diff --git a/portblock-remove-write-to-tcp_tw_recycle.patch b/portblock-remove-write-to-tcp_tw_recycle.patch new file mode 100644 index 0000000000000000000000000000000000000000..5e0bb4fa3f908b9ad5a3f5f53a55f7dc56ac3b57 --- /dev/null +++ b/portblock-remove-write-to-tcp_tw_recycle.patch @@ -0,0 +1,56 @@ +From c448ca01367916741662b9e6af54d5d3f189d4fa Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christoph=20B=C3=B6hmwalder?= + +Date: Mon, 25 Mar 2024 15:39:44 +0100 +Subject: [PATCH 1/3] portblock: remove write to tcp_tw_recycle + +Currently, the portblock resource agent enables the +net.ipv4.tcp_tw_recycle option before sending a tickle ACK packet. + +This option is supposed to recycle TCP sockets that are left in the +TIME_WAIT state. On the host that initiates the closing of a TCP +connection, a socket will be left in this state for about 60 seconds +before it finally gets removed (and freed up for further use). This is +by design, and it is generally considered useful. [0] + +The tcp_tw_recycle option is supposed to shorten the time that a socket +spends in the TIME_WAIT state, allowing its slot to be reused more +quickly. + +Unfortunately, there are no hints left by the previous author about the +rationale behind setting this option. One can only guess that they +somehow managed to exhaust the number of TCP sockets during testing, and +setting this option resolved that immediate issue. It is not entirely +clear how this would happen in an actual real-world scenario, since it +would require many switchovers in a relatively short period of time. + +The problem is that this option has been completely broken starting from +Linux 4.10 (since it started randomizing TCP timestamp offsets), and +even before that for NAT connections. + +Finally, the option has been completely removed in Linux 4.12, which now +leads to annoying "No such file or directory" errors whenever the +portblock agent runs on a semi-modern kernel. + +Thus, remove the line enabling the option. + +[0] https://vincent.bernat.ch/en/blog/2014-tcp-time-wait-state-linux +--- + heartbeat/portblock | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/heartbeat/portblock b/heartbeat/portblock +index 7b9f5ca3..e88ecc2a 100755 +--- a/heartbeat/portblock ++++ b/heartbeat/portblock +@@ -328,7 +328,6 @@ save_tcp_connections() + tickle_remote() + { + [ -z "$OCF_RESKEY_tickle_dir" ] && return +- echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle + f=$OCF_RESKEY_tickle_dir/$OCF_RESKEY_ip + [ -r $f ] || return + $TICKLETCP -n 3 < $f +-- +2.25.1 + diff --git a/resource-agents.spec b/resource-agents.spec index 5eb6748ac18436002180358ff8bed328d4a5b899..bbec414d9f07519ac316552caae457693ff1578b 100644 --- a/resource-agents.spec +++ b/resource-agents.spec @@ -1,7 +1,7 @@ Name: resource-agents Summary: Open Source HA Reusable Cluster Resource Scripts Version: 4.13.0 -Release: 14 +Release: 15 License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/resource-agents Source0: https://github.com/ClusterLabs/resource-agents/archive/v%{version}.tar.gz @@ -19,6 +19,7 @@ Patch0010: portblock-accept-numeric-protocol-from-iptables.patch Patch0011: all-agents-remove-S-state-status-that-are-either-ign.patch Patch0012: nfsserver-fix-server-scope-functionality-for-both-po.patch Patch0013: Fix-openstack-info-Ensure-no-newlines-in-openstack.patch +Patch0014: portblock-remove-write-to-tcp_tw_recycle.patch Obsoletes: heartbeat-resources <= %{version} Provides: heartbeat-resources = %{version} BuildRequires: automake autoconf pkgconfig gcc perl-interpreter perl-generators python3-devel @@ -116,6 +117,9 @@ export CFLAGS="$(echo '%{optflags}')" %{_mandir}/man8/{ocf-tester.8*,ldirectord.8*} %changelog +* Wed Apr 10 2024 bixiaoyan - 4.13.0-15 +- portblock: remove write to tcp_tw_recycle + * Wed Apr 10 2024 bixiaoyan - 4.13.0-14 - Fix: openstack-info: Ensure no newlines in openstack_ports