commit 657c8e4f02ad6c6c3cc97256b7529fe5514c0945 Author: Yawning Angel yawning@torproject.org Date: Sat Mar 28 02:49:07 2015 +0000

Clean up/refactor the shutdown/termination handling code.

This combines the old signal processing code with the parent monitor, into a new termination monitor structure, which also now handles keeping track of outstanding sessions. --- obfs4proxy/obfs4proxy.go | 72 +++++++--------------- obfs4proxy/parentMonitor.go | 88 --------------------------- obfs4proxy/parentMonitor_linux.go | 49 --------------- obfs4proxy/termmon.go | 119 +++++++++++++++++++++++++++++++++++++ obfs4proxy/termmon_linux.go | 49 +++++++++++++++ 5 files changed, 189 insertions(+), 188 deletions(-)

diff --git a/obfs4proxy/obfs4proxy.go b/obfs4proxy/obfs4proxy.go index b27d75d..9b452ac 100644 --- a/obfs4proxy/obfs4proxy.go +++ b/obfs4proxy/obfs4proxy.go @@ -38,7 +38,6 @@ import ( "net" "net/url" "os" - "os/signal" "path" "sync" "syscall" @@ -60,7 +59,7 @@ const ( var enableLogging bool var unsafeLogging bool var stateDir string -var handlerChan chan int +var termMon *termMonitor

// DialFn is a function pointer to a function that matches the net.Dialer.Dial // interface. @@ -176,10 +175,8 @@ func clientAcceptLoop(f base.ClientFactory, ln *pt.SocksListener, proxyURI *url.

func clientHandler(f base.ClientFactory, conn *pt.SocksConn, proxyURI *url.URL) { defer conn.Close() - handlerChan <- 1 - defer func() { - handlerChan <- -1 - }() + termMon.onHandlerStart() + defer termMon.onHandlerFinish()

name := f.Transport().Name() addrStr := elideAddr(conn.Req.Target) @@ -298,10 +295,8 @@ func serverAcceptLoop(f base.ServerFactory, ln net.Listener, info *pt.ServerInfo

func serverHandler(f base.ServerFactory, conn net.Conn, info *pt.ServerInfo) { defer conn.Close() - handlerChan <- 1 - defer func() { - handlerChan <- -1 - }() + termMon.onHandlerStart() + defer termMon.onHandlerFinish()

name := f.Transport().Name() addrStr := elideAddr(conn.RemoteAddr().String()) @@ -386,8 +381,8 @@ func getVersion() string { }

func main() { - // Initialize parent process monitoring as early as possible. - pmonErr := initParentMonitor() + // Initialize the termination state monitor as soon as possible. + termMon = newTermMonitor()

// Handle the command line arguments. _, execName := path.Split(os.Args[0]) @@ -405,10 +400,8 @@ func main() { log.Fatalf("[ERROR]: failed to set log level: %s", err) }

- // Determine if this is a client or server, initialize logging, and finish - // the pt configuration. + // Determine if this is a client or server, initialize the common state. var ptListeners []net.Listener - handlerChan = make(chan int) launched := false isClient, err := ptIsClient() if err != nil { @@ -419,12 +412,10 @@ func main() { } if err = ptInitializeLogging(enableLogging); err != nil { log.Fatalf("[ERROR]: %s - failed to initialize logging", execName) - } else { - noticef("%s - launched", getVersion()) - if pmonErr != nil { - warnf("%s - failed to initialize parent monitor: %s", execName, pmonErr) - } } + noticef("%s - launched", getVersion()) + + // Do the managed pluggable transport protocol configuration. if isClient { infof("%s - initializing client transport listeners", execName) launched, ptListeners = clientSetup() @@ -444,39 +435,18 @@ func main() { }()

// At this point, the pt config protocol is finished, and incoming - // connections will be processed. Per the pt spec, on sane platforms - // termination is signaled via SIGINT (or SIGTERM), so wait on tor to - // request a shutdown of some sort. - - sigChan := make(chan os.Signal, 1) - signal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM) - - // Wait for the first SIGINT (close listeners). - var sig os.Signal - numHandlers := 0 - for sig == nil { - select { - case n := <-handlerChan: - numHandlers += n - case sig = <-sigChan: - if sig == syscall.SIGTERM { - // SIGTERM causes immediate termination. - return - } - } + // connections will be processed. Wait till the parent dies + // (immediate exit), a SIGTERM is received (immediate exit), + // or a SIGINT is received. + if sig := termMon.wait(false); sig == syscall.SIGTERM { + return } + + // Ok, it was the first SIGINT, close all listeners, and wait till, + // the parent dies, all the current connections are closed, or either + // a SIGINT/SIGTERM is received, and exit. for _, ln := range ptListeners { ln.Close() } - - // Wait for the 2nd SIGINT (or a SIGTERM), or for all current sessions to - // finish. - sig = nil - for sig == nil && numHandlers != 0 { - select { - case n := <-handlerChan: - numHandlers += n - case sig = <-sigChan: - } - } + termMon.wait(true) } diff --git a/obfs4proxy/parentMonitor.go b/obfs4proxy/parentMonitor.go deleted file mode 100644 index e2f078d..0000000 --- a/obfs4proxy/parentMonitor.go +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright (c) 2015, Yawning Angel <yawning at torproject dot org> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -package main - -import ( - "fmt" - "os" - "runtime" - "syscall" - "time" -) - -var parentMonitorOSInit func() error - -func initParentMonitor() error { - // Until #15435 is implemented, there is no reliable way to see if - // the parent has died that is portable/platform independent/reliable. - // - // Do the next best thing and use various kludges and hacks: - // * Linux - Platform specific code that should always work. - // * Other U*IX - Somewhat generic code, that works unless the parent - // dies before the monitor is initialized. - // * Windows - Log an error, can't be bothered to figure out how - // to handle this there. - if parentMonitorOSInit != nil { - return parentMonitorOSInit() - } else if runtime.GOOS != "windows" { - ppid := os.Getppid() - go parentMonitorPpidChange(ppid) - return nil - } - return fmt.Errorf("unsupported on: %s", runtime.GOOS) -} - -func parentMonitorPpidChange(ppid int) { - // Under most if not all U*IX systems, the parent PID will change - // to that of init once the parent dies. There are several notable - // exceptions (Slowlaris/Android), but the parent PID changes - // under those platforms as well. - // - // Naturally we lose if the parent has died by the time when the - // Getppid() call was issued in our parent, but, this is better - // than nothing. - - const ppidPollInterval = 1 * time.Second - for ppid == os.Getppid() { - time.Sleep(ppidPollInterval) - } - - // If possible SIGTERM ourself so that the normal shutdown code - // gets invoked. If any of that fails, exit anyway, we are a - // defunt process. - noticef("Parent pid changed: %d (was %d)", os.Getppid(), ppid) - if p, err := os.FindProcess(os.Getpid()); err == nil { - if err := p.Signal(syscall.SIGTERM); err == nil { - return - } - warnf("Failed to SIGTERM ourself: %v", err) - } else { - warnf("Failed to find our own process: %v", err) - } - os.Exit(-1) -} diff --git a/obfs4proxy/parentMonitor_linux.go b/obfs4proxy/parentMonitor_linux.go deleted file mode 100644 index 65fd307..0000000 --- a/obfs4proxy/parentMonitor_linux.go +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 2015, Yawning Angel <yawning at torproject dot org> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -package main - -import ( - "fmt" - "syscall" -) - -func parentMonitorInitLinux() error { - // Use prctl() to have the kernel deliver a SIGTERM if the parent - // process dies. This beats anything else that can be done before - // #15435 is implemented. - _, _, errno := syscall.Syscall(syscall.SYS_PRCTL, syscall.PR_SET_PDEATHSIG, uintptr(syscall.SIGTERM), 0) - if errno != 0 { - var err error = errno - return fmt.Errorf("prctl(PR_SET_PDEATHSIG, SIGTERM) returned: %s", err) - } - return nil -} - -func init() { - parentMonitorOSInit = parentMonitorInitLinux -} diff --git a/obfs4proxy/termmon.go b/obfs4proxy/termmon.go new file mode 100644 index 0000000..eac7e20 --- /dev/null +++ b/obfs4proxy/termmon.go @@ -0,0 +1,119 @@ +/* + * Copyright (c) 2015, Yawning Angel <yawning at torproject dot org> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +package main + +import ( + "os" + "os/signal" + "runtime" + "syscall" + "time" +) + +var termMonitorOSInit func(*termMonitor) error + +type termMonitor struct { + sigChan chan os.Signal + handlerChan chan int + numHandlers int +} + +func (m *termMonitor) onHandlerStart() { + m.handlerChan <- 1 +} + +func (m *termMonitor) onHandlerFinish() { + m.handlerChan <- -1 +} + +func (m *termMonitor) wait(termOnNoHandlers bool) os.Signal { + // Block until a signal has been received, or (optionally) the + // number of pending handlers has hit 0. In the case of the + // latter, treat it as if a SIGTERM has been received. + for { + select { + case n := <-m.handlerChan: + m.numHandlers += n + case sig := <-m.sigChan: + return sig + } + if termOnNoHandlers && m.numHandlers == 0 { + return syscall.SIGTERM + } + } +} + +func (m *termMonitor) termOnPPIDChange(ppid int) { + // Under most if not all U*IX systems, the parent PID will change + // to that of init once the parent dies. There are several notable + // exceptions (Slowlaris/Android), but the parent PID changes + // under those platforms as well. + // + // Naturally we lose if the parent has died by the time when the + // Getppid() call was issued in our parent, but, this is better + // than nothing. + + const ppidPollInterval = 1 * time.Second + for ppid == os.Getppid() { + time.Sleep(ppidPollInterval) + } + + // Treat the parent PID changing as the same as having received + // a SIGTERM. + noticef("Parent pid changed: %d (was %d)", os.Getppid(), ppid) + m.sigChan <- syscall.SIGTERM +} + +func newTermMonitor() *termMonitor { + ppid := os.Getppid() + m := new(termMonitor) + m.sigChan = make(chan os.Signal) + m.handlerChan = make(chan int) + signal.Notify(m.sigChan, syscall.SIGINT, syscall.SIGTERM) + + // Until #15435 is implemented, there is no reliable way to see if + // the parent has died that is portable/platform independent/reliable. + // + // Do the next best thing and use various kludges and hacks: + // * Linux - Platform specific code that should always work. + // * Other U*IX - Somewhat generic code, that works unless the parent + // dies before the monitor is initialized. + // * Windows - Don't specifically monitor for parent termination. + if termMonitorOSInit != nil { + // Errors here are non-fatal, since it might still be possible + // to fall back to a generic implementation. + if err := termMonitorOSInit(m); err == nil { + return m + } + } + if runtime.GOOS != "windows" { + go m.termOnPPIDChange(ppid) + } + + return m +} diff --git a/obfs4proxy/termmon_linux.go b/obfs4proxy/termmon_linux.go new file mode 100644 index 0000000..9711cfc --- /dev/null +++ b/obfs4proxy/termmon_linux.go @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2015, Yawning Angel <yawning at torproject dot org> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +package main + +import ( + "fmt" + "syscall" +) + +func termMonitorInitLinux(m *termMonitor) error { + // Use prctl() to have the kernel deliver a SIGTERM if the parent + // process dies. This beats anything else that can be done before + // #15435 is implemented. + _, _, errno := syscall.Syscall(syscall.SYS_PRCTL, syscall.PR_SET_PDEATHSIG, uintptr(syscall.SIGTERM), 0) + if errno != 0 { + var err error = errno + return fmt.Errorf("prctl(PR_SET_PDEATHSIG, SIGTERM) returned: %s", err) + } + return nil +} + +func init() { + termMonitorOSInit = termMonitorInitLinux +}