[strongSwan] Small Problems with 5.2

Martin Willi martin at strongswan.org
Fri Jul 11 14:55:26 CEST 2014


Dirk,

Thanks for the update. I could reproduce the issue, it happens when
starter forks() to the background. I haven't seen that, as starter logs
to a different file here.

Due to [1], starter closefrom()s all open file descriptors after the
fork. As we now use libstrongswan to manage IPC sockets, this won't
work. The file descriptor watcher class uses a pipe() to signal FDSET
changes. And the closefrom() just kills our pipe.

Not sure what the best approach is to address this, but the closefrom()
is definitely not that elegant. The attached patch fixes the issue here.

@Tobias: What do you think about reverting [1]? Could we use a less
aggressive mechanism to close these FDs for Android?

Probably we should go through a libstrongswan deinit/init cycle
after/during the fork(), so we don't share the pipe with the parent
process. This is a little tricky with leak-detective, though.

Regards
Martin

[1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=652ddf5c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-starter-Do-not-close-all-file-descriptors-after-fork.patch
Type: text/x-patch
Size: 818 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140711/3e1c49c1/attachment.bin>


More information about the Users mailing list