(udp4_register_esp_rcvencap(klips26_rcv_encap
, &klips_old_encap)!=0) {
printk(KERN_ERR "KLIPS: can not register klips_rcv_encap function\n");
}
#endif
#ifdef CONFIG_SYSCTL
error |= ipsec_sysctl_register();
#endif
#ifdef CONFIG_KLIPS_ALG
ipsec_alg_init();
#endif
#ifdef CONFIG_KLIPS_OCF
ipsec_ocf_init();
#endif
get_random_bytes((void *)seed, sizeof(seed));
prng_init(&ipsec_prng, seed, sizeof(seed));
atomic_set(&ipsec_irs_cnt, 0);
atomic_set(&ipsec_ixs_cnt, 0);
ipsec_irs_cache = kmem_cache_create("ipsec_irs",
sizeof(struct ipsec_rcv_state), 0, SLAB_HWCACHE_ALIGN, NULL, NULL);
if (!ipsec_irs_cache) {
printk("Failed to get IRS cache\n");
error |= 1;
}
ipsec_ixs_cache = kmem_cache_create("ipsec_ixs",
sizeof(struct ipsec_xmit_state), 0, SLAB_HWCACHE_ALIGN, NULL, NULL);
if (!ipsec_ixs_cache) {
printk("Failed to get IXS cache\n");
error |= 1;
}
return error;
}
int
main(int argc, char **argv)
{
extern char *__progname;
char *cfgfile = 0;
int ch;
if (geteuid() != 0) {
/* No point in continuing. */
fprintf(stderr, "%s: This daemon needs to be run as root.\n",
__progname);
return 1;
}
while ((ch = getopt(argc, argv, "c:dv")) != -1) {
switch (ch) {
case 'c':
if (cfgfile)
usage();
cfgfile = optarg;
break;
case 'd':
cfgstate.debug++;
break;
case 'v':
cfgstate.verboselevel++;
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc > 0)
usage();
log_init(__progname);
timer_init();
cfgstate.runstate = INIT;
LIST_INIT(&cfgstate.peerlist);
cfgstate.listen_port = SASYNCD_DEFAULT_PORT;
cfgstate.flags |= CTL_DEFAULT;
if (!cfgfile)
cfgfile = SASYNCD_CFGFILE;
if (conf_parse_file(cfgfile) == 0 ) {
if (!cfgstate.sharedkey) {
fprintf(stderr, "config: "
"no shared key specified, cannot continue");
exit(1);
}
} else {
exit(1);
}
carp_demote(CARP_INC, 0);
if (carp_init())
return 1;
if (pfkey_init(0))
return 1;
if (net_init())
return 1;
if (!cfgstate.debug)
if (daemon(1, 0)) {
perror("daemon()");
exit(1);
}
if (monitor_init()) {
/* Parent, with privileges. */
monitor_loop();
exit(0);
}
/* Child, no privileges left. Run main loop. */
sasyncd_run(getppid());
/* Shutdown. */
log_msg(0, "shutting down...");
net_shutdown();
pfkey_shutdown();
return 0;
}
/* void */
int
ipsec_klips_init(void)
{
int error = 0;
unsigned char seed[256];
#ifdef CONFIG_KLIPS_ENC_3DES
extern int des_check_key;
/* turn off checking of keys */
des_check_key=0;
#endif /* CONFIG_KLIPS_ENC_3DES */
KLIPS_PRINT(1, "klips_info:ipsec_init: "
"KLIPS startup, Openswan KLIPS IPsec stack version: %s\n",
ipsec_version_code());
error = ipsec_xmit_state_cache_init ();
if (error)
goto error_xmit_state_cache;
error = ipsec_rcv_state_cache_init ();
if (error)
goto error_rcv_state_cache;
error |= ipsec_proc_init();
if (error)
goto error_proc_init;
#ifdef SPINLOCK
ipsec_sadb.sadb_lock = SPIN_LOCK_UNLOCKED;
#else /* SPINLOCK */
ipsec_sadb.sadb_lock = 0;
#endif /* SPINLOCK */
#ifndef SPINLOCK
tdb_lock.lock = 0;
eroute_lock.lock = 0;
#endif /* !SPINLOCK */
error |= ipsec_sadb_init();
if (error)
goto error_sadb_init;
error |= ipsec_radijinit();
if (error)
goto error_radijinit;
error |= pfkey_init();
if (error)
goto error_pfkey_init;
error |= register_netdevice_notifier(&ipsec_dev_notifier);
if (error)
goto error_netdev_notifier;
#ifdef CONFIG_XFRM_ALTERNATE_STACK
error = xfrm_register_alternate_rcv (ipsec_rcv);
if (error)
goto error_xfrm_register;
#else // CONFIG_XFRM_ALTERNATE_STACK
#ifdef CONFIG_KLIPS_ESP
error |= openswan_inet_add_protocol(&esp_protocol, IPPROTO_ESP,"ESP");
if (error)
goto error_openswan_inet_add_protocol_esp;
#endif /* CONFIG_KLIPS_ESP */
#ifdef CONFIG_KLIPS_AH
error |= openswan_inet_add_protocol(&ah_protocol, IPPROTO_AH,"AH");
if (error)
goto error_openswan_inet_add_protocol_ah;
#endif /* CONFIG_KLIPS_AH */
/* we never actually link IPCOMP to the stack */
#ifdef IPCOMP_USED_ALONE
#ifdef CONFIG_KLIPS_IPCOMP
error |= openswan_inet_add_protocol(&comp_protocol, IPPROTO_COMP,"IPCOMP");
if (error)
goto error_openswan_inet_add_protocol_comp;
#endif /* CONFIG_KLIPS_IPCOMP */
#endif
#endif // CONFIG_XFRM_ALTERNATE_STACK
error |= ipsec_tunnel_init_devices();
if (error)
goto error_tunnel_init_devices;
error |= ipsec_mast_init_devices();
#if defined(NET_26) && defined(CONFIG_IPSEC_NAT_TRAVERSAL)
/* register our ESP-UDP handler */
if(udp4_register_esp_rcvencap(klips26_rcv_encap
, &klips_old_encap)!=0) {
printk(KERN_ERR "KLIPS: can not register klips_rcv_encap function\n");
}
#endif
#ifdef CONFIG_SYSCTL
error |= ipsec_sysctl_register();
if (error)
goto error_sysctl_register;
#endif
#ifdef CONFIG_KLIPS_ALG
ipsec_alg_init();
#endif
#ifdef CONFIG_KLIPS_OCF
ipsec_ocf_init();
#endif
get_random_bytes((void *)seed, sizeof(seed));
prng_init(&ipsec_prng, seed, sizeof(seed));
return error;
// undo ipsec_sysctl_register
error_sysctl_register:
ipsec_tunnel_cleanup_devices();
error_tunnel_init_devices:
#ifdef CONFIG_XFRM_ALTERNATE_STACK
xfrm_deregister_alternate_rcv(ipsec_rcv);
error_xfrm_register:
#else // CONFIG_XFRM_ALTERNATE_STACK
#ifdef IPCOMP_USED_ALONE
#ifdef CONFIG_KLIPS_IPCOMP
error_openswan_inet_add_protocol_comp:
openswan_inet_del_protocol(&comp_protocol, IPPROTO_COMP);
#endif /* CONFIG_KLIPS_IPCOMP */
#endif
#ifdef CONFIG_KLIPS_AH
error_openswan_inet_add_protocol_ah:
openswan_inet_del_protocol(&ah_protocol, IPPROTO_AH);
#endif
error_openswan_inet_add_protocol_esp:
openswan_inet_del_protocol(&esp_protocol, IPPROTO_ESP);
#endif
unregister_netdevice_notifier(&ipsec_dev_notifier);
error_netdev_notifier:
pfkey_cleanup();
error_pfkey_init:
ipsec_radijcleanup();
error_radijinit:
ipsec_sadb_cleanup(0);
ipsec_sadb_free();
error_sadb_init:
error_proc_init:
// ipsec_proc_init() does not cleanup after itself, so we have to do it here
// TODO: ipsec_proc_init() should roll back what it chaned on failure
ipsec_proc_cleanup();
ipsec_rcv_state_cache_cleanup ();
error_rcv_state_cache:
ipsec_xmit_state_cache_cleanup ();
error_xmit_state_cache:
return error;
}
void
domaininit()
{
struct domain *dp;
struct protosw *pr;
static struct timeout pffast_timeout;
static struct timeout pfslow_timeout;
#undef unix
/*
* KAME NOTE: ADDDOMAIN(route) is moved to the last part so that
* it will be initialized as the *first* element. confusing!
*/
#ifndef lint
ADDDOMAIN(unix);
#ifdef INET
ADDDOMAIN(inet);
#endif
#ifdef INET6
ADDDOMAIN(inet6);
#endif /* INET6 */
#if defined (KEY) || defined (IPSEC)
pfkey_init();
#endif /* KEY || IPSEC */
#ifdef IPX
ADDDOMAIN(ipx);
#endif
#ifdef NETATALK
ADDDOMAIN(atalk);
#endif
#ifdef NS
ADDDOMAIN(ns);
#endif
#ifdef ISO
ADDDOMAIN(iso);
#endif
#ifdef CCITT
ADDDOMAIN(ccitt);
#endif
#ifdef NATM
ADDDOMAIN(natm);
#endif
#ifdef notdef /* XXXX */
#include "imp.h"
#if NIMP > 0
ADDDOMAIN(imp);
#endif
#endif
#ifdef IPSEC
#ifdef __KAME__
ADDDOMAIN(key);
#endif
#endif
ADDDOMAIN(route);
#endif
for (dp = domains; dp; dp = dp->dom_next) {
if (dp->dom_init)
(*dp->dom_init)();
for (pr = dp->dom_protosw; pr < dp->dom_protoswNPROTOSW; pr++)
if (pr->pr_init)
(*pr->pr_init)();
}
if (max_linkhdr < 16) /* XXX */
max_linkhdr = 16;
max_hdr = max_linkhdr + max_protohdr;
max_datalen = MHLEN - max_hdr;
timeout_set(&pffast_timeout, pffasttimo, &pffast_timeout);
timeout_set(&pfslow_timeout, pfslowtimo, &pfslow_timeout);
timeout_add(&pffast_timeout, 1);
timeout_add(&pfslow_timeout, 1);
}