Add new lvs sync daemon options

Linux 4.3 added support for sync-maxlen, mcast-group (IP address), mcast-ttl and mcast-port. This commit allows setting of those options. This should allow the sync daemon to now run over IPv6 as well as IPv4. The lastest released version of ipvsadm(8) does not yet support these options. To support these options fetch ipvsadm source from https://git.kernel.org/cgit/utils/kernel/ipvsadm/ipvsadm.git/ The Linux kernel doesn't yet handle setting the backup daemon with a link local IPv6 address. In order to support that, the patch at https://git.kernel.org/cgit/linux/kernel/git/horms/ipvs.git/commit/ ?id=370a8107e7883634c2c333c0e1b4ebd62dcf9fe6 must be applied to the kernel source until it is incorporated upstream. Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
acassen · Jul 2, 2016 · 4248ed3 · 4248ed3
1 parent 448cf85
commit 4248ed3
Show file tree

Hide file tree

Showing 25 changed files with 682 additions and 179 deletions.
diff --git a/configure b/configure
@@ -648,6 +648,7 @@ VRRP_VMAC
 FIB_ROUTING_SUPPORT
 SOCK_CLOEXEC_SUPPORT
 SOCK_NONBLOCK_SUPPORT
+IPVS_SYNCD_ATTRIBUTES
 IPVS_SYNCD
 KERN
 USE_LIBIPSET
@@ -3085,68 +3086,6 @@ ac_config_sub="$SHELL $ac_aux_dir/config.sub"  # Please don't use this var.
 ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.
 
 
-# Expand $ac_aux_dir to an absolute path.
-am_aux_dir=`cd "$ac_aux_dir" && pwd`
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5
-$as_echo_n "checking whether $CC understands -c and -o together... " >&6; }
-if ${am_cv_prog_cc_c_o+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-int
-main ()
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-  # Make sure it works both with $CC and with simple cc.
-  # Following AC_PROG_CC_C_O, we do the test twice because some
-  # compilers refuse to overwrite an existing .o file with -o,
-  # though they will create one.
-  am_cv_prog_cc_c_o=yes
-  for am_i in 1 2; do
-    if { echo "$as_me:$LINENO: $CC -c conftest.$ac_ext -o conftest2.$ac_objext" >&5
-   ($CC -c conftest.$ac_ext -o conftest2.$ac_objext) >&5 2>&5
-   ac_status=$?
-   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-   (exit $ac_status); } \
-         && test -f conftest2.$ac_objext; then
-      : OK
-    else
-      am_cv_prog_cc_c_o=no
-      break
-    fi
-  done
-  rm -f core conftest*
-  unset am_i
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5
-$as_echo "$am_cv_prog_cc_c_o" >&6; }
-if test "$am_cv_prog_cc_c_o" != yes; then
-   # Losing compiler, so override with the script.
-   # FIXME: It is wrong to rewrite CC.
-   # But if we don't then we get into trouble of one sort or another.
-   # A longer-term fix would be to have automake use am__CC in this case,
-   # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
-   CC="$am_aux_dir/compile $CC"
-fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
 # Find a good install program.  We prefer a C program (faster),
 # so one script is as good as another.  But avoid the broken or
 # incompatible versions:
@@ -4624,6 +4563,7 @@ if test "$IPVS_SUPPORT" = "_WITHOUT_LVS_" -a "$enable_vrrp" = "no"; then
 fi
 
 IPVS_SYNCD="_WITHOUT_IPVS_SYNCD_"
+IPVS_SYNCD_ATTRIBUTES="_WITHOUT_IPVS_SYNCD_ATTRIBUTES_"
 if test "$IPVS_SUPPORT" = "_WITH_LVS_"; then
   { $as_echo "$as_me:${as_lineno-$LINENO}: checking for IPVS syncd support" >&5
 $as_echo_n "checking for IPVS syncd support... " >&6; }
@@ -4646,10 +4586,50 @@ $as_echo "yes" >&6; }
     { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
 $as_echo "no" >&6; }
   fi
+
+  if test "$IPVS_SYNCD" = "_HAVE_IPVS_SYNCD_"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for IPVS syncd attributes" >&5
+$as_echo_n "checking for IPVS syncd attributes... " >&6; }
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+        #include <linux/ip_vs.h>
+        int value;
+
+int
+main ()
+{
+
+        value = IPVS_DAEMON_ATTR_SYNC_MAXLEN;
+        value = IPVS_DAEMON_ATTR_MCAST_GROUP;
+        value = IPVS_DAEMON_ATTR_MCAST_GROUP6;
+        value = IPVS_DAEMON_ATTR_MCAST_PORT;
+        value = IPVS_DAEMON_ATTR_MCAST_TTL;
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+        IPVS_SYNCD_ATTRIBUTES=yes
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext;
+    if test "$IPVS_SYNCD_ATTRIBUTES" = "yes"; then
+      IPVS_SYNCD_ATTRIBUTES="_HAVE_IPVS_SYNCD_ATTRIBUTES_"
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+    else
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+    fi
+  fi
 fi
 
 
 
+
 VRRP_SUPPORT="_WITHOUT_VRRP_"
 if test "$enable_vrrp" != "no"; then
   VRRP_SUPPORT="_WITH_VRRP_"
@@ -5507,7 +5487,7 @@ fi
 
 
 
-APP_DEFS="-D${KERN} -D${IPVS_SUPPORT} -D${IPVS_SYNCD} -D${VRRP_SUPPORT} -D${VRRP_VMAC} -D${ADDR_GEN_MODE} -D${SNMP_SUPPORT} -D${SNMP_KEEPALIVED_SUPPORT} -D${SNMP_CHECKER_SUPPORT} -D${SNMP_RFC_SUPPORT} -D${SNMP_RFCV2_SUPPORT} -D${SNMP_RFCV3_SUPPORT} -D${IPVS_USE_NL} -D${USE_NL3} -D${VRRP_AUTH_SUPPORT} -D${SO_MARK_SUPPORT} -D${USE_LIBIPTC} -D${USE_LIBIPSET} -D${IPV4_DEVCONF} -D${IF_H_LINK_H_COLLISION} -D${LINUX_NET_IF_H_COLLISION} -D${SOCK_NONBLOCK_SUPPORT} -D${SOCK_CLOEXEC_SUPPORT} -D${FIB_ROUTING_SUPPORT} -D${MEM_CHECK} -D${MEM_CHECK_LOG} -D${PIPE2_SUPPORT} ${DFLAGS}"
+APP_DEFS="-D${KERN} -D${IPVS_SUPPORT} -D${IPVS_SYNCD} -D${IPVS_SYNCD_ATTRIBUTES} -D${VRRP_SUPPORT} -D${VRRP_VMAC} -D${ADDR_GEN_MODE} -D${SNMP_SUPPORT} -D${SNMP_KEEPALIVED_SUPPORT} -D${SNMP_CHECKER_SUPPORT} -D${SNMP_RFC_SUPPORT} -D${SNMP_RFCV2_SUPPORT} -D${SNMP_RFCV3_SUPPORT} -D${IPVS_USE_NL} -D${USE_NL3} -D${VRRP_AUTH_SUPPORT} -D${SO_MARK_SUPPORT} -D${USE_LIBIPTC} -D${USE_LIBIPSET} -D${IPV4_DEVCONF} -D${IF_H_LINK_H_COLLISION} -D${LINUX_NET_IF_H_COLLISION} -D${SOCK_NONBLOCK_SUPPORT} -D${SOCK_CLOEXEC_SUPPORT} -D${FIB_ROUTING_SUPPORT} -D${MEM_CHECK} -D${MEM_CHECK_LOG} -D${PIPE2_SUPPORT} ${DFLAGS}"
 BUILD_OPTS=`echo ${APP_DEFS} | sed -e 's/ "$//' -e 's/.*"//' -e 's/-D//g' -e 's/_ / /g' -e 's/ _/ /g' -e 's/^_//' -e 's/_$//'`
 
 

diff --git a/configure.ac b/configure.ac
@@ -310,6 +310,7 @@ fi
 
 dnl ----[ IPVS syncd support probe ]---
 IPVS_SYNCD="_WITHOUT_IPVS_SYNCD_"
+IPVS_SYNCD_ATTRIBUTES="_WITHOUT_IPVS_SYNCD_ATTRIBUTES_"
 if test "$IPVS_SUPPORT" = "_WITH_LVS_"; then
   AC_MSG_CHECKING([for IPVS syncd support])
   if test "$KERN" = "_KRNL_2_6_"; then
@@ -329,9 +330,32 @@ if test "$IPVS_SUPPORT" = "_WITH_LVS_"; then
   else
     AC_MSG_RESULT([no])
   fi
+
+  if test "$IPVS_SYNCD" = "_HAVE_IPVS_SYNCD_"; then
+    AC_MSG_CHECKING([for IPVS syncd attributes])
+    AC_TRY_COMPILE([
+        #include <linux/ip_vs.h>
+        int value;
+      ], [
+        value = IPVS_DAEMON_ATTR_SYNC_MAXLEN;
+        value = IPVS_DAEMON_ATTR_MCAST_GROUP;
+        value = IPVS_DAEMON_ATTR_MCAST_GROUP6;
+        value = IPVS_DAEMON_ATTR_MCAST_PORT;
+        value = IPVS_DAEMON_ATTR_MCAST_TTL;
+      ], [
+        IPVS_SYNCD_ATTRIBUTES=yes
+      ], []);
+    if test "$IPVS_SYNCD_ATTRIBUTES" = "yes"; then
+      IPVS_SYNCD_ATTRIBUTES="_HAVE_IPVS_SYNCD_ATTRIBUTES_"
+      AC_MSG_RESULT([yes])
+    else
+      AC_MSG_RESULT([no])
+    fi
+  fi
 fi
 
 AC_SUBST(IPVS_SYNCD)
+AC_SUBST(IPVS_SYNCD_ATTRIBUTES)
 
 dnl ----[ Checks for kernel netlink support ]----
 VRRP_SUPPORT="_WITHOUT_VRRP_"
@@ -631,7 +655,7 @@ AC_CHECK_FUNCS(gettimeofday select socket strerror strtol uname)
 AC_CHECK_FUNC([pipe2], [PIPE2_SUPPORT=_HAVE_PIPE2_], [PIPE2_SUPPORT=_WITHOUT_PIPE2_])
 AC_SUBST([PIPE2_SUPPORT])
 
-APP_DEFS="-D${KERN} -D${IPVS_SUPPORT} -D${IPVS_SYNCD} -D${VRRP_SUPPORT} -D${VRRP_VMAC} -D${ADDR_GEN_MODE} -D${SNMP_SUPPORT} -D${SNMP_KEEPALIVED_SUPPORT} -D${SNMP_CHECKER_SUPPORT} -D${SNMP_RFC_SUPPORT} -D${SNMP_RFCV2_SUPPORT} -D${SNMP_RFCV3_SUPPORT} -D${IPVS_USE_NL} -D${USE_NL3} -D${VRRP_AUTH_SUPPORT} -D${SO_MARK_SUPPORT} -D${USE_LIBIPTC} -D${USE_LIBIPSET} -D${IPV4_DEVCONF} -D${IF_H_LINK_H_COLLISION} -D${LINUX_NET_IF_H_COLLISION} -D${SOCK_NONBLOCK_SUPPORT} -D${SOCK_CLOEXEC_SUPPORT} -D${FIB_ROUTING_SUPPORT} -D${MEM_CHECK} -D${MEM_CHECK_LOG} -D${PIPE2_SUPPORT} ${DFLAGS}"
+APP_DEFS="-D${KERN} -D${IPVS_SUPPORT} -D${IPVS_SYNCD} -D${IPVS_SYNCD_ATTRIBUTES} -D${VRRP_SUPPORT} -D${VRRP_VMAC} -D${ADDR_GEN_MODE} -D${SNMP_SUPPORT} -D${SNMP_KEEPALIVED_SUPPORT} -D${SNMP_CHECKER_SUPPORT} -D${SNMP_RFC_SUPPORT} -D${SNMP_RFCV2_SUPPORT} -D${SNMP_RFCV3_SUPPORT} -D${IPVS_USE_NL} -D${USE_NL3} -D${VRRP_AUTH_SUPPORT} -D${SO_MARK_SUPPORT} -D${USE_LIBIPTC} -D${USE_LIBIPSET} -D${IPV4_DEVCONF} -D${IF_H_LINK_H_COLLISION} -D${LINUX_NET_IF_H_COLLISION} -D${SOCK_NONBLOCK_SUPPORT} -D${SOCK_CLOEXEC_SUPPORT} -D${FIB_ROUTING_SUPPORT} -D${MEM_CHECK} -D${MEM_CHECK_LOG} -D${PIPE2_SUPPORT} ${DFLAGS}"
 BUILD_OPTS=`echo ${APP_DEFS} | sed -e 's/ "$//' -e 's/.*"//' -e 's/-D//g' -e 's/_ / /g' -e 's/ _/ /g' -e 's/^_//' -e 's/_$//'`
 AC_SUBST(APP_DEFS)
 AC_SUBST(BUILD_OPTS)

diff --git a/doc/KEEPALIVED-MIB b/doc/KEEPALIVED-MIB
@@ -22,12 +22,16 @@ IMPORTS
         FROM SNMPv2-TC;
 
 keepalived MODULE-IDENTITY
-     LAST-UPDATED "201606290000Z"
+     LAST-UPDATED "201607020000Z"
      ORGANIZATION "Keepalived"
      CONTACT-INFO "http://www.keepalived.org"
      DESCRIPTION
         "This MIB describes objects used by keepalived, both
          for VRRP and health checker."
+     REVISION "201607020000Z"
+     DESCRIPTION
+	"added LVS sync daemon parameters and deprecated
+	 LVS sync daemon objects within VRRP instance"
      REVISION "201606290000Z"
      DESCRIPTION "add lvs_flush"
      REVISION "201606030000Z"
@@ -526,17 +530,19 @@ vrrpInstanceAuthType OBJECT-TYPE
 vrrpInstanceLvsSyncDaemon OBJECT-TYPE
     SYNTAX INTEGER { enabled(1), disabled(2) }
     MAX-ACCESS read-only
-    STATUS current
+    STATUS deprecated
     DESCRIPTION
-        "Is LVS sync daemon enabled for this VRRP instance?"
+        "Is LVS sync daemon enabled for this VRRP instance?
+	 Deprecated in favour of lvsSyncDaemonEnabled."
     ::= { vrrpInstanceEntry 16 }
 
 vrrpInstanceLvsSyncInterface OBJECT-TYPE
     SYNTAX DisplayString
     MAX-ACCESS read-only
-    STATUS current
+    STATUS deprecated
     DESCRIPTION
-        "If LVS sync daemon is enabled, which interface to use for syncing?"
+        "If LVS sync daemon is enabled, which interface to use for syncing?
+	 Deprecated in favour of lvsSyncDaemonInterface."
     ::= { vrrpInstanceEntry 17 }
 
 vrrpInstanceSyncGroup OBJECT-TYPE
@@ -2018,6 +2024,85 @@ realServerRateOutBPS OBJECT-TYPE
         "Current outgoing rate for this real server."
     ::= { realServerEntry 26 }
 
+lvsSyncDaemon    OBJECT IDENTIFIER ::= { check 6 }
+
+lvsSyncDaemonEnabled OBJECT-TYPE
+    SYNTAX INTEGER { enabled(1), disabled(2) }
+    MAX-ACCESS read-only
+    STATUS current
+    DESCRIPTION
+        "Is LVS sync daemon enabled?"
+    ::= { lvsSyncDaemon 1 }
+
+lvsSyncDaemonInterface OBJECT-TYPE
+    SYNTAX DisplayString
+    MAX-ACCESS read-only
+    STATUS current
+    DESCRIPTION
+        "If LVS sync daemon is enabled, which interface to use for syncing?"
+    ::= { lvsSyncDaemon 2 }
+
+lvsSyncDaemonVrrpInstance OBJECT-TYPE
+    SYNTAX DisplayString
+    MAX-ACCESS read-only
+    STATUS current
+    DESCRIPTION
+        "If LVS sync daemon is enabled, which VRRP instance is it tracking?"
+    ::= { lvsSyncDaemon 3 }
+
+lvsSyncDaemonSyncId OBJECT-TYPE
+    SYNTAX Integer32 (0..255)
+    MAX-ACCESS read-only
+    STATUS current
+    DESCRIPTION
+        "LVS sync daemon id?"
+    ::= { lvsSyncDaemon 4 }
+
+lvsSyncDaemonMaxLen OBJECT-TYPE
+    SYNTAX Integer32 (0..65517)
+    MAX-ACCESS read-only
+    STATUS current
+    DESCRIPTION
+        "LVS sync daemon payload maximum length, 0 means default setting.
+	 Only available on Linux >= 4.3."
+    ::= { lvsSyncDaemon 5 }
+
+lvsSyncDaemonPort OBJECT-TYPE
+    SYNTAX Integer32 (0..65535)
+    MAX-ACCESS read-only
+    STATUS current
+    DESCRIPTION
+        "LVS sync daemon UDP port, 0 means default setting.
+	 Only available on Linux >= 4.3."
+    ::= { lvsSyncDaemon 6 }
+
+lvsSyncDaemonTTL OBJECT-TYPE
+    SYNTAX Integer32 (0..255)
+    MAX-ACCESS read-only
+    STATUS current
+    DESCRIPTION
+        "LVS sync daemon packet TTL, 0 means default setting.
+	 Only available on Linux >= 4.3."
+    ::= { lvsSyncDaemon 7 }
+
+lvsSyncDaemonMcastGroupAddrType OBJECT-TYPE
+    SYNTAX InetAddressType
+    MAX-ACCESS read-only
+    STATUS current
+    DESCRIPTION
+        "LVS sync daemon multicast group address type.
+	 Only available on Linux >= 4.3."
+    ::= { lvsSyncDaemon 8 }
+
+lvsSyncDaemonMcastGroupAddrValue OBJECT-TYPE
+    SYNTAX InetAddress
+    MAX-ACCESS read-only
+    STATUS current
+    DESCRIPTION
+        "LVS sync daemon multicast group IP address.
+	 Only available on Linux >= 4.3."
+    ::= { lvsSyncDaemon 9 }
+
 -- Traps
 
 checkTrap OBJECT IDENTIFIER ::= { check 5 }
@@ -2103,10 +2188,23 @@ checkCompliances MODULE-COMPLIANCE
     virtualServerGroupGroup,
     virtualServerGroup,
     realServerGroup,
-    checkTrapsGroup
+    checkTrapsGroup,
+    lvsSyncDaemonGroup
     }
     ::= { compliances 3 }
 
+vrrpLvsSyncGroupCompliances MODULE-COMPLIANCE
+    STATUS deprecated
+    DESCRIPTION
+	"The compliance statement for LVS sync group associated
+	 with a VRRP instance. This is deprecated in favour of
+	 lvsSyncDaemonGroup."
+    MODULE -- this module
+    MANDATORY-GROUPS {
+    vrrpLvsSyncGroup
+    }
+    ::= { compliances 4 }
+
 globalGroup OBJECT-GROUP
     OBJECTS {
         version,
@@ -2161,8 +2259,6 @@ vrrpInstanceGroup OBJECT-GROUP
     vrrpInstancePreempt,
     vrrpInstancePreemptDelay,
     vrrpInstanceAuthType,
-    vrrpInstanceLvsSyncDaemon,
-    vrrpInstanceLvsSyncInterface,
     vrrpInstanceSyncGroup,
     vrrpInstanceGarpDelay,
     vrrpInstanceSmtpAlert,
@@ -2237,6 +2333,17 @@ vrrpTrapsGroup NOTIFICATION-GROUP
         "Conformance group for VRRP traps."
     ::= { vrrpGroups 4 }
 
+vrrpLvsSyncGroup OBJECT-GROUP
+    OBJECTS {
+    vrrpInstanceLvsSyncDaemon,
+    vrrpInstanceLvsSyncInterface
+    }
+    STATUS deprecated
+    DESCRIPTION
+	"The deprecated LVS sync daemon configuration
+	 objects associated with a VRRP instance."
+    ::= { vrrpGroups 5 }
+
 checkGroups OBJECT IDENTIFIER ::= { groups 3 }
 
 virtualServerGroupGroup OBJECT-GROUP
@@ -2342,4 +2449,21 @@ checkTrapsGroup NOTIFICATION-GROUP
         "Conformance group for check traps."
     ::= { checkGroups 4 }
 
+lvsSyncDaemonGroup OBJECT-GROUP
+    OBJECTS {
+    lvsSyncDaemonEnabled,
+    lvsSyncDaemonInterface,
+    lvsSyncDaemonVrrpInstance,
+    lvsSyncDaemonSyncId,
+    lvsSyncDaemonMaxLen,
+    lvsSyncDaemonPort,
+    lvsSyncDaemonTTL,
+    lvsSyncDaemonMcastGroupAddrType,
+    lvsSyncDaemonMcastGroupAddrValue
+    }
+    STATUS current
+    DESCRIPTION
+	"Conformance group for LVS sync daemon."
+    ::= { checkGroups 5 }
+
 END