ebd70d3 Nov 26, 2016
4704 lines (4600 sloc) 255 KB
2016-11-26 Alexandre Cassen <>
* keepalived-1.3.2 released.
* Correctly handle return code from system() call.
If we want to check for an exit status, WIFEXITED(ret) must be
checked first.
* Fix compilation where SNMP enabled.
* Fix a couple of SNMP errors.
The length of KEEPALIVED-MIB::version was being returned a sizeof(char *)
rather than strlen(char *).
VRRPv3 vrrpv3GlobalStatisticsDiscontinuityTime was being completely
* Add additional files needed to build from git without autoconf.
* Don't save and restore current directory twice with config includes.
* Don't recognise an executable file as a configuration file.
* Allow maximum path names for configuration files.
* Don't check for include file after reaching EOF.
* Fix a segfault if terminating at startup do to interface not found.
* notify: log error while performing set{gid,uid}.
Log error message while setting goup and user before system call.
Maybe we should avoid system call on error if {gid,uid} are used, would
be more secure.
* Don't execute a script if setuid or setgid fails.
This was suggested in the comment of commit 849615d and is clearly
the right (secure) thing to do.
* If a script doesn't have a '/' in the name, search PATH for it.
This also handles spaces in script specifications where they are
* Don't allow accept when strict mode set if not address owner.
This commit changes keepalived from just issuing a warning to also
disable accept mode when strict mode is set.
Patch submitted by levin1.
* Added init_fail setting to assume failed state for vrrp_script during
startup of keepalived.
* When checking script security check set uid/gid bits too.
Although the setuid/gid bits are ignored for scripts, they are
not ignored for binary executables, and there is no point in having
the bits set for scripts. So we play safe, and simply check those
bits, and don't attempt to ascertain if it is a script or not.
* Disable scripts that aren't executable.
system() on a non-executable script will fail, so we may as well
just not try executing such a script.
* Exit if can't read configuration file.
If we have no configuration, we have nothing to run, so exit.
* Don't chdir("/") if not forking.
In keepalived_main() there is a comment that the working directory
is / unless keepalived is run in non-forked mode, in which case it
remains the current working directory when keepalived was run.
Unfortunately start_vrrp_child() and start_check_child() were
executing chdir("/") regardless of whether they had been forked or not.
Since the parent process does chdir("/") if it is appropriate, the
children will inherit that, so they don't need to chdir() at all.
* Only set umask(0) in parent process.
The children inherit it from the parent, so no need to set it in
the vrrp or checker child processes.
* Further changes for script init state failed.
* notify: use _GNU_SOURCE.
Just to make compiler happy about inconsitent declaration of mempcpy
and strchrnul. Just cosmetics here.
2016-11-21 Alexandre Cassen <>
* keepalived-1.3.1 released.
* Ensure lists aren't empty when checking script security.
* Correctly check security of scripts with parameters, and check
checker notify/quorum scripts
* Check security of real/virtual server notify scripts.
* Handle space in filenames appropriately when checking script security.
The generic notify scripts can have spaces in their filenames, all other
scripts spaced delineate parameters.
2016-11-20 Alexandre Cassen <>
* keepalived-1.3.0 released.
* Add DBus functionality to VRRP.
Add new pthread off VRRP to expose DBUs service org.keepalived.Vrrp1
through a GMainLoop.
Create a general /org/keepalived/Vrrp1/Vrrp DBus
object and a /org/keepalived/Vrrp1/Instance/#interface#/#group# object for
each VRRP instance.
Interface org.keepalived.Vrrp1.Vrrp implements methods PrintData,
PrintStats and signal VrrpStopped.
Interface com.keepalived.Vrrp1.Instance implements method SendGarp
(sends a single Gratuitous ARP from the given Instance),
signal VrrpStatusChange, and properties Name and State (retrievable
through calls to org.freedesktop.DBus.Properties.Get)
Interface files are located at location /usr/share/dbus-1/interfaces/
A policy file, which determines who has access to the service, is
located at /etc/dbus-1/system.d/
* Resolve DBus working after a reload
thread_destroy_list() was closing file descriptors of read and write
threads, but we wanted the DBus pipes to remain open. It transpires that
closing the fds in thread_destroy_list() is unnecessary, since they are
closed elsewhere anyway, so stop closing the fds in thread_destroy_list().
* Add stronger compiler warnings (-Wextra).
The following bugs were discovered:
comparison if unsigned value < 0
comparison of unsigned == -1 and not checking
return status of find_rttables_scope() correctly
accessing element buf[18446744073709551615]
ie. buf[2^64-1], which is the same as buf[-1].
The following improvements to the code were made:
Many unused function parameters
either removed or marked unused
Many signed vs. unsigned comparisons
In most cases variables change to be unsigned
Lengths being stored in signed variables
* Rationalise checking of libnl-3.
* Bring generation of rpmbuild keepalived.spec file up to date
The keepalived.spec file is now created to match the options passed
to configure. It also detects if the system init process is systemd,
upstart or the traditional SYSV init system.
* Add more BuildRequires to
* Further improvements to for systemd systems
* Change some variable names due to using PKG_PROG_PKG_CONFIG
* Fix to make RedHat hardened rpm builds work
CFLAGS, CPPFLAGS and LIBS variables were not being preserved by, and this caused needed CFLAGS to be lost when
configure was run, resulting in a build failure.
This commit ensures the flags are all preserved.
* Allow for automake macro AM_PROG_AR not existing.
* Add support for UDP socket to layer4 library.
* Add DNS checker.
* Update documentation for DNS health checker.
* Fix compile check for PE selection support.
* Add file missing from add-dns-checker commit.
* Update commits for correctly checking for IPVS_SVC_ATTR_PE_NAME.
The upadted configure and lib/ weren't included in the commits,
and to be consistent the comment on what Linux version introduced the feature
is in if the test exists in
* Fix conditional compilation test for FRA_OIFNAME.
* Fix compilation test for IFLA_INET6_ADDR_GEN_MODE.
* Fix compilation test for IPVS_DEST_ATTR_ADDR_FAMILY.
* Fix compilation test for IPVS_DEST_ATTR_STATS64 and IPVS_SVC_ATTR_STATS64.
* Fix compilation test for RTA_VIA.
* Fix compilation test for CLONE_NEWNET for DBus.
* Fix issue of overwriting the original disposition of signals.
* Improve forced termination of script execution process and its offspring.
* Improve propagate important signal for the script process groups.
* Use argument instead of static variable.
* Fix bug around the process group.
* Use SIGTERM instead of SIGHUP.
* Stop linking with -lipset.
libipset (if used) is dynamically linked at runtime, and so keepalived
shouldn't be linked with -lipset.
Linking with -lipset was erroneously added when converting the build
system to use automake.
* Report diagnostic message if dlopen() fails.
* Fix loading of ipset library when development library not installed.
* Don't use ipsets with namespaces on Linux < 3.13 by default.
On Linux prior to version 3.13, ipsets were not network namespace
aware, so by default the use if ipsets is disabled if keepalived
is running in a network namespace. Configuration keyword
'namespace_with_ipsets' enables ipset use with a network namespace
on these older kernels.
* Fix reporting of script exit status.
* Update documentation and fix compiler warning re ipset with Linux < 3.13
* Make report_child_status() check for vrrp and checker child processes
report_child_status() checks for exit status KEEPALIVED_EXIT_FATAL
and KEEPALIVED_EXIT_CONFIG, but these are only relevant for the vrrp
and checker child processes, and not for track scripts etc. This commit
adds a check that the terminating process is the vrrp or checker process
before checking those exit statuses.
* Add no_accept mode for VRRPv2 and standardise VRRPv3 with it
RFC3768, for VRRPv2, specifies that packets addressed to the VIPs
should not be accepted, unless the router is the address owner.
This commit implements not accepting the packets when running VRRPv2,
but only if no_accept is specified, or running in strict mode. The reason
for not making no_accept the default (which would confirm to the RFCs) is
that if running IPVS, or any other service on top of the VIPs, we need to
be able to accept the packets, and requiring everyone to specify accept
in that case would not be reasonable.
Prior to this commit, VRRPv3 was blocking packets sent to VIPs (and eVIPS),
unless the vrrp instance was the address owner, or accept mode was set. This
commit changes the default behaviour for VRRPv3 to make it consistent with
VRRPv2 (i.e. either strict mode or no_accept needs to be specified to be
conformant with RFC5978).
* Tidy up logged messages if ipset initialisation fails.
* Streamline MII polling.
We only need to read 2 MII registers, and not 32 as was previously being
This commit also uses the <linux/mii.h> header file for field and
register definitions.
* Simplify bitops.h code.
* Resolve warnings generated with compiler option -Dconversion.
Most of the warnings were resolved by changing the data types of some
variables. Others required casting, particularly where kernel interfaces
are involved.
There were a few instances discovered that were errors, for example comparing
an unsigned int against -1, and assigning a 16 bit value to a uint8_t.
This commit also adds configure options --enable-conversion-checks and
--enable-force-conversion-checks, the former adds compiler option -Dconversion
unless the compiler is an old version that throws up false warnings. Option
--enable-force-conversion-checks adds -Dconversion even if the compiler throws
up known false warnings.
* Fix some minor errors/typos in doc/keepalived.conf.SYNOPSIS.
* Fix keyword error in sample configuration.
* Fix typo in genhash error message.
* Fix address ranges for virtual server groups
The handling of address ranges was only written for IPv4 addresses, and
only worked on little endian systems.
This commit enables IPv6 address ranges to work, and also should now
work on big endian systems (but I don't have access to a big endian system
to test it). Validation is added to ensure that the end of the range is after
the start of the range, and that the value of the range end does not exceed
255 (for IPv4) of ffff (for IPv6).
There is also some optimisation of the code, so that netmask is not set (since
it isn't used by the kernel), and the port is set once only, before the loop
through the addresses.
* Add --enable-Werror configure option.
* Add promote_secondaries keyword for vrrp_instance block.
If two IPv4 VIP addresses are in the same CIDR, and the primary
address is removed, then by default any other address in the same CIDR is
also removed. To stop this happening, the promote_secondaries flag
needs to be set on the interface.
Commit e5526cf added setting the promote_secondaries option on
VMAC interfaces, and stated that adding the option for non-VMAC
interfaces would be added later. This commit now adds a
promote_secondaries configuration option in order to set the flag
on the interface.
* Add reporting of promote_secondaries configuration setting.
* Add conditional configuration feature
It is usually the case that the configurations for keepalived for
systems operating together are virtually identical, and only differ
in vrrp instance priorities, router id, and unicast addresses if
those are being used.
It is a nuisance to have to edit one file for each server to make
identical changes, so this commit adds the facility for conditional
configuration entries.
Any line starting with the '@' character is a conditional line.
Immediately following the '@' character is a config id. The line is
only included in the configuration if the config id matches the
argument passed to keepalived with the -i option on the command line.
For example, consider the following configuration snippet:
@main router_id main_router
@backup router_id backup_router
If keepalived is started with -i main, then the router id will be
main_router, if started with -i backup, then backup_router. If
keepalived is started without the -i option, or -i anything else,
then the above snippet will not configure any router id.
* Fix building with --disable-vrrp.
* Stop segfaulting when configuration keyword is missing its parameter
There are many places where during configuration parsing the code
assumes that if a keyword is specified that requires a parameter, then
the parameter exists. If the parameter doesn't exist, then the code
indexes past the end of the vector, and at best segfaults, and at worst
may carry on, parsing random data.
This commit adds strvec_slot() which checks for the presence of the
parameter, and if configured will call a function that can handle the
error. Currently this logs that the parameter is missing, with as much
helpful information as it can provide, and then terminates.
* Use FMT_STR_VSLOT where appropriate.
* Use TIMER_HZ where appropriate.
* Fix comment and error message re http write timeout.
* More verbose logging on (effective) priorities pt. 2.
* Change configure option --enable-snmp-keepalived to --enable-snmp-vrrp
The option was enabling snmp for vrrp, not all of keepalived (the
--enable-snmp option does that), so this commit renames it to reflect
what it is actually doing.
The --enable-snmp-keepalived option is retained but marked as obsolete.
* Use AS_HELP_STRING autoconf macro.
* Fix process increase
* Add forcing termination of children of scripts if script times out
Commits fe9638b..cebfbf5 resolved problems around forced termination
of scripts if they didn't terminate within the proscribed time. During
the development of the patches, it was identified that after a script
had been terminated by SIGTERM, any child processes created by the
script also need to be kill.
This commit adds the forced termination of any such children.
* Correctly handle existing VMACs on reload.
Anthony Dempsey in issue #449 identified that
keepalived attempts to recreate existing VMAC interfaces on a reload,
and that the subsequent failure causes keepalived not to use the VMAC.
This then identified further issues such as the check for an existing
VMAC in netlink_link_add_vmac() didn't also check the interface a
VMAC was on, and that the checks for conflicts of VMAC interface names
with existing interfaces weren't sufficient.
This patch builds on the patch provided by Anthony Dempsey to also
resolve the additional issues identified.
* Fix check of matching VRRP instances on reload.
On a reload, clear_diff_vrrp() removes vrrp instances that are no
longer in the configuration. The check, however, was based on vrrp
instance name, which might have changed. The check is now based on
VRID, address family and interface, since it is this triplet that
uniquely defines a vrrp instance.
* Fix clearing addresses no longer used after a reload.
The address comparison was including ifa_index, but that wasn't being
set up until after clear_diff_vrrp() was called.
* Don't zero the mem_allocated count during reload.
We want to know if there is a leak during reload, so don't zero the
* Ensure iptables/sets entries and ip routes/rules not lost on reload.
There were several places in the code that were causing existing
iptables/ipsets entries to be lost on reload, and also new entries
for additional ip addresses were deleted after being added. In
addition, ip rules/routes for existing entries were being removed.
* Ensure GARPs/GNAs are sent after reload if VIP/eVIP addresses added.
Although there have been versions of keepalived when GARPs/GNAs were
sent after a reload, this was due to a bug in determining if the VRRP
instance had existed before. Resolving that bug (commit aaea8a4),
caused keepalived to stop sending GARPs after a reload. This commit
now specifically adds code to send GARPs on a VRRP instance for all
addresses on that instance. It would be better if GARPs were sent only
for the added addresses, and that may be resolved in a future commit.
* Use correct interface for iptables/ipset entries when not accept mode
If an interface was specified for a VIP/eVIP, the iptables/ipset block
if not in accept mode for link local IPV6 addresses was specifying the
interface the vrrp instance was on rather than the interface the address
was added to.
This commit now makes the iptables/ipset entry specify the interface that
the address has been added to.
* Resolve "Netlink: error: message truncated" messages.
On systems with a page size larger than 4096 keepalived may report:
"Netlink: error: message truncated" messages
This error was reported on a ppc64le in an OpenStack/Nutron environment.
Ppc64le is using a 64k pages size. I found that keepalived's netlink recvmsg
buffer was too small causing messages to be truncated. The size of the read
buffer for the netlink socket should be based on page size however, it should
not exceed 8192. See the comment in the patch.
I tested the fix by creating 100 veth interfaces and verifying the errors
did not return.
* Use ipsets with namespaces on Linux < 3.13 if ipset names configured.
The problem with using ipsets with namespaces on Linux < 3.13 is that
ipsets were not namespace aware, and so all ipset entries added are
global to the system, including all network namespaces. This causes
problems if the default ipset names are used, but if set names have
been specified, it is reasonable that they have been set to be
different for each namespace, and hence there will be no clashes.
The documentation is also updated for vrrp_ipsets keyword.
* Don't write MEM_CHECK data to log when forked script child terminates.
The mem check log file was being filled with extraneous termination
information every time a forked child terminated. When a child is forked
it now sets a flag to stop the termination dump.
* Fix illegal syntax in configure script
Indirect expansion (`${!foo}`) is a bashism, it's not POSIX-sh
compatible and is not supported by common shells except Bash and ZSH!
Configure script should be portable, hence strictly POSIX compliant.
Moreover it has shebang /bin/sh.
* Make running scripts more secure
Previously, keepalived ran all scripts as root. This is potentially
dangerous if a non-root user can modify the script, or has write
access to any part of the path to the script.
This commit does the following:
1) Adds configuration options to specify the user/group under which to
run each script
2) Adds an option to set the default script user/group. If this is not
set it will default to user keepalived_script if that user exists,
otherwise it will default to root, as before.
3) If a script is to be executed with root privilege, report if it is
writeable in any way by a non-root user.
4) Add an option enable_script_security so that any scripts failing
3) above won't be executed.
5) Report if any scripts are not executable by the relevant user.
* Fix some lead tab/space issues.
* Fix segfault when terminating with no notify script configured.
* Fix compiler warning generated with --enable-conversion-checks.
* Don't segfault if modules ip_tables or ip6_tables not loaded
If either of the modules is not loaded, then don't use ip(6)tables for
that address family. We could load the module, but there would be no
entries pointing to the chains that we use, and so there is no point
adding entries to chains that won't be traversed.
* Resolve some type mismatch warnings on 32 bit systems.
* Fix checking security of misc_check scripts.
2016-09-11 Alexandre Cassen <>
* keepalived-1.2.24 released.
* Declare and use default value for garp_refresh.
* Update documentation for default setting of snmp_server.
* Ensure old VIPs removed after reload.
* Add internet network control support for IPv6.
* Log startup and "already running" messages to console with --log-console.
* Remove VIPs on reload if no longer in configuration.
* Add internet network control support for IPv6.
* Add more lvs syncd options, and various minor fixes.
* Don't attempt to set packet priority for wrong IP protocol.
if_setsockopt_priority() was setting SO_PRIORITY socket option regardless
of whether the socket was IPv4 or IPv6. Although the setsockopt() call doesn't
fail for IPv6, it doesn't do anything.
Commit fc7ea83 added setting IPV6_TCLASS, again for both IPv4 and IPv6, but
the setsockopt() call fails on an IPv4 socket.
This commit makes keepalived only set the appropriate socket option, depending
on whether it is an IPv4 or IPv6 socket.
The commit also changes from using the SO_PRIORITY option for IPv4 to using the
more specific IP_TOS option.
* Avoid compiler warning of duplicate definition.
* Add function attributes to malloc functions.
* KEEPALIVED-MIB vrrpRuleIndex should be unsigned.
* Allow all ip rule/route options for rules and routes.
This commit adds support for all ip rule/route supported options for
rules and routes (and also tunnel-id rule option not yet supported
by ip rule).
* Make ip rules/routes a configuration option.
* Add all ip rules/routes options, and minor fixes.
* Corrections for rule suppress_ifgroup.
* Stop respawning children repeatedly after permanent error.
Keepalived was respawning very rapidly after a permanent error, which
was not useful.
This commit allows the detection of certain errors and if one occurs
keepalived won't respawn the child processes, but will terminate with
an error message.
* Remove all remaining vestiges of Linux 2.4 (and earlier) support.
There was code remaining for supporting ip_vs for Linux 2.4, but
the remainder of the keepalived code requires Linux >= 2.6.
* Make some libipvs functions static.
* Move ipvs source and include files into check/include directories.
* Don't duplicate kernel definitions for IPVS code.
* Remove unused code from libipvs.c.
* Remove ip_vs_nl_policy.c, contents now in libipvs.c.
* Add ipvs 64 bit stats.
* Remove linux 2.4 code, add 64bit ipvs snmp stats, and some minor fixes.
* Fix compiling without SNMP checker support.
The patchset removing support for Linux 2.4 introduced a problem
compiling libipvs.c when SNMP checker support wasn't enabled.
* Remove those annoying "unknown keyword" messages.
A slight reworking of the parsing code manages to get rid of those
annoying "unknown keyword" messages which we all know are't true.
* Remove IP_VS_TEMPLATE_TIMEOUT. It was removed from ipvsadm in
version 1.0.4.
* Remove check for MSG_TRUNC being defined.
It has been defined since glibc 2.2.
* Remove conditionals based on libc5. libc5 predated glibc 2.0.
* Remove conditional compilation checks for defines in Linux 2.6.
are all defined in Linux 2.6, so no longer need to be wrapped in
conditional compilation checks.
* Sort out checks for O_CLOEXEC.
* Remove check for SA_RESTART. It existed pre Linux 2.6.
* Change reporting of default snmp socket.
* More updates for removing pre-Linux 2.6 code, and stop "unknown keyword"
* Fix adding iptables entries on Linux 4.6.3 onwards.
ip[46]tables_add_rules() were allocating space for an additional
struct xt_entry_match. kernel commit 13631bfc6041 added validation
that all offsets and sizes are sane, and the extra
struct entry_match failed that test.
* Fix adding iptables entries on Linux 4.6.3 onwards.
* Fix size parameter for keepalived_malloc/realloc.
lib/memory.h specified the size parameter to keepalived_malloc/realloc
as size_t, whereas lib/memory.c specified unsigned long.
The inconsistency was complained about by the compiler on 32-bit systems.
Fix memory.c to make the parameter a size_t.
Change lib/memory.c and lib/memory.h to use type size_t for size
Use printf format specified %zu for size parameters.
* Fix building without LVS or without VRRP.
* Convert build system to automake.
The INSTALL file gives instructions for setting up the build system
using automake etc.
For those without automake (and autoconf), just running configure
works as before.
* Convert build system to automake.
* Add network namespace support.
This allows multiple instances of keepalived to be run on a single
system. The instances can communicate with each other as though they
are running in separate systems, but they are also isolated from
each other for all other purposes.
See keepalived/core/namespaces.c for some example configurations and
use cases.
* Use atexit() for reporting malloc/free checks on termination.
* Add + and git commit in -v output if uncommited changes.
* Add network namespace support.
* Remove some superfluous conditional compilation tests.
* Poll for reflection netlink messages after adding each interface.
If a large number of interfaces are added, the kernel reflection
netlink socket can run out of buffers. This commit adds a poll of
the kernel netlink reflection channel after adding each interface,
thereby ensuring that a large queue of messages isn't built up.
* Stop Netlink: Received message overrun (No buffer space available) messages.
* Fix debug build since automake conversion.
* Fix configuration testing for ipset support prior to Linux 3.4.
* Add polling of netlink messages when entering master state.
If a large number of vrrp instances enter master state simultaneously
the netlink socket can run out of buffers, since the netlink socket
isn't read sufficiently frequently. Adding a poll of the netlink socket
after the VIPs/eVIPs are added ensures that the netlink messages are read
when the become available.
* Add some missing '\n's when printing the vrrp configuration.
* Fix generating git-commit.h.
* Ensure xmit_base not set with strict mode.
* Fix detection of code changes not commited to git in git-commit.h.
* Change true/false variables in global_data to bools.
* Fix timer_cmp handling large differences between the two times.
In a struct timeval, tv_sec is a time_t which is a long. Assigning
a.tv_sec - b.tv_sec to an int caused it to overflow if the time
differences were large.
* Add a TIMER_NEVER value.
This allows a thread to specify that it never wants to be woken on a
timed basis.
* Add global default_interface keyword.
default_interfaces sets the default interface to use for static
ipaddresses. If the system does not have an eth0, or one wants to
use a different interface for several static ipaddresses, this makes
the configuration simpler. It also has the potential to reduces
changes required if transferring the configuration to another system.
* Fix skew time for VRRPv3 with low priority and long advert interval.
With a low priority and a long advert interval, the calculation of the
skew time was overflowing a uint32_t. For example, with a priority of
1 and an advertisment interval of 10 seconds, the skew time was being
calculated as 4288 seconds, rather than 9.96 seconds. This had the
impact that the backup instance would take over an hour to transition
to master.
* Don't set master_adver_int from an invalid packet.
* Make timeout_persistence a uint32 rather than a string.
* Fix some configuration tests and compiling on old Linux version.
* Improve persistence handling.
Properly support persistence_granularity for IPv6.
Set persistence_timeout default if granularity specified.
Only support persistence engine if supported by the kernel.
This commit also changes variables timeout_persistence and
granularity_persistence to persistence_timeout and
* Simplify a bit of indentation.
* Add (commented out) code for writing stack backtrace to a file.
* Free syslog_ident string after logging the free.
When writing mem check entries to the log, the syslog_ident needs to be
freed after the log has been written to.
* Allow FREE_PTR mem check to log the proper function.
Having FREE_PTR as a function meant that whenever any memory was freed by
FREE_PTR() the function that was logged as freeing it was FREE_PTR itself.
Changing FREE_PTR() to be a #define means that the calling function name
is logged.
* Fix a conditional compilation test re namespaces and rename a variable.
* Fix when some FREE() calls are made.
* Only parse net_namespace in parent process.
* Add VRRP/LVS conditional compilation around PID files.
* Improve removing zombie PID files.
* Add more VRRP/LVS conditional compilation.
* Don't check if instance is a rotuer every time an NA is sent.
keepalived was calling sysctl to check if the interface was configured as
router before sending each gratuitous Neighbour Discovery advertisement. This
patch now checks if the interface is routing when the instance transitions to
master, and uses that for all the NA messages.
* Improve mem check initialisation.
* Add support for running multiple instances of keepalived.
Using network namespaces allows multiple instances of keepalived to run
concurrently, in different namespaces, without any collision of the pid
This patch adds the concept of a keepalived instance name, which is then
use in the pidfile name, so that multiple instances of keepalived can run
in the same namespace without pid file name collisions.
* Add option to write pid files to /var/run/keepalived.
When using namespaces or instances, pid files are written to /var/run/keepalived.
The commit adds an option for the standard pid files to use that directory.
* Add keywords instance and use_pid_dir, plus sundry fixes/improvements.
* Add configure option to enable stacktrace support.
* Fix adding and deleting iptables rules for addresses.
When keepalived was built not using ipsets, the adding and deleting
of rules for addresses was including an extra xt_entry_match struct
that meant that the rules could only be deleted by ithe iptables
command by entry number and not be specifying the parameters.
* Fix compiling without libiptc (iptables) support.
* Don't log error message when trying to remove leftover iptables config.
At startup keepalived attempts to remove any iptables configuration that
may have been left over from a previous run. Of course the entries won't
normally be there, so don't report an error if they are not found.
* Fix iptables entries for accept mode, other iptables fixes, and make
write_stacktrace a configure option.
* Add script to setup interfaces in a network namespace.
The scripts mirrors the running network interfaces that are needed
for a given keepalived configuration into a network namespace
(default test), so that keepalived can be run in that namespace in
order to test the configuration.
* Correct comments re location of network namespace pid files.
* Add -s option for overriding net_namespace configuration option.
* Change test/ -c option to -f to match keepalived.
* Make report interfaces that don't exist.
* Remove leftover debug message.
* Fix address comparison for equal priority adverts.
* Streamline the specification of libraries to the linker.
Most of the dynamic libraries and static libraries were being specified
twice. This commit removes the duplication of all of the dynamic libraries
and only duplicates core/libcore.a of the static libraries.
* Fix automake files for building on Ubuntu 14.04 LTS.
* Enable building with Net-SNMP on Ubuntu.
* Stop compiler warning on Ubuntu.
* Fix compilation with libipset on Debian wheezy.
* Fix various build problems on Ubuntu 14.04 and Debian.
2016-07-11 Alexandre Cassen <>
* keepalived-1.2.23 released.
* Make malloc/free diagnostics a separate configure option.
The commit adds the configure --enable-mem-check option which
allows the MALLOC/FREE diagnostics to be enabled without
the --enable-debug option. This means that the mem-check
diagnostics can be used when running keepalived in it's normal mode
with forking children for vrrp and checkers.
The mem-check diagnostics are written to
The --mem-check-log configure option enables command line option
-L which also writes zalloc/free details to the syslog.
* Fix compilation error on 32-bit systems with mem-check enabled.
* Replace one zalloc() and one free() call with MALLOC() and FREE().
This ensures that the mem-check diagnostics cover all mallocs/frees.
* Fix report of malloc'd memory not being freed.
* Streamline read_line().
* Resolve a segfault when reloading with vmacs.
The vrrp_t entries on the vrrp_data list have pointers to an
interface_t for each vrrp instance. When reloading, the
interface_t items where freed, but a pointer to the old list
of vrrp_t items is held in old_vrrp_data. After the new
configuration is processed, clear_diff_vrrp() is called. clear_diff_vrrp()
uses the interface_t pointers from the old vrrp_t entries, but the
memory pointed to by the interface_t pointers has already been freed,
and probably reallocated for a different use.
This commit delays freeing the old interface_t items until after
clear_diff_vrrp() has completed, so the interface_t pointers remain valid.
* Check valid interface pointer before calling reset_interface_parameters().
Before resetting the settings on the base interface of a vmac, check that
the interface_t pointer is valid.
* Fix new --mem-check-log option.
* Don't write parent's memory logging into children's log file.
When running with mem-check output to files, the buffer from the
parent process was also being written into the children's log
files. The commit sets the CLOEXEC flag on the log files, and
also sets the log files to be line buffered.
* Fix segfault or infinite loop in thread_child_handler() after reloading.
When the checker and vrrp child processes start up, memory for a
thread_master_t is malloc'd and saved in master. Subsequently,
launch_scheduler() is called, and that sets the parameter to be passed
to the SIGCHLD handler - thread_child_handler() to the value of master,
pointing to a thread_master_t.
If keepalived is signalled to reload, the child processes free all
malloc'd memory, and a new thread_master_t is malloc'd and saved in
master. If this is not the same address as the previous thread_master_t,
then the value being passed to the SIGCHLD handler is a pointer to the
old thread_master_t, whereas everything else is using the new thread_master_t.
If the memory used for the old thread_master_t is then returned in a subsequent
malloc() call, a subsequent SIGCHLD will invoke thread_child_handler() with
a pointer to memory that has now been overwritten for some other purpose, hence
causing either a segfault or an infinite loop.
A further consequence is that new child processes will be added to the new
thread_master_t, but when thread_child_hander() is called after a child
terminates, it won't find the child since it is still looking at the old
This commit modifies the behaviour of a reload by not releasing the old
thread_master_t and then malloc'ing a new one, but rather it just reinitialises
the original thread_master_t and continues using it.
* Remove base_iface from struct _vrrp_ - it wasn't used.
* Add configuration option to flush LVS configuration.
This commit adds a global configuration option lvs_flush to flush
the LVS configuration, and if not set, the configuration won't be
* Add back real server when return from failure with HTTP_CHECK.
If status_code wasn't specified for a url entry in the configuration
then a real server would never be returned to service following a
The commit makes keepalived return a real server to service if no
status_code is specified if the HTTP status code returned from the
service is a success code (i.e. 2xx).
* Avoid duplication of keyword installation in check_http.c.
* Fix adding new static ip addresses after reload.
Commit f23ab52, when stopping duplicate static ip routes and rules
being added after a reload also stopped new static ip addresses being
added. The commit reinstates adding new static ip addresses.
* Fix adding static iprule/routes after a reload.
* Stop segfault when configure a route with no destination address.
* Fix unused global vrrp_garp_master_refresh.
* fix healthchecker reload when some healthchecks are failed.
2016-06-14 Alexandre Cassen <>
* keepalived-1.2.22 released.
* vrrp: Fix build without VRRP VMAC.
* Fix compilation with RFC SNMP without Keepalived SNMP.
* vrrp: Update master_adver_int when receive higher priority advert
when master.
If VRRPv3 is being used, and a higher priority advert is received when
in master mode, the master_adver_int needs to be updated when transitioning
backup mode. If this isn't done, and our advert interval is less than a third
of the new masters, we will time out and re-enter master mode, send an advert
to which the other master will resond with a higher priority advert, causing
us to go back into backup mode, until our timer expires again, and this will
continue indefinitely.
* vrrp: Don't send advert after receiving higher priority advert.
If a master receives a higher priority advert, there is no need
to send another advert, since the sender of the higher priority
advert is already a master. Further, any other instance in backup
mode will process our subsequent advert, and then consider the
wrong system to be master, until it receives another advert from
the real master.
With VRRPv3, if the other master has an advert interval more than
three times our advert interval, backup routers will be using our
advert interval after we've sent our subsequent advert, and will
then timeout before the new master sends another advert, prompting
(one of) the backup routers to become a master, which will prompt
the higher priority master to send an advert, the ex-backup router
will then send another advert and we could end up in an endless cycle.
* vrrp: Fix receiving advert from address owner when in fault state.
* vrrp: When transitioning from fault state, log state change.
* vrrp: Fix preempt delay when transitioning from fault state.
There were two ways of leaving fault state, either by receiving a packet
on the instance, or by a netlink message indication that the interface is
up again. In neither case was preempt_delay considered in the code.
This commit changes the way vrrp->preempt_time is used. preempt_time is now
only used once a higher priority advert is received, rather than being updated
every time a lower priority advert is received. vrrp->preempt_time is now also
set when transitioning out of fault state. vrrp->preempt_time.tv_sec == 0 now
indicates the timer is not running.
* vrrp: Detect and report duplicate address owners.
If more than one system is configured as an address owner (priority
== 255), this would be a configuration error, and could cause
unexpected behaviour. This commit ensures that the problem is
reported, and sets the local instance not to be the addess owner,
as a temporary workaround for the problem.
* vrrp: Fix maximum number of VIPs allowe.
* ipvs: Fix IPVS with IPv6 addresses.
* ipvs: Don't overwrite errno by another syscall before checking errno.
* ipvs: ipvswrapper.c: fix comparison.
* Enable compilation with development net-snmp headers.
* vrrp: Fix IPv4 vIP removal when addr matches pre-existing interface addr.
For IPv4 vIPs keepalived adds a /32 to the underlying interface. If
this address matches an address already configured, e.g. a /24, when
this vIP is eventually removed due to a configuration change or
keepalived shutdown, the original address matching the vIP, outside
of keepalived's control, is removed instead. This behaviour is
incorrect. The /32 added by keepalived should be the address being
removed. Keepalived should not be touching any addresses it does not
* vrrp: Check for errors when opening VRRP data and stats files.
This fixes crashes when running keepalived under SELinux enforcing mode,
which does not allow keepalived proccess to write to /tmp by default.
* vrrp: Don't assume IPADDRESS_DEL == 0 and IPADDRESS_ADD != 0.
* vrrp: Fix compilation failure.
* vrrp: Fix transition to backup when receive equal priority advert from
higher address.
When a vrrp instance in master mode received an advert from another master
that had equal priority, it wasn't comparing the addresses to determine
whether it should treat the advert as higher priority, and hence the
instance should fall back into backup state.
When checking whether the advert is from a lower priority master, it now
checks if the priorities are equal and then compares the addresses.
* vrrp: Optimise address comparision when receive advert in master mode.
* Optimise inet_inaddr_cmp.
2016-05-26 Alexandre Cassen <>
* keepalived-1.2.21 released.
* Install VRRP-MIB when applicable.
It appears that the condition in for installing VRRP-MIB
was using a non-existent macro, SNMP_RFC2_SUPPORT. This patch removes
two conditions from that use undefined macros and adds a
condition to install VRRP-MIB when SNMP_RFCV2_SUPPORT is set
* Check virtual route has an interface before returning ifindex to SNMP
* Force git-commit.h to be updated when needed
* INSTALL: Keepalived doesn't need popt anymore
* INSTALL: support for 2.2 kernels is long gone.
* INSTALL: fix a few typos
* keepalived.conf(5) some minor improvements
* man keepalived(8): some minor improvements
* Add printing of smtp server port when printing global config
* timeout_epilog: mark argument const.
* parser: mark some function arguments as const.
* terminate argv with NULL.
man execvp says: "The array of pointers must be terminated by a null
* ipvswrapper.c: fix comparison.
* mark pidfile strings as const.
* utils.c: mark some arguments a const.
I left inet_stosockaddr alone for now, since it modifies the string.
We should fix that, since we pass in strings which might be const and in
readonly memory.
* netlink_scope_n2a: mark return type as const.
* vector->allocated is unsigned.
* notify_script_exec: mark a few arguments as const.
* vscript_print: mark string as const.
* vector->allocted is unsigned.
* dump_vscript: mark str as const.
* Updated range for virtual_router_id and priority.
* Stop segfaulting with mixed IPv4/IPv6 configuration
After reporting that an ip address was of the wrong family, when
the invalid address was removed from the configuration, keepalived
was segfaulting, which was due to the wrong address being passed to
* Updated range for virtual_router_id and priority in
* Allow '-' characters in smtp_server hostname.
* Allow smtp_server domain names with '-' characters to be parsed
* Report and exit if configuration file(s) not found/readable.
The configuration file is treated as a pattern, and processed
using glob(). If there is no matching file, then it wasn't reading
any file, and keepalived was running with no configuration.
This patch adds a specific check that there is at least one matching
file, and also checks that all the configuration files are readable,
otherwise it reports an error and terminates.
* Fix building with Linux < 3.4 when ipset development libraries
Prior to Linux 3.4 the ipset header files could not be included in
userspace. This patch adds checking that the ipset headers files can
be included, otherwise it disables using ipsets.
* configure: fix macvlan detection with musl libc.
* Fix compiling without macvlan support.
* Bind read sockets to particular interface.
Otherwise, since we use RAW sockets, we will receive IPPROTO_VRRP
packets that come in on any interface.
* vrrp: read_to() -> read_timeout(). Make function name less confusing.
* vrrp: open_vrrp_socket() -> open_vrrp_read_socket().
An equivalent open_vrrp_send_socket() exists, therefore make
the read version follow the same naming convention.
* vrrp: fix uninitialized input parameter to setsockopt().
* Make most functions in vrrp_print.c static.
* Enable compilation on Linux 4.5.x.
Including <libiptc/libiptc.h> causes a compilation failure on Linux 4.5
due to both <net/if.h> and <linux/if.h> being included, and they have
a namespace collision.
As a workaround, this commit defines _LINUX_IF_H before including
<libiptc/libiptc.h>, to stop <linux/if.h> being included. Ugly, yes,
but without editting kernel header files I can't see any other way
of resolving the problem.
* Fix segmentation fault when no VIPs configured.
When checking the VIPs in a received packet, it wasn't correctly
handling the situation when there were no VIPs configured on the
VRRP instance.
* Improve checking of existance and readability of config files.
There was no check of the return value from glob() in read_conf_file()
and check_conf_file(), so that if there were no matching files, they
attempted to use the uninitialised globbuf, with globbuf.gl_pathc taking
a random value. A further check has been added that the files returned
are regular files.
Finally, if no config file name is specified check_conf_file() is now
passed the default config file name rather than null.
* vrrp: update struct msghdr.
The vrrp netlink code assumes an order for the members of struct msghdr.
This breaks recvmsg and sendmsg with musl libc on mips64. Fix this by
using designated initializers instead.
* Initialise structures by field names.
* Detection of priority == 0 seems to be shaded.
* More verbose logging on (effective) priorities.
* Log changes to effective priority made via SNMP.
* vrrp: use proper interface index while handling routes.
It appears current code has a small typos while handling routes trying
to access route->oif where it should be route->index.
* vrrp: make vrrp_set_effective_priority() accessible from snmp code.
just include proper file in order to avoid compilation error.
* monotonic_gettimeofday: make static.
* Disable unused extract_content_length function.
* utils: disable more unused functions.
* utils: make inet_sockaddrtos2 static.
* signal: remove unused functions.
* Disable unused signal_ending() consistently with other unused code.
* parser: make a bunch of stuff static.
* scheduler: make a bunch of stuff static.
* scheduler: disable unused thread_cancel_event().
* vector: disable unused functions.
* vector: make 2 functions static.
* list: disable unused function.
* genhash: make some functions static.
* Remove unused variable.
* core: make a few functions static.
* checkers: make some functions static.
* vrrp_arp: make some global variables file-scope.
* vrrp_ndisk.c: make 2 global variables file-scope.
* vrrp: make some functions and globals static.
* In get_modprobe(), close file descriptor if MALLOC fails.
The sequencing of the code wasn't quite right, and so if the MALLOC
had failed, the file descriptor would be left open.
* Fix compilation without SOCK_CLOEXEC and SOCK_NONBLOCK.
SOCK_CLOEXEC and SOCK_NONBLOCK weren't introduced until
Linux 2.6.23, so for earlier kernels explicitly call fcntl().
* Don't include FIB rule/route support if kernel doesn't support it.
* Enable genhash to build without SOCK_CLOEXEC.
* Ignore O_CLOEXEC if not defined when opening and immediately closing file.
* Allow building without --disable-fwmark if SO_MARK not defined.
configure complained "No SO_MARK declaration in headers" if that
was the case, but --disable-fwmark was not specified. The commit
stops the error message, and just defines _WITHOUT_SO_MARK_ if
SO_MARK is not defined.
* Update documentation for debug option.
* Add options -m and -M for producing core dumps.
Many systems won't produce core dumps by default. The -m option
sets the hard and soft RLIMIT_CORE values to unlimited, thereby
allowing core dumps to be produced.
Some systems set /proc/sys/kernel/core_pattern so that a core file
is not produced, but the core image is passed to another process.
The -M option overrides this so that a core file is produced, and
it restores the previous setting on termination of the parent process,
unless it was the parent process that abnormally terminated.
* Add option to specify port of smtp_-server.
* Add comment re when linux/if.h and net/if.h issue resolved upstream.
* Enable building with SNMP with FIB routing support.
* Exclude extraneous code when building with --disable-lvs.
* Update description of location of core files.
* Add support for throttling gratuitous ARPs and NAs.
The commit supersedes pull request #111, and extends its functionality
to also allow throttling of gratuitous NA messages (IPv6), and allows
specifying the delay parameters per interface, since interfaces from
the host may be connected to different switches, which require
different throttling rates.
* Add snmpServerPort to Keepalived MIB.
* Add printing of smtp server port when printing global config.
* Add aggregation of interfaces for throttling ARPs/NAs.
This commit adds support for aggregating interfaces together, so
that if multiple interfaces are connected to the same physical switch
and the switch is limited as a whole on the rate of gratuitous ARPs/
unsolicited NAs it can process, the interfaces can be grouped together
so that the limit specified is applied across them as a whole.
* In free_interface_queue, don't check LIST_ISEMPTY before freeing.
* Clear pointer freed by free_list().
* Make FREE_PTR() clear the pointer after freeing the memory.
* Make FREE() clear pointer after memory released.
Since a pointer to allocated memory mustn't be used after the memory is
freed, it is safer to clear the pointer. It also means that if the pointer
is subsequently used, it shoud segfault immediately rather than potentially
trampling over random memory, which might be very difficult to debug.
* vrrp: Improve validation of advert_int.
2016-04-02 Alexandre Cassen <>
* keepalived-1.2.20 released.
* better VERSION handling
* ipvs: tcp check supports retry.
New tcp check config option "retry" sets the check retry counter.
If tcp check fails on an alive server, keepalived will perform
another checks until n_retry counter reaches zero, or until the check
succeeds. The delay between retry checks is configured by the
"delay_before_retry" config option. The default value is 1 retry after 1 second.
This is the same feature that already exists in HTTP checker
(config option "nb_get_retry").
* check_http: retry logic is refined.
Retry on every error, including timeout and connection
error, but only when RS is up.
This is needed to reduce rs flaps: we shut the server down
only after nb_get_retry failed checks.
Also, do not wait for delay_loop after a successfull check to
bring the server UP.
* ipvs: respect the error code of the ipvs_talk.
Previously, if the IPVS reflector was unable to perform
its task, it reported error through syslog and ignored it.
This behavior leads to inconsistancies with quorum-handler:
it is called with UP even if no RS were added into the IPVS.
This could take place, for example, when there is a limit of
opened filehandles and keepalived was unable to open netlink
socket (it is opened on every call to the ipvs_talk).
Now the check is not marked as OK unless IPVS reflector reports
OK. Following successfull check will try to add an RS again.
The special case errors "ENOENT on remove" and "EEXIST on add"
are treated with OK result code.
* ipvs: remove unused resulting error code.
These functions are turned from int into void:
ipvs_group_sync_entry, ipvs_group_remove_entry, ipvs_syncd_cmd.
* check_http: reduce cpu usage.
do MD5 calculation only when configured to do so.
* timer: reduce cpu usage.
timer_cmp is called too often and eats much of cpu cycles. Make
the comparison more effective. Increase code re-using in
monotonic_gettimeofday(). Use timer_reset_lazy() where possible
to omit the excess memset() call.
* scheduler: reduce CPU usage.
Since threads are sorted by t->sands, we could break the cycle
when not expired thread found.
* ipvs: rs weight changes properly on reload.
Do not remove and re-add a real_server when reloading config
if its weight has changed. Just edit the existing ipvs rs entry.
* ipvs: new service option "ip_family".
This option explicitly specifies the address family of a
fwmark IPVS service entry. Previously it was determined by
the AF of the first real server. This logic is kept as a fallback
when the "ip_family" option is missing.
Also, now it is possible to create two different services
for v4 and v6 with the same fwmark number.
* make 'smtp_server' config to support domain name.
* use getaddrinfo() instread of gethostbyname().
* make 'smtp_server' config to support domain name.
* Added vrrp 'timeout' to synopsis.
* Cleaned/fixed up KEEPALIVED-MIB, it now passes smilint
* Fixed vrrp_snmp_route() - it was returning the address of the pointer
instead of the IP address / network address for dst, gw, gw2, and src
* SNMP fixes/cleanup.
* Added support for static and virtual ip rules for use with policy
based routing
* Add info to set a default gateway into man and sample.
* vrrp: Fix socket setup code for IPv4 multicast.
if_setsockopt_mcast_if was only doing anything for IPv6 interfaces.
Make it work also for IPv4 interfaces, and then don't need to
call if_setsockopt_bindtodevice for multicast.
Is it still necessary to call it for unicast?
* vrrp: Set (and restore) interface parameters.
In order to receive and send multicasts on the correct interfaces
various parameters need to be set via the /proc/sys/net/ipv4/conf
interface. This patch sets them as needed, and restores any
changes on the underlying interface on exit.
If a user currently sets any parameters by scripts, that will
override these changes and still work, but this change in general
will make it unnecessary to change any parameters with scripts.
* vrrp: Leave VRRP multicast group by ifindex.
Since we know the interface index, use that instead of the address
since it is more efficient. Also, in the unlikely event that the
interface doesn't have an address, then this avoids a problem.
* vrrp: Don't delete vmac interfaces before dropping multicast membership.
Further to commit afea07bd94384c8ac8125e8cdbfd18bc4a46b14e, the
dropping multicast memberships were failing, since the vmac
interfaces had already been deleted. This patch keeps the vmac
interfaces until after the IP_DROP_MEMBERSHIP ioctls. Separating
the sending of the VRRP priority 0 messages from the shutdown
of the vrrp instances is necessary since vrrp_dispatcher_release
closes the sockets that are needed for sending the messages.
* vrrp: Don't open vrrp_send_socket if address family is wrong.
open_vrrp_send_socket was opening a socket, and then checking that
the address family was valid. Checking that the address family is
valid at the beginning of the function streamlines the code.
* vrrp: Stop m'cast packets being queued (and not received) on send socket.
If there are other vrrp instances on the same network, their
multicast packets are queued to our vrrp send socket, but since we
don't receive on that socket, the messages just get queued in the
kernel (run netstat -anp | grep keepalived to see the queued
packets increasing).
This patch clears the IP_MULTICAST_ALL option, to stop these
packets being queued.
* vrrp: Fix typos in log messages.
* vrrp: Fix RFC reference.
* vrrp: Fix vrrp parser error message.
* vrrp: Add interface index to vrrp dump data.
* vrrp: Don't specify source address in IP_ADD_MEMBERSHIP ioctl.
If ifindex is specified, any source address given is ignored.
* vrrp: If fail to remove vmac i/f, don't report success after fail message.
* Help vim's formatting to work in
The single "'" in a comment confuses vim, and the screen formatting
gets confused. Adding a second "'" in a C comment sorts vim out.
* vrrp: Don't explicitly drop IGMP membership before interface deletion.
The kernel will send IGMP leave group messages when an interface
is deleted, so there is no need for us to do so. Experimentation
has shown that explicity doing IGMP_DROP_MEMBERSHIP doesn't make
it any more likely the IGMP leave group messages will be sent.
Adding the 1 second sleep significantly increases the likelihood
of the IGMP messages being sent, but is doesn't guarantee it.
Extending the sleep time doesn't improve the chances.
* Fix compiler warnings.
* vrrp: Add info to set a default gateway into man and sample.
* vrrp: Don't report error on interface creation/deletion.
netlink_reflect_filter was returning an error if it didn't already
know about an interface that has just been created. If we don't
know about the interface, simply ignore it. Likewise on interface
deletion, if we don't know about the interface, ignore it.
* vrrp: Ensure the first interface's parameters are set when using libnl3.
Patch 60217b63242bee37b1c97a04644be6eb5e18b4c4 sets the interface
parameters for each interface, but when using libnl3 there was a
conflict with libnl, causing the parameters not to be set for the
first interface. This patch makes vrrp_netlink.c use libnl3 if it
is available, to avoid the conflict.
* vrrp: Fix interface parameter setting with libnl3 and error message on
interface creation/deletion
* vrrp: Allow gratuitious ARP parameters to be configured globally.
It is likely that the gratuitions ARP parameters will want to be
the same for all interfaces, so allow the defaults to be set
globally. Also allow vrrp_garp_delay to be set to 0 to indicate not to
send further garp messages after a delay (to emulate how the
kernel sends gratuitous ARPs).
* ipvs: Remove nat_mask configuration parameter.
nat_mask was only valid with 2.2 kernel, and the implementation of
it was removed in patch d51194f... but some of the configuration
code remained. This patch removes all remaining code relating to
* Update man pages. keepalived.conf.5 is updated to include all
configuration parameters, and keepalived.8 is updated to document the
signals that can be used with keepalived.
* Remove remaining 2.2 kernel code.
* vrrp: Allow specification of default VRRP version to use.
Rather than have to specify using VRRP version 3 on each VRRP
instance, allow global configuration to set the default version.
* vrrp: Remove use of deprecated nl_join_groups().
The use of nl_join_groups was introduced in commit 84cf733.. in
order to resolve quickly a problem introduced in an earlier patch.
This patch follows the approach adopted by libnl3, which uses a
list of groups, rather than a bitmap which is limited to 32 groups.
* Documentation updates, removal of redundant code, global config.
* vrrp: set router flag in neighbour advertisements.
This is necessary in order to prevent the IPv6 stack on a node that
receives the unsolicited and overriding neighbour advertisement for the
VIP (that gets sent automatically when Keepalived transitions to MASTER
state) from immediately removing the VIP from its list of default
routers. See for an example of
the problems this can cause.
Note that the approach in this patch simply unconditionally sets the
router flag. That is better than having it unconditionally unset (VRRP
stands for Virtual *Router* Redundancy Protocol, after all), but it
might not be appropriate whenever VRRP is used to fail over addresses
that are used for other tasks than being routers. Thus it might be
better to read in the interface's "forwarding" sysctl and set the router
flag accordingly, or making the value of the router flag configurable in
* vrrp: Dynamic addition of interfaces from netlink msg.
When a tracked interface is deleted then recreated with the same config
VRRP groups tracking this interface will remain down. This is due to
tracking of stale information.
This patch listens for netlink messages for the creation of interfaces
and does one of two things.
i) If the interface doesn't exist in the vrrp interface list a new
interface structure is created and the information from the message is
used to fill the structure. This new interface is then added to the
interface queue.
ii) If the interface already exists in the queue we zero it and then
use the information in the message to fill the structure.
* branch to fix empty RS list issue.
* a fix for services with no RS.
* check: segfault when there is no real server for a virtual server.
* vrrp: Stop memory leak rename function for convention.
Renamed netlink_populate_intf_struct to netlink_if_link_populate to fit
with file naming scheme.
It was possible that a created ifp structure would not be cleaned up if
netlink_if_link_populate returned a -1, fixed this so the structure is
* Make parent process handle and propagate USR1/2 signals.
In order to be able to automate writing configuration and/or stats
the signals USR1 and USR2 need to be able to be sent to the parent
process since its pid can be read from /var/run/
The parent then needs to propagate these signals to a vrrp child.
* Ignore all signals except those explicitly wanted.
In order to harden keepalived against a user accidentally sending
a wrong signal to keepalived, set all signals other than those we
want actioned to be ignored.
* Remove potential race condition when setting signal handlers.
There was the potential for signal_run_callback to be invoked
after calling sigaction for a signal, prior to the internal signal
handler signal_SIG***_handler and signal_SIG***_v variables being
set up. To remove the race condition, when setting a signal handler
block the signal until the internal handlers have been fully set up.
* Make signal_ignore mean ignore.
signal_ignore was setting a signal handler for the signal, but
then itaking no action when the signal was received. This is now
changed so the signal is actually set to be ignored.
* Streamline signal handling code.
There was some duplication of the code for signal handling, and
this slight restructuring avoids the duplication and makes it
* vrrp: Invoke notify scripts with the default signal disposition.
It is reasonable for notify scripts to expect to be invoked with
the standard signal disposition, so when first setting up signal
dispositions, remember the original state so it can be restored
before the notify scripts are exec'd.
* Return address of previous signal handler according to SA_SIGINFO.
The man page for sigaction(2) states that SA_SIGINFO is only
meaningful when establishing a signal handler. This appears not
to be the case, since the flag will be set in the oldact structure
on return from sigaction if the previous signal handler was
established using the SA_SIGINFO flag.
* Invoke all scripts with the default signal disposition.
Just as the change for notify scripts, it should apply to other
scripts as well.
* vrrp: Don't wait on script process being killed after timeout.
The child_timout_thread functions send a SIGKILL to a child
process that has timed out and didn't die quickly enough
after sending a SIGTERM. They then wait on the process dying.
The main problem is that if the waitpid is successful here, then
waitpid in thread_child_handler will never be successful for the
same pid, and so the entry on the child list will never be removed
and the parent thread will not be marked as ready.
There is also a theoretical possibility that the child process is
unkillable, and so the waitpid would hang forever.
* Set thread conditions before adding to list.
It seems safer to set the status and type of a thread before
adding it to the ready list.
* Remove some code duplication re running scripts.
misc_check_thread and vrrp_script_thread were virtually identical
so move duplicate code into new function system_call_script in
* Fix formating of man page.
* Set standard signal disposition before invoking ip(6)tables.
Call signal_handler_notify before running iptables/ip6tables.
Since it is now called for more than notify scripts, rename
signal_handler_notify to signal_handler_script
* Move common code for opening fd 0/1/2 into a function.
The code for setting fd 0/1/2 to /dev/null before running a script
was in several places. All the common code is moved into a function
and the function called from the relevant places.
It is only necessary to reopen fd 0/1/2 if keepalived is running
with the --dont-fork option, since without that option the fds are
already open on /dev/null.
* Optimise closure of fds before invoking scripts.
Every time before a script was invoked, closeall() was called,
which would spin through 1024 file descriptors closing them, even
though the vast majority were not open, resulting in 1024 system
calls. To avoid that, open all sockets and file descriptors
(except fd 0/1/2) with the CLOEXEC flag set, so that the fds will
be closed by the kernel when the script is exec'd.
* Simplify some IPv4/IPv6 code.
Code blocks were (unnecessarily) repeated in functions which
handled both IPv4 and IPv6 situations.
* Fix reloading and invoking notify scripts.
* Update vrrp_scheduler.c.
* Converted pdf user guide to RST with Sphinx.
* Added check for libnfnetlink header during the configure step.
* In free_list_elements invoke the free function if it exists.
* Use of LIST_ISEMPTY to check list exists causes memory leak.
* Stop parse_ipaddress FREEing via pointer passed to it.
parse_ipaddress FREE'd new following an error, but new could be an
address passed to the function, and therefore might not be MALLOC'd
memory. This commit makes the caller of parse_ipaddress free the
memory if there is an error and the calling function MALLOC'd the
* vrrp: Add vrrp_iptables global configuration option.
The iptables/ip6tables entries were always added at the end of the
INPUT chain, but for many configurations this is too late in the
processing. This patch allows the chain name to which rules are
added to be specified, and also allows the option of specifying
no rules are to be added.
If a chain name is specifed, it is necessary for that chain to
already exist in the iptables and/or ip6tables config, and for
that chain to be called from an appropriate point in the
ip(6)tables configuration.
* vrrp: Add option to block outbound traffic from VIPs.
Unwanted traffic to VIPs is discarded by ip(6)tables. This adds
an option to also block outgoing traffic from VIPs.
* vrrp: Add iptables blocks for E-VIPs just like VIPs.
* vrrp: Allow unicast IPv6 Neighbour Solicits to be received.
An ip6tables rule is added to allow IPv6 NAs to be received, but
we also need to be able to receive NSs to respond to neighbours
attempting to verify our reachability.
* vrrp: Use correct MAC address for IPv6 VRRP packets.
The IPv6 VRRP packets were using the MAC address of the underlying
interface, rather than the MAC address of the vmac. This commit sets
the correct MAC address for IPv6, and also adds the link-local address
of the underlying interface to the vmac interface, so that VRRP
packets can be sent from the vmac interface, thereby using the VRRP
MAC address.
* vrrp: Disable IPv6 on IPv4 VRRP VMAC interfaces.
If IPv6 is not disabled on VMAC interfaces, an IPv6 link local
address is generated based on the virtual MAC address. This is not
only contrary to RFC 5798 para 7.4, but also causes duplicate
address detection failure. The address also just isn't needed!
* vrrp: Fix setting nlmsg_len for netlink messages.
For netlink messages, nlmsg_len must always be set to an aligned
length. Prior to this commit, nlmsg_len was only being aligned when
a subsequent attribute was added to the list. This was fine if the
length of the last attribute added was an aligned length (which had
always the case), but didn't work if the last attribute added didn't
have an aligned length.
This patch is needed in preparation for adding an attribute which
doesn't have an aligned length.
* vrrp: Stop having an IPv6 link-local address added based on VMAC mac
IPv6 link-local addresses that were based on the virtual MAC address of
the VMAC interface were being added. RFC5798 para 7.4 states that this
is not permitted. It also causes duplicate address detection failure,
since each instance of the virtual router was configuring the same
IPv6 address on the same subnet.
This commit stops the offending link-local address being addied (or removes
it if it can't stop it being added), and since VRRP advertisements must
be sent with the virtual MAC address, but a link-local address for the
interface, if a link-local address from the underlying interface exists,
it is added to the VMAC interface, otherwise the MAC address of the
underlying interface is used to generate a link-local address, which is
then added.
It wasn't until Linux 3.17 that the IFLA_INET6_ADDR_GEN_MODE netlink
message was added, via which one can stop a link-local address being
automatically configured. Therefore, if IFLA_INET6_ADDR_GEN_MODE is not
supported, the only way to ensure that the problematic link-local
address is not added is to remove it after the interface is brought up.
This is not ideal, since there is a small window when the "illegal",
and possibly duplicate, link-local address exists, but I haven't
found any other way of doing it for pre 3.17 kernels.
* vrrp: Stop sending unnecessary attributes in netlink messages.
When an IPv6 virtual address was deleted, it was being reported
in the log file that preferred lifetime was being set to 0, which
is only relevant when the address is being added. This commit stops
adding the IFA_CACHEINFO attribute when deleting addresses, and
also stops adding other unnecessary attributes.
* vrrp: Allocate an IPv6 link local address to VMAC if none on real
The physical interface than a VMAC is configured on may not have an
IPv6 link local address, but we can construct one for the VMAC using
the MAC interface of the underlying interface.
* vrrp: Remove code allowing mixed IPv4/IPv6 addresses.
If addresses of both types were configured, the receiving end would
reject the packet since the count of addresses received would have been
wrong since only addresses of one family can be sent, see vrrp_in_chk:
if (hd->naddr != LIST_SIZE(vrrp->vip))
Since we don't want to send the addresses of the wrong family, add them
to the virtual_ipaddress_excluded block rather than the virtual_ipaddress
* vrrp: Only set router flag in Neighbour Advertisements if forwarding.
* vrrp: Enforce maximum number of vips per virtual router.
If there were more than one virtual_address blocks in a
virtual_router block, one could add as many virtual addresses as
one wanted, since it didn't check the number already read.
* vrrp: Don't ignore excess virtual_address entries.
If there are too many virtual_address entries, add them to the
excluded block, but still give a warning message.
* vrrp: Verify VRRP configuration after all configuration read.
There was a lot of duplicated checking in vrrp_parser.c to ensure that
configured parameters were consistent, and also a requirement to configure
certain parameters before others. This checking was incomplete, and also
becoming more and more complex as more configuration options were added.
This commit delays a large part of the checking until after all the
configuration has been read. This removes the need for options to be
specified in a certain order and also for checking in multiple places
whether certain combinations are valid.
As a consequence of the delay in checking the configuration, the creation
of the VMAC interfaces is delayed until after the checking.
* vrrp: Accept is only valid for VRRPv3
* vrrp: Verify priority and init_state consistent.
* vrrp: Verify password specified for authentication.
* vrrp: Verify have an ip address for interface.
* vrrp: xmit_base is only valid on a VMAC.
* vrrp: Ensure at least one VIP is configured on a VRRP instance.
This commit requires at least one VIP to be configured on a
vrrp_instance. Although the code looked as though it was designed to
allow 0 VIPs, not only was that a protocol violation, but also keepalived
rejected any VRRPv3 packets received without any VIPs, and also any VRRPv2
with IPv6 due to the check in vrrp_in_chk() in vrrp.c.
* vrrp: Generate unique default VMAC interface names.
Since the virtual router ID can be duplicated both between IPv4 and IPv6,
and also between different interfaces, the approach of setting a default
interface name as vrrp.VRID could produce duplicate names.
This commit now attempts to use vrrp.VRID, but if that already exists,
then it will try vrrpN.VRID, where N starts from 1 and increases until an
unused name is found (for IPv6 it tries vrrp6.VRID before vrrp1.VRID).
* vrrp: Ensure necessary uniqueness of VRIDs.
VRIDs must be unique for a given address family and interface.
This commit ensures that there is no duplication of VRID/address family
on any interface.
* vrrp: Don't assign VIPs/eVIPs to the default interface.
alloc_ipaddress was always setting the interface to DLFT_INT (eth0) if no
dev DEVNAME was specified to a VIP/eVIP/static address. This is fine for a
static address, but doesn't make sense for a VIP or eVIP, since they should
be assigned to the vrrp_instance interface, unless explicitly configured
In fact, it probably doesn't make sense to specify dev DEVNAME for a
VIP/eVIP, since the addresses must be assigned to the vrrp_instance
* If a configuration error occurs between {}, skip to end.
If a configuration error occurred in a block, the parser could get confused.
This commit makes the parser ignore ignore all further entries until the end
of the block.
* Don't allow specification of default as an address where inappropriate.
The function parse_ipaddress would allow default or default6 to be
specified for any address it parsed, but it doesn't makes sense in a
lot of cases, so add a parameter to indicate if default is valid.
* Improve checking of configured advertisement timer.
* vrrp: Make sure that a VRRP instance has a name and is unique.
It was possible to specify a vrrp_instance without a name. It was also
possible to specify the same vrrp instance name twice.
* Extra validation for reading ip addresses.
* vrrp: Ensure a sync group has a name and hasn't already been specified.
* vrrp: VRRP authentication is dependent on VRRPv2 not IPv4.
The check for whether authentication is not dependant on IPv4, but rather
VRRPv2. This check will be conducted following reading the whole configuration.
* vrrp: Log error if unknown authentication type.
* Check for, and handle, '{' at beginning of a block.
There was no check for a '{' at the beginning of a configuration block.
This commit is the start of that check, allowing it either at the end
of the line with the keyword, or on a line of its own.
Also, in respect of group and notification_email, for all other configuration
items, the '{' could follow on a line of its own, but for configuration
items using read_value_block the '{' on a line following the keyword
was read as a configuration entry.
* Check for, and report, unknown keywords.
A misspelt keyword would have been silently ignored, potentially causing
the user difficulty in understanding why his configuration wasn't working.
* If an address fails to parse, ensure don't return an apparent address.
When reading an address, the address family was set early on, and a
subsequent failure to parse the address left the address family configured,
thereby making it appear that a valid address had been read. Simply set the
address family to AF_UNSPEC on a failure.
* Ensure an address option has a value.
There was no check that the parameter was present after a keyword, so for
example : dev
would not have generated an error message, and alloc_ipaddress would have
attempted to read a word after dev, which would either cause a dore dump
or possibly return a parameter from a previous configuration line.
This type of checking probably needs to be added elsewhere too.
* Add validation of address scope.
* vrrp: Don't allow group block more than once in a sync group.
If a second group is configured, the first group is lost, and its
malloc'd memory is also lost.
* vrrp: Make sure sync groups have at least two members.
If a sync group was configured with no group {} statement, or if
the group statement had no entries, then keepalived would core dump.
This commit rejects groups with 0 members, and also with 1 member,
since it isn't a group. It also checks that a virtual_instance isn't
configured in more than one sync group, and also that the group
members specified exist.
* The address must be the first record in an address configuration item.
When an address is configured, it must be the first entry on the line.
This allows options specified afterwards to know the address family,
and also when reporting errors to include the address.
* vrrp: Log error if IPv6 and first address is not link local.
RFC5798 section 5.2.9 requires that if the protocol is IPv6, then
the first address must be the link local address of the virtual
* vrrp: Ensure that the full VRRP packet has been received in the buffer.
Although afer receiving a VRRP packet, it checked that the length
specified in the IP header was long enough to contain all the VRRP data,
it didn't check that the data actually received was sufficiently long,
so this check is added.
* vrrp: Stop VIPs in same CIDR being deleted, but only when using vmac
so far.
If an interface has more than one IP address in the same CIDR, when
the "primary" address is deleted, all the secondary addresses are
also deleted, unless /proc/sys/net/ipv4/conf/IFACE/promote_secondaries
is 1. This commit sets the promote_secondaries flag on vmacs.
* vrrp: Make from and to for VRRP iprules use a define.
"From" and "To" were being stored as words rather than converted to
defined value. This made storage requirements larger and processing
them more time consuming.
* Don't report configuration bytes used if not _DEBUG_.
If _DEBUG_ is not defined, malloc was increasing the count of memory
allocated when called, but free wasn't reducing the count, and so the
figure reported was meaningless.
This commit completely disables the memory allocated counting and
reporting if _DEBUG_ is not defined.
* vrrp: Use defines for address scopes.
Rather than hard coded values for address scopes, use RT_SCOPE_*
* Force order of multiplication and division to avoid underflow.
* Clear list pointer after freeing list.
* Fix handling of active in vectors. active wasn't being consistently
updated or reported for vectors.
* Make functions always returning 0 void.
Three functions in utils.c always returned 0, and the calling
functions weren't checking the return code, since it was pointless,
so the functions have been changed to be of type void.
* Use struct in_addr rather than uint32_t for IPv4 address.
* vrrp: Disable all VMAC configuration code if don't have VMACs.
* Allow multiple spaces in quoted strings.
The handling of quoted strings saved each word separated between
tokens of '"'. This meant reconstructing a quoted string lost multiple
spaces and was hard work.
Quoted strings are now saved as the whole quoted string, without the
quotes, so retrieval is much simpler. This also allows further keywords
to follow the quoted string, if desired.
* vrrp: Remove string length dependencies in vrrp_print.
* vrrp: Stop using deprecated bcopy.
* vrrp: Add vrrp_instance name to some log messages.
* Optimise returning from list_element() when end of list reached.
* Make free_melement a static function.
* Use INET6_ADDRSTRLEN rather than hardcoded length.
* Don't format log message if not going to log it.
* vrrp: Add option to reduce vrrp advert address checking.
By default, every received VRRP advertisement checks the advertised
addresses are the same as the configured addresses, which is o(n^2).
This change adds the option to check the first packet received from
a master, but not to check the VIP list in subsequent adverts from
the same master.
* vrrp: Ensure vrrp_buffer large enough for largest possible received
The allocated receive buffer had size VRRP_PACKET_TEMP_LEN, which
suggests that it wasn't intended as the final solution.
Instead of using a fixed buffer size, the maximum MTU across all the
interfaces is calculated, and the size of the vrrp_buffer allocated
is the maximum MTU size. This guarantees that any VRRP packet received
will fit in the buffer.
* vrrp: Improved received VRRP packet checking.
First check the protocol headers have been received, then before
checking the overall length of the received data, check the data in
the protocol headers, since this will allow more meaningful errors
to be reported. For example if there was a mismatch between VRRP
versions with IPv4, a length error was being reported, rather than
the version mismatch.
All the error messages in VRRP packet checking now include VRRP
instance name, to help tracking down where the error lies.
* vrrp: Remove fixed limit number of VIPs in a VRRP advert.
There was an arbirtary limit of VRRP_MAX_VIP (20) VIPs for sending
a VRRP advert. Now that the vrrp_buffer is sized to be able to
receive any packet up to the largest MTU size, we can dynamically
allow as many VIPs as will fit in a packet (which varies depending
on IPv4 or IPv6).
There is also an overhead checking the received addresses in an
advert against the VIPs configure on the instance, but this can now
be mitigated by setting skip_chk_adv_addr on the VRRP instance.
* vrrp: Fix printing of vrrp tracking scripts.
* vrrp: Print Last transition time in human readable form.
* Disable assert statements unless _DEBUG_ is defined.
* Streamline free_list_element
* Remove duplication of code between free_list and free_list_elements.
* vrrp: Add vrrp strict mode, enforcing VRRP compliance.
The commit doesn't yet implement strict mode, but it will block
0 VIPs, unicast peers, IPV6 in VRRPv2.
* vrrp: Add some strict tests.
In strict mode, the following are enforced:
IPv6 required VRRPv3
There must be at least one VIP per VR instance
No unicast peers
Must be address owner to start in MASTER mode
* vrrp: Don't allow AH authentication with IPv6 and VRRPv2.
Of course, the RFCs don't allow IPv6 in VRRPv2, but it is an
extension supported by keepalived.
* vrrp: Some minor ipsecah updates.
* vrrp: Clearly identify that VRRP has subblocks of VRRP scripts.
The keepalived.conf.5 man page wasn't explicit that there are VRRP script
subblocks as part of the VRRP configuration, and this is now explicit.
* Trivial edits to man page keepalived.conf(5).
* man page remove static_rules configuration from vrrp_instance.
keepalived.conf.5 man page had an entry for static_rules within the
vrrp_instance blocks, and this is clearly wrong.
* vrrp: Fix typo in error message when sending VRRP advert.
* vrrp: Add option not to include vrrp authentication code.
RFC3768 updated VRRPv2 to remove authentication in 2004. This commit
adds a configure time option to exclude authentication code.
* vrrp: When adding ip(6)tables entries, only specify i/f for link_local
Packets to/from global address could arrive or be sent on any interface,
so don't specify the interface for blocking the packets. For link local
addresses, the block must relate to the specific interface.
* vrrp: Add ability to use libiptc rather than invoking ip(6)tables.
Invoking ip(6)tables has a high overhead, since the process has to be
forked and exec'd, and then it has to read the whole ip(6)tables
filter chain before it makes a single update and commits it back.
Using libiptc avoids the overhead of multiple forks/execs, and also
means that multiple entries can be added/deleted to/from the ip(6)tables
configuration in a single update.
* vrrp: Add option to use ipsets instead of iptables to block addresses.
Instead of having lists of addresses in iptables, it is much more
efficient to use ipsets to handle those addresses, since that is
what it is designed for.
* Use /proc/sys/kernel/modprobe to find modprobe.
* Reinstate SIGCHLD before forking to exec modprobe for ip_vs.
The fork of modprobe to load ip_vs would have reported a failure
even though it would have succeeded.
* Reinstate SIGCHLD before forking to exec modprobe for ip_vs.
The fork of modprobe to load ip_vs would have reported a failure
even though it would have succeeded.
* Fix forking/execing re closing signal pipe.
When calling scripts, we don't want to give them access to the signal
pipe used between the parent process and the vrrp process.
* vrrp: Fix compile error when net/if.h and netlink/route/link.h conflict.
Some versions of libnl3 netlink/route/link.h conflict with some
versions of kernel header file net/if.h. This commit has a
workaround for when there is a conflict.
* vrrp: Fix compile failure with old kernels and libnl3.
Issue #215 identified a compile error with pre 3.13 kernels when
libnl3 was installed. This commit adds a test for that situation
and avoids using rtnl_link_inet_[sg]et_conf.
I haven't been able to test this on a re 3.13 kernel, but I have
simulated the scenario and it compiles as expected.
* vrrp: Fix compilation when ipsets not installed.
* vrrp: Fix build breakage when not using libiptc.
* vrrp: Fix VRRP respawning when no VIPs specified.
Commit b46dec58fa failed to check the the VIP list existed before
checking how many entries were in the list.
This commit also defaults the address family to IPv4 if no VIPs are
* vrrp: Make dependency on libnfnetlink/libnfnetlink.h conditional.
* Streamline handling of daemon mode flags.
* Improve handling of not being able to read a pid file.
If a pid file was opened, but for some reason a pid could not
successfully be read, the pid used to check if a process was
running was random.
* Remove unused pid filename definitions.
* Change outstanding debug flag tests to use bitops helpers.
* Allow for different sizes of long ints in bitops.
* vrrp: Ensure conversions of vrrp->adver_int etc don't overflow.
* Use bitops with daemon_mode.
* vrrp: Fix ip_rule direction for SNMP.
Commit 2da11f99 introduced defines for ip_rule directions rather
than using strings, but the commit omitted to update the snmp code
when processing the directions.
* add a line about the 'include' keyword in keepalived.conf(5).
* fix HTTP_GET config dump. The config dumper routine
dump_http_get_check was always printing the last configured checker's
connection info.
* dump_conn_opts: prototype change.
pass the conn_opts_t pointer as a void* parameter to make the
function prototype a valid dump callbac This makes smtp_dump_host()
function needless, it is removed.
* fix build issues on older systems.
Try to avoid the build error on systems which lack of
O_CLOEXEC and IP_MULTICAST_ALL defines (such as Ubuntu lucid and
Debian squeeze).
* Fix compilation with --disable-vrrp-auth
* vrrp: Remove state VRRP_STATE_LEAVE_MASTER since it isn't used.
* vrrp: Fix VRRPv2 authentication issues.
* Don't redefine _GNU_SOURCE.
* vrrp: Exclude function vrrp_ah_sync when --disable_vrrp_auth.
* Fix some conditional compilation errors.
* Streamline getopt_long options.
* Remove '\n's from log messages.
* Ensure standard configure generated defines are used.
The defines used in the compiles in the various subdirectories were
specified in each which could lead to inconsistencies.
This commit defines APP_DEFS in, which is then used
in each
* Dump keywords to file rather than stdout.
* Add copyright message and build options to version output.
This commit also ensures that the end year of the copyright date
range is the current year when keepalived was built.
* Stop erroneously logging error message for unknown keywords.
When vrrp_parser parsed the configuration file, it didn't know
about the checker keywords, and vice versa, and so reported errors.
This commits makes the other keywords known but marked as inactive.
* vrrp: Fix SNMP trap NewMaster.
The trap must only be triggered for IPv4, since RFC2787 doesn't
understand IPv6. Also, RFC2787 only supports VRRPv2 instances,
so don't raise the trap for VRRPv3 instances.
The IP address returned must be the actual IPv4 address, and not
the ip_address_t that holds the address.
* vrrp: Use underlying interface for ifindex in NewMaster traps for vmacs.
If the VMAC ifindex is returned, then there is no indication that
multiple VRRP instances are operating on the same physical interface,
so return the ifindex of the underlying interface. This will also
mean that the same ifindex should be maintained between different
invocations of keepalived.
* vrrp: Move SNMP private defines into vrrp_snmp.c/check_snmp.c.
The defines for the net-snmp "magic" were in the header files
which were included by other modules. The defines are private to
the c source file, so move the defines into them, to avoid polution
compilation units which included vrrp_snmp.h/check_snmp.h.
* Use definition for
* vrrp: Start SNMP after reading configuration.
If SNMP is started before the configuration is read, a meaningless
response will be returned to net-snmp, so don't start the snmp agent
until after all the config has been read.
* vrrp: Fix setting SNMPv2-MIB::sysORID entries in ORTable.
The length of the OID passed to register_sysORTable was wrong.
* vrrp: Allow SNMP agent to unregister cleanly with more than one MIB.
Separate snmp_unregister_mib() out from snmp_agent_close() to allow
multiple MIBs to be unregistered before the snmp agent is closed.
* vrrp: Don't register the global_oid with SNMP twice.
If SNMP is enabled, both the checker process and the vrrp process
were registering the global_oid. This commit makes the checker
process register it if it is running, otherwise the vrrp
thread registers it.
* vrrp: Add read-only support for RFC2787 SNMP (VRRPv2).
* vrrp: Allow any combination of keepalived and RFC SNMP support.
* Allow enabling snmp via config file.
* ipvs: sctp ad persistent engine support.
* Fix building with --disable-lvs
* Stop autoconf complaining.
* vrrp: Use defined value for maximum VRRP priority.
* vrrp: Simplify scheduler code vrrp_leave_fault().
Two pairs of code blocks were repeated, and each pair could be
reduced to occuring only once if the conditions were merged.
* vrrp: If VRRP priority is 255 and not nopreempt, configure like state
* vrrp: Ensure number of VIPs doesn't exceed 255 per instance.
* vrrp: Don't check second time if IFLA_IFNAME is NULL.
* Dump interface details with rest of config.
* vrrp: When becoming master, block addresses before adding them.
If not accept mode, entries are added to iptables/ipsets to block
traffic to the VIPs/eVIPS. These entries should be added BEFORE the
addresses themselves are added, to ensure there isn't a (small)
window when we might reply from the added addresses.
* vrrp: Document virtual_rules.
* Fix memory leak re some uses of ipaddresstos().
* Fix parsing ipset names.
* vrrp: Improve and fix finding vmacs left over from previous invocation.
When netlink reports a new or existing interface, we can extract
information that allows us to determine if the interface is a macvlan,
and the type (e.g. private). We can then save that in the interface_t
structure, setting the vlan flag, and base ifindex.
When working out the interface name to use for VMAC instances, we can
then check the interfaces which are macvlans to see if any of them
match the vrrp instance in terms of mac address, underlying interface
and inet address family, and if so we can then reuse the macvlan interface.
Commit 9ae463e7f broke the finding of existing interfaces where the
configuration didn't specify the VMAC interface name, and simply created
a new interface. This commits now resolves that.
There is still an issue that if an interface was in MASTER mode when
keepalived terminated, when keepalived restarts it leaves the VIPs and
eVIPS on the interfaces, meaning that keepalived cannot receive VRRP
packets on the interface from the VRRP instance that has taken over, and
it also means that there are duplicate IP addresses on the network.
Another commit will resolve this issue.
* vrrp: Remove ip addresses left over from previous failure.
If keepalived terminates unexpectedly, for any instances for which
it was master, it leaves ip addresses configured on the interfaces.
When keepalived restarts, if it starts in backup mode, the addresses
must be removed. In addition, any iptables/ipsets entries added for
!accept_mode must also be removed, in order to avoid multiple entries
being created in iptables.
This commit removes any addresses and iptables/ipsets configuration
for any interfaces that exist when iptables starts up. If keepalived
shut down cleanly, that will only be for non-vmac interfaces, but if
it terminated unexpectedly, it can also be for any left-over vmacs.
* Sort out extraneous space and tab characters.
The commit removes spaces followed by tabs, trailing spaces and tabs,
and replaces occurrences of 8 spaces within tabs, except where the
spaces and or tabs occur within strings.
This has the benefit that if blocks of code are copied, git does not
complain when running git am on a file produced by git format-patch.
* vrrp: Simplify RFC SNMP code.
The code was checking VRRP version unnecessarily, and also had code
to return an index element which is not necessary.
* vrrp: Don't send traps for SNMP MIBS which are not enabled.
* vrrp: Don't register SNMP global OID if not handling it.
If neither the checker nor the vrrp components of KEEPALIVED-MIB
are enabled, don't register the global OID.
* Parameters passed to traps don't need to be static.
* Fix --without-lvs and --without-vrrp configure options.
* Ensure general MIB is enabled if --disable-lvs configured
* Avoid compiler warning re function definition to prototype.
* Add RFC6527 SNMP (VRRPv3).
This commit adds read-only and notifiction support for SNMP for VRRPv3
in accordance with RFC6527.
* vrrp: Fix MAC address for IPv4 VMACs created after IPv6 VMACs.
* vrrp: Allow routes and rules to use tables >= 256
* Don't recompile libipvs-2.6/*.c every build.
* vrrp: Remove left over ip rules and routes at startup.
* vrrp: Ensure ip routes added before rules, and vice versa.
If ip rules are added before routes, then it is possible for a
packet to be routed while the routing table is only partially
complete. Adding the rule after the routes ensures that the routing
table won't be processed until it is completely set up.
Likewise, when removing rules and routes, remove the rules first.
* vrrp: Add missing reason message for rejected VRRP packet.
Issue #255 show a log identifying bogus VRRP received, but there
was no reason shown for the rejection. The only instance I can find
for this is if vrr->family is neither AF_INET or AF_INET6, which I
think must be a bug in the code parsing and setting up VRRP instances.
This commit just adds a log message to be explicit about why the packet
is rejected, and also reports the value of vrrp->family.
* Reduce number of calls to getaddrinfo() reducing DNS lookups.
* Report if vrrp or checker process abnormally terminates.
* Add option to increase child process priorities and make non swappable.
* Make vrrp_daemon.c and check_daemon.c use header file for externs.
* Add reporting ops mode, and minor tidying up of virtual_server config.
* vrrp: Don't overwrite real interface MAC address with VMAC MAC address.
When a VMAC was being created, the MAC address of the VMAC was
being copied to the MAC address of the underlying interface in the
interface_t structure.
The netlink reflector sets up the MAC address of the new VMAC
interface, so there is no need to copy a MAC address at all.
* vrrp: Stop keepalived_vrrp terminating with SIGSEGV if lvs_syncd_if set.
ipvs_stop() was being called before shutdown_vrrp_instances(), and
so if lvs_syncd_if had been specified on a vrrp instance, keepalived
would subsequently terminate with a SIGSEGV in free_interface_queue().
* Make lvs_sync_daemon global config rather than vrrp specific.
* Stop lvs sync daemons on restart in case of prior abnormal termination.
* Remove any residual ipvs configuration on restart.
* vrrp: Optimise clear_diff_vrrp_*() functions.
* Check MALLOC returned non NULL before copying to the location.
* Allxoow specifying syncid for lvs syncd.
* vrrp: Send second set of GARP messages afer receiving lower prio advert.
When a VRRP instance transitions to master state, if garp_master_delay
is non-zero, a second set of garp_master_repeat messages is sent after
garp_master_delay seconds (unless 0). However, if a lower priority advert
is received, keepalived didn't send a second set. This commit sends a
second set if a second set would have been sent after transition to master.
* vrrp: Allow setting of graduitius ARP parameters for lower prio adv
* Don't log a "keepalived stopped" message if keepalived already running.
* vrrp: Add support for iprule and iproute table names.
* Resolve MALLOC/FREE issues to iprule/iproute table names.
* Make keepalived_malloc return void* to match malloc.
* When reporting MALLOC/FREE status on exit, report max MALLOC'd memory.
* Make libipvs use MALLOC/FREE.
* Don't restore original signal state when reloading checker config.
* Ensure signals USR1 and USR2 are set to ignore in checker process.
* vrrp: Only free list of iprule table names if list assigned.
* vrrp: Fix strict mode of vrrp instance overriding global vrrp_strict.
* Attempt to fix build breakage introduced in commit 85f81dd.
* Fix parsing of scope for ip addresses.
* Free global ssl context on reload.
* Free request_t buffer and ssl data on reload.
* vrrp: Restore sync-state after reload.
Currently the sync state is rebuilt from the member states after
config reload. This changes now reloads the previous sync state
after reload, and then pushes this back to the group members. If a
new group member is added during the reload, then the new group
will accept the sync group state. If a group member is removed
during a reload, then a special case will be executed to force
the sync-group state to BACKUP. This is required so that an
alternative backup peer for the removed group is given an
opportunity to take over the gateway.
2015-07-07 Alexandre Cassen <>
* keepalived-1.2.19 released.
* vrrp: fix checksum computation in vrrp v2 for socket family AF_INET
One of difference between VRRPv2 and VRRPv3 is the way checksum is
computed. In VRRPv2 no accumulation is specified in RFC while in VRRPv3
it uses regular accumulator with upper pseudo header. This fix restore
compliant VRRPv2 for AF_INET vrrp instance. Since IPv6 socket are using
IPV6_CHECKSUM option this means that checksum for VRRPv6 instance runing
in native_ipv6 mode are broken. But since this is a end to end sanity
check and both side are operating the same way this OK, no "compliant
with VRRPv3 RFC", but anyway using native IPv6 on VRRPv2 is not really
compliant too ;)
* Some cosmetics at Makefile stuff.
2015-06-30 Alexandre Cassen <>
* keepalived-1.2.18 released.
* some cosmetics changes (in memory and parser).
* remove dead/not used code.
* revert notify script brought by last release.
* revert VRRP preemption speed up extension.
* vrrp: ix vrrp removes incorrect IPv4 address when VIPs
are removed.
* vrrp: Re-enable VRRPv2 checksum on inbound pkts.
2015-05-31 Alexandre Cassen <>
* keepalived-1.2.17 released.
* zalloc use xalloc for consistency.
* memory: fix wrong size calculation in zfree.
* Fix keepalived snmp configuration.
* Change comments to match kernel style.
* smtp: Fix wrong algorithm in RCPT-TO building.
* vrrp: ICMPv6 : modify the way we copy the src address into the IPv6
header, in order to not overwrite the header' and the 'hop limit' fields
* vrrp: sync status flag (up/down) for _all_ VMAC interfaces.
When using VMAC and running multiple instances on the same interface,
only one of the VMAC interfaces will get its status flag synched.
This commit will update the status flag for _all_ VMAC interfaces attached
to a base interface.
* ipvs: fix segfault crash when parsing SMTP_CHECK config
* ipvs: SMTP_CHECK now respects configured RS port. Before that it always
used the default port 25.
* ipvs: config parser: handler for the end of block. new function
* ipvs: new log function vlog_message taking varg_list. log_message now
uses format gcc attribute, not the macro wrapper.
* ipvs: bug: check_smtp was logging "#30" instead of RS address do not do
nested va_start/va_end calls in smtp_final.
* ipvs: clarify snmp_check config syntax. Now host{} section is optional,
and all the standard connection options are available in the SNMP_CHECK{}
level, too. If one or many host section persist, those base-level options
are used to specify default values that can be overriden in a host section.
* vrrp: Use literal constants for bit flags Use literal constants for bit
flags of the "debug" global variable Change from using numeric constants
to literal constants for the bit flags of the "debug" global variable.
* vrrp: Backup obtains VIP resulting in a duplicate IP. VRRP backup obtains
VIP resulting in a duplicate IP situation. When a priority change to the
configuration of a Master router drops its priority to below that of a
backup router, the VIP is not released on the Master router leading to
a duplicate IP situation.
* vrrp: Make preempt_delay work more than once.
* vrrp: Changes needed to support AH auth in VMAC mode. Note according to
the RFC this is not a requirement, but we think that our customers will
expect it to work. The RFC actually discourages its use because it adds
little to no additional security. We are still able to interoperate in
RFC mode by not enabling authentication.
* vrrp: Check VRRP header in the IP auth header is correct. In the middle
of vrrp_in_chk, the existing VRRP packet parsing code does
"return vrrp_in_chk_ipsecah(vrrp, buffer);" if the VRRP version is two,
and the authentication type is IP sec authentication, to check whether
or not the IP sec authentication header is valid. However the "instant"
returns means that is the IP sec authentication header is valid, then
the remaining parts of the VRRP packet (VRRP version, VRRP checksum,
VRID, number of VIPs, advertise-interval) are not parsed or validated.
* vrrp: Add support for SNMP trap: vrrpTrapNewMaster.
* vrrp: Add skeleton code for VRRP-MIB.
* vrrp: Check existing VIF and recreate if VMACs are wrong. Although under
normal circumstances we will cleanup VIF interfaces when shutdown, there
are various scenarios were this is not the case. To make the code more
robust, keepalived now performs a check for matching VIF interfaces at
restart, and if the configuration of the VIF matches the current
keepalived configuration it will reuse the VIF. However, should the
configuration be different, keepalived will remove the existing
interface, and then recreate a new VIF interface with the appropriate
configuration. This fix resolves the continuous crash scenario that can
occur when keepalived fails to configure the VIF because one already
exists. It prevents keepalived from reusing a previous VIF interface
which does not completely match it configuration criteria.`
* vrrp: fix snmp code (cosmetic)
* vrrp: Fix the keepalived mib and agentx warnings. During Keepalived
startup, about twenty "duplicate registration" and a couple of "Failed
to connect to the agentx master agent" warning messages were issued.
Pairs of the "Failed to connect" warning messages were logged every two
minutes. The "duplicate registration" warnings happened because VRRP
called snmp_agent_init twice, once for the keepalived-vrrp MIB, and once
for the rfc2787-vrrp MIB, however each call to snmp_agent_init also
tried to register the keepalived-global MIB (which holds data like
Keepalived version number, SMTP server details, and a "from" email
address). It was the second attempt to register this keepalived-global
MIB that generated the "duplicate registration" warning. The registration
of the keepalived-global MIB is now only done once under the control of
a static variable. init_agent is also called just once under the control
of the same static variable to prevent it logging a warning message. The
"Failed to connect" warnings occur because Keepalived does not know how
to connect to the SNMP AgentX master server. By default the Agent X
master server is listening for MIB registrations on a local TCP socket
with a port number of 705.
* vrrp: Fix VRRP preemption taking too long. VRRP preemption may not work
correctly due to group expiry timers being incorrectly manipulated while
running down the MDT. Also, preemption can be disrupted if the VRRP group
receives an advertisement while running down it's timer.
* vrrp: Initial Implementation of VRRP statistics.
. Add VRRP counters, This is needed by the VRRP-MIB, and will provide
better insight into the operation of VRRP for users.
. Add SIGUSR1 and SIGUSR2 handlers
- SIGUSR1 allows users to dump current state of VRRP instacnes to
- SIGUSR2 allows users to dump VRRP counters to /tmp/keepalived.stats
* vrrp: Copy old VRRP stats on reload.
* vrrp: Seperate printing functions from vrrp_daemon.c. Seperate state
printing code from vrrp_daemon.c so that the code is better organized.
* vrrp: Track master router priority in VRRP.
* vrrp: Added 'Master priority' output to show vrrp detail.
* vrrp: Enhance keepalived vrrp to configure mltp-scripts. Currently,
keepalived vrrp only allows to configure single notification script.
This is a limitation ans should be extended so that keepalived vrrp can
notify multiple scripts about vrrp state changes.
* vrrp: Don't display ipsec ah password in log files. When authentication
type is selected as ipsec ah, password should not be displayed in the
log files.
* vrrp: Fix notify upon reload. When a notify script is configured after
Keepalived has been started, if other notify scripts are already
configured, these scripts get reinvoked even if the state has not
changed. This occurs when in backup state. When in master state, no
notifications are sent out at all if a new notify script is configured.
For the backup case, this problem occurs when the daemon is reloaded.
This causes vrrp to leave the state it's currently in, go to the init
state and from there, go back to backup. However, this transition
causes the notify scripts to be invoked, causing a redundant
notification to be sent. For the master case, there is no call to
notify_instance_exec(), hence why no notifications are seen at all.
The solution is to add a new field to the vrrp struct that stores the
notify scripts that were configured before reload. A new function has
been added to take advantage of this new field. Instead of calling
notify_instance_exec() when we are in the init state, we now call
notify_instance_exec_init(). This is a proxy function that modifies
the 'script' member of a vrrp structure to point to a new list
containing only scripts that have not previously been configured,
thereby preventing the sending of notifications that have already been
sent. This new list is created by utilising the new vrrp struct field.
Inside this new function, notify_instance_exec() is called using the
modified VRRP instance. When this call returns, the member is reset
back to its original value.
* vrrp: Keepalived extension to support VRRP version 3. Updated vrrp_header
and _vrrp_t struct to support version 3 params. Support to build vrrp_v3
* vrrp: Keepalived extension to support VRRP version 3 (2).
* vrrp: Keepalived extension to support VRRP version 3 (3). Timer changes
to support centi-sec.
* vrrp: Keepalived extension to support accept mode for v3.
* vrrp: Fix up limitations of keepalived VRRPv3. The current Keepalived is
supporting IPv6 but it is not fully functional and it is not as per
RFC5798. Following are the issues identified and changes done:
- IPv6 address population.
- Correction of Checksum in case of IPv6.
- Getting source address from received advertisements.
- Populating source address in sent VRRP advertisements.
* vrrp: Improve display output for VRRPv3.
- Changed data-type of mcast_saddr to sockaddr_storage to support IPv6
- Added new parameters version, accept, weight updated advertisement
interval for operational command show output.
* vrrp: MIB enhancements for accept-mode.
* vrrp: Fix mismatched advertisement interval. In VRRP version 3, all
BACKUP routers must set their advertisement intervals to match the current
MASTER's. Although not explicitly stated in RCF5798, when the MASTER falls
over or forfeits its MASTER status, the new MASTER should not continue to
use the old MASTER's advertisement interval value and should instead use
its locally configured value. To achieve this, a new field has been added
to the VRRP structure that stores the most recent advertisement interval
of the current MASTER. We track changes to the current MASTER's interval
and update this new variable accordingly. The value is only updated when
we are in BACKUP state and reconfiguring the local advertisement interval
has no effect on it.
* vrrp: snmp: don't hardcode AgentX socket location. The default location
should be `/var/agentx/master` (as per RFC2741 and this is also the
default for NetSNMP, including on Debian-based distributions). This
default location is set at configure-time for NetSNMP and subagent will
use it automatically (it is also available through `net-snmp-config.h`).
A useful feature would be to have a flag to change that if the user
change this settings in the master agent. This commit just reverts this
change to let SNMP subsystem work as expected for most users.
* vrrp: snmp: restore use of net-snmp-config to build SNMP support. With
a lazy linker, `libnetsnmpmibs` may require some additional libraries
to be linked (like `libsensors`). Therefore, only rely on
`net-snmp-config` to get the appropriate flags.
Also add some additional tests:
- check that we can build a simple executable (NetSNMP can be quite
broken and in this case, the error during compilation is not crystal
clear, checking that in configure is more informative)
- check if we subagent support is compiled in (This is optional and
again, the error is not crystal clear during compilation).
- check that net-snmp/agent/util_funcs.h is present (Due to a flaw in
NetSNMP build process, this header was not installed for quite a long
time, notably on RHEL derivatives; code to handle its absence was
already present in Keepalived).
* vrrp: snmp: don't enable SNMP support automatically.
Most users won't use it and it would fail if NetSNMP is not installed,
unless a user add `--disable-snmp` to configure command line.
* build: move custom include directives (`-I`) first. Some libraries,
notably NetSNMP, may pollute CFLAGS by adding stuff like
`-I/usr/lib/x86_64-linux-gnu/perl/5.20/CORE` in CFLAGS. Instead of
trying to not use CFLAGS from NetSNMP at all (some of those bits are
important as they influence some NetSNMP headers), we ensure that the
bogus include flags are after our own include flags.
* global: Set global data default values after parsing config file.
This patch will defer setting the global data default values until
after the config file has been parsed. This will potentially avoid two
calls to getaddrinfo. For example, if the router_id and/or email_from
parameters are set in the config file, there is no need to call
getaddrinfo twice in order to set a default value. Instead, this patch
will check to see if they values are unset after parsing the config
file. Note that email_from and smtp_connection_to are only set to a
default value if they are unitialized and smtp_server is specified.
* doc: add -x/--snmp flag to keepalived manual page.
* snmp: add -A/--snmp-agent-socket to specify AgentX socket.
2015-03-31 Alexandre Cassen <>
* keepalived-1.2.16 released.
* Properly close netlink channel to avoid fd leak.
* Use getaddrinfo instead of gethostbyname to workaround
glibc gethostbyname function buffer overflow.
* ipvs: log http timeout only when server goes down
All other calls to log_message() when a check fails are
performed when a server changes its state.
The http timeout log message is the only exception.
* ipvs: properly fix bug when Q < H.
The commit a77c2c7 has not fixed the issue.
Log messages became accurate, but unsigned comparison
was still in use.
* ipvs: HUP processing refactored.
copy_srv_states is removed: we can copy states with
existing clear_diff_*functions, as long as
clear_diff_services is called before the init_services.
vs_exist, rs_exist: remove side-effects from these functions.
Now they do only search and return pointers.
get_rs_list removed: the new rs list is now passed to
init_service_vs: quorum_state assignment is not needed
here. It is already assigned either by vs constructor, or
by alpha handler, or by clear_diff_services.
* ipvs: refactoring link vsg structure to vs.
this adds a pointer to virtual_server_group_t into
the virtual_server_t structure and fills these pointers
after config load.
This change will allow to access vsg items of a vs easily,
without iterating and name compare.
* ipvs: refactoring use links to vs->vsg links.
ipvs_cmd: removed vs_group list parameter. Link to vsg
is obtained via vs->vsg. These functions are also modified
in the same way: ipvs_group_cmd, clear_service_rs,
clear_service_vs, clear_diff_rs.
clear_diff_vsg: new_vs is passed as a param, vsg pointers
are retrieved w/o iterating.
* ipvs: fix problems with config reload.
The commit 7bf6fc contained a bad trying to fix the issue
when an alive RS does not appear in a new VSG entry on reload.
It has not fixed the original issue and added a new one:
vs_groups lose quorum on config reload.
This commit fixes the issue properly, and also the case when
RS in VSG is in inhibit mode.
The reloaded flag is added to the virtual_server_group_entry_t.
ipvs_group_sync_entry: add alive destinations to the newly
created vsge. It is aware of inhibit-on-failure destinations.
sync_service_vsg: calls the former for each created vsg entry
vsge_exist: changed just as other *_exist routines.
* genhash: add support of fwmark in genhash
* genhash: terminate thread if connect_error
* Fixed filenames and paths so that make uninstall removes
initscript and man pages. Changed perms for keepalived.sysconfig
from 755 to 644
* Fix a typo in dump_global-data().
* vrrp: revert previous buggy preempt extension.
* smtp: fix infinite loop when the smtp server unexpectedly
closes the connection.
2014-12-21 Alexandre Cassen <>
* keepalived-1.2.15 released.
* vrrp: Use ancillary data on sending path for IPv6
mcast_src_ip. Well, previous code used bind() to specify
IPv6 src address. Ancillary data is a much more cleaner
and efficient way...
* ipvs: Fix format of long int in log_message call.
* ipvs: fix building with fwmark disabled.
* vrrp: Pointer dereference before NULL check.
* STR(SMTP_PORT) returns "SMTP_PORT", not "25".
2014-12-16 Alexandre Cassen <>
* keepalived-1.2.14 released.
* The "Date:" mail header is now localtime.
* bugfix: fwmark field was formatted as signed int
* dump_conn_opts: fwmark was not displayed.
* log_message: emit -Wformat= compiler warnings.
There could be (and actually are) situations when the format
string and the arguments list passed to the log_message() are
inconsistent or mistyped. The compiler did not show any warnings
because the vsnprintf was called indirectly.
* Further unification of IP endpoints logging.
This change tries to keep usage of the standard "[%s]:%d" format
string to a minimum. Instead, use inet_sockaddrtopair wherever
* Add SNMP subsystem option to man page.
The keepalived(8) man page did not mention the -x option to
enable the SNMP subsystem. This patch adds the -x (and --smmp)
options to the keepalived(8) man page, as described in the
keepalived help message.
* vrrp: fix gratuitous ARP refresh timer handling.
Previous code was using an 'int' to store parsed timer value.
This value was then expanded to TIMER_HZ which can lead to a
wrapping issue if requested timer is longer than local machine
'int' representation. This patch reworked the code to use
timeval_t instead and perfrom regular timeval operations.
* vrrp: Fix a memory leak while dropping incoming IPSEC-AH
authenticated advert. Digest was allocated in previous code
without freeing it on HMAC-MD5 missmatch.
* vrrp: Extend IPSEC-AH auth to support unicast.
If you plane to use IPSEC-AH auth in unicast mode (which THE best
idea), then IP header TTL MUST be zeroed since it is mutable field
on transit.
* vrrp: Update VRRP VMAC doc.
Add vmac_xmit_base in configuration example and force rp_filter=0
on macvlan interface.
* vrrp: make gratuitous ARP repeat count configurable.
. garp_master_repeat : Gratuitous ARP count sent on the wire
after MASTER state transition.
. garp_master_refresh_repeat : Gratuitous ARP count sent on the
wire when garp_refresh_timer fir
* vrrp: fix preempt and state BACKUP when prio 255.
This makes it so that keepalived will respect various settings that
should prevent it from assuming the MASTER role for a vrrp_instance
unconditionally and immediately, even if the priority of the
vrrp_instance in question is set to 255 (VRRP_PRIO_OWNER). These
settings include:
---- conf ----
state BACKUP
preempt_delay <N>
* vrrp: in backup state notify when vrrp is not up and move to FAULT
* ipvs: failed RS was flapping on config reload.
The RS disabled by health-checker was turned on w/o health-checking
by SIGHUP handler in the init_service_rs() subroutine.
This did not happen with alpha mode set.
* libipvs: allow IPv4 RS in IPv6 VS and vice versa.
This change syncronizes local copy of libipvs with the upstream
(kernel/ipvsadm/ipvsadm.git) to the date. IPVS in Linux 3.18 will
include the feature of mixing of tunneled RS families in single VS.
The compatibility with older kernel versions is kept.
* libipvs: minor bugfix with retreiving dest af.
This change needs to be sent to the ipvsadm upstream, too.
This clarifies the previous commit, so there is no need to mention
it in the changelog.
* vrrp: check if interface is known when using use_vmac.
vrrp->ifp is NULL when use_vmac keyword is defined before the
interface keyword. This would result in a segfault
* vrrp: simplify macvlan creation.
Create the macvlan interface in one netlink command rather than
three (creation of the macvlan in netlink_link_add_vmac function,
set of the mac address in the netlink_link_setlladdr function, set
macvlan mode in the netlink_link_setmode function).
This simplification:
1. avoids potential issues if the firt netlink command passes butcw
not the next ones
2. reduces number of netlink messages (light optimization)
* ipvs: bugfix quorum state was flapping when Q < H.
When a service had quorum < hysteresis, the lower threshold of RS
weights was calculated incorrecly. Unsigned arythmetics was used, so
errors like this appeared in log: Keepalived_healthcheckers[2535]:
Lost quorum 1-2=18446744073709551615 > 10 for VS
The up -> down quorum state transition was happening every time when
alive RS set was changed. This bug was in place since
* vrrp: add support to IPv6 mcast src address specification.
For some reason (well... which one ?), previous code didnt support
specification of multicast source address in IPv6 mode. If you are
using 'native_ipv6' and want to specify IPv6 mcast source ip address
then you can use 'mcast_src_ip' keyword with IPv6 address.
* vrrp: Add support to IPv6 src_address discrimination in master
rx state.
Previous code didnt support IPv6 address discrimination while in
MASTER state receiving same prio advert. This patch extend previous
code to support IP address comparison agnostic.
* vrrp: IPv6 mcast src_addr handling and VMAC fix.
Properly bind socket for v6 use-case when mcasr_src_ip is in use or
when VMAC is used. This patch fix VRRP VMAC in native_ipv6 mode,
previous code just use the vmac interface link-local IP Address as
src_ip leading to a corner case (to keep polite).
* vrrp: in IPv6 scope_id is mandatory to bind link-local address.
In IPv6 use-case, source IP address is set binding sokect to
socaddr_in6. Linux Kernel requires interface to bind link-local
* vrrp: fix nopreempt mode in master_rx.
While receiving lower prio advert, preempt election according to
nopreempt keyword. By default preempt is on as requested by RFC.
* exit on malloc failure.
* genhash: code cleanup.
2014-05-13 Alexandre Cassen <>
* keepalived-1.2.13 released.
* vrrp : Use the standard unsigned int types. This fixes
building with musl libc, which does not expose the internal
__uint* defines. (Natanael Copa)
* check : Fix template issue in IPv6 host header.
(Jan Hugo Prins)
* ipvs : ipvs_syncd_cmd uses memset() to zero the daemonrule
buffer before populating it and sending it up. daemonrule is
malloc()ed by ipvs_start(). ipvs_start() can bail early if it
can't communicate with ipvs. Neither place which call
ipvs_start() check the return value, allowing them to walk
straight into a NULL pointer deref. (jsgh)
* check : Without inhibit_on_failure on a real_server, when the
server is marked down existing TCP connections to it are simply
blackholed. Hence inhibit_on_failure: by setting the weight to
zero no new connections are sent to that server, but because the
server isn't completely removed from the table existing
connections are allowed to continue. The same problem exists
with sorry_server. When a real_server comes back up the
sorry_server is removed from the pool and existing connections
are blackholed. Instead of continued service, which may usually
be a fast response indicating overload, the client must engage
in a lengthy wait for the connection to time out. It would be
better in many cases to allow the sorry_server connections to
complete naturally. Luckily the code is structured well enough
that all is required to get this behaviour is to set the inhibit
member of the sorry_server structure, which is mostly just a
change to the config file parser. (jsgh)
* check : unify logging of RS and VS. This fixes the bug of
displaying a FWM service as [x.x.x.x]:0, where x.x.x.x is the
first RS of that service. (Alexey Andriyanov)
* check : unify connection options among checkers.
All the remote checkers (TCP, HTTP/SSL, SMTP) now have the
same set of connection options:
. connect_ip (new to TCP, HTTP)
. connect_port
. bindto
. bind_port (new)
. connect_timeout (new to SMTP)
All of them are optional with reasonable defaults. The patch
is designed for simplicity in adding a new option. Since the
connect_ip could be inequal to the RS address and, worse, the
same for all RSes, the endpoint is now logged as [RS]:rport,
not the [connect_ip]:connect_port. (Alexey Andriyanov)
* check : fwmark connection option. (Alexey Andriyanov)
* check : make SO_MARK a compile-time option.
(Alexey Andriyanov)
* check : documentation for generic connection opts.
(Alexey Andriyanov)
* check : random delay before doing the first check.
every RS check is registered with a random delay between 0
and vs->delay_loop seconds. It helps avoiding multiple
simultaneous checks to the same RS server. (Alexey Andriyanov)
* vrrp : Fix sync of interface status flag when using VMAC
interface. There is a chance that the VMAC interface status
flags (up/down) could be different from the base interface flags.
This patch will only change the VMAC interface status flags when
the base interface is changed. (Jonas Johansson)
* vrrp : Let only base interface change the VMAC interface status
flags. The interface status flags for a VMAC interface shall
only be changed by the base interface, never by reading the
actual VMAC interface flags. (Jonas Johansson)
* vrrp : Fix initial interface status flag value for VMAC
interface. In commit a05a503, "vrrp: Fix sync of interface
status flag when using VMAC interface", no inital value for the
VMAC interface status flag was set. Due to that the VMAC interface
flags shall follow the base interface, the base interface status
flags value shall be copied to the VMAC interface status flags
after the VMAC interface has been created. (Jonas Johansson)
* vrrp : Proper restore of VMAC interface properties on SIGHUP.
On SIGHUP the VMAC flag and base ifindex for a VMAC interface was
lost. (Jonas Johansson)
* vrrp : Revert "Honor preempt_delay setting on startup.".
This commit resulted in two individual bugs:
1) A keepalived instance coming on-line would not transition to
MASTER state until the preempt_delay duration had passed, even
though there was no already existing VRRP speaker in MASTER
state on the link. In other words, it changed the semantics of
preempt_delay from a delay that only took place before
*preemption* of another VRRP speaker, to a delay that
unconditionally took place after Keepalived came online. The
keepalived.conf manual page has always documented the former
meaning, which is also IMHO the only one that you would
intuitively expect.
2) The preempt_delay was applied when a Keepalived process was
reloading its configuration following the recipt of SIGHUP.
If the Keepalived instance was in MASTER state before the
reload, it would cease transmitting VRRP hellos for the
duration of preempt_delay, but *not* actually remove the
virtual addresses from the network interfaces. This in turn
resulted in any backup VRRP speakers on the links transition
to the MASTER state while preempt_delay was still in effect
on the original MASTER that was reloaded, thus creating a
service-impacting split-brain scenario where the virtual
addresses are present and active on multiple VRRP speakers
(Tore Anderson)
* vrrp : fix ip_address comparison. Extend IP_ISEQ() macro to
take care of NULL addresses. This issue end on SEGV while
using virtual_route. thanks to Tore Anderson for reporting.
* vrrp : fix double close issue (DROP_MEMBERSHIP & netlink
channel). This is a old pending 'bug', not arming at all
but just frustrating to see again and again this log message :
"cant do IP_DROP_MEMBERSHIP errno=Bad file descriptor (9)"
What the hell ! it was due to a double close during reload &
stop procedure. VRRP fd are stored in a socket pool and use
the I/O MUX to handle VRRP traffic. While reloading or stopping
the daemon the I/O MUX was released first and secondly socket
pool. The issue spotted here, in thread_destroy_master() all
pending thread are canceled and read/write fds related are
close(). Well OK a close on a mcast socket perform kernel side
the DROP_MEMBERSHIP when needed, but it is much more clean to
perform proper operations userspace ! This patch sequencely
cancel pending thread, release socket pool and finally
destroy master thread. Same 'issue' appear in netlink channel.
2014-02-08 Alexandre Cassen <>
* keepalived-1.2.12 released.
* lib: Fix reallocation issue introduced in last merge.
2014-01-28 Alexandre Cassen <>
* keepalived-1.2.11 released.
* ipvs: make nlerr2syserr libnl dependent. nlerr2syserr()
is only used when libnl is present... simply reflect this in
* Fix libnl/libnl-3 logic in configure script.
This patch causes the configure script to prefer libnl-3 over
libnl(1). The configure script will first check for libnl-3 and
libnl-genl-3. If both are found, use them. If not, check for
libnl(1). This is useful when building on systems that have both
libnl-3 and libnl(1) installed. It also fixes some redundant
libraries in LIBS.
* libipvs: libnl-3 include fix.
* lib: extend command lib string parser.
Extend cmd_make_strvec to support quoted string as a single slot
and commented string at the end of parsed string.
* lib: cosmetics at command.c.
Extend command framework to support logger and remove some dead
code. some cosmetics too.
* lib: extend vty to support logger.
* autoconf: better libnl3 detection.
* Fix memory allocation in parser. The set_value function was
incorrectly using sizeof (char *) when allocation and reallocating
* Fix memory allocation for MD5 digest.
The vrrp_in_chk_ipsecah and vrrp_build_ipsecah functions were
incorrectly using sizeof (unsigned char *) when allocating memory
for the MD5 digest.
* Fix memory leak in vty_read_config. If vty_use_backup_config
returns NULL, free any memory that has been allocated before
* Fix memory leak in check_include. The check_include function
should always free the allocated strvec.
* Check content length before allocating memory.
Since extract_content_length should return 0 if CONTENT_LENGTH is
not found in the buffer, this check should be done before
allocating memory. This avoids unnecessary malloc/free calls and
fixes a potential memory leak.
* Free memory if realloc fails in vty_out. If realloc returns NULL,
free the original memory before returning.
* Remove redundant close from vty_use_backup_config. The sav file
descriptor is closed after read, so there is no need to close it
again is chmod operation fails.
* Remove unnecessary netlink rtattr structures.
Both netlink_link_setmode and netlink_link_add_vmac have rtattr
structures that are no needed. The addattr_l function will handle
adding the rtattr to the message. Also, this patch removes
incorrect void pointer arithmetic when setting rta_len.
* vrrp: dont try to leave mcast group in unicast mode.
* vrrp: Release and refresh properly fd hash index.
Rehashing into the same loop as releasing is not really the best
idea... Reworked a little previous patch to properly release hash
entries related to the same instance and then hash it back on new
* vrrp: use configuration mcast group for leave message.
* vrrp: dont try to load ip_vs module when not needed.
2014-01-02 Alexandre Cassen <>
* keepalived-1.2.10 released.
* Jonas Johansson removed unused option character in getopt
* vrrp: disable TTL sanity check for unicast use-case.
In order to protect against any packet injection, VRRP provides
sanity check over IP header TTL. This TTL MUST be equal to
255 and means both sender and receiver are attached on the same
ethernet segment. Now with unicast extension this protection MUST
be disabled since VRRP adverts will mostly traverse different
network segments.
!!! WARNING !!! When using VRRP in unicast use-case in order to
protect against any packet injection the best practice is to use
IPSEC-AH auth method otherwise you are exposed to potential
attackers !
* Christian Albrecht fixed minor typo in man page
* Pim van den Berg work on libipvs-2.6 to sync with libipvs from
ipvsadm 1.27
* Pim van den Berg work add support to libnk >= 3. This address
following considerations :
* Pim van den Berg extended libipvs adding nlerr2syserr function
to translate libnl 3 errors to sys errors. In libnl 3 the return
codes have changed. nlerr2syserr translates the libnl 3 errors to
sys errors.
* ipvs: if libnl-3 is installed then check for libnl-gen-3. It is
mandatory to use generic netlink facilities in new libipvs. This
test is just here to ensure every needed libs are installed !
* Frank Baalbergen (I suppose github frankbb is you ?) fix
http checker. literal ipv6 addresses should be enclosed by
* vrrp: Frank Baalbergen add check on IFA_F_NODAD support.
* vrrp: fix unicast handling address selection. SjonHortensius
reported issue while testing unicast_peer. It wouldn't work
without adding the native_ipv6 flag. Removed this dependency !
since it not correlated with VRRP protocol version used.
* vrrp: extend ip parser to support default and default6.
When you are using virtual_routes you may want to use default
or default6 while configuring routes. Extended parser
accordingly !
* vrrp: take care of label while comparing IP addresses.
Label was not taken into account while comparing 2 IP
addresses, this can lead to a non deletion while stopping
daemon and some configuration changes have been done while
deamon running. This issue was reported by Stepan Rogov.
* vrrp: fix/extend gratuitous ARP handling.
multiple people reported issues where MASTER didnt recover
properly after outage due to no gratuitous ARP sent. VRRP
is a protocol designed to be used between node plugged on
the same layer2 in order to guarantee link failure is directly
linked to a protocol FSM handling (FAULT transition). With
current virtualization env quite every think can be virtualized
from host (VM) to network (vswitch). In some cases those
virtualized env offer a virtualized layer2 on which VRRP is
plugged and sometime forwarding or routing over this virtual
path can be broken.
I extended gratuitous ARP handling in 2 ways :
1) When a MASTER receive a higher prio advert it sends a last
advert before transiting to BACKUP state. The immediate
effect at remote MASTER side is to sollicite a gratuitous
ARP broadcast.
2) Add an optional support to periodic gratuitous ARP sending
while in MASTER state. By default it is disabled but one
can activate this feature by configuring keyword
"garp_master_refresh" in seconds in vrrp_instance block
(refer to keepalived.conf.SYNOPSIS).
* Frank Baalbergen fixed genhash. genhash can throw a
segmentation fault when not providing an argument
* Frank Baalbergen extended genhash code to support IPv6
* Frank Baalbergen extended genhash code to make url default
value /, same as curl/wget
* Frank Baalbergen extended genhash code to only use default
url when url is empty
* vrrp: Create configuration alias for unicast_src_ip keyword.
Add a new keyword more generic to specify VRRP packet source
IP address. This new keyword is "unicast_src_ip" and have
exactly the same scope as "mcast_src_ip".
* vrrp: unicast_peer addresses and VRRP instance MUST be of
the same family. VRRP low-level framework create socket
pool based on VRRP instance family. If you are using
unicast_peer, it is mandatory to use addresses of same family
as VRRP instance. You cant mix IPv4 and IPv6 addresses inside
same unicast_peer block. If you need to make it that way, you
MUST create a VRRP instance per family, eg: one with native_ipv6
for v6 unicast_peer and another for v4 unicast_peer.
* vrrp: extended unicast code to support IPv6 unicast_src_ip.
Add support to unicast IPv6 address for
{unicast,mcast}_src_ip keyword. vrrp instance saddr is now a
sockaddr_storage and src IPv6 address is set using cmsg ancillary
data pktinfo. TSource IP address selection is now generic and
can be IPv4 or IPv6.
* vrrp: fix vrrp socket sync while leaving FAULT state.
Well, this is a very, VERY old bug here. while leaving FAULT
state VRRP framework refresh instance socket fd_in & fd_out
and synchronize all VRRP instance bound to the same socket.
The patch refresh socket, it also refresh fd hashing ! which
better for later fault handling :)
* vrrp: Frank Baalbergen fix log-facility handling. log-facility
should be a required_argument
* vrrp: Support xmit VRRP packets from base VMAC interface.
Here is a merge of patch from Oliver Smith. Thanks for your
job and idea in here Oliver. Comments from Olivier :
This provides a new option to use in conjunction with the VMAC
functionality which will result in VRRP advertisements being
sent and received over the underlying interface (and therefore
having the source MAC of that interface rather than the VMAC
With this new functionality enabled, VRRP messages will not
affect the switch MAC address table since the non-unique VMAC
address is now used only for sending a gratuitous ARP, thereby
ensuring that in conditions of VRRP message loss, a probing
partner will not inadvertently take over traffic.
This also resolves issues where VRRP messages are not
successfully being seen on the VMAC interface as with the
new option, the underlying interface is also used to listen out
for VRRP messages.
* getopt: Make some arguments required
* vrrp: Frank Baalbergen add default case in getopt_long.
when starting keepalived with an option without an argument
that requires an argument keepalived should not be started.
* vrrp: VMAC code cleanup and extensions.
Remastered VMAC code. Interface base_ifindex is set by default
to interface ifindex during netlink probe. VMAC interface
base_ifindex is now set during VMAC allocation uppon success
interface creation. Detect if virtual_router_id is declared
after use_mvac keyword is invoked. Add some more log while
setting up and removing VMAC interface.
* vrrp: IPv4 & IPv6 multicast group tweaking.
Meno Abels extended vrrp framework to support customized
multicast addresses. The address could be set for ipv4 and
ipv6 in the global_defs config section using the keywords
vrrp_mcast_group4 and vrrp_mcast_group6.
There are some stupid switches which does a special processing
to multicast packets which causes packets drop from
queue overflows in environments which creates 100 and more
multicast control plane packets a second.
2013-11-10 Alexandre Cassen <>
* keepalived-1.2.9 released.
* Alexey Andriyanov fixed inaccuracy in VS_ISEQ macro.
* Alexey Andriyanov fixed hysteresis which could be >= quorum now.
* Alexey Andriyanov extended checker framework so that status_code
and digest can be set together.
* Alexey Andriyanov extended/fixed checker framework for better
SIGHUP support.
* Jonas Johansson fixed VRRP sync group by sending prio 0 when
entering FAULT state. This fix will send prio 0 (VRRP_PRIO_STOP)
when the VRRP router transists from MASTER to FAULT state. This
will make a sync group leave the MASTER state more quickly by
notifying the backup router(s) instead of having them to wait
for time out.
* Jonas Johansson extended VRRP VMAC interface flags (up/down
status) to follow base interface. When using a VMAC interface,
this fix will reflect the base interface flags, i.e. up/down
status, to the VMAC interface. This is useful when using sync
groups (in combination with VMAC) and a link for one of the
members in the MASTER sync group goes down. Before this fix,
this member will not detect the link fault, due to that the
VMAC interface always is UP regardless of the actual status of
the base interface, and the sync group will continue to be
MASTER as if nothing has happend. This fix will however reflect
the status of the base interface onto the VMAC interface, so if
the link goes down the member will transit to FAULT state, which
will make the sync group transit to BACKUP state.
* Jonas Johansson fixed VRRP wrong interface flags corner case.
If a link event arrives between the initial scanning for
interfaces and configuration file parsing, the VRRP instance
will enter an unrecoverable state. This fix will update the
interface flags even when the interface exists, not only for
the inital scan. Note that when all is up and running the link
events will be properly handled by netlink, so this fix only
fixes the special case when a link changes state during
* Jonas Johansson fixed VRRP to honor preempt_delay setting on
startup. If the preempt_delay is set we cannot yet transition
to master state. We must await the timeout of our preempt_delay.
The preemption delay is used when starting up, or rebooting, a
node which needs time to sort out its routing table (e.g., BGP
or OSPF) before it can assume the master role.
* Jonas Johansson extended VRRP code for faster sync group
* Jonas Johansson replaced popt with getopt. In a embedded
environment you might not want to have to add yet another
library dependency. This commit refactors parse_cmdline() to
use getopt_long() instead och popt.
* EyckWigo proposed to increase defaut socket buf size to handle
env with lot of IP addresses, Default is now set to 64K on netlink
* Guðmundur Bjarni Ólafsson fixed VRRP unicast code to allow
packet to be routed !
* Guðmundur Bjarni Ólafsson fixed VRRP checksum before computation.
When running in unicast mode with multiple peers, the checksum
was being calculated into itself for consequent peers, causing
incorrect checksums.
* Extended VRRP framework tweaking IPv6 VIP install by disabling
DAD algo and setting deprecated.
Lot of discussions have been made around those 2 topics. First
idea and initial patch where provided by Leo Baltus. This patch
fix the use case where VRRP VIPv6 are used in conjonction of IPVS
healthchecking. If deprecated flag is not set (which is the default
linux behaviour), then VRRP VIP can be used as source address of
healthcheking packet. Since this VIP address is also present, in
most use-cases, on realserver directly so return packets never reach
the healthchecker and hence no realserver was injected in IPVS table.
At the same time, I decided to merge Tore Anderson suggestion of
disabling Duplicate Address Detection algorithm. Tore's arguments
are nice ! Thanks Tore : Using the nodad flag has the following
1) The address becomes immediately usable after they're configured.
2) In the case of a temporary layer-2 / split-brain problem we can
avoid that the active VIP transitions into the dadfailed phase
and stays there forever - leaving us without service. HA/VRRP
setups have their own "DAD"-like functionality, so it's not
really needed from the IPv6 stack.
Acknowledgements to Mark Schouten and Frank Baalbergen for pushing
me by testing this features !
2013-09-05 Alexandre Cassen <>
* keepalived-1.2.8 released.
* Vincent Bernat fixed issue while pinging master agent.
The agent needs to be initialized to be able to change the
AgentX ping interval.
* Revisited the whole code to use posix declaration style.
* fixed some typos
* Created CLI core framework.
* Ryan O'Hara added option to prevent respawn of child process.
This patch adds a command-line option (--dont-respawn, -R) that
will prevent the child processes from respawning. When this
option is specified, if either the checker or vrrp child
processes exit the parent process will raise the SIGTERM signal
and exit.
* Ryan O'Hara removed duplicate command-line option code.
patch removes unnecessary code to process command-line
options. All options can be processed with a single while loop
that calls poptGetNextOpt. This patch also adds code to check
for errors while processing options. Note that errors encountered
while processing command-line options are fatal.
* Ryan O'Hara add support to usage generation by popt.
This patch uses the popt library to describe the command-line
options and print usage to stderr. This provides a more clear,
concise usage statement.
* Ryan O'Hara and I updated keepalived man page.
* Aleksei Ilin add flexible HTTP checker behaviour for HTTP GET
request's port settings. VirtualServer's port being specified
in HTTP GET request only if `VirtualHost` option is not defined,
otherwise used `VirtualHost` option itself.
* Ryan O'Hara fixed pointer arithmetic for VRRP packet.
When using IPSEC AH authentication, the pointer arithmetic used
to get the location of the VRRP packet is incorrect. The address
of the IPSEC header must be cast as (char *) in order to get
correct address of the VRRP packet. Without this patch,
vrrp_in_chk() will fail to verify incoming VRRP packets when
IPSEC AH is enabled.
* Ryan O'Hara fixed issue while loading SSL certificate.
This patch fixes a problem where keepalived will attempt to
load an SSL keyfile as a certificate, resulting in failure to
initialize SSL context.
* Ryan O'Hara refreshed GPLv2 license with last FSF file.
* junpei-yoshino fixed Library crypt is needed.
* Boon Ang fixed comparison of primary IP addresses.
If a router in the master state receives an advertisement
with priority equal to the local priority, it must also
compare the primary IP addresses (RFC 3768, section 6.4.3).
The code to handle this was comparing two IP addresses with
different byte-ordering, resulting in multiple routers in
the master state. This patches resolves the problem by
coverting the local primary IP address to network byte order
for the comparison.
* Henrique Mecking fixed memory leak in libipvs
* Robert James Hernandez fixed RETVAL by setting RETVAL for
status instead keeping RETVAL set to default of 0
* Robert James Hernandez fixed RETVAL by setting RETVAL for
catch all and so that it exits like all other matches in
the case
* Jan Pokorný fixed genhash to ensure CLRF{2} HTML body
separator won't slip.
* Jan Pokorný extended genhash. Generalize the hash algoi
parts, add SHA1.
This patch adds support for hash algo suite extension
with SHA1 being a first one to be available together with
a default MD5. The remaining change on the health-checker
subsystem side is to make analogous modifications and to teach
it to recognize the intended hash algorithm based on the length
of the digest (provided that extra care is taken that no two
algorithms will ever alias in this regard). Also the test
script for genhash was extended to conditionally use SHA1.
* Jan Pokorný cleaned up genhash code.
Access to the hash-specific context was simplified as I've
now checked some C guarantees regarding union/it's members
initial address vs. aligning so now extra inlined accessor
function is needed. This simplified the code a bit.
Also now the hash-specific object is directly pointed to by
SOCK object instead of carrying just the index to the table of
hashes and doing the respective access via a global again and
again. Next, I've concentrated some hash-related declarations
to the new hash.h file. This was mostly motivated by a need to
break the circular include dependency that have arisen. As a
consequence, part of the recent clutter I brought in was removed
again. Most of FEAT_SHA1 conditional compilation is here.
Previously separated table in main carrying the hash IDs to be
printed in the help screen was merged into the table carrying all
the other necessary information about the particular hashes.
* vrrp: Remi Gacogne fixed invalid use of sizeof.
* Pasi Kärkkäinen Add To header for SMTP alerts.
* vrrp: Robert Sander add IPv6 support for virtual_routes and
* Erik de Groot add support to LVS One-Packet Scheduling
(known as OPS). Typically RADIUS traffic comes from a limited
amount of clients and thus you have a very limited range of IP
tuples in action which will never expire. Issue with Keepalived
without this patch is that, although it correctly re-assigns
traffic when a real server dies, it will never re-assign traffic
back to the real server when it is restored. This is because
LVS creates virtual connections, for each IP tuple, that will
never time out as the clients keep sending traffic to the server.
With this patch is is possible to enable OPS for UDP virtual
servers which means LVS does not create virtual connections and
takes a new loadbalancing decision for each UDP packet. The
result is that a restored server now gets RADIUS traffic as
soon as LVS has taken it it back into the server pool.
* Willy Tarreau and Ryan O'Hara add the ability to use VRRP over
unicast. Unicast IP addresses may be specified for each VRRP
instance with the 'unicast_peer' configuration keyword. When
a VRRP instance has one or more unicast IP address defined,
VRRP advertisements will be sent to each of those addresses.
Unicast IP addresses may be either IPv4 or IPv6.
If you are planing to use this option, ensure every ip
addresses present in unicast_peer configuration block do not
belong to the same router/box. Otherwise it will generate
duplicate packet at reception point.
2012-08-29 Alexandre Cassen <>
* keepalived-1.2.7 released.
* vrrp: fix issue in while using vrrp_script.
Previous patch introduced by Ryan O'Hara about removing
shadow declaration was kind of too much hunting.
Removing element e in this block simply create inconsitency
in upper list walk. So resurected element declaration with e2.
* snmp: Mikhail Gaydamaka extended MIB and both vrrp and check
frameworkds to support routerId to var bind.
* snmp: Mikhail Gaydamaka fixed oid for vrrpSyncGroupStateChange
var bind.
* some cosmetics again and again.
2012-08-20 Alexandre Cassen <>
* keepalived-1.2.6 released.
* Rename global config data variable 'global_data'.
From Ryan O'Hara :
This patch renames the global configuration data
variable from 'data' to 'global_data'. Three reasons for
renaming this varibale:
- Fixes shadow declaration of 'data' in several locations.
- Is more consistent with other global data variables
(ie. vrrp_data, check_data).
- Functions like free_global_data and dump_global_data were
ignoring conf_data_t argument and using global variable
* Ryan O'Hara: Fix shadow declaration of 'vrrp_data' variable.
* Ryan O'Hara: Fix shadow declaration of 'check_data' variable.
* Ryan O'Hara: Remove shadow declaration of 'element e' in
* check: Avoid the use of kernel defines in libipvs userland
* vrrp: Correctly handle macvlan interface when config file is
re-loaded. From Bob Gilligan :
Testing with the 1.2.0 branch, bring keepalived up with a
vrrp_instance that is configured with use_vmac. Then delete
that vrrp_instance from the config file. Then tell keepalived
to re-read its config file with SIGHUP. The vrrp_instance will
be stopped, but the macvlan interface will remain. The obvious
fix would be to add code to call netlink_link_del_vmac() in
clear_diff_vrrp(). There's one problem with that: the code
needs the ifindex of the macvlan interface to delete it, but
that resides in the interface structure that was freed earlier
in the reload process. My fix is to add a field to the
vrrp_rt struct to remember the macvlan ifindex. This patch
addresses this problem plus two others that can occur in
reloading the config file: 1) If the vrrp_instance
configuration is kept, but the use_vmac entry is removed, the
macvlan interface will not be deleted; 2) If a vrrp_instance
with use_vmac is left unchanged, the code will attempt to
re-create the macvlan interface, but this will fail and the
program will end up not using the macvlan interface.
* vrrp: VRRP should notify other routers before it does any
action that effects traffic flow. From John Southworth:
Move the shutdown_vrrp_instances code to before the deletion
of sock_pool. Move sending priority 0 adverts to before address
removal occurs
* vrrp: From John Southworth: Stop timers before shutting down
vrrp instances. This is to avoid a possible condition where
a priority 0 advertisement is sent and before the master
thread is killed another advertisement can be generated and sent.
* vrrp: Change when socket fd's are freed.
From John Southworth:
Priority 0 advertisements were not being sent as desired on
config reload. This was causing long delays on manually failed
over instances. The socket pool was being freed too early, as a
result the file descriptor for the socket was no longer valid at
the time the priority 0 advertisment was attempted.
* vrrp: Added a separate timeout parameter for vrrp_script checks
From Jonathan Harden:
I've added a timeout parameter to the vrrp check scripts which
allow you to have the check timeout different to the interval.
When no timeout has been specified the interval is used (which
mimics the current behaviour). To explain the reasoning: We
wanted to have check scripts time out faster than our check
interval. Doing the check we need to perform is a little load
intensive and so we don't want to perform it every few seconds.
With this patch we set an interval of 60 seconds but a timeout
of 5 seconds (if the check takes more than a few seconds then
the service is not working correctly).
* Extended vector lib for futur work
* some cosmetics.
2012-08-13 Alexandre Cassen <>
* keepalived-1.2.5 released.
* Merge SNMP support from Vincent Bernat.
* SNMP is not compiled nor activated by default.
* Updated autoconf script
* Created Keepalived MIB
* Integration of NetSNMP into main scheduling loop
* vrrp: Most internal data can be queried with SNMP.
* check: Most internal values can be queried using SNMP.
The main exception is the ability to query checkers
which is not present.
* check: SNMP support for IPVS stats. IPVS stats are
exported with SNMP. A cache is used to avoid to query
the kernel too much.
* Created core framework for SNMP trap
* vrrp: SNMP traps are sent when instance state changes
and when sync group state changes
* check: SNMP traprs are sent when real server state changes
and when virtual server quorum state changes
* vrrp: add support to write/update operations from SNMP.
Write/update support is available for changing the base priority
and for changing instance preemption.
* check: add support to write/update operations from SNMP.
Write support is available for changing the weight of a real
* workaround for AgentX ping blocking Keepalived. When establishing
AgentX session with the master agent, we setup low timeout and
retries values. If the master agent is blocked, we will wait for
less than 1 second for them and therefore, there will be no
disruption for VRRP.
* Copyright update
* some cosmetics.
2012-07-27 Alexandre Cassen <>
* keepalived-1.2.4 released.
* Please look at git repo for credits.
* remove CR from manpage
* check: fix pid display in syslog messages
* vrrp: better documentation of the limitation on password
* cosmetics to be pleasant with GCC4
* Update autoconf script to properly detect VRRP VMAC
* security: Fix exploitable issue in sighandler !
* Add datarootdir to files.
* Fix logging to console.
* Remove newlines from log_message calls.
2012-07-13 Alexandre Cassen <>
* keepalived-1.2.3 released.
* Please look at git repo for credits.
* VRRP : allow group to use priority with 'global_tracking'
group keyword
* VRRP : Adjust TOS values. The TOS value used by other
vendors is ip precedence 6, so change that. Use socket
priority option to force packets into band 0 of pfifo_fast.
* VRRP : Fix sync-group thrashing.The sync group implementation
was not very robust. If one synced instance lost communication
without going to fault state then all synced intances would
transition to master. Following this all instances would
transition back to backup because they heard higher priority
advertisements. This thrashing would continue indefinitely.
To fix this the sync-group code was made to prefer backup state.
That is, the sync-groups don't sync to master state unless
every instance wants to be master.
* VRRP : Fix dst lladdr in IPv6 Unsollicited NA.
* VRRP : fix pid display in syslog messages.
* Fix configure script to correctly identify kernel version.
* check : handle unspecified sockaddr_storage when comparing
* VRRP : ensure VRRP script interval and GARP delay is not 0.
* check: ensure non 0 default values for timeouts.
* VRRP : Fix priority not changing on reload.
* check : Fix IPv4 address comparison routine.
* Don't use bind() with AF_UNSPEC.
* check : enable the use of fwmark with IPv6 virtual servers.
* Fix modprobe arguments.
* Fix double ntohs() in SMTP checker.
* Pretty-print IP:port as [%s]:%d.
* check : keep retry in case of early TCP failures in checks.
* when specifying an IPv6 range, range is hexadecimal value.
* Only define kernel types for ip_vs.h header to avoid problems
when loading other headers.
* When respawning VRRP or check process, use LOG_ALERT.
* Do not set reload flag in the main process.
* Set correct rights on PID file.
* fix 'gratuitous' typos.
* ipvs: don't include linux/types.h or asm/types.h.
* configure: check for nl_socket_modify_cb for libnl.
* configure: don't check for IPVS support with kernel 2.6.x.
* VRRP : On shutdown, release sockets later to be able to send
shutdown packet.
* fix documentation on linkbeat_use_polling keyword.
* Fix a typo for healthchecker.
* fix syslog message if bogous vrrp packet (wrong auth type)
* manpage update.
2011-01-09 Alexandre Cassen <>
* keepalived-1.2.2 released.
* IPv6 : extended autoconf script to support libnl detection.
IPv6 IPVS kernel subsystem is reachable through
generic netlink configuration interface.
* IPv6 : Enhanced libipvs-2.6 to support generic netlink
configuration interface. If generic netlink is
available with kernel then it will be the
prefered path to configure IPVS.
* IPv6 : Enhanced the whole checker API to use
* IPv6 : Enhanced the whole core framework to use
* IPv6 : Enhanced all checkers to use sockaddr_storage.
* fixed a long time pending issue in all checkers. If
first connection attempt to remote peer was failing
no more check was performed to service... Up on error
connecting remote peer simply register a new timer for
next check. This is specially needed in IPv6 context
where a unreachable host can be reached at delayed time.
* code clean-up: revisited the code to use more POSIX
compliant declaration. thread typedef to use thread_t
instead. revisisted checker framework to use POSIX typdef
2010-12-08 Alexandre Cassen <>
* keepalived-1.2.1 released.
* Vincent Bernat <bernat <at>>:
VRRP: Fix incorrect computation for packet size
* Vincent Bernat <bernat <at>>:
VRRP: handle passwords up to 8 characters
* Vincent Bernat <bernat <at>>:
When updating weight, check quorum state.
MISC check can update the weight of a real server. This
can lead to a change in quorum state.
We factor out quorum handling from perform_svr_state()
into a new function update_quorum_state() that will check if
the quorum state changed and if yes, update sorry server status,
exec quorum commands and add back or remove alive real servers
(with existing function perform_quorum_state()).
This patch is mostly cut'n'paste and adding a call to
update_quorum_state() in update_svr_wgt(). We also make
perform_svr_state() and update_quorum_state() almost symmetric.
* Vincent Bernat <bernat <at>>:
Fix an infinite loop in master transition with sync groups.
This patch is from Arjan Filius. See:
When transitioning to master state, keepalived might try to
force transition to master state of other VRRP instances into
the same group before their transition is complete. This leads
to an infinite loop with huge VRRP trafic.
* Vincent Bernat <bernat <at>>:
VRRP : Use VRRP_PRIO_DFL instead of 100 for default priority.
* Vincent Bernat <bernat <at>>:
Use netpacket/packet.h instead of linux/if_packet.h to get
linux/if_packet.h pulls linux/types.h that should not be used
by a userland program since types defined here can conflict
with stdint.h. We use netpacket/packet.h which is a GNU LibC
* Vincent Bernat <bernat <at>>:
Keep current weight on reload when initial weight is not
Weight can be changed by MISC_CHECK when using dynamic option.
In case of reload, the change is lost until the script runs
again. We record the initial weight in a separate variable and
use it to check if a real server has changed instead of using
the actual weight.
* Vincent Bernat <bernat <at>>:
VRRP : disabled scripts and initially good scripts should be
considered as OK.
When a script is not weighted, its failure will lead to a
failure of the associated VRRP instance. However, disabled
script and scripts that are initially good (after a reload)
should be considered as successful and not make the instance
fail. Moreover, a disabled script should not be used when
computing script weights.
* Vincent Bernat <bernat <at>>:
VRRP : more informative message when disabling a script due
to use of weights.
When using a weight for a tracked script, the script is
disabled. However, the warning message said that the weight
was ignored. We change the message to tell that the script is
ignored. Moreover, we don't change its weight since it can be
used in another instance, not in a SYNC group.
* Vincent Bernat <bernat <at>>:
check : include missing virtual server group name in a log
* Vincent Bernat <bernat <at>>:
configure: add a check for ETHERTYPE_IPV6.
ETHERTYPE_IPV6 defined in net/ethernet.h is pretty recent.
If absent, we hard-code the value into CFLAGS. This patch
requires regeneration of configure.
* Vincent Bernat <bernat <at>>:
check : update server weight in IPVS only if server is alive
and in the pool.
With inhibit_on_failure, a server can be in the pool and not
alive. We don't want to set the weight of an inhibited server
or a server in a virtual server whose qorum is not met yet.
* Vincent Bernat <bernat <at>>:
check: really add back inhibited server when quorum is gained
A previous change contained an erroneous check to add back
alive servers when quorum state was gained. This check was
incompatible with inhibit_on_failure. When servers were added
back in the pool, the weight was not updated accordingly.
* Vincent Bernat <bernat <at>>:
check : update server weight despite quorum when no sorry
In absence of a sorry server, the logic is to not use quorum
except to run commands when quorum is gained or lost. This
means that if a MISC check modifies the weight of a server
and there is no sorry server, we do not consider quorum.
2010-05-31 Alexandre Cassen <>
* Branch 1.2.0 created. This branch will host all new
developments on Keepalived. New code will be added
in here only.
* VRRP : Add support to IPv6 protocol. The global framework
has been extended to support this branch new family !
* VRRP : Implement IPv6 Neighbour Discovery protocol (NDISC).
In IPv6 gratuitous ARP doesnt exist since ARP is IPv4 only.
NDISC can provide the same feature by sending so called
Unsolicited Neighbour Advertisement. A node can send such a
protocol datagram in order to (unreliable) propagate new
information quickly (rfc4861.4.4). NDISC build an ICMPv6
message with taget link-layer address option, this option is
set icmp6_override flag to indicate that advertisement should
override an existing cache entry and update the cached
* VRRP : Extend ip address framework to be IPv4 and IPv6
independant. An ip address, as defined in framework, is
now {IPv4,broadcast} or {IPv6}. Use struct ifaddrmsg to
store and prepare netlink related operation. This clean-
-up the code.
* VRRP : Extend parser to support IPv6 declarations. IPv6
and IPv4 addresses can be configured inside the same
configuration block (eg: virtual_ipaddress or
virtual_ipaddress_excluded). An instance can run IPv4 and
IPv6 addresses at a time, this can be useful in dual-stack
env (since this will become certainly the most common use
case in the next years).
* VRRP : Extend netlink framwork to support IPv6 addresses
interactions (reflection/addition/deletion).
* VRRP : Extend finite state machine support IPv4 & IPv6
at a time.
* VRRP : Extend protocol helpers to support IPv6 multicast
related. AF_INET6 SOCK_RAW tweaking it done through
socket API instead of PF_PACKET header building... This
makes code cleaner.
* VRRP : Set default VRRP instance protocol to be IPv4.
you can use configuration keyword "native_ipv6" inside
vrrp_instance configuration block to specify that you
want to use IPv6 for VRRP multicasting protocol instead.
* VRRP : Extend socket option related helpers to support
IPv6 specifics.
* VRRP : Extend protocol scheduler and dispatcher to
support IPv6.
* VRRP : Extend socket pool to keep track of socket
* VRRP : Cleanup protocol offset pointer by removing
duplication code...
* VRRP : some code clean-up...
2010-05-06 Alexandre Cassen <>
* keepalived-1.1.20 released.
* Vincent Bernat <bernat <at>> extended ip/route
framework to be able to add route or ip address if they
already exist.
* Vincent Bernat <bernat <at>> fixed broadcast
address display.
* Vincent Bernat <bernat <at>> extended genhash to
display an error when giving an incorrect IP address.
* Vincent Bernat <bernat <at>>: When parsing
"blackhole" route, also parse IP mask.
* Vincent Bernat <bernat <at>>:
On reload, destroy signal pipes before recreating them.
* Vincent Bernat <bernat <at>>:
Fix SMTP checker adding himself repeatedly in the list of
failed checkers.
* Vincent Bernat <bernat <at>>:
Handle non-existant default interface in VIP definition.
* Vincent Bernat <bernat <at>>:
Remove alive real servers when quorum is lost.
* Vincent Bernat <bernat <at>>:
Fix a segfault when a virtual_server is empty.
* Vincent Bernat <bernat <at>>:
Add real servers to new member of a virtual server group
on reload.
* Vincent Bernat <bernat <at>>:
Keep previous effective VRRP priority on reload.
* Vincent Bernat <bernat <at>>:
Fix VRRP script not running any more after reload.
* Vincent Bernat <bernat <at>>:
On reload, keep status for all VRRP scripts.
* Removed IPVS Kernel 2.2 support
2009-10-01 Alexandre Cassen <>
* keepalived-1.1.19 released.
* Cosmetics changes.
* Vincent Bernat <bernat <at>> fix a segfault
when there is no real server for a virtual server.
* Vincent Bernat <bernat <at>>, Willy Tarreau
and I finally fixed SIGCHLD handling upon reload.
* Vincent Bernat <bernat <at>> fix VS_ISEQ macro.
* VRRP : Kimitoshi Takahashi <ktaka <at>>
fixed nopreempt from FAULT state. The owner of higher
priority in FAULT state shouldn't preempt current MASTER
when it's recovering, if the nopreempt option is set.
2009-09-24 Alexandre Cassen <>
* keepalived-1.1.18 released.
* Fixed compilation warnings
* Updated autoconf kernel version detection. Created a new
configuration option to force kernel versioni selection.
This option can be useful for crosscompilation:
* Updated media link failure detection strategy. Kernel
linkwatch has been around for long time so set it as
default strategy. Alternatively you can choose to use
MII BSMR polling strategy by adding new keyword
'linkbeat_use_polling' in your configuration file.
* Vincent Bernat <bernat <at>> fixed ip_vs.h includes.
* Removed vrrp_running and check_running test since it is
already performed by keepalived_running.
* Properly handle father pidfile handling.
* fixed reload handler to properly print out PID.
* Willy and I fixed a signal handling issue while reloading
daemon. A dereferencing master thread issue leading to a
segfault, so that reload was seen as a restart because it
was respawned by keepalived father process.
* Willy fixed a missing UNSET_RELOAD declaration leading to
a potential infinite loop while performing reload.
* Vincent Bernat <bernat <at>> fixed initial value
of quorum state on startup and reload. Fixed sorry server
removal to consider quorum state.
* VRRP : Add missing notify calls while entering FAULT state.
* VRRP : Willy added support to delayed script check launch
(up and down). It defines "rise" and "fall" keywords. "fall"
defines the required number of failures to switch in KO mode,
"rise" defines the number of sucesses to switch in OK mode.
* VRRP : Fixed an IP_DROP_MEMBERSHIP issue while performing
reload. vrrp socket pool is released at first.
2009-03-05 Alexandre Cassen <>
* keepalived-1.1.17 released.
* Fixed low-level scheduler timer computation to take care to
monothonic computation. Select returns if timer is null!
* VRRP : Fixed vrrp script initialization to use event thread
instead of timer thread so that script no longer need to
wait until first polling timer fired.
* VRRP : Willy and I fixed MII media link failure detection
to test SIOCGMIIREG call before fetching BMSR.
* VRRP : Resurected VRRP_STATE_GOTO_FAULT. This state is
really needed to speed-up convergence and prevent against
any issue while using vrrp_sync_group.
2009-02-15 Alexandre Cassen <>
* keepalived-1.1.16 released.
* Code clean-up.
* Stefan Rompf, <> extended scheduler to
synchronize signal handling by sending the signal number through
a self pipe, making signals select()able. Child reaping has been
moved to a simple signal synchronous signal handler. Signal
shutdown handling has been centralized.
* Denis Ovsienko, <> extended healthchecker
framework to support alpha/omega design. It provides virtual
service control in a more fine-graned maner. You may have a
look to the SYNOPSIS file to have full picture on configation.
It addresses the following issues :
- A virtual service is considered up even with an empty RS pool.
- There is no reliable mean to avoid service regression, when
the server pool becomes too small.
- There is no mean to escalate any of the above fault/recovery
- Real servers are assumed alive initially. This leads to
unnecessary state flap on keepalived start.
- notify_down isn't executed for working real servers on
keepalived shutdown.
- There is no reliable mean to handle keepalived stop to move
the virtual service over another load balancer.
* Stephan Mayr, <> fixed default value for
checker loop... a missing TIMER_HZ.
* Merge keepalived.init.suse.
* Robin Garner, <> added support to
--log-console facility.
* Tobias Klausmann, <> fixed an openfile
leak while performing reload.
* Leo Baltus, <> extended pidfile handling
to allow keepalived to start using configurated pidfile.
* VRRP : Siim Poder, <> fixed IPSEC AH auth
to skip IPv4 id field of zero. If zeroed kernel will fill it
and lead to an unwanted protocol re-election.
* VRRP : Siim Poder, <> fixed reloading issue.
New ip addresses are added (from configuration). State is kept
instead of starting from whatever is in configuration file.
If prios are changed in such a way, state change can occur after
* VRRP : Vincent Bernat, <> extended virtual_route
to support virtual "black hole" route as well as multihop route.
* VRRP : Stig Thormodsrud, <> fixed a crash while
using virtual_router_id set to 255.
* VRRP: Jon DeVree, <> fixed arp handling to
to initialize the target hardware address, using 0xff as found
in arping. Let scripts work without dealing with weight, if the
script fails, VRRP fails.
* VRRP : Pierre-Yves Ritschard, <> removed
the GOTO_FAULT state from FSM.
* VRRP : Willy Tarreau, <> fixed link detection handling
to support right ioctl values for recent kernel ! It can lead
to issue while running instance on a bonding interface.
* VRRP : Willy Tarreau, <> extended scheduler to catch
time drift. It implements an internal monotonic clock. It
maintains an offset between sysclock and monotonic clock, if
computed time if anterior to monotonic time then just update
offset. If time computed if fare away into the future then
limit delay and recompute offset.
* VRRP : Willy Tarreau, <> fixed autoconf issues.
2007-09-15 Alexandre Cassen <>
* keepalived-1.1.15 released.
* Matthias Saou, <matthias at> fixed genhash
Makefile for man page installation.
* Casey Zacek, <keepalived at> provided a patch
to check_http to remove buffer minimization while processing
stream. It appears some webserver cause healthchecker crash.
* Chris Marchesi, <chris.marchesi at> provided
a patch for better handling of SSL handshake errors.
* Shinji Tanaka, <stanaka at> fixed parser "include"
directive to support declaration inside configuration directives,
like including file inside vrrp_instance declaration.
* Andreas Kotes, <count at> fixed HTTP healthchecker
while handling MD5SUM result. It appears checker never removed
realserver on MD5SUM mismatch !!! whats that crap.
* VRRP : Willy Tarreau, <w at> fixed a missing notifications
upon transition from fault to backup.
* VRRP : Add support to route metric in virtual_routes definition.
2007-09-13 Alexandre Cassen <>
* keepalived-1.1.14 released.
* Shinji Tanaka, <stanaka at> extended parsing
framework to support "include" directives. For more
informations and documentation please refer to Shinji
website :
* Tobias Klausmann, <klausman at> add error loggin
while parsing configuration file.
* Merged patches from on Makefile and redhat specfile.
* Create a goodies directory to store nice scripts received from
users. Add Steve Milton (milton AT arpreset script
to delete a single ARP entry from a CISCO router.
* VRRP : David Woodhouse, <dwmw2 at> fixed vrrp_arp
* VRRP : Pierre-Yves Ritschard, <pyr at> fixed negative
weights in script.
* VRRP : Michael Smith, <msmith at> extended
virtual_ipaddress setting to support Old-style Linux interface
aliases like eth0:1.
* VRRP : Ward Wouts, <ward.wouts at> add support to
vrrp_script logging.
2006-10-11 Alexandre Cassen <>
* keepalived-1.1.13 released.
* VRRP : Added a new notify script to be launch during vrrp
instances shutdown. This new notify hook is configured
using notify_stop keyword inside vrrp_instance block.
* VRRP : Willy Tarreau <w at> fixed an errno issue in
thread_fetch(), errno is lost during set_time_now(). This
patch saves it across the call to set_time_now() in order
to get the valid error.
* VRRP : Willy Tarreau <w at> extended timer framework
to save errno in timer_now() and set_time_now() just in
case other functions do not expect these functions to modify
it. This is a safer approach than the initial patch to
thread_fetch(), while still compatible.
* VRRP : Willy Tarreau <w at> fixed an FSM silent issue.
By default, the VRRP daemon stops sending during new MASTER
elections. This causes 3 to 4 seconds of silence depending on
the local priority, and sometimes causes flapping when the
differences in priorities are very low, due to the kernel timer's
resolution : sometimes, the old master receives a first
advertisement, enters backup, waits 3 seconds, sees nothing and
finally becomes master again, which forces a new reelection on
the other one.
* VRRP : Willy Tarreau <w at> extended VRRP framework to
support floating priority. Replace the priority in each
vrrp_instance with a base priority and an effective priority,
to prepare the support for floating priorities. The configuration
sets the base_priority, and all comparisons use the new
effective_priority value. This one is computed in the
vrrp_update_priority() thread by adding an offset to base_priority,
based on the result of various checks.
* VRRP : Willy Tarreau <w at> extended notify script to add
the priority in "$4" when calling a notify script. This is
important in labs and datacenters when systems can display the
priority on a front LCD, because it allows workers to carefully
operate without causing unexpected reelections.
* VRRP : Willy Tarreau <w at> extended interface tracking
framework to let interface tracking change the priority by adding
a "weight" parameter. If the weight is positive, it will be added
to the priority when the interface is UP. If the weight is negative,
it will be subtracted from the priority when the interface is down.
If the weight is zero (default), a down interface will switch the
instance to the FAULT state.
* VRRP : Willy Tarreau <w at> added a new "vrrp_script" section
to monitor local processes or do any type of local processing to
decide whether the machine is in good enough health to be elected
as master. A same script will be run once for all instances which
monitor it. If no instance use it, it will not be run, so that it's
safe to declare a lot of useful scripts. A weight is associated to
the script result. If the weight is positive, it will be added to
the priority when the result is OK (exit 0). If the weight is
negative, it will be subtracted from the priority when the result
is KO (exit != 0). If the weight is zero, the script will not be
monitored. The default value is 2.
* VRRP : Willy Tarreau <w at> extended vrrp scheduler so that
when a VRRP is part of a SYNC group, it must not use floating
priorities, otherwise this may lead to infinite re-election after
every advertisement because some VRRPs will announce higher prios
than the peer, while others will announce lower prios. The solution
is to set all weights to 0 to enable standard interface tracking,
and to disable the update prio thread if VRRP SYNC is enabled on a
* VRRP : Willy Tarreau <w at> added some documentation and
examples for the brand new VRRP tracking mechanisms.
* VRRP : Ranko Zivojnovic, <ranko at> fixed vrrp
scheduler to execute notify* scripts in transition from the
failed state to the backup state.
* Nick Couchman, <nick.couchman at>, added support for
real server upper and lower thresholds. This allows you to set
a minimum and maximum number of connections to each real server
using the "uthreshold" (maximum) and "lthreshold" (minimum)
options in the real_server section of the configuration file.
* Chris Caputo, <ccaputo at> extended autoconf script
to support recent move of UTS_RELEASE from linux/version.h to
* Chris Caputo, <ccaputo at> extended ipvswrapper 2.4
code to support misc_dynamic weight.
2006-03-09 Alexandre Cassen <>
* keepalived-1.1.12 released.
* VRRP : Christophe Varoqui, <> extended
VRRP framework to use virtual_router_id as syncid in LVS mcast
datagram while using LVS syncd in VRRP instance.
* Kevin Lindsay, <> and Christophe Varoqui,
<> fixed SSL checker to properly
use openssl when dealing with asynchronous stream handling.
Kevin fixed asynchronous handling during connection stage
while Christophe fixed stream handling after connection stage.
* Kjetil Torgrim Homme, <> extended keepalived
spec file to cleanly compile on RedHat enterprise 3 and 4.
* Heinz Knutzen, <> fixed SMTP checker
to overwrite default_host while parsing configuration file.
A SMTP_CHECK without a "host" section should use the ip of the
current real server as default.
2005-03-01 Alexandre Cassen <>
* keepalived-1.1.11 released.
* Asier Llano Palacios, <> extended
autoconf script to support cross-compilation.
* Kevin Lindsay, <> and I fixed a
missing bitwise negation while removing signal from
global signal mask. Set this operation before handler
is called. This assume that bitwise negation is an
atomic code generated from compiler. Since gcc 3.3
this is true.
* VRRP : extended ipaddress and iproutes code to return
if vip or vroutes is referencing an unknown interface.
2005-02-15 Alexandre Cassen <>
* keepalived-1.1.10 released.
* VRRP : While restoring interface, release iproutes
before ipaddresses. Routing daemons needs that order
for netlink reflection channel.
* VRRP : Bin Guo, <> fixed a memory
leak while calling script_open.
* Kevin Lindsay, <> fixed some buffer
overruns, NULL pointer and dangling pointer references.
* Kevin Lindsay, <> redisigned signal
handling. When a signal occurs, a global signal_mask is
modified. In the main loop there is a checked to see if
the signal_mask has any pending signals. The appropriate
signal handler is then run at this time. This is to prevent
races when modifying linked lists.
* Kevin Lindsay, <> fixed shadowed
* Christophe Varoqui, <> and I
Extended libipvs-2.6 to support syncd zombies handling.
Since ip_vs_sync.c kernel code no longer handle waitpid()
we fork a child before any ipvs syncd operation in order
to workaround zombies generation.
* John Ferlito, <> and I Fixed a scheduling
race condition while working with low timers.
* Updated check_http and check_ssl to use non-blocking
* Fixed some race conditions while reloading configuration.
Prevent against list gardening if list is empty !
* Fixed recursive configuration parsing function to be clean
with stack. Only one recursion level.
* Some cosmetics cleanup in Makefiles.
2005-02-07 Alexandre Cassen <>
* keepalived-1.1.9 released.
* VRRP : Chris Caputo, <> updated keepalived manpage
for nopreempt and preempt_delay.
* VRRP : Fixed an issue while releasing vrrp socket pool... Just
release pool one time !
* VRRP : Fixed netlink framework to properly save netlink socket flags
while setting blocking flags.
* VRRP : Fixed a regression introduced with previous release while
hashing vrrp fd bucket into fd hash index.
* Patrick Boutilier, <> fixed an issue in the
extract_html function. Read the full html header.
* Chris Caputo, <> and I fixed compilation issue
while using --enable-debug configuration option.
* Extended both VRRP and Healthchecker framework to support
debugging flags.
* Removed the watchdog framework. Since scheduling framework
support child, we register a child thread for both process
VRRP & Healthcheck. When child die or stop prematuraly this
launch scheduling callback previously registered. Watchdog
is now handled by signaling.
(credit goes to Kevin Lindsay, <> for nice
* Some cosmetics cleanup.
2005-01-25 Alexandre Cassen <>
* keepalived-1.1.8 released.
* VRRP : Chris Caputo, <> added "dont_track_primary"
vrrp_instance keyword which tells keepalived to ignore VRRP
interface faults. Can be useful on setup where two routers
are connected directly to each other on the interface used
for VRRP. Without this feature the link down caused
by one router crashing would also inspire the other router to lose
(or not gain) MASTER state, since it was also tracking link status.
* VRRP : Chris Caputo, <> added "nopreempt" which
overrides the VRRP RFC preemption default. This replaces the
"preempt" keyword which was not fully implemented. "preempt" is
kept around for backward compatibility but is deprecated.
* VRRP : Chris Caputo, <> added "preempt_delay" which
allows one to specify number of seconds after startup until VRRP
preemption. (range 0 to 1,000 seconds) this is useful because
sometimes when a machine recovers it takes a while for it to become
usable, such as when it is a router and BGP sessions need to come
back up.
* Chris Caputo, <> made it so there is a useful "Date:"
in SMTP alert emails.
* VRRP : Chris Caputo, <>. In debug output log
gratuitous ARPs with actual IP addresses being ARPed.
* VRRP : Chris Caputo, <>. If started with
"--dont-release-vrrp" then try to remove addresses even if we didn't
add them during the current run, when it makes sense to do so.
* VRRP : Chris Caputo, <> added a missing
free_vrrp_buffer() during VRRP stop.
* VRRP : Kees Bos, <> fixed VRRP sanity check to perform
checksum computation over incoming packet and not local router
instance memory representation => Better to log 'invalid vip
count' instead of 'Invalid vrrp checksum' when the number of
configured vips differ in the master and backup server :)
* VRRP : Release socket pool during daemon stop and reload
* VRRP : Refresh socket pool during reload
* VRRP : Extended netlink framework to support blocking
operation. During initialization, set blocking netlink channel
to wait responses from kernel while parsing result. Kernel netlink
reflection are still handled using non-blocking.
* Jeremy Rumpf, <> added SMTP checker. It take
a special care of smtp server return code.
* Merged genhash man page
* Chris Caputo, <> added "misc_dynamic" to a
MISC_CHECK which makes it so a script can adjust the weight of
a real server.
* Fixed some assertion issue in memory framework.
* Use router_id instead of lvs_id in the global_def configuration
block (lvs_id kept for backward compatibility).
* Ronald Wahl <>, fixed declarations to be only
in includes files.
* Ronald Wahl <>, moved the definition of variables
to C files
* Ronald Wahl <> and I fixed scanning for header/body
separator in HTTP protocol
* Ronald Wahl <> replaced memcpy by memmove where source
& destination may overlap
* Extended checker API to only register checkers when checker callback
is defined.
* Jacob Rief, <> fixed openlog to take care
of configured log facility.
* Move in_csum to util file.
* Extended libraries to support some new facilities (list and vector).
* Extended scheduler I/O to use timer decalred on the stack.
* Some cosmetics changes.
2004-04-05 Alexandre Cassen <>
* keepalived-1.1.7 released.
* Jacob Rief, <> added target tarball into
root Makefile to facilitate packaging (rpm & tarball).
* Jacob Rief, <> and I unified version
handling. Now only the root file VERSION is used by configure
included into the VERSION_STRING that reflect the building
date into the version banner.
* Andres Salomon, <> wrote the genhash manpage.
* VRRP : Added ipvs_start() and ipvs_stop() calls during vrrp child
start and stop stage.
* Added some assertion test in memory framework to not allocate
bucket if no more place. This option is only used if compiled
with debug flags.
* Some cosmetics patch in Makefiles and autoconf script.
2004-02-23 Alexandre Cassen <>
* keepalived-1.1.6 released.
* VRRP : Fixed scheduling timer update. Global scheduling timer is
updated before each thread registering and after scheduling I/O MUX.
Since is needed to take care of scheduling jitter introduced by
overhead (VRRP is using low low timer so more sensitive to overhead).
Thanks to Nathan Neulinger, <> for his quick feedback
debugging time.
* VRRP : Nathan Neulinger, <> updated vrrp dropping
strategy to not reply to incoming bogus adverts. Since this can
introduce flooding loop, bogus adverts are now simply silently
* VRRP : Fixed a linkbeat issue while polling NIC flags.
* Updated autoconf and Makefile to support 2.6 kernel IPVS code. For
code readability, created 2 differents libipvs for 2.4 and 2.6 kernel
. Fixed autoconf generated warning.
* Extended ipvswrapper to support shared buffer user rule. This
increase performances by limiting memory allocation. OTOH, created
two new ipvs helpers ipvs_start & ipvs_stop to initialize ipvs
* Andres Salomon, <> made some cosmetics update
in Makefiles to support $(DESTDIR) and $(BIN)/$(EXEC) path split.
2004-01-25 Alexandre Cassen <>
* keepalived-1.1.5 released.
* Joseph Mack, <> wrote keeplived manpages
in doc/man/man5/keepalived.conf.5 and doc/man/man8/keepalived.8.
* VRRP : Tsuji Akira, <> fixed a length
issue while testing password field for auth_pass method.
* VRRP : Willy Tarreau, <> fixed a quick loop
in the watchdog timer thread.
* VRRP : Willy Tarreau, <> extended scheduler
to support stable scheduling time. There is now, only one
time source updated before and after scheduling event. This
solve sliding timer observed on some env, also known as
periodically flapping issue (sometime a VRRP election is
* VRRP : Willy Tarreau, <> updated the default
media link failure detection strategy to perform a ioctl
ifflags even if NIC driver are supporting MII or ETHTOOL.
Some buggy drivers need this. Anyway the linkwatch patch
still the best solution to support efficient and scalable
media link failure detection.
* Some cosmetics clean-up, removed some dead files, updated
autoconf and Makefile prototypes to support dependencies
libs like kerberos for RedHat/Fedora distro. To compile
keepalived properly on redhat 9 box, for example, run :
export CPPFLAGS="-I/usr/kerberos/include" && ./configure
Renamed keywords lb_kind to lvs_method and ld_algo to
lvs_sched. For compatibility reasons, old keywords are still
2003-12-29 Alexandre Cassen <>
* keepalived-1.1.4 released.
* Refresh autoconf script to use autoconf 2.5.
* Extended the autoconf script to support linkwatch kernel
* To work-around the SMP forking bug, added support to two
new daemon starting options :
--vrrp -P Only run with VRRP subsystem.
--check -C Only run with Health-checker
Those options extend daemon design to support VRRP &
heathchecking subsystem selection. You can now run
two Keepalived daemon one invoqued with --vrrp and
the other with --check. That way we workaround the
forking issue by running one daemon per subsystem.
* Tiddy cleanup in the daemon code.
* VRRP : Extended the link media failure detection to support
asynchronous NIC MII polling. The design use now, one
dedicated polling thread per NIC. This reduce scheduling
jitter by this way.
* VRRP : Added support to kernel linkwatch subsystem. This
patch that you will find a copy on the Keepalived website
for the kernel 2.4 branch, provides kernel netlink broadcast
events drived by NIC link media state event. That way
we move from a polling design to an event design. Link
events are received throught a kernel netlink broadcast
socket in the userspace land. So, NIC media link failure
detection is now provided by kernel netlink reflection.
You can read the paper attached with the patch for
indepth explanations.
* VRRP : fixed timer computation to prevent against negative
2003-09-29 Alexandre Cassen <>
* keepalived-1.1.3 released.
* Stephan von Krawczynski, <> extended ip
address framework to support broadcast address selection.
* Extended the scheduling framework to support plain 'long'
timer. Visited the layer4 framework to support this new
scheduling scheme. Reviewed the checkers and VRRP framework
to support long timer.
* VRRP : Removed the timer micro adjust call. Its use is
obsolete with the new scheduling 'long' timer support.
* Jacob Rief, <> and I added support
log level selection for main daemon. A new command line
argument has been created :
--log-facility -S 0-7 Set syslog facility to
LOG_LOCAL[0-7]. (default=LOG_DAEMON)
* Extended the HTTP checker to support non blocking read
while processing stream. NONBLOCK flags is set before
read operation to catch EAGAIN error.
* VRRP : Diego Rivera, <> and I fixed a
notify issue while building notify exec string.
* VRRP : Diego Rivera, <> and I extended
FSM to support BACKUP state notifiers and smtp_alert call
during VRRP initialization.
* Jan Vanhercke, <> and I extended
scheduling timer computation to support micro-sec second
overlap. Extended the whole scheduling framework to support
this scheduling scheme while computing thread timers.
* Fixed scheduling framework to support child thread timers
while computing global scheduling timer.
2003-09-07 Alexandre Cassen <>
* keepalived-1.1.2 released.
* Dominik Vogt, <> and I extended checker
framework to support multiple checkers per realserver.
Each checker own a uniq id, each realserver own a list
of checkers id. Realserver is considered down if one of the
checkers fails.
* Dominik Vogt, <> extended list library to
support free_list_element.
* Dominik Vogt, <> and I extended ipwrapper
to support multiple checkers test. Created a checker state
updater helper function to perform realserver state according
to checker state.
* Dominik Vogt, <> extended all checkers
code to support multiple checker design (to not perform
server state according a single checkers test).
* Tobias Klausmann, <> and I extended
layer4 framework to support socket binding to a specific
ip address before calling connect(). Extended the TCP, HTTP
and SSL checker to support binding selection, creating
a new checker keyword named "bindto".
look at doc/keepalived.conf.SYNOPSIS for more informations.
* VRRP : Extended the ethtool code to be selected only if
ETHTOOL_GLINK is available. This is useful for s/390 zSeries
users :) since zSerie 2.4 kernel doesn't support ethtool
* VRRP : Gatis Peisenieks, <> fixed IPSEC-AH
code to exclude ip header id filed while computing AH digest.
Fixed AH sequence number to be set in network byte order.
* VRRP : Fixed a bug in the static_ipaddress block that caused
a noisy crashing startup.
* VRRP : Kjetil Torgrim Homme, <> and I
fixed a daemon crash while reloading configuration due to a
vrrp_buffer not freed.
* VRRP : Review the watchdog calling location. watchdog listener
is reinitialized during a daemon reload.
* VRRP : Diego Rivera, <> extended notify
framework to support simple notify script call. Created a new
keyword "notify", for both vrrp_instance and vrrp_sync_group.
If configured, this notify script is called after FSM state
transition notify scripts.
look at doc/keepalived.conf.SYNOPSIS for more informations.
* Review the checker watchdog calling location like VRRP.
* Fixed code selection to exclude VRRP dependencies if code is
configured without VRRP framework.
* Extended memory lib free function to reset memory location to
* Diego Rivera, <> extended global parser
to support default handlers for lvs_id, smtp_server,
smtp_connection_timeout and email_from. default values are :
o lvs_id : box local name
o smtp_server : localhost
o email_from : uid@box_local_name
o smtp_connection_timeout : 30s
2003-07-24 Alexandre Cassen <>
* keepalived-1.1.1 released.
* VRRP : Fixed an issue while reloading configuration. Fixed
a dereferencing pointer.
* Fixed misc checker to perform server state according to
checker result !!!
2003-07-22 Alexandre Cassen <>
* keepalived-1.1.0 released.
* The release focus is : "High Performance"
* Name cleanup for the healthchecking directory. use check
instead of healthcheck to be in conformance with watchdog and
global software architecture.
* updated the SYNOPSIS file for documenting the table arg inside
virtual/static_routes declaration. You can set routes refering
to a specific TABLE-ID.
* Added a dummy debug var in the genhash declaration code to
support compilation when compilation is done with debug flag.
* Added a set flag inside the real_server declaration correctly
relfect the IPVS topology when inhibit_on_failure is used.
* fixed a daemon.h include depandency on signal.h
* VRRP : Added support to a global shared buffer for incoming
advert handling. A new buffer is no longer allocated each time
processing incoming advert, instead a shared room is used.
* VRRP : Added support to pre-allocated shared buffer for
outgoing adverts. Each vrrp instance use a 'one time'
allocated buffer instead of a 'all time' one.
* VRRP : Extended the socket pool design to support shared fd
for the outbound channel. Now, socket pool create a sending
socket and affect the fd returned to vrrp instances. This
forces instances to use a shared socket instead of creating
new socket for each outgoing adverts. The error detection
is based on the incoming socket, so that outgoing socket is
not created as long as incoming socket can not be created.
* Added support to netlink ipaddress as global keyword
look at doc/samples/keepalived.conf.static_ipaddress.
IP addresses specified into this block will be added during
daemon bootstrap and removed during daemon shutdown.
Differential conf parsing is enabled for this block,
removing/adding static_ipaddress can be done on the fly
sending SIGHUP signal to daemon.
* VRRP : Extended track_interface to support multiple interface
tracking. For those familiar with Nokia monitored circuit,
this extention provide the same functionality.
look at doc/samples/keepalived.conf.track_interface.
* VRRP : The VRRP instance lookup framework has been extended
to use a o(1) scheduling design. Rewrote the whole instance
lookup to use o(1) lookup instead of previous o(n^2). When
receiving incoming adverts vrrp_scheduler performs a lookup
over the VRID received to get local instance representation.
Since the internal instance representation is an non-sorted
linked list, then we run a lookup at o(n^2) complexity that
introduce lantency and scheduling jitter side effect when
runing large number of instances. To avoid this limitation
a static hash table of 255 buckets were created. Since
lookup is performed over VRID and since VRID is 8bit fixed,
then the hashkey will be VRID. In order to extend code the
hashkey is based on incoming fd too. Internally, a NIC is
represented by a 2 fds : sending socket and receiving socket.
Those fds are NIC specific so we are using them as a hash
table lookup collision resolver. With this design we can now
use the same VRID on different NICs. The collision design
is a linked list so lookup is o(n^2) but due to low number
of entries we can consider o(1) speed. But to reach best
perf, differents VRID on all instance must be used. The
design can be sumed by :
VRID hash table :
| 1 | 2 | 3 | 4 | 5 | 6 |.........| 255 |
| |
+---+ +---+
|fd3| |fd1|
+---+ +---+
This hash table is filled during configuration parsing and
VRRP instances are not duplicated but dynamically pointed
to optimize memory.
* VRRP : The VRRP synchronization group lookup has been
extended. During bootstrap a VRRP instance index is built upon
sync_group instance name. This extension speed up
synchronization since while synchronizing it perfoms the
instance index instead of lookup by instance_name. The
previous synchornization code has been rewritten to use this
'list visiting' design for FAULT/BACKUP/MASTER states
* VRRP : Optimized the vrrp_timer_vrid_timeout(...) to speed
up vrid lookup over timeouted fd using a one pass lookup.
* Bradley Baetz, <> extended
the scheduler framework to support child process handling.
Adding support to new thread child facility for handling
child processes, and modifying the scheduling select
loop & signal handling to catch SIGCHLD, and call the
appropriate process.
* Bradley Baetz, <> fixed
the misc_check healthchecker using new thread child
scheduling facility. Introduced a new keyword
"misc_timeout" to kill processes which take too long
time (default is delay_loop). SIGKILL is send to processes
if they take too long time to shutdown.
* Bradley Baetz, <> extended
daemon framework to block SIGCHLD to only receive it
whn its unblocked in the scheduling loop.
* Extended healthchecker delay_loop to support long
delay (ie: >1000s).
* VRRP : Added support to a shared kernel netlink command
channel for setting ip address and routes.
* Extended the genhash code to support verbose output
selection. command arg '-v' will generate a very verbose
* VRRP : Extended the logging code to select verbose log
output or not. This selection is done by passing the
'-D' option to command line while starting daemon.
By default the output is silent.
* VRRP : Extended the gratuitous ARP framework to support
shared buffer and shared socket. This increase performances
for instances owning a bunch of VIP.
* VRRP : Extended the scheduling timer computation to support
timer auto-recalibrating. While computing next instance
timer, the scheduler will substract the time taken by
previous advert handling. This provide software overhead
adaptation. The recalibration is performed over usec timer
to not pertube global scheduler.
* VRRP : Fixed a gratuitous ARP issue. Extended the
ipaddress framework to point directly to interface
reflected by netlink channel instead of storing device
index. Extended the gratuitous ARP code to use new
ipaddress structure and for sending garp over device
ipaddess belong to. Needed if you run an instance on
one device interface and set VRRP VIP on different
* Extended watchdog framework to support polling delay
selection via daemon command line. Created two new
cmdline options :
--wdog-vrrp -R Define VRRP watchdog polling
delay. (default=5s)
--wdog-check -H Define checkers watchdog
polling delay. (default=5s)
* Extended SMTP code to support bigger buffer while
processing remote mta messages.
* Erik Barker, <> extended initscript
to support native redhat init functions.
* Extended the autoconf scripts and Makefile(s) to support
code profiling. New configure option : --enable-profile
* list library has been extended to support multi-sized list &
specific element deletion. Extended to return when list is
empty. This reduce duplicated code to test is list is empty
while processing.
* VRRP : Extended VRRP scheduler to support fd hash
table design. Speed up instance lookup while
computing instance sands. This offer o(1) design
if we consider limited number of instances per
* VRRP : Extended vrrp new socket creation to replace
refreshed instance fd into fd hash table index.
* VRRP : Extended vrrp framework to support
blank virtual_ipaddress block, can be usefull
if someone want to use just the VRRP advert
as hello monitoring channel.
* Some code cleaning.
2003-05-12 Alexandre Cassen <>
* keepalived-1.0.3 released.
* This release has been sponsorized by :
Tiscover AG, <>
Please visit sponsor homepage. I would just like to thanks their IT
team for interresting design discussions and testing time, especially
Jacob Rief.
* This release consist of a major daemon re-design to increase security
and availability of Keepalived. The daemon has been splitted into 3
distinct process. The global design is based on a minimalistic
parent process responsible for monitoring its forked children process.
Then 2 children process, one responsible for VRRP framework and the
other for healthchecking. Each children process has its own scheduling
I/O multiplexer, that way VRRP scheduling jitter is optimized since
VRRP scheduling must be more sensible than healthcheckers. On the other
hand this splitted design minimalize for healthchecking the usage of
foreign librairies and minimalize its own action down to and idle
mainloop in order to avoid malfunctions caused by itself. The parent
process monitoring framework has been called watchdog, the design is :
each children process open an accept unix domain socket, then while
daemon bootstrap, parent process connect to those unix domain socket
and send periodic (5s) hello packets to children. If parent cannot send
hello packet to remote connected unix domain socket it simply restart
children process. This watchdog design offer 2 benefit, first of all
hello packets sent from parent process to remote connected children
is done throught I/O multiplexer scheduler that way it can detect
deadloop in the children scheduling framework. The second benefit
is brought by the uses of sysV signal to detect dead children.
When running you will see in process list :
111 keepalived <-- parent process monitoring child activity
112 \_ keepalived <-- VRRP children
113 \_ keepalived <-- Healthchecking children
* Parent : Created a global data and global keyword parser structure.
* Healthcheck framework : Defined check_conf_data to handle related
checker data structures. Created specific checker framework parser.
* VRRP framework : Defined vrrp_conf_data to handle related vrrp
data structures. Created specific vrrp framework parser.
* Each child process has its own syslog facility. VRRP use LOG_LOCAL1
and Healthchecker LOG_LOCAL2. To split log you can so configure your
syslog to log both facilities in a different logfile.
* Modularized the configuration parser to limit code duplication.
* Created modularized software watchdog.
* Extended the recursive stream parser to use sublevel detection while
stream processing. Used to skip end-of-block handling if still at
keyword root level to prevent against end parsing if unknown block
is parsed.
* Extended pidfile framework to be more generic.
* Extended memory framework to log specific child data.
* Fixed a virtual_server_group issue while healthchecker bringing back
real_servers. Modularized virtual_server_group API.
* Fixed a virtual_server_group issue will reloading configuration.
Remove vsgname test from the VS_ISEQ macro. strcmp(...) comparing
null pointer... this must have been done in libc :)
* ipwrapper : set alive flag after ipvs_cmd(...) has been performed.
* VRRP : Extended the netlink framework to support SCOPE selection for
both ipaddress and routes fonctionnalities. SCOPE available are
site, link, host, nowhere & global. Default value is set to global.
look at doc/keepalived.conf.SYNOPSIS for more informations.
* Renamed doc/samples/keepalived.conf.routes to
* Updated Makefile include dependencies.
2003-04-14 Alexandre Cassen <>
* keepalived-1.0.2 released.
* This release has been sponsorized by :
edNET, <>
Please visit sponsor homepage and thanks to them for supporting
keepalived project.
* Added support to virtual_server_group so that a virtual_server
can be either an IP:PORT, a fwmark or group. A group is a set
of virtual_server IP:PORT, IP range and fwmark. So, now a
real_server can be part of multiple virtual_server without launching
multiple time the same healthchecker that finaly flood real_server.
This extension is useful for big ISP/ASP configuration using many
look at doc/samples/keepalived.conf.virtual_server_group.
* Extended differential configuration parser to support diff
virtual_server_group entries keeping current entry state as
persistent (weight, conn, ...) big work here...
* Added support to IP range declaration for virtual_server_group.
The IP range has the notation XXX.YYY.ZZZ.WWW-VVV. This will
set IPVS virtual_server from WWW to VVV monotonaly incremented by
look at doc/samples/keepalived.conf.virtual_server_group.
* Dominik Vogt, <> enhanced SIGCHLD handler to
reap all zombie child processes.
* Created a generic allocation value block with callback handler for
block parsing. This remove duplicated code in parser.
* VRRP : Jan Holmberg, <> extended the virtual_routes
and static_routes to support source route selection (netlink
look at doc/samples/keepalived.conf.routes.
* Some cosmetics patches to reduce code duplication.
003-03-17 Alexandre Cassen <>
* keepalived-1.0.1 released.
* This release has been sponsorized by :
Creative Internet Techniques, <>
Please visit sponsor homepage, open minded people here !
* Fixed some Makefile and autoconf code dependence issues.
* Move keepalived.conf.SYNOPSIS and samples into "doc" directory.
* Enhanced HTTP|SSL check to support large url. Get buffer request is
now 2KBytes.
* Removed \n in healthchecker smtp_alert call. This cause some troubles
with MTA like qmail. Thanks go to John Koyle, <>.
* Added support to netlink route as global keyword "static_routes".
look at doc/samples/keepalived.conf.routes. Routes specified into
this block will be added during daemon bootstrap and removed during
daemon shutdown. Differential conf parsing is enabled for this block,
removing/adding static_route can be done on the fly sending SIGHUP
signal to daemon.
* VRRP : Added support to "virtual_routes". This is the same as
virtual_address. Those routes are set when VRRP instance enter
MASTER state and removed otherwise. Differential conf parsing is
enabled for this block. This concept extend VRRP and bring
dynamic routing as a "route takeover" concept.
* VRRP : Rewrote the VRRP vip handling to use template lib list
structure. VIP and E-VIP are no longer a simple array reallocated.
List library is used to limite code duplication.
* VRRP : Extended virtual_ipaddres and virtual_ipaddress_excluded
block to support "dev" specification. So that a VIP can be set to
a specific interface instead of default runing VRRP instance
* VRRP : Added support to "track_interface". Interesting for use with
vlan interface. The concept here is to drive VRRP FSM according
do both "interface" and "track_interface" state. If tracked interface
is down or instance interface is down then VRRP instance transit to
FAULT state. For use with vlan, add track to interface vlan belong
to. Look at doc/sample/keepalived.conf.track_interface for sample.
doc/keepalived.conf.SYNOPSIS for configuration details.
* VRRP : Extended FSM FAULT state to keep in fault if track_interface
still fault.
* VRRP : Extended sync group design to test if group is unary or not.
* Some code cleaning and cosmetics enhancements.
2003-01-06 Alexandre Cassen <>
* keepalived-1.0.0 released.
* After fixed all bugs users reported during 2 months, I am glad to
announce the first STABLE production ready Keepalived release.
* Rename keepalived.init to keepalived RedHat startup script. Fixed
some issues to be RedHat release generic. Thanks go to
Jeroen Simonetti <> & Jason Gilbert <>
* Jason Gilbert, <> cleaned keepalived.spec.
* Added support to "ha_suspend" for healthcheckers. This option, if set,
inform Keepalived to active/suspend checkers according to netlink
IP address information reflection. If one IP is removed and this is
a virtual_server VIP then the healthcheckers corresponding will be
desactivated. (and reciprocity).
* Added support to "notify_up" & "notify_down" for realserver config.
These options specify a script to be run according to healthchecker
activity. If healthchecking fails then "notify_down" script is
launched (and reciprocity for healthcheck succeed). This can be
usefull for global monitoring system, to send alert to Unicenter TNG
or HPOV.
* Set default realserver weight to 1. So, realserver will be active
if no weight is specified into the configuration file.
* Review the layer4.c/tcp_socket_state to return connection in progress
only if SOL_SOCKET/SO_ERROR return EINPROGRESS. Thanks go to
Mark Weaver, <>
* Reviewed the global SIGCHLD handler to not suspend execution of the
calling process if status is not immediately available for one of the
child processes. This remove zombies by reaping.
* Extended the parser.c/set_value() code to accept encapsulated quoted
* Review SMTP DBG() message to LOG_INFO message for more verbose
error handling.
* Review the check_tcp.c/check_http.c logging messages to be more
* Review the check_tcp.c/check_http.c retry facility to fixes some
stalled issues.
* VRRP : Added support to sync_group smtp notification in addition to
the per instances approach.
* VRRP : Fixed some IPSEC-AH seq_num synchronizations issues. Force
seq_num sync if vrrp instance is linked to a group.
* VRRP : In BACKUP state, force a new MASTER election is received adv.
has a lower priority as locale instance.
* VRRP : vrrp.c/vrrp_state_master_rx(), sync IPSEC-AH seq_num counter
(decrement) if receiving higher prio advert in MASTER state.
* VRRP : Reviewed the TSM to be fully filled. Extended speed-up
synchronization handling MASTER sync if group is not already synced.
* VRRP : Leaving fault state, force MASTER transition is received adv
priority is lower than locale.
* VRRP : Extended the parser to not be borred with sync_group
declaration position in the conf file. vrrp_sync_group can be
declared before or after vrrp_instance. Done by adding a reverse
instance lookup during parsing.
* VRRP : sync_master_election cleanup.
* Some cosmetics patches.
* Created the keepalived/samples/keepalived.conf.SYNOPSIS to describe
all keywords available.
2002-11-20 Alexandre Cassen <>
* keepalived-0.7.6 released.
* Created a common library for code modularization. This lib will
be used by all Keepalived components (genhash + Keepalived) to
reduce repeated and duplicated code.
* Rewrote the genhash utility using the common lib. The design is
similar to Keepalived core design.
* Reviewed the autoconf and Makefiles for new code architecture.
* Created a html utility lib for HTTP headers manipulations.
* Extended the CHECK_HTTP and CHECK_SSL checkers to support remote
webserver HTTP header status_code. HTTP status_code is parsed
according to rfc2616.6.1. The keyword created for the new feature is
"status_code" inside and "url" declaration. "status_code" feature
can be mixed with "digest" feature. See the samples directory
keepalived/samples/keepalived.conf.status_code for example.
* Review the CHECK_HTTP and CHECK_SSL MD5SUM code to use a common
stream handling function.
* Matthijs van der Klip, <> and I
fixed a bug into the HTTP/SSL code that close the socket fd even
if remote webserver has not been connected. As a result of fact,
next socket created were imediatly closed. As a side effect, this
altered the SMTP notification when remote webserver checked fall. No
SMTP notification were sent if webserver were detected DOWN. Thanks
to Matthijs for time debugging and investigation.
* VRRP : Rewrote the previous Gratuitous ARP facility. Created a lib
(vrrp_arp.c) dealing with PF_PACKET-SOCK_RAW-ETH_P_RARP and
* VRRP : Some cosmetics patch for messages logging.
* VRRP : Fixed an issue during VRRP packet building, appending VRRP
VIPs to the VRRP packet in the network order form.
* VRRP : Reviewed the previous VRRP packet building process to not
create the ARP header. Removec the previous hacky
kernel appending ARP header since code doesn t currently support
* VRRP : Rewrote the previous vrrp_send_pkt() function to deal with
sendmsg(). optimization lazzyness :)
* VRRP : Extended the interfaces library to support common utility
functions (if_setsockopt_hdrincl, if_setsockopt_bindtodevice, ...)
* VRRP : Finally extend the code to support VRRP IPSEC-AH authentication
method. Created a IPSEC-AH seq_number syncrhonization mecanism during
* VRRP : Extended the VRRP TSM to speed up instances syncrhonization
during FAULT->BACKUP & FAULT->MASTER state transition.
* Some cosmetics patches. This release is proposed as a 1.0.0 STABLE
release candidate.
2002-09-17 Alexandre Cassen <>
* keepalived-0.7.1 released.
* Fixed a MISC_CHECK issue when registering next timer checker. Must
register a new timer thread before forking process. This imply for
the user the extra script call must not execute in more than
* Extented the ipfwwrapper (for LVS kernel 2.2) to not set ipchains
rules if nat_mask is not specified in the configuration file.
* VRRP : Added support to delayed gratuitous ARP send. When one instance
enter to MASTER state a timer thread is registered. The default delay