ctdb-scripts: Track connections for all ports for public IPs

Currently TCP ports like NFS lock manager are not tracked.  It is
easier to track all connections than to add a configuration system to
try to track specified ports, so do that.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320
RN: Update CTDB to track all TCP connections to public IP addresses

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jerry Heyman <jheyman@ddn.com>
(cherry picked from commit 590a86dbe4adf45ac8d15497934e25ea98148034)

Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Mon Nov 25 13:58:45 UTC 2024 on atb-devel-224

diff --git a/ctdb/config/events/legacy/10.interface.script b/ctdb/config/events/legacy/10.interface.script
index d7d830bf133443e5b3930cd3ef93d82da3a03928..4bee4fa29ecd860cc81c8b7dfe1f94d2d9c05c1c 100755 (executable)
--- a/ctdb/config/events/legacy/10.interface.script
+++ b/ctdb/config/events/legacy/10.interface.script
@@ -266,7 +266,7 @@ ipreallocated)
 monitor)
        monitor_interfaces || exit 1
 
-       update_tickles 2049
+       update_tickles
        ;;
 esac
 

diff --git a/ctdb/config/functions b/ctdb/config/functions
index 7d371e815050311a3829c3494ee323efdabd63ef..75f55f58e2ac9b743f7cc4fc11ac51a5f1d455dc 100755 (executable)
--- a/ctdb/config/functions
+++ b/ctdb/config/functions
@@ -1149,8 +1149,6 @@ nfs_callout()
 
 update_tickles()
 {
-       _port="$1"
-
        tickledir="${CTDB_SCRIPT_VARDIR}/tickles"
        mkdir -p "$tickledir"
 
@@ -1159,17 +1157,16 @@ update_tickles()
                return
        fi
 
-       # IPs and port as ss filters
+       # IPs ss filter
        _ip_filter=""
        while read -r _ip; do
                _ip_filter="${_ip_filter}${_ip_filter:+ || }src [${_ip}]"
        done <"$CTDB_MY_PUBLIC_IPS_CACHE"
-       _port_filter="sport == :${_port}"
 
        # Record our current tickles in a temporary file
-       _my_tickles="${tickledir}/${_port}.tickles.$$"
+       _my_tickles="${tickledir}/all.tickles.$$"
        while read -r _i; do
-               $CTDB -X gettickles "$_i" "$_port" |
+               $CTDB -X gettickles "$_i" |
                        awk -F'|' 'NR > 1 { printf "%s:%s %s:%s\n", $2, $3, $4, $5 }'
        done <"$CTDB_MY_PUBLIC_IPS_CACHE" |
                sort >"$_my_tickles"
@@ -1178,12 +1175,10 @@ update_tickles()
        # This temporary file is in CTDB's private state directory and
        # $$ is used to avoid a very rare race involving CTDB's script
        # debugging.  No security issue, nothing to see here...
-       _my_connections="${tickledir}/${_port}.connections.$$"
-       # Parentheses are needed around the filters for precedence but
+       _my_connections="${tickledir}/all.connections.$$"
+       # Parentheses are needed around the IP filter for precedence but
        # the parentheses can't be empty!
-       ss -tnH state established \
-               "${_ip_filter:+( ${_ip_filter} )}" \
-               "${_port_filter:+( ${_port_filter} )}" |
+       ss -tnH state established "${_ip_filter:+( ${_ip_filter} )}" |
                awk '{print $4, $3}' |
                sort >"$_my_connections"