Polypath is are going to want to spawn a persistent child process,
which will not exec. This child ought not to hold onto the various
important fds.
Otherwise, if the main secnet process dies but the child does not (for
some reason), the network interfaces, udp sockets, etc., set up by the
old secnet will remain owned by the child.
Introduce a new PHASE for this purpose (currently never entered).
Provide a convenient common hook function for closing a single fd.
Add phase hooks to:
* Close udp sockets (in the udp and polypath comm modules);
* Close the pipes to userv-ipif (slip netlink module);
* Close the tun device (tun netlink module);
* Zero out data transport keys, to improve forward secrecy in case
the subprocess leaks somehow. (Sadly we can't conveniently find
the asymmmetric crypto session key negotiation state to wipe it.)
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
~ian / secnet.git / commitdiff