resource-agents/portblock-remove-write-to-tcp_tw_recycle.patch

From c448ca01367916741662b9e6af54d5d3f189d4fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christoph=20B=C3=B6hmwalder?=
 <christoph.boehmwalder@linbit.com>
Date: Mon, 25 Mar 2024 15:39:44 +0100
Subject: [PATCH 1/3] portblock: remove write to tcp_tw_recycle

Currently, the portblock resource agent enables the
net.ipv4.tcp_tw_recycle option before sending a tickle ACK packet.

This option is supposed to recycle TCP sockets that are left in the
TIME_WAIT state. On the host that initiates the closing of a TCP
connection, a socket will be left in this state for about 60 seconds
before it finally gets removed (and freed up for further use). This is
by design, and it is generally considered useful. [0]

The tcp_tw_recycle option is supposed to shorten the time that a socket
spends in the TIME_WAIT state, allowing its slot to be reused more
quickly.

Unfortunately, there are no hints left by the previous author about the
rationale behind setting this option. One can only guess that they
somehow managed to exhaust the number of TCP sockets during testing, and
setting this option resolved that immediate issue. It is not entirely
clear how this would happen in an actual real-world scenario, since it
would require many switchovers in a relatively short period of time.

The problem is that this option has been completely broken starting from
Linux 4.10 (since it started randomizing TCP timestamp offsets), and
even before that for NAT connections.

Finally, the option has been completely removed in Linux 4.12, which now
leads to annoying "No such file or directory" errors whenever the
portblock agent runs on a semi-modern kernel.

Thus, remove the line enabling the option.

[0] https://vincent.bernat.ch/en/blog/2014-tcp-time-wait-state-linux
---
 heartbeat/portblock | 1 -
 1 file changed, 1 deletion(-)

diff --git a/heartbeat/portblock b/heartbeat/portblock
index 7b9f5ca3..e88ecc2a 100755
--- a/heartbeat/portblock
+++ b/heartbeat/portblock
@@ -328,7 +328,6 @@ save_tcp_connections()
 tickle_remote()
 {
 	[ -z "$OCF_RESKEY_tickle_dir" ] && return
-	echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
 	f=$OCF_RESKEY_tickle_dir/$OCF_RESKEY_ip
 	[ -r $f ] || return
 	$TICKLETCP -n 3 < $f
-- 
2.25.1
findif.sh: fix corner cases 2024-04-17 17:41:00 +08:00			`From c448ca01367916741662b9e6af54d5d3f189d4fa Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?Christoph=20B=C3=B6hmwalder?=`
			`<christoph.boehmwalder@linbit.com>`
			`Date: Mon, 25 Mar 2024 15:39:44 +0100`
			`Subject: [PATCH 1/3] portblock: remove write to tcp_tw_recycle`

			`Currently, the portblock resource agent enables the`
			`net.ipv4.tcp_tw_recycle option before sending a tickle ACK packet.`

			`This option is supposed to recycle TCP sockets that are left in the`
			`TIME_WAIT state. On the host that initiates the closing of a TCP`
			`connection, a socket will be left in this state for about 60 seconds`
			`before it finally gets removed (and freed up for further use). This is`
			`by design, and it is generally considered useful. [0]`

			`The tcp_tw_recycle option is supposed to shorten the time that a socket`
			`spends in the TIME_WAIT state, allowing its slot to be reused more`
			`quickly.`

			`Unfortunately, there are no hints left by the previous author about the`
			`rationale behind setting this option. One can only guess that they`
			`somehow managed to exhaust the number of TCP sockets during testing, and`
			`setting this option resolved that immediate issue. It is not entirely`
			`clear how this would happen in an actual real-world scenario, since it`
			`would require many switchovers in a relatively short period of time.`

			`The problem is that this option has been completely broken starting from`
			`Linux 4.10 (since it started randomizing TCP timestamp offsets), and`
			`even before that for NAT connections.`

			`Finally, the option has been completely removed in Linux 4.12, which now`
			`leads to annoying "No such file or directory" errors whenever the`
			`portblock agent runs on a semi-modern kernel.`

			`Thus, remove the line enabling the option.`

			`[0] https://vincent.bernat.ch/en/blog/2014-tcp-time-wait-state-linux`
			`---`
			`heartbeat/portblock \| 1 -`
			`1 file changed, 1 deletion(-)`

			`diff --git a/heartbeat/portblock b/heartbeat/portblock`
			`index 7b9f5ca3..e88ecc2a 100755`
			`--- a/heartbeat/portblock`
			`+++ b/heartbeat/portblock`
			`@@ -328,7 +328,6 @@ save_tcp_connections()`
			`tickle_remote()`
			`{`
			`[ -z "$OCF_RESKEY_tickle_dir" ] && return`
			`- echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle`
			`f=$OCF_RESKEY_tickle_dir/$OCF_RESKEY_ip`
			`[ -r $f ] \|\| return`
			`$TICKLETCP -n 3 < $f`
			`--`
			`2.25.1`