Compare commits

..

No commits in common. "c8" and "c8-beta" have entirely different histories.
c8 ... c8-beta

6 changed files with 1 additions and 308 deletions

View File

@ -1,83 +0,0 @@
diff -ur keepalived-2.1.5/keepalived/core/global_parser.c keepalived-2.1.5.patched/keepalived/core/global_parser.c
--- keepalived-2.1.5/keepalived/core/global_parser.c 2020-07-10 17:41:46.000000000 +0100
+++ keepalived-2.1.5.patched/keepalived/core/global_parser.c 2024-12-02 14:06:44.469215491 +0000
@@ -955,6 +955,22 @@
}
}
#ifdef _HAVE_LIBIPSET_
+static bool
+check_valid_ipset_name(const vector_t *strvec, unsigned entry, const char *log_name)
+{
+ if (strlen(strvec_slot(strvec, entry)) >= IPSET_MAXNAMELEN - 1) {
+ report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset %s name too long - ignored", log_name);
+ return false;
+ }
+
+ if (strlen(strvec_slot(strvec, entry)) == 0) {
+ report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset %s name empty - ignored", log_name);
+ return false;
+ }
+
+ return true;
+}
+
static void
vrrp_ipsets_handler(const vector_t *strvec)
{
@@ -974,17 +990,13 @@
return;
}
- if (strlen(strvec_slot(strvec,1)) >= IPSET_MAXNAMELEN - 1) {
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset address name too long - ignored");
+ if (!check_valid_ipset_name(strvec, 1, "address"))
return;
- }
global_data->vrrp_ipset_address = STRDUP(strvec_slot(strvec,1));
if (vector_size(strvec) >= 3) {
- if (strlen(strvec_slot(strvec,2)) >= IPSET_MAXNAMELEN - 1) {
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IPv6 address name too long - ignored");
+ if (!check_valid_ipset_name(strvec, 2, "IPv6 address"))
return;
- }
global_data->vrrp_ipset_address6 = STRDUP(strvec_slot(strvec,2));
}
else {
@@ -995,10 +1007,8 @@
global_data->vrrp_ipset_address6 = STRDUP(set_name);
}
if (vector_size(strvec) >= 4) {
- if (strlen(strvec_slot(strvec,3)) >= IPSET_MAXNAMELEN - 1) {
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IPv6 address_iface name too long - ignored");
+ if (!check_valid_ipset_name(strvec, 3, "IPv6 address_iface"))
return;
- }
global_data->vrrp_ipset_address_iface6 = STRDUP(strvec_slot(strvec,3));
}
else {
@@ -1014,10 +1024,8 @@
#ifdef HAVE_IPSET_ATTR_IFACE
if (vector_size(strvec) >= 5) {
- if (strlen(strvec_slot(strvec,4)) >= IPSET_MAXNAMELEN - 1) {
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IGMP name too long - ignored");
+ if (!check_valid_ipset_name(strvec, 4, "IGMP"))
return;
- }
global_data->vrrp_ipset_igmp = STRDUP(strvec_slot(strvec,4));
}
else {
@@ -1028,10 +1036,8 @@
global_data->vrrp_ipset_igmp = STRDUP(set_name);
}
if (vector_size(strvec) >= 6) {
- if (strlen(strvec_slot(strvec,5)) >= IPSET_MAXNAMELEN - 1) {
- report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset MLD name too long - ignored");
+ if (!check_valid_ipset_name(strvec, 5, "MLD"))
return;
- }
global_data->vrrp_ipset_mld = STRDUP(strvec_slot(strvec,5));
}
else {
Only in keepalived-2.1.5.patched/keepalived/core: global_parser.c.orig

View File

@ -1,41 +0,0 @@
commit d2f5e5595a511ff62934c77cb62f82bdb2320e29
Author: Yonglong Li <liyonglong@chinatelecom.cn>
Date: Fri Dec 29 11:03:08 2023 +0800
lvs: if lost misc check child register checker agagin
issue: misc check_child_thread timeout and remove child_pid
form rb_data, timeout callback of check_child_thread is not be
called, if at this time misc script done and exit, and child
termination will do nothing because child_pid was remove form
rb_data. in this case timeou callback will not register checker
again, the checker will lost.
fix: if lost misc check child register checker again
Signed-off-by: Yonglong Li <liyonglong@chinatelecom.cn>
diff --git a/keepalived/check/check_misc.c b/keepalived/check/check_misc.c
index b2260d5f..c388e89d 100644
--- a/keepalived/check/check_misc.c
+++ b/keepalived/check/check_misc.c
@@ -337,9 +337,10 @@ misc_check_child_thread(thread_ref_t thread)
/* The process does not exist, and we should
* have reaped its exit status, otherwise it
* would exist as a zombie process. */
- log_message(LOG_INFO, "Misc script %s child (PID %d) lost", misck_checker->script.args[0], pid);
+ log_message(LOG_INFO, "Misc script %s child (PID %d) lost, register checker again", misck_checker->script.args[0], pid);
misck_checker->state = SCRIPT_STATE_IDLE;
timeout = 0;
+ goto recheck;
} else {
log_message(LOG_INFO, "kill -%d of process %s(%d) with new state %u failed with errno %d", sig_num, misck_checker->script.args[0], pid, misck_checker->state, errno);
timeout = 1000;
@@ -488,6 +489,7 @@ misc_check_child_thread(thread_ref_t thread)
}
}
+recheck:
/* Register next timer checker */
next_time = timer_add_long(misck_checker->last_ran, checker->retry_it ? checker->delay_before_retry : checker->delay_loop);
next_time = timer_sub_now(next_time);

View File

@ -1,23 +0,0 @@
commit 4a56ddf74b310d75c31bb98fee6f6789b04f6891
Author: Quentin Armitage <quentin@armitage.org.uk>
Date: Mon Jul 20 07:03:54 2020 +0100
vrrp: Fix building without VMAC support
Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
diff --git a/keepalived/vrrp/vrrp_parser.c b/keepalived/vrrp/vrrp_parser.c
index 1d19c684..3e05f698 100644
--- a/keepalived/vrrp/vrrp_parser.c
+++ b/keepalived/vrrp/vrrp_parser.c
@@ -412,9 +412,9 @@ vrrp_handler(const vector_t *strvec)
static void
vrrp_end_handler(void)
{
-#ifdef _HAVE_VRRP_VMAC_
vrrp_t *vrrp = list_last_entry(&vrrp_data->vrrp, vrrp_t, e_list);
+#ifdef _HAVE_VRRP_VMAC_
if (!list_empty(&vrrp->unicast_peer) && vrrp->vmac_flags) {
report_config_error(CONFIG_GENERAL_ERROR, "(%s): Cannot use VMAC/ipvlan with unicast peers - clearing use_vmac", vrrp->iname);
vrrp->vmac_flags = 0;

View File

@ -1,97 +0,0 @@
commit 97429b3b7e6ec2f5b9c93a5d507b152bab30f919
Author: Quentin Armitage <quentin@armitage.org.uk>
Date: Wed Sep 16 15:35:44 2020 +0100
vrrp: Fix using VMACs with unicast peers
Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
diff --git a/doc/man/man5/keepalived.conf.5 b/doc/man/man5/keepalived.conf.5
index e6b230c6..83a5915f 100644
--- a/doc/man/man5/keepalived.conf.5
+++ b/doc/man/man5/keepalived.conf.5
@@ -1359,6 +1359,8 @@ The syntax for vrrp_instance is :
# all.rp_filter, as will default.rp_filter, and all.rp_filter
# will be set to 0.
# The original settings are restored on termination.
+ # \fBNOTE 2\fR: If using use_vmac with unicast peers,
+ # vmac_xmit_base must be set.
\fBuse_vmac \fR[<VMAC_INTERFACE>]
# Send/Recv VRRP messages from base interface instead of
diff --git a/keepalived/vrrp/vrrp_parser.c b/keepalived/vrrp/vrrp_parser.c
index 5cf1eea1..d1e2d8ea 100644
--- a/keepalived/vrrp/vrrp_parser.c
+++ b/keepalived/vrrp/vrrp_parser.c
@@ -416,9 +416,14 @@ vrrp_end_handler(void)
#ifdef _HAVE_VRRP_VMAC_
if (!list_empty(&vrrp->unicast_peer) && vrrp->vmac_flags) {
- report_config_error(CONFIG_GENERAL_ERROR, "(%s): Cannot use VMAC/ipvlan with unicast peers - clearing use_vmac", vrrp->iname);
- vrrp->vmac_flags = 0;
- vrrp->vmac_ifname[0] = '\0';
+ if (!vrrp->ifp) {
+ report_config_error(CONFIG_GENERAL_ERROR, "(%s): Cannot use VMAC/ipvlan with unicast peers and no interface - clearing use_vmac", vrrp->iname);
+ vrrp->vmac_flags = 0;
+ vrrp->vmac_ifname[0] = '\0';
+ } else if (!__test_bit(VRRP_VMAC_XMITBASE_BIT, &vrrp->vmac_flags)) {
+ report_config_error(CONFIG_GENERAL_ERROR, "(%s) unicast with use_vmac requires vmac_xmit_base - setting", vrrp->iname);
+ __set_bit(VRRP_VMAC_XMITBASE_BIT, &vrrp->vmac_flags);
+ }
}
#endif
diff --git a/keepalived/vrrp/vrrp_scheduler.c b/keepalived/vrrp/vrrp_scheduler.c
index 2fb859e1..d9271720 100644
--- a/keepalived/vrrp/vrrp_scheduler.c
+++ b/keepalived/vrrp/vrrp_scheduler.c
@@ -459,17 +459,17 @@ vrrp_create_sockpool(list_head_t *l)
struct sockaddr_storage *unicast_src;
list_for_each_entry(vrrp, &vrrp_data->vrrp, e_list) {
- if (list_empty(&vrrp->unicast_peer)) {
- ifp =
-#ifdef _HAVE_VRRP_VMAC_
- (__test_bit(VRRP_VMAC_XMITBASE_BIT, &vrrp->vmac_flags)) ? vrrp->configured_ifp :
-#endif
- vrrp->ifp;
+ if (list_empty(&vrrp->unicast_peer))
unicast_src = NULL;
- } else {
+ else
unicast_src = &vrrp->saddr;
- ifp = vrrp->ifp;
- }
+
+ ifp =
+#ifdef _HAVE_VRRP_VMAC_
+ (__test_bit(VRRP_VMAC_XMITBASE_BIT, &vrrp->vmac_flags)) ? vrrp->configured_ifp :
+#endif
+ vrrp->ifp;
+
proto = IPPROTO_VRRP;
#if defined _WITH_VRRP_AUTH_
if (vrrp->auth_type == VRRP_AUTH_AH)
@@ -607,13 +607,6 @@ vrrp_lower_prio_gratuitous_arp_thread(thread_ref_t thread)
vrrp_send_link_update(vrrp, vrrp->garp_lower_prio_rep);
}
-static void
-vrrp_master(vrrp_t * vrrp)
-{
- /* Send the VRRP advert */
- vrrp_state_master_tx(vrrp);
-}
-
void
try_up_instance(vrrp_t *vrrp, bool leaving_init)
{
@@ -802,7 +795,7 @@ vrrp_dispatcher_read_timeout(sock_t *sock)
vrrp_goto_master(vrrp);
}
else if (vrrp->state == VRRP_STATE_MAST)
- vrrp_master(vrrp);
+ vrrp_state_master_tx(vrrp);
/* handle instance synchronization */
#ifdef _TSM_DEBUG_

View File

@ -1,40 +0,0 @@
commit e2b4d108d68ada3af8ad437e2e291fcac1fd0ff7
Author: Quentin Armitage <quentin@armitage.org.uk>
Date: Tue Oct 20 11:24:48 2020 +0100
ipvs: Allow real servers to be specified with a weight of 0
This currently only really makes sense when also having a FILE_CHECK
with non-zero weight configured, or a MISC_CHECK with "misc_dynamic",
since otherwise there is no way that the weight of the real server can
be changed to be non-zero.
Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
diff --git a/keepalived/check/ipwrapper.c b/keepalived/check/ipwrapper.c
index a4c40d6c..4b9ccb6f 100644
--- a/keepalived/check/ipwrapper.c
+++ b/keepalived/check/ipwrapper.c
@@ -410,8 +410,8 @@ init_service_rs(virtual_server_t *vs)
rs->num_failed_checkers++;
}
- if (rs->effective_weight < 1)
- rs->weight = 1;
+ if (rs->effective_weight < 0)
+ rs->weight = 0;
else if (rs->effective_weight > IPVS_WEIGHT_MAX - 1)
rs->weight = IPVS_WEIGHT_MAX - 1;
else
@@ -667,9 +667,8 @@ update_svr_wgt(int weight, virtual_server_t * vs, real_server_t * rs
{
rs->effective_weight = weight;
-/* TODO - handle weight = 0 - ? affects quorum */
- if (weight <= 0)
- weight = 1;
+ if (weight < 0)
+ weight = 0;
#if IPVS_WEIGHT_MAX != INT_MAX
else if (weight > IPVS_WEIGHT_MAX)
weight = IPVS_WEIGHT_MAX;

View File

@ -10,7 +10,7 @@
Name: keepalived Name: keepalived
Summary: High Availability monitor built upon LVS, VRRP and service pollers Summary: High Availability monitor built upon LVS, VRRP and service pollers
Version: 2.1.5 Version: 2.1.5
Release: 11%{?dist} Release: 9%{?dist}
License: GPLv2+ License: GPLv2+
URL: http://www.keepalived.org/ URL: http://www.keepalived.org/
Group: System Environment/Daemons Group: System Environment/Daemons
@ -22,11 +22,6 @@ Patch1: bz1977716-revert-explicit-set-LOG_USER-facility.patch
Patch2: bz1977716-use-LOG_DAEMON-facility-by-default.patch Patch2: bz1977716-use-LOG_DAEMON-facility-by-default.patch
Patch3: bz2028350-fix-dbus-policy-restrictions.patch Patch3: bz2028350-fix-dbus-policy-restrictions.patch
Patch4: bz2054249-fix-unweighted-track-scripts.patch Patch4: bz2054249-fix-unweighted-track-scripts.patch
Patch5: RHEL-49561-validate-ipset-names-better.patch
Patch6: RHEL-7694-dep.patch
Patch7: RHEL-7694.patch
Patch8: RHEL-7699.patch
Patch9: RHEL-66742.patch
Requires(post): systemd Requires(post): systemd
Requires(preun): systemd Requires(preun): systemd
@ -66,11 +61,6 @@ infrastructures.
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%build %build
%configure \ %configure \
@ -121,19 +111,6 @@ mkdir -p %{buildroot}%{_libexecdir}/keepalived
%{_mandir}/man8/keepalived.8* %{_mandir}/man8/keepalived.8*
%changelog %changelog
* Fri Jan 31 2025 Christine Caulfield <ccaulfie@redhat.com> - 2.1.5-11
- ipvs: Allow real servers to be specified with a weight of 0
Resolves: RHEL-7699
- vrrp: Fix using VMACs with unicast peers
Resolves: RHEL-7694
- lvs: if lost misc check child register checker again
Resolves: RHEL-66742
* Mon Dec 2 2024 Christine Caulfield <ccaulfie@redhat.com> - 2.1.5-10
- CVE-2024-41184
Resolves: RHEL-49561
* Thu Jul 21 2022 Ryan O'Hara <rohara@redhat.com> - 2.1.5-9 * Thu Jul 21 2022 Ryan O'Hara <rohara@redhat.com> - 2.1.5-9
- Fix removal of unweighted track scripts from sync group (#2054249) - Fix removal of unweighted track scripts from sync group (#2054249)