The branch, master has been updated
       via  5042802 ctdb-tools: Remove simple uses of strcpy(3)
       via  04fe9e2 ctdb-scripts: Use ss instead of netstat for finding TCP 
connections
       via  4a65844 ctdb-scripts: Missing NFS thread count file should just 
produce warning
       via  a610447 ctdb-daemon: Log a message when fork(2) fails
      from  a9b6276 winbind: Base idmap_ad on tldap

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 5042802bf67d6db0044119c2d12ce260987c0c48
Author: Martin Schwenke <mar...@meltin.net>
Date:   Fri Apr 15 14:52:45 2016 +1000

    ctdb-tools: Remove simple uses of strcpy(3)
    
    Signed-off-by: Martin Schwenke <mar...@meltin.net>
    Reviewed-by: Amitay Isaacs <ami...@gmail.com>
    
    Autobuild-User(master): Amitay Isaacs <ami...@samba.org>
    Autobuild-Date(master): Sun Apr 17 17:37:06 CEST 2016 on sn-devel-144

commit 04fe9e20749985c71fef1bce7f6e4c439fe11c81
Author: Martin Schwenke <mar...@meltin.net>
Date:   Thu Aug 27 13:22:49 2015 +1000

    ctdb-scripts: Use ss instead of netstat for finding TCP connections
    
    ss with a filter is much faster than post-processing output from
    netstat.  CTDB already has a hard dependency on iproute2 for IP
    address handling, so depending on ss is no big deal.
    
    Signed-off-by: Martin Schwenke <mar...@meltin.net>
    Reviewed-by: Amitay Isaacs <ami...@gmail.com>

commit 4a658440e13bc5601a77d708d4f3c04ed577bdd5
Author: Martin Schwenke <mar...@meltin.net>
Date:   Thu Mar 10 09:12:33 2016 +1100

    ctdb-scripts: Missing NFS thread count file should just produce warning
    
    This currently causes monitor failure.
    
    Log a warning instead.  If there is a transient issue, such as NFS
    being restarted in the background, then the thread count file should
    be there the next time around so the count can be adjusted if
    necessary.
    
    Signed-off-by: Martin Schwenke <mar...@meltin.net>
    Reviewed-by: Amitay Isaacs <ami...@gmail.com>

commit a610447995287946866c4cbf45b1614d1f5afea5
Author: Martin Schwenke <mar...@meltin.net>
Date:   Fri Apr 1 20:01:51 2016 +1100

    ctdb-daemon: Log a message when fork(2) fails
    
    It is useful to know what error occurred.
    
    Signed-off-by: Martin Schwenke <mar...@meltin.net>
    Reviewed-by: Amitay Isaacs <ami...@gmail.com>

-----------------------------------------------------------------------

Summary of changes:
 ctdb/config/functions                | 23 ++++++----
 ctdb/config/nfs-linux-kernel-callout |  8 +++-
 ctdb/server/ctdb_fork.c              |  2 +
 ctdb/tests/eventscripts/stubs/ss     | 88 ++++++++++++++++++++++++++++++++++++
 ctdb/tools/ctdb.c                    |  5 +-
 5 files changed, 112 insertions(+), 14 deletions(-)
 create mode 100755 ctdb/tests/eventscripts/stubs/ss


Changeset truncated at 500 lines:

diff --git a/ctdb/config/functions b/ctdb/config/functions
index 782978d..8a8ee8c 100755
--- a/ctdb/config/functions
+++ b/ctdb/config/functions
@@ -531,11 +531,7 @@ get_tcp_connections_for_ip ()
 {
     _ip="$1"
 
-    netstat -tn | awk -v ip=$_ip \
-       'index($1, "tcp") == 1 && \
-        (index($4, ip ":") == 1 || index($4, "::ffff:" ip ":") == 1) \
-        && $6 == "ESTABLISHED" \
-        {print $4" "$5}'
+    ss -tn state established "src [$_ip]" | awk 'NR > 1 {print $3, $4}'
 }
 
 ########################################################
@@ -1183,17 +1179,24 @@ update_tickles ()
        # What public IPs do I hold?
        _ips=$(ctdb -X ip | awk -F'|' -v pnn=$pnn '$3 == pnn {print $2}')
 
-       # IPs as a regexp choice
-       _ipschoice="($(echo $_ips | sed -e 's/ /|/g' -e 's/\./\\\\./g'))"
+       # IPs and port as ss filters
+       _ip_filter=""
+       for _ip in $_ips ; do
+           _ip_filter="${_ip_filter}${_ip_filter:+ || }src [${_ip}]"
+       done
+       _port_filter="sport == :${_port}"
 
        # Record connections to our public IPs in a temporary file.
        # This temporary file is in CTDB's private state directory and
        # $$ is used to avoid a very rare race involving CTDB's script
        # debugging.  No security issue, nothing to see here...
        _my_connections="${tickledir}/${_port}.connections.$$"
-       netstat -tn |
-       awk -v destpat="^${_ipschoice}:${_port}\$" \
-         '$1 == "tcp" && $6 == "ESTABLISHED" && $4 ~ destpat {print $5, $4}' |
+       # Parentheses are needed around the filters for precedence but
+       # the parentheses can't be empty!
+       ss -tn state established \
+          "${_ip_filter:+( ${_ip_filter} )}" \
+          "${_port_filter:+( ${_port_filter} )}" |
+       awk 'NR > 1 {print $4, $3}' |
        sort >"$_my_connections"
 
        # Record our current tickles in a temporary file
diff --git a/ctdb/config/nfs-linux-kernel-callout 
b/ctdb/config/nfs-linux-kernel-callout
index 9532906..22151a6 100755
--- a/ctdb/config/nfs-linux-kernel-callout
+++ b/ctdb/config/nfs-linux-kernel-callout
@@ -165,9 +165,13 @@ nfs_check_thread_count ()
     # nfsd should be running the configured number of threads.  If
     # there are a different number of threads then tell nfsd the
     # correct number.
-    read _running_threads <"$_threads_file"
+    read _running_threads <"$_threads_file" || {
+           echo "WARNING: Reading \"${_threads_file}\" unexpectedly failed"
+           exit 0
+    }
+
     # Intentionally not arithmetic comparison - avoids extra errors
-    # when above fails...
+    # when above read fails in an unexpected way...
     if [ "$_running_threads" != "$_configured_threads" ] ; then
        echo "Attempting to correct number of nfsd threads from 
${_running_threads} to ${_configured_threads}"
        echo "$_configured_threads" >"$_threads_file"
diff --git a/ctdb/server/ctdb_fork.c b/ctdb/server/ctdb_fork.c
index 661e72c..93977d9 100644
--- a/ctdb/server/ctdb_fork.c
+++ b/ctdb/server/ctdb_fork.c
@@ -71,6 +71,8 @@ pid_t ctdb_fork(struct ctdb_context *ctdb)
 
        pid = fork();
        if (pid == -1) {
+               DEBUG(DEBUG_ERR,
+                     (__location__ " fork() failed (%s)\n", strerror(errno)));
                return -1;
        }
        if (pid == 0) {
diff --git a/ctdb/tests/eventscripts/stubs/ss b/ctdb/tests/eventscripts/stubs/ss
new file mode 100755
index 0000000..e8d8044
--- /dev/null
+++ b/ctdb/tests/eventscripts/stubs/ss
@@ -0,0 +1,88 @@
+#!/bin/bash
+
+prog="ss"
+
+usage ()
+{
+    cat >&2 <<EOF
+Usage: $prog -tn state established [ '(' ip-filter ')' ] [ '(' port-filter ')' 
]
+
+A fake ss stub that prints items depending on the variables
+FAKE_NETSTAT_TCP_ESTABLISHED and FAKE_NETSTAT_TCP_ESTABLISHED_FILE.
+
+Note that "-tn state established" must be given.
+
+EOF
+    exit 1
+}
+
+if [ "$1" != "-tn" -o "$2" != "state" -o "$3" != "established" ] ; then
+    usage
+fi
+
+shift 3
+
+# Check if socket has matches in both ok_ips and ok_ports
+filter_socket ()
+{
+    ok_ips="$1"
+    ok_ports="$2"
+    socket="$3"
+
+    ip="${socket%:*}"
+    port="${socket##*:}"
+
+    if [ "$ok_ports" != "|" -a "${ok_ports#*|${port}|}" = "$ok_ports" ] ; then
+       return 1
+    fi
+    if [ "$ok_ips" != "|" -a "${ok_ips#*|${ip}|}" = "$ok_ips" ] ; then
+       return 1
+    fi
+
+    return 0
+}
+
+ss_tcp_established ()
+{
+    echo "Recv-Q Send-Q Local Address:Port Peer Address:Port"
+
+    # Very limited implementation:
+    # We only expect to find || inside parentheses
+    # We don't expect to see && - it is implied by juxtaposition
+    # Operator for port comparison is ignored and assumed to be ==
+
+    # Build lists of source ports and source IP addresses where each
+    # entry is surrounded by '|' characters.  These lists can be
+    # easily "searched" using the POSIX prefix and suffix removal
+    # operators.
+    in_parens=false
+    sports="|"
+    srcs="|"
+
+    while [ -n "$1" ] ; do
+       case "$1" in
+           \() in_parens=true ; shift ;;
+           \)) in_parens=false ; shift ;;
+           \|\|) if ! $in_parens ; then usage ; fi ; shift ;;
+           sport) p="${3#:}" ; sports="${sports}${p}|" ; shift 3 ;;
+           src) ip="${2#\[}" ; ip="${ip%\]}" ; srcs="${srcs}${ip}|" ; shift 2 
;;
+           *) usage ;;
+       esac
+    done
+
+    for i in $FAKE_NETSTAT_TCP_ESTABLISHED ; do
+       src="${i%|*}"
+       dst="${i#*|}"
+       if filter_socket "$srcs" "$sports" "$src" ; then
+           echo 0 0 "$src" "$dst"
+       fi
+    done
+    while read src dst ; do
+       if filter_socket "$srcs" "$sports" "$src" ; then
+           echo 0 0 "$src" "$dst"
+       fi
+    done <"$FAKE_NETSTAT_TCP_ESTABLISHED_FILE"
+}
+
+# Yes, lose the quoting so we can do a hacky parsing job
+ss_tcp_established $*
diff --git a/ctdb/tools/ctdb.c b/ctdb/tools/ctdb.c
index 84d8132..7305aa4 100644
--- a/ctdb/tools/ctdb.c
+++ b/ctdb/tools/ctdb.c
@@ -92,7 +92,7 @@ static int printm(const char *format, ...)
        size_t len = strlen(format);
        char new_format[len+1];
 
-       strcpy(new_format, format);
+       strncpy(new_format, format, len+1);
 
        if (options.machineseparator[0] != ':') {
                all_string_sub(new_format,
@@ -2718,7 +2718,8 @@ static int control_setifacelink(struct ctdb_context 
*ctdb, int argc, const char
                talloc_free(tmp_ctx);
                return -1;
        }
-       strcpy(info.name, argv[0]);
+       strncpy(info.name, argv[0], sizeof(info.name)-1);
+       info.name[sizeof(info.name)-1] = '\0';
 
        if (strcmp(argv[1], "up") == 0) {
                info.link_state = 1;


-- 
Samba Shared Repository

Reply via email to