keepalived-0.3.6

* keepalived-0.3.6 released.
* Patch a race condition into the scheduler timer computation.
* Patch a race condition into the tcp checker thread. Only
  register next timer thread if tcp connection is not in progress.
* Patch a race condition into the http checker thread. Handle
  empty buffer returned from remote http server.
* Patch a race condition into the dumping configuration process.
  A simple dereferencing pointer value...oops...
* Eric Jarman, <[email protected]> added MISC CHECKER.
  It Perform a system call to run an extra system or script.
  => security auditing needed for system call,
     buffer overflow over script path must be handled.

CONTRIBUTORS

@@ -0,0 +1 @@
+Eric Jarman <[email protected]>

ChangeLog

@@ -1,3 +1,18 @@
+2001-08-23  Alexandre Cassen  <[email protected]>
+
+	* keepalived-0.3.6 released.
+	* Patch a race condition into the scheduler timer computation.
+	* Patch a race condition into the tcp checker thread. Only
+	  register next timer thread if tcp connection is not in progress.
+	* Patch a race condition into the http checker thread. Handle
+	  empty buffer returned from remote http server.
+	* Patch a race condition into the dumping configuration process.
+	  A simple dereferencing pointer value...oops...
+	* Eric Jarman, <[email protected]> added MISC CHECKER.
+	  It Perform a system call to run an extra system or script.
+	  => security auditing needed for system call,
+	     buffer overflow over script path must be handled.
+
 2001-07-15  Alexandre Cassen  <[email protected]>
 
 	* keepalived-0.3.5 released.

Makefile

@@ -5,11 +5,35 @@ EXEC= keepalived
 CC= gcc
 
 # To compile with debug messages uncomment the following line
-#CFLAGS= -g -Wall -D DEBUG
-CFLAGS= -g -Wall
+CFLAGS= -g -Wall -D DEBUG
+#CFLAGS= -g -Wall
+
+DEFS= main.h \
+	scheduler.h \
+	cfreader.h \
+	layer4.h \
+	check_tcp.h \
+	check_http.h \
+	check_misc.h \
+	md5.h \
+	smtp.h
+
+OBJECTS= main.o \
+	utils.o \
+	scheduler.o \
+	cfreader.o \
+	layer4.o \
+	check_tcp.o \
+	check_http.o \
+	check_misc.o \
+	md5.o \
+	ipwrapper.o \
+	ipvswrapper.o \
+	ipfwwrapper.o \
+	libipfwc/libipfwc.a \
+	pidfile.o \
+	smtp.o
 
-DEFS= main.h scheduler.h cfreader.h layer4.h check_tcp.h check_http.h md5.h smtp.h
-OBJECTS= main.o utils.o scheduler.o cfreader.o layer4.o check_tcp.o check_http.o md5.o ipwrapper.o ipvswrapper.o ipfwwrapper.o libipfwc/libipfwc.a pidfile.o smtp.o
 INCLUDE= -I/usr/src/linux/include
 
 .c.o:	

cfreader.c

@@ -7,12 +7,11 @@
  *              data structure representation the conf file representing
  *              the loadbalanced server pool.
  *  
- * Version:     $Id: cfreader.c,v 0.3.5 2001/07/13 03:46:38 acassen Exp $
+ * Version:     $Id: cfreader.c,v 0.3.6 2001/08/23 23:02:51 acassen Exp $
  * 
  * Author:      Alexandre Cassen, <[email protected]>
  *              
- * Changes:     
- *              Alexandre Cassen : 2001/06/25 : Initial release
+ * Changes:     Alexandre Cassen : 2001/06/25 : Initial release
  *              
  *              This program is distributed in the hope that it will be useful,
  *              but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -65,6 +64,9 @@ struct keyword keywords[] = {
   {KW_SSLGET,      "SSL_GET"},
   {KW_LDAPGET,     "LDAP_GET"},
 
+  {KW_MISCCHECK,   "MISC_CHECK"},
+  {KW_MISCPATH,    "misc_path"},
+
   {KW_UNKNOWN,     NULL}
 };
 
@@ -237,12 +239,12 @@ void dump_httpget(http_get_check *pointerhttpget)
                    pointerhttpget->delay_before_retry);
 
   pointerurls = pointerhttpget->check_urls;
-  while(pointerurls != NULL) {
+  while(pointerhttpget->check_urls) {
     syslog(LOG_DEBUG,"       -> Url = %s, Digest = %s",
-                     pointerurls->url,
-                     pointerurls->digest);
+                     pointerhttpget->check_urls->url,
+                     pointerhttpget->check_urls->digest);
 
-    pointerurls = (urls *)pointerurls->next;
+    pointerhttpget->check_urls = (urls *)pointerhttpget->check_urls->next;
   }
   pointerhttpget->check_urls = pointerurls;
 }
@@ -274,6 +276,11 @@ void dump_svr(realserver *pointersvr)
         break;
       case LDAP_GET_ID:
         break;
+      case MISC_CHECK_ID:
+       syslog(LOG_DEBUG,"       -> Keepalive method = MISC_CHECK");
+       syslog(LOG_DEBUG,"       -> Check path = %s",
+                        pointersvr->method->misc_check_path);
+       break;
     }
 
     pointersvr = (realserver *)pointersvr->next;
@@ -375,6 +382,37 @@ void process_stream_tcpcheck(FILE *stream, realserver *svrfill)
   svrfill->method = methodfill;
 }
 
+void process_stream_misccheck(FILE *stream, realserver *svrfill)
+{
+  keepalive_check *methodfill;
+  char* pathstring = (char*)malloc(512);
+
+  /* Allocate new method structure */
+  methodfill = (keepalive_check *)malloc(sizeof(keepalive_check));
+  memset(methodfill, 0, sizeof(keepalive_check));
+
+  methodfill->type = MISC_CHECK_ID;
+  methodfill->http_get = NULL;
+  methodfill->misc_check_path = NULL;
+
+  do {
+    switch (key(string)) {
+      case KW_CTIMEOUT:
+        fscanf(stream, "%d", &methodfill->connection_to);
+        break;
+      case KW_MISCPATH:
+       fgets(pathstring,512,stream);
+       methodfill->misc_check_path=pathstring;
+       break;
+      case KW_UNKNOWN:
+        break;
+    }
+    fscanf(stream, "%s", string);
+  } while(key(string) != KW_ENDFLAG);
+
+  svrfill->method = methodfill;
+}
+
 void process_stream_url(FILE *stream, http_get_check *httpgetfill)
 {
   urls *urlfill;
@@ -480,6 +518,9 @@ void process_stream_svr(FILE *stream, virtualserver *vsfill)
         break;
       case KW_LDAPGET: /* not yet implemented */
         break;
+      case KW_MISCCHECK:
+       process_stream_misccheck(stream, svrfill);
+       break;
       case KW_UNKNOWN:
         break;
     }
@@ -640,7 +681,7 @@ configuration_data * conf_reader()
   conf_data->email = NULL;
   conf_data->lvstopology = NULL;
 
-  while(!feof(stream)) {
+  while (!feof(stream)) {
     switch (key(string)) {
       case KW_GLOBALDEFS:
         process_stream_globaldefs(stream, conf_data);

cfreader.h

@@ -5,7 +5,7 @@
  * 
  * Part:        cfreader.c include file.
  *  
- * Version:     $Id: cfreader.h,v 0.3.5 2001/07/13 03:46:38 acassen Exp $
+ * Version:     $Id: cfreader.h,v 0.3.6 2001/08/23 23:02:51 acassen Exp $
  *
  * Author:      Alexandre Cassen, <[email protected]>
  *
@@ -82,8 +82,10 @@ struct keyword {
 #define KW_HTTPGET     (1 << 26)
 #define KW_SSLGET      (1 << 27)
 #define KW_LDAPGET     (1 << 28)
+#define KW_MISCCHECK   (1 << 29)
+#define KW_MISCPATH    (1 << 30)
 
-#define KW_UNKNOWN     (1 << 29)
+#define KW_UNKNOWN     (1 << 31)
 
 /* Structure definition  */
 typedef struct _urls {
@@ -106,8 +108,10 @@ typedef struct _keepalive_check {
 #define HTTP_GET_ID    (1 << 2)
 #define SSL_GET_ID     (1 << 3)
 #define LDAP_GET_ID    (1 << 4)
+#define MISC_CHECK_ID  (1 << 5)
   int connection_to;
   http_get_check *http_get;    /* FIXME : for new checker use union here */
+  char *misc_check_path;
 } keepalive_check;
 
 typedef struct _real_server {

check.h

@@ -5,7 +5,7 @@
  *
  * Part:        Checkers arguments structures definitions.
  *
- * Version:     $Id: check.h,v 0.3.5 2001/07/13 03:46:38 acassen Exp $
+ * Version:     $Id: check.h,v 0.3.6 2001/08/23 23:02:51 acassen Exp $
  *
  * Author:      Alexandre Cassen, <[email protected]>
  *

check_http.c

@@ -7,12 +7,11 @@
  *              url, compute a MD5 over this result and match it to the
  *              expected value.
  *
- * Version:     $Id: check_http.c,v 0.3.5 2001/07/13 03:46:38 acassen Exp $
+ * Version:     $Id: check_http.c,v 0.3.6 2001/08/23 23:02:51 acassen Exp $
  *
  * Author:      Alexandre Cassen, <[email protected]>
  *
- * Changes:
- *              Alexandre Cassen : 2001/06/25 : Initial release
+ * Changes:     Alexandre Cassen : 2001/06/25 : Initial release
  *
  *              This program is distributed in the hope that it will be useful,
  *              but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -78,6 +77,32 @@ int http_response_thread(struct thread *thread)
   thread_arg = THREAD_ARG(thread);
   checker_arg = THREAD_ARG_CHECKER_ARG(thread_arg);
 
+  /* Handle read timeout */
+  if(thread->type == THREAD_READ_TIMEOUT) {
+#ifdef DEBUG
+    if (thread_arg->svr)
+      syslog(LOG_DEBUG, "HTTP read timeout to [%s:%d].",
+                          inet_ntoa(thread_arg->svr->addr_ip),
+                          ntohs(thread_arg->svr->addr_port));
+#endif
+    /* check if server is currently alive */
+    if (thread_arg->svr->alive) {
+      smtp_alert(thread->master, thread_arg->root, thread_arg->svr,
+                 "DOWN", "=> HTTP CHECK failed on service : cannot receive data <=\n\n");
+      perform_svr_state(DOWN, thread_arg->vs, thread_arg->svr);
+    }
+
+    /* reset iterator counters */
+    memset(thread_arg->checker_arg, 0, sizeof(struct http_thread_arg));
+
+    /* register next timer thread */
+    thread_add_timer(thread->master, http_connect_thread, thread_arg, 
+                     thread_arg->vs->delay_loop);
+
+    close(thread->u.fd);
+    return 0;
+  }
+
   /* Allocate the get buffers */
   buffer = (char *)malloc(MAX_BUFFER_LENGTH);
   buffer_tmp = (char *)malloc(GET_BUFFER_LENGTH);
@@ -146,9 +171,11 @@ int http_response_thread(struct thread *thread)
 
 end:
 
-  buffer_html = extract_html(buffer,total_length);
+  buffer_html = extract_html(buffer, total_length);
+
+//print_buffer(total_length - (buffer_html - buffer),buffer_html);
 
-  if ((total_length-(buffer_html-buffer)) == 0) {
+  if ((total_length == 0) || ((total_length-(buffer_html-buffer)) == 0)) {
 #ifdef DEBUG
     syslog(LOG_DEBUG, "No html data received from remote server [%s:%d].",
                       inet_ntoa(thread_arg->svr->addr_ip),
@@ -191,7 +218,7 @@ int http_response_thread(struct thread *thread)
                        thread_arg->svr->method->http_get->delay_before_retry);
     }
   } else {
-   
+
     /* Compute MD5SUM */
     digest_tmp = (char *)malloc(2*sizeof(digest));
     memset(digest_tmp, 0, 2*sizeof(digest));
@@ -243,14 +270,20 @@ int http_response_thread(struct thread *thread)
 
     } else {
 
+#ifdef DEBUG
+      syslog(LOG_DEBUG, "MD5 digest success to [%s:%d] url(%d), expected MD5SUM [%s] match.",
+                        inet_ntoa(thread_arg->svr->addr_ip),
+                        ntohs(thread_arg->svr->addr_port),
+                        checker_arg->url_it+1, fetched_url->digest);
+#endif
+
       /* reset retry iterator and increment url iterator */
       checker_arg->retry_it = 0;
       checker_arg->url_it++;
       free(digest_tmp);
 
       thread_add_timer(thread->master, http_connect_thread, thread_arg, 
                        thread_arg->svr->method->http_get->delay_before_retry);
-//      print_buffer(total_length - (buffer_html - buffer),buffer_html);
     }
   }
 
@@ -273,6 +306,32 @@ int http_request_thread(struct thread *thread)
   thread_arg = THREAD_ARG(thread);
   checker_arg = THREAD_ARG_CHECKER_ARG(thread_arg);
 
+  /* Handle read timeout */
+  if(thread->type == THREAD_WRITE_TIMEOUT) {
+#ifdef DEBUG
+    if (thread_arg->svr)
+      syslog(LOG_DEBUG, "HTTP write timeout to [%s:%d].",
+                          inet_ntoa(thread_arg->svr->addr_ip),
+                          ntohs(thread_arg->svr->addr_port));
+#endif
+    /* check if server is currently alive */
+    if (thread_arg->svr->alive) {
+      smtp_alert(thread->master, thread_arg->root, thread_arg->svr,
+                 "DOWN", "=> HTTP CHECK failed on service : cannot receive data <=\n\n");
+      perform_svr_state(DOWN, thread_arg->vs, thread_arg->svr);
+    }
+
+    /* reset iterator counters */
+    memset(thread_arg->checker_arg, 0, sizeof(struct http_thread_arg));
+
+    /* register next timer thread */
+    thread_add_timer(thread->master, http_connect_thread, thread_arg, 
+                     thread_arg->vs->delay_loop);
+
+    close(thread->u.fd);
+    return 0;
+  }
+
   str_request = (char *)malloc(GET_REQUEST_BUFFER_LENGTH);
   memset(str_request, 0, GET_REQUEST_BUFFER_LENGTH);
 

check_http.h

@@ -5,7 +5,7 @@
  *
  * Part:        check_http.c include file.
  *
- * Version:     $Id: check_http.h,v 0.3.5 2001/07/13 03:46:38 acassen Exp $
+ * Version:     $Id: check_http.h,v 0.3.6 2001/08/23 23:02:51 acassen Exp $
  *
  * Author:      Alexandre Cassen, <[email protected]>
  *