oz-init pid mappings are now properly destroyed as these processes exit.

8 years ago · b567e5ce54
parent a930fbbce0
commit b567e5ce54
2 changed files with 25 additions and 1 deletions
--- a/sgfw/ipc.go
+++ b/sgfw/ipc.go
@ -34,6 +34,7 @@ func addInitPid(pid int, name string) {
 }

 func removeInitPid(pid int) {
+fmt.Println("::::::::::: removing PID: ", pid)
 	for i := 0; i < len(OzInitPids); i++ {
 		if OzInitPids[i].Pid == pid {
 			OzInitPids = append(OzInitPids[:i], OzInitPids[i+1:]...)
@ -174,6 +175,18 @@ func ReceiverLoop(fw *Firewall, c net.Conn) {
 				addInitPid(initpid, ozname)
 				c.Write([]byte("OK.\n"))
 				return
+			} else if tokens[0] == "unregister-init" && len(tokens) == 2 {
+				initp := tokens[1]
+				initpid, err := strconv.Atoi(initp)
+
+				if err != nil {
+					log.Notice("IPC received invalid oz-init pid: ", initp)
+					c.Write([]byte("Bad command: init pid was invalid"))
+					return
+				}
+
+				removeInitPid(initpid)
+				c.Write([]byte("OK.\n"))
 			}

 			if len(tokens) != 6 {
--- a/sgfw/policy.go
+++ b/sgfw/policy.go
@ -502,6 +502,7 @@ func findProcessForPacket(pkt *nfqueue.NFQPacket) (*procsnitch.Info, string) {
 		res := procsnitch.LookupTCPSocketProcessAll(srcip, srcp, dstip, dstp, nil)

 		if res == nil {
+			removePids := make([]int, 0)

 			for i := 0; i < len(OzInitPids); i++ {
 				data := ""
@ -511,6 +512,11 @@ fmt.Println("XXX: opening: ", fname)

 				if err != nil {
 					fmt.Println("Error reading proc data from ", fname, ": ", err)
+
+					if err == syscall.ENOENT {
+						removePids = append(removePids, OzInitPids[i].Pid)
+					}
+
 					continue
 				} else {
 					data = string(bdata)
@ -538,6 +544,11 @@ fmt.Println("XXX: opening: ", fname)
 				}

 			}
+
+			for _, p := range removePids {
+				removeInitPid(p)
+			}
+
 		}

 		return res, optstr