From 49c809e0314fc91f786791f8492bd2f2a1d525d3 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Wed, 27 May 2015 10:23:37 -0400
Subject: [PATCH 1/4] Reorganize UDP <-> SSL rework

Because SSL actually was relying upon accept() to hold indefininetly,
it would hang up the UDP worker indefinitely, blocking requests.
Fix this by driving the loop iteration through select() rather than
accept() and iterating through each file handle only when select()
says they are ready.
---
 xCAT-server/sbin/xcatd | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/xCAT-server/sbin/xcatd b/xCAT-server/sbin/xcatd
index 512716e31..548c58bb9 100755
--- a/xCAT-server/sbin/xcatd
+++ b/xCAT-server/sbin/xcatd
@@ -1099,6 +1099,7 @@ while (not $listener and $retry) {
 }
 my $listenwatcher = IO::Select->new($listener);
 my $udpwatcher = IO::Select->new($udpctl);
+my $bothwatcher = IO::Select->new($udpctl, $listener);
 
 unless ($listener) {
   kill 2, $pid_UDP;
@@ -1130,6 +1131,17 @@ my $tconn;
 my $sslfudgefactor = 0;
 until ($quit) {
   $SIG{CHLD} = \&ssl_reaper; #set here to ensure that signal handler is not corrupted during loop
+  while ($udpwatcher->can_read(0)) {  # take an intermission to broker some state requests from udp traffic control
+      eval {
+          my $msg = fd_retrieve($udpctl);
+          if ($msg->{req} eq 'get_client_count') {
+            store_fd({'clientfudge'=>$sslfudgefactor, 'sslclientcount' => $sslclients}, $udpctl);
+          } elsif ($msg->{req} eq 'set_fudge_factor') {
+            $sslfudgefactor = $msg->{fudge};
+            store_fd({'clientfudge'=>$sslfudgefactor, 'sslclientcount' => $sslclients}, $udpctl);
+          }
+      };
+  }
   if (@pendingconnections) {
 	while ($listenwatcher->can_read(0)) { #grab everything we can, but don't spend any time waiting for more
 		$tconn = $listener->accept;
@@ -1137,21 +1149,16 @@ until ($quit) {
 		push @pendingconnections,$tconn;
 	}
   } else {
+    $bothwatcher->can_read(30);
+    if (not $listenwatcher->can_read(0)) {  # check for udpctl messages since
+        # we have no listen to hear
+        next;
+    }
 	$tconn = $listener->accept; #we have no connections pending, no rush, just wait until the next connection attempt comes in
 	unless ($tconn) { next; } #sometimes we get 'undef', in which case carry on with our lives...
 	push @pendingconnections,$tconn;
   }
   unless (scalar @pendingconnections) { next; } #if for some reason we landed here without any accepted connections, carry on..
-  while ($udpwatcher->can_read(0)) {  # take an intermission to broker some state requests from udp traffic control
-      eval {
-          my $msg = fd_retrieve($udpctl);
-          if ($msg->{req} eq 'get_client_count') {
-            store_fd({'clientfudge'=>$sslfudgefactor, 'sslclientcount' => $sslclients});
-          } elsif ($msg->{req} eq 'set_fudge_factor') {
-            $sslfudgefactor = $msg->{fudge};
-          }
-      };
-  }
   if ($sslclients > $maxsslclients) { #we have enough children, wait for some to exit before spawning more
       $listenwatcher->can_read(0.1); #when next connection tries to come in or a tenth of a second, whichever comes first
       next; #just keep pulling things off listen queue onto our own

From fdc408f2705f408a443eb88bba9ab4a37eec83d0 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Wed, 27 May 2015 10:35:10 -0400
Subject: [PATCH 2/4] Decrease forecast as presumed real clients connect

The fudge factor is now decremented according to real number of clients counted
toward sslclient count.  Also, have the overload case break into flow control
communication as well (though it wouldn't have a good answer for an interested client)
---
 xCAT-server/sbin/xcatd | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xCAT-server/sbin/xcatd b/xCAT-server/sbin/xcatd
index 548c58bb9..6dac1d512 100755
--- a/xCAT-server/sbin/xcatd
+++ b/xCAT-server/sbin/xcatd
@@ -1160,7 +1160,7 @@ until ($quit) {
   }
   unless (scalar @pendingconnections) { next; } #if for some reason we landed here without any accepted connections, carry on..
   if ($sslclients > $maxsslclients) { #we have enough children, wait for some to exit before spawning more
-      $listenwatcher->can_read(0.1); #when next connection tries to come in or a tenth of a second, whichever comes first
+      $bothwatcher->can_read(0.1); #when next connection tries to come in or a tenth of a second, whichever comes first
       next; #just keep pulling things off listen queue onto our own
   }
   # before we fork, check to see if rescanplugins was previously processed and
@@ -1268,6 +1268,7 @@ if ($inet6support) {
     service_connection($connection,$peername,$peerhost,$peerfqdn,$peerhostorg);
     xexit(0);
   }
+  if ($sslfudgefactor) { $sslfudgefactor -= 1; }
   $sslclients++; #THROTTLE
   $cnnection->close();
 }

From 6916b37234d0ddee15e1d54c17bde62f65913945 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Wed, 27 May 2015 10:39:52 -0400
Subject: [PATCH 3/4] Reduce communication between SSL and UDP

Previously, every TLS connection caused a communication with UDP
and this was bad.  Then every UDP connection caused a communication
and this was better.  This takes things a little further by only
doing the communication if there is a known interested party now.
---
 xCAT-server/sbin/xcatd | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/xCAT-server/sbin/xcatd b/xCAT-server/sbin/xcatd
index 6dac1d512..6c862f2b4 100755
--- a/xCAT-server/sbin/xcatd
+++ b/xCAT-server/sbin/xcatd
@@ -526,6 +526,8 @@ sub grant_tcrequests {
 	my $requestors = shift;
 	my $udpcontext = shift;
 	my $availableslots = $batchclients;
+    if (not keys %{$requestors}) { return; }  # skip the interaction with SSL if
+    # no requests are actually pending
 	my $oldtime = time()-180; #drop requests older than three minutes if still around
     my $msg;
 	eval { store_fd({'req'=>'get_client_count'}, $sslctl); $msg = fd_retrieve($sslctl); };

From 08bae512bde10dc683cae53dcc0ced8ee51eb784 Mon Sep 17 00:00:00 2001
From: linggao <linggao@us.ibm.com>
Date: Wed, 27 May 2015 11:07:00 -0400
Subject: [PATCH 4/4] Fixed defect 4683 confignics/configib does not put
 nicextraparams into /etc/network/interfaces file

---
 xCAT/postscripts/configib | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/xCAT/postscripts/configib b/xCAT/postscripts/configib
index d849d8710..07487f7b0 100755
--- a/xCAT/postscripts/configib
+++ b/xCAT/postscripts/configib
@@ -650,19 +650,19 @@ netmask $netmask" >> /etc/network/interfaces
                         #    echo "gateway $gateway" >> /etc/network/interfaces
                         #fi
                     fi
+				fi
+				#add extra params
+				i=0
+				while [ $i -lt ${#array_extra_param_names[@]} ]
+				do
+					name="${array_extra_param_names[$i]}"
+					value="${array_extra_param_values[$i]}"
+					echo "  $i: name=$name value=$value"
+					echo "${name} ${value}" >> /etc/network/interfaces
+					i=$((i+1))
+				done
 
-					#add extra params
-					i=0
-					while [ $i -lt ${#array_extra_param_names[@]} ]
-					do
-						name="${array_extra_param_names[$i]}"
-						value="${array_extra_param_values[$i]}"
-						echo "  $i: name=$name value=$value"
-						echo "${name} ${value}" >> /etc/network/interfaces
-						i=$((i+1))
-					done
-               fi
-            else
+           else
                 echo "Unsupported operating system"
                 logger -p local4.err -t xcat "Unsupported operating system"
             fi