diff options
| -rw-r--r-- | src/data/hostinfod.conf.sample | 2 | ||||
| -rw-r--r-- | src/htbt.c | 14 | ||||
| -rw-r--r-- | src/proone-bne.c | 3 | ||||
| -rw-r--r-- | src/proone-htbthost.c | 2 | ||||
| -rw-r--r-- | src/proone.c | 54 | ||||
| -rw-r--r-- | src/resolv.c | 2 |
6 files changed, 45 insertions, 32 deletions
diff --git a/src/data/hostinfod.conf.sample b/src/data/hostinfod.conf.sample index fd94c9b..f2cf299 100644 --- a/src/data/hostinfod.conf.sample +++ b/src/data/hostinfod.conf.sample @@ -15,7 +15,7 @@ hostinfod: # max_conn: 0 # db_q_size: 0 report_int: 60000 - sck_op_timeout: 5000 + sck_op_timeout: 10000 # nb_thread: # backlog: 10 listen_port: 64420 @@ -22,10 +22,10 @@ // Hover Max Redirection count #define HTBT_HOVER_MAX_REDIR 5 -// CNCP interval: HTBT_CNCP_INT_MIN + variance +// CNCP interval: HTBT_CNCP_INT_MIN + jitter // between 30 minutes and an hour #define HTBT_CNCP_INT_MIN 1800000 // half an hour minimum interval -#define HTBT_CNCP_INT_VAR 1800000 // half an hour variance +#define HTBT_CNCP_INT_JIT 1800000 // half an hour jitter #define HTBT_LBD_PORT prne_htobe16(PRNE_HTBT_PROTO_PORT) #define HTBT_LBD_BACKLOG 4 #define HTBT_LBD_MAX_CLIENTS 5 @@ -855,7 +855,7 @@ static void htbt_slv_consume_outbuf ( } prne_dbgpf("\n"); } - else { + else if (PRNE_VERBOSE >= PRNE_VL_DBG0) { prne_dbgpf( HTBT_NT_SLV"@%"PRIuPTR": > %d bytes.\n", (uintptr_t)ctx, @@ -1560,7 +1560,7 @@ static void *htbt_slv_entry (void *p) { } prne_dbgpf("\n"); } - else { + else if (PRNE_VERBOSE >= PRNE_VL_DBG0) { prne_dbgpf( HTBT_NT_SLV"@%"PRIuPTR": < %d bytes.\n", (uintptr_t)ctx, @@ -2182,7 +2182,7 @@ static void htbt_cncp_stream_slv ( } prne_dbgpf("\n"); } - else { + else if (PRNE_VERBOSE >= PRNE_VL_DBG0) { prne_dbgpf( HTBT_NT_CNCP"@%"PRIuPTR": < %zu bytes.\n", (uintptr_t)ctx, @@ -2359,13 +2359,13 @@ static void *htbt_cncp_entry (void *p) { while (ctx->loop_flag) { htbt_cncp_do_probe(ctx); - // calc interval variance + // calc interval jitter intvar = 0; // ignore failure of mbedtls_ctr_drbg_random() mbedtls_ctr_drbg_random( ctx->param.ctr_drbg, (unsigned char*)&intvar, sizeof(intvar)); - intvar = HTBT_CNCP_INT_MIN + (intvar % HTBT_CNCP_INT_VAR); + intvar = HTBT_CNCP_INT_MIN + (intvar % HTBT_CNCP_INT_JIT); pth_event_free(ev, FALSE); ev = pth_event( PTH_EVENT_TIME, diff --git a/src/proone-bne.c b/src/proone-bne.c index e3165b6..20fb24b 100644 --- a/src/proone-bne.c +++ b/src/proone-bne.c @@ -4,6 +4,7 @@ #include <string.h> #include <errno.h> +#include <signal.h> #include <unistd.h> #include <fcntl.h> #include <arpa/inet.h> @@ -186,6 +187,8 @@ int main (const int argc, const char **args) { pth_event_t ev_root = NULL; prne_llist_t wkr_list; + signal(SIGPIPE, SIG_IGN); + prne_init_cred_dict(&dict); prne_init_bne_param(¶m); prne_init_bin_archive(&ba); diff --git a/src/proone-htbthost.c b/src/proone-htbthost.c index eb499b6..32c6158 100644 --- a/src/proone-htbthost.c +++ b/src/proone-htbthost.c @@ -354,11 +354,11 @@ int main (const int argc, const char **args) { } c; } ssl; + signal(SIGPIPE, SIG_IGN); sigemptyset(&ss_all); sigemptyset(&ss_exit); sigaddset(&ss_all, SIGTERM); sigaddset(&ss_all, SIGINT); - sigaddset(&ss_all, SIGPIPE); sigaddset(&ss_exit, SIGTERM); sigaddset(&ss_exit, SIGINT); assert(regcomp( diff --git a/src/proone.c b/src/proone.c index d3f1e75..7ab123e 100644 --- a/src/proone.c +++ b/src/proone.c @@ -38,8 +38,6 @@ struct prne_global prne_g; struct prne_shared_global *prne_s_g = NULL; -sigset_t ss_exit, ss_all; - static prne_worker_t wkr_arr[3]; static size_t wkr_cnt; static prne_llist_t bne_list; @@ -536,6 +534,7 @@ static void reap_bne (void) { static int proone_main (void) { static int caught_sig; static pth_event_t root_ev = NULL; + static sigset_t ss; prne_assert(pth_init()); prne_assert(libssh2_init(0) == 0); @@ -548,6 +547,11 @@ static int proone_main (void) { } seed_ssl_rnd(true); + sigemptyset(&ss); + sigaddset(&ss, SIGTERM); + sigaddset(&ss, SIGINT); + pth_sigmask(SIG_BLOCK, &ss, NULL); + alloc_workers(); for (size_t i = 0; i < wkr_cnt; i += 1) { wkr_arr[i].pth = pth_spawn( @@ -562,17 +566,14 @@ static int proone_main (void) { root_ev = build_bne_ev(); caught_sig = -1; - pth_sigwait_ev(&ss_all, &caught_sig, root_ev); - if (caught_sig >= 0 && - sigismember(&ss_exit, caught_sig) && - caught_sig != SIGINT) - { + pth_sigwait_ev(&ss, &caught_sig, root_ev); + if (caught_sig == SIGTERM) { break; } reap_bne(); } - sigprocmask(SIG_UNBLOCK, &ss_exit, NULL); + pth_sigmask(SIG_UNBLOCK, &ss, NULL); // reap generic workers for (size_t i = 0; i < wkr_cnt; i += 1) { @@ -1214,13 +1215,15 @@ END: } static void do_exec (const char *exec, char **args) { - sigset_t old_ss; + sigset_t ss, old_ss; bool has_ss; + sigfillset(&ss); + // Clean the house for the new image. // Free any resource that survives exec() call. deinit_shared_global(); - has_ss = sigprocmask(SIG_UNBLOCK, &ss_all, &old_ss) == 0; + has_ss = sigprocmask(SIG_UNBLOCK, &ss, &old_ss) == 0; execv(exec, args); prne_dbgperr("** exec()"); @@ -1369,6 +1372,7 @@ static void deinit_bne (void) { int main (const int argc, const char **args) { static int exit_code; static bool loop = true; + static sigset_t ss_all; // done with the terminal close(STDIN_FILENO); @@ -1378,14 +1382,11 @@ int main (const int argc, const char **args) { close(STDERR_FILENO); #endif - sigemptyset(&ss_exit); sigemptyset(&ss_all); - sigaddset(&ss_exit, SIGINT); - sigaddset(&ss_exit, SIGTERM); sigaddset(&ss_all, SIGINT); sigaddset(&ss_all, SIGTERM); sigaddset(&ss_all, SIGCHLD); - sigaddset(&ss_all, SIGPIPE); + signal(SIGPIPE, SIG_IGN); prne_g.parent_start = prne_gettime(CLOCK_MONOTONIC); prne_g.blackhole[0] = -1; @@ -1447,9 +1448,10 @@ int main (const int argc, const char **args) { prne_g.child_pid = fork(); if (prne_g.child_pid > 0) { - static int status; + static int status, caught_signal; + static pid_t f_ret; + static sigset_t ss; static bool has_ny_bin; - static int caught_signal; prne_dbgpf("* Child: %d\n", prne_g.child_pid); @@ -1460,14 +1462,16 @@ WAIT_LOOP: case SIGINT: // Exit requested. Notify the child and wait for it to exit. loop = false; - sigprocmask(SIG_UNBLOCK, &ss_exit, NULL); + sigemptyset(&ss); + sigaddset(&ss, SIGINT); + sigprocmask(SIG_UNBLOCK, &ss, NULL); kill(prne_g.child_pid, SIGTERM); goto WAIT_LOOP; case SIGCHLD: - prne_assert(waitpid( - prne_g.child_pid, - &status, - 0) == prne_g.child_pid); + f_ret = waitpid(prne_g.child_pid, &status, 0); + if (f_ret != prne_g.child_pid) { + abort(); + } break; default: goto WAIT_LOOP; } @@ -1512,9 +1516,11 @@ WAIT_LOOP: sleep(1); } - else { + else if (prne_g.child_pid == 0) { prne_close(prne_g.shm_fd); prne_g.shm_fd = -1; + sigprocmask(SIG_UNBLOCK, &ss_all, NULL); + prne_g.is_child = true; prne_g.child_start = prne_gettime(CLOCK_MONOTONIC); prne_g.child_pid = getpid(); @@ -1522,6 +1528,10 @@ WAIT_LOOP: exit_code = proone_main(); break; } + else { + prne_dbgperr("** fork()"); + sleep(1); + } } prne_g.child_pid = 0; diff --git a/src/resolv.c b/src/resolv.c index 40ea997..c841e4e 100644 --- a/src/resolv.c +++ b/src/resolv.c @@ -109,7 +109,7 @@ const prne_resolv_ns_pool_t PRNE_RESOLV_DEF_IPV6_POOL = { static const struct timespec RESOLV_RSRC_ERR_PAUSE = { 1, 0 }; // 1s static const struct timespec RESOLV_CONN_ERR_PAUSE = { 0, 100 }; // 100ms -static const struct timespec RESOLV_QUERY_TIMEOUT = { 15, 0 }; // 15s +static const struct timespec RESOLV_QUERY_TIMEOUT = { 60, 0 }; // 60s static const struct timespec RESOLV_SCK_OP_TIMEOUT = { 10, 0 }; // 10s static const struct timespec RESOLV_SCK_IDLE_TIMEOUT = { 15, 0 }; // 15s static const struct timespec RESOLV_SCK_CLOSE_TIMEOUT = { 1, 0 }; // 1s |