[PATCH] ctdb-takeover: Do not call ctdb_announce_vnn_iface() for updateip

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[PATCH] ctdb-takeover: Do not call ctdb_announce_vnn_iface() for updateip

Samba - samba-technical mailing list
[I came across this when auditing code during my (unfinished)
 connection tracking rewrite.]

This causes any tracked connections for the IP address to be lost.

When doing a takeip, the server sends a tickle ACK to the client, the
client responds with a valid ACK and the server's TCP stack responds
with a reset because the connection does not exist.  However, in the
updateip, case the connection *does* exist, so the tickle *does not*
cause the connection to be reset.

ctdb_announce_vnn_iface() clears the list of tracked TCP connections
while sending the tickle ACKs.  So, if there are no reconnects as in
the takeip case, then the list of connections is simply lost.

The "updateip" event in the 10.interface event script already sends
gratuitous ARPs and tickles connections in both directions.  This
ensures that traffic continues after packets may have been dropped
when the script temporarily blocks traffic to the IP address.

All of this means that the call to ctdb_announce_vnn_iface() can just
be deleted.

Please review and maybe push...

peace & happiness,
martin

0001-ctdb-takeover-Do-not-call-ctdb_announce_vnn_iface-fo.patch (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [PATCH] ctdb-takeover: Do not call ctdb_announce_vnn_iface() for updateip

Samba - samba-technical mailing list
On Wed, Aug 9, 2017 at 4:55 PM, Martin Schwenke via samba-technical <
[hidden email]> wrote:

> [I came across this when auditing code during my (unfinished)
>  connection tracking rewrite.]
>
> This causes any tracked connections for the IP address to be lost.
>
> When doing a takeip, the server sends a tickle ACK to the client, the
> client responds with a valid ACK and the server's TCP stack responds
> with a reset because the connection does not exist.  However, in the
> updateip, case the connection *does* exist, so the tickle *does not*
> cause the connection to be reset.
>
> ctdb_announce_vnn_iface() clears the list of tracked TCP connections
> while sending the tickle ACKs.  So, if there are no reconnects as in
> the takeip case, then the list of connections is simply lost.
>
> The "updateip" event in the 10.interface event script already sends
> gratuitous ARPs and tickles connections in both directions.  This
> ensures that traffic continues after packets may have been dropped
> when the script temporarily blocks traffic to the IP address.
>
> All of this means that the call to ctdb_announce_vnn_iface() can just
> be deleted.
>
> Please review and maybe push...
>
> peace & happiness,
> martin
>

Pushed to autobuild.

Amitay.
Loading...