[Pkg-privacy-commits] [obfs4proxy] 135/151: Attempt to detect if the parent crashed without killing obfs4proxy.

Ximin Luo infinity0 at moszumanska.debian.org
Sat Aug 22 12:59:48 UTC 2015 

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository obfs4proxy.

commit 4e4c9052f436b86729b853715086e9445c76e185
Author: Yawning Angel <yawning at torproject.org>
Date:   Thu Mar 26 06:30:50 2015 +0000

    Attempt to detect if the parent crashed without killing obfs4proxy.
    
    The ideal solution here would be to implement #15435, but till then
    use one of several kludges:
     * Linux - prctl() so that the kernel SIGTERMs on parent exit.
     * Other U*ix - Poll the parent process id once a second, and SIGTERM
       ourself/exit if it changes.  Former is better since all the normal
       cleanup if any gets done.
     * Windows - Log a warning.
---
 ChangeLog                                          |  1 +
 obfs4proxy/obfs4proxy.go                           |  6 ++
 obfs4proxy/parentMonitor.go                        | 88 ++++++++++++++++++++++
 .../parentMonitor_linux.go                         | 49 ++++--------
 4 files changed, 111 insertions(+), 33 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index b012ef5..5e77d16 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 Changes in version 0.0.5 - UNRELEASED:
  - Go vet/fmt fixes, and misc. code cleanups.  Patches by mvdan.
  - Changed the go.net import path to the new location (golang.org/x/net).
+ - Added limited support for detecting if the parent process crashes.
 
 Changes in version 0.0.4 - 2015-02-17
  - Improve the runtime performance of the obfs4 handshake tests.
diff --git a/obfs4proxy/obfs4proxy.go b/obfs4proxy/obfs4proxy.go
index 53a0218..b27d75d 100644
--- a/obfs4proxy/obfs4proxy.go
+++ b/obfs4proxy/obfs4proxy.go
@@ -386,6 +386,9 @@ func getVersion() string {
 }
 
 func main() {
+	// Initialize parent process monitoring as early as possible.
+	pmonErr := initParentMonitor()
+
 	// Handle the command line arguments.
 	_, execName := path.Split(os.Args[0])
 	showVer := flag.Bool("version", false, "Print version and exit")
@@ -418,6 +421,9 @@ func main() {
 		log.Fatalf("[ERROR]: %s - failed to initialize logging", execName)
 	} else {
 		noticef("%s - launched", getVersion())
+		if pmonErr != nil {
+			warnf("%s - failed to initialize parent monitor: %s", execName, pmonErr)
+		}
 	}
 	if isClient {
 		infof("%s - initializing client transport listeners", execName)
diff --git a/obfs4proxy/parentMonitor.go b/obfs4proxy/parentMonitor.go
new file mode 100644
index 0000000..beeea50
--- /dev/null
+++ b/obfs4proxy/parentMonitor.go
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2015, Yawning Angel <yawning at torproject dot org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *  * Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ *  * Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package main
+
+import (
+	"fmt"
+	"os"
+	"runtime"
+	"syscall"
+	"time"
+)
+
+var parentMonitorOSInit func() error
+
+func initParentMonitor() error {
+	// Until #15435 is implemented, there is no reliable way to see if
+	// the parent has died that is portable/platform independent/reliable.
+	//
+	// Do the next best thing and use various kludges and hacks:
+	//  * Linux - Platform specific code that should always work.
+	//  * Other U*IX - Somewhat generic code, that works unless the parent
+	//    dies before the monitor is initialized.
+	//  * Windows - Log an error, can't be bothered to figure out how
+	//    to handle this there.
+	if parentMonitorOSInit != nil {
+		return parentMonitorOSInit()
+	} else if runtime.GOOS != "windows" {
+		ppid := os.Getppid()
+		go parentMonitorPpidChange(ppid)
+		return nil
+	}
+	return fmt.Errorf("unsupported on: %s", runtime.GOOS)
+}
+
+func parentMonitorPpidChange(ppid int) {
+	// Under most if not all U*IX systems, the parent PID will change
+	// to that of init once the parent dies.  There are several notable
+	// exceptions (Slowlaris/Android), but the parent PID changes
+	// under those platforms as well.
+	//
+	// Naturally we lose if the parent has died by the when the
+	// Getppid() call was issued in our parent, but, this is better
+	// than nothing.
+
+	const ppidPollInterval = 1 * time.Second
+	for ppid == os.Getppid() {
+		time.Sleep(ppidPollInterval)
+	}
+
+	// If possible SIGTERM ourself so that the normal shutdown code
+	// gets invoked.  If any of that fails, exit anyway, we are a
+	// defunt process.
+	noticef("Parent pid changed: %d (was %d)", os.Getppid(), ppid)
+	if p, err := os.FindProcess(os.Getpid()); err == nil {
+		if err := p.Signal(syscall.SIGTERM); err == nil {
+			return
+		}
+		warnf("Failed to SIGTERM ourself: %v", err)
+	} else {
+		warnf("Failed to find our own process: %v", err)
+	}
+	os.Exit(-1)
+}
diff --git a/transports/scramblesuit/hkdf_expand.go b/obfs4proxy/parentMonitor_linux.go
similarity index 64%
copy from transports/scramblesuit/hkdf_expand.go
copy to obfs4proxy/parentMonitor_linux.go
index 9626b38..0fc967f 100644
--- a/transports/scramblesuit/hkdf_expand.go
+++ b/obfs4proxy/parentMonitor_linux.go
@@ -25,43 +25,26 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
-package scramblesuit
+package main
 
 import (
-	"crypto/hmac"
-	"hash"
+	"fmt"
+	"syscall"
 )
 
-func hkdfExpand(hashFn func() hash.Hash, prk []byte, info []byte, l int) []byte {
-	// Why, yes.  golang.org/x/crypto/hkdf exists, and is a fine
-	// implementation of HKDF.  However it does both the extract
-	// and expand, while ScrambleSuit only does extract, with no
-	// way to separate the two steps.
-
-	h := hmac.New(hashFn, prk)
-	digestSz := h.Size()
-	if l > 255*digestSz {
-		panic("hkdf: requested OKM length > 255*HashLen")
+func parentMonitorInitLinux() error {
+	/* Use prctl() to have the kernel deliver a SIGTERM if the parent
+	 * process dies.  This beats anything else that can be done before
+	 * #15435 is implemented.
+	 */
+	_, _, errno := syscall.Syscall(syscall.SYS_PRCTL, syscall.PR_SET_PDEATHSIG, uintptr(syscall.SIGTERM), 0)
+	if errno != 0 {
+		var err error = errno
+		return fmt.Errorf("prctl(PR_SET_PDEATHSIG, SIGTERM) returned: %s", err)
 	}
+	return nil
+}
 
-	var t []byte
-	okm := make([]byte, 0, l)
-	toAppend := l
-	ctr := byte(1)
-	for toAppend > 0 {
-		h.Reset()
-		h.Write(t)
-		h.Write(info)
-		h.Write([]byte{ctr})
-		t = h.Sum(nil)
-		ctr++
-
-		aLen := digestSz
-		if toAppend < digestSz {
-			aLen = toAppend
-		}
-		okm = append(okm, t[:aLen]...)
-		toAppend -= aLen
-	}
-	return okm
+func init() {
+	parentMonitorOSInit = parentMonitorInitLinux
 }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/obfs4proxy.git

More information about the Pkg-privacy-commits mailing list