[ Content | Sidebar ]

Archives for September, 2020

Xupu Bridge

September 30th, 2020

I’m taking advantage of the fine weather to go out for another walk. This time down the west bank of the Huangpu river.

After a while I came to the Xupu bridge, which carries Shanghai’s outer ring road. I’ve seen this bridge a few times before (last weekend, in fact) but never got close to it. I found to my excitement you can take a ferry right underneath it!

The bridge is the 48th tallest in the world. Although a quick scan down that lists reveals the majority are also in China.

On the east bank there’s a small park with some rather excellent views of the ramp up onto the bridge. Reminds me a bit of the a Humber bridge country park I visited many years ago.

After that I walked to the Xinzhuang interchange, an enormous elevated highway intersection that looks amazing on the map but sadly the only pedestrian access is via a tunnel underneath.

Dianpu River

September 26th, 2020

The weather here is starting to cool off and with little sign of the coronavirus it’s time to venture out walking again. This time I tried to walk along the Dianpu river, a small river south of where I live, to the Huangpu river, the main river that runs through the centre of Shanghai.

Frustratingly there isn’t a continuous path running the whole length so eventually I settled for walking along nearby streets and crossing back over when there was a bridge.

Where the Dianpu river joins the larger Huangpu river

I thought there might be a ferry to the other side where I could continue walking. But although the terminal was marked on the map it was either permanently closed or still under construction.

SIGPIPE and how to ignore it

September 23rd, 2020

I recently found myself trying to port a program that uses Boost Asio to run on OpenBSD. Everything compiled OK but while running it would occasionally exit with an unhandled SIGPIPE signal. This doesn’t happen on Linux. What’s going on here?

SIGPIPE is a synchronous signal that’s sent to a process (thread in POSIX.1-2004) which attempts to write data to a socket or pipe that has been closed by the reading end. Importantly it’s not an asynchronous signal that notifies you when the reading end has been closed: it’s delivered only when you attempt to write data. In fact it’s generated precisely when the system call (write(2), sendmsg(2), etc.) would fail with EPIPE and doesn’t give any additional information.

So what’s the point then? The default action for SIGPIPE is to terminate the process without a core dump (just like SIGINT or SIGTERM). This simplifies error handling in programs that are meant to run as part of a shell pipeline: reading input, transforming it, and then writing it to another process. SIGPIPE allows the program to skip error handling and blindly write data until it’s killed.

For programs that handle write errors it doesn’t seem to be useful and is best avoided. But unfortunately there are several different ways to do that.

Ignore the signal globally

This is the easiest if you are in complete control of the program (i.e. not writing a library). Just set the signal to SIG_IGN and forget about it.

signal(SIGPIPE, SIG_IGN);

Use MSG_NOSIGNAL

If you are writing to a socket, and not an actual pipe, pass the MSG_NOSIGNAL flag to send(2) or sendmsg(2). This has been in Linux for ages and was standardised in POSIX.1-2008 so it’s available almost anywhere.

Set SO_NOSIGPIPE socket option

This is a bit niche as it only exists on FreeBSD and OS X. Use setsockopt(2) to set this option on a socket and all subsequent send(2) calls will behave as if MSG_NOSIGNAL was set.

int on = 1;
setsockopt(s, SOL_SOCKET, SO_NOSIGPIPE, &on, sizeof(on))

This seems to be of limited utility as calling write(2) on the socket will still generate SIGPIPE. The only use I can think of is if you need to pass the socket to a library or some other code you don’t control.

Temporarily mask the signal on the current thread

The most general solution, for when you are not in full control of the program’s signal handling and want to write data to an actual pipe or use write(2) on a socket, is to first mask the signal for the current thread with pthread_sigmask(3), write the data, drain any pending signal with sigtimedwait(2) and a zero timeout, and then finally unmask SIGPIPE. This technique is described in more detail here. Note that some systems such as OpenBSD do not have sigtimedwait(2) in which case you need to use sigpending(2) to check for pending signals and then call the blocking sigwait(2).

Anyway back to the original problem. Asio hides SIGPIPE from the programmer by either setting the SO_NOSIGPIPE socket option on systems that support it, or on Linux by passing MSG_NOSIGNAL to sendmsg(2). None of these apply to OpenBSD which is why we get the SIGPIPE. I submitted a pull request to pass MSG_NOSIGNAL on OpenBSD as well. But I don’t know when or if that will be merged so I’m also trying to get the same fix added to the ports tree.

UPDATE: a patch is now in the ports tree.

OpenSMTPD: use SSL client certificate when relaying outgoing mail

September 13th, 2020

I recently set up OpenSMTPD as the MTA on my local machine. I want to relay outgoing mail through another mail server on my VPS which is configured to only accept SSL connections with valid client certificates.

It’s not clear from the documentation how to configure this in smtpd.conf. However I eventually found from the source code that the “relay” action accepts a “pki” option to specify a certificate and key file.

action "outbound" relay host smtps://user@mail.example.org \
	auth <secrets> pki host.example.org mail-from "@example.org"

My mail server requires a username and password in addition to the client certificate so a “secrets” table should also be configured:

table secrets file:/etc/mail/secrets

And finally add a “pki” stanza for host.example.org to associate the X.509 certificate and private key:

pki host.example.org cert "/etc/ssl/example.crt"
pki host.example.org key "/etc/ssl/private/example.key"

UPDATE: this is documented in the man page now. :D

Filed in linux - Comments closed