summaryrefslogtreecommitdiffstats
path: root/src/process.c
Commit message (Collapse)AuthorAgeFilesLines
* conntrackd: fix leak in fork_process_new()Pablo Neira Ayuso2015-08-181-0/+2
| | | | | | Release the child_process structure in case that fork() fails. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: fix deadlock due to wrong nested signal blockingPablo Neira Ayuso2012-11-061-11/+1
| | | | | | | | | | | | | | | | | | | | | | | The existing code may nest several signal blocking and unblocking calls in different paths of the code. This may result in deadlocks while receiving signals. This patch simplifies the signal blocking approach. Now signals are blocked in three paths: 1) Internal timers handling, while running timer callback for expired timers. 2) File descriptor handling, while running file descriptor callbacks. 3) While handling signals, to avoid that SIGINT and SIGTERM in a row results in a deadlock. Thanks a lot to Ulrich Weber <ulrich.weber@sophos.com> for discussing a fix for this problem. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: add support to display statistics on existing child processesPablo Neira Ayuso2009-06-111-0/+25
| | | | | | | | | | This patch adds the ability to dump the list of existing child processes. In general, it would be hard to display one since child processes are generally forked for very specific tasks, like commit and flush operations, and they have very limited lifetime. However, this can be handy for debugging problems. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: allow to limit the number of simultaneous child processesPablo Neira Ayuso2009-06-111-2/+14
| | | | | | | | This patch allows to limit the number of simultaneous child processes. This is required by the next patch that replaces disposable handlers to commit and flush with permanent handlers. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: block signals during the access to the process listPablo Neira Ayuso2009-06-111-1/+9
| | | | | | | A child process may finish while we are walking on the process list. This fixes possible concurrency problems. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: add missing initialization of PID in process infrastructurePablo Neira Ayuso2009-06-111-2/+5
| | | | | | | | In 0374398fd14bf587d80d9d31e361e266e69387c8, I introduced the process infrastructure. However, that patch missed the PID initialization. Without this patch, the process structures are never released. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: add child process infrastructurePablo Neira Ayuso2009-05-231-0/+55
This patch adds a simple infrastructure that allows to account the child processes that have been forked. This also includes a callback handler that can be registered that is called once the child process finishes. We can extended this later to include an alarm to limit the maximum lifetime of a forked child process. This is good to ensure that child processes behave timely. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>