Compare commits

..

2 Commits

Author SHA1 Message Date
bol-van
747f9676a6 tpws: resolver_deinit clear list 2024-04-03 12:39:29 +03:00
bol-van
103419302f tpws: fix seccomp tgkill, do not interrupt write pipe 2024-04-03 10:34:03 +03:00
12 changed files with 27 additions and 8 deletions

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -38,6 +38,19 @@ static t_resolver resolver = { .bInit = false };
#define rlist_lock pthread_mutex_lock(&resolver.resolve_list_lock) #define rlist_lock pthread_mutex_lock(&resolver.resolve_list_lock)
#define rlist_unlock pthread_mutex_unlock(&resolver.resolve_list_lock) #define rlist_unlock pthread_mutex_unlock(&resolver.resolve_list_lock)
static void resolver_clear_list(void)
{
struct resolve_item *ri;
for (;;)
{
ri = TAILQ_FIRST(&resolver.resolve_list);
if (!ri) break;
TAILQ_REMOVE(&resolver.resolve_list, ri, next);
free(ri);
}
}
int resolver_thread_count(void) int resolver_thread_count(void)
{ {
return resolver.bInit ? resolver.threads : 0; return resolver.bInit ? resolver.threads : 0;
@ -46,6 +59,10 @@ int resolver_thread_count(void)
static void *resolver_thread(void *arg) static void *resolver_thread(void *arg)
{ {
int r; int r;
sigset_t signal_mask;
sigemptyset(&signal_mask);
sigaddset(&signal_mask, SIG_BREAK);
//printf("resolver_thread %d start\n",syscall(SYS_gettid)); //printf("resolver_thread %d start\n",syscall(SYS_gettid));
for(;;) for(;;)
@ -80,14 +97,17 @@ static void *resolver_thread(void *arg)
snprintf(sport,sizeof(sport),"%u",ri->port); snprintf(sport,sizeof(sport),"%u",ri->port);
memset(&hints, 0, sizeof(struct addrinfo)); memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_socktype = SOCK_STREAM; hints.ai_socktype = SOCK_STREAM;
// unfortunately getaddrinfo cannot be interrupted with a signal. we cannot cancel a query
ri->ga_res = getaddrinfo(ri->dom,sport,&hints,&ai); ri->ga_res = getaddrinfo(ri->dom,sport,&hints,&ai);
if (!ri->ga_res) if (!ri->ga_res)
{ {
memcpy(&ri->ss, ai->ai_addr, ai->ai_addrlen); memcpy(&ri->ss, ai->ai_addr, ai->ai_addrlen);
freeaddrinfo(ai); freeaddrinfo(ai);
} }
//printf("THREAD %d END JOB %s FIRST=%p\n", syscall(SYS_gettid), ri->dom, TAILQ_FIRST(&resolver.resolve_list)); //printf("THREAD %d END JOB %s FIRST=%p\n", syscall(SYS_gettid), ri->dom, TAILQ_FIRST(&resolver.resolve_list));
// never interrupt this
pthread_sigmask(SIG_BLOCK, &signal_mask, NULL);
wr = write(resolver.fd_signal_pipe,&ri,sizeof(void*)); wr = write(resolver.fd_signal_pipe,&ri,sizeof(void*));
if (wr<0) if (wr<0)
{ {
@ -101,6 +121,7 @@ static void *resolver_thread(void *arg)
fprintf(stderr,"write resolve_pipe : not full write\n"); fprintf(stderr,"write resolve_pipe : not full write\n");
exit(1000); exit(1000);
} }
pthread_sigmask(SIG_UNBLOCK, &signal_mask, NULL);
} }
} }
} }
@ -179,6 +200,7 @@ ex1:
pthread_mutex_destroy(&resolver.resolve_list_lock); pthread_mutex_destroy(&resolver.resolve_list_lock);
return false; return false;
} }
void resolver_deinit(void) void resolver_deinit(void)
{ {
if (resolver.bInit) if (resolver.bInit)
@ -203,6 +225,8 @@ void resolver_deinit(void)
sem_destroy(resolver.sem); sem_destroy(resolver.sem);
#endif #endif
resolver_clear_list();
memset(&resolver,0,sizeof(resolver)); memset(&resolver,0,sizeof(resolver));
} }
} }

View File

@ -115,12 +115,6 @@ SYS_process_vm_writev,
#ifdef SYS_process_madvise #ifdef SYS_process_madvise
SYS_process_madvise, SYS_process_madvise,
#endif #endif
#ifdef SYS_tkill
SYS_tkill,
#endif
#ifdef SYS_tgkill
SYS_tgkill,
#endif
SYS_kill, SYS_ptrace SYS_kill, SYS_ptrace
}; };
#define BLOCKED_SYSCALL_COUNT (sizeof(blocked_syscalls)/sizeof(*blocked_syscalls)) #define BLOCKED_SYSCALL_COUNT (sizeof(blocked_syscalls)/sizeof(*blocked_syscalls))

View File

@ -705,8 +705,9 @@ bool proxy_mode_connect_remote(const struct sockaddr *sa, tproxy_conn_t *conn, s
bool bConnFooling=true; bool bConnFooling=true;
if (conn->track.hostname && params.mss) if (conn->track.hostname && params.mss)
{ {
VPRINT("0-phase desync hostlist check")
bConnFooling=HostlistCheck(conn->track.hostname, NULL); bConnFooling=HostlistCheck(conn->track.hostname, NULL);
if (!bConnFooling)
VPRINT("0-phase desync hostlist check negative. not acting on this connection.")
} }
if ((remote_fd = connect_remote(sa, bConnFooling)) < 0) if ((remote_fd = connect_remote(sa, bConnFooling)) < 0)