Changes - j0ke.net Open Build Service

Changes of Revision 18

[-] [+]	Changed	keepalived.spec
@@ -11,6 +11,11 @@ Patch2: keepalived-main-SET_RELOAD.patch Patch3: keepalived-ipv6-range.patch Patch4: keepalived-vrrp_cleanup.patch +Patch6: keepalived-docu-update.patch +Patch7: keepalived-ipv4compare.patch +Patch8: keepalived-modprobe.patch +Patch9: keepalived-check-ipv6-mark.patch +Patch10: keepalived-bind.patch # own Patch5: keepalived-FD_leak.patch License: GPL @@ -42,6 +47,11 @@ %patch3 -p1 %patch4 -p1 %patch5 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 %build #export CFLAGS=-D__KERNGLUE__
[-] [+]	Added	keepalived-bind.patch ^
@@ -0,0 +1,24 @@ +From 794273c2729f4b79ddd321d3fa90f9b300e86800 Mon Sep 17 00:00:00 2001 +From: Vincent Bernat <bernat@luffy.cx> +Date: Mon, 05 Dec 2011 13:47:14 +0000 +Subject: Don't use bind() with AF_UNSPEC + +tcp_bind_connect() may be called with a non NULL bind_addr variable +but filled with 0. This cause bind() to be called with AF_UNSPEC and +make it fail with recent kernels. +--- +diff --git a/keepalived/core/layer4.c b/keepalived/core/layer4.c +index 5725500..5b33417 100644 +--- a/keepalived/core/layer4.c ++++ b/keepalived/core/layer4.c +@@ -43,7 +43,7 @@ tcp_bind_connect(int fd, struct sockaddr_storage addr, struct sockaddr_storage + fcntl(fd, F_SETFL, val \| O_NONBLOCK); + + / Bind socket / +- if (bind_addr) { ++ if (bind_addr && ((struct sockaddr ) bind_addr)->sa_family != AF_UNSPEC) { + addrlen = sizeof(bind_addr); + if (bind(fd, (struct sockaddr ) bind_addr, addrlen) != 0) + return connect_error; +-- +cgit v0.8.3.4
[-] [+]	Added	keepalived-check-ipv6-mark.patch ^
@@ -0,0 +1,58 @@ +From 479bb39cb94e602e8e8891d84538b2f67de14f04 Mon Sep 17 00:00:00 2001 +From: Vincent Bernat <bernat@luffy.cx> +Date: Wed, 26 Oct 2011 21:26:44 +0000 +Subject: check: enable the use of fwmark with IPv6 virtual servers + +When using fwmark, the virtual server was assumed to use IPv4. We +correct this by looking at the address family of the first real +server. +--- +diff --git a/keepalived/check/ipvswrapper.c b/keepalived/check/ipvswrapper.c +index 511be53..6f49b19 100644 +--- a/keepalived/check/ipvswrapper.c ++++ b/keepalived/check/ipvswrapper.c +@@ -455,9 +455,9 @@ ipvs_group_range_cmd(int cmd, virtual_server_group_entry vsg_entry) + + / set IPVS group rules / + static void +-ipvs_group_cmd(int cmd, list vs_group, real_server rs, char * vsgname) ++ipvs_group_cmd(int cmd, list vs_group, real_server * rs, virtual_server * vs) + { +- virtual_server_group vsg = ipvs_get_group_by_name(vsgname, vs_group); ++ virtual_server_group vsg = ipvs_get_group_by_name(vs->vsgname, vs_group); + virtual_server_group_entry vsg_entry; + list l; + element e; +@@ -493,6 +493,12 @@ ipvs_group_cmd(int cmd, list vs_group, real_server rs, char * vsgname) + for (e = LIST_HEAD(l); e; ELEMENT_NEXT(e)) { + vsg_entry = ELEMENT_DATA(e); + srule->af = AF_INET; ++ /* Need to get address family from first real server / ++ if (vs->rs && !LIST_ISEMPTY(vs->rs) && ++ (((real_server )ELEMENT_DATA(LIST_HEAD(vs->rs)))->addr.ss_family == AF_INET6)) { ++ srule->af = AF_INET6; ++ srule->netmask = 128; ++ } + srule->fwmark = vsg_entry->vfwmark; + + /* Talk to the IPVS channel / +@@ -584,10 +590,16 @@ ipvs_cmd(int cmd, list vs_group, virtual_server vs, real_server * rs) + + /* Set vs rule and send to kernel / + if (vs->vsgname) { +- ipvs_group_cmd(cmd, vs_group, rs, vs->vsgname); ++ ipvs_group_cmd(cmd, vs_group, rs, vs); + } else { + if (vs->vfwmark) { + srule->af = AF_INET; ++ / Need to get address family from first real server / ++ if (vs->rs && !LIST_ISEMPTY(vs->rs) && ++ (((real_server )ELEMENT_DATA(LIST_HEAD(vs->rs)))->addr.ss_family == AF_INET6)) { ++ srule->af = AF_INET6; ++ srule->netmask = 128; ++ } + srule->fwmark = vs->vfwmark; + } else { + srule->af = vs->addr.ss_family; +-- +cgit v0.8.3.4
[-] [+]	Added	keepalived-docu-update.patch ^
@@ -0,0 +1,59 @@ +From c02b0ebab4e6f622e914295025807abbe777feee Mon Sep 17 00:00:00 2001 +From: Vincent Bernat <bernat@luffy.cx> +Date: Wed, 26 Oct 2011 22:18:19 +0000 +Subject: vrrp: better documentation of the limitation on password length + +Patch from Dan Wallis: + + I've been helping debug a password issue between versions v1.1.15 & + v1.1.20, and it turns out that auth_pass is being truncated to eight + characters in the former, and seven in the latter. This is later + "fixed" to be eight characters again in v1.2.1. + + This patch makes this maximum length more obvious to the end user, so + as to avoid future issues with inadvertent truncation. +--- +diff --git a/doc/keepalived.conf.SYNOPSIS b/doc/keepalived.conf.SYNOPSIS +index 5d79720..7369ef3 100644 +--- a/doc/keepalived.conf.SYNOPSIS ++++ b/doc/keepalived.conf.SYNOPSIS +@@ -170,7 +170,7 @@ vrrp_instance <STRING> { # VRRP instance declaration + advert_int <INTEGER> # VRRP Advert interval (use default) + authentication { # Authentication block + auth_type PASS\|AH # Simple Passwd or IPSEC AH +- auth_pass <STRING> # Password string ++ auth_pass <STRING> # Password string (up to 8 characters) + } + virtual_ipaddress { # VRRP IP addres block + <IP ADDRESS>/<MASK> brd <IP ADDRESS> dev <STRING> scope <SCOPE> label <LABEL> +diff --git a/doc/man/man5/keepalived.conf.5 b/doc/man/man5/keepalived.conf.5 +index 09aae3a..53856da 100644 +--- a/doc/man/man5/keepalived.conf.5 ++++ b/doc/man/man5/keepalived.conf.5 +@@ -172,6 +172,7 @@ which will transition together on any state change. + auth_type PASS + # Password for accessing vrrpd. + # should be the same for all machines. ++ # Only the first eight (8) characters are used. + auth_pass 1234 + + #addresses add\|del on change to MASTER, to BACKUP. +diff --git a/keepalived/vrrp/vrrp_parser.c b/keepalived/vrrp/vrrp_parser.c +index 2b5ed33..5888723 100644 +--- a/keepalived/vrrp/vrrp_parser.c ++++ b/keepalived/vrrp/vrrp_parser.c +@@ -307,8 +307,11 @@ vrrp_auth_pass_handler(vector strvec) + int max_size = sizeof (vrrp->auth_data); + int str_len = strlen(str); + +- if (str_len > max_size) ++ if (str_len > max_size) { + str_len = max_size; ++ log_message(LOG_INFO, ++ "Truncating auth_pass to %d characters", max_size); ++ } + + memset(vrrp->auth_data, 0, max_size); + memcpy(vrrp->auth_data, str, str_len); +-- +cgit v0.8.3.4
[-] [+]	Added	keepalived-ipv4compare.patch ^
@@ -0,0 +1,23 @@ +From bc49a46989c98eb6ee72a379b18b77e87ed624fa Mon Sep 17 00:00:00 2001 +From: Vincent Bernat <bernat@luffy.cx> +Date: Wed, 07 Dec 2011 09:17:55 +0000 +Subject: Fix IPv4 address comparison routine. + +Two different IPv4 addresses were returned to be equal while this was +not the case. Thanks to Ronie Gilberto Henrich for spotting this bug. +--- +diff --git a/keepalived/include/check_data.h b/keepalived/include/check_data.h +index 50a4757..e3ff458 100644 +--- a/keepalived/include/check_data.h ++++ b/keepalived/include/check_data.h +@@ -163,7 +163,7 @@ static inline int sockstorage_equal(const struct sockaddr_storage s1, + struct sockaddr_in a1 = (struct sockaddr_in ) s1; + struct sockaddr_in a2 = (struct sockaddr_in *) s2; + +- if ((a1->sin_addr.s_addr == a1->sin_addr.s_addr) && ++ if ((a1->sin_addr.s_addr == a2->sin_addr.s_addr) && + (a1->sin_port == a2->sin_port)) + return 1; + } +-- +cgit v0.8.3.4
[-] [+]	Added	keepalived-modprobe.patch ^
@@ -0,0 +1,22 @@ +From a3547673b4181999b26d1d21663b0d7c3664b2e1 Mon Sep 17 00:00:00 2001 +From: Vincent Bernat <bernat@luffy.cx> +Date: Fri, 26 Aug 2011 05:25:05 +0000 +Subject: Fix modprobe arguments. + +Fix by Dan Wallis. +--- +diff --git a/keepalived/check/ipvswrapper.c b/keepalived/check/ipvswrapper.c +index a48ef0f..511be53 100644 +--- a/keepalived/check/ipvswrapper.c ++++ b/keepalived/check/ipvswrapper.c +@@ -728,7 +728,7 @@ string_to_number(const char s, int min, int max) + static int + modprobe_ipvs(void) + { +- char argv[] = { "/sbin/modprobe", "-s", "-k", "--", "ip_vs", NULL }; ++ char *argv[] = { "/sbin/modprobe", "-s", "--", "ip_vs", NULL }; + int child; + int status; + int rc; +-- +cgit v0.8.3.4