[obfs4/master] Attempt to detect if the parent crashed without killing obfs4proxy. - tor-commits

26 Mar 2015

commit 4e4c9052f436b86729b853715086e9445c76e185
Author: Yawning Angel yawning@torproject.org
Date:   Thu Mar 26 06:30:50 2015 +0000
Attempt to detect if the parent crashed without killing obfs4proxy.
The ideal solution here would be to implement #15435, but till then
    use one of several kludges:
     * Linux - prctl() so that the kernel SIGTERMs on parent exit.
     * Other U*ix - Poll the parent process id once a second, and SIGTERM
       ourself/exit if it changes.  Former is better since all the normal
       cleanup if any gets done.
     * Windows - Log a warning.
---
 ChangeLog                         |    1 +
 obfs4proxy/obfs4proxy.go          |    6 +++
 obfs4proxy/parentMonitor.go       |   88 +++++++++++++++++++++++++++++++++++++
 obfs4proxy/parentMonitor_linux.go |   50 +++++++++++++++++++++
 4 files changed, 145 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index b012ef5..5e77d16 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 Changes in version 0.0.5 - UNRELEASED:
  - Go vet/fmt fixes, and misc. code cleanups.  Patches by mvdan.
  - Changed the go.net import path to the new location (golang.org/x/net).
+ - Added limited support for detecting if the parent process crashes.
Changes in version 0.0.4 - 2015-02-17
  - Improve the runtime performance of the obfs4 handshake tests.
diff --git a/obfs4proxy/obfs4proxy.go b/obfs4proxy/obfs4proxy.go
index 53a0218..b27d75d 100644
--- a/obfs4proxy/obfs4proxy.go
+++ b/obfs4proxy/obfs4proxy.go
@@ -386,6 +386,9 @@ func getVersion() string {
 }
func main() {
+	// Initialize parent process monitoring as early as possible.
+	pmonErr := initParentMonitor()
+
    // Handle the command line arguments.
    _, execName := path.Split(os.Args[0])
    showVer := flag.Bool("version", false, "Print version and exit")
@@ -418,6 +421,9 @@ func main() {
    	log.Fatalf("[ERROR]: %s - failed to initialize logging", execName)
    } else {
    	noticef("%s - launched", getVersion())
+		if pmonErr != nil {
+			warnf("%s - failed to initialize parent monitor: %s", execName, pmonErr)
+		}
    }
    if isClient {
    	infof("%s - initializing client transport listeners", execName)
diff --git a/obfs4proxy/parentMonitor.go b/obfs4proxy/parentMonitor.go
new file mode 100644
index 0000000..beeea50
--- /dev/null
+++ b/obfs4proxy/parentMonitor.go
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2015, Yawning Angel <yawning at torproject dot org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *  * Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ *  * Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package main
+
+import (
+	"fmt"
+	"os"
+	"runtime"
+	"syscall"
+	"time"
+)
+
+var parentMonitorOSInit func() error
+
+func initParentMonitor() error {
+	// Until #15435 is implemented, there is no reliable way to see if
+	// the parent has died that is portable/platform independent/reliable.
+	//
+	// Do the next best thing and use various kludges and hacks:
+	//  * Linux - Platform specific code that should always work.
+	//  * Other U*IX - Somewhat generic code, that works unless the parent
+	//    dies before the monitor is initialized.
+	//  * Windows - Log an error, can't be bothered to figure out how
+	//    to handle this there.
+	if parentMonitorOSInit != nil {
+		return parentMonitorOSInit()
+	} else if runtime.GOOS != "windows" {
+		ppid := os.Getppid()
+		go parentMonitorPpidChange(ppid)
+		return nil
+	}
+	return fmt.Errorf("unsupported on: %s", runtime.GOOS)
+}
+
+func parentMonitorPpidChange(ppid int) {
+	// Under most if not all U*IX systems, the parent PID will change
+	// to that of init once the parent dies.  There are several notable
+	// exceptions (Slowlaris/Android), but the parent PID changes
+	// under those platforms as well.
+	//
+	// Naturally we lose if the parent has died by the when the
+	// Getppid() call was issued in our parent, but, this is better
+	// than nothing.
+
+	const ppidPollInterval = 1 * time.Second
+	for ppid == os.Getppid() {
+		time.Sleep(ppidPollInterval)
+	}
+
+	// If possible SIGTERM ourself so that the normal shutdown code
+	// gets invoked.  If any of that fails, exit anyway, we are a
+	// defunt process.
+	noticef("Parent pid changed: %d (was %d)", os.Getppid(), ppid)
+	if p, err := os.FindProcess(os.Getpid()); err == nil {
+		if err := p.Signal(syscall.SIGTERM); err == nil {
+			return
+		}
+		warnf("Failed to SIGTERM ourself: %v", err)
+	} else {
+		warnf("Failed to find our own process: %v", err)
+	}
+	os.Exit(-1)
+}
diff --git a/obfs4proxy/parentMonitor_linux.go b/obfs4proxy/parentMonitor_linux.go
new file mode 100644
index 0000000..0fc967f
--- /dev/null
+++ b/obfs4proxy/parentMonitor_linux.go
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2015, Yawning Angel <yawning at torproject dot org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *  * Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ *  * Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package main
+
+import (
+	"fmt"
+	"syscall"
+)
+
+func parentMonitorInitLinux() error {
+	/* Use prctl() to have the kernel deliver a SIGTERM if the parent
+	 * process dies.  This beats anything else that can be done before
+	 * #15435 is implemented.
+	 */
+	_, _, errno := syscall.Syscall(syscall.SYS_PRCTL, syscall.PR_SET_PDEATHSIG, uintptr(syscall.SIGTERM), 0)
+	if errno != 0 {
+		var err error = errno
+		return fmt.Errorf("prctl(PR_SET_PDEATHSIG, SIGTERM) returned: %s", err)
+	}
+	return nil
+}
+
+func init() {
+	parentMonitorOSInit = parentMonitorInitLinux
+}

    