Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Close idle tcp connections #18085

Merged
merged 15 commits into from Aug 17, 2023
Merged

Close idle tcp connections #18085

merged 15 commits into from Aug 17, 2023

Conversation

sdvendramini
Copy link
Member

@sdvendramini sdvendramini commented Jul 26, 2023
edited by TomasTurina

Related issue
#17706

Description

With these changes the manager will be able to close inactive sockets when an agent tries to connect from a new connection. The behavior will depend on the time configured in a new setting of internal_options.

Configuration options

  • ossec.conf:
  <remote>
    <connection>secure</connection>
    <port>1514</port>
    <protocol>tcp</protocol>
    <queue_size>131072</queue_size>
    <tcp>
        <connection_overtake_time>120</connection_overtake_time>
    </tcp>
  </remote>

Logs/Alerts example

  • New log when an inactive socket it's closed:
    2023/07/28 12:39:37 wazuh-remoted[154028] secure.c:531 at HandleSecureMessage(): DEBUG: Idle socket [4] from agent ID '001' will be closed.

Tests

  • Compilation without warnings in every supported platform
    • Linux
  • Source installation
  • Source upgrade
  • Review logs syntax and correct language
  • Memory tests for Linux
    • Scan-build report
    • ThreadSanitizer
    • Coverity
  • Added unit tests (for new features)
  • Stress test for affected components

@TomasTurina TomasTurina mentioned this pull request Jul 27, 2023
Closed
TomasTurina
TomasTurina requested changes Jul 27, 2023
View reviewed changes
src/remoted/secure.c Outdated Show resolved Hide resolved
etc/internal_options.conf Outdated Show resolved Hide resolved
src/remoted/config.c Outdated Show resolved Hide resolved
src/remoted/secure.c Outdated Show resolved Hide resolved
src/remoted/secure.c Show resolved Hide resolved
src/remoted/secure.c Outdated Show resolved Hide resolved
src/remoted/secure.c Show resolved Hide resolved
@sdvendramini sdvendramini changed the base branch from master to 4.5.2 July 28, 2023 16:05
@TomasTurina TomasTurina marked this pull request as ready for review August 2, 2023 14:46
@sdvendramini
Copy link
Member Author

sdvendramini commented Aug 3, 2023
edited

  • Coverge Unit Tests report:

image

image

image

image

image

@TomasTurina TomasTurina linked an issue Aug 3, 2023 that may be closed by this pull request
Windows agents cannot connect after restarting Windows #17706
Closed
TomasTurina
TomasTurina reviewed Aug 7, 2023
View reviewed changes
src/remoted/secure.c Outdated Show resolved Hide resolved
src/remoted/secure.c Outdated Show resolved Hide resolved
src/remoted/secure.c Outdated Show resolved Hide resolved
@sdvendramini
Copy link
Member Author

  • Thread Sanitizer without any warning:
2023/08/04 16:06:25 wazuh-remoted[570096] manager.c:395 at save_controlmsg(): DEBUG: save_controlmsg(): inserting 'Microsoft Windows Server 2022 Standard Evaluation [Ver: 10.0.20348.1787] - Wazuh v4.4.3 / ab73af41699f13fdd81903b5f23d8d00
d0f51333bf62a0d4dbe082107c77e1a4 merged.mg
#"_agent_ip":10.0.2.15
'
2023/08/04 16:06:25 wazuh-remoted[570096] manager.c:1402 at lookfor_agent_group(): DEBUG: Agent '006' group is 'default'
2023/08/04 16:06:27 wazuh-remoted[570096] state.c:161 at rem_write_state(): DEBUG: Updating state file.
2023/08/04 16:06:31 wazuh-remoted[570096] secure.c:382 at rem_keyupdate_main(): DEBUG: Checking for keys file changes.
2023/08/04 16:06:31 wazuh-remoted[570096] manager.c:764 at c_files(): DEBUG: Updating shared files sums.
2023/08/04 16:06:31 wazuh-remoted[570096] manager.c:786 at c_files(): DEBUG: End updating shared files sums.
2023/08/04 16:06:32 wazuh-remoted[570096] state.c:161 at rem_write_state(): DEBUG: Updating state file.
2023/08/04 16:06:36 wazuh-remoted[570096] secure.c:262 at handle_new_tcp_connection(): DEBUG: New TCP connection [17]
2023/08/04 16:06:36 wazuh-remoted[570096] secure.c:536 at HandleSecureMessage(): WARNING: Agent key already in use: agent ID '006'
2023/08/04 16:06:36 wazuh-remoted[570096] secure.c:769 at _close_sock(): DEBUG: TCP peer disconnected [17]
2023/08/04 16:06:37 wazuh-remoted[570096] state.c:161 at rem_write_state(): DEBUG: Updating state file.
2023/08/04 16:06:41 wazuh-remoted[570096] manager.c:764 at c_files(): DEBUG: Updating shared files sums.
2023/08/04 16:06:41 wazuh-remoted[570096] manager.c:786 at c_files(): DEBUG: End updating shared files sums.
2023/08/04 16:06:41 wazuh-remoted[570096] secure.c:382 at rem_keyupdate_main(): DEBUG: Checking for keys file changes.
2023/08/04 16:06:42 wazuh-remoted[570096] state.c:161 at rem_write_state(): DEBUG: Updating state file.
2023/08/04 16:06:46 wazuh-remoted[570096] secure.c:262 at handle_new_tcp_connection(): DEBUG: New TCP connection [17]
2023/08/04 16:06:46 wazuh-remoted[570096] secure.c:536 at HandleSecureMessage(): WARNING: Agent key already in use: agent ID '006'
2023/08/04 16:06:46 wazuh-remoted[570096] secure.c:769 at _close_sock(): DEBUG: TCP peer disconnected [17]
2023/08/04 16:06:47 wazuh-remoted[570096] state.c:161 at rem_write_state(): DEBUG: Updating state file.
2023/08/04 16:06:51 wazuh-remoted[570096] manager.c:764 at c_files(): DEBUG: Updating shared files sums.
2023/08/04 16:06:51 wazuh-remoted[570096] manager.c:786 at c_files(): DEBUG: End updating shared files sums.
2023/08/04 16:06:51 wazuh-remoted[570096] secure.c:382 at rem_keyupdate_main(): DEBUG: Checking for keys file changes.
2023/08/04 16:06:52 wazuh-remoted[570096] state.c:161 at rem_write_state(): DEBUG: Updating state file.
2023/08/04 16:06:56 wazuh-remoted[570096] secure.c:262 at handle_new_tcp_connection(): DEBUG: New TCP connection [17]
2023/08/04 16:06:56 wazuh-remoted[570096] secure.c:536 at HandleSecureMessage(): WARNING: Agent key already in use: agent ID '006'
2023/08/04 16:06:56 wazuh-remoted[570096] secure.c:769 at _close_sock(): DEBUG: TCP peer disconnected [17]
2023/08/04 16:06:57 wazuh-remoted[570096] state.c:161 at rem_write_state(): DEBUG: Updating state file.
2023/08/04 16:07:01 wazuh-remoted[570096] manager.c:764 at c_files(): DEBUG: Updating shared files sums.
2023/08/04 16:07:01 wazuh-remoted[570096] manager.c:786 at c_files(): DEBUG: End updating shared files sums.
2023/08/04 16:07:01 wazuh-remoted[570096] secure.c:382 at rem_keyupdate_main(): DEBUG: Checking for keys file changes.
2023/08/04 16:07:02 wazuh-remoted[570096] state.c:161 at rem_write_state(): DEBUG: Updating state file.
2023/08/04 16:07:06 wazuh-remoted[570096] secure.c:262 at handle_new_tcp_connection(): DEBUG: New TCP connection [17]
2023/08/04 16:07:06 wazuh-remoted[570096] secure.c:536 at HandleSecureMessage(): WARNING: Agent key already in use: agent ID '006'
2023/08/04 16:07:06 wazuh-remoted[570096] secure.c:769 at _close_sock(): DEBUG: TCP peer disconnected [17]
2023/08/04 16:07:07 wazuh-remoted[570096] state.c:161 at rem_write_state(): DEBUG: Updating state file.
2023/08/04 16:07:11 wazuh-remoted[570096] manager.c:764 at c_files(): DEBUG: Updating shared files sums.
2023/08/04 16:07:11 wazuh-remoted[570096] manager.c:786 at c_files(): DEBUG: End updating shared files sums.
2023/08/04 16:07:11 wazuh-remoted[570096] secure.c:382 at rem_keyupdate_main(): DEBUG: Checking for keys file changes.
2023/08/04 16:07:12 wazuh-remoted[570096] state.c:161 at rem_write_state(): DEBUG: Updating state file.
2023/08/04 16:07:16 wazuh-remoted[570096] secure.c:262 at handle_new_tcp_connection(): DEBUG: New TCP connection [17]
2023/08/04 16:07:16 wazuh-remoted[570096] secure.c:536 at HandleSecureMessage(): WARNING: Agent key already in use: agent ID '006'
2023/08/04 16:07:16 wazuh-remoted[570096] secure.c:769 at _close_sock(): DEBUG: TCP peer disconnected [17]
2023/08/04 16:07:17 wazuh-remoted[570096] state.c:161 at rem_write_state(): DEBUG: Updating state file.
2023/08/04 16:07:21 wazuh-remoted[570096] manager.c:764 at c_files(): DEBUG: Updating shared files sums.
2023/08/04 16:07:21 wazuh-remoted[570096] manager.c:786 at c_files(): DEBUG: End updating shared files sums.
2023/08/04 16:07:21 wazuh-remoted[570096] secure.c:382 at rem_keyupdate_main(): DEBUG: Checking for keys file changes.
2023/08/04 16:07:23 wazuh-remoted[570096] state.c:161 at rem_write_state(): DEBUG: Updating state file.
2023/08/04 16:07:26 wazuh-remoted[570096] secure.c:262 at handle_new_tcp_connection(): DEBUG: New TCP connection [17]
2023/08/04 16:07:26 wazuh-remoted[570096] secure.c:532 at HandleSecureMessage(): DEBUG: Close idle socket [12] to agent ID '006'
2023/08/04 16:07:26 wazuh-remoted[570096] secure.c:692 at HandleSecureMessage(): DEBUG: TCP socket 17 added to keystore.
2023/08/04 16:07:26 wazuh-remoted[570096] secure.c:769 at _close_sock(): DEBUG: TCP peer disconnected [12]
2023/08/04 16:07:26 wazuh-remoted[570096] manager.c:289 at save_controlmsg(): DEBUG: Agent WIN-912S6EO05V4 sent HC_STARTUP from '192.168.56.1'
2023/08/04 16:07:26 wazuh-remoted[570096] secure.c:689 at HandleSecureMessage(): DEBUG: TCP socket 17 already in keystore. Updating...
2023/08/04 16:07:26 wazuh-remoted[570096] manager.c:395 at save_controlmsg(): DEBUG: save_controlmsg(): inserting 'Microsoft Windows Server 2022 Standard Evaluation [Ver: 10.0.20348.1787] - Wazuh v4.4.3 / ab73af41699f13fdd81903b5f23d8d00
d0f51333bf62a0d4dbe082107c77e1a4 merged.mg
#"_agent_ip":10.0.2.15
'

@sdvendramini
Copy link
Member Author

  • Coverity without new defects:

image

image (4)

TomasTurina
TomasTurina previously approved these changes Aug 8, 2023
View reviewed changes
vikman90
vikman90 requested changes Aug 10, 2023
View reviewed changes
etc/internal_options.conf Outdated Show resolved Hide resolved
TomasTurina
TomasTurina reviewed Aug 10, 2023
View reviewed changes
src/remoted/config.c Outdated Show resolved Hide resolved
TomasTurina
TomasTurina reviewed Aug 10, 2023
View reviewed changes
src/remoted/config.c Outdated Show resolved Hide resolved
@sdvendramini
Received timestamp for tcp connections now is saved for each agents m…
b70a227 
…essages. When the connection is idle, it's closed and the new one is acepted.
@sdvendramini
netprotocol and rcvd variables from keyentry are defined as _Atomic. …
f9b5fc0 
…Changed the way the idle socket is closed.
@sdvendramini
Change internal options description. Add socket number to log. Fix va…
c444cb2 
…r name. Fix unnecessary mutex unlock.
@sdvendramini
fixed internal options comment
731b52a
@sdvendramini
New UTs added and others fixed.
ca83abc
@sdvendramini
Added new UTs.
2cf424c
@sdvendramini
Two new UTs added to check setting disabled.
b08cb5b
@sdvendramini
The place where the idle socket is closed is changed to avoid possibl…
f5105b3 
…e dead lock with the keys mutex.
@sdvendramini
Changed where the new socket is set. UTs fixed
b130099
@sdvendramini
UTs added to cover new changes. Debug messages changed. Fix previous …
5cb9775 
…UTs.
@sdvendramini
Move new setting from internal options to ossec.conf. UTs fixed
1be9460
@sdvendramini
Test logs deleted.
be61498
@sdvendramini sdvendramini force-pushed the 17706-close-tcp-idle-conections branch from 8df42a0 to 28f6933 Compare August 11, 2023 13:02
TomasTurina
TomasTurina previously approved these changes Aug 11, 2023
View reviewed changes
@vikman90 vikman90 merged commit a9e3632 into 4.5.2 Aug 17, 2023
61 checks passed
@vikman90 vikman90 deleted the 17706-close-tcp-idle-conections branch August 17, 2023 09:12
@vikman90 vikman90 mentioned this pull request Oct 18, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vikman90 vikman90 vikman90 approved these changes

@TomasTurina TomasTurina TomasTurina approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Windows agents cannot connect after restarting Windows
3 participants
@sdvendramini @vikman90 @TomasTurina