ctdb-scripts: Track connections for all ports for public IPs

Currently TCP ports like NFS lock manager are not tracked.  It is
easier to track all connections than to add a configuration system to
try to track specified ports, so do that.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320
RN: Update CTDB to track all TCP connections to public IP addresses

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jerry Heyman <jheyman@ddn.com>
(cherry picked from commit 590a86dbe4adf45ac8d15497934e25ea98148034)

Autobuild-User(v4-21-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-21-test): Mon Nov 25 14:09:18 UTC 2024 on atb-devel-224

diff --git a/ctdb/config/events/legacy/10.interface.script b/ctdb/config/events/legacy/10.interface.script
index d7c36470306653fb3450a6fe7eb13bc267ca9715..dfd796563fd666ce9f922f9b755290dd6968ae23 100755 (executable)
--- a/ctdb/config/events/legacy/10.interface.script
+++ b/ctdb/config/events/legacy/10.interface.script
@@ -248,7 +248,7 @@ ipreallocated)
 monitor)
        monitor_interfaces || exit 1
 
-       update_tickles 2049
+       update_tickles
        ;;
 esac
 

diff --git a/ctdb/config/functions b/ctdb/config/functions
index becef7166a8cbb12bcfb3ebd77c07a8745263d45..4139059a3d3c5b51d6e33cc20abd60ace0e47a85 100755 (executable)
--- a/ctdb/config/functions
+++ b/ctdb/config/functions
@@ -1176,8 +1176,6 @@ nfs_callout()
 
 update_tickles()
 {
-       _port="$1"
-
        tickledir="${CTDB_SCRIPT_VARDIR}/tickles"
        mkdir -p "$tickledir"
 
@@ -1186,17 +1184,16 @@ update_tickles()
                return
        fi
 
-       # IPs and port as ss filters
+       # IPs ss filter
        _ip_filter=""
        while read -r _ip; do
                _ip_filter="${_ip_filter}${_ip_filter:+ || }src [${_ip}]"
        done <"$CTDB_MY_PUBLIC_IPS_CACHE"
-       _port_filter="sport == :${_port}"
 
        # Record our current tickles in a temporary file
-       _my_tickles="${tickledir}/${_port}.tickles.$$"
+       _my_tickles="${tickledir}/all.tickles.$$"
        while read -r _i; do
-               $CTDB -X gettickles "$_i" "$_port" |
+               $CTDB -X gettickles "$_i" |
                        awk -F'|' 'NR > 1 { printf "%s:%s %s:%s\n", $2, $3, $4, $5 }'
        done <"$CTDB_MY_PUBLIC_IPS_CACHE" |
                sort >"$_my_tickles"
@@ -1205,12 +1202,10 @@ update_tickles()
        # This temporary file is in CTDB's private state directory and
        # $$ is used to avoid a very rare race involving CTDB's script
        # debugging.  No security issue, nothing to see here...
-       _my_connections="${tickledir}/${_port}.connections.$$"
-       # Parentheses are needed around the filters for precedence but
+       _my_connections="${tickledir}/all.connections.$$"
+       # Parentheses are needed around the IP filter for precedence but
        # the parentheses can't be empty!
-       ss -tnH state established \
-               "${_ip_filter:+( ${_ip_filter} )}" \
-               "${_port_filter:+( ${_port_filter} )}" |
+       ss -tnH state established "${_ip_filter:+( ${_ip_filter} )}" |
                awk '{print $4, $3}' |
                sort >"$_my_connections"