
<html>


<head>


<meta http-equiv="Content-Type" content="text/html; charset=utf-8">


<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>


</head>


<body dir="ltr">


<div class="elementToProof" style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); --darkreader-inline-color:#e8e6e3; --darkreader-inline-bgcolor:var(--darkreader-bg--neutralPrimarySurface);" data-darkreader-inline-color="" data-darkreader-inline-bgcolor="">


Hello,</div>


<div class="elementToProof"><span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); --darkreader-inline-color:#e8e6e3; --darkreader-inline-bgcolor:var(--darkreader-bg--neutralPrimarySurface);" data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="ContentPasted0"><br>


</span></div>


<div class="elementToProof"><span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); --darkreader-inline-color:#e8e6e3; --darkreader-inline-bgcolor:var(--darkreader-bg--neutralPrimarySurface);" data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="ContentPasted0">Have


 you had a chance to look at this patch proposal?<br class="ContentPasted0">


<br>


</span></div>


<div class="elementToProof"><span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); --darkreader-inline-color:#e8e6e3; --darkreader-inline-bgcolor:var(--darkreader-bg--neutralPrimarySurface);" data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="ContentPasted0">On


 our side, the patch has been in place for more than a year and it fixes our server unavailability problems that we had during the checks.<br>


</span></div>


<div class="elementToProof"><span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); --darkreader-inline-color:#e8e6e3; --darkreader-inline-bgcolor:var(--darkreader-bg--neutralPrimarySurface);" data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="ContentPasted0"><br>


</span></div>


<div class="elementToProof"><span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); --darkreader-inline-color:#e8e6e3; --darkreader-inline-bgcolor:var(--darkreader-bg--neutralPrimarySurface);" data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="ContentPasted0 ContentPasted1">It


 would be a shame not to integrate it.<br>


</span></div>


<div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); --darkreader-inline-color:#e8e6e3;" data-darkreader-inline-color="">


<br>


</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); --darkreader-inline-color:#e8e6e3;" data-darkreader-inline-color="" class="elementToProof">


Thanks !</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); --darkreader-inline-color:#e8e6e3;" data-darkreader-inline-color="" class="elementToProof">


<br>


</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); --darkreader-inline-color:#e8e6e3;" data-darkreader-inline-color="" class="elementToProof">


Best regards.</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); --darkreader-inline-color:#e8e6e3;" data-darkreader-inline-color="" class="elementToProof">


<br>


</div>


<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); --darkreader-inline-color:#e8e6e3;" data-darkreader-inline-color="" class="elementToProof">


Louis</div>


<div id="Signature"></div>


</div>


<div id="appendonsend"></div>


<hr style="display:inline-block;width:98%" tabindex="-1">


<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>De :</b> Louis Charreau<br>


<b>Envoyé :</b> vendredi 16 septembre 2022 09:39<br>


<b>À :</b> mandos-dev@recompile.se <mandos-dev@recompile.se><br>


<b>Cc :</b> Service Reliability <sr@vadesecure.com><br>


<b>Objet :</b> Improvement for the interval parameter</font>


<div> </div>


</div>


<style type="text/css" style="display:none">


<!--


p


        {margin-top:0;


        margin-bottom:0}


-->


</style>


<div dir="ltr">


<div data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="x_elementToProof" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">


<span data-darkreader-inline-bgcolor="" data-darkreader-inline-color="" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">Hello,</span><br>


</div>


<div data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="x_elementToProof x_ContentPasted0" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">


<div><br class="x_ContentPasted0">


</div>


<div class="x_ContentPasted0">we use the Mandos solution on several hundred servers.</div>


<div><br class="x_ContentPasted0">


</div>


<div class="x_ContentPasted0">A patch had been implemented (version 1.8.10) to smooth the execution of the "checker" processes (via a random on the "interval" param) to avoid having at the same time as many child processes as hosts to check (because of the


 timer which is initialized at the same time for all hosts).</div>


<div><br class="x_ContentPasted0">


</div>


<div class="x_ContentPasted0">The negative effect of this patch is that some targets are checked much too often (almost in a loop for some) compared to others. The "interval" parameter serves more as a maximum threshold with a minimum of 1ms.</div>


<div><br class="x_ContentPasted0">


</div>


<div class="x_ContentPasted0">To solve this problem, I propose a patch which consists in randomizing the "interval" parameter at the initialization of the "checkers" to have a smoothed execution in time for the 1st check. At the time of the 2nd check, we replace


 the timer by using the "interval" parameter as a time interval between 2 checks. This way, the servers are not checked at the same time and at regular intervals (the same interval for all servers).</div>


<div><br class="x_ContentPasted0">


</div>


<div class="x_ContentPasted0">I put a lot of comments to explain the context, I don't think it's necessary to be so verbose !</div>


<div><br class="x_ContentPasted0">


</div>


I used the version 1.8.14 which is the one packaged for Debian.<br>


</div>


<div data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="x_elementToProof x_ContentPasted0" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">


<br>


</div>


<div data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="x_elementToProof x_ContentPasted0" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">


<br>


</div>


<div data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="x_elementToProof x_ContentPasted0 x_ContentPasted1" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">


--- mandos.1.8.14 2022-09-14 16:32:31.000000000 +0200


<div class="x_ContentPasted1">+++ mandos.new    2022-09-14 16:42:41.000000000 +0200</div>


<div class="x_ContentPasted1">@@ -1058,17 +1058,24 @@</div>


<div class="x_ContentPasted1">         # and every interval from then on.</div>


<div class="x_ContentPasted1">         if self.checker_initiator_tag is not None:</div>


<div class="x_ContentPasted1">             GLib.source_remove(self.checker_initiator_tag)</div>


<div class="x_ContentPasted1">+        # At the initialization of the checkers, we smooth the execution in time,</div>


<div class="x_ContentPasted1">+        # using a random of the interval parameter.</div>


<div class="x_ContentPasted1">+        # At the time of the first execution, the timer is replaced by a new one</div>


<div class="x_ContentPasted1">+        # based on the interval parameter to ensure that the executions are done</div>


<div class="x_ContentPasted1">+        # at regular intervals according to the desired configuration.</div>


<div class="x_ContentPasted1">         self.checker_initiator_tag = GLib.timeout_add(</div>


<div class="x_ContentPasted1">             random.randrange(int(self.interval.total_seconds() * 1000</div>


<div class="x_ContentPasted1">                                  + 1)),</div>


<div class="x_ContentPasted1">-            self.start_checker)</div>


<div class="x_ContentPasted1">+            self.start_checker, True)</div>


<div class="x_ContentPasted1">         # Schedule a disable() when 'timeout' has passed</div>


<div class="x_ContentPasted1">         if self.disable_initiator_tag is not None:</div>


<div class="x_ContentPasted1">             GLib.source_remove(self.disable_initiator_tag)</div>


<div class="x_ContentPasted1">         self.disable_initiator_tag = GLib.timeout_add(</div>


<div class="x_ContentPasted1">             int(self.timeout.total_seconds() * 1000), self.disable)</div>


<div class="x_ContentPasted1">-        # Also start a new checker *right now*.</div>


<div class="x_ContentPasted1">-        self.start_checker()</div>


<div class="x_ContentPasted1">+        # Do not launch a new checker at initialization to avoid forking the children's processes simultaneously.</div>


<div class="x_ContentPasted1">+        # This is problematic when you have several hundred servers to check.</div>


<div class="x_ContentPasted1">+        # # Also start a new checker *right now*.</div>


<div class="x_ContentPasted1">+        # self.start_checker()</div>


<div><br class="x_ContentPasted1">


</div>


<div class="x_ContentPasted1">     def checker_callback(self, source, condition, connection,</div>


<div class="x_ContentPasted1">                          command):</div>


<div class="x_ContentPasted1">@@ -1119,7 +1126,7 @@</div>


<div class="x_ContentPasted1">     def need_approval(self):</div>


<div class="x_ContentPasted1">         self.last_approval_request = datetime.datetime.utcnow()</div>


<div><br class="x_ContentPasted1">


</div>


<div class="x_ContentPasted1">-    def start_checker(self):</div>


<div class="x_ContentPasted1">+    def start_checker(self, init_timer=False):</div>


<div class="x_ContentPasted1">         """Start a new checker subprocess if one is not running.</div>


<div><br class="x_ContentPasted1">


</div>


<div class="x_ContentPasted1">         If a checker already exists, leave it running and do</div>


<div class="x_ContentPasted1">@@ -1178,6 +1185,14 @@</div>


<div class="x_ContentPasted1">                 GLib.PRIORITY_DEFAULT, GLib.IO_IN,</div>


<div class="x_ContentPasted1">                 self.checker_callback, pipe[0], command)</div>


<div class="x_ContentPasted1">         # Re-run this periodically if run by GLib.timeout_add</div>


<div class="x_ContentPasted1">+        if init_timer:</div>


<div class="x_ContentPasted1">+            # Schedule a new checker to be started an 'interval' from now,</div>


<div class="x_ContentPasted1">+            # and every interval from then on.</div>


<div class="x_ContentPasted1">+            if self.checker_initiator_tag is not None:</div>


<div class="x_ContentPasted1">+                GLib.source_remove(self.checker_initiator_tag)</div>


<div class="x_ContentPasted1">+            self.checker_initiator_tag = GLib.timeout_add(</div>


<div class="x_ContentPasted1">+                int(self.interval.total_seconds() * 1000),</div>


<div class="x_ContentPasted1">+                self.start_checker)</div>


<div class="x_ContentPasted1">         return True</div>


<div><br class="x_ContentPasted1">


</div>


     def stop_checker(self):<br>


</div>


<div data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="x_elementToProof x_ContentPasted0 x_ContentPasted1" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">


<br>


</div>


<div data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="x_elementToProof x_ContentPasted0 x_ContentPasted1" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">


<br>


</div>


<div data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="x_elementToProof x_ContentPasted0 x_ContentPasted1" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">


<br>


</div>


<div data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="x_elementToProof x_ContentPasted0 x_ContentPasted1" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">


<span data-darkreader-inline-bgcolor="" data-darkreader-inline-color="" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">Thank you for your support and </span><span data-darkreader-inline-bgcolor="" data-darkreader-inline-color="" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">for


 the development of a solution that is very useful to us.</span><br>


</div>


<div data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="x_elementToProof x_ContentPasted0 x_ContentPasted1 x_ContentPasted2" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">


<br>


</div>


<div data-darkreader-inline-color="" data-darkreader-inline-bgcolor="" class="x_elementToProof x_ContentPasted0 x_ContentPasted1 x_ContentPasted2" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">


<span data-darkreader-inline-bgcolor="" data-darkreader-inline-color="" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt">Louis</span></div>


<div></div>


<div id="x_Signature">


<div>


<table cellspacing="0" data-darkreader-inline-bgimage="" data-darkreader-inline-bgcolor="" data-darkreader-inline-color="" style="font-family:Arial; background:transparent; font-size:13px; line-height:1.2; display:inline-table; color:rgb(0,0,0)">


<tbody>


<tr data-darkreader-inline-color="" style="">


<td rowspan="1" colspan="1" data-darkreader-inline-color="" style="white-space:normal">


<table cellspacing="0" data-darkreader-inline-bgimage="" data-darkreader-inline-bgcolor="" data-darkreader-inline-color="" style="width:100%; border-collapse:separate; font-family:Arial; background:transparent; font-size:13px; line-height:1.2; color:rgb(0,0,0)">


<tbody>


<tr data-darkreader-inline-color="" style="">


<td rowspan="1" colspan="1" data-darkreader-inline-color="" style="white-space:normal">


<table cellspacing="0" data-darkreader-inline-bgimage="" data-darkreader-inline-bgcolor="" data-darkreader-inline-color="" style="width:100%; border-collapse:separate; font-family:Arial; background:transparent; font-size:13px; color:rgb(0,0,0)">


<tbody>


<tr data-darkreader-inline-color="" style="height:auto">


<td rowspan="1" colspan="1" height="111px" width="160px" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="" style="height:111px; width:160px; text-align:left; vertical-align:middle; white-space:normal; border-width:initial; border-style:initial; border-color:rgb(255,255,255)">


<div id="x_x_logo" class="x_x_logo" width="120" height="85" style=""><a href="www.vadesecure.com" target="_blank" style="display:inline-block"><img width="120" height="67.384615384615" alt="img" style="width:120px; height:67.384615384615px" src="https://img.signitic.app/uploads/108998647cf2a7d306553e74ad222b29.png"></a></div>


</td>


<td rowspan="1" colspan="1" width="244px" height="111px" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="" style="height:111px; width:244px; text-align:left; white-space:normal; border-width:initial; border-style:initial; border-color:rgb(255,255,255)">


<div style="white-space:normal">


<div style="white-space:normal">


<p style="line-height:11.55pt; white-space:normal; margin:0px"><strong><span data-darkreader-inline-color="" style="font-size:10pt; font-family:Arial,sans-serif; color:white"><span data-darkreader-inline-color="" style="color:rgb(0,0,0)">Louis Charreau</span><br>


</span></strong><u></u><u></u><span data-darkreader-inline-color="" style="font-size:9pt; font-family:Arial,sans-serif; color:rgb(163,22,30)"><span data-darkreader-inline-color="" style="color:rgb(242,0,137)"></span><br>


<span data-darkreader-inline-color="" style="font-size:9pt; font-family:Arial,sans-serif; color:rgb(44,44,44)"><br>


louis.charreau@vadesecure.com<br>


<em></em><br>


</span><br>


</span><u></u></p>


</div>


</div>


</td>


<td rowspan="1" colspan="1" height="111px" width="45px" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="" style="text-align:left; width:45px; height:111px; vertical-align:top; white-space:normal; border-width:initial; border-style:initial; border-color:rgb(255,255,255)">


<div style="height:initial; line-height:0px; display:inline-block; white-space:normal">


<table align="left" cellspacing="0" cellpadding="0" style="text-align:inherit; margin:0">


<tbody>


<tr data-darkreader-inline-color="" style="text-align:inherit">


<td rowspan="1" colspan="1" style="width:25px; height:28px; vertical-align:top; border-collapse:collapse; text-align:inherit; white-space:normal">


<a href="https://track.vadesecure.com/linkc/KzV1TXpKUT0-L1pzPQ"><img width="25" height="25" alt="img" style="width:25px; height:25px" src="https://img.signitic.app/uploads/6a00f4ffffff_rond_linkedin.png"></a></td>


</tr>


<tr data-darkreader-inline-color="" style="text-align:inherit">


<td rowspan="1" colspan="1" style="width:25px; height:28px; vertical-align:top; border-collapse:collapse; text-align:inherit; white-space:normal">


<a href="https://track.vadesecure.com/linkc/KzV1TXpKUT0-L1pnPQ"><img width="25" height="25" alt="img" style="width:25px; height:25px" src="https://img.signitic.app/uploads/6a00f4ffffff_rond_twitter.png"></a></td>


</tr>


<tr data-darkreader-inline-color="" style="text-align:inherit">


<td rowspan="1" colspan="1" style="width:25px; height:25px; vertical-align:top; border-collapse:collapse; text-align:inherit; white-space:normal">


<a href="https://track.vadesecure.com/linkc/KzV1TXpKUT0-L1pRPQ"><img width="25" height="25" alt="img" style="width:25px; height:25px" src="https://img.signitic.app/uploads/6a00f4ffffff_rond_youtube.png"></a></td>


</tr>


</tbody>


</table>


</div>


</td>


</tr>


</tbody>


</table>


</td>


</tr>


</tbody>


</table>


</td>


</tr>


</tbody>


</table>


<p style="margin-top:10px"></p>


<a href="https://signitic.app/linkc/KzV1TXpKUT0-L3B3PQ-LzU2SnpRPT0" target="_blank"><img width="600" height="120" style="width:600px; height:120px" src="https://img.signitic.app/uploads/945f4b07f1db970a8091b3f7d859670a.png"></a></div>


</div>


</div>


</body>


</html>