From patchwork Sat Feb 1 12:20:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4117 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:c520:b0:5e7:b9eb:58e8 with SMTP id jx32csp1205370mab; Sat, 1 Feb 2025 04:20:24 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCVFqhRxJj6wX9aTbl3Zi0jcN/4WNN4L0wCwdENa+UQ0ZUgDmZ8HYqgFRC9powPKjjpWB6L1EEFbNag=@openvpn.net X-Google-Smtp-Source: AGHT+IEDdpeDWcdEM2CZzN16/5n7OqSd5/JpJg4E2VVseJKxi78ZqO2olQSjQa7vM/ihJF4Q6aqb X-Received: by 2002:a05:6820:1f0f:b0:5fa:5c7d:da1f with SMTP id 006d021491bc7-5fc001868f4mr10610400eaf.1.1738412423886; Sat, 01 Feb 2025 04:20:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1738412423; cv=none; d=google.com; s=arc-20240605; b=afxkmFvD013xf61o7oqCd66Qy8K3lxpmv0IM+eWCX8lZnF8A5gVqik7KbQtREo2sM9 YRJAco545sKdaaiBwB5I54s0yPmNZUSpQF+eX11nnlsCCpVc7egys+IMw8F7KPegjYvF l1fNJYue3GTZvmBlqz/sgbGJgIGYZJ460BacwOYGIdRnJfISTCFDB6BgtiuI+n4KkVcO kYCEdAo4lEszvZubR2JMlxdb9USFrQa9q4P+z6+K8jHFraWOfLHibu3bgqeSmH4XFyZP EatWxJDlgPl4T+Ey5W3cOWk2mI2QsXGe45cP44lDvbCfGYCAK+2uq6cwXWjW40q28aBh p/6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=1bwkGvgoXkTxXoedxR5FJW63BdxJVNdwvJgkTcK/3hg=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=VI8099CwIe/Paq1/6V50KlZUNwHmuKDt7u12Ahpe4mf1mUtB3DwUiGsj6kbYUQDOM2 nUmRmAnJ3YvnoNWtSXpt61fLcq3c9sDiTGIadu67mRP6NBbQeuTxSisPef2voG5ISmHJ 1ryUrDSsfzqSsnZzHWwLvUO6r92CHNc6we7PerQjW1hbMu25llIEk4Y5x6RrUMpVJPub ePVqC/nUeK5f8JvM9OQG1pjnBn5gTSRlE0+GeKyNeJLuawuwaz5KOTzr4MZq4ojTQ5r/ tVEg9hj715kFerzZuo1dpXIDkeHkmLxaIgGfwtGvEfmkETI2xpwHDvOtL2oamkwwMd1J hycA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=CSjYv57q; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=M6CSP6cP; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-72661899c05si5519845a34.165.2025.02.01.04.20.23 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 01 Feb 2025 04:20:23 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=CSjYv57q; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=M6CSP6cP; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1teCU0-0001Jx-Rx; Sat, 01 Feb 2025 12:20:20 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1teCU0-0001Jk-17 for openvpn-devel@lists.sourceforge.net; Sat, 01 Feb 2025 12:20:20 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=MsEBVR/GlW20agItWQrInLhyD/m+sBfPm07hdeYpOz8=; b=CSjYv57q3a+5iybaLhahurzO4w DAIurhn3z+4UY+pS6tRr7gq/8WXrEzfIbYRzqxATfC2yaHDy/+HyRcnvH+f9QY6uqGPo8blVhO51J PyGnheCZLnktPlSNUF+0X9Xmthe5lSPfcwfLyjwyDxX9Q/YoG06DeTeV/rAoPzkpnAg4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=MsEBVR/GlW20agItWQrInLhyD/m+sBfPm07hdeYpOz8=; b=M6CSP6cPEq+ebWPYA1QOL5TJAG ZzxMlsHv62r0EYh7ce22fOehfhsV7KGHZyWeQMCbWUxL1Zk9OzB8h+JMkkDveV7ENGxGUglqT9jdl knvoj6L3gnQhNS0IulaYifi127oYhwFScjVyiZo+8V8S9hxuEsT/Gqz5xayzDoNZx9jY=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1teCTy-0005eQ-Ue for openvpn-devel@lists.sourceforge.net; Sat, 01 Feb 2025 12:20:19 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 511CK7hZ032109 for ; Sat, 1 Feb 2025 13:20:07 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 511CK7Vl032108 for openvpn-devel@lists.sourceforge.net; Sat, 1 Feb 2025 13:20:07 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Sat, 1 Feb 2025 13:20:06 +0100 Message-ID: <20250201122006.32098-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe When having a non-existent lwipovpn binary or similar problems, the error reporting would often only report read error that were harder to identify the real problem. Add the openvpn_waitpid_check meth [...] Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in sa-trusted.bondedsender.org] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in bl.score.senderscore.com] -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1teCTy-0005eQ-Ue Subject: [Openvpn-devel] [PATCH v3] Improve error reporting from AF_UNIX tun/tap support X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1822857546021767543?= X-GMAIL-MSGID: =?utf-8?q?1822857546021767543?= From: Arne Schwabe When having a non-existent lwipovpn binary or similar problems, the error reporting would often only report read error that were harder to identify the real problem. Add the openvpn_waitpid_check method that checks for error conditions and reports a better message in cases of problems. Change-Id: I81cbecd19018290d85c6c77fba7769f040d66233 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/855 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/run_command.c b/src/openvpn/run_command.c index d757823..192c8e6 100644 --- a/src/openvpn/run_command.c +++ b/src/openvpn/run_command.c @@ -106,6 +106,47 @@ return (const char *)out.data; } +#ifndef WIN32 +bool +openvpn_waitpid_check(pid_t pid, const char *msg_prefix, int msglevel) +{ + if (pid == 0) + { + return false; + } + int status; + pid_t pidret = waitpid(pid, &status, WNOHANG); + if (pidret != pid) + { + return true; + } + + if (WIFEXITED(status)) + { + int exitcode = WEXITSTATUS(status); + + if (exitcode == OPENVPN_EXECVE_FAILURE) + { + msg(msglevel, "%scould not execute external program (exit code 127)", + msg_prefix); + } + else + { + msg(msglevel, "%sexternal program exited with error status: %d", + msg_prefix, exitcode); + } + + } + else if (WIFSIGNALED(status)) + { + msg(msglevel, "%sexternal program received signal %d", + msg_prefix, WTERMSIG(status)); + } + + return false; +} +#endif /* ifndef WIN32 */ + bool openvpn_execve_allowed(const unsigned int flags) { diff --git a/src/openvpn/run_command.h b/src/openvpn/run_command.h index c92edbc..b0b51c3 100644 --- a/src/openvpn/run_command.h +++ b/src/openvpn/run_command.h @@ -59,6 +59,26 @@ int openvpn_execve_check(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message); + +#ifndef WIN32 +/** Checks if a running process is still running. This is mainly useful + * for processes started with \c S_NOWAITPID + * + * This function is currently not implemented for Windows as the helper + * macros used by this function are not available. + * + * @param pid pid of the process to be checked + * @param msg_prefix prefixed of the message that be printed + * @param msglevel msglevel of the messages to be printed + * @return true if the process is still running, false if + * an error condition occurred + */ +bool +openvpn_waitpid_check(pid_t pid, const char *msg_prefix, + int msglevel); + +#endif + /** * Will run a script and return the exit code of the script if between * 0 and 255, -1 otherwise diff --git a/src/openvpn/tun_afunix.c b/src/openvpn/tun_afunix.c index 6b6c159..c626993 100644 --- a/src/openvpn/tun_afunix.c +++ b/src/openvpn/tun_afunix.c @@ -47,9 +47,12 @@ #include #include + + static void tun_afunix_exec_child(const char *dev_node, struct tuntap *tt, struct env_set *env) { + const char *msgprefix = "ERROR: failure executing process for tun:"; struct argv argv = argv_new(); /* since we know that dev-node starts with unix: we can just skip that @@ -58,10 +61,12 @@ argv_printf(&argv, "%s", program); - argv_msg(M_INFO, &argv); tt->afunix.childprocess = openvpn_execve_check(&argv, env, S_NOWAITPID, - "ERROR: failure executing " - "process for tun"); + msgprefix); + if (!openvpn_waitpid_check(tt->afunix.childprocess, msgprefix, M_WARN)) + { + tt->afunix.childprocess = 0; + } argv_free(&argv); } @@ -138,20 +143,27 @@ ssize_t write_tun_afunix(struct tuntap *tt, uint8_t *buf, int len) { - int ret; - pid_t pidret = waitpid(tt->afunix.childprocess, &ret, WNOHANG); - if (pidret == tt->afunix.childprocess) + const char *msg = "ERROR: failure during write to AF_UNIX socket: "; + if (!openvpn_waitpid_check(tt->afunix.childprocess, msg, M_WARN)) { - msg(M_INFO, "Child process PID %d for afunix dead? Return code: %d", - tt->afunix.childprocess, ret); + tt->afunix.childprocess = 0; return -ENXIO; } + return write(tt->fd, buf, len); } ssize_t read_tun_afunix(struct tuntap *tt, uint8_t *buf, int len) { + const char *msg = "ERROR: failure during read from AF_UNIX socket: "; + if (!openvpn_waitpid_check(tt->afunix.childprocess, msg, M_WARN)) + { + tt->afunix.childprocess = 0; + } + /* do an actual read on the file descriptor even in the error case since + * we otherwise loop on this on this from select and spam the console + * with error messages */ return read(tt->fd, buf, len); } #else /* ifndef WIN32 */