firewall: handle InterruptedError in get_connected_ips. Retry qdb.read to avoid startup crash. Added test.

Harshit6-b · Harshit6-b · commit 9bb1a94115bf · 2026-03-26T15:38:04.000+05:30
diff --git a/qubesagent/firewall.py b/qubesagent/firewall.py
@@ -82,7 +82,13 @@ def update_connected_ips(self, family):
         raise NotImplementedError
 
     def get_connected_ips(self, family):
-        ips = self.qdb.read('/connected-ips6' if family == 6 else '/connected-ips')
+        while True:
+            try:
+                ips = self.qdb.read(
+                    '/connected-ips6' if family == 6 else '/connected-ips')
+                break
+            except InterruptedError:
+                continue
         if ips is None:
             return []
         return ips.decode().split()
diff --git a/qubesagent/test_firewall.py b/qubesagent/test_firewall.py
@@ -572,3 +572,26 @@ def test_is_blocked(self):
 
         for server in dns_servers_ipv6:
             self.assertTrue(self.obj.is_blocked(rules, ("udp", server, "53"), dns))
+
+    def test_get_connected_ips_retries_on_interrupted_error(self):
+        #get_connected_ips() must retry qdb.read() on InterruptedError.
+        #simulate SIGHUP interrupting qdb.read() on first call,
+        #succeeding on second
+        original_read = self.obj.qdb.read
+        call_count = [0]
+
+        def read_with_interrupt(key):
+            call_count[0] += 1
+            if call_count[0] == 1:
+                raise InterruptedError
+            return original_read(key)
+
+        self.obj.qdb.entries['/connected-ips'] = b'10.137.0.1 10.137.0.2'
+        self.obj.qdb.read = read_with_interrupt
+
+        #all the real get_connected_ips, not the overridden one
+        result = qubesagent.firewall.FirewallWorker.get_connected_ips(
+            self.obj, 4)
+
+        self.assertEqual(result, ['10.137.0.1', '10.137.0.2'])
+        self.assertEqual(call_count[0], 2)
