2026-02-10 00:37:00 +08:00 · 2014-04-19 12:03:40 +02:00
parent 2577f8bfa7
commit 03f6e7cc16
5 changed files with 39 additions and 1 deletions
							
							
								
							
							
						
@@ -190,7 +190,7 @@ AC_CHECK_MEMBER([struct sockaddr.sa_len],
AC_CHECK_HEADERS([net/if_tun.h linux/if_tun.h netinet/in_systm.h], [], [], [])
AC_CHECK_FUNCS([setproctitle clock_gettime isatty pselect getpeereid])
AC_CHECK_FUNCS([setproctitle clock_gettime isatty pselect getpeereid sigaltstack])
if [ test -z "$LIBWRAP" ];then
	libwrap_enabled="no"
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -23,6 +23,8 @@
# include <sys/prctl.h>
#endif
#include <signal.h>
void kill_on_parent_kill(int sig)
{
#ifdef __linux__
							
							
							
								
							
						
@@ -30,6 +32,7 @@ void kill_on_parent_kill(int sig)
#endif
}
SIGHANDLER_T ocsignal(int signum, SIGHANDLER_T handler)
{
	struct sigaction new_action, old_action;
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -43,6 +43,11 @@
#include <cookies.h>
#include <tlslib.h>
#ifdef HAVE_SIGALTSTACK
# include <signal.h>
# include <sys/mman.h>
#endif
int handle_worker_commands(struct worker_st *ws)
{
	struct iovec iov[3];
							
								
							
							
								
							
							
						
@@ -217,3 +222,30 @@ int complete_vpn_info(worker_st * ws, struct vpn_st *vinfo)
	return 0;
}
void ocsigaltstack(struct worker_st *ws)
{
#ifdef HAVE_SIGALTSTACK
	stack_t ss;
	int e;
	/* setup the stack for signal handlers */
	if (posix_memalign(&ss.ss_sp, getpagesize(), SIGSTKSZ) < 0) {
		oclog(ws, LOG_ERR,
		      "could not allocate memory for signal stack");
		exit(1);
	}
	if (mprotect(ss.ss_sp, SIGSTKSZ, PROT_EXEC) == -1) {
		e = errno;
		oclog(ws, LOG_ERR, "mprotect: %s\n", strerror(e));
		exit(1);
	}
	ss.ss_size = SIGSTKSZ;
	ss.ss_flags = 0;
	if (sigaltstack(&ss, NULL) == -1) {
		e = errno;
		oclog(ws, LOG_ERR, "sigaltstack: %s\n", strerror(e));
		exit(1);
	}
#endif
}
							
							
							
						
 
							
							
								
							
							
						
@@ -642,6 +642,8 @@ void vpn_server(struct worker_st *ws)
	url_handler_fn fn;
	int requests_left = MAX_HTTP_REQUESTS;
	ocsigaltstack(ws);
	ocsignal(SIGTERM, handle_term);
	ocsignal(SIGINT, handle_term);
	ocsignal(SIGHUP, SIG_IGN);
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -247,6 +247,7 @@ int complete_vpn_info(worker_st * ws,
int send_tun_mtu(worker_st *ws, unsigned int mtu);
int handle_worker_commands(struct worker_st *ws);
int disable_system_calls(struct worker_st *ws);
void ocsigaltstack(struct worker_st *ws);
inline static
int send_msg_to_main(worker_st *ws, uint8_t cmd,