Hi, Trac 777 reports repeated SIGUSR1 triggering during exit-notification wait and log trashing.
As Gert pointed out this is partly related to "commit 63b3e000c9141f4ca03a374354da26334257bc18 <https://community.openvpn.net/openvpn/changeset/63b3e000c9141f4ca03a374354da26334257bc18/>, which basically is a fix for #687" <https://community.openvpn.net/openvpn/ticket/687> Looked into this further and I can reproduce it even on Linux with some carefully timed ctrl-c. To see this, TLS negotiation timeout has to happen during the exit-notification wait --- use an unreachabe udp port, --exit-notify 5 and press ctrl-c just before the 60 second handshake_window expires. --ping-restart > 60 sec required too. The relevant code path is active only while in the event loop. If the loop cannot continue due to io error or timeout, it does a SIGUSR1 restart which we ignore during an exit-notify wait period. Control goes back to the event loop and it promptly triggers restart again. Ideally the code triggering SIGUSR1/SIGHUP should check whether SIGTERM is pending (due to exit-notify) before setting signal, but there are too many places from where it can trigger. (Refactoring signals is still a work in progress on my side). So I suggest to handle this in ignore_restart_signals() in sig.c, by remapping "soft" restart signals to SIGTERM and cause an immediate exit. This is sensible because, if the event loop cannot continue, exit-notify too cannot. Hard signals come from management or the OS (kill -HUP pid, or ctrl-c kind) and cannot get into a loop, those need not be remapped, thus allowing for exit-notify to complete. Alternatively, it could also be done in remap_signal() which currently re-maps SIGUSR1 to SIGHUP when appropriate. A patch follows. With the patch applied: press ctrl-C just before TLS Error will trigger: Mon Nov 28 19:43:43 2016 us=288138 SIGTERM received, sending exit notification to peer Mon Nov 28 19:43:44 2016 us=313371 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Nov 28 19:43:44 2016 us=313405 TLS Error: TLS handshake failed *Mon Nov 28 19:43:44 2016 us=313502 Converting soft SIGUSR1 received during exit notification to SIGTERM* *(It would have triggered a barrage of SIGUSR1 s here otherwise)* Mon Nov 28 19:43:44 2016 us=313606 TCP/UDP: Closing socket Mon Nov 28 19:43:44 2016 us=313641 SIGTERM[soft,exit-with-notification] received, process exiting Selva
------------------------------------------------------------------------------
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
