diff mbox series

[Openvpn-devel,v1] tunnel_server_*(): close correct inotify fd

Message ID 20260128150640.13867-1-gert@greenie.muc.de
State Accepted
Headers show
Series [Openvpn-devel,v1] tunnel_server_*(): close correct inotify fd | expand

Commit Message

Gert Doering Jan. 28, 2026, 3:06 p.m. UTC 
On a full SIGUSR1 restart of a p2mp server compiled with
--enable-async-push, tunnel_server_{udp,tcp}() will try to close and
reopen the "inotify" control file descriptor.  For whatever reason,
the original code referenced the wrong context, always closing fd 0.

As a consequence of this, on the second SIGUSR1 restart, the server
will close() the first active socket file descriptor, and if there
are active DCO clients, the resulting event confusion will lead to
an ASSERT(!mi->halt).

Fix by closing the correct FD. Add logging.

This is a backport of commit 5521872f80313060 to the "old p2mp code"
with a separate mudp.c and mtcp.c for UDP and TCP servers, respectively.

Github: fixes OpenVPN/openvpn#966

Change-Id: Idcb1421b9f7fcbee9620fd1d45cceab050751373
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1499
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to release/2.6.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1499
This mail reflects revision 1 of this Change.

Acked-by according to Gerrit (reflected above):
Arne Schwabe <arne-openvpn@rfc2549.org>

Comments

Gert Doering Jan. 29, 2026, 5:39 p.m. UTC | #1 
As it says on the lid, this is a backport of the master commit to multi.c,
to the "until 2.6" source files for separate UDP and TCP servers, mudp.c
and mtcp.c.  Verified with "run server, look at lsof -P -p $pid, send
SIGUSR1, look at lsof again" (and see the FD 0 now change roles).

..
openvpn 4513 root   0u     IPv4 61650705      0t0     UDP *:31194 
openvpn 4513 root   5r  a_inode     0,12        0    2066 inotify
openvpn 4513 root   6r  a_inode     0,12        0    2066 inotify
..

Patch has been applied to the release/2.6 and release/2.5 branches.

(It would apply and bugfix release/2.4 as well, but this is *so* out
of maintenance that I did do this.  2.3.x does not have inotify
support yet)

commit 172fe07129f02be2d3e6779c632ed1e8081c412c (release/2.6)
commit 477775b032c2c47322d1453bdfff11b607fbac91 (release/2.5)
Author: Gert Doering
Date:   Wed Jan 28 16:06:35 2026 +0100

     tunnel_server_*(): close correct inotify fd

     Signed-off-by: Gert Doering <gert@greenie.muc.de>
     Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
     Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1499
     Message-Id: <20260128150640.13867-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35493.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index 96408d1..3e33b15 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -850,7 +850,9 @@ 
     }
 
 #ifdef ENABLE_ASYNC_PUSH
-    close(top->c2.inotify_fd);
+    msg(D_LOW, "%s: close multi.top.c2.inotify_fd (%d)",
+        __func__, multi.top.c2.inotify_fd);
+    close(multi.top.c2.inotify_fd);
 #endif
 
     /* shut down management interface */
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 0492311..f7c9ffd 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -524,7 +524,9 @@ 
     }
 
 #ifdef ENABLE_ASYNC_PUSH
-    close(top->c2.inotify_fd);
+    msg(D_LOW, "%s: close multi.top.c2.inotify_fd (%d)",
+        __func__, multi.top.c2.inotify_fd);
+    close(multi.top.c2.inotify_fd);
 #endif
 
     /* shut down management interface */