[lvs-users] [ANNOUNCE] Keepalived 1.3.0

To: keepalived-devel@xxxxxxxxxxxxxxxxxxxxx, lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: [lvs-users] [ANNOUNCE] Keepalived 1.3.0
From: Alexandre Cassen <acassen@xxxxxxxxx>
Date: Sun, 20 Nov 2016 18:48:28 +0100

this quick email to announce new major keepalived release. We are planing with 
Quentin to push a new release soon as 2.0.0 release. This one fix and extend 
previous parts. It also came with a Security fix for those making extensive use 
of scripts.

ChangeLog looks like :
2016-11-20 Alexandre Cassen  <acassen@xxxxxxxxxxxx>
        * keepalived-1.3.0 released.
        * Add DBus functionality to VRRP.
          Add new pthread off VRRP to expose DBUs service org.keepalived.Vrrp1
          through a GMainLoop.
          Create a general /org/keepalived/Vrrp1/Vrrp DBus
          object and a /org/keepalived/Vrrp1/Instance/#interface#/#group# 
object for
          each VRRP instance.
          Interface org.keepalived.Vrrp1.Vrrp implements methods PrintData,
          PrintStats and signal VrrpStopped.
          Interface com.keepalived.Vrrp1.Instance implements method SendGarp
          (sends a single Gratuitous ARP from the given Instance),
          signal VrrpStatusChange, and properties Name and State (retrievable
          through calls to org.freedesktop.DBus.Properties.Get)
          Interface files are located at location /usr/share/dbus-1/interfaces/
          A policy file, which determines who has access to the service, is
          located at /etc/dbus-1/system.d/
        * Resolve DBus working after a reload
          thread_destroy_list() was closing file descriptors of read and write
          threads, but we wanted the DBus pipes to remain open. It transpires 
          closing the fds in thread_destroy_list() is unnecessary, since they 
          closed elsewhere anyway, so stop closing the fds in 
        * Add stronger compiler warnings (-Wextra).
          The following bugs were discovered:
                comparison if unsigned value < 0
            comparison of unsigned == -1 and not checking
            return status of find_rttables_scope() correctly
            accessing element buf[18446744073709551615]
            ie. buf[2^64-1], which is the same as buf[-1].
          The following improvements to the code were made:
          Many unused function parameters
          either removed or marked unused
          Many signed vs. unsigned comparisons
          In most cases variables change to be unsigned
          Lengths being stored in signed variables
        * Rationalise checking of libnl-3.
        * Bring generation of rpmbuild keepalived.spec file up to date
          The keepalived.spec file is now created to match the options passed
          to configure. It also detects if the system init process is systemd,
          upstart or the traditional SYSV init system.
        * Add more BuildRequires to
        * Further improvements to for systemd systems
        * Change some variable names due to using 
        * Fix to make RedHat hardened rpm builds work
          CFLAGS, CPPFLAGS and LIBS variables were not being preserved by
, and this caused needed CFLAGS to be lost when
          configure was run, resulting in a build failure.
          This commit ensures the flags are all preserved.
        * Allow for automake macro AM_PROG_AR not existing.
        * Add support for UDP socket to layer4 library.
        * Add DNS checker.
        * Update documentation for DNS health checker.
        * Fix compile check for PE selection support.
        * Add file missing from add-dns-checker commit.
        * Update commits for correctly checking for IPVS_SVC_ATTR_PE_NAME.
          The upadted configure and lib/ weren't included in the 
          and to be consistent the comment on what Linux version introduced the 
          is in if the test exists in
        * Fix conditional compilation test for FRA_OIFNAME.
        * Fix compilation test for IFLA_INET6_ADDR_GEN_MODE.
        * Fix compilation test for IPVS_DEST_ATTR_ADDR_FAMILY.
        * Fix compilation test for IPVS_DEST_ATTR_STATS64 and 
        * Fix compilation test for RTA_VIA.
        * Fix compilation test for CLONE_NEWNET for DBus.
        * Fix issue of overwriting the original disposition of signals.
        * Improve forced termination of script execution process and its 
        * Improve propagate important signal for the script process groups.
        * Use argument instead of static variable.
        * Fix bug around the process group.
        * Use SIGTERM instead of SIGHUP.
        * Stop linking with -lipset.
          libipset (if used) is dynamically linked at runtime, and so keepalived
          shouldn't be linked with -lipset.
          Linking with -lipset was erroneously added when converting the build
          system to use automake.
        * Report diagnostic message if dlopen() fails.
        * Fix loading of ipset library when development library not installed.
        * Don't use ipsets with namespaces on Linux < 3.13 by default.
          On Linux prior to version 3.13, ipsets were not network namespace
          aware, so by default the use if ipsets is disabled if keepalived
          is running in a network namespace. Configuration keyword
          'namespace_with_ipsets' enables ipset use with a network namespace
          on these older kernels.
        * Fix reporting of script exit status.
        * Update documentation and fix compiler warning re ipset with Linux < 
        * Make report_child_status() check for vrrp and checker child processes
          report_child_status() checks for exit status KEEPALIVED_EXIT_FATAL
          and KEEPALIVED_EXIT_CONFIG, but these are only relevant for the vrrp
          and checker child processes, and not for track scripts etc. This 
          adds a check that the terminating process is the vrrp or checker 
          before checking those exit statuses.
        * Add no_accept mode for VRRPv2 and standardise VRRPv3 with it
          RFC3768, for VRRPv2, specifies that packets addressed to the VIPs
          should not be accepted, unless the router is the address owner.
          This commit implements not accepting the packets when running VRRPv2,
          but only if no_accept is specified, or running in strict mode. The 
          for not making no_accept the default (which would confirm to the 
RFCs) is
          that if running IPVS, or any other service on top of the VIPs, we 
need to
          be able to accept the packets, and requiring everyone to specify 
          in that case would not be reasonable.
          Prior to this commit, VRRPv3 was blocking packets sent to VIPs (and 
          unless the vrrp instance was the address owner, or accept mode was 
set. This
          commit changes the default behaviour for VRRPv3 to make it consistent 
          VRRPv2 (i.e. either strict mode or no_accept needs to be specified to 
          conformant with RFC5978).
        * Tidy up logged messages if ipset initialisation fails.
        * Streamline MII polling.
          We only need to read 2 MII registers, and not 32 as was previously 
          This commit also uses the <linux/mii.h> header file for field and
          register definitions.
        * Simplify bitops.h code.
        * Resolve warnings generated with compiler option -Dconversion.
          Most of the warnings were resolved by changing the data types of some
          variables. Others required casting, particularly where kernel 
          are involved.
          There were a few instances discovered that were errors, for example 
          an unsigned int against -1, and assigning a 16 bit value to a uint8_t.
          This commit also adds configure options --enable-conversion-checks and
          --enable-force-conversion-checks, the former adds compiler option 
          unless the compiler is an old version that throws up false warnings. 
          --enable-force-conversion-checks adds -Dconversion even if the 
compiler throws
          up known false warnings.
        * Fix some minor errors/typos in doc/keepalived.conf.SYNOPSIS.
        * Fix keyword error in sample configuration.
        * Fix typo in genhash error message.
        * Fix address ranges for virtual server groups
          The handling of address ranges was only written for IPv4 addresses, 
          only worked on little endian systems.
          This commit enables IPv6 address ranges to work, and also should now
          work on big endian systems (but I don't have access to a big endian 
          to test it). Validation is added to ensure that the end of the range 
is after
          the start of the range, and that the value of the range end does not 
          255 (for IPv4) of ffff (for IPv6).
          There is also some optimisation of the code, so that netmask is not 
set (since
          it isn't used by the kernel), and the port is set once only, before 
the loop
          through the addresses.
        * Add --enable-Werror configure option.
        * Add promote_secondaries keyword for vrrp_instance block.
          If two IPv4 VIP addresses are in the same CIDR, and the primary
          address is removed, then by default any other address in the same 
          also removed. To stop this happening, the promote_secondaries flag
          needs to be set on the interface.
          Commit e5526cf added setting the promote_secondaries option on
          VMAC interfaces, and stated that adding the option for non-VMAC
          interfaces would be added later. This commit now adds a
          promote_secondaries configuration option in order to set the flag
          on the interface.
        * Add reporting of promote_secondaries configuration setting.
        * Add conditional configuration feature
          It is usually the case that the configurations for keepalived for
          systems operating together are virtually identical, and only differ
          in vrrp instance priorities, router id, and unicast addresses if
          those are being used.
          It is a nuisance to have to edit one file for each server to make
          identical changes, so this commit adds the facility for conditional
          configuration entries.
          Any line starting with the '@' character is a conditional line.
          Immediately following the '@' character is a config id. The line is
          only included in the configuration if the config id matches the
          argument passed to keepalived with the -i option on the command line.
          For example, consider the following configuration snippet:
            @main       router_id main_router
            @backup router_id backup_router
          If keepalived is started with -i main, then the router id will be
          main_router, if started with -i backup, then backup_router. If
          keepalived is started without the -i option, or -i anything else,
          then the above snippet will not configure any router id.
        * Fix building with --disable-vrrp.
        * Stop segfaulting when configuration keyword is missing its parameter
          There are many places where during configuration parsing the code
          assumes that if a keyword is specified that requires a parameter, then
          the parameter exists. If the parameter doesn't exist, then the code
          indexes past the end of the vector, and at best segfaults, and at 
          may carry on, parsing random data.
          This commit adds strvec_slot() which checks for the presence of the
          parameter, and if configured will call a function that can handle the
          error. Currently this logs that the parameter is missing, with as much
          helpful information as it can provide, and then terminates.
        * Use FMT_STR_VSLOT where appropriate.
        * Use TIMER_HZ where appropriate.
        * Fix comment and error message re http write timeout.
        * More verbose logging on (effective) priorities pt. 2.
        * Change configure option --enable-snmp-keepalived to --enable-snmp-vrrp
          The option was enabling snmp for vrrp, not all of keepalived (the
          --enable-snmp option does that), so this commit renames it to reflect
          what it is actually doing.
          The --enable-snmp-keepalived option is retained but marked as 
        * Use AS_HELP_STRING autoconf macro.
        * Fix process increase
        * Add forcing termination of children of scripts if script times out
          Commits fe9638b..cebfbf5 resolved problems around forced termination
          of scripts if they didn't terminate within the proscribed time. During
          the development of the patches, it was identified that after a script
          had been terminated by SIGTERM, any child processes created by the
          script also need to be kill.
          This commit adds the forced termination of any such children.
        * Correctly handle existing VMACs on reload.
          Anthony Dempsey in issue #449 identified that
          keepalived attempts to recreate existing VMAC interfaces on a reload,
          and that the subsequent failure causes keepalived not to use the VMAC.
          This then identified further issues such as the check for an existing
          VMAC in netlink_link_add_vmac() didn't also check the interface a
          VMAC was on, and that the checks for conflicts of VMAC interface names
          with existing interfaces weren't sufficient.
          This patch builds on the patch provided by Anthony Dempsey to also
          resolve the additional issues identified.
        * Fix check of matching VRRP instances on reload.
          On a reload, clear_diff_vrrp() removes vrrp instances that are no
          longer in the configuration. The check, however, was based on vrrp
          instance name, which might have changed. The check is now based on
          VRID, address family and interface, since it is this triplet that
          uniquely defines a vrrp instance.
        * Fix clearing addresses no longer used after a reload.
          The address comparison was including ifa_index, but that wasn't being
          set up until after clear_diff_vrrp() was called.
        * Don't zero the mem_allocated count during reload.
          We want to know if there is a leak during reload, so don't zero the
        * Ensure iptables/sets entries and ip routes/rules not lost on reload.
          There were several places in the code that were causing existing
          iptables/ipsets entries to be lost on reload, and also new entries
          for additional ip addresses were deleted after being added. In
          addition, ip rules/routes for existing entries were being removed.
        * Ensure GARPs/GNAs are sent after reload if VIP/eVIP addresses added.
          Although there have been versions of keepalived when GARPs/GNAs were
          sent after a reload, this was due to a bug in determining if the VRRP
          instance had existed before. Resolving that bug (commit aaea8a4),
          caused keepalived to stop sending GARPs after a reload. This commit
          now specifically adds code to send GARPs on a VRRP instance for all
          addresses on that instance. It would be better if GARPs were sent only
          for the added addresses, and that may be resolved in a future commit.
        * Use correct interface for iptables/ipset entries when not accept mode
          If an interface was specified for a VIP/eVIP, the iptables/ipset block
          if not in accept mode for link local IPV6 addresses was specifying the
          interface the vrrp instance was on rather than the interface the 
          was added to.
          This commit now makes the iptables/ipset entry specify the interface 
          the address has been added to.
        * Resolve "Netlink: error: message truncated" messages.
          On systems with a page size larger than 4096 keepalived may report:
          "Netlink: error: message truncated" messages
          This error was reported on a ppc64le in an OpenStack/Nutron 
          Ppc64le is using a 64k pages size. I found that keepalived's netlink 
          buffer was too small causing messages to be truncated. The size of 
the read
          buffer for the netlink socket should be based on page size however, 
it should
          not exceed 8192. See the comment in the patch.
          I tested the fix by creating 100 veth interfaces and verifying the 
          did not return.
        * Use ipsets with namespaces on Linux < 3.13 if ipset names configured.
          The problem with using ipsets with namespaces on Linux < 3.13 is that
          ipsets were not namespace aware, and so all ipset entries added are
          global to the system, including all network namespaces. This causes
          problems if the default ipset names are used, but if set names have
          been specified, it is reasonable that they have been set to be
          different for each namespace, and hence there will be no clashes.
          The documentation is also updated for vrrp_ipsets keyword.
        * Don't write MEM_CHECK data to log when forked script child terminates.
          The mem check log file was being filled with extraneous termination
          information every time a forked child terminated. When a child is 
          it now sets a flag to stop the termination dump.
        * Fix illegal syntax in configure script
          Indirect expansion (`${!foo}`) is a bashism, it's not POSIX-sh
          compatible and is not supported by common shells except Bash and ZSH!
          Configure script should be portable, hence strictly POSIX compliant.
          Moreover it has shebang /bin/sh.
        * Make running scripts more secure
          Previously, keepalived ran all scripts as root. This is potentially
          dangerous if a non-root user can modify the script, or has write
          access to any part of the path to the script.
          This commit does the following:
          1) Adds configuration options to specify the user/group under which to
             run each script
          2) Adds an option to set the default script user/group. If this is not
             set it will default to user keepalived_script if that user exists,
             otherwise it will default to root, as before.
          3) If a script is to be executed with root privilege, report if it is
             writeable in any way by a non-root user.
          4) Add an option enable_script_security so that any scripts failing
          3) above won't be executed.
          5) Report if any scripts are not executable by the relevant user.
        * Fix some lead tab/space issues.
        * Fix segfault when terminating with no notify script configured.
        * Fix compiler warning generated with --enable-conversion-checks.
        * Don't segfault if modules ip_tables or ip6_tables not loaded
          If either of the modules is not loaded, then don't use ip(6)tables for
          that address family. We could load the module, but there would be no
          entries pointing to the chains that we use, and so there is no point
          adding entries to chains that won't be traversed.
        * Resolve some type mismatch warnings on 32 bit systems.
        * Fix checking security of misc_check scripts.

Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>
  • [lvs-users] [ANNOUNCE] Keepalived 1.3.0, Alexandre Cassen <=