5 * Admin interface for configuration
7 * (c) 2001 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Trivial IP Encryption (TrIPE).
14 * TrIPE is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * TrIPE is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with TrIPE; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 /*----- Header files ------------------------------------------------------*/
33 /*----- Global variables --------------------------------------------------*/
37 const trace_opt tr_opts[] = {
38 { 't', T_TUNNEL, "tunnel events" },
39 { 'r', T_PEER, "peer events" },
40 { 'a', T_ADMIN, "admin interface" },
41 { 'p', T_PACKET, "packet contents" },
42 { 'c', T_CRYPTO, "crypto details" },
43 { 's', T_KEYSET, "symmetric keyset management" },
44 { 'x', T_KEYEXCH, "key exchange" },
45 { 'm', T_KEYMGMT, "key management" },
46 { 'A', T_ALL, "all of the above" },
50 unsigned tr_flags = 0;
53 static const trace_opt w_opts[] = {
54 { 't', AF_TRACE, "trace messages" },
55 { 'n', AF_NOTE, "asynchronous notifications" },
56 { 'w', AF_WARN, "warnings" },
57 { 'A', AF_ALLMSGS, "all of the above" },
61 /*----- Static variables --------------------------------------------------*/
65 static const char *sockname;
66 static unsigned flags = 0;
67 static admin *a_stdin = 0;
68 static sig s_term, s_int, s_hup;
73 #define T_RESOLVE SEC(30)
76 static void a_destroy(admin */*a*/);
77 static void a_lock(admin */*a*/);
78 static void a_unlock(admin */*a*/);
80 #define BOOL(x) ((x) ? "t" : "nil")
82 /*----- Output functions --------------------------------------------------*/
84 /* --- @trywrite@ --- *
86 * Arguments: @admin *a@ = pointer to an admin block
87 * @const char *p@ = pointer to buffer to write
88 * @size_t sz@ = size of data to write
90 * Returns: The number of bytes written, or less than zero on error.
92 * Use: Attempts to write data to a client.
95 static ssize_t trywrite(admin *a, const char *p, size_t sz)
102 n = write(a->w.fd, p, sz);
112 if (errno != EAGAIN && errno != EWOULDBLOCK) {
114 a_warn("ADMIN client-read-error -- %s", strerror(errno));
121 /* --- @doqueue@ -- *
123 * Arguments: @oqueue *q@ = pointer to output queue
124 * @const char *p@ = pointer to buffer to write
125 * @size_t sz@ = size of buffer
127 * Returns: Nonzero if the queue was previously empty.
129 * Use: Queues data to be written later.
132 static int doqueue(oqueue *q, const char *p, size_t sz)
141 else if (o->p_in < o->buf + OBUFSZ)
145 o = xmalloc(sizeof(obuf));
147 o->p_in = o->p_out = o->buf;
155 n = o->buf + OBUFSZ - o->p_in;
158 memcpy(o->p_in, p, n);
167 /* --- @dosend@ --- *
169 * Arguemnts: @admin *a@ = pointer to an admin block
170 * @const char *p@ = pointer to buffer to write
171 * @size_t sz@ = size of data to write
175 * Use: Sends data to an admin client.
178 static void dosend(admin *a, const char *p, size_t sz)
185 if ((n = trywrite(a, p, sz)) < 0)
192 if (doqueue(&a->out, p, sz))
196 /* --- @a_flush@ --- *
198 * Arguments: @int fd@ = file descriptor
199 * @unsigned mode@ = what's happening
200 * @void *v@ = pointer to my admin block
204 * Use: Flushes buffers when a client is ready to read again.
207 static void a_flush(int fd, unsigned mode, void *v)
215 if ((n = trywrite(a, o->p_out, o->p_in - o->p_out)) < 0)
218 if (o->p_in < o->p_out)
231 /*----- Utility functions -------------------------------------------------*/
233 /* --- @a_write@, @a_vwrite@ --- *
235 * Arguments: @admin *a@ = admin connection to write to
236 * @const char *status@ = status code to report
237 * @const char *tag@ = tag string, or null
238 * @const char *fmt@ = pointer to format string
239 * @va_list ap@ = arguments in list
240 * @...@ = other arguments
244 * Use: Sends a message to an admin connection.
247 static void a_vwrite(admin *a, const char *status, const char *tag,
248 const char *fmt, va_list ap)
252 if (tag) dstr_puts(&d, "BG");
253 dstr_puts(&d, status);
260 dstr_vputf(&d, fmt, &ap);
263 dosend(a, d.buf, d.len);
267 static void a_write(admin *a, const char *status, const char *tag,
268 const char *fmt, ...)
272 a_vwrite(a, status, tag, fmt, ap);
276 /* --- @a_ok@, @a_info@, @a_fail@ --- *
278 * Arguments: @admin *a@ = connection
279 * @const char *fmt@ = format string
280 * @...@ = other arguments
284 * Use: Convenience functions for @a_write@.
287 static void a_ok(admin *a) { a_write(a, "OK", 0, 0); }
289 static void a_info(admin *a, const char *fmt, ...)
293 a_vwrite(a, "INFO", 0, fmt, ap);
297 static void a_fail(admin *a, const char *fmt, ...)
301 a_vwrite(a, "FAIL", 0, fmt, ap);
305 /* --- @a_alert@, @a_valert@, @a_rawalert@ --- *
307 * Arguments: @unsigned f_and, f_eq@ = filter for connections
308 * @const char *status@ = status string
309 * @const char *fmt@ = pointer to format string
310 * @const char *p@ = pointer to raw string
311 * @size_t sz@ = size of raw string
312 * @va_list ap@ = arguments in list
313 * @...@ = other arguments
317 * Use: Write a message to all admin connections matched by the given
321 static void a_rawalert(unsigned f_and, unsigned f_eq, const char *status,
322 const char *p, size_t sz)
327 if (!(flags & F_INIT))
329 dstr_puts(&d, status);
332 dstr_putm(&d, p, sz);
337 for (a = admins; a; a = aa) {
339 if ((a->f & f_and) == f_eq)
340 dosend(a, d.buf, d.len);
345 static void a_valert(unsigned f_and, unsigned f_eq, const char *tag,
346 const char *fmt, va_list ap)
350 if (!(flags & F_INIT))
353 dstr_vputf(&d, fmt, &ap);
354 a_rawalert(f_and, f_eq, tag, fmt ? d.buf : 0, fmt ? d.len : 0);
359 static void a_alert(unsigned f_and, unsigned f_eq, const char *tag,
360 const char *fmt, ...)
364 a_valert(f_and, f_eq, tag, fmt, ap);
369 /* --- @a_warn@ --- *
371 * Arguments: @const char *fmt@ = pointer to format string
372 * @...@ = other arguments
376 * Use: Informs all admin connections of a warning.
379 void a_warn(const char *fmt, ...)
385 a_valert(0, 0, "WARN", fmt, ap);
387 fprintf(stderr, "%s: ", QUIS);
388 vfprintf(stderr, fmt, ap);
394 /* --- @a_trace@ --- *
396 * Arguments: @const char *p@ = pointer to a buffer
397 * @size_t sz@ = size of the buffer
398 * @void *v@ = uninteresting pointer
402 * Use: Custom trace output handler. Sends trace messages to
403 * interested admin connections.
407 static void a_trace(const char *p, size_t sz, void *v)
408 { a_rawalert(AF_TRACE, AF_TRACE, "TRACE", p, sz); }
411 /* --- @a_notify@ --- *
413 * Arguments: @const char *fmt@ = pointer to format string
414 * @...@ = other arguments
418 * Use: Sends a notification to interested admin connections.
421 void a_notify(const char *fmt, ...)
426 a_valert(AF_NOTE, AF_NOTE, "NOTE", fmt, ap);
430 /* --- @a_quit@ --- *
436 * Use: Shuts things down nicely.
445 while ((p = p_first()) != 0)
450 /* --- @a_sigdie@ --- *
452 * Arguments: @int sig@ = signal number
453 * @void *v@ = an uninteresting argument
457 * Use Shuts down on receipt of a fatal signal.
460 static void a_sigdie(int sig, void *v)
466 case SIGTERM: p = "SIGTERM"; break;
467 case SIGINT: p = "SIGINT"; break;
469 sprintf(buf, "%i", sig);
473 a_warn("SERVER quit signal %s", p);
477 /* --- @a_sighup@ --- *
479 * Arguments: @int sig@ = signal number
480 * @void *v@ = an uninteresting argument
484 * Use Logs a message about SIGHUP not being useful.
487 static void a_sighup(int sig, void *v)
489 a_warn("SERVER ignore signal SIGHUP");
492 /* --- @a_parsetime@ --- *
494 * Arguments; @const char *p@ = time string to parse
496 * Returns: Time in seconds, or @< 0@ on error.
499 static long a_parsetime(const char *p)
502 long t = strtol(p, &q, 0);
508 case 's': if (q[1] != 0)
515 /*----- Backgrounded operations -------------------------------------------*/
518 (((admin_bgop *)(bg))->tag ? ((admin_bgop *)(bg))->tag : "<foreground>")
520 /* --- @a_bgrelease@ --- *
522 * Arguments: @admin_bgop *bg@ = backgrounded operation
526 * Use: Removes a backgrounded operation from the queue, since
527 * (presumably) it's done.
530 static void a_bgrelease(admin_bgop *bg)
534 T( trace(T_ADMIN, "admin: release bgop %s", BGTAG(bg)); )
535 if (bg->tag) xfree(bg->tag);
536 else selbuf_enable(&a->b);
537 if (bg->next) bg->next->prev = bg->prev;
538 if (bg->prev) bg->prev->next = bg->next;
539 else a->bg = bg->next;
541 if (a->f & AF_CLOSE) a_destroy(a);
545 /* --- @a_bgok@, @a_bginfo@, @a_bgfail@ --- *
547 * Arguments: @admin_bgop *bg@ = backgrounded operation
548 * @const char *fmt@ = format string
549 * @...@ = other arguments
553 * Use: Convenience functions for @a_write@.
556 static void a_bgok(admin_bgop *bg)
557 { a_write(bg->a, "OK", bg->tag, 0); }
559 static void a_bginfo(admin_bgop *bg, const char *fmt, ...)
563 a_vwrite(bg->a, "INFO", bg->tag, fmt, ap);
567 static void a_bgfail(admin_bgop *bg, const char *fmt, ...)
571 a_vwrite(bg->a, "FAIL", bg->tag, fmt, ap);
575 /* --- @a_bgadd@ --- *
577 * Arguments: @admin *a@ = administration connection
578 * @admin_bgop *bg@ = pointer to background operation
579 * @const char *tag@ = background tag, or null for foreground
580 * @void (*cancel)(admin_bgop *)@ = cancel function
584 * Use: Links a background job into the list.
587 static void a_bgadd(admin *a, admin_bgop *bg, const char *tag,
588 void (*cancel)(admin_bgop *))
591 bg->tag = xstrdup(tag);
594 selbuf_disable(&a->b);
600 if (a->bg) a->bg->prev = bg;
603 T( trace(T_ADMIN, "admin: add bgop %s", BGTAG(bg)); )
604 if (tag) a_write(a, "DETACH", tag, 0);
607 /*----- Adding peers ------------------------------------------------------*/
609 /* --- @a_addfree@ --- *
611 * Arguments: @admin_addop *add@ = operation block
615 * Use: Frees an add operation.
618 static void a_addfree(admin_addop *add)
620 T( trace(T_ADMIN, "admin: free add op %s", BGTAG(add)); )
621 if (add->peer.name) xfree(add->peer.name);
622 if (add->paddr) xfree(add->paddr);
625 /* --- @a_addcancel@ --- *
627 * Arguments: @admin_bgop *bg@ = background operation
631 * Use: Cancels an add operation.
634 static void a_addcancel(admin_bgop *bg)
636 admin_addop *add = (admin_addop *)bg;
638 T( trace(T_ADMIN, "admin: cancel add op %s", BGTAG(add)); )
639 sel_rmtimer(&add->t);
644 /* --- @a_doadd@ --- *
646 * Arguments: @admin_addop *add@ = operation block
650 * Use: Does the peer add thing.
653 static void a_doadd(admin_addop *add)
655 if (p_find(add->peer.name))
656 a_bgfail(&add->bg, "peer-exists %s", add->peer.name);
657 else if (!p_create(&add->peer))
658 a_bgfail(&add->bg, "peer-create-fail %s", add->peer.name);
663 /* --- @a_addresolve@ --- *
665 * Arguments: @struct hostent *h@ = pointer to resolved hostname
666 * @void *v@ = pointer to add operation
670 * Use: Handles a completed name resolution.
673 static void a_addresolve(struct hostent *h, void *v)
675 admin_addop *add = v;
677 T( trace(T_ADMIN, "admin: add op %s resolved", BGTAG(add)); )
680 a_bgfail(&add->bg, "resolve-error %s", add->paddr);
682 memcpy(&add->peer.sa.sin.sin_addr, h->h_addr, sizeof(struct in_addr));
685 sel_rmtimer(&add->t);
687 a_bgrelease(&add->bg);
690 /* --- @a_addtimer@ --- *
692 * Arguments: @struct timeval *tv@ = timer
693 * @void *v@ = pointer to add operation
697 * Use: Times out a resolver.
700 static void a_addtimer(struct timeval *tv, void *v)
702 admin_addop *add = v;
704 T( trace(T_ADMIN, "admin: add op %s timeout", BGTAG(add)); )
705 a_bgfail(&add->bg, "resolver-timeout %s\n", add->paddr);
708 a_bgrelease(&add->bg);
711 /* --- @acmd_add@ --- *
713 * Arguments: @admin *a@ = connection which requested the addition
714 * @unsigned ac@ = argument count
715 * @char *av[]@ = pointer to the argument list
719 * Use: Adds a new peer.
722 static void acmd_add(admin *a, unsigned ac, char *av[])
729 admin_addop *add = 0;
731 /* --- Make sure someone's not got there already --- */
734 a_fail(a, "peer-exists %s", av[0]);
738 /* --- Set stuff up --- */
740 add = xmalloc(sizeof(*add));
741 add->peer.name = xstrdup(av[0]);
743 add->peer.tops = tun_default;
746 /* --- Parse options --- */
752 if (mystrieq(av[i], "-background")) {
753 if (!av[++i]) goto bad_syntax;
755 } else if (mystrieq(av[i], "-tunnel")) {
756 if (!av[++i]) goto bad_syntax;
759 a_fail(a, "unknown-tunnel %s", av[i]);
762 if (mystrieq(av[i], tunnels[j]->name)) {
763 add->peer.tops = tunnels[j];
767 } else if (mystrieq(av[i], "-keepalive")) {
769 if (!av[++i]) goto bad_syntax;
770 if ((t = a_parsetime(av[i])) < 0) {
771 a_fail(a, "bad-time-spec %s", av[i]);
775 } else if (mystrieq(av[i], "--")) {
783 /* --- Fill in the easy bits of address --- */
785 if (mystrieq(av[i], "inet")) i++;
787 a_fail(a, "bad-syntax -- add PEER [OPTIONS] [inet] ADDRESS PORT");
790 add->peer.sa.sin.sin_family = AF_INET;
791 add->peer.sasz = sizeof(add->peer.sa.sin);
792 add->paddr = xstrdup(av[i]);
793 pt = strtoul(av[i + 1], &p, 0);
795 struct servent *s = getservbyname(av[i + 1], "udp");
797 a_fail(a, "unknown-service %s", av[i + 1]);
800 pt = ntohs(s->s_port);
802 if (pt == 0 || pt >= 65536) {
803 a_fail(a, "invalid-port %lu", pt);
806 add->peer.sa.sin.sin_port = htons(pt);
808 /* --- Report backgrounding --- *
810 * Do this for consistency of interface, even if we're going to get the
811 * answer straight away.
814 a_bgadd(a, &add->bg, tag, a_addcancel);
815 T( trace(T_ADMIN, "admin: %u, add op %s resolving hostname `%s'",
816 a->seq, BGTAG(add), add->paddr); )
818 /* --- If the name is numeric, do it the easy way --- */
820 if (inet_aton(av[i], &add->peer.sa.sin.sin_addr)) {
821 T( trace(T_ADMIN, "admin: add op %s done the easy way", BGTAG(add)); )
824 a_bgrelease(&add->bg);
828 /* --- Store everything for later and crank up the resolver --- */
830 gettimeofday(&tv, 0);
831 tv.tv_sec += T_RESOLVE;
832 sel_addtimer(&sel, &add->t, &tv, a_addtimer, add);
833 bres_byname(&add->r, add->paddr, a_addresolve, add);
837 a_fail(a, "bad-syntax -- add PEER [OPTIONS] ADDR ...");
846 /*----- Ping --------------------------------------------------------------*/
848 /* --- @a_pingcancel@ --- *
850 * Arguments: @admin_bgop *bg@ = background operation block
854 * Use: Cancels a running ping.
857 static void a_pingcancel(admin_bgop *bg)
859 admin_pingop *pg = (admin_pingop *)bg;
860 T( trace(T_ADMIN, "admin: cancel ping op %s", BGTAG(pg)); )
861 p_pingdone(&pg->ping, PING_NONOTIFY);
864 /* --- @a_pong@ --- *
866 * Arguments: @int rc@ = return code
867 * @void *v@ = ping operation block
871 * Use: Collects what happened to a ping message.
874 static void a_pong(int rc, void *v)
876 admin_pingop *pg = v;
882 gettimeofday(&tv, 0);
883 tv_sub(&tv, &tv, &pg->pingtime);
884 millis = (double)tv.tv_sec * 1000 + (double)tv.tv_usec/1000;
885 a_bginfo(&pg->bg, "ping-ok %.1f", millis);
889 a_bginfo(&pg->bg, "ping-timeout");
893 a_bginfo(&pg->bg, "ping-peer-died");
899 T( trace(T_ADMIN, "admin: ponged ping op %s", BGTAG(pg)); )
900 a_bgrelease(&pg->bg);
903 /* --- @acmd_ping@, @acmd_eping@ --- *
905 * Arguments: @admin *a@ = connection which requested the ping
906 * @unsigned ac@ = argument count
907 * @char *av[]@ = pointer to the argument list
914 static void a_ping(admin *a, unsigned ac, char *av[],
915 const char *cmd, unsigned msg)
920 admin_pingop *pg = 0;
927 if (mystrieq(av[i], "-background")) {
928 if (!av[++i]) goto bad_syntax;
930 } else if (mystrieq(av[i], "-timeout")) {
931 if (!av[++i]) goto bad_syntax;
932 if ((t = a_parsetime(av[i])) < 0) {
933 a_fail(a, "bad-time-spec %s", av[i]);
936 } else if (mystrieq(av[i], "--")) {
944 if (!av[i]) goto bad_syntax;
945 if ((p = p_find(av[i])) == 0) {
946 a_fail(a, "unknown-peer %s", av[i]);
949 pg = xmalloc(sizeof(*pg));
950 gettimeofday(&pg->pingtime, 0);
951 a_bgadd(a, &pg->bg, tag, a_pingcancel);
952 T( trace(T_ADMIN, "admin: ping op %s: %s to %s",
953 BGTAG(pg), cmd, p_name(p)); )
954 if (p_pingsend(p, &pg->ping, msg, t, a_pong, pg)) {
955 a_bgfail(&pg->bg, "ping-send-failed");
956 a_bgrelease(&pg->bg);
961 a_fail(a, "bad-syntax -- %s [OPTIONS] PEER", cmd);
965 static void acmd_ping(admin *a, unsigned ac, char *av[])
966 { a_ping(a, ac, av, "ping", MISC_PING); }
967 static void acmd_eping(admin *a, unsigned ac, char *av[])
968 { a_ping(a, ac, av, "eping", MISC_EPING); }
970 /*----- Administration commands -------------------------------------------*/
972 /* --- Miscellaneous commands --- */
974 /* --- @traceish@ --- *
976 * Arguments: @admin *a@ = connection to complain on
977 * @unsigned ac@ = number of arguments
978 * @char *av[]@ = vector of arguments
979 * @const char *what@ = what we're messing with
980 * @const trace_opt *tt@ = options table
981 * @unsigned *ff@ = where the flags are
983 * Returns: Nonzero if anything changed.
985 * Use: Guts of trace-ish commands like `trace' and `watch'.
988 static int traceish(admin *a, unsigned ac, char *av[],
989 const char *what, const trace_opt *tt, unsigned *ff)
993 if (!ac || strcmp(av[0], "?") == 0) {
995 for (t = tt; t->ch; t++) {
997 t->ch, (*ff & t->f) == t->f ? '+' : ' ', t->help);
1007 case '+': sense = 1; break;
1008 case '-': sense = 0; break;
1010 for (t = tt; t->ch; t++) {
1012 if (sense) f |= t->f;
1017 a_fail(a, "bad-%s-option %c", what, *p);
1033 static void acmd_trace(admin *a, unsigned ac, char *av[])
1035 if (traceish(a, ac, av, "trace", tr_opts, &tr_flags))
1036 trace_level(tr_flags);
1041 static void acmd_watch(admin *a, unsigned ac, char *av[])
1043 traceish(a, ac, av, "watch", w_opts, &a->f);
1046 static void quotify(dstr *d, const char *p)
1050 if (*p && !p[strcspn(p, "\"' \t\n\v")])
1055 if (*p == '\\' || *p == '\"')
1063 static void alertcmd(admin *a, unsigned f_and, unsigned f_eq,
1064 const char *tag, unsigned ac, char *av[])
1069 dstr_puts(&d, "USER");
1070 for (i = 0; i < ac; i++)
1073 a_rawalert(f_and, f_eq, tag, d.buf, d.len);
1078 static void acmd_notify(admin *a, unsigned ac, char *av[])
1079 { alertcmd(a, AF_NOTE, AF_NOTE, "NOTE", ac, av); }
1080 static void acmd_warn(admin *a, unsigned ac, char *av[])
1081 { alertcmd(a, AF_WARN, AF_WARN, "WARN", ac, av); }
1083 static void acmd_port(admin *a, unsigned ac, char *av[])
1085 a_info(a, "%u", p_port());
1089 static void acmd_daemon(admin *a, unsigned ac, char *av[])
1091 if (flags & F_DAEMON)
1092 a_fail(a, "already-daemon");
1098 a_fail(a, "daemon-error -- %s", strerror(errno));
1106 static void acmd_list(admin *a, unsigned ac, char *av[])
1109 for (p = p_first(); p; p = p_next(p))
1110 a_info(a, "%s", p_name(p));
1114 static void acmd_ifname(admin *a, unsigned ac, char *av[])
1118 if ((p = p_find(av[0])) == 0)
1119 a_fail(a, "unknown-peer %s", av[0]);
1121 a_info(a, "%s", p_ifname(p));
1126 static void acmd_addr(admin *a, unsigned ac, char *av[])
1131 if ((p = p_find(av[0])) == 0)
1132 a_fail(a, "unknown-peer %s", av[0]);
1135 assert(ad->sa.sa_family == AF_INET);
1136 a_info(a, "INET %s %u",
1137 inet_ntoa(ad->sin.sin_addr),
1138 (unsigned)ntohs(ad->sin.sin_port));
1143 static void acmd_peerinfo(admin *a, unsigned ac, char *av[])
1148 if ((p = p_find(av[0])) == 0) {
1149 a_fail(a, "unknown-peer %s", av[0]);
1154 a_info(a, "tunnel=%s", ps->tops->name);
1155 a_info(a, "keepalive=%lu", ps->t_ka);
1159 static void acmd_servinfo(admin *a, unsigned ac, char *av[])
1161 a_info(a, "implementation=edgeware-tripe");
1162 a_info(a, "version=%s", VERSION);
1163 a_info(a, "daemon=%s", BOOL(flags & F_DAEMON));
1167 static void acmd_stats(admin *a, unsigned ac, char *av[])
1172 if ((p = p_find(av[0])) == 0) {
1173 a_fail(a, "unknown-peer %s", av[0]);
1178 a_info(a, "start-time=%s", timestr(st->t_start));
1179 a_info(a, "last-packet-time=%s", timestr(st->t_last));
1180 a_info(a, "last-keyexch-time=%s", timestr(st->t_kx));
1181 a_info(a, "packets-in=%lu bytes-in=%lu", st->n_in, st->sz_in);
1182 a_info(a, "packets-out=%lu bytes-out=%lu",
1183 st->n_out, st->sz_out);
1184 a_info(a, "keyexch-packets-in=%lu keyexch-bytes-in=%lu",
1185 st->n_kxin, st->sz_kxin);
1186 a_info(a, "keyexch-packets-out=%lu keyexch-bytes-out=%lu",
1187 st->n_kxout, st->sz_kxout);
1188 a_info(a, "ip-packets-in=%lu ip-bytes-in=%lu",
1189 st->n_ipin, st->sz_ipin);
1190 a_info(a, "ip-packets-out=%lu ip-bytes-out=%lu",
1191 st->n_ipout, st->sz_ipout);
1192 a_info(a, "rejected-packets=%lu", st->n_reject);
1196 static void acmd_kill(admin *a, unsigned ac, char *av[])
1199 if ((p = p_find(av[0])) == 0)
1200 a_fail(a, "unknown-peer %s", av[0]);
1207 static void acmd_forcekx(admin *a, unsigned ac, char *av[])
1210 if ((p = p_find(av[0])) == 0)
1211 a_fail(a, "unknown-peer %s", av[0]);
1213 kx_start(&p->kx, 1);
1218 static void acmd_reload(admin *a, unsigned ac, char *av[])
1219 { p_keyreload(); a_ok(a); }
1221 static void acmd_quit(admin *a, unsigned ac, char *av[])
1223 a_warn("SERVER quit admin-request");
1229 static void acmd_version(admin *a, unsigned ac, char *av[])
1231 a_info(a, "%s %s", PACKAGE, VERSION);
1235 static void acmd_tunnels(admin *a, unsigned ac, char *av[])
1238 for (i = 0; tunnels[i]; i++)
1239 a_info(a, "%s", tunnels[i]->name);
1243 /* --- The command table and help --- */
1245 typedef struct acmd {
1248 unsigned argmin, argmax;
1249 void (*func)(admin */*a*/, unsigned /*ac*/, char */*av*/[]);
1252 static void acmd_help(admin */*a*/, unsigned /*ac*/, char */*av*/[]);
1254 static const acmd acmdtab[] = {
1255 { "add", "add PEER [OPTIONS] ADDR ...",
1256 2, 0xffff, acmd_add },
1257 { "addr", "addr PEER", 1, 1, acmd_addr },
1258 { "daemon", "daemon", 0, 0, acmd_daemon },
1259 { "eping", "eping [OPTIONS] PEER", 1, 0xffff, acmd_eping },
1260 { "forcekx", "forcekx PEER", 1, 1, acmd_forcekx },
1261 { "help", "help", 0, 0, acmd_help },
1262 { "ifname", "ifname PEER", 1, 1, acmd_ifname },
1263 { "kill", "kill PEER", 1, 1, acmd_kill },
1264 { "list", "list", 0, 0, acmd_list },
1265 { "notify", "notify MESSAGE ...", 1, 0xffff, acmd_notify },
1266 { "peerinfo", "peerinfo PEER", 1, 1, acmd_peerinfo },
1267 { "ping", "ping [OPTIONS] PEER", 1, 0xffff, acmd_ping },
1268 { "port", "port", 0, 0, acmd_port },
1269 { "quit", "quit", 0, 0, acmd_quit },
1270 { "reload", "reload", 0, 0, acmd_reload },
1271 { "servinfo", "servinfo", 0, 0, acmd_servinfo },
1272 { "stats", "stats PEER", 1, 1, acmd_stats },
1274 { "trace", "trace [OPTIONS]", 0, 1, acmd_trace },
1276 { "tunnels", "tunnels", 0, 0, acmd_tunnels },
1277 { "version", "version", 0, 0, acmd_version },
1278 { "warn", "warn MESSAGE ...", 1, 0xffff, acmd_warn },
1279 { "watch", "watch [OPTIONS]", 0, 1, acmd_watch },
1283 static void acmd_help(admin *a, unsigned ac, char *av[])
1286 for (c = acmdtab; c->name; c++)
1287 a_info(a, "%s", c->help);
1291 /*----- Connection handling -----------------------------------------------*/
1293 /* --- @a_lock@ --- *
1295 * Arguments: @admin *a@ = pointer to an admin block
1299 * Use: Locks an admin block so that it won't be destroyed
1303 static void a_lock(admin *a) { a->ref++; }
1305 /* --- @a_dodestroy@ --- *
1307 * Arguments: @admin *a@ = pointer to an admin block
1311 * Use: Actually does the legwork of destroying an admin block.
1314 static void a_dodestroy(admin *a)
1316 admin_bgop *bg, *bbg;
1318 T( trace(T_ADMIN, "admin: completing destruction of connection %u",
1321 selbuf_destroy(&a->b);
1322 for (bg = a->bg; bg; bg = bbg) {
1325 if (bg->tag) xfree(bg->tag);
1328 if (a->b.reader.fd != a->w.fd) close(a->b.reader.fd);
1334 a->next->prev = a->prev;
1336 a->prev->next = a->next;
1342 /* --- @a_unlock@ --- *
1344 * Arguments: @admin *a@ = pointer to an admin block
1348 * Use: Unlocks an admin block, allowing its destruction. This is
1349 * also the second half of @a_destroy@.
1352 static void a_unlock(admin *a)
1355 if (!--a->ref && (a->f & AF_DEAD))
1359 /* --- @a_destroy@ --- *
1361 * Arguments: @admin *a@ = pointer to an admin block
1365 * Use: Destroys an admin block. This requires a certain amount of
1369 static void freequeue(oqueue *q)
1373 for (o = q->hd; o; o = oo) {
1380 static void a_destroy(admin *a)
1382 /* --- Don't multiply destroy admin blocks --- */
1387 /* --- Make sure nobody expects it to work --- */
1390 T( trace(T_ADMIN, "admin: destroying connection %u", a->seq); )
1392 /* --- Free the output buffers --- */
1398 /* --- If the block is locked, that's all we can manage --- */
1403 trace(T_ADMIN, "admin: deferring destruction..."); )
1406 /* --- @a_line@ --- *
1408 * Arguments: @char *p@ = pointer to the line read
1409 * @size_t len@ = length of the line
1410 * @void *vp@ = pointer to my admin block
1414 * Use: Handles a line of input.
1417 static void a_line(char *p, size_t len, void *vp)
1432 selbuf_disable(&a->b);
1436 ac = str_qsplit(p, av, 16, 0, STRF_QUOTE);
1439 for (c = acmdtab; c->name; c++) {
1440 if (mystrieq(av[0], c->name)) {
1442 if (c->argmin > ac || ac > c->argmax)
1443 a_fail(a, "bad-syntax -- %s", c->help);
1446 c->func(a, ac, av + 1);
1452 a_fail(a, "unknown-command %s", av[0]);
1455 /* --- @a_create@ --- *
1457 * Arguments: @int fd_in, fd_out@ = file descriptors to use
1458 * @unsigned f@ = initial flags to set
1462 * Use: Creates a new admin connection.
1465 void a_create(int fd_in, int fd_out, unsigned f)
1467 admin *a = CREATE(admin);
1469 T( static unsigned seq = 0;
1471 T( trace(T_ADMIN, "admin: accepted connection %u", a->seq); )
1474 if (fd_in == STDIN_FILENO) a_stdin = a;
1475 fdflags(fd_in, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC);
1476 if (fd_out != fd_in)
1477 fdflags(fd_out, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC);
1478 selbuf_init(&a->b, &sel, fd_in, a_line, a);
1479 sel_initfile(&sel, &a->w, fd_out, SEL_WRITE, a_flush, a);
1480 a->out.hd = a->out.tl = 0;
1483 if (admins) admins->prev = a;
1487 /* --- @a_accept@ --- *
1489 * Arguments: @int fd@ = file descriptor to accept
1490 * @unsigned mode@ = what to do
1491 * @void *v@ = uninteresting pointer
1495 * Use: Accepts a new admin connection.
1498 static void a_accept(int fd, unsigned mode, void *v)
1501 struct sockaddr_un sun;
1502 size_t sz = sizeof(sun);
1504 if ((nfd = accept(fd, (struct sockaddr *)&sun, &sz)) < 0) {
1505 if (errno != EINTR && errno != EAGAIN && errno != EWOULDBLOCK &&
1506 errno != ECONNABORTED && errno != EPROTO)
1507 a_warn("ADMIN accept-error -- %s", strerror(errno));
1510 a_create(nfd, nfd, 0);
1513 /* --- @a_daemon@ --- *
1519 * Use: Informs the admin module that it's a daemon.
1527 /* --- @a_init@ --- *
1529 * Arguments: @const char *name@ = socket name to create
1533 * Use: Creates the admin listening socket.
1536 void a_init(const char *name)
1540 struct sockaddr_un sun;
1541 struct sigaction sa;
1544 /* --- Set up the socket address --- */
1546 sz = strlen(name) + 1;
1547 if (sz > sizeof(sun.sun_path))
1548 die(EXIT_FAILURE, "socket name `%s' too long", name);
1550 sun.sun_family = AF_UNIX;
1551 memcpy(sun.sun_path, name, sz);
1552 sz += offsetof(struct sockaddr_un, sun_path);
1554 /* --- Attempt to bind to the socket --- */
1558 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
1559 die(EXIT_FAILURE, "couldn't create socket: %s", strerror(errno));
1560 if (bind(fd, (struct sockaddr *)&sun, sz) < 0) {
1563 if (errno != EADDRINUSE) {
1564 die(EXIT_FAILURE, "couldn't bind to address `%s': %s",
1565 sun.sun_path, strerror(e));
1568 die(EXIT_FAILURE, "too many retries; giving up");
1570 if (!connect(fd, (struct sockaddr *)&sun, sz)) {
1571 die(EXIT_FAILURE, "server already listening on admin socket `%s'",
1574 if (errno != ECONNREFUSED)
1575 die(EXIT_FAILURE, "couldn't bind to address: %s", strerror(e));
1576 if (stat(sun.sun_path, &st)) {
1577 die(EXIT_FAILURE, "couldn't stat `%s': %s",
1578 sun.sun_path, strerror(errno));
1580 if (!S_ISSOCK(st.st_mode))
1581 die(EXIT_FAILURE, "object `%s' isn't a socket", sun.sun_path);
1582 T( trace(T_ADMIN, "admin: stale socket found; removing it"); )
1583 unlink(sun.sun_path);
1587 chmod(sun.sun_path, 0600);
1588 fdflags(fd, O_NONBLOCK, O_NONBLOCK, FD_CLOEXEC, FD_CLOEXEC);
1590 die(EXIT_FAILURE, "couldn't listen on socket: %s", strerror(errno));
1592 /* --- Listen to the socket --- */
1594 sel_initfile(&sel, &sock, fd, SEL_READ, a_accept, 0);
1598 T( trace_custom(a_trace, 0);
1599 trace(T_ADMIN, "admin: enabled custom tracing"); )
1602 /* --- Set up signal handlers --- */
1604 sig_add(&s_term, SIGTERM, a_sigdie, 0);
1605 sig_add(&s_hup, SIGHUP, a_sighup, 0);
1606 signal(SIGPIPE, SIG_IGN);
1607 sigaction(SIGINT, 0, &sa);
1608 if (sa.sa_handler != SIG_IGN)
1609 sig_add(&s_int, SIGINT, a_sigdie, 0);
1612 /*----- That's all, folks -------------------------------------------------*/