[syslog-ng] Asynchronous address resolution using getaddrinfo_a()

Tue Jul 24 09:30:50 UTC 2018

Hi,

Another issue is what we would do with the incoming message flow until we
are waiting for the result of the resolution.

On Tue, Jul 24, 2018 at 8:56 AM, Szemere, László <laszlo.szemere at balabit.com
> wrote:

> Hello Naveen,
>  thank you very much for the investigation and giving a proposal to the
> issue. I successfully reproduced the blocking behavior with the faulty DNS
> server in resolv.conf.
>  Before answering you, we discussed the topic internally, and I would like
> to add a few notes to your email. (And maybe start a common discussion
> about the topic.)
>
>  1)
>  The connection handling in afsocket is running in the main thread (This
> is where the blocking behavior comes.), and mainly this is the reason why
> it has many callback functions. Unfortunately it makes the code more
> complex, and harder to maintain/debug.
>  You clearly recognized a good point in the code (afsocket_dd_try_connect)
> to introduce some asynchronous solution for DNS resolving. I think there is
> no need to handle the "first attempt" any different than the others.
>
>  2) Signal vs thread
>  You have absolutely control over this, there are examples in our code for
> both of them.
>  IMHO with signals there might be a chance to conflict with other
> components. (We recently had an issue with Java, but nothing which can not
> be sorted out.) This is clearly just a personal opinion.
>
>  note: See examples of using "main_loop_call". If you only use those
> callbacks to add some tasks to the main loop, than you don't have to deal
> with parallelism, and it will make the rest of the code independent from
> the chosen callback method.
>
>  3)
>  Couple of months ago there were a discussion about adding async DNS
> features to the alredy used ivykis library: https://sourceforge.n
> et/p/libivykis/mailman/message/36311243/
>  Unfortunately there is no action in the topic since that, so I do not
> recommend for you to wait for the final implementation. You can easily
> start your own, or contribute to ivykis.
>  However I think the idea is good: Introduce DNS resolving as an internal
> module or service. At least one should keep in mind during the refactor of
> afsocket, to make the DNS "service" interchangeable. (If we could gather
> TTL information beside the resolving, it can be completely independent from
> the main thread.)
>
>  4)
>  The getaddrinfo_a is a GNU extension, so it might not be available on all
> syslog-ng supported platforms. (There is already a branching in
> https://github.com/balabit/syslog-ng/blob/e0ecad3dfafe5f3
> 4f7a5d2893b6a518e85ce3753/lib/host-resolve.c#L205 , so this is just a
> note, to not forget it.)
>
>
> Best regards,
> Laci
>
>
> On Sat, Jul 21, 2018 at 3:39 AM, Naveen Revanna <raveenr at gmail.com> wrote:
>
>> Hi Developers,
>>
>> When DNS server is unreachable, getaddrinfo() function will block (until
>> it times out after few tens of seconds). If syslog-ng application is
>> configured with a remote syslog server using its hostname,
>> afsocket_dd_try_connect() will try to resolve this address in a loop (using
>> a timer). Since getaddrinfo() is blocking, execution of this task will take
>> few seconds thereby delaying the execution of other tasks. Eventually this
>> will reach a state in which there will be lot of backlogs of tasks and
>> syslog() appears to hang, delaying the execution of all shell commands (by
>> upto a minute).
>>
>> Resolving the remote syslog server's address by having an entry in
>> /etc/host could be a possible workaround (as indicated in a previous
>> thread). However, this is not a desirable solution for our use case.
>>
>> Here is my thought on a possible fix that I am thinking to work on for
>> which I am looking for feedback.
>>
>>    1. I am thinking of using getaddrinfo_a() (
>>    http://man7.org/linux/man-pages/man3/getaddrinfo_a.3.html
>>    <http://man7.org/linux/man-pages/man3/getaddrinfo_a.3.html>) in the
>>    afsocket_dd_try_connect() loop function. We can have this async call only
>>    in case it starts looping and not for the first attempt. The first attempt
>>    can continue to do the current sync way.
>>    2. If I were to take the above approach, there are two ways in which
>>    we can know the status of address resolution. Which one do you folks think
>>    would be better:
>>       1. SIGEV_SIGNAL: We can receive a signal when a look-up completes.
>>       We can take further action in the handler function.
>>       2. SIGEV_THREAD: A notification function will be called. This
>>       results in creation of a new thread (pthread?). What I am not sure of is
>>       the impact of this thread creation on the existing thread infrastructure in
>>       syslog-ng through ivykis.
>>
>>
>> Repro:
>> It is fairly easy to reproduce this issue
>>
>>    1. Configure a remote syslog server using it's hostname.
>>    2. Make the dns unreachable (Edit resolve.conf and put wrong IP(s)
>>    for 'nameserver' entries)
>>    3. $ syslog-ng-ctl reload
>>    4. Observe that any command executed on the shell takes unusually
>>    long time.
>>
>> I can elaborate on any of the items here if something is not clear.
>> Appreciate any pointers.
>>
>> Thanks,
>> Naveen
>>
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support
>> /documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180724/fb92531b/attachment-0001.html>