From patchwork Sun Jan 1 21:51:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 2965 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp6018231dyk; Sun, 1 Jan 2023 13:52:42 -0800 (PST) X-Google-Smtp-Source: AMrXdXsEIOrALckgbxbcHGVy+MLlMnyk7xWIDrPpDuFFKe8GjoJhDvRFPt0UW/gONyb7Wdpgx3kq X-Received: by 2002:a05:6a21:6d88:b0:af:8ff3:fc80 with SMTP id wl8-20020a056a216d8800b000af8ff3fc80mr68760524pzb.20.1672609962158; Sun, 01 Jan 2023 13:52:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672609962; cv=none; d=google.com; s=arc-20160816; b=KoJr96Wforn470Qdcc93ifVHQ1s/GpR/tSGuM1JDXDLZAL6GdjGKBNvfj409Ej2MKH wktoUCkDhClVTsaYp0AD5LUguuaXKaYy6ypX0UEMlO5XRGae8K4ISaTRBuGOWx+fbveM T1aSY7kTaLnt2zkD4gbT1uKzahH6J26ThdOJR9oeCfpTL8W8RoTtjfVYpcjJ4H5yPXK8 AlCo5wYGEAwbVjtrAtbJ7AdHDc6j4lm6mGArP+IhnuLq2XTEgBfeBEL0DFxFYQfgYpeQ giz71CIpKOa6+Xh1maV/AFcyevjGSgDteI5TjDAAFUgu10s6echNvS3+ULWe//ivlBE1 36QQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=Rttfsp+Li/OJhXqf8TNgCytCJruCIcwykm3fMxjO+20=; b=DKIouZBXutAZS14GkwH7tadwxKSPMzWI+Otind2Mth4pKlxn31bizBASK7e7ZRNZHI oUuaD2iWZH2NWdAZ3mh8lTsvLXemdwaRUHW6d7v6nyl/DAeDDJj/DdybAsLMImdoNaYm AmvMED0iz23v085fK4a9Lont8wOTzH4xfadpMLBudCT5LKHG242F/55MrDDDO21niuLx v4yiQw+S3V+azXrCAZ3yzrW+lOOTCJAmofY+K7QjrRql0OMA0lcvbnjUq0jcdz8M64J7 74cmXngKhU+Zi7OKuDo5gfctcpFmFHQ6CJ78wDSdMONuAbK7AyKYs1PJ6JpI0H2mVqIb beKg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=ClwPQIjJ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=CjQtV4CO; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=Ve8EXtww; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id j191-20020a6380c8000000b0047009247403si28441602pgd.409.2023.01.01.13.52.41 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 01 Jan 2023 13:52:42 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=ClwPQIjJ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=CjQtV4CO; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=Ve8EXtww; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pC6FF-0002er-9E; Sun, 01 Jan 2023 21:51:53 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pC6FC-0002df-Le for openvpn-devel@lists.sourceforge.net; Sun, 01 Jan 2023 21:51:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=S/VLXrtkoF0rRkDX5hLr/7KpN7iuB2/RrUn8R6AjAtY=; b=ClwPQIjJx8PAkCy4IdxOZtewXp TOoazBMPEcKz05NxwEArDEJcBg+degs8KZYJ0bsSbcOZsgpRMAcGAs5nhspqXLpn2Ecxq+BGHkfDj ImNCeDycV/U+XZRKM+UOqsYNf2d+MXh+QRKy5TAEJ/fAJpl/4pTUUrQSqY+e1/dEugLk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=S/VLXrtkoF0rRkDX5hLr/7KpN7iuB2/RrUn8R6AjAtY=; b=CjQtV4COYSYi/7qe2cUSRAMrWK vTXNZjrcRnsWAtarUOwsl+HUnCqgZbZJyXJ3bCwqUs5FKJ9xNNVh/qXdBf73TxJjgKdepL+CZjrju YlG13575qsxF64otX9ARlveY7F+uy0CuK5pRrZi/sskKGazdawCLYj+K5BFGfpN6QCiI=; Received: from mail-il1-f176.google.com ([209.85.166.176]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pC6F7-00054c-JS for openvpn-devel@lists.sourceforge.net; Sun, 01 Jan 2023 21:51:50 +0000 Received: by mail-il1-f176.google.com with SMTP id p15so4173799ilg.9 for ; Sun, 01 Jan 2023 13:51:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=S/VLXrtkoF0rRkDX5hLr/7KpN7iuB2/RrUn8R6AjAtY=; b=Ve8EXtwwre+8sW6Z7FAMGau73JWPz69w9ZEBzc3gq4z86KjSjv7w5ar2kdXrxYvKvE U+eoidTnaHtzt1FA6CQKISyM15Xug57qtreo0FD8zPlWjduKRvbOaRg2QNBDJ7+DKU8C WmLij7Iq3ZI3+KVrj2AWytp4OI1Mw1ob8nqvEO+J/v79+fYZiMyCcSoaE2iepvZoGsno UEzeHhSNkfZs6htJCaUHbPA7tsQ87UwXuYOs7L3TVy1gHcaKozlYxOgwzbF5L9dB+VPz gw6RNl3aF5cFhmx5w6vnrReWKMiwSxtrO9X2ZUUvYDSAcesiuZtJw/+aaWnW9SxxgtHx hrMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=S/VLXrtkoF0rRkDX5hLr/7KpN7iuB2/RrUn8R6AjAtY=; b=p3wNzvtTN54DmEjSsomdKNRiRX4G3+ACWfMiSTvbFt4zz4X3hdgHsxZ8sKguEYV74D W5hVwWlOYiOSt9huoXKVttEiAWj7XJZaU5AlRojjj7dRMBX5qw/HqLhKcYvoczamuq/c oGz1XMwXrKzkrv5Rz/wdK2KF9UBiX1SKGC6F3IpDIpUMYrXGSLdX+1MmhB6gVWtOsULq Yh04o9zgZqW/s8K+4zraPq8wSNNV2Ujijz2aPPJOrWUGgJaoFlSpzzlhR0eLYlZMgnuQ pDJPQ8Go2FgczDnMzoWMYy3uYGwMaEGpGvNVDmO0wO5n7Ij+RrjdZrlIwwJ1lS6DFQTj EErg== X-Gm-Message-State: AFqh2kqbWOEVGiKNdZcp/HWDll0Cs3xXpQw1ILB7cttagiDx9RfnN0yj MPSUM9QwJGc9PgcI+I394QrEA6KU1GDPkw== X-Received: by 2002:a05:6e02:13e1:b0:30c:276b:af80 with SMTP id w1-20020a056e0213e100b0030c276baf80mr1891957ilj.0.1672609898394; Sun, 01 Jan 2023 13:51:38 -0800 (PST) Received: from uranus.sansel.ca (bras-vprn-tnhlon4053w-lp130-01-70-51-222-66.dsl.bell.ca. [70.51.222.66]) by smtp.gmail.com with ESMTPSA id w11-20020a022a0b000000b0038a44dbbd8fsm8975359jaw.123.2023.01.01.13.51.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 01 Jan 2023 13:51:38 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Sun, 1 Jan 2023 16:51:05 -0500 Message-Id: <20230101215109.1521549-2-selva.nair@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230101215109.1521549-1-selva.nair@gmail.com> References: <20230101215109.1521549-1-selva.nair@gmail.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair - Do not directly update signal_received: always use register_signal() throw_signal() or signal_reset(). To facilitate this, register_signal() now takes c->sig as an argument instead of the context c [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.176 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.176 listed in list.dnswl.org] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1pC6F7-00054c-JS Subject: [Openvpn-devel] [PATCH 1/5] Preparing for better signal handling: some code refactoring X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1753858663774186383?= X-GMAIL-MSGID: =?utf-8?q?1753858663774186383?= From: Selva Nair - Do not directly update signal_received: always use register_signal() throw_signal() or signal_reset(). To facilitate this, register_signal() now takes c->sig as an argument instead of the context c itself, and sig_info struct is passed-in to functions that need to set a signal. - openvpn_getaddrinfo() is updated in a following commit as it could benefit from some logic changes that we may or may not want to do. No functional changes. TODO: (i) update signal handling in openvpn_getaddrinfo (ii) enforce signal priority (iii) fix signal handling on Windows for 2.7? (iv) replace system-V signal with POSIX sigaction Signed-off-by: Selva Nair Acked-by: Gert Doering --- src/openvpn/dco_win.c | 11 +++++---- src/openvpn/dco_win.h | 3 ++- src/openvpn/forward.c | 34 +++++++++++++-------------- src/openvpn/init.c | 13 ++++------- src/openvpn/multi.c | 6 ++--- src/openvpn/occ.c | 3 +-- src/openvpn/ping.c | 6 ++--- src/openvpn/proxy.c | 7 +++--- src/openvpn/proxy.h | 2 +- src/openvpn/push.c | 33 +++++++++++++------------- src/openvpn/sig.c | 17 +++++++------- src/openvpn/sig.h | 37 +++++++++++++++-------------- src/openvpn/socket.c | 54 +++++++++++++++++++++---------------------- src/openvpn/socks.c | 22 ++++++++++-------- src/openvpn/socks.h | 4 ++-- src/openvpn/win32.c | 3 +-- 16 files changed, 125 insertions(+), 130 deletions(-) diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c index 0d0d7946..825b1cd3 100644 --- a/src/openvpn/dco_win.c +++ b/src/openvpn/dco_win.c @@ -106,8 +106,9 @@ dco_start_tun(struct tuntap *tt) } static void -dco_connect_wait(HANDLE handle, OVERLAPPED *ov, int timeout, volatile int *signal_received) +dco_connect_wait(HANDLE handle, OVERLAPPED *ov, int timeout, struct signal_info *sig_info) { + volatile int *signal_received = &sig_info->signal_received; /* GetOverlappedResultEx is available starting from Windows 8 */ typedef BOOL (*get_overlapped_result_ex_t) (HANDLE, LPOVERLAPPED, LPDWORD, DWORD, BOOL); get_overlapped_result_ex_t get_overlapped_result_ex = @@ -138,7 +139,7 @@ dco_connect_wait(HANDLE handle, OVERLAPPED *ov, int timeout, volatile int *signa { /* dco reported connection error */ msg(M_NONFATAL | M_ERRNO, "dco connect error"); - *signal_received = SIGUSR1; + register_signal(sig_info, SIGUSR1, "dco-connect-error"); return; } @@ -153,13 +154,13 @@ dco_connect_wait(HANDLE handle, OVERLAPPED *ov, int timeout, volatile int *signa /* we end up here when timeout occurs in userspace */ msg(M_NONFATAL, "dco connect timeout"); - *signal_received = SIGUSR1; + register_signal(sig_info, SIGUSR1, "dco-connect-timeout"); } void dco_create_socket(HANDLE handle, struct addrinfo *remoteaddr, bool bind_local, struct addrinfo *bind, int timeout, - volatile int *signal_received) + struct signal_info *sig_info) { msg(D_DCO_DEBUG, "%s", __func__); @@ -240,7 +241,7 @@ dco_create_socket(HANDLE handle, struct addrinfo *remoteaddr, bool bind_local, } else { - dco_connect_wait(handle, &ov, timeout, signal_received); + dco_connect_wait(handle, &ov, timeout, sig_info); } } } diff --git a/src/openvpn/dco_win.h b/src/openvpn/dco_win.h index b3cdbbbd..bba7b340 100644 --- a/src/openvpn/dco_win.h +++ b/src/openvpn/dco_win.h @@ -26,6 +26,7 @@ #include "buffer.h" #include "ovpn_dco_win.h" +#include "sig.h" typedef OVPN_KEY_SLOT dco_key_slot_t; typedef OVPN_CIPHER_ALG dco_cipher_t; @@ -42,7 +43,7 @@ create_dco_handle(const char *devname, struct gc_arena *gc); void dco_create_socket(HANDLE handle, struct addrinfo *remoteaddr, bool bind_local, struct addrinfo *bind, int timeout, - volatile int *signal_received); + struct signal_info *sig_info); void dco_start_tun(struct tuntap *tt); diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index af4ed05d..ae0512fc 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -82,13 +82,13 @@ static void check_tls_errors_co(struct context *c) { msg(D_STREAM_ERRORS, "Fatal TLS error (check_tls_errors_co), restarting"); - register_signal(c, c->c2.tls_exit_signal, "tls-error"); /* SOFT-SIGUSR1 -- TLS error */ + register_signal(c->sig, c->c2.tls_exit_signal, "tls-error"); /* SOFT-SIGUSR1 -- TLS error */ } static void check_tls_errors_nco(struct context *c) { - register_signal(c, c->c2.tls_exit_signal, "tls-error"); /* SOFT-SIGUSR1 -- TLS error */ + register_signal(c->sig, c->c2.tls_exit_signal, "tls-error"); /* SOFT-SIGUSR1 -- TLS error */ } /* @@ -155,7 +155,7 @@ check_dco_key_status(struct context *c) { /* Something bad happened. Kill the connection to * be able to recover. */ - register_signal(c, SIGUSR1, "dco update keys error"); + register_signal(c->sig, SIGUSR1, "dco update keys error"); } } @@ -199,7 +199,7 @@ check_tls(struct context *c) } else { - register_signal(c, SIGTERM, "auth-control-exit"); + register_signal(c->sig, SIGTERM, "auth-control-exit"); } } @@ -351,7 +351,7 @@ check_connection_established(struct context *c) { if (!do_up(c, false, 0)) { - register_signal(c, SIGUSR1, "connection initialisation failed"); + register_signal(c->sig, SIGUSR1, "connection initialisation failed"); } } @@ -431,7 +431,7 @@ check_add_routes(struct context *c) { if (!tun_standby(c->c1.tuntap)) { - register_signal(c, SIGHUP, "ip-fail"); + register_signal(c->sig, SIGHUP, "ip-fail"); c->persist.restart_sleep_seconds = 10; #ifdef _WIN32 show_routes(M_INFO|M_NOPREFIX); @@ -455,7 +455,7 @@ static void check_inactivity_timeout(struct context *c) { msg(M_INFO, "Inactivity timeout (--inactive), exiting"); - register_signal(c, SIGTERM, "inactive"); + register_signal(c->sig, SIGTERM, "inactive"); } int @@ -474,7 +474,7 @@ check_server_poll_timeout(struct context *c) if (!tls_initial_packet_received(c->c2.tls_multi)) { msg(M_INFO, "Server poll timeout, restarting"); - register_signal(c, SIGUSR1, "server_poll"); + register_signal(c->sig, SIGUSR1, "server_poll"); c->persist.restart_sleep_seconds = -1; } } @@ -499,7 +499,7 @@ schedule_exit(struct context *c, const int n_seconds, const int signal) static void check_scheduled_exit(struct context *c) { - register_signal(c, c->c2.scheduled_exit_signal, "delayed-exit"); + register_signal(c->sig, c->c2.scheduled_exit_signal, "delayed-exit"); } /* @@ -661,7 +661,7 @@ check_session_timeout(struct context *c) ETT_DEFAULT)) { msg(M_INFO, "Session timeout, exiting"); - register_signal(c, SIGTERM, "session-timeout"); + register_signal(c->sig, SIGTERM, "session-timeout"); } } @@ -902,7 +902,7 @@ read_incoming_link(struct context *c) const struct buffer *fbuf = socket_foreign_protocol_head(c->c2.link_socket); const int sd = socket_foreign_protocol_sd(c->c2.link_socket); port_share_redirect(port_share, fbuf, sd); - register_signal(c, SIGTERM, "port-share-redirect"); + register_signal(c->sig, SIGTERM, "port-share-redirect"); } else #endif @@ -915,7 +915,7 @@ read_incoming_link(struct context *c) } else { - register_signal(c, SIGUSR1, "connection-reset"); /* SOFT-SIGUSR1 -- TCP connection reset */ + register_signal(c->sig, SIGUSR1, "connection-reset"); /* SOFT-SIGUSR1 -- TCP connection reset */ msg(D_STREAM_ERRORS, "Connection reset, restarting [%d]", status); } } @@ -1067,7 +1067,7 @@ process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, boo if (!decrypt_status && link_socket_connection_oriented(c->c2.link_socket)) { /* decryption errors are fatal in TCP mode */ - register_signal(c, SIGUSR1, "decryption-error"); /* SOFT-SIGUSR1 -- decryption error in TCP mode */ + register_signal(c->sig, SIGUSR1, "decryption-error"); /* SOFT-SIGUSR1 -- decryption error in TCP mode */ msg(D_STREAM_ERRORS, "Fatal decryption error (process_incoming_link), restarting"); } } @@ -1248,7 +1248,7 @@ read_incoming_tun(struct context *c) read_wintun(c->c1.tuntap, &c->c2.buf); if (c->c2.buf.len == -1) { - register_signal(c, SIGHUP, "tun-abort"); + register_signal(c->sig, SIGHUP, "tun-abort"); c->persist.restart_sleep_seconds = 1; msg(M_INFO, "Wintun read error, restarting"); perf_pop(); @@ -1277,7 +1277,7 @@ read_incoming_tun(struct context *c) /* Was TUN/TAP interface stopped? */ if (tuntap_stop(c->c2.buf.len)) { - register_signal(c, SIGTERM, "tun-stop"); + register_signal(c->sig, SIGTERM, "tun-stop"); msg(M_INFO, "TUN/TAP interface has been stopped, exiting"); perf_pop(); return; @@ -1286,7 +1286,7 @@ read_incoming_tun(struct context *c) /* Was TUN/TAP I/O operation aborted? */ if (tuntap_abort(c->c2.buf.len)) { - register_signal(c, SIGHUP, "tun-abort"); + register_signal(c->sig, SIGHUP, "tun-abort"); c->persist.restart_sleep_seconds = 10; msg(M_INFO, "TUN/TAP I/O operation aborted, restarting"); perf_pop(); @@ -1845,7 +1845,7 @@ process_outgoing_link(struct context *c) && !tls_initial_packet_received(c->c2.tls_multi) && c->options.mode == MODE_POINT_TO_POINT) { msg(M_INFO, "Network unreachable, restarting"); - register_signal(c, SIGUSR1, "network-unreachable"); + register_signal(c->sig, SIGUSR1, "network-unreachable"); } } else diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 3380ed9e..eec25acf 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2934,13 +2934,13 @@ do_init_crypto_tls_c1(struct context *c) /* Intentional [[fallthrough]]; */ case AR_NOINTERACT: - c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- Password failure error */ + /* SOFT-SIGUSR1 -- Password failure error */ + register_signal(c->sig, SIGUSR1, "private-key-password-failure"); break; default: ASSERT(0); } - c->sig->signal_text = "private-key-password-failure"; return; } @@ -4229,9 +4229,7 @@ init_instance(struct context *c, const struct env_set *env, const unsigned int f } /* signals caught here will abort */ - c->sig->signal_received = 0; - c->sig->signal_text = NULL; - c->sig->source = SIG_SOURCE_SOFT; + signal_reset(c->sig); if (c->mode == CM_P2P) { @@ -4733,7 +4731,7 @@ close_context(struct context *c, int sig, unsigned int flags) if (sig >= 0) { - c->sig->signal_received = sig; + register_signal(c->sig, sig, "close_context"); } if (c->sig->signal_received == SIGUSR1) @@ -4741,8 +4739,7 @@ close_context(struct context *c, int sig, unsigned int flags) if ((flags & CC_USR1_TO_HUP) || (c->sig->source == SIG_SOURCE_HARD && (flags & CC_HARD_USR1_TO_HUP))) { - c->sig->signal_received = SIGHUP; - c->sig->signal_text = "close_context usr1 to hup"; + register_signal(c->sig, SIGHUP, "close_context usr1 to hup"); } } diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 92e63dd2..c2254399 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -2364,7 +2364,7 @@ multi_client_generate_tls_keys(struct context *c) get_link_socket_info(c))) { msg(D_TLS_ERRORS, "TLS Error: initializing data channel failed"); - register_signal(c, SIGUSR1, "process-push-msg-failed"); + register_signal(c->sig, SIGUSR1, "process-push-msg-failed"); return false; } @@ -3828,7 +3828,7 @@ multi_push_restart_schedule_exit(struct multi_context *m, bool next_server) &m->deferred_shutdown_signal.wakeup, compute_wakeup_sigma(&m->deferred_shutdown_signal.wakeup)); - m->top.sig->signal_received = 0; + signal_reset(m->top.sig); } /* @@ -3843,7 +3843,7 @@ multi_process_signal(struct multi_context *m) struct status_output *so = status_open(NULL, 0, M_INFO, NULL, 0); multi_print_status(m, so, m->status_file_version); status_close(so); - m->top.sig->signal_received = 0; + signal_reset(m->top.sig); return false; } else if (proto_is_dgram(m->top.options.ce.proto) diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c index eb1f2fae..0b291756 100644 --- a/src/openvpn/occ.c +++ b/src/openvpn/occ.c @@ -431,8 +431,7 @@ process_received_occ_msg(struct context *c) case OCC_EXIT: dmsg(D_PACKET_CONTENT, "RECEIVED OCC_EXIT"); - c->sig->signal_received = SIGUSR1; - c->sig->signal_text = "remote-exit"; + register_signal(c->sig, SIGUSR1, "remote-exit"); break; } c->c2.buf.len = 0; /* don't pass packet on */ diff --git a/src/openvpn/ping.c b/src/openvpn/ping.c index 588723d0..cf1861a6 100644 --- a/src/openvpn/ping.c +++ b/src/openvpn/ping.c @@ -55,15 +55,13 @@ trigger_ping_timeout_signal(struct context *c) case PING_EXIT: msg(M_INFO, "%sInactivity timeout (--ping-exit), exiting", format_common_name(c, &gc)); - c->sig->signal_received = SIGTERM; - c->sig->signal_text = "ping-exit"; + register_signal(c->sig, SIGTERM, "ping-exit"); break; case PING_RESTART: msg(M_INFO, "%sInactivity timeout (--ping-restart), restarting", format_common_name(c, &gc)); - c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- Ping Restart */ - c->sig->signal_text = "ping-restart"; + register_signal(c->sig, SIGUSR1, "ping-restart"); break; default: diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index 633caee0..91121f25 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -636,7 +636,7 @@ establish_http_proxy_passthru(struct http_proxy_info *p, const char *port, /* openvpn server port */ struct event_timeout *server_poll_timeout, struct buffer *lookahead, - volatile int *signal_received) + struct signal_info *sig_info) { struct gc_arena gc = gc_new(); char buf[512]; @@ -646,6 +646,7 @@ establish_http_proxy_passthru(struct http_proxy_info *p, int nparms; bool ret = false; bool processed = false; + volatile int *signal_received = &sig_info->signal_received; /* get user/pass if not previously given */ if (p->auth_method == HTTP_AUTH_BASIC @@ -1079,9 +1080,9 @@ done: return ret; error: - if (!*signal_received) + if (!sig_info->signal_received) { - *signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- HTTP proxy error */ + register_signal(sig_info, SIGUSR1, "HTTP proxy error"); /* SOFT-SIGUSR1 -- HTTP proxy error */ } gc_free(&gc); return ret; diff --git a/src/openvpn/proxy.h b/src/openvpn/proxy.h index 9d719382..4fe2a08f 100644 --- a/src/openvpn/proxy.h +++ b/src/openvpn/proxy.h @@ -86,7 +86,7 @@ bool establish_http_proxy_passthru(struct http_proxy_info *p, const char *port, /* openvpn server port */ struct event_timeout *server_poll_timeout, struct buffer *lookahead, - volatile int *signal_received); + struct signal_info *sig_info); uint8_t *make_base64_string2(const uint8_t *str, int str_len, struct gc_arena *gc); diff --git a/src/openvpn/push.c b/src/openvpn/push.c index e765d2a9..9796da4e 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -74,8 +74,7 @@ receive_auth_failed(struct context *c, const struct buffer *buffer) if (authfail_extended && buf_string_match_head_str(&buf, "TEMP")) { parse_auth_failed_temp(&c->options, reason + strlen("TEMP")); - c->sig->signal_received = SIGUSR1; - c->sig->signal_text = "auth-temp-failure (server temporary reject)"; + register_signal(c->sig, SIGUSR1, "auth-temp-failure (server temporary reject)"); } /* Before checking how to react on AUTH_FAILED, first check if the @@ -85,8 +84,8 @@ receive_auth_failed(struct context *c, const struct buffer *buffer) * identical for this scenario */ else if (ssl_clean_auth_token()) { - c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- Auth failure error */ - c->sig->signal_text = "auth-failure (auth-token)"; + /* SOFT-SIGUSR1 -- Auth failure error */ + register_signal(c->sig, SIGUSR1, "auth-failure (auth-token)"); c->options.no_advance = true; } else @@ -94,20 +93,21 @@ receive_auth_failed(struct context *c, const struct buffer *buffer) switch (auth_retry_get()) { case AR_NONE: - c->sig->signal_received = SIGTERM; /* SOFT-SIGTERM -- Auth failure error */ + /* SOFT-SIGTERM -- Auth failure error */ + register_signal(c->sig, SIGTERM, "auth-failure"); break; case AR_INTERACT: ssl_purge_auth(false); case AR_NOINTERACT: - c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- Auth failure error */ + /* SOFT-SIGTUSR1 -- Auth failure error */ + register_signal(c->sig, SIGUSR1, "auth-failure"); break; default: ASSERT(0); } - c->sig->signal_text = "auth-failure"; } #ifdef ENABLE_MANAGEMENT if (management) @@ -171,14 +171,14 @@ server_pushed_signal(struct context *c, const struct buffer *buffer, const bool if (restart) { msg(D_STREAM_ERRORS, "Connection reset command was pushed by server ('%s')", m); - c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- server-pushed connection reset */ - c->sig->signal_text = "server-pushed-connection-reset"; + /* SOFT-SIGUSR1 -- server-pushed connection reset */ + register_signal(c->sig, SIGUSR1, "server-pushed-connection-reset"); } else { msg(D_STREAM_ERRORS, "Halt command was pushed by server ('%s')", m); - c->sig->signal_received = SIGTERM; /* SOFT-SIGTERM -- server-pushed halt */ - c->sig->signal_text = "server-pushed-halt"; + /* SOFT-SIGTERM -- server-pushed halt */ + register_signal(c->sig, SIGTERM, "server-pushed-halt"); } #ifdef ENABLE_MANAGEMENT if (management) @@ -210,13 +210,12 @@ receive_exit_message(struct context *c) } else { - c->sig->signal_received = SIGUSR1; + register_signal(c->sig, SIGUSR1, "remote-exit"); } - c->sig->signal_text = "remote-exit"; #ifdef ENABLE_MANAGEMENT if (management) { - management_notify(management, "info", c->sig->signal_text, "EXIT"); + management_notify(management, "info", "remote-exit", "EXIT"); } #endif } @@ -527,7 +526,7 @@ incoming_push_message(struct context *c, const struct buffer *buffer) goto cleanup; error: - register_signal(c, SIGUSR1, "process-push-msg-failed"); + register_signal(c->sig, SIGUSR1, "process-push-msg-failed"); cleanup: gc_free(&gc); } @@ -555,8 +554,8 @@ send_push_request(struct context *c) { msg(D_STREAM_ERRORS, "No reply from server to push requests in %ds", (int)(now - ks->established)); - c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- server-pushed connection reset */ - c->sig->signal_text = "no-push-reply"; + /* SOFT-SIGUSR1 -- server-pushed connection reset */ + register_signal(c->sig, SIGUSR1, "no-push-reply"); return false; } } diff --git a/src/openvpn/sig.c b/src/openvpn/sig.c index 65cd25c6..e462b93e 100644 --- a/src/openvpn/sig.c +++ b/src/openvpn/sig.c @@ -115,7 +115,7 @@ throw_signal_soft(const int signum, const char *signal_text) siginfo_static.signal_text = signal_text; } -static void +void signal_reset(struct signal_info *si) { if (si) @@ -374,8 +374,7 @@ process_explicit_exit_notification_timer_wakeup(struct context *c) if (now >= c->c2.explicit_exit_notification_time_wait + c->options.ce.explicit_exit_notification) { event_timeout_clear(&c->c2.explicit_exit_notification_interval); - c->sig->signal_received = SIGTERM; - c->sig->signal_text = "exit-with-notification"; + register_signal(c->sig, SIGTERM, "exit-with-notification"); } else if (!cc_exit_notify_enabled(c)) { @@ -393,7 +392,7 @@ remap_signal(struct context *c) { if (c->sig->signal_received == SIGUSR1 && c->options.remap_sigusr1) { - c->sig->signal_received = c->options.remap_sigusr1; + register_signal(c->sig, c->options.remap_sigusr1, c->sig->signal_text); } } @@ -442,7 +441,7 @@ ignore_restart_signals(struct context *c) { msg(M_INFO, "Converting soft %s received during exit notification to SIGTERM", signal_name(c->sig->signal_received, true)); - register_signal(c, SIGTERM, "exit-with-notification"); + register_signal(c->sig, SIGTERM, "exit-with-notification"); ret = false; } } @@ -471,11 +470,11 @@ process_signal(struct context *c) } void -register_signal(struct context *c, int sig, const char *text) +register_signal(struct signal_info *si, int sig, const char *text) { - if (c->sig->signal_received != SIGTERM) + if (si->signal_received != SIGTERM) { - c->sig->signal_received = sig; + si->signal_received = sig; } - c->sig->signal_text = text; + si->signal_text = text; } diff --git a/src/openvpn/sig.h b/src/openvpn/sig.h index 091f16b3..83adc543 100644 --- a/src/openvpn/sig.h +++ b/src/openvpn/sig.h @@ -27,8 +27,6 @@ #include "status.h" #include "win32.h" - - #define SIG_SOURCE_SOFT 0 #define SIG_SOURCE_HARD 1 /* CONNECTION_FAILED is also a "soft" status, @@ -79,41 +77,42 @@ void signal_restart_status(const struct signal_info *si); bool process_signal(struct context *c); -void register_signal(struct context *c, int sig, const char *text); +void register_signal(struct signal_info *si, int sig, const char *text); void process_explicit_exit_notification_timer_wakeup(struct context *c); -#ifdef _WIN32 - -static inline void -get_signal(volatile int *sig) -{ - *sig = win32_signal_get(&win32_signal); -} +void signal_reset(struct signal_info *si); static inline void halt_non_edge_triggered_signals(void) { +#ifdef _WIN32 win32_signal_close(&win32_signal); +#endif } -#else /* ifdef _WIN32 */ +/** + * Copy the global signal_received (if non-zero) to the passed-in argument sig. + * As the former is volatile, do not assign if sig and &signal_received are the + * same. Even on windows signal_received is really volatile as it can change if + * a ctrl-C or ctrl-break is delivered. So use the same logic as above. + * + * Also, on windows always call win32_signal_get to pickup any signals simulated by + * key-board short cuts or the exit event. + */ static inline void get_signal(volatile int *sig) { +#ifdef _WIN32 + const int i = win32_signal_get(&win32_signal); +#else const int i = siginfo_static.signal_received; - if (i) +#endif + if (i && sig != &siginfo_static.signal_received) { *sig = i; } } -static inline void -halt_non_edge_triggered_signals(void) -{ -} - -#endif /* ifdef _WIN32 */ - #endif /* ifndef SIG_H */ diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index c7ec0e06..273f378e 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -1586,7 +1586,7 @@ socket_connect(socket_descriptor_t *sd, openvpn_close_socket(*sd); *sd = SOCKET_UNDEFINED; - sig_info->signal_received = SIGUSR1; + register_signal(sig_info, SIGUSR1, "connection-failed"); sig_info->source = SIG_SOURCE_CONNECTION_FAILED; } else @@ -1694,8 +1694,9 @@ static void resolve_remote(struct link_socket *sock, int phase, const char **remote_dynamic, - volatile int *signal_received) + struct signal_info *sig_info) { + volatile int *signal_received = sig_info ? &sig_info->signal_received : NULL; struct gc_arena gc = gc_new(); /* resolve remote address if undefined */ @@ -1774,18 +1775,16 @@ resolve_remote(struct link_socket *sock, signal_received ? *signal_received : -1, status); } - if (signal_received) + if (signal_received && *signal_received) { - if (*signal_received) - { - goto done; - } + goto done; } if (status!=0) { if (signal_received) { - *signal_received = SIGUSR1; + /* potential overwrite of signal */ + register_signal(sig_info, SIGUSR1, "socks-resolve-failure"); } goto done; } @@ -2002,8 +2001,9 @@ linksock_print_addr(struct link_socket *sock) static void phase2_tcp_server(struct link_socket *sock, const char *remote_dynamic, - volatile int *signal_received) + struct signal_info *sig_info) { + volatile int *signal_received = sig_info ? &sig_info->signal_received : NULL; switch (sock->mode) { case LS_MODE_DEFAULT: @@ -2029,7 +2029,7 @@ phase2_tcp_server(struct link_socket *sock, const char *remote_dynamic, false); if (!socket_defined(sock->sd)) { - *signal_received = SIGTERM; + register_signal(sig_info, SIGTERM, "socket-undefiled"); return; } tcp_connection_established(&sock->info.lsa->actual); @@ -2065,7 +2065,7 @@ phase2_tcp_client(struct link_socket *sock, struct signal_info *sig_info) sock->proxy_dest_port, sock->server_poll_timeout, &sock->stream_buf.residual, - &sig_info->signal_received); + sig_info); } else if (sock->socks_proxy) { @@ -2073,7 +2073,7 @@ phase2_tcp_client(struct link_socket *sock, struct signal_info *sig_info) sock->sd, sock->proxy_dest_host, sock->proxy_dest_port, - &sig_info->signal_received); + sig_info); } if (proxy_retry) { @@ -2102,7 +2102,7 @@ phase2_socks_client(struct link_socket *sock, struct signal_info *sig_info) sock->ctrl_sd, sock->sd, &sock->socks_relay.dest, - &sig_info->signal_received); + sig_info); if (sig_info->signal_received) { @@ -2120,13 +2120,13 @@ phase2_socks_client(struct link_socket *sock, struct signal_info *sig_info) sock->info.lsa->remote_list = NULL; } - resolve_remote(sock, 1, NULL, &sig_info->signal_received); + resolve_remote(sock, 1, NULL, sig_info); } #if defined(_WIN32) static void create_socket_dco_win(struct context *c, struct link_socket *sock, - volatile int *signal_received) + struct signal_info *sig_info) { if (!c->c1.tuntap) { @@ -2145,11 +2145,11 @@ create_socket_dco_win(struct context *c, struct link_socket *sock, sock->info.lsa->current_remote, sock->bind_local, sock->info.lsa->bind_local, get_server_poll_remaining_time(sock->server_poll_timeout), - signal_received); + sig_info); sock->dco_installed = true; - if (*signal_received) + if (sig_info->signal_received) { return; } @@ -2168,15 +2168,15 @@ link_socket_init_phase2(struct context *c) struct signal_info *sig_info = c->sig; const char *remote_dynamic = NULL; - int sig_save = 0; + struct signal_info sig_save = {0}; ASSERT(sock); ASSERT(sig_info); if (sig_info->signal_received) { - sig_save = sig_info->signal_received; - sig_info->signal_received = 0; + sig_save = *sig_info; + signal_reset(sig_info); } /* initialize buffers */ @@ -2193,7 +2193,7 @@ link_socket_init_phase2(struct context *c) } /* Second chance to resolv/create socket */ - resolve_remote(sock, 2, &remote_dynamic, &sig_info->signal_received); + resolve_remote(sock, 2, &remote_dynamic, sig_info); /* If a valid remote has been found, create the socket with its addrinfo */ if (sock->info.lsa->current_remote) @@ -2201,7 +2201,7 @@ link_socket_init_phase2(struct context *c) #if defined(_WIN32) if (dco_enabled(&c->options)) { - create_socket_dco_win(c, sock, &sig_info->signal_received); + create_socket_dco_win(c, sock, sig_info); goto done; } else @@ -2237,7 +2237,7 @@ link_socket_init_phase2(struct context *c) if (sock->sd == SOCKET_UNDEFINED) { msg(M_WARN, "Could not determine IPv4/IPv6 protocol"); - sig_info->signal_received = SIGUSR1; + register_signal(sig_info, SIGUSR1, "Could not determine IPv4/IPv6 protocol"); goto done; } @@ -2248,8 +2248,7 @@ link_socket_init_phase2(struct context *c) if (sock->info.proto == PROTO_TCP_SERVER) { - phase2_tcp_server(sock, remote_dynamic, - &sig_info->signal_received); + phase2_tcp_server(sock, remote_dynamic, sig_info); } else if (sock->info.proto == PROTO_TCP_CLIENT) { @@ -2275,11 +2274,12 @@ link_socket_init_phase2(struct context *c) linksock_print_addr(sock); done: - if (sig_save) + if (sig_save.signal_received) { + /* This can potentially lose a saved high priority signal -- to be fixed */ if (!sig_info->signal_received) { - sig_info->signal_received = sig_save; + register_signal(sig_info, sig_save.signal_received, sig_save.signal_text); } } } diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c index ef178a35..b2ca3744 100644 --- a/src/openvpn/socks.c +++ b/src/openvpn/socks.c @@ -448,12 +448,12 @@ establish_socks_proxy_passthru(struct socks_proxy_info *p, socket_descriptor_t sd, /* already open to proxy */ const char *host, /* openvpn server remote */ const char *servname, /* openvpn server port */ - volatile int *signal_received) + struct signal_info *sig_info) { char buf[270]; size_t len; - if (!socks_handshake(p, sd, signal_received)) + if (!socks_handshake(p, sd, &sig_info->signal_received)) { goto error; } @@ -491,7 +491,7 @@ establish_socks_proxy_passthru(struct socks_proxy_info *p, /* receive reply from Socks proxy and discard */ - if (!recv_socks_reply(sd, NULL, signal_received)) + if (!recv_socks_reply(sd, NULL, &sig_info->signal_received)) { goto error; } @@ -499,9 +499,10 @@ establish_socks_proxy_passthru(struct socks_proxy_info *p, return; error: - if (!*signal_received) + if (!sig_info->signal_received) { - *signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- socks error */ + /* SOFT-SIGUSR1 -- socks error */ + register_signal(sig_info, SIGUSR1, "socks-error"); } return; } @@ -511,9 +512,9 @@ establish_socks_proxy_udpassoc(struct socks_proxy_info *p, socket_descriptor_t ctrl_sd, /* already open to proxy */ socket_descriptor_t udp_sd, struct openvpn_sockaddr *relay_addr, - volatile int *signal_received) + struct signal_info *sig_info) { - if (!socks_handshake(p, ctrl_sd, signal_received)) + if (!socks_handshake(p, ctrl_sd, &sig_info->signal_received)) { goto error; } @@ -534,7 +535,7 @@ establish_socks_proxy_udpassoc(struct socks_proxy_info *p, /* receive reply from Socks proxy */ CLEAR(*relay_addr); - if (!recv_socks_reply(ctrl_sd, relay_addr, signal_received)) + if (!recv_socks_reply(ctrl_sd, relay_addr, &sig_info->signal_received)) { goto error; } @@ -542,9 +543,10 @@ establish_socks_proxy_udpassoc(struct socks_proxy_info *p, return; error: - if (!*signal_received) + if (!sig_info->signal_received) { - *signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- socks error */ + /* SOFT-SIGUSR1 -- socks error */ + register_signal(sig_info, SIGUSR1, "socks-error"); } return; } diff --git a/src/openvpn/socks.h b/src/openvpn/socks.h index 47cdac10..55c75c60 100644 --- a/src/openvpn/socks.h +++ b/src/openvpn/socks.h @@ -52,13 +52,13 @@ void establish_socks_proxy_passthru(struct socks_proxy_info *p, socket_descriptor_t sd, /* already open to proxy */ const char *host, /* openvpn server remote */ const char *servname, /* openvpn server port */ - volatile int *signal_received); + struct signal_info *sig_info); void establish_socks_proxy_udpassoc(struct socks_proxy_info *p, socket_descriptor_t ctrl_sd, /* already open to proxy */ socket_descriptor_t udp_sd, struct openvpn_sockaddr *relay_addr, - volatile int *signal_received); + struct signal_info *sig_info); void socks_process_incoming_udp(struct buffer *buf, struct link_socket_actual *from); diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c index cfe4dbde..c3520bca 100644 --- a/src/openvpn/win32.c +++ b/src/openvpn/win32.c @@ -682,8 +682,7 @@ win32_signal_get(struct win32_signal *ws) } if (ret) { - siginfo_static.signal_received = ret; - siginfo_static.source = SIG_SOURCE_HARD; + throw_signal(ret); /* this will update signinfo_static.signal received */ } } return ret; From patchwork Sun Jan 1 21:51:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 2964 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp6018228dyk; Sun, 1 Jan 2023 13:52:41 -0800 (PST) X-Google-Smtp-Source: AMrXdXvXPsOsUwdlPcAbWJ20pKztOrtpAMnRsRDW+7d1xRwUvZwf6Xnu0syd0ZWvbbazoRAWEdrr X-Received: by 2002:a17:903:22c8:b0:188:de22:324b with SMTP id y8-20020a17090322c800b00188de22324bmr74043976plg.6.1672609960855; Sun, 01 Jan 2023 13:52:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672609960; cv=none; d=google.com; s=arc-20160816; b=b5aoWll8fXfiqMmfSTgjS/mh/LxBe3VOb0Hvaxptqr08BqoCygmS4akOOGAc39CMhr Hrrow7fiQvjX2EXsxonUEavUcRwDutKXYRA58L/+S+ev88FigTdaWXkQHs5KkH4xQ9OZ gatvhe9rFx887oFAvXvOFutlMMbA74+jgFjB31cjCypVJEQES4LRC9lRhHhMeLowOrpx nsuVZEIyyFpH7OKcXYGk9EoXLaMD8X4R9c+yGEpS9ybBb3Xu0AmhxHEl6U2DY7nE4M6d i7BtG/kGJqAeIQUjrKjR+HBnvcfL4RRP+vcgMPYQtksE5vr/IVV9EWIm37Glevo9vFvL +/Sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=CP3h2CrbObMEAhbbrxTcwfpWLQjnLo9D7WL6I/uD14k=; b=WlM0wa4Ue8iUU8Ue1Wb9GbW60kI61+cuXTZcNWJ8PYsmlw6j63a2LQGof3XU/uHlan BPXAIH/yq4K5LHxbQIVVzmpA9aai3jV0dApXKMi7EFqdbI7Ne5E4hKgVuAfC2HvjJ6gu 3CNiVfi7bI+eevjmnzMwJjMfCgb1eNdvC0+mu6+YxBNZHZbNQul+Nqd+cRzcFpp3+65N GCaHN0orDHFwFouEsfg+P+7fbO9vGwFdqyISEOPurHBBnguEWmj05IlMDwEy9ss/RAnk b0+3SNu50wi6uYrtHyoeAaAwU3zIqhtH+S+u9qQ+QO84Bz79MvX661/XF/ED0H9p6xlH +rVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Uwoz3s1S; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=cQV3YDSV; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=QkcPeDgR; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id iz17-20020a170902ef9100b00188e045470csi25666374plb.542.2023.01.01.13.52.40 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 01 Jan 2023 13:52:40 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Uwoz3s1S; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=cQV3YDSV; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=QkcPeDgR; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pC6FA-0003jI-K5; Sun, 01 Jan 2023 21:51:48 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pC6F8-0003j8-Nk for openvpn-devel@lists.sourceforge.net; Sun, 01 Jan 2023 21:51:46 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=gy3UAjSBG38JiuVc4p6mppPDN7siZWCBNdxg3JvdyhA=; b=Uwoz3s1SuwDU0Ihyg5tMpVdRwo kYs5nKwC47RdaeYvqE87pz2YKzwmZNTnfM36gQbyoQ5h/r2qHInVu+iVMy+a+IHL/Ox847O3IxRPy jlaDHCQGqvaZPzZ7YFX13zYxZDSTRYGCasto+Cc1IPTmBSdLxKe1zD4b1zo1zYOrbkm4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=gy3UAjSBG38JiuVc4p6mppPDN7siZWCBNdxg3JvdyhA=; b=cQV3YDSV5cufZhX1o1MIDvMVO8 WqStO9z8pFsmM5b5lg6mLJzpQjJYlcCUVel2/gePq6LJYGuv2Ymkz28UMMeZ9aEop6Q7b6ykHxpCp ME5SbClSaShKU0yP7tWhDOxRIrx38HVMTKotqxQuGjNH0TrpKp1YHLnw4lh3K4pJytj8=; Received: from mail-io1-f44.google.com ([209.85.166.44]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pC6F8-001bzN-46 for openvpn-devel@lists.sourceforge.net; Sun, 01 Jan 2023 21:51:46 +0000 Received: by mail-io1-f44.google.com with SMTP id i83so14182832ioa.11 for ; Sun, 01 Jan 2023 13:51:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=gy3UAjSBG38JiuVc4p6mppPDN7siZWCBNdxg3JvdyhA=; b=QkcPeDgRVdx0UhqOqPjf+BqF82f2s8QOMpzi2xyadVDeKV1zmTmeFjCVW9oQgZsvDk 3QBlG6INGvcxfodN15Zrzicn2B7SRc+Nvib89Wj2N5963zgz2YI7L+bdBZ1c/iHaCi3/ QtMXr5223UdMTfy1jXMoks5yF7uok0ENiHv02eh1kE+R90Nyax54FhJvNkmbEnKOmetk ehLCglIhPzWUX/zCioOM9A2B2kkygeXfvNNUu3evUalEh0bBcTpCPggyVthYFg8LvKKr KQBQGD/Dl08F1qOA0M+iXWcxEM8nk3g3PFR9ERTDlyxO0B2bCNyisNK4ZePe6+yUiIgn vFBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gy3UAjSBG38JiuVc4p6mppPDN7siZWCBNdxg3JvdyhA=; b=1zdi1qReCmFHpIu+SQiMUAVSJQWlb6tFeFotFATVeYdjgjnf3EiKuwiL8bj4msSLsQ IFQmkZo/y4+tzqXnyeyRDBbNpA0PgHoZ7F/sEGNCd3/Y/tXf6d92uequ3IhOQ5wBnl2b cgN6TToK3heGdjPUhMTAvtrWyo6m8IEPxhcQutpGKBnNcpx74oseznMQTw2gcCAQ9Xy8 m5hsdgMtGaA44VEUz8qCeURRgWZGJ0UVVF2JyLkfYMNpcJxehLDjvyQmLuMxJthWNQuM jI3Iz/OGzHCoLJv8eRrowbDmYgwCdPpCvcbkGUE7hD0IdUiks3nwhiZrjwfC0wuQjrZi lP8g== X-Gm-Message-State: AFqh2kqxwbfNWl3InDlne8nfB/t2d8PQ5YTFBfKhPzY3IzE9yyZ7LJbL jrm4RhQvBpFdEdvgQ3BEYJSbh9YM0fJwJg== X-Received: by 2002:a6b:7808:0:b0:6db:3123:261 with SMTP id j8-20020a6b7808000000b006db31230261mr4932746iom.2.1672609900213; Sun, 01 Jan 2023 13:51:40 -0800 (PST) Received: from uranus.sansel.ca (bras-vprn-tnhlon4053w-lp130-01-70-51-222-66.dsl.bell.ca. [70.51.222.66]) by smtp.gmail.com with ESMTPSA id w11-20020a022a0b000000b0038a44dbbd8fsm8975359jaw.123.2023.01.01.13.51.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 01 Jan 2023 13:51:39 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Sun, 1 Jan 2023 16:51:06 -0500 Message-Id: <20230101215109.1521549-3-selva.nair@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230101215109.1521549-1-selva.nair@gmail.com> References: <20230101215109.1521549-1-selva.nair@gmail.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair Pass in sig_info struct to use register signal instead of modifying signal_received. No functional changes though some may be warranted. Questions: - Why are we overwriting SIGUSR1 in this function? - Why the special interrupted syscall treatment for getaddrinfo? Its not a syscall, is [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.44 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.44 listed in list.dnswl.org] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1pC6F8-001bzN-46 Subject: [Openvpn-devel] [PATCH 2/5] Refactor signal handling in openvpn_getaddrinfo X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1753858662284961183?= X-GMAIL-MSGID: =?utf-8?q?1753858662284961183?= From: Selva Nair Pass in sig_info struct to use register signal instead of modifying signal_received. No functional changes though some may be warranted. Questions: - Why are we overwriting SIGUSR1 in this function? - Why the special interrupted syscall treatment for getaddrinfo? Its not a syscall, is it? Signed-off-by: Selva Nair Acked-by: Gert Doering --- src/openvpn/socket.c | 31 ++++++++++++++++--------------- src/openvpn/socket.h | 4 ++-- 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 273f378e..faaa2748 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -67,7 +67,7 @@ sf2gaf(const unsigned int getaddr_flags, static int get_addr_generic(sa_family_t af, unsigned int flags, const char *hostname, void *network, unsigned int *netbits, - int resolve_retry_seconds, volatile int *signal_received, + int resolve_retry_seconds, struct signal_info *sig_info, int msglevel) { char *endp, *sep, *var_host = NULL; @@ -130,7 +130,7 @@ get_addr_generic(sa_family_t af, unsigned int flags, const char *hostname, } ret = openvpn_getaddrinfo(flags & ~GETADDR_HOST_ORDER, var_host, NULL, - resolve_retry_seconds, signal_received, af, &ai); + resolve_retry_seconds, sig_info, af, &ai); if ((ret == 0) && network) { struct in6_addr *ip6; @@ -183,13 +183,13 @@ getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, - volatile int *signal_received) + struct signal_info *sig_info) { in_addr_t addr; int status; status = get_addr_generic(AF_INET, flags, hostname, &addr, NULL, - resolve_retry_seconds, signal_received, + resolve_retry_seconds, sig_info, M_WARN); if (status==0) { @@ -432,13 +432,13 @@ openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, - volatile int *signal_received, + struct signal_info *sig_info, int ai_family, struct addrinfo **res) { struct addrinfo hints; int status; - int sigrec = 0; + struct signal_info sigrec = {0}; int msglevel = (flags & GETADDR_FATAL) ? M_FATAL : D_RESOLVE_ERRORS; struct gc_arena gc = gc_new(); const char *print_hostname; @@ -464,9 +464,9 @@ openvpn_getaddrinfo(unsigned int flags, } if ((flags & (GETADDR_FATAL_ON_SIGNAL|GETADDR_WARN_ON_SIGNAL)) - && !signal_received) + && !sig_info) { - signal_received = &sigrec; + sig_info = &sigrec; } /* try numeric ipv6 addr first */ @@ -561,17 +561,18 @@ openvpn_getaddrinfo(unsigned int flags, flags, hints.ai_family, hints.ai_socktype); status = getaddrinfo(hostname, servname, &hints, res); - if (signal_received) + if (sig_info) { - get_signal(signal_received); - if (*signal_received) /* were we interrupted by a signal? */ + get_signal(&sig_info->signal_received); + if (sig_info->signal_received) /* were we interrupted by a signal? */ { - if (*signal_received == SIGUSR1) /* ignore SIGUSR1 */ + /* why are we overwriting SIGUSR1 ? */ + if (sig_info->signal_received == SIGUSR1) /* ignore SIGUSR1 */ { msg(level, "RESOLVE: Ignored SIGUSR1 signal received during " "DNS resolution attempt"); - *signal_received = 0; + signal_reset(sig_info); } else { @@ -638,7 +639,7 @@ openvpn_getaddrinfo(unsigned int flags, } done: - if (signal_received && *signal_received) + if (sig_info && sig_info->signal_received) { int level = 0; if (flags & GETADDR_FATAL_ON_SIGNAL) @@ -1759,7 +1760,7 @@ resolve_remote(struct link_socket *sock, if (status) { status = openvpn_getaddrinfo(flags, sock->remote_host, sock->remote_port, - retry, signal_received, sock->info.af, &ai); + retry, sig_info, sock->info.af, &ai); } if (status == 0) diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h index 05c31b10..92f1af77 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -526,7 +526,7 @@ in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, - volatile int *signal_received); + struct signal_info *sig_info); /** * Translate an IPv6 addr or hostname from string form to in6_addr @@ -538,7 +538,7 @@ int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, - volatile int *signal_received, + struct signal_info *sig_info, int ai_family, struct addrinfo **res); From patchwork Sun Jan 1 21:51:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 2963 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp6018120dyk; Sun, 1 Jan 2023 13:52:13 -0800 (PST) X-Google-Smtp-Source: AMrXdXvCxj+C/IZ5R2ygTOomPExaka2vyq+JRrcRe0agytjr9VZPK2FbjXm8jWPRy8t6xg7IazlJ X-Received: by 2002:a17:902:9888:b0:192:ce7e:93b7 with SMTP id s8-20020a170902988800b00192ce7e93b7mr1177694plp.49.1672609933710; Sun, 01 Jan 2023 13:52:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672609933; cv=none; d=google.com; s=arc-20160816; b=pbjZScNicGanyzaZmisK2uIvByhTQYd6Uv6fafiykYVWbTENRz+lYrNF380zC5LjXG GPJF8ENkp3nZ5QAApXmr6SQGhIDCjl5vrYsq+AOrNVmiBC94bS9TM0116BqDpeXxt1dr 0SQ5GVy/yMRQ4zSCex9Aylo4p7ItimW18lyY63MkentE0TMtK5PkocGlvZTWeSfyiD6M vbhfnYBsNm9ZyK5tDam23MJ+HmcZV/tKL3sihbZ59thBeNO1ozJ9INBbFPKUTD1a1Fzc hIyFdLGpPrdvBuu8yNVlWR4Z1JrKq4lhc/+1mVkHXOQNZqkpYPoFepmuFBIe1YGzBVO7 VBSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=Nc+i4/9iEME/K0uRyzUVYPysUJkKA+9H+Q6oVN2+GEM=; b=p4c4SAQm76iTdnoe75OyWvLIXKm+eCTjMN8cyAm0DZQEIgvJKPzU1CSNM/CedS90Ds sRcqziCIcC7ZvVT5JkxBCpxfm5/wk3R/Djo2fK2BXOgmm1OyLHbFFiYomcvRI3GJz+Y8 fCp7IGIXOO+3omKiHGZzxv591xkYJBSjpRzGTsk1O70Cw2BR8WZK5Xm9tgliRH/XWhCO OQtzwERUMQ8n2q0J5qZFPmxuSjHnDYZXpQf58Z5ZZ8NMfTMCZTnS8eSK/BRLKAFavYVj 0S+XiQ918U8V19TVwaCAlclawxkR0ArtY1iezOgrm18ETEDKWzcNoj/PG8j3S7LeXR3g r5Iw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=ehKfuO3d; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=cfGhGNyp; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=BXcH5ZvC; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id j7-20020a170903024700b00182c510591asi31462269plh.246.2023.01.01.13.52.13 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 01 Jan 2023 13:52:13 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=ehKfuO3d; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=cfGhGNyp; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=BXcH5ZvC; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pC6FF-0002gN-JA; Sun, 01 Jan 2023 21:51:53 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pC6FE-0002el-3G for openvpn-devel@lists.sourceforge.net; Sun, 01 Jan 2023 21:51:52 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=RcAEDVKkuI1y+T9PEDNl3bPPACc3DJBpIM0MUEOsS+o=; b=ehKfuO3dNXlR9ZuZie7V+siAZI 3qJpFT71wCuJhdJBMhsavFZcAGo6zpTTc46CrsYzznP+ZN7bTgNppIFs3zKq2QzgMrveQ2a4yKJis 36B67u+PQVXqLX9wczyHUZc71fEQvmek2T7uJJicuFeS87+A857XOQpYdw6ImvtHfRMI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=RcAEDVKkuI1y+T9PEDNl3bPPACc3DJBpIM0MUEOsS+o=; b=cfGhGNypKGWlTnu1/UCvBjXca7 pJyRCGc2lhFneVC/xNUfnfXdfRYBYCCBPqBuI6SgHXCi/J1a4/bNkH+Q6FX717rmlvu3LiIS1Yigo TBl8+IdRzYcbnilz47lyoCGJVKfbMPPC0x3iczrKaW3cN9NlEfl9s8Y1dzrcIQIJhWxQ=; Received: from mail-il1-f174.google.com ([209.85.166.174]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pC6F9-00054h-G0 for openvpn-devel@lists.sourceforge.net; Sun, 01 Jan 2023 21:51:51 +0000 Received: by mail-il1-f174.google.com with SMTP id o13so15166133ilc.7 for ; Sun, 01 Jan 2023 13:51:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=RcAEDVKkuI1y+T9PEDNl3bPPACc3DJBpIM0MUEOsS+o=; b=BXcH5ZvCo+quQK1F2mnKqK3WjkTf7jXFqPTLeCyUKQhOyuDXFV/wY9meqKwmuOoEyM kOSp46/P12F+uhNOyk6mKRiVTzclds9XUp6T2huUwFEHCWKlfv8Zrwug7swNJkalXybg RNzJ/ZIdIbf+s7rpBVaqbKptDX6TaI1D/W8OARnt/KH9D4N7L0YOQOcCMywYtInkDjk+ i1Yg/jKPUmayoLXfYtlwddCKmX8dYYZ0SYtl5oDHI5NbRSlluVp5XF9EoyhAKHwpim1X /N/r9/Szfd4AyQmZEithLg2gcDSsoAPWl5JpWaYHXCN84DH2hzv2fpjkoOTdOSpVpYHM /IWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RcAEDVKkuI1y+T9PEDNl3bPPACc3DJBpIM0MUEOsS+o=; b=JFNlBZSqUzimVS+CvBoEUO7LEmwheS3WAx5D+ZVtMoxbJFGOKiSo/fQ7RatTVTTUuR qJuCSiaUYnzdbSUZjLCiMpyq5eyXkLuD9yj65j9roW7zrTl+w7Bl58xpM7o2M7pD+PQg aSzoNtkXPwhowmR1OJNros4SjUsaH+0br8a+a1NA2NH0Rj9pUA7i370Q4/q1EmxKP1re +lg3WrVfETif9KKIF3Bn4SiEqH3OhCokDlhAyxrRti+4uyYxNkStv9welIUVXovOWwhI UDGL5IxeLYWDd6CUW0iT0VBpbUS417dVqhrI2Vf7oL4cRNHKmVdWkZBhxJ+LBnTr9QUc mivg== X-Gm-Message-State: AFqh2kpmKaVhq6rLEqCNCxrRzaV3FC5PUlfWCEo1r8ClQEn3+mvlMN/w 1mSFBaBnHR3EvMDJE/58cxJZ3bHIi2TV9A== X-Received: by 2002:a92:1306:0:b0:30c:4991:2eac with SMTP id 6-20020a921306000000b0030c49912eacmr334996ilt.0.1672609901741; Sun, 01 Jan 2023 13:51:41 -0800 (PST) Received: from uranus.sansel.ca (bras-vprn-tnhlon4053w-lp130-01-70-51-222-66.dsl.bell.ca. [70.51.222.66]) by smtp.gmail.com with ESMTPSA id w11-20020a022a0b000000b0038a44dbbd8fsm8975359jaw.123.2023.01.01.13.51.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 01 Jan 2023 13:51:41 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Sun, 1 Jan 2023 16:51:07 -0500 Message-Id: <20230101215109.1521549-4-selva.nair@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230101215109.1521549-1-selva.nair@gmail.com> References: <20230101215109.1521549-1-selva.nair@gmail.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair Signals are ordered as SIGUSR2, SIGUSR1, SIGHUP, SIGTERM, SIGINT in increasing priority. Lower priority signals are not allowed to overwrite higher ones. This should fix Trac #311, #639 -- SIGTER/SIGINT lost during dns resolution. (except for the Windows-specific bug handled in next commit) Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.174 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.174 listed in wl.mailspike.net] -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-Headers-End: 1pC6F9-00054h-G0 Subject: [Openvpn-devel] [PATCH 3/5] Assign and honour signal priority order X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1753858633624868161?= X-GMAIL-MSGID: =?utf-8?q?1753858633624868161?= From: Selva Nair Signals are ordered as SIGUSR2, SIGUSR1, SIGHUP, SIGTERM, SIGINT in increasing priority. Lower priority signals are not allowed to overwrite higher ones. This should fix Trac #311, #639 -- SIGTER/SIGINT lost during dns resolution. (except for the Windows-specific bug handled in next commit) On sending SIGTERM during dns resolution, it still takes several seconds to terminate as the signal will get processed only after getaddrinfo times out twice (in phase1 and phase2 inits). Github: fixes OpenVPN/openvpn#205 Note: one has to still wait for address resolution to time out as getaddrinfo() is no interruptible. But a single ctrl-C (and some patience) is enough. Signed-off-by: Selva Nair Acked-By: Arne Schwabe --- src/openvpn/proxy.c | 5 +---- src/openvpn/sig.c | 45 ++++++++++++++++++++++++++++++++------------ src/openvpn/socket.c | 8 ++++++-- src/openvpn/socks.c | 14 ++++---------- 4 files changed, 44 insertions(+), 28 deletions(-) diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index 91121f25..120ba85e 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -1080,10 +1080,7 @@ done: return ret; error: - if (!sig_info->signal_received) - { - register_signal(sig_info, SIGUSR1, "HTTP proxy error"); /* SOFT-SIGUSR1 -- HTTP proxy error */ - } + register_signal(sig_info, SIGUSR1, "HTTP proxy error"); /* SOFT-SIGUSR1 -- HTTP proxy error */ gc_free(&gc); return ret; } diff --git a/src/openvpn/sig.c b/src/openvpn/sig.c index e462b93e..d6b18cb1 100644 --- a/src/openvpn/sig.c +++ b/src/openvpn/sig.c @@ -47,16 +47,17 @@ struct signal_info siginfo_static; /* GLOBAL */ struct signame { int value; + int priority; const char *upper; const char *lower; }; static const struct signame signames[] = { - { SIGINT, "SIGINT", "sigint"}, - { SIGTERM, "SIGTERM", "sigterm" }, - { SIGHUP, "SIGHUP", "sighup" }, - { SIGUSR1, "SIGUSR1", "sigusr1" }, - { SIGUSR2, "SIGUSR2", "sigusr2" } + { SIGINT, 5, "SIGINT", "sigint"}, + { SIGTERM, 4, "SIGTERM", "sigterm" }, + { SIGHUP, 3, "SIGHUP", "sighup" }, + { SIGUSR1, 2, "SIGUSR1", "sigusr1" }, + { SIGUSR2, 1, "SIGUSR2", "sigusr2" } }; int @@ -73,6 +74,19 @@ parse_signal(const char *signame) return -1; } +static int +signal_priority(int sig) +{ + for (size_t i = 0; i < SIZE(signames); ++i) + { + if (sig == signames[i].value) + { + return signames[i].priority; + } + } + return -1; +} + const char * signal_name(const int sig, const bool upper) { @@ -103,16 +117,22 @@ signal_description(const int signum, const char *sigtext) void throw_signal(const int signum) { - siginfo_static.signal_received = signum; - siginfo_static.source = SIG_SOURCE_HARD; + if (signal_priority(signum) >= signal_priority(siginfo_static.signal_received)) + { + siginfo_static.signal_received = signum; + siginfo_static.source = SIG_SOURCE_HARD; + } } void throw_signal_soft(const int signum, const char *signal_text) { - siginfo_static.signal_received = signum; - siginfo_static.source = SIG_SOURCE_SOFT; - siginfo_static.signal_text = signal_text; + if (signal_priority(signum) >= signal_priority(siginfo_static.signal_received)) + { + siginfo_static.signal_received = signum; + siginfo_static.source = SIG_SOURCE_SOFT; + siginfo_static.signal_text = signal_text; + } } void @@ -472,9 +492,10 @@ process_signal(struct context *c) void register_signal(struct signal_info *si, int sig, const char *text) { - if (si->signal_received != SIGTERM) + if (signal_priority(sig) >= signal_priority(si->signal_received)) { si->signal_received = sig; + si->signal_text = text; + si->source = SIG_SOURCE_SOFT; } - si->signal_text = text; } diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index faaa2748..59d89352 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -2277,8 +2277,12 @@ link_socket_init_phase2(struct context *c) done: if (sig_save.signal_received) { - /* This can potentially lose a saved high priority signal -- to be fixed */ - if (!sig_info->signal_received) + /* Always restore the saved signal -- register/throw_signal will handle priority */ + if (sig_save.source == SIG_SOURCE_HARD && sig_info == &siginfo_static) + { + throw_signal(sig_save.signal_received); + } + else { register_signal(sig_info, sig_save.signal_received, sig_save.signal_text); } diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c index b2ca3744..8f2ae226 100644 --- a/src/openvpn/socks.c +++ b/src/openvpn/socks.c @@ -499,11 +499,8 @@ establish_socks_proxy_passthru(struct socks_proxy_info *p, return; error: - if (!sig_info->signal_received) - { - /* SOFT-SIGUSR1 -- socks error */ - register_signal(sig_info, SIGUSR1, "socks-error"); - } + /* SOFT-SIGUSR1 -- socks error */ + register_signal(sig_info, SIGUSR1, "socks-error"); return; } @@ -543,11 +540,8 @@ establish_socks_proxy_udpassoc(struct socks_proxy_info *p, return; error: - if (!sig_info->signal_received) - { - /* SOFT-SIGUSR1 -- socks error */ - register_signal(sig_info, SIGUSR1, "socks-error"); - } + /* SOFT-SIGUSR1 -- socks error */ + register_signal(sig_info, SIGUSR1, "socks-error"); return; } From patchwork Sun Jan 1 21:51:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 2967 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp6018291dyk; Sun, 1 Jan 2023 13:52:53 -0800 (PST) X-Google-Smtp-Source: AMrXdXuhfWFATasPMOqzDx7oXFkYjX3fR9yfOL6I3abJoq+ogK6K7v1NmfduQoX0HRdG888ZT8qH X-Received: by 2002:a05:6a20:c491:b0:a2:df6d:e56b with SMTP id eo17-20020a056a20c49100b000a2df6de56bmr39803901pzb.14.1672609973577; Sun, 01 Jan 2023 13:52:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672609973; cv=none; d=google.com; s=arc-20160816; b=ApDgbFeeZgVMt9vesm/wF1OzPIzRTLP9czSNGVlctaY6zAm2axJAxqglKEq3hkXNMQ 5RywxGZ6aK3Ohg8ZHKxKuwXDLUrWq9EIRwIM6vDhmFPTdcBQFpWPU83WI+g/4ZK4uLlw Nytyd/CjTQJBuLG59oizCWXE1z63G02c76VB23z01sn9oK4F1qNgfABT4gvIFF0Hs8ca 76kVszVEOeGto54kMc73tEaV/YvbV+9hDk156m+ZesRXvO23fTbXNKdwU6j5gIpQAGw9 4KYPxAmMqdsJpNocyugOj0vHhUJbZg1dGgla2TMfj3tAzzRqXgbkZvNRIA/1cRudnJsP e1TA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=/EIK12jvSgJkY2dAIFMxEyJmy3Ezt2sVtFxsO3UQCyM=; b=lizv5UrNwwrLSp0gKs4dyssdr2lGThs7ZciAi/3VCKl5HEuSArU/TtFSfAX+yZeyMd xDDbfejLncJnKmIHEDbTvpIXib8KXDiqCBfS/bqZN+FVokqWqA81BLURKVeDj/f98ajq 1t6fUB5kr/IxpHk6fejGEB07bFyzY08ZW/DzsVNWrl8SW6FWmuMDTNrmUxNqd1dTzFlH Gn2ewvDtbkhVx7z98d8/9A3fRjyaL/bEt5K53n+0Fre+1AS6X19oNPyWztdAp3+MbXy1 OWX0Tt6dmqREBdkeKtsdau7DTIKHZlo3N+tzH5nX93FX/8Y38xHFXWHlqAye3VMmFooV kHpw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="fd30z/rt"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=KmJf5xqP; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=RA7WUIdb; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id x24-20020a63db58000000b004982aa44074si20890296pgi.561.2023.01.01.13.52.53 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 01 Jan 2023 13:52:53 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="fd30z/rt"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=KmJf5xqP; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=RA7WUIdb; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pC6FH-0004oU-0T; Sun, 01 Jan 2023 21:51:55 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pC6FF-0004oM-6k for openvpn-devel@lists.sourceforge.net; Sun, 01 Jan 2023 21:51:53 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Q2tA/onsnEiwyELEa2IVUBY9uRzZZqYYt3eeUs6QUPs=; b=fd30z/rtD+lXkybMA23WfxNf04 sDXLc4xeFLtFgaoypTlOIp+5ZE27YyrdHzEphhzG99l2ud/ylHwzPaB1wmzyyP4Pc0mno7TK+QMky C+Y4O5nT5y/vG6k1Z/0E4kmEPV3N7TMXpGlRZmIG+bAzjmOr/f6webKCl2W+6Obb8lfg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Q2tA/onsnEiwyELEa2IVUBY9uRzZZqYYt3eeUs6QUPs=; b=KmJf5xqPIZLWgclYagDnhyQWbf GfQlPf7sbRQLJlguCBG55MzeJsfHk6J2Wx0o+v5gk/phPD6uYjlY77XlrIGxYHairWNd6P6Yos1Xd KwDsghBNhTZlO7CfP8WA/DkSIOke7cmY/Cxta3vozqJ2bsH3M52dNLgyIUluIj54+b90=; Received: from mail-io1-f45.google.com ([209.85.166.45]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pC6FB-001bzW-0A for openvpn-devel@lists.sourceforge.net; Sun, 01 Jan 2023 21:51:53 +0000 Received: by mail-io1-f45.google.com with SMTP id b192so14192244iof.8 for ; Sun, 01 Jan 2023 13:51:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Q2tA/onsnEiwyELEa2IVUBY9uRzZZqYYt3eeUs6QUPs=; b=RA7WUIdbnhycODpB/0Pvp/lOAaehNCtrRmwH0gy+qqNdTESvx9CF4vvMHdRzRjmOF2 pIKu5kHUenKlqby4pLB5Hwp/yKY4BCYwrPVwhN+NR5Qh8AI6vUr1uGAZ6AP2esaZXEO2 AmO8jbIOZDXkGhQwPOzbl+cL9S/h4FZTBjetJbQs4NIlqePe4+AMysgJXlKDU54/8UBn 1dmAzJqYvzPuW8TUiBoTi6SOxQr5qWL+CIhBSu5Pk8o96ie0CB+t8ovdDIGYUtuOVTrD lKxPbONPtn2uzC7rq9k01ZO0/BOcrmwTvGrAc9gYPHpjw4u8L5RcaSadnD5dUHR1dL68 pRKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Q2tA/onsnEiwyELEa2IVUBY9uRzZZqYYt3eeUs6QUPs=; b=19XLfzpXlu43nH0vjyHxHFK9lxlZdV+UKG8dfkK28yKOx9S8s6uwXsR5UIGZWl8SmH W6Q9zv+MX3S0IJN5IzOPQUmG2bVWdyKX+USEtJAmP7teoOa20qtus9eBkKzNjjwaYqUY rzjIqbG78lIfIRVeTBpABp2pUzyCje5qMCVsG3adNimtgvwQW0AsxIhRjRl2NlyGgqZ4 1Ky8Z5QhguAufC2OO8gcMdbg1YZYC6ReRcF3GRJN2+EVUoUIMil0XOweQUqXm5bgVmLa PLZRYwcO3yQwNc5lNeXpqm0UFUTikA/yLmxzgGAacV0C/VZpEsRBLhGbSdI4AlW/Lohm xQKw== X-Gm-Message-State: AFqh2kqTQF7qmMt8LuChCXnVWQj/QJW3y3546W7c8hEL0+nAjVyvDFrH 48Ru7rVc0uYL53VLrmyy6gzwODvg+Dxg9w== X-Received: by 2002:a6b:7808:0:b0:6db:3123:261 with SMTP id j8-20020a6b7808000000b006db31230261mr4932765iom.2.1672609903210; Sun, 01 Jan 2023 13:51:43 -0800 (PST) Received: from uranus.sansel.ca (bras-vprn-tnhlon4053w-lp130-01-70-51-222-66.dsl.bell.ca. [70.51.222.66]) by smtp.gmail.com with ESMTPSA id w11-20020a022a0b000000b0038a44dbbd8fsm8975359jaw.123.2023.01.01.13.51.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 01 Jan 2023 13:51:42 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Sun, 1 Jan 2023 16:51:08 -0500 Message-Id: <20230101215109.1521549-5-selva.nair@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230101215109.1521549-1-selva.nair@gmail.com> References: <20230101215109.1521549-1-selva.nair@gmail.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair - In win32_signal_get() re-order the check so that Windows signals are picked up even if signal_received is non-zero - When management is not active, management_sleep() becomes sleep() but it is not interruptible by signals on Windows. Fix this by periodically checking for signal. Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.45 listed in wl.mailspike.net] -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.45 listed in list.dnswl.org] X-Headers-End: 1pC6FB-001bzW-0A Subject: [Openvpn-devel] [PATCH 4/5] Fix signal handling on Windows X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1753858675529086307?= X-GMAIL-MSGID: =?utf-8?q?1753858675529086307?= From: Selva Nair - In win32_signal_get() re-order the check so that Windows signals are picked up even if signal_received is non-zero - When management is not active, management_sleep() becomes sleep() but it is not interruptible by signals on Windows. Fix this by periodically checking for signal. Fixes Trac #311 #639 (windows specific part) Github: Fixes OpenVPN/openvpn#205 (windows specific part) Note: if stuck in address resolution, press ctrl-C and wait for getaddrinfo() to timeout. Signed-off-by: Selva Nair --- src/openvpn/manage.c | 4 ++ src/openvpn/win32.c | 98 +++++++++++++++++++++++++++++--------------- 2 files changed, 68 insertions(+), 34 deletions(-) diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index 5465b7e9..ac37e557 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -4091,10 +4091,14 @@ man_persist_client_stats(struct management *man, struct context *c) void management_sleep(const int n) { +#ifdef WIN32 + win32_sleep(n); +#else if (n > 0) { sleep(n); } +#endif /* ifdef WIN32 */ } #endif /* ENABLE_MANAGEMENT */ diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c index c3520bca..e16d5461 100644 --- a/src/openvpn/win32.c +++ b/src/openvpn/win32.c @@ -642,50 +642,44 @@ int win32_signal_get(struct win32_signal *ws) { int ret = 0; - if (siginfo_static.signal_received) - { - ret = siginfo_static.signal_received; - } - else + + if (ws->mode == WSO_MODE_SERVICE) { - if (ws->mode == WSO_MODE_SERVICE) + if (win32_service_interrupt(ws)) { - if (win32_service_interrupt(ws)) - { - ret = SIGTERM; - } + ret = SIGTERM; } - else if (ws->mode == WSO_MODE_CONSOLE) + } + else if (ws->mode == WSO_MODE_CONSOLE) + { + switch (win32_keyboard_get(ws)) { - switch (win32_keyboard_get(ws)) - { - case 0x3B: /* F1 -> USR1 */ - ret = SIGUSR1; - break; + case 0x3B: /* F1 -> USR1 */ + ret = SIGUSR1; + break; - case 0x3C: /* F2 -> USR2 */ - ret = SIGUSR2; - break; + case 0x3C: /* F2 -> USR2 */ + ret = SIGUSR2; + break; - case 0x3D: /* F3 -> HUP */ - ret = SIGHUP; - break; + case 0x3D: /* F3 -> HUP */ + ret = SIGHUP; + break; - case 0x3E: /* F4 -> TERM */ - ret = SIGTERM; - break; + case 0x3E: /* F4 -> TERM */ + ret = SIGTERM; + break; - case 0x03: /* CTRL-C -> TERM */ - ret = SIGTERM; - break; - } - } - if (ret) - { - throw_signal(ret); /* this will update signinfo_static.signal received */ + case 0x03: /* CTRL-C -> TERM */ + ret = SIGTERM; + break; } } - return ret; + if (ret) + { + throw_signal(ret); /* this will update signinfo_static.signal received */ + } + return (siginfo_static.signal_received); } void @@ -1603,4 +1597,40 @@ set_openssl_env_vars() } } +void +win32_sleep(const int n) +{ + if (n < 0) + { + return; + } + + /* Sleep() is not interruptible. Use a WAIT_OBJECT to catch signal */ + if (HANDLE_DEFINED(win32_signal.in.read)) + { + time_t expire = 0; + update_time(); + expire = now + n; + while (expire >= now) + { + DWORD status = WaitForSingleObject(win32_signal.in.read, (expire - now)*1000); + if (win32_signal_get(&win32_signal) || status == WAIT_TIMEOUT) + { + return; + } + + update_time(); + + if (status == WAIT_FAILED && expire > now) + { + Sleep((expire-now)*1000); + return; + } + } + } + else + { + Sleep(n*1000); + } +} #endif /* ifdef _WIN32 */ From patchwork Sun Jan 1 21:51:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 2966 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp6018240dyk; Sun, 1 Jan 2023 13:52:45 -0800 (PST) X-Google-Smtp-Source: AMrXdXvenda9PVFdAKR7xIppipQqPAoF4K6DCr1P/J46xAA6f7+sgwtUCWzCViLkGGAtXl3ivib9 X-Received: by 2002:a17:902:edc5:b0:192:c882:703e with SMTP id q5-20020a170902edc500b00192c882703emr2479127plk.43.1672609965726; Sun, 01 Jan 2023 13:52:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672609965; cv=none; d=google.com; s=arc-20160816; b=VwVCUdow/Zw3YSvjsOG51bHtGzpyaNqtUrw1Qn4I9od4K8xROttuXEWYb5FlgoTAUy jX4TDvgFcxhD275EHRKLPsE5WSFZIiwzu6miV4Glb2+lsUZSD8ZTZZbPdb7+ANaBHK0p VGFn7sJND7UQPKppaMFMmxpK/TEePX05geCe8wYcUzztSwTFGi6eDnVeJQqwUiV63mUZ 3SJIJdSmXXgyUyfASxie3pWUB2va6ww8LsulFB2nKwd8y0HdIo2OeD+3KrD+4aZhr26E xLWbCiT2/Fyx4GRurPDashGD4lLAlvtGY68AXANa/rLnXpKUzYEAglau/K/s6J89FRJ/ BOgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=g3dSq59CFF+NK/i0Lause6B4rNsKLM6s9PBSPlf+yTg=; b=BCLAr2hWvy9wb9YnuMJxxQ9wF4bPf0lC4IH9bhuWYsya2E9/fvNlei8mtIFGKYZWSN whBDuFsWH5ukc6LDkwLsIwkPNbl/GRvdXB8Afo9OG2RF6K7kfDfqTsBGl++sqRmec64H ko62SVDr9DM8ntLfChjr6vPiQ8wAUlzo+TRQmmLNw5K17d0U7YWV9E6TGzUxcXzdSMgH 3ot0Bu+jG+vR6k1pbHw4Ia87rBPrr3ZYHjagxmd1qXPeD4k1Fv4usApl+kFqwpavsCz1 mya2Iu5YDNFBsdifDWajjI2aQa9y7/36LsI+Fo0c0aWg+6gmhxXAXTt8g2cvMUqeMVQx hlKA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Grp8ho+t; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=iv4CNCj5; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=YTe6DQJC; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id e9-20020a17090301c900b00192d15e82basi101264plh.5.2023.01.01.13.52.45 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 01 Jan 2023 13:52:45 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Grp8ho+t; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=iv4CNCj5; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20210112 header.b=YTe6DQJC; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pC6FL-0002s0-5f; Sun, 01 Jan 2023 21:51:59 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pC6FI-0002rk-VR for openvpn-devel@lists.sourceforge.net; Sun, 01 Jan 2023 21:51:56 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=jXpMgEWEoK9b20hcIMXutB4zAkNrHlNkXysNmCnh2W8=; b=Grp8ho+tVnX24/zG0WKPP99MN3 SuVcWAwnMyM6CTaMgiTxEg41EMTNtDOAnHFnVlH/pA/79dDcrEgRY/QnI+vaD5BNAJm1Hz+PSNg47 0e6kDI5TvfwGbeYDT1qQx8o552VRwQDyMIx6ZcUt+aqCgMNbsfAZE0sMCw2sBKmyGXhM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=jXpMgEWEoK9b20hcIMXutB4zAkNrHlNkXysNmCnh2W8=; b=iv4CNCj5l0jsHEPbpMYlZmGfEN sJllhXfWCO3Xxr3Axj74oG9D8pxvgKzSzK1Cs/C5FjBVxVY9Sm0mNPhWFBxtJD/jO5xS9HWQCGO8r cqz2w7W9k8jH5tETkvNiE47bFaTg1dIBpYNuIFcx6vKREIAk444IvbX/q66WbONHo/tE=; Received: from mail-io1-f52.google.com ([209.85.166.52]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1pC6FE-001bza-2W for openvpn-devel@lists.sourceforge.net; Sun, 01 Jan 2023 21:51:56 +0000 Received: by mail-io1-f52.google.com with SMTP id n63so14197093iod.7 for ; Sun, 01 Jan 2023 13:51:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=jXpMgEWEoK9b20hcIMXutB4zAkNrHlNkXysNmCnh2W8=; b=YTe6DQJCWrOchrMgOGZRLVQGsp3WdAhfZSe7+fCYf98ouU2V0ucllGn+6slgQMdZUx pOg48XMlw7t8r1h31/Lk6UpvrGRQo5vzRpe0kzwpl/49drtnpA8oG9RkZmmKqJWjkzKj HyAJHUs9Bjc434g4U+fvtsL/k9aGFE4gy+Nzh0MVmrhri3zulQE+ec6OSUi7K/WKSWIy E3NGId2MeQL6jWMDNhBb8Ll9ttXeCHwIwuauA9gB4djLcSdsFTmZVUjLl5u0S8YH7zFT Yx5/d9Yl/7242rAAvIRQXARiLo21JtLYWlMxNksLlwCRgPLLl9yRuqr/aGj4cW70Mfhq KVgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jXpMgEWEoK9b20hcIMXutB4zAkNrHlNkXysNmCnh2W8=; b=7jBp8lRDQnKNKDLGPj71EQfRxoZnUm5cCLtSUN2GMNomsBiAQKDEuWLTGjBbcVWAcF RcL7s20V3CfkAStGy+TjX26h6v4VaBcjQUx+irILJGZfHbfJljogDFgkG3icSg2x5LTy 2Ia+ULgfKlewoYZfEuvqjYFHJiZsIU6Z1suG79NhPEeWd15C7vmIAyeEjyW4B00OM8Jj S89hCytQt4WB2XB9vlIKjWiK078hakCRtEXok3wXFsMufcqLAmLQcpgc8kaF8Dsc9nJ5 /0320qM9Y1y//mmPlVKhbpFUljUXaELDwD5o1EYs19eUsVnoRy229kAf/t/P8RkQP9Qf ietQ== X-Gm-Message-State: AFqh2kqPEFo8P3pflBbcU4SM7r37AfuyVAdDtVYq7OzHIBwLVA4vyI8k Hq5mBEAjLsj/VruVvt66kHoLupRyaj3Dyg== X-Received: by 2002:a6b:7808:0:b0:6db:3123:261 with SMTP id j8-20020a6b7808000000b006db31230261mr4932780iom.2.1672609906070; Sun, 01 Jan 2023 13:51:46 -0800 (PST) Received: from uranus.sansel.ca (bras-vprn-tnhlon4053w-lp130-01-70-51-222-66.dsl.bell.ca. [70.51.222.66]) by smtp.gmail.com with ESMTPSA id w11-20020a022a0b000000b0038a44dbbd8fsm8975359jaw.123.2023.01.01.13.51.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 01 Jan 2023 13:51:45 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Sun, 1 Jan 2023 16:51:09 -0500 Message-Id: <20230101215109.1521549-6-selva.nair@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230101215109.1521549-1-selva.nair@gmail.com> References: <20230101215109.1521549-1-selva.nair@gmail.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair Currently we use the old signal API which follows system-V or BSD semantics depending on the platform and/or feature-set macros. Further, signal has many weaknesses which makes proper masking (blockin [...] Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.166.52 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.166.52 listed in wl.mailspike.net] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1pC6FE-001bza-2W Subject: [Openvpn-devel] [PATCH 5/5] Improve signal handling using POSIX sigaction X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1753858667657035684?= X-GMAIL-MSGID: =?utf-8?q?1753858667657035684?= From: Selva Nair Currently we use the old signal API which follows system-V or BSD semantics depending on the platform and/or feature-set macros. Further, signal has many weaknesses which makes proper masking (blocking) of signals during update not possible. Improve this: - Use sigaction to properly mask signals when modifying. - Change signal_reset() to read the current value and reset in one operation. This is required to avoid change of signal state between check and reset-operations. This also allows us to eliminate resetting signal to 0 in init_instance() which can potentially lose signals. Instead, the signal is reset at the end of the SIGUSR1 and SIGHUP loops where their values are checked. Notes: SIG_SOURCE_CONNECTION_FAILED is retained in a hackish way. This value has the same meaning as SIG_SOURCE_SOFT everywhere except where the signal is printed. Looks cosmetic --- could be eliminated? SIGUSR1 during dns resolution is ignored and reset to zero in the original and that behaviour is retained. Not sure why this is needed. Special handling of signals in openvpn_getaddrinfo() as if it is a syscall is retained but looks superfluous. In pre_init_signal_catch() we ignore some unix signals, but the same signals from management are not ignored though both are treated as "HARD" signals. For example, during auth-user-pass query, "kill -SIGUSR1 " will be ignored, but "signal SIGUSR1" from management interface will cause M_FATAL and exit. This is the current behaviour, but could be improved? Signed-off-by: Selva Nair --- src/openvpn/init.c | 3 - src/openvpn/multi.c | 5 +- src/openvpn/openvpn.c | 4 +- src/openvpn/sig.c | 294 ++++++++++++++++++++++++++++++++---------- src/openvpn/sig.h | 7 +- src/openvpn/socket.c | 12 +- 6 files changed, 239 insertions(+), 86 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index eec25acf..eabc8ea1 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -4228,9 +4228,6 @@ init_instance(struct context *c, const struct env_set *env, const unsigned int f do_inherit_env(c, env); } - /* signals caught here will abort */ - signal_reset(c->sig); - if (c->mode == CM_P2P) { init_management_callback_p2p(c); diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index c2254399..1e7e76f2 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -3828,7 +3828,7 @@ multi_push_restart_schedule_exit(struct multi_context *m, bool next_server) &m->deferred_shutdown_signal.wakeup, compute_wakeup_sigma(&m->deferred_shutdown_signal.wakeup)); - signal_reset(m->top.sig); + signal_reset(m->top.sig, 0); } /* @@ -3838,12 +3838,11 @@ multi_push_restart_schedule_exit(struct multi_context *m, bool next_server) bool multi_process_signal(struct multi_context *m) { - if (m->top.sig->signal_received == SIGUSR2) + if (signal_reset(m->top.sig, SIGUSR2) == SIGUSR2) { struct status_output *so = status_open(NULL, 0, M_INFO, NULL, 0); multi_print_status(m, so, m->status_file_version); status_close(so); - signal_reset(m->top.sig); return false; } else if (proto_is_dgram(m->top.options.ce.proto) diff --git a/src/openvpn/openvpn.c b/src/openvpn/openvpn.c index 413a750b..d590b166 100644 --- a/src/openvpn/openvpn.c +++ b/src/openvpn/openvpn.c @@ -333,14 +333,14 @@ openvpn_main(int argc, char *argv[]) /* pass restart status to management subsystem */ signal_restart_status(c.sig); } - while (c.sig->signal_received == SIGUSR1); + while (signal_reset(c.sig, SIGUSR1) == SIGUSR1); env_set_destroy(c.es); uninit_options(&c.options); gc_reset(&c.gc); uninit_early(&c); } - while (c.sig->signal_received == SIGHUP); + while (signal_reset(c.sig, SIGHUP) == SIGHUP); } context_gc_free(&c); diff --git a/src/openvpn/sig.c b/src/openvpn/sig.c index d6b18cb1..87063913 100644 --- a/src/openvpn/sig.c +++ b/src/openvpn/sig.c @@ -6,6 +6,7 @@ * packet compression. * * Copyright (C) 2002-2022 OpenVPN Inc + * Copyright (C) 2016-2022 Selva Nair * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -60,6 +61,9 @@ static const struct signame signames[] = { { SIGUSR2, 1, "SIGUSR2", "sigusr2" } }; +/* mask for hard signals from management or windows */ +static unsigned long long ignored_hard_signals_mask; + int parse_signal(const char *signame) { @@ -114,36 +118,174 @@ signal_description(const int signum, const char *sigtext) } } +/** + * Block (i.e., defer) all unix signals. + * Used while directly modifying the volatile elements of + * siginfo_static. + */ +static inline void +block_async_signals(void) +{ +#ifndef _WIN32 + sigset_t all; + sigfillset(&all); /* all signals */ + + sigprocmask(SIG_BLOCK, &all, NULL); +#endif +} + +/** + * Unblock all unix signals. + */ +static inline void +unblock_async_signals(void) +{ +#ifndef _WIN32 + sigset_t none; + sigemptyset(&none); + sigprocmask(SIG_SETMASK, &none, NULL); +#endif +} + +/** + * Private function for registering a signal in the specified + * signal_info struct. This could be the global siginfo_static + * or a context specific signinfo struct. + * + * A signal is allowed to override an already registered + * one only if it has a higher priority. + * Returns true if the signal is set, false otherwise. + * + * Do not call any "AS-unsafe" functions such as printf from here + * as this may be called from signal_handler(). + */ +static bool +try_throw_signal(struct signal_info *si, int signum, int source) +{ + bool ret = false; + if (signal_priority(signum) >= signal_priority(si->signal_received)) + { + si->signal_received = signum; + si->source = source; + ret = true; + } + return ret; +} + +/** + * Throw a hard signal. Called from management and when windows + * signals are received through ctrl-c, exit event etc. + */ void throw_signal(const int signum) { - if (signal_priority(signum) >= signal_priority(siginfo_static.signal_received)) + if (ignored_hard_signals_mask & (1LL << signum)) + { + dmsg(D_LOW, "Signal %s is currently ignored", signal_name(signum, true)); + return; + } + block_async_signals(); + + if (!try_throw_signal(&siginfo_static, signum, SIG_SOURCE_HARD)) + { + dmsg(D_LOW, "Ignoring %s when %s has been received", signal_name(signum, true), + signal_name(siginfo_static.signal_received, true)); + } + else { - siginfo_static.signal_received = signum; - siginfo_static.source = SIG_SOURCE_HARD; + dmsg(D_LOW, "Throw signal: %s ", signal_name(signum, true)); } + + unblock_async_signals(); } +/** + * Throw a soft global signal. Used to register internally generated signals + * due to errors that require a restart or exit, or restart requests + * received from the server. A textual description of the signal may + * be provided. + */ void throw_signal_soft(const int signum, const char *signal_text) { - if (signal_priority(signum) >= signal_priority(siginfo_static.signal_received)) + block_async_signals(); + + if (try_throw_signal(&siginfo_static, signum, SIG_SOURCE_SOFT)) { - siginfo_static.signal_received = signum; - siginfo_static.source = SIG_SOURCE_SOFT; siginfo_static.signal_text = signal_text; } + else + { + dmsg(D_LOW, "Ignoring %s when %s has been received", signal_name(signum, true), + signal_name(siginfo_static.signal_received, true)); + } + + unblock_async_signals(); } +/** + * Register a soft signal in the signal_info struct si respecting priority. + * si may be a pointer to the global siginfo_static or a context-specific + * signal in a multi-instance or a temporary variable. + */ void -signal_reset(struct signal_info *si) +register_signal(struct signal_info *si, int signum, const char *signal_text) { + if (si == &siginfo_static) /* attempting to alter the global signal */ + { + block_async_signals(); + } + + if (try_throw_signal(si, signum, SIG_SOURCE_SOFT)) + { + si->signal_text = signal_text; + if (signal_text && strcmp(signal_text, "connection-failed") == 0) + { + si->source = SIG_SOURCE_CONNECTION_FAILED; + } + } + else + { + dmsg(D_LOW, "Ignoring %s when %s has been received", signal_name(signum, true), + signal_name(si->signal_received, true)); + } + + if (si == &siginfo_static) + { + unblock_async_signals(); + } +} + +/** + * Clear the signal if its current value equals signum. If + * signum is zero the signal is cleared independent of its current + * value. Returns the current value of the signal. + */ +int +signal_reset(struct signal_info *si, int signum) +{ + int sig_saved = 0; if (si) { - si->signal_received = 0; - si->signal_text = NULL; - si->source = SIG_SOURCE_SOFT; + if (si == &siginfo_static) /* attempting to alter the global signal */ + { + block_async_signals(); + } + + sig_saved = si->signal_received; + if (!signum || sig_saved == signum) + { + si->signal_received = 0; + si->signal_text = NULL; + si->source = SIG_SOURCE_SOFT; + } + + if (si == &siginfo_static) + { + unblock_async_signals(); + } } + return sig_saved; } void @@ -239,12 +381,10 @@ signal_restart_status(const struct signal_info *si) static void signal_handler(const int signum) { - throw_signal(signum); - signal(signum, signal_handler); + try_throw_signal(&siginfo_static, signum, SIG_SOURCE_HARD); } #endif - /* set handlers for unix signals */ #define SM_UNDEF 0 @@ -256,28 +396,65 @@ void pre_init_signal_catch(void) { #ifndef _WIN32 + sigset_t block_mask; + struct sigaction sa; + CLEAR(sa); + + sigfillset(&block_mask); /* all signals */ + sa.sa_handler = signal_handler; + sa.sa_mask = block_mask; /* signals blocked inside the handler */ + sa.sa_flags = SA_RESTART; /* match with the behaviour of signal() on Linux and BSD */ + signal_mode = SM_PRE_INIT; - signal(SIGINT, signal_handler); - signal(SIGTERM, signal_handler); - signal(SIGHUP, SIG_IGN); - signal(SIGUSR1, SIG_IGN); - signal(SIGUSR2, SIG_IGN); - signal(SIGPIPE, SIG_IGN); + sigaction(SIGINT, &sa, NULL); + sigaction(SIGTERM, &sa, NULL); + + sa.sa_handler = SIG_IGN; + sigaction(SIGHUP, &sa, NULL); + sigaction(SIGUSR1, &sa, NULL); + sigaction(SIGUSR2, &sa, NULL); + sigaction(SIGPIPE, &sa, NULL); #endif /* _WIN32 */ + + /* similar "hard" signals from management not masked -- why ? */ } void post_init_signal_catch(void) { #ifndef _WIN32 + sigset_t block_mask; + struct sigaction sa; + CLEAR(sa); + + sigfillset(&block_mask); /* all signals */ + sa.sa_handler = signal_handler; + sa.sa_mask = block_mask; /* signals blocked inside the handler */ + sa.sa_flags = SA_RESTART; /* match with the behaviour of signal() on Linux and BSD */ + signal_mode = SM_POST_INIT; - signal(SIGINT, signal_handler); - signal(SIGTERM, signal_handler); - signal(SIGHUP, signal_handler); - signal(SIGUSR1, signal_handler); - signal(SIGUSR2, signal_handler); - signal(SIGPIPE, SIG_IGN); -#endif + sigaction(SIGINT, &sa, NULL); + sigaction(SIGTERM, &sa, NULL); + sigaction(SIGHUP, &sa, NULL); + sigaction(SIGUSR1, &sa, NULL); + sigaction(SIGUSR2, &sa, NULL); + sa.sa_handler = SIG_IGN; + sigaction(SIGPIPE, &sa, NULL); +#endif /* _WIN32 */ +} + +void +halt_low_priority_signals() +{ +#ifndef _WIN32 + struct sigaction sa; + CLEAR(sa); + sa.sa_handler = SIG_IGN; + sigaction(SIGHUP, &sa, NULL); + sigaction(SIGUSR1, &sa, NULL); + sigaction(SIGUSR2, &sa, NULL); +#endif /* _WIN32 */ + ignored_hard_signals_mask = (1LL << SIGHUP) | (1LL << SIGUSR1) | (1LL << SIGUSR2); } /* called after daemonization to retain signal settings */ @@ -341,7 +518,6 @@ print_status(const struct context *c, struct status_output *so) gc_free(&gc); } - /* Small helper function to determine if we should send the exit notification * via control channel */ static inline bool @@ -371,8 +547,15 @@ process_explicit_exit_notification_init(struct context *c) event_timeout_init(&c->c2.explicit_exit_notification_interval, 1, 0); reset_coarse_timers(c); - signal_reset(c->sig); + /* Windows exit event will continue trigering SIGTERM -- halt it */ halt_non_edge_triggered_signals(); + + /* Before resetting the signal, ensure hard low priority signals + * will be ignored during the exit notification period. + */ + halt_low_priority_signals(); /* Set hard SIGUSR1/SIGHUP/SIGUSR2 to be ignored */ + signal_reset(c->sig, 0); + c->c2.explicit_exit_notification_time_wait = now; /* Check if we are in TLS mode and should send the notification via data @@ -422,7 +605,7 @@ process_sigusr2(const struct context *c) struct status_output *so = status_open(NULL, 0, M_INFO, NULL, 0); print_status(c, so); status_close(so); - signal_reset(c->sig); + signal_reset(c->sig, SIGUSR2); } static bool @@ -439,33 +622,21 @@ process_sigterm(struct context *c) } /** - * If a restart signal is received during exit-notification, reset the - * signal and return true. If its a soft restart signal from the event loop - * which implies the loop cannot continue, remap to SIGTERM to exit promptly. + * If a soft restart signal is received during exit-notification, it + * implies the event loop cannot continue: remap to SIGTERM to exit promptly. + * Hard restart signals are ignored during exit notification wait. */ -static bool -ignore_restart_signals(struct context *c) +static void +remap_restart_signals(struct context *c) { - bool ret = false; - if ( (c->sig->signal_received == SIGUSR1 || c->sig->signal_received == SIGHUP) - && event_timeout_defined(&c->c2.explicit_exit_notification_interval) ) + if ((c->sig->signal_received == SIGUSR1 || c->sig->signal_received == SIGHUP) + && event_timeout_defined(&c->c2.explicit_exit_notification_interval) + && c->sig->source != SIG_SOURCE_HARD) { - if (c->sig->source == SIG_SOURCE_HARD) - { - msg(M_INFO, "Ignoring %s received during exit notification", - signal_name(c->sig->signal_received, true)); - signal_reset(c->sig); - ret = true; - } - else - { - msg(M_INFO, "Converting soft %s received during exit notification to SIGTERM", - signal_name(c->sig->signal_received, true)); - register_signal(c->sig, SIGTERM, "exit-with-notification"); - ret = false; - } + msg(M_INFO, "Converting soft %s received during exit notification to SIGTERM", + signal_name(c->sig->signal_received, true)); + register_signal(c->sig, SIGTERM, "exit-with-notification"); } - return ret; } bool @@ -473,11 +644,9 @@ process_signal(struct context *c) { bool ret = true; - if (ignore_restart_signals(c)) - { - ret = false; - } - else if (c->sig->signal_received == SIGTERM || c->sig->signal_received == SIGINT) + remap_restart_signals(c); + + if (c->sig->signal_received == SIGTERM || c->sig->signal_received == SIGINT) { ret = process_sigterm(c); } @@ -488,14 +657,3 @@ process_signal(struct context *c) } return ret; } - -void -register_signal(struct signal_info *si, int sig, const char *text) -{ - if (signal_priority(sig) >= signal_priority(si->signal_received)) - { - si->signal_received = sig; - si->signal_text = text; - si->source = SIG_SOURCE_SOFT; - } -} diff --git a/src/openvpn/sig.h b/src/openvpn/sig.h index 83adc543..b2845d97 100644 --- a/src/openvpn/sig.h +++ b/src/openvpn/sig.h @@ -81,7 +81,12 @@ void register_signal(struct signal_info *si, int sig, const char *text); void process_explicit_exit_notification_timer_wakeup(struct context *c); -void signal_reset(struct signal_info *si); +/** + * Clear the signal if its current value equals signum. If signum is + * zero the signal is cleared independent of its current value. + * @returns the current value of the signal. + */ +int signal_reset(struct signal_info *si, int signum); static inline void halt_non_edge_triggered_signals(void) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 59d89352..61971906 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -567,12 +567,11 @@ openvpn_getaddrinfo(unsigned int flags, if (sig_info->signal_received) /* were we interrupted by a signal? */ { /* why are we overwriting SIGUSR1 ? */ - if (sig_info->signal_received == SIGUSR1) /* ignore SIGUSR1 */ + if (signal_reset(sig_info, SIGUSR1) == SIGUSR1) /* ignore SIGUSR1 */ { msg(level, "RESOLVE: Ignored SIGUSR1 signal received during " "DNS resolution attempt"); - signal_reset(sig_info); } else { @@ -1588,7 +1587,6 @@ socket_connect(socket_descriptor_t *sd, openvpn_close_socket(*sd); *sd = SOCKET_UNDEFINED; register_signal(sig_info, SIGUSR1, "connection-failed"); - sig_info->source = SIG_SOURCE_CONNECTION_FAILED; } else { @@ -1782,11 +1780,7 @@ resolve_remote(struct link_socket *sock, } if (status!=0) { - if (signal_received) - { - /* potential overwrite of signal */ - register_signal(sig_info, SIGUSR1, "socks-resolve-failure"); - } + register_signal(sig_info, SIGUSR1, "socks-resolve-failure"); goto done; } } @@ -2177,7 +2171,7 @@ link_socket_init_phase2(struct context *c) if (sig_info->signal_received) { sig_save = *sig_info; - signal_reset(sig_info); + sig_save.signal_received = signal_reset(sig_info, 0); } /* initialize buffers */