
<html>


<head>


<meta http-equiv="Content-Type" content="text/html; charset=utf-8">


<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>


</head>


<body dir="ltr">


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); --darkreader-inline-color:#e8e6e3; --darkreader-inline-bgcolor:#262a2b;" data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="elementToProof">


<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; --darkreader-inline-bgcolor:#262a2b; --darkreader-inline-color:#e8e6e3;" data-darkreader-inline-bgcolor="" data-darkreader-inline-color="">Hello,</span><br>


</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); --darkreader-inline-color:#e8e6e3; --darkreader-inline-bgcolor:#262a2b;" data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="elementToProof ContentPasted0">


<div><br class="ContentPasted0">


</div>


<div class="ContentPasted0">we use the Mandos solution on several hundred servers.</div>


<div><br class="ContentPasted0">


</div>


<div class="ContentPasted0">A patch had been implemented (version 1.8.10) to smooth the execution of the "checker" processes (via a random on the "interval" param) to avoid having at the same time as many child processes as hosts to check (because of the timer


 which is initialized at the same time for all hosts).</div>


<div><br class="ContentPasted0">


</div>


<div class="ContentPasted0">The negative effect of this patch is that some targets are checked much too often (almost in a loop for some) compared to others. The "interval" parameter serves more as a maximum threshold with a minimum of 1ms.</div>


<div><br class="ContentPasted0">


</div>


<div class="ContentPasted0">To solve this problem, I propose a patch which consists in randomizing the "interval" parameter at the initialization of the "checkers" to have a smoothed execution in time for the 1st check. At the time of the 2nd check, we replace


 the timer by using the "interval" parameter as a time interval between 2 checks. This way, the servers are not checked at the same time and at regular intervals (the same interval for all servers).</div>


<div><br class="ContentPasted0">


</div>


<div class="ContentPasted0">I put a lot of comments to explain the context, I don't think it's necessary to be so verbose !</div>


<div><br class="ContentPasted0">


</div>


I used the version 1.8.14 which is the one packaged for Debian.<br>


</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); --darkreader-inline-color:#e8e6e3; --darkreader-inline-bgcolor:#262a2b;" data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="elementToProof ContentPasted0">


<br>


</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); --darkreader-inline-color:#e8e6e3; --darkreader-inline-bgcolor:#262a2b;" data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="elementToProof ContentPasted0">


<br>


</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); --darkreader-inline-color:#e8e6e3; --darkreader-inline-bgcolor:#262a2b;" data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="elementToProof ContentPasted0 ContentPasted1">


--- mandos.1.8.14 2022-09-14 16:32:31.000000000 +0200


<div class="ContentPasted1">+++ mandos.new    2022-09-14 16:42:41.000000000 +0200</div>


<div class="ContentPasted1">@@ -1058,17 +1058,24 @@</div>


<div class="ContentPasted1">         # and every interval from then on.</div>


<div class="ContentPasted1">         if self.checker_initiator_tag is not None:</div>


<div class="ContentPasted1">             GLib.source_remove(self.checker_initiator_tag)</div>


<div class="ContentPasted1">+        # At the initialization of the checkers, we smooth the execution in time,</div>


<div class="ContentPasted1">+        # using a random of the interval parameter.</div>


<div class="ContentPasted1">+        # At the time of the first execution, the timer is replaced by a new one</div>


<div class="ContentPasted1">+        # based on the interval parameter to ensure that the executions are done</div>


<div class="ContentPasted1">+        # at regular intervals according to the desired configuration.</div>


<div class="ContentPasted1">         self.checker_initiator_tag = GLib.timeout_add(</div>


<div class="ContentPasted1">             random.randrange(int(self.interval.total_seconds() * 1000</div>


<div class="ContentPasted1">                                  + 1)),</div>


<div class="ContentPasted1">-            self.start_checker)</div>


<div class="ContentPasted1">+            self.start_checker, True)</div>


<div class="ContentPasted1">         # Schedule a disable() when 'timeout' has passed</div>


<div class="ContentPasted1">         if self.disable_initiator_tag is not None:</div>


<div class="ContentPasted1">             GLib.source_remove(self.disable_initiator_tag)</div>


<div class="ContentPasted1">         self.disable_initiator_tag = GLib.timeout_add(</div>


<div class="ContentPasted1">             int(self.timeout.total_seconds() * 1000), self.disable)</div>


<div class="ContentPasted1">-        # Also start a new checker *right now*.</div>


<div class="ContentPasted1">-        self.start_checker()</div>


<div class="ContentPasted1">+        # Do not launch a new checker at initialization to avoid forking the children's processes simultaneously.</div>


<div class="ContentPasted1">+        # This is problematic when you have several hundred servers to check.</div>


<div class="ContentPasted1">+        # # Also start a new checker *right now*.</div>


<div class="ContentPasted1">+        # self.start_checker()</div>


<div><br class="ContentPasted1">


</div>


<div class="ContentPasted1">     def checker_callback(self, source, condition, connection,</div>


<div class="ContentPasted1">                          command):</div>


<div class="ContentPasted1">@@ -1119,7 +1126,7 @@</div>


<div class="ContentPasted1">     def need_approval(self):</div>


<div class="ContentPasted1">         self.last_approval_request = datetime.datetime.utcnow()</div>


<div><br class="ContentPasted1">


</div>


<div class="ContentPasted1">-    def start_checker(self):</div>


<div class="ContentPasted1">+    def start_checker(self, init_timer=False):</div>


<div class="ContentPasted1">         """Start a new checker subprocess if one is not running.</div>


<div><br class="ContentPasted1">


</div>


<div class="ContentPasted1">         If a checker already exists, leave it running and do</div>


<div class="ContentPasted1">@@ -1178,6 +1185,14 @@</div>


<div class="ContentPasted1">                 GLib.PRIORITY_DEFAULT, GLib.IO_IN,</div>


<div class="ContentPasted1">                 self.checker_callback, pipe[0], command)</div>


<div class="ContentPasted1">         # Re-run this periodically if run by GLib.timeout_add</div>


<div class="ContentPasted1">+        if init_timer:</div>


<div class="ContentPasted1">+            # Schedule a new checker to be started an 'interval' from now,</div>


<div class="ContentPasted1">+            # and every interval from then on.</div>


<div class="ContentPasted1">+            if self.checker_initiator_tag is not None:</div>


<div class="ContentPasted1">+                GLib.source_remove(self.checker_initiator_tag)</div>


<div class="ContentPasted1">+            self.checker_initiator_tag = GLib.timeout_add(</div>


<div class="ContentPasted1">+                int(self.interval.total_seconds() * 1000),</div>


<div class="ContentPasted1">+                self.start_checker)</div>


<div class="ContentPasted1">         return True</div>


<div><br class="ContentPasted1">


</div>


     def stop_checker(self):<br>


</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); --darkreader-inline-color:#e8e6e3; --darkreader-inline-bgcolor:#262a2b;" data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="elementToProof ContentPasted0 ContentPasted1">


<br>


</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); --darkreader-inline-color:#e8e6e3; --darkreader-inline-bgcolor:#262a2b;" data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="elementToProof ContentPasted0 ContentPasted1">


<br>


</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); --darkreader-inline-color:#e8e6e3; --darkreader-inline-bgcolor:#262a2b;" data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="elementToProof ContentPasted0 ContentPasted1">


<br>


</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); --darkreader-inline-color:#e8e6e3; --darkreader-inline-bgcolor:#262a2b;" data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="elementToProof ContentPasted0 ContentPasted1">


<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; --darkreader-inline-bgcolor:#262a2b; --darkreader-inline-color:#e8e6e3;" data-darkreader-inline-bgcolor="" data-darkreader-inline-color="">Thank you for your support and </span><span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; --darkreader-inline-bgcolor:#262a2b; --darkreader-inline-color:#e8e6e3;" data-darkreader-inline-bgcolor="" data-darkreader-inline-color="">for


 the development of a solution that is very useful to us.</span><br>


</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); --darkreader-inline-color:#e8e6e3; --darkreader-inline-bgcolor:#262a2b;" data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="elementToProof ContentPasted0 ContentPasted1 ContentPasted2">


<br>


</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); --darkreader-inline-color:#e8e6e3; --darkreader-inline-bgcolor:#262a2b;" data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="elementToProof ContentPasted0 ContentPasted1 ContentPasted2">


<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; --darkreader-inline-bgcolor:#262a2b; --darkreader-inline-color:#e8e6e3;" data-darkreader-inline-bgcolor="" data-darkreader-inline-color="">Louis</span></div>


<div></div>


<div id="Signature">


<div>


<table cellspacing="0" style="font-family: Arial; background: transparent; font-size: 13px; line-height: 1.2; display: inline-table; --darkreader-inline-bgimage: initial; --darkreader-inline-bgcolor:rgba(24, 26, 27, 0); --darkreader-inline-color:#e8e6e3; color: rgb(0, 0, 0);" data-darkreader-inline-bgimage="" data-darkreader-inline-bgcolor="" data-darkreader-inline-color="">


<tbody>


<tr style="--darkreader-inline-color: inherit;" data-darkreader-inline-color="">


<td rowspan="1" colspan="1" style="white-space: normal; --darkreader-inline-color: inherit;" data-darkreader-inline-color="">


<table cellspacing="0" style="width: 100%; border-collapse: separate; font-family: Arial; background: transparent; font-size: 13px; line-height: 1.2; --darkreader-inline-bgimage: initial; --darkreader-inline-bgcolor:rgba(24, 26, 27, 0); --darkreader-inline-color:#e8e6e3; color: rgb(0, 0, 0);" data-darkreader-inline-bgimage="" data-darkreader-inline-bgcolor="" data-darkreader-inline-color="">


<tbody>


<tr style="--darkreader-inline-color: inherit;" data-darkreader-inline-color="">


<td rowspan="1" colspan="1" style="white-space: normal; --darkreader-inline-color: inherit;" data-darkreader-inline-color="">


<table cellspacing="0" style="width: 100%; border-collapse: separate; font-family: Arial; background: transparent; font-size: 13px; --darkreader-inline-bgimage: initial; --darkreader-inline-bgcolor:rgba(24, 26, 27, 0); --darkreader-inline-color:#e8e6e3; color: rgb(0, 0, 0);" data-darkreader-inline-bgimage="" data-darkreader-inline-bgcolor="" data-darkreader-inline-color="">


<tbody>


<tr style="height: auto; --darkreader-inline-color: inherit;" data-darkreader-inline-color="">


<td rowspan="1" colspan="1" height="111px" width="160px" style="height: 111px; width: 160px; text-align: left; vertical-align: middle; white-space: normal; border-width: initial; border-style: initial; border-color: rgb(255, 255, 255); --darkreader-inline-color: inherit; --darkreader-inline-border-top:#303436; --darkreader-inline-border-right:#303436; --darkreader-inline-border-bottom:#303436; --darkreader-inline-border-left:#303436;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">


<div id="x_logo" class="x_logo" width="120" height="85" style=""><a href="www.vadesecure.com" target="_blank" style="display:inline-block"><img width="120" height="67.384615384615" alt="img" style="width:120px; height:67.384615384615px" src="https://img.signitic.app/uploads/108998647cf2a7d306553e74ad222b29.png"></a></div>


</td>


<td rowspan="1" colspan="1" width="244px" height="111px" style="height: 111px; width: 244px; text-align: left; white-space: normal; border-width: initial; border-style: initial; border-color: rgb(255, 255, 255); --darkreader-inline-color: inherit; --darkreader-inline-border-top:#303436; --darkreader-inline-border-right:#303436; --darkreader-inline-border-bottom:#303436; --darkreader-inline-border-left:#303436;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">


<div style="white-space:normal">


<div style="white-space:normal">


<p style="line-height:11.55pt; white-space:normal; margin:0px"><strong><span style="font-size: 10pt; font-family: Arial, sans-serif; color: white; --darkreader-inline-color:#c8c3bc;" data-darkreader-inline-color=""><span style="color: rgb(0, 0, 0); --darkreader-inline-color:#e8e6e3;" data-darkreader-inline-color="">Louis


 Charreau</span><br>


</span></strong><u></u><u></u><span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(163, 22, 30); --darkreader-inline-color:#ff7b6c;" data-darkreader-inline-color=""><span style="color: rgb(242, 0, 137); --darkreader-inline-color:#ff399f;" data-darkreader-inline-color=""></span><br>


<span style="font-size: 9pt; font-family: Arial, sans-serif; color: rgb(44, 44, 44); --darkreader-inline-color:#cfcbc4;" data-darkreader-inline-color=""><br>


louis.charreau@vadesecure.com<br>


<em></em><br>


</span><br>


</span><u></u></p>


</div>


</div>


</td>


<td rowspan="1" colspan="1" height="111px" width="45px" style="text-align: left; width: 45px; height: 111px; vertical-align: top; white-space: normal; border-width: initial; border-style: initial; border-color: rgb(255, 255, 255); --darkreader-inline-color: inherit; --darkreader-inline-border-top:#303436; --darkreader-inline-border-right:#303436; --darkreader-inline-border-bottom:#303436; --darkreader-inline-border-left:#303436;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">


<div style="height:initial; line-height:0px; display:inline-block; white-space:normal">


<table align="left" cellspacing="0" cellpadding="0" style="text-align:inherit; margin:0">


<tbody>


<tr style="text-align: inherit; --darkreader-inline-color: inherit;" data-darkreader-inline-color="">


<td rowspan="1" colspan="1" style="width:25px; height:28px; vertical-align:top; border-collapse:collapse; text-align:inherit; white-space:normal">


<a href="https://track.vadesecure.com/linkc/KzV1TXpKUT0-L1pzPQ"><img width="25" height="25" alt="img" style="width:25px; height:25px" src="https://img.signitic.app/uploads/6a00f4ffffff_rond_linkedin.png"></a></td>


</tr>


<tr style="text-align: inherit; --darkreader-inline-color: inherit;" data-darkreader-inline-color="">


<td rowspan="1" colspan="1" style="width:25px; height:28px; vertical-align:top; border-collapse:collapse; text-align:inherit; white-space:normal">


<a href="https://track.vadesecure.com/linkc/KzV1TXpKUT0-L1pnPQ"><img width="25" height="25" alt="img" style="width:25px; height:25px" src="https://img.signitic.app/uploads/6a00f4ffffff_rond_twitter.png"></a></td>


</tr>


<tr style="text-align: inherit; --darkreader-inline-color: inherit;" data-darkreader-inline-color="">


<td rowspan="1" colspan="1" style="width:25px; height:25px; vertical-align:top; border-collapse:collapse; text-align:inherit; white-space:normal">


<a href="https://track.vadesecure.com/linkc/KzV1TXpKUT0-L1pRPQ"><img width="25" height="25" alt="img" style="width:25px; height:25px" src="https://img.signitic.app/uploads/6a00f4ffffff_rond_youtube.png"></a></td>


</tr>


</tbody>


</table>


</div>


</td>


</tr>


</tbody>


</table>


</td>


</tr>


</tbody>


</table>


</td>


</tr>


</tbody>


</table>


<p style="margin-top:10px"></p>


<a href="https://signitic.app/linkc/KzV1TXpKUT0-L3B3PQ-LzU2SnpRPT0" target="_blank"><img width="600" height="120" style="width:600px; height:120px" src="https://img.signitic.app/uploads/945f4b07f1db970a8091b3f7d859670a.png"></a></div>


</div>


</body>


</html>