[GIT PULL] Documentation updates; change SIGHUP behavior

Kevin Cernekee cernekee at gmail.com
Wed May 21 19:30:50 PDT 2014 

On Wed, May 21, 2014 at 3:56 AM, David Woodhouse <dwmw2 at infradead.org> wrote:
>> Update man page with information on SIGUSR1/SIGUSR2 usage
>
> Hm. Do we really want to admit to that and make it part of the
> documented interface? It was vaguely useful as a test hack a long time
> ago but is it still worth having?

For my part, the high level goal was to be able to see some of the
PRG_TRACE output without dumping information on every single packet to
the terminal.  The problem is that PRG_TRACE mixes frequent prints
(packets, "No work to do"), semi-frequent prints (DPD, keepalive), and
infrequent prints (X-{CSTP,DTLS} headers, cert info, SSL warnings).

So maybe another option is to restructure the debug prints, as follows:

 - Change all of the infrequent PRG_TRACE prints to PRG_DEBUG (which
is almost completely unused now).

 - Maybe change some/all of the semi-frequent prints to PRG_DEBUG.

 - Change the "-v" option so that "-v" selects PRG_DEBUG and "-vv"
selects PRG_TRACE.

>> main: Make SIGHUP force a reconnection
>
> Hm. That isn't a wonderfully backward-compatible change. If you send
> SIGHUP to an existing openconnect process, it's going to kill the
> connection and exit.
>
> I wonder if we should continue to use both SIGHUP and SIGINT for
> actually making it *disconnect*, either with a logout packet
> (terminating the session so the cookie can't be re-used) or without
> one.  And since NetworkManager-openconnect currently uses SIGINT for
> the disconnect-and-logoff action, I suppose we'd use SIGHUP for just
> disconnecting. (Making NM-openconnect cope with re-using a cookie and
> automatically reconnecting to the VPN when it manages to reconnect to
> the local network is on my ever-growing TODO list...)

One thing that bothered me about SIGINT/SIGHUP is that they were
redundant.  Many daemons use SIGHUP for "reread the configuration and
restart" which sort of seems close.

I've been using SIGQUIT to disconnect without sending the BYE packet.
It has a convenient keyboard shortcut (^\) too.  But it might force a
core dump, depending on rlimits.  So maybe it's not the right signal
to recommend for general use.

> If we use USR2 for your new capability to force an immediate
> reconnect, then that's going to do the right thing (nothing) on old
> versions of openconnect. And then we don't end up putting hacks into
> the tools which *use* that facility, to try to work out which version
> they're running.
>
> You end up with the following signal behaviour:
> SIGINT: Disconnect and logoff, run vpnc-script accordingly
> SIGHUP: Disconnect and run vpnc-script (cookie can be re-used)
> SIGTERM: Just die. Disconnect without logoff, no vpnc-script
> SIGUSR2: Reconnect to server immediately as if DPD triggered.

Could you take a look at my prototype here:

https://github.com/cernekee/openconnect/commits/signal-20140521
git://github.com/cernekee/openconnect signal-20140521

I didn't try building on Windows - I'm assuming the SIG* constants are
still defined but they don't function as expected?

With the PRG_DEBUG changes it becomes practical to run "openconnect
-v" during development.

More information about the openconnect-devel mailing list