[lvs-users] [ANNOUNCE] Keepalived 1.2.14

Alexandre Cassen acassen at gmail.com
Tue Dec 16 09:47:36 GMT 2014


I just committed a new release. Including bug fixes and extensions. Thanks to all contributors. For credit, please refer to github commit log. IPv6 part is now ready to merge VRRPv3 code.

ChangeLog for the release look like :

2014-12-16  Alexandre Cassen  <acassen at linux-vs.org <mailto:acassen at linux-vs.org>>
	* keepalived-1.2.14 released.
	* The "Date:" mail header is now localtime.
	* bugfix: fwmark field was formatted as signed int
	* dump_conn_opts: fwmark was not displayed.
	* log_message: emit -Wformat= compiler warnings.
	  There could be (and actually are) situations when the format
	  string and the arguments list passed to the log_message() are
	  inconsistent or mistyped. The compiler did not show any warnings
	  because the vsnprintf was called indirectly.
	* Further unification of IP endpoints logging.
	  This change tries to keep usage of the standard "[%s]:%d" format
	  string to a minimum. Instead, use inet_sockaddrtopair wherever
	* Add SNMP subsystem option to man page.
	  The keepalived(8) man page did not mention the -x option to
	  enable the SNMP subsystem. This patch adds the -x (and --smmp)
	  options to the keepalived(8) man page, as described in the
	  keepalived help message.
	* vrrp: fix gratuitous ARP refresh timer handling.
	  Previous code was using an 'int' to store parsed timer value.
	  This value was then expanded to TIMER_HZ which can lead to a
	  wrapping issue if requested timer is longer than local machine
	  'int' representation. This patch reworked the code to use
	  timeval_t instead and perfrom regular timeval operations.
	* vrrp: Fix a memory leak while dropping incoming IPSEC-AH
	  authenticated advert. Digest was allocated in previous code
	  without freeing it on HMAC-MD5 missmatch.
	* vrrp: Extend IPSEC-AH auth to support unicast.
	  If you plane to use IPSEC-AH auth in unicast mode (which THE best
	  idea), then IP header TTL MUST be zeroed since it is mutable field
	  on transit.
	* vrrp: Update VRRP VMAC doc.
	  Add vmac_xmit_base in configuration example and force rp_filter=0
	  on macvlan interface.
	* vrrp: make gratuitous ARP repeat count configurable.
	  . garp_master_repeat : Gratuitous ARP count sent on the wire
				 after MASTER state transition.
	  . garp_master_refresh_repeat : Gratuitous ARP count sent on the
				         wire when garp_refresh_timer fir
	* vrrp: fix preempt and state BACKUP when prio 255.
	  This makes it so that keepalived will respect various settings that
	  should prevent it from assuming the MASTER role for a vrrp_instance
	  unconditionally and immediately, even if the priority of the
	  vrrp_instance in question is set to 255 (VRRP_PRIO_OWNER). These
	  settings include:
	  ---- conf ----
	  state BACKUP
	  preempt_delay <N>
	* vrrp: in backup state notify when vrrp is not up and move to FAULT
	* ipvs: failed RS was flapping on config reload.
	  The RS disabled by health-checker was turned on w/o health-checking
	  by SIGHUP handler in the init_service_rs() subroutine.
	  This did not happen with alpha mode set.
	* libipvs: allow IPv4 RS in IPv6 VS and vice versa.
	  This change syncronizes local copy of libipvs with the upstream
	  (kernel/ipvsadm/ipvsadm.git) to the date. IPVS in Linux 3.18 will
	  include the feature of mixing of tunneled RS families in single VS.
	  The compatibility with older kernel versions is kept.
	* libipvs: minor bugfix with retreiving dest af.
	  This change needs to be sent to the ipvsadm upstream, too.
	  This clarifies the previous commit, so there is no need to mention
	  it in the changelog.
	* vrrp: check if interface is known when using use_vmac.
	  vrrp->ifp is NULL when use_vmac keyword is defined before the
	  interface keyword. This would result in a segfault
	* vrrp: simplify macvlan creation.
	  Create the macvlan interface in one netlink command rather than
	  three (creation of the macvlan in netlink_link_add_vmac function,
	  set of the mac address in the netlink_link_setlladdr function, set
	  macvlan mode in the netlink_link_setmode function).
	  This simplification:
	  1. avoids potential issues if the firt netlink command passes butcw
	      not the next ones
	  2. reduces number of netlink messages (light optimization)
	* ipvs: bugfix quorum state was flapping when Q < H.
	  When a service had quorum < hysteresis, the lower threshold of RS
	  weights was calculated incorrecly. Unsigned arythmetics was used, so
	  errors like this appeared in log: Keepalived_healthcheckers[2535]:
	  Lost quorum 1-2=18446744073709551615 > 10 for VS
	  The up -> down quorum state transition was happening every time when
	  alive RS set was changed. This bug was in place since
	* vrrp: add support to IPv6 mcast src address specification.
	  For some reason (well... which one ?), previous code didnt support
	  specification of multicast source address in IPv6 mode. If you are
	  using 'native_ipv6' and want to specify IPv6 mcast source ip address
	  then you can use 'mcast_src_ip' keyword with IPv6 address.
	* vrrp: Add support to IPv6 src_address discrimination in master
	  rx state.
	  Previous code didnt support IPv6 address discrimination while in
	  MASTER state receiving same prio advert. This patch extend previous
	  code to support IP address comparison agnostic.
	* vrrp: IPv6 mcast src_addr handling and VMAC fix.
	  Properly bind socket for v6 use-case when mcasr_src_ip is in use or
	  when VMAC is used. This patch fix VRRP VMAC in native_ipv6 mode,
	  previous code just use the vmac interface link-local IP Address as
	  src_ip leading to a corner case (to keep polite).
	* vrrp: in IPv6 scope_id is mandatory to bind link-local address.
	  In IPv6 use-case, source IP address is set binding sokect to
	  socaddr_in6. Linux Kernel requires interface to bind link-local
	* vrrp: fix nopreempt mode in master_rx.
	  While receiving lower prio advert, preempt election according to
	  nopreempt keyword. By default preempt is on as requested by RFC.
	* exit on malloc failure.
	* genhash: code cleanup.


More information about the lvs-users mailing list