The branch, v4-21-test has been updated
via 8da34956d68 ctdb-scripts: Track connections for all ports for
public IPs
via 53df2b78ae5 ctdb-scripts: Get connections after tickle list
via f5fc8aa709c ctdb-scripts: Move connection tracking to 10.interface
via c6c0722cb72 ctdb-server: Drop a log message to DEBUG level
via 7791375ccca ctdb-server: Clean up connection tracking functions
via 84deecc5e8e ctdb-scripts: Use ss -H option to simplify
via 5920d47149c ctdb-scripts: Remove superseded compatibility code
via 0a571a6dbe3 ctdb-scripts: update_tickles() should use the public
IPs cache
via 650ce39d63c ctdb-scripts: Don't list connections when not hosting
IPs
from 6afa2ce5dc2 smbd: avoid a panic in close_directory()
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-21-test
- Log -----------------------------------------------------------------
commit 8da34956d687e60f5fe793d0194a30a6b7af701e
Author: Martin Schwenke <[email protected]>
Date: Mon Oct 23 14:17:36 2023 +1100
ctdb-scripts: Track connections for all ports for public IPs
Currently TCP ports like NFS lock manager are not tracked. It is
easier to track all connections than to add a configuration system to
try to track specified ports, so do that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320
RN: Update CTDB to track all TCP connections to public IP addresses
Signed-off-by: Martin Schwenke <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Reviewed-by: Jerry Heyman <[email protected]>
(cherry picked from commit 590a86dbe4adf45ac8d15497934e25ea98148034)
Autobuild-User(v4-21-test): Jule Anger <[email protected]>
Autobuild-Date(v4-21-test): Mon Nov 25 14:09:18 UTC 2024 on atb-devel-224
commit 53df2b78ae5c35746f01da477ee0ce443a525e8a
Author: Martin Schwenke <[email protected]>
Date: Mon Sep 30 10:50:00 2024 +1000
ctdb-scripts: Get connections after tickle list
Running ss to get current connections before running ctdb gettickles
means the ss output might be out of date when the 2 lists are
compared. Some tickles might have been added after ss was run by some
other means (e.g. SMB tickles, added internally) and they would be
deleted according to the stale ss output.
This isn't currently a problem because update_tickles() is currently
only called with port 2049, so all tickles are managed by this code.
That will change in a subsequent commit.
Changing the order means the reverse problem can occur, where
update_tickles() attempts to delete an already deleted tickle. That
may happen occasionally but is harmless because it doesn't result in
missing information. It (currently) just causes a message to be
logged at DEBUG level.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320
RN: Update CTDB to track all TCP connections to public IP addresses
Signed-off-by: Martin Schwenke <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Reviewed-by: Jerry Heyman <[email protected]>
(cherry picked from commit c3695722b6316b624aa6c44cad4f44279303d1b1)
commit f5fc8aa709c0b754a70bd44200e7cd05b982581d
Author: Martin Schwenke <[email protected]>
Date: Mon Oct 23 14:05:21 2023 +1100
ctdb-scripts: Move connection tracking to 10.interface
This should really be done for all connections to public IP addresses.
Leave the port number there for now - this is just the first step.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320
RN: Update CTDB to track all TCP connections to public IP addresses
Signed-off-by: Martin Schwenke <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Reviewed-by: Jerry Heyman <[email protected]>
(cherry picked from commit 9683bb3ac2bbdf0e83c3be3681f9d1c8ee7cc327)
commit c6c0722cb722bba42c0e5c093b787395eee62096
Author: Martin Schwenke <[email protected]>
Date: Mon Sep 30 12:30:13 2024 +1000
ctdb-server: Drop a log message to DEBUG level
This is harmless, so it doesn't generally need to be logged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320
RN: Update CTDB to track all TCP connections to public IP addresses
Signed-off-by: Martin Schwenke <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Reviewed-by: Jerry Heyman <[email protected]>
(cherry picked from commit f4a8f84328c5e692ce63bec05bb71fcb469a3e9c)
commit 7791375ccca1af8af328b94173d4d710649e1973
Author: Martin Schwenke <[email protected]>
Date: Mon Sep 30 12:22:46 2024 +1000
ctdb-server: Clean up connection tracking functions
Apply README.Coding, modernise logging, pre-render connection as a
string for logging, switch terminology from "tickle" to "connection",
tidy up comments.
No changes in functionality.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320
RN: Update CTDB to track all TCP connections to public IP addresses
Signed-off-by: Martin Schwenke <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Reviewed-by: Jerry Heyman <[email protected]>
(cherry picked from commit 3c19c8df778070705485b3c993e695ca1636bfa7)
commit 84deecc5e8e02aed2a6772620c64ba390aaf9b5a
Author: Martin Schwenke <[email protected]>
Date: Mon Sep 16 12:26:53 2024 +1000
ctdb-scripts: Use ss -H option to simplify
This option has been available since ~2018 and has been implemented in
the stub since then. I guess we didn't use it because CentOS 7?
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320
RN: Update CTDB to track all TCP connections to public IP addresses
Signed-off-by: Martin Schwenke <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Reviewed-by: Jerry Heyman <[email protected]>
(cherry picked from commit 0505d06b12a04a5c5e813fb3f4799278f9e5b7eb)
commit 5920d47149c2fbe2c7ab993d3d558be6b094f8a6
Author: Martin Schwenke <[email protected]>
Date: Mon Oct 23 14:23:45 2023 +1100
ctdb-scripts: Remove superseded compatibility code
Since commit 224e99804efef960ef4ce2ff2f4f6dced1e74146, square brackets
have been parsed by daemon and tool code, so drop the compatibility
code from here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320
RN: Update CTDB to track all TCP connections to public IP addresses
Signed-off-by: Martin Schwenke <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Reviewed-by: Jerry Heyman <[email protected]>
(cherry picked from commit 32e4f786601712e57992ce4c8f46e5d38620a5dd)
commit 0a571a6dbe37c3108db9e62592a2325115240ba3
Author: Martin Schwenke <[email protected]>
Date: Thu Sep 19 14:32:46 2024 +1000
ctdb-scripts: update_tickles() should use the public IPs cache
This avoids duplicating logic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320
RN: Update CTDB to track all TCP connections to public IP addresses
Signed-off-by: Martin Schwenke <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Reviewed-by: Jerry Heyman <[email protected]>
(cherry picked from commit b3e2c69ad92c0d20bb10146d2dd6d0d475455298)
commit 650ce39d63c5acada738bd6c1d697c99c879871a
Author: Martin Schwenke <[email protected]>
Date: Thu Sep 19 13:52:48 2024 +1000
ctdb-scripts: Don't list connections when not hosting IPs
With an empty IP filter, all incoming connections to port 2049 will be
listed, not just those to public IP addresses. This causes error
messages like the following to be logged:
ctdb-eventd[...]: 60.nfs: Failed to add 1 tickles
since the connection being added seems to be for a random NFS mount
that doesn't use a public IP addresses.
This has been a problem for a long time (probably since commit
04fe9e20749985c71fef1bce7f6e4c439fe11c81 in 2015). It isn't currently
a huge deal because it only affects NFS connections. However, this
code will soon be used to track connections to public IP addresses on
all ports. This would result in a constant stream of log messages,
since there will always be some active connections.
The theory behind the fix is that if a node hosts no public IPs then
it should have no relevant connections and has no business changing
the list of registered tickles.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320
RN: Update CTDB to track all TCP connections to public IP addresses
Signed-off-by: Martin Schwenke <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Reviewed-by: Jerry Heyman <[email protected]>
(cherry picked from commit 1a4a6c46f1cdabfea67c264d6576a597a70c3007)
-----------------------------------------------------------------------
Summary of changes:
ctdb/config/events/legacy/10.interface.script | 2 +
ctdb/config/events/legacy/60.nfs.script | 1 -
ctdb/config/functions | 52 +++++--------
ctdb/server/ctdb_takeover.c | 108 ++++++++++++++++----------
4 files changed, 88 insertions(+), 75 deletions(-)
Changeset truncated at 500 lines:
diff --git a/ctdb/config/events/legacy/10.interface.script
b/ctdb/config/events/legacy/10.interface.script
index fdc559ee1c8..dfd796563fd 100755
--- a/ctdb/config/events/legacy/10.interface.script
+++ b/ctdb/config/events/legacy/10.interface.script
@@ -247,6 +247,8 @@ ipreallocated)
monitor)
monitor_interfaces || exit 1
+
+ update_tickles
;;
esac
diff --git a/ctdb/config/events/legacy/60.nfs.script
b/ctdb/config/events/legacy/60.nfs.script
index 246a856bca8..7d03a2a50f2 100755
--- a/ctdb/config/events/legacy/60.nfs.script
+++ b/ctdb/config/events/legacy/60.nfs.script
@@ -338,7 +338,6 @@ monitor)
exit $?
fi
- update_tickles 2049
nfs_update_lock_info
nfs_check_services
diff --git a/ctdb/config/functions b/ctdb/config/functions
index ef79dbf2162..4139059a3d3 100755
--- a/ctdb/config/functions
+++ b/ctdb/config/functions
@@ -499,7 +499,7 @@ ctdb_check_unix_socket()
return 1
fi
- _out=$(ss -l -x "src ${_sockpath}" | tail -n +2)
+ _out=$(ss -l -xH "src ${_sockpath}")
if [ -z "$_out" ]; then
echo "ERROR: ${service_name} not listening on ${_sockpath}"
return 1
@@ -602,7 +602,7 @@ get_tcp_connections_for_ip()
{
_ip="$1"
- ss -tn state established "src [$_ip]" | awk 'NR > 1 {print $3, $4}'
+ ss -tnH state established "src [$_ip]" | awk '{print $3, $4}'
}
########################################################
@@ -1176,49 +1176,39 @@ nfs_callout()
update_tickles()
{
- _port="$1"
-
tickledir="${CTDB_SCRIPT_VARDIR}/tickles"
mkdir -p "$tickledir"
- # What public IPs do I hold?
- _pnn=$(ctdb_get_pnn)
- _ips=$($CTDB -X ip | awk -F'|' -v pnn="$_pnn" '$3 == pnn {print $2}')
+ # If not hosting any public IPs then can't have any connections...
+ if [ ! -s "$CTDB_MY_PUBLIC_IPS_CACHE" ]; then
+ return
+ fi
- # IPs and port as ss filters
+ # IPs ss filter
_ip_filter=""
- for _ip in $_ips; do
+ while read -r _ip; do
_ip_filter="${_ip_filter}${_ip_filter:+ || }src [${_ip}]"
- done
- _port_filter="sport == :${_port}"
+ done <"$CTDB_MY_PUBLIC_IPS_CACHE"
+
+ # Record our current tickles in a temporary file
+ _my_tickles="${tickledir}/all.tickles.$$"
+ while read -r _i; do
+ $CTDB -X gettickles "$_i" |
+ awk -F'|' 'NR > 1 { printf "%s:%s %s:%s\n", $2, $3, $4,
$5 }'
+ done <"$CTDB_MY_PUBLIC_IPS_CACHE" |
+ sort >"$_my_tickles"
# Record connections to our public IPs in a temporary file.
# This temporary file is in CTDB's private state directory and
# $$ is used to avoid a very rare race involving CTDB's script
# debugging. No security issue, nothing to see here...
- _my_connections="${tickledir}/${_port}.connections.$$"
- # Parentheses are needed around the filters for precedence but
+ _my_connections="${tickledir}/all.connections.$$"
+ # Parentheses are needed around the IP filter for precedence but
# the parentheses can't be empty!
- #
- # Recent versions of ss print square brackets around IPv6
- # addresses. While it is desirable to update CTDB's address
- # parsing and printing code, something needs to be done here
- # for backward compatibility, so just delete the brackets.
- ss -tn state established \
- "${_ip_filter:+( ${_ip_filter} )}" \
- "${_port_filter:+( ${_port_filter} )}" |
- awk 'NR > 1 {print $4, $3}' |
- tr -d '][' |
+ ss -tnH state established "${_ip_filter:+( ${_ip_filter} )}" |
+ awk '{print $4, $3}' |
sort >"$_my_connections"
- # Record our current tickles in a temporary file
- _my_tickles="${tickledir}/${_port}.tickles.$$"
- for _i in $_ips; do
- $CTDB -X gettickles "$_i" "$_port" |
- awk -F'|' 'NR > 1 { printf "%s:%s %s:%s\n", $2, $3, $4,
$5 }'
- done |
- sort >"$_my_tickles"
-
# Add tickles for connections that we haven't already got tickles for
comm -23 "$_my_connections" "$_my_tickles" |
$CTDB addtickle
diff --git a/ctdb/server/ctdb_takeover.c b/ctdb/server/ctdb_takeover.c
index 2176c6ab806..ad543452e62 100644
--- a/ctdb/server/ctdb_takeover.c
+++ b/ctdb/server/ctdb_takeover.c
@@ -1504,27 +1504,40 @@ static struct ctdb_connection *ctdb_tcp_find(struct
ctdb_tcp_array *array,
clients managing that should tickled with an ACK when IP takeover is
done
*/
-int32_t ctdb_control_tcp_add(struct ctdb_context *ctdb, TDB_DATA indata, bool
tcp_update_needed)
+int32_t ctdb_control_tcp_add(struct ctdb_context *ctdb,
+ TDB_DATA indata,
+ bool tcp_update_needed)
{
struct ctdb_connection *p = (struct ctdb_connection *)indata.dptr;
struct ctdb_tcp_array *tcparray;
struct ctdb_connection tcp;
struct ctdb_vnn *vnn;
+ char conn_str[132] = { 0, };
+ int ret;
/* If we don't have public IPs, tickles are useless */
if (ctdb->vnn == NULL) {
return 0;
}
+ ret = ctdb_connection_to_buf(conn_str,
+ sizeof(conn_str),
+ p,
+ false,
+ " -> ");
+ if (ret != 0) {
+ strlcpy(conn_str, "UNKNOWN", sizeof(conn_str));
+ }
+
vnn = find_public_ip_vnn(ctdb, &p->dst);
if (vnn == NULL) {
- DEBUG(DEBUG_INFO,(__location__ " got TCP_ADD control for an
address which is not a public address '%s'\n",
- ctdb_addr_to_str(&p->dst)));
+ DBG_INFO("Attempt to add connection %s "
+ "but destination is not a public address\n",
+ conn_str);
return -1;
}
-
tcparray = vnn->tcp_array;
/* If this is the first tickle */
@@ -1534,7 +1547,8 @@ int32_t ctdb_control_tcp_add(struct ctdb_context *ctdb,
TDB_DATA indata, bool tc
vnn->tcp_array = tcparray;
tcparray->num = 0;
- tcparray->connections = talloc_size(tcparray, sizeof(struct
ctdb_connection));
+ tcparray->connections = talloc_size(tcparray,
+ sizeof(struct
ctdb_connection));
CTDB_NO_MEMORY(ctdb, tcparray->connections);
tcparray->connections[tcparray->num].src = p->src;
@@ -1552,27 +1566,22 @@ int32_t ctdb_control_tcp_add(struct ctdb_context *ctdb,
TDB_DATA indata, bool tc
tcp.src = p->src;
tcp.dst = p->dst;
if (ctdb_tcp_find(tcparray, &tcp) != NULL) {
- DEBUG(DEBUG_DEBUG,("Already had tickle info for %s:%u for
vnn:%u\n",
- ctdb_addr_to_str(&tcp.dst),
- ntohs(tcp.dst.ip.sin_port),
- vnn->pnn));
+ DBG_DEBUG("Already had connection %s\n", conn_str);
return 0;
}
/* A new tickle, we must add it to the array */
- tcparray->connections = talloc_realloc(tcparray, tcparray->connections,
- struct ctdb_connection,
- tcparray->num+1);
+ tcparray->connections = talloc_realloc(tcparray,
+ tcparray->connections,
+ struct ctdb_connection,
+ tcparray->num + 1);
CTDB_NO_MEMORY(ctdb, tcparray->connections);
tcparray->connections[tcparray->num].src = p->src;
tcparray->connections[tcparray->num].dst = p->dst;
tcparray->num++;
- DEBUG(DEBUG_INFO,("Added tickle info for %s:%u from vnn %u\n",
- ctdb_addr_to_str(&tcp.dst),
- ntohs(tcp.dst.ip.sin_port),
- vnn->pnn));
+ D_INFO("Added connection %s\n", conn_str);
if (tcp_update_needed) {
vnn->tcp_update_needed = true;
@@ -1582,58 +1591,59 @@ int32_t ctdb_control_tcp_add(struct ctdb_context *ctdb,
TDB_DATA indata, bool tc
}
-static void ctdb_remove_connection(struct ctdb_vnn *vnn, struct
ctdb_connection *conn)
+static void ctdb_remove_connection(struct ctdb_vnn *vnn,
+ struct ctdb_connection *conn)
{
struct ctdb_connection *tcpp;
+ char conn_str[132] = { 0, };
+ int ret;
if (vnn == NULL) {
return;
}
- /* if the array is empty we can't remove it
- and we don't need to do anything
- */
+ ret = ctdb_connection_to_buf(conn_str,
+ sizeof(conn_str),
+ conn,
+ false,
+ " -> ");
+ if (ret != 0) {
+ strlcpy(conn_str, "UNKNOWN", sizeof(conn_str));
+ }
+
+ /* If the array is empty there is nothing to remove */
if (vnn->tcp_array == NULL) {
- DEBUG(DEBUG_INFO,("Trying to remove tickle that doesn't exist
(array is empty) %s:%u\n",
- ctdb_addr_to_str(&conn->dst),
- ntohs(conn->dst.ip.sin_port)));
+ D_INFO("Attempt to remove untracked connection %s (empty)\n",
+ conn_str);
return;
}
- /* See if we know this connection
- if we don't know this connection then we don't need to do anything
- */
tcpp = ctdb_tcp_find(vnn->tcp_array, conn);
if (tcpp == NULL) {
- DEBUG(DEBUG_INFO,("Trying to remove tickle that doesn't exist
%s:%u\n",
- ctdb_addr_to_str(&conn->dst),
- ntohs(conn->dst.ip.sin_port)));
+ D_DEBUG("Attempt to remove untracked connection %s\n",
conn_str);
return;
}
- /* We need to remove this entry from the array.
- Instead of allocating a new array and copying data to it
- we cheat and just copy the last entry in the existing array
- to the entry that is to be removed and just shring the
- ->num field
+ /*
+ * We need to remove this entry from the array. Instead of
+ * allocating a new array and copying data to it, cheat and
+ * just copy the last entry in the existing array to the entry
+ * that is to be removed and just shrink the size.
*/
*tcpp = vnn->tcp_array->connections[vnn->tcp_array->num - 1];
vnn->tcp_array->num--;
- /* If we deleted the last entry we also need to remove the entire array
- */
+ /* Last entry deleted, so remove the entire array */
if (vnn->tcp_array->num == 0) {
talloc_free(vnn->tcp_array);
vnn->tcp_array = NULL;
- }
+ }
vnn->tcp_update_needed = true;
- DEBUG(DEBUG_INFO,("Removed tickle info for %s:%u\n",
- ctdb_addr_to_str(&conn->src),
- ntohs(conn->src.ip.sin_port)));
+ D_INFO("Removed connection %s\n", conn_str);
}
@@ -1653,9 +1663,21 @@ int32_t ctdb_control_tcp_remove(struct ctdb_context
*ctdb, TDB_DATA indata)
vnn = find_public_ip_vnn(ctdb, &conn->dst);
if (vnn == NULL) {
- DEBUG(DEBUG_ERR,
- (__location__ " unable to find public address %s\n",
- ctdb_addr_to_str(&conn->dst)));
+ char conn_str[132] = { 0, };
+ int ret;
+
+ ret = ctdb_connection_to_buf(conn_str,
+ sizeof(conn_str),
+ conn,
+ false,
+ " -> ");
+ if (ret != 0) {
+ strlcpy(conn_str, "UNKNOWN", sizeof(conn_str));
+ }
+
+ DBG_ERR("Attempt to remove connection %s "
+ "but destination is not a public address\n",
+ conn_str);
return 0;
}
--
Samba Shared Repository
