[SCM] Samba Shared Repository - branch master updated
Martin Schwenke
martins at samba.org
Thu May 26 09:43:04 UTC 2016
The branch, master has been updated
via 4db5711 ctdb-common: Use correct macro for checking Ethernet hardware family
via b6e7548 ctdb-tests: Make sure empty override values are properly quoted
via cec2c9f ctdb-tests: Allow local daemons to be run under valgrind
via 6cc4f78 ctdb-scripts: Simplify ip_maskbits_iface()
via a412f21 ctdb-tests: Drop no-op functions and add an ip6tables stub
via d78bf2e ctdb-scripts: Rename get_iface_ip_maskbits_family() to get_iface_ip_maskbits()
via b4878cf ctdb-scripts: New functions ip_block() and ip_unblock()
from 1fd7c28 Extend DsBind and DsGetDomainControllerInfo to work with w2k8.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4db57114940021f417f2694c09553a0dd60fab5a
Author: Martin Schwenke <martin at meltin.net>
Date: Thu May 19 16:22:36 2016 +1000
ctdb-common: Use correct macro for checking Ethernet hardware family
Both of these expand to 1. However, AF_LOCAL is a Unix domain socket,
which makes no sense when reading the code.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Thu May 26 11:42:46 CEST 2016 on sn-devel-144
commit b6e75487ef1038ba4debcaac32572fcf55695efb
Author: Martin Schwenke <martin at meltin.net>
Date: Sat May 14 07:13:41 2016 +1000
ctdb-tests: Make sure empty override values are properly quoted
With an empty value the first expression adds a trailing opening
quote, so the second expression doesn't add the closing quote. Handle
this with a special case.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit cec2c9f36c518561980c77623c707f476c5dd04a
Author: Martin Schwenke <martin at meltin.net>
Date: Wed May 4 14:47:54 2016 +1000
ctdb-tests: Allow local daemons to be run under valgrind
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit 6cc4f78891ce3caa4cacbf665fdcb88aa44356d3
Author: Martin Schwenke <martin at meltin.net>
Date: Sat May 14 01:06:38 2016 +1000
ctdb-scripts: Simplify ip_maskbits_iface()
This doesn't need to print the family. Nothing uses it.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit a412f21d4bd0434c1f6af2f9277d02c180f381b3
Author: Martin Schwenke <martin at meltin.net>
Date: Sat May 14 01:01:48 2016 +1000
ctdb-tests: Drop no-op functions and add an ip6tables stub
Stub scripts are more obvious. rc.local should only be used when
strictly necessary.
iptables_wrapper doesn't need to be no-op-ed, provided flock is
installed.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit d78bf2ed3ed8022727824b21c41d44c2d30e574d
Author: Martin Schwenke <martin at meltin.net>
Date: Fri May 13 20:24:52 2016 +1000
ctdb-scripts: Rename get_iface_ip_maskbits_family() to get_iface_ip_maskbits()
The family is not needed.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit b4878cfc4deba1da5f205bf8f7c5bee05ee380ba
Author: Martin Schwenke <martin at meltin.net>
Date: Fri May 13 19:43:05 2016 +1000
ctdb-scripts: New functions ip_block() and ip_unblock()
Block and unblock IP addresses using these new functions. This makes
the code more readable.
The case statement in each function is very cheap, so there is no need
to prematurely optimise and pass the family.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
-----------------------------------------------------------------------
Summary of changes:
ctdb/common/system_linux.c | 4 +-
ctdb/config/events.d/10.interface | 74 ++++++++++++++--------
ctdb/config/functions | 9 ++-
ctdb/tests/eventscripts/etc-ctdb/rc.local | 5 --
.../eventscripts/stubs/{iptables => ip6tables} | 0
ctdb/tests/simple/scripts/local_daemons.bash | 6 +-
6 files changed, 57 insertions(+), 41 deletions(-)
copy ctdb/tests/eventscripts/stubs/{iptables => ip6tables} (100%)
Changeset truncated at 500 lines:
diff --git a/ctdb/common/system_linux.c b/ctdb/common/system_linux.c
index f8c7932..2dca174 100644
--- a/ctdb/common/system_linux.c
+++ b/ctdb/common/system_linux.c
@@ -127,7 +127,7 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface)
close(s);
return 0;
}
- if (if_hwaddr.ifr_hwaddr.sa_family != AF_LOCAL) {
+ if (if_hwaddr.ifr_hwaddr.sa_family != ARPHRD_ETHER) {
close(s);
errno = EINVAL;
DEBUG(DEBUG_CRIT,(__location__ " not an ethernet address family (0x%x)\n",
@@ -221,7 +221,7 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface)
close(s);
return 0;
}
- if (if_hwaddr.ifr_hwaddr.sa_family != AF_LOCAL) {
+ if (if_hwaddr.ifr_hwaddr.sa_family != ARPHRD_ETHER) {
close(s);
errno = EINVAL;
DEBUG(DEBUG_CRIT,(__location__ " not an ethernet address family (0x%x)\n",
diff --git a/ctdb/config/events.d/10.interface b/ctdb/config/events.d/10.interface
index f65dd5e..bdb9443 100755
--- a/ctdb/config/events.d/10.interface
+++ b/ctdb/config/events.d/10.interface
@@ -74,8 +74,8 @@ monitor_interfaces()
return 0
}
-# Sets: iface, ip, maskbits, family
-get_iface_ip_maskbits_family ()
+# Sets: iface, ip, maskbits
+get_iface_ip_maskbits ()
{
_iface_in="$1"
ip="$2"
@@ -85,7 +85,6 @@ get_iface_ip_maskbits_family ()
if [ -n "$1" ] ; then
maskbits="$1"
iface="$2"
- family="$3"
if [ "$iface" != "$_iface_in" ] ; then
printf \
@@ -102,6 +101,37 @@ get_iface_ip_maskbits_family ()
fi
}
+ip_block ()
+{
+ _ip="$1"
+ _iface="$2"
+
+ case "$_ip" in
+ *:*) _family="inet6" ;;
+ *) _family="inet" ;;
+ esac
+
+ # Extra delete copes with previously killed script
+ iptables_wrapper "$_family" \
+ -D INPUT -i "$_iface" -d "$_ip" -j DROP 2>/dev/null
+ iptables_wrapper "$_family" \
+ -I INPUT -i "$_iface" -d "$_ip" -j DROP
+}
+
+ip_unblock ()
+{
+ _ip="$1"
+ _iface="$2"
+
+ case "$_ip" in
+ *:*) _family="inet6" ;;
+ *) _family="inet" ;;
+ esac
+
+ iptables_wrapper "$_family" \
+ -D INPUT -i "$_iface" -d "$_ip" -j DROP 2>/dev/null
+}
+
ctdb_check_args "$@"
case "$1" in
@@ -134,12 +164,8 @@ case "$1" in
exit 1;
}
- # cope with the script being killed while we have the interface blocked
- case "$ip" in
- *:*) family="inet6" ;;
- *) family="inet" ;;
- esac
- iptables_wrapper $family -D INPUT -i $iface -d $ip -j DROP 2> /dev/null
+ # In case a previous "releaseip" for this IP was killed...
+ ip_unblock "$ip" "$iface"
flush_route_cache
;;
@@ -149,27 +175,25 @@ case "$1" in
# is released, any open tcp connections to that IP on this host will end
# up being stuck. Some of them (such as NFS connections) will be unkillable
# so we need to use the killtcp ctdb function to kill them off. We also
- # need to make sure that no new connections get established while we are
+ # need to make sure that no new connections get established while we are
# doing this! So what we do is this:
# 1) firewall this IP, so no new external packets arrive for it
- # 2) use netstat -tn to find existing connections, and kill them
+ # 2) find existing connections, and kill them
# 3) remove the IP from the interface
# 4) remove the firewall rule
shift
- get_iface_ip_maskbits_family "$@"
+ get_iface_ip_maskbits "$@"
+
+ ip_block "$ip" "$iface"
- # we do an extra delete to cope with the script being killed
- iptables_wrapper $family -D INPUT -i $iface -d $ip -j DROP 2> /dev/null
- iptables_wrapper $family -I INPUT -i $iface -d $ip -j DROP
kill_tcp_connections "$iface" "$ip"
delete_ip_from_iface $iface $ip $maskbits || {
- iptables_wrapper $family \
- -D INPUT -i $iface -d $ip -j DROP 2> /dev/null
+ ip_unblock "$ip" "$iface"
exit 1
}
- iptables_wrapper $family -D INPUT -i $iface -d $ip -j DROP 2> /dev/null
+ ip_unblock "$ip" "$iface"
flush_route_cache
;;
@@ -191,24 +215,20 @@ case "$1" in
_ip=$4
_maskbits=$5
- get_iface_ip_maskbits_family "$_oiface" "$_ip" "$_maskbits"
+ get_iface_ip_maskbits "$_oiface" "$_ip" "$_maskbits"
oiface="$iface"
- # we do an extra delete to cope with the script being killed
- iptables_wrapper $family -D INPUT -i $oiface -d $ip -j DROP 2> /dev/null
- iptables_wrapper $family -I INPUT -i $oiface -d $ip -j DROP
+ ip_block "$ip" "$oiface"
delete_ip_from_iface $oiface $ip $maskbits 2>/dev/null
delete_ip_from_iface $niface $ip $maskbits 2>/dev/null
add_ip_to_iface $niface $ip $maskbits || {
- iptables_wrapper $family \
- -D INPUT -i $oiface -d $ip -j DROP 2> /dev/null
- exit 1
+ ip_unblock "$ip" "$oiface"
+ exit 1
}
- # cope with the script being killed while we have the interface blocked
- iptables_wrapper $family -D INPUT -i $oiface -d $ip -j DROP 2> /dev/null
+ ip_unblock "$ip" "$oiface"
flush_route_cache
diff --git a/ctdb/config/functions b/ctdb/config/functions
index c1316bd..33efa51 100755
--- a/ctdb/config/functions
+++ b/ctdb/config/functions
@@ -608,16 +608,15 @@ ip_maskbits_iface ()
_addr="$1"
case "$_addr" in
- *:*) _family="inet6" ; _bits=128 ;;
- *) _family="inet" ; _bits=32 ;;
+ *:*) _bits=128 ;;
+ *) _bits=32 ;;
esac
ip addr show to "${_addr}/${_bits}" 2>/dev/null | \
- awk -v family="${_family}" \
- 'NR == 1 { iface = $2; sub(":$", "", iface) ; \
+ awk 'NR == 1 { iface = $2; sub(":$", "", iface) ; \
sub("@.*", "", iface) } \
$1 ~ /inet/ { mask = $2; sub(".*/", "", mask); \
- print mask, iface, family }'
+ print mask, iface }'
}
drop_ip ()
diff --git a/ctdb/tests/eventscripts/etc-ctdb/rc.local b/ctdb/tests/eventscripts/etc-ctdb/rc.local
index 0932ab4..3a55e53 100755
--- a/ctdb/tests/eventscripts/etc-ctdb/rc.local
+++ b/ctdb/tests/eventscripts/etc-ctdb/rc.local
@@ -52,11 +52,6 @@ get_proc ()
esac
}
-# Always succeed
-iptables () { : ; }
-ip6tables () { : ; }
-iptables_wrapper () { : ; }
-
# Do not actually background - we want to see the output
background_with_logging ()
{
diff --git a/ctdb/tests/eventscripts/stubs/iptables b/ctdb/tests/eventscripts/stubs/ip6tables
similarity index 100%
copy from ctdb/tests/eventscripts/stubs/iptables
copy to ctdb/tests/eventscripts/stubs/ip6tables
diff --git a/ctdb/tests/simple/scripts/local_daemons.bash b/ctdb/tests/simple/scripts/local_daemons.bash
index 1f7207e..fc0e47d 100644
--- a/ctdb/tests/simple/scripts/local_daemons.bash
+++ b/ctdb/tests/simple/scripts/local_daemons.bash
@@ -133,11 +133,13 @@ EOF
# Override from the environment. This would be easier if env was
# guaranteed to quote its output so it could be reused.
- env | grep '^CTDB_' | sed -e 's@=\([^"]\)@="\1@' -e 's@[^"]$@&"@' >>"$conf"
+ env |
+ grep '^CTDB_' |
+ sed -e 's@=\([^"]\)@="\1@' -e 's@[^"]$@&"@' -e 's@="$@&"@' >>"$conf"
# We'll use "pkill -f" to kill the daemons with
# "ctdbd --sloppy-start --nopublicipcheck --nosetsched" as context.
- CTDBD="ctdbd --sloppy-start --nopublicipcheck --nosetsched" \
+ CTDBD="${VALGRIND} ctdbd --sloppy-start --nopublicipcheck --nosetsched" \
CTDBD_CONF="$conf" \
ctdbd_wrapper "$pidfile" start
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list