mirror of
https://github.com/bol-van/zapret.git
synced 2024-11-26 12:10:53 +03:00
tpws: fix seccomp tgkill, do not interrupt write pipe
This commit is contained in:
parent
5805b04bba
commit
103419302f
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -46,6 +46,10 @@ int resolver_thread_count(void)
|
|||||||
static void *resolver_thread(void *arg)
|
static void *resolver_thread(void *arg)
|
||||||
{
|
{
|
||||||
int r;
|
int r;
|
||||||
|
sigset_t signal_mask;
|
||||||
|
|
||||||
|
sigemptyset(&signal_mask);
|
||||||
|
sigaddset(&signal_mask, SIG_BREAK);
|
||||||
|
|
||||||
//printf("resolver_thread %d start\n",syscall(SYS_gettid));
|
//printf("resolver_thread %d start\n",syscall(SYS_gettid));
|
||||||
for(;;)
|
for(;;)
|
||||||
@ -80,14 +84,17 @@ static void *resolver_thread(void *arg)
|
|||||||
snprintf(sport,sizeof(sport),"%u",ri->port);
|
snprintf(sport,sizeof(sport),"%u",ri->port);
|
||||||
memset(&hints, 0, sizeof(struct addrinfo));
|
memset(&hints, 0, sizeof(struct addrinfo));
|
||||||
hints.ai_socktype = SOCK_STREAM;
|
hints.ai_socktype = SOCK_STREAM;
|
||||||
|
// unfortunately getaddrinfo cannot be interrupted with a signal. we cannot cancel a query
|
||||||
ri->ga_res = getaddrinfo(ri->dom,sport,&hints,&ai);
|
ri->ga_res = getaddrinfo(ri->dom,sport,&hints,&ai);
|
||||||
if (!ri->ga_res)
|
if (!ri->ga_res)
|
||||||
{
|
{
|
||||||
memcpy(&ri->ss, ai->ai_addr, ai->ai_addrlen);
|
memcpy(&ri->ss, ai->ai_addr, ai->ai_addrlen);
|
||||||
freeaddrinfo(ai);
|
freeaddrinfo(ai);
|
||||||
}
|
}
|
||||||
|
|
||||||
//printf("THREAD %d END JOB %s FIRST=%p\n", syscall(SYS_gettid), ri->dom, TAILQ_FIRST(&resolver.resolve_list));
|
//printf("THREAD %d END JOB %s FIRST=%p\n", syscall(SYS_gettid), ri->dom, TAILQ_FIRST(&resolver.resolve_list));
|
||||||
|
|
||||||
|
// never interrupt this
|
||||||
|
pthread_sigmask(SIG_BLOCK, &signal_mask, NULL);
|
||||||
wr = write(resolver.fd_signal_pipe,&ri,sizeof(void*));
|
wr = write(resolver.fd_signal_pipe,&ri,sizeof(void*));
|
||||||
if (wr<0)
|
if (wr<0)
|
||||||
{
|
{
|
||||||
@ -101,6 +108,7 @@ static void *resolver_thread(void *arg)
|
|||||||
fprintf(stderr,"write resolve_pipe : not full write\n");
|
fprintf(stderr,"write resolve_pipe : not full write\n");
|
||||||
exit(1000);
|
exit(1000);
|
||||||
}
|
}
|
||||||
|
pthread_sigmask(SIG_UNBLOCK, &signal_mask, NULL);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -115,12 +115,6 @@ SYS_process_vm_writev,
|
|||||||
#ifdef SYS_process_madvise
|
#ifdef SYS_process_madvise
|
||||||
SYS_process_madvise,
|
SYS_process_madvise,
|
||||||
#endif
|
#endif
|
||||||
#ifdef SYS_tkill
|
|
||||||
SYS_tkill,
|
|
||||||
#endif
|
|
||||||
#ifdef SYS_tgkill
|
|
||||||
SYS_tgkill,
|
|
||||||
#endif
|
|
||||||
SYS_kill, SYS_ptrace
|
SYS_kill, SYS_ptrace
|
||||||
};
|
};
|
||||||
#define BLOCKED_SYSCALL_COUNT (sizeof(blocked_syscalls)/sizeof(*blocked_syscalls))
|
#define BLOCKED_SYSCALL_COUNT (sizeof(blocked_syscalls)/sizeof(*blocked_syscalls))
|
||||||
|
@ -705,8 +705,9 @@ bool proxy_mode_connect_remote(const struct sockaddr *sa, tproxy_conn_t *conn, s
|
|||||||
bool bConnFooling=true;
|
bool bConnFooling=true;
|
||||||
if (conn->track.hostname && params.mss)
|
if (conn->track.hostname && params.mss)
|
||||||
{
|
{
|
||||||
VPRINT("0-phase desync hostlist check")
|
|
||||||
bConnFooling=HostlistCheck(conn->track.hostname, NULL);
|
bConnFooling=HostlistCheck(conn->track.hostname, NULL);
|
||||||
|
if (!bConnFooling)
|
||||||
|
VPRINT("0-phase desync hostlist check negative. not acting on this connection.")
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((remote_fd = connect_remote(sa, bConnFooling)) < 0)
|
if ((remote_fd = connect_remote(sa, bConnFooling)) < 0)
|
||||||
|
Loading…
Reference in New Issue
Block a user