Skip to content
Browse files
tun: Kill the tunnel script's process group
When invoked with --script-tun, openconnect starts the tunnel script
via "/bin/sh -c 'SCRIPT'", then sends SIGHUP to the shell's PID when
shutting down.  However, non-interactive shells are not guaranteed to
send SIGHUP to any running jobs¹; indeed, the observed behavior on
Linux is that only the shell process receives SIGHUP, and the tunnel
script continues running after openconnect exits.

A quick fix is to set the child's pgid == pid, then send SIGHUP to the
entire process group when we want to shut down.


Signed-off-by: Kevin Cernekee <>
Signed-off-by: David Woodhouse <>
  • Loading branch information
cernekee authored and David Woodhouse committed Nov 14, 2012
1 parent 4bde161 commit 2f9fa7cc11e1d643067c6c53487ddb8087d96239
Showing with 4 additions and 1 deletion.
  1. +4 −1 tun.c
5 tun.c
@@ -652,6 +652,8 @@ int setup_tun(struct openconnect_info *vpninfo)
} else if (!child) {
if (setpgid(0, getpid()) < 0)
setenv_int("VPNFD", fds[1]);
execl("/bin/sh", "/bin/sh", "-c", vpninfo->vpnc_script, NULL);
@@ -786,7 +788,8 @@ int tun_mainloop(struct openconnect_info *vpninfo, int *timeout)
void shutdown_tun(struct openconnect_info *vpninfo)
if (vpninfo->script_tun) {
kill(vpninfo->script_tun, SIGHUP);
/* nuke the whole process group */
kill(-vpninfo->script_tun, SIGHUP);
} else {
script_config_tun(vpninfo, "disconnect");
#ifdef __sun__

0 comments on commit 2f9fa7c

Please sign in to comment.