[tor-commits] [obfs4/master] Clean up/refactor the shutdown/termination handling code.

yawning at torproject.org yawning at torproject.org
Sat Mar 28 02:52:16 UTC 2015 

commit 657c8e4f02ad6c6c3cc97256b7529fe5514c0945
Author: Yawning Angel <yawning at torproject.org>
Date:   Sat Mar 28 02:49:07 2015 +0000

    Clean up/refactor the shutdown/termination handling code.
    
    This combines the old signal processing code with the parent monitor,
    into a new termination monitor structure, which also now handles keeping
    track of outstanding sessions.
---
 obfs4proxy/obfs4proxy.go          |   72 +++++++---------------
 obfs4proxy/parentMonitor.go       |   88 ---------------------------
 obfs4proxy/parentMonitor_linux.go |   49 ---------------
 obfs4proxy/termmon.go             |  119 +++++++++++++++++++++++++++++++++++++
 obfs4proxy/termmon_linux.go       |   49 +++++++++++++++
 5 files changed, 189 insertions(+), 188 deletions(-)

diff --git a/obfs4proxy/obfs4proxy.go b/obfs4proxy/obfs4proxy.go
index b27d75d..9b452ac 100644
--- a/obfs4proxy/obfs4proxy.go
+++ b/obfs4proxy/obfs4proxy.go
@@ -38,7 +38,6 @@ import (
 	"net"
 	"net/url"
 	"os"
-	"os/signal"
 	"path"
 	"sync"
 	"syscall"
@@ -60,7 +59,7 @@ const (
 var enableLogging bool
 var unsafeLogging bool
 var stateDir string
-var handlerChan chan int
+var termMon *termMonitor
 
 // DialFn is a function pointer to a function that matches the net.Dialer.Dial
 // interface.
@@ -176,10 +175,8 @@ func clientAcceptLoop(f base.ClientFactory, ln *pt.SocksListener, proxyURI *url.
 
 func clientHandler(f base.ClientFactory, conn *pt.SocksConn, proxyURI *url.URL) {
 	defer conn.Close()
-	handlerChan <- 1
-	defer func() {
-		handlerChan <- -1
-	}()
+	termMon.onHandlerStart()
+	defer termMon.onHandlerFinish()
 
 	name := f.Transport().Name()
 	addrStr := elideAddr(conn.Req.Target)
@@ -298,10 +295,8 @@ func serverAcceptLoop(f base.ServerFactory, ln net.Listener, info *pt.ServerInfo
 
 func serverHandler(f base.ServerFactory, conn net.Conn, info *pt.ServerInfo) {
 	defer conn.Close()
-	handlerChan <- 1
-	defer func() {
-		handlerChan <- -1
-	}()
+	termMon.onHandlerStart()
+	defer termMon.onHandlerFinish()
 
 	name := f.Transport().Name()
 	addrStr := elideAddr(conn.RemoteAddr().String())
@@ -386,8 +381,8 @@ func getVersion() string {
 }
 
 func main() {
-	// Initialize parent process monitoring as early as possible.
-	pmonErr := initParentMonitor()
+	// Initialize the termination state monitor as soon as possible.
+	termMon = newTermMonitor()
 
 	// Handle the command line arguments.
 	_, execName := path.Split(os.Args[0])
@@ -405,10 +400,8 @@ func main() {
 		log.Fatalf("[ERROR]: failed to set log level: %s", err)
 	}
 
-	// Determine if this is a client or server, initialize logging, and finish
-	// the pt configuration.
+	// Determine if this is a client or server, initialize the common state.
 	var ptListeners []net.Listener
-	handlerChan = make(chan int)
 	launched := false
 	isClient, err := ptIsClient()
 	if err != nil {
@@ -419,12 +412,10 @@ func main() {
 	}
 	if err = ptInitializeLogging(enableLogging); err != nil {
 		log.Fatalf("[ERROR]: %s - failed to initialize logging", execName)
-	} else {
-		noticef("%s - launched", getVersion())
-		if pmonErr != nil {
-			warnf("%s - failed to initialize parent monitor: %s", execName, pmonErr)
-		}
 	}
+	noticef("%s - launched", getVersion())
+
+	// Do the managed pluggable transport protocol configuration.
 	if isClient {
 		infof("%s - initializing client transport listeners", execName)
 		launched, ptListeners = clientSetup()
@@ -444,39 +435,18 @@ func main() {
 	}()
 
 	// At this point, the pt config protocol is finished, and incoming
-	// connections will be processed.  Per the pt spec, on sane platforms
-	// termination is signaled via SIGINT (or SIGTERM), so wait on tor to
-	// request a shutdown of some sort.
-
-	sigChan := make(chan os.Signal, 1)
-	signal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM)
-
-	// Wait for the first SIGINT (close listeners).
-	var sig os.Signal
-	numHandlers := 0
-	for sig == nil {
-		select {
-		case n := <-handlerChan:
-			numHandlers += n
-		case sig = <-sigChan:
-			if sig == syscall.SIGTERM {
-				// SIGTERM causes immediate termination.
-				return
-			}
-		}
+	// connections will be processed.  Wait till the parent dies
+	// (immediate exit), a SIGTERM is received (immediate exit),
+	// or a SIGINT is received.
+	if sig := termMon.wait(false); sig == syscall.SIGTERM {
+		return
 	}
+
+	// Ok, it was the first SIGINT, close all listeners, and wait till,
+	// the parent dies, all the current connections are closed, or either
+	// a SIGINT/SIGTERM is received, and exit.
 	for _, ln := range ptListeners {
 		ln.Close()
 	}
-
-	// Wait for the 2nd SIGINT (or a SIGTERM), or for all current sessions to
-	// finish.
-	sig = nil
-	for sig == nil && numHandlers != 0 {
-		select {
-		case n := <-handlerChan:
-			numHandlers += n
-		case sig = <-sigChan:
-		}
-	}
+	termMon.wait(true)
 }
diff --git a/obfs4proxy/parentMonitor.go b/obfs4proxy/parentMonitor.go
deleted file mode 100644
index e2f078d..0000000
--- a/obfs4proxy/parentMonitor.go
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright (c) 2015, Yawning Angel <yawning at torproject dot org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- *  * Redistributions of source code must retain the above copyright notice,
- *    this list of conditions and the following disclaimer.
- *
- *  * Redistributions in binary form must reproduce the above copyright notice,
- *    this list of conditions and the following disclaimer in the documentation
- *    and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-package main
-
-import (
-	"fmt"
-	"os"
-	"runtime"
-	"syscall"
-	"time"
-)
-
-var parentMonitorOSInit func() error
-
-func initParentMonitor() error {
-	// Until #15435 is implemented, there is no reliable way to see if
-	// the parent has died that is portable/platform independent/reliable.
-	//
-	// Do the next best thing and use various kludges and hacks:
-	//  * Linux - Platform specific code that should always work.
-	//  * Other U*IX - Somewhat generic code, that works unless the parent
-	//    dies before the monitor is initialized.
-	//  * Windows - Log an error, can't be bothered to figure out how
-	//    to handle this there.
-	if parentMonitorOSInit != nil {
-		return parentMonitorOSInit()
-	} else if runtime.GOOS != "windows" {
-		ppid := os.Getppid()
-		go parentMonitorPpidChange(ppid)
-		return nil
-	}
-	return fmt.Errorf("unsupported on: %s", runtime.GOOS)
-}
-
-func parentMonitorPpidChange(ppid int) {
-	// Under most if not all U*IX systems, the parent PID will change
-	// to that of init once the parent dies.  There are several notable
-	// exceptions (Slowlaris/Android), but the parent PID changes
-	// under those platforms as well.
-	//
-	// Naturally we lose if the parent has died by the time when the
-	// Getppid() call was issued in our parent, but, this is better
-	// than nothing.
-
-	const ppidPollInterval = 1 * time.Second
-	for ppid == os.Getppid() {
-		time.Sleep(ppidPollInterval)
-	}
-
-	// If possible SIGTERM ourself so that the normal shutdown code
-	// gets invoked.  If any of that fails, exit anyway, we are a
-	// defunt process.
-	noticef("Parent pid changed: %d (was %d)", os.Getppid(), ppid)
-	if p, err := os.FindProcess(os.Getpid()); err == nil {
-		if err := p.Signal(syscall.SIGTERM); err == nil {
-			return
-		}
-		warnf("Failed to SIGTERM ourself: %v", err)
-	} else {
-		warnf("Failed to find our own process: %v", err)
-	}
-	os.Exit(-1)
-}
diff --git a/obfs4proxy/parentMonitor_linux.go b/obfs4proxy/parentMonitor_linux.go
deleted file mode 100644
index 65fd307..0000000
--- a/obfs4proxy/parentMonitor_linux.go
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 2015, Yawning Angel <yawning at torproject dot org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- *  * Redistributions of source code must retain the above copyright notice,
- *    this list of conditions and the following disclaimer.
- *
- *  * Redistributions in binary form must reproduce the above copyright notice,
- *    this list of conditions and the following disclaimer in the documentation
- *    and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-package main
-
-import (
-	"fmt"
-	"syscall"
-)
-
-func parentMonitorInitLinux() error {
-	// Use prctl() to have the kernel deliver a SIGTERM if the parent
-	// process dies.  This beats anything else that can be done before
-	// #15435 is implemented.
-	_, _, errno := syscall.Syscall(syscall.SYS_PRCTL, syscall.PR_SET_PDEATHSIG, uintptr(syscall.SIGTERM), 0)
-	if errno != 0 {
-		var err error = errno
-		return fmt.Errorf("prctl(PR_SET_PDEATHSIG, SIGTERM) returned: %s", err)
-	}
-	return nil
-}
-
-func init() {
-	parentMonitorOSInit = parentMonitorInitLinux
-}
diff --git a/obfs4proxy/termmon.go b/obfs4proxy/termmon.go
new file mode 100644
index 0000000..eac7e20
--- /dev/null
+++ b/obfs4proxy/termmon.go
@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 2015, Yawning Angel <yawning at torproject dot org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *  * Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ *  * Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package main
+
+import (
+	"os"
+	"os/signal"
+	"runtime"
+	"syscall"
+	"time"
+)
+
+var termMonitorOSInit func(*termMonitor) error
+
+type termMonitor struct {
+	sigChan     chan os.Signal
+	handlerChan chan int
+	numHandlers int
+}
+
+func (m *termMonitor) onHandlerStart() {
+	m.handlerChan <- 1
+}
+
+func (m *termMonitor) onHandlerFinish() {
+	m.handlerChan <- -1
+}
+
+func (m *termMonitor) wait(termOnNoHandlers bool) os.Signal {
+	// Block until a signal has been received, or (optionally) the
+	// number of pending handlers has hit 0.  In the case of the
+	// latter, treat it as if a SIGTERM has been received.
+	for {
+		select {
+		case n := <-m.handlerChan:
+			m.numHandlers += n
+		case sig := <-m.sigChan:
+			return sig
+		}
+		if termOnNoHandlers && m.numHandlers == 0 {
+			return syscall.SIGTERM
+		}
+	}
+}
+
+func (m *termMonitor) termOnPPIDChange(ppid int) {
+	// Under most if not all U*IX systems, the parent PID will change
+	// to that of init once the parent dies.  There are several notable
+	// exceptions (Slowlaris/Android), but the parent PID changes
+	// under those platforms as well.
+	//
+	// Naturally we lose if the parent has died by the time when the
+	// Getppid() call was issued in our parent, but, this is better
+	// than nothing.
+
+	const ppidPollInterval = 1 * time.Second
+	for ppid == os.Getppid() {
+		time.Sleep(ppidPollInterval)
+	}
+
+	// Treat the parent PID changing as the same as having received
+	// a SIGTERM.
+	noticef("Parent pid changed: %d (was %d)", os.Getppid(), ppid)
+	m.sigChan <- syscall.SIGTERM
+}
+
+func newTermMonitor() *termMonitor {
+	ppid := os.Getppid()
+	m := new(termMonitor)
+	m.sigChan = make(chan os.Signal)
+	m.handlerChan = make(chan int)
+	signal.Notify(m.sigChan, syscall.SIGINT, syscall.SIGTERM)
+
+	// Until #15435 is implemented, there is no reliable way to see if
+	// the parent has died that is portable/platform independent/reliable.
+	//
+	// Do the next best thing and use various kludges and hacks:
+	//  * Linux - Platform specific code that should always work.
+	//  * Other U*IX - Somewhat generic code, that works unless the parent
+	//    dies before the monitor is initialized.
+	//  * Windows - Don't specifically monitor for parent termination.
+	if termMonitorOSInit != nil {
+		// Errors here are non-fatal, since it might still be possible
+		// to fall back to a generic implementation.
+		if err := termMonitorOSInit(m); err == nil {
+			return m
+		}
+	}
+	if runtime.GOOS != "windows" {
+		go m.termOnPPIDChange(ppid)
+	}
+
+	return m
+}
diff --git a/obfs4proxy/termmon_linux.go b/obfs4proxy/termmon_linux.go
new file mode 100644
index 0000000..9711cfc
--- /dev/null
+++ b/obfs4proxy/termmon_linux.go
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2015, Yawning Angel <yawning at torproject dot org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *  * Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ *  * Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package main
+
+import (
+	"fmt"
+	"syscall"
+)
+
+func termMonitorInitLinux(m *termMonitor) error {
+	// Use prctl() to have the kernel deliver a SIGTERM if the parent
+	// process dies.  This beats anything else that can be done before
+	// #15435 is implemented.
+	_, _, errno := syscall.Syscall(syscall.SYS_PRCTL, syscall.PR_SET_PDEATHSIG, uintptr(syscall.SIGTERM), 0)
+	if errno != 0 {
+		var err error = errno
+		return fmt.Errorf("prctl(PR_SET_PDEATHSIG, SIGTERM) returned: %s", err)
+	}
+	return nil
+}
+
+func init() {
+	termMonitorOSInit = termMonitorInitLinux
+}

More information about the tor-commits mailing list