new option max-children that limits the number of concurrent child processes

This commit is contained in:
Gerhard Rieger 2011-11-26 14:24:09 +01:00
parent 6cefd1941e
commit 02f3b29ab6
10 changed files with 99 additions and 2 deletions

View file

@ -87,6 +87,10 @@ porting:
minor corrections to docu and test.sh resulting from local compilation
on Openmoko SHR
new features:
added option max-children that limits the number of concurrent child
processes. Thanks to Sam Liddicott for providing the patch.
####################### V 1.7.1.3:
security:

View file

@ -659,6 +659,7 @@ label(ADDRESS_SCTP_LISTEN)dit(bf(tt(SCTP-LISTEN:<port>)))
link(range)(OPTION_RANGE),
link(tcpwrap)(OPTION_TCPWRAPPERS),
link(pf)(OPTION_PROTOCOL_FAMILY),
link(max-children)(OPTION_MAX_CHILDREN),
link(backlog)(OPTION_BACKLOG),
link(sctp-maxseg)(OPTION_SCTP_MAXSEG),
link(sctp-nodelay)(OPTION_SCTP_NODELAY),
@ -931,6 +932,7 @@ label(ADDRESS_TCP_LISTEN)dit(bf(tt(TCP-LISTEN:<port>)))
link(range)(OPTION_RANGE),
link(tcpwrap)(OPTION_TCPWRAPPERS),
link(pf)(OPTION_PROTOCOL_FAMILY),
link(max-children)(OPTION_MAX_CHILDREN),
link(backlog)(OPTION_BACKLOG),
link(mss)(OPTION_MSS),
link(su)(OPTION_SUBSTUSER),
@ -2282,6 +2284,9 @@ startdit()
label(OPTION_BACKLOG)dit(bf(tt(backlog=<count>)))
Sets the backlog value passed with the code(listen()) system call to <count>
[link(int)(TYPE_INT)]. Default is 5.
label(OPTION_MAX_CHILDREN)dit(bf(tt(max-children=<count>)))
Limits the number of concurrent child processes [link(int)(TYPE_INT)].
Default is no limit.
enddit()
startdit()enddit()nl()

48
test.sh
View file

@ -10553,6 +10553,54 @@ PORT=$((PORT+1))
N=$((N+1))
# test the max-children option
NAME=MAXCHILDREN
case "$TESTS" in
*%functions%*|*%socket%*|*%$NAME%*)
TEST="$NAME: max-children option"
# start a listen process with max-children=1; connect with a client, let it
# sleep some time before sending data; connect with second client that sends
# data immediately. If max-children is working correctly the first data should
# arrive first because the second process has to wait.
if ! eval $NUMCOND; then :; else
ts="$td/test$N.sock"
tf="$td/test$N.stdout"
te="$td/test$N.stderr"
tdiff="$td/test$N.diff"
da="test$N $(date) $RANDOM"
CMD0="$SOCAT $opts -U FILE:$tf,o-trunc,o-creat,o-append UNIX-L:$ts,fork,max-children=1"
CMD1="$SOCAT $opts -u - UNIX-CONNECT:$ts"
printf "test $F_n $TEST... " $N
$CMD0 >/dev/null 2>"${te}0" &
pid0=$!
waitunixport $ts 1
(sleep 2; echo "$da 1") |$CMD1 >"${tf}1" 2>"${te}1" &
pid1=$!
sleep 1
echo "$da 2" |$CMD1 >"${tf}2" 2>"${te}2"
rc2=$?
sleep 2
kill $pid0 $pid1 2>/dev/null; wait
if echo -e "$da 1\n$da 2" |diff $tf - >$tdiff; then
$PRINTF "$OK\n"
numOK=$((numOK+1))
else
$PRINTF "$FAILED\n"
echo "$CMD0 &"
echo "(sleep 2; echo \"$da 1\") |$CMD1"
echo "echo \"$da 2\" |$CMD1"
cat "${te}0"
cat "${te}1"
cat "${te}2"
cat "$tdiff"
numFAIL=$((numFAIL+1))
fi
fi # NUMCOND
;;
esac
N=$((N+1))
###############################################################################
# here come tests that might affect your systems integrity. Put normal tests
# before this paragraph.

View file

@ -19,6 +19,7 @@
/***** LISTEN options *****/
const struct optdesc opt_backlog = { "backlog", NULL, OPT_BACKLOG, GROUP_LISTEN, PH_LISTEN, TYPE_INT, OFUNC_SPEC };
const struct optdesc opt_fork = { "fork", NULL, OPT_FORK, GROUP_CHILD, PH_PASTACCEPT, TYPE_BOOL, OFUNC_SPEC };
const struct optdesc opt_max_children = { "max-children", NULL, OPT_MAX_CHILDREN, GROUP_CHILD, PH_PASTACCEPT, TYPE_INT, OFUNC_SPEC };
/**/
#if (WITH_UDP || WITH_TCP)
const struct optdesc opt_range = { "range", NULL, OPT_RANGE, GROUP_RANGE, PH_ACCEPT, TYPE_STRING, OFUNC_SPEC };
@ -114,6 +115,7 @@ int _xioopen_listen(struct single *xfd, int xioflags, struct sockaddr *us, sockl
int backlog = 5; /* why? 1 seems to cause problems under some load */
char *rangename;
bool dofork = false;
int maxchildren = 0;
char infobuff[256];
char lisname[256];
union sockaddr_union _peername;
@ -134,6 +136,13 @@ int _xioopen_listen(struct single *xfd, int xioflags, struct sockaddr *us, sockl
xfd->flags |= XIO_DOESFORK;
}
retropt_int(opts, OPT_MAX_CHILDREN, &maxchildren);
if (! dofork && maxchildren) {
Error("option max-children not allowed without option fork");
return STAT_NORETRY;
}
if (applyopts_single(xfd, opts, PH_INIT) < 0) return -1;
if (dofork) {
@ -278,12 +287,25 @@ int _xioopen_listen(struct single *xfd, int xioflags, struct sockaddr *us, sockl
if (dofork) {
pid_t pid; /* mostly int; only used with fork */
sigset_t mask_sigchld;
/* we must prevent that the current packet triggers another fork;
therefore we wait for a signal from the recent child: USR1
indicates that is has consumed the last packet; CHLD means it has
terminated */
/* block SIGCHLD and SIGUSR1 until parent is ready to react */
sigemptyset(&mask_sigchld);
sigaddset(&mask_sigchld, SIGCHLD);
Sigprocmask(SIG_BLOCK, &mask_sigchld, NULL);
if ((pid = xio_fork(false, level==E_ERROR?level:E_WARN)) < 0) {
Close(xfd->fd);
Sigprocmask(SIG_UNBLOCK, &mask_sigchld, NULL);
return STAT_RETRYLATER;
}
if (pid == 0) { /* child */
pid_t cpid = Getpid();
Sigprocmask(SIG_UNBLOCK, &mask_sigchld, NULL);
Info1("just born: client process "F_pid, cpid);
xiosetenvulong("PID", cpid, 1);
@ -308,6 +330,15 @@ int _xioopen_listen(struct single *xfd, int xioflags, struct sockaddr *us, sockl
if (Close(ps) < 0) {
Info2("close(%d): %s", ps, strerror(errno));
}
/* now we are ready to handle signals */
Sigprocmask(SIG_UNBLOCK, &mask_sigchld, NULL);
while (maxchildren) {
if (num_child < maxchildren) break;
Notice("maxchildren are active, waiting");
while (!Sleep(UINT_MAX)) ; /* any signal lets us continue */
}
Info("still listening");
} else {
if (Close(xfd->fd) < 0) {

View file

@ -1,5 +1,5 @@
/* source: xio-listen.h */
/* Copyright Gerhard Rieger 2001-2006 */
/* Copyright Gerhard Rieger 2001-2011 */
/* Published under the GNU General Public License V.2, see file COPYING */
#ifndef __xio_listen_h_included
@ -7,6 +7,7 @@
extern const struct optdesc opt_backlog;
extern const struct optdesc opt_fork;
extern const struct optdesc opt_max_children;
extern const struct optdesc opt_range;
int

2
xio.h
View file

@ -378,6 +378,8 @@ struct opt {
extern const char *PIPESEP;
extern xiofile_t *sock[XIO_MAXSOCK];
extern int num_child;
/* return values of xioopensingle */
#define STAT_OK 0
#define STAT_WARNING 1

View file

@ -15,7 +15,7 @@ static int xioinitialized;
xiofile_t *sock[XIO_MAXSOCK];
int (*xiohook_newchild)(void); /* xio calls this function from a new child
process */
int num_child = 0;
/* returns 0 on success or != if an error occurred */
int xioinitialize(void) {
@ -181,6 +181,7 @@ int xio_forked_inchild(void) {
for (i=0; i<NUMUNKNOWN; ++i) {
diedunknown[i] = 0;
}
num_child = 0;
xiodroplocks();
#if WITH_FIPS
if (xio_reset_fips_mode() != 0) {
@ -237,6 +238,7 @@ pid_t xio_fork(bool subchild, int level) {
return 0;
}
num_child++;
/* parent process */
Notice1("forked off child process "F_pid, pid);
/* gdb recommends to have env controlled sleep after fork */

View file

@ -854,6 +854,8 @@ const struct optname optionnames[] = {
IF_ANY ("lseek64-set", &opt_lseek64_set)
#endif
IF_TUN ("master", &opt_iff_master)
IF_LISTEN ("max-children", &opt_max_children)
IF_LISTEN ("maxchildren", &opt_max_children)
#ifdef TCP_MAXSEG
IF_TCP ("maxseg", &opt_tcp_maxseg)
IF_TCP ("maxseg-late", &opt_tcp_maxseg_late)

View file

@ -432,6 +432,7 @@ enum e_optcode {
OPT_IXON, /* termios.c_iflag */
OPT_LOCKFILE,
OPT_LOWPORT,
OPT_MAX_CHILDREN,
#ifdef NLDLY
# ifdef NL0
OPT_NL0, /* termios.c_oflag */

View file

@ -104,6 +104,7 @@ void childdied(int signum) {
return;
}
/*! indent */
if (num_child) num_child--;
/* check if it was a registered child process */
i = 0;
while (i < XIO_MAXSOCK) {