search for: ctdb_killtcp

...ions. That numbers match > (230+164=394). But in the remaining list there are indeed 93 IPs that > are not contained in the sending list. This means the problem must be one of 2 things: 1. The left over connections are new connections and iptables is not blocking incoming connections 2. ctdb_killtcp is not terminating all connections. > > * If not, then the block_ip part isn't working (and you would expect to > > see errors from iptables) because they are new connections. > > I have not seen any errors from iptables. > So, I think it is (2). :-) The problem s...

...any errors from iptables. > * If there has been an attempt to RST the connections then I'm > interested to know if the public address is on an ordinary ethernet > interface. We are using two teaming-Interfaces (one for each LAN). Each team-Interface has 2x10Gbit LACP. > ctdb_killtcp has been very well tested. In the function that calls > ctdb_killtcp, you could add CTDB_DEBUGLEVEL=DEBUG to the ctdb_killtcp > call, like this: > CTDB_DEBUGLEVEL=DEBUG "${CTDB_HELPER_BINDIR}/ctdb_killtcp" "$_iface" > || { I have done that already. It is no...

...e) showed 405 of > those "Sending a TCP RST" lines in a row which is more than the > reported 394. > This output is coming from the releaseip section in > /etc/ctdb/events/legacy/10.interface, which calls > kill_tcp_connections (in /etc/ctdb/functions) which calls the > ctdb_killtcp utility to actually kill the connections. This happens > inside a block_ip/unblock_ip guard that temporarily sets up a > firewall rule to drop all incoming packages for the ip (x.x.253.252 > in this case). > > Obviously the tool fails to be 100% successful. The main aim of this cod...

...fortunately do not have anymore) showed 405 of those "Sending a TCP RST" lines in a row which is more than the reported 394. This output is coming from the releaseip section in /etc/ctdb/events/legacy/10.interface, which calls kill_tcp_connections (in /etc/ctdb/functions) which calls the ctdb_killtcp utility to actually kill the connections. This happens inside a block_ip/unblock_ip guard that temporarily sets up a firewall rule to drop all incoming packages for the ip (x.x.253.252 in this case). Obviously the tool fails to be 100% successful. I am wondering about possible reasons for ctdb no...

Martin Schwenke schrieb am 01.03.2023 23:53: > Not perfect, but better... Yes, I am quite happy with the ctdb_killtcp. > For ctdb_killtcp, when it was basically rewritten, we considered adding > options for max_attempts, but decided to see if it was foolproof. We > could now add those options. Patches welcome too... I'll have a look. > MonitorTimeoutCount defaults to 20 but can also be chang...

...finally debugged this (definitely finding at least 1 important bug) and modified it to just register all TCP connections to public IP addresses (instead of using a configuration variable to specify relevant ports), so this moves to 10.interface. In this old thread, we also discussed problems with ctdb_killtcp. The patch series containing the above change also adds a script option to enable use of "ss -K" for resetting TCP connections to a public IP address. These changes should be in the next version of Samba/CTDB. peace & happiness, martin

...emory corruption since samba-4.18, ???? impacts sendmail, zabbix, potentially more. o? MikeLiu <mikeliu at qnap.com> ?? * BUG 15453: File doesn't show when user doesn't have permission if ???? aio_pthread is loaded. o? Martin Schwenke <mschwenke at ddn.com> ?? * BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap ? ???? 1.9.1. o? Joseph Sutton <josephsutton at catalyst.net.nz> ?? * BUG 15476: The KDC in 4.18 (and older) is not able to accept tickets with ???? empty claims pac blobs (from Samba 4.19 or Windows). ?? * BUG 15477: The heimdal KDC doesn...

...emory corruption since samba-4.18, ???? impacts sendmail, zabbix, potentially more. o? MikeLiu <mikeliu at qnap.com> ?? * BUG 15453: File doesn't show when user doesn't have permission if ???? aio_pthread is loaded. o? Martin Schwenke <mschwenke at ddn.com> ?? * BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap ? ???? 1.9.1. o? Joseph Sutton <josephsutton at catalyst.net.nz> ?? * BUG 15476: The KDC in 4.18 (and older) is not able to accept tickets with ???? empty claims pac blobs (from Samba 4.19 or Windows). ?? * BUG 15477: The heimdal KDC doesn...

...fied realm) fails ?? * BUG 15435: Regression DFS not working with widelinks = true. o? Arvid Requate <requate at univention.de> ?? * BUG 9959: Windows client join fails if a second container CN=System exists ??? somewhere. o? Martin Schwenke <mschwenke at ddn.com> ?? * BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap ? ???? 1.9.1. o? Jones Syue <jonessyue at qnap.com> ?? * BUG 15441: samba-tool ntacl get segfault if aio_pthread appended. ?? * BUG 15449: mdssvc: Do an early talloc_free() in _mdssvc_open(). ####################################### Reporting...

...fied realm) fails ?? * BUG 15435: Regression DFS not working with widelinks = true. o? Arvid Requate <requate at univention.de> ?? * BUG 9959: Windows client join fails if a second container CN=System exists ??? somewhere. o? Martin Schwenke <mschwenke at ddn.com> ?? * BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap ? ???? 1.9.1. o? Jones Syue <jonessyue at qnap.com> ?? * BUG 15441: samba-tool ntacl get segfault if aio_pthread appended. ?? * BUG 15449: mdssvc: Do an early talloc_free() in _mdssvc_open(). ####################################### Reporting...

...e cache size?????????????? Removed CHANGES SINCE 4.19.0rc4 ======================= o? MikeLiu <mikeliu at qnap.com> ?? * BUG 15453: File doesn't show when user doesn't have permission if ???? aio_pthread is loaded. o? Martin Schwenke <mschwenke at ddn.com> ?? * BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap ? ???? 1.9.1. CHANGES SINCE 4.19.0rc3 ======================= o? Martin Schwenke <mschwenke at ddn.com> ?? * BUG 15460: Logging to stdout/stderr with DEBUG_SYSLOG_FORMAT_ALWAYS can log ???? to syslog. o? Joseph Sutton <josephsutton at ca...

...e cache size?????????????? Removed CHANGES SINCE 4.19.0rc4 ======================= o? MikeLiu <mikeliu at qnap.com> ?? * BUG 15453: File doesn't show when user doesn't have permission if ???? aio_pthread is loaded. o? Martin Schwenke <mschwenke at ddn.com> ?? * BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap ? ???? 1.9.1. CHANGES SINCE 4.19.0rc3 ======================= o? Martin Schwenke <mschwenke at ddn.com> ?? * BUG 15460: Logging to stdout/stderr with DEBUG_SYSLOG_FORMAT_ALWAYS can log ???? to syslog. o? Joseph Sutton <josephsutton at ca...