Merge pull request #1455 from greenbone/mergify/bp/gvmd-21.04/pr-1452

Add auto retry on scanner connection lost during a runnning task (bp #1452)
greenbone · Mar 22, 2021 · 31b5ced · 31b5ced
2 parents c455f7e + b6b1020
commit 31b5ced
Show file tree

Hide file tree

Showing 6 changed files with 102 additions and 15 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -56,6 +56,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Add standard info elem fields for NVTs in get_info [#1426](https://github.com/greenbone/gvmd/pull/1426)
 - Add --ldap-debug option [#1439](https://github.com/greenbone/gvmd/pull/1439)
 - Add check if PostgreSQL extensions are installed [#1444](https://github.com/greenbone/gvmd/pull/1444)
+- Add auto retry on scanner connection lost during a running task [#1452](https://github.com/greenbone/gvmd/pull/1452)
 
 ### Changed
 - Improve report counts performance [#1438](https://github.com/greenbone/gvmd/pull/1438)

diff --git a/doc/gvmd.8 b/doc/gvmd.8
@@ -173,12 +173,18 @@ Scanner type for --create-scanner and --modify-scanner.
 
 Either 'OpenVAS', 'OSP', 'GMP', 'OSP-Sensor' or a number as used in GMP.
 .TP
+\fB--scanner-connection-retry=\fINUMBER\fB\f1
+Number of auto retries if scanner connection is lost in a running task.
+.TP
 \fB--schedule-timeout=\fITIME\fB\f1
 Time out tasks that are more than TIME minutes overdue. -1 to disable, 0 for minimum time.
 .TP
 \fB--secinfo-commit-size=\fINUMBER\fB\f1
 During CERT and SCAP sync, commit updates to the database every NUMBER items, 0 for unlimited.
 .TP
+\fB--slave-commit-size=\fINUMBER\fB\f1
+During slave updates, commit after every NUMBER updated results and hosts, 0 for unlimited.
+.TP
 \fB-c, --unix-socket=\fIFILENAME\fB\f1
 Listen on UNIX socket at FILENAME.
 .TP
@@ -203,23 +209,14 @@ gvmd --port 1241
 
 Serve GMP clients on port 1241 and connect to an OpenVAS scanner via the default OTP file socket.
 .SH SEE ALSO
-\fBopenvas(8)\f1, \fBgsad(8)\f1, \fBospd-openvas(8)\f1, \fBgreenbone-certdata-sync(8)\f1, \fBgreenbone-scapdata-sync(8)\f1,
+\fBopenvas(8)\f1, \fBgsad(8)\f1, \fBospd-openvas(8)\f1, \fBgreenbone-certdata-sync(8)\f1, \fBgreenbone-scapdata-sync(8)\f1, 
 .SH MORE INFORMATION
 The canonical places where you will find more information about the Greenbone Vulnerability Manager are: 
 
-.RS
-.UR https://community.greenbone.net
-Community Portal
-.UE
-.br
-.UR https://github.com/greenbone
-Development Platform
-.UE
-.br
-.UR https://www.greenbone.net
-Greenbone Website
-.UE
-.RE
+\fBhttps://community.greenbone.net\f1 (Community Portal) 
+
+\fBhttps://github.com/greenbone\f1 (Development Platform) 
 
+\fBhttps://www.greenbone.net\f1 (Greenbone Website) 
 .SH COPYRIGHT
 The Greenbone Vulnerability Manager is released under the GNU GPL, version 2, or, at your option, any later version. 
diff --git a/doc/gvmd.8.xml b/doc/gvmd.8.xml
@@ -382,6 +382,13 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
            as used in GMP.</p>
       </optdesc>
     </option>
+    <option>
+      <p><opt>--scanner-connection-retry=<arg>NUMBER</arg></opt></p>
+      <optdesc>
+        <p>Number of auto retries if scanner connection is lost
+           in a running task.</p>
+      </optdesc>
+    </option>    
     <option>
       <p><opt>--schedule-timeout=<arg>TIME</arg></opt></p>
       <optdesc>

diff --git a/src/gvmd.c b/src/gvmd.c
@@ -1723,6 +1723,7 @@ gvmd (int argc, char** argv)
   static gchar *scanner_credential = NULL;
   static gchar *scanner_key_pub = NULL;
   static gchar *scanner_key_priv = NULL;
+  static int scanner_connection_retry = SCANNER_CONNECTION_RETRY_DEFAULT;
   static int schedule_timeout = SCHEDULE_TIMEOUT_DEFAULT;
   static int secinfo_commit_size = SECINFO_COMMIT_SIZE_DEFAULT;
   static gchar *delete_scanner = NULL;
@@ -1961,6 +1962,11 @@ gvmd (int argc, char** argv)
           &scanner_ca_pub,
           "Scanner CA Certificate path for --[create|modify]-scanner.",
           "<scanner-ca-pub>" },
+        { "scanner-connection-retry", '\0', 0, G_OPTION_ARG_INT,
+          &scanner_connection_retry,
+          "Number of auto retries if scanner connection is lost in a running task,"
+          " default: "G_STRINGIFY (SCANNER_CONNECTION_RETRY_DEFAULT),
+          "<number>" },
         { "scanner-credential", '\0', 0, G_OPTION_ARG_STRING,
           &scanner_credential,
           "Scanner credential for --create-scanner and --modify-scanner."
@@ -2080,6 +2086,9 @@ gvmd (int argc, char** argv)
 
   set_schedule_timeout (schedule_timeout);
 
+  /* Set the connection auto retry */
+  set_scanner_connection_retry (scanner_connection_retry);
+
   /* Set SecInfo update commit size */
 
   set_secinfo_commit_size (secinfo_commit_size);

diff --git a/src/manage.c b/src/manage.c
@@ -185,6 +185,12 @@ static int relay_migrate_sensors = 0;
  */
 static int schedule_timeout = SCHEDULE_TIMEOUT_DEFAULT;
 
+/**
+ * @brief Default number of auto retries if scanner connection is
+ *        lost in a running task.
+ */
+static int scanner_connection_retry = SCANNER_CONNECTION_RETRY_DEFAULT;
+
 
 /* Certificate and key management. */
 
@@ -1812,6 +1818,7 @@ handle_osp_scan (task_t task, report_t report, const char *scan_id)
   int rc, port;
   scanner_t scanner;
   gboolean started, queued_status_updated;
+  int retry, connection_retry;
 
   scanner = task_scanner (task);
   host = scanner_host (scanner);
@@ -1821,8 +1828,11 @@ handle_osp_scan (task_t task, report_t report, const char *scan_id)
   key_priv = scanner_key_priv (scanner);
   started = FALSE;
   queued_status_updated = FALSE;
+  connection_retry = get_scanner_connection_retry ();
 
-  while (1)
+  retry = connection_retry;
+  rc = -1;
+  while (retry >= 0)
     {
       int run_status, progress;
       osp_scan_status_t osp_scan_status;
@@ -1835,10 +1845,20 @@ handle_osp_scan (task_t task, report_t report, const char *scan_id)
           break;
         }
 
+      /* Get only the progress, without results and details. */
       progress = get_osp_scan_report (scan_id, host, port, ca_pub, key_pub,
                                       key_priv, 0, 0, NULL);
+
       if (progress < 0 || progress > 100)
         {
+          if (retry > 0)
+            {
+              retry--;
+              g_warning ("Connection lost with the scanner at %s. "
+                         "Trying again in 1 second.", host);
+              gvm_sleep (1);
+              continue;
+            }
           result_t result = make_osp_result
                              (task, "", "", "",
                               threat_message_type ("Error"),
@@ -1858,6 +1878,15 @@ handle_osp_scan (task_t task, report_t report, const char *scan_id)
                                           key_priv, 1, 1, &report_xml);
           if (progress < 0 || progress > 100)
             {
+              if (retry > 0)
+                {
+                  retry--;
+                  g_warning ("Connection lost with the scanner at %s. "
+                             "Trying again in 1 second.", host);
+                  gvm_sleep (1);
+                  continue;
+                }
+
               g_free (report_xml);
               result_t result = make_osp_result
                                  (task, "", "", "",
@@ -1903,6 +1932,15 @@ handle_osp_scan (task_t task, report_t report, const char *scan_id)
               else if (progress >= 0 && progress < 100
                   && osp_scan_status == OSP_SCAN_STATUS_STOPPED)
                 {
+                  if (retry > 0)
+                    {
+                      retry--;
+                      g_warning ("Connection lost with the scanner at %s. "
+                                 "Trying again in 1 second.", host);
+                      gvm_sleep (1);
+                      continue;
+                    }
+
                   result_t result = make_osp_result
                     (task, "", "", "",
                      threat_message_type ("Error"),
@@ -1933,6 +1971,7 @@ handle_osp_scan (task_t task, report_t report, const char *scan_id)
             }
         }
 
+      retry = connection_retry;
       gvm_sleep (5);
     }
 
@@ -2912,6 +2951,29 @@ run_osp_task (task_t task, int from, char **report_id)
   return 0;
 }
 
+/**
+ * @brief Get the number of retries on a scanner connection lost.
+ *
+ * @return The number of retries on a scanner connection lost.
+ */
+int
+get_scanner_connection_retry ()
+{
+  return scanner_connection_retry;
+}
+
+/**
+ * @brief Set the number of retries on a scanner connection lost.
+ *
+ * @param new_retry The number of retries on a scanner connection lost.
+ */
+void
+set_scanner_connection_retry (int new_retry)
+{
+  if (new_retry >= 0)
+    scanner_connection_retry = new_retry;
+}
+
 
 /* CVE tasks. */
 

diff --git a/src/manage.h b/src/manage.h
@@ -2466,6 +2466,11 @@ manage_system_report (const char *, const char *, const char *, const char *,
 
 /* Scanners. */
 
+/**
+ * @brief Default for max auto retry on connection to scanner lost.
+ */
+#define SCANNER_CONNECTION_RETRY_DEFAULT 3
+
 int
 manage_create_scanner (GSList *, const db_conn_info_t *, const char *,
                        const char *, const char *, const char *, const char *,
@@ -2633,6 +2638,12 @@ osp_connect_with_data (const char *,
 osp_connection_t *
 osp_scanner_connect (scanner_t);
 
+int
+get_scanner_connection_retry ();
+
+void
+set_scanner_connection_retry (int);
+
 int
 verify_scanner (const char *, char **);