[lvs-users] Keepalived 1.2.20

Alexandre Cassen acassen at gmail.com
Sun Apr 3 20:25:57 BST 2016

Hi folks,

Long time no updates :D here we go… This is a HUGE…. a MONSTER release. Lot of efforts have been made here to make it really strong…

I would specially address a HUGE THANKS and BIG Mexican wave for Quentin Armitage. The job you made here with is release is very valuable and much appreciate. A real pleasure to have contributions from coding guys like you ! thanks again.

That said, here is the BIG ChangeLog:

Release 1.2.20
* better VERSION handling
* ipvs: tcp check supports retry.
  New tcp check config option "retry" sets the check retry counter.
  If tcp check fails on an alive server, keepalived will perform
  another checks until n_retry counter reaches zero, or until the check
  succeeds. The delay between retry checks is configured by the
  "delay_before_retry" config option. The default value is 1 retry after 1 second.
  This is the same feature that already exists in HTTP checker
  (config option "nb_get_retry").
* check_http: retry logic is refined.
  Retry on every error, including timeout and connection
  error, but only when RS is up.
  This is needed to reduce rs flaps: we shut the server down
  only after nb_get_retry failed checks.
  Also, do not wait for delay_loop after a successfull check to
  bring the server UP.
* ipvs: respect the error code of the ipvs_talk.
  Previously, if the IPVS reflector was unable to perform
  its task, it reported error through syslog and ignored it.
  This behavior leads to inconsistancies with quorum-handler:
  it is called with UP even if no RS were added into the IPVS.
  This could take place, for example, when there is a limit of
  opened filehandles and keepalived was unable to open netlink
  socket (it is opened on every call to the ipvs_talk).
  Now the check is not marked as OK unless IPVS reflector reports
  OK. Following successfull check will try to add an RS again.
  The special case errors "ENOENT on remove" and "EEXIST on add"
  are treated with OK result code.
* ipvs: remove unused resulting error code.
  These functions are turned from int into void:
  ipvs_group_sync_entry, ipvs_group_remove_entry, ipvs_syncd_cmd.
* check_http: reduce cpu usage.
  do MD5 calculation only when configured to do so.
* timer: reduce cpu usage.
  timer_cmp is called too often and eats much of cpu cycles. Make
  the comparison more effective. Increase code re-using in
  monotonic_gettimeofday(). Use timer_reset_lazy() where possible
  to omit the excess memset() call.
* scheduler: reduce CPU usage.
  Since threads are sorted by t->sands, we could break the cycle
  when not expired thread found.
* ipvs: rs weight changes properly on reload.
  Do not remove and re-add a real_server when reloading config
  if its weight has changed. Just edit the existing ipvs rs entry.
* ipvs: new service option "ip_family".
  This option explicitly specifies the address family of a
  fwmark IPVS service entry. Previously it was determined by
  the AF of the first real server. This logic is kept as a fallback
  when the "ip_family" option is missing.
  Also, now it is possible to create two different services
  for v4 and v6 with the same fwmark number.
* make 'smtp_server' config to support domain name.
* use getaddrinfo() instread of gethostbyname().
* make 'smtp_server' config to support domain name.
* Added vrrp 'timeout' to synopsis.
* Cleaned/fixed up KEEPALIVED-MIB, it now passes smilint
* Fixed vrrp_snmp_route() - it was returning the address of the pointer
  instead of the IP address / network address for dst, gw, gw2, and src
* SNMP fixes/cleanup.
* Added support for static and virtual ip rules for use with policy
  based routing
* Add info to set a default gateway into man and sample.
* vrrp: Fix socket setup code for IPv4 multicast.
  if_setsockopt_mcast_if was only doing anything for IPv6 interfaces.
  Make it work also for IPv4 interfaces, and then don't need to
  call if_setsockopt_bindtodevice for multicast.
  Is it still necessary to call it for unicast?
* vrrp: Set (and restore) interface parameters.
  In order to receive and send multicasts on the correct interfaces
  various parameters need to be set via the /proc/sys/net/ipv4/conf
  interface. This patch sets them as needed, and restores any
  changes on the underlying interface on exit.
  If a user currently sets any parameters by scripts, that will
  override these changes and still work, but this change in general
  will make it unnecessary to change any parameters with scripts.
* vrrp: Leave VRRP multicast group by ifindex.
  Since we know the interface index, use that instead of the address
  since it is more efficient. Also, in the unlikely event that the
  interface doesn't have an address, then this avoids a problem.
* vrrp: Don't delete vmac interfaces before dropping multicast membership.
  Further to commit afea07bd94384c8ac8125e8cdbfd18bc4a46b14e, the
  dropping multicast memberships were failing, since the vmac
  interfaces had already been deleted. This patch keeps the vmac
  interfaces until after the IP_DROP_MEMBERSHIP ioctls. Separating
  the sending of the VRRP priority 0 messages from the shutdown
  of the vrrp instances is necessary since vrrp_dispatcher_release
  closes the sockets that are needed for sending the messages.
* vrrp: Don't open vrrp_send_socket if address family is wrong.
  open_vrrp_send_socket was opening a socket, and then checking that
  the address family was valid. Checking that the address family is
  valid at the beginning of the function streamlines the code.
* vrrp: Stop m'cast packets being queued (and not received) on send socket.
  If there are other vrrp instances on the same network, their
  multicast packets are queued to our vrrp send socket, but since we
  don't receive on that socket, the messages just get queued in the
  kernel (run netstat -anp | grep keepalived to see the queued
  packets increasing).
  This patch clears the IP_MULTICAST_ALL option, to stop these
  packets being queued.
* vrrp: Fix typos in log messages.
* vrrp: Fix RFC reference.
* vrrp: Fix vrrp parser error message.
* vrrp: Add interface index to vrrp dump data.
* vrrp: Don't specify source address in IP_ADD_MEMBERSHIP ioctl.
  If ifindex is specified, any source address given is ignored.
* vrrp: If fail to remove vmac i/f, don't report success after fail message.
* Help vim's formatting to work in configure.in.
  The single "'" in a comment confuses vim, and the screen formatting
  gets confused. Adding a second "'" in a C comment sorts vim out.
* vrrp: Don't explicitly drop IGMP membership before interface deletion.
  The kernel will send IGMP leave group messages when an interface
  is deleted, so there is no need for us to do so. Experimentation
  has shown that explicity doing IGMP_DROP_MEMBERSHIP doesn't make
  it any more likely the IGMP leave group messages will be sent.
  Adding the 1 second sleep significantly increases the likelihood
  of the IGMP messages being sent, but is doesn't guarantee it.
  Extending the sleep time doesn't improve the chances.
* Fix compiler warnings.
* vrrp: Add info to set a default gateway into man and sample.
* vrrp: Don't report error on interface creation/deletion.
  netlink_reflect_filter was returning an error if it didn't already
  know about an interface that has just been created. If we don't
  know about the interface, simply ignore it. Likewise on interface
  deletion, if we don't know about the interface, ignore it.
* vrrp: Ensure the first interface's parameters are set when using libnl3.
  Patch 60217b63242bee37b1c97a04644be6eb5e18b4c4 sets the interface
  parameters for each interface, but when using libnl3 there was a
  conflict with libnl, causing the parameters not to be set for the
  first interface. This patch makes vrrp_netlink.c use libnl3 if it
  is available, to avoid the conflict.
* vrrp: Fix interface parameter setting with libnl3 and error message on
  interface creation/deletion
* vrrp: Allow gratuitious ARP parameters to be configured globally.
  It is likely that the gratuitions ARP parameters will want to be
  the same for all interfaces, so allow the defaults to be set
  globally. Also allow vrrp_garp_delay to be set to 0 to indicate not to
  send further garp messages after a delay (to emulate how the
  kernel sends gratuitous ARPs).
* ipvs: Remove nat_mask configuration parameter.
  nat_mask was only valid with 2.2 kernel, and the implementation of
  it was removed in patch d51194f... but some of the configuration
  code remained. This patch removes all remaining code relating to
* Update man pages. keepalived.conf.5 is updated to include all
  configuration parameters, and keepalived.8 is updated to document the
  signals that can be used with keepalived.
* Remove remaining 2.2 kernel code.
* vrrp: Allow specification of default VRRP version to use.
  Rather than have to specify using VRRP version 3 on each VRRP
  instance, allow global configuration to set the default version.
* vrrp: Remove use of deprecated nl_join_groups().
  The use of nl_join_groups was introduced in commit 84cf733.. in
  order to resolve quickly a problem introduced in an earlier patch.
  This patch follows the approach adopted by libnl3, which uses a
  list of groups, rather than a bitmap which is limited to 32 groups.
* Documentation updates, removal of redundant code, global config.
* vrrp: set router flag in neighbour advertisements.
  This is necessary in order to prevent the IPv6 stack on a node that
  receives the unsolicited and overriding neighbour advertisement for the
  VIP (that gets sent automatically when Keepalived transitions to MASTER
  state) from immediately removing the VIP from its list of default
  routers. See https://bugs.launchpad.net/bugs/1520517 for an example of
  the problems this can cause.
  Note that the approach in this patch simply unconditionally sets the
  router flag. That is better than having it unconditionally unset (VRRP
  stands for Virtual *Router* Redundancy Protocol, after all), but it
  might not be appropriate whenever VRRP is used to fail over addresses
  that are used for other tasks than being routers. Thus it might be
  better to read in the interface's "forwarding" sysctl and set the router
  flag accordingly, or making the value of the router flag configurable in
* vrrp: Dynamic addition of interfaces from netlink msg.
  When a tracked interface is deleted then recreated with the same config
  VRRP groups tracking this interface will remain down. This is due to
  tracking of stale information.
  This patch listens for netlink messages for the creation of interfaces
  and does one of two things.
  i) If the interface doesn't exist in the vrrp interface list a new
  interface structure is created and the information from the message is
  used to fill the structure. This new interface is then added to the
  interface queue.
  ii) If the interface already exists in the queue we zero it and then
  use the information in the message to fill the structure.
* branch to fix empty RS list issue.
* a fix for services with no RS.
* check: segfault when there is no real server for a virtual server.
* vrrp: Stop memory leak rename function for convention.
  Renamed netlink_populate_intf_struct to netlink_if_link_populate to fit
  with file naming scheme.
  It was possible that a created ifp structure would not be cleaned up if
  netlink_if_link_populate returned a -1, fixed this so the structure is
* Make parent process handle and propagate USR1/2 signals.
  In order to be able to automate writing configuration and/or stats
  the signals USR1 and USR2 need to be able to be sent to the parent
  process since its pid can be read from /var/run/keepalived.pid.
  The parent then needs to propagate these signals to a vrrp child.
* Ignore all signals except those explicitly wanted.
  In order to harden keepalived against a user accidentally sending
  a wrong signal to keepalived, set all signals other than those we
  want actioned to be ignored.
* Remove potential race condition when setting signal handlers.
  There was the potential for signal_run_callback to be invoked
  after calling sigaction for a signal, prior to the internal signal
  handler signal_SIG***_handler and signal_SIG***_v variables being
  set up. To remove the race condition, when setting a signal handler
  block the signal until the internal handlers have been fully set up.
* Make signal_ignore mean ignore.
  signal_ignore was setting a signal handler for the signal, but
  then itaking no action when the signal was received. This is now
  changed so the signal is actually set to be ignored.
* Streamline signal handling code.
  There was some duplication of the code for signal handling, and
  this slight restructuring avoids the duplication and makes it
* vrrp: Invoke notify scripts with the default signal disposition.
  It is reasonable for notify scripts to expect to be invoked with
  the standard signal disposition, so when first setting up signal
  dispositions, remember the original state so it can be restored
  before the notify scripts are exec'd.
* Return address of previous signal handler according to SA_SIGINFO.
  The man page for sigaction(2) states that SA_SIGINFO is only
  meaningful when establishing a signal handler. This appears not
  to be the case, since the flag will be set in the oldact structure
  on return from sigaction if the previous signal handler was
  established using the SA_SIGINFO flag.
* Invoke all scripts with the default signal disposition.
  Just as the change for notify scripts, it should apply to other
  scripts as well.
* vrrp: Don't wait on script process being killed after timeout.
  The child_timout_thread functions send a SIGKILL to a child
  process that has timed out and didn't die quickly enough
  after sending a SIGTERM. They then wait on the process dying.
  The main problem is that if the waitpid is successful here, then
  waitpid in thread_child_handler will never be successful for the
  same pid, and so the entry on the child list will never be removed
  and the parent thread will not be marked as ready.
  There is also a theoretical possibility that the child process is
  unkillable, and so the waitpid would hang forever.
* Set thread conditions before adding to list.
  It seems safer to set the status and type of a thread before
  adding it to the ready list.
* Remove some code duplication re running scripts.
  misc_check_thread and vrrp_script_thread were virtually identical
  so move duplicate code into new function system_call_script in
* Fix formating of man page.
* Set standard signal disposition before invoking ip(6)tables.
  Call signal_handler_notify before running iptables/ip6tables.
  Since it is now called for more than notify scripts, rename
  signal_handler_notify to signal_handler_script
* Move common code for opening fd 0/1/2 into a function.
  The code for setting fd 0/1/2 to /dev/null before running a script
  was in several places. All the common code is moved into a function
  and the function called from the relevant places.
  It is only necessary to reopen fd 0/1/2 if keepalived is running
  with the --dont-fork option, since without that option the fds are
  already open on /dev/null.
* Optimise closure of fds before invoking scripts.
  Every time before a script was invoked, closeall() was called,
  which would spin through 1024 file descriptors closing them, even
  though the vast majority were not open, resulting in 1024 system
  calls. To avoid that, open all sockets and file descriptors
  (except fd 0/1/2) with the CLOEXEC flag set, so that the fds will
  be closed by the kernel when the script is exec'd.
* Simplify some IPv4/IPv6 code.
  Code blocks were (unnecessarily) repeated in functions which
  handled both IPv4 and IPv6 situations.
* Fix reloading and invoking notify scripts.
* Update vrrp_scheduler.c.
* Converted pdf user guide to RST with Sphinx.
* Added check for libnfnetlink header during the configure step.
* In free_list_elements invoke the free function if it exists.
* Use of LIST_ISEMPTY to check list exists causes memory leak.
* Stop parse_ipaddress FREEing via pointer passed to it.
  parse_ipaddress FREE'd new following an error, but new could be an
  address passed to the function, and therefore might not be MALLOC'd
  memory.  This commit makes the caller of parse_ipaddress free the
  memory if there is an error and the calling function MALLOC'd the
* vrrp: Add vrrp_iptables global configuration option.
  The iptables/ip6tables entries were always added at the end of the
  INPUT chain, but for many configurations this is too late in the
  processing. This patch allows the chain name to which rules are
  added to be specified, and also allows the option of specifying
  no rules are to be added.
  If a chain name is specifed, it is necessary for that chain to
  already exist in the iptables and/or ip6tables config, and for
  that chain to be called from an appropriate point in the
  ip(6)tables configuration.
* vrrp: Add option to block outbound traffic from VIPs.
  Unwanted traffic to VIPs is discarded by ip(6)tables. This adds
  an option to also block outgoing traffic from VIPs.
* vrrp: Add iptables blocks for E-VIPs just like VIPs.
* vrrp: Allow unicast IPv6 Neighbour Solicits to be received.
  An ip6tables rule is added to allow IPv6 NAs to be received, but
  we also need to be able to receive NSs to respond to neighbours
  attempting to verify our reachability.
* vrrp: Use correct MAC address for IPv6 VRRP packets.
  The IPv6 VRRP packets were using the MAC address of the underlying
  interface, rather than the MAC address of the vmac. This commit sets
  the correct MAC address for IPv6, and also adds the link-local address
  of the underlying interface to the vmac interface, so that VRRP
  packets can be sent from the vmac interface, thereby using the VRRP
  MAC address.
* vrrp: Disable IPv6 on IPv4 VRRP VMAC interfaces.
  If IPv6 is not disabled on VMAC interfaces, an IPv6 link local
  address is generated based on the virtual MAC address. This is not
  only contrary to RFC 5798 para 7.4, but also causes duplicate
  address detection failure. The address also just isn't needed!
* vrrp: Fix setting nlmsg_len for netlink messages.
  For netlink messages, nlmsg_len must always be set to an aligned
  length. Prior to this commit, nlmsg_len was only being aligned when
  a subsequent attribute was added to the list. This was fine if the
  length of the last attribute added was an aligned length (which had
  always the case), but didn't work if the last attribute added didn't
  have an aligned length.
  This patch is needed in preparation for adding an attribute which
  doesn't have an aligned length.
* vrrp: Stop having an IPv6 link-local address added based on VMAC mac
  IPv6 link-local addresses that were based on the virtual MAC address of
  the VMAC interface were being added. RFC5798 para 7.4 states that this
  is not permitted. It also causes duplicate address detection failure,
  since each instance of the virtual router was configuring the same
  IPv6 address on the same subnet.
  This commit stops the offending link-local address being addied (or removes
  it if it can't stop it being added), and since VRRP advertisements must
  be sent with the virtual MAC address, but a link-local address for the
  interface, if a link-local address from the underlying interface exists,
  it is added to the VMAC interface, otherwise the MAC address of the
  underlying interface is used to generate a link-local address, which is
  then added.
  It wasn't until Linux 3.17 that the IFLA_INET6_ADDR_GEN_MODE netlink
  message was added, via which one can stop a link-local address being
  automatically configured. Therefore, if IFLA_INET6_ADDR_GEN_MODE is not
  supported, the only way to ensure that the problematic link-local
  address is not added is to remove it after the interface is brought up.
  This is not ideal, since there is a small window when the "illegal",
  and possibly duplicate, link-local address exists, but I haven't
  found any other way of doing it for pre 3.17 kernels.
* vrrp: Stop sending unnecessary attributes in netlink messages.
  When an IPv6 virtual address was deleted, it was being reported
  in the log file that preferred lifetime was being set to 0, which
  is only relevant when the address is being added. This commit stops
  adding the IFA_CACHEINFO attribute when deleting addresses, and
  also stops adding other unnecessary attributes.
* vrrp: Allocate an IPv6 link local address to VMAC if none on real
  The physical interface than a VMAC is configured on may not have an
  IPv6 link local address, but we can construct one for the VMAC using
  the MAC interface of the underlying interface.
* vrrp: Remove code allowing mixed IPv4/IPv6 addresses.
  If addresses of both types were configured, the receiving end would
  reject the packet since the count of addresses received would have been
  wrong since only addresses of one family can be sent, see vrrp_in_chk:
  if (hd->naddr != LIST_SIZE(vrrp->vip))
  Since we don't want to send the addresses of the wrong family, add them
  to the virtual_ipaddress_excluded block rather than the virtual_ipaddress
* vrrp: Only set router flag in Neighbour Advertisements if forwarding.
* vrrp: Enforce maximum number of vips per virtual router.
  If there were more than one virtual_address blocks in a
  virtual_router block, one could add as many virtual addresses as
  one wanted, since it didn't check the number already read.
* vrrp: Don't ignore excess virtual_address entries.
  If there are too many virtual_address entries, add them to the
  excluded block, but still give a warning message.
* vrrp: Verify VRRP configuration after all configuration read.
  There was a lot of duplicated checking in vrrp_parser.c to ensure that
  configured parameters were consistent, and also a requirement to configure
  certain parameters before others. This checking was incomplete, and also
  becoming more and more complex as more configuration options were added.
  This commit delays a large part of the checking until after all the
  configuration has been read. This removes the need for options to be
  specified in a certain order and also for checking in multiple places
  whether certain combinations are valid.
  As a consequence of the delay in checking the configuration, the creation
  of the VMAC interfaces is delayed until after the checking.
* vrrp: Accept is only valid for VRRPv3
* vrrp: Verify priority and init_state consistent.
* vrrp: Verify password specified for authentication.
* vrrp: Verify have an ip address for interface.
* vrrp: xmit_base is only valid on a VMAC.
* vrrp: Ensure at least one VIP is configured on a VRRP instance.
  This commit requires at least one VIP to be configured on a
  vrrp_instance.  Although the code looked as though it was designed to
  allow 0 VIPs, not only was that a protocol violation, but also keepalived
  rejected any VRRPv3 packets received without any VIPs, and also any VRRPv2
  with IPv6  due to the check in vrrp_in_chk() in vrrp.c.
* vrrp: Generate unique default VMAC interface names.
  Since the virtual router ID can be duplicated both between IPv4 and IPv6,
  and also between different interfaces, the approach of setting a default
  interface name as vrrp.VRID could produce duplicate names.
  This commit now attempts to use vrrp.VRID, but if that already exists,
  then it will try vrrpN.VRID, where N starts from 1 and increases until an
  unused name is found (for IPv6 it tries vrrp6.VRID before vrrp1.VRID).
* vrrp: Ensure necessary uniqueness of VRIDs.
  VRIDs must be unique for a given address family and interface.
  This commit ensures that there is no duplication of VRID/address family
  on any interface.
* vrrp: Don't assign VIPs/eVIPs to the default interface.
  alloc_ipaddress was always setting the interface to DLFT_INT (eth0) if no
  dev DEVNAME was specified to a VIP/eVIP/static address. This is fine for a
  static address, but doesn't make sense for a VIP or eVIP, since they should
  be assigned to the vrrp_instance interface, unless explicitly configured
  In fact, it probably doesn't make sense to specify dev DEVNAME for a
  VIP/eVIP, since the addresses must be assigned to the vrrp_instance
* If a configuration error occurs between {}, skip to end.
  If a configuration error occurred in a block, the parser could get confused.
  This commit makes the parser ignore ignore all further entries until the end
  of the block.
* Don't allow specification of default as an address where inappropriate.
  The function parse_ipaddress would allow default or default6 to be
  specified for any address it parsed, but it doesn't makes sense in a
  lot of cases, so add a parameter to indicate if default is valid.
* Improve checking of configured advertisement timer.
* vrrp: Make sure that a VRRP instance has a name and is unique.
  It was possible to specify a vrrp_instance without a name. It was also
  possible to specify the same vrrp instance name twice.
* Extra validation for reading ip addresses.
* vrrp: Ensure a sync group has a name and hasn't already been specified.
* vrrp: VRRP authentication is dependent on VRRPv2 not IPv4.
  The check for whether authentication is not dependant on IPv4, but rather
  VRRPv2. This check will be conducted following reading the whole configuration.
* vrrp: Log error if unknown authentication type.
* Check for, and handle, '{' at beginning of a block.
  There was no check for a '{' at the beginning of a configuration block.
  This commit is the start of that check, allowing it either at the end
  of the line with the keyword, or on a line of its own.
  Also, in respect of group and notification_email, for all other configuration
  items, the '{' could follow on a line of its own, but for configuration
  items using read_value_block the '{' on a line following the keyword
  was read as a configuration entry.
* Check for, and report, unknown keywords.
  A misspelt keyword would have been silently ignored, potentially causing
  the user difficulty in understanding why his configuration wasn't working.
* If an address fails to parse, ensure don't return an apparent address.
  When reading an address, the address family was set early on, and a
  subsequent failure to parse the address left the address family configured,
  thereby making it appear that a valid address had been read. Simply set the
  address family to AF_UNSPEC on a failure.
* Ensure an address option has a value.
  There was no check that the parameter was present after a keyword, so for
  example : dev
  would not have generated an error message, and alloc_ipaddress would have
  attempted to read a word after dev, which would either cause a dore dump
  or possibly return a parameter from a previous configuration line.
  This type of checking probably needs to be added elsewhere too.
* Add validation of address scope.
* vrrp: Don't allow group block more than once in a sync group.
  If a second group is configured, the first group is lost, and its
  malloc'd memory is also lost.
* vrrp: Make sure sync groups have at least two members.
  If a sync group was configured with no group {} statement, or if
  the group statement had no entries, then keepalived would core dump.
  This commit rejects groups with 0 members, and also with 1 member,
  since it isn't a group. It also checks that a virtual_instance isn't
  configured in more than one sync group, and also that the group
  members specified exist.
* The address must be the first record in an address configuration item.
  When an address is configured, it must be the first entry on the line.
  This allows options specified afterwards to know the address family,
  and also when reporting errors to include the address.
* vrrp: Log error if IPv6 and first address is not link local.
  RFC5798 section 5.2.9 requires that if the protocol is IPv6, then
  the first address must be the link local address of the virtual
* vrrp: Ensure that the full VRRP packet has been received in the buffer.
  Although afer receiving a VRRP packet, it checked that the length
  specified in the IP header was long enough to contain all the VRRP data,
  it didn't check that the data actually received was sufficiently long,
  so this check is added.
* vrrp: Stop VIPs in same CIDR being deleted, but only when using vmac
  so far.
  If an interface has more than one IP address in the same CIDR, when
  the "primary" address is deleted, all the secondary addresses are
  also deleted, unless /proc/sys/net/ipv4/conf/IFACE/promote_secondaries
  is 1. This commit sets the promote_secondaries flag on vmacs.
* vrrp:  Make from and to for VRRP iprules use a define.
  "From" and "To" were being stored as words rather than converted to
  defined value. This made storage requirements larger and processing
  them more time consuming.
* Don't report configuration bytes used if not _DEBUG_.
  If _DEBUG_ is not defined, malloc was increasing the count of memory
  allocated when called, but free wasn't reducing the count, and so the
  figure reported was meaningless.
  This commit completely disables the memory allocated counting and
  reporting if _DEBUG_ is not defined.
* vrrp: Use defines for address scopes.
  Rather than hard coded values for address scopes, use RT_SCOPE_*
* Force order of multiplication and division to avoid underflow.
* Clear list pointer after freeing list.
* Fix handling of active in vectors. active wasn't being consistently
  updated or reported for vectors.
* Make functions always returning 0 void.
  Three functions in utils.c always returned 0, and the calling
  functions weren't checking the return code, since it was pointless,
  so the functions have been changed to be of type void.
* Use struct in_addr rather than uint32_t for IPv4 address.
* vrrp: Disable all VMAC configuration code if don't have VMACs.
* Allow multiple spaces in quoted strings.
  The handling of quoted strings saved each word separated between
  tokens of '"'. This meant reconstructing a quoted string lost multiple
  spaces and was hard work.
  Quoted strings are now saved as the whole quoted string, without the
  quotes, so retrieval is much simpler. This also allows further keywords
  to follow the quoted string, if desired.
* vrrp: Remove string length dependencies in vrrp_print.
* vrrp: Stop using deprecated bcopy.
* vrrp: Add vrrp_instance name to some log messages.
* Optimise returning from list_element() when end of list reached.
* Make free_melement a static function.
* Use INET6_ADDRSTRLEN rather than hardcoded length.
* Don't format log message if not going to log it.
* vrrp: Add option to reduce vrrp advert address checking.
  By default, every received VRRP advertisement checks the advertised
  addresses are the same as the configured addresses, which is o(n^2).
  This change adds the option to check the first packet received from
  a master, but not to check the VIP list in subsequent adverts from
  the same master.
* vrrp: Ensure vrrp_buffer large enough for largest possible received
  The allocated receive buffer had size VRRP_PACKET_TEMP_LEN, which
  suggests that it wasn't intended as the final solution.
  Instead of using a fixed buffer size, the maximum MTU across all the
  interfaces is calculated, and the size of the vrrp_buffer allocated
  is the maximum MTU size. This guarantees that any VRRP packet received
  will fit in the buffer.
* vrrp: Improved received VRRP packet checking.
  First check the protocol headers have been received, then before
  checking the overall length of the received data, check the data in
  the protocol headers, since this will allow more meaningful errors
  to be reported. For example if there was a mismatch between VRRP
  versions with IPv4, a length error was being reported, rather than
  the version mismatch.
  All the error messages in VRRP packet checking now include VRRP
  instance name, to help tracking down where the error lies.
* vrrp: Remove fixed limit number of VIPs in a VRRP advert.
  There was an arbirtary limit of VRRP_MAX_VIP (20) VIPs for sending
  a VRRP advert. Now that the vrrp_buffer is sized to be able to
  receive any packet up to the largest MTU size, we can dynamically
  allow as many VIPs as will fit in a packet (which varies depending
  on IPv4 or IPv6).
  There is also an overhead checking the received addresses in an
  advert against the VIPs configure on the instance, but this can now
  be mitigated by setting skip_chk_adv_addr on the VRRP instance.
* vrrp: Fix printing of vrrp tracking scripts.
* vrrp: Print Last transition time in human readable form.
* Disable assert statements unless _DEBUG_ is defined.
* Streamline free_list_element
* Remove duplication of code between free_list and free_list_elements.
* vrrp: Add vrrp strict mode, enforcing VRRP compliance.
  The commit doesn't yet implement strict mode, but it will block
  0 VIPs, unicast peers, IPV6 in VRRPv2.
* vrrp: Add some strict tests.
  In strict mode, the following are enforced:
    IPv6 required VRRPv3
    There must be at least one VIP per VR instance
    No unicast peers
    Must be address owner to start in MASTER mode
* vrrp: Don't allow AH authentication with IPv6 and VRRPv2.
  Of course, the RFCs don't allow IPv6 in VRRPv2, but it is an
  extension supported by keepalived.
* vrrp: Some minor ipsecah updates.
* vrrp: Clearly identify that VRRP has subblocks of VRRP scripts.
  The keepalived.conf.5 man page wasn't explicit that there are VRRP script
  subblocks as part of the VRRP configuration, and this is now explicit.
* Trivial edits to man page keepalived.conf(5).
* man page remove static_rules configuration from vrrp_instance.
  keepalived.conf.5 man page had an entry for static_rules within the
  vrrp_instance blocks, and this is clearly wrong.
* vrrp: Fix typo in error message when sending VRRP advert.
* vrrp: Add option not to include vrrp authentication code.
  RFC3768 updated VRRPv2 to remove authentication in 2004. This commit
  adds a configure time option to exclude authentication code.
* vrrp: When adding ip(6)tables entries, only specify i/f for link_local
  Packets to/from global address could arrive or be sent on any interface,
  so don't specify the interface for blocking the packets. For link local
  addresses, the block must relate to the specific interface.
* vrrp: Add ability to use libiptc rather than invoking ip(6)tables.
  Invoking ip(6)tables has a high overhead, since the process has to be
  forked and exec'd, and then it has to read the whole ip(6)tables
  filter chain before it makes a single update and commits it back.
  Using libiptc avoids the overhead of multiple forks/execs, and also
  means that multiple entries can be added/deleted to/from the ip(6)tables
  configuration in a single update.
* vrrp: Add option to use ipsets instead of iptables to block addresses.
  Instead of having lists of addresses in iptables, it is much more
  efficient to use ipsets to handle those addresses, since that is
  what it is designed for.
* Use /proc/sys/kernel/modprobe to find modprobe.
* Reinstate SIGCHLD before forking to exec modprobe for ip_vs.
  The fork of modprobe to load ip_vs would have reported a failure
  even though it would have succeeded.
* Reinstate SIGCHLD before forking to exec modprobe for ip_vs.
  The fork of modprobe to load ip_vs would have reported a failure
  even though it would have succeeded.
* Fix forking/execing re closing signal pipe.
  When calling scripts, we don't want to give them access to the signal
  pipe used between the parent process and the vrrp process.
* vrrp: Fix compile error when net/if.h and netlink/route/link.h conflict.
  Some versions of libnl3 netlink/route/link.h conflict with some
  versions of kernel header file net/if.h. This commit has a
  workaround for when there is a conflict.
* vrrp: Fix compile failure with old kernels and libnl3.
  Issue #215 identified a compile error with pre 3.13 kernels when
  libnl3 was installed. This commit adds a test for that situation
  and avoids using rtnl_link_inet_[sg]et_conf.
  I haven't been able to test this on a re 3.13 kernel, but I have
  simulated the scenario and it compiles as expected.
* vrrp: Fix compilation when ipsets not installed.
* vrrp: Fix build breakage when not using libiptc.
* vrrp: Fix VRRP respawning when no VIPs specified.
  Commit b46dec58fa failed to check the the VIP list existed before
  checking how many entries were in the list.
  This commit also defaults the address family to IPv4 if no VIPs are
* vrrp: Make dependency on libnfnetlink/libnfnetlink.h conditional.
* Streamline handling of daemon mode flags.
* Improve handling of not being able to read a pid file.
  If a pid file was opened, but for some reason a pid could not
  successfully be read, the pid used to check if a process was
  running was random.
* Remove unused pid filename definitions.
* Change outstanding debug flag tests to use bitops helpers.
* Allow for different sizes of long ints in bitops.
* vrrp: Ensure conversions of vrrp->adver_int etc don't overflow.
* Use bitops with daemon_mode.
* vrrp: Fix ip_rule direction for SNMP.
  Commit 2da11f99 introduced defines for ip_rule directions rather
  than using strings, but the commit omitted to update the snmp code
  when processing the directions.
* add a line about the 'include' keyword in keepalived.conf(5).
* fix HTTP_GET config dump. The config dumper routine
  dump_http_get_check was always printing the last configured checker's
  connection info.
* dump_conn_opts: prototype change.
  pass the conn_opts_t pointer as a void* parameter to make the
  function prototype a valid dump callbac This makes smtp_dump_host()
  function needless, it is removed.
* fix build issues on older systems.
  Try to avoid the build error on systems which lack of
  O_CLOEXEC and IP_MULTICAST_ALL defines (such as Ubuntu lucid and
  Debian squeeze).
* Fix compilation with --disable-vrrp-auth
* vrrp: Remove state VRRP_STATE_LEAVE_MASTER since it isn't used.
* vrrp: Fix VRRPv2 authentication issues.
* Don't redefine _GNU_SOURCE.
* vrrp: Exclude function vrrp_ah_sync when --disable_vrrp_auth.
* Fix some conditional compilation errors.
* Streamline getopt_long options.
* Remove '\n's from log messages.
* Ensure standard configure generated defines are used.
  The defines used in the compiles in the various subdirectories were
  specified in each Makefile.in which could lead to inconsistencies.
  This commit defines APP_DEFS in configure.in, which is then used
  in each Makefile.in.
* Dump keywords to file rather than stdout.
* Add copyright message and build options to version output.
  This commit also ensures that the end year of the copyright date
  range is the current year when keepalived was built.
* Stop erroneously logging error message for unknown keywords.
  When vrrp_parser parsed the configuration file, it didn't know
  about the checker keywords, and vice versa, and so reported errors.
  This commits makes the other keywords known but marked as inactive.
* vrrp: Fix SNMP trap NewMaster.
  The trap must only be triggered for IPv4, since RFC2787 doesn't
  understand IPv6. Also, RFC2787 only supports VRRPv2 instances,
  so don't raise the trap for VRRPv3 instances.
  The IP address returned must be the actual IPv4 address, and not
  the ip_address_t that holds the address.
* vrrp: Use underlying interface for ifindex in NewMaster traps for vmacs.
  If the VMAC ifindex is returned, then there is no indication that
  multiple VRRP instances are operating on the same physical interface,
  so return the ifindex of the underlying interface. This will also
  mean that the same ifindex should be maintained between different
  invocations of keepalived.
* vrrp: Move SNMP private defines into vrrp_snmp.c/check_snmp.c.
  The defines for the net-snmp "magic" were in the header files
  which were included by other modules. The defines are private to
  the c source file, so move the defines into them, to avoid polution
  compilation units which included vrrp_snmp.h/check_snmp.h.
*  Use definition for
* vrrp: Start SNMP after reading configuration.
  If SNMP is started before the configuration is read, a meaningless
  response will be returned to net-snmp, so don't start the snmp agent
  until after all the config has been read.
* vrrp: Fix setting SNMPv2-MIB::sysORID entries in ORTable.
  The length of the OID passed to register_sysORTable was wrong.
* vrrp: Allow SNMP agent to unregister cleanly with more than one MIB.
  Separate snmp_unregister_mib() out from snmp_agent_close() to allow
  multiple MIBs to be unregistered before the snmp agent is closed.
* vrrp: Don't register the global_oid with SNMP twice.
  If SNMP is enabled, both the checker process and the vrrp process
  were registering the global_oid. This commit makes the checker
  process register it if it is running, otherwise the vrrp
  thread registers it.
* vrrp: Add read-only support for RFC2787 SNMP (VRRPv2).
* vrrp: Allow any combination of keepalived and RFC SNMP support.
* Allow enabling snmp via config file.
* ipvs: sctp ad persistent engine support.
* Fix building with --disable-lvs
* Stop autoconf complaining.
* vrrp: Use defined value for maximum VRRP priority.
* vrrp: Simplify scheduler code vrrp_leave_fault().
  Two pairs of code blocks were repeated, and each pair could be
  reduced to occuring only once if the conditions were merged.
* vrrp: If VRRP priority is 255 and not nopreempt, configure like state
* vrrp: Ensure number of VIPs doesn't exceed 255 per instance.
* vrrp: Don't check second time if IFLA_IFNAME is NULL.
* Dump interface details with rest of config.
* vrrp: When becoming master, block addresses before adding them.
  If not accept mode, entries are added to iptables/ipsets to block
  traffic to the VIPs/eVIPS. These entries should be added BEFORE the
  addresses themselves are added, to ensure there isn't a (small)
  window when we might reply from the added addresses.
* vrrp: Document virtual_rules.
* Fix memory leak re some uses of ipaddresstos().
* Fix parsing ipset names.
* vrrp: Improve and fix finding vmacs left over from previous invocation.
  When netlink reports a new or existing interface, we can extract
  information that allows us to determine if the interface is a macvlan,
  and the type (e.g. private). We can then save that in the interface_t
  structure, setting the vlan flag, and base ifindex.
  When working out the interface name to use for VMAC instances, we can
  then check the interfaces which are macvlans to see if any of them
  match the vrrp instance in terms of mac address, underlying interface
  and inet address family, and if so we can then reuse the macvlan interface.
  Commit 9ae463e7f broke the finding of existing interfaces where the
  configuration didn't specify the VMAC interface name, and simply created
  a new interface. This commits now resolves that.
  There is still an issue that if an interface was in MASTER mode when
  keepalived terminated, when keepalived restarts it leaves the VIPs and
  eVIPS on the interfaces, meaning that keepalived cannot receive VRRP
  packets on the interface from the VRRP instance that has taken over, and
  it also means that there are duplicate IP addresses on the network.
  Another commit will resolve this issue.
* vrrp: Remove ip addresses left over from previous failure.
  If keepalived terminates unexpectedly, for any instances for which
  it was master, it leaves ip addresses configured on the interfaces.
  When keepalived restarts, if it starts in backup mode, the addresses
  must be removed. In addition, any iptables/ipsets entries added for
  !accept_mode must also be removed, in order to avoid multiple entries
  being created in iptables.
  This commit removes any addresses and iptables/ipsets configuration
  for any interfaces that exist when iptables starts up. If keepalived
  shut down cleanly, that will only be for non-vmac interfaces, but if
  it terminated unexpectedly, it can also be for any left-over vmacs.
* Sort out extraneous space and tab characters.
  The commit removes spaces followed by tabs, trailing spaces and tabs,
  and replaces occurrences of 8 spaces within tabs, except where the
  spaces and or tabs occur within strings.
  This has the benefit that if blocks of code are copied, git does not
  complain when running git am on a file produced by git format-patch.
* vrrp: Simplify RFC SNMP code.
  The code was checking VRRP version unnecessarily, and also had code
  to return an index element which is not necessary.
* vrrp: Don't send traps for SNMP MIBS which are not enabled.
* vrrp: Don't register SNMP global OID if not handling it.
  If neither the checker nor the vrrp components of KEEPALIVED-MIB
  are enabled, don't register the global OID.
* Parameters passed to traps don't need to be static.
* Fix --without-lvs and --without-vrrp configure options.
* Ensure general MIB is enabled if --disable-lvs configured
* Avoid compiler warning re function definition to prototype.
* Add RFC6527 SNMP (VRRPv3).
  This commit adds read-only and notifiction support for SNMP for VRRPv3
  in accordance with RFC6527.
* vrrp: Fix MAC address for IPv4 VMACs created after IPv6 VMACs.
* vrrp: Allow routes and rules to use tables >= 256
* Don't recompile libipvs-2.6/*.c every build.
* vrrp: Remove left over ip rules and routes at startup.
* vrrp: Ensure ip routes added before rules, and vice versa.
  If ip rules are added before routes, then it is possible for a
  packet to be routed while the routing table is only partially
  complete. Adding the rule after the routes ensures that the routing
  table won't be processed until it is completely set up.
  Likewise, when removing rules and routes, remove the rules first.
* vrrp: Add missing reason message for rejected VRRP packet.
  Issue #255 show a log identifying bogus VRRP received, but there
  was no reason shown for the rejection. The only instance I can find
  for this is if vrr->family is neither AF_INET or AF_INET6, which I
  think must be a bug in the code parsing and setting up VRRP instances.
  This commit just adds a log message to be explicit about why the packet
  is rejected, and also reports the value of vrrp->family.
* Reduce number of calls to getaddrinfo() reducing DNS lookups.
* Report if vrrp or checker process abnormally terminates.
* Add option to increase child process priorities and make non swappable.
* Make vrrp_daemon.c and check_daemon.c use header file for externs.
* Add reporting ops mode, and minor tidying up of virtual_server config.
* vrrp: Don't overwrite real interface MAC address with VMAC MAC address.
  When a VMAC was being created, the MAC address of the VMAC was
  being copied to the MAC address of the underlying interface in the
  interface_t structure.
  The netlink reflector sets up the MAC address of the new VMAC
  interface, so there is no need to copy a MAC address at all.
* vrrp: Stop keepalived_vrrp terminating with SIGSEGV if lvs_syncd_if set.
  ipvs_stop() was being called before shutdown_vrrp_instances(), and
  so if lvs_syncd_if had been specified on a vrrp instance, keepalived
  would subsequently terminate with a SIGSEGV in free_interface_queue().
* Make lvs_sync_daemon global config rather than vrrp specific.
* Stop lvs sync daemons on restart in case of prior abnormal termination.
* Remove any residual ipvs configuration on restart.
* vrrp: Optimise clear_diff_vrrp_*() functions.
* Check MALLOC returned non NULL before copying to the location.
* Allxoow specifying syncid for lvs syncd.
* vrrp: Send second set of GARP messages afer receiving lower prio advert.
  When a VRRP instance transitions to master state, if garp_master_delay
  is non-zero, a second set of garp_master_repeat messages is sent after
  garp_master_delay seconds (unless 0). However, if a lower priority advert
  is received, keepalived didn't send a second set. This commit sends a
  second set if a second set would have been sent after transition to master.
* vrrp: Allow setting of graduitius ARP parameters for lower prio adv
* Don't log a "keepalived stopped" message if keepalived already running.
* vrrp: Add support for iprule and iproute table names.
* Resolve MALLOC/FREE issues to iprule/iproute table names.
* Make keepalived_malloc return void* to match malloc.
* When reporting MALLOC/FREE status on exit, report max MALLOC'd memory.
* Make libipvs use MALLOC/FREE.
* Don't restore original signal state when reloading checker config.
* Ensure signals USR1 and USR2 are set to ignore in checker process.
* vrrp: Only free list of iprule table names if list assigned.
* vrrp: Fix strict mode of vrrp instance overriding global vrrp_strict.
* Attempt to fix build breakage introduced in commit 85f81dd.
* Fix parsing of scope for ip addresses.
* Free global ssl context on reload.
* Free request_t buffer and ssl data on reload.
* vrrp: Restore sync-state after reload.
  Currently the sync state is rebuilt from the member states after
  config reload. This changes now reloads the previous sync state
  after reload, and then pushes this back to the group members. If a
  new group member is added during the reload, then the new group
  will accept the sync group state. If a group member is removed
  during a reload, then a special case will be executed to force
  the sync-group state to BACKUP. This is required so that an
  alternative backup peer for the removed group is given an
  opportunity to take over the gateway.

Have fun,

More information about the lvs-users mailing list