From 8f2b250775615e095ab371f4c4619dfe419b0e73 Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Thu, 19 Sep 2024 13:52:48 +1000 Subject: [PATCH 1/9] ctdb-scripts: Don't list connections when not hosting IPs With an empty IP filter, all incoming connections to port 2049 will be listed, not just those to public IP addresses. This causes error messages like the following to be logged: ctdb-eventd[...]: 60.nfs: Failed to add 1 tickles since the connection being added seems to be for a random NFS mount that doesn't use a public IP addresses. This has been a problem for a long time (probably since commit 04fe9e20749985c71fef1bce7f6e4c439fe11c81 in 2015). It isn't currently a huge deal because it only affects NFS connections. However, this code will soon be used to track connections to public IP addresses on all ports. This would result in a constant stream of log messages, since there will always be some active connections. The theory behind the fix is that if a node hosts no public IPs then it should have no relevant connections and has no business changing the list of registered tickles. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320 RN: Update CTDB to track all TCP connections to public IP addresses Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke Reviewed-by: Jerry Heyman (cherry picked from commit 1a4a6c46f1cdabfea67c264d6576a597a70c3007) --- ctdb/config/functions | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ctdb/config/functions b/ctdb/config/functions index a40b276e2b8..d56dc745c9a 100755 --- a/ctdb/config/functions +++ b/ctdb/config/functions @@ -1104,6 +1104,10 @@ update_tickles() # What public IPs do I hold? _pnn=$(ctdb_get_pnn) _ips=$($CTDB -X ip | awk -F'|' -v pnn="$_pnn" '$3 == pnn {print $2}') + # If not hosting any public IPs then can't have any connections... + if [ -z "$_ips" ]; then + return + fi # IPs and port as ss filters _ip_filter="" -- 2.45.2 From bd00109c4fbb8daba7268d88eef4f887d820b8a9 Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Thu, 19 Sep 2024 14:32:46 +1000 Subject: [PATCH 2/9] ctdb-scripts: update_tickles() should use the public IPs cache This avoids duplicating logic. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320 RN: Update CTDB to track all TCP connections to public IP addresses Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke Reviewed-by: Jerry Heyman (cherry picked from commit b3e2c69ad92c0d20bb10146d2dd6d0d475455298) --- ctdb/config/functions | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/ctdb/config/functions b/ctdb/config/functions index d56dc745c9a..43bae78f2af 100755 --- a/ctdb/config/functions +++ b/ctdb/config/functions @@ -1101,19 +1101,16 @@ update_tickles() tickledir="${CTDB_SCRIPT_VARDIR}/tickles" mkdir -p "$tickledir" - # What public IPs do I hold? - _pnn=$(ctdb_get_pnn) - _ips=$($CTDB -X ip | awk -F'|' -v pnn="$_pnn" '$3 == pnn {print $2}') # If not hosting any public IPs then can't have any connections... - if [ -z "$_ips" ]; then + if [ ! -s "$CTDB_MY_PUBLIC_IPS_CACHE" ]; then return fi # IPs and port as ss filters _ip_filter="" - for _ip in $_ips; do + while read -r _ip; do _ip_filter="${_ip_filter}${_ip_filter:+ || }src [${_ip}]" - done + done <"$CTDB_MY_PUBLIC_IPS_CACHE" _port_filter="sport == :${_port}" # Record connections to our public IPs in a temporary file. @@ -1137,10 +1134,10 @@ update_tickles() # Record our current tickles in a temporary file _my_tickles="${tickledir}/${_port}.tickles.$$" - for _i in $_ips; do + while read -r _i; do $CTDB -X gettickles "$_i" "$_port" | awk -F'|' 'NR > 1 { printf "%s:%s %s:%s\n", $2, $3, $4, $5 }' - done | + done <"$CTDB_MY_PUBLIC_IPS_CACHE" | sort >"$_my_tickles" # Add tickles for connections that we haven't already got tickles for -- 2.45.2 From a2da3d017fe01d9a2ff118d4db8cc3655b252217 Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Mon, 23 Oct 2023 14:23:45 +1100 Subject: [PATCH 3/9] ctdb-scripts: Remove superseded compatibility code Since commit 224e99804efef960ef4ce2ff2f4f6dced1e74146, square brackets have been parsed by daemon and tool code, so drop the compatibility code from here. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320 RN: Update CTDB to track all TCP connections to public IP addresses Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke Reviewed-by: Jerry Heyman (cherry picked from commit 32e4f786601712e57992ce4c8f46e5d38620a5dd) --- ctdb/config/functions | 6 ------ 1 file changed, 6 deletions(-) diff --git a/ctdb/config/functions b/ctdb/config/functions index 43bae78f2af..324c8991000 100755 --- a/ctdb/config/functions +++ b/ctdb/config/functions @@ -1120,16 +1120,10 @@ update_tickles() _my_connections="${tickledir}/${_port}.connections.$$" # Parentheses are needed around the filters for precedence but # the parentheses can't be empty! - # - # Recent versions of ss print square brackets around IPv6 - # addresses. While it is desirable to update CTDB's address - # parsing and printing code, something needs to be done here - # for backward compatibility, so just delete the brackets. ss -tn state established \ "${_ip_filter:+( ${_ip_filter} )}" \ "${_port_filter:+( ${_port_filter} )}" | awk 'NR > 1 {print $4, $3}' | - tr -d '][' | sort >"$_my_connections" # Record our current tickles in a temporary file -- 2.45.2 From 35c2d8ec9de26994206897cdc7fe834a8bb904af Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Mon, 16 Sep 2024 12:26:53 +1000 Subject: [PATCH 4/9] ctdb-scripts: Use ss -H option to simplify This option has been available since ~2018 and has been implemented in the stub since then. I guess we didn't use it because CentOS 7? BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320 RN: Update CTDB to track all TCP connections to public IP addresses Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke Reviewed-by: Jerry Heyman (cherry picked from commit 0505d06b12a04a5c5e813fb3f4799278f9e5b7eb) --- ctdb/config/functions | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ctdb/config/functions b/ctdb/config/functions index 324c8991000..1c097d2065b 100755 --- a/ctdb/config/functions +++ b/ctdb/config/functions @@ -446,7 +446,7 @@ ctdb_check_unix_socket() return 1 fi - _out=$(ss -l -x "src ${_sockpath}" | tail -n +2) + _out=$(ss -l -xH "src ${_sockpath}") if [ -z "$_out" ]; then echo "ERROR: ${service_name} not listening on ${_sockpath}" return 1 @@ -549,7 +549,7 @@ get_tcp_connections_for_ip() { _ip="$1" - ss -tn state established "src [$_ip]" | awk 'NR > 1 {print $3, $4}' + ss -tnH state established "src [$_ip]" | awk '{print $3, $4}' } ######################################################## @@ -1120,10 +1120,10 @@ update_tickles() _my_connections="${tickledir}/${_port}.connections.$$" # Parentheses are needed around the filters for precedence but # the parentheses can't be empty! - ss -tn state established \ + ss -tnH state established \ "${_ip_filter:+( ${_ip_filter} )}" \ "${_port_filter:+( ${_port_filter} )}" | - awk 'NR > 1 {print $4, $3}' | + awk '{print $4, $3}' | sort >"$_my_connections" # Record our current tickles in a temporary file -- 2.45.2 From c5e9bb5aa85dd9bbf0d6948a251c690be5d9f38f Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Mon, 30 Sep 2024 12:22:46 +1000 Subject: [PATCH 5/9] ctdb-server: Clean up connection tracking functions Apply README.Coding, modernise logging, pre-render connection as a string for logging, switch terminology from "tickle" to "connection", tidy up comments. No changes in functionality. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320 RN: Update CTDB to track all TCP connections to public IP addresses Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke Reviewed-by: Jerry Heyman (cherry picked from commit 3c19c8df778070705485b3c993e695ca1636bfa7) --- ctdb/server/ctdb_takeover.c | 108 ++++++++++++++++++++++-------------- 1 file changed, 65 insertions(+), 43 deletions(-) diff --git a/ctdb/server/ctdb_takeover.c b/ctdb/server/ctdb_takeover.c index b622fafd95f..d5dacb5d2c1 100644 --- a/ctdb/server/ctdb_takeover.c +++ b/ctdb/server/ctdb_takeover.c @@ -1503,27 +1503,40 @@ static struct ctdb_connection *ctdb_tcp_find(struct ctdb_tcp_array *array, clients managing that should tickled with an ACK when IP takeover is done */ -int32_t ctdb_control_tcp_add(struct ctdb_context *ctdb, TDB_DATA indata, bool tcp_update_needed) +int32_t ctdb_control_tcp_add(struct ctdb_context *ctdb, + TDB_DATA indata, + bool tcp_update_needed) { struct ctdb_connection *p = (struct ctdb_connection *)indata.dptr; struct ctdb_tcp_array *tcparray; struct ctdb_connection tcp; struct ctdb_vnn *vnn; + char conn_str[132] = { 0, }; + int ret; /* If we don't have public IPs, tickles are useless */ if (ctdb->vnn == NULL) { return 0; } + ret = ctdb_connection_to_buf(conn_str, + sizeof(conn_str), + p, + false, + " -> "); + if (ret != 0) { + strlcpy(conn_str, "UNKNOWN", sizeof(conn_str)); + } + vnn = find_public_ip_vnn(ctdb, &p->dst); if (vnn == NULL) { - DEBUG(DEBUG_INFO,(__location__ " got TCP_ADD control for an address which is not a public address '%s'\n", - ctdb_addr_to_str(&p->dst))); + DBG_INFO("Attempt to add connection %s " + "but destination is not a public address\n", + conn_str); return -1; } - tcparray = vnn->tcp_array; /* If this is the first tickle */ @@ -1533,7 +1546,8 @@ int32_t ctdb_control_tcp_add(struct ctdb_context *ctdb, TDB_DATA indata, bool tc vnn->tcp_array = tcparray; tcparray->num = 0; - tcparray->connections = talloc_size(tcparray, sizeof(struct ctdb_connection)); + tcparray->connections = talloc_size(tcparray, + sizeof(struct ctdb_connection)); CTDB_NO_MEMORY(ctdb, tcparray->connections); tcparray->connections[tcparray->num].src = p->src; @@ -1551,27 +1565,22 @@ int32_t ctdb_control_tcp_add(struct ctdb_context *ctdb, TDB_DATA indata, bool tc tcp.src = p->src; tcp.dst = p->dst; if (ctdb_tcp_find(tcparray, &tcp) != NULL) { - DEBUG(DEBUG_DEBUG,("Already had tickle info for %s:%u for vnn:%u\n", - ctdb_addr_to_str(&tcp.dst), - ntohs(tcp.dst.ip.sin_port), - vnn->pnn)); + DBG_DEBUG("Already had connection %s\n", conn_str); return 0; } /* A new tickle, we must add it to the array */ - tcparray->connections = talloc_realloc(tcparray, tcparray->connections, - struct ctdb_connection, - tcparray->num+1); + tcparray->connections = talloc_realloc(tcparray, + tcparray->connections, + struct ctdb_connection, + tcparray->num + 1); CTDB_NO_MEMORY(ctdb, tcparray->connections); tcparray->connections[tcparray->num].src = p->src; tcparray->connections[tcparray->num].dst = p->dst; tcparray->num++; - DEBUG(DEBUG_INFO,("Added tickle info for %s:%u from vnn %u\n", - ctdb_addr_to_str(&tcp.dst), - ntohs(tcp.dst.ip.sin_port), - vnn->pnn)); + D_INFO("Added connection %s\n", conn_str); if (tcp_update_needed) { vnn->tcp_update_needed = true; @@ -1581,58 +1590,59 @@ int32_t ctdb_control_tcp_add(struct ctdb_context *ctdb, TDB_DATA indata, bool tc } -static void ctdb_remove_connection(struct ctdb_vnn *vnn, struct ctdb_connection *conn) +static void ctdb_remove_connection(struct ctdb_vnn *vnn, + struct ctdb_connection *conn) { struct ctdb_connection *tcpp; + char conn_str[132] = { 0, }; + int ret; if (vnn == NULL) { return; } - /* if the array is empty we can't remove it - and we don't need to do anything - */ + ret = ctdb_connection_to_buf(conn_str, + sizeof(conn_str), + conn, + false, + " -> "); + if (ret != 0) { + strlcpy(conn_str, "UNKNOWN", sizeof(conn_str)); + } + + /* If the array is empty there is nothing to remove */ if (vnn->tcp_array == NULL) { - DEBUG(DEBUG_INFO,("Trying to remove tickle that doesn't exist (array is empty) %s:%u\n", - ctdb_addr_to_str(&conn->dst), - ntohs(conn->dst.ip.sin_port))); + D_INFO("Attempt to remove untracked connection %s (empty)\n", + conn_str); return; } - /* See if we know this connection - if we don't know this connection then we don't need to do anything - */ tcpp = ctdb_tcp_find(vnn->tcp_array, conn); if (tcpp == NULL) { - DEBUG(DEBUG_INFO,("Trying to remove tickle that doesn't exist %s:%u\n", - ctdb_addr_to_str(&conn->dst), - ntohs(conn->dst.ip.sin_port))); + D_INFO("Attempt to remove untracked connection %s\n", conn_str); return; } - /* We need to remove this entry from the array. - Instead of allocating a new array and copying data to it - we cheat and just copy the last entry in the existing array - to the entry that is to be removed and just shring the - ->num field + /* + * We need to remove this entry from the array. Instead of + * allocating a new array and copying data to it, cheat and + * just copy the last entry in the existing array to the entry + * that is to be removed and just shrink the size. */ *tcpp = vnn->tcp_array->connections[vnn->tcp_array->num - 1]; vnn->tcp_array->num--; - /* If we deleted the last entry we also need to remove the entire array - */ + /* Last entry deleted, so remove the entire array */ if (vnn->tcp_array->num == 0) { talloc_free(vnn->tcp_array); vnn->tcp_array = NULL; - } + } vnn->tcp_update_needed = true; - DEBUG(DEBUG_INFO,("Removed tickle info for %s:%u\n", - ctdb_addr_to_str(&conn->src), - ntohs(conn->src.ip.sin_port))); + D_INFO("Removed connection %s\n", conn_str); } @@ -1652,9 +1662,21 @@ int32_t ctdb_control_tcp_remove(struct ctdb_context *ctdb, TDB_DATA indata) vnn = find_public_ip_vnn(ctdb, &conn->dst); if (vnn == NULL) { - DEBUG(DEBUG_ERR, - (__location__ " unable to find public address %s\n", - ctdb_addr_to_str(&conn->dst))); + char conn_str[132] = { 0, }; + int ret; + + ret = ctdb_connection_to_buf(conn_str, + sizeof(conn_str), + conn, + false, + " -> "); + if (ret != 0) { + strlcpy(conn_str, "UNKNOWN", sizeof(conn_str)); + } + + DBG_ERR("Attempt to remove connection %s " + "but destination is not a public address\n", + conn_str); return 0; } -- 2.45.2 From ede87b62de4cca9886ca3b0b0e2a570f7702c47b Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Mon, 30 Sep 2024 12:30:13 +1000 Subject: [PATCH 6/9] ctdb-server: Drop a log message to DEBUG level This is harmless, so it doesn't generally need to be logged. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320 RN: Update CTDB to track all TCP connections to public IP addresses Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke Reviewed-by: Jerry Heyman (cherry picked from commit f4a8f84328c5e692ce63bec05bb71fcb469a3e9c) --- ctdb/server/ctdb_takeover.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ctdb/server/ctdb_takeover.c b/ctdb/server/ctdb_takeover.c index d5dacb5d2c1..7054e0f3844 100644 --- a/ctdb/server/ctdb_takeover.c +++ b/ctdb/server/ctdb_takeover.c @@ -1620,7 +1620,7 @@ static void ctdb_remove_connection(struct ctdb_vnn *vnn, tcpp = ctdb_tcp_find(vnn->tcp_array, conn); if (tcpp == NULL) { - D_INFO("Attempt to remove untracked connection %s\n", conn_str); + D_DEBUG("Attempt to remove untracked connection %s\n", conn_str); return; } -- 2.45.2 From 76d9a275c75b0e12e93e59c7e465dd803f3894eb Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Mon, 23 Oct 2023 14:05:21 +1100 Subject: [PATCH 7/9] ctdb-scripts: Move connection tracking to 10.interface This should really be done for all connections to public IP addresses. Leave the port number there for now - this is just the first step. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320 RN: Update CTDB to track all TCP connections to public IP addresses Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke Reviewed-by: Jerry Heyman (cherry picked from commit 9683bb3ac2bbdf0e83c3be3681f9d1c8ee7cc327) --- ctdb/config/events/legacy/10.interface.script | 2 ++ ctdb/config/events/legacy/60.nfs.script | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ctdb/config/events/legacy/10.interface.script b/ctdb/config/events/legacy/10.interface.script index fead88c014f..b02f94d05c2 100755 --- a/ctdb/config/events/legacy/10.interface.script +++ b/ctdb/config/events/legacy/10.interface.script @@ -256,6 +256,8 @@ updateip) monitor) monitor_interfaces || exit 1 + + update_tickles 2049 ;; esac diff --git a/ctdb/config/events/legacy/60.nfs.script b/ctdb/config/events/legacy/60.nfs.script index b7ae0746be5..d7d30229172 100755 --- a/ctdb/config/events/legacy/60.nfs.script +++ b/ctdb/config/events/legacy/60.nfs.script @@ -289,7 +289,6 @@ monitor) exit $? fi - update_tickles 2049 nfs_update_lock_info nfs_check_services -- 2.45.2 From ff390442ed65f86fa44dfa2589b80ead69912882 Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Mon, 30 Sep 2024 10:50:00 +1000 Subject: [PATCH 8/9] ctdb-scripts: Get connections after tickle list Running ss to get current connections before running ctdb gettickles means the ss output might be out of date when the 2 lists are compared. Some tickles might have been added after ss was run by some other means (e.g. SMB tickles, added internally) and they would be deleted according to the stale ss output. This isn't currently a problem because update_tickles() is currently only called with port 2049, so all tickles are managed by this code. That will change in a subsequent commit. Changing the order means the reverse problem can occur, where update_tickles() attempts to delete an already deleted tickle. That may happen occasionally but is harmless because it doesn't result in missing information. It (currently) just causes a message to be logged at DEBUG level. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320 RN: Update CTDB to track all TCP connections to public IP addresses Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke Reviewed-by: Jerry Heyman (cherry picked from commit c3695722b6316b624aa6c44cad4f44279303d1b1) --- ctdb/config/functions | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/ctdb/config/functions b/ctdb/config/functions index 1c097d2065b..7d3eb9bb126 100755 --- a/ctdb/config/functions +++ b/ctdb/config/functions @@ -1113,6 +1113,14 @@ update_tickles() done <"$CTDB_MY_PUBLIC_IPS_CACHE" _port_filter="sport == :${_port}" + # Record our current tickles in a temporary file + _my_tickles="${tickledir}/${_port}.tickles.$$" + while read -r _i; do + $CTDB -X gettickles "$_i" "$_port" | + awk -F'|' 'NR > 1 { printf "%s:%s %s:%s\n", $2, $3, $4, $5 }' + done <"$CTDB_MY_PUBLIC_IPS_CACHE" | + sort >"$_my_tickles" + # Record connections to our public IPs in a temporary file. # This temporary file is in CTDB's private state directory and # $$ is used to avoid a very rare race involving CTDB's script @@ -1126,14 +1134,6 @@ update_tickles() awk '{print $4, $3}' | sort >"$_my_connections" - # Record our current tickles in a temporary file - _my_tickles="${tickledir}/${_port}.tickles.$$" - while read -r _i; do - $CTDB -X gettickles "$_i" "$_port" | - awk -F'|' 'NR > 1 { printf "%s:%s %s:%s\n", $2, $3, $4, $5 }' - done <"$CTDB_MY_PUBLIC_IPS_CACHE" | - sort >"$_my_tickles" - # Add tickles for connections that we haven't already got tickles for comm -23 "$_my_connections" "$_my_tickles" | $CTDB addtickle -- 2.45.2 From 74dbb9a17da515130ddec7b3bdc67ff12212f085 Mon Sep 17 00:00:00 2001 From: Martin Schwenke Date: Mon, 23 Oct 2023 14:17:36 +1100 Subject: [PATCH 9/9] ctdb-scripts: Track connections for all ports for public IPs Currently TCP ports like NFS lock manager are not tracked. It is easier to track all connections than to add a configuration system to try to track specified ports, so do that. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15320 RN: Update CTDB to track all TCP connections to public IP addresses Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke Reviewed-by: Jerry Heyman (cherry picked from commit 590a86dbe4adf45ac8d15497934e25ea98148034) --- ctdb/config/events/legacy/10.interface.script | 2 +- ctdb/config/functions | 17 ++++++----------- 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/ctdb/config/events/legacy/10.interface.script b/ctdb/config/events/legacy/10.interface.script index b02f94d05c2..4346b9e15d6 100755 --- a/ctdb/config/events/legacy/10.interface.script +++ b/ctdb/config/events/legacy/10.interface.script @@ -257,7 +257,7 @@ updateip) monitor) monitor_interfaces || exit 1 - update_tickles 2049 + update_tickles ;; esac diff --git a/ctdb/config/functions b/ctdb/config/functions index 7d3eb9bb126..45d4f3d8580 100755 --- a/ctdb/config/functions +++ b/ctdb/config/functions @@ -1096,8 +1096,6 @@ nfs_callout() update_tickles() { - _port="$1" - tickledir="${CTDB_SCRIPT_VARDIR}/tickles" mkdir -p "$tickledir" @@ -1106,17 +1104,16 @@ update_tickles() return fi - # IPs and port as ss filters + # IPs ss filter _ip_filter="" while read -r _ip; do _ip_filter="${_ip_filter}${_ip_filter:+ || }src [${_ip}]" done <"$CTDB_MY_PUBLIC_IPS_CACHE" - _port_filter="sport == :${_port}" # Record our current tickles in a temporary file - _my_tickles="${tickledir}/${_port}.tickles.$$" + _my_tickles="${tickledir}/all.tickles.$$" while read -r _i; do - $CTDB -X gettickles "$_i" "$_port" | + $CTDB -X gettickles "$_i" | awk -F'|' 'NR > 1 { printf "%s:%s %s:%s\n", $2, $3, $4, $5 }' done <"$CTDB_MY_PUBLIC_IPS_CACHE" | sort >"$_my_tickles" @@ -1125,12 +1122,10 @@ update_tickles() # This temporary file is in CTDB's private state directory and # $$ is used to avoid a very rare race involving CTDB's script # debugging. No security issue, nothing to see here... - _my_connections="${tickledir}/${_port}.connections.$$" - # Parentheses are needed around the filters for precedence but + _my_connections="${tickledir}/all.connections.$$" + # Parentheses are needed around the IP filter for precedence but # the parentheses can't be empty! - ss -tnH state established \ - "${_ip_filter:+( ${_ip_filter} )}" \ - "${_port_filter:+( ${_port_filter} )}" | + ss -tnH state established "${_ip_filter:+( ${_ip_filter} )}" | awk '{print $4, $3}' | sort >"$_my_connections" -- 2.45.2