[Openswan Users] Patch for pclose() failed, sigchld (error 10)

Albert Siersema appie at friendly.net
Thu Jan 6 13:02:47 CET 2005 

Hello all,

We've been messing around with this problem for quite a while and I thought
i'd dive in a bit more this time.

The problem occurs when start/stopping openswan from non-tty's, e.g. from a 
web interface or cron.
pluto then complains pclose failed on the updown script. What actually 
happens is that pclose() returns an error because the SIGCHLD signal was set 
to SIG_IGN. The pluto kernel.c code assumes an error from pclose() is 
serious and thus stops.

Other people experienced the same problem as can be seen in:
http://lists.freeswan.org/pipermail/users/2003-February/018136.html

A solution is to
a) make the pclose() error handling code the wiser by adding a special
    clause for ECHILD. This however will kinda ignore any error codes
    the updown script might have returned.
b) temporarily setting SIGCHLD to SIG_DFL

I've choosen b)

I gather more people suffer from this and it might be that there's the 
openswan developpers regard this not their problem. It probably isn't, might 
be that a parent process (apache ?) sets these signals to IGN instead of DFL.
However, this solves the problem for us.
Hope this helps some other people as well.

Albert Siersema




--- openswan-2.2.0/programs/pluto/kernel.c      2004-06-14 
03:46:02.000000000 +0200
+++ openswan-2.2.0-sigchild/programs/pluto/kernel.c     2005-01-06 
12:08:35.000000000 +0100
@@ -580,11 +580,14 @@
           * Any used by library routines (perhaps the resolver or syslog)
           * will remain.
           */
+        __sighandler_t savesig;
+        savesig = signal(SIGCHLD, SIG_DFL);
          FILE *f = popen(cmd, "r");

          if (f == NULL)
          {
              loglog(RC_LOG_SERIOUS, "unable to popen %s%s command", verb, 
verb_suffix);
+            signal(SIGCHLD, savesig);
              return FALSE;
          }

@@ -600,6 +603,7 @@
                  {
                      log_errno((e, "fgets failed on output of %s%s command"
                          , verb, verb_suffix));
+                    signal(SIGCHLD, savesig);
                      return FALSE;
                  }
                  else
@@ -621,6 +625,7 @@
          /* report on and react to return code */
          {
              int r = pclose(f);
+            signal(SIGCHLD, savesig);

              if (r == -1)
              {

More information about the Users mailing list