From patchwork Sat Jan 28 21:59:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 3017 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp2213239dyk; Sat, 28 Jan 2023 13:59:42 -0800 (PST) X-Google-Smtp-Source: AK7set9KVZxPIg8+xnF4IqrV2Ss0hyc7UEam9xWdh7Nijkp5gOrWlO84lRPldj7C2CHgGpRb+f0m X-Received: by 2002:a05:6a20:6982:b0:bc:3e0d:7ac6 with SMTP id t2-20020a056a20698200b000bc3e0d7ac6mr7052021pzk.16.1674943182718; Sat, 28 Jan 2023 13:59:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674943182; cv=none; d=google.com; s=arc-20160816; b=tH+5qmFGUEcNBrr/qLpTBWT/VtfaoOx+wFrwHSFd+C5PVQG50maV9O31DnHoIyzbJs NGTs2T+HE2CjBdpBjapU556jHs5Yr+xKs3w8Z5zuXUW5z3TuuMjPbtF6StRCZ6TQmxo+ it8ji6oV9PtmXsyHd/qFXTybikKplyubLXl0k/eqK5C6CMdKfzPI4g3DwpVHhNaA/y+x Or8VvQ3CPjQ6Kqo+n/3mEtTfYqoBq2jD9yawlq98Ip3rNyRNfILAslU/dSAdUS0F9Z+n ZbnDE2ejMAkHfUKeMfWHxuKZFwfTT+PdNdoWebxRpxd6dW02Ldaq6HWBT3SjWJ+lwlY5 N6OQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature; bh=geZaPq6+7AHKoBWhCEiV5Mx+X/iIS9D6Bh4pNnyQQDs=; b=f/C3PknUzivWx1BUu+dFJdfD2S2eMLnhI7PShluJA7H9ypCXCo+l7awTVIaiFtF74Z umS8at8Kb3WESJUOIUplpVo99Og3JG6TSte1EDZVa4JCtc1RxiqADqtw1YPpnRC+z8ZB 2PjeFLaamoCkSpsw1N/1P3BysBYOno+PVnxbgjVnGAyD1ipX2l6H6ltZ/WysfXW9hfgh kQqeDtj8PSLeWQaCEzZE0A9oHANQ4m3EpdvGQe4VSYvtt1kvfik+W14BjyqlqiwTqc75 YVnxSlMo9I3JR4Q1PPlx2fqPZ0UbfBgggh/0vkXLJL7lZTPTbJomAbCUoKBb6Vy6+KS4 M75g== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=hHcjAYmf; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="QiAhoF/Q"; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=KDPSC+B0; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id s17-20020a63af51000000b00478ae301535si8327953pgo.532.2023.01.28.13.59.42 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 28 Jan 2023 13:59:42 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=hHcjAYmf; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="QiAhoF/Q"; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=KDPSC+B0; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pLtEE-00085v-NQ; Sat, 28 Jan 2023 21:59:17 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pLtED-00085p-OB for openvpn-devel@lists.sourceforge.net; Sat, 28 Jan 2023 21:59:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=6M9WBu4zrUGWYEwGfQdrC5uWc9h2/o/MMeWe7PWj1A4=; b=hHcjAYmfePocKLa+7n882+vwtz 0Do2Job/E/kPO0wfYlw0UkM4f0pRs4Y73kjaU5C2IdPUzxRyFN2u7K1Z5773izSGywjx2BboZUyTz ixJ8aHOZAdTIOdFcyp4b1e50bksa3Cn44iBGAi77pOeCIlSCcj8GKBJDsADCvACHbkfQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=6M9WBu4zrUGWYEwGfQdrC5uWc9h2/o/MMeWe7PWj1A4=; b=Q iAhoF/Q4L58wpAazYzDJoTf0smBhy8S7Q4TjHlAyRmnkwZhNvN/l2IpcfARLrnIeS5rM2KuW32UAC vlTwtqEjAhTzBwOMBzSVbV1zErBI5TcPPc/MHZQUhNkAjWQx7q1AN3UFzMLDVToxTwkWkOGmJbbRX 6mnQi6sGsotUztlE=; Received: from mail-il1-f171.google.com ([209.85.166.171]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pLtE6-000491-Tb for openvpn-devel@lists.sourceforge.net; Sat, 28 Jan 2023 21:59:16 +0000 Received: by mail-il1-f171.google.com with SMTP id z2so3173500ilq.2 for ; Sat, 28 Jan 2023 13:59:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=6M9WBu4zrUGWYEwGfQdrC5uWc9h2/o/MMeWe7PWj1A4=; b=KDPSC+B0x7quqeIYBrZV6AE38gpBjvCVPT/ZzwIS1/Y5f26m9L9LZDedZ/Ok76CG6y jjRZ2Q26BcsGP3lTDRgjMMcT1TG+MloaePAbB6tQGyoWdY43LWE7hiwlcV/zKG1qUgLa o/prLYgJmtzRfahc5okZH2oudYkIZIikPFrPvCBpGOeQHSm//AeKAZ4dqX+N/nNLbEvl NYMVv7U9SJMo6fzRcZr2zEycju9aWEoumTWsHVVIYr8qVdBSHq8JzCVgbPPxQNNBQk+N Ae4ssaTiyAI4SXfe02kOYVml1+1nTYTsxPmaxUozVN0azdL583gTcxm9FcrkRft2Mq/d +gBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6M9WBu4zrUGWYEwGfQdrC5uWc9h2/o/MMeWe7PWj1A4=; b=cDlDv4rfAkiL32fcEXPr1Eh0dKCHrXoVg21dQf8epnlizeBk8N2WAV3qnmegdk/UP3 rp9/CSZrU6kxD5C+qINq4DRGPLn9B6tJjzbc3CEwN5vbG97gQLKgAivyeuYQMxJMYlUy P49i39UhhDR+BvMoPKeAm+2HB9DlhBO8Y8EwGRAL6hNJxzAza8rTOUmhZfz/05/evvVx CtyaYopLQqMLmk6CYTTShi6evAFdoAurr9r2o4mDkJ+uBWBJU+Ee7zEu8G8yxZhF5R91 rxgRn3pmqaxJVPSixJdvwpFFoDqZtLQ2hjUrFbXVRt8cxVftjVo/ybkI6aqK/WdycXJo u3kg== X-Gm-Message-State: AO0yUKXgtnceRvLFsadVl7OTMNR9XkS83Tfm3Q76oMGLODy6fjQhKTQG J4HWYx6+eaIMrvFR6tuZNhplYVnw4CU= X-Received: by 2002:a05:6e02:1d05:b0:310:cc70:a152 with SMTP id i5-20020a056e021d0500b00310cc70a152mr1367652ila.2.1674943145663; Sat, 28 Jan 2023 13:59:05 -0800 (PST) Received: from uranus.sansel.ca (bras-vprn-tnhlon4053w-lp130-01-70-51-222-66.dsl.bell.ca. [70.51.222.66]) by smtp.gmail.com with ESMTPSA id v20-20020a056e0213d400b00310ce3dd5b1sm1636493ilj.60.2023.01.28.13.59.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 28 Jan 2023 13:59:05 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Sat, 28 Jan 2023 16:59:00 -0500 Message-Id: <20230128215901.2207208-1-selva.nair@gmail.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair Currently we use the old signal API which follows system-V or BSD semantics depending on the platform and/or feature-set macros. Further, signal has many weaknesses which makes proper masking (deferri [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.171 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.171 listed in list.dnswl.org] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1pLtE6-000491-Tb Subject: [Openvpn-devel] [PATCH 1/2] Improve signal handling using POSIX sigaction X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1756305222442036984?= X-GMAIL-MSGID: =?utf-8?q?1756305222442036984?= From: Selva Nair Currently we use the old signal API which follows system-V or BSD semantics depending on the platform and/or feature-set macros. Further, signal has many weaknesses which makes proper masking (deferring) of signals during update not possible. Improve this: - Use sigaction to properly mask signals when modifying. Notes: Updating signal_reset() is handled in a follow up patch SIG_SOURCE_CONNECTION_FAILED is retained in a hackish way. This value has the same meaning as SIG_SOURCE_SOFT everywhere except where the signal is printed. Looks cosmetic --- could be eliminated? In pre_init_signal_catch() we ignore some unix signals, but the same signals from management are not ignored though both are treated as "HARD" signals. For example, during auth-user-pass query, "kill -SIGUSR1 " will be ignored, but "signal SIGUSR1" from management interface will cause M_FATAL and exit. This is the current behaviour, but could be improved? This patch was originally submitted as 5/5 of the signals series. Now this is 1/2 of a new series with signal_reset changes moved to 2/2 Signed-off-by: Selva Nair Acked-By: Frank Lichtenheld --- src/openvpn/errlevel.h | 1 + src/openvpn/sig.c | 264 +++++++++++++++++++++++++++++++---------- src/openvpn/socket.c | 1 - 3 files changed, 202 insertions(+), 64 deletions(-) diff --git a/src/openvpn/errlevel.h b/src/openvpn/errlevel.h index c69ea91d..dedc0790 100644 --- a/src/openvpn/errlevel.h +++ b/src/openvpn/errlevel.h @@ -115,6 +115,7 @@ #define D_CLIENT_NAT LOGLEV(6, 69, M_DEBUG) /* show client NAT debug info */ #define D_XKEY LOGLEV(6, 69, M_DEBUG) /* show xkey-provider debug info */ #define D_DCO_DEBUG LOGLEV(6, 69, M_DEBUG) /* show DCO related lowlevel debug messages */ +#define D_SIGNAL_DEBUG LOGLEV(6, 69, M_DEBUG) /* show signal related debug messages */ #define D_SHOW_KEYS LOGLEV(7, 70, M_DEBUG) /* show data channel encryption keys */ #define D_SHOW_KEY_SOURCE LOGLEV(7, 70, M_DEBUG) /* show data channel key source entropy */ diff --git a/src/openvpn/sig.c b/src/openvpn/sig.c index 0d534601..559ca35d 100644 --- a/src/openvpn/sig.c +++ b/src/openvpn/sig.c @@ -6,6 +6,7 @@ * packet compression. * * Copyright (C) 2002-2023 OpenVPN Inc + * Copyright (C) 2016-2023 Selva Nair * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -60,6 +61,9 @@ static const struct signame signames[] = { { SIGUSR2, 1, "SIGUSR2", "sigusr2" } }; +/* mask for hard signals from management or windows */ +static unsigned long long ignored_hard_signals_mask; + int parse_signal(const char *signame) { @@ -114,24 +118,144 @@ signal_description(const int signum, const char *sigtext) } } +/** + * Block (i.e., defer) all unix signals. + * Used while directly modifying the volatile elements of + * siginfo_static. + */ +static inline void +block_async_signals(void) +{ +#ifndef _WIN32 + sigset_t all; + sigfillset(&all); /* all signals */ + sigprocmask(SIG_BLOCK, &all, NULL); +#endif +} + +/** + * Unblock all unix signals. + */ +static inline void +unblock_async_signals(void) +{ +#ifndef _WIN32 + sigset_t none; + sigemptyset(&none); + sigprocmask(SIG_SETMASK, &none, NULL); +#endif +} + +/** + * Private function for registering a signal in the specified + * signal_info struct. This could be the global siginfo_static + * or a context specific signinfo struct. + * + * A signal is allowed to override an already registered + * one only if it has a higher priority. + * Returns true if the signal is set, false otherwise. + * + * Do not call any "AS-unsafe" functions such as printf from here + * as this may be called from signal_handler(). + */ +static bool +try_throw_signal(struct signal_info *si, int signum, int source) +{ + bool ret = false; + if (signal_priority(signum) >= signal_priority(si->signal_received)) + { + si->signal_received = signum; + si->source = source; + ret = true; + } + return ret; +} + +/** + * Throw a hard signal. Called from management and when windows + * signals are received through ctrl-c, exit event etc. + */ void throw_signal(const int signum) { - if (signal_priority(signum) >= signal_priority(siginfo_static.signal_received)) + if (ignored_hard_signals_mask & (1LL << signum)) + { + msg(D_SIGNAL_DEBUG, "Signal %s is currently ignored", signal_name(signum, true)); + return; + } + block_async_signals(); + + if (!try_throw_signal(&siginfo_static, signum, SIG_SOURCE_HARD)) { - siginfo_static.signal_received = signum; - siginfo_static.source = SIG_SOURCE_HARD; + msg(D_SIGNAL_DEBUG, "Ignoring %s when %s has been received", signal_name(signum, true), + signal_name(siginfo_static.signal_received, true)); } + else + { + msg(D_SIGNAL_DEBUG, "Throw signal (hard): %s ", signal_name(signum, true)); + } + + unblock_async_signals(); } +/** + * Throw a soft global signal. Used to register internally generated signals + * due to errors that require a restart or exit, or restart requests + * received from the server. A textual description of the signal may + * be provided. + */ void throw_signal_soft(const int signum, const char *signal_text) { - if (signal_priority(signum) >= signal_priority(siginfo_static.signal_received)) + block_async_signals(); + + if (try_throw_signal(&siginfo_static, signum, SIG_SOURCE_SOFT)) { - siginfo_static.signal_received = signum; - siginfo_static.source = SIG_SOURCE_SOFT; siginfo_static.signal_text = signal_text; + msg(D_SIGNAL_DEBUG, "Throw signal (soft): %s (%s)", signal_name(signum, true), + signal_text); + } + else + { + msg(D_SIGNAL_DEBUG, "Ignoring %s when %s has been received", signal_name(signum, true), + signal_name(siginfo_static.signal_received, true)); + } + + unblock_async_signals(); +} + +/** + * Register a soft signal in the signal_info struct si respecting priority. + * si may be a pointer to the global siginfo_static or a context-specific + * signal in a multi-instance or a temporary variable. + */ +void +register_signal(struct signal_info *si, int signum, const char *signal_text) +{ + if (si == &siginfo_static) /* attempting to alter the global signal */ + { + block_async_signals(); + } + + if (try_throw_signal(si, signum, SIG_SOURCE_SOFT)) + { + si->signal_text = signal_text; + if (signal_text && strcmp(signal_text, "connection-failed") == 0) + { + si->source = SIG_SOURCE_CONNECTION_FAILED; + } + msg(D_SIGNAL_DEBUG, "register signal: %s (%s)", signal_name(signum, true), + signal_text); + } + else + { + msg(D_SIGNAL_DEBUG, "Ignoring %s when %s has been received", signal_name(signum, true), + signal_name(si->signal_received, true)); + } + + if (si == &siginfo_static) + { + unblock_async_signals(); } } @@ -239,12 +363,10 @@ signal_restart_status(const struct signal_info *si) static void signal_handler(const int signum) { - throw_signal(signum); - signal(signum, signal_handler); + try_throw_signal(&siginfo_static, signum, SIG_SOURCE_HARD); } #endif - /* set handlers for unix signals */ #define SM_UNDEF 0 @@ -256,13 +378,24 @@ void pre_init_signal_catch(void) { #ifndef _WIN32 + sigset_t block_mask; + struct sigaction sa; + CLEAR(sa); + + sigfillset(&block_mask); /* all signals */ + sa.sa_handler = signal_handler; + sa.sa_mask = block_mask; /* signals blocked inside the handler */ + sa.sa_flags = SA_RESTART; /* match with the behaviour of signal() on Linux and BSD */ + signal_mode = SM_PRE_INIT; - signal(SIGINT, signal_handler); - signal(SIGTERM, signal_handler); - signal(SIGHUP, SIG_IGN); - signal(SIGUSR1, SIG_IGN); - signal(SIGUSR2, SIG_IGN); - signal(SIGPIPE, SIG_IGN); + sigaction(SIGINT, &sa, NULL); + sigaction(SIGTERM, &sa, NULL); + + sa.sa_handler = SIG_IGN; + sigaction(SIGHUP, &sa, NULL); + sigaction(SIGUSR1, &sa, NULL); + sigaction(SIGUSR2, &sa, NULL); + sigaction(SIGPIPE, &sa, NULL); #endif /* _WIN32 */ } @@ -270,14 +403,38 @@ void post_init_signal_catch(void) { #ifndef _WIN32 + sigset_t block_mask; + struct sigaction sa; + CLEAR(sa); + + sigfillset(&block_mask); /* all signals */ + sa.sa_handler = signal_handler; + sa.sa_mask = block_mask; /* signals blocked inside the handler */ + sa.sa_flags = SA_RESTART; /* match with the behaviour of signal() on Linux and BSD */ + signal_mode = SM_POST_INIT; - signal(SIGINT, signal_handler); - signal(SIGTERM, signal_handler); - signal(SIGHUP, signal_handler); - signal(SIGUSR1, signal_handler); - signal(SIGUSR2, signal_handler); - signal(SIGPIPE, SIG_IGN); -#endif + sigaction(SIGINT, &sa, NULL); + sigaction(SIGTERM, &sa, NULL); + sigaction(SIGHUP, &sa, NULL); + sigaction(SIGUSR1, &sa, NULL); + sigaction(SIGUSR2, &sa, NULL); + sa.sa_handler = SIG_IGN; + sigaction(SIGPIPE, &sa, NULL); +#endif /* _WIN32 */ +} + +void +halt_low_priority_signals() +{ +#ifndef _WIN32 + struct sigaction sa; + CLEAR(sa); + sa.sa_handler = SIG_IGN; + sigaction(SIGHUP, &sa, NULL); + sigaction(SIGUSR1, &sa, NULL); + sigaction(SIGUSR2, &sa, NULL); +#endif /* _WIN32 */ + ignored_hard_signals_mask = (1LL << SIGHUP) | (1LL << SIGUSR1) | (1LL << SIGUSR2); } /* called after daemonization to retain signal settings */ @@ -341,7 +498,6 @@ print_status(const struct context *c, struct status_output *so) gc_free(&gc); } - /* Small helper function to determine if we should send the exit notification * via control channel */ static inline bool @@ -371,8 +527,15 @@ process_explicit_exit_notification_init(struct context *c) event_timeout_init(&c->c2.explicit_exit_notification_interval, 1, 0); reset_coarse_timers(c); - signal_reset(c->sig); + /* Windows exit event will continue trigering SIGTERM -- halt it */ halt_non_edge_triggered_signals(); + + /* Before resetting the signal, ensure hard low priority signals + * will be ignored during the exit notification period. + */ + halt_low_priority_signals(); /* Set hard SIGUSR1/SIGHUP/SIGUSR2 to be ignored */ + signal_reset(c->sig); + c->c2.explicit_exit_notification_time_wait = now; /* Check if we are in TLS mode and should send the notification via data @@ -439,33 +602,21 @@ process_sigterm(struct context *c) } /** - * If a restart signal is received during exit-notification, reset the - * signal and return true. If its a soft restart signal from the event loop - * which implies the loop cannot continue, remap to SIGTERM to exit promptly. + * If a soft restart signal is received during exit-notification, it + * implies the event loop cannot continue: remap to SIGTERM to exit promptly. + * Hard restart signals are ignored during exit notification wait. */ -static bool -ignore_restart_signals(struct context *c) +static void +remap_restart_signals(struct context *c) { - bool ret = false; - if ( (c->sig->signal_received == SIGUSR1 || c->sig->signal_received == SIGHUP) - && event_timeout_defined(&c->c2.explicit_exit_notification_interval) ) + if ((c->sig->signal_received == SIGUSR1 || c->sig->signal_received == SIGHUP) + && event_timeout_defined(&c->c2.explicit_exit_notification_interval) + && c->sig->source != SIG_SOURCE_HARD) { - if (c->sig->source == SIG_SOURCE_HARD) - { - msg(M_INFO, "Ignoring %s received during exit notification", - signal_name(c->sig->signal_received, true)); - signal_reset(c->sig); - ret = true; - } - else - { - msg(M_INFO, "Converting soft %s received during exit notification to SIGTERM", - signal_name(c->sig->signal_received, true)); - register_signal(c->sig, SIGTERM, "exit-with-notification"); - ret = false; - } + msg(M_INFO, "Converting soft %s received during exit notification to SIGTERM", + signal_name(c->sig->signal_received, true)); + register_signal(c->sig, SIGTERM, "exit-with-notification"); } - return ret; } bool @@ -473,11 +624,9 @@ process_signal(struct context *c) { bool ret = true; - if (ignore_restart_signals(c)) - { - ret = false; - } - else if (c->sig->signal_received == SIGTERM || c->sig->signal_received == SIGINT) + remap_restart_signals(c); + + if (c->sig->signal_received == SIGTERM || c->sig->signal_received == SIGINT) { ret = process_sigterm(c); } @@ -488,14 +637,3 @@ process_signal(struct context *c) } return ret; } - -void -register_signal(struct signal_info *si, int sig, const char *text) -{ - if (signal_priority(sig) >= signal_priority(si->signal_received)) - { - si->signal_received = sig; - si->signal_text = text; - si->source = SIG_SOURCE_SOFT; - } -} diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index a883ac4a..baafe1e6 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -1588,7 +1588,6 @@ socket_connect(socket_descriptor_t *sd, openvpn_close_socket(*sd); *sd = SOCKET_UNDEFINED; register_signal(sig_info, SIGUSR1, "connection-failed"); - sig_info->source = SIG_SOURCE_CONNECTION_FAILED; } else {