Add ipsec to rc.conf.

libbsd.py

@@ -2133,8 +2133,15 @@ class netipsec(builder.Module):
                                                                'prsa_par.h',
                                                                racoon_cflags,
                                                                build=False)))
+        self.addRTEMSHeaderFiles(
+            [
+                'rtems/ipsec.h',
+            ]
+        )
         self.addRTEMSSourceFiles(
             [
+                'rtems/rtems-bsd-racoon.c',
+                'rtems/rtems-bsd-rc-conf-ipsec.c',
                 'rtems/rtems-bsd-shell-racoon.c',
                 'rtems/rtems-racoon-mutex.c',
             ],

rtemsbsd/include/machine/rtems-bsd-rc-conf-services.h

@@ -158,6 +158,8 @@ void rc_conf_net_init(void* arg);           /* Installed by default. */
 void rc_conf_firewall_pf_init(void* arg);   /* pf_enabled="YES" */
 void rc_conf_telnetd_init(void* arg);       /* telnetd_enabled="YES" */
 void rc_conf_ftpd_init(void* arg);          /* ftpd_enabled="YES" */
+void rc_conf_ipsec_init(void* arg);         /* ipsec_enabled="YES"
+                                               and ike_enabled="YES" */
 
 /*
  * Added services.

rtemsbsd/include/rtems/ipsec.h

@@ -0,0 +1,53 @@
+/**
+ * @file
+ *
+ * @ingroup rtems_bsd
+ *
+ * @brief Functions related to ipsec support in RTEMS.
+ */
+
+/*
+ * Copyright (c) 2018 embedded brains GmbH.  All rights reserved.
+ *
+ *  embedded brains GmbH
+ *  Dornierstr. 4
+ *  82178 Puchheim
+ *  Germany
+ *  <rtems@embedded-brains.de>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef _RTEMS_IPSEC_H_
+#define _RTEMS_IPSEC_H_
+
+/**
+ * @brief Starts the racoon daemon.
+ *
+ * @param argc Argument count including a leading "racoon".
+ * @param argv Program name and parameters. Terminate with NULL.
+ * @param prio Priority to use for the daemon process.
+ */
+rtems_status_code rtems_bsd_racoon_daemon(int argc, const char **argv,
+	rtems_task_priority prio);
+
+#endif /* _RTEMS_IPSEC_H_ */

rtemsbsd/rtems/rtems-bsd-racoon.c

@@ -0,0 +1,143 @@
+/*
+ * Copyright (c) 2018 embedded brains GmbH.  All rights reserved.
+ *
+ *  embedded brains GmbH
+ *  Dornierstr. 4
+ *  82178 Puchheim
+ *  Germany
+ *  <rtems@embedded-brains.de>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <rtems.h>
+#include <rtems/thread.h>
+#include <rtems/netcmds-config.h>
+#include <machine/rtems-bsd-commands.h>
+
+#include <string.h>
+#include <stdlib.h>
+#include <syslog.h>
+
+struct argc_argv {
+	size_t argc;
+	char **argv;
+};
+
+static bool racoon_initialized = false;
+rtems_recursive_mutex racoon_mutex =
+    RTEMS_RECURSIVE_MUTEX_INITIALIZER("racoon");
+
+static void
+clean_up_args(struct argc_argv *args)
+{
+	if (args != NULL) {
+		if (args->argv != NULL) {
+			for (int i = 0; i < args->argc; ++i) {
+				if (args->argv[i] != NULL) {
+					free(args->argv[i]);
+				}
+			}
+			free(args->argv);
+		}
+		free(args);
+	}
+}
+
+static void
+racoon_task(rtems_task_argument arg)
+{
+	int exit_code;
+	struct argc_argv *args = (struct argc_argv *) arg;
+
+	exit_code = rtems_bsd_command_racoon(args->argc, args->argv);
+	if (exit_code != EXIT_SUCCESS) {
+		syslog(LOG_ERR, "racoon exited with %d\n", exit_code);
+	}
+
+	clean_up_args(args);
+	rtems_task_delete(RTEMS_SELF);
+}
+
+rtems_status_code
+rtems_bsd_racoon_daemon(int argc, const char **argv, rtems_task_priority prio)
+{
+	rtems_id id;
+	rtems_status_code sc = RTEMS_SUCCESSFUL;
+	struct argc_argv *args = NULL;
+
+	rtems_recursive_mutex_lock(&racoon_mutex);
+
+	if (racoon_initialized) {
+		sc = RTEMS_INCORRECT_STATE;
+	}
+
+	if (sc == RTEMS_SUCCESSFUL) {
+		args = malloc(sizeof(struct argc_argv));
+		if (args == NULL) {
+			sc = RTEMS_NO_MEMORY;
+		}
+	}
+
+	if (sc == RTEMS_SUCCESSFUL) {
+		args->argc = argc;
+		args->argv = calloc(argc + 1, sizeof(char*));
+		if (args->argv == NULL) {
+			sc = RTEMS_NO_MEMORY;
+		}
+	}
+
+	if (sc == RTEMS_SUCCESSFUL) {
+		for (int i = 0; i < argc; ++i) {
+			args->argv[i] = strdup(argv[i]);
+			if (args->argv[i] == NULL) {
+				sc = RTEMS_NO_MEMORY;
+			}
+		}
+	}
+
+	if (sc == RTEMS_SUCCESSFUL) {
+		sc = rtems_task_create(
+			rtems_build_name('R', 'A', 'C', 'N'),
+			prio,
+			32 * 1024,
+			RTEMS_DEFAULT_MODES,
+			RTEMS_FLOATING_POINT,
+			&id
+		);
+	}
+
+	if (sc == RTEMS_SUCCESSFUL) {
+		sc = rtems_task_start(id, racoon_task,
+		    (rtems_task_argument)args);
+	}
+
+	if (sc == RTEMS_SUCCESSFUL) {
+		racoon_initialized = true;
+	} else {
+		clean_up_args(args);
+	}
+
+	rtems_recursive_mutex_unlock(&racoon_mutex);
+
+	return (sc);
+}

rtemsbsd/rtems/rtems-bsd-rc-conf-ipsec.c

@@ -0,0 +1,210 @@
+/*
+ * Copyright (c) 2018 embedded brains GmbH.  All rights reserved.
+ *
+ *  embedded brains GmbH
+ *  Dornierstr. 4
+ *  82178 Puchheim
+ *  Germany
+ *  <rtems@embedded-brains.de>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Handle the IPSec and ike related directives found in rc.conf.
+ * - ipsec_enable
+ * - ipsec_file
+ * - ike_enable
+ * - ike_program
+ * - ike_flags
+ * - ike_priority
+ *
+ * Notes:
+ * - `ike_...` seems not to be included in the rc.conf man page. But the
+ *   parameters are there in the default rc.conf file. So handle them.
+ * - For ike_program, "racoon" is the only supported one (without any path).
+ */
+
+#include <rtems.h>
+#include <rtems/ipsec.h>
+
+#include <errno.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <strings.h>
+
+#include <machine/rtems-bsd-commands.h>
+#include <machine/rtems-bsd-rc-conf-services.h>
+
+static int
+ipsec_service(rtems_bsd_rc_conf* rc_conf)
+{
+  rtems_bsd_rc_conf_argc_argv* aa;
+  int r;
+  int erroroccured = 0;
+
+  aa = rtems_bsd_rc_conf_argc_argv_create();
+  if (aa == NULL)
+    return -1;
+
+  r = rtems_bsd_rc_conf_find(rc_conf, "ipsec_enable", aa);
+  if (r == 0) {
+    if (aa->argc == 2 && strcasecmp("YES", aa->argv[1]) == 0) {
+      char* ipsec_file = NULL;
+
+      if (erroroccured == 0) {
+        r = rtems_bsd_rc_conf_find(rc_conf, "ipsec_file", aa);
+        if (r == 0) {
+          if (aa->argc == 2) {
+            ipsec_file = strdup(aa->argv[1]);
+            if (ipsec_file == NULL) {
+              fprintf(stderr,
+                  "error: ipsec: Could not duplicate ipsec file string: %s\n",
+                  strerror(errno));
+              erroroccured = -1;
+            }
+          } else {
+            fprintf(stderr,
+                "error: ipsec: Syntax error in ipsec_file directive.\n");
+              erroroccured = -1;
+          }
+        }
+      }
+
+      if (erroroccured == 0) {
+        if (ipsec_file == NULL) {
+          fprintf(stderr, "error: ipsec: No ipsec_file given.\n");
+          erroroccured = -1;
+        }
+      }
+
+      if (erroroccured == 0) {
+        char *setkey[] = {"setkey", "-f", ipsec_file, NULL};
+
+        rtems_bsd_rc_conf_print_cmd(
+            rc_conf, "setkey", RTEMS_BSD_ARGC(setkey), (const char**)setkey);
+        r = rtems_bsd_command_setkey(RTEMS_BSD_ARGC(setkey), setkey);
+        if (r != EXIT_SUCCESS) {
+          fprintf(stderr,
+              "error: setkey: Call to setkey failed.\n");
+          erroroccured = -1;
+        }
+      }
+
+      if (ipsec_file != NULL) {
+        free(ipsec_file);
+      }
+    }
+  }
+
+  rtems_bsd_rc_conf_argc_argv_destroy(aa);
+
+  return erroroccured;
+}
+
+static int
+ike_service(rtems_bsd_rc_conf* rc_conf)
+{
+  rtems_bsd_rc_conf_argc_argv* aa;
+  int r;
+  int erroroccured = 0;
+
+  aa = rtems_bsd_rc_conf_argc_argv_create();
+  if (aa == NULL)
+    return -1;
+
+  r = rtems_bsd_rc_conf_find(rc_conf, "ike_enable", aa);
+  if (r == 0) {
+    if (aa->argc == 2 && strcasecmp("YES", aa->argv[1]) == 0) {
+      const char *default_argv[] = {"racoon", NULL};
+      const char **argv = default_argv;
+      rtems_task_priority prio = RTEMS_MAXIMUM_PRIORITY - 1;
+      int argc = 1;
+
+      r = rtems_bsd_rc_conf_find(rc_conf, "ike_program", aa);
+      if (r == 0) {
+        if (aa->argc != 2 || strcasecmp("racoon", aa->argv[1]) != 0) {
+          fprintf(stderr,
+              "error: ike: Only \"racoon\" is supported as ike_program\n");
+          erroroccured = -1;
+        }
+      }
+
+      if (erroroccured == 0) {
+        r = rtems_bsd_rc_conf_find(rc_conf, "ike_priority", aa);
+        if (r == 0) {
+          if (aa->argc == 2) {
+            char *end;
+            prio = strtoul(aa->argv[1], &end, 10);
+            if (*end != '\0') {
+              fprintf(stderr,
+                  "error: ike: syntax error in ike_priority\n");
+              erroroccured = -1;
+            }
+          }
+        }
+      }
+
+      if (erroroccured == 0) {
+        r = rtems_bsd_rc_conf_find(rc_conf, "ike_flags", aa);
+        if (r == 0) {
+          argc = aa->argc;
+          argv = aa->argv;
+        }
+      }
+
+      if (erroroccured == 0) {
+        rtems_status_code sc;
+        sc = rtems_bsd_racoon_daemon(argc, argv, prio);
+        if (sc != RTEMS_SUCCESSFUL) {
+          fprintf(stderr, "error: ike: Could not start racoon: %s\n",
+              rtems_status_text(sc));
+          erroroccured = -1;
+        }
+      }
+    }
+  }
+
+  rtems_bsd_rc_conf_argc_argv_destroy(aa);
+
+  return erroroccured;
+}
+
+void
+rc_conf_ipsec_init(void* arg)
+{
+  int r;
+  r = rtems_bsd_rc_conf_service_add("ipsec",
+                                    "after:network;before:telnetd;",
+                                    ipsec_service);
+  if (r < 0)
+    fprintf(stderr,
+            "error: ipsec service add failed: %s\n", strerror(errno));
+  r = rtems_bsd_rc_conf_service_add("ike",
+                                    "after:ipsec;before:telnetd;",
+                                    ike_service);
+  if (r < 0)
+    fprintf(stderr,
+            "error: ike service add failed: %s\n", strerror(errno));
+}