[rsyslog] Queue System

Jonathan Bond-Caron jbondc at openmv.com
Thu Oct 8 15:17:44 CEST 2009 

On Thu Oct 8 03:51 AM, Rainer Gerhards wrote:
> > -----Original Message-----
> > > The close may get through. It is a (kind of) race condition, 
> > > inside
> > the tcp
> > > stack. Assume the following happens (System S being the server,
> > system C
> > > being  the client):
> 
> Ah, I didn't pay attention to the netstat. You are right, in *this* 
> case the close looks like it does not go through. HOWEVER, for the 
> argument I have given, this race exists in general. The window is 
> extremely short (at least on a local LAN), but I have learned if there 
> is a potential for a race, it will happen sooner or later. Chances go 
> up very soon as quickly as you have millions and millions of cases...
> Just yesterday I was able to find a race with a much lower probability 
> in v5-beta during shutdown... And it really happened (thankfully only 
> in my lab, where I set parameters to make such races more probable).
> 

I decided to look at the code and I must say, wow documented open source
code!
I haven't written c in a while but easily found my way, so big congrats on
keeping the code so clean. 

After some googling, I found that whenever TCP is in status CLOSE_WAIT, the
host is expected to close the socket sometime soon. It might not want to
close it right away for example to keep-alive the connection...

So I searched for all close() calls on the socket.

I found sockClose() then static void CheckConnection(nsd_t *pNsd)  --
runtime/nsd_ptcp.c
http://blog.gerhards.net/2008/06/getting-bit-more-reliability-from-plain.htm
l

With debug mode I found:

5543.432507331:action 10 queue:Reg/w0:  server:10514/tcp
5543.432507331:action 10 queue:Reg/w0: TCP sent 36 bytes, requested 36

It turns out I was pointing to the SSL config which had:
$DefaultNetstreamDriver gtls

For this, I found: void CheckConnection(nsd_t *pNsd)  -- runtime/nsd_gtls.c

/* This function checks if the connection is still alive - well, kind of...
 * This is a dummy here. For details, check function common in ptcp driver.
 * rgerhards, 2008-06-09
 */
static void
CheckConnection(nsd_t *pNsd)
{
dbgprintf("CheckConnection SSL - do something\n");

        nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
        ISOBJ_TYPE_assert(pThis, nsd_gtls);

        nsd_ptcp.CheckConnection(pThis->pTcp);
}


5649.998580185:action 10 queue:Reg/w0:  server:10514/tcp
5649.998580185:action 10 queue:Reg/w0: CheckConnection SSL - do something
5649.998580185:action 10 queue:Reg/w0: CheckConnection detected broken
connection - closing it

Wonderful! It works as I would expect.

But, is there any reason why the socket check wasn't added for SSL? I'm
currently testing this 'patch' with a couple of 'live' servers and randomly
stopping the central logging server.

More information about the rsyslog mailing list