Menu
▾
▴
[IPCop-cvs] ipcop/src/misc-progs restartsnort.c,1.8.2.5,1.8.2.6
|
From: Franck B. <fra...@us...> - 2007-05-26 16:45:36
|
Update of /cvsroot/ipcop/ipcop/src/misc-progs In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv11622 Modified Files: Tag: IPCOP_v1_4_0 restartsnort.c Log Message: It is better to check for all snorts termination in one loop. Waiting to much time between the fisrt and last 'testing loop' may have conduct to a test for an already reused pid (highly improbable). Index: restartsnort.c =================================================================== RCS file: /cvsroot/ipcop/ipcop/src/misc-progs/restartsnort.c,v retrieving revision 1.8.2.5 retrieving revision 1.8.2.6 diff -C2 -d -r1.8.2.5 -r1.8.2.6 *** restartsnort.c 25 May 2007 17:43:17 -0000 1.8.2.5 --- restartsnort.c 26 May 2007 16:45:35 -0000 1.8.2.6 *************** *** 65,69 **** if (kill(pid, SIGTERM) == -1) fprintf(stderr, "Unable to send SIGTERM\n"); ! return pid; } } --- 65,70 ---- if (kill(pid, SIGTERM) == -1) fprintf(stderr, "Unable to send SIGTERM\n"); ! else ! return pid; } } *************** *** 75,85 **** and here we wait for completion */ ! void wait_pid_to_die (int pid) { ! int loop = 50; /* 50 seconde timeout */ ! if (pid) /* valid pid needed */ ! do { ! sleep(1); ! } while ((loop--) && (kill(pid, SIGTERM) == 0) ); } --- 76,111 ---- and here we wait for completion */ ! void wait_pids_to_die () { ! int loop = 50; /* 50 secondes timeout */ ! /* we can imagine a super very fast active IPcop that have ! started another process with one of old snort pid. So ! use a 'do nothing' signal to check. ! Note: waitpid() cannot be used because snorts are not child of this prog. ! */ ! #define signal SIGCONT ! do { ! if (pid_green) /* valid pid needed */ ! { ! if (kill(pid_green, signal) != 0) ! pid_green = 0; /* ok process is dead */ ! } ! if (pid_red) /* valid pid needed */ ! { ! if (kill(pid_red, signal) != 0) ! pid_red = 0; /* ok process is dead */ ! } ! if (pid_orange) /* valid pid needed */ ! { ! if (kill(pid_orange, signal) != 0) ! pid_orange = 0; /* ok process is dead */ ! } ! if (pid_blue) /* valid pid needed */ ! { ! if (kill(pid_blue, signal) != 0) ! pid_blue = 0; /* ok process is dead */ ! } ! /* sleep() always returns 0 */ ! } while ( (loop--) && (pid_green+pid_red+pid_orange+pid_blue) && (sleep(1)==0) ); } *************** *** 338,346 **** */ snortconfig = "/etc/snort/snort.conf"; if (restartred && strlen(iface) && (fd = open(CONFIG_ROOT "/snort/enable", O_RDONLY)) != -1) { close(fd); - wait_pid_to_die (pid_red); snprintf(command, STRING_SIZE -1, "/usr/sbin/snort -c %s -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s", --- 364,372 ---- */ snortconfig = "/etc/snort/snort.conf"; + wait_pids_to_die(); if (restartred && strlen(iface) && (fd = open(CONFIG_ROOT "/snort/enable", O_RDONLY)) != -1) { close(fd); snprintf(command, STRING_SIZE -1, "/usr/sbin/snort -c %s -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s", *************** *** 352,356 **** { close(fd); - wait_pid_to_die (pid_blue); snprintf(command, STRING_SIZE -1, "/usr/sbin/snort -c %s -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s", --- 378,381 ---- *************** *** 362,366 **** { close(fd); - wait_pid_to_die (pid_orange); snprintf(command, STRING_SIZE -1, "/usr/sbin/snort -c %s -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s", --- 387,390 ---- *************** *** 372,376 **** { close(fd); - wait_pid_to_die (pid_green); snprintf(command, STRING_SIZE -1, "/usr/sbin/snort -c %s -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s", --- 396,399 ---- |