Ipqbdb malfunctions

Malfunctions may arise because of how the Concurrent Data Store (CDB) 
model works. When a program opens the database environment, some 
__db.00? files are created in that directory. Each program has an 
option to cleanup or not this stuff. By default, ibd-parse and 
ibd-judge attempt to cleanup, the other programs don't. Cleaning up is 
not strictly necessary. However, failed attempts to cleanup may be 
logged as

  ibd-XXXX: not cleaning up /var/lib/ipqbdb: Device or resource busy

That is fine if there was another program running on that. If ibd-XXXX 
was the last program exiting, that line indicates a crash had happened.

In case a program crashes it will not close tables nor any write-lock 
it might have acquired. This causes harm: Access to the database will 
be denied and programs frozen. Use the db_deadlock utility (e.g. 
db4.6_deadlock from the db4.6-util debian pkg) to diagnose such a 
situation. Access errors may get logged after db_deadlock unblocks 
frozen programs. In this case you should

  STOP AND RESTART:
  1. killall -e ibd-parse ibd-judge, or equivalent action,
  2. rm /var/lib/ipqbdb/__db.00?, or equivalent action,
  3. optionally run dbX.Y_verify /var/lib/ipqbdb/*.db, or similar,
  4. restart ibd-parse and ibd-judge as needed, and
  5. restart the logger or whoever was writing to ibd-parse's socket.

Those steps could be automated. I haven't done it, for I only had 
crashes while testing debug versions.  The "Upgrading" chapter in
INSTALL is a much more weathered list for a similar task.

Keep in mind that while ibd-judge is not running your iptables rules 
will act as if they always get a DROP. To disable filtering remove the 
rules.

Avoid to delete database files while programs are using them. All ibd- 
programs open the database environment as part of their initialization 
and close it right before exiting. Keep in mind that all the .db files 
that a program works with must live in the same directory.

--

Once in a blue moon, receiving queued packets fails.  With the older 
version of the libnetfilter-queue library, ibd-judge froze strangely, 
after attempting to close and reopen the queue(s).  It is recommended 
to use libnetfilter-queue version 0.17.  It may still happen to find a 
log line of

  ibd-judge: break loop after recv returns -1 (No buffer space available)

The daemon cleans up and restarts the loop in this case.  The actual 
cause of the error is still being investigated, but with the newer 
libnetfilter-queue library the daemon continues to work.

