Date: Tue, 19 May 2020 01:32:15 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r361233 - in projects/nfs-over-tls/usr.sbin: rpctlscd rpctlssd Message-ID: <202005190132.04J1WFug061895@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Tue May 19 01:32:15 2020 New Revision: 361233 URL: https://svnweb.freebsd.org/changeset/base/361233 Log: Fix the daemons so that they do not terminate upon SIGPIPE. There are cases where the other end has closed the TCP connection and then, if the daemon does an SSL_shutdown(), it gets a SIGPIPE. Fix the daemons so they just ignore SIGPIPE. (The code inheritted termination upon SIGPIPE from the gssd, where the only socket is the one used for doing upcalls.) While here, I tweaked the handling of SSL_shutdown() so that the calls are done only if the value returned via SSL_get_shutdown() indicates that a call is needed. It turns out that NFSv3 over TCP is useful for testing the non-application data records, since the server side krpc shuts down a connection that is idle for 6minutes. This never happens normally for NFSv4, but does happen for NFSv3 if you just leave the mount idle for 6minutes. This generates close alert messages and then a new connection. Modified: projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Modified: projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c ============================================================================== --- projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c Tue May 19 01:06:31 2020 (r361232) +++ projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c Tue May 19 01:32:15 2020 (r361233) @@ -220,7 +220,7 @@ main(int argc, char **argv) signal(SIGHUP, SIG_IGN); } signal(SIGTERM, rpctlscd_terminate); - signal(SIGPIPE, rpctlscd_terminate); + signal(SIGPIPE, SIG_IGN); signal(SIGHUP, rpctls_huphandler); pidfile_write(rpctls_pfh); @@ -385,7 +385,14 @@ rpctlscd_handlerecord_1_svc(struct rpctlscd_handlereco * handle the non-application data record before doing so. */ ret = SSL_read(slp->ssl, &junk, 0); - if (ret > 0) { + if (ret <= 0) { + /* Check to see if this was a close alert. */ + ret = SSL_get_shutdown(slp->ssl); +rpctlscd_verbose_out("get_shutdown2=%d\n", ret); + if ((ret & (SSL_SENT_SHUTDOWN | + SSL_RECEIVED_SHUTDOWN)) == SSL_RECEIVED_SHUTDOWN) + SSL_shutdown(slp->ssl); + } else { if (rpctls_debug_level == 0) syslog(LOG_ERR, "SSL_read returned %d", ret); else @@ -417,12 +424,13 @@ rpctlscd_disconnect_1_svc(struct rpctlscd_disconnect_a rpctlscd_verbose_out("rpctlscd_disconnect: fd=%d closed\n", slp->s); LIST_REMOVE(slp, next); - SSL_shutdown(slp->ssl); - /* Check to see if the peer has sent a close alert. */ ret = SSL_get_shutdown(slp->ssl); -rpctlscd_verbose_out("get_shutdown=%d\n", ret); - if ((ret & (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) == - SSL_SENT_SHUTDOWN) +rpctlscd_verbose_out("get_shutdown0=%d\n", ret); + /* + * Do an SSL_shutdown() unless a close alert has + * already been sent. + */ + if ((ret & SSL_SENT_SHUTDOWN) == 0) SSL_shutdown(slp->ssl); SSL_free(slp->ssl); /* Modified: projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c ============================================================================== --- projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Tue May 19 01:06:31 2020 (r361232) +++ projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Tue May 19 01:32:15 2020 (r361233) @@ -260,7 +260,7 @@ fprintf(stderr, "dnsname=%s\n", rpctls_dnsname); signal(SIGHUP, SIG_IGN); } signal(SIGTERM, rpctlssd_terminate); - signal(SIGPIPE, rpctlssd_terminate); + signal(SIGPIPE, SIG_IGN); signal(SIGHUP, rpctls_huphandler); pidfile_write(rpctls_pfh); @@ -467,6 +467,7 @@ rpctlssd_disconnect_1_svc(struct rpctlssd_disconnect_a struct rpctlssd_disconnect_res *result, struct svc_req *rqstp) { struct ssl_entry *slp; + int ret; slp = NULL; if (argp->sec == rpctls_ssl_sec && argp->usec == @@ -481,6 +482,14 @@ rpctlssd_disconnect_1_svc(struct rpctlssd_disconnect_a rpctlssd_verbose_out("rpctlssd_disconnect fd=%d closed\n", slp->s); LIST_REMOVE(slp, next); + ret = SSL_get_shutdown(slp->ssl); +rpctlssd_verbose_out("get_shutdown1=%d\n", ret); + /* + * Do an SSL_shutdown() unless a close alert has + * already been sent. + */ + if ((ret & SSL_SENT_SHUTDOWN) == 0) + SSL_shutdown(slp->ssl); SSL_free(slp->ssl); /* * For RPC-over-TLS, this upcall is expected
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005190132.04J1WFug061895>