projects / strongswan.git / blob
? search:


f62d55c7a9e5073eead77d3a4289967815091e20
[strongswan.git] / src / starter / starter.c
1 /* strongSwan IPsec starter
2 * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 #include <sys/select.h>
16 #include <sys/types.h>
17 #include <sys/wait.h>
18 #include <sys/stat.h>
19 #include <stdlib.h>
20 #include <stdio.h>
21 #include <signal.h>
22 #include <unistd.h>
23 #include <sys/time.h>
24 #include <time.h>
25 #include <string.h>
26 #include <errno.h>
27 #include <fcntl.h>
28 #include <pwd.h>
29 #include <grp.h>
30 #include <pthread.h>
31
32 #include <freeswan.h>
33 #include <library.h>
34 #include <hydra.h>
35 #include <utils/backtrace.h>
36 #include <threading/thread.h>
37
38 #include "../pluto/constants.h"
39 #include "../pluto/defs.h"
40 #include "../pluto/log.h"
41
42 #include "confread.h"
43 #include "files.h"
44 #include "starterwhack.h"
45 #include "starterstroke.h"
46 #include "invokepluto.h"
47 #include "invokecharon.h"
48 #include "netkey.h"
49 #include "klips.h"
50 #include "cmp.h"
51 #include "interfaces.h"
52
53 /**
54 * Return codes defined by Linux Standard Base Core Specification 3.1
55 * in section 20.2. Init Script Actions
56 */
57 #define LSB_RC_SUCCESS 0 /* success */
58 #define LSB_RC_FAILURE 1 /* generic or unspecified error */
59 #define LSB_RC_INVALID_ARGUMENT 2 /* invalid or excess argument(s) */
60 #define LSB_RC_NOT_IMPLEMENTED 3 /* unimplemented feature (reload) */
61 #define LSB_RC_NOT_ALLOWED 4 /* user had insufficient privilege */
62 #define LSB_RC_NOT_INSTALLED 5 /* program is not installed */
63 #define LSB_RC_NOT_CONFIGURED 6 /* program is not configured */
64 #define LSB_RC_NOT_RUNNING 7 /* program is not running */
65
66 #define FLAG_ACTION_START_PLUTO 0x01
67 #define FLAG_ACTION_UPDATE 0x02
68 #define FLAG_ACTION_RELOAD 0x04
69 #define FLAG_ACTION_QUIT 0x08
70 #define FLAG_ACTION_LISTEN 0x10
71 #define FLAG_ACTION_START_CHARON 0x20
72
73 static unsigned int _action_ = 0;
74
75 /**
76 * Handle signals in the main thread
77 */
78 static void signal_handler(int signal)
79 {
80 switch (signal)
81 {
82 case SIGCHLD:
83 {
84 int status, exit_status = 0;
85 pid_t pid;
86 char *name = NULL;
87
88 while ((pid = waitpid(-1, &status, WNOHANG)) > 0)
89 {
90 if (pid == starter_pluto_pid())
91 {
92 name = " (Pluto)";
93 }
94 if (pid == starter_charon_pid())
95 {
96 name = " (Charon)";
97 }
98 if (WIFSIGNALED(status))
99 {
100 DBG(DBG_CONTROL,
101 DBG_log("child %d%s has been killed by sig %d\n",
102 pid, name?name:"", WTERMSIG(status))
103 )
104 }
105 else if (WIFSTOPPED(status))
106 {
107 DBG(DBG_CONTROL,
108 DBG_log("child %d%s has been stopped by sig %d\n",
109 pid, name?name:"", WSTOPSIG(status))
110 )
111 }
112 else if (WIFEXITED(status))
113 {
114 exit_status = WEXITSTATUS(status);
115 if (exit_status >= SS_RC_FIRST && exit_status <= SS_RC_LAST)
116 {
117 _action_ = FLAG_ACTION_QUIT;
118 }
119 DBG(DBG_CONTROL,
120 DBG_log("child %d%s has quit (exit code %d)\n",
121 pid, name?name:"", exit_status)
122 )
123 }
124 else
125 {
126 DBG(DBG_CONTROL,
127 DBG_log("child %d%s has quit", pid, name?name:"")
128 )
129 }
130 if (pid == starter_pluto_pid())
131 {
132 starter_pluto_sigchild(pid, exit_status);
133 }
134 if (pid == starter_charon_pid())
135 {
136 starter_charon_sigchild(pid, exit_status);
137 }
138 }
139 }
140 break;
141
142 case SIGALRM:
143 _action_ |= FLAG_ACTION_START_PLUTO;
144 _action_ |= FLAG_ACTION_START_CHARON;
145 break;
146
147 case SIGHUP:
148 _action_ |= FLAG_ACTION_UPDATE;
149 break;
150
151 case SIGTERM:
152 case SIGQUIT:
153 case SIGINT:
154 _action_ |= FLAG_ACTION_QUIT;
155 break;
156
157 case SIGUSR1:
158 _action_ |= FLAG_ACTION_RELOAD;
159 _action_ |= FLAG_ACTION_UPDATE;
160 break;
161
162 default:
163 plog("fsig(): unknown signal %d -- investigate", signal);
164 break;
165 }
166 }
167
168 /**
169 * Handle fatal signals raised by threads
170 */
171 static void fatal_signal_handler(int signal)
172 {
173 backtrace_t *backtrace;
174
175 plog("thread %u received %d", thread_current_id(), signal);
176 backtrace = backtrace_create(2);
177 backtrace->log(backtrace, stderr, TRUE);
178 backtrace->destroy(backtrace);
179
180 plog("killing ourself, received critical signal");
181 abort();
182 }
183
184 #ifdef GENERATE_SELFCERT
185 static void generate_selfcert()
186 {
187 struct stat stb;
188
189 /* if ipsec.secrets file is missing then generate RSA default key pair */
190 if (stat(SECRETS_FILE, &stb) != 0)
191 {
192 mode_t oldmask;
193 FILE *f;
194 uid_t uid = 0;
195 gid_t gid = 0;
196
197 #ifdef IPSEC_GROUP
198 {
199 char buf[1024];
200 struct group group, *grp;
201
202 if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) == 0 && grp)
203 {
204 gid = grp->gr_gid;
205 }
206 }
207 #endif
208 #ifdef IPSEC_USER
209 {
210 char buf[1024];
211 struct passwd passwd, *pwp;
212
213 if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) == 0 && pwp)
214 {
215 uid = pwp->pw_uid;
216 }
217 }
218 #endif
219 setegid(gid);
220 seteuid(uid);
221 ignore_result(system("ipsec scepclient --out pkcs1 --out cert-self --quiet"));
222 seteuid(0);
223 setegid(0);
224
225 /* ipsec.secrets is root readable only */
226 oldmask = umask(0066);
227
228 f = fopen(SECRETS_FILE, "w");
229 if (f)
230 {
231 fprintf(f, "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n");
232 fprintf(f, "\n");
233 fprintf(f, ": RSA myKey.der\n");
234 fclose(f);
235 }
236 ignore_result(chown(SECRETS_FILE, uid, gid));
237 umask(oldmask);
238 }
239 }
240 #endif /* GENERATE_SELFCERT */
241
242 static bool check_pid(char *pid_file)
243 {
244 struct stat stb;
245 FILE *pidfile;
246
247 if (stat(pid_file, &stb) == 0)
248 {
249 pidfile = fopen(pid_file, "r");
250 if (pidfile)
251 {
252 char buf[64];
253 pid_t pid = 0;
254 memset(buf, 0, sizeof(buf));
255 if (fread(buf, 1, sizeof(buf), pidfile))
256 {
257 buf[sizeof(buf) - 1] = '\0';
258 pid = atoi(buf);
259 }
260 fclose(pidfile);
261 if (pid && kill(pid, 0) == 0)
262 { /* such a process is running */
263 return TRUE;
264 }
265 }
266 plog("removing pidfile '%s', process not running", pid_file);
267 unlink(pid_file);
268 }
269 return FALSE;
270 }
271
272 static void usage(char *name)
273 {
274 fprintf(stderr, "Usage: starter [--nofork] [--auto-update <sec>] "
275 "[--debug|--debug-more|--debug-all]\n");
276 exit(LSB_RC_INVALID_ARGUMENT);
277 }
278
279 int main (int argc, char **argv)
280 {
281 starter_config_t *cfg = NULL;
282 starter_config_t *new_cfg;
283 starter_conn_t *conn, *conn2;
284 starter_ca_t *ca, *ca2;
285
286 struct sigaction action;
287 struct stat stb;
288
289 int i;
290 int id = 1;
291 struct timespec ts;
292 unsigned long auto_update = 0;
293 time_t last_reload;
294 bool no_fork = FALSE;
295 bool attach_gdb = FALSE;
296 bool load_warning = FALSE;
297
298 /* global variables defined in log.h */
299 log_to_stderr = TRUE;
300 base_debugging = DBG_NONE;
301
302 library_init(NULL);
303 atexit(library_deinit);
304
305 libhydra_init("starter");
306 atexit(libhydra_deinit);
307
308 /* parse command line */
309 for (i = 1; i < argc; i++)
310 {
311 if (streq(argv[i], "--debug"))
312 {
313 base_debugging |= DBG_CONTROL;
314 }
315 else if (streq(argv[i], "--debug-more"))
316 {
317 base_debugging |= DBG_CONTROLMORE;
318 }
319 else if (streq(argv[i], "--debug-all"))
320 {
321 base_debugging |= DBG_ALL;
322 }
323 else if (streq(argv[i], "--nofork"))
324 {
325 no_fork = TRUE;
326 }
327 else if (streq(argv[i], "--attach-gdb"))
328 {
329 no_fork = TRUE;
330 attach_gdb = TRUE;
331 }
332 else if (streq(argv[i], "--auto-update") && i+1 < argc)
333 {
334 auto_update = atoi(argv[++i]);
335 if (!auto_update)
336 usage(argv[0]);
337 }
338 else
339 {
340 usage(argv[0]);
341 }
342 }
343
344 /* Init */
345 init_log("ipsec_starter");
346 cur_debugging = base_debugging;
347
348 plog("Starting strongSwan "VERSION" IPsec [starter]...");
349
350 #ifdef LOAD_WARNING
351 load_warning = TRUE;
352 #endif
353
354 if (lib->settings->get_bool(lib->settings, "starter.load_warning", load_warning))
355 {
356 if (lib->settings->get_str(lib->settings, "charon.load", NULL) ||
357 lib->settings->get_str(lib->settings, "pluto.load", NULL))
358 {
359 plog("!! Your strongswan.conf contains manual plugin load options for");
360 plog("!! pluto and/or charon. This is recommended for experts only, see");
361 plog("!! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad");
362 }
363 }
364
365 /* verify that we can start */
366 if (getuid() != 0)
367 {
368 plog("permission denied (must be superuser)");
369 exit(LSB_RC_NOT_ALLOWED);
370 }
371
372 if (check_pid(PLUTO_PID_FILE))
373 {
374 plog("pluto is already running (%s exists) -- skipping pluto start",
375 PLUTO_PID_FILE);
376 }
377 else
378 {
379 _action_ |= FLAG_ACTION_START_PLUTO;
380 }
381 if (check_pid(CHARON_PID_FILE))
382 {
383 plog("charon is already running (%s exists) -- skipping charon start",
384 CHARON_PID_FILE);
385 }
386 else
387 {
388 _action_ |= FLAG_ACTION_START_CHARON;
389 }
390 if (stat(DEV_RANDOM, &stb) != 0)
391 {
392 plog("unable to start strongSwan IPsec -- no %s!", DEV_RANDOM);
393 exit(LSB_RC_FAILURE);
394 }
395
396 if (stat(DEV_URANDOM, &stb)!= 0)
397 {
398 plog("unable to start strongSwan IPsec -- no %s!", DEV_URANDOM);
399 exit(LSB_RC_FAILURE);
400 }
401
402 cfg = confread_load(CONFIG_FILE);
403 if (cfg == NULL || cfg->err > 0)
404 {
405 plog("unable to start strongSwan -- fatal errors in config");
406 if (cfg)
407 {
408 confread_free(cfg);
409 }
410 exit(LSB_RC_INVALID_ARGUMENT);
411 }
412
413 /* determine if we have a native netkey IPsec stack */
414 if (!starter_netkey_init())
415 {
416 plog("no netkey IPsec stack detected");
417 if (!starter_klips_init())
418 {
419 plog("no KLIPS IPsec stack detected");
420 plog("no known IPsec stack detected, ignoring!");
421 }
422 }
423
424 last_reload = time_monotonic(NULL);
425
426 if (check_pid(STARTER_PID_FILE))
427 {
428 plog("starter is already running (%s exists) -- no fork done",
429 STARTER_PID_FILE);
430 confread_free(cfg);
431 exit(LSB_RC_SUCCESS);
432 }
433
434 #ifdef GENERATE_SELFCERT
435 generate_selfcert();
436 #endif
437
438 /* fork if we're not debugging stuff */
439 if (!no_fork)
440 {
441 log_to_stderr = FALSE;
442
443 switch (fork())
444 {
445 case 0:
446 {
447 int fnull;
448
449 close_log();
450 closefrom(3);
451
452 fnull = open("/dev/null", O_RDWR);
453 if (fnull >= 0)
454 {
455 dup2(fnull, STDIN_FILENO);
456 dup2(fnull, STDOUT_FILENO);
457 dup2(fnull, STDERR_FILENO);
458 close(fnull);
459 }
460
461 setsid();
462 init_log("ipsec_starter");
463 }
464 break;
465 case -1:
466 plog("can't fork: %s", strerror(errno));
467 break;
468 default:
469 confread_free(cfg);
470 exit(LSB_RC_SUCCESS);
471 }
472 }
473
474 /* save pid file in /var/run/starter.pid */
475 {
476 FILE *fd = fopen(STARTER_PID_FILE, "w");
477
478 if (fd)
479 {
480 fprintf(fd, "%u\n", getpid());
481 fclose(fd);
482 }
483 }
484
485 /* load plugins */
486 if (!lib->plugins->load(lib->plugins, NULL,
487 lib->settings->get_str(lib->settings, "starter.load", PLUGINS)))
488 {
489 exit(LSB_RC_FAILURE);
490 }
491
492 /* we handle these signals only in pselect() */
493 memset(&action, 0, sizeof(action));
494 sigemptyset(&action.sa_mask);
495 sigaddset(&action.sa_mask, SIGHUP);
496 sigaddset(&action.sa_mask, SIGINT);
497 sigaddset(&action.sa_mask, SIGTERM);
498 sigaddset(&action.sa_mask, SIGQUIT);
499 sigaddset(&action.sa_mask, SIGALRM);
500 sigaddset(&action.sa_mask, SIGUSR1);
501 pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL);
502
503 /* install a handler for fatal signals */
504 action.sa_handler = fatal_signal_handler;
505 sigaction(SIGSEGV, &action, NULL);
506 sigaction(SIGILL, &action, NULL);
507 sigaction(SIGBUS, &action, NULL);
508 action.sa_handler = SIG_IGN;
509 sigaction(SIGPIPE, &action, NULL);
510
511 /* install main signal handler */
512 action.sa_handler = signal_handler;
513 sigaction(SIGHUP, &action, NULL);
514 sigaction(SIGINT, &action, NULL);
515 sigaction(SIGTERM, &action, NULL);
516 sigaction(SIGQUIT, &action, NULL);
517 sigaction(SIGALRM, &action, NULL);
518 sigaction(SIGUSR1, &action, NULL);
519 /* this is not blocked above as we want to receive it asynchronously */
520 sigaction(SIGCHLD, &action, NULL);
521
522 /* empty mask for pselect() call below */
523 sigemptyset(&action.sa_mask);
524
525 for (;;)
526 {
527 /*
528 * Stop pluto/charon (if started) and exit
529 */
530 if (_action_ & FLAG_ACTION_QUIT)
531 {
532 if (starter_pluto_pid())
533 {
534 starter_stop_pluto();
535 }
536 if (starter_charon_pid())
537 {
538 starter_stop_charon();
539 }
540 starter_netkey_cleanup();
541 confread_free(cfg);
542 unlink(STARTER_PID_FILE);
543 plog("ipsec starter stopped");
544 lib->plugins->unload(lib->plugins);
545 close_log();
546 exit(LSB_RC_SUCCESS);
547 }
548
549 /*
550 * Delete all connections. Will be added below
551 */
552 if (_action_ & FLAG_ACTION_RELOAD)
553 {
554 if (starter_pluto_pid() || starter_charon_pid())
555 {
556 for (conn = cfg->conn_first; conn; conn = conn->next)
557 {
558 if (conn->state == STATE_ADDED)
559 {
560 if (starter_charon_pid())
561 {
562 starter_stroke_del_conn(conn);
563 }
564 if (starter_pluto_pid())
565 {
566 starter_whack_del_conn(conn);
567 }
568 conn->state = STATE_TO_ADD;
569 }
570 }
571 for (ca = cfg->ca_first; ca; ca = ca->next)
572 {
573 if (ca->state == STATE_ADDED)
574 {
575 if (starter_charon_pid())
576 {
577 starter_stroke_del_ca(ca);
578 }
579 if (starter_pluto_pid())
580 {
581 starter_whack_del_ca(ca);
582 }
583 ca->state = STATE_TO_ADD;
584 }
585 }
586 }
587 _action_ &= ~FLAG_ACTION_RELOAD;
588 }
589
590 /*
591 * Update configuration
592 */
593 if (_action_ & FLAG_ACTION_UPDATE)
594 {
595 DBG(DBG_CONTROL,
596 DBG_log("Reloading config...")
597 );
598 new_cfg = confread_load(CONFIG_FILE);
599
600 if (new_cfg && (new_cfg->err + new_cfg->non_fatal_err == 0))
601 {
602 /* Switch to new config. New conn will be loaded below */
603 if (!starter_cmp_defaultroute(&new_cfg->defaultroute
604 , &cfg->defaultroute))
605 {
606 _action_ |= FLAG_ACTION_LISTEN;
607 }
608
609 if (!starter_cmp_pluto(cfg, new_cfg))
610 {
611 plog("Pluto has changed");
612 if (starter_pluto_pid())
613 starter_stop_pluto();
614 _action_ &= ~FLAG_ACTION_LISTEN;
615 _action_ |= FLAG_ACTION_START_PLUTO;
616 }
617 else
618 {
619 /* Only reload conn and ca sections if pluto is not killed */
620
621 /* Look for new connections that are already loaded */
622 for (conn = cfg->conn_first; conn; conn = conn->next)
623 {
624 if (conn->state == STATE_ADDED)
625 {
626 for (conn2 = new_cfg->conn_first; conn2; conn2 = conn2->next)
627 {
628 if (conn2->state == STATE_TO_ADD && starter_cmp_conn(conn, conn2))
629 {
630 conn->state = STATE_REPLACED;
631 conn2->state = STATE_ADDED;
632 conn2->id = conn->id;
633 break;
634 }
635 }
636 }
637 }
638
639 /* Remove conn sections that have become unused */
640 for (conn = cfg->conn_first; conn; conn = conn->next)
641 {
642 if (conn->state == STATE_ADDED)
643 {
644 if (starter_charon_pid())
645 {
646 starter_stroke_del_conn(conn);
647 }
648 if (starter_pluto_pid())
649 {
650 starter_whack_del_conn(conn);
651 }
652 }
653 }
654
655 /* Look for new ca sections that are already loaded */
656 for (ca = cfg->ca_first; ca; ca = ca->next)
657 {
658 if (ca->state == STATE_ADDED)
659 {
660 for (ca2 = new_cfg->ca_first; ca2; ca2 = ca2->next)
661 {
662 if (ca2->state == STATE_TO_ADD && starter_cmp_ca(ca, ca2))
663 {
664 ca->state = STATE_REPLACED;
665 ca2->state = STATE_ADDED;
666 break;
667 }
668 }
669 }
670 }
671
672 /* Remove ca sections that have become unused */
673 for (ca = cfg->ca_first; ca; ca = ca->next)
674 {
675 if (ca->state == STATE_ADDED)
676 {
677 if (starter_charon_pid())
678 {
679 starter_stroke_del_ca(ca);
680 }
681 if (starter_pluto_pid())
682 {
683 starter_whack_del_ca(ca);
684 }
685 }
686 }
687 }
688 confread_free(cfg);
689 cfg = new_cfg;
690 }
691 else
692 {
693 plog("can't reload config file due to errors -- keeping old one");
694 if (new_cfg)
695 {
696 confread_free(new_cfg);
697 }
698 }
699 _action_ &= ~FLAG_ACTION_UPDATE;
700 last_reload = time_monotonic(NULL);
701 }
702
703 /*
704 * Start pluto
705 */
706 if (_action_ & FLAG_ACTION_START_PLUTO)
707 {
708 if (cfg->setup.plutostart && !starter_pluto_pid())
709 {
710 DBG(DBG_CONTROL,
711 DBG_log("Attempting to start pluto...")
712 );
713
714 if (starter_start_pluto(cfg, no_fork, attach_gdb) == 0)
715 {
716 starter_whack_listen();
717 }
718 else
719 {
720 /* schedule next try */
721 alarm(PLUTO_RESTART_DELAY);
722 }
723 }
724 _action_ &= ~FLAG_ACTION_START_PLUTO;
725
726 for (ca = cfg->ca_first; ca; ca = ca->next)
727 {
728 if (ca->state == STATE_ADDED)
729 ca->state = STATE_TO_ADD;
730 }
731
732 for (conn = cfg->conn_first; conn; conn = conn->next)
733 {
734 if (conn->state == STATE_ADDED)
735 conn->state = STATE_TO_ADD;
736 }
737 }
738
739 /*
740 * Start charon
741 */
742 if (_action_ & FLAG_ACTION_START_CHARON)
743 {
744 if (cfg->setup.charonstart && !starter_charon_pid())
745 {
746 DBG(DBG_CONTROL,
747 DBG_log("Attempting to start charon...")
748 );
749 if (starter_start_charon(cfg, no_fork, attach_gdb))
750 {
751 /* schedule next try */
752 alarm(PLUTO_RESTART_DELAY);
753 }
754 starter_stroke_configure(cfg);
755 }
756 _action_ &= ~FLAG_ACTION_START_CHARON;
757 }
758
759 /*
760 * Tell pluto to reread its interfaces
761 */
762 if (_action_ & FLAG_ACTION_LISTEN)
763 {
764 if (starter_pluto_pid())
765 {
766 starter_whack_listen();
767 _action_ &= ~FLAG_ACTION_LISTEN;
768 }
769 }
770
771 /*
772 * Add stale conn and ca sections
773 */
774 if (starter_pluto_pid() || starter_charon_pid())
775 {
776 for (ca = cfg->ca_first; ca; ca = ca->next)
777 {
778 if (ca->state == STATE_TO_ADD)
779 {
780 if (starter_charon_pid())
781 {
782 starter_stroke_add_ca(ca);
783 }
784 if (starter_pluto_pid())
785 {
786 starter_whack_add_ca(ca);
787 }
788 ca->state = STATE_ADDED;
789 }
790 }
791
792 for (conn = cfg->conn_first; conn; conn = conn->next)
793 {
794 if (conn->state == STATE_TO_ADD)
795 {
796 if (conn->id == 0)
797 {
798 /* affect new unique id */
799 conn->id = id++;
800 }
801 if (starter_charon_pid())
802 {
803 starter_stroke_add_conn(cfg, conn);
804 }
805 if (starter_pluto_pid())
806 {
807 starter_whack_add_conn(conn);
808 }
809 conn->state = STATE_ADDED;
810
811 if (conn->startup == STARTUP_START)
812 {
813 if (starter_charon_pid())
814 {
815 starter_stroke_initiate_conn(conn);
816 }
817 if (conn->keyexchange == KEY_EXCHANGE_IKEV1)
818 {
819 if (starter_pluto_pid())
820 {
821 starter_whack_initiate_conn(conn);
822 }
823 }
824 }
825 else if (conn->startup == STARTUP_ROUTE)
826 {
827 if (starter_charon_pid())
828 {
829 starter_stroke_route_conn(conn);
830 }
831 if (conn->keyexchange == KEY_EXCHANGE_IKEV1)
832 {
833 if (starter_pluto_pid())
834 {
835 starter_whack_route_conn(conn);
836 }
837 }
838 }
839 }
840 }
841 }
842
843 /*
844 * If auto_update activated, when to stop select
845 */
846 if (auto_update)
847 {
848 time_t now = time_monotonic(NULL);
849
850 ts.tv_sec = (now < last_reload + auto_update) ?
851 (last_reload + auto_update - now) : 0;
852 ts.tv_nsec = 0;
853 }
854
855 /*
856 * Wait for something to happen
857 */
858 if (pselect(0, NULL, NULL, NULL, auto_update ? &ts : NULL,
859 &action.sa_mask) == 0)
860 {
861 /* timeout -> auto_update */
862 _action_ |= FLAG_ACTION_UPDATE;
863 }
864 }
865 exit(LSB_RC_SUCCESS);
866 }
867
strongSwan - IPsec VPN