From 4c97210ea5a33d0de12dc422836b7fe99198fcea Mon Sep 17 00:00:00 2001 From: Alfonso Escribano Date: Thu, 25 Sep 2025 11:02:10 +0200 Subject: [PATCH 1/4] Adding support to kill dangling ip connections before and after deleting an ip address --- heartbeat/IPaddr2 | 49 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 index 230ac853c..4031da02b 100755 --- a/heartbeat/IPaddr2 +++ b/heartbeat/IPaddr2 @@ -93,6 +93,7 @@ OCF_RESKEY_noprefixroute_default="false" OCF_RESKEY_preferred_lft_default="forever" OCF_RESKEY_network_namespace_default="" OCF_RESKEY_check_link_status_default="true" +OCF_RESKEY_kill_connections_on_stop_default="false" # RHEL specific defaults if is_redhat_based; then @@ -130,6 +131,7 @@ fi : ${OCF_RESKEY_preferred_lft=${OCF_RESKEY_preferred_lft_default}} : ${OCF_RESKEY_network_namespace=${OCF_RESKEY_network_namespace_default}} : ${OCF_RESKEY_check_link_status=${OCF_RESKEY_check_link_status_default}} +: ${OCF_RESKEY_kill_connections_on_stop=${OCF_RESKEY_kill_connections_on_stop_default}} ####################################################################### @@ -471,6 +473,14 @@ Consider the resource failed if the interface has status DOWN or LOWERLAYERDOWN. Consider the resource failed if the interface has status DOWN or LOWERLAYERDOWN + + + +Kill connections using 'ss -K src IP' before deleteing interface + +Kill connections before remove ip + + @@ -666,6 +676,37 @@ find_interface() { return 0 } +# +# Kill dangling ip connections +# +kill_ip_connections() { + local ss_output="" + local ss_line="" + local ss_out_loglevel="info" + + local ipaddr="$1" + + check_binary ss + + CMD="ss -Knp src $ipaddr" + + ocf_log info "Calling $CMD" + + ss_output=`$CMD 2>&1` + RC=$? + + if [ $RC -ne 0 ]; then + ocf_log warn "Command $CMD failed (rc = ${THE_RC})" + ss_out_loglevel="error" + fi + [ -n "$ss_output" ] && echo "$ss_output" | while read ss_line; + do + ocf_log $ss_out_loglevel "$ss_line" + done + + return $OCF_SUCCESS +} + # # Delete an interface # @@ -1206,6 +1247,11 @@ ip_stop() { exit $OCF_SUCCESS fi + if ocf_is_true ${OCF_RESKEY_kill_connections_on_stop}; then + kill_ip_connections $OCF_RESKEY_ip + fi + + if [ -n "$IP_CIP" ] && [ $ip_status != "partial2" ]; then if [ $ip_status = "partial" ]; then exit $OCF_SUCCESS @@ -1240,6 +1286,9 @@ ip_stop() { restore_loopback "$OCF_RESKEY_ip" fi fi + if ocf_is_true ${OCF_RESKEY_kill_connections_on_stop}; then + kill_ip_connections $OCF_RESKEY_ip + fi exit $OCF_SUCCESS } From 77d1b36fda6eef3d97e24c8507214baf86e57fde Mon Sep 17 00:00:00 2001 From: Alfonso Escribano Date: Thu, 25 Sep 2025 11:47:20 +0200 Subject: [PATCH 2/4] Changes done as per PR#2076 feedback --- heartbeat/IPaddr2 | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 index 4031da02b..1214a910c 100755 --- a/heartbeat/IPaddr2 +++ b/heartbeat/IPaddr2 @@ -476,7 +476,7 @@ Consider the resource failed if the interface has status DOWN or LOWERLAYERDOWN. -Kill connections using 'ss -K src IP' before deleteing interface +Kill connections using 'ss -K src IP' before and after deleting interface Kill connections before remove ip @@ -680,29 +680,26 @@ find_interface() { # Kill dangling ip connections # kill_ip_connections() { - local ss_output="" - local ss_line="" - local ss_out_loglevel="info" + local ss_output + + ipaddr="$1" - local ipaddr="$1" check_binary ss - CMD="ss -Knp src $ipaddr" + cmd="ss -Knp src $ipaddr" - ocf_log info "Calling $CMD" + ocf_log info "Calling $cmd" - ss_output=`$CMD 2>&1` - RC=$? + ss_output=`$cmd 2>&1` + rc=$? - if [ $RC -ne 0 ]; then - ocf_log warn "Command $CMD failed (rc = ${THE_RC})" - ss_out_loglevel="error" - fi - [ -n "$ss_output" ] && echo "$ss_output" | while read ss_line; - do - ocf_log $ss_out_loglevel "$ss_line" - done + if [ $rc -ne 0 ]; then + ocf_log warn "Command $cmd failed (rc = $rc)" + ocf_log error "ss_output" + else + ocf_log info "ss_output" + fi return $OCF_SUCCESS } From 94fb1242ce5ad9c6a8c2e781dc21ec2fe1a4e633 Mon Sep 17 00:00:00 2001 From: Alfonso Escribano Date: Thu, 25 Sep 2025 12:49:46 +0200 Subject: [PATCH 3/4] Changes done as per PR#2076 feedback Also fix ss_output variable missing '$' --- heartbeat/IPaddr2 | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 index 1214a910c..188acae2d 100755 --- a/heartbeat/IPaddr2 +++ b/heartbeat/IPaddr2 @@ -680,10 +680,7 @@ find_interface() { # Kill dangling ip connections # kill_ip_connections() { - local ss_output - - ipaddr="$1" - + local ss_output ipaddr="$1" check_binary ss @@ -696,9 +693,9 @@ kill_ip_connections() { if [ $rc -ne 0 ]; then ocf_log warn "Command $cmd failed (rc = $rc)" - ocf_log error "ss_output" - else - ocf_log info "ss_output" + ocf_log error "$ss_output" + else + ocf_log info "$ss_output" fi return $OCF_SUCCESS From 08e033af9f664dae0517de9044ef6323b76ace37 Mon Sep 17 00:00:00 2001 From: Alfonso Escribano Date: Thu, 25 Sep 2025 12:52:55 +0200 Subject: [PATCH 4/4] Fix fi identation --- heartbeat/IPaddr2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 index 188acae2d..acf894231 100755 --- a/heartbeat/IPaddr2 +++ b/heartbeat/IPaddr2 @@ -696,7 +696,7 @@ kill_ip_connections() { ocf_log error "$ss_output" else ocf_log info "$ss_output" - fi + fi return $OCF_SUCCESS }