The branch, v4-17-stable has been updated
via f3e7be14a36 VERSION: Disable GIT_SNAPSHOT for the 4.17.11 release.
via 5046314c08d WHATSNEW: Add release notes for Samba 4.17.11.
via f8197d6509f mdssvc: better support for search with mdfind from Macs
via 1361e545452 vfs_aio_pthread: use SMB_VFS_NEXT_OPENAT() in
aio_pthread_openat_fn()
via 8d1e4f1d4f1 ctdb-common: Set immediate mode for pcap capture
via bb905f04b50 ctdb-common: Replace pcap_open_live() by lower level
calls
via 74d43dd395b ctdb-common: Improve error handling
via ef212b021e5 ctdb-scripts: Add debugging variable
CTDB_KILLTCP_DEBUGLEVEL
via c5bd0b20ad3 ctdb-common: Support IB in pcap-based capture
via 6417651bf4b ctdb-common: Support "any" interface for pcap-based
capture
via 0f3864d7c59 ctdb-common: Add packet type detection to pcap-based
capture
via f01d53d8848 ctdb-tools: Improve/add debug
via d37c3d14156 ctdb-common: Improve/add debug
via 0adfd0cc0f6 ctdb-common: Use pcap_get_selectable_fd()
via 8c1314aae60 ctdb-common: Stop a pcap-related crash on error
via 98ee0c12578 ctdb-common: Fix a warning in the pcap code
via 197f86f9a1c ctdb-common: Do not use raw socket when ENABLE_PCAP is
defined
via 027c9ef106a ctdb-common: Move a misplaced comment
via 188e949fdf6 ctdb-build: Add --enable-pcap configure option
via f25b506a73d ctdb-build: Use pcap-config when available
via 89231620287 s4-rpc_server/drsupai: Avoid looping with Azure AD
Connect by not incrementing temp_highest_usn for the NC root
via 4ae4d2ac3b3 s4-rpc_server/drsuapi: Ensure logs show DN for
replicated objects, not (null)
via ee8dafa103b s4-rpc_server/drsuapi: Update getnc_state to be != NULL
via 0a269490b68 s4-rpc_server/drsuapi: Rename ncRoot ->
untrusted_ncRoot to avoid misuse
via 7c63aa69594 s4-rpc_server/drsuapi: Avoid modification to ncRoot
input variable in GetNCChanges
via c72b5f25eb0 s4-rpc_server/drsuapi: Fix indentation in GetNCChanges()
via 35cdcef4d1a s4-rpc_server/drsuapi: Only keep and invalidate
replication cycle state for normal replication
via d4927a5dc0c s4-torture/drs: Add test showing that if present in the
set the NC root leads and tmp_highest_usn moves
via 6452398ed83 s4-torture/drs: Add test demonstrating that a
GetNCChanges REPL_OBJ will not reset the replication cookie
via 1f5b6ef931c s4-torture/drs: Add a test matching Azure AD Connect
REPL_OBJ behaviour
via fc282cbdc79 s4-torture/drs: Use addCleanup() in getchanges.py for
OU handling
via 6442c8c3def s4-torture/drs: Create temp OU with a unique name per
test
via aa155ccb5fd s4-torture/drs: Save the server dnsname on the
DcConnection object
via 5bddbe2ca6d s4-rpc_server/drsuapi: Remove rudundant check for valid
and non-NULL ncRoot_dn
via 957c794891b s4-dsdb: Improve logging for
drs_ObjectIdentifier_to_dn_and_nc_root()
via f7b1325b819 s4-rpc_server/drsuapi: Improve debug message for
drs_ObjectIdentifier_to_dn_and_nc_root() failure
via 89dfbd8c858 s4-rpc_server/drsuapi: Improve debugging of invalid DNs
via 133ff9c2894 s4-rpc_server/drsuapi: Add tmp_highest_usn tracking to
replication log
via fca63c10314 s3: smbd: Ensure init_smb1_request() zeros out what the
incoming pointer points to.
via 4f3d61dc268 s3: torture: Add SMB1-NEGOTIATE-TCON that shows the
SMB1 server crashes on the uninitialized req->session.
via 098e5f240a5 s3: smbd: init_smb1_request() isn't being passed
zero'ed memory from any codepath.
via eb95b15b1ba s3: smbd: Add missing 'return;'s in exit paths in
reply_exit_done().
via 7da254ffa18 s3: torture: Add a test doing an SMB1 negotiate+exit.
via 0dbba5f655f s3: smbd: Ensure all callers to
srvstr_pull_req_talloc() pass a zeroed-out dest pointer.
via b958e82d0b6 s3: smbd: Uncorrupt the pointer we were using to prove
a crash.
via 3a123fbbe86 s3: smbd: Ensure srvstr_pull_req_talloc() always NULLs
out *dest.
via ec8887be3f6 s3: torture: Add SMB1-TRUNCATED-SESSSETUP test.
via bce87c64b71 s3: smbd: Deliberately currupt an uninitialized pointer.
via 741cc3484e7 mdssvc: Do an early talloc_free() in _mdssvc_open()
via 8738efc4042 s3:smbd: fix multichannel connection passing race
via f3d5e3add54 s3:smbd: always clear filter_subreq in
smb2srv_client_mc_negprot_next()
via 534f1363033 s4:torture/smb2: add smb2.multichannel.bugs.bug_15346
via 3c23c7f36c8 s4:torture/smb2: make it possible to pass existing_conn
to smb2_connect_ext()
via 8c727eef9e3 s4:torture/smb2: let us have a common
torture_smb2_con_share()
via 65b05090ee4 s4:torture/smb2: let torture_smb2_con_sopt() use
smb2_connect()
via d167b80dc72 smbXcli: Pass negotiate contexts through
smbXcli_negprot_send/recv
via fec913830f5 s3: smbd: Sanitize any "server" and "share" components
of SMB1 DFS paths to remove UNIX separators.
via 3a0ae0c6f01 dcerpc.idl: fix definitions for DCERPC_PKT_CO_CANCEL
and DCERPC_PKT_ORPHANED payload
via 4233de9bd48 librpc/rpc: let dcerpc_read_ncacn_packet_next_vector()
handle fragments without any payload
via 95bb8115a37 s4:torture/ndr: add tests for DCERPC_PKT_CO_CANCEL and
DCERPC_PKT_ORPHANED
via f99fec49e25 vfs_aio_pthread: fix segfault if samba-tool ntacl get
via 3a6964d0265 vfs_aio_pthread: don't crash without a pthreadpool
via 10f3fafc6f4 s3/modules: Fix DFS links when widelinks = yes
via b63c917cf74 s3/modules: Add flag indicating if connected share is a
dfs share
via 98a53e95a0f sefltest: Add new regression test dfs with widelinks =
yes
via 9ace53099ed selftest: Add new dfs share (with widelinks enabled)
via d94cbb10b88 s3/utils: avoid erronous NO MEMORY detection
via 9313ebba32b dsdb: Use samdb_system_container_dn() in
pdb_samba_dsdb_*()
via dc74e3e9470 dsdb: Use samdb_system_container_dn() in dsdb_trust_*()
via ecbba6aec27 s4-rpc_server/backupkey: Use
samdb_system_container_dn() in get_lsa_secret()
via 558834c3e13 s4-rpc_server/backupkey: Use
samdb_system_container_dn() in set_lsa_secret()
via 0d6bc07a572 s4-rpc_server/netlogon: Use samdb_system_container_dn()
in fill_trusted_domains_array()
via cabc229210d s4-rpc_server/lsa: Use samdb_system_container_dn() in
dcesrv_lsa_get_policy_state()
via 30c14e87e2b dsdb: Use samdb_get_system_container_dn() to get
Password Settings Container
via d3c4dd68a0d dsdb: Use samdb_system_container_dn() in samldb.c
via bac861ed27f dsdb: Add new function samdb_system_container_dn()
via 7112efed3d4 Bug #9959: Don't search for CN=System
via 517339b1755 For Bug #9959: local talloc frame for next commit
via 947790f8d76 mdssvc: fix returning file modification date for older
Mac releases
via c7ee8854d20 mdssvc: fix date marshalling
via a6fba5581db mdssvc: prepare for returning timestamps with
sub-seconds granularity
via e7eb2286214 mdssvc: reduce pagesize to 50
via 31a6264f8c5 tests/mdssvc: match hits:total:value to be the actual
amount of entries in hits
via 57d8d00799c mdssvc: fix enforcement of "elasticsearch:max results"
via 506e9a2d725 mdssvc: add and use SL_PAGESIZE
via 19f10cb9d7d mdssvc: fix long running backend queries
via 9d97cd01641 mdssvc: set query state for continued queries to
SLQ_STATE_RUNNING
via cdce89e434e smbd: don't leak the fsp if close_file_smb() fails
via 8a602310ceb VERSION: Bump version up to Samba 4.17.11...
from 5eceb0dfb4a VERSION: Disable GIT_SNAPSHOT for the 4.17.10 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 92 ++++-
ctdb/common/system_socket.c | 181 +++++++--
ctdb/config/functions | 8 +-
ctdb/tools/ctdb_killtcp.c | 13 +-
ctdb/wscript | 14 +-
libcli/smb/smbXcli_base.c | 80 +++-
libcli/smb/smbXcli_base.h | 9 +-
librpc/idl/dcerpc.idl | 2 -
librpc/rpc/dcerpc_util.c | 9 +-
python/samba/tests/blackbox/mdsearch.py | 2 +-
python/samba/tests/dcerpc/mdssvc.py | 6 +-
selftest/knownfail.d/getncchanges | 2 +
selftest/target/Samba3.pm | 5 +
source3/libsmb/cliconnect.c | 16 +-
source3/modules/vfs_aio_pthread.c | 38 +-
source3/modules/vfs_widelinks.c | 30 +-
source3/passdb/pdb_samba_dsdb.c | 12 +-
source3/rpc_server/mdssvc/marshalling.c | 29 +-
source3/rpc_server/mdssvc/mdssvc.c | 21 +-
source3/rpc_server/mdssvc/mdssvc.h | 1 +
source3/rpc_server/mdssvc/mdssvc_es.c | 8 +-
source3/rpc_server/mdssvc/srv_mdssvc_nt.c | 1 +
source3/script/tests/test_bug15435_widelink_dfs.sh | 28 ++
source3/selftest/tests.py | 43 +++
source3/smbd/smb1_ipc.c | 2 +-
source3/smbd/smb1_message.c | 2 +-
source3/smbd/smb1_reply.c | 2 +
source3/smbd/smb1_sesssetup.c | 4 +-
source3/smbd/smb2_close.c | 2 +
source3/smbd/smb2_process.c | 7 +-
source3/smbd/smb2_reply.c | 32 ++
source3/smbd/smbXsrv_client.c | 33 +-
source3/torture/torture.c | 413 ++++++++++++++++++++-
source3/utils/net_ads.c | 10 +-
source4/dsdb/common/dsdb_dn.c | 12 +
source4/dsdb/common/util.c | 19 +
source4/dsdb/common/util_trusts.c | 21 +-
source4/dsdb/samdb/ldb_modules/operational.c | 22 +-
source4/dsdb/samdb/ldb_modules/samldb.c | 7 +-
source4/libcli/raw/rawnegotiate.c | 5 +-
source4/libcli/smb2/connect.c | 9 +-
source4/libcli/smb_composite/connect_nego.c | 5 +-
source4/rpc_server/backupkey/dcesrv_backupkey.c | 54 ++-
source4/rpc_server/drsuapi/dcesrv_drsuapi.h | 2 +-
source4/rpc_server/drsuapi/getncchanges.c | 293 +++++++++++----
source4/rpc_server/lsa/lsa_init.c | 7 +-
source4/rpc_server/netlogon/dcerpc_netlogon.c | 8 +-
source4/torture/drs/python/getnc_exop.py | 25 +-
source4/torture/drs/python/getncchanges.py | 218 ++++++++++-
source4/torture/ndr/dcerpc.c | 148 ++++++++
source4/torture/ndr/ndr.c | 1 +
source4/torture/smb2/acls.c | 34 --
source4/torture/smb2/multichannel.c | 315 ++++++++++++++++
source4/torture/smb2/util.c | 55 +--
source4/torture/vfs/acl_xattr.c | 34 --
source4/torture/wscript_build | 1 +
57 files changed, 2068 insertions(+), 386 deletions(-)
create mode 100755 source3/script/tests/test_bug15435_widelink_dfs.sh
create mode 100644 source4/torture/ndr/dcerpc.c
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 6e7dec94182..095b267f389 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=17
-SAMBA_VERSION_RELEASE=10
+SAMBA_VERSION_RELEASE=11
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 674d70fe8b6..0b12f34e798 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,92 @@
+ ===============================
+ Release Notes for Samba 4.17.11
+ September 07, 2023
+ ===============================
+
+
+This is the latest stable release of the Samba 4.17 release series.
+
+
+Changes since 4.17.10
+---------------------
+
+o Jeremy Allison <j...@samba.org>
+ * BUG 15419: Weird filename can cause assert to fail in
+ openat_pathref_fsp_nosymlink().
+ * BUG 15420: reply_sesssetup_and_X() can dereference uninitialized tmp
+ pointer.
+ * BUG 15430: Missing return in reply_exit_done().
+ * BUG 15432: TREE_CONNECT without SETUP causes smbd to use uninitialized
+ pointer.
+
+o Andrew Bartlett <abart...@samba.org>
+ * BUG 15401: Improve GetNChanges to address some (but not all "Azure AD
+ Connect") syncronisation tool looping during the initial user sync phase.
+ * BUG 15407: Samba replication logs show (null) DN.
+ * BUG 9959: Windows client join fails if a second container CN=System exists
+ somewhere.
+
+o Ralph Boehme <s...@samba.org>
+ * BUG 15342: Spotlight sometimes returns no results on latest macOS.
+ * BUG 15417: Renaming results in NT_STATUS_SHARING_VIOLATION if previously
+ attempted to remove the destination.
+ * BUG 15427: Spotlight results return wrong date in result list.
+ * BUG 15463: macOS mdfind returns only 50 results.
+
+o Volker Lendecke <v...@samba.org>
+ * BUG 15346: 2-3min delays at reconnect with smb2_validate_sequence_number:
+ bad message_id 2.
+
+o Stefan Metzmacher <me...@samba.org>
+ * BUG 15346: 2-3min delays at reconnect with smb2_validate_sequence_number:
+ bad message_id 2.
+ * BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
+ * BUG 15446: DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed.
+
+o MikeLiu <mike...@qnap.com>
+ * BUG 15453: File doesn't show when user doesn't have permission if
+ aio_pthread is loaded.
+
+o Noel Power <noel.po...@suse.com>
+ * BUG 15384: net ads lookup (with unspecified realm) fails
+ * BUG 15435: Regression DFS not working with widelinks = true.
+
+o Arvid Requate <requ...@univention.de>
+ * BUG 9959: Windows client join fails if a second container CN=System exists
+ somewhere.
+
+o Martin Schwenke <mschwe...@ddn.com>
+ * BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap ≥
+ 1.9.1.
+
+o Jones Syue <joness...@qnap.com>
+ * BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
+ * BUG 15449: mdssvc: Do an early talloc_free() in _mdssvc_open().
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
===============================
Release Notes for Samba 4.17.10
July 19, 2023
@@ -70,8 +159,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.17.9
July 06, 2023
diff --git a/ctdb/common/system_socket.c b/ctdb/common/system_socket.c
index bb513508353..273b9c3400e 100644
--- a/ctdb/common/system_socket.c
+++ b/ctdb/common/system_socket.c
@@ -747,13 +747,6 @@ int ctdb_sys_send_tcp(const ctdb_sock_addr *dest,
return 0;
}
-/*
- * Packet capture
- *
- * If AF_PACKET is available then use a raw socket otherwise use pcap.
- * wscript has checked to make sure that pcap is available if needed.
- */
-
static int tcp4_extract(const uint8_t *ip_pkt,
size_t pktlen,
struct sockaddr_in *src,
@@ -864,8 +857,14 @@ static int tcp6_extract(const uint8_t *ip_pkt,
return 0;
}
+/*
+ * Packet capture
+ *
+ * If AF_PACKET is available then use a raw socket otherwise use pcap.
+ * wscript has checked to make sure that pcap is available if needed.
+ */
-#ifdef HAVE_AF_PACKET
+#if defined(HAVE_AF_PACKET) && !defined(ENABLE_PCAP)
/*
* This function is used to open a raw socket to capture from
@@ -881,7 +880,7 @@ int ctdb_sys_open_capture_socket(const char *iface, void
**private_data)
return -1;
}
- DBG_DEBUG("Created RAW SOCKET FD:%d for tcp tickle\n", s);
+ DBG_DEBUG("Opened raw socket for TCP tickle capture (fd=%d)\n", s);
ret = set_blocking(s, false);
if (ret != 0) {
@@ -964,22 +963,92 @@ int ctdb_sys_read_tcp_packet(int s, void *private_data,
return ENOMSG;
}
-#else /* HAVE_AF_PACKET */
+#else /* defined(HAVE_AF_PACKET) && !defined(ENABLE_PCAP) */
#include <pcap.h>
+/*
+ * Assume this exists if pcap.h exists - it has been around for a
+ * while
+ */
+#include <pcap/sll.h>
+
int ctdb_sys_open_capture_socket(const char *iface, void **private_data)
{
+ char errbuf[PCAP_ERRBUF_SIZE];
pcap_t *pt;
+ int pcap_packet_type;
+ const char *t = NULL;
+ int fd;
+ int ret;
- pt=pcap_open_live(iface, 100, 0, 0, NULL);
+ pt = pcap_create(iface, errbuf);
if (pt == NULL) {
- DBG_ERR("Failed to open capture device %s\n", iface);
+ DBG_ERR("Failed to open pcap capture device %s (%s)\n",
+ iface,
+ errbuf);
return -1;
}
+ /*
+ * pcap isn't very clear about defaults...
+ */
+ ret = pcap_set_snaplen(pt, 100);
+ if (ret < 0) {
+ DBG_ERR("Failed to set snaplen for pcap capture\n");
+ goto fail;
+ }
+ ret = pcap_set_promisc(pt, 0);
+ if (ret < 0) {
+ DBG_ERR("Failed to unset promiscuous mode for pcap capture\n");
+ goto fail;
+ }
+ ret = pcap_set_timeout(pt, 0);
+ if (ret < 0) {
+ DBG_ERR("Failed to set timeout for pcap capture\n");
+ goto fail;
+ }
+#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
+ ret = pcap_set_immediate_mode(pt, 1);
+ if (ret < 0) {
+ DBG_ERR("Failed to set immediate mode for pcap capture\n");
+ goto fail;
+ }
+#endif
+ ret = pcap_activate(pt);
+ if (ret < 0) {
+ DBG_ERR("Failed to activate pcap capture\n");
+ goto fail;
+ }
+
+ pcap_packet_type = pcap_datalink(pt);
+ switch (pcap_packet_type) {
+ case DLT_EN10MB:
+ t = "DLT_EN10MB";
+ break;
+ case DLT_LINUX_SLL:
+ t = "DLT_LINUX_SLL";
+ break;
+#ifdef DLT_LINUX_SLL2
+ case DLT_LINUX_SLL2:
+ t = "DLT_LINUX_SLL2";
+ break;
+#endif /* DLT_LINUX_SLL2 */
+ default:
+ DBG_ERR("Unknown pcap packet type %d\n", pcap_packet_type);
+ goto fail;
+ }
+
+ fd = pcap_get_selectable_fd(pt);
+ DBG_DEBUG("Opened pcap capture for TCP tickle (type=%s, fd=%d)\n",
+ t,
+ fd);
+
*((pcap_t **)private_data) = pt;
+ return fd;
- return pcap_fileno(pt);
+fail:
+ pcap_close(pt);
+ return -1;
}
int ctdb_sys_close_capture_socket(void *private_data)
@@ -999,10 +1068,12 @@ int ctdb_sys_read_tcp_packet(int s,
uint16_t *window)
{
int ret;
- struct ether_header *eth;
struct pcap_pkthdr pkthdr;
const u_char *buffer;
pcap_t *pt = (pcap_t *)private_data;
+ int pcap_packet_type;
+ uint16_t ether_type;
+ size_t ll_hdr_len;
buffer=pcap_next(pt, &pkthdr);
if (buffer==NULL) {
@@ -1012,36 +1083,86 @@ int ctdb_sys_read_tcp_packet(int s,
ZERO_STRUCTP(src);
ZERO_STRUCTP(dst);
- /* Ethernet */
- eth = (struct ether_header *)buffer;
+ pcap_packet_type = pcap_datalink(pt);
+ switch (pcap_packet_type) {
+ case DLT_EN10MB: {
+ const struct ether_header *eth =
+ (const struct ether_header *)buffer;
+ ether_type = ntohs(eth->ether_type);
+ ll_hdr_len = sizeof(struct ether_header);
+ break;
+ }
+ case DLT_LINUX_SLL: {
+ const struct sll_header *sll =
+ (const struct sll_header *)buffer;
+ uint16_t arphrd_type = ntohs(sll->sll_hatype);
+ switch (arphrd_type) {
+ case ARPHRD_ETHER:
+ case ARPHRD_INFINIBAND:
+ break;
+ default:
+ DBG_DEBUG("SLL: Unknown arphrd_type %"PRIu16"\n",
+ arphrd_type);
+ return EPROTONOSUPPORT;
+ }
+ ether_type = ntohs(sll->sll_protocol);
+ ll_hdr_len = SLL_HDR_LEN;
+ break;
+ }
+#ifdef DLT_LINUX_SLL2
+ case DLT_LINUX_SLL2: {
+ const struct sll2_header *sll2 =
+ (const struct sll2_header *)buffer;
+ uint16_t arphrd_type = ntohs(sll2->sll2_hatype);
+ switch (arphrd_type) {
+ case ARPHRD_ETHER:
+ case ARPHRD_INFINIBAND:
+ break;
+ default:
+ DBG_DEBUG("SLL2: Unknown arphrd_type %"PRIu16"\n",
+ arphrd_type);
+ return EPROTONOSUPPORT;
+ }
+ ether_type = ntohs(sll2->sll2_protocol);
+ ll_hdr_len = SLL2_HDR_LEN;
+ break;
+ }
+#endif /* DLT_LINUX_SLL2 */
+ default:
+ DBG_DEBUG("Unknown pcap packet type %d\n", pcap_packet_type);
+ return EPROTONOSUPPORT;
+ }
- /* we want either IPv4 or IPv6 */
- if (eth->ether_type == htons(ETHERTYPE_IP)) {
- ret = tcp4_extract(buffer + sizeof(struct ether_header),
- (size_t)(pkthdr.caplen -
- sizeof(struct ether_header)),
+ switch (ether_type) {
+ case ETHERTYPE_IP:
+ ret = tcp4_extract(buffer + ll_hdr_len,
+ (size_t)pkthdr.caplen - ll_hdr_len,
&src->ip,
&dst->ip,
ack_seq,
seq,
rst,
window);
- return ret;
-
- } else if (eth->ether_type == htons(ETHERTYPE_IP6)) {
- ret = tcp6_extract(buffer + sizeof(struct ether_header),
- (size_t)(pkthdr.caplen -
- sizeof(struct ether_header)),
+ break;
+ case ETHERTYPE_IP6:
+ ret = tcp6_extract(buffer + ll_hdr_len,
+ (size_t)pkthdr.caplen - ll_hdr_len,
&src->ip6,
&dst->ip6,
ack_seq,
seq,
rst,
window);
- return ret;
+ break;
+ case ETHERTYPE_ARP:
+ /* Silently ignore ARP packets */
+ return EPROTO;
+ default:
+ DBG_DEBUG("Unknown ether type %"PRIu16"\n", ether_type);
+ return EPROTO;
}
- return ENOMSG;
+ return ret;
}
-#endif /* HAVE_AF_PACKET */
+#endif /* defined(HAVE_AF_PACKET) && !defined(ENABLE_PCAP) */
diff --git a/ctdb/config/functions b/ctdb/config/functions
index 82ed0957aa0..725993ca12f 100755
--- a/ctdb/config/functions
+++ b/ctdb/config/functions
@@ -452,8 +452,14 @@ kill_tcp_connections ()
return
fi
+ if [ -n "$CTDB_KILLTCP_DEBUGLEVEL" ]; then
+ _debuglevel="$CTDB_KILLTCP_DEBUGLEVEL"
+ else
+ _debuglevel="$CTDB_DEBUGLEVEL"
+ fi
echo "$_connections" | \
- "${CTDB_HELPER_BINDIR}/ctdb_killtcp" "$_iface" || {
+ CTDB_DEBUGLEVEL="$_debuglevel" \
+ "${CTDB_HELPER_BINDIR}/ctdb_killtcp" "$_iface" || {
echo "Failed to kill TCP connections"
return
}
diff --git a/ctdb/tools/ctdb_killtcp.c b/ctdb/tools/ctdb_killtcp.c
index bab81092058..007422f42fc 100644
--- a/ctdb/tools/ctdb_killtcp.c
+++ b/ctdb/tools/ctdb_killtcp.c
@@ -169,17 +169,18 @@ static void reset_connections_capture_tcp_handler(struct
tevent_context *ev,
&conn.server, &conn.client,
&ack_seq, &seq, &rst, &window);
if (ret != 0) {
- /* probably a non-tcp ACK packet */
+ /* Not a TCP-ACK? Unexpected protocol? */
+ DBG_DEBUG("Failed to parse packet, errno=%d\n", ret);
return;
}
if (window == htons(1234) && (rst || seq == 0)) {
/* Ignore packets that we sent! */
- D_DEBUG("Ignoring packet: %s, "
- "seq=%"PRIu32", ack_seq=%"PRIu32", "
- "rst=%d, window=%"PRIu16"\n",
- ctdb_connection_to_string(state, &conn, false),
- seq, ack_seq, rst, ntohs(window));
+ DBG_DEBUG("Ignoring sent packet: %s, "
+ "seq=%"PRIu32", ack_seq=%"PRIu32", "
+ "rst=%d, window=%"PRIu16"\n",
+ ctdb_connection_to_string(state, &conn, false),
+ seq, ack_seq, rst, ntohs(window));
return;
}
diff --git a/ctdb/wscript b/ctdb/wscript
index c082c3b7a7d..a7b04541014 100644
--- a/ctdb/wscript
+++ b/ctdb/wscript
@@ -98,6 +98,9 @@ def options(opt):
opt.add_option('--enable-etcd-reclock',
help=("Enable etcd recovery lock helper (default=no)"),
action="store_true", dest='ctdb_etcd_reclock',
default=False)
+ opt.add_option('--enable-pcap',
+ help=("Use pcap for packet capture (default=no)"),
+ action="store_true", dest='ctdb_pcap', default=False)
opt.add_option('--with-libcephfs',
help=("Directory under which libcephfs is installed"),
@@ -201,15 +204,24 @@ def configure(conf):
if not conf.CHECK_VARIABLE('ETIME', headers='errno.h'):
conf.DEFINE('ETIME', 'ETIMEDOUT')
- if sys.platform.startswith('linux'):
+ if Options.options.ctdb_pcap or not sys.platform.startswith('linux'):
+ conf.DEFINE('ENABLE_PCAP', 1)
+ if not conf.env.ENABLE_PCAP:
conf.SET_TARGET_TYPE('pcap', 'EMPTY')
else:
+ conf.find_program('pcap-config', var='PCAP_CONFIG')
+ if conf.env.PCAP_CONFIG:
+ conf.CHECK_CFG(path=conf.env.PCAP_CONFIG,
+ args="--cflags --libs",
+ package="",
+ uselib_store="PCAP")
if not conf.CHECK_HEADERS('pcap.h'):
Logs.error('Need libpcap')
sys.exit(1)
if not conf.CHECK_FUNCS_IN('pcap_open_live', 'pcap', headers='pcap.h'):
Logs.error('Need libpcap')
sys.exit(1)
+ conf.CHECK_FUNCS_IN('pcap_set_immediate_mode', 'pcap',
headers='pcap.h')
if not conf.CHECK_FUNCS_IN('backtrace backtrace_symbols', 'execinfo',
checklibc=True, headers='execinfo.h'):
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 1500d484e83..444963e2fe1 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -4220,6 +4220,8 @@ static const struct {
struct smbXcli_negprot_state {
struct smbXcli_conn *conn;
struct tevent_context *ev;
+ struct smb2_negotiate_contexts *in_ctx;
+ struct smb2_negotiate_contexts *out_ctx;
uint32_t timeout_msec;
struct {
@@ -4242,7 +4244,8 @@ struct tevent_req *smbXcli_negprot_send(TALLOC_CTX
*mem_ctx,
uint32_t timeout_msec,
enum protocol_types min_protocol,
enum protocol_types max_protocol,
- uint16_t max_credits)
+ uint16_t max_credits,
+ struct smb2_negotiate_contexts *in_ctx)
{
struct tevent_req *req, *subreq;
struct smbXcli_negprot_state *state;
@@ -4254,6 +4257,7 @@ struct tevent_req *smbXcli_negprot_send(TALLOC_CTX
*mem_ctx,
}
state->conn = conn;
state->ev = ev;
+ state->in_ctx = in_ctx;
state->timeout_msec = timeout_msec;
if (min_protocol == PROTOCOL_NONE) {
@@ -4934,6 +4938,25 @@ static struct tevent_req
*smbXcli_negprot_smb2_subreq(struct smbXcli_negprot_sta
return NULL;
}
--
Samba Shared Repository
