The overall effect is that now secnet crashes as soon as invoke
completes (ie, immediately) because there's no writer for the netlink
pipe. This is good. Also we no longer need "really".
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
global netlink
global ports
global extra
global netlink
global ports
global extra
+ global netlinkfh
+ set pipefp test/$which.netlink
+ foreach tr {t r} {
+ file delete $pipefp.$tr
+ exec mkfifo -m600 $pipefp.$tr
+ set netlinkfh($which.$tr) [set fh [open $pipefp.$tr r+]]
+ fconfigure $fh -blocking 0 -buffering none -translation binary
+ }
+ fileevent $netlinkfh($which.t) readable [list netlink-readable $which]
+ set fakeuf test/$which.fake-userv
+ set fakeuh [open $fakeuf w 0755]
+ puts $fakeuh "#!/bin/sh
+set -e
+cat >$pipefp.t &
+exec 3<>$pipefp.r
+exec <$pipefp.r
+exec 3<&-
+exec cat
+"
- netlink tun {
- name \"netlink-tun\";
+ netlink userv-ipif {
+ name \"netlink\";
+ userv-path \"$fakeuf\";
$netlink($which)
mtu 1400;
buffer sysbuffer(2048);
$netlink($which)
mtu 1400;
buffer sysbuffer(2048);
class "info","notice","warning","error","security","fatal";
};
system {
class "info","notice","warning","error","security","fatal";
};
system {
set ch [open $cf w]
puts $ch [mkconf $which]
close $ch
set ch [open $cf w]
puts $ch [mkconf $which]
close $ch
- set argl [list ./secnet -dvnc $cf]
+ set argl [list -dvnc $cf]
set pid [fork]
if {!$pid} {
set pid [fork]
if {!$pid} {