X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Ftincd.c;h=6746c33008c7d462626929edaf301ffe5a1098d6;hp=0838e8291216689680c93b7f2c1629a2a68a01ab;hb=5fc1ed17f41f0c535cf57a4b7e00cd6d45759503;hpb=116ba3b3da73fb857cf75b5c92c6aacd70d94dd9

diff --git a/src/tincd.c b/src/tincd.c
index 0838e829..6746c330 100644
--- a/src/tincd.c
+++ b/src/tincd.c
@@ -1,7 +1,7 @@
 /*
     tincd.c -- the main file for tincd
-    Copyright (C) 1998-2002 Ivo Timmermans <itimmermans@bigfoot.com>
-                  2000-2002 Guus Sliepen <guus@sliepen.warande.net>
+    Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl>
+                  2000-2002 Guus Sliepen <guus@sliepen.eu.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: tincd.c,v 1.10.4.59 2002/06/08 12:57:10 guus Exp $
+    $Id: tincd.c,v 1.10.4.62 2002/09/09 19:40:12 guus Exp $
 */
 
 #include "config.h"
@@ -33,6 +33,7 @@
 #include <signal.h>
 #include <string.h>
 #include <termios.h>
+#include <sys/mman.h>
 
 #ifdef HAVE_SYS_IOCTL_H
 # include <sys/ioctl.h>
@@ -73,6 +74,9 @@ int generate_keys = 0;
 /* If nonzero, use null ciphers and skip all key exchanges. */
 int bypass_security = 0;
 
+/* If nonzero, disable swapping for this process. */
+int do_mlock = 0;
+
 char *identname;                 /* program name for syslog */
 char *pidfilename;               /* pid file location */
 char **g_argv;                   /* a copy of the cmdline arguments */
@@ -90,6 +94,7 @@ static struct option const long_options[] =
   { "generate-keys", optional_argument, NULL, 'K'},
   { "debug", optional_argument, NULL, 'd'},
   { "bypass-security", no_argument, &bypass_security, 1 },
+  { "mlock", no_argument, &do_mlock, 1},
   { NULL, 0, NULL, 0 }
 };
 
@@ -105,8 +110,9 @@ usage(int status)
                "  -D, --no-detach            Don't fork and detach.\n"
                "  -d, --debug[=LEVEL]        Increase debug level or set it to LEVEL.\n"
                "  -k, --kill[=SIGNAL]        Attempt to kill a running tincd and exit.\n"
-               "  -n, --net=NETNAME          Connect to net NETNAME.\n"));
-      printf(_("  -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n"
+               "  -n, --net=NETNAME          Connect to net NETNAME.\n"
+               "  -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n"
+               "  -L, --mlock                Lock tinc into main memory.\n"
                "      --help                 Display this help and exit.\n"
                "      --version              Output version information and exit.\n\n"));
       printf(_("Report bugs to tinc@nl.linux.org.\n"));
@@ -120,7 +126,7 @@ parse_options(int argc, char **argv, char **envp)
   int r;
   int option_index = 0;
 
-  while((r = getopt_long(argc, argv, "c:Dd::k::n:K::", long_options, &option_index)) != EOF)
+  while((r = getopt_long(argc, argv, "c:DLd::k::n:K::", long_options, &option_index)) != EOF)
     {
       switch(r)
         {
@@ -133,6 +139,9 @@ parse_options(int argc, char **argv, char **envp)
         case 'D': /* no detach */
           do_detach = 0;
           break;
+        case 'L': /* no detach */
+          do_mlock = 1;
+          break;
         case 'd': /* inc debug level */
           if(optarg)
             debug_lvl = atoi(optarg);
@@ -260,7 +269,9 @@ int keygen(int bits)
   else
     asprintf(&filename, "%s/rsa_key.pub", confbase);
 
-  if((f = ask_and_safe_open(filename, _("public RSA key"), "a")) == NULL)
+  f = ask_and_safe_open(filename, _("public RSA key"), "a");
+  
+  if(!f)
     return -1;
 
   if(ftell(f))
@@ -271,7 +282,9 @@ int keygen(int bits)
   free(filename);
 
   asprintf(&filename, "%s/rsa_key.priv", confbase);
-  if((f = ask_and_safe_open(filename, _("private RSA key"), "a")) == NULL)
+  f = ask_and_safe_open(filename, _("private RSA key"), "a");
+  
+  if(!f)
     return -1;
 
   if(ftell(f))
@@ -344,13 +357,27 @@ main(int argc, char **argv, char **envp)
   openlog("tinc", LOG_PERROR, LOG_DAEMON);      /* Catch all syslog() calls issued before detaching */
 #endif
 
+  /* Lock all pages into memory if requested */
+  
+  if(do_mlock)
+#ifdef HAVE_MLOCKALL
+    if(mlockall(MCL_CURRENT | MCL_FUTURE))
+      {
+	syslog(LOG_ERR, _("System call `%s' failed: %s"), "mlockall", strerror(errno));
+#else
+      {
+        syslog(LOG_ERR, _("mlockall() not supported on this platform!"));
+#endif
+	return -1;
+      }
+  
   g_argv = argv;
 
   make_names();
   init_configuration(&config_tree);
 
   /* Slllluuuuuuurrrrp! */
-cp
+  cp();
   RAND_load_file("/dev/urandom", 1024);
 
 #ifdef HAVE_SSLEAY_ADD_ALL_ALGORITHMS
@@ -359,7 +386,7 @@ cp
   OpenSSL_add_all_algorithms();
 #endif
 
-cp
+  cp();
   if(generate_keys)
     {
       read_server_config();
@@ -371,10 +398,10 @@ cp
 
   if(read_server_config())
     exit(1);
-cp
+  cp();
   if(detach())
     exit(0);
-cp
+  cp();
   for(;;)
     {
       if(!setup_network_connections())