diff options
author | Kali Kaneko <kali@leap.se> | 2017-08-24 01:31:23 -0400 |
---|---|---|
committer | Kali Kaneko <kali@leap.se> | 2017-08-30 16:18:06 -0400 |
commit | 116af66d410ee3a4ee69a8fa25c6036ed1c2411f (patch) | |
tree | 189771e66ca4ef0d62096d14eb6638e6fd05eec2 /src/leap/bitmask/vpn | |
parent | 34d59f070d13ec2ac09c07cc7e0ec6a5d559fef9 (diff) |
[refactor] restart by allowing to send SIGUSR1 to openvpn process
by properly allowing openvpn to restart when receiving SIGUSR1, we can
reserve the hard process restarts for cases in which the process is
aborted.
this depends on bitmask-root adding --persist-tun and --persist-key as
mandatory/allowed parameters.
Diffstat (limited to 'src/leap/bitmask/vpn')
-rwxr-xr-x | src/leap/bitmask/vpn/helpers/linux/bitmask-root | 9 | ||||
-rw-r--r-- | src/leap/bitmask/vpn/process.py | 3 | ||||
-rw-r--r-- | src/leap/bitmask/vpn/tunnel.py | 22 |
3 files changed, 19 insertions, 15 deletions
diff --git a/src/leap/bitmask/vpn/helpers/linux/bitmask-root b/src/leap/bitmask/vpn/helpers/linux/bitmask-root index 80ac12e..cad082b 100755 --- a/src/leap/bitmask/vpn/helpers/linux/bitmask-root +++ b/src/leap/bitmask/vpn/helpers/linux/bitmask-root @@ -73,7 +73,7 @@ def get_no_group_name(): return None -VERSION = "6" +VERSION = "7" SCRIPT = "bitmask-root" NAMESERVER = "10.42.0.1" BITMASK_CHAIN = "bitmask" @@ -105,7 +105,8 @@ FIXED_FLAGS = [ "--management-signal", "--script-security", "1", "--user", "nobody", - "--remap-usr1", "SIGTERM", + "--persist-key", + "--persist-tun", ] if OPENVPN_GROUP is not None: @@ -121,7 +122,8 @@ ALLOWED_FLAGS = { "--cert": ["FILE"], "--key": ["FILE"], "--ca": ["FILE"], - "--fragment": ["NUMBER"] + "--fragment": ["NUMBER"], + "--keepalive": ["NUMBER", "NUMBER"], } PARAM_FORMATS = { @@ -964,6 +966,7 @@ def main(): else: bail("ERROR: No such command") + if __name__ == "__main__": debug(" ".join(sys.argv)) main() diff --git a/src/leap/bitmask/vpn/process.py b/src/leap/bitmask/vpn/process.py index 19115d6..b9c8456 100644 --- a/src/leap/bitmask/vpn/process.py +++ b/src/leap/bitmask/vpn/process.py @@ -252,7 +252,8 @@ class _VPNProcess(protocol.ProcessProtocol): # shutdown def terminate(self): - self.proto.signal('SIGTERM') + if self.proto: + self.proto.signal('SIGTERM') def kill(self): try: diff --git a/src/leap/bitmask/vpn/tunnel.py b/src/leap/bitmask/vpn/tunnel.py index d9a8be3..7c2274a 100644 --- a/src/leap/bitmask/vpn/tunnel.py +++ b/src/leap/bitmask/vpn/tunnel.py @@ -31,8 +31,6 @@ from .process import VPNProcess # TODO ----------------- refactor -------------------- -# [ ] register change state listener -# emit_async(catalog.VPN_STATUS_CHANGED) # [ ] catch ping-restart # 'NETWORK_UNREACHABLE': ( # 'Network is unreachable (code=101)',), @@ -40,6 +38,8 @@ from .process import VPNProcess # "SIGTERM[soft,tls-error]",), # TODO ----------------- refactor -------------------- +RESTART_WAIT = 2 # in secs + class ConfiguredTunnel(object): @@ -82,8 +82,8 @@ class ConfiguredTunnel(object): defer.returnValue(started) @defer.inlineCallbacks - def stop(self): - stopped = yield self._stop_vpn(restart=False) + def stop(self, restart=False): + stopped = yield self._stop_vpn(restart=restart) defer.returnValue(stopped) # status @@ -110,14 +110,14 @@ class ConfiguredTunnel(object): vpnproc = VPNProcess(*args, **kwargs) self._vpnproc = vpnproc - self.__start_pre_up(vpnproc) - cmd = self.__start_get_cmd(vpnproc) - - running = yield self.__start_spawn_proc(vpnproc, cmd) - if running: + try: + self.__start_pre_up(vpnproc) + cmd = self.__start_get_cmd(vpnproc) + running = yield self.__start_spawn_proc(vpnproc, cmd) vpnproc.pid = running.pid defer.returnValue(True) - else: + except Exception: + # TODO need to propagate the error message properly. defer.returnValue(False) def __start_pre_up(self, proc): @@ -150,7 +150,7 @@ class ConfiguredTunnel(object): def _restart_vpn(self): yield self.stop(restart=True) reactor.callLater( - self.RESTART_WAIT, self.start) + RESTART_WAIT, self.start) @defer.inlineCallbacks def _stop_vpn(self, restart=False): |