[sslh] Wrong pid in pidfile and foreground option broken on sslh-fork (double fork)
Yves Rutschle
yves at naryves.com
Mon Aug 15 23:34:27 CEST 2011
On Mon, Aug 15, 2011 at 10:37:08PM +0200, Guillaume Delacour wrote:
> > After removing the call to fork() in sslh-fork.c (attachment),
> > foreground option work as well and the pid in the pidfile is the right
> > one.
>
> After discussing with Wesley (the person who upload the sslh package in
> the Debian archive for me), my suggestion break the ability of sslh to
> handle connection in independant fork: if i kill the parent daemon, the
> sessions are closed too.
Yes, the fork you remove in your patch creates one process
for each listening address, you absolutely cannot remove it.
On the other hand sslh-fork should wait for its children (a
simple wait(NULL) at the end of main_loop) and we should
store the group ID rather than the PID (achieved by moving
the call to write_pid_file() before the call to fork in
main()), that way the process specified in the PID file
remains alive, and you can kill the group:
kill -15 -`cat $PIDFILE`
One downside is that stopping sslh-fork kills *all* the
processes, so it also closes opened connections, which means
you can't upgrade safely over ssh anymore. So I'm not sure
this is the right way to go.
I think I'll investigate how multi-process servers such as
apache do it.
Sorry I'm not producing patches for the above, my tree is
full of IPv6 changes...
Y.
More information about the sslh
mailing list