script "</dev/tcp/127.0.0.1/80" relies on /bin/sh being bash

[paride]

Describe the bug

https://github.com/acassen/keepalived/blob/master/doc/samples/keepalived.conf.vrrp.localcheck has examples showing how to check if a TCP port is open using a script, e.g.:

vrrp_script chk_http_port {
       script "</dev/tcp/127.0.0.1/80" # connects and exits
       interval 1                      # check every second
       weight -2                       # default prio: -2 if connect fails
}

however this works only on systems where /bin/sh is Bash. This is not the case on many distributions, like: Debian, Ubuntu, and derivatives.

This happens because script basically passes the script name to stdlib's system(), which in turn does (see system(3)):

execl("/bin/sh", "sh", "-c", command, (char *) NULL);

When /bin/sh is Bash then script "</dev/tcp/127.0.0.1/80" works because /dev/tcp/host/port is a special syntax telling Bash to tcp-connect to host:port, however other shells will just try to open /dev/tcp/127.0.0.1/80 as a file and fail.

The samples file should at least warn about this, but ideally it should suggest a different syntax, like (untested):

    script "bash -c '</dev/tcp/127.0.0.1/80'" # or:
    script "nc -z 127.0.0.1 80"

To Reproduce
Try using the examples in keepalived.conf.vrrp.localcheck.

Keepalived version
As of today the tip of master is affected.

Distro (please complete the following information):

• Name: Ubuntu
• Version: Impish Indri
• Architecture: x86_64

[pqarmitage]

Commit 8f65800 updates the script to add a note regarding the above, and includes the two alternatives provided.

Many thanks for reporting this and the alternative options.