xref: /freebsd/usr.sbin/ctld/ctld.c (revision 4f52dfbb8d6c4d446500c5b097e3806ec219fbd4)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2012 The FreeBSD Foundation
5  * All rights reserved.
6  *
7  * This software was developed by Edward Tomasz Napierala under sponsorship
8  * from the FreeBSD Foundation.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  *
31  */
32 
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
35 
36 #include <sys/types.h>
37 #include <sys/time.h>
38 #include <sys/socket.h>
39 #include <sys/stat.h>
40 #include <sys/wait.h>
41 #include <netinet/in.h>
42 #include <arpa/inet.h>
43 #include <assert.h>
44 #include <ctype.h>
45 #include <errno.h>
46 #include <netdb.h>
47 #include <signal.h>
48 #include <stdbool.h>
49 #include <stdio.h>
50 #include <stdint.h>
51 #include <stdlib.h>
52 #include <string.h>
53 #include <unistd.h>
54 
55 #include "ctld.h"
56 #include "isns.h"
57 
58 bool proxy_mode = false;
59 
60 static volatile bool sighup_received = false;
61 static volatile bool sigterm_received = false;
62 static volatile bool sigalrm_received = false;
63 
64 static int nchildren = 0;
65 static uint16_t last_portal_group_tag = 0xff;
66 
67 static void
68 usage(void)
69 {
70 
71 	fprintf(stderr, "usage: ctld [-d][-u][-f config-file]\n");
72 	exit(1);
73 }
74 
75 char *
76 checked_strdup(const char *s)
77 {
78 	char *c;
79 
80 	c = strdup(s);
81 	if (c == NULL)
82 		log_err(1, "strdup");
83 	return (c);
84 }
85 
86 struct conf *
87 conf_new(void)
88 {
89 	struct conf *conf;
90 
91 	conf = calloc(1, sizeof(*conf));
92 	if (conf == NULL)
93 		log_err(1, "calloc");
94 	TAILQ_INIT(&conf->conf_luns);
95 	TAILQ_INIT(&conf->conf_targets);
96 	TAILQ_INIT(&conf->conf_auth_groups);
97 	TAILQ_INIT(&conf->conf_ports);
98 	TAILQ_INIT(&conf->conf_portal_groups);
99 	TAILQ_INIT(&conf->conf_pports);
100 	TAILQ_INIT(&conf->conf_isns);
101 
102 	conf->conf_isns_period = 900;
103 	conf->conf_isns_timeout = 5;
104 	conf->conf_debug = 0;
105 	conf->conf_timeout = 60;
106 	conf->conf_maxproc = 30;
107 
108 	return (conf);
109 }
110 
111 void
112 conf_delete(struct conf *conf)
113 {
114 	struct lun *lun, *ltmp;
115 	struct target *targ, *tmp;
116 	struct auth_group *ag, *cagtmp;
117 	struct portal_group *pg, *cpgtmp;
118 	struct pport *pp, *pptmp;
119 	struct isns *is, *istmp;
120 
121 	assert(conf->conf_pidfh == NULL);
122 
123 	TAILQ_FOREACH_SAFE(lun, &conf->conf_luns, l_next, ltmp)
124 		lun_delete(lun);
125 	TAILQ_FOREACH_SAFE(targ, &conf->conf_targets, t_next, tmp)
126 		target_delete(targ);
127 	TAILQ_FOREACH_SAFE(ag, &conf->conf_auth_groups, ag_next, cagtmp)
128 		auth_group_delete(ag);
129 	TAILQ_FOREACH_SAFE(pg, &conf->conf_portal_groups, pg_next, cpgtmp)
130 		portal_group_delete(pg);
131 	TAILQ_FOREACH_SAFE(pp, &conf->conf_pports, pp_next, pptmp)
132 		pport_delete(pp);
133 	TAILQ_FOREACH_SAFE(is, &conf->conf_isns, i_next, istmp)
134 		isns_delete(is);
135 	assert(TAILQ_EMPTY(&conf->conf_ports));
136 	free(conf->conf_pidfile_path);
137 	free(conf);
138 }
139 
140 static struct auth *
141 auth_new(struct auth_group *ag)
142 {
143 	struct auth *auth;
144 
145 	auth = calloc(1, sizeof(*auth));
146 	if (auth == NULL)
147 		log_err(1, "calloc");
148 	auth->a_auth_group = ag;
149 	TAILQ_INSERT_TAIL(&ag->ag_auths, auth, a_next);
150 	return (auth);
151 }
152 
153 static void
154 auth_delete(struct auth *auth)
155 {
156 	TAILQ_REMOVE(&auth->a_auth_group->ag_auths, auth, a_next);
157 
158 	free(auth->a_user);
159 	free(auth->a_secret);
160 	free(auth->a_mutual_user);
161 	free(auth->a_mutual_secret);
162 	free(auth);
163 }
164 
165 const struct auth *
166 auth_find(const struct auth_group *ag, const char *user)
167 {
168 	const struct auth *auth;
169 
170 	TAILQ_FOREACH(auth, &ag->ag_auths, a_next) {
171 		if (strcmp(auth->a_user, user) == 0)
172 			return (auth);
173 	}
174 
175 	return (NULL);
176 }
177 
178 static void
179 auth_check_secret_length(struct auth *auth)
180 {
181 	size_t len;
182 
183 	len = strlen(auth->a_secret);
184 	if (len > 16) {
185 		if (auth->a_auth_group->ag_name != NULL)
186 			log_warnx("secret for user \"%s\", auth-group \"%s\", "
187 			    "is too long; it should be at most 16 characters "
188 			    "long", auth->a_user, auth->a_auth_group->ag_name);
189 		else
190 			log_warnx("secret for user \"%s\", target \"%s\", "
191 			    "is too long; it should be at most 16 characters "
192 			    "long", auth->a_user,
193 			    auth->a_auth_group->ag_target->t_name);
194 	}
195 	if (len < 12) {
196 		if (auth->a_auth_group->ag_name != NULL)
197 			log_warnx("secret for user \"%s\", auth-group \"%s\", "
198 			    "is too short; it should be at least 12 characters "
199 			    "long", auth->a_user,
200 			    auth->a_auth_group->ag_name);
201 		else
202 			log_warnx("secret for user \"%s\", target \"%s\", "
203 			    "is too short; it should be at least 12 characters "
204 			    "long", auth->a_user,
205 			    auth->a_auth_group->ag_target->t_name);
206 	}
207 
208 	if (auth->a_mutual_secret != NULL) {
209 		len = strlen(auth->a_mutual_secret);
210 		if (len > 16) {
211 			if (auth->a_auth_group->ag_name != NULL)
212 				log_warnx("mutual secret for user \"%s\", "
213 				    "auth-group \"%s\", is too long; it should "
214 				    "be at most 16 characters long",
215 				    auth->a_user, auth->a_auth_group->ag_name);
216 			else
217 				log_warnx("mutual secret for user \"%s\", "
218 				    "target \"%s\", is too long; it should "
219 				    "be at most 16 characters long",
220 				    auth->a_user,
221 				    auth->a_auth_group->ag_target->t_name);
222 		}
223 		if (len < 12) {
224 			if (auth->a_auth_group->ag_name != NULL)
225 				log_warnx("mutual secret for user \"%s\", "
226 				    "auth-group \"%s\", is too short; it "
227 				    "should be at least 12 characters long",
228 				    auth->a_user, auth->a_auth_group->ag_name);
229 			else
230 				log_warnx("mutual secret for user \"%s\", "
231 				    "target \"%s\", is too short; it should be "
232 				    "at least 12 characters long",
233 				    auth->a_user,
234 				    auth->a_auth_group->ag_target->t_name);
235 		}
236 	}
237 }
238 
239 const struct auth *
240 auth_new_chap(struct auth_group *ag, const char *user,
241     const char *secret)
242 {
243 	struct auth *auth;
244 
245 	if (ag->ag_type == AG_TYPE_UNKNOWN)
246 		ag->ag_type = AG_TYPE_CHAP;
247 	if (ag->ag_type != AG_TYPE_CHAP) {
248 		if (ag->ag_name != NULL)
249 			log_warnx("cannot mix \"chap\" authentication with "
250 			    "other types for auth-group \"%s\"", ag->ag_name);
251 		else
252 			log_warnx("cannot mix \"chap\" authentication with "
253 			    "other types for target \"%s\"",
254 			    ag->ag_target->t_name);
255 		return (NULL);
256 	}
257 
258 	auth = auth_new(ag);
259 	auth->a_user = checked_strdup(user);
260 	auth->a_secret = checked_strdup(secret);
261 
262 	auth_check_secret_length(auth);
263 
264 	return (auth);
265 }
266 
267 const struct auth *
268 auth_new_chap_mutual(struct auth_group *ag, const char *user,
269     const char *secret, const char *user2, const char *secret2)
270 {
271 	struct auth *auth;
272 
273 	if (ag->ag_type == AG_TYPE_UNKNOWN)
274 		ag->ag_type = AG_TYPE_CHAP_MUTUAL;
275 	if (ag->ag_type != AG_TYPE_CHAP_MUTUAL) {
276 		if (ag->ag_name != NULL)
277 			log_warnx("cannot mix \"chap-mutual\" authentication "
278 			    "with other types for auth-group \"%s\"",
279 			    ag->ag_name);
280 		else
281 			log_warnx("cannot mix \"chap-mutual\" authentication "
282 			    "with other types for target \"%s\"",
283 			    ag->ag_target->t_name);
284 		return (NULL);
285 	}
286 
287 	auth = auth_new(ag);
288 	auth->a_user = checked_strdup(user);
289 	auth->a_secret = checked_strdup(secret);
290 	auth->a_mutual_user = checked_strdup(user2);
291 	auth->a_mutual_secret = checked_strdup(secret2);
292 
293 	auth_check_secret_length(auth);
294 
295 	return (auth);
296 }
297 
298 const struct auth_name *
299 auth_name_new(struct auth_group *ag, const char *name)
300 {
301 	struct auth_name *an;
302 
303 	an = calloc(1, sizeof(*an));
304 	if (an == NULL)
305 		log_err(1, "calloc");
306 	an->an_auth_group = ag;
307 	an->an_initator_name = checked_strdup(name);
308 	TAILQ_INSERT_TAIL(&ag->ag_names, an, an_next);
309 	return (an);
310 }
311 
312 static void
313 auth_name_delete(struct auth_name *an)
314 {
315 	TAILQ_REMOVE(&an->an_auth_group->ag_names, an, an_next);
316 
317 	free(an->an_initator_name);
318 	free(an);
319 }
320 
321 bool
322 auth_name_defined(const struct auth_group *ag)
323 {
324 	if (TAILQ_EMPTY(&ag->ag_names))
325 		return (false);
326 	return (true);
327 }
328 
329 const struct auth_name *
330 auth_name_find(const struct auth_group *ag, const char *name)
331 {
332 	const struct auth_name *auth_name;
333 
334 	TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) {
335 		if (strcmp(auth_name->an_initator_name, name) == 0)
336 			return (auth_name);
337 	}
338 
339 	return (NULL);
340 }
341 
342 int
343 auth_name_check(const struct auth_group *ag, const char *initiator_name)
344 {
345 	if (!auth_name_defined(ag))
346 		return (0);
347 
348 	if (auth_name_find(ag, initiator_name) == NULL)
349 		return (1);
350 
351 	return (0);
352 }
353 
354 const struct auth_portal *
355 auth_portal_new(struct auth_group *ag, const char *portal)
356 {
357 	struct auth_portal *ap;
358 	char *net, *mask, *str, *tmp;
359 	int len, dm, m;
360 
361 	ap = calloc(1, sizeof(*ap));
362 	if (ap == NULL)
363 		log_err(1, "calloc");
364 	ap->ap_auth_group = ag;
365 	ap->ap_initator_portal = checked_strdup(portal);
366 	mask = str = checked_strdup(portal);
367 	net = strsep(&mask, "/");
368 	if (net[0] == '[')
369 		net++;
370 	len = strlen(net);
371 	if (len == 0)
372 		goto error;
373 	if (net[len - 1] == ']')
374 		net[len - 1] = 0;
375 	if (strchr(net, ':') != NULL) {
376 		struct sockaddr_in6 *sin6 =
377 		    (struct sockaddr_in6 *)&ap->ap_sa;
378 
379 		sin6->sin6_len = sizeof(*sin6);
380 		sin6->sin6_family = AF_INET6;
381 		if (inet_pton(AF_INET6, net, &sin6->sin6_addr) <= 0)
382 			goto error;
383 		dm = 128;
384 	} else {
385 		struct sockaddr_in *sin =
386 		    (struct sockaddr_in *)&ap->ap_sa;
387 
388 		sin->sin_len = sizeof(*sin);
389 		sin->sin_family = AF_INET;
390 		if (inet_pton(AF_INET, net, &sin->sin_addr) <= 0)
391 			goto error;
392 		dm = 32;
393 	}
394 	if (mask != NULL) {
395 		m = strtol(mask, &tmp, 0);
396 		if (m < 0 || m > dm || tmp[0] != 0)
397 			goto error;
398 	} else
399 		m = dm;
400 	ap->ap_mask = m;
401 	free(str);
402 	TAILQ_INSERT_TAIL(&ag->ag_portals, ap, ap_next);
403 	return (ap);
404 
405 error:
406 	free(str);
407 	free(ap);
408 	log_warnx("incorrect initiator portal \"%s\"", portal);
409 	return (NULL);
410 }
411 
412 static void
413 auth_portal_delete(struct auth_portal *ap)
414 {
415 	TAILQ_REMOVE(&ap->ap_auth_group->ag_portals, ap, ap_next);
416 
417 	free(ap->ap_initator_portal);
418 	free(ap);
419 }
420 
421 bool
422 auth_portal_defined(const struct auth_group *ag)
423 {
424 	if (TAILQ_EMPTY(&ag->ag_portals))
425 		return (false);
426 	return (true);
427 }
428 
429 const struct auth_portal *
430 auth_portal_find(const struct auth_group *ag, const struct sockaddr_storage *ss)
431 {
432 	const struct auth_portal *ap;
433 	const uint8_t *a, *b;
434 	int i;
435 	uint8_t bmask;
436 
437 	TAILQ_FOREACH(ap, &ag->ag_portals, ap_next) {
438 		if (ap->ap_sa.ss_family != ss->ss_family)
439 			continue;
440 		if (ss->ss_family == AF_INET) {
441 			a = (const uint8_t *)
442 			    &((const struct sockaddr_in *)ss)->sin_addr;
443 			b = (const uint8_t *)
444 			    &((const struct sockaddr_in *)&ap->ap_sa)->sin_addr;
445 		} else {
446 			a = (const uint8_t *)
447 			    &((const struct sockaddr_in6 *)ss)->sin6_addr;
448 			b = (const uint8_t *)
449 			    &((const struct sockaddr_in6 *)&ap->ap_sa)->sin6_addr;
450 		}
451 		for (i = 0; i < ap->ap_mask / 8; i++) {
452 			if (a[i] != b[i])
453 				goto next;
454 		}
455 		if (ap->ap_mask % 8) {
456 			bmask = 0xff << (8 - (ap->ap_mask % 8));
457 			if ((a[i] & bmask) != (b[i] & bmask))
458 				goto next;
459 		}
460 		return (ap);
461 next:
462 		;
463 	}
464 
465 	return (NULL);
466 }
467 
468 int
469 auth_portal_check(const struct auth_group *ag, const struct sockaddr_storage *sa)
470 {
471 
472 	if (!auth_portal_defined(ag))
473 		return (0);
474 
475 	if (auth_portal_find(ag, sa) == NULL)
476 		return (1);
477 
478 	return (0);
479 }
480 
481 struct auth_group *
482 auth_group_new(struct conf *conf, const char *name)
483 {
484 	struct auth_group *ag;
485 
486 	if (name != NULL) {
487 		ag = auth_group_find(conf, name);
488 		if (ag != NULL) {
489 			log_warnx("duplicated auth-group \"%s\"", name);
490 			return (NULL);
491 		}
492 	}
493 
494 	ag = calloc(1, sizeof(*ag));
495 	if (ag == NULL)
496 		log_err(1, "calloc");
497 	if (name != NULL)
498 		ag->ag_name = checked_strdup(name);
499 	TAILQ_INIT(&ag->ag_auths);
500 	TAILQ_INIT(&ag->ag_names);
501 	TAILQ_INIT(&ag->ag_portals);
502 	ag->ag_conf = conf;
503 	TAILQ_INSERT_TAIL(&conf->conf_auth_groups, ag, ag_next);
504 
505 	return (ag);
506 }
507 
508 void
509 auth_group_delete(struct auth_group *ag)
510 {
511 	struct auth *auth, *auth_tmp;
512 	struct auth_name *auth_name, *auth_name_tmp;
513 	struct auth_portal *auth_portal, *auth_portal_tmp;
514 
515 	TAILQ_REMOVE(&ag->ag_conf->conf_auth_groups, ag, ag_next);
516 
517 	TAILQ_FOREACH_SAFE(auth, &ag->ag_auths, a_next, auth_tmp)
518 		auth_delete(auth);
519 	TAILQ_FOREACH_SAFE(auth_name, &ag->ag_names, an_next, auth_name_tmp)
520 		auth_name_delete(auth_name);
521 	TAILQ_FOREACH_SAFE(auth_portal, &ag->ag_portals, ap_next,
522 	    auth_portal_tmp)
523 		auth_portal_delete(auth_portal);
524 	free(ag->ag_name);
525 	free(ag);
526 }
527 
528 struct auth_group *
529 auth_group_find(const struct conf *conf, const char *name)
530 {
531 	struct auth_group *ag;
532 
533 	TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
534 		if (ag->ag_name != NULL && strcmp(ag->ag_name, name) == 0)
535 			return (ag);
536 	}
537 
538 	return (NULL);
539 }
540 
541 int
542 auth_group_set_type(struct auth_group *ag, const char *str)
543 {
544 	int type;
545 
546 	if (strcmp(str, "none") == 0) {
547 		type = AG_TYPE_NO_AUTHENTICATION;
548 	} else if (strcmp(str, "deny") == 0) {
549 		type = AG_TYPE_DENY;
550 	} else if (strcmp(str, "chap") == 0) {
551 		type = AG_TYPE_CHAP;
552 	} else if (strcmp(str, "chap-mutual") == 0) {
553 		type = AG_TYPE_CHAP_MUTUAL;
554 	} else {
555 		if (ag->ag_name != NULL)
556 			log_warnx("invalid auth-type \"%s\" for auth-group "
557 			    "\"%s\"", str, ag->ag_name);
558 		else
559 			log_warnx("invalid auth-type \"%s\" for target "
560 			    "\"%s\"", str, ag->ag_target->t_name);
561 		return (1);
562 	}
563 
564 	if (ag->ag_type != AG_TYPE_UNKNOWN && ag->ag_type != type) {
565 		if (ag->ag_name != NULL) {
566 			log_warnx("cannot set auth-type to \"%s\" for "
567 			    "auth-group \"%s\"; already has a different "
568 			    "type", str, ag->ag_name);
569 		} else {
570 			log_warnx("cannot set auth-type to \"%s\" for target "
571 			    "\"%s\"; already has a different type",
572 			    str, ag->ag_target->t_name);
573 		}
574 		return (1);
575 	}
576 
577 	ag->ag_type = type;
578 
579 	return (0);
580 }
581 
582 static struct portal *
583 portal_new(struct portal_group *pg)
584 {
585 	struct portal *portal;
586 
587 	portal = calloc(1, sizeof(*portal));
588 	if (portal == NULL)
589 		log_err(1, "calloc");
590 	TAILQ_INIT(&portal->p_targets);
591 	portal->p_portal_group = pg;
592 	TAILQ_INSERT_TAIL(&pg->pg_portals, portal, p_next);
593 	return (portal);
594 }
595 
596 static void
597 portal_delete(struct portal *portal)
598 {
599 
600 	TAILQ_REMOVE(&portal->p_portal_group->pg_portals, portal, p_next);
601 	if (portal->p_ai != NULL)
602 		freeaddrinfo(portal->p_ai);
603 	free(portal->p_listen);
604 	free(portal);
605 }
606 
607 struct portal_group *
608 portal_group_new(struct conf *conf, const char *name)
609 {
610 	struct portal_group *pg;
611 
612 	pg = portal_group_find(conf, name);
613 	if (pg != NULL) {
614 		log_warnx("duplicated portal-group \"%s\"", name);
615 		return (NULL);
616 	}
617 
618 	pg = calloc(1, sizeof(*pg));
619 	if (pg == NULL)
620 		log_err(1, "calloc");
621 	pg->pg_name = checked_strdup(name);
622 	TAILQ_INIT(&pg->pg_options);
623 	TAILQ_INIT(&pg->pg_portals);
624 	TAILQ_INIT(&pg->pg_ports);
625 	pg->pg_conf = conf;
626 	pg->pg_tag = 0;		/* Assigned later in conf_apply(). */
627 	TAILQ_INSERT_TAIL(&conf->conf_portal_groups, pg, pg_next);
628 
629 	return (pg);
630 }
631 
632 void
633 portal_group_delete(struct portal_group *pg)
634 {
635 	struct portal *portal, *tmp;
636 	struct port *port, *tport;
637 	struct option *o, *otmp;
638 
639 	TAILQ_FOREACH_SAFE(port, &pg->pg_ports, p_pgs, tport)
640 		port_delete(port);
641 	TAILQ_REMOVE(&pg->pg_conf->conf_portal_groups, pg, pg_next);
642 
643 	TAILQ_FOREACH_SAFE(portal, &pg->pg_portals, p_next, tmp)
644 		portal_delete(portal);
645 	TAILQ_FOREACH_SAFE(o, &pg->pg_options, o_next, otmp)
646 		option_delete(&pg->pg_options, o);
647 	free(pg->pg_name);
648 	free(pg->pg_offload);
649 	free(pg->pg_redirection);
650 	free(pg);
651 }
652 
653 struct portal_group *
654 portal_group_find(const struct conf *conf, const char *name)
655 {
656 	struct portal_group *pg;
657 
658 	TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
659 		if (strcmp(pg->pg_name, name) == 0)
660 			return (pg);
661 	}
662 
663 	return (NULL);
664 }
665 
666 static int
667 parse_addr_port(char *arg, const char *def_port, struct addrinfo **ai)
668 {
669 	struct addrinfo hints;
670 	char *str, *addr, *ch;
671 	const char *port;
672 	int error, colons = 0;
673 
674 	str = arg = strdup(arg);
675 	if (arg[0] == '[') {
676 		/*
677 		 * IPv6 address in square brackets, perhaps with port.
678 		 */
679 		arg++;
680 		addr = strsep(&arg, "]");
681 		if (arg == NULL) {
682 			free(str);
683 			return (1);
684 		}
685 		if (arg[0] == '\0') {
686 			port = def_port;
687 		} else if (arg[0] == ':') {
688 			port = arg + 1;
689 		} else {
690 			free(str);
691 			return (1);
692 		}
693 	} else {
694 		/*
695 		 * Either IPv6 address without brackets - and without
696 		 * a port - or IPv4 address.  Just count the colons.
697 		 */
698 		for (ch = arg; *ch != '\0'; ch++) {
699 			if (*ch == ':')
700 				colons++;
701 		}
702 		if (colons > 1) {
703 			addr = arg;
704 			port = def_port;
705 		} else {
706 			addr = strsep(&arg, ":");
707 			if (arg == NULL)
708 				port = def_port;
709 			else
710 				port = arg;
711 		}
712 	}
713 
714 	memset(&hints, 0, sizeof(hints));
715 	hints.ai_family = PF_UNSPEC;
716 	hints.ai_socktype = SOCK_STREAM;
717 	hints.ai_flags = AI_PASSIVE;
718 	error = getaddrinfo(addr, port, &hints, ai);
719 	free(str);
720 	return ((error != 0) ? 1 : 0);
721 }
722 
723 int
724 portal_group_add_listen(struct portal_group *pg, const char *value, bool iser)
725 {
726 	struct portal *portal;
727 
728 	portal = portal_new(pg);
729 	portal->p_listen = checked_strdup(value);
730 	portal->p_iser = iser;
731 
732 	if (parse_addr_port(portal->p_listen, "3260", &portal->p_ai)) {
733 		log_warnx("invalid listen address %s", portal->p_listen);
734 		portal_delete(portal);
735 		return (1);
736 	}
737 
738 	/*
739 	 * XXX: getaddrinfo(3) may return multiple addresses; we should turn
740 	 *	those into multiple portals.
741 	 */
742 
743 	return (0);
744 }
745 
746 int
747 isns_new(struct conf *conf, const char *addr)
748 {
749 	struct isns *isns;
750 
751 	isns = calloc(1, sizeof(*isns));
752 	if (isns == NULL)
753 		log_err(1, "calloc");
754 	isns->i_conf = conf;
755 	TAILQ_INSERT_TAIL(&conf->conf_isns, isns, i_next);
756 	isns->i_addr = checked_strdup(addr);
757 
758 	if (parse_addr_port(isns->i_addr, "3205", &isns->i_ai)) {
759 		log_warnx("invalid iSNS address %s", isns->i_addr);
760 		isns_delete(isns);
761 		return (1);
762 	}
763 
764 	/*
765 	 * XXX: getaddrinfo(3) may return multiple addresses; we should turn
766 	 *	those into multiple servers.
767 	 */
768 
769 	return (0);
770 }
771 
772 void
773 isns_delete(struct isns *isns)
774 {
775 
776 	TAILQ_REMOVE(&isns->i_conf->conf_isns, isns, i_next);
777 	free(isns->i_addr);
778 	if (isns->i_ai != NULL)
779 		freeaddrinfo(isns->i_ai);
780 	free(isns);
781 }
782 
783 static int
784 isns_do_connect(struct isns *isns)
785 {
786 	int s;
787 
788 	s = socket(isns->i_ai->ai_family, isns->i_ai->ai_socktype,
789 	    isns->i_ai->ai_protocol);
790 	if (s < 0) {
791 		log_warn("socket(2) failed for %s", isns->i_addr);
792 		return (-1);
793 	}
794 	if (connect(s, isns->i_ai->ai_addr, isns->i_ai->ai_addrlen)) {
795 		log_warn("connect(2) failed for %s", isns->i_addr);
796 		close(s);
797 		return (-1);
798 	}
799 	return(s);
800 }
801 
802 static int
803 isns_do_register(struct isns *isns, int s, const char *hostname)
804 {
805 	struct conf *conf = isns->i_conf;
806 	struct target *target;
807 	struct portal *portal;
808 	struct portal_group *pg;
809 	struct port *port;
810 	struct isns_req *req;
811 	int res = 0;
812 	uint32_t error;
813 
814 	req = isns_req_create(ISNS_FUNC_DEVATTRREG, ISNS_FLAG_CLIENT);
815 	isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name);
816 	isns_req_add_delim(req);
817 	isns_req_add_str(req, 1, hostname);
818 	isns_req_add_32(req, 2, 2); /* 2 -- iSCSI */
819 	isns_req_add_32(req, 6, conf->conf_isns_period);
820 	TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
821 		if (pg->pg_unassigned)
822 			continue;
823 		TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
824 			isns_req_add_addr(req, 16, portal->p_ai);
825 			isns_req_add_port(req, 17, portal->p_ai);
826 		}
827 	}
828 	TAILQ_FOREACH(target, &conf->conf_targets, t_next) {
829 		isns_req_add_str(req, 32, target->t_name);
830 		isns_req_add_32(req, 33, 1); /* 1 -- Target*/
831 		if (target->t_alias != NULL)
832 			isns_req_add_str(req, 34, target->t_alias);
833 		TAILQ_FOREACH(port, &target->t_ports, p_ts) {
834 			if ((pg = port->p_portal_group) == NULL)
835 				continue;
836 			isns_req_add_32(req, 51, pg->pg_tag);
837 			TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
838 				isns_req_add_addr(req, 49, portal->p_ai);
839 				isns_req_add_port(req, 50, portal->p_ai);
840 			}
841 		}
842 	}
843 	res = isns_req_send(s, req);
844 	if (res < 0) {
845 		log_warn("send(2) failed for %s", isns->i_addr);
846 		goto quit;
847 	}
848 	res = isns_req_receive(s, req);
849 	if (res < 0) {
850 		log_warn("receive(2) failed for %s", isns->i_addr);
851 		goto quit;
852 	}
853 	error = isns_req_get_status(req);
854 	if (error != 0) {
855 		log_warnx("iSNS register error %d for %s", error, isns->i_addr);
856 		res = -1;
857 	}
858 quit:
859 	isns_req_free(req);
860 	return (res);
861 }
862 
863 static int
864 isns_do_check(struct isns *isns, int s, const char *hostname)
865 {
866 	struct conf *conf = isns->i_conf;
867 	struct isns_req *req;
868 	int res = 0;
869 	uint32_t error;
870 
871 	req = isns_req_create(ISNS_FUNC_DEVATTRQRY, ISNS_FLAG_CLIENT);
872 	isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name);
873 	isns_req_add_str(req, 1, hostname);
874 	isns_req_add_delim(req);
875 	isns_req_add(req, 2, 0, NULL);
876 	res = isns_req_send(s, req);
877 	if (res < 0) {
878 		log_warn("send(2) failed for %s", isns->i_addr);
879 		goto quit;
880 	}
881 	res = isns_req_receive(s, req);
882 	if (res < 0) {
883 		log_warn("receive(2) failed for %s", isns->i_addr);
884 		goto quit;
885 	}
886 	error = isns_req_get_status(req);
887 	if (error != 0) {
888 		log_warnx("iSNS check error %d for %s", error, isns->i_addr);
889 		res = -1;
890 	}
891 quit:
892 	isns_req_free(req);
893 	return (res);
894 }
895 
896 static int
897 isns_do_deregister(struct isns *isns, int s, const char *hostname)
898 {
899 	struct conf *conf = isns->i_conf;
900 	struct isns_req *req;
901 	int res = 0;
902 	uint32_t error;
903 
904 	req = isns_req_create(ISNS_FUNC_DEVDEREG, ISNS_FLAG_CLIENT);
905 	isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name);
906 	isns_req_add_delim(req);
907 	isns_req_add_str(req, 1, hostname);
908 	res = isns_req_send(s, req);
909 	if (res < 0) {
910 		log_warn("send(2) failed for %s", isns->i_addr);
911 		goto quit;
912 	}
913 	res = isns_req_receive(s, req);
914 	if (res < 0) {
915 		log_warn("receive(2) failed for %s", isns->i_addr);
916 		goto quit;
917 	}
918 	error = isns_req_get_status(req);
919 	if (error != 0) {
920 		log_warnx("iSNS deregister error %d for %s", error, isns->i_addr);
921 		res = -1;
922 	}
923 quit:
924 	isns_req_free(req);
925 	return (res);
926 }
927 
928 void
929 isns_register(struct isns *isns, struct isns *oldisns)
930 {
931 	struct conf *conf = isns->i_conf;
932 	int s;
933 	char hostname[256];
934 
935 	if (TAILQ_EMPTY(&conf->conf_targets) ||
936 	    TAILQ_EMPTY(&conf->conf_portal_groups))
937 		return;
938 	set_timeout(conf->conf_isns_timeout, false);
939 	s = isns_do_connect(isns);
940 	if (s < 0) {
941 		set_timeout(0, false);
942 		return;
943 	}
944 	gethostname(hostname, sizeof(hostname));
945 
946 	if (oldisns == NULL || TAILQ_EMPTY(&oldisns->i_conf->conf_targets))
947 		oldisns = isns;
948 	isns_do_deregister(oldisns, s, hostname);
949 	isns_do_register(isns, s, hostname);
950 	close(s);
951 	set_timeout(0, false);
952 }
953 
954 void
955 isns_check(struct isns *isns)
956 {
957 	struct conf *conf = isns->i_conf;
958 	int s, res;
959 	char hostname[256];
960 
961 	if (TAILQ_EMPTY(&conf->conf_targets) ||
962 	    TAILQ_EMPTY(&conf->conf_portal_groups))
963 		return;
964 	set_timeout(conf->conf_isns_timeout, false);
965 	s = isns_do_connect(isns);
966 	if (s < 0) {
967 		set_timeout(0, false);
968 		return;
969 	}
970 	gethostname(hostname, sizeof(hostname));
971 
972 	res = isns_do_check(isns, s, hostname);
973 	if (res < 0) {
974 		isns_do_deregister(isns, s, hostname);
975 		isns_do_register(isns, s, hostname);
976 	}
977 	close(s);
978 	set_timeout(0, false);
979 }
980 
981 void
982 isns_deregister(struct isns *isns)
983 {
984 	struct conf *conf = isns->i_conf;
985 	int s;
986 	char hostname[256];
987 
988 	if (TAILQ_EMPTY(&conf->conf_targets) ||
989 	    TAILQ_EMPTY(&conf->conf_portal_groups))
990 		return;
991 	set_timeout(conf->conf_isns_timeout, false);
992 	s = isns_do_connect(isns);
993 	if (s < 0)
994 		return;
995 	gethostname(hostname, sizeof(hostname));
996 
997 	isns_do_deregister(isns, s, hostname);
998 	close(s);
999 	set_timeout(0, false);
1000 }
1001 
1002 int
1003 portal_group_set_filter(struct portal_group *pg, const char *str)
1004 {
1005 	int filter;
1006 
1007 	if (strcmp(str, "none") == 0) {
1008 		filter = PG_FILTER_NONE;
1009 	} else if (strcmp(str, "portal") == 0) {
1010 		filter = PG_FILTER_PORTAL;
1011 	} else if (strcmp(str, "portal-name") == 0) {
1012 		filter = PG_FILTER_PORTAL_NAME;
1013 	} else if (strcmp(str, "portal-name-auth") == 0) {
1014 		filter = PG_FILTER_PORTAL_NAME_AUTH;
1015 	} else {
1016 		log_warnx("invalid discovery-filter \"%s\" for portal-group "
1017 		    "\"%s\"; valid values are \"none\", \"portal\", "
1018 		    "\"portal-name\", and \"portal-name-auth\"",
1019 		    str, pg->pg_name);
1020 		return (1);
1021 	}
1022 
1023 	if (pg->pg_discovery_filter != PG_FILTER_UNKNOWN &&
1024 	    pg->pg_discovery_filter != filter) {
1025 		log_warnx("cannot set discovery-filter to \"%s\" for "
1026 		    "portal-group \"%s\"; already has a different "
1027 		    "value", str, pg->pg_name);
1028 		return (1);
1029 	}
1030 
1031 	pg->pg_discovery_filter = filter;
1032 
1033 	return (0);
1034 }
1035 
1036 int
1037 portal_group_set_offload(struct portal_group *pg, const char *offload)
1038 {
1039 
1040 	if (pg->pg_offload != NULL) {
1041 		log_warnx("cannot set offload to \"%s\" for "
1042 		    "portal-group \"%s\"; already defined",
1043 		    offload, pg->pg_name);
1044 		return (1);
1045 	}
1046 
1047 	pg->pg_offload = checked_strdup(offload);
1048 
1049 	return (0);
1050 }
1051 
1052 int
1053 portal_group_set_redirection(struct portal_group *pg, const char *addr)
1054 {
1055 
1056 	if (pg->pg_redirection != NULL) {
1057 		log_warnx("cannot set redirection to \"%s\" for "
1058 		    "portal-group \"%s\"; already defined",
1059 		    addr, pg->pg_name);
1060 		return (1);
1061 	}
1062 
1063 	pg->pg_redirection = checked_strdup(addr);
1064 
1065 	return (0);
1066 }
1067 
1068 static bool
1069 valid_hex(const char ch)
1070 {
1071 	switch (ch) {
1072 	case '0':
1073 	case '1':
1074 	case '2':
1075 	case '3':
1076 	case '4':
1077 	case '5':
1078 	case '6':
1079 	case '7':
1080 	case '8':
1081 	case '9':
1082 	case 'a':
1083 	case 'A':
1084 	case 'b':
1085 	case 'B':
1086 	case 'c':
1087 	case 'C':
1088 	case 'd':
1089 	case 'D':
1090 	case 'e':
1091 	case 'E':
1092 	case 'f':
1093 	case 'F':
1094 		return (true);
1095 	default:
1096 		return (false);
1097 	}
1098 }
1099 
1100 bool
1101 valid_iscsi_name(const char *name)
1102 {
1103 	int i;
1104 
1105 	if (strlen(name) >= MAX_NAME_LEN) {
1106 		log_warnx("overlong name for target \"%s\"; max length allowed "
1107 		    "by iSCSI specification is %d characters",
1108 		    name, MAX_NAME_LEN);
1109 		return (false);
1110 	}
1111 
1112 	/*
1113 	 * In the cases below, we don't return an error, just in case the admin
1114 	 * was right, and we're wrong.
1115 	 */
1116 	if (strncasecmp(name, "iqn.", strlen("iqn.")) == 0) {
1117 		for (i = strlen("iqn."); name[i] != '\0'; i++) {
1118 			/*
1119 			 * XXX: We should verify UTF-8 normalisation, as defined
1120 			 *      by 3.2.6.2: iSCSI Name Encoding.
1121 			 */
1122 			if (isalnum(name[i]))
1123 				continue;
1124 			if (name[i] == '-' || name[i] == '.' || name[i] == ':')
1125 				continue;
1126 			log_warnx("invalid character \"%c\" in target name "
1127 			    "\"%s\"; allowed characters are letters, digits, "
1128 			    "'-', '.', and ':'", name[i], name);
1129 			break;
1130 		}
1131 		/*
1132 		 * XXX: Check more stuff: valid date and a valid reversed domain.
1133 		 */
1134 	} else if (strncasecmp(name, "eui.", strlen("eui.")) == 0) {
1135 		if (strlen(name) != strlen("eui.") + 16)
1136 			log_warnx("invalid target name \"%s\"; the \"eui.\" "
1137 			    "should be followed by exactly 16 hexadecimal "
1138 			    "digits", name);
1139 		for (i = strlen("eui."); name[i] != '\0'; i++) {
1140 			if (!valid_hex(name[i])) {
1141 				log_warnx("invalid character \"%c\" in target "
1142 				    "name \"%s\"; allowed characters are 1-9 "
1143 				    "and A-F", name[i], name);
1144 				break;
1145 			}
1146 		}
1147 	} else if (strncasecmp(name, "naa.", strlen("naa.")) == 0) {
1148 		if (strlen(name) > strlen("naa.") + 32)
1149 			log_warnx("invalid target name \"%s\"; the \"naa.\" "
1150 			    "should be followed by at most 32 hexadecimal "
1151 			    "digits", name);
1152 		for (i = strlen("naa."); name[i] != '\0'; i++) {
1153 			if (!valid_hex(name[i])) {
1154 				log_warnx("invalid character \"%c\" in target "
1155 				    "name \"%s\"; allowed characters are 1-9 "
1156 				    "and A-F", name[i], name);
1157 				break;
1158 			}
1159 		}
1160 	} else {
1161 		log_warnx("invalid target name \"%s\"; should start with "
1162 		    "either \"iqn.\", \"eui.\", or \"naa.\"",
1163 		    name);
1164 	}
1165 	return (true);
1166 }
1167 
1168 struct pport *
1169 pport_new(struct conf *conf, const char *name, uint32_t ctl_port)
1170 {
1171 	struct pport *pp;
1172 
1173 	pp = calloc(1, sizeof(*pp));
1174 	if (pp == NULL)
1175 		log_err(1, "calloc");
1176 	pp->pp_conf = conf;
1177 	pp->pp_name = checked_strdup(name);
1178 	pp->pp_ctl_port = ctl_port;
1179 	TAILQ_INIT(&pp->pp_ports);
1180 	TAILQ_INSERT_TAIL(&conf->conf_pports, pp, pp_next);
1181 	return (pp);
1182 }
1183 
1184 struct pport *
1185 pport_find(const struct conf *conf, const char *name)
1186 {
1187 	struct pport *pp;
1188 
1189 	TAILQ_FOREACH(pp, &conf->conf_pports, pp_next) {
1190 		if (strcasecmp(pp->pp_name, name) == 0)
1191 			return (pp);
1192 	}
1193 	return (NULL);
1194 }
1195 
1196 struct pport *
1197 pport_copy(struct pport *pp, struct conf *conf)
1198 {
1199 	struct pport *ppnew;
1200 
1201 	ppnew = pport_new(conf, pp->pp_name, pp->pp_ctl_port);
1202 	return (ppnew);
1203 }
1204 
1205 void
1206 pport_delete(struct pport *pp)
1207 {
1208 	struct port *port, *tport;
1209 
1210 	TAILQ_FOREACH_SAFE(port, &pp->pp_ports, p_ts, tport)
1211 		port_delete(port);
1212 	TAILQ_REMOVE(&pp->pp_conf->conf_pports, pp, pp_next);
1213 	free(pp->pp_name);
1214 	free(pp);
1215 }
1216 
1217 struct port *
1218 port_new(struct conf *conf, struct target *target, struct portal_group *pg)
1219 {
1220 	struct port *port;
1221 	char *name;
1222 	int ret;
1223 
1224 	ret = asprintf(&name, "%s-%s", pg->pg_name, target->t_name);
1225 	if (ret <= 0)
1226 		log_err(1, "asprintf");
1227 	if (port_find(conf, name) != NULL) {
1228 		log_warnx("duplicate port \"%s\"", name);
1229 		free(name);
1230 		return (NULL);
1231 	}
1232 	port = calloc(1, sizeof(*port));
1233 	if (port == NULL)
1234 		log_err(1, "calloc");
1235 	port->p_conf = conf;
1236 	port->p_name = name;
1237 	TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next);
1238 	TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts);
1239 	port->p_target = target;
1240 	TAILQ_INSERT_TAIL(&pg->pg_ports, port, p_pgs);
1241 	port->p_portal_group = pg;
1242 	return (port);
1243 }
1244 
1245 struct port *
1246 port_new_pp(struct conf *conf, struct target *target, struct pport *pp)
1247 {
1248 	struct port *port;
1249 	char *name;
1250 	int ret;
1251 
1252 	ret = asprintf(&name, "%s-%s", pp->pp_name, target->t_name);
1253 	if (ret <= 0)
1254 		log_err(1, "asprintf");
1255 	if (port_find(conf, name) != NULL) {
1256 		log_warnx("duplicate port \"%s\"", name);
1257 		free(name);
1258 		return (NULL);
1259 	}
1260 	port = calloc(1, sizeof(*port));
1261 	if (port == NULL)
1262 		log_err(1, "calloc");
1263 	port->p_conf = conf;
1264 	port->p_name = name;
1265 	TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next);
1266 	TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts);
1267 	port->p_target = target;
1268 	TAILQ_INSERT_TAIL(&pp->pp_ports, port, p_pps);
1269 	port->p_pport = pp;
1270 	return (port);
1271 }
1272 
1273 struct port *
1274 port_find(const struct conf *conf, const char *name)
1275 {
1276 	struct port *port;
1277 
1278 	TAILQ_FOREACH(port, &conf->conf_ports, p_next) {
1279 		if (strcasecmp(port->p_name, name) == 0)
1280 			return (port);
1281 	}
1282 
1283 	return (NULL);
1284 }
1285 
1286 struct port *
1287 port_find_in_pg(const struct portal_group *pg, const char *target)
1288 {
1289 	struct port *port;
1290 
1291 	TAILQ_FOREACH(port, &pg->pg_ports, p_pgs) {
1292 		if (strcasecmp(port->p_target->t_name, target) == 0)
1293 			return (port);
1294 	}
1295 
1296 	return (NULL);
1297 }
1298 
1299 void
1300 port_delete(struct port *port)
1301 {
1302 
1303 	if (port->p_portal_group)
1304 		TAILQ_REMOVE(&port->p_portal_group->pg_ports, port, p_pgs);
1305 	if (port->p_pport)
1306 		TAILQ_REMOVE(&port->p_pport->pp_ports, port, p_pps);
1307 	if (port->p_target)
1308 		TAILQ_REMOVE(&port->p_target->t_ports, port, p_ts);
1309 	TAILQ_REMOVE(&port->p_conf->conf_ports, port, p_next);
1310 	free(port->p_name);
1311 	free(port);
1312 }
1313 
1314 int
1315 port_is_dummy(struct port *port)
1316 {
1317 
1318 	if (port->p_portal_group) {
1319 		if (port->p_portal_group->pg_foreign)
1320 			return (1);
1321 		if (TAILQ_EMPTY(&port->p_portal_group->pg_portals))
1322 			return (1);
1323 	}
1324 	return (0);
1325 }
1326 
1327 struct target *
1328 target_new(struct conf *conf, const char *name)
1329 {
1330 	struct target *targ;
1331 	int i, len;
1332 
1333 	targ = target_find(conf, name);
1334 	if (targ != NULL) {
1335 		log_warnx("duplicated target \"%s\"", name);
1336 		return (NULL);
1337 	}
1338 	if (valid_iscsi_name(name) == false) {
1339 		log_warnx("target name \"%s\" is invalid", name);
1340 		return (NULL);
1341 	}
1342 	targ = calloc(1, sizeof(*targ));
1343 	if (targ == NULL)
1344 		log_err(1, "calloc");
1345 	targ->t_name = checked_strdup(name);
1346 
1347 	/*
1348 	 * RFC 3722 requires us to normalize the name to lowercase.
1349 	 */
1350 	len = strlen(name);
1351 	for (i = 0; i < len; i++)
1352 		targ->t_name[i] = tolower(targ->t_name[i]);
1353 
1354 	targ->t_conf = conf;
1355 	TAILQ_INIT(&targ->t_ports);
1356 	TAILQ_INSERT_TAIL(&conf->conf_targets, targ, t_next);
1357 
1358 	return (targ);
1359 }
1360 
1361 void
1362 target_delete(struct target *targ)
1363 {
1364 	struct port *port, *tport;
1365 
1366 	TAILQ_FOREACH_SAFE(port, &targ->t_ports, p_ts, tport)
1367 		port_delete(port);
1368 	TAILQ_REMOVE(&targ->t_conf->conf_targets, targ, t_next);
1369 
1370 	free(targ->t_name);
1371 	free(targ->t_redirection);
1372 	free(targ);
1373 }
1374 
1375 struct target *
1376 target_find(struct conf *conf, const char *name)
1377 {
1378 	struct target *targ;
1379 
1380 	TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1381 		if (strcasecmp(targ->t_name, name) == 0)
1382 			return (targ);
1383 	}
1384 
1385 	return (NULL);
1386 }
1387 
1388 int
1389 target_set_redirection(struct target *target, const char *addr)
1390 {
1391 
1392 	if (target->t_redirection != NULL) {
1393 		log_warnx("cannot set redirection to \"%s\" for "
1394 		    "target \"%s\"; already defined",
1395 		    addr, target->t_name);
1396 		return (1);
1397 	}
1398 
1399 	target->t_redirection = checked_strdup(addr);
1400 
1401 	return (0);
1402 }
1403 
1404 struct lun *
1405 lun_new(struct conf *conf, const char *name)
1406 {
1407 	struct lun *lun;
1408 
1409 	lun = lun_find(conf, name);
1410 	if (lun != NULL) {
1411 		log_warnx("duplicated lun \"%s\"", name);
1412 		return (NULL);
1413 	}
1414 
1415 	lun = calloc(1, sizeof(*lun));
1416 	if (lun == NULL)
1417 		log_err(1, "calloc");
1418 	lun->l_conf = conf;
1419 	lun->l_name = checked_strdup(name);
1420 	TAILQ_INIT(&lun->l_options);
1421 	TAILQ_INSERT_TAIL(&conf->conf_luns, lun, l_next);
1422 	lun->l_ctl_lun = -1;
1423 
1424 	return (lun);
1425 }
1426 
1427 void
1428 lun_delete(struct lun *lun)
1429 {
1430 	struct target *targ;
1431 	struct option *o, *tmp;
1432 	int i;
1433 
1434 	TAILQ_FOREACH(targ, &lun->l_conf->conf_targets, t_next) {
1435 		for (i = 0; i < MAX_LUNS; i++) {
1436 			if (targ->t_luns[i] == lun)
1437 				targ->t_luns[i] = NULL;
1438 		}
1439 	}
1440 	TAILQ_REMOVE(&lun->l_conf->conf_luns, lun, l_next);
1441 
1442 	TAILQ_FOREACH_SAFE(o, &lun->l_options, o_next, tmp)
1443 		option_delete(&lun->l_options, o);
1444 	free(lun->l_name);
1445 	free(lun->l_backend);
1446 	free(lun->l_device_id);
1447 	free(lun->l_path);
1448 	free(lun->l_scsiname);
1449 	free(lun->l_serial);
1450 	free(lun);
1451 }
1452 
1453 struct lun *
1454 lun_find(const struct conf *conf, const char *name)
1455 {
1456 	struct lun *lun;
1457 
1458 	TAILQ_FOREACH(lun, &conf->conf_luns, l_next) {
1459 		if (strcmp(lun->l_name, name) == 0)
1460 			return (lun);
1461 	}
1462 
1463 	return (NULL);
1464 }
1465 
1466 void
1467 lun_set_backend(struct lun *lun, const char *value)
1468 {
1469 	free(lun->l_backend);
1470 	lun->l_backend = checked_strdup(value);
1471 }
1472 
1473 void
1474 lun_set_blocksize(struct lun *lun, size_t value)
1475 {
1476 
1477 	lun->l_blocksize = value;
1478 }
1479 
1480 void
1481 lun_set_device_type(struct lun *lun, uint8_t value)
1482 {
1483 
1484 	lun->l_device_type = value;
1485 }
1486 
1487 void
1488 lun_set_device_id(struct lun *lun, const char *value)
1489 {
1490 	free(lun->l_device_id);
1491 	lun->l_device_id = checked_strdup(value);
1492 }
1493 
1494 void
1495 lun_set_path(struct lun *lun, const char *value)
1496 {
1497 	free(lun->l_path);
1498 	lun->l_path = checked_strdup(value);
1499 }
1500 
1501 void
1502 lun_set_scsiname(struct lun *lun, const char *value)
1503 {
1504 	free(lun->l_scsiname);
1505 	lun->l_scsiname = checked_strdup(value);
1506 }
1507 
1508 void
1509 lun_set_serial(struct lun *lun, const char *value)
1510 {
1511 	free(lun->l_serial);
1512 	lun->l_serial = checked_strdup(value);
1513 }
1514 
1515 void
1516 lun_set_size(struct lun *lun, size_t value)
1517 {
1518 
1519 	lun->l_size = value;
1520 }
1521 
1522 void
1523 lun_set_ctl_lun(struct lun *lun, uint32_t value)
1524 {
1525 
1526 	lun->l_ctl_lun = value;
1527 }
1528 
1529 struct option *
1530 option_new(struct options *options, const char *name, const char *value)
1531 {
1532 	struct option *o;
1533 
1534 	o = option_find(options, name);
1535 	if (o != NULL) {
1536 		log_warnx("duplicated option \"%s\"", name);
1537 		return (NULL);
1538 	}
1539 
1540 	o = calloc(1, sizeof(*o));
1541 	if (o == NULL)
1542 		log_err(1, "calloc");
1543 	o->o_name = checked_strdup(name);
1544 	o->o_value = checked_strdup(value);
1545 	TAILQ_INSERT_TAIL(options, o, o_next);
1546 
1547 	return (o);
1548 }
1549 
1550 void
1551 option_delete(struct options *options, struct option *o)
1552 {
1553 
1554 	TAILQ_REMOVE(options, o, o_next);
1555 	free(o->o_name);
1556 	free(o->o_value);
1557 	free(o);
1558 }
1559 
1560 struct option *
1561 option_find(const struct options *options, const char *name)
1562 {
1563 	struct option *o;
1564 
1565 	TAILQ_FOREACH(o, options, o_next) {
1566 		if (strcmp(o->o_name, name) == 0)
1567 			return (o);
1568 	}
1569 
1570 	return (NULL);
1571 }
1572 
1573 void
1574 option_set(struct option *o, const char *value)
1575 {
1576 
1577 	free(o->o_value);
1578 	o->o_value = checked_strdup(value);
1579 }
1580 
1581 static struct connection *
1582 connection_new(struct portal *portal, int fd, const char *host,
1583     const struct sockaddr *client_sa)
1584 {
1585 	struct connection *conn;
1586 
1587 	conn = calloc(1, sizeof(*conn));
1588 	if (conn == NULL)
1589 		log_err(1, "calloc");
1590 	conn->conn_portal = portal;
1591 	conn->conn_socket = fd;
1592 	conn->conn_initiator_addr = checked_strdup(host);
1593 	memcpy(&conn->conn_initiator_sa, client_sa, client_sa->sa_len);
1594 
1595 	/*
1596 	 * Default values, from RFC 3720, section 12.
1597 	 */
1598 	conn->conn_max_recv_data_segment_length = 8192;
1599 	conn->conn_max_send_data_segment_length = 8192;
1600 	conn->conn_max_burst_length = 262144;
1601 	conn->conn_first_burst_length = 65536;
1602 	conn->conn_immediate_data = true;
1603 
1604 	return (conn);
1605 }
1606 
1607 #if 0
1608 static void
1609 conf_print(struct conf *conf)
1610 {
1611 	struct auth_group *ag;
1612 	struct auth *auth;
1613 	struct auth_name *auth_name;
1614 	struct auth_portal *auth_portal;
1615 	struct portal_group *pg;
1616 	struct portal *portal;
1617 	struct target *targ;
1618 	struct lun *lun;
1619 	struct option *o;
1620 
1621 	TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
1622 		fprintf(stderr, "auth-group %s {\n", ag->ag_name);
1623 		TAILQ_FOREACH(auth, &ag->ag_auths, a_next)
1624 			fprintf(stderr, "\t chap-mutual %s %s %s %s\n",
1625 			    auth->a_user, auth->a_secret,
1626 			    auth->a_mutual_user, auth->a_mutual_secret);
1627 		TAILQ_FOREACH(auth_name, &ag->ag_names, an_next)
1628 			fprintf(stderr, "\t initiator-name %s\n",
1629 			    auth_name->an_initator_name);
1630 		TAILQ_FOREACH(auth_portal, &ag->ag_portals, an_next)
1631 			fprintf(stderr, "\t initiator-portal %s\n",
1632 			    auth_portal->an_initator_portal);
1633 		fprintf(stderr, "}\n");
1634 	}
1635 	TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1636 		fprintf(stderr, "portal-group %s {\n", pg->pg_name);
1637 		TAILQ_FOREACH(portal, &pg->pg_portals, p_next)
1638 			fprintf(stderr, "\t listen %s\n", portal->p_listen);
1639 		fprintf(stderr, "}\n");
1640 	}
1641 	TAILQ_FOREACH(lun, &conf->conf_luns, l_next) {
1642 		fprintf(stderr, "\tlun %s {\n", lun->l_name);
1643 		fprintf(stderr, "\t\tpath %s\n", lun->l_path);
1644 		TAILQ_FOREACH(o, &lun->l_options, o_next)
1645 			fprintf(stderr, "\t\toption %s %s\n",
1646 			    lo->o_name, lo->o_value);
1647 		fprintf(stderr, "\t}\n");
1648 	}
1649 	TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1650 		fprintf(stderr, "target %s {\n", targ->t_name);
1651 		if (targ->t_alias != NULL)
1652 			fprintf(stderr, "\t alias %s\n", targ->t_alias);
1653 		fprintf(stderr, "}\n");
1654 	}
1655 }
1656 #endif
1657 
1658 static int
1659 conf_verify_lun(struct lun *lun)
1660 {
1661 	const struct lun *lun2;
1662 
1663 	if (lun->l_backend == NULL)
1664 		lun_set_backend(lun, "block");
1665 	if (strcmp(lun->l_backend, "block") == 0) {
1666 		if (lun->l_path == NULL) {
1667 			log_warnx("missing path for lun \"%s\"",
1668 			    lun->l_name);
1669 			return (1);
1670 		}
1671 	} else if (strcmp(lun->l_backend, "ramdisk") == 0) {
1672 		if (lun->l_size == 0) {
1673 			log_warnx("missing size for ramdisk-backed lun \"%s\"",
1674 			    lun->l_name);
1675 			return (1);
1676 		}
1677 		if (lun->l_path != NULL) {
1678 			log_warnx("path must not be specified "
1679 			    "for ramdisk-backed lun \"%s\"",
1680 			    lun->l_name);
1681 			return (1);
1682 		}
1683 	}
1684 	if (lun->l_blocksize == 0) {
1685 		if (lun->l_device_type == 5)
1686 			lun_set_blocksize(lun, DEFAULT_CD_BLOCKSIZE);
1687 		else
1688 			lun_set_blocksize(lun, DEFAULT_BLOCKSIZE);
1689 	} else if (lun->l_blocksize < 0) {
1690 		log_warnx("invalid blocksize for lun \"%s\"; "
1691 		    "must be larger than 0", lun->l_name);
1692 		return (1);
1693 	}
1694 	if (lun->l_size != 0 && lun->l_size % lun->l_blocksize != 0) {
1695 		log_warnx("invalid size for lun \"%s\"; "
1696 		    "must be multiple of blocksize", lun->l_name);
1697 		return (1);
1698 	}
1699 	TAILQ_FOREACH(lun2, &lun->l_conf->conf_luns, l_next) {
1700 		if (lun == lun2)
1701 			continue;
1702 		if (lun->l_path != NULL && lun2->l_path != NULL &&
1703 		    strcmp(lun->l_path, lun2->l_path) == 0) {
1704 			log_debugx("WARNING: path \"%s\" duplicated "
1705 			    "between lun \"%s\", and "
1706 			    "lun \"%s\"", lun->l_path,
1707 			    lun->l_name, lun2->l_name);
1708 		}
1709 	}
1710 
1711 	return (0);
1712 }
1713 
1714 int
1715 conf_verify(struct conf *conf)
1716 {
1717 	struct auth_group *ag;
1718 	struct portal_group *pg;
1719 	struct port *port;
1720 	struct target *targ;
1721 	struct lun *lun;
1722 	bool found;
1723 	int error, i;
1724 
1725 	if (conf->conf_pidfile_path == NULL)
1726 		conf->conf_pidfile_path = checked_strdup(DEFAULT_PIDFILE);
1727 
1728 	TAILQ_FOREACH(lun, &conf->conf_luns, l_next) {
1729 		error = conf_verify_lun(lun);
1730 		if (error != 0)
1731 			return (error);
1732 	}
1733 	TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1734 		if (targ->t_auth_group == NULL) {
1735 			targ->t_auth_group = auth_group_find(conf,
1736 			    "default");
1737 			assert(targ->t_auth_group != NULL);
1738 		}
1739 		if (TAILQ_EMPTY(&targ->t_ports)) {
1740 			pg = portal_group_find(conf, "default");
1741 			assert(pg != NULL);
1742 			port_new(conf, targ, pg);
1743 		}
1744 		found = false;
1745 		for (i = 0; i < MAX_LUNS; i++) {
1746 			if (targ->t_luns[i] != NULL)
1747 				found = true;
1748 		}
1749 		if (!found && targ->t_redirection == NULL) {
1750 			log_warnx("no LUNs defined for target \"%s\"",
1751 			    targ->t_name);
1752 		}
1753 		if (found && targ->t_redirection != NULL) {
1754 			log_debugx("target \"%s\" contains luns, "
1755 			    " but configured for redirection",
1756 			    targ->t_name);
1757 		}
1758 	}
1759 	TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1760 		assert(pg->pg_name != NULL);
1761 		if (pg->pg_discovery_auth_group == NULL) {
1762 			pg->pg_discovery_auth_group =
1763 			    auth_group_find(conf, "default");
1764 			assert(pg->pg_discovery_auth_group != NULL);
1765 		}
1766 
1767 		if (pg->pg_discovery_filter == PG_FILTER_UNKNOWN)
1768 			pg->pg_discovery_filter = PG_FILTER_NONE;
1769 
1770 		if (pg->pg_redirection != NULL) {
1771 			if (!TAILQ_EMPTY(&pg->pg_ports)) {
1772 				log_debugx("portal-group \"%s\" assigned "
1773 				    "to target, but configured "
1774 				    "for redirection",
1775 				    pg->pg_name);
1776 			}
1777 			pg->pg_unassigned = false;
1778 		} else if (!TAILQ_EMPTY(&pg->pg_ports)) {
1779 			pg->pg_unassigned = false;
1780 		} else {
1781 			if (strcmp(pg->pg_name, "default") != 0)
1782 				log_warnx("portal-group \"%s\" not assigned "
1783 				    "to any target", pg->pg_name);
1784 			pg->pg_unassigned = true;
1785 		}
1786 	}
1787 	TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
1788 		if (ag->ag_name == NULL)
1789 			assert(ag->ag_target != NULL);
1790 		else
1791 			assert(ag->ag_target == NULL);
1792 
1793 		found = false;
1794 		TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1795 			if (targ->t_auth_group == ag) {
1796 				found = true;
1797 				break;
1798 			}
1799 		}
1800 		TAILQ_FOREACH(port, &conf->conf_ports, p_next) {
1801 			if (port->p_auth_group == ag) {
1802 				found = true;
1803 				break;
1804 			}
1805 		}
1806 		TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1807 			if (pg->pg_discovery_auth_group == ag) {
1808 				found = true;
1809 				break;
1810 			}
1811 		}
1812 		if (!found && ag->ag_name != NULL &&
1813 		    strcmp(ag->ag_name, "default") != 0 &&
1814 		    strcmp(ag->ag_name, "no-authentication") != 0 &&
1815 		    strcmp(ag->ag_name, "no-access") != 0) {
1816 			log_warnx("auth-group \"%s\" not assigned "
1817 			    "to any target", ag->ag_name);
1818 		}
1819 	}
1820 
1821 	return (0);
1822 }
1823 
1824 static int
1825 conf_apply(struct conf *oldconf, struct conf *newconf)
1826 {
1827 	struct lun *oldlun, *newlun, *tmplun;
1828 	struct portal_group *oldpg, *newpg;
1829 	struct portal *oldp, *newp;
1830 	struct port *oldport, *newport, *tmpport;
1831 	struct isns *oldns, *newns;
1832 	pid_t otherpid;
1833 	int changed, cumulated_error = 0, error, sockbuf;
1834 	int one = 1;
1835 
1836 	if (oldconf->conf_debug != newconf->conf_debug) {
1837 		log_debugx("changing debug level to %d", newconf->conf_debug);
1838 		log_init(newconf->conf_debug);
1839 	}
1840 
1841 	if (oldconf->conf_pidfh != NULL) {
1842 		assert(oldconf->conf_pidfile_path != NULL);
1843 		if (newconf->conf_pidfile_path != NULL &&
1844 		    strcmp(oldconf->conf_pidfile_path,
1845 		    newconf->conf_pidfile_path) == 0) {
1846 			newconf->conf_pidfh = oldconf->conf_pidfh;
1847 			oldconf->conf_pidfh = NULL;
1848 		} else {
1849 			log_debugx("removing pidfile %s",
1850 			    oldconf->conf_pidfile_path);
1851 			pidfile_remove(oldconf->conf_pidfh);
1852 			oldconf->conf_pidfh = NULL;
1853 		}
1854 	}
1855 
1856 	if (newconf->conf_pidfh == NULL && newconf->conf_pidfile_path != NULL) {
1857 		log_debugx("opening pidfile %s", newconf->conf_pidfile_path);
1858 		newconf->conf_pidfh =
1859 		    pidfile_open(newconf->conf_pidfile_path, 0600, &otherpid);
1860 		if (newconf->conf_pidfh == NULL) {
1861 			if (errno == EEXIST)
1862 				log_errx(1, "daemon already running, pid: %jd.",
1863 				    (intmax_t)otherpid);
1864 			log_err(1, "cannot open or create pidfile \"%s\"",
1865 			    newconf->conf_pidfile_path);
1866 		}
1867 	}
1868 
1869 	/*
1870 	 * Go through the new portal groups, assigning tags or preserving old.
1871 	 */
1872 	TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) {
1873 		if (newpg->pg_tag != 0)
1874 			continue;
1875 		oldpg = portal_group_find(oldconf, newpg->pg_name);
1876 		if (oldpg != NULL)
1877 			newpg->pg_tag = oldpg->pg_tag;
1878 		else
1879 			newpg->pg_tag = ++last_portal_group_tag;
1880 	}
1881 
1882 	/* Deregister on removed iSNS servers. */
1883 	TAILQ_FOREACH(oldns, &oldconf->conf_isns, i_next) {
1884 		TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) {
1885 			if (strcmp(oldns->i_addr, newns->i_addr) == 0)
1886 				break;
1887 		}
1888 		if (newns == NULL)
1889 			isns_deregister(oldns);
1890 	}
1891 
1892 	/*
1893 	 * XXX: If target or lun removal fails, we should somehow "move"
1894 	 *      the old lun or target into newconf, so that subsequent
1895 	 *      conf_apply() would try to remove them again.  That would
1896 	 *      be somewhat hairy, though, and lun deletion failures don't
1897 	 *      really happen, so leave it as it is for now.
1898 	 */
1899 	/*
1900 	 * First, remove any ports present in the old configuration
1901 	 * and missing in the new one.
1902 	 */
1903 	TAILQ_FOREACH_SAFE(oldport, &oldconf->conf_ports, p_next, tmpport) {
1904 		if (port_is_dummy(oldport))
1905 			continue;
1906 		newport = port_find(newconf, oldport->p_name);
1907 		if (newport != NULL && !port_is_dummy(newport))
1908 			continue;
1909 		log_debugx("removing port \"%s\"", oldport->p_name);
1910 		error = kernel_port_remove(oldport);
1911 		if (error != 0) {
1912 			log_warnx("failed to remove port %s",
1913 			    oldport->p_name);
1914 			/*
1915 			 * XXX: Uncomment after fixing the root cause.
1916 			 *
1917 			 * cumulated_error++;
1918 			 */
1919 		}
1920 	}
1921 
1922 	/*
1923 	 * Second, remove any LUNs present in the old configuration
1924 	 * and missing in the new one.
1925 	 */
1926 	TAILQ_FOREACH_SAFE(oldlun, &oldconf->conf_luns, l_next, tmplun) {
1927 		newlun = lun_find(newconf, oldlun->l_name);
1928 		if (newlun == NULL) {
1929 			log_debugx("lun \"%s\", CTL lun %d "
1930 			    "not found in new configuration; "
1931 			    "removing", oldlun->l_name, oldlun->l_ctl_lun);
1932 			error = kernel_lun_remove(oldlun);
1933 			if (error != 0) {
1934 				log_warnx("failed to remove lun \"%s\", "
1935 				    "CTL lun %d",
1936 				    oldlun->l_name, oldlun->l_ctl_lun);
1937 				cumulated_error++;
1938 			}
1939 			continue;
1940 		}
1941 
1942 		/*
1943 		 * Also remove the LUNs changed by more than size.
1944 		 */
1945 		changed = 0;
1946 		assert(oldlun->l_backend != NULL);
1947 		assert(newlun->l_backend != NULL);
1948 		if (strcmp(newlun->l_backend, oldlun->l_backend) != 0) {
1949 			log_debugx("backend for lun \"%s\", "
1950 			    "CTL lun %d changed; removing",
1951 			    oldlun->l_name, oldlun->l_ctl_lun);
1952 			changed = 1;
1953 		}
1954 		if (oldlun->l_blocksize != newlun->l_blocksize) {
1955 			log_debugx("blocksize for lun \"%s\", "
1956 			    "CTL lun %d changed; removing",
1957 			    oldlun->l_name, oldlun->l_ctl_lun);
1958 			changed = 1;
1959 		}
1960 		if (newlun->l_device_id != NULL &&
1961 		    (oldlun->l_device_id == NULL ||
1962 		     strcmp(oldlun->l_device_id, newlun->l_device_id) !=
1963 		     0)) {
1964 			log_debugx("device-id for lun \"%s\", "
1965 			    "CTL lun %d changed; removing",
1966 			    oldlun->l_name, oldlun->l_ctl_lun);
1967 			changed = 1;
1968 		}
1969 		if (newlun->l_path != NULL &&
1970 		    (oldlun->l_path == NULL ||
1971 		     strcmp(oldlun->l_path, newlun->l_path) != 0)) {
1972 			log_debugx("path for lun \"%s\", "
1973 			    "CTL lun %d, changed; removing",
1974 			    oldlun->l_name, oldlun->l_ctl_lun);
1975 			changed = 1;
1976 		}
1977 		if (newlun->l_serial != NULL &&
1978 		    (oldlun->l_serial == NULL ||
1979 		     strcmp(oldlun->l_serial, newlun->l_serial) != 0)) {
1980 			log_debugx("serial for lun \"%s\", "
1981 			    "CTL lun %d changed; removing",
1982 			    oldlun->l_name, oldlun->l_ctl_lun);
1983 			changed = 1;
1984 		}
1985 		if (changed) {
1986 			error = kernel_lun_remove(oldlun);
1987 			if (error != 0) {
1988 				log_warnx("failed to remove lun \"%s\", "
1989 				    "CTL lun %d",
1990 				    oldlun->l_name, oldlun->l_ctl_lun);
1991 				cumulated_error++;
1992 			}
1993 			lun_delete(oldlun);
1994 			continue;
1995 		}
1996 
1997 		lun_set_ctl_lun(newlun, oldlun->l_ctl_lun);
1998 	}
1999 
2000 	TAILQ_FOREACH_SAFE(newlun, &newconf->conf_luns, l_next, tmplun) {
2001 		oldlun = lun_find(oldconf, newlun->l_name);
2002 		if (oldlun != NULL) {
2003 			log_debugx("modifying lun \"%s\", CTL lun %d",
2004 			    newlun->l_name, newlun->l_ctl_lun);
2005 			error = kernel_lun_modify(newlun);
2006 			if (error != 0) {
2007 				log_warnx("failed to "
2008 				    "modify lun \"%s\", CTL lun %d",
2009 				    newlun->l_name, newlun->l_ctl_lun);
2010 				cumulated_error++;
2011 			}
2012 			continue;
2013 		}
2014 		log_debugx("adding lun \"%s\"", newlun->l_name);
2015 		error = kernel_lun_add(newlun);
2016 		if (error != 0) {
2017 			log_warnx("failed to add lun \"%s\"", newlun->l_name);
2018 			lun_delete(newlun);
2019 			cumulated_error++;
2020 		}
2021 	}
2022 
2023 	/*
2024 	 * Now add new ports or modify existing ones.
2025 	 */
2026 	TAILQ_FOREACH(newport, &newconf->conf_ports, p_next) {
2027 		if (port_is_dummy(newport))
2028 			continue;
2029 		oldport = port_find(oldconf, newport->p_name);
2030 
2031 		if (oldport == NULL || port_is_dummy(oldport)) {
2032 			log_debugx("adding port \"%s\"", newport->p_name);
2033 			error = kernel_port_add(newport);
2034 		} else {
2035 			log_debugx("updating port \"%s\"", newport->p_name);
2036 			newport->p_ctl_port = oldport->p_ctl_port;
2037 			error = kernel_port_update(newport, oldport);
2038 		}
2039 		if (error != 0) {
2040 			log_warnx("failed to %s port %s",
2041 			    (oldport == NULL) ? "add" : "update",
2042 			    newport->p_name);
2043 			/*
2044 			 * XXX: Uncomment after fixing the root cause.
2045 			 *
2046 			 * cumulated_error++;
2047 			 */
2048 		}
2049 	}
2050 
2051 	/*
2052 	 * Go through the new portals, opening the sockets as necessary.
2053 	 */
2054 	TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) {
2055 		if (newpg->pg_foreign)
2056 			continue;
2057 		if (newpg->pg_unassigned) {
2058 			log_debugx("not listening on portal-group \"%s\", "
2059 			    "not assigned to any target",
2060 			    newpg->pg_name);
2061 			continue;
2062 		}
2063 		TAILQ_FOREACH(newp, &newpg->pg_portals, p_next) {
2064 			/*
2065 			 * Try to find already open portal and reuse
2066 			 * the listening socket.  We don't care about
2067 			 * what portal or portal group that was, what
2068 			 * matters is the listening address.
2069 			 */
2070 			TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups,
2071 			    pg_next) {
2072 				TAILQ_FOREACH(oldp, &oldpg->pg_portals,
2073 				    p_next) {
2074 					if (strcmp(newp->p_listen,
2075 					    oldp->p_listen) == 0 &&
2076 					    oldp->p_socket > 0) {
2077 						newp->p_socket =
2078 						    oldp->p_socket;
2079 						oldp->p_socket = 0;
2080 						break;
2081 					}
2082 				}
2083 			}
2084 			if (newp->p_socket > 0) {
2085 				/*
2086 				 * We're done with this portal.
2087 				 */
2088 				continue;
2089 			}
2090 
2091 #ifdef ICL_KERNEL_PROXY
2092 			if (proxy_mode) {
2093 				newpg->pg_conf->conf_portal_id++;
2094 				newp->p_id = newpg->pg_conf->conf_portal_id;
2095 				log_debugx("listening on %s, portal-group "
2096 				    "\"%s\", portal id %d, using ICL proxy",
2097 				    newp->p_listen, newpg->pg_name, newp->p_id);
2098 				kernel_listen(newp->p_ai, newp->p_iser,
2099 				    newp->p_id);
2100 				continue;
2101 			}
2102 #endif
2103 			assert(proxy_mode == false);
2104 			assert(newp->p_iser == false);
2105 
2106 			log_debugx("listening on %s, portal-group \"%s\"",
2107 			    newp->p_listen, newpg->pg_name);
2108 			newp->p_socket = socket(newp->p_ai->ai_family,
2109 			    newp->p_ai->ai_socktype,
2110 			    newp->p_ai->ai_protocol);
2111 			if (newp->p_socket < 0) {
2112 				log_warn("socket(2) failed for %s",
2113 				    newp->p_listen);
2114 				cumulated_error++;
2115 				continue;
2116 			}
2117 			sockbuf = SOCKBUF_SIZE;
2118 			if (setsockopt(newp->p_socket, SOL_SOCKET, SO_RCVBUF,
2119 			    &sockbuf, sizeof(sockbuf)) == -1)
2120 				log_warn("setsockopt(SO_RCVBUF) failed "
2121 				    "for %s", newp->p_listen);
2122 			sockbuf = SOCKBUF_SIZE;
2123 			if (setsockopt(newp->p_socket, SOL_SOCKET, SO_SNDBUF,
2124 			    &sockbuf, sizeof(sockbuf)) == -1)
2125 				log_warn("setsockopt(SO_SNDBUF) failed "
2126 				    "for %s", newp->p_listen);
2127 			error = setsockopt(newp->p_socket, SOL_SOCKET,
2128 			    SO_REUSEADDR, &one, sizeof(one));
2129 			if (error != 0) {
2130 				log_warn("setsockopt(SO_REUSEADDR) failed "
2131 				    "for %s", newp->p_listen);
2132 				close(newp->p_socket);
2133 				newp->p_socket = 0;
2134 				cumulated_error++;
2135 				continue;
2136 			}
2137 			error = bind(newp->p_socket, newp->p_ai->ai_addr,
2138 			    newp->p_ai->ai_addrlen);
2139 			if (error != 0) {
2140 				log_warn("bind(2) failed for %s",
2141 				    newp->p_listen);
2142 				close(newp->p_socket);
2143 				newp->p_socket = 0;
2144 				cumulated_error++;
2145 				continue;
2146 			}
2147 			error = listen(newp->p_socket, -1);
2148 			if (error != 0) {
2149 				log_warn("listen(2) failed for %s",
2150 				    newp->p_listen);
2151 				close(newp->p_socket);
2152 				newp->p_socket = 0;
2153 				cumulated_error++;
2154 				continue;
2155 			}
2156 		}
2157 	}
2158 
2159 	/*
2160 	 * Go through the no longer used sockets, closing them.
2161 	 */
2162 	TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, pg_next) {
2163 		TAILQ_FOREACH(oldp, &oldpg->pg_portals, p_next) {
2164 			if (oldp->p_socket <= 0)
2165 				continue;
2166 			log_debugx("closing socket for %s, portal-group \"%s\"",
2167 			    oldp->p_listen, oldpg->pg_name);
2168 			close(oldp->p_socket);
2169 			oldp->p_socket = 0;
2170 		}
2171 	}
2172 
2173 	/* (Re-)Register on remaining/new iSNS servers. */
2174 	TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) {
2175 		TAILQ_FOREACH(oldns, &oldconf->conf_isns, i_next) {
2176 			if (strcmp(oldns->i_addr, newns->i_addr) == 0)
2177 				break;
2178 		}
2179 		isns_register(newns, oldns);
2180 	}
2181 
2182 	/* Schedule iSNS update */
2183 	if (!TAILQ_EMPTY(&newconf->conf_isns))
2184 		set_timeout((newconf->conf_isns_period + 2) / 3, false);
2185 
2186 	return (cumulated_error);
2187 }
2188 
2189 bool
2190 timed_out(void)
2191 {
2192 
2193 	return (sigalrm_received);
2194 }
2195 
2196 static void
2197 sigalrm_handler_fatal(int dummy __unused)
2198 {
2199 	/*
2200 	 * It would be easiest to just log an error and exit.  We can't
2201 	 * do this, though, because log_errx() is not signal safe, since
2202 	 * it calls syslog(3).  Instead, set a flag checked by pdu_send()
2203 	 * and pdu_receive(), to call log_errx() there.  Should they fail
2204 	 * to notice, we'll exit here one second later.
2205 	 */
2206 	if (sigalrm_received) {
2207 		/*
2208 		 * Oh well.  Just give up and quit.
2209 		 */
2210 		_exit(2);
2211 	}
2212 
2213 	sigalrm_received = true;
2214 }
2215 
2216 static void
2217 sigalrm_handler(int dummy __unused)
2218 {
2219 
2220 	sigalrm_received = true;
2221 }
2222 
2223 void
2224 set_timeout(int timeout, int fatal)
2225 {
2226 	struct sigaction sa;
2227 	struct itimerval itv;
2228 	int error;
2229 
2230 	if (timeout <= 0) {
2231 		log_debugx("session timeout disabled");
2232 		bzero(&itv, sizeof(itv));
2233 		error = setitimer(ITIMER_REAL, &itv, NULL);
2234 		if (error != 0)
2235 			log_err(1, "setitimer");
2236 		sigalrm_received = false;
2237 		return;
2238 	}
2239 
2240 	sigalrm_received = false;
2241 	bzero(&sa, sizeof(sa));
2242 	if (fatal)
2243 		sa.sa_handler = sigalrm_handler_fatal;
2244 	else
2245 		sa.sa_handler = sigalrm_handler;
2246 	sigfillset(&sa.sa_mask);
2247 	error = sigaction(SIGALRM, &sa, NULL);
2248 	if (error != 0)
2249 		log_err(1, "sigaction");
2250 
2251 	/*
2252 	 * First SIGALRM will arive after conf_timeout seconds.
2253 	 * If we do nothing, another one will arrive a second later.
2254 	 */
2255 	log_debugx("setting session timeout to %d seconds", timeout);
2256 	bzero(&itv, sizeof(itv));
2257 	itv.it_interval.tv_sec = 1;
2258 	itv.it_value.tv_sec = timeout;
2259 	error = setitimer(ITIMER_REAL, &itv, NULL);
2260 	if (error != 0)
2261 		log_err(1, "setitimer");
2262 }
2263 
2264 static int
2265 wait_for_children(bool block)
2266 {
2267 	pid_t pid;
2268 	int status;
2269 	int num = 0;
2270 
2271 	for (;;) {
2272 		/*
2273 		 * If "block" is true, wait for at least one process.
2274 		 */
2275 		if (block && num == 0)
2276 			pid = wait4(-1, &status, 0, NULL);
2277 		else
2278 			pid = wait4(-1, &status, WNOHANG, NULL);
2279 		if (pid <= 0)
2280 			break;
2281 		if (WIFSIGNALED(status)) {
2282 			log_warnx("child process %d terminated with signal %d",
2283 			    pid, WTERMSIG(status));
2284 		} else if (WEXITSTATUS(status) != 0) {
2285 			log_warnx("child process %d terminated with exit status %d",
2286 			    pid, WEXITSTATUS(status));
2287 		} else {
2288 			log_debugx("child process %d terminated gracefully", pid);
2289 		}
2290 		num++;
2291 	}
2292 
2293 	return (num);
2294 }
2295 
2296 static void
2297 handle_connection(struct portal *portal, int fd,
2298     const struct sockaddr *client_sa, bool dont_fork)
2299 {
2300 	struct connection *conn;
2301 	int error;
2302 	pid_t pid;
2303 	char host[NI_MAXHOST + 1];
2304 	struct conf *conf;
2305 
2306 	conf = portal->p_portal_group->pg_conf;
2307 
2308 	if (dont_fork) {
2309 		log_debugx("incoming connection; not forking due to -d flag");
2310 	} else {
2311 		nchildren -= wait_for_children(false);
2312 		assert(nchildren >= 0);
2313 
2314 		while (conf->conf_maxproc > 0 && nchildren >= conf->conf_maxproc) {
2315 			log_debugx("maxproc limit of %d child processes hit; "
2316 			    "waiting for child process to exit", conf->conf_maxproc);
2317 			nchildren -= wait_for_children(true);
2318 			assert(nchildren >= 0);
2319 		}
2320 		log_debugx("incoming connection; forking child process #%d",
2321 		    nchildren);
2322 		nchildren++;
2323 		pid = fork();
2324 		if (pid < 0)
2325 			log_err(1, "fork");
2326 		if (pid > 0) {
2327 			close(fd);
2328 			return;
2329 		}
2330 	}
2331 	pidfile_close(conf->conf_pidfh);
2332 
2333 	error = getnameinfo(client_sa, client_sa->sa_len,
2334 	    host, sizeof(host), NULL, 0, NI_NUMERICHOST);
2335 	if (error != 0)
2336 		log_errx(1, "getnameinfo: %s", gai_strerror(error));
2337 
2338 	log_debugx("accepted connection from %s; portal group \"%s\"",
2339 	    host, portal->p_portal_group->pg_name);
2340 	log_set_peer_addr(host);
2341 	setproctitle("%s", host);
2342 
2343 	conn = connection_new(portal, fd, host, client_sa);
2344 	set_timeout(conf->conf_timeout, true);
2345 	kernel_capsicate();
2346 	login(conn);
2347 	if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) {
2348 		kernel_handoff(conn);
2349 		log_debugx("connection handed off to the kernel");
2350 	} else {
2351 		assert(conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY);
2352 		discovery(conn);
2353 	}
2354 	log_debugx("nothing more to do; exiting");
2355 	exit(0);
2356 }
2357 
2358 static int
2359 fd_add(int fd, fd_set *fdset, int nfds)
2360 {
2361 
2362 	/*
2363 	 * Skip sockets which we failed to bind.
2364 	 */
2365 	if (fd <= 0)
2366 		return (nfds);
2367 
2368 	FD_SET(fd, fdset);
2369 	if (fd > nfds)
2370 		nfds = fd;
2371 	return (nfds);
2372 }
2373 
2374 static void
2375 main_loop(struct conf *conf, bool dont_fork)
2376 {
2377 	struct portal_group *pg;
2378 	struct portal *portal;
2379 	struct sockaddr_storage client_sa;
2380 	socklen_t client_salen;
2381 #ifdef ICL_KERNEL_PROXY
2382 	int connection_id;
2383 	int portal_id;
2384 #endif
2385 	fd_set fdset;
2386 	int error, nfds, client_fd;
2387 
2388 	pidfile_write(conf->conf_pidfh);
2389 
2390 	for (;;) {
2391 		if (sighup_received || sigterm_received || timed_out())
2392 			return;
2393 
2394 #ifdef ICL_KERNEL_PROXY
2395 		if (proxy_mode) {
2396 			client_salen = sizeof(client_sa);
2397 			kernel_accept(&connection_id, &portal_id,
2398 			    (struct sockaddr *)&client_sa, &client_salen);
2399 			assert(client_salen >= client_sa.ss_len);
2400 
2401 			log_debugx("incoming connection, id %d, portal id %d",
2402 			    connection_id, portal_id);
2403 			TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
2404 				TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
2405 					if (portal->p_id == portal_id) {
2406 						goto found;
2407 					}
2408 				}
2409 			}
2410 
2411 			log_errx(1, "kernel returned invalid portal_id %d",
2412 			    portal_id);
2413 
2414 found:
2415 			handle_connection(portal, connection_id,
2416 			    (struct sockaddr *)&client_sa, dont_fork);
2417 		} else {
2418 #endif
2419 			assert(proxy_mode == false);
2420 
2421 			FD_ZERO(&fdset);
2422 			nfds = 0;
2423 			TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
2424 				TAILQ_FOREACH(portal, &pg->pg_portals, p_next)
2425 					nfds = fd_add(portal->p_socket, &fdset, nfds);
2426 			}
2427 			error = select(nfds + 1, &fdset, NULL, NULL, NULL);
2428 			if (error <= 0) {
2429 				if (errno == EINTR)
2430 					return;
2431 				log_err(1, "select");
2432 			}
2433 			TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
2434 				TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
2435 					if (!FD_ISSET(portal->p_socket, &fdset))
2436 						continue;
2437 					client_salen = sizeof(client_sa);
2438 					client_fd = accept(portal->p_socket,
2439 					    (struct sockaddr *)&client_sa,
2440 					    &client_salen);
2441 					if (client_fd < 0) {
2442 						if (errno == ECONNABORTED)
2443 							continue;
2444 						log_err(1, "accept");
2445 					}
2446 					assert(client_salen >= client_sa.ss_len);
2447 
2448 					handle_connection(portal, client_fd,
2449 					    (struct sockaddr *)&client_sa,
2450 					    dont_fork);
2451 					break;
2452 				}
2453 			}
2454 #ifdef ICL_KERNEL_PROXY
2455 		}
2456 #endif
2457 	}
2458 }
2459 
2460 static void
2461 sighup_handler(int dummy __unused)
2462 {
2463 
2464 	sighup_received = true;
2465 }
2466 
2467 static void
2468 sigterm_handler(int dummy __unused)
2469 {
2470 
2471 	sigterm_received = true;
2472 }
2473 
2474 static void
2475 sigchld_handler(int dummy __unused)
2476 {
2477 
2478 	/*
2479 	 * The only purpose of this handler is to make SIGCHLD
2480 	 * interrupt the ISCSIDWAIT ioctl(2), so we can call
2481 	 * wait_for_children().
2482 	 */
2483 }
2484 
2485 static void
2486 register_signals(void)
2487 {
2488 	struct sigaction sa;
2489 	int error;
2490 
2491 	bzero(&sa, sizeof(sa));
2492 	sa.sa_handler = sighup_handler;
2493 	sigfillset(&sa.sa_mask);
2494 	error = sigaction(SIGHUP, &sa, NULL);
2495 	if (error != 0)
2496 		log_err(1, "sigaction");
2497 
2498 	sa.sa_handler = sigterm_handler;
2499 	error = sigaction(SIGTERM, &sa, NULL);
2500 	if (error != 0)
2501 		log_err(1, "sigaction");
2502 
2503 	sa.sa_handler = sigterm_handler;
2504 	error = sigaction(SIGINT, &sa, NULL);
2505 	if (error != 0)
2506 		log_err(1, "sigaction");
2507 
2508 	sa.sa_handler = sigchld_handler;
2509 	error = sigaction(SIGCHLD, &sa, NULL);
2510 	if (error != 0)
2511 		log_err(1, "sigaction");
2512 }
2513 
2514 static void
2515 check_perms(const char *path)
2516 {
2517 	struct stat sb;
2518 	int error;
2519 
2520 	error = stat(path, &sb);
2521 	if (error != 0) {
2522 		log_warn("stat");
2523 		return;
2524 	}
2525 	if (sb.st_mode & S_IWOTH) {
2526 		log_warnx("%s is world-writable", path);
2527 	} else if (sb.st_mode & S_IROTH) {
2528 		log_warnx("%s is world-readable", path);
2529 	} else if (sb.st_mode & S_IXOTH) {
2530 		/*
2531 		 * Ok, this one doesn't matter, but still do it,
2532 		 * just for consistency.
2533 		 */
2534 		log_warnx("%s is world-executable", path);
2535 	}
2536 
2537 	/*
2538 	 * XXX: Should we also check for owner != 0?
2539 	 */
2540 }
2541 
2542 static struct conf *
2543 conf_new_from_file(const char *path, struct conf *oldconf, bool ucl)
2544 {
2545 	struct conf *conf;
2546 	struct auth_group *ag;
2547 	struct portal_group *pg;
2548 	struct pport *pp;
2549 	int error;
2550 
2551 	log_debugx("obtaining configuration from %s", path);
2552 
2553 	conf = conf_new();
2554 
2555 	TAILQ_FOREACH(pp, &oldconf->conf_pports, pp_next)
2556 		pport_copy(pp, conf);
2557 
2558 	ag = auth_group_new(conf, "default");
2559 	assert(ag != NULL);
2560 
2561 	ag = auth_group_new(conf, "no-authentication");
2562 	assert(ag != NULL);
2563 	ag->ag_type = AG_TYPE_NO_AUTHENTICATION;
2564 
2565 	ag = auth_group_new(conf, "no-access");
2566 	assert(ag != NULL);
2567 	ag->ag_type = AG_TYPE_DENY;
2568 
2569 	pg = portal_group_new(conf, "default");
2570 	assert(pg != NULL);
2571 
2572 	if (ucl)
2573 		error = uclparse_conf(conf, path);
2574 	else
2575 		error = parse_conf(conf, path);
2576 
2577 	if (error != 0) {
2578 		conf_delete(conf);
2579 		return (NULL);
2580 	}
2581 
2582 	check_perms(path);
2583 
2584 	if (conf->conf_default_ag_defined == false) {
2585 		log_debugx("auth-group \"default\" not defined; "
2586 		    "going with defaults");
2587 		ag = auth_group_find(conf, "default");
2588 		assert(ag != NULL);
2589 		ag->ag_type = AG_TYPE_DENY;
2590 	}
2591 
2592 	if (conf->conf_default_pg_defined == false) {
2593 		log_debugx("portal-group \"default\" not defined; "
2594 		    "going with defaults");
2595 		pg = portal_group_find(conf, "default");
2596 		assert(pg != NULL);
2597 		portal_group_add_listen(pg, "0.0.0.0:3260", false);
2598 		portal_group_add_listen(pg, "[::]:3260", false);
2599 	}
2600 
2601 	conf->conf_kernel_port_on = true;
2602 
2603 	error = conf_verify(conf);
2604 	if (error != 0) {
2605 		conf_delete(conf);
2606 		return (NULL);
2607 	}
2608 
2609 	return (conf);
2610 }
2611 
2612 int
2613 main(int argc, char **argv)
2614 {
2615 	struct conf *oldconf, *newconf, *tmpconf;
2616 	struct isns *newns;
2617 	const char *config_path = DEFAULT_CONFIG_PATH;
2618 	int debug = 0, ch, error;
2619 	bool dont_daemonize = false;
2620 	bool use_ucl = false;
2621 
2622 	while ((ch = getopt(argc, argv, "duf:R")) != -1) {
2623 		switch (ch) {
2624 		case 'd':
2625 			dont_daemonize = true;
2626 			debug++;
2627 			break;
2628 		case 'u':
2629 			use_ucl = true;
2630 			break;
2631 		case 'f':
2632 			config_path = optarg;
2633 			break;
2634 		case 'R':
2635 #ifndef ICL_KERNEL_PROXY
2636 			log_errx(1, "ctld(8) compiled without ICL_KERNEL_PROXY "
2637 			    "does not support iSER protocol");
2638 #endif
2639 			proxy_mode = true;
2640 			break;
2641 		case '?':
2642 		default:
2643 			usage();
2644 		}
2645 	}
2646 	argc -= optind;
2647 	if (argc != 0)
2648 		usage();
2649 
2650 	log_init(debug);
2651 	kernel_init();
2652 
2653 	oldconf = conf_new_from_kernel();
2654 	newconf = conf_new_from_file(config_path, oldconf, use_ucl);
2655 
2656 	if (newconf == NULL)
2657 		log_errx(1, "configuration error; exiting");
2658 	if (debug > 0) {
2659 		oldconf->conf_debug = debug;
2660 		newconf->conf_debug = debug;
2661 	}
2662 
2663 	error = conf_apply(oldconf, newconf);
2664 	if (error != 0)
2665 		log_errx(1, "failed to apply configuration; exiting");
2666 
2667 	conf_delete(oldconf);
2668 	oldconf = NULL;
2669 
2670 	register_signals();
2671 
2672 	if (dont_daemonize == false) {
2673 		log_debugx("daemonizing");
2674 		if (daemon(0, 0) == -1) {
2675 			log_warn("cannot daemonize");
2676 			pidfile_remove(newconf->conf_pidfh);
2677 			exit(1);
2678 		}
2679 	}
2680 
2681 	/* Schedule iSNS update */
2682 	if (!TAILQ_EMPTY(&newconf->conf_isns))
2683 		set_timeout((newconf->conf_isns_period + 2) / 3, false);
2684 
2685 	for (;;) {
2686 		main_loop(newconf, dont_daemonize);
2687 		if (sighup_received) {
2688 			sighup_received = false;
2689 			log_debugx("received SIGHUP, reloading configuration");
2690 			tmpconf = conf_new_from_file(config_path, newconf,
2691 			    use_ucl);
2692 
2693 			if (tmpconf == NULL) {
2694 				log_warnx("configuration error, "
2695 				    "continuing with old configuration");
2696 			} else {
2697 				if (debug > 0)
2698 					tmpconf->conf_debug = debug;
2699 				oldconf = newconf;
2700 				newconf = tmpconf;
2701 				error = conf_apply(oldconf, newconf);
2702 				if (error != 0)
2703 					log_warnx("failed to reload "
2704 					    "configuration");
2705 				conf_delete(oldconf);
2706 				oldconf = NULL;
2707 			}
2708 		} else if (sigterm_received) {
2709 			log_debugx("exiting on signal; "
2710 			    "reloading empty configuration");
2711 
2712 			log_debugx("removing CTL iSCSI ports "
2713 			    "and terminating all connections");
2714 
2715 			oldconf = newconf;
2716 			newconf = conf_new();
2717 			if (debug > 0)
2718 				newconf->conf_debug = debug;
2719 			error = conf_apply(oldconf, newconf);
2720 			if (error != 0)
2721 				log_warnx("failed to apply configuration");
2722 			conf_delete(oldconf);
2723 			oldconf = NULL;
2724 
2725 			log_warnx("exiting on signal");
2726 			exit(0);
2727 		} else {
2728 			nchildren -= wait_for_children(false);
2729 			assert(nchildren >= 0);
2730 			if (timed_out()) {
2731 				set_timeout(0, false);
2732 				TAILQ_FOREACH(newns, &newconf->conf_isns, i_next)
2733 					isns_check(newns);
2734 				/* Schedule iSNS update */
2735 				if (!TAILQ_EMPTY(&newconf->conf_isns)) {
2736 					set_timeout((newconf->conf_isns_period
2737 					    + 2) / 3,
2738 					    false);
2739 				}
2740 			}
2741 		}
2742 	}
2743 	/* NOTREACHED */
2744 }
2745