Compare commits
No commits in common. "c8" and "c8-beta" have entirely different histories.
@ -1,83 +0,0 @@
|
|||||||
diff -ur keepalived-2.1.5/keepalived/core/global_parser.c keepalived-2.1.5.patched/keepalived/core/global_parser.c
|
|
||||||
--- keepalived-2.1.5/keepalived/core/global_parser.c 2020-07-10 17:41:46.000000000 +0100
|
|
||||||
+++ keepalived-2.1.5.patched/keepalived/core/global_parser.c 2024-12-02 14:06:44.469215491 +0000
|
|
||||||
@@ -955,6 +955,22 @@
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#ifdef _HAVE_LIBIPSET_
|
|
||||||
+static bool
|
|
||||||
+check_valid_ipset_name(const vector_t *strvec, unsigned entry, const char *log_name)
|
|
||||||
+{
|
|
||||||
+ if (strlen(strvec_slot(strvec, entry)) >= IPSET_MAXNAMELEN - 1) {
|
|
||||||
+ report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset %s name too long - ignored", log_name);
|
|
||||||
+ return false;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (strlen(strvec_slot(strvec, entry)) == 0) {
|
|
||||||
+ report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset %s name empty - ignored", log_name);
|
|
||||||
+ return false;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return true;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static void
|
|
||||||
vrrp_ipsets_handler(const vector_t *strvec)
|
|
||||||
{
|
|
||||||
@@ -974,17 +990,13 @@
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (strlen(strvec_slot(strvec,1)) >= IPSET_MAXNAMELEN - 1) {
|
|
||||||
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset address name too long - ignored");
|
|
||||||
+ if (!check_valid_ipset_name(strvec, 1, "address"))
|
|
||||||
return;
|
|
||||||
- }
|
|
||||||
global_data->vrrp_ipset_address = STRDUP(strvec_slot(strvec,1));
|
|
||||||
|
|
||||||
if (vector_size(strvec) >= 3) {
|
|
||||||
- if (strlen(strvec_slot(strvec,2)) >= IPSET_MAXNAMELEN - 1) {
|
|
||||||
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IPv6 address name too long - ignored");
|
|
||||||
+ if (!check_valid_ipset_name(strvec, 2, "IPv6 address"))
|
|
||||||
return;
|
|
||||||
- }
|
|
||||||
global_data->vrrp_ipset_address6 = STRDUP(strvec_slot(strvec,2));
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
@@ -995,10 +1007,8 @@
|
|
||||||
global_data->vrrp_ipset_address6 = STRDUP(set_name);
|
|
||||||
}
|
|
||||||
if (vector_size(strvec) >= 4) {
|
|
||||||
- if (strlen(strvec_slot(strvec,3)) >= IPSET_MAXNAMELEN - 1) {
|
|
||||||
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IPv6 address_iface name too long - ignored");
|
|
||||||
+ if (!check_valid_ipset_name(strvec, 3, "IPv6 address_iface"))
|
|
||||||
return;
|
|
||||||
- }
|
|
||||||
global_data->vrrp_ipset_address_iface6 = STRDUP(strvec_slot(strvec,3));
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
@@ -1014,10 +1024,8 @@
|
|
||||||
|
|
||||||
#ifdef HAVE_IPSET_ATTR_IFACE
|
|
||||||
if (vector_size(strvec) >= 5) {
|
|
||||||
- if (strlen(strvec_slot(strvec,4)) >= IPSET_MAXNAMELEN - 1) {
|
|
||||||
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IGMP name too long - ignored");
|
|
||||||
+ if (!check_valid_ipset_name(strvec, 4, "IGMP"))
|
|
||||||
return;
|
|
||||||
- }
|
|
||||||
global_data->vrrp_ipset_igmp = STRDUP(strvec_slot(strvec,4));
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
@@ -1028,10 +1036,8 @@
|
|
||||||
global_data->vrrp_ipset_igmp = STRDUP(set_name);
|
|
||||||
}
|
|
||||||
if (vector_size(strvec) >= 6) {
|
|
||||||
- if (strlen(strvec_slot(strvec,5)) >= IPSET_MAXNAMELEN - 1) {
|
|
||||||
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset MLD name too long - ignored");
|
|
||||||
+ if (!check_valid_ipset_name(strvec, 5, "MLD"))
|
|
||||||
return;
|
|
||||||
- }
|
|
||||||
global_data->vrrp_ipset_mld = STRDUP(strvec_slot(strvec,5));
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
Only in keepalived-2.1.5.patched/keepalived/core: global_parser.c.orig
|
|
@ -1,41 +0,0 @@
|
|||||||
commit d2f5e5595a511ff62934c77cb62f82bdb2320e29
|
|
||||||
Author: Yonglong Li <liyonglong@chinatelecom.cn>
|
|
||||||
Date: Fri Dec 29 11:03:08 2023 +0800
|
|
||||||
|
|
||||||
lvs: if lost misc check child register checker agagin
|
|
||||||
|
|
||||||
issue: misc check_child_thread timeout and remove child_pid
|
|
||||||
form rb_data, timeout callback of check_child_thread is not be
|
|
||||||
called, if at this time misc script done and exit, and child
|
|
||||||
termination will do nothing because child_pid was remove form
|
|
||||||
rb_data. in this case timeou callback will not register checker
|
|
||||||
again, the checker will lost.
|
|
||||||
|
|
||||||
fix: if lost misc check child register checker again
|
|
||||||
|
|
||||||
Signed-off-by: Yonglong Li <liyonglong@chinatelecom.cn>
|
|
||||||
|
|
||||||
diff --git a/keepalived/check/check_misc.c b/keepalived/check/check_misc.c
|
|
||||||
index b2260d5f..c388e89d 100644
|
|
||||||
--- a/keepalived/check/check_misc.c
|
|
||||||
+++ b/keepalived/check/check_misc.c
|
|
||||||
@@ -337,9 +337,10 @@ misc_check_child_thread(thread_ref_t thread)
|
|
||||||
/* The process does not exist, and we should
|
|
||||||
* have reaped its exit status, otherwise it
|
|
||||||
* would exist as a zombie process. */
|
|
||||||
- log_message(LOG_INFO, "Misc script %s child (PID %d) lost", misck_checker->script.args[0], pid);
|
|
||||||
+ log_message(LOG_INFO, "Misc script %s child (PID %d) lost, register checker again", misck_checker->script.args[0], pid);
|
|
||||||
misck_checker->state = SCRIPT_STATE_IDLE;
|
|
||||||
timeout = 0;
|
|
||||||
+ goto recheck;
|
|
||||||
} else {
|
|
||||||
log_message(LOG_INFO, "kill -%d of process %s(%d) with new state %u failed with errno %d", sig_num, misck_checker->script.args[0], pid, misck_checker->state, errno);
|
|
||||||
timeout = 1000;
|
|
||||||
@@ -488,6 +489,7 @@ misc_check_child_thread(thread_ref_t thread)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+recheck:
|
|
||||||
/* Register next timer checker */
|
|
||||||
next_time = timer_add_long(misck_checker->last_ran, checker->retry_it ? checker->delay_before_retry : checker->delay_loop);
|
|
||||||
next_time = timer_sub_now(next_time);
|
|
@ -1,23 +0,0 @@
|
|||||||
commit 4a56ddf74b310d75c31bb98fee6f6789b04f6891
|
|
||||||
Author: Quentin Armitage <quentin@armitage.org.uk>
|
|
||||||
Date: Mon Jul 20 07:03:54 2020 +0100
|
|
||||||
|
|
||||||
vrrp: Fix building without VMAC support
|
|
||||||
|
|
||||||
Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
|
|
||||||
|
|
||||||
diff --git a/keepalived/vrrp/vrrp_parser.c b/keepalived/vrrp/vrrp_parser.c
|
|
||||||
index 1d19c684..3e05f698 100644
|
|
||||||
--- a/keepalived/vrrp/vrrp_parser.c
|
|
||||||
+++ b/keepalived/vrrp/vrrp_parser.c
|
|
||||||
@@ -412,9 +412,9 @@ vrrp_handler(const vector_t *strvec)
|
|
||||||
static void
|
|
||||||
vrrp_end_handler(void)
|
|
||||||
{
|
|
||||||
-#ifdef _HAVE_VRRP_VMAC_
|
|
||||||
vrrp_t *vrrp = list_last_entry(&vrrp_data->vrrp, vrrp_t, e_list);
|
|
||||||
|
|
||||||
+#ifdef _HAVE_VRRP_VMAC_
|
|
||||||
if (!list_empty(&vrrp->unicast_peer) && vrrp->vmac_flags) {
|
|
||||||
report_config_error(CONFIG_GENERAL_ERROR, "(%s): Cannot use VMAC/ipvlan with unicast peers - clearing use_vmac", vrrp->iname);
|
|
||||||
vrrp->vmac_flags = 0;
|
|
@ -1,97 +0,0 @@
|
|||||||
commit 97429b3b7e6ec2f5b9c93a5d507b152bab30f919
|
|
||||||
Author: Quentin Armitage <quentin@armitage.org.uk>
|
|
||||||
Date: Wed Sep 16 15:35:44 2020 +0100
|
|
||||||
|
|
||||||
vrrp: Fix using VMACs with unicast peers
|
|
||||||
|
|
||||||
Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
|
|
||||||
|
|
||||||
diff --git a/doc/man/man5/keepalived.conf.5 b/doc/man/man5/keepalived.conf.5
|
|
||||||
index e6b230c6..83a5915f 100644
|
|
||||||
--- a/doc/man/man5/keepalived.conf.5
|
|
||||||
+++ b/doc/man/man5/keepalived.conf.5
|
|
||||||
@@ -1359,6 +1359,8 @@ The syntax for vrrp_instance is :
|
|
||||||
# all.rp_filter, as will default.rp_filter, and all.rp_filter
|
|
||||||
# will be set to 0.
|
|
||||||
# The original settings are restored on termination.
|
|
||||||
+ # \fBNOTE 2\fR: If using use_vmac with unicast peers,
|
|
||||||
+ # vmac_xmit_base must be set.
|
|
||||||
\fBuse_vmac \fR[<VMAC_INTERFACE>]
|
|
||||||
|
|
||||||
# Send/Recv VRRP messages from base interface instead of
|
|
||||||
diff --git a/keepalived/vrrp/vrrp_parser.c b/keepalived/vrrp/vrrp_parser.c
|
|
||||||
index 5cf1eea1..d1e2d8ea 100644
|
|
||||||
--- a/keepalived/vrrp/vrrp_parser.c
|
|
||||||
+++ b/keepalived/vrrp/vrrp_parser.c
|
|
||||||
@@ -416,9 +416,14 @@ vrrp_end_handler(void)
|
|
||||||
|
|
||||||
#ifdef _HAVE_VRRP_VMAC_
|
|
||||||
if (!list_empty(&vrrp->unicast_peer) && vrrp->vmac_flags) {
|
|
||||||
- report_config_error(CONFIG_GENERAL_ERROR, "(%s): Cannot use VMAC/ipvlan with unicast peers - clearing use_vmac", vrrp->iname);
|
|
||||||
- vrrp->vmac_flags = 0;
|
|
||||||
- vrrp->vmac_ifname[0] = '\0';
|
|
||||||
+ if (!vrrp->ifp) {
|
|
||||||
+ report_config_error(CONFIG_GENERAL_ERROR, "(%s): Cannot use VMAC/ipvlan with unicast peers and no interface - clearing use_vmac", vrrp->iname);
|
|
||||||
+ vrrp->vmac_flags = 0;
|
|
||||||
+ vrrp->vmac_ifname[0] = '\0';
|
|
||||||
+ } else if (!__test_bit(VRRP_VMAC_XMITBASE_BIT, &vrrp->vmac_flags)) {
|
|
||||||
+ report_config_error(CONFIG_GENERAL_ERROR, "(%s) unicast with use_vmac requires vmac_xmit_base - setting", vrrp->iname);
|
|
||||||
+ __set_bit(VRRP_VMAC_XMITBASE_BIT, &vrrp->vmac_flags);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
diff --git a/keepalived/vrrp/vrrp_scheduler.c b/keepalived/vrrp/vrrp_scheduler.c
|
|
||||||
index 2fb859e1..d9271720 100644
|
|
||||||
--- a/keepalived/vrrp/vrrp_scheduler.c
|
|
||||||
+++ b/keepalived/vrrp/vrrp_scheduler.c
|
|
||||||
@@ -459,17 +459,17 @@ vrrp_create_sockpool(list_head_t *l)
|
|
||||||
struct sockaddr_storage *unicast_src;
|
|
||||||
|
|
||||||
list_for_each_entry(vrrp, &vrrp_data->vrrp, e_list) {
|
|
||||||
- if (list_empty(&vrrp->unicast_peer)) {
|
|
||||||
- ifp =
|
|
||||||
-#ifdef _HAVE_VRRP_VMAC_
|
|
||||||
- (__test_bit(VRRP_VMAC_XMITBASE_BIT, &vrrp->vmac_flags)) ? vrrp->configured_ifp :
|
|
||||||
-#endif
|
|
||||||
- vrrp->ifp;
|
|
||||||
+ if (list_empty(&vrrp->unicast_peer))
|
|
||||||
unicast_src = NULL;
|
|
||||||
- } else {
|
|
||||||
+ else
|
|
||||||
unicast_src = &vrrp->saddr;
|
|
||||||
- ifp = vrrp->ifp;
|
|
||||||
- }
|
|
||||||
+
|
|
||||||
+ ifp =
|
|
||||||
+#ifdef _HAVE_VRRP_VMAC_
|
|
||||||
+ (__test_bit(VRRP_VMAC_XMITBASE_BIT, &vrrp->vmac_flags)) ? vrrp->configured_ifp :
|
|
||||||
+#endif
|
|
||||||
+ vrrp->ifp;
|
|
||||||
+
|
|
||||||
proto = IPPROTO_VRRP;
|
|
||||||
#if defined _WITH_VRRP_AUTH_
|
|
||||||
if (vrrp->auth_type == VRRP_AUTH_AH)
|
|
||||||
@@ -607,13 +607,6 @@ vrrp_lower_prio_gratuitous_arp_thread(thread_ref_t thread)
|
|
||||||
vrrp_send_link_update(vrrp, vrrp->garp_lower_prio_rep);
|
|
||||||
}
|
|
||||||
|
|
||||||
-static void
|
|
||||||
-vrrp_master(vrrp_t * vrrp)
|
|
||||||
-{
|
|
||||||
- /* Send the VRRP advert */
|
|
||||||
- vrrp_state_master_tx(vrrp);
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
void
|
|
||||||
try_up_instance(vrrp_t *vrrp, bool leaving_init)
|
|
||||||
{
|
|
||||||
@@ -802,7 +795,7 @@ vrrp_dispatcher_read_timeout(sock_t *sock)
|
|
||||||
vrrp_goto_master(vrrp);
|
|
||||||
}
|
|
||||||
else if (vrrp->state == VRRP_STATE_MAST)
|
|
||||||
- vrrp_master(vrrp);
|
|
||||||
+ vrrp_state_master_tx(vrrp);
|
|
||||||
|
|
||||||
/* handle instance synchronization */
|
|
||||||
#ifdef _TSM_DEBUG_
|
|
@ -1,40 +0,0 @@
|
|||||||
commit e2b4d108d68ada3af8ad437e2e291fcac1fd0ff7
|
|
||||||
Author: Quentin Armitage <quentin@armitage.org.uk>
|
|
||||||
Date: Tue Oct 20 11:24:48 2020 +0100
|
|
||||||
|
|
||||||
ipvs: Allow real servers to be specified with a weight of 0
|
|
||||||
|
|
||||||
This currently only really makes sense when also having a FILE_CHECK
|
|
||||||
with non-zero weight configured, or a MISC_CHECK with "misc_dynamic",
|
|
||||||
since otherwise there is no way that the weight of the real server can
|
|
||||||
be changed to be non-zero.
|
|
||||||
|
|
||||||
Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
|
|
||||||
|
|
||||||
diff --git a/keepalived/check/ipwrapper.c b/keepalived/check/ipwrapper.c
|
|
||||||
index a4c40d6c..4b9ccb6f 100644
|
|
||||||
--- a/keepalived/check/ipwrapper.c
|
|
||||||
+++ b/keepalived/check/ipwrapper.c
|
|
||||||
@@ -410,8 +410,8 @@ init_service_rs(virtual_server_t *vs)
|
|
||||||
rs->num_failed_checkers++;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (rs->effective_weight < 1)
|
|
||||||
- rs->weight = 1;
|
|
||||||
+ if (rs->effective_weight < 0)
|
|
||||||
+ rs->weight = 0;
|
|
||||||
else if (rs->effective_weight > IPVS_WEIGHT_MAX - 1)
|
|
||||||
rs->weight = IPVS_WEIGHT_MAX - 1;
|
|
||||||
else
|
|
||||||
@@ -667,9 +667,8 @@ update_svr_wgt(int weight, virtual_server_t * vs, real_server_t * rs
|
|
||||||
{
|
|
||||||
rs->effective_weight = weight;
|
|
||||||
|
|
||||||
-/* TODO - handle weight = 0 - ? affects quorum */
|
|
||||||
- if (weight <= 0)
|
|
||||||
- weight = 1;
|
|
||||||
+ if (weight < 0)
|
|
||||||
+ weight = 0;
|
|
||||||
#if IPVS_WEIGHT_MAX != INT_MAX
|
|
||||||
else if (weight > IPVS_WEIGHT_MAX)
|
|
||||||
weight = IPVS_WEIGHT_MAX;
|
|
@ -10,7 +10,7 @@
|
|||||||
Name: keepalived
|
Name: keepalived
|
||||||
Summary: High Availability monitor built upon LVS, VRRP and service pollers
|
Summary: High Availability monitor built upon LVS, VRRP and service pollers
|
||||||
Version: 2.1.5
|
Version: 2.1.5
|
||||||
Release: 11%{?dist}
|
Release: 9%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: http://www.keepalived.org/
|
URL: http://www.keepalived.org/
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
@ -22,11 +22,6 @@ Patch1: bz1977716-revert-explicit-set-LOG_USER-facility.patch
|
|||||||
Patch2: bz1977716-use-LOG_DAEMON-facility-by-default.patch
|
Patch2: bz1977716-use-LOG_DAEMON-facility-by-default.patch
|
||||||
Patch3: bz2028350-fix-dbus-policy-restrictions.patch
|
Patch3: bz2028350-fix-dbus-policy-restrictions.patch
|
||||||
Patch4: bz2054249-fix-unweighted-track-scripts.patch
|
Patch4: bz2054249-fix-unweighted-track-scripts.patch
|
||||||
Patch5: RHEL-49561-validate-ipset-names-better.patch
|
|
||||||
Patch6: RHEL-7694-dep.patch
|
|
||||||
Patch7: RHEL-7694.patch
|
|
||||||
Patch8: RHEL-7699.patch
|
|
||||||
Patch9: RHEL-66742.patch
|
|
||||||
|
|
||||||
Requires(post): systemd
|
Requires(post): systemd
|
||||||
Requires(preun): systemd
|
Requires(preun): systemd
|
||||||
@ -66,11 +61,6 @@ infrastructures.
|
|||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
%patch5 -p1
|
|
||||||
%patch6 -p1
|
|
||||||
%patch7 -p1
|
|
||||||
%patch8 -p1
|
|
||||||
%patch9 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure \
|
%configure \
|
||||||
@ -121,19 +111,6 @@ mkdir -p %{buildroot}%{_libexecdir}/keepalived
|
|||||||
%{_mandir}/man8/keepalived.8*
|
%{_mandir}/man8/keepalived.8*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
|
||||||
* Fri Jan 31 2025 Christine Caulfield <ccaulfie@redhat.com> - 2.1.5-11
|
|
||||||
- ipvs: Allow real servers to be specified with a weight of 0
|
|
||||||
Resolves: RHEL-7699
|
|
||||||
- vrrp: Fix using VMACs with unicast peers
|
|
||||||
Resolves: RHEL-7694
|
|
||||||
- lvs: if lost misc check child register checker again
|
|
||||||
Resolves: RHEL-66742
|
|
||||||
|
|
||||||
* Mon Dec 2 2024 Christine Caulfield <ccaulfie@redhat.com> - 2.1.5-10
|
|
||||||
- CVE-2024-41184
|
|
||||||
Resolves: RHEL-49561
|
|
||||||
|
|
||||||
* Thu Jul 21 2022 Ryan O'Hara <rohara@redhat.com> - 2.1.5-9
|
* Thu Jul 21 2022 Ryan O'Hara <rohara@redhat.com> - 2.1.5-9
|
||||||
- Fix removal of unweighted track scripts from sync group (#2054249)
|
- Fix removal of unweighted track scripts from sync group (#2054249)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user