2 * Copyright (c) 2012 The FreeBSD Foundation
5 * This software was developed by Edward Tomasz Napierala under sponsorship
6 * from the FreeBSD Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 #include <sys/cdefs.h>
32 __FBSDID("$FreeBSD$");
34 #include <sys/types.h>
36 #include <sys/socket.h>
38 #include <netinet/in.h>
39 #include <arpa/inet.h>
55 bool proxy_mode = false;
57 static volatile bool sighup_received = false;
58 static volatile bool sigterm_received = false;
59 static volatile bool sigalrm_received = false;
61 static int nchildren = 0;
67 fprintf(stderr, "usage: ctld [-d][-f config-file]\n");
72 checked_strdup(const char *s)
87 conf = calloc(1, sizeof(*conf));
90 TAILQ_INIT(&conf->conf_targets);
91 TAILQ_INIT(&conf->conf_auth_groups);
92 TAILQ_INIT(&conf->conf_portal_groups);
93 TAILQ_INIT(&conf->conf_isns);
95 conf->conf_isns_period = 900;
96 conf->conf_isns_timeout = 5;
98 conf->conf_timeout = 60;
99 conf->conf_maxproc = 30;
105 conf_delete(struct conf *conf)
107 struct target *targ, *tmp;
108 struct auth_group *ag, *cagtmp;
109 struct portal_group *pg, *cpgtmp;
110 struct isns *is, *istmp;
112 assert(conf->conf_pidfh == NULL);
114 TAILQ_FOREACH_SAFE(targ, &conf->conf_targets, t_next, tmp)
116 TAILQ_FOREACH_SAFE(ag, &conf->conf_auth_groups, ag_next, cagtmp)
117 auth_group_delete(ag);
118 TAILQ_FOREACH_SAFE(pg, &conf->conf_portal_groups, pg_next, cpgtmp)
119 portal_group_delete(pg);
120 TAILQ_FOREACH_SAFE(is, &conf->conf_isns, i_next, istmp)
122 free(conf->conf_pidfile_path);
127 auth_new(struct auth_group *ag)
131 auth = calloc(1, sizeof(*auth));
133 log_err(1, "calloc");
134 auth->a_auth_group = ag;
135 TAILQ_INSERT_TAIL(&ag->ag_auths, auth, a_next);
140 auth_delete(struct auth *auth)
142 TAILQ_REMOVE(&auth->a_auth_group->ag_auths, auth, a_next);
145 free(auth->a_secret);
146 free(auth->a_mutual_user);
147 free(auth->a_mutual_secret);
152 auth_find(const struct auth_group *ag, const char *user)
154 const struct auth *auth;
156 TAILQ_FOREACH(auth, &ag->ag_auths, a_next) {
157 if (strcmp(auth->a_user, user) == 0)
165 auth_check_secret_length(struct auth *auth)
169 len = strlen(auth->a_secret);
171 if (auth->a_auth_group->ag_name != NULL)
172 log_warnx("secret for user \"%s\", auth-group \"%s\", "
173 "is too long; it should be at most 16 characters "
174 "long", auth->a_user, auth->a_auth_group->ag_name);
176 log_warnx("secret for user \"%s\", target \"%s\", "
177 "is too long; it should be at most 16 characters "
178 "long", auth->a_user,
179 auth->a_auth_group->ag_target->t_name);
182 if (auth->a_auth_group->ag_name != NULL)
183 log_warnx("secret for user \"%s\", auth-group \"%s\", "
184 "is too short; it should be at least 12 characters "
185 "long", auth->a_user,
186 auth->a_auth_group->ag_name);
188 log_warnx("secret for user \"%s\", target \"%s\", "
189 "is too short; it should be at least 16 characters "
190 "long", auth->a_user,
191 auth->a_auth_group->ag_target->t_name);
194 if (auth->a_mutual_secret != NULL) {
195 len = strlen(auth->a_secret);
197 if (auth->a_auth_group->ag_name != NULL)
198 log_warnx("mutual secret for user \"%s\", "
199 "auth-group \"%s\", is too long; it should "
200 "be at most 16 characters long",
201 auth->a_user, auth->a_auth_group->ag_name);
203 log_warnx("mutual secret for user \"%s\", "
204 "target \"%s\", is too long; it should "
205 "be at most 16 characters long",
207 auth->a_auth_group->ag_target->t_name);
210 if (auth->a_auth_group->ag_name != NULL)
211 log_warnx("mutual secret for user \"%s\", "
212 "auth-group \"%s\", is too short; it "
213 "should be at least 12 characters long",
214 auth->a_user, auth->a_auth_group->ag_name);
216 log_warnx("mutual secret for user \"%s\", "
217 "target \"%s\", is too short; it should be "
218 "at least 16 characters long",
220 auth->a_auth_group->ag_target->t_name);
226 auth_new_chap(struct auth_group *ag, const char *user,
231 if (ag->ag_type == AG_TYPE_UNKNOWN)
232 ag->ag_type = AG_TYPE_CHAP;
233 if (ag->ag_type != AG_TYPE_CHAP) {
234 if (ag->ag_name != NULL)
235 log_warnx("cannot mix \"chap\" authentication with "
236 "other types for auth-group \"%s\"", ag->ag_name);
238 log_warnx("cannot mix \"chap\" authentication with "
239 "other types for target \"%s\"",
240 ag->ag_target->t_name);
245 auth->a_user = checked_strdup(user);
246 auth->a_secret = checked_strdup(secret);
248 auth_check_secret_length(auth);
254 auth_new_chap_mutual(struct auth_group *ag, const char *user,
255 const char *secret, const char *user2, const char *secret2)
259 if (ag->ag_type == AG_TYPE_UNKNOWN)
260 ag->ag_type = AG_TYPE_CHAP_MUTUAL;
261 if (ag->ag_type != AG_TYPE_CHAP_MUTUAL) {
262 if (ag->ag_name != NULL)
263 log_warnx("cannot mix \"chap-mutual\" authentication "
264 "with other types for auth-group \"%s\"",
267 log_warnx("cannot mix \"chap-mutual\" authentication "
268 "with other types for target \"%s\"",
269 ag->ag_target->t_name);
274 auth->a_user = checked_strdup(user);
275 auth->a_secret = checked_strdup(secret);
276 auth->a_mutual_user = checked_strdup(user2);
277 auth->a_mutual_secret = checked_strdup(secret2);
279 auth_check_secret_length(auth);
284 const struct auth_name *
285 auth_name_new(struct auth_group *ag, const char *name)
287 struct auth_name *an;
289 an = calloc(1, sizeof(*an));
291 log_err(1, "calloc");
292 an->an_auth_group = ag;
293 an->an_initator_name = checked_strdup(name);
294 TAILQ_INSERT_TAIL(&ag->ag_names, an, an_next);
299 auth_name_delete(struct auth_name *an)
301 TAILQ_REMOVE(&an->an_auth_group->ag_names, an, an_next);
303 free(an->an_initator_name);
308 auth_name_defined(const struct auth_group *ag)
310 if (TAILQ_EMPTY(&ag->ag_names))
315 const struct auth_name *
316 auth_name_find(const struct auth_group *ag, const char *name)
318 const struct auth_name *auth_name;
320 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) {
321 if (strcmp(auth_name->an_initator_name, name) == 0)
329 auth_name_check(const struct auth_group *ag, const char *initiator_name)
331 if (!auth_name_defined(ag))
334 if (auth_name_find(ag, initiator_name) == NULL)
340 const struct auth_portal *
341 auth_portal_new(struct auth_group *ag, const char *portal)
343 struct auth_portal *ap;
344 char *net, *mask, *str, *tmp;
347 ap = calloc(1, sizeof(*ap));
349 log_err(1, "calloc");
350 ap->ap_auth_group = ag;
351 ap->ap_initator_portal = checked_strdup(portal);
352 mask = str = checked_strdup(portal);
353 net = strsep(&mask, "/");
359 if (net[len - 1] == ']')
361 if (strchr(net, ':') != NULL) {
362 struct sockaddr_in6 *sin6 =
363 (struct sockaddr_in6 *)&ap->ap_sa;
365 sin6->sin6_len = sizeof(*sin6);
366 sin6->sin6_family = AF_INET6;
367 if (inet_pton(AF_INET6, net, &sin6->sin6_addr) <= 0)
371 struct sockaddr_in *sin =
372 (struct sockaddr_in *)&ap->ap_sa;
374 sin->sin_len = sizeof(*sin);
375 sin->sin_family = AF_INET;
376 if (inet_pton(AF_INET, net, &sin->sin_addr) <= 0)
381 m = strtol(mask, &tmp, 0);
382 if (m < 0 || m > dm || tmp[0] != 0)
388 TAILQ_INSERT_TAIL(&ag->ag_portals, ap, ap_next);
392 log_errx(1, "Incorrect initiator portal '%s'", portal);
397 auth_portal_delete(struct auth_portal *ap)
399 TAILQ_REMOVE(&ap->ap_auth_group->ag_portals, ap, ap_next);
401 free(ap->ap_initator_portal);
406 auth_portal_defined(const struct auth_group *ag)
408 if (TAILQ_EMPTY(&ag->ag_portals))
413 const struct auth_portal *
414 auth_portal_find(const struct auth_group *ag, const struct sockaddr_storage *ss)
416 const struct auth_portal *ap;
417 const uint8_t *a, *b;
421 TAILQ_FOREACH(ap, &ag->ag_portals, ap_next) {
422 if (ap->ap_sa.ss_family != ss->ss_family)
424 if (ss->ss_family == AF_INET) {
425 a = (const uint8_t *)
426 &((const struct sockaddr_in *)ss)->sin_addr;
427 b = (const uint8_t *)
428 &((const struct sockaddr_in *)&ap->ap_sa)->sin_addr;
430 a = (const uint8_t *)
431 &((const struct sockaddr_in6 *)ss)->sin6_addr;
432 b = (const uint8_t *)
433 &((const struct sockaddr_in6 *)&ap->ap_sa)->sin6_addr;
435 for (i = 0; i < ap->ap_mask / 8; i++) {
439 if (ap->ap_mask % 8) {
440 bmask = 0xff << (8 - (ap->ap_mask % 8));
441 if ((a[i] & bmask) != (b[i] & bmask))
453 auth_portal_check(const struct auth_group *ag, const struct sockaddr_storage *sa)
456 if (!auth_portal_defined(ag))
459 if (auth_portal_find(ag, sa) == NULL)
466 auth_group_new(struct conf *conf, const char *name)
468 struct auth_group *ag;
471 ag = auth_group_find(conf, name);
473 log_warnx("duplicated auth-group \"%s\"", name);
478 ag = calloc(1, sizeof(*ag));
480 log_err(1, "calloc");
482 ag->ag_name = checked_strdup(name);
483 TAILQ_INIT(&ag->ag_auths);
484 TAILQ_INIT(&ag->ag_names);
485 TAILQ_INIT(&ag->ag_portals);
487 TAILQ_INSERT_TAIL(&conf->conf_auth_groups, ag, ag_next);
493 auth_group_delete(struct auth_group *ag)
495 struct auth *auth, *auth_tmp;
496 struct auth_name *auth_name, *auth_name_tmp;
497 struct auth_portal *auth_portal, *auth_portal_tmp;
499 TAILQ_REMOVE(&ag->ag_conf->conf_auth_groups, ag, ag_next);
501 TAILQ_FOREACH_SAFE(auth, &ag->ag_auths, a_next, auth_tmp)
503 TAILQ_FOREACH_SAFE(auth_name, &ag->ag_names, an_next, auth_name_tmp)
504 auth_name_delete(auth_name);
505 TAILQ_FOREACH_SAFE(auth_portal, &ag->ag_portals, ap_next,
507 auth_portal_delete(auth_portal);
513 auth_group_find(const struct conf *conf, const char *name)
515 struct auth_group *ag;
517 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
518 if (ag->ag_name != NULL && strcmp(ag->ag_name, name) == 0)
526 auth_group_set_type(struct auth_group *ag, const char *str)
530 if (strcmp(str, "none") == 0) {
531 type = AG_TYPE_NO_AUTHENTICATION;
532 } else if (strcmp(str, "deny") == 0) {
534 } else if (strcmp(str, "chap") == 0) {
536 } else if (strcmp(str, "chap-mutual") == 0) {
537 type = AG_TYPE_CHAP_MUTUAL;
539 if (ag->ag_name != NULL)
540 log_warnx("invalid auth-type \"%s\" for auth-group "
541 "\"%s\"", str, ag->ag_name);
543 log_warnx("invalid auth-type \"%s\" for target "
544 "\"%s\"", str, ag->ag_target->t_name);
548 if (ag->ag_type != AG_TYPE_UNKNOWN && ag->ag_type != type) {
549 if (ag->ag_name != NULL) {
550 log_warnx("cannot set auth-type to \"%s\" for "
551 "auth-group \"%s\"; already has a different "
552 "type", str, ag->ag_name);
554 log_warnx("cannot set auth-type to \"%s\" for target "
555 "\"%s\"; already has a different type",
556 str, ag->ag_target->t_name);
566 static struct portal *
567 portal_new(struct portal_group *pg)
569 struct portal *portal;
571 portal = calloc(1, sizeof(*portal));
573 log_err(1, "calloc");
574 TAILQ_INIT(&portal->p_targets);
575 portal->p_portal_group = pg;
576 TAILQ_INSERT_TAIL(&pg->pg_portals, portal, p_next);
581 portal_delete(struct portal *portal)
584 TAILQ_REMOVE(&portal->p_portal_group->pg_portals, portal, p_next);
585 if (portal->p_ai != NULL)
586 freeaddrinfo(portal->p_ai);
587 free(portal->p_listen);
591 struct portal_group *
592 portal_group_new(struct conf *conf, const char *name)
594 struct portal_group *pg;
596 pg = portal_group_find(conf, name);
598 log_warnx("duplicated portal-group \"%s\"", name);
602 pg = calloc(1, sizeof(*pg));
604 log_err(1, "calloc");
605 pg->pg_name = checked_strdup(name);
606 TAILQ_INIT(&pg->pg_portals);
608 conf->conf_last_portal_group_tag++;
609 pg->pg_tag = conf->conf_last_portal_group_tag;
610 TAILQ_INSERT_TAIL(&conf->conf_portal_groups, pg, pg_next);
616 portal_group_delete(struct portal_group *pg)
618 struct portal *portal, *tmp;
620 TAILQ_REMOVE(&pg->pg_conf->conf_portal_groups, pg, pg_next);
622 TAILQ_FOREACH_SAFE(portal, &pg->pg_portals, p_next, tmp)
623 portal_delete(portal);
625 free(pg->pg_redirection);
629 struct portal_group *
630 portal_group_find(const struct conf *conf, const char *name)
632 struct portal_group *pg;
634 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
635 if (strcmp(pg->pg_name, name) == 0)
643 parse_addr_port(char *arg, const char *def_port, struct addrinfo **ai)
645 struct addrinfo hints;
646 char *str, *addr, *ch;
648 int error, colons = 0;
650 str = arg = strdup(arg);
653 * IPv6 address in square brackets, perhaps with port.
656 addr = strsep(&arg, "]");
659 if (arg[0] == '\0') {
661 } else if (arg[0] == ':') {
669 * Either IPv6 address without brackets - and without
670 * a port - or IPv4 address. Just count the colons.
672 for (ch = arg; *ch != '\0'; ch++) {
680 addr = strsep(&arg, ":");
688 memset(&hints, 0, sizeof(hints));
689 hints.ai_family = PF_UNSPEC;
690 hints.ai_socktype = SOCK_STREAM;
691 hints.ai_flags = AI_PASSIVE;
692 error = getaddrinfo(addr, port, &hints, ai);
694 return ((error != 0) ? 1 : 0);
698 portal_group_add_listen(struct portal_group *pg, const char *value, bool iser)
700 struct portal *portal;
702 portal = portal_new(pg);
703 portal->p_listen = checked_strdup(value);
704 portal->p_iser = iser;
706 if (parse_addr_port(portal->p_listen, "3260", &portal->p_ai)) {
707 log_warnx("invalid listen address %s", portal->p_listen);
708 portal_delete(portal);
713 * XXX: getaddrinfo(3) may return multiple addresses; we should turn
714 * those into multiple portals.
721 isns_new(struct conf *conf, const char *addr)
725 isns = calloc(1, sizeof(*isns));
727 log_err(1, "calloc");
729 TAILQ_INSERT_TAIL(&conf->conf_isns, isns, i_next);
730 isns->i_addr = checked_strdup(addr);
732 if (parse_addr_port(isns->i_addr, "3205", &isns->i_ai)) {
733 log_warnx("invalid iSNS address %s", isns->i_addr);
739 * XXX: getaddrinfo(3) may return multiple addresses; we should turn
740 * those into multiple servers.
747 isns_delete(struct isns *isns)
750 TAILQ_REMOVE(&isns->i_conf->conf_isns, isns, i_next);
752 if (isns->i_ai != NULL)
753 freeaddrinfo(isns->i_ai);
758 isns_do_connect(struct isns *isns)
762 s = socket(isns->i_ai->ai_family, isns->i_ai->ai_socktype,
763 isns->i_ai->ai_protocol);
765 log_warn("socket(2) failed for %s", isns->i_addr);
768 if (connect(s, isns->i_ai->ai_addr, isns->i_ai->ai_addrlen)) {
769 log_warn("connect(2) failed for %s", isns->i_addr);
777 isns_do_register(struct isns *isns, int s, const char *hostname)
779 struct conf *conf = isns->i_conf;
780 struct target *target;
781 struct portal *portal;
782 struct portal_group *pg;
783 struct isns_req *req;
787 req = isns_req_create(ISNS_FUNC_DEVATTRREG, ISNS_FLAG_CLIENT);
788 isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name);
789 isns_req_add_delim(req);
790 isns_req_add_str(req, 1, hostname);
791 isns_req_add_32(req, 2, 2); /* 2 -- iSCSI */
792 isns_req_add_32(req, 6, conf->conf_isns_period);
793 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
794 if (pg->pg_unassigned)
796 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
797 isns_req_add_addr(req, 16, portal->p_ai);
798 isns_req_add_port(req, 17, portal->p_ai);
801 TAILQ_FOREACH(target, &conf->conf_targets, t_next) {
802 isns_req_add_str(req, 32, target->t_name);
803 isns_req_add_32(req, 33, 1); /* 1 -- Target*/
804 if (target->t_alias != NULL)
805 isns_req_add_str(req, 34, target->t_alias);
806 pg = target->t_portal_group;
807 isns_req_add_32(req, 51, pg->pg_tag);
808 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
809 isns_req_add_addr(req, 49, portal->p_ai);
810 isns_req_add_port(req, 50, portal->p_ai);
813 res = isns_req_send(s, req);
815 log_warn("send(2) failed for %s", isns->i_addr);
818 res = isns_req_receive(s, req);
820 log_warn("receive(2) failed for %s", isns->i_addr);
823 error = isns_req_get_status(req);
825 log_warnx("iSNS register error %d for %s", error, isns->i_addr);
834 isns_do_check(struct isns *isns, int s, const char *hostname)
836 struct conf *conf = isns->i_conf;
837 struct isns_req *req;
841 req = isns_req_create(ISNS_FUNC_DEVATTRQRY, ISNS_FLAG_CLIENT);
842 isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name);
843 isns_req_add_str(req, 1, hostname);
844 isns_req_add_delim(req);
845 isns_req_add(req, 2, 0, NULL);
846 res = isns_req_send(s, req);
848 log_warn("send(2) failed for %s", isns->i_addr);
851 res = isns_req_receive(s, req);
853 log_warn("receive(2) failed for %s", isns->i_addr);
856 error = isns_req_get_status(req);
858 log_warnx("iSNS check error %d for %s", error, isns->i_addr);
867 isns_do_deregister(struct isns *isns, int s, const char *hostname)
869 struct conf *conf = isns->i_conf;
870 struct isns_req *req;
874 req = isns_req_create(ISNS_FUNC_DEVDEREG, ISNS_FLAG_CLIENT);
875 isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name);
876 isns_req_add_delim(req);
877 isns_req_add_str(req, 1, hostname);
878 res = isns_req_send(s, req);
880 log_warn("send(2) failed for %s", isns->i_addr);
883 res = isns_req_receive(s, req);
885 log_warn("receive(2) failed for %s", isns->i_addr);
888 error = isns_req_get_status(req);
890 log_warnx("iSNS deregister error %d for %s", error, isns->i_addr);
899 isns_register(struct isns *isns, struct isns *oldisns)
901 struct conf *conf = isns->i_conf;
905 if (TAILQ_EMPTY(&conf->conf_targets) ||
906 TAILQ_EMPTY(&conf->conf_portal_groups))
908 set_timeout(conf->conf_isns_timeout, false);
909 s = isns_do_connect(isns);
911 set_timeout(0, false);
914 gethostname(hostname, sizeof(hostname));
916 if (oldisns == NULL || TAILQ_EMPTY(&oldisns->i_conf->conf_targets))
918 isns_do_deregister(oldisns, s, hostname);
919 isns_do_register(isns, s, hostname);
921 set_timeout(0, false);
925 isns_check(struct isns *isns)
927 struct conf *conf = isns->i_conf;
931 if (TAILQ_EMPTY(&conf->conf_targets) ||
932 TAILQ_EMPTY(&conf->conf_portal_groups))
934 set_timeout(conf->conf_isns_timeout, false);
935 s = isns_do_connect(isns);
937 set_timeout(0, false);
940 gethostname(hostname, sizeof(hostname));
942 res = isns_do_check(isns, s, hostname);
944 isns_do_deregister(isns, s, hostname);
945 isns_do_register(isns, s, hostname);
948 set_timeout(0, false);
952 isns_deregister(struct isns *isns)
954 struct conf *conf = isns->i_conf;
958 if (TAILQ_EMPTY(&conf->conf_targets) ||
959 TAILQ_EMPTY(&conf->conf_portal_groups))
961 set_timeout(conf->conf_isns_timeout, false);
962 s = isns_do_connect(isns);
965 gethostname(hostname, sizeof(hostname));
967 isns_do_deregister(isns, s, hostname);
969 set_timeout(0, false);
973 portal_group_set_filter(struct portal_group *pg, const char *str)
977 if (strcmp(str, "none") == 0) {
978 filter = PG_FILTER_NONE;
979 } else if (strcmp(str, "portal") == 0) {
980 filter = PG_FILTER_PORTAL;
981 } else if (strcmp(str, "portal-name") == 0) {
982 filter = PG_FILTER_PORTAL_NAME;
983 } else if (strcmp(str, "portal-name-auth") == 0) {
984 filter = PG_FILTER_PORTAL_NAME_AUTH;
986 log_warnx("invalid discovery-filter \"%s\" for portal-group "
987 "\"%s\"; valid values are \"none\", \"portal\", "
988 "\"portal-name\", and \"portal-name-auth\"",
993 if (pg->pg_discovery_filter != PG_FILTER_UNKNOWN &&
994 pg->pg_discovery_filter != filter) {
995 log_warnx("cannot set discovery-filter to \"%s\" for "
996 "portal-group \"%s\"; already has a different "
997 "value", str, pg->pg_name);
1001 pg->pg_discovery_filter = filter;
1007 portal_group_set_redirection(struct portal_group *pg, const char *addr)
1010 if (pg->pg_redirection != NULL) {
1011 log_warnx("cannot set redirection to \"%s\" for "
1012 "portal-group \"%s\"; already defined",
1017 pg->pg_redirection = checked_strdup(addr);
1023 valid_hex(const char ch)
1055 valid_iscsi_name(const char *name)
1059 if (strlen(name) >= MAX_NAME_LEN) {
1060 log_warnx("overlong name for target \"%s\"; max length allowed "
1061 "by iSCSI specification is %d characters",
1062 name, MAX_NAME_LEN);
1067 * In the cases below, we don't return an error, just in case the admin
1068 * was right, and we're wrong.
1070 if (strncasecmp(name, "iqn.", strlen("iqn.")) == 0) {
1071 for (i = strlen("iqn."); name[i] != '\0'; i++) {
1073 * XXX: We should verify UTF-8 normalisation, as defined
1074 * by 3.2.6.2: iSCSI Name Encoding.
1076 if (isalnum(name[i]))
1078 if (name[i] == '-' || name[i] == '.' || name[i] == ':')
1080 log_warnx("invalid character \"%c\" in target name "
1081 "\"%s\"; allowed characters are letters, digits, "
1082 "'-', '.', and ':'", name[i], name);
1086 * XXX: Check more stuff: valid date and a valid reversed domain.
1088 } else if (strncasecmp(name, "eui.", strlen("eui.")) == 0) {
1089 if (strlen(name) != strlen("eui.") + 16)
1090 log_warnx("invalid target name \"%s\"; the \"eui.\" "
1091 "should be followed by exactly 16 hexadecimal "
1093 for (i = strlen("eui."); name[i] != '\0'; i++) {
1094 if (!valid_hex(name[i])) {
1095 log_warnx("invalid character \"%c\" in target "
1096 "name \"%s\"; allowed characters are 1-9 "
1097 "and A-F", name[i], name);
1101 } else if (strncasecmp(name, "naa.", strlen("naa.")) == 0) {
1102 if (strlen(name) > strlen("naa.") + 32)
1103 log_warnx("invalid target name \"%s\"; the \"naa.\" "
1104 "should be followed by at most 32 hexadecimal "
1106 for (i = strlen("naa."); name[i] != '\0'; i++) {
1107 if (!valid_hex(name[i])) {
1108 log_warnx("invalid character \"%c\" in target "
1109 "name \"%s\"; allowed characters are 1-9 "
1110 "and A-F", name[i], name);
1115 log_warnx("invalid target name \"%s\"; should start with "
1116 "either \".iqn\", \"eui.\", or \"naa.\"",
1123 target_new(struct conf *conf, const char *name)
1125 struct target *targ;
1128 targ = target_find(conf, name);
1130 log_warnx("duplicated target \"%s\"", name);
1133 if (valid_iscsi_name(name) == false) {
1134 log_warnx("target name \"%s\" is invalid", name);
1137 targ = calloc(1, sizeof(*targ));
1139 log_err(1, "calloc");
1140 targ->t_name = checked_strdup(name);
1143 * RFC 3722 requires us to normalize the name to lowercase.
1146 for (i = 0; i < len; i++)
1147 targ->t_name[i] = tolower(targ->t_name[i]);
1149 TAILQ_INIT(&targ->t_luns);
1150 targ->t_conf = conf;
1151 TAILQ_INSERT_TAIL(&conf->conf_targets, targ, t_next);
1157 target_delete(struct target *targ)
1159 struct lun *lun, *tmp;
1161 TAILQ_REMOVE(&targ->t_conf->conf_targets, targ, t_next);
1163 TAILQ_FOREACH_SAFE(lun, &targ->t_luns, l_next, tmp)
1166 free(targ->t_redirection);
1171 target_find(struct conf *conf, const char *name)
1173 struct target *targ;
1175 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1176 if (strcasecmp(targ->t_name, name) == 0)
1184 target_set_redirection(struct target *target, const char *addr)
1187 if (target->t_redirection != NULL) {
1188 log_warnx("cannot set redirection to \"%s\" for "
1189 "target \"%s\"; already defined",
1190 addr, target->t_name);
1194 target->t_redirection = checked_strdup(addr);
1200 lun_new(struct target *targ, int lun_id)
1204 lun = lun_find(targ, lun_id);
1206 log_warnx("duplicated lun %d for target \"%s\"",
1207 lun_id, targ->t_name);
1211 lun = calloc(1, sizeof(*lun));
1213 log_err(1, "calloc");
1214 lun->l_lun = lun_id;
1215 TAILQ_INIT(&lun->l_options);
1216 lun->l_target = targ;
1217 TAILQ_INSERT_TAIL(&targ->t_luns, lun, l_next);
1223 lun_delete(struct lun *lun)
1225 struct lun_option *lo, *tmp;
1227 TAILQ_REMOVE(&lun->l_target->t_luns, lun, l_next);
1229 TAILQ_FOREACH_SAFE(lo, &lun->l_options, lo_next, tmp)
1230 lun_option_delete(lo);
1231 free(lun->l_backend);
1232 free(lun->l_device_id);
1234 free(lun->l_serial);
1239 lun_find(const struct target *targ, int lun_id)
1243 TAILQ_FOREACH(lun, &targ->t_luns, l_next) {
1244 if (lun->l_lun == lun_id)
1252 lun_set_backend(struct lun *lun, const char *value)
1254 free(lun->l_backend);
1255 lun->l_backend = checked_strdup(value);
1259 lun_set_blocksize(struct lun *lun, size_t value)
1262 lun->l_blocksize = value;
1266 lun_set_device_id(struct lun *lun, const char *value)
1268 free(lun->l_device_id);
1269 lun->l_device_id = checked_strdup(value);
1273 lun_set_path(struct lun *lun, const char *value)
1276 lun->l_path = checked_strdup(value);
1280 lun_set_serial(struct lun *lun, const char *value)
1282 free(lun->l_serial);
1283 lun->l_serial = checked_strdup(value);
1287 lun_set_size(struct lun *lun, size_t value)
1290 lun->l_size = value;
1294 lun_set_ctl_lun(struct lun *lun, uint32_t value)
1297 lun->l_ctl_lun = value;
1301 lun_option_new(struct lun *lun, const char *name, const char *value)
1303 struct lun_option *lo;
1305 lo = lun_option_find(lun, name);
1307 log_warnx("duplicated lun option %s for lun %d, target \"%s\"",
1308 name, lun->l_lun, lun->l_target->t_name);
1312 lo = calloc(1, sizeof(*lo));
1314 log_err(1, "calloc");
1315 lo->lo_name = checked_strdup(name);
1316 lo->lo_value = checked_strdup(value);
1318 TAILQ_INSERT_TAIL(&lun->l_options, lo, lo_next);
1324 lun_option_delete(struct lun_option *lo)
1327 TAILQ_REMOVE(&lo->lo_lun->l_options, lo, lo_next);
1335 lun_option_find(const struct lun *lun, const char *name)
1337 struct lun_option *lo;
1339 TAILQ_FOREACH(lo, &lun->l_options, lo_next) {
1340 if (strcmp(lo->lo_name, name) == 0)
1348 lun_option_set(struct lun_option *lo, const char *value)
1352 lo->lo_value = checked_strdup(value);
1355 static struct connection *
1356 connection_new(struct portal *portal, int fd, const char *host,
1357 const struct sockaddr *client_sa)
1359 struct connection *conn;
1361 conn = calloc(1, sizeof(*conn));
1363 log_err(1, "calloc");
1364 conn->conn_portal = portal;
1365 conn->conn_socket = fd;
1366 conn->conn_initiator_addr = checked_strdup(host);
1367 memcpy(&conn->conn_initiator_sa, client_sa, client_sa->sa_len);
1370 * Default values, from RFC 3720, section 12.
1372 conn->conn_max_data_segment_length = 8192;
1373 conn->conn_max_burst_length = 262144;
1374 conn->conn_immediate_data = true;
1381 conf_print(struct conf *conf)
1383 struct auth_group *ag;
1385 struct auth_name *auth_name;
1386 struct auth_portal *auth_portal;
1387 struct portal_group *pg;
1388 struct portal *portal;
1389 struct target *targ;
1391 struct lun_option *lo;
1393 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
1394 fprintf(stderr, "auth-group %s {\n", ag->ag_name);
1395 TAILQ_FOREACH(auth, &ag->ag_auths, a_next)
1396 fprintf(stderr, "\t chap-mutual %s %s %s %s\n",
1397 auth->a_user, auth->a_secret,
1398 auth->a_mutual_user, auth->a_mutual_secret);
1399 TAILQ_FOREACH(auth_name, &ag->ag_names, an_next)
1400 fprintf(stderr, "\t initiator-name %s\n",
1401 auth_name->an_initator_name);
1402 TAILQ_FOREACH(auth_portal, &ag->ag_portals, an_next)
1403 fprintf(stderr, "\t initiator-portal %s\n",
1404 auth_portal->an_initator_portal);
1405 fprintf(stderr, "}\n");
1407 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1408 fprintf(stderr, "portal-group %s {\n", pg->pg_name);
1409 TAILQ_FOREACH(portal, &pg->pg_portals, p_next)
1410 fprintf(stderr, "\t listen %s\n", portal->p_listen);
1411 fprintf(stderr, "}\n");
1413 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1414 fprintf(stderr, "target %s {\n", targ->t_name);
1415 if (targ->t_alias != NULL)
1416 fprintf(stderr, "\t alias %s\n", targ->t_alias);
1417 TAILQ_FOREACH(lun, &targ->t_luns, l_next) {
1418 fprintf(stderr, "\tlun %d {\n", lun->l_lun);
1419 fprintf(stderr, "\t\tpath %s\n", lun->l_path);
1420 TAILQ_FOREACH(lo, &lun->l_options, lo_next)
1421 fprintf(stderr, "\t\toption %s %s\n",
1422 lo->lo_name, lo->lo_value);
1423 fprintf(stderr, "\t}\n");
1425 fprintf(stderr, "}\n");
1431 conf_verify_lun(struct lun *lun)
1433 const struct lun *lun2;
1434 const struct target *targ2;
1436 if (lun->l_backend == NULL)
1437 lun_set_backend(lun, "block");
1438 if (strcmp(lun->l_backend, "block") == 0) {
1439 if (lun->l_path == NULL) {
1440 log_warnx("missing path for lun %d, target \"%s\"",
1441 lun->l_lun, lun->l_target->t_name);
1444 } else if (strcmp(lun->l_backend, "ramdisk") == 0) {
1445 if (lun->l_size == 0) {
1446 log_warnx("missing size for ramdisk-backed lun %d, "
1447 "target \"%s\"", lun->l_lun, lun->l_target->t_name);
1450 if (lun->l_path != NULL) {
1451 log_warnx("path must not be specified "
1452 "for ramdisk-backed lun %d, target \"%s\"",
1453 lun->l_lun, lun->l_target->t_name);
1457 if (lun->l_lun < 0 || lun->l_lun > 255) {
1458 log_warnx("invalid lun number for lun %d, target \"%s\"; "
1459 "must be between 0 and 255", lun->l_lun,
1460 lun->l_target->t_name);
1463 if (lun->l_blocksize == 0) {
1464 lun_set_blocksize(lun, DEFAULT_BLOCKSIZE);
1465 } else if (lun->l_blocksize < 0) {
1466 log_warnx("invalid blocksize for lun %d, target \"%s\"; "
1467 "must be larger than 0", lun->l_lun, lun->l_target->t_name);
1470 if (lun->l_size != 0 && lun->l_size % lun->l_blocksize != 0) {
1471 log_warnx("invalid size for lun %d, target \"%s\"; "
1472 "must be multiple of blocksize", lun->l_lun,
1473 lun->l_target->t_name);
1476 TAILQ_FOREACH(targ2, &lun->l_target->t_conf->conf_targets, t_next) {
1477 TAILQ_FOREACH(lun2, &targ2->t_luns, l_next) {
1480 if (lun->l_path != NULL && lun2->l_path != NULL &&
1481 strcmp(lun->l_path, lun2->l_path) == 0) {
1482 log_debugx("WARNING: path \"%s\" duplicated "
1483 "between lun %d, target \"%s\", and "
1484 "lun %d, target \"%s\"", lun->l_path,
1485 lun->l_lun, lun->l_target->t_name,
1486 lun2->l_lun, lun2->l_target->t_name);
1495 conf_verify(struct conf *conf)
1497 struct auth_group *ag;
1498 struct portal_group *pg;
1499 struct target *targ;
1504 if (conf->conf_pidfile_path == NULL)
1505 conf->conf_pidfile_path = checked_strdup(DEFAULT_PIDFILE);
1507 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1508 if (targ->t_auth_group == NULL) {
1509 targ->t_auth_group = auth_group_find(conf,
1511 assert(targ->t_auth_group != NULL);
1513 if (targ->t_portal_group == NULL) {
1514 targ->t_portal_group = portal_group_find(conf,
1516 assert(targ->t_portal_group != NULL);
1519 TAILQ_FOREACH(lun, &targ->t_luns, l_next) {
1520 error = conf_verify_lun(lun);
1525 if (!found && targ->t_redirection == NULL) {
1526 log_warnx("no LUNs defined for target \"%s\"",
1529 if (found && targ->t_redirection != NULL) {
1530 log_debugx("target \"%s\" contains luns, "
1531 " but configured for redirection",
1535 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1536 assert(pg->pg_name != NULL);
1537 if (pg->pg_discovery_auth_group == NULL) {
1538 pg->pg_discovery_auth_group =
1539 auth_group_find(conf, "default");
1540 assert(pg->pg_discovery_auth_group != NULL);
1543 if (pg->pg_discovery_filter == PG_FILTER_UNKNOWN)
1544 pg->pg_discovery_filter = PG_FILTER_NONE;
1546 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1547 if (targ->t_portal_group == pg)
1550 if (pg->pg_redirection != NULL) {
1552 log_debugx("portal-group \"%s\" assigned "
1553 "to target \"%s\", but configured "
1555 pg->pg_name, targ->t_name);
1557 pg->pg_unassigned = false;
1558 } else if (targ != NULL) {
1559 pg->pg_unassigned = false;
1561 if (strcmp(pg->pg_name, "default") != 0)
1562 log_warnx("portal-group \"%s\" not assigned "
1563 "to any target", pg->pg_name);
1564 pg->pg_unassigned = true;
1567 TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
1568 if (ag->ag_name == NULL)
1569 assert(ag->ag_target != NULL);
1571 assert(ag->ag_target == NULL);
1574 TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1575 if (targ->t_auth_group == ag) {
1580 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1581 if (pg->pg_discovery_auth_group == ag) {
1586 if (!found && ag->ag_name != NULL &&
1587 strcmp(ag->ag_name, "default") != 0 &&
1588 strcmp(ag->ag_name, "no-authentication") != 0 &&
1589 strcmp(ag->ag_name, "no-access") != 0) {
1590 log_warnx("auth-group \"%s\" not assigned "
1591 "to any target", ag->ag_name);
1599 conf_apply(struct conf *oldconf, struct conf *newconf)
1601 struct target *oldtarg, *newtarg, *tmptarg;
1602 struct lun *oldlun, *newlun, *tmplun;
1603 struct portal_group *oldpg, *newpg;
1604 struct portal *oldp, *newp;
1605 struct isns *oldns, *newns;
1607 int changed, cumulated_error = 0, error;
1610 if (oldconf->conf_debug != newconf->conf_debug) {
1611 log_debugx("changing debug level to %d", newconf->conf_debug);
1612 log_init(newconf->conf_debug);
1615 if (oldconf->conf_pidfh != NULL) {
1616 assert(oldconf->conf_pidfile_path != NULL);
1617 if (newconf->conf_pidfile_path != NULL &&
1618 strcmp(oldconf->conf_pidfile_path,
1619 newconf->conf_pidfile_path) == 0) {
1620 newconf->conf_pidfh = oldconf->conf_pidfh;
1621 oldconf->conf_pidfh = NULL;
1623 log_debugx("removing pidfile %s",
1624 oldconf->conf_pidfile_path);
1625 pidfile_remove(oldconf->conf_pidfh);
1626 oldconf->conf_pidfh = NULL;
1630 if (newconf->conf_pidfh == NULL && newconf->conf_pidfile_path != NULL) {
1631 log_debugx("opening pidfile %s", newconf->conf_pidfile_path);
1632 newconf->conf_pidfh =
1633 pidfile_open(newconf->conf_pidfile_path, 0600, &otherpid);
1634 if (newconf->conf_pidfh == NULL) {
1635 if (errno == EEXIST)
1636 log_errx(1, "daemon already running, pid: %jd.",
1637 (intmax_t)otherpid);
1638 log_err(1, "cannot open or create pidfile \"%s\"",
1639 newconf->conf_pidfile_path);
1643 /* Deregister on removed iSNS servers. */
1644 TAILQ_FOREACH(oldns, &oldconf->conf_isns, i_next) {
1645 TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) {
1646 if (strcmp(oldns->i_addr, newns->i_addr) == 0)
1650 isns_deregister(oldns);
1654 * XXX: If target or lun removal fails, we should somehow "move"
1655 * the old lun or target into newconf, so that subsequent
1656 * conf_apply() would try to remove them again. That would
1657 * be somewhat hairy, though, and lun deletion failures don't
1658 * really happen, so leave it as it is for now.
1660 TAILQ_FOREACH_SAFE(oldtarg, &oldconf->conf_targets, t_next, tmptarg) {
1662 * First, remove any targets present in the old configuration
1663 * and missing in the new one.
1665 newtarg = target_find(newconf, oldtarg->t_name);
1666 if (newtarg == NULL) {
1667 TAILQ_FOREACH_SAFE(oldlun, &oldtarg->t_luns, l_next,
1669 log_debugx("target %s not found in new "
1670 "configuration; removing its lun %d, "
1671 "backed by CTL lun %d",
1672 oldtarg->t_name, oldlun->l_lun,
1674 error = kernel_lun_remove(oldlun);
1676 log_warnx("failed to remove lun %d, "
1677 "target %s, CTL lun %d",
1678 oldlun->l_lun, oldtarg->t_name,
1683 error = kernel_port_remove(oldtarg);
1685 log_warnx("failed to remove target %s",
1688 * XXX: Uncomment after fixing the root cause.
1690 * cumulated_error++;
1697 * Second, remove any LUNs present in the old target
1698 * and missing in the new one.
1700 TAILQ_FOREACH_SAFE(oldlun, &oldtarg->t_luns, l_next, tmplun) {
1701 newlun = lun_find(newtarg, oldlun->l_lun);
1702 if (newlun == NULL) {
1703 log_debugx("lun %d, target %s, CTL lun %d "
1704 "not found in new configuration; "
1705 "removing", oldlun->l_lun, oldtarg->t_name,
1707 error = kernel_lun_remove(oldlun);
1709 log_warnx("failed to remove lun %d, "
1710 "target %s, CTL lun %d",
1711 oldlun->l_lun, oldtarg->t_name,
1719 * Also remove the LUNs changed by more than size.
1722 assert(oldlun->l_backend != NULL);
1723 assert(newlun->l_backend != NULL);
1724 if (strcmp(newlun->l_backend, oldlun->l_backend) != 0) {
1725 log_debugx("backend for lun %d, target %s, "
1726 "CTL lun %d changed; removing",
1727 oldlun->l_lun, oldtarg->t_name,
1731 if (oldlun->l_blocksize != newlun->l_blocksize) {
1732 log_debugx("blocksize for lun %d, target %s, "
1733 "CTL lun %d changed; removing",
1734 oldlun->l_lun, oldtarg->t_name,
1738 if (newlun->l_device_id != NULL &&
1739 (oldlun->l_device_id == NULL ||
1740 strcmp(oldlun->l_device_id, newlun->l_device_id) !=
1742 log_debugx("device-id for lun %d, target %s, "
1743 "CTL lun %d changed; removing",
1744 oldlun->l_lun, oldtarg->t_name,
1748 if (newlun->l_path != NULL &&
1749 (oldlun->l_path == NULL ||
1750 strcmp(oldlun->l_path, newlun->l_path) != 0)) {
1751 log_debugx("path for lun %d, target %s, "
1752 "CTL lun %d, changed; removing",
1753 oldlun->l_lun, oldtarg->t_name,
1757 if (newlun->l_serial != NULL &&
1758 (oldlun->l_serial == NULL ||
1759 strcmp(oldlun->l_serial, newlun->l_serial) != 0)) {
1760 log_debugx("serial for lun %d, target %s, "
1761 "CTL lun %d changed; removing",
1762 oldlun->l_lun, oldtarg->t_name,
1767 error = kernel_lun_remove(oldlun);
1769 log_warnx("failed to remove lun %d, "
1770 "target %s, CTL lun %d",
1771 oldlun->l_lun, oldtarg->t_name,
1779 lun_set_ctl_lun(newlun, oldlun->l_ctl_lun);
1784 * Now add new targets or modify existing ones.
1786 TAILQ_FOREACH(newtarg, &newconf->conf_targets, t_next) {
1787 oldtarg = target_find(oldconf, newtarg->t_name);
1789 TAILQ_FOREACH_SAFE(newlun, &newtarg->t_luns, l_next, tmplun) {
1790 if (oldtarg != NULL) {
1791 oldlun = lun_find(oldtarg, newlun->l_lun);
1792 if (oldlun != NULL) {
1793 if (newlun->l_size != oldlun->l_size ||
1794 newlun->l_size == 0) {
1795 log_debugx("resizing lun %d, "
1796 "target %s, CTL lun %d",
1801 kernel_lun_resize(newlun);
1803 log_warnx("failed to "
1816 log_debugx("adding lun %d, target %s",
1817 newlun->l_lun, newtarg->t_name);
1818 error = kernel_lun_add(newlun);
1820 log_warnx("failed to add lun %d, target %s",
1821 newlun->l_lun, newtarg->t_name);
1826 if (oldtarg == NULL) {
1827 error = kernel_port_add(newtarg);
1829 log_warnx("failed to add target %s",
1832 * XXX: Uncomment after fixing the root cause.
1834 * cumulated_error++;
1841 * Go through the new portals, opening the sockets as neccessary.
1843 TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) {
1844 if (newpg->pg_unassigned) {
1845 log_debugx("not listening on portal-group \"%s\", "
1846 "not assigned to any target",
1850 TAILQ_FOREACH(newp, &newpg->pg_portals, p_next) {
1852 * Try to find already open portal and reuse
1853 * the listening socket. We don't care about
1854 * what portal or portal group that was, what
1855 * matters is the listening address.
1857 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups,
1859 TAILQ_FOREACH(oldp, &oldpg->pg_portals,
1861 if (strcmp(newp->p_listen,
1862 oldp->p_listen) == 0 &&
1863 oldp->p_socket > 0) {
1871 if (newp->p_socket > 0) {
1873 * We're done with this portal.
1878 #ifdef ICL_KERNEL_PROXY
1880 newpg->pg_conf->conf_portal_id++;
1881 newp->p_id = newpg->pg_conf->conf_portal_id;
1882 log_debugx("listening on %s, portal-group "
1883 "\"%s\", portal id %d, using ICL proxy",
1884 newp->p_listen, newpg->pg_name, newp->p_id);
1885 kernel_listen(newp->p_ai, newp->p_iser,
1890 assert(proxy_mode == false);
1891 assert(newp->p_iser == false);
1893 log_debugx("listening on %s, portal-group \"%s\"",
1894 newp->p_listen, newpg->pg_name);
1895 newp->p_socket = socket(newp->p_ai->ai_family,
1896 newp->p_ai->ai_socktype,
1897 newp->p_ai->ai_protocol);
1898 if (newp->p_socket < 0) {
1899 log_warn("socket(2) failed for %s",
1904 error = setsockopt(newp->p_socket, SOL_SOCKET,
1905 SO_REUSEADDR, &one, sizeof(one));
1907 log_warn("setsockopt(SO_REUSEADDR) failed "
1908 "for %s", newp->p_listen);
1909 close(newp->p_socket);
1914 error = bind(newp->p_socket, newp->p_ai->ai_addr,
1915 newp->p_ai->ai_addrlen);
1917 log_warn("bind(2) failed for %s",
1919 close(newp->p_socket);
1924 error = listen(newp->p_socket, -1);
1926 log_warn("listen(2) failed for %s",
1928 close(newp->p_socket);
1937 * Go through the no longer used sockets, closing them.
1939 TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, pg_next) {
1940 TAILQ_FOREACH(oldp, &oldpg->pg_portals, p_next) {
1941 if (oldp->p_socket <= 0)
1943 log_debugx("closing socket for %s, portal-group \"%s\"",
1944 oldp->p_listen, oldpg->pg_name);
1945 close(oldp->p_socket);
1950 /* (Re-)Register on remaining/new iSNS servers. */
1951 TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) {
1952 TAILQ_FOREACH(oldns, &oldconf->conf_isns, i_next) {
1953 if (strcmp(oldns->i_addr, newns->i_addr) == 0)
1956 isns_register(newns, oldns);
1959 /* Schedule iSNS update */
1960 if (!TAILQ_EMPTY(&newconf->conf_isns))
1961 set_timeout((newconf->conf_isns_period + 2) / 3, false);
1963 return (cumulated_error);
1970 return (sigalrm_received);
1974 sigalrm_handler_fatal(int dummy __unused)
1977 * It would be easiest to just log an error and exit. We can't
1978 * do this, though, because log_errx() is not signal safe, since
1979 * it calls syslog(3). Instead, set a flag checked by pdu_send()
1980 * and pdu_receive(), to call log_errx() there. Should they fail
1981 * to notice, we'll exit here one second later.
1983 if (sigalrm_received) {
1985 * Oh well. Just give up and quit.
1990 sigalrm_received = true;
1994 sigalrm_handler(int dummy __unused)
1997 sigalrm_received = true;
2001 set_timeout(int timeout, int fatal)
2003 struct sigaction sa;
2004 struct itimerval itv;
2008 log_debugx("session timeout disabled");
2009 bzero(&itv, sizeof(itv));
2010 error = setitimer(ITIMER_REAL, &itv, NULL);
2012 log_err(1, "setitimer");
2013 sigalrm_received = false;
2017 sigalrm_received = false;
2018 bzero(&sa, sizeof(sa));
2020 sa.sa_handler = sigalrm_handler_fatal;
2022 sa.sa_handler = sigalrm_handler;
2023 sigfillset(&sa.sa_mask);
2024 error = sigaction(SIGALRM, &sa, NULL);
2026 log_err(1, "sigaction");
2029 * First SIGALRM will arive after conf_timeout seconds.
2030 * If we do nothing, another one will arrive a second later.
2032 log_debugx("setting session timeout to %d seconds", timeout);
2033 bzero(&itv, sizeof(itv));
2034 itv.it_interval.tv_sec = 1;
2035 itv.it_value.tv_sec = timeout;
2036 error = setitimer(ITIMER_REAL, &itv, NULL);
2038 log_err(1, "setitimer");
2042 wait_for_children(bool block)
2050 * If "block" is true, wait for at least one process.
2052 if (block && num == 0)
2053 pid = wait4(-1, &status, 0, NULL);
2055 pid = wait4(-1, &status, WNOHANG, NULL);
2058 if (WIFSIGNALED(status)) {
2059 log_warnx("child process %d terminated with signal %d",
2060 pid, WTERMSIG(status));
2061 } else if (WEXITSTATUS(status) != 0) {
2062 log_warnx("child process %d terminated with exit status %d",
2063 pid, WEXITSTATUS(status));
2065 log_debugx("child process %d terminated gracefully", pid);
2074 handle_connection(struct portal *portal, int fd,
2075 const struct sockaddr *client_sa, bool dont_fork)
2077 struct connection *conn;
2080 char host[NI_MAXHOST + 1];
2083 conf = portal->p_portal_group->pg_conf;
2086 log_debugx("incoming connection; not forking due to -d flag");
2088 nchildren -= wait_for_children(false);
2089 assert(nchildren >= 0);
2091 while (conf->conf_maxproc > 0 && nchildren >= conf->conf_maxproc) {
2092 log_debugx("maxproc limit of %d child processes hit; "
2093 "waiting for child process to exit", conf->conf_maxproc);
2094 nchildren -= wait_for_children(true);
2095 assert(nchildren >= 0);
2097 log_debugx("incoming connection; forking child process #%d",
2108 pidfile_close(conf->conf_pidfh);
2110 error = getnameinfo(client_sa, client_sa->sa_len,
2111 host, sizeof(host), NULL, 0, NI_NUMERICHOST);
2113 log_errx(1, "getnameinfo: %s", gai_strerror(error));
2115 log_debugx("accepted connection from %s; portal group \"%s\"",
2116 host, portal->p_portal_group->pg_name);
2117 log_set_peer_addr(host);
2118 setproctitle("%s", host);
2120 conn = connection_new(portal, fd, host, client_sa);
2121 set_timeout(conf->conf_timeout, true);
2124 if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) {
2125 kernel_handoff(conn);
2126 log_debugx("connection handed off to the kernel");
2128 assert(conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY);
2131 log_debugx("nothing more to do; exiting");
2136 fd_add(int fd, fd_set *fdset, int nfds)
2140 * Skip sockets which we failed to bind.
2152 main_loop(struct conf *conf, bool dont_fork)
2154 struct portal_group *pg;
2155 struct portal *portal;
2156 struct sockaddr_storage client_sa;
2157 socklen_t client_salen;
2158 #ifdef ICL_KERNEL_PROXY
2163 int error, nfds, client_fd;
2165 pidfile_write(conf->conf_pidfh);
2168 if (sighup_received || sigterm_received || timed_out())
2171 #ifdef ICL_KERNEL_PROXY
2173 client_salen = sizeof(client_sa);
2174 kernel_accept(&connection_id, &portal_id,
2175 (struct sockaddr *)&client_sa, &client_salen);
2176 assert(client_salen >= client_sa.ss_len);
2178 log_debugx("incoming connection, id %d, portal id %d",
2179 connection_id, portal_id);
2180 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
2181 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
2182 if (portal->p_id == portal_id) {
2188 log_errx(1, "kernel returned invalid portal_id %d",
2192 handle_connection(portal, connection_id,
2193 (struct sockaddr *)&client_sa, dont_fork);
2196 assert(proxy_mode == false);
2200 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
2201 TAILQ_FOREACH(portal, &pg->pg_portals, p_next)
2202 nfds = fd_add(portal->p_socket, &fdset, nfds);
2204 error = select(nfds + 1, &fdset, NULL, NULL, NULL);
2208 log_err(1, "select");
2210 TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
2211 TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
2212 if (!FD_ISSET(portal->p_socket, &fdset))
2214 client_salen = sizeof(client_sa);
2215 client_fd = accept(portal->p_socket,
2216 (struct sockaddr *)&client_sa,
2219 log_err(1, "accept");
2220 assert(client_salen >= client_sa.ss_len);
2222 handle_connection(portal, client_fd,
2223 (struct sockaddr *)&client_sa,
2228 #ifdef ICL_KERNEL_PROXY
2235 sighup_handler(int dummy __unused)
2238 sighup_received = true;
2242 sigterm_handler(int dummy __unused)
2245 sigterm_received = true;
2249 sigchld_handler(int dummy __unused)
2253 * The only purpose of this handler is to make SIGCHLD
2254 * interrupt the ISCSIDWAIT ioctl(2), so we can call
2255 * wait_for_children().
2260 register_signals(void)
2262 struct sigaction sa;
2265 bzero(&sa, sizeof(sa));
2266 sa.sa_handler = sighup_handler;
2267 sigfillset(&sa.sa_mask);
2268 error = sigaction(SIGHUP, &sa, NULL);
2270 log_err(1, "sigaction");
2272 sa.sa_handler = sigterm_handler;
2273 error = sigaction(SIGTERM, &sa, NULL);
2275 log_err(1, "sigaction");
2277 sa.sa_handler = sigterm_handler;
2278 error = sigaction(SIGINT, &sa, NULL);
2280 log_err(1, "sigaction");
2282 sa.sa_handler = sigchld_handler;
2283 error = sigaction(SIGCHLD, &sa, NULL);
2285 log_err(1, "sigaction");
2289 main(int argc, char **argv)
2291 struct conf *oldconf, *newconf, *tmpconf;
2293 const char *config_path = DEFAULT_CONFIG_PATH;
2294 int debug = 0, ch, error;
2295 bool dont_daemonize = false;
2297 while ((ch = getopt(argc, argv, "df:R")) != -1) {
2300 dont_daemonize = true;
2304 config_path = optarg;
2307 #ifndef ICL_KERNEL_PROXY
2308 log_errx(1, "ctld(8) compiled without ICL_KERNEL_PROXY "
2309 "does not support iSER protocol");
2325 oldconf = conf_new_from_kernel();
2326 newconf = conf_new_from_file(config_path);
2327 if (newconf == NULL)
2328 log_errx(1, "configuration error; exiting");
2330 oldconf->conf_debug = debug;
2331 newconf->conf_debug = debug;
2334 error = conf_apply(oldconf, newconf);
2336 log_errx(1, "failed to apply configuration; exiting");
2338 conf_delete(oldconf);
2343 if (dont_daemonize == false) {
2344 log_debugx("daemonizing");
2345 if (daemon(0, 0) == -1) {
2346 log_warn("cannot daemonize");
2347 pidfile_remove(newconf->conf_pidfh);
2352 /* Schedule iSNS update */
2353 if (!TAILQ_EMPTY(&newconf->conf_isns))
2354 set_timeout((newconf->conf_isns_period + 2) / 3, false);
2357 main_loop(newconf, dont_daemonize);
2358 if (sighup_received) {
2359 sighup_received = false;
2360 log_debugx("received SIGHUP, reloading configuration");
2361 tmpconf = conf_new_from_file(config_path);
2362 if (tmpconf == NULL) {
2363 log_warnx("configuration error, "
2364 "continuing with old configuration");
2367 tmpconf->conf_debug = debug;
2370 error = conf_apply(oldconf, newconf);
2372 log_warnx("failed to reload "
2374 conf_delete(oldconf);
2377 } else if (sigterm_received) {
2378 log_debugx("exiting on signal; "
2379 "reloading empty configuration");
2381 log_debugx("disabling CTL iSCSI port "
2382 "and terminating all connections");
2385 newconf = conf_new();
2387 newconf->conf_debug = debug;
2388 error = conf_apply(oldconf, newconf);
2390 log_warnx("failed to apply configuration");
2391 conf_delete(oldconf);
2394 log_warnx("exiting on signal");
2397 nchildren -= wait_for_children(false);
2398 assert(nchildren >= 0);
2400 set_timeout(0, false);
2401 TAILQ_FOREACH(newns, &newconf->conf_isns, i_next)
2403 /* Schedule iSNS update */
2404 if (!TAILQ_EMPTY(&newconf->conf_isns)) {
2405 set_timeout((newconf->conf_isns_period