[OpenWrt-Devel] dropbear: close all active clients on shutdown

Message ID 20180712023603.6177-1-luaraneda@gmail.com
State Accepted
Delegated to: John Crispin
Headers show
Series
  • [OpenWrt-Devel] dropbear: close all active clients on shutdown
Related show

Commit Message

Luis Araneda July 12, 2018, 2:36 a.m.
From: Christian Schoenebeck <christian.schoenebeck@gmail.com>

Override the default shutdown action (stop) and close all processes
of dropbear

Since commit 498fe85, the stop action only closes the process
that's listening for new connections, maintaining the ones with
existing clients.
This poses a problem when restarting or shutting-down a device,
because the connections with existing SSH clients, like OpenSSH,
are not properly closed, causing them to hang.

This situation can be avoided by closing all dropbear processes when
shutting-down the system, which closes properly the connections with
current clients.

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
[Luis: Rework commit message]
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
---
 package/network/services/dropbear/files/dropbear.init | 5 +++++
 1 file changed, 5 insertions(+)

Comments

John Crispin July 12, 2018, 6:49 a.m. | #1
On 12/07/18 04:36, Luis Araneda wrote:
> From: Christian Schoenebeck <christian.schoenebeck@gmail.com>
>
> Override the default shutdown action (stop) and close all processes
> of dropbear
>
> Since commit 498fe85, the stop action only closes the process
> that's listening for new connections, maintaining the ones with
> existing clients.
> This poses a problem when restarting or shutting-down a device,
> because the connections with existing SSH clients, like OpenSSH,
> are not properly closed, causing them to hang.
>
> This situation can be avoided by closing all dropbear processes when
> shutting-down the system, which closes properly the connections with
> current clients.

does this break sysupgrade when run via ssh ?
     John

> Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
> [Luis: Rework commit message]
> Signed-off-by: Luis Araneda <luaraneda@gmail.com>
> ---
>   package/network/services/dropbear/files/dropbear.init | 5 +++++
>   1 file changed, 5 insertions(+)
>
> diff --git a/package/network/services/dropbear/files/dropbear.init b/package/network/services/dropbear/files/dropbear.init
> index 2225113498..b86e52d8bc 100755
> --- a/package/network/services/dropbear/files/dropbear.init
> +++ b/package/network/services/dropbear/files/dropbear.init
> @@ -148,6 +148,11 @@ service_triggers()
>   	procd_add_validation validate_section_dropbear
>   }
>   
> +shutdown() {
> +	# close all open connections
> +	killall dropbear
> +}
> +
>   killclients()
>   {
>   	local ignore=''
Luis Araneda July 12, 2018, 4:18 p.m. | #2
Hi John,

On Thu, Jul 12, 2018 at 2:49 AM John Crispin <john@phrozen.org> wrote:
> does this break sysupgrade when run via ssh ?

No, it works as expected, as sysupgrade is done in stages now.

I just tested with an Asus RT-AC58U connected with a serial console
and an SSH connection.

The sysupgrade was done though the SSH connection:
> root@OpenWrt:~# sysupgrade /tmp/openwrt-ipq40xx-asus_rt-ac58u-squashfs-sysupgrade.bin
> Saving config files...
> Commencing upgrade. Closing all shell sessions.
> Connection to 192.168.1.1 closed by remote host.
> Connection to 192.168.1.1 closed.

The output from the serial console confirms that the sysupgrade was
done correctly:
> Watchdog handover: fd=3
> - watchdog -
> killall: telnetd: no process killed
> Sending TERM to remaining processes ... uhttpd nlbwmon ubusd collectd dnsmasq hostapd hostapd ntpd logd rpcd netifd oe
> Sending KILL to remaining processes ...
> Switching to ramdisk...
> Performing system upgrade...
(removed some lines no improve readability)

Thanks,

Luis Araneda.
John Crispin July 12, 2018, 5:11 p.m. | #3
On 12/07/18 18:18, Luis Araneda wrote:
> Hi John,
>
> On Thu, Jul 12, 2018 at 2:49 AM John Crispin <john@phrozen.org> wrote:
>> does this break sysupgrade when run via ssh ?
> No, it works as expected, as sysupgrade is done in stages now.
>
> I just tested with an Asus RT-AC58U connected with a serial console
> and an SSH connection.
>
> The sysupgrade was done though the SSH connection:
>> root@OpenWrt:~# sysupgrade /tmp/openwrt-ipq40xx-asus_rt-ac58u-squashfs-sysupgrade.bin
>> Saving config files...
>> Commencing upgrade. Closing all shell sessions.
>> Connection to 192.168.1.1 closed by remote host.
>> Connection to 192.168.1.1 closed.
> The output from the serial console confirms that the sysupgrade was
> done correctly:
>> Watchdog handover: fd=3
>> - watchdog -
>> killall: telnetd: no process killed
>> Sending TERM to remaining processes ... uhttpd nlbwmon ubusd collectd dnsmasq hostapd hostapd ntpd logd rpcd netifd oe
>> Sending KILL to remaining processes ...
>> Switching to ramdisk...
>> Performing system upgrade...
> (removed some lines no improve readability)
>
> Thanks,
>
> Luis Araneda.

Hi Luis,
thanks for the elaborate test report
     John

Patch

diff --git a/package/network/services/dropbear/files/dropbear.init b/package/network/services/dropbear/files/dropbear.init
index 2225113498..b86e52d8bc 100755
--- a/package/network/services/dropbear/files/dropbear.init
+++ b/package/network/services/dropbear/files/dropbear.init
@@ -148,6 +148,11 @@  service_triggers()
 	procd_add_validation validate_section_dropbear
 }
 
+shutdown() {
+	# close all open connections
+	killall dropbear
+}
+
 killclients()
 {
 	local ignore=''