forked from acassen/keepalived
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathChangeLog
2947 lines (2853 loc) · 155 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
2015-07-07 Alexandre Cassen <[email protected]>
* keepalived-1.2.19 released.
* vrrp: fix checksum computation in vrrp v2 for socket family AF_INET
One of difference between VRRPv2 and VRRPv3 is the way checksum is
computed. In VRRPv2 no accumulation is specified in RFC while in VRRPv3
it uses regular accumulator with upper pseudo header. This fix restore
compliant VRRPv2 for AF_INET vrrp instance. Since IPv6 socket are using
IPV6_CHECKSUM option this means that checksum for VRRPv6 instance runing
in native_ipv6 mode are broken. But since this is a end to end sanity
check and both side are operating the same way this OK, no "compliant
with VRRPv3 RFC", but anyway using native IPv6 on VRRPv2 is not really
compliant too ;)
* Some cosmetics at Makefile stuff.
2015-06-30 Alexandre Cassen <[email protected]>
* keepalived-1.2.18 released.
* some cosmetics changes (in memory and parser).
* remove dead/not used code.
* revert notify script brought by last release.
* revert VRRP preemption speed up extension.
* vrrp: ix vrrp removes incorrect IPv4 address when VIPs
are removed.
* vrrp: Re-enable VRRPv2 checksum on inbound pkts.
2015-05-31 Alexandre Cassen <[email protected]>
* keepalived-1.2.17 released.
* zalloc use xalloc for consistency.
* memory: fix wrong size calculation in zfree.
* Fix keepalived snmp configuration.
* Change comments to match kernel style.
* smtp: Fix wrong algorithm in RCPT-TO building.
* vrrp: ICMPv6 : modify the way we copy the src address into the IPv6
header, in order to not overwrite the header' and the 'hop limit' fields
* vrrp: sync status flag (up/down) for _all_ VMAC interfaces.
When using VMAC and running multiple instances on the same interface,
only one of the VMAC interfaces will get its status flag synched.
This commit will update the status flag for _all_ VMAC interfaces attached
to a base interface.
* ipvs: fix segfault crash when parsing SMTP_CHECK config
* ipvs: SMTP_CHECK now respects configured RS port. Before that it always
used the default port 25.
* ipvs: config parser: handler for the end of block. new function
install_sublevel_end_handler(handler).
* ipvs: new log function vlog_message taking varg_list. log_message now
uses format gcc attribute, not the macro wrapper.
* ipvs: bug: check_smtp was logging "#30" instead of RS address do not do
nested va_start/va_end calls in smtp_final.
* ipvs: clarify snmp_check config syntax. Now host{} section is optional,
and all the standard connection options are available in the SNMP_CHECK{}
level, too. If one or many host section persist, those base-level options
are used to specify default values that can be overriden in a host section.
* vrrp: Use literal constants for bit flags Use literal constants for bit
flags of the "debug" global variable Change from using numeric constants
to literal constants for the bit flags of the "debug" global variable.
* vrrp: Backup obtains VIP resulting in a duplicate IP. VRRP backup obtains
VIP resulting in a duplicate IP situation. When a priority change to the
configuration of a Master router drops its priority to below that of a
backup router, the VIP is not released on the Master router leading to
a duplicate IP situation.
* vrrp: Make preempt_delay work more than once.
* vrrp: Changes needed to support AH auth in VMAC mode. Note according to
the RFC this is not a requirement, but we think that our customers will
expect it to work. The RFC actually discourages its use because it adds
little to no additional security. We are still able to interoperate in
RFC mode by not enabling authentication.
* vrrp: Check VRRP header in the IP auth header is correct. In the middle
of vrrp_in_chk, the existing VRRP packet parsing code does
"return vrrp_in_chk_ipsecah(vrrp, buffer);" if the VRRP version is two,
and the authentication type is IP sec authentication, to check whether
or not the IP sec authentication header is valid. However the "instant"
returns means that is the IP sec authentication header is valid, then
the remaining parts of the VRRP packet (VRRP version, VRRP checksum,
VRID, number of VIPs, advertise-interval) are not parsed or validated.
* vrrp: Add support for SNMP trap: vrrpTrapNewMaster.
* vrrp: Add skeleton code for VRRP-MIB.
* vrrp: Check existing VIF and recreate if VMACs are wrong. Although under
normal circumstances we will cleanup VIF interfaces when shutdown, there
are various scenarios were this is not the case. To make the code more
robust, keepalived now performs a check for matching VIF interfaces at
restart, and if the configuration of the VIF matches the current
keepalived configuration it will reuse the VIF. However, should the
configuration be different, keepalived will remove the existing
interface, and then recreate a new VIF interface with the appropriate
configuration. This fix resolves the continuous crash scenario that can
occur when keepalived fails to configure the VIF because one already
exists. It prevents keepalived from reusing a previous VIF interface
which does not completely match it configuration criteria.`
* vrrp: fix snmp code (cosmetic)
* vrrp: Fix the keepalived mib and agentx warnings. During Keepalived
startup, about twenty "duplicate registration" and a couple of "Failed
to connect to the agentx master agent" warning messages were issued.
Pairs of the "Failed to connect" warning messages were logged every two
minutes. The "duplicate registration" warnings happened because VRRP
called snmp_agent_init twice, once for the keepalived-vrrp MIB, and once
for the rfc2787-vrrp MIB, however each call to snmp_agent_init also
tried to register the keepalived-global MIB (which holds data like
Keepalived version number, SMTP server details, and a "from" email
address). It was the second attempt to register this keepalived-global
MIB that generated the "duplicate registration" warning. The registration
of the keepalived-global MIB is now only done once under the control of
a static variable. init_agent is also called just once under the control
of the same static variable to prevent it logging a warning message. The
"Failed to connect" warnings occur because Keepalived does not know how
to connect to the SNMP AgentX master server. By default the Agent X
master server is listening for MIB registrations on a local TCP socket
with a port number of 705.
* vrrp: Fix VRRP preemption taking too long. VRRP preemption may not work
correctly due to group expiry timers being incorrectly manipulated while
running down the MDT. Also, preemption can be disrupted if the VRRP group
receives an advertisement while running down it's timer.
* vrrp: Initial Implementation of VRRP statistics.
. Add VRRP counters, This is needed by the VRRP-MIB, and will provide
better insight into the operation of VRRP for users.
. Add SIGUSR1 and SIGUSR2 handlers
- SIGUSR1 allows users to dump current state of VRRP instacnes to
/tmp/keepalived.data
- SIGUSR2 allows users to dump VRRP counters to /tmp/keepalived.stats
* vrrp: Copy old VRRP stats on reload.
* vrrp: Seperate printing functions from vrrp_daemon.c. Seperate state
printing code from vrrp_daemon.c so that the code is better organized.
* vrrp: Track master router priority in VRRP.
* vrrp: Added 'Master priority' output to show vrrp detail.
* vrrp: Enhance keepalived vrrp to configure mltp-scripts. Currently,
keepalived vrrp only allows to configure single notification script.
This is a limitation ans should be extended so that keepalived vrrp can
notify multiple scripts about vrrp state changes.
* vrrp: Don't display ipsec ah password in log files. When authentication
type is selected as ipsec ah, password should not be displayed in the
log files.
* vrrp: Fix notify upon reload. When a notify script is configured after
Keepalived has been started, if other notify scripts are already
configured, these scripts get reinvoked even if the state has not
changed. This occurs when in backup state. When in master state, no
notifications are sent out at all if a new notify script is configured.
For the backup case, this problem occurs when the daemon is reloaded.
This causes vrrp to leave the state it's currently in, go to the init
state and from there, go back to backup. However, this transition
causes the notify scripts to be invoked, causing a redundant
notification to be sent. For the master case, there is no call to
notify_instance_exec(), hence why no notifications are seen at all.
The solution is to add a new field to the vrrp struct that stores the
notify scripts that were configured before reload. A new function has
been added to take advantage of this new field. Instead of calling
notify_instance_exec() when we are in the init state, we now call
notify_instance_exec_init(). This is a proxy function that modifies
the 'script' member of a vrrp structure to point to a new list
containing only scripts that have not previously been configured,
thereby preventing the sending of notifications that have already been
sent. This new list is created by utilising the new vrrp struct field.
Inside this new function, notify_instance_exec() is called using the
modified VRRP instance. When this call returns, the member is reset
back to its original value.
* vrrp: Keepalived extension to support VRRP version 3. Updated vrrp_header
and _vrrp_t struct to support version 3 params. Support to build vrrp_v3
packet.
* vrrp: Keepalived extension to support VRRP version 3 (2).
* vrrp: Keepalived extension to support VRRP version 3 (3). Timer changes
to support centi-sec.
* vrrp: Keepalived extension to support accept mode for v3.
* vrrp: Fix up limitations of keepalived VRRPv3. The current Keepalived is
supporting IPv6 but it is not fully functional and it is not as per
RFC5798. Following are the issues identified and changes done:
- IPv6 address population.
- Correction of Checksum in case of IPv6.
- Getting source address from received advertisements.
- Populating source address in sent VRRP advertisements.
* vrrp: Improve display output for VRRPv3.
- Changed data-type of mcast_saddr to sockaddr_storage to support IPv6
also.
- Added new parameters version, accept, weight updated advertisement
interval for operational command show output.
* vrrp: MIB enhancements for accept-mode.
* vrrp: Fix mismatched advertisement interval. In VRRP version 3, all
BACKUP routers must set their advertisement intervals to match the current
MASTER's. Although not explicitly stated in RCF5798, when the MASTER falls
over or forfeits its MASTER status, the new MASTER should not continue to
use the old MASTER's advertisement interval value and should instead use
its locally configured value. To achieve this, a new field has been added
to the VRRP structure that stores the most recent advertisement interval
of the current MASTER. We track changes to the current MASTER's interval
and update this new variable accordingly. The value is only updated when
we are in BACKUP state and reconfiguring the local advertisement interval
has no effect on it.
* vrrp: snmp: don't hardcode AgentX socket location. The default location
should be `/var/agentx/master` (as per RFC2741 and this is also the
default for NetSNMP, including on Debian-based distributions). This
default location is set at configure-time for NetSNMP and subagent will
use it automatically (it is also available through `net-snmp-config.h`).
A useful feature would be to have a flag to change that if the user
change this settings in the master agent. This commit just reverts this
change to let SNMP subsystem work as expected for most users.
* vrrp: snmp: restore use of net-snmp-config to build SNMP support. With
a lazy linker, `libnetsnmpmibs` may require some additional libraries
to be linked (like `libsensors`). Therefore, only rely on
`net-snmp-config` to get the appropriate flags.
Also add some additional tests:
- check that we can build a simple executable (NetSNMP can be quite
broken and in this case, the error during compilation is not crystal
clear, checking that in configure is more informative)
- check if we subagent support is compiled in (This is optional and
again, the error is not crystal clear during compilation).
- check that net-snmp/agent/util_funcs.h is present (Due to a flaw in
NetSNMP build process, this header was not installed for quite a long
time, notably on RHEL derivatives; code to handle its absence was
already present in Keepalived).
* vrrp: snmp: don't enable SNMP support automatically.
Most users won't use it and it would fail if NetSNMP is not installed,
unless a user add `--disable-snmp` to configure command line.
* build: move custom include directives (`-I`) first. Some libraries,
notably NetSNMP, may pollute CFLAGS by adding stuff like
`-I/usr/lib/x86_64-linux-gnu/perl/5.20/CORE` in CFLAGS. Instead of
trying to not use CFLAGS from NetSNMP at all (some of those bits are
important as they influence some NetSNMP headers), we ensure that the
bogus include flags are after our own include flags.
* global: Set global data default values after parsing config file.
This patch will defer setting the global data default values until
after the config file has been parsed. This will potentially avoid two
calls to getaddrinfo. For example, if the router_id and/or email_from
parameters are set in the config file, there is no need to call
getaddrinfo twice in order to set a default value. Instead, this patch
will check to see if they values are unset after parsing the config
file. Note that email_from and smtp_connection_to are only set to a
default value if they are unitialized and smtp_server is specified.
* doc: add -x/--snmp flag to keepalived manual page.
* snmp: add -A/--snmp-agent-socket to specify AgentX socket.
2015-03-31 Alexandre Cassen <[email protected]>
* keepalived-1.2.16 released.
* Properly close netlink channel to avoid fd leak.
* Use getaddrinfo instead of gethostbyname to workaround
glibc gethostbyname function buffer overflow.
* ipvs: log http timeout only when server goes down
All other calls to log_message() when a check fails are
performed when a server changes its state.
The http timeout log message is the only exception.
* ipvs: properly fix bug when Q < H.
The commit a77c2c7 has not fixed the issue.
Log messages became accurate, but unsigned comparison
was still in use.
* ipvs: HUP processing refactored.
copy_srv_states is removed: we can copy states with
existing clear_diff_*functions, as long as
clear_diff_services is called before the init_services.
vs_exist, rs_exist: remove side-effects from these functions.
Now they do only search and return pointers.
get_rs_list removed: the new rs list is now passed to
clear_diff_rs.
init_service_vs: quorum_state assignment is not needed
here. It is already assigned either by vs constructor, or
by alpha handler, or by clear_diff_services.
* ipvs: refactoring link vsg structure to vs.
this adds a pointer to virtual_server_group_t into
the virtual_server_t structure and fills these pointers
after config load.
This change will allow to access vsg items of a vs easily,
without iterating and name compare.
* ipvs: refactoring use links to vs->vsg links.
ipvs_cmd: removed vs_group list parameter. Link to vsg
is obtained via vs->vsg. These functions are also modified
in the same way: ipvs_group_cmd, clear_service_rs,
clear_service_vs, clear_diff_rs.
clear_diff_vsg: new_vs is passed as a param, vsg pointers
are retrieved w/o iterating.
* ipvs: fix problems with config reload.
The commit 7bf6fc contained a bad trying to fix the issue
when an alive RS does not appear in a new VSG entry on reload.
It has not fixed the original issue and added a new one:
vs_groups lose quorum on config reload.
This commit fixes the issue properly, and also the case when
RS in VSG is in inhibit mode.
The reloaded flag is added to the virtual_server_group_entry_t.
ipvs_group_sync_entry: add alive destinations to the newly
created vsge. It is aware of inhibit-on-failure destinations.
sync_service_vsg: calls the former for each created vsg entry
vsge_exist: changed just as other *_exist routines.
* genhash: add support of fwmark in genhash
* genhash: terminate thread if connect_error
* Fixed filenames and paths so that make uninstall removes
initscript and man pages. Changed perms for keepalived.sysconfig
from 755 to 644
* Fix a typo in dump_global-data().
* vrrp: revert previous buggy preempt extension.
* smtp: fix infinite loop when the smtp server unexpectedly
closes the connection.
2014-12-21 Alexandre Cassen <[email protected]>
* keepalived-1.2.15 released.
* vrrp: Use ancillary data on sending path for IPv6
mcast_src_ip. Well, previous code used bind() to specify
IPv6 src address. Ancillary data is a much more cleaner
and efficient way...
* ipvs: Fix format of long int in log_message call.
* ipvs: fix building with fwmark disabled.
* vrrp: Pointer dereference before NULL check.
* STR(SMTP_PORT) returns "SMTP_PORT", not "25".
2014-12-16 Alexandre Cassen <[email protected]>
* keepalived-1.2.14 released.
* The "Date:" mail header is now localtime.
* bugfix: fwmark field was formatted as signed int
* dump_conn_opts: fwmark was not displayed.
* log_message: emit -Wformat= compiler warnings.
There could be (and actually are) situations when the format
string and the arguments list passed to the log_message() are
inconsistent or mistyped. The compiler did not show any warnings
because the vsnprintf was called indirectly.
* Further unification of IP endpoints logging.
This change tries to keep usage of the standard "[%s]:%d" format
string to a minimum. Instead, use inet_sockaddrtopair wherever
possible.
* Add SNMP subsystem option to man page.
The keepalived(8) man page did not mention the -x option to
enable the SNMP subsystem. This patch adds the -x (and --smmp)
options to the keepalived(8) man page, as described in the
keepalived help message.
* vrrp: fix gratuitous ARP refresh timer handling.
Previous code was using an 'int' to store parsed timer value.
This value was then expanded to TIMER_HZ which can lead to a
wrapping issue if requested timer is longer than local machine
'int' representation. This patch reworked the code to use
timeval_t instead and perfrom regular timeval operations.
* vrrp: Fix a memory leak while dropping incoming IPSEC-AH
authenticated advert. Digest was allocated in previous code
without freeing it on HMAC-MD5 missmatch.
* vrrp: Extend IPSEC-AH auth to support unicast.
If you plane to use IPSEC-AH auth in unicast mode (which THE best
idea), then IP header TTL MUST be zeroed since it is mutable field
on transit.
* vrrp: Update VRRP VMAC doc.
Add vmac_xmit_base in configuration example and force rp_filter=0
on macvlan interface.
* vrrp: make gratuitous ARP repeat count configurable.
. garp_master_repeat : Gratuitous ARP count sent on the wire
after MASTER state transition.
. garp_master_refresh_repeat : Gratuitous ARP count sent on the
wire when garp_refresh_timer fir
* vrrp: fix preempt and state BACKUP when prio 255.
This makes it so that keepalived will respect various settings that
should prevent it from assuming the MASTER role for a vrrp_instance
unconditionally and immediately, even if the priority of the
vrrp_instance in question is set to 255 (VRRP_PRIO_OWNER). These
settings include:
---- conf ----
state BACKUP
preempt_delay <N>
nopreempt
* vrrp: in backup state notify when vrrp is not up and move to FAULT
state.
* ipvs: failed RS was flapping on config reload.
The RS disabled by health-checker was turned on w/o health-checking
by SIGHUP handler in the init_service_rs() subroutine.
This did not happen with alpha mode set.
* libipvs: allow IPv4 RS in IPv6 VS and vice versa.
This change syncronizes local copy of libipvs with the upstream
(kernel/ipvsadm/ipvsadm.git) to the date. IPVS in Linux 3.18 will
include the feature of mixing of tunneled RS families in single VS.
The compatibility with older kernel versions is kept.
* libipvs: minor bugfix with retreiving dest af.
This change needs to be sent to the ipvsadm upstream, too.
This clarifies the previous commit, so there is no need to mention
it in the changelog.
* vrrp: check if interface is known when using use_vmac.
vrrp->ifp is NULL when use_vmac keyword is defined before the
interface keyword. This would result in a segfault
* vrrp: simplify macvlan creation.
Create the macvlan interface in one netlink command rather than
three (creation of the macvlan in netlink_link_add_vmac function,
set of the mac address in the netlink_link_setlladdr function, set
macvlan mode in the netlink_link_setmode function).
This simplification:
1. avoids potential issues if the firt netlink command passes butcw
not the next ones
2. reduces number of netlink messages (light optimization)
* ipvs: bugfix quorum state was flapping when Q < H.
When a service had quorum < hysteresis, the lower threshold of RS
weights was calculated incorrecly. Unsigned arythmetics was used, so
errors like this appeared in log: Keepalived_healthcheckers[2535]:
Lost quorum 1-2=18446744073709551615 > 10 for VS
The up -> down quorum state transition was happening every time when
alive RS set was changed. This bug was in place since
keepalived-1.2.9
* vrrp: add support to IPv6 mcast src address specification.
For some reason (well... which one ?), previous code didnt support
specification of multicast source address in IPv6 mode. If you are
using 'native_ipv6' and want to specify IPv6 mcast source ip address
then you can use 'mcast_src_ip' keyword with IPv6 address.
* vrrp: Add support to IPv6 src_address discrimination in master
rx state.
Previous code didnt support IPv6 address discrimination while in
MASTER state receiving same prio advert. This patch extend previous
code to support IP address comparison agnostic.
* vrrp: IPv6 mcast src_addr handling and VMAC fix.
Properly bind socket for v6 use-case when mcasr_src_ip is in use or
when VMAC is used. This patch fix VRRP VMAC in native_ipv6 mode,
previous code just use the vmac interface link-local IP Address as
src_ip leading to a corner case (to keep polite).
* vrrp: in IPv6 scope_id is mandatory to bind link-local address.
In IPv6 use-case, source IP address is set binding sokect to
socaddr_in6. Linux Kernel requires interface to bind link-local
address.
* vrrp: fix nopreempt mode in master_rx.
While receiving lower prio advert, preempt election according to
nopreempt keyword. By default preempt is on as requested by RFC.
* exit on malloc failure.
* genhash: code cleanup.
2014-05-13 Alexandre Cassen <[email protected]>
* keepalived-1.2.13 released.
* vrrp : Use the standard unsigned int types. This fixes
building with musl libc, which does not expose the internal
__uint* defines. (Natanael Copa)
* check : Fix template issue in IPv6 host header.
(Jan Hugo Prins)
* ipvs : ipvs_syncd_cmd uses memset() to zero the daemonrule
buffer before populating it and sending it up. daemonrule is
malloc()ed by ipvs_start(). ipvs_start() can bail early if it
can't communicate with ipvs. Neither place which call
ipvs_start() check the return value, allowing them to walk
straight into a NULL pointer deref. (jsgh)
* check : Without inhibit_on_failure on a real_server, when the
server is marked down existing TCP connections to it are simply
blackholed. Hence inhibit_on_failure: by setting the weight to
zero no new connections are sent to that server, but because the
server isn't completely removed from the table existing
connections are allowed to continue. The same problem exists
with sorry_server. When a real_server comes back up the
sorry_server is removed from the pool and existing connections
are blackholed. Instead of continued service, which may usually
be a fast response indicating overload, the client must engage
in a lengthy wait for the connection to time out. It would be
better in many cases to allow the sorry_server connections to
complete naturally. Luckily the code is structured well enough
that all is required to get this behaviour is to set the inhibit
member of the sorry_server structure, which is mostly just a
change to the config file parser. (jsgh)
* check : unify logging of RS and VS. This fixes the bug of
displaying a FWM service as [x.x.x.x]:0, where x.x.x.x is the
first RS of that service. (Alexey Andriyanov)
* check : unify connection options among checkers.
All the remote checkers (TCP, HTTP/SSL, SMTP) now have the
same set of connection options:
. connect_ip (new to TCP, HTTP)
. connect_port
. bindto
. bind_port (new)
. connect_timeout (new to SMTP)
All of them are optional with reasonable defaults. The patch
is designed for simplicity in adding a new option. Since the
connect_ip could be inequal to the RS address and, worse, the
same for all RSes, the endpoint is now logged as [RS]:rport,
not the [connect_ip]:connect_port. (Alexey Andriyanov)
* check : fwmark connection option. (Alexey Andriyanov)
* check : make SO_MARK a compile-time option.
(Alexey Andriyanov)
* check : documentation for generic connection opts.
(Alexey Andriyanov)
* check : random delay before doing the first check.
every RS check is registered with a random delay between 0
and vs->delay_loop seconds. It helps avoiding multiple
simultaneous checks to the same RS server. (Alexey Andriyanov)
* vrrp : Fix sync of interface status flag when using VMAC
interface. There is a chance that the VMAC interface status
flags (up/down) could be different from the base interface flags.
This patch will only change the VMAC interface status flags when
the base interface is changed. (Jonas Johansson)
* vrrp : Let only base interface change the VMAC interface status
flags. The interface status flags for a VMAC interface shall
only be changed by the base interface, never by reading the
actual VMAC interface flags. (Jonas Johansson)
* vrrp : Fix initial interface status flag value for VMAC
interface. In commit a05a503, "vrrp: Fix sync of interface
status flag when using VMAC interface", no inital value for the
VMAC interface status flag was set. Due to that the VMAC interface
flags shall follow the base interface, the base interface status
flags value shall be copied to the VMAC interface status flags
after the VMAC interface has been created. (Jonas Johansson)
* vrrp : Proper restore of VMAC interface properties on SIGHUP.
On SIGHUP the VMAC flag and base ifindex for a VMAC interface was
lost. (Jonas Johansson)
* vrrp : Revert "Honor preempt_delay setting on startup.".
This commit resulted in two individual bugs:
1) A keepalived instance coming on-line would not transition to
MASTER state until the preempt_delay duration had passed, even
though there was no already existing VRRP speaker in MASTER
state on the link. In other words, it changed the semantics of
preempt_delay from a delay that only took place before
*preemption* of another VRRP speaker, to a delay that
unconditionally took place after Keepalived came online. The
keepalived.conf manual page has always documented the former
meaning, which is also IMHO the only one that you would
intuitively expect.
2) The preempt_delay was applied when a Keepalived process was
reloading its configuration following the recipt of SIGHUP.
If the Keepalived instance was in MASTER state before the
reload, it would cease transmitting VRRP hellos for the
duration of preempt_delay, but *not* actually remove the
virtual addresses from the network interfaces. This in turn
resulted in any backup VRRP speakers on the links transition
to the MASTER state while preempt_delay was still in effect
on the original MASTER that was reloaded, thus creating a
service-impacting split-brain scenario where the virtual
addresses are present and active on multiple VRRP speakers
simultaneously.
(Tore Anderson)
* vrrp : fix ip_address comparison. Extend IP_ISEQ() macro to
take care of NULL addresses. This issue end on SEGV while
using virtual_route. thanks to Tore Anderson for reporting.
* vrrp : fix double close issue (DROP_MEMBERSHIP & netlink
channel). This is a old pending 'bug', not arming at all
but just frustrating to see again and again this log message :
"cant do IP_DROP_MEMBERSHIP errno=Bad file descriptor (9)"
What the hell ! it was due to a double close during reload &
stop procedure. VRRP fd are stored in a socket pool and use
the I/O MUX to handle VRRP traffic. While reloading or stopping
the daemon the I/O MUX was released first and secondly socket
pool. The issue spotted here, in thread_destroy_master() all
pending thread are canceled and read/write fds related are
close(). Well OK a close on a mcast socket perform kernel side
the DROP_MEMBERSHIP when needed, but it is much more clean to
perform proper operations userspace ! This patch sequencely
cancel pending thread, release socket pool and finally
destroy master thread. Same 'issue' appear in netlink channel.
2014-02-08 Alexandre Cassen <[email protected]>
* keepalived-1.2.12 released.
* lib: Fix reallocation issue introduced in last merge.
2014-01-28 Alexandre Cassen <[email protected]>
* keepalived-1.2.11 released.
* ipvs: make nlerr2syserr libnl dependent. nlerr2syserr()
is only used when libnl is present... simply reflect this in
libipvs.
* Fix libnl/libnl-3 logic in configure script.
This patch causes the configure script to prefer libnl-3 over
libnl(1). The configure script will first check for libnl-3 and
libnl-genl-3. If both are found, use them. If not, check for
libnl(1). This is useful when building on systems that have both
libnl-3 and libnl(1) installed. It also fixes some redundant
libraries in LIBS.
* libipvs: libnl-3 include fix.
* lib: extend command lib string parser.
Extend cmd_make_strvec to support quoted string as a single slot
and commented string at the end of parsed string.
* lib: cosmetics at command.c.
Extend command framework to support logger and remove some dead
code. some cosmetics too.
* lib: extend vty to support logger.
* autoconf: better libnl3 detection.
* Fix memory allocation in parser. The set_value function was
incorrectly using sizeof (char *) when allocation and reallocating
memory.
* Fix memory allocation for MD5 digest.
The vrrp_in_chk_ipsecah and vrrp_build_ipsecah functions were
incorrectly using sizeof (unsigned char *) when allocating memory
for the MD5 digest.
* Fix memory leak in vty_read_config. If vty_use_backup_config
returns NULL, free any memory that has been allocated before
returning.
* Fix memory leak in check_include. The check_include function
should always free the allocated strvec.
* Check content length before allocating memory.
Since extract_content_length should return 0 if CONTENT_LENGTH is
not found in the buffer, this check should be done before
allocating memory. This avoids unnecessary malloc/free calls and
fixes a potential memory leak.
* Free memory if realloc fails in vty_out. If realloc returns NULL,
free the original memory before returning.
* Remove redundant close from vty_use_backup_config. The sav file
descriptor is closed after read, so there is no need to close it
again is chmod operation fails.
* Remove unnecessary netlink rtattr structures.
Both netlink_link_setmode and netlink_link_add_vmac have rtattr
structures that are no needed. The addattr_l function will handle
adding the rtattr to the message. Also, this patch removes
incorrect void pointer arithmetic when setting rta_len.
* vrrp: dont try to leave mcast group in unicast mode.
* vrrp: Release and refresh properly fd hash index.
Rehashing into the same loop as releasing is not really the best
idea... Reworked a little previous patch to properly release hash
entries related to the same instance and then hash it back on new
fd.
* vrrp: use configuration mcast group for leave message.
* vrrp: dont try to load ip_vs module when not needed.
2014-01-02 Alexandre Cassen <[email protected]>
* keepalived-1.2.10 released.
* Jonas Johansson removed unused option character in getopt
optstring.
* vrrp: disable TTL sanity check for unicast use-case.
In order to protect against any packet injection, VRRP provides
sanity check over IP header TTL. This TTL MUST be equal to
255 and means both sender and receiver are attached on the same
ethernet segment. Now with unicast extension this protection MUST
be disabled since VRRP adverts will mostly traverse different
network segments.
!!! WARNING !!! When using VRRP in unicast use-case in order to
protect against any packet injection the best practice is to use
IPSEC-AH auth method otherwise you are exposed to potential
attackers !
* Christian Albrecht fixed minor typo in man page
* Pim van den Berg work on libipvs-2.6 to sync with libipvs from
ipvsadm 1.27
* Pim van den Berg work add support to libnk >= 3. This address
following considerations :
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688164
http://article.gmane.org/gmane.linux.keepalived.devel/3522
* Pim van den Berg extended libipvs adding nlerr2syserr function
to translate libnl 3 errors to sys errors. In libnl 3 the return
codes have changed. nlerr2syserr translates the libnl 3 errors to
sys errors.
* ipvs: if libnl-3 is installed then check for libnl-gen-3. It is
mandatory to use generic netlink facilities in new libipvs. This
test is just here to ensure every needed libs are installed !
* Frank Baalbergen (I suppose github frankbb is you ?) fix
http checker. literal ipv6 addresses should be enclosed by
brackets.
* vrrp: Frank Baalbergen add check on IFA_F_NODAD support.
* vrrp: fix unicast handling address selection. SjonHortensius
reported issue while testing unicast_peer. It wouldn't work
without adding the native_ipv6 flag. Removed this dependency !
since it not correlated with VRRP protocol version used.
* vrrp: extend ip parser to support default and default6.
When you are using virtual_routes you may want to use default
or default6 while configuring routes. Extended parser
accordingly !
* vrrp: take care of label while comparing IP addresses.
Label was not taken into account while comparing 2 IP
addresses, this can lead to a non deletion while stopping
daemon and some configuration changes have been done while
deamon running. This issue was reported by Stepan Rogov.
* vrrp: fix/extend gratuitous ARP handling.
multiple people reported issues where MASTER didnt recover
properly after outage due to no gratuitous ARP sent. VRRP
is a protocol designed to be used between node plugged on
the same layer2 in order to guarantee link failure is directly
linked to a protocol FSM handling (FAULT transition). With
current virtualization env quite every think can be virtualized
from host (VM) to network (vswitch). In some cases those
virtualized env offer a virtualized layer2 on which VRRP is
plugged and sometime forwarding or routing over this virtual
path can be broken.
I extended gratuitous ARP handling in 2 ways :
1) When a MASTER receive a higher prio advert it sends a last
advert before transiting to BACKUP state. The immediate
effect at remote MASTER side is to sollicite a gratuitous
ARP broadcast.
2) Add an optional support to periodic gratuitous ARP sending
while in MASTER state. By default it is disabled but one
can activate this feature by configuring keyword
"garp_master_refresh" in seconds in vrrp_instance block
(refer to keepalived.conf.SYNOPSIS).
* Frank Baalbergen fixed genhash. genhash can throw a
segmentation fault when not providing an argument
* Frank Baalbergen extended genhash code to support IPv6
* Frank Baalbergen extended genhash code to make url default
value /, same as curl/wget
* Frank Baalbergen extended genhash code to only use default
url when url is empty
* vrrp: Create configuration alias for unicast_src_ip keyword.
Add a new keyword more generic to specify VRRP packet source
IP address. This new keyword is "unicast_src_ip" and have
exactly the same scope as "mcast_src_ip".
* vrrp: unicast_peer addresses and VRRP instance MUST be of
the same family. VRRP low-level framework create socket
pool based on VRRP instance family. If you are using
unicast_peer, it is mandatory to use addresses of same family
as VRRP instance. You cant mix IPv4 and IPv6 addresses inside
same unicast_peer block. If you need to make it that way, you
MUST create a VRRP instance per family, eg: one with native_ipv6
for v6 unicast_peer and another for v4 unicast_peer.
* vrrp: extended unicast code to support IPv6 unicast_src_ip.
Add support to unicast IPv6 address for
{unicast,mcast}_src_ip keyword. vrrp instance saddr is now a
sockaddr_storage and src IPv6 address is set using cmsg ancillary
data pktinfo. TSource IP address selection is now generic and
can be IPv4 or IPv6.
* vrrp: fix vrrp socket sync while leaving FAULT state.
Well, this is a very, VERY old bug here. while leaving FAULT
state VRRP framework refresh instance socket fd_in & fd_out
and synchronize all VRRP instance bound to the same socket.
The patch refresh socket, it also refresh fd hashing ! which
better for later fault handling :)
* vrrp: Frank Baalbergen fix log-facility handling. log-facility
should be a required_argument
* vrrp: Support xmit VRRP packets from base VMAC interface.
Here is a merge of patch from Oliver Smith. Thanks for your
job and idea in here Oliver. Comments from Olivier :
This provides a new option to use in conjunction with the VMAC
functionality which will result in VRRP advertisements being
sent and received over the underlying interface (and therefore
having the source MAC of that interface rather than the VMAC
device).
With this new functionality enabled, VRRP messages will not
affect the switch MAC address table since the non-unique VMAC
address is now used only for sending a gratuitous ARP, thereby
ensuring that in conditions of VRRP message loss, a probing
partner will not inadvertently take over traffic.
This also resolves issues where VRRP messages are not
successfully being seen on the VMAC interface as with the
new option, the underlying interface is also used to listen out
for VRRP messages.
* getopt: Make some arguments required
* vrrp: Frank Baalbergen add default case in getopt_long.
when starting keepalived with an option without an argument
that requires an argument keepalived should not be started.
* vrrp: VMAC code cleanup and extensions.
Remastered VMAC code. Interface base_ifindex is set by default
to interface ifindex during netlink probe. VMAC interface
base_ifindex is now set during VMAC allocation uppon success
interface creation. Detect if virtual_router_id is declared
after use_mvac keyword is invoked. Add some more log while
setting up and removing VMAC interface.
* vrrp: IPv4 & IPv6 multicast group tweaking.
Meno Abels extended vrrp framework to support customized
multicast addresses. The address could be set for ipv4 and
ipv6 in the global_defs config section using the keywords
vrrp_mcast_group4 and vrrp_mcast_group6.
There are some stupid switches which does a special processing
to 224.0.0.0/8 multicast packets which causes packets drop from
queue overflows in environments which creates 100 and more
multicast control plane packets a second.
2013-11-10 Alexandre Cassen <[email protected]>
* keepalived-1.2.9 released.
* Alexey Andriyanov fixed inaccuracy in VS_ISEQ macro.
* Alexey Andriyanov fixed hysteresis which could be >= quorum now.
* Alexey Andriyanov extended checker framework so that status_code
and digest can be set together.
* Alexey Andriyanov extended/fixed checker framework for better
SIGHUP support.
* Jonas Johansson fixed VRRP sync group by sending prio 0 when
entering FAULT state. This fix will send prio 0 (VRRP_PRIO_STOP)
when the VRRP router transists from MASTER to FAULT state. This
will make a sync group leave the MASTER state more quickly by
notifying the backup router(s) instead of having them to wait
for time out.
* Jonas Johansson extended VRRP VMAC interface flags (up/down
status) to follow base interface. When using a VMAC interface,
this fix will reflect the base interface flags, i.e. up/down
status, to the VMAC interface. This is useful when using sync
groups (in combination with VMAC) and a link for one of the
members in the MASTER sync group goes down. Before this fix,
this member will not detect the link fault, due to that the
VMAC interface always is UP regardless of the actual status of
the base interface, and the sync group will continue to be
MASTER as if nothing has happend. This fix will however reflect
the status of the base interface onto the VMAC interface, so if
the link goes down the member will transit to FAULT state, which
will make the sync group transit to BACKUP state.
* Jonas Johansson fixed VRRP wrong interface flags corner case.
If a link event arrives between the initial scanning for
interfaces and configuration file parsing, the VRRP instance
will enter an unrecoverable state. This fix will update the
interface flags even when the interface exists, not only for
the inital scan. Note that when all is up and running the link
events will be properly handled by netlink, so this fix only
fixes the special case when a link changes state during
initalization/configuration.
* Jonas Johansson fixed VRRP to honor preempt_delay setting on
startup. If the preempt_delay is set we cannot yet transition
to master state. We must await the timeout of our preempt_delay.
The preemption delay is used when starting up, or rebooting, a
node which needs time to sort out its routing table (e.g., BGP
or OSPF) before it can assume the master role.
* Jonas Johansson extended VRRP code for faster sync group
transition.
* Jonas Johansson replaced popt with getopt. In a embedded
environment you might not want to have to add yet another
library dependency. This commit refactors parse_cmdline() to
use getopt_long() instead och popt.
* EyckWigo proposed to increase defaut socket buf size to handle
env with lot of IP addresses, Default is now set to 64K on netlink
socket.
* Guðmundur Bjarni Ólafsson fixed VRRP unicast code to allow
packet to be routed !
* Guðmundur Bjarni Ólafsson fixed VRRP checksum before computation.
When running in unicast mode with multiple peers, the checksum
was being calculated into itself for consequent peers, causing
incorrect checksums.
* Extended VRRP framework tweaking IPv6 VIP install by disabling
DAD algo and setting deprecated.
Lot of discussions have been made around those 2 topics. First
idea and initial patch where provided by Leo Baltus. This patch
fix the use case where VRRP VIPv6 are used in conjonction of IPVS
healthchecking. If deprecated flag is not set (which is the default
linux behaviour), then VRRP VIP can be used as source address of
healthcheking packet. Since this VIP address is also present, in
most use-cases, on realserver directly so return packets never reach
the healthchecker and hence no realserver was injected in IPVS table.
At the same time, I decided to merge Tore Anderson suggestion of
disabling Duplicate Address Detection algorithm. Tore's arguments
are nice ! Thanks Tore : Using the nodad flag has the following
benefits:
1) The address becomes immediately usable after they're configured.
2) In the case of a temporary layer-2 / split-brain problem we can
avoid that the active VIP transitions into the dadfailed phase
and stays there forever - leaving us without service. HA/VRRP
setups have their own "DAD"-like functionality, so it's not
really needed from the IPv6 stack.
Acknowledgements to Mark Schouten and Frank Baalbergen for pushing
me by testing this features !
2013-09-05 Alexandre Cassen <[email protected]>
* keepalived-1.2.8 released.
* Vincent Bernat fixed issue while pinging master agent.
The agent needs to be initialized to be able to change the
AgentX ping interval.
* Revisited the whole code to use posix declaration style.
* fixed some typos
* Created CLI core framework.
* Ryan O'Hara added option to prevent respawn of child process.
This patch adds a command-line option (--dont-respawn, -R) that
will prevent the child processes from respawning. When this
option is specified, if either the checker or vrrp child
processes exit the parent process will raise the SIGTERM signal
and exit.
* Ryan O'Hara removed duplicate command-line option code.
patch removes unnecessary code to process command-line
options. All options can be processed with a single while loop
that calls poptGetNextOpt. This patch also adds code to check
for errors while processing options. Note that errors encountered
while processing command-line options are fatal.
* Ryan O'Hara add support to usage generation by popt.
This patch uses the popt library to describe the command-line
options and print usage to stderr. This provides a more clear,
concise usage statement.
* Ryan O'Hara and I updated keepalived man page.
* Aleksei Ilin add flexible HTTP checker behaviour for HTTP GET
request's port settings. VirtualServer's port being specified
in HTTP GET request only if `VirtualHost` option is not defined,
otherwise used `VirtualHost` option itself.
* Ryan O'Hara fixed pointer arithmetic for VRRP packet.
When using IPSEC AH authentication, the pointer arithmetic used
to get the location of the VRRP packet is incorrect. The address
of the IPSEC header must be cast as (char *) in order to get
correct address of the VRRP packet. Without this patch,
vrrp_in_chk() will fail to verify incoming VRRP packets when
IPSEC AH is enabled.
* Ryan O'Hara fixed issue while loading SSL certificate.
This patch fixes a problem where keepalived will attempt to
load an SSL keyfile as a certificate, resulting in failure to
initialize SSL context.
* Ryan O'Hara refreshed GPLv2 license with last FSF file.
* junpei-yoshino fixed configure.in. Library crypt is needed.
* Boon Ang fixed comparison of primary IP addresses.
If a router in the master state receives an advertisement
with priority equal to the local priority, it must also
compare the primary IP addresses (RFC 3768, section 6.4.3).
The code to handle this was comparing two IP addresses with
different byte-ordering, resulting in multiple routers in
the master state. This patches resolves the problem by
coverting the local primary IP address to network byte order
for the comparison.
* Henrique Mecking fixed memory leak in libipvs
* Robert James Hernandez fixed RETVAL by setting RETVAL for
status instead keeping RETVAL set to default of 0
* Robert James Hernandez fixed RETVAL by setting RETVAL for
catch all and so that it exits like all other matches in
the case
* Jan Pokorný fixed genhash to ensure CLRF{2} HTML body
separator won't slip.
* Jan Pokorný extended genhash. Generalize the hash algoi
parts, add SHA1.
This patch adds support for hash algo suite extension
with SHA1 being a first one to be available together with
a default MD5. The remaining change on the health-checker
subsystem side is to make analogous modifications and to teach
it to recognize the intended hash algorithm based on the length
of the digest (provided that extra care is taken that no two
algorithms will ever alias in this regard). Also the test
script for genhash was extended to conditionally use SHA1.
* Jan Pokorný cleaned up genhash code.
Access to the hash-specific context was simplified as I've
now checked some C guarantees regarding union/it's members
initial address vs. aligning so now extra inlined accessor
function is needed. This simplified the code a bit.
Also now the hash-specific object is directly pointed to by
SOCK object instead of carrying just the index to the table of
hashes and doing the respective access via a global again and
again. Next, I've concentrated some hash-related declarations
to the new hash.h file. This was mostly motivated by a need to
break the circular include dependency that have arisen. As a
consequence, part of the recent clutter I brought in was removed
again. Most of FEAT_SHA1 conditional compilation is here.
Previously separated table in main carrying the hash IDs to be
printed in the help screen was merged into the table carrying all
the other necessary information about the particular hashes.
* vrrp: Remi Gacogne fixed invalid use of sizeof.
* Pasi Kärkkäinen Add To header for SMTP alerts.
* vrrp: Robert Sander add IPv6 support for virtual_routes and
static_routes.
* Erik de Groot add support to LVS One-Packet Scheduling
(known as OPS). Typically RADIUS traffic comes from a limited
amount of clients and thus you have a very limited range of IP
tuples in action which will never expire. Issue with Keepalived
without this patch is that, although it correctly re-assigns
traffic when a real server dies, it will never re-assign traffic
back to the real server when it is restored. This is because
LVS creates virtual connections, for each IP tuple, that will
never time out as the clients keep sending traffic to the server.
With this patch is is possible to enable OPS for UDP virtual
servers which means LVS does not create virtual connections and
takes a new loadbalancing decision for each UDP packet. The
result is that a restored server now gets RADIUS traffic as
soon as LVS has taken it it back into the server pool.
* Willy Tarreau and Ryan O'Hara add the ability to use VRRP over
unicast. Unicast IP addresses may be specified for each VRRP
instance with the 'unicast_peer' configuration keyword. When
a VRRP instance has one or more unicast IP address defined,
VRRP advertisements will be sent to each of those addresses.
Unicast IP addresses may be either IPv4 or IPv6.
If you are planing to use this option, ensure every ip
addresses present in unicast_peer configuration block do not
belong to the same router/box. Otherwise it will generate
duplicate packet at reception point.
2012-08-29 Alexandre Cassen <[email protected]>
* keepalived-1.2.7 released.
* vrrp: fix issue in while using vrrp_script.
Previous patch introduced by Ryan O'Hara about removing
shadow declaration was kind of too much hunting.
Removing element e in this block simply create inconsitency
in upper list walk. So resurected element declaration with e2.
* snmp: Mikhail Gaydamaka extended MIB and both vrrp and check
frameworkds to support routerId to var bind.
* snmp: Mikhail Gaydamaka fixed oid for vrrpSyncGroupStateChange
var bind.
* some cosmetics again and again.
2012-08-20 Alexandre Cassen <[email protected]>
* keepalived-1.2.6 released.
* Rename global config data variable 'global_data'.
From Ryan O'Hara :
This patch renames the global configuration data
variable from 'data' to 'global_data'. Three reasons for
renaming this varibale:
- Fixes shadow declaration of 'data' in several locations.
- Is more consistent with other global data variables
(ie. vrrp_data, check_data).
- Functions like free_global_data and dump_global_data were
ignoring conf_data_t argument and using global variable
instead.
* Ryan O'Hara: Fix shadow declaration of 'vrrp_data' variable.
* Ryan O'Hara: Fix shadow declaration of 'check_data' variable.
* Ryan O'Hara: Remove shadow declaration of 'element e' in
vrrp_init_state.
* check: Avoid the use of kernel defines in libipvs userland
prototypes.
* vrrp: Correctly handle macvlan interface when config file is
re-loaded. From Bob Gilligan :
Testing with the 1.2.0 branch, bring keepalived up with a
vrrp_instance that is configured with use_vmac. Then delete
that vrrp_instance from the config file. Then tell keepalived
to re-read its config file with SIGHUP. The vrrp_instance will
be stopped, but the macvlan interface will remain. The obvious
fix would be to add code to call netlink_link_del_vmac() in
clear_diff_vrrp(). There's one problem with that: the code
needs the ifindex of the macvlan interface to delete it, but
that resides in the interface structure that was freed earlier
in the reload process. My fix is to add a field to the
vrrp_rt struct to remember the macvlan ifindex. This patch
addresses this problem plus two others that can occur in
reloading the config file: 1) If the vrrp_instance
configuration is kept, but the use_vmac entry is removed, the
macvlan interface will not be deleted; 2) If a vrrp_instance
with use_vmac is left unchanged, the code will attempt to
re-create the macvlan interface, but this will fail and the
program will end up not using the macvlan interface.
* vrrp: VRRP should notify other routers before it does any
action that effects traffic flow. From John Southworth:
Move the shutdown_vrrp_instances code to before the deletion
of sock_pool. Move sending priority 0 adverts to before address
removal occurs
* vrrp: From John Southworth: Stop timers before shutting down
vrrp instances. This is to avoid a possible condition where
a priority 0 advertisement is sent and before the master
thread is killed another advertisement can be generated and sent.
* vrrp: Change when socket fd's are freed.
From John Southworth:
Priority 0 advertisements were not being sent as desired on
config reload. This was causing long delays on manually failed
over instances. The socket pool was being freed too early, as a
result the file descriptor for the socket was no longer valid at
the time the priority 0 advertisment was attempted.
* vrrp: Added a separate timeout parameter for vrrp_script checks
From Jonathan Harden:
I've added a timeout parameter to the vrrp check scripts which
allow you to have the check timeout different to the interval.
When no timeout has been specified the interval is used (which
mimics the current behaviour). To explain the reasoning: We