2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2012 The FreeBSD Foundation
6 * This software was developed by Edward Tomasz Napierala under sponsorship
7 * from the FreeBSD Foundation.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
35 #include <sys/types.h>
37 #include <sys/ioctl.h>
38 #include <sys/param.h>
39 #include <sys/linker.h>
40 #include <sys/socket.h>
41 #include <sys/sysctl.h>
42 #include <sys/capsicum.h>
44 #include <netinet/in.h>
45 #include <netinet/tcp.h>
47 #include <capsicum_helpers.h>
62 static bool timed_out(void);
63 #ifdef ICL_KERNEL_PROXY
64 static void pdu_receive_proxy(struct pdu *pdu);
65 static void pdu_send_proxy(struct pdu *pdu);
66 #endif /* ICL_KERNEL_PROXY */
68 static volatile bool sigalrm_received = false;
70 static int nchildren = 0;
72 static struct connection_ops conn_ops = {
73 .timed_out = timed_out,
74 #ifdef ICL_KERNEL_PROXY
75 .pdu_receive_proxy = pdu_receive_proxy,
76 .pdu_send_proxy = pdu_send_proxy,
85 fprintf(stderr, "usage: iscsid [-P pidfile][-d][-m maxproc][-t timeout]\n");
89 #ifdef ICL_KERNEL_PROXY
92 pdu_receive_proxy(struct pdu *pdu)
94 struct iscsid_connection *conn;
95 struct iscsi_daemon_receive idr;
99 conn = (struct iscsid_connection *)pdu->pdu_connection;
100 assert(conn->conn_conf.isc_iser != 0);
102 pdu->pdu_data = malloc(conn->conn.conn_max_recv_data_segment_length);
103 if (pdu->pdu_data == NULL)
104 log_err(1, "malloc");
106 memset(&idr, 0, sizeof(idr));
107 idr.idr_session_id = conn->conn_session_id;
108 idr.idr_bhs = pdu->pdu_bhs;
109 idr.idr_data_segment_len = conn->conn.conn_max_recv_data_segment_length;
110 idr.idr_data_segment = pdu->pdu_data;
112 error = ioctl(conn->conn_iscsi_fd, ISCSIDRECEIVE, &idr);
114 log_err(1, "ISCSIDRECEIVE");
116 len = pdu_ahs_length(pdu);
118 log_errx(1, "protocol error: non-empty AHS");
120 len = pdu_data_segment_length(pdu);
121 assert(len <= (size_t)conn->conn.conn_max_recv_data_segment_length);
122 pdu->pdu_data_len = len;
126 pdu_send_proxy(struct pdu *pdu)
128 struct iscsid_connection *conn;
129 struct iscsi_daemon_send ids;
132 conn = (struct iscsid_connection *)pdu->pdu_connection;
133 assert(conn->conn_conf.isc_iser != 0);
135 pdu_set_data_segment_length(pdu, pdu->pdu_data_len);
137 memset(&ids, 0, sizeof(ids));
138 ids.ids_session_id = conn->conn_session_id;
139 ids.ids_bhs = pdu->pdu_bhs;
140 ids.ids_data_segment_len = pdu->pdu_data_len;
141 ids.ids_data_segment = pdu->pdu_data;
143 error = ioctl(conn->conn_iscsi_fd, ISCSIDSEND, &ids);
145 log_err(1, "ISCSIDSEND");
148 #endif /* ICL_KERNEL_PROXY */
151 resolve_addr(const struct connection *conn, const char *address,
152 struct addrinfo **ai, bool initiator_side)
154 struct addrinfo hints;
155 char *arg, *addr, *ch, *tofree;
157 int error, colons = 0;
159 tofree = arg = checked_strdup(address);
161 if (arg[0] == '\0') {
162 fail(conn, "empty address");
163 log_errx(1, "empty address");
167 * IPv6 address in square brackets, perhaps with port.
170 addr = strsep(&arg, "]");
172 fail(conn, "malformed address");
173 log_errx(1, "malformed address %s", address);
175 if (arg[0] == '\0') {
177 } else if (arg[0] == ':') {
180 fail(conn, "malformed address");
181 log_errx(1, "malformed address %s", address);
185 * Either IPv6 address without brackets - and without
186 * a port - or IPv4 address. Just count the colons.
188 for (ch = arg; *ch != '\0'; ch++) {
196 addr = strsep(&arg, ":");
204 if (port == NULL && !initiator_side)
207 memset(&hints, 0, sizeof(hints));
208 hints.ai_family = PF_UNSPEC;
209 hints.ai_socktype = SOCK_STREAM;
210 hints.ai_flags = AI_ADDRCONFIG | AI_NUMERICSERV;
212 hints.ai_flags |= AI_PASSIVE;
214 error = getaddrinfo(addr, port, &hints, ai);
216 fail(conn, gai_strerror(error));
217 log_errx(1, "getaddrinfo for %s failed: %s",
218 address, gai_strerror(error));
224 static struct iscsid_connection *
225 connection_new(int iscsi_fd, const struct iscsi_daemon_request *request)
227 struct iscsid_connection *conn;
228 struct addrinfo *from_ai, *to_ai;
229 const char *from_addr, *to_addr;
230 #ifdef ICL_KERNEL_PROXY
231 struct iscsi_daemon_connect idc;
235 conn = calloc(1, sizeof(*conn));
237 log_err(1, "calloc");
239 connection_init(&conn->conn, &conn_ops,
240 request->idr_conf.isc_iser != 0);
241 conn->conn_protocol_level = 0;
242 conn->conn_initial_r2t = true;
243 conn->conn_iscsi_fd = iscsi_fd;
245 conn->conn_session_id = request->idr_session_id;
246 memcpy(&conn->conn_conf, &request->idr_conf, sizeof(conn->conn_conf));
247 memcpy(&conn->conn.conn_isid, &request->idr_isid,
248 sizeof(conn->conn.conn_isid));
249 conn->conn.conn_tsih = request->idr_tsih;
251 from_addr = conn->conn_conf.isc_initiator_addr;
252 to_addr = conn->conn_conf.isc_target_addr;
254 if (from_addr[0] != '\0')
255 resolve_addr(&conn->conn, from_addr, &from_ai, true);
259 resolve_addr(&conn->conn, to_addr, &to_ai, false);
261 #ifdef ICL_KERNEL_PROXY
262 if (conn->conn_conf.isc_iser) {
263 memset(&idc, 0, sizeof(idc));
264 idc.idc_session_id = conn->conn_session_id;
265 if (conn->conn_conf.isc_iser)
267 idc.idc_domain = to_ai->ai_family;
268 idc.idc_socktype = to_ai->ai_socktype;
269 idc.idc_protocol = to_ai->ai_protocol;
270 if (from_ai != NULL) {
271 idc.idc_from_addr = from_ai->ai_addr;
272 idc.idc_from_addrlen = from_ai->ai_addrlen;
274 idc.idc_to_addr = to_ai->ai_addr;
275 idc.idc_to_addrlen = to_ai->ai_addrlen;
277 log_debugx("connecting to %s using ICL kernel proxy", to_addr);
278 error = ioctl(iscsi_fd, ISCSIDCONNECT, &idc);
280 fail(&conn->conn, strerror(errno));
281 log_err(1, "failed to connect to %s "
282 "using ICL kernel proxy: ISCSIDCONNECT", to_addr);
286 freeaddrinfo(from_ai);
291 #endif /* ICL_KERNEL_PROXY */
293 if (conn->conn_conf.isc_iser) {
294 fail(&conn->conn, "iSER not supported");
295 log_errx(1, "iscsid(8) compiled without ICL_KERNEL_PROXY "
296 "does not support iSER");
299 conn->conn.conn_socket = socket(to_ai->ai_family, to_ai->ai_socktype,
301 if (conn->conn.conn_socket < 0) {
302 fail(&conn->conn, strerror(errno));
303 log_err(1, "failed to create socket for %s", from_addr);
305 optval = SOCKBUF_SIZE;
306 if (setsockopt(conn->conn.conn_socket, SOL_SOCKET, SO_RCVBUF,
307 &optval, sizeof(optval)) == -1)
308 log_warn("setsockopt(SO_RCVBUF) failed");
309 optval = SOCKBUF_SIZE;
310 if (setsockopt(conn->conn.conn_socket, SOL_SOCKET, SO_SNDBUF,
311 &optval, sizeof(optval)) == -1)
312 log_warn("setsockopt(SO_SNDBUF) failed");
314 if (setsockopt(conn->conn.conn_socket, SOL_SOCKET, SO_NO_DDP,
315 &optval, sizeof(optval)) == -1)
316 log_warn("setsockopt(SO_NO_DDP) failed");
317 if (conn->conn_conf.isc_dscp != -1) {
318 int tos = conn->conn_conf.isc_dscp << 2;
319 if (to_ai->ai_family == AF_INET) {
320 if (setsockopt(conn->conn.conn_socket,
322 &tos, sizeof(tos)) == -1)
323 log_warn("setsockopt(IP_TOS) "
327 if (to_ai->ai_family == AF_INET6) {
328 if (setsockopt(conn->conn.conn_socket,
329 IPPROTO_IPV6, IPV6_TCLASS,
330 &tos, sizeof(tos)) == -1)
331 log_warn("setsockopt(IPV6_TCLASS) "
336 if (conn->conn_conf.isc_pcp != -1) {
337 int pcp = conn->conn_conf.isc_pcp;
338 if (to_ai->ai_family == AF_INET) {
339 if (setsockopt(conn->conn.conn_socket,
340 IPPROTO_IP, IP_VLAN_PCP,
341 &pcp, sizeof(pcp)) == -1)
342 log_warn("setsockopt(IP_VLAN_PCP) "
346 if (to_ai->ai_family == AF_INET6) {
347 if (setsockopt(conn->conn.conn_socket,
348 IPPROTO_IPV6, IPV6_VLAN_PCP,
349 &pcp, sizeof(pcp)) == -1)
350 log_warn("setsockopt(IPV6_VLAN_PCP) "
356 * Reduce TCP SYN_SENT timeout while
357 * no connectivity exists, to allow
358 * rapid reuse of the available slots.
361 if (conn->conn_conf.isc_login_timeout > 0) {
362 keepinit = conn->conn_conf.isc_login_timeout;
363 log_debugx("session specific LoginTimeout at %d sec",
366 if (conn->conn_conf.isc_login_timeout == -1) {
368 size_t size = sizeof(value);
369 if (sysctlbyname("kern.iscsi.login_timeout",
370 &value, &size, NULL, 0) == 0) {
372 log_debugx("global login_timeout at %d sec",
377 if (setsockopt(conn->conn.conn_socket,
378 IPPROTO_TCP, TCP_KEEPINIT,
379 &keepinit, sizeof(keepinit)) == -1)
380 log_warnx("setsockopt(TCP_KEEPINIT) "
381 "failed for %s", to_addr);
383 if (from_ai != NULL) {
384 error = bind(conn->conn.conn_socket, from_ai->ai_addr,
385 from_ai->ai_addrlen);
387 fail(&conn->conn, strerror(errno));
388 log_err(1, "failed to bind to %s", from_addr);
391 log_debugx("connecting to %s", to_addr);
392 error = connect(conn->conn.conn_socket, to_ai->ai_addr,
395 fail(&conn->conn, strerror(errno));
396 log_err(1, "failed to connect to %s", to_addr);
400 freeaddrinfo(from_ai);
407 limits(struct iscsid_connection *conn)
409 struct iscsi_daemon_limits idl;
410 struct iscsi_session_limits *isl;
413 log_debugx("fetching limits from the kernel");
415 memset(&idl, 0, sizeof(idl));
416 idl.idl_session_id = conn->conn_session_id;
417 idl.idl_socket = conn->conn.conn_socket;
419 error = ioctl(conn->conn_iscsi_fd, ISCSIDLIMITS, &idl);
421 log_err(1, "ISCSIDLIMITS");
424 * Read the driver limits and provide reasonable defaults for the ones
425 * the driver doesn't care about. If a max_snd_dsl is not explicitly
426 * provided by the driver then we'll make sure both conn->max_snd_dsl
427 * and isl->max_snd_dsl are set to the rcv_dsl. This preserves historic
430 isl = &conn->conn_limits;
431 memcpy(isl, &idl.idl_limits, sizeof(*isl));
432 if (isl->isl_max_recv_data_segment_length == 0)
433 isl->isl_max_recv_data_segment_length = (1 << 24) - 1;
434 if (isl->isl_max_send_data_segment_length == 0)
435 isl->isl_max_send_data_segment_length =
436 isl->isl_max_recv_data_segment_length;
437 if (isl->isl_max_burst_length == 0)
438 isl->isl_max_burst_length = (1 << 24) - 1;
439 if (isl->isl_first_burst_length == 0)
440 isl->isl_first_burst_length = (1 << 24) - 1;
441 if (isl->isl_first_burst_length > isl->isl_max_burst_length)
442 isl->isl_first_burst_length = isl->isl_max_burst_length;
445 * Limit default send length in case it won't be negotiated.
446 * We can't do it for other limits, since they may affect both
447 * sender and receiver operation, and we must obey defaults.
449 if (conn->conn.conn_max_send_data_segment_length >
450 isl->isl_max_send_data_segment_length) {
451 conn->conn.conn_max_send_data_segment_length =
452 isl->isl_max_send_data_segment_length;
457 handoff(struct iscsid_connection *conn)
459 struct iscsi_daemon_handoff idh;
462 log_debugx("handing off connection to the kernel");
464 memset(&idh, 0, sizeof(idh));
465 idh.idh_session_id = conn->conn_session_id;
466 idh.idh_socket = conn->conn.conn_socket;
467 strlcpy(idh.idh_target_alias, conn->conn_target_alias,
468 sizeof(idh.idh_target_alias));
469 idh.idh_tsih = conn->conn.conn_tsih;
470 idh.idh_statsn = conn->conn.conn_statsn;
471 idh.idh_protocol_level = conn->conn_protocol_level;
472 idh.idh_header_digest = conn->conn.conn_header_digest;
473 idh.idh_data_digest = conn->conn.conn_data_digest;
474 idh.idh_initial_r2t = conn->conn_initial_r2t;
475 idh.idh_immediate_data = conn->conn.conn_immediate_data;
476 idh.idh_max_recv_data_segment_length =
477 conn->conn.conn_max_recv_data_segment_length;
478 idh.idh_max_send_data_segment_length =
479 conn->conn.conn_max_send_data_segment_length;
480 idh.idh_max_burst_length = conn->conn.conn_max_burst_length;
481 idh.idh_first_burst_length = conn->conn.conn_first_burst_length;
483 error = ioctl(conn->conn_iscsi_fd, ISCSIDHANDOFF, &idh);
485 log_err(1, "ISCSIDHANDOFF");
489 fail(const struct connection *base_conn, const char *reason)
491 const struct iscsid_connection *conn;
492 struct iscsi_daemon_fail idf;
493 int error, saved_errno;
495 conn = (const struct iscsid_connection *)base_conn;
498 memset(&idf, 0, sizeof(idf));
499 idf.idf_session_id = conn->conn_session_id;
500 strlcpy(idf.idf_reason, reason, sizeof(idf.idf_reason));
502 error = ioctl(conn->conn_iscsi_fd, ISCSIDFAIL, &idf);
504 log_err(1, "ISCSIDFAIL");
510 * XXX: I CANT INTO LATIN
513 capsicate(struct iscsid_connection *conn)
516 const unsigned long cmds[] = {
517 #ifdef ICL_KERNEL_PROXY
530 cap_rights_init(&rights, CAP_IOCTL);
531 if (caph_rights_limit(conn->conn_iscsi_fd, &rights) < 0)
532 log_err(1, "cap_rights_limit");
534 if (caph_ioctls_limit(conn->conn_iscsi_fd, cmds, nitems(cmds)) < 0)
535 log_err(1, "cap_ioctls_limit");
537 if (caph_enter() != 0)
538 log_err(1, "cap_enter");
541 log_debugx("Capsicum capability mode enabled");
543 log_warnx("Capsicum capability mode not supported");
550 return (sigalrm_received);
554 sigalrm_handler(int dummy __unused)
557 * It would be easiest to just log an error and exit. We can't
558 * do this, though, because log_errx() is not signal safe, since
559 * it calls syslog(3). Instead, set a flag checked by pdu_send()
560 * and pdu_receive(), to call log_errx() there. Should they fail
561 * to notice, we'll exit here one second later.
563 if (sigalrm_received) {
565 * Oh well. Just give up and quit.
570 sigalrm_received = true;
574 set_timeout(int timeout)
577 struct itimerval itv;
581 log_debugx("session timeout disabled");
585 bzero(&sa, sizeof(sa));
586 sa.sa_handler = sigalrm_handler;
587 sigfillset(&sa.sa_mask);
588 error = sigaction(SIGALRM, &sa, NULL);
590 log_err(1, "sigaction");
593 * First SIGALRM will arive after conf_timeout seconds.
594 * If we do nothing, another one will arrive a second later.
596 bzero(&itv, sizeof(itv));
597 itv.it_interval.tv_sec = 1;
598 itv.it_value.tv_sec = timeout;
600 log_debugx("setting session timeout to %d seconds",
602 error = setitimer(ITIMER_REAL, &itv, NULL);
604 log_err(1, "setitimer");
608 sigchld_handler(int dummy __unused)
612 * The only purpose of this handler is to make SIGCHLD
613 * interrupt the ISCSIDWAIT ioctl(2), so we can call
614 * wait_for_children().
619 register_sigchld(void)
624 bzero(&sa, sizeof(sa));
625 sa.sa_handler = sigchld_handler;
626 sigfillset(&sa.sa_mask);
627 error = sigaction(SIGCHLD, &sa, NULL);
629 log_err(1, "sigaction");
634 handle_request(int iscsi_fd, const struct iscsi_daemon_request *request, int timeout)
636 struct iscsid_connection *conn;
638 log_set_peer_addr(request->idr_conf.isc_target_addr);
639 if (request->idr_conf.isc_target[0] != '\0') {
640 log_set_peer_name(request->idr_conf.isc_target);
641 setproctitle("%s (%s)", request->idr_conf.isc_target_addr, request->idr_conf.isc_target);
643 setproctitle("%s", request->idr_conf.isc_target_addr);
646 conn = connection_new(iscsi_fd, request);
649 set_timeout(timeout);
651 if (conn->conn_conf.isc_discovery != 0)
656 log_debugx("nothing more to do; exiting");
661 wait_for_children(bool block)
669 * If "block" is true, wait for at least one process.
671 if (block && num == 0)
672 pid = wait4(-1, &status, 0, NULL);
674 pid = wait4(-1, &status, WNOHANG, NULL);
677 if (WIFSIGNALED(status)) {
678 log_warnx("child process %d terminated with signal %d",
679 pid, WTERMSIG(status));
680 } else if (WEXITSTATUS(status) != 0) {
681 log_warnx("child process %d terminated with exit status %d",
682 pid, WEXITSTATUS(status));
684 log_debugx("child process %d terminated gracefully", pid);
693 main(int argc, char **argv)
695 int ch, debug = 0, error, iscsi_fd, maxproc = 30, retval, saved_errno,
697 bool dont_daemonize = false;
700 const char *pidfile_path = DEFAULT_PIDFILE;
701 struct iscsi_daemon_request request;
703 while ((ch = getopt(argc, argv, "P:dl:m:t:")) != -1) {
706 pidfile_path = optarg;
709 dont_daemonize = true;
713 debug = atoi(optarg);
716 maxproc = atoi(optarg);
719 timeout = atoi(optarg);
732 pidfh = pidfile_open(pidfile_path, 0600, &otherpid);
735 log_errx(1, "daemon already running, pid: %jd.",
737 log_err(1, "cannot open or create pidfile \"%s\"",
741 iscsi_fd = open(ISCSI_PATH, O_RDWR);
742 if (iscsi_fd < 0 && errno == ENOENT) {
744 retval = kldload("iscsi");
746 iscsi_fd = open(ISCSI_PATH, O_RDWR);
751 log_err(1, "failed to open %s", ISCSI_PATH);
753 if (dont_daemonize == false) {
754 if (daemon(0, 0) == -1) {
755 log_warn("cannot daemonize");
756 pidfile_remove(pidfh);
761 pidfile_write(pidfh);
766 log_debugx("waiting for request from the kernel");
768 memset(&request, 0, sizeof(request));
769 error = ioctl(iscsi_fd, ISCSIDWAIT, &request);
771 if (errno == EINTR) {
772 nchildren -= wait_for_children(false);
773 assert(nchildren >= 0);
777 log_err(1, "ISCSIDWAIT");
780 if (dont_daemonize) {
781 log_debugx("not forking due to -d flag; "
782 "will exit after servicing a single request");
784 nchildren -= wait_for_children(false);
785 assert(nchildren >= 0);
787 while (maxproc > 0 && nchildren >= maxproc) {
788 log_debugx("maxproc limit of %d child processes hit; "
789 "waiting for child process to exit", maxproc);
790 nchildren -= wait_for_children(true);
791 assert(nchildren >= 0);
793 log_debugx("incoming connection; forking child process #%d",
804 pidfile_close(pidfh);
805 handle_request(iscsi_fd, &request, timeout);
projects / FreeBSD / FreeBSD.git / blob