Index | Thread | Search

From:
Martijn van Duren <openbsd+tech@list.imperialat.at>
Subject:
{iked,relayd,vmd}/proc.c: remove control special casing
To:
tech@openbsd.org
Date:
Wed, 1 Jul 2026 23:23:58 +0200

Download raw body.

Thread
  • Martijn van Duren:

    {iked,relayd,vmd}/proc.c: remove control special casing

Hello tech@

I can see no reason why to special case the control bits inside proc.c.
The only thing I can reason is a bit of logging lipstick. If a daemon
wants ctl functionality it can set that up via the normal flow.

OK?

martijn@

diff 3a72436295791b69bd9094afa035343068b68adb ccdd91bbbd16f75b12076602b68ac64f2e57798d
commit - 3a72436295791b69bd9094afa035343068b68adb
commit + ccdd91bbbd16f75b12076602b68ac64f2e57798d
blob - 7bba4cba8ec28d87db99f7ca6a1b47495f86396b
blob + e8c3adc8e2bbf55704124ca7a0eaf23e874be413
--- sbin/iked/control.c
+++ sbin/iked/control.c
@@ -59,6 +59,9 @@ static struct privsep_proc procs[] = {
 void
 control(struct privsep *ps, struct privsep_proc *p)
 {
+	if (control_init(ps, &iked_env->sc_csock) == -1)
+		fatalx("%s: control_init", __func__);
+
 	proc_run(ps, p, procs, nitems(procs), control_run, NULL);
 }
 
@@ -72,6 +75,9 @@ control_run(struct privsep *ps, struct privsep_proc *p
 	 */
 	if (pledge("stdio unix recvfd", NULL) == -1)
 		fatal("pledge");
+
+	if (control_listen(&iked_env->sc_csock) == -1)
+		fatalx("%s: control_listen", __func__);
 }
 
 int
blob - 8feaadef5073b9f8311e5f9226a320f3bbca624f
blob + 7adc71c5f5ed1b3177c25771fd6a713e302a8cc0
--- sbin/iked/iked.c
+++ sbin/iked/iked.c
@@ -182,7 +182,7 @@ main(int argc, char *argv[])
 		errx(1, "unknown user %s", IKED_USER);
 
 	/* Configure the control socket */
-	ps->ps_csock.cs_name = sock;
+	env->sc_csock.cs_name = sock;
 
 	log_init(debug, LOG_DAEMON);
 	log_setverbose(verbose);
blob - 367ea76047ae3d7ec009bd36cab0e3bbeb9ec36a
blob + e0e4ca1f4ea1ce943b04c4c403d92aba1cb8fc64
--- sbin/iked/iked.h
+++ sbin/iked/iked.h
@@ -801,8 +801,6 @@ struct privsep {
 	struct passwd			*ps_pw;
 	int				 ps_noaction;
 
-	struct control_sock		 ps_csock;
-
 	unsigned int			 ps_instances[PROC_MAX];
 	unsigned int			 ps_ninstances;
 	unsigned int			 ps_instance;
@@ -924,6 +922,8 @@ struct iked {
 
 	struct privsep			 sc_ps;
 
+	struct control_sock		 sc_csock;
+
 	struct iked_ocsp_requests	 sc_ocsp;
 	char				*sc_ocsp_url;
 	long				 sc_ocsp_tolerate;
blob - 7db459f43bd5a9cdd3f1200f78543470ef2d57c7
blob + 5a905294b9965f9476a1f9f2a012d18f16c85145
--- sbin/iked/proc.c
+++ sbin/iked/proc.c
@@ -539,11 +539,6 @@ proc_run(struct privsep *ps, struct privsep_proc *p,
 
 	log_procinit(p->p_title);
 
-	if (p->p_id == PROC_CONTROL && ps->ps_instance == 0) {
-		if (control_init(ps, &ps->ps_csock) == -1)
-			fatalx("%s: control_init", __func__);
-	}
-
 	/* Use non-standard user */
 	if (p->p_pw != NULL)
 		pw = p->p_pw;
@@ -588,10 +583,6 @@ proc_run(struct privsep *ps, struct privsep_proc *p,
 
 	proc_setup(ps, procs, nproc);
 	proc_accept(ps, PROC_PARENT_SOCK_FILENO, PROC_PARENT, 0);
-	if (p->p_id == PROC_CONTROL && ps->ps_instance == 0) {
-		if (control_listen(&ps->ps_csock) == -1)
-			fatalx("%s: control_listen", __func__);
-	}
 
 #if DEBUG
 	log_debug("%s: %s %d/%d, pid %d", __func__, p->p_title,
blob - b273fd785ddfc23c5f394e3a0c4f797568c879c5
blob + e0dd4815fd3c99fe3171b41a117797d0015f49e4
--- usr.sbin/relayd/config.c
+++ usr.sbin/relayd/config.c
@@ -45,7 +45,7 @@ config_init(struct relayd *env)
 		env->sc_conf.interval.tv_usec = 0;
 		env->sc_conf.prefork_relay = RELAY_NUMPROC;
 		env->sc_conf.statinterval.tv_sec = RELAY_STATINTERVAL;
-		env->sc_ps->ps_csock.cs_name = RELAYD_SOCKET;
+		env->sc_csock.cs_name = RELAYD_SOCKET;
 	}
 
 	ps->ps_what[PROC_PARENT] = CONFIG_ALL;
blob - e89d40ef493c755ee2f611b7eec9f506caa9e2eb
blob + 2f7711e153c1eae989f95773ad02aa76486810c7
--- usr.sbin/relayd/parse.y
+++ usr.sbin/relayd/parse.y
@@ -453,7 +453,7 @@ main		: INTERVAL NUMBER	{
 				    sizeof(conf->sc_conf.agentx_path));
 		}
 		| SOCKET STRING {
-			conf->sc_ps->ps_csock.cs_name = $2;
+			conf->sc_csock.cs_name = $2;
 		}
 		;
 
blob - 82825f7795a4daced69c809b96fae2a476e5fe69
blob + a01beb400fb22d8816c1f7708d47e8371dfbbb36
--- usr.sbin/relayd/pfe.c
+++ usr.sbin/relayd/pfe.c
@@ -54,6 +54,8 @@ static struct privsep_proc procs[] = {
 	{ "hce",	PROC_HCE,	pfe_dispatch_hce }
 };
 
+extern struct relayd		*relayd_env;
+
 void
 pfe(struct privsep *ps, struct privsep_proc *p)
 {
@@ -76,12 +78,17 @@ pfe(struct privsep *ps, struct privsep_proc *p)
 		fatalx("%s: pf is disabled", __func__);
 	log_debug("%s: filter init done", __func__);
 
+	if (control_init(ps, &relayd_env->sc_csock) == -1)
+		fatalx("%s: control_init", __func__);
+
 	proc_run(ps, p, procs, nitems(procs), pfe_init, NULL);
 }
 
 void
 pfe_init(struct privsep *ps, struct privsep_proc *p, void *arg)
 {
+	if (control_listen(&relayd_env->sc_csock) == -1)
+		fatalx("%s: control_listen", __func__);
 	if (config_init(ps->ps_env) == -1)
 		fatal("failed to initialize configuration");
 
@@ -94,6 +101,7 @@ pfe_init(struct privsep *ps, struct privsep_proc *p, v
 void
 pfe_shutdown(void)
 {
+	control_cleanup(&relayd_env->sc_csock);
 	flush_rulesets(env);
 	config_purge(env, CONFIG_ALL);
 }
blob - 3c03720d4ce022039937a283eeacc9ebbb12e2a2
blob + 61ac113565e648d9036c130ecf23d4745a003e2a
--- usr.sbin/relayd/proc.c
+++ usr.sbin/relayd/proc.c
@@ -475,9 +475,6 @@ proc_shutdown(struct privsep_proc *p)
 {
 	struct privsep	*ps = p->p_ps;
 
-	if (p->p_id == PROC_CONTROL && ps)
-		control_cleanup(&ps->ps_csock);
-
 	if (p->p_shutdown != NULL)
 		(*p->p_shutdown)();
 
@@ -520,11 +517,6 @@ proc_run(struct privsep *ps, struct privsep_proc *p,
 
 	log_procinit(p->p_title);
 
-	if (p->p_id == PROC_CONTROL && ps->ps_instance == 0) {
-		if (control_init(ps, &ps->ps_csock) == -1)
-			fatalx("%s: control_init", __func__);
-	}
-
 	/* Use non-standard user */
 	if (p->p_pw != NULL)
 		pw = p->p_pw;
@@ -569,10 +561,6 @@ proc_run(struct privsep *ps, struct privsep_proc *p,
 
 	proc_setup(ps, procs, nproc);
 	proc_accept(ps, PROC_PARENT_SOCK_FILENO, PROC_PARENT, 0);
-	if (p->p_id == PROC_CONTROL && ps->ps_instance == 0) {
-		if (control_listen(&ps->ps_csock) == -1)
-			fatalx("%s: control_listen", __func__);
-	}
 
 	DPRINTF("%s: %s %d/%d, pid %d", __func__, p->p_title,
 	    ps->ps_instance + 1, ps->ps_instances[p->p_id], getpid());
blob - 7e3e6cca1583506426b5a4f6bca940764e9d4bf6
blob + d027e80de18d1d92419e626499afea48dd88cf7b
--- usr.sbin/relayd/relayd.c
+++ usr.sbin/relayd/relayd.c
@@ -384,7 +384,7 @@ parent_shutdown(struct relayd *env)
 	config_purge(env, CONFIG_ALL);
 
 	proc_kill(env->sc_ps);
-	control_cleanup(&env->sc_ps->ps_csock);
+	control_cleanup(&relayd_env->sc_csock);
 	carp_demote_shutdown();
 
 	free(env->sc_ps);
blob - 1c6b515801676ec1bac8b7ee3c80f4f5fbd5b7e7
blob + ad5be7994ef5f660d70846b8a018a2760c36fe76
--- usr.sbin/relayd/relayd.h
+++ usr.sbin/relayd/relayd.h
@@ -1017,9 +1017,6 @@ enum privsep_procid {
 };
 extern enum privsep_procid privsep_process;
 
-/* Attach the control socket to the following process */
-#define PROC_CONTROL	PROC_PFE
-
 struct privsep_pipes {
 	int				*pp_pipes[PROC_MAX];
 };
@@ -1035,8 +1032,6 @@ struct privsep {
 	u_int				 ps_instances[PROC_MAX];
 	u_int				 ps_instance;
 
-	struct control_sock		 ps_csock;
-
 	/* Event and signal handlers */
 	struct event			 ps_evsigint;
 	struct event			 ps_evsigterm;
@@ -1132,6 +1127,7 @@ struct relayd {
 
 	struct privsep		*sc_ps;
 	int			 sc_reload;
+	struct control_sock	 sc_csock;
 };
 
 #define RELAYD_OPT_VERBOSE		0x01
blob - bf58b437b86d280d317198e9c0ad7bf3715d70e3
blob + 9272aab61657a91e73f5dd84a5ab89ca57419ec2
--- usr.sbin/vmd/control.c
+++ usr.sbin/vmd/control.c
@@ -56,9 +56,14 @@ static struct privsep_proc procs[] = {
 	{ "parent",	PROC_PARENT,	control_dispatch_vmd }
 };
 
+extern struct vmd *env;
+
 void
 control(struct privsep *ps, struct privsep_proc *p)
 {
+	if (control_init(ps, &env->vmd_csock) == -1)
+		fatalx("%s: control_init", __func__);
+
 	proc_run(ps, p, procs, nitems(procs), control_run, NULL);
 }
 
@@ -75,6 +80,8 @@ control_run(struct privsep *ps, struct privsep_proc *p
 	if (pledge("stdio unix recvfd sendfd", NULL) == -1)
 		fatal("pledge");
 
+	if (control_listen(&env->vmd_csock) == -1)
+		fatalx("%s: control_listen", __func__);
 	/* Signal to the parent that we're done initializing. */
 	proc_compose(ps, PROC_PARENT, IMSG_VMDOP_DONE, NULL, 0);
 }
blob - a3ecf4b514cb4eee00a5d5cf0bc07a236f37c5e9
blob + 7dd23aeaf9bf7638a352e38b06f5f9ded521adde
--- usr.sbin/vmd/parse.y
+++ usr.sbin/vmd/parse.y
@@ -212,8 +212,8 @@ main		: LOCAL INET6 {
 			free($3);
 		}
 		| SOCKET OWNER owner_id {
-			env->vmd_ps.ps_csock.cs_uid = $3.uid;
-			env->vmd_ps.ps_csock.cs_gid = $3.gid == -1 ? 0 : $3.gid;
+			env->vmd_csock.cs_uid = $3.uid;
+			env->vmd_csock.cs_gid = $3.gid == -1 ? 0 : $3.gid;
 		}
 		| AGENTX {
 			env->vmd_cfg.cfg_agentx.ax_enabled = 1;
blob - f144fcb6cb6d6afbbafa0a1407c2174c82ede753
blob + 7a2f42d69aba268f878b46f02389a869fd62eb13
--- usr.sbin/vmd/proc.c
+++ usr.sbin/vmd/proc.c
@@ -365,11 +365,6 @@ proc_run(struct privsep *ps, struct privsep_proc *p,
 
 	log_procinit("%s", p->p_title);
 
-	if (p->p_id == PROC_CONTROL) {
-		if (control_init(ps, &ps->ps_csock) == -1)
-			fatalx("%s: control_init", __func__);
-	}
-
 	/* Use non-standard user */
 	if (p->p_pw != NULL)
 		pw = p->p_pw;
@@ -413,10 +408,6 @@ proc_run(struct privsep *ps, struct privsep_proc *p,
 
 	proc_setup(ps, procs, nproc);
 	proc_accept(ps, PROC_PARENT_SOCK_FILENO, PROC_PARENT);
-	if (p->p_id == PROC_CONTROL) {
-		if (control_listen(&ps->ps_csock) == -1)
-			fatalx("%s: control_listen", __func__);
-	}
 
 	DPRINTF("%s: %s, pid %d", __func__, p->p_title, getpid());
 
blob - c7c6b08a034643d1b9604ef5969b8f50bcdb18da
blob + 5c272c192e50ea87c308f0b89f09919a2ee76227
--- usr.sbin/vmd/proc.h
+++ usr.sbin/vmd/proc.h
@@ -44,28 +44,6 @@ struct imsgev {
 	short			 events;
 };
 
-/* control socket */
-struct control_sock {
-	const char	*cs_name;
-	struct event	 cs_ev;
-	struct event	 cs_evt;
-	int		 cs_fd;
-	int		 cs_restricted;
-	void		*cs_env;
-	uid_t		 cs_uid;
-	gid_t		 cs_gid;
-
-	TAILQ_ENTRY(control_sock) cs_entry;
-};
-TAILQ_HEAD(control_socks, control_sock);
-
-struct ctl_conn {
-	TAILQ_ENTRY(ctl_conn)	 entry;
-	struct imsgev		 iev;
-	struct sockpeercred	 peercred;
-};
-TAILQ_HEAD(ctl_connlist, ctl_conn);
-
 /* privsep */
 enum privsep_procid {
 	PROC_PARENT	= 0,
@@ -92,8 +70,6 @@ struct privsep {
 	struct passwd			*ps_pw;
 	int				 ps_noaction;
 
-	struct control_sock		 ps_csock;
-
 	/* Event and signal handlers */
 	struct event			 ps_evsigint;
 	struct event			 ps_evsigterm;
@@ -158,12 +134,6 @@ enum privsep_procid
 	 proc_getid(struct privsep_proc *, unsigned int, const char *);
 int	 proc_flush_imsg(struct privsep *, enum privsep_procid);
 
-/* control.c */
-void	 control(struct privsep *, struct privsep_proc *);
-int	 control_init(struct privsep *, struct control_sock *);
-int	 control_reset(struct control_sock *);
-int	 control_listen(struct control_sock *);
-
 /* log.c */
 void	log_init(int, int);
 void	log_procinit(const char *, ...);
blob - 0a28c186bf2d0c9905123fe5d1f2701cbc287c77
blob + d631d97f218f9b9e92c7496645be438a994c3bfa
--- usr.sbin/vmd/vmd.c
+++ usr.sbin/vmd/vmd.c
@@ -246,7 +246,7 @@ vmd_dispatch_control(int fd, struct privsep_proc *p, s
 		    &vid, sizeof(vid));
 		break;
 	case IMSG_VMDOP_DONE:
-		control_reset(&ps->ps_csock);
+		control_reset(&env->vmd_csock);
 		break;
 	default:
 		return (-1);
@@ -686,7 +686,7 @@ main(int argc, char **argv)
 	}
 
 	/* Configure the control socket */
-	ps->ps_csock.cs_name = SOCKET_NAME;
+	env->vmd_csock.cs_name = SOCKET_NAME;
 
 	/* Configuration will be parsed after forking the children */
 	env->vmd_conffile = conffile;
blob - eced284a8b6f93751acd606272cb09deaa47df37
blob + 12181e118a9091581cfd38d58f7318b36a32b606
--- usr.sbin/vmd/vmd.h
+++ usr.sbin/vmd/vmd.h
@@ -109,6 +109,28 @@
 /* Unique local address for IPv6 */
 #define VMD_ULA_PREFIX		"fd00::/8"
 
+/* control socket */
+struct control_sock {
+	const char	*cs_name;
+	struct event	 cs_ev;
+	struct event	 cs_evt;
+	int		 cs_fd;
+	int		 cs_restricted;
+	void		*cs_env;
+	uid_t		 cs_uid;
+	gid_t		 cs_gid;
+
+	TAILQ_ENTRY(control_sock) cs_entry;
+};
+TAILQ_HEAD(control_socks, control_sock);
+
+struct ctl_conn {
+	TAILQ_ENTRY(ctl_conn)	 entry;
+	struct imsgev		 iev;
+	struct sockpeercred	 peercred;
+};
+TAILQ_HEAD(ctl_connlist, ctl_conn);
+
 enum imsg_type {
 	IMSG_VMDOP_START_VM_REQUEST = IMSG_PROC_MAX,
 	IMSG_VMDOP_START_VM_CDROM,
@@ -394,6 +416,7 @@ struct vmd {
 	struct privsep		 vmd_ps;
 	const char		*vmd_conffile;
 	char			*argv0;	/* abs. path to vmd for exec, unveil */
+	struct control_sock	 vmd_csock;
 
 	/* global configuration that is sent to the children */
 	struct vmd_config	 vmd_cfg;
@@ -458,6 +481,12 @@ struct packet_ctx {
 	struct sockaddr_storage	 pc_dst;
 };
 
+/* control.c */
+void	 control(struct privsep *, struct privsep_proc *);
+int	 control_init(struct privsep *, struct control_sock *);
+int	 control_reset(struct control_sock *);
+int	 control_listen(struct control_sock *);
+
 /* packet.c */
 ssize_t	 assemble_hw_header(unsigned char *, size_t, size_t,
 	    struct packet_ctx *, unsigned int);