Head

GCC Code Coverage Report

Directory:	./		Exec	Total	Coverage
File:	sbin/isakmpd/connection.c	Lines:	0	161	0.0 %
Date:	2017-11-07	Branches:	0	104	0.0 %


/* $OpenBSD: connection.c,v 1.38 2017/08/06 13:54:04 mpi Exp $	 */
/* $EOM: connection.c,v 1.28 2000/11/23 12:21:18 niklas Exp $	 */

/*
 * Copyright (c) 1999, 2000, 2001 Niklas Hallqvist.  All rights reserved.
 * Copyright (c) 1999 Hakan Olsson.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/*
 * This code was written under funding by Ericsson Radio Systems.
 */

#include <sys/queue.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <stdlib.h>
#include <string.h>

#include "conf.h"
#include "connection.h"
#include "doi.h"
#include "ipsec.h"
#include "pf_key_v2.h"

/* XXX isakmp.h only required for compare_ids().  */
#include "isakmp.h"

#include "log.h"
#include "timer.h"
#include "ui.h"
#include "util.h"

/* How often should we check that connections we require to be up, are up?  */
#define CHECK_INTERVAL 60

static void     connection_passive_teardown(char *);

struct connection {
	TAILQ_ENTRY(connection) link;
	char           *name;
	struct event   *ev;
};

struct connection_passive {
	TAILQ_ENTRY(connection_passive) link;
	char           *name;
	u_int8_t       *local_id, *remote_id;
	size_t          local_sz, remote_sz;

#if 0
	/* XXX Potential additions to 'connection_passive'.  */
	char           *isakmp_peer;
	struct sa      *sa;	/* XXX "Soft" ref to active sa?  */
	struct timeval  sa_expiration;	/* XXX *sa may expire.  */
#endif
};

TAILQ_HEAD(connection_head, connection) connections;
TAILQ_HEAD(passive_head, connection_passive) connections_passive;

/*
 * This is where we setup all the connections we want there right from the
 * start.
 */
void
connection_init(void)
{
	struct conf_list *conns, *attrs;
	struct conf_list_node *conn, *attr = NULL;

	/*
	 * Passive connections normally include: all "active" connections that
	 * are not flagged "Active-Only", plus all connections listed in
	 * the 'Passive-Connections' list.
         */
	TAILQ_INIT(&connections);
	TAILQ_INIT(&connections_passive);

	conns = conf_get_list("Phase 2", "Connections");
	if (conns) {
		for (conn = TAILQ_FIRST(&conns->fields); conn;
		    conn = TAILQ_NEXT(conn, link)) {
			if (connection_setup(conn->field))
				log_print("connection_init: could not setup "
				    "\"%s\"", conn->field);

			/* XXX Break/abort here if connection_setup failed?  */

			/*
			 * XXX This code (i.e. the attribute lookup) seems
			 * like a likely candidate for factoring out into a
			 * function of its own.
			 */
			attrs = conf_get_list(conn->field, "Flags");
			if (attrs)
				for (attr = TAILQ_FIRST(&attrs->fields); attr;
				    attr = TAILQ_NEXT(attr, link))
					if (strcasecmp("active-only",
					    attr->field) == 0)
						break;
			if (!attrs || (attrs && !attr))
				if (connection_record_passive(conn->field))
					log_print("connection_init: could not "
					    "record connection \"%s\"",
					    conn->field);
			if (attrs)
				conf_free_list(attrs);

		}
		conf_free_list(conns);
	}
	conns = conf_get_list("Phase 2", "Passive-Connections");
	if (conns) {
		for (conn = TAILQ_FIRST(&conns->fields); conn;
		    conn = TAILQ_NEXT(conn, link))
			if (connection_record_passive(conn->field))
				log_print("connection_init: could not record "
				    "passive connection \"%s\"", conn->field);
		conf_free_list(conns);
	}
}

/* Check the connection in VCONN and schedule another check later.  */
static void
connection_checker(void *vconn)
{
	struct timeval  now;
	struct connection *conn = vconn;
	char *name;

	gettimeofday(&now, 0);
	now.tv_sec += conf_get_num("General", "check-interval",
	    CHECK_INTERVAL);
	conn->ev = timer_add_event("connection_checker",
	    connection_checker, conn, &now);
	if (!conn->ev)
		log_print("%s: could not add timer event", __func__);
	if (ui_daemon_passive)
		return;

	name = strdup(conn->name);
	if (!name) {
		log_print("%s: strdup (\"%s\") failed", __func__, conn->name);
		return;
	}
	pf_key_v2_connection_check(name);
}

/* Find the connection named NAME.  */
static struct connection *
connection_lookup(char *name)
{
	struct connection *conn;

	for (conn = TAILQ_FIRST(&connections); conn;
	    conn = TAILQ_NEXT(conn, link))
		if (strcasecmp(conn->name, name) == 0)
			return conn;
	return 0;
}

/* Does the connection named NAME exist?  */
int
connection_exist(char *name)
{
	return (connection_lookup(name) != 0);
}

/* Find the passive connection named NAME.  */
static struct connection_passive *
connection_passive_lookup_by_name(char *name)
{
	struct connection_passive *conn;

	for (conn = TAILQ_FIRST(&connections_passive); conn;
	    conn = TAILQ_NEXT(conn, link))
		if (strcasecmp(conn->name, name) == 0)
			return conn;
	return 0;
}

/*
 * IDs of different types cannot be the same.
 * XXX Rename to ipsec_compare_id, and move to ipsec.c ?
 */
static int
compare_ids(u_int8_t *id1, u_int8_t *id2, size_t idlen)
{
	int	id1_type, id2_type;

	id1_type = GET_ISAKMP_ID_TYPE(id1);
	id2_type = GET_ISAKMP_ID_TYPE(id2);

	return id1_type == id2_type ? memcmp(id1 + ISAKMP_ID_DATA_OFF,
	    id2 + ISAKMP_ID_DATA_OFF, idlen - ISAKMP_ID_DATA_OFF) : -1;
}

/* Find the connection named with matching IDs.  */
char *
connection_passive_lookup_by_ids(u_int8_t *id1, u_int8_t *id2)
{
	struct connection_passive *conn;

	for (conn = TAILQ_FIRST(&connections_passive); conn;
	    conn = TAILQ_NEXT(conn, link)) {
		if (!conn->remote_id)
			continue;

		/*
		 * If both IDs match what we have saved, return the name.
		 * Don't bother in which order they are.
		 */
		if ((compare_ids(id1, conn->local_id, conn->local_sz) == 0 &&
		    compare_ids(id2, conn->remote_id, conn->remote_sz) == 0) ||
		    (compare_ids(id1, conn->remote_id, conn->remote_sz) == 0 &&
		    compare_ids(id2, conn->local_id, conn->local_sz) == 0)) {
			LOG_DBG((LOG_MISC, 60,
			    "connection_passive_lookup_by_ids: "
			    "returned \"%s\"", conn->name));
			return conn->name;
		}
	}

	/*
	 * In the road warrior case, we do not know the remote ID. In that
	 * case we will just match against the local ID.
	 */
	for (conn = TAILQ_FIRST(&connections_passive); conn;
	    conn = TAILQ_NEXT(conn, link)) {
		if (!conn->remote_id)
			continue;

		if (compare_ids(id1, conn->local_id, conn->local_sz) == 0 ||
		    compare_ids(id2, conn->local_id, conn->local_sz) == 0) {
			LOG_DBG((LOG_MISC, 60,
			    "connection_passive_lookup_by_ids: returned \"%s\""
			    " only matched local id", conn->name));
			return conn->name;
		}
	}
	LOG_DBG((LOG_MISC, 60,
	    "connection_passive_lookup_by_ids: no match"));
	return 0;
}

/*
 * Setup NAME to be a connection that should be up "always", i.e. if it dies,
 * for whatever reason, it should be tried to be brought up, over and over
 * again.
 */
int
connection_setup(char *name)
{
	struct connection *conn = 0;
	struct timeval  now;

	/* Check for trials to add duplicate connections.  */
	if (connection_lookup(name)) {
		LOG_DBG((LOG_MISC, 10,
		    "connection_setup: cannot add \"%s\" twice", name));
		return 0;
	}
	conn = calloc(1, sizeof *conn);
	if (!conn) {
		log_error("connection_setup: calloc (1, %lu) failed",
		    (unsigned long)sizeof *conn);
		goto fail;
	}
	conn->name = strdup(name);
	if (!conn->name) {
		log_error("connection_setup: strdup (\"%s\") failed", name);
		goto fail;
	}
	gettimeofday(&now, 0);
	conn->ev = timer_add_event("connection_checker", connection_checker,
	    conn, &now);
	if (!conn->ev) {
		log_print("connection_setup: could not add timer event");
		goto fail;
	}
	TAILQ_INSERT_TAIL(&connections, conn, link);
	return 0;

fail:
	if (conn) {
		free(conn->name);
		free(conn);
	}
	return -1;
}

int
connection_record_passive(char *name)
{
	struct connection_passive *conn;
	char           *local_id, *remote_id;

	if (connection_passive_lookup_by_name(name)) {
		LOG_DBG((LOG_MISC, 10,
		    "connection_record_passive: cannot add \"%s\" twice",
		    name));
		return 0;
	}
	local_id = conf_get_str(name, "Local-ID");
	if (!local_id) {
		log_print("connection_record_passive: "
		    "\"Local-ID\" is missing from section [%s]", name);
		return -1;
	}
	/* If the remote id lookup fails we defer it to later */
	remote_id = conf_get_str(name, "Remote-ID");

	conn = calloc(1, sizeof *conn);
	if (!conn) {
		log_error("connection_record_passive: calloc (1, %lu) failed",
		    (unsigned long)sizeof *conn);
		return -1;
	}
	conn->name = strdup(name);
	if (!conn->name) {
		log_error("connection_record_passive: strdup (\"%s\") failed",
		    name);
		goto fail;
	}
	/* XXX IPsec DOI-specific.  */
	conn->local_id = ipsec_build_id(local_id, &conn->local_sz);
	if (!conn->local_id)
		goto fail;

	if (remote_id) {
		conn->remote_id = ipsec_build_id(remote_id, &conn->remote_sz);
		if (!conn->remote_id)
			goto fail;
	} else
		conn->remote_id = 0;

	TAILQ_INSERT_TAIL(&connections_passive, conn, link);

	LOG_DBG((LOG_MISC, 60,
	    "connection_record_passive: passive connection \"%s\" added",
	    conn->name));
	return 0;

fail:
	free(conn->local_id);
	free(conn->name);
	free(conn);
	return -1;
}

/* Remove the connection named NAME.  */
void
connection_teardown(char *name)
{
	struct connection *conn;

	conn = connection_lookup(name);
	if (!conn)
		return;

	TAILQ_REMOVE(&connections, conn, link);
	timer_remove_event(conn->ev);
	free(conn->name);
	free(conn);
}

/* Remove the passive connection named NAME.  */
static void
connection_passive_teardown(char *name)
{
	struct connection_passive *conn;

	conn = connection_passive_lookup_by_name(name);
	if (!conn)
		return;

	TAILQ_REMOVE(&connections_passive, conn, link);
	free(conn->name);
	free(conn->local_id);
	free(conn->remote_id);
	free(conn);
}

void
connection_report(void)
{
	struct connection *conn;
	struct timeval  now;
	struct connection_passive *pconn;
	struct doi     *doi = doi_lookup(ISAKMP_DOI_ISAKMP);

	gettimeofday(&now, 0);
	for (conn = TAILQ_FIRST(&connections); conn;
	    conn = TAILQ_NEXT(conn, link))
		LOG_DBG((LOG_REPORT, 0,
		    "connection_report: connection %s next check %lld seconds",
		    (conn->name ? conn->name : "<unnamed>"),
		    (long long)(conn->ev->expiration.tv_sec - now.tv_sec)));
	for (pconn = TAILQ_FIRST(&connections_passive); pconn;
	    pconn = TAILQ_NEXT(pconn, link))
		LOG_DBG((LOG_REPORT, 0,
		    "connection_report: passive connection %s %s", pconn->name,
		    doi->decode_ids("local_id: %s, remote_id: %s",
		    pconn->local_id, pconn->local_sz,
		    pconn->remote_id, pconn->remote_sz, 1)));
}

/* Reinitialize all connections (SIGHUP handling).  */
void
connection_reinit(void)
{
	struct connection *conn, *next;
	struct connection_passive *pconn, *pnext;

	LOG_DBG((LOG_MISC, 30,
	    "connection_reinit: reinitializing connection list"));

	/* Remove all present connections.  */
	for (conn = TAILQ_FIRST(&connections); conn; conn = next) {
		next = TAILQ_NEXT(conn, link);
		connection_teardown(conn->name);
	}

	for (pconn = TAILQ_FIRST(&connections_passive); pconn; pconn = pnext) {
		pnext = TAILQ_NEXT(pconn, link);
		connection_passive_teardown(pconn->name);
	}

	/* Setup new connections, as the (new) config directs.  */
	connection_init();
}


Generated by: GCOVR (Version 3.3)

Line	Branch	Exec	Source
1			/* $OpenBSD: connection.c,v 1.38 2017/08/06 13:54:04 mpi Exp $ */
2			/* $EOM: connection.c,v 1.28 2000/11/23 12:21:18 niklas Exp $ */
3
4			/*
5			* Copyright (c) 1999, 2000, 2001 Niklas Hallqvist. All rights reserved.
6			* Copyright (c) 1999 Hakan Olsson. All rights reserved.
7			*
8			* Redistribution and use in source and binary forms, with or without
9			* modification, are permitted provided that the following conditions
10			* are met:
11			* 1. Redistributions of source code must retain the above copyright
12			* notice, this list of conditions and the following disclaimer.
13			* 2. Redistributions in binary form must reproduce the above copyright
14			* notice, this list of conditions and the following disclaimer in the
15			* documentation and/or other materials provided with the distribution.
16			*
17			* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18			* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19			* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20			* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21			* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23			* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24			* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25			* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26			* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27			*/
28
29			/*
30			* This code was written under funding by Ericsson Radio Systems.
31			*/
32
33			#include <sys/queue.h>
34			#include <sys/time.h>
35			#include <sys/socket.h>
36			#include <stdlib.h>
37			#include <string.h>
38
39			#include "conf.h"
40			#include "connection.h"
41			#include "doi.h"
42			#include "ipsec.h"
43			#include "pf_key_v2.h"
44
45			/* XXX isakmp.h only required for compare_ids(). */
46			#include "isakmp.h"
47
48			#include "log.h"
49			#include "timer.h"
50			#include "ui.h"
51			#include "util.h"
52
53			/* How often should we check that connections we require to be up, are up? */
54			#define CHECK_INTERVAL 60
55
56			static void connection_passive_teardown(char *);
57
58			struct connection {
59			TAILQ_ENTRY(connection) link;
60			char *name;
61			struct event *ev;
62			};
63
64			struct connection_passive {
65			TAILQ_ENTRY(connection_passive) link;
66			char *name;
67			u_int8_t local_id, remote_id;
68			size_t local_sz, remote_sz;
69
70			#if 0
71			/* XXX Potential additions to 'connection_passive'. */
72			char *isakmp_peer;
73			struct sa sa; / XXX "Soft" ref to active sa? */
74			struct timeval sa_expiration; /* XXX sa may expire. /
75			#endif
76			};
77
78			TAILQ_HEAD(connection_head, connection) connections;
79			TAILQ_HEAD(passive_head, connection_passive) connections_passive;
80
81			/*
82			* This is where we setup all the connections we want there right from the
83			* start.
84			*/
85			void
86			connection_init(void)
87			{
88			struct conf_list conns, attrs;
89			struct conf_list_node conn, attr = NULL;
90
91			/*
92			* Passive connections normally include: all "active" connections that
93			* are not flagged "Active-Only", plus all connections listed in
94			* the 'Passive-Connections' list.
95			*/
96			TAILQ_INIT(&connections);
97			TAILQ_INIT(&connections_passive);
98
99			conns = conf_get_list("Phase 2", "Connections");
100			if (conns) {
101			for (conn = TAILQ_FIRST(&conns->fields); conn;
102			conn = TAILQ_NEXT(conn, link)) {
103			if (connection_setup(conn->field))
104			log_print("connection_init: could not setup "
105			"\"%s\"", conn->field);
106
107			/* XXX Break/abort here if connection_setup failed? */
108
109			/*
110			* XXX This code (i.e. the attribute lookup) seems
111			* like a likely candidate for factoring out into a
112			* function of its own.
113			*/
114			attrs = conf_get_list(conn->field, "Flags");
115			if (attrs)
116			for (attr = TAILQ_FIRST(&attrs->fields); attr;
117			attr = TAILQ_NEXT(attr, link))
118			if (strcasecmp("active-only",
119			attr->field) == 0)
120			break;
121			if (!attrs \|\| (attrs && !attr))
122			if (connection_record_passive(conn->field))
123			log_print("connection_init: could not "
124			"record connection \"%s\"",
125			conn->field);
126			if (attrs)
127			conf_free_list(attrs);
128
129			}
130			conf_free_list(conns);
131			}
132			conns = conf_get_list("Phase 2", "Passive-Connections");
133			if (conns) {
134			for (conn = TAILQ_FIRST(&conns->fields); conn;
135			conn = TAILQ_NEXT(conn, link))
136			if (connection_record_passive(conn->field))
137			log_print("connection_init: could not record "
138			"passive connection \"%s\"", conn->field);
139			conf_free_list(conns);
140			}
141			}
142
143			/* Check the connection in VCONN and schedule another check later. */
144			static void
145			connection_checker(void *vconn)
146			{
147			struct timeval now;
148			struct connection *conn = vconn;
149			char *name;
150
151			gettimeofday(&now, 0);
152			now.tv_sec += conf_get_num("General", "check-interval",
153			CHECK_INTERVAL);
154			conn->ev = timer_add_event("connection_checker",
155			connection_checker, conn, &now);
156			if (!conn->ev)
157			log_print("%s: could not add timer event", __func__);
158			if (ui_daemon_passive)
159			return;
160
161			name = strdup(conn->name);
162			if (!name) {
163			log_print("%s: strdup (\"%s\") failed", __func__, conn->name);
164			return;
165			}
166			pf_key_v2_connection_check(name);
167			}
168
169			/* Find the connection named NAME. */
170			static struct connection *
171			connection_lookup(char *name)
172			{
173			struct connection *conn;
174
175			for (conn = TAILQ_FIRST(&connections); conn;
176			conn = TAILQ_NEXT(conn, link))
177			if (strcasecmp(conn->name, name) == 0)
178			return conn;
179			return 0;
180			}
181
182			/* Does the connection named NAME exist? */
183			int
184			connection_exist(char *name)
185			{
186			return (connection_lookup(name) != 0);
187			}
188
189			/* Find the passive connection named NAME. */
190			static struct connection_passive *
191			connection_passive_lookup_by_name(char *name)
192			{
193			struct connection_passive *conn;
194
195			for (conn = TAILQ_FIRST(&connections_passive); conn;
196			conn = TAILQ_NEXT(conn, link))
197			if (strcasecmp(conn->name, name) == 0)
198			return conn;
199			return 0;
200			}
201
202			/*
203			* IDs of different types cannot be the same.
204			* XXX Rename to ipsec_compare_id, and move to ipsec.c ?
205			*/
206			static int
207			compare_ids(u_int8_t id1, u_int8_t id2, size_t idlen)
208			{
209			int id1_type, id2_type;
210
211			id1_type = GET_ISAKMP_ID_TYPE(id1);
212			id2_type = GET_ISAKMP_ID_TYPE(id2);
213
214			return id1_type == id2_type ? memcmp(id1 + ISAKMP_ID_DATA_OFF,
215			id2 + ISAKMP_ID_DATA_OFF, idlen - ISAKMP_ID_DATA_OFF) : -1;
216			}
217
218			/* Find the connection named with matching IDs. */
219			char *
220			connection_passive_lookup_by_ids(u_int8_t id1, u_int8_t id2)
221			{
222			struct connection_passive *conn;
223
224			for (conn = TAILQ_FIRST(&connections_passive); conn;
225			conn = TAILQ_NEXT(conn, link)) {
226			if (!conn->remote_id)
227			continue;
228
229			/*
230			* If both IDs match what we have saved, return the name.
231			* Don't bother in which order they are.
232			*/
233			if ((compare_ids(id1, conn->local_id, conn->local_sz) == 0 &&
234			compare_ids(id2, conn->remote_id, conn->remote_sz) == 0) \|\|
235			(compare_ids(id1, conn->remote_id, conn->remote_sz) == 0 &&
236			compare_ids(id2, conn->local_id, conn->local_sz) == 0)) {
237			LOG_DBG((LOG_MISC, 60,
238			"connection_passive_lookup_by_ids: "
239			"returned \"%s\"", conn->name));
240			return conn->name;
241			}
242			}
243
244			/*
245			* In the road warrior case, we do not know the remote ID. In that
246			* case we will just match against the local ID.
247			*/
248			for (conn = TAILQ_FIRST(&connections_passive); conn;
249			conn = TAILQ_NEXT(conn, link)) {
250			if (!conn->remote_id)
251			continue;
252
253			if (compare_ids(id1, conn->local_id, conn->local_sz) == 0 \|\|
254			compare_ids(id2, conn->local_id, conn->local_sz) == 0) {
255			LOG_DBG((LOG_MISC, 60,
256			"connection_passive_lookup_by_ids: returned \"%s\""
257			" only matched local id", conn->name));
258			return conn->name;
259			}
260			}
261			LOG_DBG((LOG_MISC, 60,
262			"connection_passive_lookup_by_ids: no match"));
263			return 0;
264			}
265
266			/*
267			* Setup NAME to be a connection that should be up "always", i.e. if it dies,
268			* for whatever reason, it should be tried to be brought up, over and over
269			* again.
270			*/
271			int
272			connection_setup(char *name)
273			{
274			struct connection *conn = 0;
275			struct timeval now;
276
277			/* Check for trials to add duplicate connections. */
278			if (connection_lookup(name)) {
279			LOG_DBG((LOG_MISC, 10,
280			"connection_setup: cannot add \"%s\" twice", name));
281			return 0;
282			}
283			conn = calloc(1, sizeof *conn);
284			if (!conn) {
285			log_error("connection_setup: calloc (1, %lu) failed",
286			(unsigned long)sizeof *conn);
287			goto fail;
288			}
289			conn->name = strdup(name);
290			if (!conn->name) {
291			log_error("connection_setup: strdup (\"%s\") failed", name);
292			goto fail;
293			}
294			gettimeofday(&now, 0);
295			conn->ev = timer_add_event("connection_checker", connection_checker,
296			conn, &now);
297			if (!conn->ev) {
298			log_print("connection_setup: could not add timer event");
299			goto fail;
300			}
301			TAILQ_INSERT_TAIL(&connections, conn, link);
302			return 0;
303
304			fail:
305			if (conn) {
306			free(conn->name);
307			free(conn);
308			}
309			return -1;
310			}
311
312			int
313			connection_record_passive(char *name)
314			{
315			struct connection_passive *conn;
316			char local_id, remote_id;
317
318			if (connection_passive_lookup_by_name(name)) {
319			LOG_DBG((LOG_MISC, 10,
320			"connection_record_passive: cannot add \"%s\" twice",
321			name));
322			return 0;
323			}
324			local_id = conf_get_str(name, "Local-ID");
325			if (!local_id) {
326			log_print("connection_record_passive: "
327			"\"Local-ID\" is missing from section [%s]", name);
328			return -1;
329			}
330			/* If the remote id lookup fails we defer it to later */
331			remote_id = conf_get_str(name, "Remote-ID");
332
333			conn = calloc(1, sizeof *conn);
334			if (!conn) {
335			log_error("connection_record_passive: calloc (1, %lu) failed",
336			(unsigned long)sizeof *conn);
337			return -1;
338			}
339			conn->name = strdup(name);
340			if (!conn->name) {
341			log_error("connection_record_passive: strdup (\"%s\") failed",
342			name);
343			goto fail;
344			}
345			/* XXX IPsec DOI-specific. */
346			conn->local_id = ipsec_build_id(local_id, &conn->local_sz);
347			if (!conn->local_id)
348			goto fail;
349
350			if (remote_id) {
351			conn->remote_id = ipsec_build_id(remote_id, &conn->remote_sz);
352			if (!conn->remote_id)
353			goto fail;
354			} else
355			conn->remote_id = 0;
356
357			TAILQ_INSERT_TAIL(&connections_passive, conn, link);
358
359			LOG_DBG((LOG_MISC, 60,
360			"connection_record_passive: passive connection \"%s\" added",
361			conn->name));
362			return 0;
363
364			fail:
365			free(conn->local_id);
366			free(conn->name);
367			free(conn);
368			return -1;
369			}
370
371			/* Remove the connection named NAME. */
372			void
373			connection_teardown(char *name)
374			{
375			struct connection *conn;
376
377			conn = connection_lookup(name);
378			if (!conn)
379			return;
380
381			TAILQ_REMOVE(&connections, conn, link);
382			timer_remove_event(conn->ev);
383			free(conn->name);
384			free(conn);
385			}
386
387			/* Remove the passive connection named NAME. */
388			static void
389			connection_passive_teardown(char *name)
390			{
391			struct connection_passive *conn;
392
393			conn = connection_passive_lookup_by_name(name);
394			if (!conn)
395			return;
396
397			TAILQ_REMOVE(&connections_passive, conn, link);
398			free(conn->name);
399			free(conn->local_id);
400			free(conn->remote_id);
401			free(conn);
402			}
403
404			void
405			connection_report(void)
406			{
407			struct connection *conn;
408			struct timeval now;
409			struct connection_passive *pconn;
410			struct doi *doi = doi_lookup(ISAKMP_DOI_ISAKMP);
411
412			gettimeofday(&now, 0);
413			for (conn = TAILQ_FIRST(&connections); conn;
414			conn = TAILQ_NEXT(conn, link))
415			LOG_DBG((LOG_REPORT, 0,
416			"connection_report: connection %s next check %lld seconds",
417			(conn->name ? conn->name : "<unnamed>"),
418			(long long)(conn->ev->expiration.tv_sec - now.tv_sec)));
419			for (pconn = TAILQ_FIRST(&connections_passive); pconn;
420			pconn = TAILQ_NEXT(pconn, link))
421			LOG_DBG((LOG_REPORT, 0,
422			"connection_report: passive connection %s %s", pconn->name,
423			doi->decode_ids("local_id: %s, remote_id: %s",
424			pconn->local_id, pconn->local_sz,
425			pconn->remote_id, pconn->remote_sz, 1)));
426			}
427
428			/* Reinitialize all connections (SIGHUP handling). */
429			void
430			connection_reinit(void)
431			{
432			struct connection conn, next;
433			struct connection_passive pconn, pnext;
434
435			LOG_DBG((LOG_MISC, 30,
436			"connection_reinit: reinitializing connection list"));
437
438			/* Remove all present connections. */
439			for (conn = TAILQ_FIRST(&connections); conn; conn = next) {
440			next = TAILQ_NEXT(conn, link);
441			connection_teardown(conn->name);
442			}
443
444			for (pconn = TAILQ_FIRST(&connections_passive); pconn; pconn = pnext) {
445			pnext = TAILQ_NEXT(pconn, link);
446			connection_passive_teardown(pconn->name);
447			}
448
449			/* Setup new connections, as the (new) config directs. */
450			connection_init();
451			}