2 * Copyright (c) 2012 The FreeBSD Foundation
5 * This software was developed by Edward Tomasz Napierala under sponsorship
6 * from the FreeBSD Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 #include <sys/types.h>
34 #include <sys/socket.h>
36 #include <netinet/in.h>
37 #include <arpa/inet.h>
52 bool proxy_mode = false;
54 static volatile bool sighup_received = false;
55 static volatile bool sigterm_received = false;
56 static volatile bool sigalrm_received = false;
58 static int nchildren = 0;
64 fprintf(stderr, "usage: ctld [-d][-f config-file]\n");
69 checked_strdup(const char *s)
84 conf = calloc(1, sizeof(*conf));
87 TAILQ_INIT(&conf->conf_targets);
88 TAILQ_INIT(&conf->conf_auth_groups);
89 TAILQ_INIT(&conf->conf_portal_groups);
92 conf->conf_timeout = 60;
93 conf->conf_maxproc = 30;
99 conf_delete(struct conf *conf)
101 struct target *targ, *tmp;
102 struct auth_group *ag, *cagtmp;
103 struct portal_group *pg, *cpgtmp;
105 assert(conf->conf_pidfh == NULL);
107 TAILQ_FOREACH_SAFE(targ, &conf->conf_targets, t_next, tmp)
109 TAILQ_FOREACH_SAFE(ag, &conf->conf_auth_groups, ag_next, cagtmp)
110 auth_group_delete(ag);
111 TAILQ_FOREACH_SAFE(pg, &conf->conf_portal_groups, pg_next, cpgtmp)
112 portal_group_delete(pg);
113 free(conf->conf_pidfile_path);
118 auth_new(struct auth_group *ag)
122 auth = calloc(1, sizeof(*auth));
124 log_err(1, "calloc");
125 auth->a_auth_group = ag;
126 TAILQ_INSERT_TAIL(&ag->ag_auths, auth, a_next);
131 auth_delete(struct auth *auth)
133 TAILQ_REMOVE(&auth->a_auth_group->ag_auths, auth, a_next);
136 free(auth->a_secret);
137 free(auth->a_mutual_user);
138 free(auth->a_mutual_secret);
143 auth_find(const struct auth_group *ag, const char *user)
145 const struct auth *auth;
147 TAILQ_FOREACH(auth, &ag->ag_auths, a_next) {
148 if (strcmp(auth->a_user, user) == 0)
156 auth_check_secret_length(struct auth *auth)
160 len = strlen(auth->a_secret);
162 if (auth->a_auth_group->ag_name != NULL)
163 log_warnx("secret for user \"%s\", auth-group \"%s\", "
164 "is too long; it should be at most 16 characters "
165 "long", auth->a_user, auth->a_auth_group->ag_name);
167 log_warnx("secret for user \"%s\", target \"%s\", "
168 "is too long; it should be at most 16 characters "
169 "long", auth->a_user,
170 auth->a_auth_group->ag_target->t_name);
173 if (auth->a_auth_group->ag_name != NULL)
174 log_warnx("secret for user \"%s\", auth-group \"%s\", "
175 "is too short; it should be at least 12 characters "
176 "long", auth->a_user,
177 auth->a_auth_group->ag_name);
179 log_warnx("secret for user \"%s\", target \"%s\", "
180 "is too short; it should be at least 16 characters "
181 "long", auth->a_user,
182 auth->a_auth_group->ag_target->t_name);
185 if (auth->a_mutual_secret != NULL) {
186 len = strlen(auth->a_secret);
188 if (auth->a_auth_group->ag_name != NULL)
189 log_warnx("mutual secret for user \"%s\", "
190 "auth-group \"%s\", is too long; it should "
191 "be at most 16 characters long",
192 auth->a_user, auth->a_auth_group->ag_name);
194 log_warnx("mutual secret for user \"%s\", "
195 "target \"%s\", is too long; it should "
196 "be at most 16 characters long",
198 auth->a_auth_group->ag_target->t_name);
201 if (auth->a_auth_group->ag_name != NULL)
202 log_warnx("mutual secret for user \"%s\", "
203 "auth-group \"%s\", is too short; it "
204 "should be at least 12 characters long",
205 auth->a_user, auth->a_auth_group->ag_name);
207 log_warnx("mutual secret for user \"%s\", "
208 "target \"%s\", is too short; it should be "
209 "at least 16 characters long",
211 auth->a_auth_group->ag_target->t_name);
217 auth_new_chap(struct auth_group *ag, const char *user,
222 if (ag->ag_type == AG_TYPE_UNKNOWN)
223 ag->ag_type = AG_TYPE_CHAP;
224 if (ag->ag_type != AG_TYPE_CHAP) {
225 if (ag->ag_name != NULL)
226 log_warnx("cannot mix \"chap\" authentication with "
227 "other types for auth-group \"%s\"", ag->ag_name);
229 log_warnx("cannot mix \"chap\" authentication with "
230 "other types for target \"%s\"",
231 ag->ag_target->t_name);
236 auth->a_user = checked_strdup(user);
237 auth->a_secret = checked_strdup(secret);
239 auth_check_secret_length(auth);
245 auth_new_chap_mutual(struct auth_group *ag, const char *user,
246 const char *secret, const char *user2, const char *secret2)
250 if (ag->ag_type == AG_TYPE_UNKNOWN)
251 ag->ag_type = AG_TYPE_CHAP_MUTUAL;
252 if (ag->ag_type != AG_TYPE_CHAP_MUTUAL) {
253 if (ag->ag_name != NULL)
254 log_warnx("cannot mix \"chap-mutual\" authentication "
255 "with other types for auth-group \"%s\"",
258 log_warnx("cannot mix \"chap-mutual\" authentication "
259 "with other types for target \"%s\"",
260 ag->ag_target->t_name);
265 auth->a_user = checked_strdup(user);
266 auth->a_secret = checked_strdup(secret);
267 auth->a_mutual_user = checked_strdup(user2);
268 auth->a_mutual_secret = checked_strdup(secret2);
270 auth_check_secret_length(auth);
275 const struct auth_name *
276 auth_name_new(struct auth_group *ag, const char *name)
278 struct auth_name *an;
280 an = calloc(1, sizeof(*an));
282 log_err(1, "calloc");
283 an->an_auth_group = ag;
284 an->an_initator_name = checked_strdup(name);
285 TAILQ_INSERT_TAIL(&ag->ag_names, an, an_next);
290 auth_name_delete(struct auth_name *an)
292 TAILQ_REMOVE(&an->an_auth_group->ag_names, an, an_next);
294 free(an->an_initator_name);
299 auth_name_defined(const struct auth_group *ag)
301 if (TAILQ_EMPTY(&ag->ag_names))
306 const struct auth_name *
307 auth_name_find(const struct auth_group *ag, const char *name)
309 const struct auth_name *auth_name;
311 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) {
312 if (strcmp(auth_name->an_initator_name, name) == 0)
319 const struct auth_portal *
320 auth_portal_new(struct auth_group *ag, const char *portal)
322 struct auth_portal *ap;
323 char *net, *mask, *str, *tmp;
326 ap = calloc(1, sizeof(*ap));
328 log_err(1, "calloc");
329 ap->ap_auth_group = ag;
330 ap->ap_initator_portal = checked_strdup(portal);
331 mask = str = checked_strdup(portal);
332 net = strsep(&mask, "/");
338 if (net[len - 1] == ']')
340 if (strchr(net, ':') != NULL) {
341 struct sockaddr_in6 *sin6 =
342 (struct sockaddr_in6 *)&ap->ap_sa;
344 sin6->sin6_len = sizeof(*sin6);
345 sin6->sin6_family = AF_INET6;
346 if (inet_pton(AF_INET6, net, &sin6->sin6_addr) <= 0)
350 struct sockaddr_in *sin =
351 (struct sockaddr_in *)&ap->ap_sa;
353 sin->sin_len = sizeof(*sin);
354 sin->sin_family = AF_INET;
355 if (inet_pton(AF_INET, net, &sin->sin_addr) <= 0)
360 m = strtol(mask, &tmp, 0);
361 if (m < 0 || m > dm || tmp[0] != 0)
367 TAILQ_INSERT_TAIL(&ag->ag_portals, ap, ap_next);
371 log_errx(1, "Incorrect initiator portal '%s'", portal);
376 auth_portal_delete(struct auth_portal *ap)
378 TAILQ_REMOVE(&ap->ap_auth_group->ag_portals, ap, ap_next);
380 free(ap->ap_initator_portal);
385 auth_portal_defined(const struct auth_group *ag)
387 if (TAILQ_EMPTY(&ag->ag_portals))
392 const struct auth_portal *
393 auth_portal_find(const struct auth_group *ag, const struct sockaddr_storage *ss)
395 const struct auth_portal *ap;
396 const uint8_t *a, *b;
400 TAILQ_FOREACH(ap, &ag->ag_portals, ap_next) {
401 if (ap->ap_sa.ss_family != ss->ss_family)
403 if (ss->ss_family == AF_INET) {
404 a = (const uint8_t *)
405 &((const struct sockaddr_in *)ss)->sin_addr;
406 b = (const uint8_t *)
407 &((const struct sockaddr_in *)&ap->ap_sa)->sin_addr;
409 a = (const uint8_t *)
410 &((const struct sockaddr_in6 *)ss)->sin6_addr;
411 b = (const uint8_t *)
412 &((const struct sockaddr_in6 *)&ap->ap_sa)->sin6_addr;
414 for (i = 0; i < ap->ap_mask / 8; i++) {
418 if (ap->ap_mask % 8) {
419 bmask = 0xff << (8 - (ap->ap_mask % 8));
420 if ((a[i] & bmask) != (b[i] & bmask))
432 auth_group_new(struct conf *conf, const char *name)
434 struct auth_group *ag;
437 ag = auth_group_find(conf, name);
439 log_warnx("duplicated auth-group \"%s\"", name);
444 ag = calloc(1, sizeof(*ag));
446 log_err(1, "calloc");
448 ag->ag_name = checked_strdup(name);
449 TAILQ_INIT(&ag->ag_auths);
450 TAILQ_INIT(&ag->ag_names);
451 TAILQ_INIT(&ag->ag_portals);
453 TAILQ_INSERT_TAIL(&conf->conf_auth_groups, ag, ag_next);
459 auth_group_delete(struct auth_group *ag)
461 struct auth *auth, *auth_tmp;
462 struct auth_name *auth_name, *auth_name_tmp;
463 struct auth_portal *auth_portal, *auth_portal_tmp;
465 TAILQ_REMOVE(&ag->ag_conf->conf_auth_groups, ag, ag_next);
467 TAILQ_FOREACH_SAFE(auth, &ag->ag_auths, a_next, auth_tmp)
469 TAILQ_FOREACH_SAFE(auth_name, &ag->ag_names, an_next, auth_name_tmp)
470 auth_name_delete(auth_name);
471 TAILQ_FOREACH_SAFE(auth_portal, &ag->ag_portals, ap_next,
473 auth_portal_delete(auth_portal);
479 auth_group_find(const struct conf *conf, const char *name)
481 struct auth_group *ag;
483 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
484 if (ag->ag_name != NULL && strcmp(ag->ag_name, name) == 0)
492 auth_group_set_type(struct auth_group *ag, int type)
495 if (ag->ag_type == AG_TYPE_UNKNOWN) {
500 if (ag->ag_type == type)
507 auth_group_set_type_str(struct auth_group *ag, const char *str)
511 if (strcmp(str, "none") == 0) {
512 type = AG_TYPE_NO_AUTHENTICATION;
513 } else if (strcmp(str, "deny") == 0) {
515 } else if (strcmp(str, "chap") == 0) {
517 } else if (strcmp(str, "chap-mutual") == 0) {
518 type = AG_TYPE_CHAP_MUTUAL;
520 if (ag->ag_name != NULL)
521 log_warnx("invalid auth-type \"%s\" for auth-group "
522 "\"%s\"", str, ag->ag_name);
524 log_warnx("invalid auth-type \"%s\" for target "
525 "\"%s\"", str, ag->ag_target->t_name);
529 error = auth_group_set_type(ag, type);
531 if (ag->ag_name != NULL)
532 log_warnx("cannot set auth-type to \"%s\" for "
533 "auth-group \"%s\"; already has a different "
534 "type", str, ag->ag_name);
536 log_warnx("cannot set auth-type to \"%s\" for target "
537 "\"%s\"; already has a different type",
538 str, ag->ag_target->t_name);
545 static struct portal *
546 portal_new(struct portal_group *pg)
548 struct portal *portal;
550 portal = calloc(1, sizeof(*portal));
552 log_err(1, "calloc");
553 TAILQ_INIT(&portal->p_targets);
554 portal->p_portal_group = pg;
555 TAILQ_INSERT_TAIL(&pg->pg_portals, portal, p_next);
560 portal_delete(struct portal *portal)
562 TAILQ_REMOVE(&portal->p_portal_group->pg_portals, portal, p_next);
563 freeaddrinfo(portal->p_ai);
564 free(portal->p_listen);
568 struct portal_group *
569 portal_group_new(struct conf *conf, const char *name)
571 struct portal_group *pg;
573 pg = portal_group_find(conf, name);
575 log_warnx("duplicated portal-group \"%s\"", name);
579 pg = calloc(1, sizeof(*pg));
581 log_err(1, "calloc");
582 pg->pg_name = checked_strdup(name);
583 TAILQ_INIT(&pg->pg_portals);
585 conf->conf_last_portal_group_tag++;
586 pg->pg_tag = conf->conf_last_portal_group_tag;
587 TAILQ_INSERT_TAIL(&conf->conf_portal_groups, pg, pg_next);
593 portal_group_delete(struct portal_group *pg)
595 struct portal *portal, *tmp;
597 TAILQ_REMOVE(&pg->pg_conf->conf_portal_groups, pg, pg_next);
599 TAILQ_FOREACH_SAFE(portal, &pg->pg_portals, p_next, tmp)
600 portal_delete(portal);
605 struct portal_group *
606 portal_group_find(const struct conf *conf, const char *name)
608 struct portal_group *pg;
610 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
611 if (strcmp(pg->pg_name, name) == 0)
619 portal_group_add_listen(struct portal_group *pg, const char *value, bool iser)
621 struct addrinfo hints;
622 struct portal *portal;
623 char *addr, *ch, *arg;
625 int error, colons = 0;
627 portal = portal_new(pg);
628 portal->p_listen = checked_strdup(value);
629 portal->p_iser = iser;
631 arg = portal->p_listen;
632 if (arg[0] == '\0') {
633 log_warnx("empty listen address");
634 free(portal->p_listen);
640 * IPv6 address in square brackets, perhaps with port.
643 addr = strsep(&arg, "]");
645 log_warnx("invalid listen address %s",
647 free(portal->p_listen);
651 if (arg[0] == '\0') {
653 } else if (arg[0] == ':') {
656 log_warnx("invalid listen address %s",
658 free(portal->p_listen);
664 * Either IPv6 address without brackets - and without
665 * a port - or IPv4 address. Just count the colons.
667 for (ch = arg; *ch != '\0'; ch++) {
675 addr = strsep(&arg, ":");
683 memset(&hints, 0, sizeof(hints));
684 hints.ai_family = PF_UNSPEC;
685 hints.ai_socktype = SOCK_STREAM;
686 hints.ai_flags = AI_PASSIVE;
688 error = getaddrinfo(addr, port, &hints, &portal->p_ai);
690 log_warnx("getaddrinfo for %s failed: %s",
691 portal->p_listen, gai_strerror(error));
692 free(portal->p_listen);
698 * XXX: getaddrinfo(3) may return multiple addresses; we should turn
699 * those into multiple portals.
706 valid_hex(const char ch)
738 valid_iscsi_name(const char *name)
742 if (strlen(name) >= MAX_NAME_LEN) {
743 log_warnx("overlong name for target \"%s\"; max length allowed "
744 "by iSCSI specification is %d characters",
750 * In the cases below, we don't return an error, just in case the admin
751 * was right, and we're wrong.
753 if (strncasecmp(name, "iqn.", strlen("iqn.")) == 0) {
754 for (i = strlen("iqn."); name[i] != '\0'; i++) {
756 * XXX: We should verify UTF-8 normalisation, as defined
757 * by 3.2.6.2: iSCSI Name Encoding.
759 if (isalnum(name[i]))
761 if (name[i] == '-' || name[i] == '.' || name[i] == ':')
763 log_warnx("invalid character \"%c\" in target name "
764 "\"%s\"; allowed characters are letters, digits, "
765 "'-', '.', and ':'", name[i], name);
769 * XXX: Check more stuff: valid date and a valid reversed domain.
771 } else if (strncasecmp(name, "eui.", strlen("eui.")) == 0) {
772 if (strlen(name) != strlen("eui.") + 16)
773 log_warnx("invalid target name \"%s\"; the \"eui.\" "
774 "should be followed by exactly 16 hexadecimal "
776 for (i = strlen("eui."); name[i] != '\0'; i++) {
777 if (!valid_hex(name[i])) {
778 log_warnx("invalid character \"%c\" in target "
779 "name \"%s\"; allowed characters are 1-9 "
780 "and A-F", name[i], name);
784 } else if (strncasecmp(name, "naa.", strlen("naa.")) == 0) {
785 if (strlen(name) > strlen("naa.") + 32)
786 log_warnx("invalid target name \"%s\"; the \"naa.\" "
787 "should be followed by at most 32 hexadecimal "
789 for (i = strlen("naa."); name[i] != '\0'; i++) {
790 if (!valid_hex(name[i])) {
791 log_warnx("invalid character \"%c\" in target "
792 "name \"%s\"; allowed characters are 1-9 "
793 "and A-F", name[i], name);
798 log_warnx("invalid target name \"%s\"; should start with "
799 "either \".iqn\", \"eui.\", or \"naa.\"",
806 target_new(struct conf *conf, const char *name)
811 targ = target_find(conf, name);
813 log_warnx("duplicated target \"%s\"", name);
816 if (valid_iscsi_name(name) == false) {
817 log_warnx("target name \"%s\" is invalid", name);
820 targ = calloc(1, sizeof(*targ));
822 log_err(1, "calloc");
823 targ->t_name = checked_strdup(name);
826 * RFC 3722 requires us to normalize the name to lowercase.
829 for (i = 0; i < len; i++)
830 targ->t_name[i] = tolower(targ->t_name[i]);
832 TAILQ_INIT(&targ->t_luns);
834 TAILQ_INSERT_TAIL(&conf->conf_targets, targ, t_next);
840 target_delete(struct target *targ)
842 struct lun *lun, *tmp;
844 TAILQ_REMOVE(&targ->t_conf->conf_targets, targ, t_next);
846 TAILQ_FOREACH_SAFE(lun, &targ->t_luns, l_next, tmp)
853 target_find(struct conf *conf, const char *name)
857 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
858 if (strcasecmp(targ->t_name, name) == 0)
866 lun_new(struct target *targ, int lun_id)
870 lun = lun_find(targ, lun_id);
872 log_warnx("duplicated lun %d for target \"%s\"",
873 lun_id, targ->t_name);
877 lun = calloc(1, sizeof(*lun));
879 log_err(1, "calloc");
881 TAILQ_INIT(&lun->l_options);
882 lun->l_target = targ;
883 TAILQ_INSERT_TAIL(&targ->t_luns, lun, l_next);
889 lun_delete(struct lun *lun)
891 struct lun_option *lo, *tmp;
893 TAILQ_REMOVE(&lun->l_target->t_luns, lun, l_next);
895 TAILQ_FOREACH_SAFE(lo, &lun->l_options, lo_next, tmp)
896 lun_option_delete(lo);
897 free(lun->l_backend);
898 free(lun->l_device_id);
905 lun_find(const struct target *targ, int lun_id)
909 TAILQ_FOREACH(lun, &targ->t_luns, l_next) {
910 if (lun->l_lun == lun_id)
918 lun_set_backend(struct lun *lun, const char *value)
920 free(lun->l_backend);
921 lun->l_backend = checked_strdup(value);
925 lun_set_blocksize(struct lun *lun, size_t value)
928 lun->l_blocksize = value;
932 lun_set_device_id(struct lun *lun, const char *value)
934 free(lun->l_device_id);
935 lun->l_device_id = checked_strdup(value);
939 lun_set_path(struct lun *lun, const char *value)
942 lun->l_path = checked_strdup(value);
946 lun_set_serial(struct lun *lun, const char *value)
949 lun->l_serial = checked_strdup(value);
953 lun_set_size(struct lun *lun, size_t value)
960 lun_set_ctl_lun(struct lun *lun, uint32_t value)
963 lun->l_ctl_lun = value;
967 lun_option_new(struct lun *lun, const char *name, const char *value)
969 struct lun_option *lo;
971 lo = lun_option_find(lun, name);
973 log_warnx("duplicated lun option %s for lun %d, target \"%s\"",
974 name, lun->l_lun, lun->l_target->t_name);
978 lo = calloc(1, sizeof(*lo));
980 log_err(1, "calloc");
981 lo->lo_name = checked_strdup(name);
982 lo->lo_value = checked_strdup(value);
984 TAILQ_INSERT_TAIL(&lun->l_options, lo, lo_next);
990 lun_option_delete(struct lun_option *lo)
993 TAILQ_REMOVE(&lo->lo_lun->l_options, lo, lo_next);
1001 lun_option_find(const struct lun *lun, const char *name)
1003 struct lun_option *lo;
1005 TAILQ_FOREACH(lo, &lun->l_options, lo_next) {
1006 if (strcmp(lo->lo_name, name) == 0)
1014 lun_option_set(struct lun_option *lo, const char *value)
1018 lo->lo_value = checked_strdup(value);
1021 static struct connection *
1022 connection_new(struct portal *portal, int fd, const char *host,
1023 const struct sockaddr *client_sa)
1025 struct connection *conn;
1027 conn = calloc(1, sizeof(*conn));
1029 log_err(1, "calloc");
1030 conn->conn_portal = portal;
1031 conn->conn_socket = fd;
1032 conn->conn_initiator_addr = checked_strdup(host);
1033 memcpy(&conn->conn_initiator_sa, client_sa, client_sa->sa_len);
1036 * Default values, from RFC 3720, section 12.
1038 conn->conn_max_data_segment_length = 8192;
1039 conn->conn_max_burst_length = 262144;
1040 conn->conn_immediate_data = true;
1047 conf_print(struct conf *conf)
1049 struct auth_group *ag;
1051 struct auth_name *auth_name;
1052 struct auth_portal *auth_portal;
1053 struct portal_group *pg;
1054 struct portal *portal;
1055 struct target *targ;
1057 struct lun_option *lo;
1059 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
1060 fprintf(stderr, "auth-group %s {\n", ag->ag_name);
1061 TAILQ_FOREACH(auth, &ag->ag_auths, a_next)
1062 fprintf(stderr, "\t chap-mutual %s %s %s %s\n",
1063 auth->a_user, auth->a_secret,
1064 auth->a_mutual_user, auth->a_mutual_secret);
1065 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next)
1066 fprintf(stderr, "\t initiator-name %s\n",
1067 auth_name->an_initator_name);
1068 TAILQ_FOREACH(auth_portal, &ag->ag_portals, an_next)
1069 fprintf(stderr, "\t initiator-portal %s\n",
1070 auth_portal->an_initator_portal);
1071 fprintf(stderr, "}\n");
1073 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1074 fprintf(stderr, "portal-group %s {\n", pg->pg_name);
1075 TAILQ_FOREACH(portal, &pg->pg_portals, p_next)
1076 fprintf(stderr, "\t listen %s\n", portal->p_listen);
1077 fprintf(stderr, "}\n");
1079 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1080 fprintf(stderr, "target %s {\n", targ->t_name);
1081 if (targ->t_alias != NULL)
1082 fprintf(stderr, "\t alias %s\n", targ->t_alias);
1083 TAILQ_FOREACH(lun, &targ->t_luns, l_next) {
1084 fprintf(stderr, "\tlun %d {\n", lun->l_lun);
1085 fprintf(stderr, "\t\tpath %s\n", lun->l_path);
1086 TAILQ_FOREACH(lo, &lun->l_options, lo_next)
1087 fprintf(stderr, "\t\toption %s %s\n",
1088 lo->lo_name, lo->lo_value);
1089 fprintf(stderr, "\t}\n");
1091 fprintf(stderr, "}\n");
1097 conf_verify_lun(struct lun *lun)
1099 const struct lun *lun2;
1100 const struct target *targ2;
1102 if (lun->l_backend == NULL)
1103 lun_set_backend(lun, "block");
1104 if (strcmp(lun->l_backend, "block") == 0) {
1105 if (lun->l_path == NULL) {
1106 log_warnx("missing path for lun %d, target \"%s\"",
1107 lun->l_lun, lun->l_target->t_name);
1110 } else if (strcmp(lun->l_backend, "ramdisk") == 0) {
1111 if (lun->l_size == 0) {
1112 log_warnx("missing size for ramdisk-backed lun %d, "
1113 "target \"%s\"", lun->l_lun, lun->l_target->t_name);
1116 if (lun->l_path != NULL) {
1117 log_warnx("path must not be specified "
1118 "for ramdisk-backed lun %d, target \"%s\"",
1119 lun->l_lun, lun->l_target->t_name);
1123 if (lun->l_lun < 0 || lun->l_lun > 255) {
1124 log_warnx("invalid lun number for lun %d, target \"%s\"; "
1125 "must be between 0 and 255", lun->l_lun,
1126 lun->l_target->t_name);
1129 if (lun->l_blocksize == 0) {
1130 lun_set_blocksize(lun, DEFAULT_BLOCKSIZE);
1131 } else if (lun->l_blocksize < 0) {
1132 log_warnx("invalid blocksize for lun %d, target \"%s\"; "
1133 "must be larger than 0", lun->l_lun, lun->l_target->t_name);
1136 if (lun->l_size != 0 && lun->l_size % lun->l_blocksize != 0) {
1137 log_warnx("invalid size for lun %d, target \"%s\"; "
1138 "must be multiple of blocksize", lun->l_lun,
1139 lun->l_target->t_name);
1142 TAILQ_FOREACH(targ2, &lun->l_target->t_conf->conf_targets, t_next) {
1143 TAILQ_FOREACH(lun2, &targ2->t_luns, l_next) {
1146 if (lun->l_path != NULL && lun2->l_path != NULL &&
1147 strcmp(lun->l_path, lun2->l_path) == 0) {
1148 log_debugx("WARNING: path \"%s\" duplicated "
1149 "between lun %d, target \"%s\", and "
1150 "lun %d, target \"%s\"", lun->l_path,
1151 lun->l_lun, lun->l_target->t_name,
1152 lun2->l_lun, lun2->l_target->t_name);
1161 conf_verify(struct conf *conf)
1163 struct auth_group *ag;
1164 struct portal_group *pg;
1165 struct target *targ;
1170 if (conf->conf_pidfile_path == NULL)
1171 conf->conf_pidfile_path = checked_strdup(DEFAULT_PIDFILE);
1173 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1174 if (targ->t_auth_group == NULL) {
1175 targ->t_auth_group = auth_group_find(conf,
1177 assert(targ->t_auth_group != NULL);
1179 if (targ->t_portal_group == NULL) {
1180 targ->t_portal_group = portal_group_find(conf,
1182 assert(targ->t_portal_group != NULL);
1185 TAILQ_FOREACH(lun, &targ->t_luns, l_next) {
1186 error = conf_verify_lun(lun);
1192 log_warnx("no LUNs defined for target \"%s\"",
1196 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1197 assert(pg->pg_name != NULL);
1198 if (pg->pg_discovery_auth_group == NULL) {
1199 pg->pg_discovery_auth_group =
1200 auth_group_find(conf, "default");
1201 assert(pg->pg_discovery_auth_group != NULL);
1204 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1205 if (targ->t_portal_group == pg)
1209 if (strcmp(pg->pg_name, "default") != 0)
1210 log_warnx("portal-group \"%s\" not assigned "
1211 "to any target", pg->pg_name);
1212 pg->pg_unassigned = true;
1214 pg->pg_unassigned = false;
1216 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
1217 if (ag->ag_name == NULL)
1218 assert(ag->ag_target != NULL);
1220 assert(ag->ag_target == NULL);
1222 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1223 if (targ->t_auth_group == ag)
1226 if (targ == NULL && ag->ag_name != NULL &&
1227 strcmp(ag->ag_name, "default") != 0 &&
1228 strcmp(ag->ag_name, "no-authentication") != 0 &&
1229 strcmp(ag->ag_name, "no-access") != 0) {
1230 log_warnx("auth-group \"%s\" not assigned "
1231 "to any target", ag->ag_name);
1239 conf_apply(struct conf *oldconf, struct conf *newconf)
1241 struct target *oldtarg, *newtarg, *tmptarg;
1242 struct lun *oldlun, *newlun, *tmplun;
1243 struct portal_group *oldpg, *newpg;
1244 struct portal *oldp, *newp;
1246 int changed, cumulated_error = 0, error;
1249 if (oldconf->conf_debug != newconf->conf_debug) {
1250 log_debugx("changing debug level to %d", newconf->conf_debug);
1251 log_init(newconf->conf_debug);
1254 if (oldconf->conf_pidfh != NULL) {
1255 assert(oldconf->conf_pidfile_path != NULL);
1256 if (newconf->conf_pidfile_path != NULL &&
1257 strcmp(oldconf->conf_pidfile_path,
1258 newconf->conf_pidfile_path) == 0) {
1259 newconf->conf_pidfh = oldconf->conf_pidfh;
1260 oldconf->conf_pidfh = NULL;
1262 log_debugx("removing pidfile %s",
1263 oldconf->conf_pidfile_path);
1264 pidfile_remove(oldconf->conf_pidfh);
1265 oldconf->conf_pidfh = NULL;
1269 if (newconf->conf_pidfh == NULL && newconf->conf_pidfile_path != NULL) {
1270 log_debugx("opening pidfile %s", newconf->conf_pidfile_path);
1271 newconf->conf_pidfh =
1272 pidfile_open(newconf->conf_pidfile_path, 0600, &otherpid);
1273 if (newconf->conf_pidfh == NULL) {
1274 if (errno == EEXIST)
1275 log_errx(1, "daemon already running, pid: %jd.",
1276 (intmax_t)otherpid);
1277 log_err(1, "cannot open or create pidfile \"%s\"",
1278 newconf->conf_pidfile_path);
1283 * XXX: If target or lun removal fails, we should somehow "move"
1284 * the old lun or target into newconf, so that subsequent
1285 * conf_apply() would try to remove them again. That would
1286 * be somewhat hairy, though, and lun deletion failures don't
1287 * really happen, so leave it as it is for now.
1289 TAILQ_FOREACH_SAFE(oldtarg, &oldconf->conf_targets, t_next, tmptarg) {
1291 * First, remove any targets present in the old configuration
1292 * and missing in the new one.
1294 newtarg = target_find(newconf, oldtarg->t_name);
1295 if (newtarg == NULL) {
1296 TAILQ_FOREACH_SAFE(oldlun, &oldtarg->t_luns, l_next,
1298 log_debugx("target %s not found in new "
1299 "configuration; removing its lun %d, "
1300 "backed by CTL lun %d",
1301 oldtarg->t_name, oldlun->l_lun,
1303 error = kernel_lun_remove(oldlun);
1305 log_warnx("failed to remove lun %d, "
1306 "target %s, CTL lun %d",
1307 oldlun->l_lun, oldtarg->t_name,
1313 kernel_port_remove(oldtarg);
1314 target_delete(oldtarg);
1319 * Second, remove any LUNs present in the old target
1320 * and missing in the new one.
1322 TAILQ_FOREACH_SAFE(oldlun, &oldtarg->t_luns, l_next, tmplun) {
1323 newlun = lun_find(newtarg, oldlun->l_lun);
1324 if (newlun == NULL) {
1325 log_debugx("lun %d, target %s, CTL lun %d "
1326 "not found in new configuration; "
1327 "removing", oldlun->l_lun, oldtarg->t_name,
1329 error = kernel_lun_remove(oldlun);
1331 log_warnx("failed to remove lun %d, "
1332 "target %s, CTL lun %d",
1333 oldlun->l_lun, oldtarg->t_name,
1342 * Also remove the LUNs changed by more than size.
1345 assert(oldlun->l_backend != NULL);
1346 assert(newlun->l_backend != NULL);
1347 if (strcmp(newlun->l_backend, oldlun->l_backend) != 0) {
1348 log_debugx("backend for lun %d, target %s, "
1349 "CTL lun %d changed; removing",
1350 oldlun->l_lun, oldtarg->t_name,
1354 if (oldlun->l_blocksize != newlun->l_blocksize) {
1355 log_debugx("blocksize for lun %d, target %s, "
1356 "CTL lun %d changed; removing",
1357 oldlun->l_lun, oldtarg->t_name,
1361 if (newlun->l_device_id != NULL &&
1362 (oldlun->l_device_id == NULL ||
1363 strcmp(oldlun->l_device_id, newlun->l_device_id) !=
1365 log_debugx("device-id for lun %d, target %s, "
1366 "CTL lun %d changed; removing",
1367 oldlun->l_lun, oldtarg->t_name,
1371 if (newlun->l_path != NULL &&
1372 (oldlun->l_path == NULL ||
1373 strcmp(oldlun->l_path, newlun->l_path) != 0)) {
1374 log_debugx("path for lun %d, target %s, "
1375 "CTL lun %d, changed; removing",
1376 oldlun->l_lun, oldtarg->t_name,
1380 if (newlun->l_serial != NULL &&
1381 (oldlun->l_serial == NULL ||
1382 strcmp(oldlun->l_serial, newlun->l_serial) != 0)) {
1383 log_debugx("serial for lun %d, target %s, "
1384 "CTL lun %d changed; removing",
1385 oldlun->l_lun, oldtarg->t_name,
1390 error = kernel_lun_remove(oldlun);
1392 log_warnx("failed to remove lun %d, "
1393 "target %s, CTL lun %d",
1394 oldlun->l_lun, oldtarg->t_name,
1402 lun_set_ctl_lun(newlun, oldlun->l_ctl_lun);
1407 * Now add new targets or modify existing ones.
1409 TAILQ_FOREACH(newtarg, &newconf->conf_targets, t_next) {
1410 oldtarg = target_find(oldconf, newtarg->t_name);
1412 TAILQ_FOREACH_SAFE(newlun, &newtarg->t_luns, l_next, tmplun) {
1413 if (oldtarg != NULL) {
1414 oldlun = lun_find(oldtarg, newlun->l_lun);
1415 if (oldlun != NULL) {
1416 if (newlun->l_size != oldlun->l_size) {
1417 log_debugx("resizing lun %d, "
1418 "target %s, CTL lun %d",
1423 kernel_lun_resize(newlun);
1425 log_warnx("failed to "
1438 log_debugx("adding lun %d, target %s",
1439 newlun->l_lun, newtarg->t_name);
1440 error = kernel_lun_add(newlun);
1442 log_warnx("failed to add lun %d, target %s",
1443 newlun->l_lun, newtarg->t_name);
1448 if (oldtarg == NULL)
1449 kernel_port_add(newtarg);
1453 * Go through the new portals, opening the sockets as neccessary.
1455 TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) {
1456 if (newpg->pg_unassigned) {
1457 log_debugx("not listening on portal-group \"%s\", "
1458 "not assigned to any target",
1462 TAILQ_FOREACH(newp, &newpg->pg_portals, p_next) {
1464 * Try to find already open portal and reuse
1465 * the listening socket. We don't care about
1466 * what portal or portal group that was, what
1467 * matters is the listening address.
1469 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups,
1471 TAILQ_FOREACH(oldp, &oldpg->pg_portals,
1473 if (strcmp(newp->p_listen,
1474 oldp->p_listen) == 0 &&
1475 oldp->p_socket > 0) {
1483 if (newp->p_socket > 0) {
1485 * We're done with this portal.
1490 #ifdef ICL_KERNEL_PROXY
1492 newpg->pg_conf->conf_portal_id++;
1493 newp->p_id = newpg->pg_conf->conf_portal_id;
1494 log_debugx("listening on %s, portal-group "
1495 "\"%s\", portal id %d, using ICL proxy",
1496 newp->p_listen, newpg->pg_name, newp->p_id);
1497 kernel_listen(newp->p_ai, newp->p_iser,
1502 assert(proxy_mode == false);
1503 assert(newp->p_iser == false);
1505 log_debugx("listening on %s, portal-group \"%s\"",
1506 newp->p_listen, newpg->pg_name);
1507 newp->p_socket = socket(newp->p_ai->ai_family,
1508 newp->p_ai->ai_socktype,
1509 newp->p_ai->ai_protocol);
1510 if (newp->p_socket < 0) {
1511 log_warn("socket(2) failed for %s",
1516 error = setsockopt(newp->p_socket, SOL_SOCKET,
1517 SO_REUSEADDR, &one, sizeof(one));
1519 log_warn("setsockopt(SO_REUSEADDR) failed "
1520 "for %s", newp->p_listen);
1521 close(newp->p_socket);
1526 error = bind(newp->p_socket, newp->p_ai->ai_addr,
1527 newp->p_ai->ai_addrlen);
1529 log_warn("bind(2) failed for %s",
1531 close(newp->p_socket);
1536 error = listen(newp->p_socket, -1);
1538 log_warn("listen(2) failed for %s",
1540 close(newp->p_socket);
1549 * Go through the no longer used sockets, closing them.
1551 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, pg_next) {
1552 TAILQ_FOREACH(oldp, &oldpg->pg_portals, p_next) {
1553 if (oldp->p_socket <= 0)
1555 log_debugx("closing socket for %s, portal-group \"%s\"",
1556 oldp->p_listen, oldpg->pg_name);
1557 close(oldp->p_socket);
1562 return (cumulated_error);
1569 return (sigalrm_received);
1573 sigalrm_handler(int dummy __unused)
1576 * It would be easiest to just log an error and exit. We can't
1577 * do this, though, because log_errx() is not signal safe, since
1578 * it calls syslog(3). Instead, set a flag checked by pdu_send()
1579 * and pdu_receive(), to call log_errx() there. Should they fail
1580 * to notice, we'll exit here one second later.
1582 if (sigalrm_received) {
1584 * Oh well. Just give up and quit.
1589 sigalrm_received = true;
1593 set_timeout(const struct conf *conf)
1595 struct sigaction sa;
1596 struct itimerval itv;
1599 if (conf->conf_timeout <= 0) {
1600 log_debugx("session timeout disabled");
1604 bzero(&sa, sizeof(sa));
1605 sa.sa_handler = sigalrm_handler;
1606 sigfillset(&sa.sa_mask);
1607 error = sigaction(SIGALRM, &sa, NULL);
1609 log_err(1, "sigaction");
1612 * First SIGALRM will arive after conf_timeout seconds.
1613 * If we do nothing, another one will arrive a second later.
1615 bzero(&itv, sizeof(itv));
1616 itv.it_interval.tv_sec = 1;
1617 itv.it_value.tv_sec = conf->conf_timeout;
1619 log_debugx("setting session timeout to %d seconds",
1620 conf->conf_timeout);
1621 error = setitimer(ITIMER_REAL, &itv, NULL);
1623 log_err(1, "setitimer");
1627 wait_for_children(bool block)
1635 * If "block" is true, wait for at least one process.
1637 if (block && num == 0)
1638 pid = wait4(-1, &status, 0, NULL);
1640 pid = wait4(-1, &status, WNOHANG, NULL);
1643 if (WIFSIGNALED(status)) {
1644 log_warnx("child process %d terminated with signal %d",
1645 pid, WTERMSIG(status));
1646 } else if (WEXITSTATUS(status) != 0) {
1647 log_warnx("child process %d terminated with exit status %d",
1648 pid, WEXITSTATUS(status));
1650 log_debugx("child process %d terminated gracefully", pid);
1659 handle_connection(struct portal *portal, int fd,
1660 const struct sockaddr *client_sa, bool dont_fork)
1662 struct connection *conn;
1665 char host[NI_MAXHOST + 1];
1668 conf = portal->p_portal_group->pg_conf;
1671 log_debugx("incoming connection; not forking due to -d flag");
1673 nchildren -= wait_for_children(false);
1674 assert(nchildren >= 0);
1676 while (conf->conf_maxproc > 0 && nchildren >= conf->conf_maxproc) {
1677 log_debugx("maxproc limit of %d child processes hit; "
1678 "waiting for child process to exit", conf->conf_maxproc);
1679 nchildren -= wait_for_children(true);
1680 assert(nchildren >= 0);
1682 log_debugx("incoming connection; forking child process #%d",
1693 pidfile_close(conf->conf_pidfh);
1695 error = getnameinfo(client_sa, client_sa->sa_len,
1696 host, sizeof(host), NULL, 0, NI_NUMERICHOST);
1698 log_errx(1, "getnameinfo: %s", gai_strerror(error));
1700 log_debugx("accepted connection from %s; portal group \"%s\"",
1701 host, portal->p_portal_group->pg_name);
1702 log_set_peer_addr(host);
1703 setproctitle("%s", host);
1705 conn = connection_new(portal, fd, host, client_sa);
1709 if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) {
1710 kernel_handoff(conn);
1711 log_debugx("connection handed off to the kernel");
1713 assert(conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY);
1716 log_debugx("nothing more to do; exiting");
1721 fd_add(int fd, fd_set *fdset, int nfds)
1725 * Skip sockets which we failed to bind.
1737 main_loop(struct conf *conf, bool dont_fork)
1739 struct portal_group *pg;
1740 struct portal *portal;
1741 struct sockaddr_storage client_sa;
1742 socklen_t client_salen;
1743 #ifdef ICL_KERNEL_PROXY
1748 int error, nfds, client_fd;
1750 pidfile_write(conf->conf_pidfh);
1753 if (sighup_received || sigterm_received)
1756 #ifdef ICL_KERNEL_PROXY
1758 client_salen = sizeof(client_sa);
1759 kernel_accept(&connection_id, &portal_id,
1760 (struct sockaddr *)&client_sa, &client_salen);
1761 if (client_salen < client_sa.ss_len)
1762 log_errx(1, "salen %u < %u",
1763 client_salen, client_sa.ss_len);
1765 log_debugx("incoming connection, id %d, portal id %d",
1766 connection_id, portal_id);
1767 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1768 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
1769 if (portal->p_id == portal_id) {
1775 log_errx(1, "kernel returned invalid portal_id %d",
1779 handle_connection(portal, connection_id,
1780 (struct sockaddr *)&client_sa, dont_fork);
1783 assert(proxy_mode == false);
1787 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1788 TAILQ_FOREACH(portal, &pg->pg_portals, p_next)
1789 nfds = fd_add(portal->p_socket, &fdset, nfds);
1791 error = select(nfds + 1, &fdset, NULL, NULL, NULL);
1795 log_err(1, "select");
1797 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1798 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
1799 if (!FD_ISSET(portal->p_socket, &fdset))
1801 client_salen = sizeof(client_sa);
1802 client_fd = accept(portal->p_socket,
1803 (struct sockaddr *)&client_sa,
1806 log_err(1, "accept");
1807 if (client_salen < client_sa.ss_len)
1808 log_errx(1, "salen %u < %u",
1811 handle_connection(portal, client_fd,
1812 (struct sockaddr *)&client_sa,
1817 #ifdef ICL_KERNEL_PROXY
1824 sighup_handler(int dummy __unused)
1827 sighup_received = true;
1831 sigterm_handler(int dummy __unused)
1834 sigterm_received = true;
1838 sigchld_handler(int dummy __unused)
1842 * The only purpose of this handler is to make SIGCHLD
1843 * interrupt the ISCSIDWAIT ioctl(2), so we can call
1844 * wait_for_children().
1849 register_signals(void)
1851 struct sigaction sa;
1854 bzero(&sa, sizeof(sa));
1855 sa.sa_handler = sighup_handler;
1856 sigfillset(&sa.sa_mask);
1857 error = sigaction(SIGHUP, &sa, NULL);
1859 log_err(1, "sigaction");
1861 sa.sa_handler = sigterm_handler;
1862 error = sigaction(SIGTERM, &sa, NULL);
1864 log_err(1, "sigaction");
1866 sa.sa_handler = sigterm_handler;
1867 error = sigaction(SIGINT, &sa, NULL);
1869 log_err(1, "sigaction");
1871 sa.sa_handler = sigchld_handler;
1872 error = sigaction(SIGCHLD, &sa, NULL);
1874 log_err(1, "sigaction");
1878 main(int argc, char **argv)
1880 struct conf *oldconf, *newconf, *tmpconf;
1881 const char *config_path = DEFAULT_CONFIG_PATH;
1882 int debug = 0, ch, error;
1883 bool dont_daemonize = false;
1885 while ((ch = getopt(argc, argv, "df:R")) != -1) {
1888 dont_daemonize = true;
1892 config_path = optarg;
1895 #ifndef ICL_KERNEL_PROXY
1896 log_errx(1, "ctld(8) compiled without ICL_KERNEL_PROXY "
1897 "does not support iSER protocol");
1913 oldconf = conf_new_from_kernel();
1914 newconf = conf_new_from_file(config_path);
1915 if (newconf == NULL)
1916 log_errx(1, "configuration error; exiting");
1918 oldconf->conf_debug = debug;
1919 newconf->conf_debug = debug;
1922 error = conf_apply(oldconf, newconf);
1924 log_errx(1, "failed to apply configuration; exiting");
1926 conf_delete(oldconf);
1931 if (dont_daemonize == false) {
1932 log_debugx("daemonizing");
1933 if (daemon(0, 0) == -1) {
1934 log_warn("cannot daemonize");
1935 pidfile_remove(newconf->conf_pidfh);
1941 main_loop(newconf, dont_daemonize);
1942 if (sighup_received) {
1943 sighup_received = false;
1944 log_debugx("received SIGHUP, reloading configuration");
1945 tmpconf = conf_new_from_file(config_path);
1946 if (tmpconf == NULL) {
1947 log_warnx("configuration error, "
1948 "continuing with old configuration");
1951 tmpconf->conf_debug = debug;
1954 error = conf_apply(oldconf, newconf);
1956 log_warnx("failed to reload "
1958 conf_delete(oldconf);
1961 } else if (sigterm_received) {
1962 log_debugx("exiting on signal; "
1963 "reloading empty configuration");
1965 log_debugx("disabling CTL iSCSI port "
1966 "and terminating all connections");
1969 newconf = conf_new();
1971 newconf->conf_debug = debug;
1972 error = conf_apply(oldconf, newconf);
1974 log_warnx("failed to apply configuration");
1976 log_warnx("exiting on signal");
1979 nchildren -= wait_for_children(false);
1980 assert(nchildren >= 0);