mirror of
https://github.com/scylladb/scylladb.git
synced 2026-04-30 13:17:01 +00:00
c12f976389
audit_syslog_storage_helper::syslog_send_helper uses Seastar's net::datagram_channel to write to syslog device (usually /dev/log). However, datagram_channel.send() is not fiber-safe (ref seastar#2690), so unserialized use of send() results in packets overwriting its state. This, in turn, causes a corruption of audit logs, as well as assertion failures. To workaround the problem, a new semaphore is introduced in audit_syslog_storage_helper. As storage_helper is a member of sharded audit service, the semaphore allows for one datagram_channel.send() on each shard. Each audit_syslog_storage_helper stores its own datagram_channel, therefore concurrent sends to datagram_channel are eliminated. This change: - Introduce semaphore with count=1 in audit_syslog_storage_helper. - Added 1 hour timeout to the semaphore, so semaphore stalls are failed just as all other syslog auditing failures. Fixes: scylladb#22973
48 lines
1.3 KiB
C++
48 lines
1.3 KiB
C++
/*
|
|
* Copyright (C) 2017 ScyllaDB
|
|
*/
|
|
|
|
/*
|
|
* SPDX-License-Identifier: LicenseRef-ScyllaDB-Source-Available-1.0
|
|
*/
|
|
#pragma once
|
|
|
|
#include <seastar/net/api.hh>
|
|
|
|
#include "audit/audit.hh"
|
|
#include "storage_helper.hh"
|
|
#include "db/config.hh"
|
|
|
|
namespace service {
|
|
|
|
class migration_manager;
|
|
|
|
};
|
|
|
|
namespace audit {
|
|
|
|
class audit_syslog_storage_helper : public storage_helper {
|
|
socket_address _syslog_address;
|
|
net::datagram_channel _sender;
|
|
seastar::semaphore _semaphore;
|
|
|
|
future<> syslog_send_helper(const sstring& msg);
|
|
public:
|
|
explicit audit_syslog_storage_helper(cql3::query_processor&, service::migration_manager&);
|
|
virtual ~audit_syslog_storage_helper();
|
|
virtual future<> start(const db::config& cfg) override;
|
|
virtual future<> stop() override;
|
|
virtual future<> write(const audit_info* audit_info,
|
|
socket_address node_ip,
|
|
socket_address client_ip,
|
|
db::consistency_level cl,
|
|
const sstring& username,
|
|
bool error) override;
|
|
virtual future<> write_login(const sstring& username,
|
|
socket_address node_ip,
|
|
socket_address client_ip,
|
|
bool error) override;
|
|
};
|
|
|
|
}
|