[Bro-Dev] [Bro-Commits] [git/broctl] topic/dnthayer/broctl-fixes: Do not ping when checking if a host is alive (b71fc1d)

Robin Sommer robin at icir.org
Thu Mar 13 13:15:50 PDT 2014 

The ping was to quickly notice if a host is down, which iirc ssh
wasn't always able to di (though I don't remember exactly what ssh did
in those cases where it was a problem; too long ago). I'm wondering if
it's worth keeping the ping check even it indeed means the fw needs to
be configured accordingly.

Any opinions?

Robin

On Thu, Mar 13, 2014 at 11:27 -0700, Daniel Thayer wrote:

> Repository : ssh://git@bro-ids.icir.org/broctl
> 
> On branch  : topic/dnthayer/broctl-fixes
> 
> >---------------------------------------------------------------
> 
> commit b71fc1d973ab9bba53b1d2fac6b36bf3aee042c4
> Author: Daniel Thayer <dnthayer at illinois.edu>
> Date:   Thu Mar 13 12:20:02 2014 -0500
> 
>     Do not ping when checking if a host is alive
>     
>     Removed the ping from the host alive check because the ping
>     might be blocked by a firewall, and neither bro nor broctl needs
>     the ability to ping hosts.
> 
> 
> >---------------------------------------------------------------
> 
> b71fc1d973ab9bba53b1d2fac6b36bf3aee042c4
>  BroControl/execute.py |  4 ++--
>  BroControl/plugin.py  |  4 ++--
>  CMakeLists.txt        |  1 -
>  bin/is-alive          | 24 ------------------------
>  4 files changed, 4 insertions(+), 29 deletions(-)
> 
> diff --git a/BroControl/execute.py b/BroControl/execute.py
> index 3b34d44..f667184 100644
> --- a/BroControl/execute.py
> +++ b/BroControl/execute.py
> @@ -189,14 +189,14 @@ def sync(nodes, paths):
>  # Keep track of hosts that are not alive.
>  _deadHosts = {}
>  
> -# Return true if the given host is alive (i.e., we can ping it and establish
> +# Return true if the given host is alive (i.e., we can establish
>  # an ssh session), and false otherwise.
>  def isAlive(host):
>  
>      if host in _deadHosts:
>          return False
>  
> -    (success, output) = runLocalCmd(os.path.join(config.Config.scriptsdir, "is-alive") + " " + util.scopeAddr(host))
> +    (success, output) = runLocalCmd("ssh -o ConnectTimeout=30 %s true" % util.scopeAddr(host))
>  
>      if not success:
>          _deadHosts[host] = True
> diff --git a/BroControl/plugin.py b/BroControl/plugin.py
> index cbfa135..ea06014 100644
> --- a/BroControl/plugin.py
> +++ b/BroControl/plugin.py
> @@ -341,8 +341,8 @@ class Plugin(object):
>          """Called when BroControl's ``cron`` command finds the availability of
>          a cluster system to have changed. Initially, all systems are assumed
>          to be up and running. Once BroControl notices that a system isn't
> -        responding (defined as either it doesn't ping at all, or does not
> -        accept SSH sessions), it calls this method, passing in a string with
> +        responding (defined as not accepting SSH sessions), it calls
> +        this method, passing in a string with
>          the name of the *host* and a boolean *status* set to False. Once the
>          host becomes available again, the method will be called again for the
>          same host with *status* now set to True.
> diff --git a/CMakeLists.txt b/CMakeLists.txt
> index 8a2ddf4..9a48847 100644
> --- a/CMakeLists.txt
> +++ b/CMakeLists.txt
> @@ -86,7 +86,6 @@ InstallShellScript(share/broctl/scripts bin/create-link-for-log)
>  InstallShellScript(share/broctl/scripts bin/delete-log)
>  InstallShellScript(share/broctl/scripts bin/expire-logs)
>  InstallShellScript(share/broctl/scripts bin/get-prof-log)
> -InstallShellScript(share/broctl/scripts bin/is-alive)
>  InstallShellScript(share/broctl/scripts bin/local-interfaces)
>  InstallShellScript(share/broctl/scripts bin/make-archive-name)
>  InstallShellScript(share/broctl/scripts bin/post-terminate)
> diff --git a/bin/is-alive b/bin/is-alive
> deleted file mode 100755
> index 4137fc5..0000000
> --- a/bin/is-alive
> +++ /dev/null
> @@ -1,24 +0,0 @@
> -#! /usr/bin/env bash
> -#
> -# is-alive <host>
> -
> -. `dirname $0`/broctl-config.sh
> -
> -if [ "${os}" == "linux" ]; then
> -    cmd='ping -q -c 1 -W 1'
> -    cmd6='ping6 -q -c 1 -W 1'
> -elif [ "${os}" == "openbsd" -o "${os}" == "netbsd" ]; then
> -    cmd='ping -q -c 1 -w 1'
> -    cmd6='ping6 -q -c 1'
> -else
> -    cmd='ping -q -t 1 -o'
> -    cmd6='ping6 -q -o'
> -fi
> -
> -if [[ "$1" == *:* ]]; then
> -    cmd=$cmd6
> -fi
> -
> -$cmd $1 >/dev/null 2>&1 || exit 1
> -
> -ssh -o ConnectTimeout=30 $1 true >/dev/null 2>&1
> 
> _______________________________________________
> bro-commits mailing list
> bro-commits at bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-commits
> 



-- 
Robin Sommer * Phone +1 (510) 722-6541 *     robin at icir.org
ICSI/LBNL    * Fax   +1 (510) 666-2956 * www.icir.org/robin

More information about the bro-dev mailing list