From 590a86dbe4adf45ac8d15497934e25ea98148034 Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Mon, 23 Oct 2023 14:17:36 +1100 Subject: [PATCH] ctdb-scripts: Track connections for all ports for public IPs Currently TCP ports like NFS lock manager are not tracked. It is easier to track all connections than to add a configuration system to try to track specified ports, so do that. Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke Reviewed-by: Jerry Heyman --- ctdb/config/events/legacy/10.interface.script | 2 +- ctdb/config/functions | 17 ++++++----------- 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/ctdb/config/events/legacy/10.interface.script b/ctdb/config/events/legacy/10.interface.script index 4535bcd4a8b..8d2d6968a1d 100755 --- a/ctdb/config/events/legacy/10.interface.script +++ b/ctdb/config/events/legacy/10.interface.script @@ -244,7 +244,7 @@ ipreallocated) monitor) monitor_interfaces || exit 1 - update_tickles 2049 + update_tickles ;; esac diff --git a/ctdb/config/functions b/ctdb/config/functions index 8fd20cfdb85..ad191ac4468 100755 --- a/ctdb/config/functions +++ b/ctdb/config/functions @@ -1181,8 +1181,6 @@ nfs_callout() update_tickles() { - _port="$1" - tickledir="${CTDB_SCRIPT_VARDIR}/tickles" mkdir -p "$tickledir" @@ -1191,17 +1189,16 @@ update_tickles() return fi - # IPs and port as ss filters + # IPs ss filter _ip_filter="" while read -r _ip; do _ip_filter="${_ip_filter}${_ip_filter:+ || }src [${_ip}]" done <"$CTDB_MY_PUBLIC_IPS_CACHE" - _port_filter="sport == :${_port}" # Record our current tickles in a temporary file - _my_tickles="${tickledir}/${_port}.tickles.$$" + _my_tickles="${tickledir}/all.tickles.$$" while read -r _i; do - $CTDB -X gettickles "$_i" "$_port" | + $CTDB -X gettickles "$_i" | awk -F'|' 'NR > 1 { printf "%s:%s %s:%s\n", $2, $3, $4, $5 }' done <"$CTDB_MY_PUBLIC_IPS_CACHE" | sort >"$_my_tickles" @@ -1210,12 +1207,10 @@ update_tickles() # This temporary file is in CTDB's private state directory and # $$ is used to avoid a very rare race involving CTDB's script # debugging. No security issue, nothing to see here... - _my_connections="${tickledir}/${_port}.connections.$$" - # Parentheses are needed around the filters for precedence but + _my_connections="${tickledir}/all.connections.$$" + # Parentheses are needed around the IP filter for precedence but # the parentheses can't be empty! - ss -tnH state established \ - "${_ip_filter:+( ${_ip_filter} )}" \ - "${_port_filter:+( ${_port_filter} )}" | + ss -tnH state established "${_ip_filter:+( ${_ip_filter} )}" | awk '{print $4, $3}' | sort >"$_my_connections" -- 2.47.3