Set SIGPIPE to SIG_IGN (!591) · Merge requests · OpenConnect VPN projects / OpenConnect

This solves #783 (closed).

Rationale: When sendmsg fails due to a socket being closed, it will signal SIGPIPE instead of returning EPIPE. See https://pubs.opengroup.org/onlinepubs/009604599/functions/sendmsg.html:

[EPIPE]
    The socket is shut down for writing, or the socket is connection-mode and is no longer connected. In the latter case, and if the socket is of type SOCK_STREAM, the SIGPIPE signal is generated to the calling thread.

The default behavior of a SIGPIPE signal is to just kill the process, with no core dump or error message. (Let me tell you that debugging this was a bit of a ride...) In the case of openconnect, this means that the process just dies, and does not execute the vpnc-script with the "disconnect" argument. (This in turn typically leads to severely messed up routing.)

There are multiple possible ways of handling this, but I agree with this assessment https://stackoverflow.com/a/108192 that setting the SIGPIPE handler to SIG_IGN is the cleanest, safest and most portable.

I have verified that with this patch GnuTLS instead returns an error code, which triggers openconnect to seamlessly reconnect to the VPN service, instead of just dying quietly.

Set SIGPIPE to SIG_IGN

Merge request reports