xref: /freebsd/usr.sbin/ctld/ctld.c (revision a7941b3326a38f203dab0b92a51e549499081a08)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2012 The FreeBSD Foundation
5  *
6  * This software was developed by Edward Tomasz Napierala under sponsorship
7  * from the FreeBSD Foundation.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28  * SUCH DAMAGE.
29  *
30  */
31 
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
34 
35 #include <sys/types.h>
36 #include <sys/time.h>
37 #include <sys/socket.h>
38 #include <sys/stat.h>
39 #include <sys/wait.h>
40 #include <netinet/in.h>
41 #include <arpa/inet.h>
42 #include <assert.h>
43 #include <ctype.h>
44 #include <errno.h>
45 #include <netdb.h>
46 #include <signal.h>
47 #include <stdbool.h>
48 #include <stdio.h>
49 #include <stdint.h>
50 #include <stdlib.h>
51 #include <string.h>
52 #include <unistd.h>
53 
54 #include "ctld.h"
55 #include "isns.h"
56 
57 bool proxy_mode = false;
58 
59 static volatile bool sighup_received = false;
60 static volatile bool sigterm_received = false;
61 static volatile bool sigalrm_received = false;
62 
63 static int nchildren = 0;
64 static uint16_t last_portal_group_tag = 0xff;
65 
66 static void
67 usage(void)
68 {
69 
70 	fprintf(stderr, "usage: ctld [-d][-u][-f config-file]\n");
71 	fprintf(stderr, "       ctld -t [-u][-f config-file]\n");
72 	exit(1);
73 }
74 
75 char *
76 checked_strdup(const char *s)
77 {
78 	char *c;
79 
80 	c = strdup(s);
81 	if (c == NULL)
82 		log_err(1, "strdup");
83 	return (c);
84 }
85 
86 struct conf *
87 conf_new(void)
88 {
89 	struct conf *conf;
90 
91 	conf = calloc(1, sizeof(*conf));
92 	if (conf == NULL)
93 		log_err(1, "calloc");
94 	TAILQ_INIT(&conf->conf_luns);
95 	TAILQ_INIT(&conf->conf_targets);
96 	TAILQ_INIT(&conf->conf_auth_groups);
97 	TAILQ_INIT(&conf->conf_ports);
98 	TAILQ_INIT(&conf->conf_portal_groups);
99 	TAILQ_INIT(&conf->conf_pports);
100 	TAILQ_INIT(&conf->conf_isns);
101 
102 	conf->conf_isns_period = 900;
103 	conf->conf_isns_timeout = 5;
104 	conf->conf_debug = 0;
105 	conf->conf_timeout = 60;
106 	conf->conf_maxproc = 30;
107 
108 	return (conf);
109 }
110 
111 void
112 conf_delete(struct conf *conf)
113 {
114 	struct lun *lun, *ltmp;
115 	struct target *targ, *tmp;
116 	struct auth_group *ag, *cagtmp;
117 	struct portal_group *pg, *cpgtmp;
118 	struct pport *pp, *pptmp;
119 	struct isns *is, *istmp;
120 
121 	assert(conf->conf_pidfh == NULL);
122 
123 	TAILQ_FOREACH_SAFE(lun, &conf->conf_luns, l_next, ltmp)
124 		lun_delete(lun);
125 	TAILQ_FOREACH_SAFE(targ, &conf->conf_targets, t_next, tmp)
126 		target_delete(targ);
127 	TAILQ_FOREACH_SAFE(ag, &conf->conf_auth_groups, ag_next, cagtmp)
128 		auth_group_delete(ag);
129 	TAILQ_FOREACH_SAFE(pg, &conf->conf_portal_groups, pg_next, cpgtmp)
130 		portal_group_delete(pg);
131 	TAILQ_FOREACH_SAFE(pp, &conf->conf_pports, pp_next, pptmp)
132 		pport_delete(pp);
133 	TAILQ_FOREACH_SAFE(is, &conf->conf_isns, i_next, istmp)
134 		isns_delete(is);
135 	assert(TAILQ_EMPTY(&conf->conf_ports));
136 	free(conf->conf_pidfile_path);
137 	free(conf);
138 }
139 
140 static struct auth *
141 auth_new(struct auth_group *ag)
142 {
143 	struct auth *auth;
144 
145 	auth = calloc(1, sizeof(*auth));
146 	if (auth == NULL)
147 		log_err(1, "calloc");
148 	auth->a_auth_group = ag;
149 	TAILQ_INSERT_TAIL(&ag->ag_auths, auth, a_next);
150 	return (auth);
151 }
152 
153 static void
154 auth_delete(struct auth *auth)
155 {
156 	TAILQ_REMOVE(&auth->a_auth_group->ag_auths, auth, a_next);
157 
158 	free(auth->a_user);
159 	free(auth->a_secret);
160 	free(auth->a_mutual_user);
161 	free(auth->a_mutual_secret);
162 	free(auth);
163 }
164 
165 const struct auth *
166 auth_find(const struct auth_group *ag, const char *user)
167 {
168 	const struct auth *auth;
169 
170 	TAILQ_FOREACH(auth, &ag->ag_auths, a_next) {
171 		if (strcmp(auth->a_user, user) == 0)
172 			return (auth);
173 	}
174 
175 	return (NULL);
176 }
177 
178 static void
179 auth_check_secret_length(struct auth *auth)
180 {
181 	size_t len;
182 
183 	len = strlen(auth->a_secret);
184 	if (len > 16) {
185 		if (auth->a_auth_group->ag_name != NULL)
186 			log_warnx("secret for user \"%s\", auth-group \"%s\", "
187 			    "is too long; it should be at most 16 characters "
188 			    "long", auth->a_user, auth->a_auth_group->ag_name);
189 		else
190 			log_warnx("secret for user \"%s\", target \"%s\", "
191 			    "is too long; it should be at most 16 characters "
192 			    "long", auth->a_user,
193 			    auth->a_auth_group->ag_target->t_name);
194 	}
195 	if (len < 12) {
196 		if (auth->a_auth_group->ag_name != NULL)
197 			log_warnx("secret for user \"%s\", auth-group \"%s\", "
198 			    "is too short; it should be at least 12 characters "
199 			    "long", auth->a_user,
200 			    auth->a_auth_group->ag_name);
201 		else
202 			log_warnx("secret for user \"%s\", target \"%s\", "
203 			    "is too short; it should be at least 12 characters "
204 			    "long", auth->a_user,
205 			    auth->a_auth_group->ag_target->t_name);
206 	}
207 
208 	if (auth->a_mutual_secret != NULL) {
209 		len = strlen(auth->a_mutual_secret);
210 		if (len > 16) {
211 			if (auth->a_auth_group->ag_name != NULL)
212 				log_warnx("mutual secret for user \"%s\", "
213 				    "auth-group \"%s\", is too long; it should "
214 				    "be at most 16 characters long",
215 				    auth->a_user, auth->a_auth_group->ag_name);
216 			else
217 				log_warnx("mutual secret for user \"%s\", "
218 				    "target \"%s\", is too long; it should "
219 				    "be at most 16 characters long",
220 				    auth->a_user,
221 				    auth->a_auth_group->ag_target->t_name);
222 		}
223 		if (len < 12) {
224 			if (auth->a_auth_group->ag_name != NULL)
225 				log_warnx("mutual secret for user \"%s\", "
226 				    "auth-group \"%s\", is too short; it "
227 				    "should be at least 12 characters long",
228 				    auth->a_user, auth->a_auth_group->ag_name);
229 			else
230 				log_warnx("mutual secret for user \"%s\", "
231 				    "target \"%s\", is too short; it should be "
232 				    "at least 12 characters long",
233 				    auth->a_user,
234 				    auth->a_auth_group->ag_target->t_name);
235 		}
236 	}
237 }
238 
239 const struct auth *
240 auth_new_chap(struct auth_group *ag, const char *user,
241     const char *secret)
242 {
243 	struct auth *auth;
244 
245 	if (ag->ag_type == AG_TYPE_UNKNOWN)
246 		ag->ag_type = AG_TYPE_CHAP;
247 	if (ag->ag_type != AG_TYPE_CHAP) {
248 		if (ag->ag_name != NULL)
249 			log_warnx("cannot mix \"chap\" authentication with "
250 			    "other types for auth-group \"%s\"", ag->ag_name);
251 		else
252 			log_warnx("cannot mix \"chap\" authentication with "
253 			    "other types for target \"%s\"",
254 			    ag->ag_target->t_name);
255 		return (NULL);
256 	}
257 
258 	auth = auth_new(ag);
259 	auth->a_user = checked_strdup(user);
260 	auth->a_secret = checked_strdup(secret);
261 
262 	auth_check_secret_length(auth);
263 
264 	return (auth);
265 }
266 
267 const struct auth *
268 auth_new_chap_mutual(struct auth_group *ag, const char *user,
269     const char *secret, const char *user2, const char *secret2)
270 {
271 	struct auth *auth;
272 
273 	if (ag->ag_type == AG_TYPE_UNKNOWN)
274 		ag->ag_type = AG_TYPE_CHAP_MUTUAL;
275 	if (ag->ag_type != AG_TYPE_CHAP_MUTUAL) {
276 		if (ag->ag_name != NULL)
277 			log_warnx("cannot mix \"chap-mutual\" authentication "
278 			    "with other types for auth-group \"%s\"",
279 			    ag->ag_name);
280 		else
281 			log_warnx("cannot mix \"chap-mutual\" authentication "
282 			    "with other types for target \"%s\"",
283 			    ag->ag_target->t_name);
284 		return (NULL);
285 	}
286 
287 	auth = auth_new(ag);
288 	auth->a_user = checked_strdup(user);
289 	auth->a_secret = checked_strdup(secret);
290 	auth->a_mutual_user = checked_strdup(user2);
291 	auth->a_mutual_secret = checked_strdup(secret2);
292 
293 	auth_check_secret_length(auth);
294 
295 	return (auth);
296 }
297 
298 const struct auth_name *
299 auth_name_new(struct auth_group *ag, const char *name)
300 {
301 	struct auth_name *an;
302 
303 	an = calloc(1, sizeof(*an));
304 	if (an == NULL)
305 		log_err(1, "calloc");
306 	an->an_auth_group = ag;
307 	an->an_initator_name = checked_strdup(name);
308 	TAILQ_INSERT_TAIL(&ag->ag_names, an, an_next);
309 	return (an);
310 }
311 
312 static void
313 auth_name_delete(struct auth_name *an)
314 {
315 	TAILQ_REMOVE(&an->an_auth_group->ag_names, an, an_next);
316 
317 	free(an->an_initator_name);
318 	free(an);
319 }
320 
321 bool
322 auth_name_defined(const struct auth_group *ag)
323 {
324 	if (TAILQ_EMPTY(&ag->ag_names))
325 		return (false);
326 	return (true);
327 }
328 
329 const struct auth_name *
330 auth_name_find(const struct auth_group *ag, const char *name)
331 {
332 	const struct auth_name *auth_name;
333 
334 	TAILQ_FOREACH(auth_name, &ag->ag_names, an_next) {
335 		if (strcmp(auth_name->an_initator_name, name) == 0)
336 			return (auth_name);
337 	}
338 
339 	return (NULL);
340 }
341 
342 int
343 auth_name_check(const struct auth_group *ag, const char *initiator_name)
344 {
345 	if (!auth_name_defined(ag))
346 		return (0);
347 
348 	if (auth_name_find(ag, initiator_name) == NULL)
349 		return (1);
350 
351 	return (0);
352 }
353 
354 const struct auth_portal *
355 auth_portal_new(struct auth_group *ag, const char *portal)
356 {
357 	struct auth_portal *ap;
358 	char *net, *mask, *str, *tmp;
359 	int len, dm, m;
360 
361 	ap = calloc(1, sizeof(*ap));
362 	if (ap == NULL)
363 		log_err(1, "calloc");
364 	ap->ap_auth_group = ag;
365 	ap->ap_initator_portal = checked_strdup(portal);
366 	mask = str = checked_strdup(portal);
367 	net = strsep(&mask, "/");
368 	if (net[0] == '[')
369 		net++;
370 	len = strlen(net);
371 	if (len == 0)
372 		goto error;
373 	if (net[len - 1] == ']')
374 		net[len - 1] = 0;
375 	if (strchr(net, ':') != NULL) {
376 		struct sockaddr_in6 *sin6 =
377 		    (struct sockaddr_in6 *)&ap->ap_sa;
378 
379 		sin6->sin6_len = sizeof(*sin6);
380 		sin6->sin6_family = AF_INET6;
381 		if (inet_pton(AF_INET6, net, &sin6->sin6_addr) <= 0)
382 			goto error;
383 		dm = 128;
384 	} else {
385 		struct sockaddr_in *sin =
386 		    (struct sockaddr_in *)&ap->ap_sa;
387 
388 		sin->sin_len = sizeof(*sin);
389 		sin->sin_family = AF_INET;
390 		if (inet_pton(AF_INET, net, &sin->sin_addr) <= 0)
391 			goto error;
392 		dm = 32;
393 	}
394 	if (mask != NULL) {
395 		m = strtol(mask, &tmp, 0);
396 		if (m < 0 || m > dm || tmp[0] != 0)
397 			goto error;
398 	} else
399 		m = dm;
400 	ap->ap_mask = m;
401 	free(str);
402 	TAILQ_INSERT_TAIL(&ag->ag_portals, ap, ap_next);
403 	return (ap);
404 
405 error:
406 	free(str);
407 	free(ap);
408 	log_warnx("incorrect initiator portal \"%s\"", portal);
409 	return (NULL);
410 }
411 
412 static void
413 auth_portal_delete(struct auth_portal *ap)
414 {
415 	TAILQ_REMOVE(&ap->ap_auth_group->ag_portals, ap, ap_next);
416 
417 	free(ap->ap_initator_portal);
418 	free(ap);
419 }
420 
421 bool
422 auth_portal_defined(const struct auth_group *ag)
423 {
424 	if (TAILQ_EMPTY(&ag->ag_portals))
425 		return (false);
426 	return (true);
427 }
428 
429 const struct auth_portal *
430 auth_portal_find(const struct auth_group *ag, const struct sockaddr_storage *ss)
431 {
432 	const struct auth_portal *ap;
433 	const uint8_t *a, *b;
434 	int i;
435 	uint8_t bmask;
436 
437 	TAILQ_FOREACH(ap, &ag->ag_portals, ap_next) {
438 		if (ap->ap_sa.ss_family != ss->ss_family)
439 			continue;
440 		if (ss->ss_family == AF_INET) {
441 			a = (const uint8_t *)
442 			    &((const struct sockaddr_in *)ss)->sin_addr;
443 			b = (const uint8_t *)
444 			    &((const struct sockaddr_in *)&ap->ap_sa)->sin_addr;
445 		} else {
446 			a = (const uint8_t *)
447 			    &((const struct sockaddr_in6 *)ss)->sin6_addr;
448 			b = (const uint8_t *)
449 			    &((const struct sockaddr_in6 *)&ap->ap_sa)->sin6_addr;
450 		}
451 		for (i = 0; i < ap->ap_mask / 8; i++) {
452 			if (a[i] != b[i])
453 				goto next;
454 		}
455 		if (ap->ap_mask % 8) {
456 			bmask = 0xff << (8 - (ap->ap_mask % 8));
457 			if ((a[i] & bmask) != (b[i] & bmask))
458 				goto next;
459 		}
460 		return (ap);
461 next:
462 		;
463 	}
464 
465 	return (NULL);
466 }
467 
468 int
469 auth_portal_check(const struct auth_group *ag, const struct sockaddr_storage *sa)
470 {
471 
472 	if (!auth_portal_defined(ag))
473 		return (0);
474 
475 	if (auth_portal_find(ag, sa) == NULL)
476 		return (1);
477 
478 	return (0);
479 }
480 
481 struct auth_group *
482 auth_group_new(struct conf *conf, const char *name)
483 {
484 	struct auth_group *ag;
485 
486 	if (name != NULL) {
487 		ag = auth_group_find(conf, name);
488 		if (ag != NULL) {
489 			log_warnx("duplicated auth-group \"%s\"", name);
490 			return (NULL);
491 		}
492 	}
493 
494 	ag = calloc(1, sizeof(*ag));
495 	if (ag == NULL)
496 		log_err(1, "calloc");
497 	if (name != NULL)
498 		ag->ag_name = checked_strdup(name);
499 	TAILQ_INIT(&ag->ag_auths);
500 	TAILQ_INIT(&ag->ag_names);
501 	TAILQ_INIT(&ag->ag_portals);
502 	ag->ag_conf = conf;
503 	TAILQ_INSERT_TAIL(&conf->conf_auth_groups, ag, ag_next);
504 
505 	return (ag);
506 }
507 
508 void
509 auth_group_delete(struct auth_group *ag)
510 {
511 	struct auth *auth, *auth_tmp;
512 	struct auth_name *auth_name, *auth_name_tmp;
513 	struct auth_portal *auth_portal, *auth_portal_tmp;
514 
515 	TAILQ_REMOVE(&ag->ag_conf->conf_auth_groups, ag, ag_next);
516 
517 	TAILQ_FOREACH_SAFE(auth, &ag->ag_auths, a_next, auth_tmp)
518 		auth_delete(auth);
519 	TAILQ_FOREACH_SAFE(auth_name, &ag->ag_names, an_next, auth_name_tmp)
520 		auth_name_delete(auth_name);
521 	TAILQ_FOREACH_SAFE(auth_portal, &ag->ag_portals, ap_next,
522 	    auth_portal_tmp)
523 		auth_portal_delete(auth_portal);
524 	free(ag->ag_name);
525 	free(ag);
526 }
527 
528 struct auth_group *
529 auth_group_find(const struct conf *conf, const char *name)
530 {
531 	struct auth_group *ag;
532 
533 	TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
534 		if (ag->ag_name != NULL && strcmp(ag->ag_name, name) == 0)
535 			return (ag);
536 	}
537 
538 	return (NULL);
539 }
540 
541 int
542 auth_group_set_type(struct auth_group *ag, const char *str)
543 {
544 	int type;
545 
546 	if (strcmp(str, "none") == 0) {
547 		type = AG_TYPE_NO_AUTHENTICATION;
548 	} else if (strcmp(str, "deny") == 0) {
549 		type = AG_TYPE_DENY;
550 	} else if (strcmp(str, "chap") == 0) {
551 		type = AG_TYPE_CHAP;
552 	} else if (strcmp(str, "chap-mutual") == 0) {
553 		type = AG_TYPE_CHAP_MUTUAL;
554 	} else {
555 		if (ag->ag_name != NULL)
556 			log_warnx("invalid auth-type \"%s\" for auth-group "
557 			    "\"%s\"", str, ag->ag_name);
558 		else
559 			log_warnx("invalid auth-type \"%s\" for target "
560 			    "\"%s\"", str, ag->ag_target->t_name);
561 		return (1);
562 	}
563 
564 	if (ag->ag_type != AG_TYPE_UNKNOWN && ag->ag_type != type) {
565 		if (ag->ag_name != NULL) {
566 			log_warnx("cannot set auth-type to \"%s\" for "
567 			    "auth-group \"%s\"; already has a different "
568 			    "type", str, ag->ag_name);
569 		} else {
570 			log_warnx("cannot set auth-type to \"%s\" for target "
571 			    "\"%s\"; already has a different type",
572 			    str, ag->ag_target->t_name);
573 		}
574 		return (1);
575 	}
576 
577 	ag->ag_type = type;
578 
579 	return (0);
580 }
581 
582 static struct portal *
583 portal_new(struct portal_group *pg)
584 {
585 	struct portal *portal;
586 
587 	portal = calloc(1, sizeof(*portal));
588 	if (portal == NULL)
589 		log_err(1, "calloc");
590 	TAILQ_INIT(&portal->p_targets);
591 	portal->p_portal_group = pg;
592 	TAILQ_INSERT_TAIL(&pg->pg_portals, portal, p_next);
593 	return (portal);
594 }
595 
596 static void
597 portal_delete(struct portal *portal)
598 {
599 
600 	TAILQ_REMOVE(&portal->p_portal_group->pg_portals, portal, p_next);
601 	if (portal->p_ai != NULL)
602 		freeaddrinfo(portal->p_ai);
603 	free(portal->p_listen);
604 	free(portal);
605 }
606 
607 struct portal_group *
608 portal_group_new(struct conf *conf, const char *name)
609 {
610 	struct portal_group *pg;
611 
612 	pg = portal_group_find(conf, name);
613 	if (pg != NULL) {
614 		log_warnx("duplicated portal-group \"%s\"", name);
615 		return (NULL);
616 	}
617 
618 	pg = calloc(1, sizeof(*pg));
619 	if (pg == NULL)
620 		log_err(1, "calloc");
621 	pg->pg_name = checked_strdup(name);
622 	TAILQ_INIT(&pg->pg_options);
623 	TAILQ_INIT(&pg->pg_portals);
624 	TAILQ_INIT(&pg->pg_ports);
625 	pg->pg_conf = conf;
626 	pg->pg_tag = 0;		/* Assigned later in conf_apply(). */
627 	pg->pg_dscp = -1;
628 	pg->pg_pcp = -1;
629 	TAILQ_INSERT_TAIL(&conf->conf_portal_groups, pg, pg_next);
630 
631 	return (pg);
632 }
633 
634 void
635 portal_group_delete(struct portal_group *pg)
636 {
637 	struct portal *portal, *tmp;
638 	struct port *port, *tport;
639 	struct option *o, *otmp;
640 
641 	TAILQ_FOREACH_SAFE(port, &pg->pg_ports, p_pgs, tport)
642 		port_delete(port);
643 	TAILQ_REMOVE(&pg->pg_conf->conf_portal_groups, pg, pg_next);
644 
645 	TAILQ_FOREACH_SAFE(portal, &pg->pg_portals, p_next, tmp)
646 		portal_delete(portal);
647 	TAILQ_FOREACH_SAFE(o, &pg->pg_options, o_next, otmp)
648 		option_delete(&pg->pg_options, o);
649 	free(pg->pg_name);
650 	free(pg->pg_offload);
651 	free(pg->pg_redirection);
652 	free(pg);
653 }
654 
655 struct portal_group *
656 portal_group_find(const struct conf *conf, const char *name)
657 {
658 	struct portal_group *pg;
659 
660 	TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
661 		if (strcmp(pg->pg_name, name) == 0)
662 			return (pg);
663 	}
664 
665 	return (NULL);
666 }
667 
668 static int
669 parse_addr_port(char *arg, const char *def_port, struct addrinfo **ai)
670 {
671 	struct addrinfo hints;
672 	char *str, *addr, *ch;
673 	const char *port;
674 	int error, colons = 0;
675 
676 	str = arg = strdup(arg);
677 	if (arg[0] == '[') {
678 		/*
679 		 * IPv6 address in square brackets, perhaps with port.
680 		 */
681 		arg++;
682 		addr = strsep(&arg, "]");
683 		if (arg == NULL) {
684 			free(str);
685 			return (1);
686 		}
687 		if (arg[0] == '\0') {
688 			port = def_port;
689 		} else if (arg[0] == ':') {
690 			port = arg + 1;
691 		} else {
692 			free(str);
693 			return (1);
694 		}
695 	} else {
696 		/*
697 		 * Either IPv6 address without brackets - and without
698 		 * a port - or IPv4 address.  Just count the colons.
699 		 */
700 		for (ch = arg; *ch != '\0'; ch++) {
701 			if (*ch == ':')
702 				colons++;
703 		}
704 		if (colons > 1) {
705 			addr = arg;
706 			port = def_port;
707 		} else {
708 			addr = strsep(&arg, ":");
709 			if (arg == NULL)
710 				port = def_port;
711 			else
712 				port = arg;
713 		}
714 	}
715 
716 	memset(&hints, 0, sizeof(hints));
717 	hints.ai_family = PF_UNSPEC;
718 	hints.ai_socktype = SOCK_STREAM;
719 	hints.ai_flags = AI_PASSIVE;
720 	error = getaddrinfo(addr, port, &hints, ai);
721 	free(str);
722 	return ((error != 0) ? 1 : 0);
723 }
724 
725 int
726 portal_group_add_listen(struct portal_group *pg, const char *value, bool iser)
727 {
728 	struct portal *portal;
729 
730 	portal = portal_new(pg);
731 	portal->p_listen = checked_strdup(value);
732 	portal->p_iser = iser;
733 
734 	if (parse_addr_port(portal->p_listen, "3260", &portal->p_ai)) {
735 		log_warnx("invalid listen address %s", portal->p_listen);
736 		portal_delete(portal);
737 		return (1);
738 	}
739 
740 	/*
741 	 * XXX: getaddrinfo(3) may return multiple addresses; we should turn
742 	 *	those into multiple portals.
743 	 */
744 
745 	return (0);
746 }
747 
748 int
749 isns_new(struct conf *conf, const char *addr)
750 {
751 	struct isns *isns;
752 
753 	isns = calloc(1, sizeof(*isns));
754 	if (isns == NULL)
755 		log_err(1, "calloc");
756 	isns->i_conf = conf;
757 	TAILQ_INSERT_TAIL(&conf->conf_isns, isns, i_next);
758 	isns->i_addr = checked_strdup(addr);
759 
760 	if (parse_addr_port(isns->i_addr, "3205", &isns->i_ai)) {
761 		log_warnx("invalid iSNS address %s", isns->i_addr);
762 		isns_delete(isns);
763 		return (1);
764 	}
765 
766 	/*
767 	 * XXX: getaddrinfo(3) may return multiple addresses; we should turn
768 	 *	those into multiple servers.
769 	 */
770 
771 	return (0);
772 }
773 
774 void
775 isns_delete(struct isns *isns)
776 {
777 
778 	TAILQ_REMOVE(&isns->i_conf->conf_isns, isns, i_next);
779 	free(isns->i_addr);
780 	if (isns->i_ai != NULL)
781 		freeaddrinfo(isns->i_ai);
782 	free(isns);
783 }
784 
785 static int
786 isns_do_connect(struct isns *isns)
787 {
788 	int s;
789 
790 	s = socket(isns->i_ai->ai_family, isns->i_ai->ai_socktype,
791 	    isns->i_ai->ai_protocol);
792 	if (s < 0) {
793 		log_warn("socket(2) failed for %s", isns->i_addr);
794 		return (-1);
795 	}
796 	if (connect(s, isns->i_ai->ai_addr, isns->i_ai->ai_addrlen)) {
797 		log_warn("connect(2) failed for %s", isns->i_addr);
798 		close(s);
799 		return (-1);
800 	}
801 	return(s);
802 }
803 
804 static int
805 isns_do_register(struct isns *isns, int s, const char *hostname)
806 {
807 	struct conf *conf = isns->i_conf;
808 	struct target *target;
809 	struct portal *portal;
810 	struct portal_group *pg;
811 	struct port *port;
812 	struct isns_req *req;
813 	int res = 0;
814 	uint32_t error;
815 
816 	req = isns_req_create(ISNS_FUNC_DEVATTRREG, ISNS_FLAG_CLIENT);
817 	isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name);
818 	isns_req_add_delim(req);
819 	isns_req_add_str(req, 1, hostname);
820 	isns_req_add_32(req, 2, 2); /* 2 -- iSCSI */
821 	isns_req_add_32(req, 6, conf->conf_isns_period);
822 	TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
823 		if (pg->pg_unassigned)
824 			continue;
825 		TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
826 			isns_req_add_addr(req, 16, portal->p_ai);
827 			isns_req_add_port(req, 17, portal->p_ai);
828 		}
829 	}
830 	TAILQ_FOREACH(target, &conf->conf_targets, t_next) {
831 		isns_req_add_str(req, 32, target->t_name);
832 		isns_req_add_32(req, 33, 1); /* 1 -- Target*/
833 		if (target->t_alias != NULL)
834 			isns_req_add_str(req, 34, target->t_alias);
835 		TAILQ_FOREACH(port, &target->t_ports, p_ts) {
836 			if ((pg = port->p_portal_group) == NULL)
837 				continue;
838 			isns_req_add_32(req, 51, pg->pg_tag);
839 			TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
840 				isns_req_add_addr(req, 49, portal->p_ai);
841 				isns_req_add_port(req, 50, portal->p_ai);
842 			}
843 		}
844 	}
845 	res = isns_req_send(s, req);
846 	if (res < 0) {
847 		log_warn("send(2) failed for %s", isns->i_addr);
848 		goto quit;
849 	}
850 	res = isns_req_receive(s, req);
851 	if (res < 0) {
852 		log_warn("receive(2) failed for %s", isns->i_addr);
853 		goto quit;
854 	}
855 	error = isns_req_get_status(req);
856 	if (error != 0) {
857 		log_warnx("iSNS register error %d for %s", error, isns->i_addr);
858 		res = -1;
859 	}
860 quit:
861 	isns_req_free(req);
862 	return (res);
863 }
864 
865 static int
866 isns_do_check(struct isns *isns, int s, const char *hostname)
867 {
868 	struct conf *conf = isns->i_conf;
869 	struct isns_req *req;
870 	int res = 0;
871 	uint32_t error;
872 
873 	req = isns_req_create(ISNS_FUNC_DEVATTRQRY, ISNS_FLAG_CLIENT);
874 	isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name);
875 	isns_req_add_str(req, 1, hostname);
876 	isns_req_add_delim(req);
877 	isns_req_add(req, 2, 0, NULL);
878 	res = isns_req_send(s, req);
879 	if (res < 0) {
880 		log_warn("send(2) failed for %s", isns->i_addr);
881 		goto quit;
882 	}
883 	res = isns_req_receive(s, req);
884 	if (res < 0) {
885 		log_warn("receive(2) failed for %s", isns->i_addr);
886 		goto quit;
887 	}
888 	error = isns_req_get_status(req);
889 	if (error != 0) {
890 		log_warnx("iSNS check error %d for %s", error, isns->i_addr);
891 		res = -1;
892 	}
893 quit:
894 	isns_req_free(req);
895 	return (res);
896 }
897 
898 static int
899 isns_do_deregister(struct isns *isns, int s, const char *hostname)
900 {
901 	struct conf *conf = isns->i_conf;
902 	struct isns_req *req;
903 	int res = 0;
904 	uint32_t error;
905 
906 	req = isns_req_create(ISNS_FUNC_DEVDEREG, ISNS_FLAG_CLIENT);
907 	isns_req_add_str(req, 32, TAILQ_FIRST(&conf->conf_targets)->t_name);
908 	isns_req_add_delim(req);
909 	isns_req_add_str(req, 1, hostname);
910 	res = isns_req_send(s, req);
911 	if (res < 0) {
912 		log_warn("send(2) failed for %s", isns->i_addr);
913 		goto quit;
914 	}
915 	res = isns_req_receive(s, req);
916 	if (res < 0) {
917 		log_warn("receive(2) failed for %s", isns->i_addr);
918 		goto quit;
919 	}
920 	error = isns_req_get_status(req);
921 	if (error != 0) {
922 		log_warnx("iSNS deregister error %d for %s", error, isns->i_addr);
923 		res = -1;
924 	}
925 quit:
926 	isns_req_free(req);
927 	return (res);
928 }
929 
930 void
931 isns_register(struct isns *isns, struct isns *oldisns)
932 {
933 	struct conf *conf = isns->i_conf;
934 	int error, s;
935 	char hostname[256];
936 
937 	if (TAILQ_EMPTY(&conf->conf_targets) ||
938 	    TAILQ_EMPTY(&conf->conf_portal_groups))
939 		return;
940 	set_timeout(conf->conf_isns_timeout, false);
941 	s = isns_do_connect(isns);
942 	if (s < 0) {
943 		set_timeout(0, false);
944 		return;
945 	}
946 	error = gethostname(hostname, sizeof(hostname));
947 	if (error != 0)
948 		log_err(1, "gethostname");
949 
950 	if (oldisns == NULL || TAILQ_EMPTY(&oldisns->i_conf->conf_targets))
951 		oldisns = isns;
952 	isns_do_deregister(oldisns, s, hostname);
953 	isns_do_register(isns, s, hostname);
954 	close(s);
955 	set_timeout(0, false);
956 }
957 
958 void
959 isns_check(struct isns *isns)
960 {
961 	struct conf *conf = isns->i_conf;
962 	int error, s, res;
963 	char hostname[256];
964 
965 	if (TAILQ_EMPTY(&conf->conf_targets) ||
966 	    TAILQ_EMPTY(&conf->conf_portal_groups))
967 		return;
968 	set_timeout(conf->conf_isns_timeout, false);
969 	s = isns_do_connect(isns);
970 	if (s < 0) {
971 		set_timeout(0, false);
972 		return;
973 	}
974 	error = gethostname(hostname, sizeof(hostname));
975 	if (error != 0)
976 		log_err(1, "gethostname");
977 
978 	res = isns_do_check(isns, s, hostname);
979 	if (res < 0) {
980 		isns_do_deregister(isns, s, hostname);
981 		isns_do_register(isns, s, hostname);
982 	}
983 	close(s);
984 	set_timeout(0, false);
985 }
986 
987 void
988 isns_deregister(struct isns *isns)
989 {
990 	struct conf *conf = isns->i_conf;
991 	int error, s;
992 	char hostname[256];
993 
994 	if (TAILQ_EMPTY(&conf->conf_targets) ||
995 	    TAILQ_EMPTY(&conf->conf_portal_groups))
996 		return;
997 	set_timeout(conf->conf_isns_timeout, false);
998 	s = isns_do_connect(isns);
999 	if (s < 0)
1000 		return;
1001 	error = gethostname(hostname, sizeof(hostname));
1002 	if (error != 0)
1003 		log_err(1, "gethostname");
1004 
1005 	isns_do_deregister(isns, s, hostname);
1006 	close(s);
1007 	set_timeout(0, false);
1008 }
1009 
1010 int
1011 portal_group_set_filter(struct portal_group *pg, const char *str)
1012 {
1013 	int filter;
1014 
1015 	if (strcmp(str, "none") == 0) {
1016 		filter = PG_FILTER_NONE;
1017 	} else if (strcmp(str, "portal") == 0) {
1018 		filter = PG_FILTER_PORTAL;
1019 	} else if (strcmp(str, "portal-name") == 0) {
1020 		filter = PG_FILTER_PORTAL_NAME;
1021 	} else if (strcmp(str, "portal-name-auth") == 0) {
1022 		filter = PG_FILTER_PORTAL_NAME_AUTH;
1023 	} else {
1024 		log_warnx("invalid discovery-filter \"%s\" for portal-group "
1025 		    "\"%s\"; valid values are \"none\", \"portal\", "
1026 		    "\"portal-name\", and \"portal-name-auth\"",
1027 		    str, pg->pg_name);
1028 		return (1);
1029 	}
1030 
1031 	if (pg->pg_discovery_filter != PG_FILTER_UNKNOWN &&
1032 	    pg->pg_discovery_filter != filter) {
1033 		log_warnx("cannot set discovery-filter to \"%s\" for "
1034 		    "portal-group \"%s\"; already has a different "
1035 		    "value", str, pg->pg_name);
1036 		return (1);
1037 	}
1038 
1039 	pg->pg_discovery_filter = filter;
1040 
1041 	return (0);
1042 }
1043 
1044 int
1045 portal_group_set_offload(struct portal_group *pg, const char *offload)
1046 {
1047 
1048 	if (pg->pg_offload != NULL) {
1049 		log_warnx("cannot set offload to \"%s\" for "
1050 		    "portal-group \"%s\"; already defined",
1051 		    offload, pg->pg_name);
1052 		return (1);
1053 	}
1054 
1055 	pg->pg_offload = checked_strdup(offload);
1056 
1057 	return (0);
1058 }
1059 
1060 int
1061 portal_group_set_redirection(struct portal_group *pg, const char *addr)
1062 {
1063 
1064 	if (pg->pg_redirection != NULL) {
1065 		log_warnx("cannot set redirection to \"%s\" for "
1066 		    "portal-group \"%s\"; already defined",
1067 		    addr, pg->pg_name);
1068 		return (1);
1069 	}
1070 
1071 	pg->pg_redirection = checked_strdup(addr);
1072 
1073 	return (0);
1074 }
1075 
1076 static bool
1077 valid_hex(const char ch)
1078 {
1079 	switch (ch) {
1080 	case '0':
1081 	case '1':
1082 	case '2':
1083 	case '3':
1084 	case '4':
1085 	case '5':
1086 	case '6':
1087 	case '7':
1088 	case '8':
1089 	case '9':
1090 	case 'a':
1091 	case 'A':
1092 	case 'b':
1093 	case 'B':
1094 	case 'c':
1095 	case 'C':
1096 	case 'd':
1097 	case 'D':
1098 	case 'e':
1099 	case 'E':
1100 	case 'f':
1101 	case 'F':
1102 		return (true);
1103 	default:
1104 		return (false);
1105 	}
1106 }
1107 
1108 bool
1109 valid_iscsi_name(const char *name)
1110 {
1111 	int i;
1112 
1113 	if (strlen(name) >= MAX_NAME_LEN) {
1114 		log_warnx("overlong name for target \"%s\"; max length allowed "
1115 		    "by iSCSI specification is %d characters",
1116 		    name, MAX_NAME_LEN);
1117 		return (false);
1118 	}
1119 
1120 	/*
1121 	 * In the cases below, we don't return an error, just in case the admin
1122 	 * was right, and we're wrong.
1123 	 */
1124 	if (strncasecmp(name, "iqn.", strlen("iqn.")) == 0) {
1125 		for (i = strlen("iqn."); name[i] != '\0'; i++) {
1126 			/*
1127 			 * XXX: We should verify UTF-8 normalisation, as defined
1128 			 *      by 3.2.6.2: iSCSI Name Encoding.
1129 			 */
1130 			if (isalnum(name[i]))
1131 				continue;
1132 			if (name[i] == '-' || name[i] == '.' || name[i] == ':')
1133 				continue;
1134 			log_warnx("invalid character \"%c\" in target name "
1135 			    "\"%s\"; allowed characters are letters, digits, "
1136 			    "'-', '.', and ':'", name[i], name);
1137 			break;
1138 		}
1139 		/*
1140 		 * XXX: Check more stuff: valid date and a valid reversed domain.
1141 		 */
1142 	} else if (strncasecmp(name, "eui.", strlen("eui.")) == 0) {
1143 		if (strlen(name) != strlen("eui.") + 16)
1144 			log_warnx("invalid target name \"%s\"; the \"eui.\" "
1145 			    "should be followed by exactly 16 hexadecimal "
1146 			    "digits", name);
1147 		for (i = strlen("eui."); name[i] != '\0'; i++) {
1148 			if (!valid_hex(name[i])) {
1149 				log_warnx("invalid character \"%c\" in target "
1150 				    "name \"%s\"; allowed characters are 1-9 "
1151 				    "and A-F", name[i], name);
1152 				break;
1153 			}
1154 		}
1155 	} else if (strncasecmp(name, "naa.", strlen("naa.")) == 0) {
1156 		if (strlen(name) > strlen("naa.") + 32)
1157 			log_warnx("invalid target name \"%s\"; the \"naa.\" "
1158 			    "should be followed by at most 32 hexadecimal "
1159 			    "digits", name);
1160 		for (i = strlen("naa."); name[i] != '\0'; i++) {
1161 			if (!valid_hex(name[i])) {
1162 				log_warnx("invalid character \"%c\" in target "
1163 				    "name \"%s\"; allowed characters are 1-9 "
1164 				    "and A-F", name[i], name);
1165 				break;
1166 			}
1167 		}
1168 	} else {
1169 		log_warnx("invalid target name \"%s\"; should start with "
1170 		    "either \"iqn.\", \"eui.\", or \"naa.\"",
1171 		    name);
1172 	}
1173 	return (true);
1174 }
1175 
1176 struct pport *
1177 pport_new(struct conf *conf, const char *name, uint32_t ctl_port)
1178 {
1179 	struct pport *pp;
1180 
1181 	pp = calloc(1, sizeof(*pp));
1182 	if (pp == NULL)
1183 		log_err(1, "calloc");
1184 	pp->pp_conf = conf;
1185 	pp->pp_name = checked_strdup(name);
1186 	pp->pp_ctl_port = ctl_port;
1187 	TAILQ_INIT(&pp->pp_ports);
1188 	TAILQ_INSERT_TAIL(&conf->conf_pports, pp, pp_next);
1189 	return (pp);
1190 }
1191 
1192 struct pport *
1193 pport_find(const struct conf *conf, const char *name)
1194 {
1195 	struct pport *pp;
1196 
1197 	TAILQ_FOREACH(pp, &conf->conf_pports, pp_next) {
1198 		if (strcasecmp(pp->pp_name, name) == 0)
1199 			return (pp);
1200 	}
1201 	return (NULL);
1202 }
1203 
1204 struct pport *
1205 pport_copy(struct pport *pp, struct conf *conf)
1206 {
1207 	struct pport *ppnew;
1208 
1209 	ppnew = pport_new(conf, pp->pp_name, pp->pp_ctl_port);
1210 	return (ppnew);
1211 }
1212 
1213 void
1214 pport_delete(struct pport *pp)
1215 {
1216 	struct port *port, *tport;
1217 
1218 	TAILQ_FOREACH_SAFE(port, &pp->pp_ports, p_ts, tport)
1219 		port_delete(port);
1220 	TAILQ_REMOVE(&pp->pp_conf->conf_pports, pp, pp_next);
1221 	free(pp->pp_name);
1222 	free(pp);
1223 }
1224 
1225 struct port *
1226 port_new(struct conf *conf, struct target *target, struct portal_group *pg)
1227 {
1228 	struct port *port;
1229 	char *name;
1230 	int ret;
1231 
1232 	ret = asprintf(&name, "%s-%s", pg->pg_name, target->t_name);
1233 	if (ret <= 0)
1234 		log_err(1, "asprintf");
1235 	if (port_find(conf, name) != NULL) {
1236 		log_warnx("duplicate port \"%s\"", name);
1237 		free(name);
1238 		return (NULL);
1239 	}
1240 	port = calloc(1, sizeof(*port));
1241 	if (port == NULL)
1242 		log_err(1, "calloc");
1243 	port->p_conf = conf;
1244 	port->p_name = name;
1245 	port->p_ioctl_port = 0;
1246 	TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next);
1247 	TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts);
1248 	port->p_target = target;
1249 	TAILQ_INSERT_TAIL(&pg->pg_ports, port, p_pgs);
1250 	port->p_portal_group = pg;
1251 	return (port);
1252 }
1253 
1254 struct port *
1255 port_new_ioctl(struct conf *conf, struct target *target, int pp, int vp)
1256 {
1257 	struct pport *pport;
1258 	struct port *port;
1259 	char *pname;
1260 	char *name;
1261 	int ret;
1262 
1263 	ret = asprintf(&pname, "ioctl/%d/%d", pp, vp);
1264 	if (ret <= 0) {
1265 		log_err(1, "asprintf");
1266 		return (NULL);
1267 	}
1268 
1269 	pport = pport_find(conf, pname);
1270 	if (pport != NULL) {
1271 		free(pname);
1272 		return (port_new_pp(conf, target, pport));
1273 	}
1274 
1275 	ret = asprintf(&name, "%s-%s", pname, target->t_name);
1276 	free(pname);
1277 
1278 	if (ret <= 0)
1279 		log_err(1, "asprintf");
1280 	if (port_find(conf, name) != NULL) {
1281 		log_warnx("duplicate port \"%s\"", name);
1282 		free(name);
1283 		return (NULL);
1284 	}
1285 	port = calloc(1, sizeof(*port));
1286 	if (port == NULL)
1287 		log_err(1, "calloc");
1288 	port->p_conf = conf;
1289 	port->p_name = name;
1290 	port->p_ioctl_port = 1;
1291 	port->p_ioctl_pp = pp;
1292 	port->p_ioctl_vp = vp;
1293 	TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next);
1294 	TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts);
1295 	port->p_target = target;
1296 	return (port);
1297 }
1298 
1299 struct port *
1300 port_new_pp(struct conf *conf, struct target *target, struct pport *pp)
1301 {
1302 	struct port *port;
1303 	char *name;
1304 	int ret;
1305 
1306 	ret = asprintf(&name, "%s-%s", pp->pp_name, target->t_name);
1307 	if (ret <= 0)
1308 		log_err(1, "asprintf");
1309 	if (port_find(conf, name) != NULL) {
1310 		log_warnx("duplicate port \"%s\"", name);
1311 		free(name);
1312 		return (NULL);
1313 	}
1314 	port = calloc(1, sizeof(*port));
1315 	if (port == NULL)
1316 		log_err(1, "calloc");
1317 	port->p_conf = conf;
1318 	port->p_name = name;
1319 	TAILQ_INSERT_TAIL(&conf->conf_ports, port, p_next);
1320 	TAILQ_INSERT_TAIL(&target->t_ports, port, p_ts);
1321 	port->p_target = target;
1322 	TAILQ_INSERT_TAIL(&pp->pp_ports, port, p_pps);
1323 	port->p_pport = pp;
1324 	return (port);
1325 }
1326 
1327 struct port *
1328 port_find(const struct conf *conf, const char *name)
1329 {
1330 	struct port *port;
1331 
1332 	TAILQ_FOREACH(port, &conf->conf_ports, p_next) {
1333 		if (strcasecmp(port->p_name, name) == 0)
1334 			return (port);
1335 	}
1336 
1337 	return (NULL);
1338 }
1339 
1340 struct port *
1341 port_find_in_pg(const struct portal_group *pg, const char *target)
1342 {
1343 	struct port *port;
1344 
1345 	TAILQ_FOREACH(port, &pg->pg_ports, p_pgs) {
1346 		if (strcasecmp(port->p_target->t_name, target) == 0)
1347 			return (port);
1348 	}
1349 
1350 	return (NULL);
1351 }
1352 
1353 void
1354 port_delete(struct port *port)
1355 {
1356 
1357 	if (port->p_portal_group)
1358 		TAILQ_REMOVE(&port->p_portal_group->pg_ports, port, p_pgs);
1359 	if (port->p_pport)
1360 		TAILQ_REMOVE(&port->p_pport->pp_ports, port, p_pps);
1361 	if (port->p_target)
1362 		TAILQ_REMOVE(&port->p_target->t_ports, port, p_ts);
1363 	TAILQ_REMOVE(&port->p_conf->conf_ports, port, p_next);
1364 	free(port->p_name);
1365 	free(port);
1366 }
1367 
1368 int
1369 port_is_dummy(struct port *port)
1370 {
1371 
1372 	if (port->p_portal_group) {
1373 		if (port->p_portal_group->pg_foreign)
1374 			return (1);
1375 		if (TAILQ_EMPTY(&port->p_portal_group->pg_portals))
1376 			return (1);
1377 	}
1378 	return (0);
1379 }
1380 
1381 struct target *
1382 target_new(struct conf *conf, const char *name)
1383 {
1384 	struct target *targ;
1385 	int i, len;
1386 
1387 	targ = target_find(conf, name);
1388 	if (targ != NULL) {
1389 		log_warnx("duplicated target \"%s\"", name);
1390 		return (NULL);
1391 	}
1392 	if (valid_iscsi_name(name) == false) {
1393 		log_warnx("target name \"%s\" is invalid", name);
1394 		return (NULL);
1395 	}
1396 	targ = calloc(1, sizeof(*targ));
1397 	if (targ == NULL)
1398 		log_err(1, "calloc");
1399 	targ->t_name = checked_strdup(name);
1400 
1401 	/*
1402 	 * RFC 3722 requires us to normalize the name to lowercase.
1403 	 */
1404 	len = strlen(name);
1405 	for (i = 0; i < len; i++)
1406 		targ->t_name[i] = tolower(targ->t_name[i]);
1407 
1408 	targ->t_conf = conf;
1409 	TAILQ_INIT(&targ->t_ports);
1410 	TAILQ_INSERT_TAIL(&conf->conf_targets, targ, t_next);
1411 
1412 	return (targ);
1413 }
1414 
1415 void
1416 target_delete(struct target *targ)
1417 {
1418 	struct port *port, *tport;
1419 
1420 	TAILQ_FOREACH_SAFE(port, &targ->t_ports, p_ts, tport)
1421 		port_delete(port);
1422 	TAILQ_REMOVE(&targ->t_conf->conf_targets, targ, t_next);
1423 
1424 	free(targ->t_name);
1425 	free(targ->t_redirection);
1426 	free(targ);
1427 }
1428 
1429 struct target *
1430 target_find(struct conf *conf, const char *name)
1431 {
1432 	struct target *targ;
1433 
1434 	TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1435 		if (strcasecmp(targ->t_name, name) == 0)
1436 			return (targ);
1437 	}
1438 
1439 	return (NULL);
1440 }
1441 
1442 int
1443 target_set_redirection(struct target *target, const char *addr)
1444 {
1445 
1446 	if (target->t_redirection != NULL) {
1447 		log_warnx("cannot set redirection to \"%s\" for "
1448 		    "target \"%s\"; already defined",
1449 		    addr, target->t_name);
1450 		return (1);
1451 	}
1452 
1453 	target->t_redirection = checked_strdup(addr);
1454 
1455 	return (0);
1456 }
1457 
1458 struct lun *
1459 lun_new(struct conf *conf, const char *name)
1460 {
1461 	struct lun *lun;
1462 
1463 	lun = lun_find(conf, name);
1464 	if (lun != NULL) {
1465 		log_warnx("duplicated lun \"%s\"", name);
1466 		return (NULL);
1467 	}
1468 
1469 	lun = calloc(1, sizeof(*lun));
1470 	if (lun == NULL)
1471 		log_err(1, "calloc");
1472 	lun->l_conf = conf;
1473 	lun->l_name = checked_strdup(name);
1474 	TAILQ_INIT(&lun->l_options);
1475 	TAILQ_INSERT_TAIL(&conf->conf_luns, lun, l_next);
1476 	lun->l_ctl_lun = -1;
1477 
1478 	return (lun);
1479 }
1480 
1481 void
1482 lun_delete(struct lun *lun)
1483 {
1484 	struct target *targ;
1485 	struct option *o, *tmp;
1486 	int i;
1487 
1488 	TAILQ_FOREACH(targ, &lun->l_conf->conf_targets, t_next) {
1489 		for (i = 0; i < MAX_LUNS; i++) {
1490 			if (targ->t_luns[i] == lun)
1491 				targ->t_luns[i] = NULL;
1492 		}
1493 	}
1494 	TAILQ_REMOVE(&lun->l_conf->conf_luns, lun, l_next);
1495 
1496 	TAILQ_FOREACH_SAFE(o, &lun->l_options, o_next, tmp)
1497 		option_delete(&lun->l_options, o);
1498 	free(lun->l_name);
1499 	free(lun->l_backend);
1500 	free(lun->l_device_id);
1501 	free(lun->l_path);
1502 	free(lun->l_scsiname);
1503 	free(lun->l_serial);
1504 	free(lun);
1505 }
1506 
1507 struct lun *
1508 lun_find(const struct conf *conf, const char *name)
1509 {
1510 	struct lun *lun;
1511 
1512 	TAILQ_FOREACH(lun, &conf->conf_luns, l_next) {
1513 		if (strcmp(lun->l_name, name) == 0)
1514 			return (lun);
1515 	}
1516 
1517 	return (NULL);
1518 }
1519 
1520 void
1521 lun_set_backend(struct lun *lun, const char *value)
1522 {
1523 	free(lun->l_backend);
1524 	lun->l_backend = checked_strdup(value);
1525 }
1526 
1527 void
1528 lun_set_blocksize(struct lun *lun, size_t value)
1529 {
1530 
1531 	lun->l_blocksize = value;
1532 }
1533 
1534 void
1535 lun_set_device_type(struct lun *lun, uint8_t value)
1536 {
1537 
1538 	lun->l_device_type = value;
1539 }
1540 
1541 void
1542 lun_set_device_id(struct lun *lun, const char *value)
1543 {
1544 	free(lun->l_device_id);
1545 	lun->l_device_id = checked_strdup(value);
1546 }
1547 
1548 void
1549 lun_set_path(struct lun *lun, const char *value)
1550 {
1551 	free(lun->l_path);
1552 	lun->l_path = checked_strdup(value);
1553 }
1554 
1555 void
1556 lun_set_scsiname(struct lun *lun, const char *value)
1557 {
1558 	free(lun->l_scsiname);
1559 	lun->l_scsiname = checked_strdup(value);
1560 }
1561 
1562 void
1563 lun_set_serial(struct lun *lun, const char *value)
1564 {
1565 	free(lun->l_serial);
1566 	lun->l_serial = checked_strdup(value);
1567 }
1568 
1569 void
1570 lun_set_size(struct lun *lun, size_t value)
1571 {
1572 
1573 	lun->l_size = value;
1574 }
1575 
1576 void
1577 lun_set_ctl_lun(struct lun *lun, uint32_t value)
1578 {
1579 
1580 	lun->l_ctl_lun = value;
1581 }
1582 
1583 struct option *
1584 option_new(struct options *options, const char *name, const char *value)
1585 {
1586 	struct option *o;
1587 
1588 	o = option_find(options, name);
1589 	if (o != NULL) {
1590 		log_warnx("duplicated option \"%s\"", name);
1591 		return (NULL);
1592 	}
1593 
1594 	o = calloc(1, sizeof(*o));
1595 	if (o == NULL)
1596 		log_err(1, "calloc");
1597 	o->o_name = checked_strdup(name);
1598 	o->o_value = checked_strdup(value);
1599 	TAILQ_INSERT_TAIL(options, o, o_next);
1600 
1601 	return (o);
1602 }
1603 
1604 void
1605 option_delete(struct options *options, struct option *o)
1606 {
1607 
1608 	TAILQ_REMOVE(options, o, o_next);
1609 	free(o->o_name);
1610 	free(o->o_value);
1611 	free(o);
1612 }
1613 
1614 struct option *
1615 option_find(const struct options *options, const char *name)
1616 {
1617 	struct option *o;
1618 
1619 	TAILQ_FOREACH(o, options, o_next) {
1620 		if (strcmp(o->o_name, name) == 0)
1621 			return (o);
1622 	}
1623 
1624 	return (NULL);
1625 }
1626 
1627 void
1628 option_set(struct option *o, const char *value)
1629 {
1630 
1631 	free(o->o_value);
1632 	o->o_value = checked_strdup(value);
1633 }
1634 
1635 static struct connection *
1636 connection_new(struct portal *portal, int fd, const char *host,
1637     const struct sockaddr *client_sa)
1638 {
1639 	struct connection *conn;
1640 
1641 	conn = calloc(1, sizeof(*conn));
1642 	if (conn == NULL)
1643 		log_err(1, "calloc");
1644 	conn->conn_portal = portal;
1645 	conn->conn_socket = fd;
1646 	conn->conn_initiator_addr = checked_strdup(host);
1647 	memcpy(&conn->conn_initiator_sa, client_sa, client_sa->sa_len);
1648 
1649 	/*
1650 	 * Default values, from RFC 3720, section 12.
1651 	 */
1652 	conn->conn_max_recv_data_segment_length = 8192;
1653 	conn->conn_max_send_data_segment_length = 8192;
1654 	conn->conn_max_burst_length = 262144;
1655 	conn->conn_first_burst_length = 65536;
1656 	conn->conn_immediate_data = true;
1657 
1658 	return (conn);
1659 }
1660 
1661 #if 0
1662 static void
1663 conf_print(struct conf *conf)
1664 {
1665 	struct auth_group *ag;
1666 	struct auth *auth;
1667 	struct auth_name *auth_name;
1668 	struct auth_portal *auth_portal;
1669 	struct portal_group *pg;
1670 	struct portal *portal;
1671 	struct target *targ;
1672 	struct lun *lun;
1673 	struct option *o;
1674 
1675 	TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
1676 		fprintf(stderr, "auth-group %s {\n", ag->ag_name);
1677 		TAILQ_FOREACH(auth, &ag->ag_auths, a_next)
1678 			fprintf(stderr, "\t chap-mutual %s %s %s %s\n",
1679 			    auth->a_user, auth->a_secret,
1680 			    auth->a_mutual_user, auth->a_mutual_secret);
1681 		TAILQ_FOREACH(auth_name, &ag->ag_names, an_next)
1682 			fprintf(stderr, "\t initiator-name %s\n",
1683 			    auth_name->an_initator_name);
1684 		TAILQ_FOREACH(auth_portal, &ag->ag_portals, ap_next)
1685 			fprintf(stderr, "\t initiator-portal %s\n",
1686 			    auth_portal->ap_initator_portal);
1687 		fprintf(stderr, "}\n");
1688 	}
1689 	TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1690 		fprintf(stderr, "portal-group %s {\n", pg->pg_name);
1691 		TAILQ_FOREACH(portal, &pg->pg_portals, p_next)
1692 			fprintf(stderr, "\t listen %s\n", portal->p_listen);
1693 		fprintf(stderr, "}\n");
1694 	}
1695 	TAILQ_FOREACH(lun, &conf->conf_luns, l_next) {
1696 		fprintf(stderr, "\tlun %s {\n", lun->l_name);
1697 		fprintf(stderr, "\t\tpath %s\n", lun->l_path);
1698 		TAILQ_FOREACH(o, &lun->l_options, o_next)
1699 			fprintf(stderr, "\t\toption %s %s\n",
1700 			    o->o_name, o->o_value);
1701 		fprintf(stderr, "\t}\n");
1702 	}
1703 	TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1704 		fprintf(stderr, "target %s {\n", targ->t_name);
1705 		if (targ->t_alias != NULL)
1706 			fprintf(stderr, "\t alias %s\n", targ->t_alias);
1707 		fprintf(stderr, "}\n");
1708 	}
1709 }
1710 #endif
1711 
1712 static int
1713 conf_verify_lun(struct lun *lun)
1714 {
1715 	const struct lun *lun2;
1716 
1717 	if (lun->l_backend == NULL)
1718 		lun_set_backend(lun, "block");
1719 	if (strcmp(lun->l_backend, "block") == 0) {
1720 		if (lun->l_path == NULL) {
1721 			log_warnx("missing path for lun \"%s\"",
1722 			    lun->l_name);
1723 			return (1);
1724 		}
1725 	} else if (strcmp(lun->l_backend, "ramdisk") == 0) {
1726 		if (lun->l_size == 0) {
1727 			log_warnx("missing size for ramdisk-backed lun \"%s\"",
1728 			    lun->l_name);
1729 			return (1);
1730 		}
1731 		if (lun->l_path != NULL) {
1732 			log_warnx("path must not be specified "
1733 			    "for ramdisk-backed lun \"%s\"",
1734 			    lun->l_name);
1735 			return (1);
1736 		}
1737 	}
1738 	if (lun->l_blocksize == 0) {
1739 		if (lun->l_device_type == 5)
1740 			lun_set_blocksize(lun, DEFAULT_CD_BLOCKSIZE);
1741 		else
1742 			lun_set_blocksize(lun, DEFAULT_BLOCKSIZE);
1743 	} else if (lun->l_blocksize < 0) {
1744 		log_warnx("invalid blocksize for lun \"%s\"; "
1745 		    "must be larger than 0", lun->l_name);
1746 		return (1);
1747 	}
1748 	if (lun->l_size != 0 && lun->l_size % lun->l_blocksize != 0) {
1749 		log_warnx("invalid size for lun \"%s\"; "
1750 		    "must be multiple of blocksize", lun->l_name);
1751 		return (1);
1752 	}
1753 	TAILQ_FOREACH(lun2, &lun->l_conf->conf_luns, l_next) {
1754 		if (lun == lun2)
1755 			continue;
1756 		if (lun->l_path != NULL && lun2->l_path != NULL &&
1757 		    strcmp(lun->l_path, lun2->l_path) == 0) {
1758 			log_debugx("WARNING: path \"%s\" duplicated "
1759 			    "between lun \"%s\", and "
1760 			    "lun \"%s\"", lun->l_path,
1761 			    lun->l_name, lun2->l_name);
1762 		}
1763 	}
1764 
1765 	return (0);
1766 }
1767 
1768 int
1769 conf_verify(struct conf *conf)
1770 {
1771 	struct auth_group *ag;
1772 	struct portal_group *pg;
1773 	struct port *port;
1774 	struct target *targ;
1775 	struct lun *lun;
1776 	bool found;
1777 	int error, i;
1778 
1779 	if (conf->conf_pidfile_path == NULL)
1780 		conf->conf_pidfile_path = checked_strdup(DEFAULT_PIDFILE);
1781 
1782 	TAILQ_FOREACH(lun, &conf->conf_luns, l_next) {
1783 		error = conf_verify_lun(lun);
1784 		if (error != 0)
1785 			return (error);
1786 	}
1787 	TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1788 		if (targ->t_auth_group == NULL) {
1789 			targ->t_auth_group = auth_group_find(conf,
1790 			    "default");
1791 			assert(targ->t_auth_group != NULL);
1792 		}
1793 		if (TAILQ_EMPTY(&targ->t_ports)) {
1794 			pg = portal_group_find(conf, "default");
1795 			assert(pg != NULL);
1796 			port_new(conf, targ, pg);
1797 		}
1798 		found = false;
1799 		for (i = 0; i < MAX_LUNS; i++) {
1800 			if (targ->t_luns[i] != NULL)
1801 				found = true;
1802 		}
1803 		if (!found && targ->t_redirection == NULL) {
1804 			log_warnx("no LUNs defined for target \"%s\"",
1805 			    targ->t_name);
1806 		}
1807 		if (found && targ->t_redirection != NULL) {
1808 			log_debugx("target \"%s\" contains luns, "
1809 			    " but configured for redirection",
1810 			    targ->t_name);
1811 		}
1812 	}
1813 	TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1814 		assert(pg->pg_name != NULL);
1815 		if (pg->pg_discovery_auth_group == NULL) {
1816 			pg->pg_discovery_auth_group =
1817 			    auth_group_find(conf, "default");
1818 			assert(pg->pg_discovery_auth_group != NULL);
1819 		}
1820 
1821 		if (pg->pg_discovery_filter == PG_FILTER_UNKNOWN)
1822 			pg->pg_discovery_filter = PG_FILTER_NONE;
1823 
1824 		if (pg->pg_redirection != NULL) {
1825 			if (!TAILQ_EMPTY(&pg->pg_ports)) {
1826 				log_debugx("portal-group \"%s\" assigned "
1827 				    "to target, but configured "
1828 				    "for redirection",
1829 				    pg->pg_name);
1830 			}
1831 			pg->pg_unassigned = false;
1832 		} else if (!TAILQ_EMPTY(&pg->pg_ports)) {
1833 			pg->pg_unassigned = false;
1834 		} else {
1835 			if (strcmp(pg->pg_name, "default") != 0)
1836 				log_warnx("portal-group \"%s\" not assigned "
1837 				    "to any target", pg->pg_name);
1838 			pg->pg_unassigned = true;
1839 		}
1840 	}
1841 	TAILQ_FOREACH(ag, &conf->conf_auth_groups, ag_next) {
1842 		if (ag->ag_name == NULL)
1843 			assert(ag->ag_target != NULL);
1844 		else
1845 			assert(ag->ag_target == NULL);
1846 
1847 		found = false;
1848 		TAILQ_FOREACH(targ, &conf->conf_targets, t_next) {
1849 			if (targ->t_auth_group == ag) {
1850 				found = true;
1851 				break;
1852 			}
1853 		}
1854 		TAILQ_FOREACH(port, &conf->conf_ports, p_next) {
1855 			if (port->p_auth_group == ag) {
1856 				found = true;
1857 				break;
1858 			}
1859 		}
1860 		TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
1861 			if (pg->pg_discovery_auth_group == ag) {
1862 				found = true;
1863 				break;
1864 			}
1865 		}
1866 		if (!found && ag->ag_name != NULL &&
1867 		    strcmp(ag->ag_name, "default") != 0 &&
1868 		    strcmp(ag->ag_name, "no-authentication") != 0 &&
1869 		    strcmp(ag->ag_name, "no-access") != 0) {
1870 			log_warnx("auth-group \"%s\" not assigned "
1871 			    "to any target", ag->ag_name);
1872 		}
1873 	}
1874 
1875 	return (0);
1876 }
1877 
1878 static int
1879 conf_apply(struct conf *oldconf, struct conf *newconf)
1880 {
1881 	struct lun *oldlun, *newlun, *tmplun;
1882 	struct portal_group *oldpg, *newpg;
1883 	struct portal *oldp, *newp;
1884 	struct port *oldport, *newport, *tmpport;
1885 	struct isns *oldns, *newns;
1886 	pid_t otherpid;
1887 	int changed, cumulated_error = 0, error, sockbuf;
1888 	int one = 1;
1889 
1890 	if (oldconf->conf_debug != newconf->conf_debug) {
1891 		log_debugx("changing debug level to %d", newconf->conf_debug);
1892 		log_init(newconf->conf_debug);
1893 	}
1894 
1895 	if (oldconf->conf_pidfh != NULL) {
1896 		assert(oldconf->conf_pidfile_path != NULL);
1897 		if (newconf->conf_pidfile_path != NULL &&
1898 		    strcmp(oldconf->conf_pidfile_path,
1899 		    newconf->conf_pidfile_path) == 0) {
1900 			newconf->conf_pidfh = oldconf->conf_pidfh;
1901 			oldconf->conf_pidfh = NULL;
1902 		} else {
1903 			log_debugx("removing pidfile %s",
1904 			    oldconf->conf_pidfile_path);
1905 			pidfile_remove(oldconf->conf_pidfh);
1906 			oldconf->conf_pidfh = NULL;
1907 		}
1908 	}
1909 
1910 	if (newconf->conf_pidfh == NULL && newconf->conf_pidfile_path != NULL) {
1911 		log_debugx("opening pidfile %s", newconf->conf_pidfile_path);
1912 		newconf->conf_pidfh =
1913 		    pidfile_open(newconf->conf_pidfile_path, 0600, &otherpid);
1914 		if (newconf->conf_pidfh == NULL) {
1915 			if (errno == EEXIST)
1916 				log_errx(1, "daemon already running, pid: %jd.",
1917 				    (intmax_t)otherpid);
1918 			log_err(1, "cannot open or create pidfile \"%s\"",
1919 			    newconf->conf_pidfile_path);
1920 		}
1921 	}
1922 
1923 	/*
1924 	 * Go through the new portal groups, assigning tags or preserving old.
1925 	 */
1926 	TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) {
1927 		if (newpg->pg_tag != 0)
1928 			continue;
1929 		oldpg = portal_group_find(oldconf, newpg->pg_name);
1930 		if (oldpg != NULL)
1931 			newpg->pg_tag = oldpg->pg_tag;
1932 		else
1933 			newpg->pg_tag = ++last_portal_group_tag;
1934 	}
1935 
1936 	/* Deregister on removed iSNS servers. */
1937 	TAILQ_FOREACH(oldns, &oldconf->conf_isns, i_next) {
1938 		TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) {
1939 			if (strcmp(oldns->i_addr, newns->i_addr) == 0)
1940 				break;
1941 		}
1942 		if (newns == NULL)
1943 			isns_deregister(oldns);
1944 	}
1945 
1946 	/*
1947 	 * XXX: If target or lun removal fails, we should somehow "move"
1948 	 *      the old lun or target into newconf, so that subsequent
1949 	 *      conf_apply() would try to remove them again.  That would
1950 	 *      be somewhat hairy, though, and lun deletion failures don't
1951 	 *      really happen, so leave it as it is for now.
1952 	 */
1953 	/*
1954 	 * First, remove any ports present in the old configuration
1955 	 * and missing in the new one.
1956 	 */
1957 	TAILQ_FOREACH_SAFE(oldport, &oldconf->conf_ports, p_next, tmpport) {
1958 		if (port_is_dummy(oldport))
1959 			continue;
1960 		newport = port_find(newconf, oldport->p_name);
1961 		if (newport != NULL && !port_is_dummy(newport))
1962 			continue;
1963 		log_debugx("removing port \"%s\"", oldport->p_name);
1964 		error = kernel_port_remove(oldport);
1965 		if (error != 0) {
1966 			log_warnx("failed to remove port %s",
1967 			    oldport->p_name);
1968 			/*
1969 			 * XXX: Uncomment after fixing the root cause.
1970 			 *
1971 			 * cumulated_error++;
1972 			 */
1973 		}
1974 	}
1975 
1976 	/*
1977 	 * Second, remove any LUNs present in the old configuration
1978 	 * and missing in the new one.
1979 	 */
1980 	TAILQ_FOREACH_SAFE(oldlun, &oldconf->conf_luns, l_next, tmplun) {
1981 		newlun = lun_find(newconf, oldlun->l_name);
1982 		if (newlun == NULL) {
1983 			log_debugx("lun \"%s\", CTL lun %d "
1984 			    "not found in new configuration; "
1985 			    "removing", oldlun->l_name, oldlun->l_ctl_lun);
1986 			error = kernel_lun_remove(oldlun);
1987 			if (error != 0) {
1988 				log_warnx("failed to remove lun \"%s\", "
1989 				    "CTL lun %d",
1990 				    oldlun->l_name, oldlun->l_ctl_lun);
1991 				cumulated_error++;
1992 			}
1993 			continue;
1994 		}
1995 
1996 		/*
1997 		 * Also remove the LUNs changed by more than size.
1998 		 */
1999 		changed = 0;
2000 		assert(oldlun->l_backend != NULL);
2001 		assert(newlun->l_backend != NULL);
2002 		if (strcmp(newlun->l_backend, oldlun->l_backend) != 0) {
2003 			log_debugx("backend for lun \"%s\", "
2004 			    "CTL lun %d changed; removing",
2005 			    oldlun->l_name, oldlun->l_ctl_lun);
2006 			changed = 1;
2007 		}
2008 		if (oldlun->l_blocksize != newlun->l_blocksize) {
2009 			log_debugx("blocksize for lun \"%s\", "
2010 			    "CTL lun %d changed; removing",
2011 			    oldlun->l_name, oldlun->l_ctl_lun);
2012 			changed = 1;
2013 		}
2014 		if (newlun->l_device_id != NULL &&
2015 		    (oldlun->l_device_id == NULL ||
2016 		     strcmp(oldlun->l_device_id, newlun->l_device_id) !=
2017 		     0)) {
2018 			log_debugx("device-id for lun \"%s\", "
2019 			    "CTL lun %d changed; removing",
2020 			    oldlun->l_name, oldlun->l_ctl_lun);
2021 			changed = 1;
2022 		}
2023 		if (newlun->l_path != NULL &&
2024 		    (oldlun->l_path == NULL ||
2025 		     strcmp(oldlun->l_path, newlun->l_path) != 0)) {
2026 			log_debugx("path for lun \"%s\", "
2027 			    "CTL lun %d, changed; removing",
2028 			    oldlun->l_name, oldlun->l_ctl_lun);
2029 			changed = 1;
2030 		}
2031 		if (newlun->l_serial != NULL &&
2032 		    (oldlun->l_serial == NULL ||
2033 		     strcmp(oldlun->l_serial, newlun->l_serial) != 0)) {
2034 			log_debugx("serial for lun \"%s\", "
2035 			    "CTL lun %d changed; removing",
2036 			    oldlun->l_name, oldlun->l_ctl_lun);
2037 			changed = 1;
2038 		}
2039 		if (changed) {
2040 			error = kernel_lun_remove(oldlun);
2041 			if (error != 0) {
2042 				log_warnx("failed to remove lun \"%s\", "
2043 				    "CTL lun %d",
2044 				    oldlun->l_name, oldlun->l_ctl_lun);
2045 				cumulated_error++;
2046 			}
2047 			lun_delete(oldlun);
2048 			continue;
2049 		}
2050 
2051 		lun_set_ctl_lun(newlun, oldlun->l_ctl_lun);
2052 	}
2053 
2054 	TAILQ_FOREACH_SAFE(newlun, &newconf->conf_luns, l_next, tmplun) {
2055 		oldlun = lun_find(oldconf, newlun->l_name);
2056 		if (oldlun != NULL) {
2057 			log_debugx("modifying lun \"%s\", CTL lun %d",
2058 			    newlun->l_name, newlun->l_ctl_lun);
2059 			error = kernel_lun_modify(newlun);
2060 			if (error != 0) {
2061 				log_warnx("failed to "
2062 				    "modify lun \"%s\", CTL lun %d",
2063 				    newlun->l_name, newlun->l_ctl_lun);
2064 				cumulated_error++;
2065 			}
2066 			continue;
2067 		}
2068 		log_debugx("adding lun \"%s\"", newlun->l_name);
2069 		error = kernel_lun_add(newlun);
2070 		if (error != 0) {
2071 			log_warnx("failed to add lun \"%s\"", newlun->l_name);
2072 			lun_delete(newlun);
2073 			cumulated_error++;
2074 		}
2075 	}
2076 
2077 	/*
2078 	 * Now add new ports or modify existing ones.
2079 	 */
2080 	TAILQ_FOREACH(newport, &newconf->conf_ports, p_next) {
2081 		if (port_is_dummy(newport))
2082 			continue;
2083 		oldport = port_find(oldconf, newport->p_name);
2084 
2085 		if (oldport == NULL || port_is_dummy(oldport)) {
2086 			log_debugx("adding port \"%s\"", newport->p_name);
2087 			error = kernel_port_add(newport);
2088 		} else {
2089 			log_debugx("updating port \"%s\"", newport->p_name);
2090 			newport->p_ctl_port = oldport->p_ctl_port;
2091 			error = kernel_port_update(newport, oldport);
2092 		}
2093 		if (error != 0) {
2094 			log_warnx("failed to %s port %s",
2095 			    (oldport == NULL) ? "add" : "update",
2096 			    newport->p_name);
2097 			/*
2098 			 * XXX: Uncomment after fixing the root cause.
2099 			 *
2100 			 * cumulated_error++;
2101 			 */
2102 		}
2103 	}
2104 
2105 	/*
2106 	 * Go through the new portals, opening the sockets as necessary.
2107 	 */
2108 	TAILQ_FOREACH(newpg, &newconf->conf_portal_groups, pg_next) {
2109 		if (newpg->pg_foreign)
2110 			continue;
2111 		if (newpg->pg_unassigned) {
2112 			log_debugx("not listening on portal-group \"%s\", "
2113 			    "not assigned to any target",
2114 			    newpg->pg_name);
2115 			continue;
2116 		}
2117 		TAILQ_FOREACH(newp, &newpg->pg_portals, p_next) {
2118 			/*
2119 			 * Try to find already open portal and reuse
2120 			 * the listening socket.  We don't care about
2121 			 * what portal or portal group that was, what
2122 			 * matters is the listening address.
2123 			 */
2124 			TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups,
2125 			    pg_next) {
2126 				TAILQ_FOREACH(oldp, &oldpg->pg_portals,
2127 				    p_next) {
2128 					if (strcmp(newp->p_listen,
2129 					    oldp->p_listen) == 0 &&
2130 					    oldp->p_socket > 0) {
2131 						newp->p_socket =
2132 						    oldp->p_socket;
2133 						oldp->p_socket = 0;
2134 						break;
2135 					}
2136 				}
2137 			}
2138 			if (newp->p_socket > 0) {
2139 				/*
2140 				 * We're done with this portal.
2141 				 */
2142 				continue;
2143 			}
2144 
2145 #ifdef ICL_KERNEL_PROXY
2146 			if (proxy_mode) {
2147 				newpg->pg_conf->conf_portal_id++;
2148 				newp->p_id = newpg->pg_conf->conf_portal_id;
2149 				log_debugx("listening on %s, portal-group "
2150 				    "\"%s\", portal id %d, using ICL proxy",
2151 				    newp->p_listen, newpg->pg_name, newp->p_id);
2152 				kernel_listen(newp->p_ai, newp->p_iser,
2153 				    newp->p_id);
2154 				continue;
2155 			}
2156 #endif
2157 			assert(proxy_mode == false);
2158 			assert(newp->p_iser == false);
2159 
2160 			log_debugx("listening on %s, portal-group \"%s\"",
2161 			    newp->p_listen, newpg->pg_name);
2162 			newp->p_socket = socket(newp->p_ai->ai_family,
2163 			    newp->p_ai->ai_socktype,
2164 			    newp->p_ai->ai_protocol);
2165 			if (newp->p_socket < 0) {
2166 				log_warn("socket(2) failed for %s",
2167 				    newp->p_listen);
2168 				cumulated_error++;
2169 				continue;
2170 			}
2171 			sockbuf = SOCKBUF_SIZE;
2172 			if (setsockopt(newp->p_socket, SOL_SOCKET, SO_RCVBUF,
2173 			    &sockbuf, sizeof(sockbuf)) == -1)
2174 				log_warn("setsockopt(SO_RCVBUF) failed "
2175 				    "for %s", newp->p_listen);
2176 			sockbuf = SOCKBUF_SIZE;
2177 			if (setsockopt(newp->p_socket, SOL_SOCKET, SO_SNDBUF,
2178 			    &sockbuf, sizeof(sockbuf)) == -1)
2179 				log_warn("setsockopt(SO_SNDBUF) failed "
2180 				    "for %s", newp->p_listen);
2181 			error = setsockopt(newp->p_socket, SOL_SOCKET,
2182 			    SO_REUSEADDR, &one, sizeof(one));
2183 			if (error != 0) {
2184 				log_warn("setsockopt(SO_REUSEADDR) failed "
2185 				    "for %s", newp->p_listen);
2186 				close(newp->p_socket);
2187 				newp->p_socket = 0;
2188 				cumulated_error++;
2189 				continue;
2190 			}
2191 			if (newpg->pg_dscp != -1) {
2192 				struct sockaddr sa;
2193 				int len = sizeof(sa);
2194 				getsockname(newp->p_socket, &sa, &len);
2195 				/*
2196 				 * Only allow the 6-bit DSCP
2197 				 * field to be modified
2198 				 */
2199 				int tos = newpg->pg_dscp << 2;
2200 				if (sa.sa_family == AF_INET) {
2201 					if (setsockopt(newp->p_socket,
2202 					    IPPROTO_IP, IP_TOS,
2203 					    &tos, sizeof(tos)) == -1)
2204 						log_warn("setsockopt(IP_TOS) "
2205 						    "failed for %s",
2206 						    newp->p_listen);
2207 				} else
2208 				if (sa.sa_family == AF_INET6) {
2209 					if (setsockopt(newp->p_socket,
2210 					    IPPROTO_IPV6, IPV6_TCLASS,
2211 					    &tos, sizeof(tos)) == -1)
2212 						log_warn("setsockopt(IPV6_TCLASS) "
2213 						    "failed for %s",
2214 						    newp->p_listen);
2215 				}
2216 			}
2217 			if (newpg->pg_pcp != -1) {
2218 				struct sockaddr sa;
2219 				int len = sizeof(sa);
2220 				getsockname(newp->p_socket, &sa, &len);
2221 				/*
2222 				 * Only allow the 6-bit DSCP
2223 				 * field to be modified
2224 				 */
2225 				int pcp = newpg->pg_pcp;
2226 				if (sa.sa_family == AF_INET) {
2227 					if (setsockopt(newp->p_socket,
2228 					    IPPROTO_IP, IP_VLAN_PCP,
2229 					    &pcp, sizeof(pcp)) == -1)
2230 						log_warn("setsockopt(IP_VLAN_PCP) "
2231 						    "failed for %s",
2232 						    newp->p_listen);
2233 				} else
2234 				if (sa.sa_family == AF_INET6) {
2235 					if (setsockopt(newp->p_socket,
2236 					    IPPROTO_IPV6, IPV6_VLAN_PCP,
2237 					    &pcp, sizeof(pcp)) == -1)
2238 						log_warn("setsockopt(IPV6_VLAN_PCP) "
2239 						    "failed for %s",
2240 						    newp->p_listen);
2241 				}
2242 			}
2243 			error = bind(newp->p_socket, newp->p_ai->ai_addr,
2244 			    newp->p_ai->ai_addrlen);
2245 			if (error != 0) {
2246 				log_warn("bind(2) failed for %s",
2247 				    newp->p_listen);
2248 				close(newp->p_socket);
2249 				newp->p_socket = 0;
2250 				cumulated_error++;
2251 				continue;
2252 			}
2253 			error = listen(newp->p_socket, -1);
2254 			if (error != 0) {
2255 				log_warn("listen(2) failed for %s",
2256 				    newp->p_listen);
2257 				close(newp->p_socket);
2258 				newp->p_socket = 0;
2259 				cumulated_error++;
2260 				continue;
2261 			}
2262 		}
2263 	}
2264 
2265 	/*
2266 	 * Go through the no longer used sockets, closing them.
2267 	 */
2268 	TAILQ_FOREACH(oldpg, &oldconf->conf_portal_groups, pg_next) {
2269 		TAILQ_FOREACH(oldp, &oldpg->pg_portals, p_next) {
2270 			if (oldp->p_socket <= 0)
2271 				continue;
2272 			log_debugx("closing socket for %s, portal-group \"%s\"",
2273 			    oldp->p_listen, oldpg->pg_name);
2274 			close(oldp->p_socket);
2275 			oldp->p_socket = 0;
2276 		}
2277 	}
2278 
2279 	/* (Re-)Register on remaining/new iSNS servers. */
2280 	TAILQ_FOREACH(newns, &newconf->conf_isns, i_next) {
2281 		TAILQ_FOREACH(oldns, &oldconf->conf_isns, i_next) {
2282 			if (strcmp(oldns->i_addr, newns->i_addr) == 0)
2283 				break;
2284 		}
2285 		isns_register(newns, oldns);
2286 	}
2287 
2288 	/* Schedule iSNS update */
2289 	if (!TAILQ_EMPTY(&newconf->conf_isns))
2290 		set_timeout((newconf->conf_isns_period + 2) / 3, false);
2291 
2292 	return (cumulated_error);
2293 }
2294 
2295 bool
2296 timed_out(void)
2297 {
2298 
2299 	return (sigalrm_received);
2300 }
2301 
2302 static void
2303 sigalrm_handler_fatal(int dummy __unused)
2304 {
2305 	/*
2306 	 * It would be easiest to just log an error and exit.  We can't
2307 	 * do this, though, because log_errx() is not signal safe, since
2308 	 * it calls syslog(3).  Instead, set a flag checked by pdu_send()
2309 	 * and pdu_receive(), to call log_errx() there.  Should they fail
2310 	 * to notice, we'll exit here one second later.
2311 	 */
2312 	if (sigalrm_received) {
2313 		/*
2314 		 * Oh well.  Just give up and quit.
2315 		 */
2316 		_exit(2);
2317 	}
2318 
2319 	sigalrm_received = true;
2320 }
2321 
2322 static void
2323 sigalrm_handler(int dummy __unused)
2324 {
2325 
2326 	sigalrm_received = true;
2327 }
2328 
2329 void
2330 set_timeout(int timeout, int fatal)
2331 {
2332 	struct sigaction sa;
2333 	struct itimerval itv;
2334 	int error;
2335 
2336 	if (timeout <= 0) {
2337 		log_debugx("session timeout disabled");
2338 		bzero(&itv, sizeof(itv));
2339 		error = setitimer(ITIMER_REAL, &itv, NULL);
2340 		if (error != 0)
2341 			log_err(1, "setitimer");
2342 		sigalrm_received = false;
2343 		return;
2344 	}
2345 
2346 	sigalrm_received = false;
2347 	bzero(&sa, sizeof(sa));
2348 	if (fatal)
2349 		sa.sa_handler = sigalrm_handler_fatal;
2350 	else
2351 		sa.sa_handler = sigalrm_handler;
2352 	sigfillset(&sa.sa_mask);
2353 	error = sigaction(SIGALRM, &sa, NULL);
2354 	if (error != 0)
2355 		log_err(1, "sigaction");
2356 
2357 	/*
2358 	 * First SIGALRM will arive after conf_timeout seconds.
2359 	 * If we do nothing, another one will arrive a second later.
2360 	 */
2361 	log_debugx("setting session timeout to %d seconds", timeout);
2362 	bzero(&itv, sizeof(itv));
2363 	itv.it_interval.tv_sec = 1;
2364 	itv.it_value.tv_sec = timeout;
2365 	error = setitimer(ITIMER_REAL, &itv, NULL);
2366 	if (error != 0)
2367 		log_err(1, "setitimer");
2368 }
2369 
2370 static int
2371 wait_for_children(bool block)
2372 {
2373 	pid_t pid;
2374 	int status;
2375 	int num = 0;
2376 
2377 	for (;;) {
2378 		/*
2379 		 * If "block" is true, wait for at least one process.
2380 		 */
2381 		if (block && num == 0)
2382 			pid = wait4(-1, &status, 0, NULL);
2383 		else
2384 			pid = wait4(-1, &status, WNOHANG, NULL);
2385 		if (pid <= 0)
2386 			break;
2387 		if (WIFSIGNALED(status)) {
2388 			log_warnx("child process %d terminated with signal %d",
2389 			    pid, WTERMSIG(status));
2390 		} else if (WEXITSTATUS(status) != 0) {
2391 			log_warnx("child process %d terminated with exit status %d",
2392 			    pid, WEXITSTATUS(status));
2393 		} else {
2394 			log_debugx("child process %d terminated gracefully", pid);
2395 		}
2396 		num++;
2397 	}
2398 
2399 	return (num);
2400 }
2401 
2402 static void
2403 handle_connection(struct portal *portal, int fd,
2404     const struct sockaddr *client_sa, bool dont_fork)
2405 {
2406 	struct connection *conn;
2407 	int error;
2408 	pid_t pid;
2409 	char host[NI_MAXHOST + 1];
2410 	struct conf *conf;
2411 
2412 	conf = portal->p_portal_group->pg_conf;
2413 
2414 	if (dont_fork) {
2415 		log_debugx("incoming connection; not forking due to -d flag");
2416 	} else {
2417 		nchildren -= wait_for_children(false);
2418 		assert(nchildren >= 0);
2419 
2420 		while (conf->conf_maxproc > 0 && nchildren >= conf->conf_maxproc) {
2421 			log_debugx("maxproc limit of %d child processes hit; "
2422 			    "waiting for child process to exit", conf->conf_maxproc);
2423 			nchildren -= wait_for_children(true);
2424 			assert(nchildren >= 0);
2425 		}
2426 		log_debugx("incoming connection; forking child process #%d",
2427 		    nchildren);
2428 		nchildren++;
2429 		pid = fork();
2430 		if (pid < 0)
2431 			log_err(1, "fork");
2432 		if (pid > 0) {
2433 			close(fd);
2434 			return;
2435 		}
2436 	}
2437 	pidfile_close(conf->conf_pidfh);
2438 
2439 	error = getnameinfo(client_sa, client_sa->sa_len,
2440 	    host, sizeof(host), NULL, 0, NI_NUMERICHOST);
2441 	if (error != 0)
2442 		log_errx(1, "getnameinfo: %s", gai_strerror(error));
2443 
2444 	log_debugx("accepted connection from %s; portal group \"%s\"",
2445 	    host, portal->p_portal_group->pg_name);
2446 	log_set_peer_addr(host);
2447 	setproctitle("%s", host);
2448 
2449 	conn = connection_new(portal, fd, host, client_sa);
2450 	set_timeout(conf->conf_timeout, true);
2451 	kernel_capsicate();
2452 	login(conn);
2453 	if (conn->conn_session_type == CONN_SESSION_TYPE_NORMAL) {
2454 		kernel_handoff(conn);
2455 		log_debugx("connection handed off to the kernel");
2456 	} else {
2457 		assert(conn->conn_session_type == CONN_SESSION_TYPE_DISCOVERY);
2458 		discovery(conn);
2459 	}
2460 	log_debugx("nothing more to do; exiting");
2461 	exit(0);
2462 }
2463 
2464 static int
2465 fd_add(int fd, fd_set *fdset, int nfds)
2466 {
2467 
2468 	/*
2469 	 * Skip sockets which we failed to bind.
2470 	 */
2471 	if (fd <= 0)
2472 		return (nfds);
2473 
2474 	FD_SET(fd, fdset);
2475 	if (fd > nfds)
2476 		nfds = fd;
2477 	return (nfds);
2478 }
2479 
2480 static void
2481 main_loop(struct conf *conf, bool dont_fork)
2482 {
2483 	struct portal_group *pg;
2484 	struct portal *portal;
2485 	struct sockaddr_storage client_sa;
2486 	socklen_t client_salen;
2487 #ifdef ICL_KERNEL_PROXY
2488 	int connection_id;
2489 	int portal_id;
2490 #endif
2491 	fd_set fdset;
2492 	int error, nfds, client_fd;
2493 
2494 	pidfile_write(conf->conf_pidfh);
2495 
2496 	for (;;) {
2497 		if (sighup_received || sigterm_received || timed_out())
2498 			return;
2499 
2500 #ifdef ICL_KERNEL_PROXY
2501 		if (proxy_mode) {
2502 			client_salen = sizeof(client_sa);
2503 			kernel_accept(&connection_id, &portal_id,
2504 			    (struct sockaddr *)&client_sa, &client_salen);
2505 			assert(client_salen >= client_sa.ss_len);
2506 
2507 			log_debugx("incoming connection, id %d, portal id %d",
2508 			    connection_id, portal_id);
2509 			TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
2510 				TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
2511 					if (portal->p_id == portal_id) {
2512 						goto found;
2513 					}
2514 				}
2515 			}
2516 
2517 			log_errx(1, "kernel returned invalid portal_id %d",
2518 			    portal_id);
2519 
2520 found:
2521 			handle_connection(portal, connection_id,
2522 			    (struct sockaddr *)&client_sa, dont_fork);
2523 		} else {
2524 #endif
2525 			assert(proxy_mode == false);
2526 
2527 			FD_ZERO(&fdset);
2528 			nfds = 0;
2529 			TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
2530 				TAILQ_FOREACH(portal, &pg->pg_portals, p_next)
2531 					nfds = fd_add(portal->p_socket, &fdset, nfds);
2532 			}
2533 			error = select(nfds + 1, &fdset, NULL, NULL, NULL);
2534 			if (error <= 0) {
2535 				if (errno == EINTR)
2536 					return;
2537 				log_err(1, "select");
2538 			}
2539 			TAILQ_FOREACH(pg, &conf->conf_portal_groups, pg_next) {
2540 				TAILQ_FOREACH(portal, &pg->pg_portals, p_next) {
2541 					if (!FD_ISSET(portal->p_socket, &fdset))
2542 						continue;
2543 					client_salen = sizeof(client_sa);
2544 					client_fd = accept(portal->p_socket,
2545 					    (struct sockaddr *)&client_sa,
2546 					    &client_salen);
2547 					if (client_fd < 0) {
2548 						if (errno == ECONNABORTED)
2549 							continue;
2550 						log_err(1, "accept");
2551 					}
2552 					assert(client_salen >= client_sa.ss_len);
2553 
2554 					handle_connection(portal, client_fd,
2555 					    (struct sockaddr *)&client_sa,
2556 					    dont_fork);
2557 					break;
2558 				}
2559 			}
2560 #ifdef ICL_KERNEL_PROXY
2561 		}
2562 #endif
2563 	}
2564 }
2565 
2566 static void
2567 sighup_handler(int dummy __unused)
2568 {
2569 
2570 	sighup_received = true;
2571 }
2572 
2573 static void
2574 sigterm_handler(int dummy __unused)
2575 {
2576 
2577 	sigterm_received = true;
2578 }
2579 
2580 static void
2581 sigchld_handler(int dummy __unused)
2582 {
2583 
2584 	/*
2585 	 * The only purpose of this handler is to make SIGCHLD
2586 	 * interrupt the ISCSIDWAIT ioctl(2), so we can call
2587 	 * wait_for_children().
2588 	 */
2589 }
2590 
2591 static void
2592 register_signals(void)
2593 {
2594 	struct sigaction sa;
2595 	int error;
2596 
2597 	bzero(&sa, sizeof(sa));
2598 	sa.sa_handler = sighup_handler;
2599 	sigfillset(&sa.sa_mask);
2600 	error = sigaction(SIGHUP, &sa, NULL);
2601 	if (error != 0)
2602 		log_err(1, "sigaction");
2603 
2604 	sa.sa_handler = sigterm_handler;
2605 	error = sigaction(SIGTERM, &sa, NULL);
2606 	if (error != 0)
2607 		log_err(1, "sigaction");
2608 
2609 	sa.sa_handler = sigterm_handler;
2610 	error = sigaction(SIGINT, &sa, NULL);
2611 	if (error != 0)
2612 		log_err(1, "sigaction");
2613 
2614 	sa.sa_handler = sigchld_handler;
2615 	error = sigaction(SIGCHLD, &sa, NULL);
2616 	if (error != 0)
2617 		log_err(1, "sigaction");
2618 }
2619 
2620 static void
2621 check_perms(const char *path)
2622 {
2623 	struct stat sb;
2624 	int error;
2625 
2626 	error = stat(path, &sb);
2627 	if (error != 0) {
2628 		log_warn("stat");
2629 		return;
2630 	}
2631 	if (sb.st_mode & S_IWOTH) {
2632 		log_warnx("%s is world-writable", path);
2633 	} else if (sb.st_mode & S_IROTH) {
2634 		log_warnx("%s is world-readable", path);
2635 	} else if (sb.st_mode & S_IXOTH) {
2636 		/*
2637 		 * Ok, this one doesn't matter, but still do it,
2638 		 * just for consistency.
2639 		 */
2640 		log_warnx("%s is world-executable", path);
2641 	}
2642 
2643 	/*
2644 	 * XXX: Should we also check for owner != 0?
2645 	 */
2646 }
2647 
2648 static struct conf *
2649 conf_new_from_file(const char *path, struct conf *oldconf, bool ucl)
2650 {
2651 	struct conf *conf;
2652 	struct auth_group *ag;
2653 	struct portal_group *pg;
2654 	struct pport *pp;
2655 	int error;
2656 
2657 	log_debugx("obtaining configuration from %s", path);
2658 
2659 	conf = conf_new();
2660 
2661 	TAILQ_FOREACH(pp, &oldconf->conf_pports, pp_next)
2662 		pport_copy(pp, conf);
2663 
2664 	ag = auth_group_new(conf, "default");
2665 	assert(ag != NULL);
2666 
2667 	ag = auth_group_new(conf, "no-authentication");
2668 	assert(ag != NULL);
2669 	ag->ag_type = AG_TYPE_NO_AUTHENTICATION;
2670 
2671 	ag = auth_group_new(conf, "no-access");
2672 	assert(ag != NULL);
2673 	ag->ag_type = AG_TYPE_DENY;
2674 
2675 	pg = portal_group_new(conf, "default");
2676 	assert(pg != NULL);
2677 
2678 	if (ucl)
2679 		error = uclparse_conf(conf, path);
2680 	else
2681 		error = parse_conf(conf, path);
2682 
2683 	if (error != 0) {
2684 		conf_delete(conf);
2685 		return (NULL);
2686 	}
2687 
2688 	check_perms(path);
2689 
2690 	if (conf->conf_default_ag_defined == false) {
2691 		log_debugx("auth-group \"default\" not defined; "
2692 		    "going with defaults");
2693 		ag = auth_group_find(conf, "default");
2694 		assert(ag != NULL);
2695 		ag->ag_type = AG_TYPE_DENY;
2696 	}
2697 
2698 	if (conf->conf_default_pg_defined == false) {
2699 		log_debugx("portal-group \"default\" not defined; "
2700 		    "going with defaults");
2701 		pg = portal_group_find(conf, "default");
2702 		assert(pg != NULL);
2703 		portal_group_add_listen(pg, "0.0.0.0:3260", false);
2704 		portal_group_add_listen(pg, "[::]:3260", false);
2705 	}
2706 
2707 	conf->conf_kernel_port_on = true;
2708 
2709 	error = conf_verify(conf);
2710 	if (error != 0) {
2711 		conf_delete(conf);
2712 		return (NULL);
2713 	}
2714 
2715 	return (conf);
2716 }
2717 
2718 int
2719 main(int argc, char **argv)
2720 {
2721 	struct conf *oldconf, *newconf, *tmpconf;
2722 	struct isns *newns;
2723 	const char *config_path = DEFAULT_CONFIG_PATH;
2724 	int debug = 0, ch, error;
2725 	bool dont_daemonize = false;
2726 	bool test_config = false;
2727 	bool use_ucl = false;
2728 
2729 	while ((ch = getopt(argc, argv, "dtuf:R")) != -1) {
2730 		switch (ch) {
2731 		case 'd':
2732 			dont_daemonize = true;
2733 			debug++;
2734 			break;
2735 		case 't':
2736 			test_config = true;
2737 			break;
2738 		case 'u':
2739 			use_ucl = true;
2740 			break;
2741 		case 'f':
2742 			config_path = optarg;
2743 			break;
2744 		case 'R':
2745 #ifndef ICL_KERNEL_PROXY
2746 			log_errx(1, "ctld(8) compiled without ICL_KERNEL_PROXY "
2747 			    "does not support iSER protocol");
2748 #endif
2749 			proxy_mode = true;
2750 			break;
2751 		case '?':
2752 		default:
2753 			usage();
2754 		}
2755 	}
2756 	argc -= optind;
2757 	if (argc != 0)
2758 		usage();
2759 
2760 	log_init(debug);
2761 	kernel_init();
2762 
2763 	oldconf = conf_new_from_kernel();
2764 	newconf = conf_new_from_file(config_path, oldconf, use_ucl);
2765 
2766 	if (newconf == NULL)
2767 		log_errx(1, "configuration error; exiting");
2768 
2769 	if (test_config)
2770 		return (0);
2771 
2772 	if (debug > 0) {
2773 		oldconf->conf_debug = debug;
2774 		newconf->conf_debug = debug;
2775 	}
2776 
2777 	error = conf_apply(oldconf, newconf);
2778 	if (error != 0)
2779 		log_errx(1, "failed to apply configuration; exiting");
2780 
2781 	conf_delete(oldconf);
2782 	oldconf = NULL;
2783 
2784 	register_signals();
2785 
2786 	if (dont_daemonize == false) {
2787 		log_debugx("daemonizing");
2788 		if (daemon(0, 0) == -1) {
2789 			log_warn("cannot daemonize");
2790 			pidfile_remove(newconf->conf_pidfh);
2791 			exit(1);
2792 		}
2793 	}
2794 
2795 	/* Schedule iSNS update */
2796 	if (!TAILQ_EMPTY(&newconf->conf_isns))
2797 		set_timeout((newconf->conf_isns_period + 2) / 3, false);
2798 
2799 	for (;;) {
2800 		main_loop(newconf, dont_daemonize);
2801 		if (sighup_received) {
2802 			sighup_received = false;
2803 			log_debugx("received SIGHUP, reloading configuration");
2804 			tmpconf = conf_new_from_file(config_path, newconf,
2805 			    use_ucl);
2806 
2807 			if (tmpconf == NULL) {
2808 				log_warnx("configuration error, "
2809 				    "continuing with old configuration");
2810 			} else {
2811 				if (debug > 0)
2812 					tmpconf->conf_debug = debug;
2813 				oldconf = newconf;
2814 				newconf = tmpconf;
2815 				error = conf_apply(oldconf, newconf);
2816 				if (error != 0)
2817 					log_warnx("failed to reload "
2818 					    "configuration");
2819 				conf_delete(oldconf);
2820 				oldconf = NULL;
2821 			}
2822 		} else if (sigterm_received) {
2823 			log_debugx("exiting on signal; "
2824 			    "reloading empty configuration");
2825 
2826 			log_debugx("removing CTL iSCSI ports "
2827 			    "and terminating all connections");
2828 
2829 			oldconf = newconf;
2830 			newconf = conf_new();
2831 			if (debug > 0)
2832 				newconf->conf_debug = debug;
2833 			error = conf_apply(oldconf, newconf);
2834 			if (error != 0)
2835 				log_warnx("failed to apply configuration");
2836 			conf_delete(oldconf);
2837 			oldconf = NULL;
2838 
2839 			log_warnx("exiting on signal");
2840 			exit(0);
2841 		} else {
2842 			nchildren -= wait_for_children(false);
2843 			assert(nchildren >= 0);
2844 			if (timed_out()) {
2845 				set_timeout(0, false);
2846 				TAILQ_FOREACH(newns, &newconf->conf_isns, i_next)
2847 					isns_check(newns);
2848 				/* Schedule iSNS update */
2849 				if (!TAILQ_EMPTY(&newconf->conf_isns)) {
2850 					set_timeout((newconf->conf_isns_period
2851 					    + 2) / 3,
2852 					    false);
2853 				}
2854 			}
2855 		}
2856 	}
2857 	/* NOTREACHED */
2858 }
2859