commit 4e4c9052f436b86729b853715086e9445c76e185 Author: Yawning Angel <yawning@torproject.org> Date: Thu Mar 26 06:30:50 2015 +0000 Attempt to detect if the parent crashed without killing obfs4proxy. The ideal solution here would be to implement #15435, but till then use one of several kludges: * Linux - prctl() so that the kernel SIGTERMs on parent exit. * Other U*ix - Poll the parent process id once a second, and SIGTERM ourself/exit if it changes. Former is better since all the normal cleanup if any gets done. * Windows - Log a warning. --- ChangeLog | 1 + obfs4proxy/obfs4proxy.go | 6 +++ obfs4proxy/parentMonitor.go | 88 +++++++++++++++++++++++++++++++++++++ obfs4proxy/parentMonitor_linux.go | 50 +++++++++++++++++++++ 4 files changed, 145 insertions(+) diff --git a/ChangeLog b/ChangeLog index b012ef5..5e77d16 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ Changes in version 0.0.5 - UNRELEASED: - Go vet/fmt fixes, and misc. code cleanups. Patches by mvdan. - Changed the go.net import path to the new location (golang.org/x/net). + - Added limited support for detecting if the parent process crashes. Changes in version 0.0.4 - 2015-02-17 - Improve the runtime performance of the obfs4 handshake tests. diff --git a/obfs4proxy/obfs4proxy.go b/obfs4proxy/obfs4proxy.go index 53a0218..b27d75d 100644 --- a/obfs4proxy/obfs4proxy.go +++ b/obfs4proxy/obfs4proxy.go @@ -386,6 +386,9 @@ func getVersion() string { } func main() { + // Initialize parent process monitoring as early as possible. + pmonErr := initParentMonitor() + // Handle the command line arguments. _, execName := path.Split(os.Args[0]) showVer := flag.Bool("version", false, "Print version and exit") @@ -418,6 +421,9 @@ func main() { log.Fatalf("[ERROR]: %s - failed to initialize logging", execName) } else { noticef("%s - launched", getVersion()) + if pmonErr != nil { + warnf("%s - failed to initialize parent monitor: %s", execName, pmonErr) + } } if isClient { infof("%s - initializing client transport listeners", execName) diff --git a/obfs4proxy/parentMonitor.go b/obfs4proxy/parentMonitor.go new file mode 100644 index 0000000..beeea50 --- /dev/null +++ b/obfs4proxy/parentMonitor.go @@ -0,0 +1,88 @@ +/* + * Copyright (c) 2015, Yawning Angel <yawning at torproject dot org> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +package main + +import ( + "fmt" + "os" + "runtime" + "syscall" + "time" +) + +var parentMonitorOSInit func() error + +func initParentMonitor() error { + // Until #15435 is implemented, there is no reliable way to see if + // the parent has died that is portable/platform independent/reliable. + // + // Do the next best thing and use various kludges and hacks: + // * Linux - Platform specific code that should always work. + // * Other U*IX - Somewhat generic code, that works unless the parent + // dies before the monitor is initialized. + // * Windows - Log an error, can't be bothered to figure out how + // to handle this there. + if parentMonitorOSInit != nil { + return parentMonitorOSInit() + } else if runtime.GOOS != "windows" { + ppid := os.Getppid() + go parentMonitorPpidChange(ppid) + return nil + } + return fmt.Errorf("unsupported on: %s", runtime.GOOS) +} + +func parentMonitorPpidChange(ppid int) { + // Under most if not all U*IX systems, the parent PID will change + // to that of init once the parent dies. There are several notable + // exceptions (Slowlaris/Android), but the parent PID changes + // under those platforms as well. + // + // Naturally we lose if the parent has died by the when the + // Getppid() call was issued in our parent, but, this is better + // than nothing. + + const ppidPollInterval = 1 * time.Second + for ppid == os.Getppid() { + time.Sleep(ppidPollInterval) + } + + // If possible SIGTERM ourself so that the normal shutdown code + // gets invoked. If any of that fails, exit anyway, we are a + // defunt process. + noticef("Parent pid changed: %d (was %d)", os.Getppid(), ppid) + if p, err := os.FindProcess(os.Getpid()); err == nil { + if err := p.Signal(syscall.SIGTERM); err == nil { + return + } + warnf("Failed to SIGTERM ourself: %v", err) + } else { + warnf("Failed to find our own process: %v", err) + } + os.Exit(-1) +} diff --git a/obfs4proxy/parentMonitor_linux.go b/obfs4proxy/parentMonitor_linux.go new file mode 100644 index 0000000..0fc967f --- /dev/null +++ b/obfs4proxy/parentMonitor_linux.go @@ -0,0 +1,50 @@ +/* + * Copyright (c) 2015, Yawning Angel <yawning at torproject dot org> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +package main + +import ( + "fmt" + "syscall" +) + +func parentMonitorInitLinux() error { + /* Use prctl() to have the kernel deliver a SIGTERM if the parent + * process dies. This beats anything else that can be done before + * #15435 is implemented. + */ + _, _, errno := syscall.Syscall(syscall.SYS_PRCTL, syscall.PR_SET_PDEATHSIG, uintptr(syscall.SIGTERM), 0) + if errno != 0 { + var err error = errno + return fmt.Errorf("prctl(PR_SET_PDEATHSIG, SIGTERM) returned: %s", err) + } + return nil +} + +func init() { + parentMonitorOSInit = parentMonitorInitLinux +}