Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Nov 7 09:14:33 UTC 2024 on atb-devel-224
This allows CTDB to be configured to use "ss -K" to reset TCP
connections on "releaseip". This is only supported when the kernel is
configured with CONFIG_INET_DIAG_DESTROY enabled.
From the documentation:
ss -K has been supported in ss since iproute 4.5 in March 2016 and
in the Linux kernel since 4.4 in December 2015. However, the
required kernel configuration item CONFIG_INET_DIAG_DESTROY is
disabled by default. Although enabled in Debian kernels since
~2017 and in Ubuntu since at least 18.04,, this has only recently
been enabled in distributions such as RHEL. There seems to be no
way, including running ss -K, to determine if this is supported, so
use of this feature needs to be configurable. When available, it
should be the fastest, most reliable way of killing connections.
For RHEL and derivatives, this was enabled as follows:
* RHEL 8 via https://bugzilla.redhat.com/show_bug.cgi?id=2230213,
arriving in version kernel-4.18.0-513.5.1.el8_9
* RHEL 9 via https://issues.redhat.com/browse/RHEL-212, arriving in
kernel-5.14.0-360.el9
Enabling this option results in a small behaviour change because ss -K
always does a 2-way kill (i.e. it also sends a RST to the client).
Only a 1-way kill is done for SMB connections when ctdb_killtcp is
used - the reasons for this are shrouded in history and the 2-way kill
seems to work fine.
For the summary that is logged, when CTDB_KILLTCP_USE_SS_KILL is "yes"
or "try", always log the method used, even the fallback to
ctdb_killtcp. However, when set to "no", maintain the existing
output.
The decision to use -K rather than --kill is because short options are
trivial to implement in test stubs.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jerry Heyman <jheyman@ddn.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Nov 7 00:12:34 UTC 2024 on atb-devel-224
Martin Schwenke [Fri, 25 Aug 2023 00:00:57 +0000 (10:00 +1000)]
ctdb-scripts: Factor out function kill_tcp_summarise()
This will be used in a slightly different context in a subsequent
commit. In that case, the number of killed connections will be passed
instead of the total number of connections, so support this here via
different modes instead of churning later.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jerry Heyman <jheyman@ddn.com>
Martin Schwenke [Mon, 23 Oct 2023 03:17:36 +0000 (14:17 +1100)]
ctdb-scripts: Track connections for all ports for public IPs
Currently TCP ports like NFS lock manager are not tracked. It is
easier to track all connections than to add a configuration system to
try to track specified ports, so do that.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jerry Heyman <jheyman@ddn.com>
Martin Schwenke [Mon, 30 Sep 2024 00:50:00 +0000 (10:50 +1000)]
ctdb-scripts: Get connections after tickle list
Running ss to get current connections before running ctdb gettickles
means the ss output might be out of date when the 2 lists are
compared. Some tickles might have been added after ss was run by some
other means (e.g. SMB tickles, added internally) and they would be
deleted according to the stale ss output.
This isn't currently a problem because update_tickles() is currently
only called with port 2049, so all tickles are managed by this code.
That will change in a subsequent commit.
Changing the order means the reverse problem can occur, where
update_tickles() attempts to delete an already deleted tickle. That
may happen occasionally but is harmless because it doesn't result in
missing information. It (currently) just causes a message to be
logged at DEBUG level.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jerry Heyman <jheyman@ddn.com>
Martin Schwenke [Mon, 30 Sep 2024 02:40:57 +0000 (12:40 +1000)]
ctdb-server: Remove duplicate logic
Initialise the pointer to NULL and fall through to let
talloc_realloc() do the allocation. talloc_realloc() does the right
thing with a NULL pointer...
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jerry Heyman <jheyman@ddn.com>
Martin Schwenke [Mon, 30 Sep 2024 02:22:46 +0000 (12:22 +1000)]
ctdb-server: Clean up connection tracking functions
Apply README.Coding, modernise logging, pre-render connection as a
string for logging, switch terminology from "tickle" to "connection",
tidy up comments.
No changes in functionality.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jerry Heyman <jheyman@ddn.com>
Martin Schwenke [Thu, 19 Sep 2024 03:52:48 +0000 (13:52 +1000)]
ctdb-scripts: Don't list connections when not hosting IPs
With an empty IP filter, all incoming connections to port 2049 will be
listed, not just those to public IP addresses. This causes error
messages like the following to be logged:
ctdb-eventd[...]: 60.nfs: Failed to add 1 tickles
since the connection being added seems to be for a random NFS mount
that doesn't use a public IP addresses.
This has been a problem for a long time (probably since commit 04fe9e20749985c71fef1bce7f6e4c439fe11c81 in 2015). It isn't currently
a huge deal because it only affects NFS connections. However, this
code will soon be used to track connections to public IP addresses on
all ports. This would result in a constant stream of log messages,
since there will always be some active connections.
The theory behind the fix is that if a node hosts no public IPs then
it should have no relevant connections and has no business changing
the list of registered tickles.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jerry Heyman <jheyman@ddn.com>
Ralph Boehme [Thu, 24 Oct 2024 19:32:49 +0000 (21:32 +0200)]
WHATSNEW: SMB3 Directory Leases
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 5 15:51:27 UTC 2024 on atb-devel-224
Ralph Boehme [Mon, 9 Sep 2024 14:03:59 +0000 (16:03 +0200)]
smbtorture: Directory Leases vs renaming
Note that we must use defines for the DLEASE* values, as declaring them as const
int triggers a CI failure on one of the runners (opensuse155-samba-o3) likely
due to a bug in its gcc version:
../../source4/torture/smb2/lease.c:6242:22: error: initializer element is not constant
.srcdir_leasekey = DLEASE1,
^~~~~~~
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 24 Oct 2024 17:35:00 +0000 (19:35 +0200)]
libcli/smb: only copy the parent lease key if SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET is set
MS-SMB2 3.3.5.9.11 Handling the SMB2_CREATE_REQUEST_LEASE_V2 Create Context:
If the SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET bit is set in the Flags field of
the request, Lease.ParentLeaseKey MUST be set to the ParentLeaseKey of the
request.
Found by MS-SMB2-Prototocol-Testsuite test "Compare_Zero_LeaseFlag_ParentLeaseKey".
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 6 Sep 2024 16:07:35 +0000 (18:07 +0200)]
smbtorture: simplify test_lease_v2_request()
- Add and use test_rearm_dirlease().
- Rename variable "ls2" to "dirlease".
- Simplify lease epoch tracking by using dirlease.lease_epoch as a counter.
- Add comments.
- Zero out a handle after closing it.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Wed, 12 May 2021 09:24:45 +0000 (11:24 +0200)]
smbd: add option "smb3 directory leases"
By default enabled on non-clustered Samba, disabled on clustered Samba, the
reason being the expected additional load caused by forcing strict rename to be
enabled.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Mon, 21 Oct 2024 10:48:19 +0000 (12:48 +0200)]
libcli/smb: rely on the caller zero-initializing "lease" in smb2_lease_pull()
Doing the zero initialization per struct member just feels like a way for bugs
to creep in, even when leasev1 is not going to change ever. The only caller has
already zero-initialized state->lease twice via 1) __tevent_req_create() and 2)
a struct initializer of "state".
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Wed, 4 Sep 2024 15:58:45 +0000 (17:58 +0200)]
smbd: add contend_dirleases()
Checks for Directory Lease breaks on the parent directory of smb_fname. Gets a
sharemode lock on the locking.tdb record of the directory, hence it mustn't be
called if the caller still has another sharmode lock.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Mon, 4 Nov 2024 17:48:14 +0000 (18:48 +0100)]
smbd: pass lease, if any, to notify_fname()
notify_fname() for NOTIFY_ACTION_DIRLEASE_BREAK will soon need the lease of the
current open and to implement "MS-FSA 2.1.4.12 Algorithm to Check for an Oplock
Break" with flags=PARENT_OBJECT.
No change in behaviour for now, all callers pass lease=NULL;
Also change path arg to struct smb_filename.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Mon, 9 Sep 2024 19:27:45 +0000 (21:27 +0200)]
smbd: trigger notification for file and directory creation will be sent a wee bit later after dropping the sharemode lock
This will be a common pattern in the upcoming code dealing with Directory Lease
breaks: when checking for Directory Lease breaks on the parent directory, we
take the sharemode lock on the parent and hence by then must have dropped the
sharemode lock on the object that performs the Directory Lease break check. That
functionality will be later added to notify_fname().
This means the notification will be sent a wee bit later, but that's something
the change notification protocol has to live with anyway.
For Directory Leases the sequence to check for Directory Lease breaks is to call
MS-FSA 2.1.4.12 "Algorithm to Check for an Oplock Break" with
flags=PARENT_OBJECT at the end of each relevant operation, eg creating a file
asf, when processing of the operation that will call 2.1.4.12 is already
completed.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
projects / thirdparty / samba.git / log
