vpn-manager: Add l2tp/ipsec vpn manager

l2tpipsec_vpn.cc

Index: l2tpipsec_vpn.cc
diff --git a/l2tpipsec_vpn.cc b/l2tpipsec_vpn.cc
new file mode 100644
index 0000000000000000000000000000000000000000..d5967704d618c706f89a2918adb176eb10dcbce8
--- /dev/null
+++ b/l2tpipsec_vpn.cc
@@ -0,0 +1,130 @@
+// Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <poll.h>
+#include <signal.h>
+#include <stddef.h>
+#include <sys/wait.h>
+
+#include <string>
+
+#include "base/command_line.h"
+#include "base/logging.h"
+#include "chromeos/process.h"
+#include "chromeos/syslog_logging.h"
+#include "gflags/gflags.h"
+#include "vpn-manager/ipsec_manager.h"
+#include "vpn-manager/l2tp_manager.h"
+
+#pragma GCC diagnostic ignored "-Wstrict-aliasing"
+DEFINE_string(client_cert_file, "", "File with IPsec client certificate");
+DEFINE_string(client_key_file, "", "File with IPsec client private key");
+DEFINE_string(psk_file, "", "File with IPsec pre-shared key");
+DEFINE_string(remote, "", "VPN server address");
+DEFINE_string(server_ca_file, "", "File with IPsec server CA");
+#pragma GCC diagnostic error "-Wstrict-aliasing"
+
+// True if a signal has requested termination.
+static bool s_terminate_request = false;
+
+void HandleSignal(int sig_num) {
+  LOG(INFO) << "Caught signal " << sig_num;
+  switch(sig_num) {
+    case SIGTERM:
+    case SIGINT:
+      s_terminate_request = true;
+      break;
+    case SIGALRM:
+      break;
+  }
+}
+
+static void InstallSignalHandlers() {
+  struct sigaction sa;
+  memset(&sa, 0, sizeof(sa));
+  sa.sa_handler = HandleSignal;
+  sigaction(SIGTERM, &sa, NULL);
+  sigaction(SIGINT, &sa, NULL);
+  sigaction(SIGALRM, &sa, NULL);
+}
+
+static void LockDownUmask() {
+  // Only user and group may access configuration files we create.
+  umask(S_IWGRP | S_IROTH | S_IWOTH);
+}
+
+// Run the main event loop.  The events to handle are:
+// 1) timeout from poll
+// 2) caught signal
+// 3) stdout/err of child process ready
+// 4) child process dies
+static void RunEventLoop(IpsecManager* ipsec, L2tpManager* l2tp) {
+  do {
+    int status;
+    int ipsec_poll_timeout = ipsec->Poll();
+    int l2tp_poll_timeout = l2tp->Poll();
+    int poll_timeout = (ipsec_poll_timeout > l2tp_poll_timeout) ?
+        ipsec_poll_timeout : l2tp_poll_timeout;
+
+    const int poll_input_count = 2;
+    struct pollfd poll_inputs[poll_input_count] = {
+      { ipsec->output_fd(), POLLIN },  // ipsec output
+      { l2tp->output_fd(), POLLIN }  // l2tp output
+    };
+    int poll_result = poll(poll_inputs, poll_input_count, poll_timeout);
+    CHECK(poll_result >= 0 || errno == EINTR) << "Unexpected poll result";
+
+    // Check if there are any child processes to be reaped without
+    // blocking.
+    pid_t pid = waitpid(-1, &status, WNOHANG);
+    if (pid > 0 && (ipsec->IsChild(pid) || l2tp->IsChild(pid))) {
+      LOG(WARNING) << "Child process " << pid << " stopped early";
+      s_terminate_request = true;
+    }
+
+    if (poll_inputs[0].revents & POLLIN)
+      ipsec->ProcessOutput();
+    if (poll_inputs[1].revents & POLLIN)
+      l2tp->ProcessOutput();
+  } while(!ipsec->was_stopped() && !s_terminate_request);
+}
+
+int main(int argc, char* argv[]) {
+  CommandLine::Init(argc, argv);
+  google::ParseCommandLineFlags(&argc, &argv, true);
+  int log_flags = chromeos::kLogToSyslog;
+  if (isatty(STDOUT_FILENO)) log_flags |= chromeos::kLogToStderr;
+  chromeos::InitLog(log_flags);
+  chromeos::OpenLog("l2tpipsec_vpn", true);
+  IpsecManager ipsec;
+  L2tpManager l2tp;
+
+  LockDownUmask();
+
+  ServiceManager::InitializeDirectories();
+
+  if (!ipsec.Initialize(1,
+                        FLAGS_remote,
+                        FLAGS_psk_file,
+                        FLAGS_server_ca_file,
+                        FLAGS_client_key_file,
+                        FLAGS_client_cert_file)) {
+    return 1;
+  }
+  if (!l2tp.Initialize(FLAGS_remote)) {
+    return 1;
+  }
+  ServiceManager::SetLayerOrder(&ipsec, &l2tp);
+
+  InstallSignalHandlers();
+  CHECK(ipsec.Start()) << "Unable to start IPsec layer";
+
+  RunEventLoop(&ipsec, &l2tp);
+
+  LOG(INFO) << "Shutting down...";
+  l2tp.Stop();
+  // TODO(kmixter): use error codes to distinguish login failed vs
+  // connect failed.
+  return 0;
+}