| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
When consecutively printing into the same buffer at increasing offset,
reduce buffer size passed to snprintf() to not defeat its size checking.
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
|
|
|
| |
Release the child_process structure in case that fork() fails.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The existing code may nest several signal blocking and unblocking
calls in different paths of the code. This may result in deadlocks
while receiving signals.
This patch simplifies the signal blocking approach. Now signals
are blocked in three paths:
1) Internal timers handling, while running timer callback
for expired timers.
2) File descriptor handling, while running file descriptor
callbacks.
3) While handling signals, to avoid that SIGINT and SIGTERM
in a row results in a deadlock.
Thanks a lot to Ulrich Weber <ulrich.weber@sophos.com> for
discussing a fix for this problem.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the ability to dump the list of existing child
processes. In general, it would be hard to display one since
child processes are generally forked for very specific tasks,
like commit and flush operations, and they have very limited
lifetime. However, this can be handy for debugging problems.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This patch allows to limit the number of simultaneous child processes.
This is required by the next patch that replaces disposable handlers
to commit and flush with permanent handlers.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
A child process may finish while we are walking on the process list.
This fixes possible concurrency problems.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
In 0374398fd14bf587d80d9d31e361e266e69387c8, I introduced the process
infrastructure. However, that patch missed the PID initialization.
Without this patch, the process structures are never released.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch adds a simple infrastructure that allows to account
the child processes that have been forked. This also includes
a callback handler that can be registered that is called once
the child process finishes.
We can extended this later to include an alarm to limit the
maximum lifetime of a forked child process. This is good to
ensure that child processes behave timely.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|