From abfe22162a2b102d20185708d6db88d90f194c10 Mon Sep 17 00:00:00 2001 From: Daniel Benli Ye Date: Thu, 21 Feb 2019 02:04:31 -0500 Subject: [PATCH 01/62] enable dpdk pdump tool for DPVS dpdk-pdump tool can affect performance, take your own risk to use it. The usage is in http://doc.dpdk.org/guides-17.11/tools/pdump.html. The following two steps should be taken to enable dpdk pdump tool. 1. install libpcap-dev and compile DPDK with 0003-enable-pdump-and-change-dpdk-pdump-tool-for-DPVS.patch. 2. compile DPVS with CONFIG_DPVS_PDUMP enabled. Sometimes you may need to disable ASLR for using dpdk-pdump. The command to disable ASLR is listed below. echo 0 | sudo tee /proc/sys/kernel/randomize_va_space Please recover ASLR after packet capturing, otherwise you may have security issue. --- include/dpdk.h | 5 + ...-and-change-dpdk-pdump-tool-for-DPVS.patch | 415 ++++++++++++++++++ src/config.mk | 1 + src/dpdk.mk | 2 +- src/main.c | 13 + 5 files changed, 435 insertions(+), 1 deletion(-) create mode 100644 patch/dpdk-stable-17.11.2/0003-enable-pdump-and-change-dpdk-pdump-tool-for-DPVS.patch diff --git a/include/dpdk.h b/include/dpdk.h index ff049b067..25791ad17 100644 --- a/include/dpdk.h +++ b/include/dpdk.h @@ -55,6 +55,11 @@ #include #include #include + +#ifdef CONFIG_DPVS_PDUMP +#include +#endif + #include "mbuf.h" typedef uint8_t lcoreid_t; diff --git a/patch/dpdk-stable-17.11.2/0003-enable-pdump-and-change-dpdk-pdump-tool-for-DPVS.patch b/patch/dpdk-stable-17.11.2/0003-enable-pdump-and-change-dpdk-pdump-tool-for-DPVS.patch new file mode 100644 index 000000000..a10fe4976 --- /dev/null +++ b/patch/dpdk-stable-17.11.2/0003-enable-pdump-and-change-dpdk-pdump-tool-for-DPVS.patch @@ -0,0 +1,415 @@ +From 34d3d8ebc02906739d9ee6c152091eaf628a292e Mon Sep 17 00:00:00 2001 +From: Daniel Benli Ye +Date: Tue, 18 Dec 2018 09:01:52 -0500 +Subject: [PATCH] enable pdump and change dpdk-pdump tool for DPVS + +A fix in app/pdump/main.c is x-ported from later release. +rte.app.pdump.mk is copied from rte.app.mk and do several changes +to addapt DPVS. +--- + app/pdump/Makefile | 2 +- + app/pdump/main.c | 3 +- + config/common_base | 2 +- + mk/rte.app.pdump.mk | 348 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 351 insertions(+), 4 deletions(-) + create mode 100644 mk/rte.app.pdump.mk + +diff --git a/app/pdump/Makefile b/app/pdump/Makefile +index 38ac3e9..28b0d3e 100644 +--- a/app/pdump/Makefile ++++ b/app/pdump/Makefile +@@ -41,6 +41,6 @@ CFLAGS += $(WERROR_FLAGS) + + SRCS-y := main.c + +-include $(RTE_SDK)/mk/rte.app.mk ++include $(RTE_SDK)/mk/rte.app.pdump.mk + + endif +diff --git a/app/pdump/main.c b/app/pdump/main.c +index 66272f5..d974583 100644 +--- a/app/pdump/main.c ++++ b/app/pdump/main.c +@@ -583,11 +583,10 @@ configure_vdev(uint16_t port_id) + { + struct ether_addr addr; + const uint16_t rxRings = 0, txRings = 1; +- const uint8_t nb_ports = rte_eth_dev_count(); + int ret; + uint16_t q; + +- if (port_id > nb_ports) ++ if (!rte_eth_dev_is_valid_port(port_id)) + return -1; + + ret = rte_eth_dev_configure(port_id, rxRings, txRings, +diff --git a/config/common_base b/config/common_base +index 214d9a2..3dbc100 100644 +--- a/config/common_base ++++ b/config/common_base +@@ -397,7 +397,7 @@ CONFIG_RTE_PMD_RING_MAX_TX_RINGS=16 + # + # Compile software PMD backed by PCAP files + # +-CONFIG_RTE_LIBRTE_PMD_PCAP=n ++CONFIG_RTE_LIBRTE_PMD_PCAP=y + + # + # Compile link bonding PMD library +diff --git a/mk/rte.app.pdump.mk b/mk/rte.app.pdump.mk +new file mode 100644 +index 0000000..e425472 +--- /dev/null ++++ b/mk/rte.app.pdump.mk +@@ -0,0 +1,348 @@ ++# BSD LICENSE ++# ++# Copyright(c) 2010-2017 Intel Corporation. All rights reserved. ++# Copyright(c) 2014-2015 6WIND S.A. ++# All rights reserved. ++# ++# Redistribution and use in source and binary forms, with or without ++# modification, are permitted provided that the following conditions ++# are met: ++# ++# * Redistributions of source code must retain the above copyright ++# notice, this list of conditions and the following disclaimer. ++# * Redistributions in binary form must reproduce the above copyright ++# notice, this list of conditions and the following disclaimer in ++# the documentation and/or other materials provided with the ++# distribution. ++# * Neither the name of Intel Corporation nor the names of its ++# contributors may be used to endorse or promote products derived ++# from this software without specific prior written permission. ++# ++# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR ++# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ ++include $(RTE_SDK)/mk/internal/rte.compile-pre.mk ++include $(RTE_SDK)/mk/internal/rte.install-pre.mk ++include $(RTE_SDK)/mk/internal/rte.clean-pre.mk ++include $(RTE_SDK)/mk/internal/rte.build-pre.mk ++ ++# VPATH contains at least SRCDIR ++VPATH += $(SRCDIR) ++ ++_BUILD = $(APP) ++_INSTALL = $(INSTALL-FILES-y) $(SYMLINK-FILES-y) ++_INSTALL += $(RTE_OUTPUT)/app/$(APP) $(RTE_OUTPUT)/app/$(APP).map ++POSTINSTALL += target-appinstall ++_CLEAN = doclean ++POSTCLEAN += target-appclean ++ ++ifeq ($(NO_LDSCRIPT),) ++LDSCRIPT = $(RTE_LDSCRIPT) ++endif ++ ++# Link only the libraries used in the application ++LDFLAGS += --as-needed ++ ++# default path for libs ++_LDLIBS-y += -L$(RTE_SDK_BIN)/lib ++ ++# ++# Order is important: from higher level to lower level ++# ++_LDLIBS-$(CONFIG_RTE_LIBRTE_FLOW_CLASSIFY) += -lrte_flow_classify ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PIPELINE) += -lrte_pipeline ++_LDLIBS-$(CONFIG_RTE_LIBRTE_TABLE) += -lrte_table ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PORT) += -lrte_port ++ ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PDUMP) += -lrte_pdump ++_LDLIBS-$(CONFIG_RTE_LIBRTE_DISTRIBUTOR) += -lrte_distributor ++_LDLIBS-$(CONFIG_RTE_LIBRTE_IP_FRAG) += -lrte_ip_frag ++_LDLIBS-$(CONFIG_RTE_LIBRTE_GRO) += -lrte_gro ++_LDLIBS-$(CONFIG_RTE_LIBRTE_GSO) += -lrte_gso ++_LDLIBS-$(CONFIG_RTE_LIBRTE_METER) += -lrte_meter ++_LDLIBS-$(CONFIG_RTE_LIBRTE_LPM) += -lrte_lpm ++# librte_acl needs --whole-archive because of weak functions ++_LDLIBS-$(CONFIG_RTE_LIBRTE_ACL) += --whole-archive ++_LDLIBS-$(CONFIG_RTE_LIBRTE_ACL) += --no-whole-archive ++_LDLIBS-$(CONFIG_RTE_LIBRTE_JOBSTATS) += -lrte_jobstats ++_LDLIBS-$(CONFIG_RTE_LIBRTE_METRICS) += -lrte_metrics ++_LDLIBS-$(CONFIG_RTE_LIBRTE_BITRATE) += -lrte_bitratestats ++_LDLIBS-$(CONFIG_RTE_LIBRTE_LATENCY_STATS) += -lrte_latencystats ++_LDLIBS-$(CONFIG_RTE_LIBRTE_POWER) += -lrte_power ++ ++_LDLIBS-$(CONFIG_RTE_LIBRTE_TIMER) += -lrte_timer ++_LDLIBS-$(CONFIG_RTE_LIBRTE_EFD) += -lrte_efd ++ ++_LDLIBS-y += --whole-archive ++ ++_LDLIBS-$(CONFIG_RTE_LIBRTE_CFGFILE) += -lrte_cfgfile ++_LDLIBS-$(CONFIG_RTE_LIBRTE_HASH) += -lrte_hash ++_LDLIBS-$(CONFIG_RTE_LIBRTE_VHOST) += -lrte_vhost ++_LDLIBS-$(CONFIG_RTE_LIBRTE_KVARGS) += -lrte_kvargs ++_LDLIBS-$(CONFIG_RTE_LIBRTE_MBUF) += -lrte_mbuf ++_LDLIBS-$(CONFIG_RTE_LIBRTE_NET) += -lrte_net ++_LDLIBS-$(CONFIG_RTE_LIBRTE_ETHER) += -lrte_ethdev ++_LDLIBS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += -lrte_cryptodev ++_LDLIBS-$(CONFIG_RTE_LIBRTE_SECURITY) += -lrte_security ++_LDLIBS-$(CONFIG_RTE_LIBRTE_MEMPOOL) += -lrte_mempool ++_LDLIBS-$(CONFIG_RTE_DRIVER_MEMPOOL_RING) += -lrte_mempool_ring ++_LDLIBS-$(CONFIG_RTE_LIBRTE_RING) += -lrte_ring ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PCI) += -lrte_pci ++_LDLIBS-$(CONFIG_RTE_LIBRTE_EAL) += -lrte_eal ++_LDLIBS-$(CONFIG_RTE_LIBRTE_CMDLINE) += -lrte_cmdline ++_LDLIBS-$(CONFIG_RTE_LIBRTE_SCHED) += -lrte_sched ++ ++ifeq ($(CONFIG_RTE_EXEC_ENV_LINUXAPP),y) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_KNI) += -lrte_kni ++endif ++ ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PCI_BUS) += -lrte_bus_pci ++_LDLIBS-$(CONFIG_RTE_LIBRTE_VDEV_BUS) += -lrte_bus_vdev ++ ++ifeq ($(CONFIG_RTE_BUILD_SHARED_LIB),n) ++# plugins (link only if static libraries) ++ ++_LDLIBS-$(CONFIG_RTE_DRIVER_MEMPOOL_STACK) += -lrte_mempool_stack ++ ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AF_PACKET) += -lrte_pmd_af_packet ++_LDLIBS-$(CONFIG_RTE_LIBRTE_ARK_PMD) += -lrte_pmd_ark ++_LDLIBS-$(CONFIG_RTE_LIBRTE_AVP_PMD) += -lrte_pmd_avp ++_LDLIBS-$(CONFIG_RTE_LIBRTE_BNX2X_PMD) += -lrte_pmd_bnx2x -lz ++_LDLIBS-$(CONFIG_RTE_LIBRTE_BNXT_PMD) += -lrte_pmd_bnxt ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_BOND) += -lrte_pmd_bond ++_LDLIBS-$(CONFIG_RTE_LIBRTE_CXGBE_PMD) += -lrte_pmd_cxgbe ++ifeq ($(CONFIG_RTE_LIBRTE_DPAA_BUS),y) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_DPAA_BUS) += -lrte_bus_dpaa ++_LDLIBS-$(CONFIG_RTE_LIBRTE_DPAA_MEMPOOL) += -lrte_mempool_dpaa ++_LDLIBS-$(CONFIG_RTE_LIBRTE_DPAA_PMD) += -lrte_pmd_dpaa ++endif ++_LDLIBS-$(CONFIG_RTE_LIBRTE_DPAA2_PMD) += -lrte_pmd_dpaa2 ++_LDLIBS-$(CONFIG_RTE_LIBRTE_E1000_PMD) += -lrte_pmd_e1000 ++_LDLIBS-$(CONFIG_RTE_LIBRTE_ENA_PMD) += -lrte_pmd_ena ++_LDLIBS-$(CONFIG_RTE_LIBRTE_ENIC_PMD) += -lrte_pmd_enic ++_LDLIBS-$(CONFIG_RTE_LIBRTE_FM10K_PMD) += -lrte_pmd_fm10k ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_FAILSAFE) += -lrte_pmd_failsafe ++_LDLIBS-$(CONFIG_RTE_LIBRTE_I40E_PMD) += -lrte_pmd_i40e ++_LDLIBS-$(CONFIG_RTE_LIBRTE_IXGBE_PMD) += -lrte_pmd_ixgbe ++ifeq ($(CONFIG_RTE_LIBRTE_KNI),y) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KNI) += -lrte_pmd_kni ++endif ++_LDLIBS-$(CONFIG_RTE_LIBRTE_LIO_PMD) += -lrte_pmd_lio ++_LDLIBS-$(CONFIG_RTE_LIBRTE_MLX4_PMD) += -lrte_pmd_mlx4 -libverbs -lmlx4 ++_LDLIBS-$(CONFIG_RTE_LIBRTE_MLX5_PMD) += -lrte_pmd_mlx5 -libverbs -lmlx5 ++_LDLIBS-$(CONFIG_RTE_LIBRTE_MRVL_PMD) += -lrte_pmd_mrvl -L$(LIBMUSDK_PATH)/lib -lmusdk ++_LDLIBS-$(CONFIG_RTE_LIBRTE_NFP_PMD) += -lrte_pmd_nfp ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_NULL) += -lrte_pmd_null ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_PCAP) += -lrte_pmd_pcap -lpcap ++_LDLIBS-$(CONFIG_RTE_LIBRTE_QEDE_PMD) += -lrte_pmd_qede ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_RING) += -lrte_pmd_ring ++ifeq ($(CONFIG_RTE_LIBRTE_SCHED),y) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SOFTNIC) += -lrte_pmd_softnic ++endif ++_LDLIBS-$(CONFIG_RTE_LIBRTE_SFC_EFX_PMD) += -lrte_pmd_sfc_efx ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SZEDATA2) += -lrte_pmd_szedata2 -lsze2 ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_TAP) += -lrte_pmd_tap ++_LDLIBS-$(CONFIG_RTE_LIBRTE_THUNDERX_NICVF_PMD) += -lrte_pmd_thunderx_nicvf ++_LDLIBS-$(CONFIG_RTE_LIBRTE_VIRTIO_PMD) += -lrte_pmd_virtio ++ifeq ($(CONFIG_RTE_LIBRTE_VHOST),y) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_VHOST) += -lrte_pmd_vhost ++endif # $(CONFIG_RTE_LIBRTE_VHOST) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_VMXNET3_PMD) += -lrte_pmd_vmxnet3_uio ++ ++ifeq ($(CONFIG_RTE_LIBRTE_CRYPTODEV),y) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB) += -lrte_pmd_aesni_mb ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB) += -L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM) += -lrte_pmd_aesni_gcm ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM) += -L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL) += -lrte_pmd_openssl -lcrypto ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_NULL_CRYPTO) += -lrte_pmd_null_crypto ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_QAT) += -lrte_pmd_qat -lcrypto ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += -lrte_pmd_snow3g ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += -L$(LIBSSO_SNOW3G_PATH)/build -lsso_snow3g ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += -lrte_pmd_kasumi ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -lrte_pmd_zuc ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO) += -lrte_pmd_armv8 ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO) += -L$(ARMV8_CRYPTO_LIB_PATH) -larmv8_crypto ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_MRVL_CRYPTO) += -L$(LIBMUSDK_PATH)/lib -lrte_pmd_mrvl_crypto -lmusdk ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_CRYPTO_SCHEDULER) += -lrte_pmd_crypto_scheduler ++ifeq ($(CONFIG_RTE_LIBRTE_FSLMC_BUS),y) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_DPAA2_SEC) += -lrte_pmd_dpaa2_sec ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_DPAA2_SEC) += -lrte_mempool_dpaa2 ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_DPAA2_SEC) += -lrte_bus_fslmc ++endif # CONFIG_RTE_LIBRTE_FSLMC_BUS ++ ++ifeq ($(CONFIG_RTE_LIBRTE_DPAA_BUS),y) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_DPAA_SEC) += -lrte_bus_dpaa ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_DPAA_SEC) += -lrte_pmd_dpaa_sec ++endif # CONFIG_RTE_LIBRTE_DPAA_BUS ++ ++endif # CONFIG_RTE_LIBRTE_CRYPTODEV ++ ++ifeq ($(CONFIG_RTE_LIBRTE_DPAA2_PMD),y) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_DPAA2_PMD) += -lrte_bus_fslmc ++_LDLIBS-$(CONFIG_RTE_LIBRTE_DPAA2_PMD) += -lrte_mempool_dpaa2 ++endif # CONFIG_RTE_LIBRTE_DPAA2_PMD ++ ++endif # !CONFIG_RTE_BUILD_SHARED_LIBS ++ ++_LDLIBS-y += --no-whole-archive ++ ++ifeq ($(CONFIG_RTE_BUILD_SHARED_LIB),n) ++# The static libraries do not know their dependencies. ++# So linking with static library requires explicit dependencies. ++_LDLIBS-$(CONFIG_RTE_LIBRTE_EAL) += -lrt ++ifeq ($(CONFIG_RTE_EXEC_ENV_LINUXAPP)$(CONFIG_RTE_EAL_NUMA_AWARE_HUGEPAGES),yy) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_EAL) += -lnuma ++endif ++_LDLIBS-$(CONFIG_RTE_LIBRTE_SCHED) += -lm ++_LDLIBS-$(CONFIG_RTE_LIBRTE_SCHED) += -lrt ++_LDLIBS-$(CONFIG_RTE_LIBRTE_MEMBER) += -lm ++_LDLIBS-$(CONFIG_RTE_LIBRTE_METER) += -lm ++ifeq ($(CONFIG_RTE_LIBRTE_VHOST_NUMA),y) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_VHOST) += -lnuma ++endif ++_LDLIBS-$(CONFIG_RTE_PORT_PCAP) += -lpcap ++endif # !CONFIG_RTE_BUILD_SHARED_LIBS ++ ++_LDLIBS-y += $(EXECENV_LDLIBS) ++ ++LDLIBS += $(_LDLIBS-y) $(CPU_LDLIBS) $(EXTRA_LDLIBS) ++ ++# all the words except the first one ++allbutfirst = $(wordlist 2,$(words $(1)),$(1)) ++ ++# Eliminate duplicates without sorting, only keep the last occurrence ++filter-libs = \ ++ $(if $(1),$(strip\ ++ $(if \ ++ $(and \ ++ $(filter $(firstword $(1)),$(call allbutfirst,$(1))),\ ++ $(filter -l%,$(firstword $(1)))),\ ++ ,\ ++ $(firstword $(1))) \ ++ $(call filter-libs,$(call allbutfirst,$(1))))) ++ ++LDLIBS := $(call filter-libs,$(LDLIBS)) ++ ++ifeq ($(RTE_DEVEL_BUILD)$(CONFIG_RTE_BUILD_SHARED_LIB),yy) ++LDFLAGS += -rpath=$(RTE_SDK_BIN)/lib ++endif ++ ++MAPFLAGS = -Map=$@.map --cref ++ ++.PHONY: all ++all: install ++ ++.PHONY: install ++install: build _postinstall ++ ++_postinstall: build ++ ++.PHONY: build ++build: _postbuild ++ ++exe2cmd = $(strip $(call dotfile,$(patsubst %,%.cmd,$(1)))) ++ ++ifeq ($(LINK_USING_CC),1) ++O_TO_EXE = $(CC) -o $@ $(CFLAGS) $(EXTRA_CFLAGS) $(OBJS-y) $(call linkerprefix, \ ++ $(LDLIBS) $(LDFLAGS) $(LDFLAGS_$(@)) $(EXTRA_LDFLAGS) \ ++ $(MAPFLAGS)) ++else ++O_TO_EXE = $(LD) -o $@ $(OBJS-y) \ ++ $(LDLIBS) $(LDFLAGS) $(LDFLAGS_$(@)) $(EXTRA_LDFLAGS) \ ++ $(MAPFLAGS) ++endif ++O_TO_EXE_STR = $(subst ','\'',$(O_TO_EXE)) #'# fix syntax highlight ++O_TO_EXE_DISP = $(if $(V),"$(O_TO_EXE_STR)"," LD $(@)") ++O_TO_EXE_CMD = "cmd_$@ = $(O_TO_EXE_STR)" ++O_TO_EXE_DO = @set -e; \ ++ echo $(O_TO_EXE_DISP); \ ++ $(O_TO_EXE) && \ ++ echo $(O_TO_EXE_CMD) > $(call exe2cmd,$(@)) ++ ++-include .$(APP).cmd ++ ++# path where libraries are retrieved ++LDLIBS_PATH := $(subst -Wl$(comma)-L,,$(filter -Wl$(comma)-L%,$(LDLIBS))) ++LDLIBS_PATH += $(subst -L,,$(filter -L%,$(LDLIBS))) ++ ++# list of .a files that are linked to this application ++LDLIBS_NAMES := $(patsubst -l%,lib%.a,$(filter -l%,$(LDLIBS))) ++LDLIBS_NAMES += $(patsubst -Wl$(comma)-l%,lib%.a,$(filter -Wl$(comma)-l%,$(LDLIBS))) ++ ++# list of found libraries files (useful for deps). If not found, the ++# library is silently ignored and dep won't be checked ++LDLIBS_FILES := $(sort $(wildcard $(foreach dir,$(LDLIBS_PATH),\ ++ $(addprefix $(dir)/,$(LDLIBS_NAMES))))) ++ ++# ++# Compile executable file if needed ++# ++$(APP): $(OBJS-y) $(LDLIBS_FILES) $(DEP_$(APP)) $(LDSCRIPT) FORCE ++ @[ -d $(dir $@) ] || mkdir -p $(dir $@) ++ $(if $(D),\ ++ @echo -n "$< -> $@ " ; \ ++ echo -n "file_missing=$(call boolean,$(file_missing)) " ; \ ++ echo -n "cmdline_changed=$(call boolean,$(call cmdline_changed,$(O_TO_EXE_STR))) " ; \ ++ echo -n "depfile_missing=$(call boolean,$(depfile_missing)) " ; \ ++ echo "depfile_newer=$(call boolean,$(depfile_newer)) ") ++ $(if $(or \ ++ $(file_missing),\ ++ $(call cmdline_changed,$(O_TO_EXE_STR)),\ ++ $(depfile_missing),\ ++ $(depfile_newer)),\ ++ $(O_TO_EXE_DO)) ++ ++# ++# install app in $(RTE_OUTPUT)/app ++# ++$(RTE_OUTPUT)/app/$(APP): $(APP) ++ @echo " INSTALL-APP $(APP)" ++ @[ -d $(RTE_OUTPUT)/app ] || mkdir -p $(RTE_OUTPUT)/app ++ $(Q)cp -f $(APP) $(RTE_OUTPUT)/app ++ ++# ++# install app map file in $(RTE_OUTPUT)/app ++# ++$(RTE_OUTPUT)/app/$(APP).map: $(APP) ++ @echo " INSTALL-MAP $(APP).map" ++ @[ -d $(RTE_OUTPUT)/app ] || mkdir -p $(RTE_OUTPUT)/app ++ $(Q)cp -f $(APP).map $(RTE_OUTPUT)/app ++ ++# ++# Clean all generated files ++# ++.PHONY: clean ++clean: _postclean ++ $(Q)rm -f $(_BUILD_TARGETS) $(_INSTALL_TARGETS) $(_CLEAN_TARGETS) ++ ++.PHONY: doclean ++doclean: ++ $(Q)rm -rf $(APP) $(OBJS-all) $(DEPS-all) $(DEPSTMP-all) \ ++ $(CMDS-all) $(INSTALL-FILES-all) .$(APP).cmd $(APP).map ++ ++ ++include $(RTE_SDK)/mk/internal/rte.compile-post.mk ++include $(RTE_SDK)/mk/internal/rte.install-post.mk ++include $(RTE_SDK)/mk/internal/rte.clean-post.mk ++include $(RTE_SDK)/mk/internal/rte.build-post.mk ++ ++ifneq ($(wildcard $(RTE_SDK)/mk/target/$(RTE_TARGET)/rte.app.mk),) ++include $(RTE_SDK)/mk/target/$(RTE_TARGET)/rte.app.mk ++else ++include $(RTE_SDK)/mk/target/generic/rte.app.mk ++endif ++ ++.PHONY: FORCE ++FORCE: +-- +2.1.4 + diff --git a/src/config.mk b/src/config.mk index 119dbb69d..b07116729 100644 --- a/src/config.mk +++ b/src/config.mk @@ -35,6 +35,7 @@ CFLAGS += -D DPVS_MAX_LCORE=64 #CFLAGS += -D CONFIG_TC_DEBUG #CFLAGS += -D CONFIG_DPVS_IPVS_STATS_DEBUG #CFLAGS += -D CONFIG_DPVS_MBUF_DEBUG +#CFLAGS += -D CONFIG_DPVS_PDUMP GCC_MAJOR = $(shell echo __GNUC__ | $(CC) -E -x c - | tail -n 1) GCC_MINOR = $(shell echo __GNUC_MINOR__ | $(CC) -E -x c - | tail -n 1) diff --git a/src/dpdk.mk b/src/dpdk.mk index 77e6d4585..46bfed724 100644 --- a/src/dpdk.mk +++ b/src/dpdk.mk @@ -44,5 +44,5 @@ LIBS += -Wl,--no-as-needed -fvisibility=default \ -Wl,--whole-archive -lrte_hash -lrte_kvargs -Wl,-lrte_mbuf -lrte_eal \ -Wl,-lrte_mempool -lrte_ring -lrte_cmdline -lrte_cfgfile -lrte_kni \ -lrte_mempool_ring -lrte_timer -lrte_net -Wl,-lrte_pmd_virtio \ - -lrte_pci -lrte_bus_pci -lrte_bus_vdev -lrte_lpm \ + -lrte_pci -lrte_bus_pci -lrte_bus_vdev -lrte_lpm -lrte_pdump \ -Wl,--no-whole-archive -lrt -lm -ldl -lcrypto diff --git a/src/main.c b/src/main.c index 88e7fdf0f..8fb6ce62c 100644 --- a/src/main.c +++ b/src/main.c @@ -191,6 +191,14 @@ int main(int argc, char *argv[]) rte_timer_subsystem_init(); +#ifdef CONFIG_DPVS_PDUMP + /* initialize packet capture framework */ + err = rte_pdump_init(NULL); + if (err < 0) { + rte_exit(EXIT_FAILURE, "Fail init dpdk pdump framework\n"); + } +#endif + if ((err = cfgfile_init()) != EDPVS_OK) rte_exit(EXIT_FAILURE, "Fail init configuration file: %s\n", dpvs_strerror(err)); @@ -315,6 +323,11 @@ int main(int argc, char *argv[]) if ((err = cfgfile_term()) != 0) RTE_LOG(ERR, DPVS, "Fail to term configuration file: %s\n", dpvs_strerror(err)); +#ifdef CONFIG_DPVS_PDUMP + if ((err = rte_pdump_uninit()) != 0) { + RTE_LOG(ERR, DPVS, "Fail to uninitialize dpdk pdump framework.\n"); + } +#endif pidfile_rm(DPVS_PIDFILE); exit(0); From 5e022b141205407d41f90ee1dd4d79770bc2bd1b Mon Sep 17 00:00:00 2001 From: Jason Joo Date: Tue, 14 May 2019 09:44:50 +0800 Subject: [PATCH 02/62] patch dpdk-17.11.2 to support rh75 --- .../0003-rh75-ndo_change_mtu.patch | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 patch/dpdk-stable-17.11.2/0003-rh75-ndo_change_mtu.patch diff --git a/patch/dpdk-stable-17.11.2/0003-rh75-ndo_change_mtu.patch b/patch/dpdk-stable-17.11.2/0003-rh75-ndo_change_mtu.patch new file mode 100644 index 000000000..00d96b8c3 --- /dev/null +++ b/patch/dpdk-stable-17.11.2/0003-rh75-ndo_change_mtu.patch @@ -0,0 +1,25 @@ +--- a/lib/librte_eal/linuxapp/kni/compat.h ++++ b/lib/librte_eal/linuxapp/kni/compat.h +@@ -103,2 +103,8 @@ + ++#if (defined(RHEL_RELEASE_CODE) && \ ++ (RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(7, 5)) && \ ++ (RHEL_RELEASE_CODE < RHEL_RELEASE_VERSION(8, 0))) ++#define ndo_change_mtu ndo_change_mtu_rh74 ++#endif ++ + #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0) + +--- a/lib/librte_eal/linuxapp/kni/ethtool/igb/kcompat.h ++++ b/lib/librte_eal/linuxapp/kni/ethtool/igb/kcompat.h +@@ -3933,4 +3933,10 @@ skb_set_hash(struct sk_buff *skb, __u32 + #endif + ++#if (defined(RHEL_RELEASE_CODE) && \ ++ (RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(7, 5)) && \ ++ (RHEL_RELEASE_CODE < RHEL_RELEASE_VERSION(8, 0))) ++#define ndo_change_mtu ndo_change_mtu_rh74 ++#endif ++ + #if ((LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 0)) || \ + (SLE_VERSION_CODE && SLE_VERSION_CODE >= SLE_VERSION(12, 3, 0))) From b115686a79fb10a2095ffea69363fb03203f17cb Mon Sep 17 00:00:00 2001 From: ytwang0320 Date: Tue, 23 Jul 2019 16:04:43 +0800 Subject: [PATCH 03/62] removed gfwip list total ip numbers. --- src/ipset.c | 45 ++++++++++++++++++++++++++------------------- 1 file changed, 26 insertions(+), 19 deletions(-) diff --git a/src/ipset.c b/src/ipset.c index 52ad05e73..2ba8857b1 100755 --- a/src/ipset.c +++ b/src/ipset.c @@ -337,8 +337,7 @@ static struct dpvs_sockopts ipset_sockopts = { static int ipset_parse_conf_file(void) { - char *buf, *pstr; - bool found_num = false; + char *buf, ch; struct dp_vs_multi_ipset_conf *ips = NULL; int ip_num = 0, ipset_size = 0, ip_index = 0; @@ -347,24 +346,32 @@ static int ipset_parse_conf_file(void) RTE_LOG(WARNING, IPSET, "no memory for ipset buf\n"); return -1; } + + while(!feof(g_current_stream)) + { + if((ch=getc(g_current_stream))=='\n') + ip_num++; + } + + if (!ip_num) + { + RTE_LOG(WARNING, IPSET, "no ip in the gfwip \n"); + return -1; + } + + RTE_LOG(DEBUG, IPSET, "gfwip list has %u ips\n", ip_num); + + fseek(g_current_stream, 0, SEEK_SET); + + ipset_size = sizeof(struct dp_vs_multi_ipset_conf) + ip_num*sizeof(struct dp_vs_ipset_conf); + ips = rte_calloc_socket(NULL, 1, ipset_size, 0, rte_socket_id()); + if (ips == NULL) { + RTE_LOG(WARNING, IPSET, "no memory for ipset conf\n"); + return -1; + } + ips->num = ip_num; + while (read_line(buf, CFG_FILE_MAX_BUF_SZ)) { - if (false == found_num && NULL != (pstr = strstr(buf, IPSET_CFG_MEMBERS))) { - pstr += strlen(IPSET_CFG_MEMBERS); - ip_num = atoi(pstr); - found_num = true; - ipset_size = sizeof(struct dp_vs_multi_ipset_conf) + ip_num*sizeof(struct dp_vs_ipset_conf); - ips = rte_calloc_socket(NULL, 1, ipset_size, 0, rte_socket_id()); - if (ips == NULL) { - RTE_LOG(WARNING, IPSET, "no memory for ipset conf\n"); - break; - } - ips->num = ip_num; - continue; - } - if (ips == NULL) { - RTE_LOG(WARNING, IPSET, "cannot get gfwip members\n"); - break; - } if (inet_pton(AF_INET, buf, &ips->ipset_conf[ip_index].addr) <= 0) ips->ipset_conf[ip_index].af = 0; else From 63ff5487dc129567bce1e3e242cb1e2d8f7b683d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=A4=8F=E8=B4=B5=E6=AD=A6?= Date: Wed, 24 Jul 2019 15:09:47 +0800 Subject: [PATCH 04/62] add dpvs traffic stats --- include/conf/stats.h | 53 +++ include/stats.h | 24 ++ src/ipv4.c | 3 + src/ipv6/ipv6.c | 3 + src/main.c | 7 + src/stats.c | 826 +++++++++++++++++++++++++++++++++++++++++++ tools/dpip/Makefile | 2 +- tools/dpip/dpip.c | 6 +- tools/dpip/stats.c | 125 +++++++ 9 files changed, 1046 insertions(+), 3 deletions(-) create mode 100644 include/conf/stats.h create mode 100644 include/stats.h create mode 100644 src/stats.c create mode 100644 tools/dpip/stats.c diff --git a/include/conf/stats.h b/include/conf/stats.h new file mode 100644 index 000000000..c194e0aac --- /dev/null +++ b/include/conf/stats.h @@ -0,0 +1,53 @@ +/* + * DPVS is a software load balancer (Virtual Server) based on DPDK. + * + * Copyright (C) 2017 iQIYI (www.iqiyi.com). + * All Rights Reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + */ +#ifndef __DPVS_STATS_CONF_H__ +#define __DPVS_STATS_CONF_H__ +#include +#include +#include "inet.h" + +enum { + /* set */ + SOCKOPT_SET_STATS_ADD = 6400, + SOCKOPT_SET_STATS_DEL, + + /* get */ + SOCKOPT_GET_STATS_SHOW, +}; + +struct stats_param { + uint8_t af; + uint8_t proto; + uint8_t cid; + + union inet_addr saddr; + union inet_addr daddr; + uint16_t sport; + uint16_t dport; + + double long total_recv; + double long total_sent; + +} __attribute__((__packed__)); + +struct stats_param_array { + int nstats; + struct stats_param stats[0]; +}; + +#endif /* __DPVS_INETADDR_CONF_H__ */ diff --git a/include/stats.h b/include/stats.h new file mode 100644 index 000000000..dc1ccabd7 --- /dev/null +++ b/include/stats.h @@ -0,0 +1,24 @@ +#ifndef __STATS_H__ +#define __STATS_H__ + +#include "common.h" +#include "list.h" +#include "dpdk.h" +#include "timer.h" +#include "inet.h" +#include "ctrl.h" + +int stats_sockopt_get(sockoptid_t opt, const void *conf, size_t size, + void **out, size_t *outsize); + +int stats_pkt_in(int af, struct rte_mbuf *mbuf); +int stats_pkt_out(int af, struct rte_mbuf *mbuf); +void stats_process_ring(void); + +int stats_enable_func(void); +int stats_disable_func(void); + +int stats_init(void); + +#endif + diff --git a/src/ipv4.c b/src/ipv4.c index a75657335..0bbf1b546 100644 --- a/src/ipv4.c +++ b/src/ipv4.c @@ -26,6 +26,7 @@ #include "neigh.h" #include "icmp.h" #include "parser/parser.h" +#include "stats.h" #define IPV4 #define RTE_LOGTYPE_IPV4 RTE_LOGTYPE_USER1 @@ -262,6 +263,7 @@ int ipv4_output(struct rte_mbuf *mbuf) assert(rt); IP4_UPD_PO_STATS(out, mbuf->pkt_len); + stats_pkt_out(AF_INET, mbuf); return INET_HOOK(AF_INET, INET_HOOK_POST_ROUTING, mbuf, NULL, rt->port, ipv4_output_fin); @@ -386,6 +388,7 @@ static int ipv4_rcv(struct rte_mbuf *mbuf, struct netif_port *port) } IP4_UPD_PO_STATS(in, mbuf->pkt_len); + stats_pkt_in(AF_INET, mbuf); if (mbuf_may_pull(mbuf, sizeof(struct ipv4_hdr)) != 0) goto inhdr_error; diff --git a/src/ipv6/ipv6.c b/src/ipv6/ipv6.c index 058e5a48a..ebedf251e 100644 --- a/src/ipv6/ipv6.c +++ b/src/ipv6/ipv6.c @@ -35,6 +35,7 @@ #include "parser/parser.h" #include "neigh.h" #include "icmp6.h" +#include "stats.h" /* * IPv6 inet hooks @@ -367,6 +368,7 @@ int ip6_output(struct rte_mbuf *mbuf) } IP6_UPD_PO_STATS(out, mbuf->pkt_len); + stats_pkt_out(AF_INET6, mbuf); mbuf->port = dev->id; if (unlikely(conf_ipv6_disable)) { @@ -536,6 +538,7 @@ static int ip6_rcv(struct rte_mbuf *mbuf, struct netif_port *dev) } IP6_UPD_PO_STATS(in, mbuf->pkt_len); + stats_pkt_in(AF_INET6, mbuf); if (unlikely(conf_ipv6_disable)) { IP6_INC_STATS(indiscards); diff --git a/src/main.c b/src/main.c index 0e7888b88..d7f1b0639 100644 --- a/src/main.c +++ b/src/main.c @@ -35,6 +35,7 @@ #include "ip_tunnel.h" #include "sys_time.h" #include "route6.h" +#include "stats.h" #define DPVS "dpvs" #define RTE_LOGTYPE_DPVS RTE_LOGTYPE_USER1 @@ -240,6 +241,9 @@ int main(int argc, char *argv[]) rte_exit(EXIT_FAILURE, "Fail to init netif_ctrl: %s\n", dpvs_strerror(err)); + if ((err = stats_init()) != EDPVS_OK) + rte_exit(EXIT_FAILURE, "Fail to init stats: %s\n", dpvs_strerror(err)); + /* config and start all available dpdk ports */ nports = rte_eth_dev_count(); for (pid = 0; pid < nports; pid++) { @@ -292,6 +296,9 @@ int main(int argc, char *argv[]) /* process mac ring on master */ neigh_process_ring(NULL); + /* process stats ring */ + stats_process_ring(); + /* increase loop counts */ netif_update_master_loop_cnt(); } diff --git a/src/stats.c b/src/stats.c new file mode 100644 index 000000000..dbeea4220 --- /dev/null +++ b/src/stats.c @@ -0,0 +1,826 @@ +#include +#include +#include "inet.h" +#include "ipv4.h" +#include "ipv6.h" +#include "stats.h" +#include "conf/stats.h" + +#ifndef STATS +#define STATS +#define RTE_LOGTYPE_STATS RTE_LOGTYPE_USER1 +#endif + +#define STATS_TOPN 20 + +#define STATS_RING_SIZE 1024 +#define STATS_INTERVAL 1024 + +#define STATS_PKT_DIR_IN 0 +#define STATS_PKT_DIR_OUT 1 + +#define STATS_TBL_BITS 20 +#define STATS_TBL_SIZE (1 << STATS_TBL_BITS) +#define STATS_TBL_MASK (STATS_TBL_SIZE - 1) + +#define HISTORY_LENGTH 10 +#define RESOLUTION 2 +int history_pos = 0; + +time_t last_timestamp; +bool stats_disable = true; + +typedef struct sorted_list_node_tag { + struct sorted_list_node_tag* next; + void* data; +} sorted_list_node; + +typedef struct { + sorted_list_node root; + int (*compare)(void*, void*); +} sorted_list_type; + +int sorted_list_num = 0; +sorted_list_type stats_sorted_list; + +static struct list_head *stats_tbl; +static struct rte_ring *stats_ring[DPVS_MAX_LCORE]; + +#define this_inpkts_count (RTE_PER_LCORE(inpkts_count)) +#define this_outpkts_count (RTE_PER_LCORE(outpkts_count)) + +static RTE_DEFINE_PER_LCORE(uint32_t, inpkts_count); +static RTE_DEFINE_PER_LCORE(uint32_t, outpkts_count); + +static uint32_t stats_tlb_rnd; /* hash random */ + +typedef enum { + HASH_STATUS_OK, + HASH_STATUS_KEY_NOT_FOUND +} hash_status_enum; + +struct stats_pkt { + int af; + uint32_t pkt_len; + union inet_addr saddr; + union inet_addr daddr; + uint16_t src_port; + uint16_t dst_port; + uint8_t proto; + uint8_t dir; + lcoreid_t cid; +} __rte_cache_aligned; + +struct stats_entry { + struct list_head list; + + uint8_t af; + uint8_t proto; + lcoreid_t cid; + + union inet_addr saddr; + union inet_addr daddr; + uint16_t sport; + uint16_t dport; + + double long recv[HISTORY_LENGTH]; + double long sent[HISTORY_LENGTH]; + + double long total_recv; + double long total_sent; + int last_write; + +} __rte_cache_aligned; + + +static inline uint32_t stats_tlb_hashkey(int af, + const union inet_addr *saddr, uint16_t sport, + const union inet_addr *daddr, uint16_t dport, + uint32_t mask) +{ + switch (af) { + case AF_INET: + return rte_jhash_3words((uint32_t)saddr->in.s_addr, + (uint32_t)daddr->in.s_addr, + ((uint32_t)sport) << 16 | (uint32_t)dport, + stats_tlb_rnd) & mask; + + case AF_INET6: + { + uint32_t vect[9]; + + vect[0] = ((uint32_t)sport) << 16 | (uint32_t)dport; + memcpy(&vect[1], &saddr->in6, 16); + memcpy(&vect[5], &daddr->in6, 16); + + return rte_jhash_32b(vect, 9, stats_tlb_rnd) & mask; + } + + default: + RTE_LOG(DEBUG, STATS, "%s: hashing unsupported protocol %d\n", __func__, af); + return 0; + } +} + +static hash_status_enum stats_entry_get(uint32_t hash, struct stats_pkt *param, struct stats_entry **out_entry) +{ + struct stats_entry *entry; + + list_for_each_entry(entry, &stats_tbl[hash], list) { + if (entry->sport == param->src_port && entry->dport == param->dst_port + && inet_addr_equal(param->af, &entry->saddr, ¶m->saddr) + && inet_addr_equal(param->af, &entry->daddr, ¶m->daddr) + && entry->proto == param->proto + && entry->af == param->af) { + /* hit */ + *out_entry = entry; + RTE_LOG(DEBUG, STATS, + "%s: [hit]\n", __func__); + return HASH_STATUS_OK; + } + } + RTE_LOG(DEBUG, STATS, + "%s: [not found]\n", __func__); + + return HASH_STATUS_KEY_NOT_FOUND; +} + + +static void history_rotate(void) +{ + uint32_t hash = 0; + struct stats_entry *entry, *nxt; + history_pos = (history_pos + 1) % HISTORY_LENGTH; + + for(; hash < STATS_TBL_SIZE; hash++) { + + list_for_each_entry_safe(entry, nxt, &stats_tbl[hash], list) { + + /* no data in the last 20s */ + if (entry->last_write == history_pos) { + list_del(&entry->list); + if (entry->af == AF_INET) { + RTE_LOG(DEBUG, STATS, + "%s:[v4] [history_pos : %d, cid:%d, proto:%u, src:%08X, dst:%08X, sp:%u, dp:%u]\n", + __func__, history_pos, entry->cid, entry->proto, entry->saddr.in.s_addr, entry->daddr.in.s_addr, entry->sport, entry->dport); + } + rte_free(entry); + } else { + entry->total_recv -= entry->recv[history_pos]; + entry->total_sent -= entry->sent[history_pos]; + entry->recv[history_pos] = 0; + entry->sent[history_pos] = 0; + } + } + } +} + +static int stats_entry_compare(void* aa, void* bb) { + struct stats_entry * a = (struct stats_entry *)aa; + struct stats_entry * b = (struct stats_entry *)bb; + + return (a->total_recv + a->total_sent) > (b->total_recv + b->total_sent); +} + +static void sorted_list_initialise(sorted_list_type* list) { + list->root.next = NULL; +} + +static void insert_topN_list(struct stats_entry *entry) +{ + sorted_list_node *node, *p, *first; + struct stats_entry *data; + + p = &(stats_sorted_list.root); + + if (sorted_list_num == STATS_TOPN && stats_sorted_list.compare(p->next->data, entry)) { + RTE_LOG(DEBUG, STATS, + "%s: no need to insert\n", __func__); + return; + } + + while (p->next != NULL && stats_sorted_list.compare(entry, p->next->data) > 0) { + p = p->next; + } + + node = rte_zmalloc(NULL, sizeof(*node), RTE_CACHE_LINE_SIZE); + if (node == NULL) { + RTE_LOG(ERR, STATS, + "%s: no memory\n", __func__); + return; + } + + node->next = p->next; + node->data = entry; + p->next = node; + RTE_LOG(DEBUG, STATS, + "%s: [insert list]cid : %d, sp : %u, dp : %u\n", + __func__, entry->cid, entry->sport, entry->dport); + if(sorted_list_num < STATS_TOPN) + sorted_list_num++; + else { + /* free the first node */ + p = &(stats_sorted_list.root); + first = p->next; + + data = (struct stats_entry *)first->data; + RTE_LOG(DEBUG, STATS, + "%s: [free first entry]cid : %d, sp : %u, dp : %u\n", + __func__, data->cid, data->sport, data->dport); + p->next = first->next; + + rte_free(first); + } +} + +static void stats_sort_topN(void) +{ + uint32_t hash = 0; + struct stats_entry *entry, *nxt; + + for(; hash < STATS_TBL_SIZE; hash++) { + + list_for_each_entry_safe(entry, nxt, &stats_tbl[hash], list) { + insert_topN_list(entry); + } + } +} + +static void stats_addr_cpy(int af, union inet_addr *daddr, union inet_addr *saddr) +{ + if (af == AF_INET) { + daddr->in.s_addr = saddr->in.s_addr; + } else if (af == AF_INET6) { + memcpy(daddr->in6.s6_addr, saddr->in6.s6_addr, 16); + } else { + RTE_LOG(DEBUG, STATS, + "%s: unsupported\n", __func__); + } +} + +int stats_sockopt_get(sockoptid_t opt, const void *conf, size_t size, + void **out, size_t *outsize) +{ + struct stats_param_array *array; + sorted_list_node *node, *p; + struct stats_entry *entry; + uint32_t off; + + if (stats_disable) { + RTE_LOG(DEBUG, STATS, + "%s: stats disable\n", __func__); + return EDPVS_OK; + } + + if (!conf || size < sizeof(struct stats_param) || !out || !outsize) + return EDPVS_INVAL; + + /* sort stats */ + stats_sort_topN(); + + *outsize = sizeof(struct stats_param_array) + \ + sorted_list_num * sizeof(struct stats_param); + *out = rte_calloc(NULL, 1, *outsize, RTE_CACHE_LINE_SIZE); + if (!(*out)) { + RTE_LOG(ERR, STATS, + "%s: no memory \n", __func__); + return EDPVS_NOMEM; + } + + array = *out; + array->nstats = sorted_list_num; + off = 0; + + p = &(stats_sorted_list.root); + while (p->next != NULL && off < sorted_list_num) { + node = p->next; + p->next = node->next; + + entry = (struct stats_entry *)node->data; + array->stats[off].af = entry->af; + array->stats[off].proto = entry->proto; + array->stats[off].cid = entry->cid; + stats_addr_cpy(entry->af, &array->stats[off].saddr, &entry->saddr); + stats_addr_cpy(entry->af, &array->stats[off].daddr, &entry->daddr); + array->stats[off].sport = entry->sport; + array->stats[off].dport = entry->dport; + array->stats[off].total_recv = entry->total_recv * STATS_INTERVAL; + array->stats[off].total_sent = entry->total_sent * STATS_INTERVAL; + + if (AF_INET == entry->af) { + RTE_LOG(DEBUG, STATS,"%s: sip = %s, sport = %u\n", __func__, inet_ntoa(array->stats[off].saddr.in), ntohs(entry->sport)); + RTE_LOG(DEBUG, STATS,"%s: dip = %s, dport = %u\n", __func__, inet_ntoa(array->stats[off].daddr.in), ntohs(entry->dport)); + } else if (AF_INET6 == entry->af) { + char src_addr[INET6_ADDRSTRLEN]; + char dst_addr[INET6_ADDRSTRLEN]; + + inet_ntop(AF_INET6, &entry->saddr.in6, src_addr, INET6_ADDRSTRLEN); + inet_ntop(AF_INET6, &entry->daddr.in6, dst_addr, INET6_ADDRSTRLEN); + + RTE_LOG(DEBUG, STATS,"%s: sip = %s sport = %u, dip = %s, dport = %u\n", + __func__, src_addr, ntohs(entry->sport), dst_addr, ntohs(entry->dport)); + } else { + RTE_LOG(DEBUG, STATS, "%s: unsupported\n", __func__); + } + + RTE_LOG(DEBUG, STATS, + "%s: off : %u, cid : %d, proto: %u, total_recv: %Lf, total_sent : %Lf\n", + __func__, off, entry->cid, entry->proto, array->stats[off].total_recv, array->stats[off].total_sent); + + rte_free(node); + + off++; + } + + sorted_list_num = 0; + return EDPVS_OK; +} + + +void stats_process_ring(void) +{ + int i; + uint16_t nb_rb; + uint32_t hash; + lcoreid_t cid; + struct stats_pkt *param; + struct stats_pkt *params[NETIF_MAX_PKT_BURST]; + struct stats_entry *entry = NULL; + + time_t t; + + if (likely(stats_disable)) { + return; + } + + t = time(NULL); + if(t - last_timestamp >= RESOLUTION) { + history_rotate(); + last_timestamp = t; + } + + for (cid = 0; cid < DPVS_MAX_LCORE; cid++) { + if (!rte_lcore_is_enabled(cid)) { + continue; + } + + nb_rb = rte_ring_dequeue_burst(stats_ring[cid], (void **)params, + NETIF_MAX_PKT_BURST, NULL); + + if (nb_rb > 0) { + for (i = 0; i < nb_rb; i++) { + param = params[i]; + + hash = stats_tlb_hashkey(param->af, ¶m->saddr, param->src_port, ¶m->daddr, + param->dst_port, STATS_TBL_MASK); + + if (stats_entry_get(hash, param, &entry) == HASH_STATUS_KEY_NOT_FOUND) { + + entry = rte_zmalloc(NULL, sizeof(struct stats_entry), RTE_CACHE_LINE_SIZE); + if (entry == NULL) { + RTE_LOG(ERR, STATS, + "%s: no memory\n", __func__); + continue; + } + + memset(entry, 0, sizeof(struct stats_entry)); + entry->af = param->af; + entry->cid = param->cid; + entry->proto = param->proto; + stats_addr_cpy(param->af, &entry->saddr, ¶m->saddr); + stats_addr_cpy(param->af, &entry->daddr, ¶m->daddr); + entry->sport = param->src_port; + entry->dport = param->dst_port; + + list_add(&entry->list, &stats_tbl[hash]); + } + + if (param->af == AF_INET) { + RTE_LOG(DEBUG, STATS, + "%s:[v4] dequeue stats_ring[cid:%d, proto:%u, src:%08X, dst:%08X, sp:%u, dp:%u, len:%u]\n", + __func__, entry->cid, entry->proto, entry->saddr.in.s_addr, + entry->daddr.in.s_addr, entry->sport, entry->dport, param->pkt_len); + } else { + RTE_LOG(DEBUG, STATS, + "%s:[v6] dequeue stats_ring[cid:%d, dir:%d, proto:%u, src:%08X %08X %08X %08X, dst:%08X %08X %08X %08X, sp:%u, dp:%u, len:%u]\n", + __func__, entry->cid, param->dir, entry->proto, + entry->saddr.in6.s6_addr32[0], entry->saddr.in6.s6_addr32[1], + entry->saddr.in6.s6_addr32[2], entry->saddr.in6.s6_addr32[3], + entry->daddr.in6.s6_addr32[0],entry->daddr.in6.s6_addr32[1], + entry->daddr.in6.s6_addr32[2],entry->daddr.in6.s6_addr32[3], + entry->sport, entry->dport, param->pkt_len); + + } + + /* Update record */ + entry->last_write = history_pos; + if (param->dir == STATS_PKT_DIR_IN) { + entry->recv[history_pos] += param->pkt_len; + entry->total_recv += param->pkt_len; + RTE_LOG(DEBUG, STATS, + "%s: history_pos: %d, recv : %Lf, total_recv : %Lf\n", __func__, history_pos, entry->recv[history_pos], entry->total_recv); + + } else { + entry->sent[history_pos] += param->pkt_len; + entry->total_sent += param->pkt_len; + + RTE_LOG(DEBUG, STATS, + "%s: history_pos: %d: sent : %Lf, total_sent: %Lf\n", __func__, history_pos, entry->sent[history_pos], entry->total_sent); + } + } + } + } +} + +static int stats_pkt_deliver(int af, struct rte_mbuf *mbuf, uint8_t dir) +{ + int ret; + struct stats_pkt *pkt; + __be16 _ports[2], *ports; + lcoreid_t cid = rte_lcore_id(); + + if (af == AF_INET) { + struct ipv4_hdr *ip4h = ip4_hdr(mbuf); + + if (unlikely(ip4h->next_proto_id != IPPROTO_TCP && + ip4h->next_proto_id != IPPROTO_UDP)) { + RTE_LOG(DEBUG, STATS, + "%s: unspported proto[core: %d, proto: %d]\n", + __func__, cid, ip4h->next_proto_id); + return EDPVS_NOPROT; + } + + ports = mbuf_header_pointer(mbuf, ip4_hdrlen(mbuf), sizeof(_ports), _ports); + if (!ports) { + RTE_LOG(ERR, STATS, + "%s: invalid pkt[%d, %d]\n", + __func__, cid, dir); + return EDPVS_INVPKT; + } + + pkt = rte_zmalloc("stats_inpkt", sizeof(struct stats_pkt), RTE_CACHE_LINE_SIZE); + if (pkt == NULL) { + RTE_LOG(ERR, STATS, + "%s: no memory[%d, %d]\n", + __func__, cid, dir); + return EDPVS_NOMEM; + } + + pkt->af = AF_INET; + pkt->cid = cid; + pkt->dir = dir; + pkt->proto = ip4h->next_proto_id; + pkt->saddr.in.s_addr = ip4h->src_addr; + pkt->daddr.in.s_addr = ip4h->dst_addr; + pkt->src_port = ports[0]; + pkt->dst_port = ports[1]; + pkt->pkt_len = mbuf->pkt_len; + RTE_LOG(DEBUG, STATS, + "%s:[v4] enqueued to stats_ring[cid:%d, dir:%d, proto:%u, src:%08X, dst:%08X, sp:%u, dp:%u, len:%u]\n", + __func__, cid, dir, pkt->proto, ip4h->src_addr, ip4h->dst_addr, pkt->src_port, pkt->dst_port, pkt->pkt_len); + + } else if (af == AF_INET6) { + struct ip6_hdr *ip6h = ip6_hdr(mbuf); + uint8_t ip6nxt = ip6h->ip6_nxt; + + if (unlikely(ip6nxt != IPPROTO_TCP && + ip6nxt != IPPROTO_UDP)) { + RTE_LOG(DEBUG, STATS, + "%s: unspported proto[core: %d, proto: %d]\n", + __func__, cid, ip6nxt); + return EDPVS_NOPROT; + } + + ports = mbuf_header_pointer(mbuf, ip6_hdrlen(mbuf), sizeof(_ports), _ports); + if (!ports) { + RTE_LOG(ERR, STATS, + "%s: invalid pkt[%d, %d]\n", + __func__, cid, dir); + return EDPVS_INVPKT; + } + + pkt = rte_zmalloc("stats_inpkt", sizeof(struct stats_pkt), RTE_CACHE_LINE_SIZE); + if (pkt == NULL) { + RTE_LOG(ERR, STATS, + "%s: no memory[%d, %d]\n", + __func__, cid, dir); + return EDPVS_NOMEM; + } + + pkt->af = AF_INET6; + pkt->cid = cid; + pkt->dir = dir; + pkt->proto = ip6nxt; + pkt->saddr.in6 = ip6h->ip6_src; + pkt->daddr.in6 = ip6h->ip6_dst; + pkt->src_port = ports[0]; + pkt->dst_port = ports[1]; + pkt->pkt_len = mbuf->pkt_len; + + RTE_LOG(DEBUG, STATS, + "%s:[v6] enqueued to stats_ring[cid:%d, dir:%d, proto:%u, src:%08X %08X %08X %08X, dst:%08X %08X %08X %08X, sp:%u, dp:%u, len:%u]\n", + __func__, cid, dir, pkt->proto, + pkt->saddr.in6.s6_addr32[0], pkt->saddr.in6.s6_addr32[1], + pkt->saddr.in6.s6_addr32[2], pkt->saddr.in6.s6_addr32[3], + pkt->daddr.in6.s6_addr32[0],pkt->daddr.in6.s6_addr32[1], + pkt->daddr.in6.s6_addr32[2],pkt->daddr.in6.s6_addr32[3], + pkt->src_port, pkt->dst_port, pkt->pkt_len); + + } else { +//#ifdef CONFIG_DPVS_IPVS_DEBUG + RTE_LOG(DEBUG, STATS, + "%s: err af\n", __func__); +//#endif + return EDPVS_INVPKT; + } + + ret = rte_ring_enqueue(stats_ring[cid], pkt); + if (ret < 0) { + RTE_LOG(DEBUG, STATS, + "%s: failed to enqueue stats_ring[%d]\n", + __func__, cid); + rte_free(pkt); + return EDPVS_DROP; + } + +//#ifdef CONFIG_DPVS_IPVS_DEBUG + RTE_LOG(DEBUG, STATS, + "%s: enqueued to stats_ring[%d]\n", + __func__, cid); +//#endif + + return EDPVS_OK; +} + +int stats_pkt_in(int af, struct rte_mbuf *mbuf) +{ + if (likely(stats_disable)) { + RTE_LOG(DEBUG, STATS, + "%s: stats disable\n", __func__); + return EDPVS_OK; + } + + this_inpkts_count++; + if (this_inpkts_count % STATS_INTERVAL == 0) { + + stats_pkt_deliver(af, mbuf, STATS_PKT_DIR_IN); + } + + return EDPVS_OK; +} + +int stats_pkt_out(int af, struct rte_mbuf *mbuf) +{ + if (likely(stats_disable)) { + RTE_LOG(DEBUG, STATS, + "%s: stats disable\n", __func__); + return EDPVS_OK; + } + + this_outpkts_count++; + if (this_outpkts_count % STATS_INTERVAL == 0) { + + stats_pkt_deliver(af, mbuf, STATS_PKT_DIR_OUT); + } + + return EDPVS_OK; +} + + +/* + * master core allocates stats rings with the other lcores espectively. + */ +static int stats_ring_create(void) +{ + char name_buf[RTE_RING_NAMESIZE]; + int socket_id; + lcoreid_t cid; + + socket_id = rte_socket_id(); + + for (cid = 0; cid < DPVS_MAX_LCORE; cid++) { + if (!rte_lcore_is_enabled(cid)) { + continue; + } + + snprintf(name_buf, RTE_RING_NAMESIZE, + "stat_ring[%d]", cid); + + stats_ring[cid] = + rte_ring_create(name_buf, STATS_RING_SIZE, socket_id, + RING_F_SP_ENQ | RING_F_SC_DEQ); + + if (!stats_ring[cid]) { + RTE_LOG(ERR, STATS, + "%s: failed to create stat_ring[%d]\n", + __func__, cid); + return EDPVS_NOMEM; + } + + RTE_LOG(DEBUG, STATS, + "%s: success to create stat_ring[%d]\n", + __func__, cid); + } + + return EDPVS_OK; +} + +int stats_enable_func(void) +{ + int i; + int err; + + if (stats_disable == false) { + return EDPVS_OK; + } + + err = stats_ring_create(); + if (err != EDPVS_OK) { + return err; + } + + stats_tbl = rte_malloc_socket(NULL, sizeof(struct list_head) * STATS_TBL_SIZE, + RTE_CACHE_LINE_SIZE, rte_socket_id()); + + if (!stats_tbl) { + RTE_LOG(ERR, STATS, + "%s: rte_malloc_socket null\n", + __func__); + return EDPVS_NOMEM; + } + + for (i = 0; i < STATS_TBL_SIZE; i++) + INIT_LIST_HEAD(&stats_tbl[i]); + + stats_disable = false; + RTE_LOG(DEBUG, STATS, + "%s: stats_disable[%d]\n", + __func__, stats_disable); + + return EDPVS_OK; +} + +static void stats_variable_reset(void) +{ + history_pos = 0; + sorted_list_num = 0; + + this_inpkts_count = 0; + this_outpkts_count = 0; +} + +static void stats_ring_free(void) +{ + lcoreid_t cid; + + for (cid = 0; cid < DPVS_MAX_LCORE; cid++) { + if (!rte_lcore_is_enabled(cid)) { + continue; + } + rte_ring_free(stats_ring[cid]); + RTE_LOG(DEBUG, STATS, + "%s: stats_ring free[%d]\n", + __func__, cid); + } +} + + +int stats_disable_func(void) +{ + uint32_t hash = 0; + int i; + uint16_t nb_rb; + lcoreid_t cid; + struct stats_pkt *param; + struct stats_pkt *params[NETIF_MAX_PKT_BURST]; + struct stats_entry *entry, *nxt; + sorted_list_node *node, *p; + int count = 0; + + if (stats_disable == true) { + return EDPVS_OK; + } + + stats_disable = true; + + /* dequeue stats ring and free elements */ + for (cid = 0; cid < DPVS_MAX_LCORE; cid++) { + if (!rte_lcore_is_enabled(cid)) { + continue; + } + + nb_rb = rte_ring_dequeue_burst(stats_ring[cid], (void **)params, + NETIF_MAX_PKT_BURST, NULL); + + while (nb_rb > 0) { + count += nb_rb; + for (i = 0; i < nb_rb; i++) { + param = params[i]; + rte_free(param); + } + + nb_rb = rte_ring_dequeue_burst(stats_ring[cid], (void **)params, + NETIF_MAX_PKT_BURST, NULL); + } + + RTE_LOG(DEBUG, STATS, + "%s: stats ring[%d] free [%d] pkts\n", + __func__, cid, count); + + count = 0; + + } + + /* free stats ring */ + stats_ring_free(); + + count = 0; + /* delete and free all entry added to stats_tbl */ + for(; hash < STATS_TBL_SIZE; hash++) { + list_for_each_entry_safe(entry, nxt, &stats_tbl[hash], list) { + list_del(&entry->list); + rte_free(entry); + count++; + } + } + + RTE_LOG(DEBUG, STATS, + "%s: stats_tbl free [%d]\n", + __func__, count); + + /* free tlb */ + if (stats_tbl) { + rte_free(stats_tbl); + } + + count = 0; + + /* free sorted list */ + p = &(stats_sorted_list.root); + while (p->next != NULL) { + node = p->next; + p->next = node->next; + rte_free(node); + count++; + } + + RTE_LOG(DEBUG, STATS, + "%s: stats_sorted_list free [%d]\n", + __func__, count); + + stats_variable_reset(); + + return EDPVS_OK; +} + +static void stats_sorted_list_init(void) { + stats_sorted_list.compare = &stats_entry_compare; + sorted_list_initialise(&stats_sorted_list); +} + +static int stats_sockopt_set(sockoptid_t opt, const void *conf, size_t size) +{ + switch (opt) { + case SOCKOPT_SET_STATS_ADD: + + RTE_LOG(DEBUG, STATS, + "%s: enable\n", __func__); + return stats_enable_func(); + case SOCKOPT_SET_STATS_DEL: + RTE_LOG(DEBUG, STATS, + "%s: disable\n", __func__); + return stats_disable_func(); + + default: + RTE_LOG(ERR, STATS, + "%s: NOTSUPP\n", __func__); + return EDPVS_NOTSUPP; + } +} + + +static struct dpvs_sockopts stats_sockopts = { + .version = SOCKOPT_VERSION, + .set_opt_min = SOCKOPT_SET_STATS_ADD, + .set_opt_max = SOCKOPT_SET_STATS_DEL, + .set = stats_sockopt_set, + .get_opt_min = SOCKOPT_GET_STATS_SHOW, + .get_opt_max = SOCKOPT_GET_STATS_SHOW, + .get = stats_sockopt_get, +}; + +int stats_init(void) +{ + int err; + + stats_disable = true; + + stats_tlb_rnd = (uint32_t)random(); + + stats_sorted_list_init(); + + if ((err = sockopt_register(&stats_sockopts)) != EDPVS_OK) + return err; + + return EDPVS_OK; +} diff --git a/tools/dpip/Makefile b/tools/dpip/Makefile index e5a89b4c9..3ef930cea 100644 --- a/tools/dpip/Makefile +++ b/tools/dpip/Makefile @@ -33,7 +33,7 @@ DEFS = -D DPVS_MAX_LCORE=64 CFLAGS += $(DEFS) OBJS = dpip.o utils.o route.o addr.o neigh.o link.o vlan.o \ - qsch.o cls.o tunnel.o ipset.o ipv6.o ../../src/common.o \ + qsch.o cls.o tunnel.o ipset.o ipv6.o stats.o ../../src/common.o \ ../keepalived/keepalived/libipvs-2.6/sockopt.o all: $(TARGET) diff --git a/tools/dpip/dpip.c b/tools/dpip/dpip.c index 537f97930..18f03f95c 100644 --- a/tools/dpip/dpip.c +++ b/tools/dpip/dpip.c @@ -152,9 +152,11 @@ static int parse_args(int argc, char *argv[], struct dpip_conf *conf) exit(1); } - if (strcmp(argv[1], "add") == 0) + if (strcmp(argv[1], "add") == 0 || + strcmp(argv[1], "enable") == 0) conf->cmd = DPIP_CMD_ADD; - else if (strcmp(argv[1], "del") == 0) + else if (strcmp(argv[1], "del") == 0 || + strcmp(argv[1], "disable") == 0) conf->cmd = DPIP_CMD_DEL; else if (strcmp(argv[1], "set") == 0 || strcmp(argv[1], "change") == 0) diff --git a/tools/dpip/stats.c b/tools/dpip/stats.c new file mode 100644 index 000000000..3c4815110 --- /dev/null +++ b/tools/dpip/stats.c @@ -0,0 +1,125 @@ +/* + * DPVS is a software load balancer (Virtual Server) based on DPDK. + * + * Copyright (C) 2017 iQIYI (www.iqiyi.com). + * All Rights Reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + */ +#include +#include +#include +#include +#include "common.h" +#include "dpip.h" +#include "conf/inetaddr.h" +#include "conf/stats.h" +#include "sockopt.h" + + +static void stats_help(void) +{ + fprintf(stderr, + "Usage:\n" + " dpip stats [enable | disable]\n" + " dpip stats show\n" + ); +} + +static void stats_dump(const struct stats_param *param) +{ + if (AF_INET == param->af) { + printf("lcore: %u, [%s, %u -> ", + param->cid, inet_ntoa(param->saddr.in), ntohs(param->sport)); + printf("%s, %u | %u], [%.0Lf, %.0Lf]", + inet_ntoa(param->daddr.in), ntohs(param->dport), param->proto, param->total_recv, param->total_sent); + + } else if (AF_INET6 == param->af) { + char src_addr[INET6_ADDRSTRLEN]; + char dst_addr[INET6_ADDRSTRLEN]; + + inet_ntop(AF_INET6, ¶m->saddr.in6, src_addr, INET6_ADDRSTRLEN); + inet_ntop(AF_INET6, ¶m->daddr.in6, dst_addr, INET6_ADDRSTRLEN); + + printf("lcore: %u, [%s, %u -> %s, %u | %u], [%.0Lf, %.0Lf]", + param->cid, src_addr, ntohs(param->sport), dst_addr, ntohs(param->dport), param->proto, param->total_recv, param->total_sent); + + } else { + printf("unsupported"); + } + + printf("\n"); + return; +} + +static int stats_do_cmd(struct dpip_obj *obj, dpip_cmd_t cmd, + struct dpip_conf *conf) +{ + size_t size; + int err, i; + struct stats_param stats_param; + struct stats_param_array *stats_array; + + switch (conf->cmd) { + case DPIP_CMD_ADD: + return dpvs_setsockopt(SOCKOPT_SET_STATS_ADD, &stats_param, sizeof(stats_param)); + case DPIP_CMD_DEL: + return dpvs_setsockopt(SOCKOPT_SET_STATS_DEL, &stats_param, sizeof(stats_param)); + case DPIP_CMD_SHOW: + err = dpvs_getsockopt(SOCKOPT_GET_STATS_SHOW, &stats_param, sizeof(stats_param), + (void **)&stats_array, &size); + if (err != 0) + return err; + + if (stats_array == NULL) { + fprintf(stderr, "warnning: disabled.\n"); + return EDPVS_OK; + + } + + if (size <= sizeof(*stats_array) + || size != sizeof(*stats_array) + \ + stats_array->nstats * sizeof(struct stats_param)) { + fprintf(stderr, "response nstats : %d.\n", stats_array->nstats); + dpvs_sockopt_msg_free(stats_array); + return EDPVS_NOTEXIST; + } + + //printf("-------------top10 stats[in the last 20s]----------\n"); + + for (i = stats_array->nstats - 1; i >= 0; i--) { + printf("top%d: ", stats_array->nstats - i); + stats_dump(&stats_array->stats[i]); + } + + dpvs_sockopt_msg_free(stats_array); + return EDPVS_OK; + default: + return EDPVS_NOTSUPP; + } +} + +struct dpip_obj dpip_stats = { + .name = "stats", + .help = stats_help, + .do_cmd = stats_do_cmd, +}; + +static void __init stats_init(void) +{ + dpip_register_obj(&dpip_stats); +} + +static void __exit stats_exit(void) +{ + dpip_unregister_obj(&dpip_stats); +} From 8f696d4fc1fe0acf8bd85148c7d9346cb4cca09b Mon Sep 17 00:00:00 2001 From: yangxingwu Date: Fri, 26 Jul 2019 10:11:34 +0800 Subject: [PATCH 05/62] ipvswrapper.c: remove executable permission --- tools/keepalived/keepalived/check/ipvswrapper.c | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 tools/keepalived/keepalived/check/ipvswrapper.c diff --git a/tools/keepalived/keepalived/check/ipvswrapper.c b/tools/keepalived/keepalived/check/ipvswrapper.c old mode 100755 new mode 100644 From 70fcba3d24eba30fce9f0bb5bb2177f5dff20ff9 Mon Sep 17 00:00:00 2001 From: zhuangyan Date: Sun, 25 Aug 2019 17:10:06 +0800 Subject: [PATCH 06/62] neigh: show the concrete neighbour entry info when its queue is full. o Remove the queue length check of the newly created neighbour entry as well. --- src/neigh.c | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/src/neigh.c b/src/neigh.c index ce810c42c..ea3e6db76 100644 --- a/src/neigh.c +++ b/src/neigh.c @@ -161,7 +161,6 @@ static inline char *eth_addr_itoa(const struct ether_addr *src, char *dst, size_ return dst; } - #ifdef CONFIG_DPVS_NEIGH_DEBUG static void dump_arp_hdr(const char *msg, const struct arp_hdr *ah, portid_t port) { @@ -184,11 +183,6 @@ static void dump_arp_hdr(const char *msg, const struct arp_hdr *ah, portid_t por } fprintf(stderr, "\n"); } - -#else -static inline void dump_arp_hdr(const char *msg, const struct arp_hdr *ah, portid_t port) -{ -} #endif static inline int neigh_hash(struct neighbour_entry *neighbour, unsigned int hashkey) @@ -545,7 +539,10 @@ static int neigh_send_arp(struct netif_port *port, uint32_t src_ip, uint32_t dst memset(&arp[1], 0, 18); +#ifdef CONFIG_DPVS_NEIGH_DEBUG dump_arp_hdr("send", arp, port->id); +#endif + netif_xmit(m, port); return EDPVS_OK; } @@ -564,6 +561,22 @@ static inline void neigh_show_nexthop(const char *func, int af, } #endif +static inline void neigh_show_entry(const char *func, + struct neighbour_entry *neigh) +{ + char ipaddr[64]; + + RTE_LOG(ERR, NEIGHBOUR, + "%s: [%d] ip %s, state %s, %d (> %d) packets " + "queued on %s so drop the packet", + func, rte_lcore_id(), + inet_ntop(neigh->af, &neigh->ip_addr, ipaddr, sizeof(ipaddr)) + ? ipaddr : "::", + nud_state_names[neigh->state], + neigh->que_num, arp_unres_qlen, + neigh->port ? neigh->port->name : "null i/f"); +} + int neigh_output(int af, union inet_addr *nexhop, struct rte_mbuf *m, struct netif_port *port) { @@ -590,13 +603,13 @@ int neigh_output(int af, union inet_addr *nexhop, if ((neighbour->state == DPVS_NUD_S_NONE) || (neighbour->state == DPVS_NUD_S_SEND)) { if (neighbour->que_num > arp_unres_qlen) { + neigh_show_entry(__func__, neighbour); /* * don't need arp request now, * since neighbour will not be confirmed * and it will be released late */ rte_pktmbuf_free(m); - RTE_LOG(ERR, NEIGHBOUR, "[%s] neigh_unres_queue is full, drop packet\n", __func__); return EDPVS_DROP; } m_buf = rte_zmalloc("neigh_new_mbuf", @@ -639,10 +652,7 @@ int neigh_output(int af, union inet_addr *nexhop, rte_pktmbuf_free(m); return EDPVS_NOMEM; } - if(neighbour->que_num > arp_unres_qlen){ - rte_pktmbuf_free(m); - return EDPVS_DROP; - } + m_buf = rte_zmalloc("neigh_new_mbuf", sizeof(struct neighbour_mbuf_entry), RTE_CACHE_LINE_SIZE); if(!m_buf){ From 4273c04bc5ccb7af595047bdebf9ce87aa555059 Mon Sep 17 00:00:00 2001 From: zhuangyan Date: Fri, 30 Aug 2019 16:36:05 +0800 Subject: [PATCH 07/62] ipvs: remove the unnecessary line within main(). --- src/main.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main.c b/src/main.c index 0e7888b88..d052c78c7 100644 --- a/src/main.c +++ b/src/main.c @@ -187,7 +187,6 @@ int main(int argc, char *argv[]) err = rte_eal_init(argc, argv); if (err < 0) rte_exit(EXIT_FAILURE, "Invalid EAL parameters\n"); - argc -= err, argv += err; RTE_LOG(INFO, DPVS, "dpvs version: %s, build on %s\n", DPVS_VERSION, DPVS_BUILD_DATE); From 5128db7e886e860e2c4b731597ab582853e5a481 Mon Sep 17 00:00:00 2001 From: zhuangyan Date: Tue, 17 Sep 2019 14:08:10 +0800 Subject: [PATCH 08/62] ctrl: increase buffer size to 8192 from 4096. o When dpvs runs with 16 worker cores, like 'dpvs -- -l 0,1-8,11-18', we need to larger buffer to accommodate the debugging info. --- src/ctrl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ctrl.c b/src/ctrl.c index d7f7bf703..4293f89d8 100644 --- a/src/ctrl.c +++ b/src/ctrl.c @@ -991,7 +991,7 @@ static inline int msg_init(void) int ii, jj; int ret; char ring_name[16]; - char buf[4096]; + char buf[8192]; if (DPVS_MAX_LCORE > MSG_MAX_LCORE_SUPPORTED) return EDPVS_NOTSUPP; From b9623e01aff388e1cf459944a7e2650f07479a7b Mon Sep 17 00:00:00 2001 From: yangxingwu Date: Fri, 11 Oct 2019 21:52:03 +0800 Subject: [PATCH 09/62] alloc_percpu_stats: alloc memory from all sockets in most cases, this function run on master core and socket 0 --- src/ipvs/ip_vs_stats.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ipvs/ip_vs_stats.c b/src/ipvs/ip_vs_stats.c index 17a80f7d9..6598003a2 100644 --- a/src/ipvs/ip_vs_stats.c +++ b/src/ipvs/ip_vs_stats.c @@ -84,8 +84,8 @@ static struct dp_vs_stats* alloc_percpu_stats(void) struct dp_vs_stats* svc_stats; netif_get_slave_lcores(&nlcore, &lcore_mask); - svc_stats = rte_malloc_socket(NULL, sizeof(struct dp_vs_stats) * DPVS_MAX_LCORE, - RTE_CACHE_LINE_SIZE, rte_socket_id()); + svc_stats = rte_zmalloc(NULL, sizeof(struct dp_vs_stats) * DPVS_MAX_LCORE, + RTE_CACHE_LINE_SIZE); if (!svc_stats) return NULL; From 9e0447f053719e9c04e5f37797e91b1670678073 Mon Sep 17 00:00:00 2001 From: zhuangyan Date: Sun, 25 Aug 2019 17:55:14 +0800 Subject: [PATCH 10/62] neigh: refactor neigh_output() to make the code logic clear. --- src/neigh.c | 64 ++++++++++++++++++++++++++++------------------------- 1 file changed, 34 insertions(+), 30 deletions(-) diff --git a/src/neigh.c b/src/neigh.c index 4b88e9f05..53be015fa 100644 --- a/src/neigh.c +++ b/src/neigh.c @@ -600,8 +600,9 @@ int neigh_output(int af, union inet_addr *nexhop, neighbour = neigh_lookup_entry(af, nexhop, port, hashkey); if (neighbour) { - if ((neighbour->state == DPVS_NUD_S_NONE) || - (neighbour->state == DPVS_NUD_S_SEND)) { + switch (neighbour->state) { + case DPVS_NUD_S_NONE: + case DPVS_NUD_S_SEND: if (neighbour->que_num > arp_unres_qlen) { neigh_show_entry(__func__, neighbour); /* @@ -612,12 +613,14 @@ int neigh_output(int af, union inet_addr *nexhop, rte_pktmbuf_free(m); return EDPVS_DROP; } + m_buf = rte_zmalloc("neigh_new_mbuf", - sizeof(struct neighbour_mbuf_entry), RTE_CACHE_LINE_SIZE); + sizeof(struct neighbour_mbuf_entry), RTE_CACHE_LINE_SIZE); if (!m_buf) { rte_pktmbuf_free(m); return EDPVS_DROP; } + m_buf->m = m; list_add_tail(&m_buf->neigh_mbuf_list, &neighbour->queue_list); neighbour->que_num++; @@ -626,12 +629,12 @@ int neigh_output(int af, union inet_addr *nexhop, neigh_state_confirm(neighbour); neigh_entry_state_trans(neighbour, 0); } + return EDPVS_OK; - } - else if ((neighbour->state == DPVS_NUD_S_REACHABLE) || - (neighbour->state == DPVS_NUD_S_PROBE) || - (neighbour->state == DPVS_NUD_S_DELAY)) { + case DPVS_NUD_S_REACHABLE: + case DPVS_NUD_S_PROBE: + case DPVS_NUD_S_DELAY: neigh_fill_mac(neighbour, m, NULL, port); netif_xmit(m, neighbour->port); @@ -641,35 +644,36 @@ int neigh_output(int af, union inet_addr *nexhop, } return EDPVS_OK; - } - return EDPVS_IDLE; - } - else{ - neighbour = neigh_add_table(af, nexhop, NULL, port, hashkey, 0); - if(!neighbour){ - RTE_LOG(ERR, NEIGHBOUR, "[%s] add neighbour wrong\n", __func__); - rte_pktmbuf_free(m); - return EDPVS_NOMEM; + default: + return EDPVS_IDLE; } + } - m_buf = rte_zmalloc("neigh_new_mbuf", - sizeof(struct neighbour_mbuf_entry), RTE_CACHE_LINE_SIZE); - if(!m_buf){ - rte_pktmbuf_free(m); - return EDPVS_DROP; - } - m_buf->m = m; - list_add_tail(&m_buf->neigh_mbuf_list, &neighbour->queue_list); - neighbour->que_num++; + /* create the neighbour entry if not found */ + neighbour = neigh_add_table(af, nexhop, NULL, port, hashkey, 0); + if (!neighbour) { + RTE_LOG(ERR, NEIGHBOUR, "[%s] add neighbour wrong\n", __func__); + rte_pktmbuf_free(m); + return EDPVS_NOMEM; + } - if (neighbour->state == DPVS_NUD_S_NONE) { - neigh_state_confirm(neighbour); - neigh_entry_state_trans(neighbour, 0); - } + m_buf = rte_zmalloc("neigh_new_mbuf", + sizeof(struct neighbour_mbuf_entry), RTE_CACHE_LINE_SIZE); + if (!m_buf) { + rte_pktmbuf_free(m); + return EDPVS_DROP; + } + m_buf->m = m; + list_add_tail(&m_buf->neigh_mbuf_list, &neighbour->queue_list); + neighbour->que_num++; - return EDPVS_OK; + if (neighbour->state == DPVS_NUD_S_NONE) { + neigh_state_confirm(neighbour); + neigh_entry_state_trans(neighbour, 0); } + + return EDPVS_OK; } int neigh_gratuitous_arp(struct in_addr *src_ip, struct netif_port *port) From 9601d3cc35cc1a577e30268fda72ad56b0d55333 Mon Sep 17 00:00:00 2001 From: zhuangyan Date: Tue, 17 Sep 2019 11:55:30 +0800 Subject: [PATCH 11/62] ipvs: add connection timer operation APIs as below. a) dp_vs_conn_attach_timer_nolock() Add the connection to the timer with/without lock. b) dp_vs_conn_dettach_timer_nolock() Remove the connection from the timer with/without lock. c) dp_vs_conn_refresh_timer_nolock() Refresh the connection within the timer with/without lock. - Also use dp_vs_conn_is_template() instead of checking the flag of DPVS_CONN_F_TEMPLATE. --- include/ipvs/conn.h | 35 +++++++++++- src/ipvs/ip_vs_conn.c | 118 ++++++++++++++++++++++++++++++----------- src/ipvs/ip_vs_laddr.c | 4 +- 3 files changed, 121 insertions(+), 36 deletions(-) diff --git a/include/ipvs/conn.h b/include/ipvs/conn.h index 356c3084e..bfb07cfdc 100644 --- a/include/ipvs/conn.h +++ b/include/ipvs/conn.h @@ -39,6 +39,7 @@ enum { DPVS_CONN_F_HASHED = 0x0040, DPVS_CONN_F_REDIRECT_HASHED = 0x0080, DPVS_CONN_F_INACTIVE = 0x0100, + DPVS_CONN_F_IN_TIMER = 0x0200, DPVS_CONN_F_SYNPROXY = 0x8000, DPVS_CONN_F_TEMPLATE = 0x1000, DPVS_CONN_F_NOFASTXMIT = 0x2000, @@ -153,10 +154,10 @@ struct dp_vs_conn { /* connection redirect in fnat/snat/nat modes */ struct dp_vs_redirect *redirect; - + /* flag for gfwip */ bool outwall; - + } __rte_cache_aligned; /* for syn-proxy to save all ack packet in conn before rs's syn-ack arrives */ @@ -280,6 +281,36 @@ static inline void dp_vs_control_add(struct dp_vs_conn *conn, struct dp_vs_conn rte_atomic32_inc(&ctl_conn->n_control); } +static inline bool +dp_vs_conn_is_template(struct dp_vs_conn *conn) +{ + return (conn->flags & DPVS_CONN_F_TEMPLATE) ? true : false; +} + +static inline void +dp_vs_conn_set_template(struct dp_vs_conn *conn) +{ + conn->flags |= DPVS_CONN_F_TEMPLATE; +} + +static inline bool +dp_vs_conn_is_in_timer(struct dp_vs_conn *conn) +{ + return (conn->flags & DPVS_CONN_F_IN_TIMER) ? true : false; +} + +static inline void +dp_vs_conn_set_in_timer(struct dp_vs_conn *conn) +{ + conn->flags |= DPVS_CONN_F_IN_TIMER; +} + +static inline void +dp_vs_conn_clear_in_timer(struct dp_vs_conn *conn) +{ + conn->flags &= ~DPVS_CONN_F_IN_TIMER; +} + static inline bool dp_vs_conn_is_redirect_hashed(struct dp_vs_conn *conn) { diff --git a/src/ipvs/ip_vs_conn.c b/src/ipvs/ip_vs_conn.c index a0d61a367..54f00c4f5 100644 --- a/src/ipvs/ip_vs_conn.c +++ b/src/ipvs/ip_vs_conn.c @@ -85,6 +85,8 @@ static uint32_t dp_vs_conn_rnd; /* hash random */ */ static struct rte_mempool *dp_vs_conn_cache[DPVS_MAX_SOCKET]; +static int conn_expire(void *priv); + static struct dp_vs_conn *dp_vs_conn_alloc(enum dpvs_fwd_mode fwdmode, uint32_t flags) { @@ -120,6 +122,74 @@ static void dp_vs_conn_free(struct dp_vs_conn *conn) this_conn_count--; } +static void dp_vs_conn_attach_timer(struct dp_vs_conn *conn, bool lock) +{ + int rc; + + if (dp_vs_conn_is_in_timer(conn)) + return; + + if (dp_vs_conn_is_template(conn)) { + if (lock) + rc = dpvs_timer_sched(&conn->timer, &conn->timeout, + conn_expire, conn, true); + else + rc = dpvs_timer_sched_nolock(&conn->timer, &conn->timeout, + conn_expire, conn, true); + } else { + if (lock) + rc = dpvs_timer_sched(&conn->timer, &conn->timeout, + conn_expire, conn, false); + else + rc = dpvs_timer_sched_nolock(&conn->timer, &conn->timeout, + conn_expire, conn, false); + } + + if (rc == EDPVS_OK) + dp_vs_conn_set_in_timer(conn); +} + +static void dp_vs_conn_detach_timer(struct dp_vs_conn *conn, bool lock) +{ + int rc; + + if (!dp_vs_conn_is_in_timer(conn)) + return; + + if (dp_vs_conn_is_template(conn)) { + if (lock) + rc = dpvs_timer_cancel(&conn->timer, true); + else + rc = dpvs_timer_cancel_nolock(&conn->timer, true); + } else { + if (lock) + rc = dpvs_timer_cancel(&conn->timer, false); + else + rc = dpvs_timer_cancel_nolock(&conn->timer, false); + } + + if (rc == EDPVS_OK) + dp_vs_conn_clear_in_timer(conn); +} + +static void dp_vs_conn_refresh_timer(struct dp_vs_conn *conn, bool lock) +{ + if (!dp_vs_conn_is_in_timer(conn)) + return; + + if (dp_vs_conn_is_template(conn)) { + if (lock) + dpvs_timer_update(&conn->timer, &conn->timeout, true); + else + dpvs_timer_update_nolock(&conn->timer, &conn->timeout, true); + } else { + if (lock) + dpvs_timer_update(&conn->timer, &conn->timeout, false); + else + dpvs_timer_update_nolock(&conn->timer, &conn->timeout, false); + } +} + static inline struct dp_vs_conn * tuplehash_to_conn(const struct conn_tuple_hash *thash) { @@ -172,7 +242,7 @@ static inline int __dp_vs_conn_hash(struct dp_vs_conn *conn, uint32_t mask) &tuplehash_out(conn).daddr, tuplehash_out(conn).dport, mask); - if (conn->flags & DPVS_CONN_F_TEMPLATE) { + if (dp_vs_conn_is_template(conn)) { /* lock is complusory for template */ rte_spinlock_lock(&dp_vs_ct_lock); list_add(&tuplehash_in(conn).list, &dp_vs_ct_tbl[ihash]); @@ -221,7 +291,7 @@ static inline int dp_vs_conn_unhash(struct dp_vs_conn *conn) } else { dp_vs_redirect_unhash(conn); - if (conn->flags & DPVS_CONN_F_TEMPLATE) { + if (dp_vs_conn_is_template(conn)) { rte_spinlock_lock(&dp_vs_ct_lock); list_del(&tuplehash_in(conn).list); list_del(&tuplehash_out(conn).list); @@ -271,7 +341,7 @@ static int conn_bind_dest(struct dp_vs_conn *conn, struct dp_vs_dest *dest) rte_atomic32_inc(&dest->refcnt); - if (conn->flags & DPVS_CONN_F_TEMPLATE) + if (dp_vs_conn_is_template(conn)) rte_atomic32_inc(&dest->persistconns); else rte_atomic32_inc(&dest->inactconns); @@ -307,7 +377,7 @@ static int conn_unbind_dest(struct dp_vs_conn *conn) { struct dp_vs_dest *dest = conn->dest; - if (conn->flags & DPVS_CONN_F_TEMPLATE) { + if (dp_vs_conn_is_template(conn)) { rte_atomic32_dec(&dest->persistconns); } else { if (conn->flags & DPVS_CONN_F_INACTIVE) @@ -495,10 +565,7 @@ static int conn_expire(void *priv) /* refcnt == 1 means we are the only referer. * no one is using the conn and it's timed out. */ if (rte_atomic32_read(&conn->refcnt) == 1) { - if (conn->flags & DPVS_CONN_F_TEMPLATE) - dpvs_timer_cancel_nolock(&conn->timer, true); - else - dpvs_timer_cancel_nolock(&conn->timer, false); + dp_vs_conn_detach_timer(conn, false); /* I was controlled by someone */ if (conn->control) @@ -576,10 +643,7 @@ static int conn_expire(void *priv) /* some one is using it when expire, * try del it again later */ - if (conn->flags & DPVS_CONN_F_TEMPLATE) - dpvs_timer_update_nolock(&conn->timer, &conn->timeout, true); - else - dpvs_timer_update_nolock(&conn->timer, &conn->timeout, false); + dp_vs_conn_refresh_timer(conn, false); rte_atomic32_dec(&conn->refcnt); return DTIMER_OK; @@ -598,10 +662,7 @@ static void conn_flush(void) list_for_each_entry_safe(tuphash, next, &this_conn_tbl[i], list) { conn = tuplehash_to_conn(tuphash); - if (conn->flags & DPVS_CONN_F_TEMPLATE) - dpvs_timer_cancel(&conn->timer, true); - else - dpvs_timer_cancel(&conn->timer, false); + dp_vs_conn_detach_timer(conn, true); rte_atomic32_inc(&conn->refcnt); if (rte_atomic32_read(&conn->refcnt) != 2) { @@ -680,8 +741,10 @@ struct dp_vs_conn *dp_vs_conn_new(struct rte_mbuf *mbuf, if (unlikely(!new)) return NULL; + new->flags = flags; + /* set proper RS port */ - if ((flags & DPVS_CONN_F_TEMPLATE) || param->ct_dport != 0) + if (dp_vs_conn_is_template(new) || param->ct_dport != 0) rport = param->ct_dport; else if (dest->fwdmode == DPVS_FWD_MODE_SNAT) { if (unlikely(param->proto == IPPROTO_ICMP || @@ -764,7 +827,6 @@ struct dp_vs_conn *dp_vs_conn_new(struct rte_mbuf *mbuf, /* caller will use it right after created, * just like dp_vs_conn_get(). */ rte_atomic32_set(&new->refcnt, 1); - new->flags = flags; new->state = 0; #ifdef CONFIG_DPVS_IPVS_STATS_DEBUG new->ctime = rte_rdtsc(); @@ -799,7 +861,8 @@ struct dp_vs_conn *dp_vs_conn_new(struct rte_mbuf *mbuf, INIT_LIST_HEAD(&new->ack_mbuf); rte_atomic32_set(&new->syn_retry_max, 0); rte_atomic32_set(&new->dup_ack_cnt, 0); - if ((flags & DPVS_CONN_F_SYNPROXY) && !(flags & DPVS_CONN_F_TEMPLATE)) { + + if ((flags & DPVS_CONN_F_SYNPROXY) && !dp_vs_conn_is_template(new)) { struct tcphdr _tcph, *th = NULL; struct dp_vs_synproxy_ack_pakcet *ack_mbuf; struct dp_vs_proto *pp; @@ -834,10 +897,7 @@ struct dp_vs_conn *dp_vs_conn_new(struct rte_mbuf *mbuf, /* schedule conn timer */ dpvs_time_rand_delay(&new->timeout, 1000000); - if (new->flags & DPVS_CONN_F_TEMPLATE) - dpvs_timer_sched(&new->timer, &new->timeout, conn_expire, new, true); - else - dpvs_timer_sched(&new->timer, &new->timeout, conn_expire, new, false); + dp_vs_conn_attach_timer(new, true); #ifdef CONFIG_DPVS_IPVS_DEBUG conn_dump("new conn: ", new); @@ -953,7 +1013,7 @@ struct dp_vs_conn *dp_vs_ct_in_get(int af, uint16_t proto, if (tuphash->sport == sport && tuphash->dport == dport && inet_addr_equal(af, &tuphash->saddr, saddr) && inet_addr_equal(af, &tuphash->daddr, daddr) - && conn->flags & DPVS_CONN_F_TEMPLATE + && dp_vs_conn_is_template(conn) && tuphash->proto == proto && tuphash->af == af) { /* hit */ @@ -1026,10 +1086,7 @@ void dp_vs_conn_put_no_reset(struct dp_vs_conn *conn) /* put back the conn and reset it's timer */ void dp_vs_conn_put(struct dp_vs_conn *conn) { - if (conn->flags & DPVS_CONN_F_TEMPLATE) - dpvs_timer_update(&conn->timer, &conn->timeout, true); - else - dpvs_timer_update(&conn->timer, &conn->timeout, false); + dp_vs_conn_refresh_timer(conn, true); assert(rte_atomic32_read(&conn->refcnt) > 0); rte_atomic32_dec(&conn->refcnt); @@ -1038,10 +1095,7 @@ void dp_vs_conn_put(struct dp_vs_conn *conn) /* used in conn timer handler: conn_expire */ static void dp_vs_conn_put_nolock(struct dp_vs_conn *conn) { - if (conn->flags & DPVS_CONN_F_TEMPLATE) - dpvs_timer_update_nolock(&conn->timer, &conn->timeout, true); - else - dpvs_timer_update_nolock(&conn->timer, &conn->timeout, false); + dp_vs_conn_refresh_timer(conn, false); assert(rte_atomic32_read(&conn->refcnt) > 0); rte_atomic32_dec(&conn->refcnt); diff --git a/src/ipvs/ip_vs_laddr.c b/src/ipvs/ip_vs_laddr.c index 836d49f09..9512e8ae9 100644 --- a/src/ipvs/ip_vs_laddr.c +++ b/src/ipvs/ip_vs_laddr.c @@ -171,7 +171,7 @@ int dp_vs_laddr_bind(struct dp_vs_conn *conn, struct dp_vs_service *svc) return EDPVS_INVAL; if (svc->proto != IPPROTO_TCP && svc->proto != IPPROTO_UDP) return EDPVS_NOTSUPP; - if (conn->flags & DPVS_CONN_F_TEMPLATE) + if (dp_vs_conn_is_template(conn)) return EDPVS_OK; /* @@ -259,7 +259,7 @@ int dp_vs_laddr_unbind(struct dp_vs_conn *conn) { struct sockaddr_storage dsin, ssin; - if (conn->flags & DPVS_CONN_F_TEMPLATE) + if (dp_vs_conn_is_template(conn)) return EDPVS_OK; if (!conn->local) From 28784f96968cddefec9f28706ac7ee1b72e467a3 Mon Sep 17 00:00:00 2001 From: yangxingwu Date: Thu, 17 Oct 2019 10:57:33 +0800 Subject: [PATCH 12/62] netif.c: use rte_zmalloc instead of rte_zmalloc_socket in netif_sockopt_get --- src/netif.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/src/netif.c b/src/netif.c index 0f910516e..b31ab4646 100644 --- a/src/netif.c +++ b/src/netif.c @@ -4207,8 +4207,8 @@ static int get_lcore_mask(void **out, size_t *out_len) netif_lcore_mask_get_t *get; - get = rte_zmalloc_socket(NULL, sizeof(netif_lcore_mask_get_t), - RTE_CACHE_LINE_SIZE, rte_socket_id()); + get = rte_zmalloc(NULL, sizeof(netif_lcore_mask_get_t), + RTE_CACHE_LINE_SIZE); if (unlikely (NULL == get)) return EDPVS_NOMEM; @@ -4242,8 +4242,8 @@ static int get_lcore_basic(lcoreid_t cid, void **out, size_t *out_len) return err; assert(len < NETIF_CTRL_BUFFER_LEN); - get = rte_zmalloc_socket(NULL, sizeof(netif_lcore_basic_get_t) + len, - RTE_CACHE_LINE_SIZE, rte_socket_id()); + get = rte_zmalloc(NULL, sizeof(netif_lcore_basic_get_t) + len, + RTE_CACHE_LINE_SIZE); if (unlikely(NULL == get)) return EDPVS_NOMEM; @@ -4337,8 +4337,8 @@ static int get_lcore_stats(lcoreid_t cid, void **out, size_t *out_len) netif_lcore_stats_get_t *get; struct netif_lcore_stats stats; - get = rte_zmalloc_socket(NULL, sizeof(struct netif_lcore_stats_get), - RTE_CACHE_LINE_SIZE, rte_socket_id()); + get = rte_zmalloc(NULL, sizeof(struct netif_lcore_stats_get), + RTE_CACHE_LINE_SIZE); if (unlikely(!get)) return EDPVS_NOMEM; @@ -4438,8 +4438,8 @@ static int get_port_basic(struct netif_port *port, void **out, size_t *out_len) bool promisc; int err; - get = rte_zmalloc_socket(NULL, sizeof(netif_nic_basic_get_t), - RTE_CACHE_LINE_SIZE, rte_socket_id()); + get = rte_zmalloc(NULL, sizeof(netif_nic_basic_get_t), + RTE_CACHE_LINE_SIZE); if (unlikely(!get)) return EDPVS_NOMEM; @@ -4694,8 +4694,8 @@ static int get_port_stats(struct netif_port *port, void **out, size_t *out_len) if (err != EDPVS_OK) return err; - get = rte_zmalloc_socket(NULL, sizeof(netif_nic_stats_get_t), - RTE_CACHE_LINE_SIZE, rte_socket_id()); + get = rte_zmalloc(NULL, sizeof(netif_nic_stats_get_t), + RTE_CACHE_LINE_SIZE); if (unlikely(!get)) return EDPVS_NOMEM; @@ -4726,8 +4726,8 @@ static int get_bond_status(struct netif_port *port, void **out, size_t *out_len) if (mport->type != PORT_TYPE_BOND_MASTER) return EDPVS_INVAL; - get = rte_zmalloc_socket(NULL, sizeof(netif_bond_status_get_t), - RTE_CACHE_LINE_SIZE, rte_socket_id()); + get = rte_zmalloc(NULL, sizeof(netif_bond_status_get_t), + RTE_CACHE_LINE_SIZE); if (unlikely(!get)) return EDPVS_NOMEM; get->mode = rte_eth_bond_mode_get(port->id); From 73e1e7445ec06ad21669b4a33e7e626c06ef9af9 Mon Sep 17 00:00:00 2001 From: gaofeng Date: Mon, 21 Oct 2019 22:54:26 +0800 Subject: [PATCH 13/62] fix crash problem when toa is used on centos 7.6 --- kmod/toa/toa.c | 120 +++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 96 insertions(+), 24 deletions(-) diff --git a/kmod/toa/toa.c b/kmod/toa/toa.c index 1040370f3..2d755b7f1 100644 --- a/kmod/toa/toa.c +++ b/kmod/toa/toa.c @@ -1,6 +1,4 @@ #include "toa.h" -#include - /* * TOA: Address is a new TCP Option * Address include ip+port, Now support IPV4 and IPV6 @@ -86,6 +84,35 @@ struct toa_stats_entry toa_stats[] = { TOA_STAT_END }; +unsigned int is_ro_addr(unsigned long addr) +{ + unsigned int level; + unsigned int ro_enable = 0; + pte_t *pte = lookup_address(addr, &level); + if (pte->pte &~ _PAGE_RW) + { + ro_enable = 1; + } + + return ro_enable; +} + +void set_addr_rw(unsigned long addr) +{ + unsigned int level; + pte_t *pte = lookup_address(addr, &level); + + if (pte->pte &~ _PAGE_RW) pte->pte |= _PAGE_RW; +} + +void set_addr_ro(unsigned long addr) +{ + unsigned int level; + pte_t *pte = lookup_address(addr, &level); + + pte->pte = pte->pte &~_PAGE_RW; +} + DEFINE_TOA_STAT(struct toa_stat_mib, ext_stats); #if (defined(TOA_IPV6_ENABLE) || defined(TOA_NAT64_ENABLE)) @@ -726,22 +753,44 @@ tcp_v6_syn_recv_sock_toa(struct sock *sk, struct sk_buff *skb, static inline int hook_toa_functions(void) { - /* hook inet_getname for ipv4 */ - struct proto_ops *inet_stream_ops_p = - (struct proto_ops *)&inet_stream_ops; - /* hook tcp_v4_syn_recv_sock for ipv4 */ - struct inet_connection_sock_af_ops *ipv4_specific_p = - (struct inet_connection_sock_af_ops *)&ipv4_specific; + struct proto_ops *inet_stream_ops_p; + struct inet_connection_sock_af_ops *ipv4_specific_p; + int rw_enable = 0; + + /* hook inet_getname for ipv4 */ + inet_stream_ops_p = (struct proto_ops *)&inet_stream_ops; + + if(is_ro_addr((unsigned long)(&inet_stream_ops.getname))) + { + set_addr_rw((unsigned long)(&inet_stream_ops.getname)); + rw_enable = 1; + } inet_stream_ops_p->getname = inet_getname_toa; + if(rw_enable == 1) + { + set_addr_ro((unsigned long)(&inet_stream_ops.getname)); + rw_enable = 0; + } TOA_INFO("CPU [%u] hooked inet_getname <%p> --> <%p>\n", - smp_processor_id(), inet_getname, inet_stream_ops_p->getname); - + smp_processor_id(), inet_getname, inet_stream_ops_p->getname); + + ipv4_specific_p = (struct inet_connection_sock_af_ops *)&ipv4_specific; + + if(is_ro_addr((unsigned long)(&ipv4_specific.syn_recv_sock))) + { + set_addr_rw((unsigned long)(&ipv4_specific.syn_recv_sock)); + rw_enable = 1; + } ipv4_specific_p->syn_recv_sock = tcp_v4_syn_recv_sock_toa; + if(rw_enable == 1) + { + set_addr_ro((unsigned long)(&ipv4_specific.syn_recv_sock)); + rw_enable = 0; + } TOA_INFO("CPU [%u] hooked tcp_v4_syn_recv_sock <%p> --> <%p>\n", - smp_processor_id(), tcp_v4_syn_recv_sock, - ipv4_specific_p->syn_recv_sock); - + smp_processor_id(), tcp_v4_syn_recv_sock, + ipv4_specific_p->syn_recv_sock); #ifdef TOA_IPV6_ENABLE inet6_stream_ops_p->getname = inet6_getname_toa; TOA_INFO("CPU [%u] hooked inet6_getname <%p> --> <%p>\n", @@ -760,20 +809,43 @@ hook_toa_functions(void) static int unhook_toa_functions(void) { - /* unhook inet_getname for ipv4 */ - struct proto_ops *inet_stream_ops_p = - (struct proto_ops *)&inet_stream_ops; - /* unhook tcp_v4_syn_recv_sock for ipv4 */ - struct inet_connection_sock_af_ops *ipv4_specific_p = - (struct inet_connection_sock_af_ops *)&ipv4_specific; + struct proto_ops *inet_stream_ops_p; + struct inet_connection_sock_af_ops *ipv4_specific_p; + int rw_enable = 0; + + /* unhook inet_getname for ipv4 */ + inet_stream_ops_p = (struct proto_ops *)&inet_stream_ops; + + if(is_ro_addr((unsigned long)(&inet_stream_ops.getname))) + { + set_addr_rw((unsigned long)(&inet_stream_ops.getname)); + rw_enable = 1; + } inet_stream_ops_p->getname = inet_getname; - TOA_INFO("CPU [%u] unhooked inet_getname\n", - smp_processor_id()); - + if(rw_enable == 1) + { + set_addr_ro((unsigned long)(&inet_stream_ops.getname)); + rw_enable = 0; + } + TOA_INFO("CPU [%u] unhooked inet_getname\n", smp_processor_id()); + + /* unhook tcp_v4_syn_recv_sock for ipv4 */ + ipv4_specific_p = (struct inet_connection_sock_af_ops *)&ipv4_specific; + if(is_ro_addr((unsigned long)(&ipv4_specific.syn_recv_sock))) + { + set_addr_rw((unsigned long)(&ipv4_specific.syn_recv_sock)); + rw_enable = 1; + } + set_addr_rw((unsigned long)(&ipv4_specific.syn_recv_sock)); ipv4_specific_p->syn_recv_sock = tcp_v4_syn_recv_sock; - TOA_INFO("CPU [%u] unhooked tcp_v4_syn_recv_sock\n", - smp_processor_id()); + if(rw_enable == 1) + { + set_addr_ro((unsigned long)(&ipv4_specific.syn_recv_sock)); + rw_enable = 0; + } + + TOA_INFO("CPU [%u] unhooked tcp_v4_syn_recv_sock\n", smp_processor_id()); #ifdef TOA_IPV6_ENABLE if (inet6_stream_ops_p) { From 7c3b1bb5b1575844bdc1ee7dd4185d1e2691173a Mon Sep 17 00:00:00 2001 From: zhuangyan Date: Wed, 16 Oct 2019 20:51:22 +0800 Subject: [PATCH 14/62] ipvs: refactor conn_expire() to make the code logic clear. - Rename conn_expire() to dp_vs_conn_expire(). --- src/ipvs/ip_vs_conn.c | 217 ++++++++++++++++++++++++------------------ 1 file changed, 127 insertions(+), 90 deletions(-) diff --git a/src/ipvs/ip_vs_conn.c b/src/ipvs/ip_vs_conn.c index 54f00c4f5..346415359 100644 --- a/src/ipvs/ip_vs_conn.c +++ b/src/ipvs/ip_vs_conn.c @@ -85,7 +85,7 @@ static uint32_t dp_vs_conn_rnd; /* hash random */ */ static struct rte_mempool *dp_vs_conn_cache[DPVS_MAX_SOCKET]; -static int conn_expire(void *priv); +static int dp_vs_conn_expire(void *priv); static struct dp_vs_conn *dp_vs_conn_alloc(enum dpvs_fwd_mode fwdmode, uint32_t flags) @@ -132,17 +132,17 @@ static void dp_vs_conn_attach_timer(struct dp_vs_conn *conn, bool lock) if (dp_vs_conn_is_template(conn)) { if (lock) rc = dpvs_timer_sched(&conn->timer, &conn->timeout, - conn_expire, conn, true); + dp_vs_conn_expire, conn, true); else rc = dpvs_timer_sched_nolock(&conn->timer, &conn->timeout, - conn_expire, conn, true); + dp_vs_conn_expire, conn, true); } else { if (lock) rc = dpvs_timer_sched(&conn->timer, &conn->timeout, - conn_expire, conn, false); + dp_vs_conn_expire, conn, false); else rc = dpvs_timer_sched_nolock(&conn->timer, &conn->timeout, - conn_expire, conn, false); + dp_vs_conn_expire, conn, false); } if (rc == EDPVS_OK) @@ -323,7 +323,8 @@ static inline int dp_vs_conn_unhash(struct dp_vs_conn *conn) return err; } -static int conn_bind_dest(struct dp_vs_conn *conn, struct dp_vs_dest *dest) +static int dp_vs_conn_bind_dest(struct dp_vs_conn *conn, + struct dp_vs_dest *dest) { /* ATTENTION: * Initial state of conn should be INACTIVE, with conn->inactconns=1 and @@ -373,7 +374,7 @@ static int conn_bind_dest(struct dp_vs_conn *conn, struct dp_vs_dest *dest) return EDPVS_OK; } -static int conn_unbind_dest(struct dp_vs_conn *conn) +static int dp_vs_conn_unbind_dest(struct dp_vs_conn *conn) { struct dp_vs_dest *dest = conn->dest; @@ -488,55 +489,53 @@ static inline void conn_stats_dump(const char *msg, struct dp_vs_conn *conn) static void dp_vs_conn_put_nolock(struct dp_vs_conn *conn); -/* timeout hanlder */ -static int conn_expire(void *priv) +static void dp_vs_conn_set_timeout(struct dp_vs_conn *conn, + struct dp_vs_proto *pp) { - struct dp_vs_conn *conn = priv; - struct dp_vs_proto *pp; - struct rte_mbuf *cloned_syn_mbuf; - struct dp_vs_synproxy_ack_pakcet *ack_mbuf, *t_ack_mbuf; - struct rte_mempool *pool; - - assert(conn); - assert(conn->af == AF_INET || conn->af == AF_INET6); - assert(rte_atomic32_read(&conn->refcnt) > 0); - - /* set proper timeout */ unsigned conn_timeout = 0; - pp = dp_vs_proto_lookup(conn->proto); - if (((conn->proto == IPPROTO_TCP) && - (conn->state == DPVS_TCP_S_ESTABLISHED)) || - ((conn->proto == IPPROTO_UDP) && - (conn->state == DPVS_UDP_S_NORMAL))) { + /* set proper timeout */ + if ((conn->proto == IPPROTO_TCP && conn->state == DPVS_TCP_S_ESTABLISHED) + || (conn->proto == IPPROTO_UDP && conn->state == DPVS_UDP_S_NORMAL)) { conn_timeout = dp_vs_get_conn_timeout(conn); - if (unlikely(conn_timeout > 0)) + + if (unlikely(conn_timeout > 0)) { conn->timeout.tv_sec = conn_timeout; - else if (pp && pp->timeout_table) - conn->timeout.tv_sec = pp->timeout_table[conn->state]; - else - conn->timeout.tv_sec = 60; - } else if (pp && pp->timeout_table) + return; + } + } + + if (pp && pp->timeout_table) conn->timeout.tv_sec = pp->timeout_table[conn->state]; else conn->timeout.tv_sec = 60; dpvs_time_rand_delay(&conn->timeout, 1000000); +} - rte_atomic32_inc(&conn->refcnt); +/* + * retransmit syn packet to rs + */ +static int dp_vs_conn_resend_packets(struct dp_vs_conn *conn, + struct dp_vs_proto *pp) +{ + struct rte_mempool *pool; + struct rte_mbuf *cloned_syn_mbuf; - /* retransmit syn packet to rs */ if (conn->syn_mbuf && rte_atomic32_read(&conn->syn_retry_max) > 0) { if (likely(conn->packet_xmit != NULL)) { pool = get_mbuf_pool(conn, DPVS_CONN_DIR_INBOUND); + if (unlikely(!pool)) { - RTE_LOG(WARNING, IPVS, "%s: no route for syn_proxy rs's syn " - "retransmit\n", __func__); + RTE_LOG(WARNING, IPVS, + "%s: no route for syn_proxy rs's syn retransmit\n", + __func__); } else { cloned_syn_mbuf = mbuf_copy(conn->syn_mbuf, pool); if (unlikely(!cloned_syn_mbuf)) { - RTE_LOG(WARNING, IPVS, "%s: no memory for syn_proxy rs's syn " - "retransmit\n", __func__); + RTE_LOG(WARNING, IPVS, + "%s: no memory for syn_proxy rs's syn retransmit\n", + __func__); } else { cloned_syn_mbuf->userdata = NULL; conn->packet_xmit(pp, conn, cloned_syn_mbuf); @@ -547,6 +546,90 @@ static int conn_expire(void *priv) rte_atomic32_dec(&conn->syn_retry_max); dp_vs_estats_inc(SYNPROXY_RS_ERROR); + return EDPVS_OK; + } + + return EDPVS_INPROGRESS; +} + +static void dp_vs_conn_sa_release(struct dp_vs_conn *conn) +{ + struct sockaddr_storage saddr, daddr; + + if (conn->dest->fwdmode != DPVS_FWD_MODE_SNAT + || conn->proto == IPPROTO_ICMP + || conn->proto == IPPROTO_ICMPV6) { + return; + } + + memset(&saddr, 0, sizeof(saddr)); + memset(&daddr, 0, sizeof(daddr)); + + if (AF_INET == conn->af) { + struct sockaddr_in *daddr4 = (struct sockaddr_in *)&daddr; + struct sockaddr_in *saddr4 = (struct sockaddr_in *)&saddr; + + daddr4->sin_family = AF_INET; + daddr4->sin_addr = conn->caddr.in; + daddr4->sin_port = conn->cport; + + saddr4->sin_family = AF_INET; + saddr4->sin_addr = conn->vaddr.in; + saddr4->sin_port = conn->vport; + } else { /* AF_INET6 */ + struct sockaddr_in6 *daddr6 = (struct sockaddr_in6 *)&daddr; + struct sockaddr_in6 *saddr6 = (struct sockaddr_in6 *)&saddr; + + daddr6->sin6_family = AF_INET6; + daddr6->sin6_addr = conn->caddr.in6; + daddr6->sin6_port = conn->cport; + + saddr6->sin6_family = AF_INET6; + saddr6->sin6_addr = conn->vaddr.in6; + saddr6->sin6_port = conn->vport; + } + + sa_release(conn->out_dev, (struct sockaddr_storage *)&daddr, + (struct sockaddr_storage *)&saddr); +} + +static void dp_vs_conn_free_packets(struct dp_vs_conn *conn) +{ + struct dp_vs_synproxy_ack_pakcet *ack_mbuf, *t_ack_mbuf; + + /* free stored ack packet */ + list_for_each_entry_safe(ack_mbuf, t_ack_mbuf, &conn->ack_mbuf, list) { + list_del_init(&ack_mbuf->list); + rte_pktmbuf_free(ack_mbuf->mbuf); + sp_dbg_stats32_dec(sp_ack_saved); + rte_mempool_put(this_ack_mbufpool, ack_mbuf); + } + + conn->ack_num = 0; + + /* free stored syn mbuf */ + if (conn->syn_mbuf) { + rte_pktmbuf_free(conn->syn_mbuf); + sp_dbg_stats32_dec(sp_syn_saved); + } +} + +/* timeout hanlder */ +static int dp_vs_conn_expire(void *priv) +{ + struct dp_vs_conn *conn = priv; + struct dp_vs_proto *pp; + + assert(conn); + assert(conn->af == AF_INET || conn->af == AF_INET6); + assert(rte_atomic32_read(&conn->refcnt) > 0); + + pp = dp_vs_proto_lookup(conn->proto); + dp_vs_conn_set_timeout(conn, pp); + + rte_atomic32_inc(&conn->refcnt); + + if (dp_vs_conn_resend_packets(conn, pp) == EDPVS_OK) { /* expire later */ dp_vs_conn_put_nolock(conn); return DTIMER_OK; @@ -574,56 +657,10 @@ static int conn_expire(void *priv) if (pp && pp->conn_expire) pp->conn_expire(pp, conn); - if (conn->dest->fwdmode == DPVS_FWD_MODE_SNAT - && conn->proto != IPPROTO_ICMP - && conn->proto != IPPROTO_ICMPV6) { - struct sockaddr_storage saddr, daddr; - memset(&saddr, 0, sizeof(saddr)); - memset(&daddr, 0, sizeof(daddr)); - if (AF_INET == conn->af) { - struct sockaddr_in *daddr4 = (struct sockaddr_in *)&daddr; - struct sockaddr_in *saddr4 = (struct sockaddr_in *)&saddr; - - daddr4->sin_family = AF_INET; - daddr4->sin_addr = conn->caddr.in; - daddr4->sin_port = conn->cport; - - saddr4->sin_family = AF_INET; - saddr4->sin_addr = conn->vaddr.in; - saddr4->sin_port = conn->vport; - } else { /* AF_INET6 */ - struct sockaddr_in6 *daddr6 = (struct sockaddr_in6 *)&daddr; - struct sockaddr_in6 *saddr6 = (struct sockaddr_in6 *)&saddr; - - daddr6->sin6_family = AF_INET6; - daddr6->sin6_addr = conn->caddr.in6; - daddr6->sin6_port = conn->cport; - - saddr6->sin6_family = AF_INET6; - saddr6->sin6_addr = conn->vaddr.in6; - saddr6->sin6_port = conn->vport; - } - sa_release(conn->out_dev, (struct sockaddr_storage *)&daddr, - (struct sockaddr_storage *)&saddr); - } - - conn_unbind_dest(conn); + dp_vs_conn_sa_release(conn); + dp_vs_conn_unbind_dest(conn); dp_vs_laddr_unbind(conn); - - /* free stored ack packet */ - list_for_each_entry_safe(ack_mbuf, t_ack_mbuf, &conn->ack_mbuf, list) { - list_del_init(&ack_mbuf->list); - rte_pktmbuf_free(ack_mbuf->mbuf); - sp_dbg_stats32_dec(sp_ack_saved); - rte_mempool_put(this_ack_mbufpool, ack_mbuf); - } - conn->ack_num = 0; - - /* free stored syn mbuf */ - if (conn->syn_mbuf) { - rte_pktmbuf_free(conn->syn_mbuf); - sp_dbg_stats32_dec(sp_syn_saved); - } + dp_vs_conn_free_packets(conn); rte_atomic32_dec(&conn->refcnt); @@ -707,7 +744,7 @@ static void conn_flush(void) (struct sockaddr_storage *)&saddr); } - conn_unbind_dest(conn); + dp_vs_conn_unbind_dest(conn); dp_vs_laddr_unbind(conn); rte_atomic32_dec(&conn->refcnt); @@ -833,7 +870,7 @@ struct dp_vs_conn *dp_vs_conn_new(struct rte_mbuf *mbuf, #endif /* bind destination and corresponding trasmitter */ - err = conn_bind_dest(new, dest); + err = dp_vs_conn_bind_dest(new, dest); if (err != EDPVS_OK) { RTE_LOG(WARNING, IPVS, "%s: fail to bind dest: %s\n", __func__, dpvs_strerror(err)); @@ -907,7 +944,7 @@ struct dp_vs_conn *dp_vs_conn_new(struct rte_mbuf *mbuf, unbind_laddr: dp_vs_laddr_unbind(new); unbind_dest: - conn_unbind_dest(new); + dp_vs_conn_unbind_dest(new); errout: dp_vs_conn_free(new); return NULL; @@ -1092,7 +1129,7 @@ void dp_vs_conn_put(struct dp_vs_conn *conn) rte_atomic32_dec(&conn->refcnt); } -/* used in conn timer handler: conn_expire */ +/* used in conn timer handler: dp_vs_conn_expire */ static void dp_vs_conn_put_nolock(struct dp_vs_conn *conn) { dp_vs_conn_refresh_timer(conn, false); From 83ccf1183eeea057def001885d76846bbc943ebe Mon Sep 17 00:00:00 2001 From: jerrywang Date: Thu, 23 May 2019 17:16:44 +0800 Subject: [PATCH 15/62] svc/dest/laddr support percore; fix snat bug: no range config --- include/common.h | 5 + include/conf/laddr.h | 4 + include/ctrl.h | 26 + include/ipvs/dest.h | 14 +- include/ipvs/service.h | 61 +- include/ipvs/stats.h | 7 +- src/ctrl.c | 2 +- src/ipset.c | 5 - src/ipvs/ip_vs_conhash.c | 2 +- src/ipvs/ip_vs_conn.c | 2 +- src/ipvs/ip_vs_core.c | 4 +- src/ipvs/ip_vs_dest.c | 189 +-- src/ipvs/ip_vs_laddr.c | 388 +++++-- src/ipvs/ip_vs_proto_icmp.c | 6 +- src/ipvs/ip_vs_proto_tcp.c | 13 +- src/ipvs/ip_vs_proto_udp.c | 6 +- src/ipvs/ip_vs_rr.c | 4 - src/ipvs/ip_vs_service.c | 1019 ++++++++++++----- src/ipvs/ip_vs_stats.c | 191 +-- src/ipvs/ip_vs_synproxy.c | 17 +- src/ipvs/ip_vs_wrr.c | 2 - src/neigh.c | 2 + tools/ipvsadm/ipvsadm.c | 165 ++- .../keepalived/keepalived/check/check_data.c | 1 + .../keepalived/check/check_parser.c | 13 + .../keepalived/keepalived/check/ipvswrapper.c | 18 +- .../keepalived/include/check_data.h | 4 +- .../keepalived/keepalived/libipvs-2.6/dp_vs.h | 9 - .../keepalived/keepalived/libipvs-2.6/ip_vs.h | 110 +- .../keepalived/libipvs-2.6/libipvs.c | 39 +- .../keepalived/libipvs-2.6/libipvs.h | 12 +- 31 files changed, 1339 insertions(+), 1001 deletions(-) diff --git a/include/common.h b/include/common.h index 8d358dc8e..6c2d79257 100644 --- a/include/common.h +++ b/include/common.h @@ -71,6 +71,11 @@ typedef uint16_t __u16; typedef uint32_t __u32; #endif +#ifndef lcoreid_t +typedef uint8_t lcoreid_t; +#endif + + #define DPVS_WAIT_WHILE(expr) while(expr){;} typedef enum { diff --git a/include/conf/laddr.h b/include/conf/laddr.h index 32097eff4..09a3bc66f 100644 --- a/include/conf/laddr.h +++ b/include/conf/laddr.h @@ -34,6 +34,9 @@ enum { SOCKOPT_GET_LADDR_GETALL, }; +#define SOCKOPT_LADDR_BASE SOCKOPT_SET_LADDR_ADD +#define SOCKOPT_GET_LADDR_MAX 199 + struct dp_vs_laddr_entry { int af; union inet_addr addr; @@ -52,6 +55,7 @@ struct dp_vs_laddr_conf { char drange[256]; char iifname[IFNAMSIZ]; char oifname[IFNAMSIZ]; + lcoreid_t cid; /* for set */ int af_l; diff --git a/include/ctrl.h b/include/ctrl.h index 2fa8c7df4..16c4c7072 100644 --- a/include/ctrl.h +++ b/include/ctrl.h @@ -204,6 +204,32 @@ int msg_dump(const struct dpvs_msg *msg, char *buf, int len); #define MSG_TYPE_IPV6_STATS 16 #define MSG_TYPE_ROUTE6 17 #define MSG_TYPE_NEIGH_GET 18 +#define MSG_TYPE_IPSET_ADD 19 +#define MSG_TYPE_IPSET_DEL 20 +#define MSG_TYPE_IPSET_FLUSH 21 + +/* for svc per_core, refer to service.h*/ +enum { + MSG_TYPE_SVC_SET_FLUSH = MSG_TYPE_IPSET_FLUSH + 1, + MSG_TYPE_SVC_SET_ZERO, + MSG_TYPE_SVC_SET_ADD, + MSG_TYPE_SVC_SET_EDIT, + MSG_TYPE_SVC_SET_DEL, + MSG_TYPE_SVC_SET_ADDDEST, + MSG_TYPE_SVC_SET_EDITDEST, + MSG_TYPE_SVC_SET_DELDEST, + MSG_TYPE_LADDR_SET_ADD, + MSG_TYPE_LADDR_SET_DEL, + MSG_TYPE_LADDR_SET_FLUSH, + MSG_TYPE_SVC_GET_INFO, + MSG_TYPE_SVC_GET_SERVICES, + MSG_TYPE_SVC_GET_SERVICE, + MSG_TYPE_SVC_GET_DESTS, + MSG_TYPE_LADDR_GET_ALL, +}; +#define MSG_TYPE_SVC_SET_BASE MSG_TYPE_SVC_SET_FLUSH +#define MSG_TYPE_SVC_GET_BASE MSG_TYPE_SVC_GET_INFO +#define MSG_TYPE_SET_LADDR_BASE MSG_TYPE_LADDR_SET_ADD #define SOCKOPT_VERSION_MAJOR 1 #define SOCKOPT_VERSION_MINOR 0 diff --git a/include/ipvs/dest.h b/include/ipvs/dest.h index bbcf8eb8f..86f7fbdec 100644 --- a/include/ipvs/dest.h +++ b/include/ipvs/dest.h @@ -59,7 +59,7 @@ struct dp_vs_dest { rte_atomic16_t weight; /* server weight */ rte_atomic32_t refcnt; /* reference counter */ - struct dp_vs_stats *stats; /* Use per-cpu statistics for destination server */ + struct dp_vs_stats stats; /* Use per-cpu statistics for destination server */ enum dpvs_fwd_mode fwdmode; @@ -126,6 +126,8 @@ struct dp_vs_get_dests { /* number of real servers */ unsigned int num_dests; + lcoreid_t cid; + char srange[256]; char drange[256]; char iifname[IFNAMSIZ]; @@ -181,24 +183,18 @@ int dp_vs_new_dest(struct dp_vs_service *svc, struct dp_vs_dest_conf *udest, struct dp_vs_dest *dp_vs_lookup_dest(int af, struct dp_vs_service *svc, const union inet_addr *daddr, uint16_t dport); -struct dp_vs_dest *dp_vs_trash_get_dest(struct dp_vs_service *svc, - const union inet_addr *daddr, uint16_t dport); - -void dp_vs_trash_cleanup(void); - int dp_vs_add_dest(struct dp_vs_service *svc, struct dp_vs_dest_conf *udest); int dp_vs_edit_dest(struct dp_vs_service *svc, struct dp_vs_dest_conf *udest); -void __dp_vs_unlink_dest(struct dp_vs_service *svc, +void dp_vs_unlink_dest(struct dp_vs_service *svc, struct dp_vs_dest *dest, int svcupd); -void __dp_vs_del_dest(struct dp_vs_dest *dest); +void dp_vs_dest_put(struct dp_vs_dest *dest); int dp_vs_del_dest(struct dp_vs_service *svc, struct dp_vs_dest_conf *udest); int dp_vs_get_dest_entries(const struct dp_vs_service *svc, - const struct dp_vs_get_dests *get, struct dp_vs_get_dests *uptr); int dp_vs_dest_init(void); diff --git a/include/ipvs/service.h b/include/ipvs/service.h index c8d997260..b25b7841f 100644 --- a/include/ipvs/service.h +++ b/include/ipvs/service.h @@ -42,15 +42,15 @@ #define DP_VS_SVC_F_SIP_HASH 0x0100 /* sip hash target */ #define DP_VS_SVC_F_QID_HASH 0x0200 /* quic cid hash target */ -rte_rwlock_t __dp_vs_svc_lock; +#define DP_VS_SVC_F_MATCH 0x0400 /* snat match */ /* virtual service */ struct dp_vs_service { struct list_head s_list; /* node for normal service table */ struct list_head f_list; /* node for fwmark service table */ struct list_head m_list; /* node for match service table */ - rte_atomic32_t refcnt; - rte_atomic32_t usecnt; + rte_atomic32_t refcnt; /* svc is per core, conn will not refer to svc, but dest will. + * while conn will refer to dest */ /* * to identify a service @@ -78,14 +78,12 @@ struct dp_vs_service { struct dp_vs_scheduler *scheduler; void *sched_data; - rte_rwlock_t sched_lock; - struct dp_vs_stats *stats; + struct dp_vs_stats stats; /* FNAT only */ struct list_head laddr_list; /* local address (LIP) pool */ struct list_head *laddr_curr; - rte_rwlock_t laddr_lock; uint32_t num_laddrs; /* ... flags, timer ... */ @@ -128,6 +126,7 @@ struct dp_vs_service_entry { unsigned int num_dests; unsigned int num_laddrs; + lcoreid_t cid; struct dp_vs_stats stats; @@ -138,6 +137,7 @@ struct dp_vs_service_entry { }; struct dp_vs_get_services { + lcoreid_t cid; unsigned int num_services; struct dp_vs_service_entry entrytable[0]; }; @@ -167,60 +167,40 @@ struct dp_vs_getinfo { unsigned int version; unsigned int size; unsigned int num_services; + unsigned int num_lcores; }; #ifdef __DPVS__ int dp_vs_service_init(void); int dp_vs_service_term(void); -int dp_vs_add_service(struct dp_vs_service_conf *u, - struct dp_vs_service **svc_p); - -int dp_vs_del_service(struct dp_vs_service *svc); - -int dp_vs_edit_service(struct dp_vs_service *svc, - struct dp_vs_service_conf *u); - struct dp_vs_service * dp_vs_service_lookup(int af, uint16_t protocol, const union inet_addr *vaddr, uint16_t vport, uint32_t fwmark, const struct rte_mbuf *mbuf, const struct dp_vs_match *match, - bool *outwall); + bool *outwall, lcoreid_t cid); int dp_vs_match_parse(const char *srange, const char *drange, const char *iifname, const char *oifname, - struct dp_vs_match *match); + int af, struct dp_vs_match *match); -void __dp_vs_bind_svc(struct dp_vs_dest *dest, struct dp_vs_service *svc); +void dp_vs_bind_svc(struct dp_vs_dest *dest, struct dp_vs_service *svc); -void __dp_vs_unbind_svc(struct dp_vs_dest *dest); +void dp_vs_unbind_svc(struct dp_vs_dest *dest); -struct dp_vs_service *dp_vs_lookup_vip(int af, uint16_t protocol, - const union inet_addr *vaddr); +void dp_vs_svc_put(struct dp_vs_service *svc); -static inline void dp_vs_service_put(struct dp_vs_service *svc) -{ - rte_atomic32_dec(&svc->usecnt); -} - -struct dp_vs_service *__dp_vs_service_get(int af, uint16_t protocol, - const union inet_addr *vaddr, uint16_t vport); - -struct dp_vs_service *__dp_vs_svc_fwm_get(int af, uint32_t fwmark); - -int dp_vs_get_service_entries(const struct dp_vs_get_services *get, - struct dp_vs_get_services *uptr); +struct dp_vs_service *dp_vs_lookup_vip(int af, uint16_t protocol, + const union inet_addr *vaddr, + lcoreid_t cid); unsigned dp_vs_get_conn_timeout(struct dp_vs_conn *conn); -/* flush all services */ -int dp_vs_flush(void); - -int dp_vs_zero_service(struct dp_vs_service *svc); - -int dp_vs_zero_all(void); +#define MAX_ARG_LEN (sizeof(struct dp_vs_service_user) + \ + sizeof(struct dp_vs_dest_user)) +#endif enum{ DPVS_SO_SET_FLUSH = 200, @@ -246,9 +226,6 @@ enum{ #define SOCKOPT_SVC_BASE DPVS_SO_SET_FLUSH #define SOCKOPT_SVC_SET_CMD_MAX DPVS_SO_SET_GRATARP #define SOCKOPT_SVC_GET_CMD_MAX DPVS_SO_GET_DESTS - -#define MAX_ARG_LEN (sizeof(struct dp_vs_service_user) + \ - sizeof(struct dp_vs_dest_user)) -#endif +#define SOCKOPT_SVC_MAX 299 #endif /* __DPVS_SVC_H__ */ diff --git a/include/ipvs/stats.h b/include/ipvs/stats.h index 665ae04f1..fc6ecde3a 100644 --- a/include/ipvs/stats.h +++ b/include/ipvs/stats.h @@ -98,8 +98,7 @@ struct dp_vs_estats { int dp_vs_stats_init(void); int dp_vs_stats_term(void); -void dp_vs_stats_clear(void); -void dp_svc_stats_clear(struct dp_vs_stats *stats); +void dp_vs_stats_clear(struct dp_vs_stats *stats); int dp_vs_stats_in(struct dp_vs_conn *conn, struct rte_mbuf *mbuf); int dp_vs_stats_out(struct dp_vs_conn *conn, struct rte_mbuf *mbuf); @@ -108,10 +107,8 @@ void dp_vs_stats_conn(struct dp_vs_conn *conn); void dp_vs_estats_inc(enum dp_vs_estats_type field); void dp_vs_estats_clear(void); uint64_t dp_vs_estats_get(enum dp_vs_estats_type field); +int dp_vs_add_stats(struct dp_vs_stats* dst, struct dp_vs_stats* src); -int dp_vs_new_stats(struct dp_vs_stats **p); -void dp_vs_del_stats(struct dp_vs_stats *p); -void dp_vs_zero_stats(struct dp_vs_stats* stats); int dp_vs_copy_stats(struct dp_vs_stats* dst, struct dp_vs_stats* src); #endif diff --git a/src/ctrl.c b/src/ctrl.c index 631f9893c..43225662e 100644 --- a/src/ctrl.c +++ b/src/ctrl.c @@ -99,7 +99,7 @@ inline static void msg_debug_dump(void) allc = rte_atomic64_read(&n_msg_allc); - if (likely(allc % 100000)) + if (likely(allc % 10)) return; RTE_LOG(INFO, MSGMGR, "%s: allocated=%ld, freed=%ld, processing=%d\n", diff --git a/src/ipset.c b/src/ipset.c index 52ad05e73..9195f2ba5 100644 --- a/src/ipset.c +++ b/src/ipset.c @@ -34,11 +34,6 @@ #define this_ipset_table_lcore (this_ipset_lcore.ipset_table) #define this_num_ipset (RTE_PER_LCORE(num_ipset)) -#define MSG_TYPE_IPSET_ADD 19 -#define MSG_TYPE_IPSET_DEL 20 -#define MSG_TYPE_IPSET_FLUSH 21 - - struct ipset_lcore{ struct list_head ipset_table[IPSET_TAB_SIZE]; }; diff --git a/src/ipvs/ip_vs_conhash.c b/src/ipvs/ip_vs_conhash.c index 2c95bf7cb..cb0cf8c7f 100644 --- a/src/ipvs/ip_vs_conhash.c +++ b/src/ipvs/ip_vs_conhash.c @@ -145,7 +145,7 @@ static void node_fini(struct node_s *node) return; if (node->data) { - rte_atomic32_dec(&(((struct dp_vs_dest *)(node->data))->refcnt)); + dp_vs_dest_put((struct dp_vs_dest *)node->data); node->data = NULL; } diff --git a/src/ipvs/ip_vs_conn.c b/src/ipvs/ip_vs_conn.c index 54f00c4f5..a51035f7f 100644 --- a/src/ipvs/ip_vs_conn.c +++ b/src/ipvs/ip_vs_conn.c @@ -392,7 +392,7 @@ static int conn_unbind_dest(struct dp_vs_conn *conn) dest->flags &= ~DPVS_DEST_F_OVERLOAD; } - rte_atomic32_dec(&dest->refcnt); + dp_vs_dest_put(dest); conn->dest = NULL; return EDPVS_OK; diff --git a/src/ipvs/ip_vs_core.c b/src/ipvs/ip_vs_core.c index 4b0547acd..146266123 100644 --- a/src/ipvs/ip_vs_core.c +++ b/src/ipvs/ip_vs_core.c @@ -1083,8 +1083,8 @@ static int __dp_vs_pre_routing(void *priv, struct rte_mbuf *mbuf, /* Drop udp packet which send to tcp-vip */ if (g_defence_udp_drop && IPPROTO_UDP == iph.proto) { - if ((svc = dp_vs_lookup_vip(af, IPPROTO_UDP, &iph.daddr)) == NULL) { - if ((svc = dp_vs_lookup_vip(af, IPPROTO_TCP, &iph.daddr)) != NULL) { + if ((svc = dp_vs_lookup_vip(af, IPPROTO_UDP, &iph.daddr, rte_lcore_id())) == NULL) { + if ((svc = dp_vs_lookup_vip(af, IPPROTO_TCP, &iph.daddr, rte_lcore_id())) != NULL) { dp_vs_estats_inc(DEFENCE_UDP_DROP); return INET_DROP; } diff --git a/src/ipvs/ip_vs_dest.c b/src/ipvs/ip_vs_dest.c index 92697a7d9..8324797d4 100644 --- a/src/ipvs/ip_vs_dest.c +++ b/src/ipvs/ip_vs_dest.c @@ -47,64 +47,6 @@ struct dp_vs_dest *dp_vs_lookup_dest(int af, return NULL; } -/* - * Lookup dest by {svc,addr,port} in the destination trash. - * The destination trash is used to hold the destinations that are removed - * from the service table but are still referenced by some conn entries. - * The reason to add the destination trash is when the dest is temporary - * down (either by administrator or by monitor program), the dest can be - * picked back from the trash, the remaining connections to the dest can - * continue, and the counting information of the dest is also useful for - * scheduling. - */ -struct dp_vs_dest *dp_vs_trash_get_dest(struct dp_vs_service *svc, - const union inet_addr *daddr, - uint16_t dport) -{ - struct dp_vs_dest *dest, *nxt; - - list_for_each_entry_safe(dest, nxt, &dp_vs_dest_trash, n_list) { - RTE_LOG(DEBUG, SERVICE, "%s: Destination still in trash.\n", __func__); - if (dest->af == svc->af && - inet_addr_equal(svc->af, &dest->addr, daddr) && - dest->port == dport && - dest->vfwmark == svc->fwmark && - dest->proto == svc->proto && - (svc->fwmark || - (inet_addr_equal(svc->af, &dest->vaddr, &svc->addr) && - dest->vport == svc->port))) { - /*since svc may be edit, variables should be coverd*/ - dest->conn_timeout = svc->conn_timeout; - dest->limit_proportion = svc->limit_proportion; - return dest; - } - if (rte_atomic32_read(&dest->refcnt) == 1) { - RTE_LOG(DEBUG, SERVICE, "%s: Removing destination from trash.\n", __func__); - list_del(&dest->n_list); - //dp_vs_dst_reset(dest);//to be finished - __dp_vs_unbind_svc(dest); - - dp_vs_del_stats(dest->stats); - rte_free(dest); - } - } - return NULL; -} - -void dp_vs_trash_cleanup(void) -{ - struct dp_vs_dest *dest, *nxt; - - list_for_each_entry_safe(dest, nxt, &dp_vs_dest_trash, n_list) { - list_del(&dest->n_list); - //dp_vs_dst_reset(dest); - __dp_vs_unbind_svc(dest); - - dp_vs_del_stats(dest->stats); - rte_free(dest); - } -} - static void __dp_vs_update_dest(struct dp_vs_service *svc, struct dp_vs_dest *dest, struct dp_vs_dest_conf *udest) @@ -116,19 +58,6 @@ static void __dp_vs_update_dest(struct dp_vs_service *svc, rte_atomic16_set(&dest->conn_flags, conn_flags); - /* bind the service */ - if (!dest->svc) { - __dp_vs_bind_svc(dest, svc); - } else { - if (dest->svc != svc) { - __dp_vs_unbind_svc(dest); - - dp_svc_stats_clear(dest->stats); - - __dp_vs_bind_svc(dest, svc); - } - } - dest->flags |= DPVS_DEST_F_AVAILABLE; if (udest->max_conn == 0 || udest->max_conn > dest->max_conn) @@ -165,12 +94,8 @@ int dp_vs_new_dest(struct dp_vs_service *svc, rte_atomic32_set(&dest->actconns, 0); rte_atomic32_set(&dest->inactconns, 0); rte_atomic32_set(&dest->persistconns, 0); - rte_atomic32_set(&dest->refcnt, 0); - - if (dp_vs_new_stats(&(dest->stats)) != EDPVS_OK) { - rte_free(dest); - return EDPVS_NOMEM; - } + rte_atomic32_set(&dest->refcnt, 1); + dp_vs_bind_svc(dest, svc); __dp_vs_update_dest(svc, dest, udest); @@ -209,43 +134,6 @@ dp_vs_add_dest(struct dp_vs_service *svc, struct dp_vs_dest_conf *udest) return EDPVS_EXIST; } - /* - * Check if the dest already exists in the trash and - * is from the same service - */ - dest = dp_vs_trash_get_dest(svc, &daddr, dport); - - if (dest != NULL) { - RTE_LOG(DEBUG, SERVICE, "%s: get dest from trash.\n", __func__); - - __dp_vs_update_dest(svc, dest, udest); - - /* - * Get the destination from the trash - */ - list_del(&dest->n_list); - /* Reset the statistic value */ - dp_svc_stats_clear(dest->stats); - - rte_rwlock_write_lock(&__dp_vs_svc_lock); - - /* - * Wait until all other svc users go away. - */ - DPVS_WAIT_WHILE(rte_atomic32_read(&svc->usecnt) > 1); - - list_add(&dest->n_list, &svc->dests); - svc->weight += udest->weight; - svc->num_dests++; - - /* call the update_service function of its scheduler */ - if (svc->scheduler->update_service) - svc->scheduler->update_service(svc, dest, DPVS_SO_SET_ADDDEST); - - rte_rwlock_write_unlock(&__dp_vs_svc_lock); - return EDPVS_OK; - } - /* * Allocate and initialize the dest structure */ @@ -254,18 +142,6 @@ dp_vs_add_dest(struct dp_vs_service *svc, struct dp_vs_dest_conf *udest) return ret; } - /* - * Add the dest entry into the list - */ - rte_atomic32_inc(&dest->refcnt); - - rte_rwlock_write_lock(&__dp_vs_svc_lock); - - /* - * Wait until all other svc users go away. - */ - DPVS_WAIT_WHILE(rte_atomic32_read(&svc->usecnt) > 1); - list_add(&dest->n_list, &svc->dests); svc->weight += udest->weight; svc->num_dests++; @@ -274,8 +150,6 @@ dp_vs_add_dest(struct dp_vs_service *svc, struct dp_vs_dest_conf *udest) if (svc->scheduler->update_service) svc->scheduler->update_service(svc, dest, DPVS_SO_SET_ADDDEST); - rte_rwlock_write_unlock(&__dp_vs_svc_lock); - return EDPVS_OK; } @@ -315,11 +189,6 @@ dp_vs_edit_dest(struct dp_vs_service *svc, struct dp_vs_dest_conf *udest) __dp_vs_update_dest(svc, dest, udest); - rte_rwlock_write_lock(&__dp_vs_svc_lock); - - /* Wait until all other svc users go away */ - DPVS_WAIT_WHILE(rte_atomic32_read(&svc->usecnt) > 1); - /* Update service weight */ svc->weight = svc->weight - old_weight + udest->weight; if (svc->weight < 0) { @@ -335,42 +204,25 @@ dp_vs_edit_dest(struct dp_vs_service *svc, struct dp_vs_dest_conf *udest) if (svc->scheduler->update_service) svc->scheduler->update_service(svc, dest, DPVS_SO_SET_EDITDEST); - rte_rwlock_write_unlock(&__dp_vs_svc_lock); - return EDPVS_OK; } -/* - * Delete a destination (must be already unlinked from the service) - */ -void __dp_vs_del_dest(struct dp_vs_dest *dest) +void dp_vs_dest_put(struct dp_vs_dest *dest) { - /* - * Decrease the refcnt of the dest, and free the dest - * if nobody refers to it (refcnt=0). Otherwise, throw - * the destination into the trash. - */ + if (!dest) + return; + if (rte_atomic32_dec_and_test(&dest->refcnt)) { - // dp_vs_dst_reset(dest); - /* simply decrease svc->refcnt here, let the caller check - and release the service if nobody refers to it. - Only user context can release destination and service, - and only one user context can update virtual service at a - time, so the operation here is OK */ - __dp_vs_unbind_svc(dest); - dp_vs_del_stats(dest->stats); + dp_vs_unbind_svc(dest); rte_free(dest); - } else { - RTE_LOG(DEBUG, SERVICE,"%s moving dest into trash\n", __func__); - list_add(&dest->n_list, &dp_vs_dest_trash); - rte_atomic32_inc(&dest->refcnt); + RTE_LOG(ERR, SERVICE, "%s delete rs\n", __func__); } } /* * Unlink a destination from the given service */ -void __dp_vs_unlink_dest(struct dp_vs_service *svc, +void dp_vs_unlink_dest(struct dp_vs_service *svc, struct dp_vs_dest *dest, int svcupd) { dest->flags &= ~DPVS_DEST_F_AVAILABLE; @@ -411,30 +263,20 @@ dp_vs_del_dest(struct dp_vs_service *svc, struct dp_vs_dest_conf *udest) return EDPVS_NOTEXIST; } - rte_rwlock_write_lock(&__dp_vs_svc_lock); - - /* - * Wait until all other svc users go away. - */ - DPVS_WAIT_WHILE(rte_atomic32_read(&svc->usecnt) > 1); - /* * Unlink dest from the service */ - __dp_vs_unlink_dest(svc, dest, 1); - - rte_rwlock_write_unlock(&__dp_vs_svc_lock); + dp_vs_unlink_dest(svc, dest, 1); /* * Delete the destination */ - __dp_vs_del_dest(dest); + dp_vs_dest_put(dest); return EDPVS_OK; } int dp_vs_get_dest_entries(const struct dp_vs_service *svc, - const struct dp_vs_get_dests *get, struct dp_vs_get_dests *uptr) { int ret = 0; @@ -442,8 +284,10 @@ int dp_vs_get_dest_entries(const struct dp_vs_service *svc, struct dp_vs_dest *dest; struct dp_vs_dest_entry entry; + uptr->cid = rte_lcore_id(); + uptr->num_dests = svc->num_dests; list_for_each_entry(dest, &svc->dests, n_list){ - if(count >= get->num_dests) + if(count >= svc->num_dests) break; memset(&entry, 0, sizeof(entry)); entry.af = dest->af; @@ -456,7 +300,9 @@ int dp_vs_get_dest_entries(const struct dp_vs_service *svc, entry.actconns = rte_atomic32_read(&dest->actconns); entry.inactconns = rte_atomic32_read(&dest->inactconns); entry.persistconns = rte_atomic32_read(&dest->persistconns); - ret = dp_vs_copy_stats(&(entry.stats), dest->stats); + ret = dp_vs_add_stats(&(entry.stats), &dest->stats); + if (ret != EDPVS_OK) + break; memcpy(&uptr->entrytable[count], &entry, sizeof(entry)); count++; @@ -472,6 +318,5 @@ int dp_vs_dest_init(void) int dp_vs_dest_term(void) { - dp_vs_trash_cleanup(); return EDPVS_OK; } diff --git a/src/ipvs/ip_vs_laddr.c b/src/ipvs/ip_vs_laddr.c index 9512e8ae9..ff4dec4ab 100644 --- a/src/ipvs/ip_vs_laddr.c +++ b/src/ipvs/ip_vs_laddr.c @@ -96,7 +96,6 @@ * It man not make sence to let #lcore bigger then #laddr. */ -/* laddr is configured with service instead of lcore */ struct dp_vs_laddr { int af; struct list_head list; /* svc->laddr_list elem */ @@ -155,9 +154,13 @@ static inline struct dp_vs_laddr *__get_laddr(struct dp_vs_service *svc) static inline void put_laddr(struct dp_vs_laddr *laddr) { - /* use lock if other field need by changed */ - rte_atomic32_dec(&laddr->refcnt); - return; + if (!laddr) + return; + + if (rte_atomic32_dec_and_test(&laddr->refcnt)) { + rte_free(laddr); + RTE_LOG(DEBUG, IPVS, "%s: delete laddr.\n", __func__); + } } int dp_vs_laddr_bind(struct dp_vs_conn *conn, struct dp_vs_service *svc) @@ -177,17 +180,12 @@ int dp_vs_laddr_bind(struct dp_vs_conn *conn, struct dp_vs_service *svc) /* * some time allocate lport fails for one laddr, * but there's also some resource on another laddr. - * use write lock since - * 1. __get_laddr will change svc->laddr_curr; - * 2. we uses svc->num_laddrs; */ - rte_rwlock_write_lock(&svc->laddr_lock); for (i = 0; i < dp_vs_laddr_max_trails && i < svc->num_laddrs; i++) { /* select a local IP from service */ laddr = __get_laddr(svc); if (!laddr) { RTE_LOG(ERR, IPVS, "%s: no laddr available.\n", __func__); - rte_rwlock_write_unlock(&svc->laddr_lock); return EDPVS_RESOURCE; } @@ -231,7 +229,6 @@ int dp_vs_laddr_bind(struct dp_vs_conn *conn, struct dp_vs_service *svc) : (((struct sockaddr_in6 *)&ssin)->sin6_port)); break; } - rte_rwlock_write_unlock(&svc->laddr_lock); if (!laddr || sport == 0) { #ifdef CONFIG_DPVS_IPVS_DEBUG @@ -315,7 +312,7 @@ int dp_vs_laddr_add(struct dp_vs_service *svc, new->af = af; new->addr = *addr; - rte_atomic32_init(&new->refcnt); + rte_atomic32_set(&new->refcnt, 1); rte_atomic32_init(&new->conn_counts); /* is the laddr bind to local interface ? */ @@ -325,10 +322,8 @@ int dp_vs_laddr_add(struct dp_vs_service *svc, return EDPVS_NOTEXIST; } - rte_rwlock_write_lock(&svc->laddr_lock); list_for_each_entry(curr, &svc->laddr_list, list) { if (af == curr->af && inet_addr_equal(af, &curr->addr, &new->addr)) { - rte_rwlock_write_unlock(&svc->laddr_lock); rte_free(new); return EDPVS_EXIST; } @@ -336,7 +331,6 @@ int dp_vs_laddr_add(struct dp_vs_service *svc, list_add_tail(&new->list, &svc->laddr_list); svc->num_laddrs++; - rte_rwlock_write_unlock(&svc->laddr_lock); return EDPVS_OK; } @@ -349,31 +343,18 @@ int dp_vs_laddr_del(struct dp_vs_service *svc, int af, const union inet_addr *ad if (!svc || !addr) return EDPVS_INVAL; - rte_rwlock_write_lock(&svc->laddr_lock); list_for_each_entry_safe(laddr, next, &svc->laddr_list, list) { if (!((af == laddr->af) && inet_addr_equal(af, &laddr->addr, addr))) continue; /* found */ - if (rte_atomic32_read(&laddr->refcnt) == 0) { - /* update svc->curr_laddr */ if (svc->laddr_curr == &laddr->list) - svc->laddr_curr = laddr->list.next; - list_del(&laddr->list); - rte_free(laddr); - svc->num_laddrs--; - err = EDPVS_OK; - } else { - /* XXX: move to trash list and implement an garbage collector, - * or just try del again ? */ - err = EDPVS_BUSY; - } - break; + svc->laddr_curr = laddr->list.next; + list_del(&laddr->list); + svc->num_laddrs--; + put_laddr(laddr); + err = EDPVS_OK; } - rte_rwlock_write_unlock(&svc->laddr_lock); - - if (err == EDPVS_BUSY) - RTE_LOG(DEBUG, IPVS, "%s: laddr is in use.\n", __func__); return err; } @@ -388,14 +369,11 @@ static int dp_vs_laddr_getall(struct dp_vs_service *svc, if (!svc || !addrs || !naddr) return EDPVS_INVAL; - rte_rwlock_write_lock(&svc->laddr_lock); - if (svc->num_laddrs > 0) { *naddr = svc->num_laddrs; *addrs = rte_malloc_socket(0, sizeof(struct dp_vs_laddr_entry) * svc->num_laddrs, RTE_CACHE_LINE_SIZE, rte_socket_id()); if (!(*addrs)) { - rte_rwlock_write_unlock(&svc->laddr_lock); return EDPVS_NOMEM; } @@ -412,7 +390,6 @@ static int dp_vs_laddr_getall(struct dp_vs_service *svc, *addrs = NULL; } - rte_rwlock_write_unlock(&svc->laddr_lock); return EDPVS_OK; } @@ -424,23 +401,14 @@ int dp_vs_laddr_flush(struct dp_vs_service *svc) if (!svc) return EDPVS_INVAL; - rte_rwlock_write_lock(&svc->laddr_lock); list_for_each_entry_safe(laddr, next, &svc->laddr_list, list) { - if (rte_atomic32_read(&laddr->refcnt) == 0) { - list_del(&laddr->list); - rte_free(laddr); - svc->num_laddrs--; - } else { - char buf[64]; - - if (inet_ntop(laddr->af, &laddr->addr, buf, sizeof(buf)) == NULL) - snprintf(buf, sizeof(buf), "::"); - - RTE_LOG(DEBUG, IPVS, "%s: laddr %s is in use.\n", __func__, buf); - err = EDPVS_BUSY; - } + if (svc->laddr_curr == &laddr->list) + svc->laddr_curr = laddr->list.next; + list_del(&laddr->list); + svc->num_laddrs--; + put_laddr(laddr); + err = EDPVS_OK; } - rte_rwlock_write_unlock(&svc->laddr_lock); return err; } @@ -448,24 +416,47 @@ int dp_vs_laddr_flush(struct dp_vs_service *svc) /* * for control plane */ + +static inline sockoptid_t set_opt_so2msg(int opt) +{ + return opt - SOCKOPT_LADDR_BASE + MSG_TYPE_SET_LADDR_BASE; +} + static int laddr_sockopt_set(sockoptid_t opt, const void *conf, size_t size) { const struct dp_vs_laddr_conf *laddr_conf = conf; struct dp_vs_service *svc; int err; struct dp_vs_match match; + lcoreid_t cid = rte_lcore_id(); + + // send to slave core + if (cid == rte_get_master_lcore()) { + struct dpvs_msg *msg; + + msg = msg_make(set_opt_so2msg(opt), 0, DPVS_MSG_MULTICAST, cid, size, conf); + if (!msg) + return EDPVS_NOMEM; + + err = multicast_msg_send(msg, 0, NULL); + /* go on in master core, not return */ + if (err != EDPVS_OK) + RTE_LOG(ERR, SERVICE, "[%s] fail to send multicast message\n", __func__); + msg_destroy(&msg); + } if (!conf && size < sizeof(*laddr_conf)) return EDPVS_INVAL; if (dp_vs_match_parse(laddr_conf->srange, laddr_conf->drange, laddr_conf->iifname, laddr_conf->oifname, - &match) != EDPVS_OK) + laddr_conf->af_s, &match) != EDPVS_OK) return EDPVS_INVAL; svc = dp_vs_service_lookup(laddr_conf->af_s, laddr_conf->proto, &laddr_conf->vaddr, laddr_conf->vport, - laddr_conf->fwmark, NULL, &match, NULL); + laddr_conf->fwmark, NULL, &match, + NULL, rte_lcore_id()); if (!svc) return EDPVS_NOSERV; @@ -485,73 +476,200 @@ static int laddr_sockopt_set(sockoptid_t opt, const void *conf, size_t size) break; } - dp_vs_service_put(svc); return err; } -static int laddr_sockopt_get(sockoptid_t opt, const void *conf, size_t size, - void **out, size_t *outsize) +static int get_msg_cb(struct dpvs_msg *msg) { - const struct dp_vs_laddr_conf *laddr_conf = conf; - struct dp_vs_laddr_conf *laddrs; - struct dp_vs_service *svc; - struct dp_vs_laddr_entry *addrs; - size_t naddr, i; - int err; + lcoreid_t cid = rte_lcore_id(); + struct dp_vs_laddr_conf *laddr_conf, *laddrs; struct dp_vs_match match; + struct dp_vs_laddr_entry *addrs; + struct dp_vs_service *svc; + size_t naddr; + int err, size, i; - if (!conf && size < sizeof(*laddr_conf)) - return EDPVS_INVAL; - + laddr_conf = (struct dp_vs_laddr_conf *)msg->data; if (dp_vs_match_parse(laddr_conf->srange, laddr_conf->drange, laddr_conf->iifname, laddr_conf->oifname, - &match) != EDPVS_OK) - return EDPVS_INVAL; - + laddr_conf->af_s, &match) != EDPVS_OK) { + return EDPVS_NOMEM; + } svc = dp_vs_service_lookup(laddr_conf->af_s, laddr_conf->proto, &laddr_conf->vaddr, laddr_conf->vport, - laddr_conf->fwmark, NULL, &match, NULL); - if (!svc) + laddr_conf->fwmark, NULL, &match, + NULL, cid); + if (!svc) { return EDPVS_NOSERV; + } + err = dp_vs_laddr_getall(svc, &addrs, &naddr); + if (err != EDPVS_OK) + return err; - switch (opt) { - case SOCKOPT_GET_LADDR_GETALL: - err = dp_vs_laddr_getall(svc, &addrs, &naddr); - if (err != EDPVS_OK) - break; - - *outsize = sizeof(*laddr_conf) + naddr * sizeof(struct dp_vs_laddr_entry); - *out = rte_malloc_socket(0, *outsize, RTE_CACHE_LINE_SIZE, rte_socket_id()); - if (!*out) { - if (addrs) - rte_free(addrs); - err = EDPVS_NOMEM; - break; - } + size = sizeof(*laddr_conf) + naddr * sizeof(struct dp_vs_laddr_entry); + laddrs = rte_malloc_socket(0, size, RTE_CACHE_LINE_SIZE, rte_socket_id()); + if (!laddrs) { + if (addrs) + rte_free(addrs); + return EDPVS_NOMEM; + } - laddrs = *out; - *laddrs = *laddr_conf; + *laddrs = *laddr_conf; + laddrs->nladdrs = naddr; + for (i = 0; i < naddr; i++) { + laddrs->laddrs[i].af = addrs[i].af; + laddrs->laddrs[i].addr = addrs[i].addr; + /* TODO: nport_conflict & nconns */ + laddrs->laddrs[i].nport_conflict = 0; + laddrs->laddrs[i].nconns = addrs[i].nconns; + } + if (addrs) + rte_free(addrs); - laddrs->nladdrs = naddr; - for (i = 0; i < naddr; i++) { - laddrs->laddrs[i].af = addrs[i].af; - laddrs->laddrs[i].addr = addrs[i].addr; - /* TODO: nport_conflict & nconns */ - laddrs->laddrs[i].nport_conflict = 0; - laddrs->laddrs[i].nconns = addrs[i].nconns; - } + msg->reply.len = size; + msg->reply.data = (void *)laddrs; + return EDPVS_OK; +} - if (addrs) - rte_free(addrs); - break; - default: - err = EDPVS_NOTSUPP; - break; +static int dp_vs_copy_percore_laddrs_stats(struct dp_vs_laddr_conf *master_laddrs, + struct dp_vs_laddr_conf *slave_laddrs) +{ + int i; + if (master_laddrs->nladdrs != slave_laddrs->nladdrs) + return EDPVS_INVAL; + for (i = 0; i < master_laddrs->nladdrs; i++) { + master_laddrs->laddrs[i].nport_conflict += slave_laddrs->laddrs[i].nport_conflict; + master_laddrs->laddrs[i].nconns += slave_laddrs->laddrs[i].nconns; } - dp_vs_service_put(svc); - return err; + return EDPVS_OK; +} + +static void opt2cpu(sockoptid_t opt, sockoptid_t *new_opt, lcoreid_t *cid) +{ + *cid = opt - SOCKOPT_GET_LADDR_GETALL; + *new_opt = SOCKOPT_GET_LADDR_GETALL; +} + +static int laddr_sockopt_get(sockoptid_t opt, const void *conf, size_t size, + void **out, size_t *outsize) +{ + const struct dp_vs_laddr_conf *laddr_conf = conf; + struct dp_vs_laddr_conf *laddrs, *get_msg; + struct dp_vs_service *svc; + struct dp_vs_laddr_entry *addrs; + size_t naddr, i; + int err; + struct dp_vs_match match; + struct dpvs_multicast_queue *reply = NULL; + struct dpvs_msg *msg, *cur; + uint8_t num_lcores = 0; + sockoptid_t new_opt; + lcoreid_t cid; + + netif_get_slave_lcores(&num_lcores, NULL); + opt2cpu(opt, &new_opt, &cid); + if (cid > num_lcores || new_opt > SOCKOPT_GET_LADDR_GETALL) + return EDPVS_INVAL; + + if (!conf && size < sizeof(*laddr_conf)) + return EDPVS_INVAL; + + switch (new_opt) { + case SOCKOPT_GET_LADDR_GETALL: + msg = msg_make(MSG_TYPE_LADDR_GET_ALL, 0, DPVS_MSG_MULTICAST, rte_lcore_id(), + sizeof(struct dp_vs_laddr_conf), laddr_conf); + if (!msg) + return EDPVS_NOMEM; + + err = multicast_msg_send(msg, 0, &reply); + if (err != EDPVS_OK) { + msg_destroy(&msg); + RTE_LOG(ERR, SERVICE, "%s: send message fail.\n", __func__); + return EDPVS_MSG_FAIL; + } + + if (cid == rte_get_master_lcore()) { + if (dp_vs_match_parse(laddr_conf->srange, laddr_conf->drange, + laddr_conf->iifname, laddr_conf->oifname, + laddr_conf->af_s, &match) != EDPVS_OK) { + msg_destroy(&msg); + return EDPVS_INVAL; + } + svc = dp_vs_service_lookup(laddr_conf->af_s, laddr_conf->proto, + &laddr_conf->vaddr, laddr_conf->vport, + laddr_conf->fwmark, NULL, &match, NULL, cid); + if (!svc) { + msg_destroy(&msg); + return EDPVS_NOSERV; + } + + err = dp_vs_laddr_getall(svc, &addrs, &naddr); + if (err != EDPVS_OK) { + msg_destroy(&msg); + return err; + } + + *outsize = sizeof(*laddr_conf) + naddr * sizeof(struct dp_vs_laddr_entry); + *out = rte_malloc_socket(0, *outsize, RTE_CACHE_LINE_SIZE, rte_socket_id()); + if (!*out) { + if (addrs) + rte_free(addrs); + msg_destroy(&msg); + return EDPVS_NOMEM; + } + + laddrs = *out; + *laddrs = *laddr_conf; + + laddrs->nladdrs = naddr; + for (i = 0; i < naddr; i++) { + laddrs->laddrs[i].af = addrs[i].af; + laddrs->laddrs[i].addr = addrs[i].addr; + /* TODO: nport_conflict & nconns */ + laddrs->laddrs[i].nport_conflict = 0; + laddrs->laddrs[i].nconns = addrs[i].nconns; + } + if (addrs) + rte_free(addrs); + + list_for_each_entry(cur, &reply->mq, mq_node) { + get_msg = (struct dp_vs_laddr_conf *)(cur->data); + err = dp_vs_copy_percore_laddrs_stats(laddrs, get_msg); + if (err != EDPVS_OK) { + msg_destroy(&msg); + rte_free(out); + *out = NULL; + return err; + } + } + msg_destroy(&msg); + return EDPVS_OK; + + } else { + list_for_each_entry(cur, &reply->mq, mq_node) { + get_msg = (struct dp_vs_laddr_conf *)(cur->data); + if (cid == get_msg->cid) { + *outsize = sizeof(*laddr_conf) + \ + get_msg->nladdrs * sizeof(struct dp_vs_laddr_entry); + *out = rte_malloc_socket(0, *outsize, RTE_CACHE_LINE_SIZE, rte_socket_id()); + if (!*out) { + msg_destroy(&msg); + return EDPVS_NOMEM; + } + rte_memcpy(*out, get_msg, *outsize); + msg_destroy(&msg); + return EDPVS_OK; + } + } + RTE_LOG(ERR, SERVICE, "%s: find no laddr for cid=%d.\n", __func__, cid); + msg_destroy(&msg); + return EDPVS_NOTEXIST; + } + default: + return EDPVS_NOTSUPP; + } } static struct dpvs_sockopts laddr_sockopts = { @@ -560,13 +678,77 @@ static struct dpvs_sockopts laddr_sockopts = { .set_opt_max = SOCKOPT_SET_LADDR_FLUSH, .set = laddr_sockopt_set, .get_opt_min = SOCKOPT_GET_LADDR_GETALL, - .get_opt_max = SOCKOPT_GET_LADDR_GETALL, + .get_opt_max = SOCKOPT_GET_LADDR_MAX, .get = laddr_sockopt_get, }; +static int add_msg_cb(struct dpvs_msg *msg) +{ + return laddr_sockopt_set(SOCKOPT_SET_LADDR_ADD, msg->data, msg->len); +} + +static int del_msg_cb(struct dpvs_msg *msg) +{ + return laddr_sockopt_set(SOCKOPT_SET_LADDR_DEL, msg->data, msg->len); +} + +static int flush_msg_cb(struct dpvs_msg *msg) +{ + return laddr_sockopt_set(SOCKOPT_SET_LADDR_FLUSH, msg->data, msg->len); +} + int dp_vs_laddr_init(void) { int err; + struct dpvs_msg_type msg_type; + + memset(&msg_type, 0, sizeof(struct dpvs_msg_type)); + msg_type.type = MSG_TYPE_LADDR_SET_ADD; + msg_type.mode = DPVS_MSG_MULTICAST; + msg_type.prio = MSG_PRIO_NORM; + msg_type.cid = rte_lcore_id(); + msg_type.unicast_msg_cb = add_msg_cb; + err = msg_type_mc_register(&msg_type); + if (err != EDPVS_OK) { + RTE_LOG(ERR, SERVICE, "%s: fail to register msg.\n", __func__); + return err; + } + + memset(&msg_type, 0, sizeof(struct dpvs_msg_type)); + msg_type.type = MSG_TYPE_LADDR_SET_DEL; + msg_type.mode = DPVS_MSG_MULTICAST; + msg_type.prio = MSG_PRIO_NORM; + msg_type.cid = rte_lcore_id(); + msg_type.unicast_msg_cb = del_msg_cb; + err = msg_type_mc_register(&msg_type); + if (err != EDPVS_OK) { + RTE_LOG(ERR, SERVICE, "%s: fail to register msg.\n", __func__); + return err; + } + + memset(&msg_type, 0, sizeof(struct dpvs_msg_type)); + msg_type.type = MSG_TYPE_LADDR_SET_FLUSH; + msg_type.mode = DPVS_MSG_MULTICAST; + msg_type.prio = MSG_PRIO_NORM; + msg_type.cid = rte_lcore_id(); + msg_type.unicast_msg_cb = flush_msg_cb; + err = msg_type_mc_register(&msg_type); + if (err != EDPVS_OK) { + RTE_LOG(ERR, SERVICE, "%s: fail to register msg.\n", __func__); + return err; + } + + memset(&msg_type, 0, sizeof(struct dpvs_msg_type)); + msg_type.type = MSG_TYPE_LADDR_GET_ALL; + msg_type.mode = DPVS_MSG_MULTICAST; + msg_type.prio = MSG_PRIO_NORM; + msg_type.cid = rte_lcore_id(); + msg_type.unicast_msg_cb = get_msg_cb; + err = msg_type_mc_register(&msg_type); + if (err != EDPVS_OK) { + RTE_LOG(ERR, SERVICE, "%s: fail to register msg.\n", __func__); + return err; + } if ((err = sockopt_register(&laddr_sockopts)) != EDPVS_OK) return err; diff --git a/src/ipvs/ip_vs_proto_icmp.c b/src/ipvs/ip_vs_proto_icmp.c index 3e8cdc081..01bfb46f3 100644 --- a/src/ipvs/ip_vs_proto_icmp.c +++ b/src/ipvs/ip_vs_proto_icmp.c @@ -99,8 +99,8 @@ static int icmp_conn_sched(struct dp_vs_proto *proto, return EDPVS_INVPKT; } - svc = dp_vs_service_lookup(iph->af, iph->proto, - &iph->daddr, 0, 0, mbuf, NULL, &outwall); + svc = dp_vs_service_lookup(iph->af, iph->proto, &iph->daddr, 0, 0, + mbuf, NULL, &outwall, rte_lcore_id()); if (!svc) { *verdict = INET_ACCEPT; return EDPVS_NOSERV; @@ -109,12 +109,10 @@ static int icmp_conn_sched(struct dp_vs_proto *proto, /* schedule RS and create new connection */ *conn = dp_vs_schedule(svc, iph, mbuf, false, outwall); if (!*conn) { - dp_vs_service_put(svc); *verdict = INET_DROP; return EDPVS_RESOURCE; } - dp_vs_service_put(svc); return EDPVS_OK; } diff --git a/src/ipvs/ip_vs_proto_tcp.c b/src/ipvs/ip_vs_proto_tcp.c index 27c04476c..3b6155c00 100644 --- a/src/ipvs/ip_vs_proto_tcp.c +++ b/src/ipvs/ip_vs_proto_tcp.c @@ -590,7 +590,8 @@ static int tcp_conn_sched(struct dp_vs_proto *proto, /* Drop tcp packet which is send to vip and !vport */ if (g_defence_tcp_drop && - (svc = dp_vs_lookup_vip(iph->af, iph->proto, &iph->daddr))) { + (svc = dp_vs_lookup_vip(iph->af, iph->proto, + &iph->daddr, rte_lcore_id()))) { dp_vs_estats_inc(DEFENCE_TCP_DROP); *verdict = INET_DROP; return EDPVS_INVPKT; @@ -600,12 +601,13 @@ static int tcp_conn_sched(struct dp_vs_proto *proto, return EDPVS_INVAL; } - svc = dp_vs_service_lookup(iph->af, iph->proto, - &iph->daddr, th->dest, 0, mbuf, NULL, &outwall); + svc = dp_vs_service_lookup(iph->af, iph->proto, &iph->daddr, th->dest, + 0, mbuf, NULL, &outwall, rte_lcore_id()); if (!svc) { /* Drop tcp packet which is send to vip and !vport */ if (g_defence_tcp_drop && - (svc = dp_vs_lookup_vip(iph->af, iph->proto, &iph->daddr))) { + (svc = dp_vs_lookup_vip(iph->af, iph->proto, + &iph->daddr, rte_lcore_id()))) { dp_vs_estats_inc(DEFENCE_TCP_DROP); *verdict = INET_DROP; return EDPVS_INVPKT; @@ -616,13 +618,10 @@ static int tcp_conn_sched(struct dp_vs_proto *proto, *conn = dp_vs_schedule(svc, iph, mbuf, false, outwall); if (!*conn) { - dp_vs_service_put(svc); *verdict = INET_DROP; return EDPVS_RESOURCE; } - dp_vs_service_put(svc); - return EDPVS_OK; } diff --git a/src/ipvs/ip_vs_proto_udp.c b/src/ipvs/ip_vs_proto_udp.c index eeb724ab6..2dd6b103d 100644 --- a/src/ipvs/ip_vs_proto_udp.c +++ b/src/ipvs/ip_vs_proto_udp.c @@ -160,8 +160,8 @@ static int udp_conn_sched(struct dp_vs_proto *proto, } /* lookup service */ - svc = dp_vs_service_lookup(iph->af, iph->proto, - &iph->daddr, uh->dst_port, 0, mbuf, NULL, &outwall); + svc = dp_vs_service_lookup(iph->af, iph->proto, &iph->daddr, + uh->dst_port, 0, mbuf, NULL, &outwall, rte_lcore_id()); if (!svc) { *verdict = INET_ACCEPT; return EDPVS_NOSERV; @@ -170,7 +170,6 @@ static int udp_conn_sched(struct dp_vs_proto *proto, /* schedule RS and create new connection */ *conn = dp_vs_schedule(svc, iph, mbuf, false, outwall); if (!*conn) { - dp_vs_service_put(svc); *verdict = INET_DROP; return EDPVS_RESOURCE; } @@ -190,7 +189,6 @@ static int udp_conn_sched(struct dp_vs_proto *proto, } } - dp_vs_service_put(svc); return EDPVS_OK; } diff --git a/src/ipvs/ip_vs_rr.c b/src/ipvs/ip_vs_rr.c index 234f859f4..06f3e6fb4 100644 --- a/src/ipvs/ip_vs_rr.c +++ b/src/ipvs/ip_vs_rr.c @@ -40,8 +40,6 @@ static struct dp_vs_dest *dp_vs_rr_schedule(struct dp_vs_service *svc, struct list_head *p, *q; struct dp_vs_dest *dest; - rte_rwlock_write_lock(&svc->sched_lock); - p = (struct list_head *)svc->sched_data; p = p->next; q = p; @@ -59,13 +57,11 @@ static struct dp_vs_dest *dp_vs_rr_schedule(struct dp_vs_service *svc, goto out; q = q->next; } while (q != p); - rte_rwlock_write_unlock(&svc->sched_lock); return NULL; out: svc->sched_data = q; - rte_rwlock_write_unlock(&svc->sched_lock); return dest; } diff --git a/src/ipvs/ip_vs_service.c b/src/ipvs/ip_vs_service.c index 60a8637ee..056f812f1 100644 --- a/src/ipvs/ip_vs_service.c +++ b/src/ipvs/ip_vs_service.c @@ -15,6 +15,10 @@ * GNU General Public License for more details. * */ +/* + * svc will not be changed during svc get(svc is per core); + * but conn will hold dest and dest will hold svc. so we need refcnt + */ #include #include #include "inet.h" @@ -33,7 +37,7 @@ #include "neigh.h" #include "ipset.h" -static int dp_vs_num_services = 0; +static rte_atomic16_t dp_vs_num_services[DPVS_MAX_LCORE]; /** * hash table for svc @@ -42,13 +46,13 @@ static int dp_vs_num_services = 0; #define DP_VS_SVC_TAB_SIZE (1 << DP_VS_SVC_TAB_BITS) #define DP_VS_SVC_TAB_MASK (DP_VS_SVC_TAB_SIZE - 1) -static struct list_head dp_vs_svc_table[DP_VS_SVC_TAB_SIZE]; +static struct list_head dp_vs_svc_table[DPVS_MAX_LCORE][DP_VS_SVC_TAB_SIZE]; -static struct list_head dp_vs_svc_fwm_table[DP_VS_SVC_TAB_SIZE]; +static struct list_head dp_vs_svc_fwm_table[DPVS_MAX_LCORE][DP_VS_SVC_TAB_SIZE]; -static struct list_head dp_vs_svc_match_list; +static struct list_head dp_vs_svc_match_list[DPVS_MAX_LCORE]; -static inline unsigned dp_vs_svc_hashkey(int af, unsigned proto, const union inet_addr *addr) +static inline int dp_vs_svc_hashkey(int af, unsigned proto, const union inet_addr *addr) { uint32_t addr_fold; @@ -56,7 +60,7 @@ static inline unsigned dp_vs_svc_hashkey(int af, unsigned proto, const union ine if (!addr_fold) { RTE_LOG(DEBUG, SERVICE, "%s: IP proto not support.\n", __func__); - return 0; + return EDPVS_INVAL; } return (proto ^ rte_be_to_cpu_32(addr_fold)) & DP_VS_SVC_TAB_MASK; @@ -67,9 +71,9 @@ static inline unsigned dp_vs_svc_fwm_hashkey(uint32_t fwmark) return fwmark & DP_VS_SVC_TAB_MASK; } -static int dp_vs_svc_hash(struct dp_vs_service *svc) +static int dp_vs_svc_hash(struct dp_vs_service *svc, lcoreid_t cid) { - unsigned hash; + int hash; if (svc->flags & DP_VS_SVC_F_HASHED){ RTE_LOG(DEBUG, SERVICE, "%s: request for already hashed.\n", __func__); @@ -78,19 +82,21 @@ static int dp_vs_svc_hash(struct dp_vs_service *svc) if (svc->fwmark) { hash = dp_vs_svc_fwm_hashkey(svc->fwmark); - list_add(&svc->f_list, &dp_vs_svc_fwm_table[hash]); + list_add(&svc->f_list, &dp_vs_svc_fwm_table[cid][hash]); } else if (svc->match) { - list_add(&svc->m_list, &dp_vs_svc_match_list); + list_add(&svc->m_list, &dp_vs_svc_match_list[cid]); } else { /* * Hash it by in dp_vs_svc_table */ hash = dp_vs_svc_hashkey(svc->af, svc->proto, &svc->addr); - list_add(&svc->s_list, &dp_vs_svc_table[hash]); + if (hash < 0) + return EDPVS_INVAL; + + list_add(&svc->s_list, &dp_vs_svc_table[cid][hash]); } svc->flags |= DP_VS_SVC_F_HASHED; - rte_atomic32_inc(&svc->refcnt); return EDPVS_OK; } @@ -109,24 +115,24 @@ static int dp_vs_svc_unhash(struct dp_vs_service *svc) list_del(&svc->s_list); svc->flags &= ~DP_VS_SVC_F_HASHED; - rte_atomic32_dec(&svc->refcnt); return EDPVS_OK; } -struct dp_vs_service *__dp_vs_service_get(int af, uint16_t protocol, +static struct dp_vs_service *__dp_vs_service_get(int af, uint16_t protocol, const union inet_addr *vaddr, - uint16_t vport) + uint16_t vport, lcoreid_t cid) { - unsigned hash; + int hash; struct dp_vs_service *svc; hash = dp_vs_svc_hashkey(af, protocol, vaddr); - list_for_each_entry(svc, &dp_vs_svc_table[hash], s_list){ + if (hash < 0) + return NULL; + list_for_each_entry(svc, &dp_vs_svc_table[cid][hash], s_list){ if ((svc->af == af) && inet_addr_equal(af, &svc->addr, vaddr) && (svc->port == vport) && (svc->proto == protocol)) { - rte_atomic32_inc(&svc->usecnt); return svc; } } @@ -134,7 +140,7 @@ struct dp_vs_service *__dp_vs_service_get(int af, uint16_t protocol, return NULL; } -struct dp_vs_service *__dp_vs_svc_fwm_get(int af, uint32_t fwmark) +static struct dp_vs_service *__dp_vs_svc_fwm_get(int af, uint32_t fwmark, lcoreid_t cid) { unsigned hash; struct dp_vs_service *svc; @@ -142,10 +148,9 @@ struct dp_vs_service *__dp_vs_svc_fwm_get(int af, uint32_t fwmark) /* Check for fwmark addressed entries */ hash = dp_vs_svc_fwm_hashkey(fwmark); - list_for_each_entry(svc, &dp_vs_svc_fwm_table[hash], f_list) { + list_for_each_entry(svc, &dp_vs_svc_fwm_table[cid][hash], f_list) { if (svc->fwmark == fwmark && svc->af == af) { /* HIT */ - rte_atomic32_inc(&svc->usecnt); return svc; } } @@ -191,7 +196,7 @@ static inline bool __svc_in_range(int af, } static struct dp_vs_service * -__dp_vs_svc_match_get4(const struct rte_mbuf *mbuf, bool *outwall) +__dp_vs_svc_match_get4(const struct rte_mbuf *mbuf, bool *outwall, lcoreid_t cid) { struct route_entry *rt = mbuf->userdata; struct ipv4_hdr *iph = ip4_hdr(mbuf); /* ipv4 only */ @@ -234,7 +239,7 @@ __dp_vs_svc_match_get4(const struct rte_mbuf *mbuf, bool *outwall) route4_put(rt); } - list_for_each_entry(svc, &dp_vs_svc_match_list, m_list) { + list_for_each_entry(svc, &dp_vs_svc_match_list[cid], m_list) { struct dp_vs_match *m = svc->match; struct netif_port *idev, *odev; assert(m); @@ -251,7 +256,6 @@ __dp_vs_svc_match_get4(const struct rte_mbuf *mbuf, bool *outwall) (!idev || idev->id == mbuf->port) && (!odev || odev->id == oif) ) { - rte_atomic32_inc(&svc->usecnt); return svc; } } @@ -260,7 +264,7 @@ __dp_vs_svc_match_get4(const struct rte_mbuf *mbuf, bool *outwall) } static struct dp_vs_service * -__dp_vs_svc_match_get6(const struct rte_mbuf *mbuf) +__dp_vs_svc_match_get6(const struct rte_mbuf *mbuf, lcoreid_t cid) { struct route6 *rt = mbuf->userdata; struct ip6_hdr *iph = ip6_hdr(mbuf); @@ -304,7 +308,7 @@ __dp_vs_svc_match_get6(const struct rte_mbuf *mbuf) route6_put(rt); } - list_for_each_entry(svc, &dp_vs_svc_match_list, m_list) { + list_for_each_entry(svc, &dp_vs_svc_match_list[cid], m_list) { struct dp_vs_match *m = svc->match; struct netif_port *idev, *odev; assert(m); @@ -323,7 +327,6 @@ __dp_vs_svc_match_get6(const struct rte_mbuf *mbuf) (!idev || idev->id == mbuf->port) && (!odev || odev->id == oif) ) { - rte_atomic32_inc(&svc->usecnt); return svc; } } @@ -332,19 +335,19 @@ __dp_vs_svc_match_get6(const struct rte_mbuf *mbuf) } static struct dp_vs_service * -__dp_vs_svc_match_get(int af, const struct rte_mbuf *mbuf, bool *outwall) +__dp_vs_svc_match_get(int af, const struct rte_mbuf *mbuf, bool *outwall, lcoreid_t cid) { if (af == AF_INET) - return __dp_vs_svc_match_get4(mbuf, outwall); + return __dp_vs_svc_match_get4(mbuf, outwall, cid); else if (af == AF_INET6) - return __dp_vs_svc_match_get6(mbuf); + return __dp_vs_svc_match_get6(mbuf, cid); else return NULL; } int dp_vs_match_parse(const char *srange, const char *drange, const char *iifname, const char *oifname, - struct dp_vs_match *match) + int af, struct dp_vs_match *match) { int err; @@ -362,6 +365,13 @@ int dp_vs_match_parse(const char *srange, const char *drange, return err; } + if (match->af && af && match->af != af) + return EDPVS_INVAL; + + // no range param + if (!match->af) + match->af = af; + snprintf(match->iifname, IFNAMSIZ, "%s", iifname ? : ""); snprintf(match->oifname, IFNAMSIZ, "%s", oifname ? : ""); @@ -369,19 +379,19 @@ int dp_vs_match_parse(const char *srange, const char *drange, } static struct dp_vs_service * -__dp_vs_svc_match_find(int af, uint8_t proto, const struct dp_vs_match *match) +__dp_vs_svc_match_find(int af, uint8_t proto, const struct dp_vs_match *match, + lcoreid_t cid) { struct dp_vs_service *svc; if (!match || is_empty_match(match)) return NULL; - list_for_each_entry(svc, &dp_vs_svc_match_list, m_list) { + list_for_each_entry(svc, &dp_vs_svc_match_list[cid], m_list) { assert(svc->match); if (af == svc->af && proto == svc->proto && memcmp(match, svc->match, sizeof(struct dp_vs_match)) == 0) { - rte_atomic32_inc(&svc->usecnt); return svc; } } @@ -394,27 +404,24 @@ struct dp_vs_service *dp_vs_service_lookup(int af, uint16_t protocol, uint16_t vport, uint32_t fwmark, const struct rte_mbuf *mbuf, const struct dp_vs_match *match, - bool *outwall) + bool *outwall, lcoreid_t cid) { struct dp_vs_service *svc = NULL; - rte_rwlock_read_lock(&__dp_vs_svc_lock); - - if (fwmark && (svc = __dp_vs_svc_fwm_get(af, fwmark))) + if (fwmark && (svc = __dp_vs_svc_fwm_get(af, fwmark, cid))) goto out; - if ((svc = __dp_vs_service_get(af, protocol, vaddr, vport))) + if ((svc = __dp_vs_service_get(af, protocol, vaddr, vport, cid))) goto out; if (match && !is_empty_match(match)) - if ((svc = __dp_vs_svc_match_find(af, protocol, match))) + if ((svc = __dp_vs_svc_match_find(af, protocol, match, cid))) goto out; if (mbuf) /* lowest priority */ - svc = __dp_vs_svc_match_get(af, mbuf, outwall); + svc = __dp_vs_svc_match_get(af, mbuf, outwall, cid); out: - rte_rwlock_read_unlock(&__dp_vs_svc_lock); #ifdef CONFIG_DPVS_MBUF_DEBUG if (!svc && mbuf) dp_vs_mbuf_dump("found service failed.", af, mbuf); @@ -424,50 +431,58 @@ struct dp_vs_service *dp_vs_service_lookup(int af, uint16_t protocol, struct dp_vs_service *dp_vs_lookup_vip(int af, uint16_t protocol, - const union inet_addr *vaddr) + const union inet_addr *vaddr, + lcoreid_t cid) { struct dp_vs_service *svc; - unsigned hash; - - rte_rwlock_read_lock(&__dp_vs_svc_lock); + int hash; hash = dp_vs_svc_hashkey(af, protocol, vaddr); - list_for_each_entry(svc, &dp_vs_svc_table[hash], s_list) { + if (hash < 0) + return NULL; + list_for_each_entry(svc, &dp_vs_svc_table[cid][hash], s_list) { if ((svc->af == af) && inet_addr_equal(af, &svc->addr, vaddr) && (svc->proto == protocol)) { /* HIT */ - rte_rwlock_read_unlock(&__dp_vs_svc_lock); return svc; } } - rte_rwlock_read_unlock(&__dp_vs_svc_lock); return NULL; } void -__dp_vs_bind_svc(struct dp_vs_dest *dest, struct dp_vs_service *svc) +dp_vs_bind_svc(struct dp_vs_dest *dest, struct dp_vs_service *svc) { rte_atomic32_inc(&svc->refcnt); dest->svc = svc; } -void __dp_vs_unbind_svc(struct dp_vs_dest *dest) +void dp_vs_svc_put(struct dp_vs_service *svc) { - struct dp_vs_service *svc = dest->svc; + if (!svc) + return; - dest->svc = NULL; if (rte_atomic32_dec_and_test(&svc->refcnt)) { - dp_vs_del_stats(svc->stats); if (svc->match) rte_free(svc->match); rte_free(svc); - } + RTE_LOG(DEBUG, SERVICE, "%s: delete svc.\n", __func__); + } +} + +void dp_vs_unbind_svc(struct dp_vs_dest *dest) +{ + if (!dest->svc) + return; + dp_vs_svc_put(dest->svc); + dest->svc = NULL; } -int dp_vs_add_service(struct dp_vs_service_conf *u, - struct dp_vs_service **svc_p) +static int dp_vs_add_service(struct dp_vs_service_conf *u, + struct dp_vs_service **svc_p, + lcoreid_t cid) { int ret = 0; int size; @@ -476,7 +491,7 @@ int dp_vs_add_service(struct dp_vs_service_conf *u, if (!u->fwmark && inet_is_addr_any(u->af, &u->addr) && !u->port && is_empty_match(&u->match)) { - RTE_LOG(ERR, SERVICE, "%s: adding empty servive\n", __func__); + RTE_LOG(ERR, SERVICE, "%s: adding inval servive\n", __func__); return EDPVS_INVAL; } @@ -492,8 +507,6 @@ int dp_vs_add_service(struct dp_vs_service_conf *u, RTE_LOG(ERR, SERVICE, "%s: no memory.\n", __func__); return EDPVS_NOMEM; } - rte_atomic32_set(&svc->usecnt, 1); - rte_atomic32_set(&svc->refcnt, 1); svc->af = u->af; svc->proto = u->protocol; @@ -517,28 +530,23 @@ int dp_vs_add_service(struct dp_vs_service_conf *u, *(svc->match) = u->match; } - rte_rwlock_init(&svc->laddr_lock); INIT_LIST_HEAD(&svc->laddr_list); svc->num_laddrs = 0; svc->laddr_curr = &svc->laddr_list; INIT_LIST_HEAD(&svc->dests); - rte_rwlock_init(&svc->sched_lock); ret = dp_vs_bind_scheduler(svc, sched); if (ret) goto out_err; sched = NULL; - ret = dp_vs_new_stats(&(svc->stats)); - if(ret) - goto out_err; - - dp_vs_num_services++; + rte_atomic16_inc(&dp_vs_num_services[cid]); - rte_rwlock_write_lock(&__dp_vs_svc_lock); - dp_vs_svc_hash(svc); - rte_rwlock_write_unlock(&__dp_vs_svc_lock); + ret = dp_vs_svc_hash(svc, cid); + if (ret != EDPVS_OK) + return ret; + rte_atomic32_set(&svc->refcnt, 1); *svc_p = svc; return EDPVS_OK; @@ -547,7 +555,6 @@ int dp_vs_add_service(struct dp_vs_service_conf *u, if(svc != NULL) { if (svc->scheduler) dp_vs_unbind_scheduler(svc); - dp_vs_del_stats(svc->stats); if (svc->match) rte_free(svc->match); rte_free(svc); @@ -555,8 +562,7 @@ int dp_vs_add_service(struct dp_vs_service_conf *u, return ret; } -int -dp_vs_edit_service(struct dp_vs_service *svc, struct dp_vs_service_conf *u) +static int dp_vs_edit_service(struct dp_vs_service *svc, struct dp_vs_service_conf *u) { struct dp_vs_scheduler *sched, *old_sched; int ret = 0; @@ -576,13 +582,6 @@ dp_vs_edit_service(struct dp_vs_service *svc, struct dp_vs_service_conf *u) goto out; } - rte_rwlock_write_lock(&__dp_vs_svc_lock); - - /* - * Wait until all other svc users go away. - */ - DPVS_WAIT_WHILE(rte_atomic32_read(&svc->usecnt) > 1); - /* * Set the flags and timeout value */ @@ -600,7 +599,7 @@ dp_vs_edit_service(struct dp_vs_service *svc, struct dp_vs_service_conf *u) */ if ((ret = dp_vs_unbind_scheduler(svc))) { old_sched = sched; - goto out_unlock; + goto out; } /* @@ -619,23 +618,20 @@ dp_vs_edit_service(struct dp_vs_service *svc, struct dp_vs_service_conf *u) */ dp_vs_bind_scheduler(svc, old_sched); old_sched = sched; - goto out_unlock; + goto out; } } -out_unlock: - rte_rwlock_write_unlock(&__dp_vs_svc_lock); out: return ret; } - static void __dp_vs_del_service(struct dp_vs_service *svc) { struct dp_vs_dest *dest, *nxt; /* Count only IPv4 services for old get/setsockopt interface */ - dp_vs_num_services--; + rte_atomic16_dec(&dp_vs_num_services[rte_lcore_id()]); /* Unbind scheduler */ dp_vs_unbind_scheduler(svc); @@ -648,23 +644,17 @@ static void __dp_vs_del_service(struct dp_vs_service *svc) * Unlink the whole destination list */ list_for_each_entry_safe(dest, nxt, &svc->dests, n_list) { - DPVS_WAIT_WHILE(rte_atomic32_read(&svc->usecnt) > 1); - __dp_vs_unlink_dest(svc, dest, 0); - __dp_vs_del_dest(dest); + dp_vs_unlink_dest(svc, dest, 0); + dp_vs_dest_put(dest); } /* * Free the service if nobody refers to it */ - if (rte_atomic32_dec_and_test(&svc->refcnt)) { - dp_vs_del_stats(svc->stats); - if (svc->match) - rte_free(svc->match); - rte_free(svc); - } + dp_vs_svc_put(svc); } -int dp_vs_del_service(struct dp_vs_service *svc) +static int dp_vs_del_service(struct dp_vs_service *svc) { if (svc == NULL) return EDPVS_NOTEXIST; @@ -672,19 +662,13 @@ int dp_vs_del_service(struct dp_vs_service *svc) /* * Unhash it from the service table */ - rte_rwlock_write_lock(&__dp_vs_svc_lock); - dp_vs_svc_unhash(svc); - + /* * Wait until all the svc users go away. */ - DPVS_WAIT_WHILE(rte_atomic32_read(&svc->usecnt) > 1); - __dp_vs_del_service(svc); - rte_rwlock_write_unlock(&__dp_vs_svc_lock); - return EDPVS_OK; } @@ -708,8 +692,9 @@ dp_vs_copy_service(struct dp_vs_service_entry *dst, struct dp_vs_service *src) dst->netmask = src->netmask; dst->num_dests = src->num_dests; dst->num_laddrs = src->num_laddrs; + dst->cid = rte_lcore_id(); - err = dp_vs_copy_stats(&dst->stats, src->stats); + err = dp_vs_add_stats(&dst->stats, &src->stats); m = src->match; if (!m) @@ -724,16 +709,19 @@ dp_vs_copy_service(struct dp_vs_service_entry *dst, struct dp_vs_service *src) return err; } -int dp_vs_get_service_entries(const struct dp_vs_get_services *get, - struct dp_vs_get_services *uptr) +static int dp_vs_get_service_entries(int num_services, + struct dp_vs_get_services *uptr, + lcoreid_t cid) { int idx, count = 0; struct dp_vs_service *svc; int ret = 0; + uptr->cid = cid; + uptr->num_services = num_services; for (idx = 0; idx < DP_VS_SVC_TAB_SIZE; idx++) { - list_for_each_entry(svc, &dp_vs_svc_table[idx], s_list){ - if (count >= get->num_services) + list_for_each_entry(svc, &dp_vs_svc_table[cid][idx], s_list){ + if (count >= num_services) goto out; ret = dp_vs_copy_service(&uptr->entrytable[count], svc); if (ret != EDPVS_OK) @@ -743,8 +731,8 @@ int dp_vs_get_service_entries(const struct dp_vs_get_services *get, } for (idx = 0; idx < DP_VS_SVC_TAB_SIZE; idx++) { - list_for_each_entry(svc, &dp_vs_svc_fwm_table[idx], f_list) { - if (count >= get->num_services) + list_for_each_entry(svc, &dp_vs_svc_fwm_table[cid][idx], f_list) { + if (count >= num_services) goto out; ret = dp_vs_copy_service(&uptr->entrytable[count], svc); if (ret != EDPVS_OK) @@ -753,8 +741,8 @@ int dp_vs_get_service_entries(const struct dp_vs_get_services *get, } } - list_for_each_entry(svc, &dp_vs_svc_match_list, m_list) { - if (count >= get->num_services) + list_for_each_entry(svc, &dp_vs_svc_match_list[cid], m_list) { + if (count >= num_services) goto out; ret = dp_vs_copy_service(&uptr->entrytable[count], svc); if (ret != EDPVS_OK) @@ -762,6 +750,8 @@ int dp_vs_get_service_entries(const struct dp_vs_get_services *get, count++; } + if (count < num_services) + ret = EDPVS_INVAL; out: return ret; } @@ -777,7 +767,7 @@ unsigned dp_vs_get_conn_timeout(struct dp_vs_conn *conn) return 90; } -int dp_vs_flush(void) +static int dp_vs_flush(lcoreid_t cid) { int idx; struct dp_vs_service *svc, *nxt; @@ -786,16 +776,9 @@ int dp_vs_flush(void) * Flush the service table hashed by */ for (idx = 0; idx < DP_VS_SVC_TAB_SIZE; idx++) { - list_for_each_entry_safe(svc, nxt, &dp_vs_svc_table[idx], + list_for_each_entry_safe(svc, nxt, &dp_vs_svc_table[cid][idx], s_list) { - rte_rwlock_write_lock(&__dp_vs_svc_lock); - dp_vs_svc_unhash(svc); - /* - * Wait until all the svc users go away. - */ - DPVS_WAIT_WHILE(rte_atomic32_read(&svc->usecnt) > 0); - __dp_vs_del_service(svc); - rte_rwlock_write_unlock(&__dp_vs_svc_lock); + dp_vs_del_service(svc); } } @@ -804,76 +787,59 @@ int dp_vs_flush(void) */ for (idx = 0; idx < DP_VS_SVC_TAB_SIZE; idx++) { list_for_each_entry_safe(svc, nxt, - &dp_vs_svc_fwm_table[idx], f_list) { - rte_rwlock_write_lock(&__dp_vs_svc_lock); - dp_vs_svc_unhash(svc); - /* - * Wait until all the svc users go away. - */ - DPVS_WAIT_WHILE(rte_atomic32_read(&svc->usecnt) > 0); - __dp_vs_del_service(svc); - rte_rwlock_write_unlock(&__dp_vs_svc_lock); + &dp_vs_svc_fwm_table[cid][idx], f_list) { + dp_vs_del_service(svc); } } list_for_each_entry_safe(svc, nxt, - &dp_vs_svc_match_list, m_list) { - rte_rwlock_write_lock(&__dp_vs_svc_lock); - dp_vs_svc_unhash(svc); - /* - * Wait until all the svc users go away. - */ - DPVS_WAIT_WHILE(rte_atomic32_read(&svc->usecnt) > 0); - __dp_vs_del_service(svc); - rte_rwlock_write_unlock(&__dp_vs_svc_lock); + &dp_vs_svc_match_list[cid], m_list) { + dp_vs_del_service(svc); } return EDPVS_OK; } -int dp_vs_zero_service(struct dp_vs_service *svc) +static int dp_vs_zero_service(struct dp_vs_service *svc) { struct dp_vs_dest *dest; - rte_rwlock_write_lock(&__dp_vs_svc_lock); - list_for_each_entry(dest, &svc->dests, n_list) { - dp_svc_stats_clear(dest->stats); + dp_vs_stats_clear(&dest->stats); } - dp_svc_stats_clear(svc->stats); - rte_rwlock_write_unlock(&__dp_vs_svc_lock); + dp_vs_stats_clear(&svc->stats); return EDPVS_OK; } -int dp_vs_zero_all(void) +static int dp_vs_zero_all(lcoreid_t cid) { int idx; struct dp_vs_service *svc; for (idx = 0; idx < DP_VS_SVC_TAB_SIZE; idx++) { - list_for_each_entry(svc, &dp_vs_svc_table[idx], s_list) { + list_for_each_entry(svc, &dp_vs_svc_table[cid][idx], s_list) { dp_vs_zero_service(svc); } } for (idx = 0; idx < DP_VS_SVC_TAB_SIZE; idx++) { - list_for_each_entry(svc, &dp_vs_svc_fwm_table[idx], f_list) { + list_for_each_entry(svc, &dp_vs_svc_fwm_table[cid][idx], f_list) { dp_vs_zero_service(svc); } } - list_for_each_entry(svc, &dp_vs_svc_match_list, m_list) { + list_for_each_entry(svc, &dp_vs_svc_match_list[cid], m_list) { dp_vs_zero_service(svc); } - dp_vs_stats_clear(); + dp_vs_estats_clear(); return EDPVS_OK; } /*CONTROL PLANE*/ static int dp_vs_copy_usvc_compat(struct dp_vs_service_conf *conf, - struct dp_vs_service_user *user) + struct dp_vs_service_user *user) { int err; conf->af = user->af; @@ -892,12 +858,19 @@ static int dp_vs_copy_usvc_compat(struct dp_vs_service_conf *conf, conf->bps = user->bps; conf->limit_proportion = user->limit_proportion; - err = dp_vs_match_parse(user->srange, user->drange, - user->iifname, user->oifname, &conf->match); - if (conf->match.af) - conf->af = conf->match.af; + if (user->flags & DP_VS_SVC_F_MATCH) { + err = dp_vs_match_parse(user->srange, user->drange, + user->iifname, user->oifname, + user->af, &conf->match); + if (err != EDPVS_OK) + return err; + if (conf->match.af && !conf->af) + conf->af = conf->match.af; + if ((conf->match.af != AF_INET) && (conf->match.af != AF_INET6)) + return EDPVS_NOTSUPP; + } - return err; + return EDPVS_OK; } static void dp_vs_copy_udest_compat(struct dp_vs_dest_conf *udest, @@ -926,6 +899,11 @@ static int gratuitous_arp_send_vip(struct in_addr *vip) return EDPVS_NOTEXIST; } +static inline int set_opt_so2msg(sockoptid_t opt) +{ + return opt - SOCKOPT_SVC_BASE + MSG_TYPE_SVC_SET_BASE; +} + static int dp_vs_set_svc(sockoptid_t opt, const void *user, size_t len) { int ret; @@ -936,18 +914,36 @@ static int dp_vs_set_svc(sockoptid_t opt, const void *user, size_t len) struct dp_vs_dest_user *udest_compat; struct dp_vs_dest_conf udest; struct in_addr *vip; + lcoreid_t cid = rte_lcore_id(); - if (opt == DPVS_SO_SET_GRATARP){ + if (opt == DPVS_SO_SET_GRATARP && cid == rte_get_master_lcore()){ vip = (struct in_addr *)user; return gratuitous_arp_send_vip(vip); } + + // send to slave core + if (cid == rte_get_master_lcore()) { + struct dpvs_msg *msg; + + msg = msg_make(set_opt_so2msg(opt), 0, DPVS_MSG_MULTICAST, cid, len, user); + if (!msg) + return EDPVS_NOMEM; + + ret = multicast_msg_send(msg, 0, NULL); + /* go on in master core, not return */ + if (ret != EDPVS_OK) + RTE_LOG(ERR, SERVICE, "[%s] fail to send multicast message\n", __func__); + msg_destroy(&msg); + } + if (opt == DPVS_SO_SET_FLUSH) - return dp_vs_flush(); + return dp_vs_flush(cid); memcpy(arg, user, len); usvc_compat = (struct dp_vs_service_user *)arg; udest_compat = (struct dp_vs_dest_user *)(usvc_compat + 1); + memset(&usvc, 0, sizeof(usvc)); ret = dp_vs_copy_usvc_compat(&usvc, usvc_compat); if (ret != EDPVS_OK) return ret; @@ -957,7 +953,7 @@ static int dp_vs_set_svc(sockoptid_t opt, const void *user, size_t len) !usvc.fwmark && !usvc.port && is_empty_match(&usvc.match) ) { - return dp_vs_zero_all(); + return dp_vs_zero_all(cid); } } @@ -969,11 +965,11 @@ static int dp_vs_set_svc(sockoptid_t opt, const void *user, size_t len) if (!inet_is_addr_any(usvc.af, &usvc.addr) || usvc.port) svc = __dp_vs_service_get(usvc.af, usvc.protocol, - &usvc.addr, usvc.port); + &usvc.addr, usvc.port, cid); else if (usvc.fwmark) - svc = __dp_vs_svc_fwm_get(usvc.af, usvc.fwmark); + svc = __dp_vs_svc_fwm_get(usvc.af, usvc.fwmark, cid); else if (!is_empty_match(&usvc.match)) - svc = __dp_vs_svc_match_find(usvc.af, usvc.protocol, &usvc.match); + svc = __dp_vs_svc_match_find(usvc.af, usvc.protocol, &usvc.match, cid); else { RTE_LOG(ERR, SERVICE, "%s: empty service.\n", __func__); return EDPVS_INVAL; @@ -981,8 +977,6 @@ static int dp_vs_set_svc(sockoptid_t opt, const void *user, size_t len) if(opt != DPVS_SO_SET_ADD && (svc == NULL || svc->proto != usvc.protocol)){ - if (svc) - dp_vs_service_put(svc); return EDPVS_INVAL; } @@ -991,15 +985,13 @@ static int dp_vs_set_svc(sockoptid_t opt, const void *user, size_t len) if(svc != NULL) ret = EDPVS_EXIST; else - ret = dp_vs_add_service(&usvc, &svc); + ret = dp_vs_add_service(&usvc, &svc, cid); break; case DPVS_SO_SET_EDIT: ret = dp_vs_edit_service(svc, &usvc); break; case DPVS_SO_SET_DEL: ret = dp_vs_del_service(svc); - // reset svc to avoid use after free - svc = NULL; break; case DPVS_SO_SET_ZERO: ret = dp_vs_zero_service(svc); @@ -1020,15 +1012,197 @@ static int dp_vs_set_svc(sockoptid_t opt, const void *user, size_t len) ret = EDPVS_INVAL; } - if(svc) - dp_vs_service_put(svc); return ret; } +/* + * for example : SOCKOPT_SVC_BASE is 200, SOCKOPT_SVC_GET_CMD_MAX is 204, + * old_opt 205 means core 1 get opt 200 + */ +static inline void opt2cpu(sockoptid_t old_opt, sockoptid_t *new_opt, lcoreid_t *cid) +{ + assert(old_opt >= SOCKOPT_SVC_BASE); + assert(old_opt <= SOCKOPT_SVC_MAX); + + *new_opt = (old_opt - SOCKOPT_SVC_BASE)%(SOCKOPT_SVC_GET_CMD_MAX - SOCKOPT_SVC_BASE + 1) + + SOCKOPT_SVC_BASE; + *cid = (old_opt - SOCKOPT_SVC_BASE)/(SOCKOPT_SVC_GET_CMD_MAX - SOCKOPT_SVC_BASE + 1); +} + +/* copy service/dest/stats */ +static int dp_vs_copy_percore_svcs_stats(struct dp_vs_get_services *master_svcs, + struct dp_vs_get_services *slave_svcs) +{ + int i; + if (master_svcs->num_services != slave_svcs->num_services) + return EDPVS_INVAL; + for (i = 0; i < master_svcs->num_services; i++) + dp_vs_add_stats(&master_svcs->entrytable[i].stats, &slave_svcs->entrytable[i].stats); + + return EDPVS_OK; +} + +//dest should not be changed during get msg +static int dp_vs_copy_percore_dests_stats(struct dp_vs_get_dests *master_dests, + struct dp_vs_get_dests *slave_dests) +{ + int i; + if (master_dests->num_dests != slave_dests->num_dests) + return EDPVS_INVAL; + for (i = 0; i < master_dests->num_dests; i++) { + master_dests->entrytable[i].actconns += slave_dests->entrytable[i].actconns; + master_dests->entrytable[i].inactconns += slave_dests->entrytable[i].inactconns; + master_dests->entrytable[i].persistconns += slave_dests->entrytable[i].persistconns; + dp_vs_add_stats(&master_dests->entrytable[i].stats, &slave_dests->entrytable[i].stats); + } + + return EDPVS_OK; +} + +static int dp_vs_get_services_uc_cb(struct dpvs_msg *msg) +{ + lcoreid_t cid = rte_lcore_id(); + size_t size; + struct dp_vs_get_services *get, *output; + int ret; + + /* service may be changed */ + get = (struct dp_vs_get_services *)msg->data; + if (get->num_services != rte_atomic16_read(&dp_vs_num_services[cid])) { + RTE_LOG(ERR, SERVICE, "%s: svc number %d not match %d in cid=%d.\n", + __func__, get->num_services, rte_atomic16_read(&dp_vs_num_services[cid]), cid); + return EDPVS_INVAL; + } + + size = sizeof(*get) + sizeof(struct dp_vs_service_entry) * get->num_services; + output = rte_zmalloc("get_services", size, 0); + if (output == NULL) + return EDPVS_NOMEM; + ret = dp_vs_get_service_entries(get->num_services, output, cid); + if (ret != EDPVS_OK) { + rte_free(output); + return ret; + } + msg->reply.len = size; + msg->reply.data = (void *)output; + return EDPVS_OK; +} + +static struct dp_vs_service * +dp_vs_get_service_lcore(const struct dp_vs_service_entry *entry, + lcoreid_t cid) +{ + struct dp_vs_service *svc = NULL; + int ret; + + if(entry->fwmark) + svc = __dp_vs_svc_fwm_get(AF_INET, entry->fwmark, cid); + else if (!inet_is_addr_any(entry->af, &entry->addr) || entry->port) + svc = __dp_vs_service_get(entry->af, entry->proto, + &entry->addr, entry->port, cid); + else { + struct dp_vs_match match; + + ret = dp_vs_match_parse(entry->srange, entry->drange, + entry->iifname, entry->oifname, + entry->af, &match); + if (ret != EDPVS_OK) + return NULL; + + if (!is_empty_match(&match)) { + svc = __dp_vs_svc_match_find(match.af, entry->proto, + &match, cid); + } + } + + return svc; +} + +static int dp_vs_get_service_uc_cb(struct dpvs_msg *msg) +{ + lcoreid_t cid = rte_lcore_id(); + struct dp_vs_service_entry *entry; + struct dp_vs_service *svc; + int ret, size; + + entry = (struct dp_vs_service_entry *)msg->data; + svc = dp_vs_get_service_lcore(entry, cid); + if (!svc) + return EDPVS_NOTEXIST; + + size = sizeof(struct dp_vs_service_entry); + entry = rte_zmalloc("get_service", size, 0); + if (entry == NULL) + return EDPVS_NOMEM; + + ret = dp_vs_copy_service(entry, svc); + if (ret != EDPVS_OK) { + rte_free(entry); + return ret; + } + msg->reply.len = size; + msg->reply.data = (void *)entry; + return EDPVS_OK; +} + +static int dp_vs_get_dests_uc_cb(struct dpvs_msg *msg) +{ + lcoreid_t cid = rte_lcore_id(); + int ret; + size_t size; + struct dp_vs_get_dests *get, *output; + struct dp_vs_service *svc; + struct dp_vs_service_entry entry; // to get svc + + memset(&entry, 0, sizeof(entry)); + get = (struct dp_vs_get_dests *)msg->data; + entry.addr = get->addr; + entry.af = get->af; + entry.fwmark = get->fwmark; + entry.port = get->port; + entry.proto = get->proto; + rte_memcpy(entry.srange, get->srange, sizeof(get->srange)); + rte_memcpy(entry.drange, get->drange, sizeof(get->drange)); + rte_memcpy(entry.iifname, get->iifname, sizeof(get->iifname)); + rte_memcpy(entry.oifname, get->oifname, sizeof(get->oifname)); + + svc = dp_vs_get_service_lcore(&entry, cid); + if (!svc) + return EDPVS_NOTEXIST; + if (svc->num_dests != get->num_dests) { + RTE_LOG(ERR, SERVICE, "%s: dests number not match in cid=%d.\n", __func__, cid); + return EDPVS_INVAL; + } + + size = sizeof(*get) + sizeof(struct dp_vs_dest_entry) * (svc->num_dests); + output = rte_zmalloc("get_dests", size, 0); + if (output == NULL) + return EDPVS_NOMEM; + rte_memcpy(output, get, sizeof(*get)); + ret = dp_vs_get_dest_entries(svc, output); + if (ret != EDPVS_OK) { + rte_free(output); + return ret; + } + + msg->reply.len = size; + msg->reply.data = (void *)output; + return EDPVS_OK; +} + static int dp_vs_get_svc(sockoptid_t opt, const void *user, size_t len, void **out, size_t *outlen) { int ret = 0; - switch (opt){ + uint8_t num_lcores = 0; + lcoreid_t cid; + sockoptid_t new_opt; + + netif_get_slave_lcores(&num_lcores, NULL); + opt2cpu(opt, &new_opt, &cid); + if (cid > num_lcores || new_opt > SOCKOPT_SVC_MAX) + return EDPVS_INVAL; + + switch (new_opt){ case DPVS_SO_GET_VERSION: { char *buf = rte_zmalloc("info",64,0); @@ -1037,7 +1211,7 @@ static int dp_vs_get_svc(sockoptid_t opt, const void *user, size_t len, void **o sprintf(buf,"DPDK-FULLNAT Server version 1.1.4 (size=0)"); *out = buf; *outlen = 64; - break; + return EDPVS_OK; } case DPVS_SO_GET_INFO: { @@ -1047,82 +1221,180 @@ static int dp_vs_get_svc(sockoptid_t opt, const void *user, size_t len, void **o return EDPVS_NOMEM; info->version = 0; info->size = 0; - info->num_services = dp_vs_num_services; + info->num_services = rte_atomic16_read(&dp_vs_num_services[cid]); + info->num_lcores = num_lcores; *out = info; *outlen = sizeof(struct dp_vs_getinfo); - break; + return EDPVS_OK; } case DPVS_SO_GET_SERVICES: { - struct dp_vs_get_services *get, *output; + struct dp_vs_get_services *get, *get_msg, *output; + struct dpvs_msg *msg, *cur; + struct dpvs_multicast_queue *reply = NULL; int size; + get = (struct dp_vs_get_services *)user; size = sizeof(*get) + \ sizeof(struct dp_vs_service_entry) * (get->num_services); - if(len != sizeof(*get)){ + if (len != sizeof(*get)){ *outlen = 0; return EDPVS_INVAL; } - output = rte_zmalloc("get_services", size, 0); - if (unlikely(NULL == output)) + + /* get slave core svc */ + msg = msg_make(MSG_TYPE_SVC_GET_SERVICES, 0, DPVS_MSG_MULTICAST, rte_lcore_id(), + size, user); + if (!msg) { return EDPVS_NOMEM; - memcpy(output, get, sizeof(*get)); - ret = dp_vs_get_service_entries(get, output); - *out = output; - *outlen = size; + } + + ret = multicast_msg_send(msg, 0, &reply); + if (ret != EDPVS_OK) { + msg_destroy(&msg); + RTE_LOG(ERR, SERVICE, "%s: send message fail.\n", __func__); + return EDPVS_MSG_FAIL; + } + + if (cid == rte_get_master_lcore()) { + output = rte_zmalloc("get_services", size, 0); + if (unlikely(NULL == output)) { + msg_destroy(&msg); + return EDPVS_NOMEM; + } + rte_memcpy(output, get, sizeof(*get)); + ret = dp_vs_get_service_entries(get->num_services, output, cid); + if (ret != EDPVS_OK) { + msg_destroy(&msg); + rte_free(output); + return ret; + } + list_for_each_entry(cur, &reply->mq, mq_node) { + get_msg = (struct dp_vs_get_services *)(cur->data); + ret = dp_vs_copy_percore_svcs_stats(output, get_msg); + if (ret != EDPVS_OK) { + msg_destroy(&msg); + rte_free(output); + return ret; + } + } + *out = output; + *outlen = size; + msg_destroy(&msg); + return EDPVS_OK; + } else { + output = rte_zmalloc("get_services", size, 0); + if (unlikely(NULL == output)) { + msg_destroy(&msg); + return EDPVS_NOMEM; + } + list_for_each_entry(cur, &reply->mq, mq_node) { + get_msg = (struct dp_vs_get_services *)(cur->data); + if (get_msg->cid == cid) { + output = rte_zmalloc("get_services", size, 0); + if (unlikely(NULL == output)) { + msg_destroy(&msg); + return EDPVS_NOMEM; + } + rte_memcpy(output, get_msg, size); + *out = output; + *outlen = size; + msg_destroy(&msg); + return EDPVS_OK; + } + } + RTE_LOG(ERR, SERVICE, "%s: find no services for cid=%d.\n", __func__, cid); + msg_destroy(&msg); + rte_free(output); + return EDPVS_NOTEXIST; + } } - break; case DPVS_SO_GET_SERVICE: { - struct dp_vs_service_entry *entry, *output; + struct dp_vs_service_entry *entry, *get_msg, *output; + struct dpvs_msg *msg, *cur; + struct dpvs_multicast_queue *reply = NULL; struct dp_vs_service *svc = NULL; - union inet_addr addr; entry = (struct dp_vs_service_entry *)user; - addr = entry->addr; - if(entry->fwmark) - svc = __dp_vs_svc_fwm_get(AF_INET, entry->fwmark); - else if (!inet_is_addr_any(entry->af, &entry->addr) || entry->port) - svc = __dp_vs_service_get(entry->af, entry->proto, - &addr, entry->port); - else { - struct dp_vs_match match; - - ret = dp_vs_match_parse(entry->srange, entry->drange, - entry->iifname, entry->oifname, - &match); - if (ret != EDPVS_OK) - return ret; - if (!is_empty_match(&match)) { - svc = __dp_vs_svc_match_find(match.af, entry->proto, - &match); + /* get slave core svc */ + msg = msg_make(MSG_TYPE_SVC_GET_SERVICE, 0, DPVS_MSG_MULTICAST, rte_lcore_id(), + sizeof(struct dp_vs_service_entry), user); + if (!msg) + return EDPVS_NOMEM; + + ret = multicast_msg_send(msg, 0, &reply); + if (ret != EDPVS_OK) { + msg_destroy(&msg); + RTE_LOG(ERR, SERVICE, "%s: send message fail.\n", __func__); + return EDPVS_MSG_FAIL; + } + + if (cid == rte_get_master_lcore()) { + svc = dp_vs_get_service_lcore(entry, cid); + if (!svc) { + msg_destroy(&msg); + return EDPVS_NOTEXIST; } - } - if (!svc) { - *outlen = 0; - return EDPVS_NOTEXIST; - } + output = rte_zmalloc("get_service", + sizeof(struct dp_vs_service_entry), 0); + if (output == NULL) { + msg_destroy(&msg); + return EDPVS_NOTEXIST; + } + memcpy(output, entry, sizeof(struct dp_vs_service_entry)); + ret = dp_vs_copy_service(output, svc); + if (ret != EDPVS_OK) { + msg_destroy(&msg); + rte_free(output); + return ret; + } - output = rte_zmalloc("get_service", - sizeof(struct dp_vs_service_entry), 0); - if (unlikely(NULL == output)) { - dp_vs_service_put(svc); - return EDPVS_NOMEM; + list_for_each_entry(cur, &reply->mq, mq_node) { + get_msg = (struct dp_vs_service_entry *)(cur->data); + ret = dp_vs_add_stats(&output->stats, &get_msg->stats); + if (ret != EDPVS_OK) { + msg_destroy(&msg); + rte_free(output); + return ret; + } + } + *out = output; + *outlen = sizeof(struct dp_vs_service_entry); + msg_destroy(&msg); + return EDPVS_OK; + } else { + output = rte_zmalloc("get_service", + sizeof(struct dp_vs_service_entry), 0); + if (!output) { + msg_destroy(&msg); + return EDPVS_NOTEXIST; + } + list_for_each_entry(cur, &reply->mq, mq_node) { + get_msg = (struct dp_vs_service_entry *)(cur->data); + if (cid == get_msg->cid) { + rte_memcpy(output, get_msg, sizeof(struct dp_vs_service_entry)); + *out = output; + *outlen = sizeof(struct dp_vs_service_entry); + msg_destroy(&msg); + return EDPVS_OK; + } + } + RTE_LOG(ERR, SERVICE, "%s: find no service for cid=%d.\n", __func__, cid); + msg_destroy(&msg); + rte_free(output); + return EDPVS_NOTEXIST; } - memcpy(output, entry, sizeof(struct dp_vs_service_entry)); - ret = dp_vs_copy_service(output, svc); - dp_vs_service_put(svc); - *out = output; - *outlen = sizeof(struct dp_vs_service_entry); } - break; case DPVS_SO_GET_DESTS: { struct dp_vs_service *svc = NULL; - union inet_addr addr; - struct dp_vs_get_dests *get, *output; + struct dp_vs_get_dests *get, *get_msg, *output; + struct dpvs_msg *msg, *cur; + struct dpvs_multicast_queue *reply = NULL; + struct dp_vs_service_entry entry; // to get svc int size; get = (struct dp_vs_get_dests *)user; size = sizeof(*get) + sizeof(struct dp_vs_dest_entry) * get->num_dests; @@ -1130,54 +1402,92 @@ static int dp_vs_get_svc(sockoptid_t opt, const void *user, size_t len, void **o *outlen = 0; return EDPVS_INVAL; } - addr = get->addr; - output = rte_zmalloc("get_services", size, 0); - if (unlikely(NULL == output)) + + entry.addr = get->addr; + entry.af = get->af; + entry.fwmark = get->fwmark; + entry.port = get->port; + entry.proto = get->proto; + rte_memcpy(entry.srange, get->srange, sizeof(get->srange)); + rte_memcpy(entry.drange, get->drange, sizeof(get->drange)); + rte_memcpy(entry.iifname, get->iifname, sizeof(get->iifname)); + rte_memcpy(entry.oifname, get->oifname, sizeof(get->oifname)); + + /* get slave core svc */ + msg = msg_make(MSG_TYPE_SVC_GET_DESTS, 0, DPVS_MSG_MULTICAST, rte_lcore_id(), + sizeof(struct dp_vs_get_dests), user); + if (!msg) return EDPVS_NOMEM; - memcpy(output, get, sizeof(*get)); - - if(get->fwmark) - svc = __dp_vs_svc_fwm_get(get->af, get->fwmark); - else if (!inet_is_addr_any(get->af, &addr) || get->port) - svc = __dp_vs_service_get(get->af, get->proto, &addr, - get->port); - else { - struct dp_vs_match match; - - ret = dp_vs_match_parse(get->srange, get->drange, - get->iifname, get->oifname, - &match); + + ret = multicast_msg_send(msg, 0, &reply); + if (ret != EDPVS_OK) { + msg_destroy(&msg); + RTE_LOG(ERR, SERVICE, "%s: send message fail.\n", __func__); + return EDPVS_MSG_FAIL; + } + + if (cid == rte_get_master_lcore()) { + svc = dp_vs_get_service_lcore(&entry, cid); + if (!svc) { + msg_destroy(&msg); + return EDPVS_NOTEXIST; + } + if (svc->num_dests != get->num_dests) { + RTE_LOG(ERR, SERVICE, "%s: dests number not match in cid=%d.\n", __func__, cid); + msg_destroy(&msg); + return EDPVS_INVAL; + } + output = rte_zmalloc("get_dests", size, 0); + if (!output) { + msg_destroy(&msg); + return EDPVS_NOMEM; + } + rte_memcpy(output, get, sizeof(get)); + ret = dp_vs_get_dest_entries(svc, output); if (ret != EDPVS_OK) { + msg_destroy(&msg); rte_free(output); return ret; } - if (!is_empty_match(&match)) { - svc = __dp_vs_svc_match_find(match.af, get->proto, - &match); + list_for_each_entry(cur, &reply->mq, mq_node) { + get_msg = (struct dp_vs_get_dests *)(cur->data); + ret = dp_vs_copy_percore_dests_stats(output, get_msg); + if (ret != EDPVS_OK) { + msg_destroy(&msg); + rte_free(output); + return ret; + } } + *out = output; + *outlen = size; + msg_destroy(&msg); + return EDPVS_OK; + } else { + output = rte_zmalloc("get_dests", size, 0); + if (!output) { + msg_destroy(&msg); + return EDPVS_NOMEM; + } + list_for_each_entry(cur, &reply->mq, mq_node) { + get_msg = (struct dp_vs_get_dests *)(cur->data); + if (cid == get_msg->cid) { + rte_memcpy(output, get_msg, size); + *out = output; + *outlen = size; + msg_destroy(&msg); + return EDPVS_OK; + } + } + RTE_LOG(ERR, SERVICE, "%s: find no dests for cid=%d.\n", __func__, cid); + msg_destroy(&msg); + rte_free(output); + return EDPVS_NOTEXIST; } - - if (!svc) - ret = EDPVS_NOTEXIST; - else { - ret = dp_vs_get_dest_entries(svc, get, output); - dp_vs_service_put(svc); - } - *out = output; - *outlen = size; } - break; default: return EDPVS_INVAL; } - - if (ret != EDPVS_OK) { - if (*out) - rte_free(*out); - } - - return ret; } struct dpvs_sockopts sockopts_svc = { @@ -1186,27 +1496,208 @@ struct dpvs_sockopts sockopts_svc = { .set_opt_max = SOCKOPT_SVC_SET_CMD_MAX, .set = dp_vs_set_svc, .get_opt_min = SOCKOPT_SVC_BASE, - .get_opt_max = SOCKOPT_SVC_GET_CMD_MAX, + .get_opt_max = SOCKOPT_SVC_MAX, .get = dp_vs_get_svc, }; +static int flush_msg_cb(struct dpvs_msg *msg) +{ + + return dp_vs_set_svc(DPVS_SO_SET_FLUSH, msg->data, msg->len); +} + +static int zero_msg_cb(struct dpvs_msg *msg) +{ + return dp_vs_set_svc(DPVS_SO_SET_ZERO, msg->data, msg->len); +} + +static int add_msg_cb(struct dpvs_msg *msg) +{ + return dp_vs_set_svc(DPVS_SO_SET_ADD, msg->data, msg->len); +} + +static int edit_msg_cb(struct dpvs_msg *msg) +{ + return dp_vs_set_svc(DPVS_SO_SET_EDIT, msg->data, msg->len); +} + +static int del_msg_cb(struct dpvs_msg *msg) +{ + return dp_vs_set_svc(DPVS_SO_SET_DEL, msg->data, msg->len); +} + +static int adddest_msg_cb(struct dpvs_msg *msg) +{ + return dp_vs_set_svc(DPVS_SO_SET_ADDDEST, msg->data, msg->len); +} + +static int editdest_msg_cb(struct dpvs_msg *msg) +{ + return dp_vs_set_svc(DPVS_SO_SET_EDITDEST, msg->data, msg->len); +} + +static int deldest_msg_cb(struct dpvs_msg *msg) +{ + return dp_vs_set_svc(DPVS_SO_SET_DELDEST, msg->data, msg->len); +} + int dp_vs_service_init(void) { - int idx; - for (idx = 0; idx < DP_VS_SVC_TAB_SIZE; idx++) { - INIT_LIST_HEAD(&dp_vs_svc_table[idx]); - INIT_LIST_HEAD(&dp_vs_svc_fwm_table[idx]); + int idx, cid, err; + struct dpvs_msg_type msg_type; + + for (cid = 0; cid < DPVS_MAX_LCORE; cid++) { + for (idx = 0; idx < DP_VS_SVC_TAB_SIZE; idx++) { + INIT_LIST_HEAD(&dp_vs_svc_table[cid][idx]); + INIT_LIST_HEAD(&dp_vs_svc_fwm_table[cid][idx]); + } + INIT_LIST_HEAD(&dp_vs_svc_match_list[cid]); + rte_atomic16_init(&dp_vs_num_services[cid]); } - INIT_LIST_HEAD(&dp_vs_svc_match_list); - rte_rwlock_init(&__dp_vs_svc_lock); dp_vs_dest_init(); sockopt_register(&sockopts_svc); + + memset(&msg_type, 0, sizeof(struct dpvs_msg_type)); + msg_type.type = MSG_TYPE_SVC_SET_FLUSH; + msg_type.mode = DPVS_MSG_MULTICAST; + msg_type.prio = MSG_PRIO_NORM; + msg_type.cid = rte_lcore_id(); + msg_type.unicast_msg_cb = flush_msg_cb; + err = msg_type_mc_register(&msg_type); + if (err != EDPVS_OK) { + RTE_LOG(ERR, SERVICE, "%s: fail to register msg.\n", __func__); + return err; + } + + memset(&msg_type, 0, sizeof(struct dpvs_msg_type)); + msg_type.type = MSG_TYPE_SVC_SET_ZERO; + msg_type.mode = DPVS_MSG_MULTICAST; + msg_type.prio = MSG_PRIO_NORM; + msg_type.cid = rte_lcore_id(); + msg_type.unicast_msg_cb = zero_msg_cb; + err = msg_type_mc_register(&msg_type); + if (err != EDPVS_OK) { + RTE_LOG(ERR, SERVICE, "%s: fail to register msg.\n", __func__); + return err; + } + + memset(&msg_type, 0, sizeof(struct dpvs_msg_type)); + msg_type.type = MSG_TYPE_SVC_SET_ADD; + msg_type.mode = DPVS_MSG_MULTICAST; + msg_type.prio = MSG_PRIO_NORM; + msg_type.cid = rte_lcore_id(); + msg_type.unicast_msg_cb = add_msg_cb; + err = msg_type_mc_register(&msg_type); + if (err != EDPVS_OK) { + RTE_LOG(ERR, SERVICE, "%s: fail to register msg.\n", __func__); + return err; + } + + memset(&msg_type, 0, sizeof(struct dpvs_msg_type)); + msg_type.type = MSG_TYPE_SVC_SET_EDIT; + msg_type.mode = DPVS_MSG_MULTICAST; + msg_type.prio = MSG_PRIO_NORM; + msg_type.cid = rte_lcore_id(); + msg_type.unicast_msg_cb = edit_msg_cb; + err = msg_type_mc_register(&msg_type); + if (err != EDPVS_OK) { + RTE_LOG(ERR, SERVICE, "%s: fail to register msg.\n", __func__); + return err; + } + + memset(&msg_type, 0, sizeof(struct dpvs_msg_type)); + msg_type.type = MSG_TYPE_SVC_SET_DEL; + msg_type.mode = DPVS_MSG_MULTICAST; + msg_type.prio = MSG_PRIO_NORM; + msg_type.cid = rte_lcore_id(); + msg_type.unicast_msg_cb = del_msg_cb; + err = msg_type_mc_register(&msg_type); + if (err != EDPVS_OK) { + RTE_LOG(ERR, SERVICE, "%s: fail to register msg.\n", __func__); + return err; + } + + memset(&msg_type, 0, sizeof(struct dpvs_msg_type)); + msg_type.type = MSG_TYPE_SVC_SET_ADDDEST; + msg_type.mode = DPVS_MSG_MULTICAST; + msg_type.prio = MSG_PRIO_NORM; + msg_type.cid = rte_lcore_id(); + msg_type.unicast_msg_cb = adddest_msg_cb; + err = msg_type_mc_register(&msg_type); + if (err != EDPVS_OK) { + RTE_LOG(ERR, SERVICE, "%s: fail to register msg.\n", __func__); + return err; + } + + memset(&msg_type, 0, sizeof(struct dpvs_msg_type)); + msg_type.type = MSG_TYPE_SVC_SET_EDITDEST; + msg_type.mode = DPVS_MSG_MULTICAST; + msg_type.prio = MSG_PRIO_NORM; + msg_type.cid = rte_lcore_id(); + msg_type.unicast_msg_cb = editdest_msg_cb; + err = msg_type_mc_register(&msg_type); + if (err != EDPVS_OK) { + RTE_LOG(ERR, SERVICE, "%s: fail to register msg.\n", __func__); + return err; + } + + memset(&msg_type, 0, sizeof(struct dpvs_msg_type)); + msg_type.type = MSG_TYPE_SVC_SET_DELDEST; + msg_type.mode = DPVS_MSG_MULTICAST; + msg_type.prio = MSG_PRIO_NORM; + msg_type.cid = rte_lcore_id(); + msg_type.unicast_msg_cb = deldest_msg_cb; + err = msg_type_mc_register(&msg_type); + if (err != EDPVS_OK) { + RTE_LOG(ERR, SERVICE, "%s: fail to register msg.\n", __func__); + return err; + } + + memset(&msg_type, 0, sizeof(struct dpvs_msg_type)); + msg_type.type = MSG_TYPE_SVC_GET_SERVICES; + msg_type.mode = DPVS_MSG_MULTICAST; + msg_type.prio = MSG_PRIO_NORM; + msg_type.cid = rte_lcore_id(); + msg_type.unicast_msg_cb = dp_vs_get_services_uc_cb; + err = msg_type_mc_register(&msg_type); + if (err != EDPVS_OK) { + RTE_LOG(ERR, SERVICE, "%s: fail to register msg.\n", __func__); + return err; + } + + memset(&msg_type, 0, sizeof(struct dpvs_msg_type)); + msg_type.type = MSG_TYPE_SVC_GET_SERVICE; + msg_type.mode = DPVS_MSG_MULTICAST; + msg_type.prio = MSG_PRIO_NORM; + msg_type.cid = rte_lcore_id(); + msg_type.unicast_msg_cb = dp_vs_get_service_uc_cb; + err = msg_type_mc_register(&msg_type); + if (err != EDPVS_OK) { + RTE_LOG(ERR, SERVICE, "%s: fail to register msg.\n", __func__); + return err; + } + + memset(&msg_type, 0, sizeof(struct dpvs_msg_type)); + msg_type.type = MSG_TYPE_SVC_GET_DESTS; + msg_type.mode = DPVS_MSG_MULTICAST; + msg_type.prio = MSG_PRIO_NORM; + msg_type.cid = rte_lcore_id(); + msg_type.unicast_msg_cb = dp_vs_get_dests_uc_cb; + err = msg_type_mc_register(&msg_type); + if (err != EDPVS_OK) { + RTE_LOG(ERR, SERVICE, "%s: fail to register msg.\n", __func__); + return err; + } + return EDPVS_OK; } int dp_vs_service_term(void) { - dp_vs_flush(); + int cid; + for (cid = 0; cid < DPVS_MAX_LCORE; cid++) { + dp_vs_flush(cid); + } dp_vs_dest_term(); return EDPVS_OK; } diff --git a/src/ipvs/ip_vs_stats.c b/src/ipvs/ip_vs_stats.c index 6598003a2..0ff01672f 100644 --- a/src/ipvs/ip_vs_stats.c +++ b/src/ipvs/ip_vs_stats.c @@ -31,7 +31,7 @@ static struct dp_vs_stats dpvs_stats[DPVS_MAX_LCORE]; static struct dp_vs_estats dpvs_estats[DPVS_MAX_LCORE]; -static void __dp_vs_stats_clear(struct dp_vs_stats *stats) +void dp_vs_stats_clear(struct dp_vs_stats *stats) { stats->conns = 0; stats->inpkts = 0; @@ -40,179 +40,20 @@ static void __dp_vs_stats_clear(struct dp_vs_stats *stats) stats->outbytes = 0; } -void dp_vs_stats_clear(void) +int dp_vs_add_stats(struct dp_vs_stats* dst, struct dp_vs_stats* src) { - uint8_t nlcore, i; - uint64_t lcore_mask; - - /* get configured data-plane lcores */ - netif_get_slave_lcores(&nlcore, &lcore_mask); - - for (i = 0; i < DPVS_MAX_LCORE; i++) { - if (!(lcore_mask & (1L<len != sizeof(struct dp_vs_stats *)) { - RTE_LOG(ERR, SERVICE, "%s: bad message.\n", __func__); - return EDPVS_INVAL; - } - src = (struct dp_vs_stats **)msg->data; - - reply = msg_reply_alloc(sizeof(struct dp_vs_stats)); - if (unlikely(!reply)) - return EDPVS_NOMEM; - rte_memcpy(reply, &((*src)[cid]), sizeof(struct dp_vs_stats)); - msg->reply.len = sizeof(struct dp_vs_stats); - msg->reply.data = (void *)reply; + dst->conns += src->conns; + dst->inpkts += src->inpkts; + dst->inbytes += src->inbytes; + dst->outbytes += src->outbytes; + dst->outpkts += src->outpkts; return EDPVS_OK; } -int dp_vs_copy_stats(struct dp_vs_stats* dst, struct dp_vs_stats* src) -{ - struct dpvs_msg *msg; - struct dpvs_multicast_queue *reply=NULL; - struct dpvs_msg *cur; - struct dp_vs_stats *per_stats; - int err; - - if (!src) - return EDPVS_INVAL; - - msg = msg_make(MSG_TYPE_STATS_GET, 0, DPVS_MSG_MULTICAST, rte_lcore_id(), - sizeof(struct dp_vs_stats *), &src); - if (!msg) { - return EDPVS_NOMEM; - } - err = multicast_msg_send(msg, 0, &reply); - if (err != EDPVS_OK) { - msg_destroy(&msg); - RTE_LOG(ERR, SERVICE, "%s: send message fail.\n", __func__); - return err; - } - list_for_each_entry(cur, &reply->mq, mq_node) { - per_stats = (struct dp_vs_stats *)(cur->data); - dst->conns += per_stats->conns; - dst->inpkts += per_stats->inpkts; - dst->inbytes += per_stats->inbytes; - dst->outbytes += per_stats->outbytes; - dst->outpkts += per_stats->outpkts; - } - msg_destroy(&msg); - return EDPVS_OK; -} - -static void register_stats_cb(void) -{ - struct dpvs_msg_type mt; - memset(&mt, 0 ,sizeof(mt)); - mt.type = MSG_TYPE_STATS_GET; - mt.prio = MSG_PRIO_LOW; - mt.unicast_msg_cb = get_stats_uc_cb; - mt.multicast_msg_cb = NULL; - assert(msg_type_mc_register(&mt) == 0); -} - -static void unregister_stats_cb(void) -{ - struct dpvs_msg_type mt; - memset(&mt, 0, sizeof(mt)); - mt.type = MSG_TYPE_STATS_GET; - mt.prio = MSG_PRIO_LOW; - mt.unicast_msg_cb = get_stats_uc_cb; - mt.multicast_msg_cb = NULL; - assert(msg_type_mc_unregister(&mt) == 0); -} - int dp_vs_stats_in(struct dp_vs_conn *conn, struct rte_mbuf *mbuf) { assert(conn && mbuf); struct dp_vs_dest *dest = conn->dest; - lcoreid_t cid; - cid = rte_lcore_id(); if (dest && (dest->flags & DPVS_DEST_F_AVAILABLE)) { /*limit rate*/ @@ -222,8 +63,8 @@ int dp_vs_stats_in(struct dp_vs_conn *conn, struct rte_mbuf *mbuf) ? EDPVS_OVERLOAD : EDPVS_OK; } - dest->stats[cid].inpkts++; - dest->stats[cid].inbytes += mbuf->pkt_len; + dest->stats.inpkts++; + dest->stats.inbytes += mbuf->pkt_len; } #ifdef CONFIG_DPVS_IPVS_STATS_DEBUG @@ -240,8 +81,6 @@ int dp_vs_stats_out(struct dp_vs_conn *conn, struct rte_mbuf *mbuf) { assert(conn && mbuf); struct dp_vs_dest *dest = conn->dest; - lcoreid_t cid; - cid = rte_lcore_id(); if (dest && (dest->flags & DPVS_DEST_F_AVAILABLE)) { /*limit rate*/ @@ -251,8 +90,8 @@ int dp_vs_stats_out(struct dp_vs_conn *conn, struct rte_mbuf *mbuf) ? EDPVS_OVERLOAD : EDPVS_OK; } - dest->stats[cid].outpkts++; - dest->stats[cid].outbytes += mbuf->pkt_len; + dest->stats.outpkts++; + dest->stats.outbytes += mbuf->pkt_len; } #ifdef CONFIG_DPVS_IPVS_STATS_DEBUG @@ -268,10 +107,8 @@ int dp_vs_stats_out(struct dp_vs_conn *conn, struct rte_mbuf *mbuf) void dp_vs_stats_conn(struct dp_vs_conn *conn) { assert(conn && conn->dest); - lcoreid_t cid; - cid = rte_lcore_id(); - conn->dest->stats[cid].conns++; + conn->dest->stats.conns++; this_dpvs_stats.conns++; } @@ -292,14 +129,12 @@ uint64_t dp_vs_estats_get(enum dp_vs_estats_type field) int dp_vs_stats_init(void) { - dp_vs_stats_clear(); + dp_vs_estats_clear(); srand(rte_rdtsc()); - register_stats_cb(); return EDPVS_OK; } int dp_vs_stats_term(void) { - unregister_stats_cb(); return EDPVS_OK; } diff --git a/src/ipvs/ip_vs_synproxy.c b/src/ipvs/ip_vs_synproxy.c index 0be5c8c1c..bf08fc197 100644 --- a/src/ipvs/ip_vs_synproxy.c +++ b/src/ipvs/ip_vs_synproxy.c @@ -689,26 +689,21 @@ int dp_vs_synproxy_syn_rcv(int af, struct rte_mbuf *mbuf, goto syn_rcv_out; if (th->syn && !th->ack && !th->rst && !th->fin && - (svc = dp_vs_service_lookup(af, iph->proto, - &iph->daddr, th->dest, 0, NULL, NULL, NULL)) && + (svc = dp_vs_service_lookup(af, iph->proto, &iph->daddr, th->dest, 0, + NULL, NULL, NULL, rte_lcore_id())) && (svc->flags & DP_VS_SVC_F_SYNPROXY)) { /* if service's weight is zero (non-active realserver), * do noting and drop the packet */ if (svc->weight == 0) { dp_vs_estats_inc(SYNPROXY_NO_DEST); - dp_vs_service_put(svc); goto syn_rcv_out; } - dp_vs_service_put(svc); - /* drop packet from blacklist */ if (dp_vs_blklst_lookup(iph->proto, &iph->daddr, th->dest, &iph->saddr)) { goto syn_rcv_out; } } else { - if (svc) - dp_vs_service_put(svc); return 1; } @@ -961,14 +956,13 @@ int dp_vs_synproxy_ack_rcv(int af, struct rte_mbuf *mbuf, /* Do not check svc syn-proxy flag, as it may be changed after syn-proxy step 1. */ if (!th->syn && th->ack && !th->rst && !th->fin && (svc = dp_vs_service_lookup(af, iph->proto, &iph->daddr, - th->dest, 0, NULL, NULL, NULL))) { + th->dest, 0, NULL, NULL, NULL, rte_lcore_id()))) { if (dp_vs_synproxy_ctrl_defer && !syn_proxy_ack_has_data(mbuf, iph, th)) { /* Update statistics */ dp_vs_estats_inc(SYNPROXY_NULL_ACK); /* We get a pure ack when expecting ack packet with payload, so * have to drop it */ - dp_vs_service_put(svc); *verdict = INET_DROP; return 0; } @@ -985,7 +979,6 @@ int dp_vs_synproxy_ack_rcv(int af, struct rte_mbuf *mbuf, /* Cookie check failed, drop the packet */ RTE_LOG(DEBUG, IPVS, "%s: syn_cookie check failed seq=%u\n", __func__, ntohl(th->ack_seq) - 1); - dp_vs_service_put(svc); *verdict = INET_DROP; return 0; } @@ -1000,14 +993,10 @@ int dp_vs_synproxy_ack_rcv(int af, struct rte_mbuf *mbuf, RTE_LOG(WARNING, IPVS, "%s: ip_vs_schedule failed\n", __func__); /* FIXME: What to do when virtual service is available but no destination * available for a new connetion: send an icmp UNREACHABLE ? */ - dp_vs_service_put(svc); *verdict = INET_DROP; return 0; } - /* Release the service, we do not need it any more */ - dp_vs_service_put(svc); - /* Do nothing but print a error msg when fail, because session will be * correctly freed in dp_vs_conn_expire */ if (EDPVS_OK != (res = syn_proxy_send_rs_syn(af, th, *cpp, mbuf, pp, &opt))) { diff --git a/src/ipvs/ip_vs_wrr.c b/src/ipvs/ip_vs_wrr.c index 0a76a8d22..893fdbdf4 100644 --- a/src/ipvs/ip_vs_wrr.c +++ b/src/ipvs/ip_vs_wrr.c @@ -132,7 +132,6 @@ static struct dp_vs_dest *dp_vs_wrr_schedule(struct dp_vs_service *svc, * This loop will always terminate, because mark->cw in (0, max_weight] * and at least one server has its weight equal to max_weight. */ - rte_rwlock_write_lock(&svc->sched_lock); p = mark->cl; while (1) { if (mark->cl == &svc->dests) { @@ -179,7 +178,6 @@ static struct dp_vs_dest *dp_vs_wrr_schedule(struct dp_vs_service *svc, } out: - rte_rwlock_write_unlock(&svc->sched_lock); return dest; } diff --git a/src/neigh.c b/src/neigh.c index 53be015fa..cb9b048c7 100644 --- a/src/neigh.c +++ b/src/neigh.c @@ -1084,6 +1084,7 @@ static void register_stats_cb(void) memset(&mt, 0 , sizeof(mt)); mt.type = MSG_TYPE_NEIGH_GET; mt.prio = MSG_PRIO_LOW; + mt.mode = DPVS_MSG_MULTICAST; mt.unicast_msg_cb = get_neigh_uc_cb; mt.multicast_msg_cb = NULL; assert(msg_type_mc_register(&mt) == 0); @@ -1095,6 +1096,7 @@ static void unregister_stats_cb(void) memset(&mt, 0, sizeof(mt)); mt.type = MSG_TYPE_NEIGH_GET; mt.prio = MSG_PRIO_LOW; + mt.mode = DPVS_MSG_MULTICAST; mt.unicast_msg_cb = get_neigh_uc_cb; mt.multicast_msg_cb = NULL; assert(msg_type_mc_unregister(&mt) == 0); diff --git a/tools/ipvsadm/ipvsadm.c b/tools/ipvsadm/ipvsadm.c index 274d01e0a..4fa592d29 100644 --- a/tools/ipvsadm/ipvsadm.c +++ b/tools/ipvsadm/ipvsadm.c @@ -200,6 +200,7 @@ static const char* optnames[] = { "ifname" , "sockpair" , "hash-target", + "cpu" }; /* @@ -212,27 +213,47 @@ static const char* optnames[] = { */ static const char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] = { - /* -n -c svc -s -p -M -r fwd -w -x -y -mc tot dmn -st -rt thr -pc srt sid -ex ops pe laddr blst syn ifname sockpair hashtag*/ -/*ADD*/ {'x', 'x', '+', ' ', ' ', ' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', ' ', 'x', 'x', 'x', ' ', 'x' ,'x' ,' '}, -/*EDIT*/ {'x', 'x', '+', ' ', ' ', ' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', ' ', 'x', 'x', 'x', ' ', 'x' ,'x' ,' '}, -/*DEL*/ {'x', 'x', '+', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x'}, -/*FLUSH*/ {'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x'}, -/*LIST*/ {' ', '1', '1', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', '1', '1', ' ', ' ', ' ', ' ', ' ', ' ', ' ', 'x', 'x', 'x', 'x', 'x', 'x' ,' ' ,'x'}, -/*ADDSRV*/ {'x', 'x', '+', 'x', 'x', 'x', '+', ' ', ' ', ' ', ' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x'}, -/*DELSRV*/ {'x', 'x', '+', 'x', 'x', 'x', '+', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x'}, -/*EDITSRV*/ {'x', 'x', '+', 'x', 'x', 'x', '+', ' ', ' ', ' ', ' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x'}, -/*TIMEOUT*/ {'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x'}, -/*STARTD*/ {'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', ' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x', ' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x'}, -/*STOPD*/ {'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', ' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x'}, -/*RESTORE*/ {'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x'}, -/*SAVE*/ {' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x'}, -/*ZERO*/ {'x', 'x', ' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x'}, -/*ADDLADDR*/ {'x', 'x', '+', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', '+', 'x', 'x', '+' ,'x' ,'x'}, -/*DELLADDR*/ {'x', 'x', '+', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', '+', 'x', 'x', '+' ,'x' ,'x'}, -/*GETLADDR*/ {'x', 'x', ' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x'}, -/*ADDBLKLST*/{'x', 'x', '+', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', '+', 'x', 'x' ,'x' ,'x'}, -/*DELBLKLST*/{'x', 'x', '+', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', '+', 'x', 'x' ,'x' ,'x'}, -/*GETBLKLST*/{'x', 'x', ' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x'}, +/* -n -c svc -s -p -M -r fwd -w -x -y -mc tot dmn -st -rt thr -pc srt sid -ex ops pe laddr blst syn ifname sockpair hashtag cpu*/ +/*ADD*/ + {'x', 'x', '+', ' ', ' ', ' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', ' ', 'x', 'x', 'x', ' ', 'x' ,'x' ,' ', 'x'}, +/*EDIT*/ + {'x', 'x', '+', ' ', ' ', ' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', ' ', 'x', 'x', 'x', ' ', 'x' ,'x' ,' ', 'x'}, +/*DEL*/ + {'x', 'x', '+', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x', 'x'}, +/*FLUSH*/ + {'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x', 'x'}, +/*LIST*/ + {' ', '1', '1', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', '1', '1', ' ', ' ', ' ', ' ', ' ', ' ', ' ', 'x', 'x', 'x', 'x', 'x', 'x' ,' ' ,'x', ' '}, +/*ADDSRV*/ + {'x', 'x', '+', 'x', 'x', 'x', '+', ' ', ' ', ' ', ' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x', 'x'}, +/*DELSRV*/ + {'x', 'x', '+', 'x', 'x', 'x', '+', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x', 'x'}, +/*EDITSRV*/ + {'x', 'x', '+', 'x', 'x', 'x', '+', ' ', ' ', ' ', ' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x', 'x'}, +/*TIMEOUT*/ + {'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x', 'x'}, +/*STARTD*/ + {'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', ' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x', ' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x', 'x'}, +/*STOPD*/ + {'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', ' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x', 'x'}, +/*RESTORE*/ + {'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x', 'x'}, +/*SAVE*/ + {' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x', 'x'}, +/*ZERO*/ + {'x', 'x', ' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x', 'x'}, +/*ADDLADDR*/ + {'x', 'x', '+', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', '+', 'x', 'x', '+' ,'x' ,'x', 'x'}, +/*DELLADDR*/ + {'x', 'x', '+', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', '+', 'x', 'x', '+' ,'x' ,'x', 'x'}, +/*GETLADDR*/ + {'x', 'x', ' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x', ' '}, +/*ADDBLKLST*/ + {'x', 'x', '+', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', '+', 'x', 'x' ,'x' ,'x', 'x'}, +/*DELBLKLST*/ + {'x', 'x', '+', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', '+', 'x', 'x' ,'x' ,'x', 'x'}, +/*GETBLKLST*/ + {'x', 'x', ' ', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x', 'x' ,'x' ,'x', 'x'}, }; /* printing format flags */ @@ -265,6 +286,7 @@ struct ipvs_command_entry { ipvs_laddr_t laddr; ipvs_blklst_t blklst; ipvs_sockpair_t sockpair; + lcoreid_t cid; }; /* Use values outside ASCII range so that if an option has @@ -285,6 +307,7 @@ enum { TAG_NO_SORT, TAG_PERSISTENCE_ENGINE, TAG_SOCKPAIR, + TAG_CPU, }; /* various parsing helpers & parsing functions */ @@ -320,12 +343,12 @@ static void fail(int err, char *msg, ...); static void list_conn(int is_template, unsigned int format); static void list_conn_sockpair(int is_template, ipvs_sockpair_t *sockpair, unsigned int format); -static void list_service(ipvs_service_t *svc, unsigned int format); -static void list_all(unsigned int format); +static void list_service(ipvs_service_t *svc, unsigned int format, lcoreid_t cid); +static void list_all(unsigned int format, lcoreid_t cid); static void list_timeout(void); static void list_daemon(void); -static int list_laddrs(ipvs_service_t *svc, int with_title); -static int list_all_laddrs(void); +static int list_laddrs(ipvs_service_t *svc, int with_title, lcoreid_t cid); +static int list_all_laddrs(lcoreid_t cid); static void list_blklsts_print_title(void); static int list_blklst(uint32_t addr_v4, uint16_t port, uint16_t protocol); static int list_all_blklsts(void); @@ -341,7 +364,7 @@ int main(int argc, char **argv) { int result; - if (ipvs_init()) { + if (ipvs_init(0)) { fail(2, "Can't initialize ipvs: %s\n" "Are you sure that dpvs is running?", ipvs_strerror(errno)); @@ -352,7 +375,7 @@ int main(int argc, char **argv) /* list the table if there is no other arguement */ if (argc == 1){ - list_all(FMT_NONE); + list_all(FMT_NONE, 0); ipvs_close(); return 0; } @@ -404,7 +427,7 @@ parse_options(int argc, char **argv, struct ipvs_command_entry *ce, NULL, NULL }, { "icmp-service", 'q', POPT_ARG_STRING, &optarg, 'q', NULL, NULL }, - { "icmpv6-service", '1', POPT_ARG_STRING, &optarg, 'q', + { "icmpv6-service", '1', POPT_ARG_STRING, &optarg, '1', NULL, NULL }, { "fwmark-service", 'f', POPT_ARG_STRING, &optarg, 'f', NULL, NULL }, @@ -454,6 +477,7 @@ parse_options(int argc, char **argv, struct ipvs_command_entry *ce, { "ifname", 'F', POPT_ARG_STRING, &optarg, 'F', NULL, NULL }, { "match", 'H', POPT_ARG_STRING, &optarg, 'H', NULL, NULL }, { "hash-target", 'Y', POPT_ARG_STRING, &optarg, 'Y', NULL, NULL }, + { "cpu", '\0', POPT_ARG_STRING, &optarg, TAG_CPU, NULL, NULL }, { NULL, 0, 0, NULL, 0, NULL, NULL } }; @@ -567,7 +591,8 @@ parse_options(int argc, char **argv, struct ipvs_command_entry *ce, break; case 'H': set_option(options, OPT_SERVICE); - if (parse_match_snat(optarg, &ce->svc) != 0) + ce->svc.flags |= IP_VS_SVC_F_MATCH; + if (parse_match_snat(optarg, &ce->svc) != 0) fail(2, "illegal match specified"); break; case 'f': @@ -795,6 +820,11 @@ parse_options(int argc, char **argv, struct ipvs_command_entry *ce, fail(2 , "hash target not support\n"); break; } + case TAG_CPU: + { + ce->cid = atoi(optarg); + break; + } default: fail(2, "invalid option `%s'", poptBadOption(context, POPT_BADOPTION_NOALIAS)); @@ -871,6 +901,8 @@ static int process_options(int argc, char **argv, int reading_stdin) ce.dest.conn_flags = IP_VS_CONN_F_DROUTE; /* Set the default persistent granularity to /32 mask */ ce.svc.netmask = ((u_int32_t) 0xffffffff); + /* Set the default cpu be master */ + ce.cid = 0; if (parse_options(argc, argv, &ce, &options, &format)) return -1; @@ -912,6 +944,7 @@ static int process_options(int argc, char **argv, int reading_stdin) } switch (ce.cmd) { + ipvs_init(ce.cid); case CMD_LIST: if ((options & (OPT_CONNECTION|OPT_TIMEOUT|OPT_DAEMON) && options & (OPT_STATS|OPT_RATE|OPT_THRESHOLDS)) || @@ -926,13 +959,13 @@ static int process_options(int argc, char **argv, int reading_stdin) else list_conn(options & OPT_PERSISTENTCONN, format); else if (options & OPT_SERVICE) - list_service(&ce.svc, format); + list_service(&ce.svc, format, ce.cid); else if (options & OPT_TIMEOUT) list_timeout(); else if (options & OPT_DAEMON) list_daemon(); else - list_all(format); + list_all(format, ce.cid); return 0; case CMD_RESTORE: @@ -940,7 +973,7 @@ static int process_options(int argc, char **argv, int reading_stdin) case CMD_SAVE: format |= FMT_RULE; - list_all(format); + list_all(format, ce.cid); return 0; case CMD_FLUSH: @@ -997,9 +1030,9 @@ static int process_options(int argc, char **argv, int reading_stdin) case CMD_GETLADDR: if(options & OPT_SERVICE) - result = list_laddrs(&ce.svc , 1); + result = list_laddrs(&ce.svc , 1, ce.cid); else - result = list_all_laddrs(); + result = list_all_laddrs(ce.cid); break; case CMD_ADDBLKLST: @@ -1259,6 +1292,7 @@ parse_sockpair(char *buf, ipvs_sockpair_t *sockpair) return 1; } + /* * comma separated parameters list, all fields is used to match packets. * @@ -1278,10 +1312,11 @@ static int parse_match_snat(const char *buf, ipvs_service_t *svc) char params[256]; char *arg, *start, *sp, key[32], val[128]; int r; + bool range = false; + bool af = false; snprintf(params, sizeof(params), "%s", buf); - svc->af = AF_INET; /* now IPv4 only */ svc->protocol = IPPROTO_NONE; for (start = params; (arg = strtok_r(start, ",", &sp)); start = NULL) { @@ -1303,9 +1338,19 @@ static int parse_match_snat(const char *buf, ipvs_service_t *svc) svc->protocol = IPPROTO_ICMPV6; else return -1; + } else if (strcmp(key, "af") == 0){ + af = true; + if (strcmp(val, "ipv4") == 0) + svc->af = AF_INET; + else if (strcmp(val, "ipv6") == 0) + svc->af = AF_INET6; + else + return -1; } else if (strcmp(key, "src-range") == 0) { + range = true; snprintf(svc->srange, sizeof(svc->srange), "%s", val); } else if (strcmp(key, "dst-range") == 0) { + range = true; snprintf(svc->drange, sizeof(svc->drange), "%s", val); } else if (strcmp(key, "iif") == 0) { snprintf(svc->iifname, sizeof(svc->iifname), "%s", val); @@ -1316,6 +1361,8 @@ static int parse_match_snat(const char *buf, ipvs_service_t *svc) } } + if (!range && !af) + return -1; return 0; } @@ -1486,8 +1533,9 @@ static void usage_exit(const char *program, const int exit_status) " --numeric -n numeric output of addresses and ports\n" " --ifname -F nic interface for laddrs\n" " --synproxy -j TCP syn proxy\n" - " --match -H MATCH select service by MATCH 'proto,srange,drange,iif,oif'\n" - " --hash-target -Y hashtag choose target for conhash (support sip or qid for quic)\n", + " --match -H MATCH select service by MATCH 'af,proto,srange,drange,iif,oif', af should be defined if no range defined\n" + " --hash-target -Y hashtag choose target for conhash (support sip or qid for quic)\n" + " --cpu cid choose cid to show\n", DEF_SCHED); exit(exit_status); @@ -1734,13 +1782,13 @@ static void print_title(unsigned int format) static void -print_service_entry(ipvs_service_entry_t *se, unsigned int format) +print_service_entry(ipvs_service_entry_t *se, unsigned int format, lcoreid_t cid) { struct ip_vs_get_dests *d; char svc_name[256]; int i; - if (!(d = ipvs_get_dests(se))) { + if (!(d = ipvs_get_dests(se, cid))) { fprintf(stderr, "%s\n", ipvs_strerror(errno)); exit(1); } @@ -1788,6 +1836,7 @@ print_service_entry(ipvs_service_entry_t *se, unsigned int format) free(vname); } else { /* match */ char *proto; + char af[10]; if (se->protocol == IPPROTO_TCP) proto = "tcp"; @@ -1798,10 +1847,15 @@ print_service_entry(ipvs_service_entry_t *se, unsigned int format) else proto = "icmpv6"; + if (se->af == AF_INET) + sprintf(af, "ipv4"); + else if (se->af == AF_INET6) + sprintf(af, "ipv6"); + if (format & FMT_RULE) { snprintf(svc_name, sizeof(svc_name), - "-H proto=%s,src-range=%s,dst-range=%s,iif=%s,oif=%s", - proto, se->srange, se->drange, se->iifname, se->oifname); + "-H af=%s, proto=%s,src-range=%s,dst-range=%s,iif=%s,oif=%s", + proto, af, se->srange, se->drange, se->iifname, se->oifname); } else { int left = sizeof(svc_name); @@ -1810,6 +1864,9 @@ print_service_entry(ipvs_service_entry_t *se, unsigned int format) left -= snprintf(svc_name + strlen(svc_name), left, "MATCH %s", proto); + left -= snprintf(svc_name + strlen(svc_name), left, + ",af=%s", af); + if (strcmp(se->srange, "[::-::]:0-0") != 0 && strcmp(se->srange, "0.0.0.0-0.0.0.0:0-0") != 0) left -= snprintf(svc_name + strlen(svc_name), left, @@ -2009,17 +2066,17 @@ static void print_service_and_laddrs(struct ip_vs_get_laddrs* d, int with_title) } -static int list_laddrs(ipvs_service_t *svc , int with_title) +static int list_laddrs(ipvs_service_t *svc , int with_title, lcoreid_t cid) { ipvs_service_entry_t *entry; struct ip_vs_get_laddrs *d; - if (!(entry = ipvs_get_service(svc))) { + if (!(entry = ipvs_get_service(svc, cid))) { fprintf(stderr, "%s\n", ipvs_strerror(errno)); return -1; } - if (!(d = ipvs_get_laddrs(entry))) { + if (!(d = ipvs_get_laddrs(entry, cid))) { fprintf(stderr, "%s\n", ipvs_strerror(errno)); free(entry); return -1; @@ -2034,20 +2091,20 @@ static int list_laddrs(ipvs_service_t *svc , int with_title) } -static int list_all_laddrs(void) +static int list_all_laddrs(lcoreid_t cid) { struct ip_vs_get_services *get; struct ip_vs_get_laddrs *d; int i; int title_enable = 1; - if (!(get = ipvs_get_services())) { + if (!(get = ipvs_get_services(cid))) { fprintf(stderr, "%s\n", ipvs_strerror(errno)); return -1; } for (i = 0; i < get->num_services; i++){ - if(!(d = ipvs_get_laddrs(&(get->entrytable[i])))) { + if(!(d = ipvs_get_laddrs(&(get->entrytable[i]), cid))) { free(get); fprintf(stderr, "%s\n", ipvs_strerror(errno)); return -1; @@ -2114,7 +2171,7 @@ static int list_all_blklsts(void) struct ip_vs_get_services *get; int i; - if (!(get = ipvs_get_services())) { + if (!(get = ipvs_get_services(0))) { fprintf(stderr, "%s\n", ipvs_strerror(errno)); exit(1); } @@ -2128,23 +2185,23 @@ static int list_all_blklsts(void) return 0; } -static void list_service(ipvs_service_t *svc, unsigned int format) +static void list_service(ipvs_service_t *svc, unsigned int format, lcoreid_t cid) { ipvs_service_entry_t *entry; - if (!(entry = ipvs_get_service(svc))) { + if (!(entry = ipvs_get_service(svc, cid))) { fprintf(stderr, "%s\n", ipvs_strerror(errno)); exit(1); } print_title(format); - print_service_entry(entry, format); + print_service_entry(entry, format, cid); free(entry); } -static void list_all(unsigned int format) +static void list_all(unsigned int format, lcoreid_t cid) { struct ip_vs_get_services *get; int i; @@ -2153,7 +2210,7 @@ static void list_all(unsigned int format) printf("IP Virtual Server version %d.%d.%d (size=%d)\n", NVERSION(ipvs_info.version), ipvs_info.size); - if (!(get = ipvs_get_services())) { + if (!(get = ipvs_get_services(cid))) { fprintf(stderr, "%s\n", ipvs_strerror(errno)); exit(1); } @@ -2163,7 +2220,7 @@ static void list_all(unsigned int format) print_title(format); for (i = 0; i < get->num_services; i++) - print_service_entry(&get->entrytable[i], format); + print_service_entry(&get->entrytable[i], format, cid); free(get); } diff --git a/tools/keepalived/keepalived/check/check_data.c b/tools/keepalived/keepalived/check/check_data.c index e2e964f2c..fadc458c1 100644 --- a/tools/keepalived/keepalived/check/check_data.c +++ b/tools/keepalived/keepalived/check/check_data.c @@ -442,6 +442,7 @@ alloc_vs(char *ip, char *port) new->blklst_addr_gname = NULL; new->vip_bind_dev = NULL; new->hash_target = 0; + new->af = 0; memset(new->srange, 0, 256); memset(new->drange, 0, 256); memset(new->iifname, 0, IFNAMSIZ); diff --git a/tools/keepalived/keepalived/check/check_parser.c b/tools/keepalived/keepalived/check/check_parser.c index 15e697223..2c688c203 100644 --- a/tools/keepalived/keepalived/check/check_parser.c +++ b/tools/keepalived/keepalived/check/check_parser.c @@ -449,6 +449,18 @@ iif_handler(vector_t *strvec) snprintf(vs->iifname, sizeof(vs->iifname), "%s", (char *)vector_slot(strvec, 1)); } +static void +af_handler(vector_t *strvec) +{ + virtual_server_t *vs = LIST_TAIL_DATA(check_data->vs); + char *str = vector_slot(strvec, 1); + + if (!strcmp(str, "ipv4") || !strcmp(str, "IPv4")) + vs->af = AF_INET; + else if (!strcmp(str, "ipv6") || !strcmp(str, "IPv6")) + vs->af = AF_INET6; +} + static void hash_target_handler(vector_t *strvec) { @@ -515,6 +527,7 @@ check_init_keywords(void) install_keyword("dst-range", &dst_range_handler); install_keyword("oif", &oif_handler); install_keyword("iif", &iif_handler); + install_keyword("af", &af_handler); install_keyword("hash_target", &hash_target_handler); /* Pool regression detection and handling. */ diff --git a/tools/keepalived/keepalived/check/ipvswrapper.c b/tools/keepalived/keepalived/check/ipvswrapper.c index 9a9612c33..dd1c0fa48 100644 --- a/tools/keepalived/keepalived/check/ipvswrapper.c +++ b/tools/keepalived/keepalived/check/ipvswrapper.c @@ -375,7 +375,7 @@ ipvs_start(void) { log_message(LOG_DEBUG, "Initializing ipvs 2.6"); /* Initialize IPVS module */ - if (ipvs_init()) { + if (ipvs_init(0)) { log_message(LOG_INFO, "IPVS: Can't initialize ipvs: %s", ipvs_strerror(errno)); return IPVS_ERROR; @@ -451,8 +451,10 @@ ipvs_talk(int cmd) break; case IP_VS_SO_SET_EDITDEST: if ((result = ipvs_update_dest(srule, drule)) && - (result == EDPVS_NOTEXIST)) + (result == EDPVS_NOTEXIST || result == EDPVS_MSG_FAIL)) { result = ipvs_add_dest(srule, drule); + cmd = IP_VS_SO_SET_ADDDEST; + } break; case IP_VS_SO_SET_ADDTUNNEL: result = ipvs_add_tunnel(tunnel_rule); @@ -462,10 +464,12 @@ ipvs_talk(int cmd) break; } - if (result) { - if (result == EDPVS_EXIST && (cmd == IP_VS_SO_SET_ADD || cmd == IP_VS_SO_SET_ADDDEST)) + if (result) {//EDPVS_MSG_FAIL just ignore set failed + if ((result == EDPVS_EXIST || result == EDPVS_MSG_FAIL || result == EDPVS_NOTSUPP) + && (cmd == IP_VS_SO_SET_ADD || cmd == IP_VS_SO_SET_ADDDEST)) result = 0; - else if (result == EDPVS_NOTEXIST && (cmd == IP_VS_SO_SET_DEL || cmd == IP_VS_SO_SET_DELDEST)) + else if ((result == EDPVS_NOTEXIST || result == EDPVS_MSG_FAIL || result == EDPVS_NOTSUPP) + && (cmd == IP_VS_SO_SET_DEL || cmd == IP_VS_SO_SET_DELDEST)) result = 0; log_message(LOG_INFO, "IPVS: %s", ipvs_strerror(errno)); } @@ -609,6 +613,7 @@ ipvs_set_rule(int cmd, virtual_server_t * vs, real_server_t * rs) srule->netmask = (vs->addr.ss_family == AF_INET6) ? 128 : ((u_int32_t) 0xffffffff); srule->protocol = vs->service_type; srule->conn_timeout = vs->conn_timeout; + srule->af = vs->af; snprintf(srule->srange, 256, "%s", vs->srange); snprintf(srule->drange, 256, "%s", vs->drange); snprintf(srule->iifname, IFNAMSIZ, "%s", vs->iifname); @@ -1033,6 +1038,9 @@ ipvs_cmd(int cmd, list vs_group, virtual_server_t * vs, real_server_t * rs) srule->af = vs->addr.ss_family; srule->addr.ip = 0; srule->port = inet_sockaddrport(&vs->addr); + srule->flags |= IP_VS_SVC_F_MATCH; + if (!srule->af) + srule->af = vs->af; } else { srule->af = vs->addr.ss_family; if (vs->addr.ss_family == AF_INET6) diff --git a/tools/keepalived/keepalived/include/check_data.h b/tools/keepalived/keepalived/include/check_data.h index 7efb6a9e1..dc81ca511 100644 --- a/tools/keepalived/keepalived/include/check_data.h +++ b/tools/keepalived/keepalived/include/check_data.h @@ -183,6 +183,7 @@ typedef struct _virtual_server { char *vip_bind_dev; /* the interface name,vip bindto */ char *blklst_addr_gname; /* black list ip group name */ + uint16_t af; char srange[256]; char drange[256]; char iifname[IFNAMSIZ]; @@ -297,7 +298,8 @@ static inline int inaddr_equal(sa_family_t family, void *addr1, void *addr2) !strcmp((X)->srange, (Y)->srange) &&\ !strcmp((X)->drange, (Y)->drange) &&\ !strcmp((X)->iifname, (Y)->iifname) &&\ - !strcmp((X)->oifname, (Y)->oifname)) + !strcmp((X)->oifname, (Y)->oifname) &&\ + (X)->af == (Y)->af) #define VSGE_ISEQ(X,Y) (sockstorage_equal(&(X)->addr,&(Y)->addr) && \ (X)->range == (Y)->range && \ diff --git a/tools/keepalived/keepalived/libipvs-2.6/dp_vs.h b/tools/keepalived/keepalived/libipvs-2.6/dp_vs.h index a222ca3f4..70c339036 100644 --- a/tools/keepalived/keepalived/libipvs-2.6/dp_vs.h +++ b/tools/keepalived/keepalived/libipvs-2.6/dp_vs.h @@ -2,15 +2,6 @@ #define _DP_VS_H #include -#include "conf/route.h" -#include "conf/route6.h" -#include "conf/inetaddr.h" -#include "conf/laddr.h" -#include "conf/blklst.h" -#include "conf/conn.h" -#include "ip_tunnel.h" -#include "ipvs/service.h" -#include "ipvs/dest.h" enum{ DPVS_SO_SET_FLUSH = 200, diff --git a/tools/keepalived/keepalived/libipvs-2.6/ip_vs.h b/tools/keepalived/keepalived/libipvs-2.6/ip_vs.h index 9c4cd9466..6dc17bdc6 100644 --- a/tools/keepalived/keepalived/libipvs-2.6/ip_vs.h +++ b/tools/keepalived/keepalived/libipvs-2.6/ip_vs.h @@ -11,7 +11,15 @@ #include #include /* For __beXX types in userland */ #include -#include "dp_vs.h" +#include "conf/route.h" +#include "conf/route6.h" +#include "conf/inetaddr.h" +#include "conf/laddr.h" +#include "conf/blklst.h" +#include "conf/conn.h" +#include "ip_tunnel.h" +#include "ipvs/service.h" +#include "ipvs/dest.h" #ifdef LIBIPVS_USE_NL #include @@ -43,8 +51,9 @@ #define IP_VS_SVC_F_SCHED2 0x0010 /* scheduler flag 2 */ #define IP_VS_SVC_F_SCHED3 0x0020 /* scheduler flag 3 */ -#define IP_VS_SVC_F_SIP_HASH 0x0100 /* sip hash target */ -#define IP_VS_SVC_F_QID_HASH 0x0200 /* quic cid hash target */ +#define IP_VS_SVC_F_SIP_HASH 0x0100 /* sip hash target */ +#define IP_VS_SVC_F_QID_HASH 0x0200 /* quic cid hash target */ +#define IP_VS_SVC_F_MATCH 0x0400 /* snat match */ #define IP_VS_SVC_F_SCHED_SH_FALLBACK IP_VS_SVC_F_SCHED1 /* SH fallback */ #define IP_VS_SVC_F_SCHED_SH_PORT IP_VS_SVC_F_SCHED2 /* SH use port */ @@ -272,38 +281,9 @@ struct ip_vs_getinfo { /* number of virtual services */ unsigned int num_services; -}; - - -/* The argument to IP_VS_SO_GET_SERVICE */ -struct ip_vs_service_entry_kern { - /* which service: user fills in these */ - u_int16_t protocol; - __be32 addr; /* virtual address */ - __be16 port; - u_int32_t fwmark; /* firwall mark of service */ - - /* service options */ - char sched_name[IP_VS_SCHEDNAME_MAXLEN]; - unsigned flags; /* virtual service flags */ - unsigned timeout; /* persistent timeout */ - unsigned conn_timeout; - __be32 netmask; /* persistent netmask */ - unsigned bps; - unsigned limit_proportion; - /* number of real servers */ - unsigned int num_dests; - /* number of local address*/ - unsigned int num_laddrs; - - /* statistics */ - struct ip_vs_stats_user stats; - - char srange[256]; - char drange[256]; - char iifname[IFNAMSIZ]; - char oifname[IFNAMSIZ]; + /* number of lcores*/ + unsigned int num_lcores; }; struct ip_vs_service_entry { @@ -341,23 +321,6 @@ struct ip_vs_service_entry { }; -struct ip_vs_dest_entry_kern { - __be32 addr; /* destination address */ - __be16 port; - unsigned conn_flags; /* connection flags */ - int weight; /* destination weight */ - - u_int32_t u_threshold; /* upper threshold */ - u_int32_t l_threshold; /* lower threshold */ - - u_int32_t activeconns; /* active connections */ - u_int32_t inactconns; /* inactive connections */ - u_int32_t persistconns; /* persistent connections */ - - /* statistics */ - struct ip_vs_stats_user stats; -}; - struct ip_vs_dest_entry { __be32 __addr_v4; /* destination address - internal use only */ __be16 port; @@ -391,21 +354,6 @@ struct ip_vs_laddr_entry { union nf_inet_addr addr; }; -/* The argument to IP_VS_SO_GET_LADDRS */ -struct ip_vs_get_laddrs_kern { - /* which service: user fills in these */ - u_int16_t protocol; - __be32 addr; /* virtual address - internal use only */ - __be16 port; - u_int32_t fwmark; /* firwall mark of service */ - - /* number of local address*/ - unsigned int num_laddrs; - - /* the real servers */ - struct ip_vs_laddr_entry_kern entrytable[0]; -}; - struct ip_vs_get_laddrs { /* which service: user fills in these */ u_int16_t protocol; @@ -422,26 +370,6 @@ struct ip_vs_get_laddrs { struct ip_vs_laddr_entry entrytable[0]; }; -/* The argument to IP_VS_SO_GET_DESTS */ -struct ip_vs_get_dests_kern { - /* which service: user fills in these */ - u_int16_t protocol; - __be32 addr; /* virtual address - internal use only */ - __be16 port; - u_int32_t fwmark; /* firwall mark of service */ - - /* number of real servers */ - unsigned int num_dests; - - char srange[256]; - char drange[256]; - char iifname[IFNAMSIZ]; - char oifname[IFNAMSIZ]; - - /* the real servers */ - struct ip_vs_dest_entry_kern entrytable[0]; -}; - struct ip_vs_get_dests { /* which service: user fills in these */ u_int16_t protocol; @@ -468,19 +396,11 @@ struct ip_vs_get_dests { struct ip_vs_get_services { /* number of virtual services */ unsigned int num_services; - + unsigned int cid; /* service table */ struct ip_vs_service_entry entrytable[0]; }; -struct ip_vs_get_services_kern { - /* number of virtual services */ - unsigned int num_services; - - /* service table */ - struct ip_vs_service_entry_kern entrytable[0]; -}; - /* The argument to IP_VS_SO_GET_TIMEOUT */ struct ip_vs_timeout_user { int tcp_timeout; diff --git a/tools/keepalived/keepalived/libipvs-2.6/libipvs.c b/tools/keepalived/keepalived/libipvs-2.6/libipvs.c index 8e532d937..5f732a2b2 100644 --- a/tools/keepalived/keepalived/libipvs-2.6/libipvs.c +++ b/tools/keepalived/keepalived/libipvs-2.6/libipvs.c @@ -22,7 +22,6 @@ #include "libipvs.h" #include "sockopt.h" -#include "dp_vs.h" typedef struct ipvs_servicedest_s { struct ip_vs_service_kern svc; @@ -111,7 +110,7 @@ typedef struct dpvs_servicedest_s { void ipvs_service_entry_2_user(const ipvs_service_entry_t *entry, ipvs_service_t *user); -int ipvs_init(void) +int ipvs_init(lcoreid_t cid) { socklen_t len; struct ip_vs_getinfo *ipvs_info_rcv; @@ -186,7 +185,7 @@ int ipvs_update_service_by_options(ipvs_service_t *svc, unsigned int options) ipvs_service_entry_t *entry; ipvs_service_t user; - if (!(entry = ipvs_get_service(svc))) { + if (!(entry = ipvs_get_service(svc, 0))) { fprintf(stderr, "%s\n", ipvs_strerror(errno)); exit(1); } @@ -241,7 +240,7 @@ int ipvs_update_service_synproxy(ipvs_service_t *svc , int enable) { ipvs_service_entry_t *entry; - if (!(entry = ipvs_get_service(svc))) { + if (!(entry = ipvs_get_service(svc, 0))) { fprintf(stderr, "%s\n", ipvs_strerror(errno)); exit(1); } @@ -478,8 +477,18 @@ int ipvs_stop_daemon(ipvs_daemon_t *dm) (char *)dm, sizeof(*dm)); } +static inline sockoptid_t cpu2opt_svc(lcoreid_t cid, sockoptid_t old_opt) +{ + return old_opt + cid * (SOCKOPT_SVC_GET_CMD_MAX - SOCKOPT_SVC_BASE + 1); +} + +/* now support get_all only */ +static inline sockoptid_t cpu2opt_laddr(lcoreid_t cid, sockoptid_t old_opt) +{ + return old_opt + cid; +} -struct ip_vs_get_services *ipvs_get_services(void) +struct ip_vs_get_services *ipvs_get_services(lcoreid_t cid) { struct ip_vs_get_services *get; struct dp_vs_get_services *dpvs_get, *dpvs_get_rcv; @@ -499,8 +508,8 @@ struct ip_vs_get_services *ipvs_get_services(void) return NULL; } dpvs_get->num_services = ipvs_info.num_services; - - if (dpvs_getsockopt(DPVS_SO_GET_SERVICES, dpvs_get, len, (void **)&dpvs_get_rcv, &len_rcv)) { + dpvs_get->cid = cid; + if (dpvs_getsockopt(cpu2opt_svc(cid, DPVS_SO_GET_SERVICES), dpvs_get, len, (void **)&dpvs_get_rcv, &len_rcv)) { free(get); free(dpvs_get); return NULL; @@ -609,7 +618,7 @@ ipvs_sort_services(struct ip_vs_get_services *s, ipvs_service_cmp_t f) sizeof(ipvs_service_entry_t), (qsort_cmp_t)f); } -struct ip_vs_get_laddrs *ipvs_get_laddrs(ipvs_service_entry_t *svc) +struct ip_vs_get_laddrs *ipvs_get_laddrs(ipvs_service_entry_t *svc, lcoreid_t cid) { struct ip_vs_get_laddrs *laddrs; struct dp_vs_laddr_conf conf, *result; @@ -624,13 +633,14 @@ struct ip_vs_get_laddrs *ipvs_get_laddrs(ipvs_service_entry_t *svc) conf.vaddr.in6 = svc->addr.in6; conf.vport = svc->port; conf.fwmark = svc->fwmark; + conf.cid = cid; snprintf(conf.srange, sizeof(conf.srange), "%s", svc->srange); snprintf(conf.drange, sizeof(conf.drange), "%s", svc->drange); snprintf(conf.iifname, sizeof(conf.iifname), "%s", svc->iifname); snprintf(conf.iifname, sizeof(conf.oifname), "%s", svc->oifname); - if (dpvs_getsockopt(SOCKOPT_GET_LADDR_GETALL, &conf, sizeof(conf), + if (dpvs_getsockopt(cpu2opt_laddr(cid, SOCKOPT_GET_LADDR_GETALL), &conf, sizeof(conf), (void **)&result, &res_size) != 0) return NULL; @@ -700,7 +710,7 @@ struct dp_vs_blklst_conf_array *ipvs_get_blklsts(void) return array; } -struct ip_vs_get_dests *ipvs_get_dests(ipvs_service_entry_t *svc) +struct ip_vs_get_dests *ipvs_get_dests(ipvs_service_entry_t *svc, lcoreid_t cid) { struct ip_vs_get_dests *d; struct dp_vs_get_dests *dpvs_dests, *dpvs_dests_rcv; @@ -726,12 +736,14 @@ struct ip_vs_get_dests *ipvs_get_dests(ipvs_service_entry_t *svc) memcpy(&dpvs_dests->addr, &svc->addr, sizeof(svc->addr)); dpvs_dests->port = svc->port; dpvs_dests->num_dests = svc->num_dests; + dpvs_dests->cid = cid; snprintf(dpvs_dests->srange, sizeof(dpvs_dests->srange), "%s", svc->srange); snprintf(dpvs_dests->drange, sizeof(dpvs_dests->drange), "%s", svc->drange); snprintf(dpvs_dests->iifname, sizeof(dpvs_dests->iifname), "%s", svc->iifname); snprintf(dpvs_dests->oifname, sizeof(dpvs_dests->oifname), "%s", svc->oifname); - if (dpvs_getsockopt(DPVS_SO_GET_DESTS, dpvs_dests, len, (void **)&dpvs_dests_rcv, &len_rcv)) { + if (dpvs_getsockopt(cpu2opt_svc(cid, DPVS_SO_GET_DESTS), dpvs_dests, len, + (void **)&dpvs_dests_rcv, &len_rcv)) { free(d); free(dpvs_dests); return NULL; @@ -788,7 +800,7 @@ void ipvs_sort_dests(struct ip_vs_get_dests *d, ipvs_dest_cmp_t f) ipvs_service_entry_t * -ipvs_get_service(struct ip_vs_service_user *hint) +ipvs_get_service(struct ip_vs_service_user *hint, lcoreid_t cid) { ipvs_service_entry_t *svc; struct dp_vs_service_entry dpvs_svc, *dpvs_svc_ptr, *dpvs_svc_rcv; @@ -805,9 +817,10 @@ ipvs_get_service(struct ip_vs_service_user *hint) len_rcv = sizeof(*dpvs_svc_rcv); memset(&dpvs_svc, 0, len); dpvs_svc_ptr = &dpvs_svc; + dpvs_svc.cid = cid; IPVS_2_DPVS(dpvs_svc_ptr, hint); - if (dpvs_getsockopt(DPVS_SO_GET_SERVICE, + if (dpvs_getsockopt(cpu2opt_svc(cid, DPVS_SO_GET_SERVICE), &dpvs_svc, len, (void **)&dpvs_svc_rcv, &len_rcv)) { goto out_err; } diff --git a/tools/keepalived/keepalived/libipvs-2.6/libipvs.h b/tools/keepalived/keepalived/libipvs-2.6/libipvs.h index 4c46fa2f0..d1bfe955c 100644 --- a/tools/keepalived/keepalived/libipvs-2.6/libipvs.h +++ b/tools/keepalived/keepalived/libipvs-2.6/libipvs.h @@ -42,7 +42,7 @@ #define OPT_IFNAME 0x4000000 #define OPT_SOCKPAIR 0x8000000 #define OPT_HASHTAG 0x10000000 -#define NUMBER_OF_OPT 29 +#define NUMBER_OF_OPT 30 //opt cid is not defined above #define MINIMUM_IPVS_VERSION_MAJOR 1 #define MINIMUM_IPVS_VERSION_MINOR 1 @@ -81,7 +81,7 @@ typedef struct ip_vs_blklst_entry ipvs_blklst_entry_t; extern struct ip_vs_getinfo ipvs_info; /* init socket and get ipvs info */ -extern int ipvs_init(void); +extern int ipvs_init(lcoreid_t cid); /* get ipvs info separately */ extern int ipvs_getinfo(void); @@ -123,7 +123,7 @@ extern struct ip_vs_conn_array* ip_vs_get_conns(const struct ip_vs_conn_req *req extern int ipvs_add_laddr(ipvs_service_t *svc, ipvs_laddr_t * laddr); extern int ipvs_del_laddr(ipvs_service_t *svc, ipvs_laddr_t * laddr); -extern struct ip_vs_get_laddrs *ipvs_get_laddrs(ipvs_service_entry_t *svc); +extern struct ip_vs_get_laddrs *ipvs_get_laddrs(ipvs_service_entry_t *svc, lcoreid_t cid); /*for add/delete a blacklist ip*/ extern int ipvs_add_blklst(ipvs_service_t *svc, ipvs_blklst_t * blklst); @@ -144,7 +144,7 @@ extern int ipvs_stop_daemon(ipvs_daemon_t *dm); /* get all the ipvs services */ -extern struct ip_vs_get_services *ipvs_get_services(void); +extern struct ip_vs_get_services *ipvs_get_services(lcoreid_t); /* sort the service entries */ typedef int (*ipvs_service_cmp_t)(ipvs_service_entry_t *, @@ -155,7 +155,7 @@ extern void ipvs_sort_services(struct ip_vs_get_services *s, ipvs_service_cmp_t f); /* get the destination array of the specified service */ -extern struct ip_vs_get_dests *ipvs_get_dests(ipvs_service_entry_t *svc); +extern struct ip_vs_get_dests *ipvs_get_dests(ipvs_service_entry_t *svc, lcoreid_t cid); /* sort the destination entries */ typedef int (*ipvs_dest_cmp_t)(ipvs_dest_entry_t *, @@ -166,7 +166,7 @@ extern void ipvs_sort_dests(struct ip_vs_get_dests *d, ipvs_dest_cmp_t f); /* get an ipvs service entry */ -extern ipvs_service_entry_t *ipvs_get_service(struct ip_vs_service_user *hint); +extern ipvs_service_entry_t *ipvs_get_service(struct ip_vs_service_user *hint, lcoreid_t cid); /* get ipvs timeout */ extern ipvs_timeout_t *ipvs_get_timeout(void); From c96f8215e0c6e85e0a520a6fc985a0260f2957b3 Mon Sep 17 00:00:00 2001 From: mscbg Date: Mon, 17 Jun 2019 14:04:53 +0800 Subject: [PATCH 16/62] delete debug code --- src/ipvs/ip_vs_dest.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/ipvs/ip_vs_dest.c b/src/ipvs/ip_vs_dest.c index 8324797d4..0f947bd25 100644 --- a/src/ipvs/ip_vs_dest.c +++ b/src/ipvs/ip_vs_dest.c @@ -215,7 +215,6 @@ void dp_vs_dest_put(struct dp_vs_dest *dest) if (rte_atomic32_dec_and_test(&dest->refcnt)) { dp_vs_unbind_svc(dest); rte_free(dest); - RTE_LOG(ERR, SERVICE, "%s delete rs\n", __func__); } } From 3f314477e0dd7978dcbace0500b2b4166e5c4a50 Mon Sep 17 00:00:00 2001 From: jerrywang Date: Thu, 23 May 2019 17:16:44 +0800 Subject: [PATCH 17/62] svc/dest/laddr support percore; fix snat bug: no range config --- src/ipvs/ip_vs_dest.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ipvs/ip_vs_dest.c b/src/ipvs/ip_vs_dest.c index 0f947bd25..8324797d4 100644 --- a/src/ipvs/ip_vs_dest.c +++ b/src/ipvs/ip_vs_dest.c @@ -215,6 +215,7 @@ void dp_vs_dest_put(struct dp_vs_dest *dest) if (rte_atomic32_dec_and_test(&dest->refcnt)) { dp_vs_unbind_svc(dest); rte_free(dest); + RTE_LOG(ERR, SERVICE, "%s delete rs\n", __func__); } } From 8091fb72b01a44bb6aabd5d87de457ff3e6e1bb5 Mon Sep 17 00:00:00 2001 From: mscbg Date: Mon, 17 Jun 2019 14:04:53 +0800 Subject: [PATCH 18/62] delete debug code --- src/ipvs/ip_vs_dest.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/ipvs/ip_vs_dest.c b/src/ipvs/ip_vs_dest.c index 8324797d4..0f947bd25 100644 --- a/src/ipvs/ip_vs_dest.c +++ b/src/ipvs/ip_vs_dest.c @@ -215,7 +215,6 @@ void dp_vs_dest_put(struct dp_vs_dest *dest) if (rte_atomic32_dec_and_test(&dest->refcnt)) { dp_vs_unbind_svc(dest); rte_free(dest); - RTE_LOG(ERR, SERVICE, "%s delete rs\n", __func__); } } From a5f92b5f538d355fa2f6fed528e0b8536d32c6cc Mon Sep 17 00:00:00 2001 From: mscbg Date: Mon, 29 Jul 2019 11:26:54 +0800 Subject: [PATCH 19/62] fix bug for release timer --- src/inetaddr.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/inetaddr.c b/src/inetaddr.c index 5889aed5a..747c5137a 100644 --- a/src/inetaddr.c +++ b/src/inetaddr.c @@ -396,6 +396,7 @@ static int inet_ifaddr_dad_completed(void *arg) struct inet_ifaddr *ifa = arg; rte_rwlock_write_lock(&in_addr_lock); + dpvs_timer_cancel(&ifa->timer, true); ifa->flags &= ~(IFA_F_TENTATIVE|IFA_F_OPTIMISTIC|IFA_F_DADFAILED); rte_rwlock_write_unlock(&in_addr_lock); From 8d62c533b2dcb39a19167fc12746512c06d0a2a6 Mon Sep 17 00:00:00 2001 From: mscbg Date: Wed, 23 Oct 2019 16:23:49 +0800 Subject: [PATCH 20/62] fix bug by some code review fix msg bug --- src/ctrl.c | 2 +- src/inetaddr.c | 4 ++-- src/ipvs/ip_vs_blklst.c | 4 ++-- src/ipvs/ip_vs_laddr.c | 10 +++++----- src/ipvs/ip_vs_service.c | 26 ++++++++++---------------- tools/ipvsadm/ipvsadm.c | 4 ++-- 6 files changed, 22 insertions(+), 28 deletions(-) diff --git a/src/ctrl.c b/src/ctrl.c index 43225662e..631f9893c 100644 --- a/src/ctrl.c +++ b/src/ctrl.c @@ -99,7 +99,7 @@ inline static void msg_debug_dump(void) allc = rte_atomic64_read(&n_msg_allc); - if (likely(allc % 10)) + if (likely(allc % 100000)) return; RTE_LOG(INFO, MSGMGR, "%s: allocated=%ld, freed=%ld, processing=%d\n", diff --git a/src/inetaddr.c b/src/inetaddr.c index 747c5137a..be6a13785 100644 --- a/src/inetaddr.c +++ b/src/inetaddr.c @@ -396,11 +396,11 @@ static int inet_ifaddr_dad_completed(void *arg) struct inet_ifaddr *ifa = arg; rte_rwlock_write_lock(&in_addr_lock); - dpvs_timer_cancel(&ifa->timer, true); + dpvs_timer_cancel_nolock(&ifa->timer, true); ifa->flags &= ~(IFA_F_TENTATIVE|IFA_F_OPTIMISTIC|IFA_F_DADFAILED); rte_rwlock_write_unlock(&in_addr_lock); - return DTIMER_STOP; + return DTIMER_OK; } /* change timer callback, refer to 'addrconf_mod_timer' */ diff --git a/src/ipvs/ip_vs_blklst.c b/src/ipvs/ip_vs_blklst.c index d64e753a7..f9b9fa7aa 100644 --- a/src/ipvs/ip_vs_blklst.c +++ b/src/ipvs/ip_vs_blklst.c @@ -145,7 +145,7 @@ static int dp_vs_blklst_add(uint8_t proto, const union inet_addr *vaddr, cid, sizeof(struct dp_vs_blklst_conf), &cf); if (!msg) return EDPVS_NOMEM; - err = multicast_msg_send(msg, 0, NULL); + err = multicast_msg_send(msg, DPVS_MSG_F_ASYNC, NULL); if (err != EDPVS_OK) { msg_destroy(&msg); RTE_LOG(INFO, SERVICE, "[%s] fail to send multicast message\n", __func__); @@ -187,7 +187,7 @@ static int dp_vs_blklst_del(uint8_t proto, const union inet_addr *vaddr, cid, sizeof(struct dp_vs_blklst_conf), &cf); if (!msg) return EDPVS_NOMEM; - err = multicast_msg_send(msg, 0, NULL); + err = multicast_msg_send(msg, DPVS_MSG_F_ASYNC, NULL); if (err != EDPVS_OK) { RTE_LOG(INFO, SERVICE, "[%s] fail to send multicast message\n", __func__); return err; diff --git a/src/ipvs/ip_vs_laddr.c b/src/ipvs/ip_vs_laddr.c index ff4dec4ab..d9deab89d 100644 --- a/src/ipvs/ip_vs_laddr.c +++ b/src/ipvs/ip_vs_laddr.c @@ -438,7 +438,7 @@ static int laddr_sockopt_set(sockoptid_t opt, const void *conf, size_t size) if (!msg) return EDPVS_NOMEM; - err = multicast_msg_send(msg, 0, NULL); + err = multicast_msg_send(msg, DPVS_MSG_F_ASYNC, NULL); /* go on in master core, not return */ if (err != EDPVS_OK) RTE_LOG(ERR, SERVICE, "[%s] fail to send multicast message\n", __func__); @@ -508,7 +508,7 @@ static int get_msg_cb(struct dpvs_msg *msg) return err; size = sizeof(*laddr_conf) + naddr * sizeof(struct dp_vs_laddr_entry); - laddrs = rte_malloc_socket(0, size, RTE_CACHE_LINE_SIZE, rte_socket_id()); + laddrs = msg_reply_alloc(size); if (!laddrs) { if (addrs) rte_free(addrs); @@ -605,7 +605,7 @@ static int laddr_sockopt_get(sockoptid_t opt, const void *conf, size_t size, return EDPVS_NOSERV; } - err = dp_vs_laddr_getall(svc, &addrs, &naddr); + err = dp_vs_laddr_getall(svc, &addrs, &naddr); if (err != EDPVS_OK) { msg_destroy(&msg); return err; @@ -639,7 +639,7 @@ static int laddr_sockopt_get(sockoptid_t opt, const void *conf, size_t size, err = dp_vs_copy_percore_laddrs_stats(laddrs, get_msg); if (err != EDPVS_OK) { msg_destroy(&msg); - rte_free(out); + rte_free(*out); *out = NULL; return err; } @@ -741,7 +741,7 @@ int dp_vs_laddr_init(void) memset(&msg_type, 0, sizeof(struct dpvs_msg_type)); msg_type.type = MSG_TYPE_LADDR_GET_ALL; msg_type.mode = DPVS_MSG_MULTICAST; - msg_type.prio = MSG_PRIO_NORM; + msg_type.prio = MSG_PRIO_LOW; msg_type.cid = rte_lcore_id(); msg_type.unicast_msg_cb = get_msg_cb; err = msg_type_mc_register(&msg_type); diff --git a/src/ipvs/ip_vs_service.c b/src/ipvs/ip_vs_service.c index 056f812f1..ebddcf3a9 100644 --- a/src/ipvs/ip_vs_service.c +++ b/src/ipvs/ip_vs_service.c @@ -219,7 +219,7 @@ __dp_vs_svc_match_get4(const struct rte_mbuf *mbuf, bool *outwall, lcoreid_t cid oif = rt->port->id; } else if (outwall != NULL && (NULL != ipset_addr_lookup(AF_INET, &daddr)) && (rt = route_gfw_net_lookup(&daddr.in))) { - char dst[64]; + char dst[64]; RTE_LOG(DEBUG, IPSET, "%s: IP %s is in the gfwip set, found route in the outwall table.\n", __func__, inet_ntop(AF_INET, &daddr, dst, sizeof(dst))? dst: ""); oif = rt->port->id; @@ -663,7 +663,7 @@ static int dp_vs_del_service(struct dp_vs_service *svc) * Unhash it from the service table */ dp_vs_svc_unhash(svc); - + /* * Wait until all the svc users go away. */ @@ -929,7 +929,7 @@ static int dp_vs_set_svc(sockoptid_t opt, const void *user, size_t len) if (!msg) return EDPVS_NOMEM; - ret = multicast_msg_send(msg, 0, NULL); + ret = multicast_msg_send(msg, DPVS_MSG_F_ASYNC, NULL); /* go on in master core, not return */ if (ret != EDPVS_OK) RTE_LOG(ERR, SERVICE, "[%s] fail to send multicast message\n", __func__); @@ -1075,7 +1075,7 @@ static int dp_vs_get_services_uc_cb(struct dpvs_msg *msg) } size = sizeof(*get) + sizeof(struct dp_vs_service_entry) * get->num_services; - output = rte_zmalloc("get_services", size, 0); + output = msg_reply_alloc(size); if (output == NULL) return EDPVS_NOMEM; ret = dp_vs_get_service_entries(get->num_services, output, cid); @@ -1131,7 +1131,7 @@ static int dp_vs_get_service_uc_cb(struct dpvs_msg *msg) return EDPVS_NOTEXIST; size = sizeof(struct dp_vs_service_entry); - entry = rte_zmalloc("get_service", size, 0); + entry = msg_reply_alloc(size); if (entry == NULL) return EDPVS_NOMEM; @@ -1175,7 +1175,7 @@ static int dp_vs_get_dests_uc_cb(struct dpvs_msg *msg) } size = sizeof(*get) + sizeof(struct dp_vs_dest_entry) * (svc->num_dests); - output = rte_zmalloc("get_dests", size, 0); + output = msg_reply_alloc(size); if (output == NULL) return EDPVS_NOMEM; rte_memcpy(output, get, sizeof(*get)); @@ -1283,11 +1283,6 @@ static int dp_vs_get_svc(sockoptid_t opt, const void *user, size_t len, void **o msg_destroy(&msg); return EDPVS_OK; } else { - output = rte_zmalloc("get_services", size, 0); - if (unlikely(NULL == output)) { - msg_destroy(&msg); - return EDPVS_NOMEM; - } list_for_each_entry(cur, &reply->mq, mq_node) { get_msg = (struct dp_vs_get_services *)(cur->data); if (get_msg->cid == cid) { @@ -1305,7 +1300,6 @@ static int dp_vs_get_svc(sockoptid_t opt, const void *user, size_t len, void **o } RTE_LOG(ERR, SERVICE, "%s: find no services for cid=%d.\n", __func__, cid); msg_destroy(&msg); - rte_free(output); return EDPVS_NOTEXIST; } } @@ -1329,7 +1323,7 @@ static int dp_vs_get_svc(sockoptid_t opt, const void *user, size_t len, void **o msg_destroy(&msg); RTE_LOG(ERR, SERVICE, "%s: send message fail.\n", __func__); return EDPVS_MSG_FAIL; - } + } if (cid == rte_get_master_lcore()) { svc = dp_vs_get_service_lcore(entry, cid); @@ -1656,7 +1650,7 @@ int dp_vs_service_init(void) memset(&msg_type, 0, sizeof(struct dpvs_msg_type)); msg_type.type = MSG_TYPE_SVC_GET_SERVICES; msg_type.mode = DPVS_MSG_MULTICAST; - msg_type.prio = MSG_PRIO_NORM; + msg_type.prio = MSG_PRIO_LOW; msg_type.cid = rte_lcore_id(); msg_type.unicast_msg_cb = dp_vs_get_services_uc_cb; err = msg_type_mc_register(&msg_type); @@ -1668,7 +1662,7 @@ int dp_vs_service_init(void) memset(&msg_type, 0, sizeof(struct dpvs_msg_type)); msg_type.type = MSG_TYPE_SVC_GET_SERVICE; msg_type.mode = DPVS_MSG_MULTICAST; - msg_type.prio = MSG_PRIO_NORM; + msg_type.prio = MSG_PRIO_LOW; msg_type.cid = rte_lcore_id(); msg_type.unicast_msg_cb = dp_vs_get_service_uc_cb; err = msg_type_mc_register(&msg_type); @@ -1680,7 +1674,7 @@ int dp_vs_service_init(void) memset(&msg_type, 0, sizeof(struct dpvs_msg_type)); msg_type.type = MSG_TYPE_SVC_GET_DESTS; msg_type.mode = DPVS_MSG_MULTICAST; - msg_type.prio = MSG_PRIO_NORM; + msg_type.prio = MSG_PRIO_LOW; msg_type.cid = rte_lcore_id(); msg_type.unicast_msg_cb = dp_vs_get_dests_uc_cb; err = msg_type_mc_register(&msg_type); diff --git a/tools/ipvsadm/ipvsadm.c b/tools/ipvsadm/ipvsadm.c index 4fa592d29..103a5ad23 100644 --- a/tools/ipvsadm/ipvsadm.c +++ b/tools/ipvsadm/ipvsadm.c @@ -21,7 +21,7 @@ * Wensong Zhang : added the long options * Wensong Zhang : added the hostname and portname input * Wensong Zhang : added the hostname and portname output - * Lars Marowsky-Brée : added persistence granularity support + * Lars Marowsky-Brée : added persistence granularity support * Julian Anastasov : fixed the (null) print for unknown services * Wensong Zhang : added the port_to_anyname function * Horms : added option to read commands from stdin @@ -200,7 +200,7 @@ static const char* optnames[] = { "ifname" , "sockpair" , "hash-target", - "cpu" + "cpu" }; /* From 589a587791d136e76b12c2f7bae8a833baa02c72 Mon Sep 17 00:00:00 2001 From: mscbg Date: Tue, 29 Oct 2019 10:19:20 +0800 Subject: [PATCH 21/62] Modificate order --- tools/ipvsadm/ipvsadm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/ipvsadm/ipvsadm.c b/tools/ipvsadm/ipvsadm.c index 103a5ad23..9d78051cb 100644 --- a/tools/ipvsadm/ipvsadm.c +++ b/tools/ipvsadm/ipvsadm.c @@ -1862,10 +1862,10 @@ print_service_entry(ipvs_service_entry_t *se, unsigned int format, lcoreid_t cid svc_name[0] = '\0'; left -= snprintf(svc_name + strlen(svc_name), left, - "MATCH %s", proto); + "af=%s", af); left -= snprintf(svc_name + strlen(svc_name), left, - ",af=%s", af); + ",MATCH %s", proto); if (strcmp(se->srange, "[::-::]:0-0") != 0 && strcmp(se->srange, "0.0.0.0-0.0.0.0:0-0") != 0) From 6b6b53e3ea43a5e0980df4e93b6eafeddc69bf2f Mon Sep 17 00:00:00 2001 From: Weiliang Li Date: Mon, 4 Nov 2019 15:48:50 +0800 Subject: [PATCH 22/62] delete a dead code block Opposite inner 'if' condition leads to a dead code block (outer condition is 'ii < NETIF_MAX_BOND_SLAVES' and inner condition is 'ii >= NETIF_MAX_BOND_SLAVES') --- src/netif.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/netif.c b/src/netif.c index b1520a1b4..0ea1da77a 100644 --- a/src/netif.c +++ b/src/netif.c @@ -555,11 +555,6 @@ static void bonding_slave_handler(vector_t tokens) assert(str); if (get_port_conf_stream(str)) { for (ii = 0; ii < NETIF_MAX_BOND_SLAVES; ii++) { - if (ii >= NETIF_MAX_BOND_SLAVES) { - RTE_LOG(ERR, NETIF, "bonding %s's slaves exceed maximum supported: %d", - current_bond->name, NETIF_MAX_BOND_SLAVES); - break; - } if (!current_bond->slaves[ii][0]) { strncpy(current_bond->slaves[ii], str, sizeof(current_bond->slaves[ii])); RTE_LOG(INFO, NETIF, "bonding %s:slave%d=%s\n", current_bond->name, ii, str); From 1a9f189b7a45d7efb5e7f7dc90fe68090e118981 Mon Sep 17 00:00:00 2001 From: Weiliang Li Date: Tue, 5 Nov 2019 11:26:03 +0800 Subject: [PATCH 23/62] fix unmatched brace Delete unmatched '}'. --- tools/keepalived/keepalived/check/ipvswrapper.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tools/keepalived/keepalived/check/ipvswrapper.c b/tools/keepalived/keepalived/check/ipvswrapper.c index 9a9612c33..5da2a4d63 100644 --- a/tools/keepalived/keepalived/check/ipvswrapper.c +++ b/tools/keepalived/keepalived/check/ipvswrapper.c @@ -93,8 +93,7 @@ ipvs_start(void) log_message(LOG_INFO, "IPVS : Can't initialize ipvs: %s", ipvs_strerror(errno)); - return IPVS_ERROR; - } + return IPVS_ERROR; } /* Allocate global user rules */ From f463d4fabd1904acf1b07af917eaae7ff754d18a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=A4=8F=E8=B4=B5=E6=AD=A6?= Date: Fri, 2 Aug 2019 15:24:03 +0800 Subject: [PATCH 24/62] dpvs traffic bugfix --- include/conf/{stats.h => iftraf.h} | 45 +- include/iftraf.h | 21 + include/stats.h | 24 - src/iftraf.c | 1116 ++++++++++++++++++++++++++++ src/ipv4.c | 8 +- src/ipv6/ipv6.c | 6 +- src/main.c | 12 +- src/stats.c | 826 -------------------- tools/dpip/Makefile | 2 +- tools/dpip/iftraf.c | 155 ++++ tools/dpip/stats.c | 125 ---- 11 files changed, 1334 insertions(+), 1006 deletions(-) rename include/conf/{stats.h => iftraf.h} (56%) create mode 100644 include/iftraf.h delete mode 100644 include/stats.h create mode 100644 src/iftraf.c delete mode 100644 src/stats.c create mode 100644 tools/dpip/iftraf.c delete mode 100644 tools/dpip/stats.c diff --git a/include/conf/stats.h b/include/conf/iftraf.h similarity index 56% rename from include/conf/stats.h rename to include/conf/iftraf.h index c194e0aac..2ff57c838 100644 --- a/include/conf/stats.h +++ b/include/conf/iftraf.h @@ -15,39 +15,46 @@ * GNU General Public License for more details. * */ -#ifndef __DPVS_STATS_CONF_H__ -#define __DPVS_STATS_CONF_H__ +#ifndef __DPVS_IFTRAF_CONF_H__ +#define __DPVS_IFTRAF_CONF_H__ #include #include #include "inet.h" - + enum { /* set */ - SOCKOPT_SET_STATS_ADD = 6400, - SOCKOPT_SET_STATS_DEL, + SOCKOPT_SET_IFTRAF_ADD = 6400, + SOCKOPT_SET_IFTRAF_DEL, /* get */ - SOCKOPT_GET_STATS_SHOW, + SOCKOPT_GET_IFTRAF_SHOW, }; -struct stats_param { - uint8_t af; - uint8_t proto; - uint8_t cid; +struct dp_vs_iftraf_conf { + char ifname[IFNAMSIZ]; +} __attribute__((__packed__)); + - union inet_addr saddr; - union inet_addr daddr; - uint16_t sport; - uint16_t dport; +struct iftraf_param { + uint8_t af; + uint8_t proto; + uint8_t cid; + uint16_t devid; + char ifname[IFNAMSIZ]; + union inet_addr saddr; + union inet_addr daddr; + uint16_t sport; + uint16_t dport; - double long total_recv; - double long total_sent; + uint32_t total_recv; + uint32_t total_sent; } __attribute__((__packed__)); -struct stats_param_array { - int nstats; - struct stats_param stats[0]; +struct iftraf_param_array { + int ntrafs; + struct iftraf_param iftraf[0]; }; #endif /* __DPVS_INETADDR_CONF_H__ */ + diff --git a/include/iftraf.h b/include/iftraf.h new file mode 100644 index 000000000..95eb60649 --- /dev/null +++ b/include/iftraf.h @@ -0,0 +1,21 @@ +#ifndef __IFTRAF_H__ +#define __IFTRAF_H__ + +#include "common.h" +#include "list.h" +#include "dpdk.h" +#include "timer.h" +#include "inet.h" +#include "ctrl.h" + +int iftraf_sockopt_get(sockoptid_t opt, const void *conf, size_t size, void **out, size_t *outsize); + +int iftraf_pkt_in(int af, struct rte_mbuf *mbuf, struct netif_port *dev); +int iftraf_pkt_out(int af, struct rte_mbuf *mbuf, struct netif_port *dev); +void iftraf_process_ring(void); + +int iftraf_init(void); +int iftraf_term(void); /* cleanup */ + +#endif + diff --git a/include/stats.h b/include/stats.h deleted file mode 100644 index dc1ccabd7..000000000 --- a/include/stats.h +++ /dev/null @@ -1,24 +0,0 @@ -#ifndef __STATS_H__ -#define __STATS_H__ - -#include "common.h" -#include "list.h" -#include "dpdk.h" -#include "timer.h" -#include "inet.h" -#include "ctrl.h" - -int stats_sockopt_get(sockoptid_t opt, const void *conf, size_t size, - void **out, size_t *outsize); - -int stats_pkt_in(int af, struct rte_mbuf *mbuf); -int stats_pkt_out(int af, struct rte_mbuf *mbuf); -void stats_process_ring(void); - -int stats_enable_func(void); -int stats_disable_func(void); - -int stats_init(void); - -#endif - diff --git a/src/iftraf.c b/src/iftraf.c new file mode 100644 index 000000000..352e4079a --- /dev/null +++ b/src/iftraf.c @@ -0,0 +1,1116 @@ +#include +#include +#include "inet.h" +#include "ipv4.h" +#include "ipv6.h" +#include "iftraf.h" +#include "conf/iftraf.h" +#include "vlan.h" + +#ifndef IFTRAF +#define IFTRAF +#define RTE_LOGTYPE_IFTRAF RTE_LOGTYPE_USER1 +#endif + +#define IFTRAF_TOPN 20 + +#define IFTRAF_RING_SIZE 1024 +#define IFTRAF_INTERVAL 1024 + +#define IFTRAF_PKT_DIR_IN 0 +#define IFTRAF_PKT_DIR_OUT 1 + +#define IFTRAF_TBL_BITS 12 +#define IFTRAF_TBL_SIZE (1 << IFTRAF_TBL_BITS) +#define IFTRAF_TBL_MASK (IFTRAF_TBL_SIZE - 1) + +#define IFTRAF_IFTBL_BITS 10 +#define IFTRAF_IFTBL_SIZE (1 << IFTRAF_IFTBL_BITS) +#define IFTRAF_IFTBL_MASK (IFTRAF_IFTBL_SIZE - 1) + +#define IFTRAF_HISTORY_LENGTH 30 +#define IFTRAF_TIME_INTERVAL 0x100000 + +static int history_pos = 0; +static int iftraf_ticket = 0; +bool iftraf_disable = true; + +typedef struct sorted_list_node_tag { + struct sorted_list_node_tag* next; + void* data; +} sorted_list_node; + +typedef struct { + sorted_list_node root; + int (*compare)(void*, void*); + int sorted_list_num; +} sorted_list_type; + +sorted_list_type iftraf_sorted_list; +sorted_list_type sorted_list[NETIF_MAX_PORTS]; + +static struct list_head *iftraf_tbl; +static struct list_head *iftraf_iftbl; + +static struct rte_ring *iftraf_ring[DPVS_MAX_LCORE]; + +#define this_inpkts_count (RTE_PER_LCORE(inpkts_count)) +#define this_outpkts_count (RTE_PER_LCORE(outpkts_count)) + +static RTE_DEFINE_PER_LCORE(uint32_t, inpkts_count); +static RTE_DEFINE_PER_LCORE(uint32_t, outpkts_count); + +static uint32_t iftraf_tlb_rnd; /* hash random */ + +typedef enum { + HASH_STATUS_OK, + HASH_STATUS_KEY_NOT_FOUND +} hash_status_enum; + +struct iftraf_pkt { + uint8_t af; + uint8_t proto; + uint8_t dir; + lcoreid_t cid; + uint32_t pkt_len; + union inet_addr saddr; + union inet_addr daddr; + uint16_t src_port; + uint16_t dst_port; + portid_t devid; + char ifname[IFNAMSIZ]; +} __rte_cache_aligned; + +struct iftraf_entry { + struct list_head list; + + uint8_t af; + uint8_t proto; + lcoreid_t cid; + portid_t devid; + char ifname[IFNAMSIZ]; + + union inet_addr saddr; + union inet_addr daddr; + uint16_t sport; + uint16_t dport; + + uint32_t recv[IFTRAF_HISTORY_LENGTH]; + uint32_t sent[IFTRAF_HISTORY_LENGTH]; + + uint32_t total_recv; + uint32_t total_sent; + int last_write; + +} __rte_cache_aligned; + + +static inline uint32_t iftraf_tlb_hashkey(int af, + const union inet_addr *saddr, uint16_t sport, + const union inet_addr *daddr, uint16_t dport) +{ + switch (af) { + case AF_INET: + return rte_jhash_3words((uint32_t)saddr->in.s_addr, + (uint32_t)daddr->in.s_addr, + ((uint32_t)sport) << 16 | (uint32_t)dport, + iftraf_tlb_rnd) & IFTRAF_TBL_MASK; + + case AF_INET6: + { + uint32_t vect[9]; + + vect[0] = ((uint32_t)sport) << 16 | (uint32_t)dport; + memcpy(&vect[1], &saddr->in6, 16); + memcpy(&vect[5], &daddr->in6, 16); + + return rte_jhash_32b(vect, 9, iftraf_tlb_rnd) & IFTRAF_TBL_MASK; + } + + default: + RTE_LOG(DEBUG, IFTRAF, "%s: hashing unsupported protocol %d\n", __func__, af); + return 0; + } +} + +static hash_status_enum iftraf_entry_get(uint32_t hash, struct iftraf_pkt *param, struct iftraf_entry **out_entry) +{ + struct iftraf_entry *entry; + + list_for_each_entry(entry, &iftraf_tbl[hash], list) { + if (entry->sport == param->src_port && entry->dport == param->dst_port + && inet_addr_equal(param->af, &entry->saddr, ¶m->saddr) + && inet_addr_equal(param->af, &entry->daddr, ¶m->daddr) + && entry->proto == param->proto + && entry->af == param->af) { + /* hit */ + *out_entry = entry; + RTE_LOG(DEBUG, IFTRAF, + "%s: [hit]\n", __func__); + return HASH_STATUS_OK; + } + } + RTE_LOG(DEBUG, IFTRAF, + "%s: [not found]\n", __func__); + + return HASH_STATUS_KEY_NOT_FOUND; +} + + +static void history_rotate(void) +{ + uint32_t hash = 0; + struct iftraf_entry *entry, *nxt; + struct iftraf_entry *ifentry, *ifnxt; + history_pos = (history_pos + 1) % IFTRAF_HISTORY_LENGTH; + + for(hash = 0; hash < IFTRAF_TBL_SIZE; hash++) { + + list_for_each_entry_safe(entry, nxt, &iftraf_tbl[hash], list) { + /* no data in the last 20s */ + if (entry->last_write == history_pos) { + list_del(&entry->list); + if (entry->af == AF_INET) { + RTE_LOG(DEBUG, IFTRAF, + "%s:[v4] [history_pos : %d, cid:%d, proto:%u, src:%08X, dst:%08X, sp:%u, dp:%u]\n", + __func__, history_pos, entry->cid, entry->proto, entry->saddr.in.s_addr, entry->daddr.in.s_addr, entry->sport, entry->dport); + } + rte_free(entry); + } else { + entry->total_recv -= entry->recv[history_pos]; + entry->total_sent -= entry->sent[history_pos]; + entry->recv[history_pos] = 0; + entry->sent[history_pos] = 0; + } + } + } + + for(hash = 0; hash < IFTRAF_IFTBL_SIZE; hash++) { + + list_for_each_entry_safe(ifentry, ifnxt, &iftraf_iftbl[hash], list) { + + /* no data in the last 20s */ + if (ifentry->last_write == history_pos) { + list_del(&ifentry->list); + if (ifentry->af == AF_INET) { + RTE_LOG(DEBUG, IFTRAF, + "%s:[v4] [history_pos : %d, cid:%d, proto:%u, src:%08X, dst:%08X, sp:%u, dp:%u]\n", + __func__, history_pos, ifentry->cid, ifentry->proto, ifentry->saddr.in.s_addr, entry->daddr.in.s_addr, entry->sport, entry->dport); + } + rte_free(ifentry); + } else { + ifentry->total_recv -= ifentry->recv[history_pos]; + ifentry->total_sent -= ifentry->sent[history_pos]; + ifentry->recv[history_pos] = 0; + ifentry->sent[history_pos] = 0; + } + } + } +} + +static int iftraf_entry_compare(void* aa, void* bb) +{ + struct iftraf_entry * a = (struct iftraf_entry *)aa; + struct iftraf_entry * b = (struct iftraf_entry *)bb; + + return (a->total_recv + a->total_sent) > (b->total_recv + b->total_sent); +} + +static void sorted_list_initialise(sorted_list_type* list) +{ + list->root.next = NULL; + list->sorted_list_num = 0; + list->compare = &iftraf_entry_compare; +} + +static void insert_top_list(struct iftraf_entry *entry, sorted_list_type *p_iftraf_sorted_list) +{ + sorted_list_node *node, *p, *first; + struct iftraf_entry *data; + + p = &(p_iftraf_sorted_list->root); + + if (p_iftraf_sorted_list->sorted_list_num == IFTRAF_TOPN && p_iftraf_sorted_list->compare(p->next->data, entry)) { + struct iftraf_entry *firstentry = (struct iftraf_entry *)p->next->data; + RTE_LOG(DEBUG, IFTRAF, + "%s: no need to insert[%u: %u, %u: %u]\n", + __func__, firstentry->total_recv, firstentry->total_sent, entry->total_recv, entry->total_sent); + + return; + } + + while (p->next != NULL && p_iftraf_sorted_list->compare(entry, p->next->data) > 0) { + p = p->next; + } + + node = rte_zmalloc(NULL, sizeof(*node), RTE_CACHE_LINE_SIZE); + if (node == NULL) { + RTE_LOG(ERR, IFTRAF, + "%s: no memory\n", __func__); + return; + } + + node->next = p->next; + node->data = entry; + p->next = node; + RTE_LOG(DEBUG, IFTRAF, + "%s: [insert list]cid : %d, sp : %u, dp : %u, recv : %u, sent : %u\n", + __func__, entry->cid, ntohs(entry->sport), ntohs(entry->dport), entry->total_recv, entry->total_sent); + if(p_iftraf_sorted_list->sorted_list_num < IFTRAF_TOPN) + p_iftraf_sorted_list->sorted_list_num++; + else { + /* free the first node */ + p = &(p_iftraf_sorted_list->root); + first = p->next; + + data = (struct iftraf_entry *)first->data; + RTE_LOG(DEBUG, IFTRAF, + "%s: [free first entry]cid : %d, sp : %u, dp : %u, recv : %u, sent : %u\n", + __func__, data->cid, ntohs(data->sport), ntohs(data->dport), data->total_recv, data->total_sent); + p->next = first->next; + + rte_free(first); + } +} + +static void list_merge(void) +{ + sorted_list_type *list; + portid_t devid = 0; + sorted_list_node *node, *p, *pp; + uint32_t num = 0; + + pp = &(iftraf_sorted_list.root); + for (devid = 0; devid < NETIF_MAX_PORTS; devid++) { + + list = &sorted_list[devid]; + p = &(list->root); + while (p->next != NULL && num < list->sorted_list_num) { + node = p->next; + p->next = node->next; + + /*insert*/ + node->next = pp->next; + pp->next = node; + iftraf_sorted_list.sorted_list_num++; + + num++; + } + num = 0; + list->sorted_list_num = 0; + } +} + +static void iftraf_sort_top(portid_t port_id) +{ + uint32_t hash = 0; + struct iftraf_entry *entry, *nxt; + struct iftraf_entry *ifentry, *ifnxt; + + if (port_id == NETIF_MAX_PORTS) { + for (hash = 0; hash < IFTRAF_IFTBL_SIZE; hash++) { + list_for_each_entry_safe(ifentry, ifnxt, &iftraf_iftbl[hash], list) { + insert_top_list(ifentry, &sorted_list[ifentry->devid]); + } + } + + list_merge(); + + } else if (port_id < NETIF_MAX_PORTS) { + for (hash = 0; hash < IFTRAF_IFTBL_SIZE; hash++) { + list_for_each_entry_safe(ifentry, ifnxt, &iftraf_iftbl[hash], list) { + if (ifentry->devid == port_id) { + RTE_LOG(DEBUG, IFTRAF, + "%s: [devid : %u\n", + __func__, port_id); + insert_top_list(ifentry, &iftraf_sorted_list); + } + } + } + + } else { + for(hash = 0; hash < IFTRAF_TBL_SIZE; hash++) { + list_for_each_entry_safe(entry, nxt, &iftraf_tbl[hash], list) { + insert_top_list(entry, &iftraf_sorted_list); + } + } + } +} + +static void iftraf_addr_cpy(int af, union inet_addr *daddr, union inet_addr *saddr) +{ + if (af == AF_INET) { + daddr->in.s_addr = saddr->in.s_addr; + } else if (af == AF_INET6) { + memcpy(daddr->in6.s6_addr, saddr->in6.s6_addr, 16); + } else { + RTE_LOG(DEBUG, IFTRAF, + "%s: unsupported\n", __func__); + } +} + +int iftraf_sockopt_get(sockoptid_t opt, const void *conf, size_t size, + void **out, size_t *outsize) +{ + struct iftraf_param_array *array; + sorted_list_node *node, *p; + struct iftraf_entry *entry; + uint32_t off; + struct netif_port *port = NULL; + const struct dp_vs_iftraf_conf *cf; + portid_t port_id = UINT16_MAX; + + if (iftraf_disable) { + RTE_LOG(DEBUG, IFTRAF, + "%s: iftraf disable\n", __func__); + return EDPVS_OK; + } + + if (!conf || size < sizeof(struct dp_vs_iftraf_conf) || !out || !outsize) + return EDPVS_INVAL; + cf = conf; + + if (cf && strlen(cf->ifname)) { + port = netif_port_get_by_name(cf->ifname); + port_id = (port != NULL ) ? port->id : NETIF_MAX_PORTS; + RTE_LOG(DEBUG, IFTRAF, + "%s: ifname : %s, id = %d\n", __func__, cf->ifname, port_id); + } + + /* sort iftraf */ + iftraf_sort_top(port_id); + + RTE_LOG(DEBUG, IFTRAF, + "%s: sorted_list_num = %d\n", __func__, iftraf_sorted_list.sorted_list_num); + + *outsize = sizeof(struct iftraf_param_array) + \ + iftraf_sorted_list.sorted_list_num * sizeof(struct iftraf_param); + *out = rte_calloc(NULL, 1, *outsize, RTE_CACHE_LINE_SIZE); + if (!(*out)) { + RTE_LOG(ERR, IFTRAF, "%s: no memory \n", __func__); + return EDPVS_NOMEM; + } + + array = *out; + array->ntrafs = iftraf_sorted_list.sorted_list_num; + off = 0; + + p = &(iftraf_sorted_list.root); + while (p->next != NULL && off < iftraf_sorted_list.sorted_list_num) { + node = p->next; + p->next = node->next; + + entry = (struct iftraf_entry *)node->data; + array->iftraf[off].af = entry->af; + array->iftraf[off].proto = entry->proto; + array->iftraf[off].cid = entry->cid; + iftraf_addr_cpy(entry->af, &array->iftraf[off].saddr, &entry->saddr); + iftraf_addr_cpy(entry->af, &array->iftraf[off].daddr, &entry->daddr); + array->iftraf[off].sport = entry->sport; + array->iftraf[off].dport = entry->dport; + array->iftraf[off].total_recv = entry->total_recv; + array->iftraf[off].total_sent = entry->total_sent; + strcpy(array->iftraf[off].ifname, entry->ifname); + + if (AF_INET == entry->af) { + RTE_LOG(DEBUG, IFTRAF,"%s: sip = %s, sport = %u, dip = %s, dport = %u\n", + __func__, inet_ntoa(array->iftraf[off].saddr.in), ntohs(entry->sport), inet_ntoa(array->iftraf[off].daddr.in), ntohs(entry->dport)); + } else if (AF_INET6 == entry->af) { + char src_addr[INET6_ADDRSTRLEN]; + char dst_addr[INET6_ADDRSTRLEN]; + + inet_ntop(AF_INET6, &entry->saddr.in6, src_addr, INET6_ADDRSTRLEN); + inet_ntop(AF_INET6, &entry->daddr.in6, dst_addr, INET6_ADDRSTRLEN); + + RTE_LOG(DEBUG, IFTRAF,"%s: sip = %s sport = %u, dip = %s, dport = %u\n", + __func__, src_addr, ntohs(entry->sport), dst_addr, ntohs(entry->dport)); + } else { + RTE_LOG(DEBUG, IFTRAF, "%s: unsupported\n", __func__); + } + + RTE_LOG(DEBUG, IFTRAF, + "%s: off : %u, cid : %d, proto: %u, total_recv: %u, total_sent : %u\n", + __func__, off, entry->cid, entry->proto, array->iftraf[off].total_recv, array->iftraf[off].total_sent); + + rte_free(node); + + off++; + } + + iftraf_sorted_list.sorted_list_num = 0; + return EDPVS_OK; +} + +static void inline iftraf_tlb_add(struct iftraf_pkt *param) +{ + uint32_t hash; + struct iftraf_entry *entry = NULL; + + hash = iftraf_tlb_hashkey(param->af, ¶m->saddr, param->src_port, ¶m->daddr, + param->dst_port); + + if (iftraf_entry_get(hash, param, &entry) == HASH_STATUS_KEY_NOT_FOUND) { + + entry = rte_zmalloc(NULL, sizeof(struct iftraf_entry), RTE_CACHE_LINE_SIZE); + if (entry == NULL) { + RTE_LOG(ERR, IFTRAF, + "%s: no memory\n", __func__); + return; + } + + memset(entry, 0, sizeof(struct iftraf_entry)); + entry->af = param->af; + entry->cid = param->cid; + entry->devid = param->devid; + entry->proto = param->proto; + iftraf_addr_cpy(param->af, &entry->saddr, ¶m->saddr); + iftraf_addr_cpy(param->af, &entry->daddr, ¶m->daddr); + entry->sport = param->src_port; + entry->dport = param->dst_port; + strcpy(entry->ifname, param->ifname); + + list_add(&entry->list, &iftraf_tbl[hash]); + } + + if (param->af == AF_INET) { + RTE_LOG(DEBUG, IFTRAF, + "%s:[v4] dequeue iftraf_ring[cid:%d, proto:%u, src:%08X, dst:%08X, sp:%u, dp:%u, len:%u]\n", + __func__, entry->cid, entry->proto, entry->saddr.in.s_addr, + entry->daddr.in.s_addr, ntohs(entry->sport), ntohs(entry->dport), param->pkt_len); + } else { + RTE_LOG(DEBUG, IFTRAF, + "%s:[v6] dequeue iftraf_ring[cid:%d, dir:%d, proto:%u, src:%08X %08X %08X %08X, dst:%08X %08X %08X %08X, sp:%u, dp:%u, len:%u]\n", + __func__, entry->cid, param->dir, entry->proto, + entry->saddr.in6.s6_addr32[0], entry->saddr.in6.s6_addr32[1], + entry->saddr.in6.s6_addr32[2], entry->saddr.in6.s6_addr32[3], + entry->daddr.in6.s6_addr32[0],entry->daddr.in6.s6_addr32[1], + entry->daddr.in6.s6_addr32[2],entry->daddr.in6.s6_addr32[3], + ntohs(entry->sport), ntohs(entry->dport), param->pkt_len); + } + + /* Update record */ + entry->last_write = history_pos; + if (param->dir == IFTRAF_PKT_DIR_IN) { + entry->recv[history_pos] += param->pkt_len; + entry->total_recv += param->pkt_len; + RTE_LOG(DEBUG, IFTRAF, + "%s: history_pos: %d, recv : %u, total_recv : %u\n", __func__, history_pos, entry->recv[history_pos], entry->total_recv); + + } else { + entry->sent[history_pos] += param->pkt_len; + entry->total_sent += param->pkt_len; + + RTE_LOG(DEBUG, IFTRAF, + "%s: history_pos: %d: sent : %u, total_sent: %u\n", __func__, history_pos, entry->sent[history_pos], entry->total_sent); + } +} + +static inline unsigned iftraf_byif_hashkey(int af, + const union inet_addr *addr, + portid_t devid) +{ + uint32_t addr_fold; + + addr_fold = inet_addr_fold(af, addr); + + if (!addr_fold) { + RTE_LOG(DEBUG, IFTRAF, "%s: IP proto not support.\n", __func__); + return 0; + } + + return (ntohl(addr_fold) ^ (devid >> IFTRAF_IFTBL_BITS) ^ devid) + & IFTRAF_IFTBL_MASK; +} + +static hash_status_enum iftraf_ifentry_get(uint32_t hash, struct iftraf_pkt *param, struct iftraf_entry **out_entry) +{ + struct iftraf_entry *entry; + + list_for_each_entry(entry, &iftraf_iftbl[hash], list) { + if (inet_addr_equal(param->af, &entry->saddr, ¶m->saddr) + && entry->devid == param->devid + && entry->af == param->af) { + /* hit */ + *out_entry = entry; + RTE_LOG(DEBUG, IFTRAF, + "%s: [hit]\n", __func__); + return HASH_STATUS_OK; + } + } + RTE_LOG(DEBUG, IFTRAF, + "%s: [not found]\n", __func__); + + return HASH_STATUS_KEY_NOT_FOUND; +} + +static void inline iftraf_iftlb_add(struct iftraf_pkt *param) +{ + uint32_t hash; + struct iftraf_entry *entry = NULL; + + hash = iftraf_byif_hashkey(param->af, ¶m->saddr, param->devid); + + if (iftraf_ifentry_get(hash, param, &entry) == HASH_STATUS_KEY_NOT_FOUND) { + + entry = rte_zmalloc(NULL, sizeof(struct iftraf_entry), RTE_CACHE_LINE_SIZE); + if (entry == NULL) { + RTE_LOG(ERR, IFTRAF, + "%s: no memory\n", __func__); + return; + } + + memset(entry, 0, sizeof(struct iftraf_entry)); + entry->af = param->af; + entry->cid = param->cid; + entry->devid = param->devid; + entry->proto = 0;//param->proto; + iftraf_addr_cpy(param->af, &entry->saddr, ¶m->saddr); + iftraf_addr_cpy(param->af, &entry->daddr, ¶m->daddr); + entry->sport = 0;//param->src_port; + entry->dport = 0;//param->dst_port; + strcpy(entry->ifname, param->ifname); + + list_add(&entry->list, &iftraf_iftbl[hash]); + } + + if (param->af == AF_INET) { + RTE_LOG(DEBUG, IFTRAF, + "%s:[v4] dequeue iftraf_ring[cid:%d, proto:%u, devid:%u, ifname:%s,src:%08X, dst:%08X, sp:%u, dp:%u, len:%u]\n", + __func__, entry->cid, entry->proto, entry->devid, entry->ifname, entry->saddr.in.s_addr, + entry->daddr.in.s_addr, ntohs(entry->sport), ntohs(entry->dport), param->pkt_len); + } else { + RTE_LOG(DEBUG, IFTRAF, + "%s:[v6] dequeue iftraf_ring[cid:%d, dir:%d, proto:%u, devid:%u, src:%08X %08X %08X %08X, dst:%08X %08X %08X %08X, sp:%u, dp:%u, len:%u]\n", + __func__, entry->cid, param->dir, entry->proto, entry->devid, + entry->saddr.in6.s6_addr32[0], entry->saddr.in6.s6_addr32[1], + entry->saddr.in6.s6_addr32[2], entry->saddr.in6.s6_addr32[3], + entry->daddr.in6.s6_addr32[0],entry->daddr.in6.s6_addr32[1], + entry->daddr.in6.s6_addr32[2],entry->daddr.in6.s6_addr32[3], + ntohs(entry->sport), ntohs(entry->dport), param->pkt_len); + } + + /* Update record */ + entry->last_write = history_pos; + if (param->dir == IFTRAF_PKT_DIR_IN) { + entry->recv[history_pos] += param->pkt_len; + entry->total_recv += param->pkt_len; + RTE_LOG(DEBUG, IFTRAF, + "%s: history_pos: %d, recv : %u, total_recv : %u\n", __func__, history_pos, entry->recv[history_pos], entry->total_recv); + + } else { + entry->sent[history_pos] += param->pkt_len; + entry->total_sent += param->pkt_len; + + RTE_LOG(DEBUG, IFTRAF, + "%s: history_pos: %d: sent : %u, total_sent: %u\n", __func__, history_pos, entry->sent[history_pos], entry->total_sent); + } +} + + +void iftraf_process_ring(void) +{ + int i; + uint16_t nb_rb; + lcoreid_t cid; + struct iftraf_pkt *param; + struct iftraf_pkt *params[NETIF_MAX_PKT_BURST]; + + if (likely(iftraf_disable)) { + return; + } + + iftraf_ticket++; + if(iftraf_ticket % IFTRAF_TIME_INTERVAL == 0) { + history_rotate(); + iftraf_ticket = 0; + } + + for (cid = 0; cid < DPVS_MAX_LCORE; cid++) { + if (!rte_lcore_is_enabled(cid)) { + continue; + } + + nb_rb = rte_ring_dequeue_burst(iftraf_ring[cid], (void **)params, + NETIF_MAX_PKT_BURST, NULL); + + if (nb_rb > 0) { + for (i = 0; i < nb_rb; i++) { + param = params[i]; + + /* insert into iftraf table */ + iftraf_tlb_add(param); + + /* insert into iftraf table by if && source ip */ + iftraf_iftlb_add(param); + } + } + } +} + +static int iftraf_pkt_deliver(int af, struct rte_mbuf *mbuf, struct netif_port *dev, uint8_t dir) +{ + int ret; + struct iftraf_pkt *pkt; + __be16 _ports[2], *ports; + lcoreid_t cid = rte_lcore_id(); + portid_t devid; + + if (af == AF_INET) { + struct ipv4_hdr *ip4h = ip4_hdr(mbuf); + + if (unlikely(ip4h->next_proto_id != IPPROTO_TCP && + ip4h->next_proto_id != IPPROTO_UDP)) { + RTE_LOG(DEBUG, IFTRAF, + "%s: unspported proto[core: %d, proto: %d]\n", + __func__, cid, ip4h->next_proto_id); + return EDPVS_NOPROT; + } + + ports = mbuf_header_pointer(mbuf, ip4_hdrlen(mbuf), sizeof(_ports), _ports); + if (!ports) { + RTE_LOG(ERR, IFTRAF, + "%s: invalid pkt[%d, %d]\n", + __func__, cid, dir); + return EDPVS_INVPKT; + } + + pkt = rte_zmalloc("iftraf_inpkt", sizeof(struct iftraf_pkt), RTE_CACHE_LINE_SIZE); + if (pkt == NULL) { + RTE_LOG(ERR, IFTRAF, + "%s: no memory[%d, %d]\n", + __func__, cid, dir); + return EDPVS_NOMEM; + } + + if (dev->type == PORT_TYPE_VLAN) { + struct vlan_dev_priv *vlan = netif_priv(dev); + struct netif_port *real_dev = vlan->real_dev; + RTE_LOG(DEBUG, IFTRAF, "%s: id = %u, ifname = %s, type=%d\n", + __func__, real_dev->id,real_dev->name,real_dev->type); + devid = real_dev->id; + strcpy(pkt->ifname, real_dev->name); + } else { + devid = mbuf->port; + strcpy(pkt->ifname, dev->name); + } + + pkt->devid = devid; + pkt->af = AF_INET; + pkt->cid = cid; + pkt->dir = dir; + pkt->proto = ip4h->next_proto_id; + if (dir == IFTRAF_PKT_DIR_IN) { + pkt->saddr.in.s_addr = ip4h->src_addr; + pkt->daddr.in.s_addr = ip4h->dst_addr; + pkt->src_port = ports[0]; + pkt->dst_port = ports[1]; + } else { + pkt->saddr.in.s_addr = ip4h->dst_addr; + pkt->daddr.in.s_addr = ip4h->src_addr; + pkt->src_port = ports[1]; + pkt->dst_port = ports[0]; + } + + pkt->pkt_len = mbuf->pkt_len; + RTE_LOG(DEBUG, IFTRAF, + "%s:[v4] enqueued to iftraf_ring[cid:%d, dir:%d, devid:%u, ifname:%s, proto:%u, src:%08X, dst:%08X, sp:%u, dp:%u, len:%u]\n", + __func__, cid, dir, pkt->devid, pkt->ifname, pkt->proto, ip4h->src_addr, ip4h->dst_addr, ntohs(pkt->src_port), ntohs(pkt->dst_port), pkt->pkt_len); + + } else if (af == AF_INET6) { + struct ip6_hdr *ip6h = ip6_hdr(mbuf); + uint8_t ip6nxt = ip6h->ip6_nxt; + + if (unlikely(ip6nxt != IPPROTO_TCP && + ip6nxt != IPPROTO_UDP)) { + RTE_LOG(DEBUG, IFTRAF, + "%s: unspported proto[core: %d, proto: %d]\n", + __func__, cid, ip6nxt); + return EDPVS_NOPROT; + } + + ports = mbuf_header_pointer(mbuf, ip6_hdrlen(mbuf), sizeof(_ports), _ports); + if (!ports) { + RTE_LOG(ERR, IFTRAF, + "%s: invalid pkt[%d, %d]\n", + __func__, cid, dir); + return EDPVS_INVPKT; + } + + pkt = rte_zmalloc("iftraf_inpkt", sizeof(struct iftraf_pkt), RTE_CACHE_LINE_SIZE); + if (pkt == NULL) { + RTE_LOG(ERR, IFTRAF, + "%s: no memory[%d, %d]\n", + __func__, cid, dir); + return EDPVS_NOMEM; + } + + if (dev->type == PORT_TYPE_VLAN) { + struct vlan_dev_priv *vlan = netif_priv(dev); + struct netif_port *real_dev = vlan->real_dev; + RTE_LOG(DEBUG, IFTRAF, "%s: id = %u, ifname = %s, type=%d\n", + __func__, real_dev->id,real_dev->name,real_dev->type); + devid = real_dev->id; + strcpy(pkt->ifname, real_dev->name); + } else { + devid = mbuf->port; + strcpy(pkt->ifname, dev->name); + } + + pkt->af = AF_INET6; + pkt->devid = devid; + pkt->cid = cid; + pkt->dir = dir; + pkt->proto = ip6nxt; + if (dir == IFTRAF_PKT_DIR_IN) { + pkt->saddr.in6 = ip6h->ip6_src; + pkt->daddr.in6 = ip6h->ip6_dst; + pkt->src_port = ports[0]; + pkt->dst_port = ports[1]; + } else { + pkt->saddr.in6 = ip6h->ip6_dst; + pkt->daddr.in6 = ip6h->ip6_src; + pkt->src_port = ports[1]; + pkt->dst_port = ports[0]; + } + pkt->pkt_len = mbuf->pkt_len; + + RTE_LOG(DEBUG, IFTRAF, + "%s:[v6] enqueued to iftraf_ring[cid:%d, dir:%d, devid:%u, proto:%u, src:%08X %08X %08X %08X, dst:%08X %08X %08X %08X, sp:%u, dp:%u, len:%u]\n", + __func__, cid, dir, pkt->devid, pkt->proto, + pkt->saddr.in6.s6_addr32[0], pkt->saddr.in6.s6_addr32[1], + pkt->saddr.in6.s6_addr32[2], pkt->saddr.in6.s6_addr32[3], + pkt->daddr.in6.s6_addr32[0],pkt->daddr.in6.s6_addr32[1], + pkt->daddr.in6.s6_addr32[2],pkt->daddr.in6.s6_addr32[3], + ntohs(pkt->src_port), ntohs(pkt->dst_port), pkt->pkt_len); + } else { + return EDPVS_INVPKT; + } + + ret = rte_ring_enqueue(iftraf_ring[cid], pkt); + if (ret < 0) { + RTE_LOG(DEBUG, IFTRAF, + "%s: failed to enqueue iftraf_ring[%d]\n", + __func__, cid); + rte_free(pkt); + return EDPVS_DROP; + } + + return EDPVS_OK; +} + +int iftraf_pkt_in(int af, struct rte_mbuf *mbuf, struct netif_port *dev) +{ + if (likely(iftraf_disable)) { + return EDPVS_OK; + } + + this_inpkts_count++; + if (this_inpkts_count % IFTRAF_INTERVAL == 0) { + iftraf_pkt_deliver(af, mbuf, dev, IFTRAF_PKT_DIR_IN); + } + + return EDPVS_OK; +} + +int iftraf_pkt_out(int af, struct rte_mbuf *mbuf, struct netif_port *dev) +{ + if (likely(iftraf_disable)) { + return EDPVS_OK; + } + + this_outpkts_count++; + if (this_outpkts_count % IFTRAF_INTERVAL == 0) { + iftraf_pkt_deliver(af, mbuf, dev, IFTRAF_PKT_DIR_OUT); + } + + return EDPVS_OK; +} + + +/* + * master core allocates iftraf rings with the other lcores espectively. + */ +static int iftraf_ring_create(void) +{ + char name_buf[RTE_RING_NAMESIZE]; + int socket_id; + lcoreid_t cid, ccid; + + socket_id = rte_socket_id(); + + for (cid = 0; cid < DPVS_MAX_LCORE; cid++) { + if (!rte_lcore_is_enabled(cid)) { + continue; + } + + snprintf(name_buf, RTE_RING_NAMESIZE, + "iftraf_ring[%d]", cid); + + iftraf_ring[cid] = + rte_ring_create(name_buf, IFTRAF_RING_SIZE, socket_id, + RING_F_SP_ENQ | RING_F_SC_DEQ); + + if (!iftraf_ring[cid]) { + RTE_LOG(ERR, IFTRAF, + "%s: failed to create iftraf_ring[%d]\n", + __func__, cid); + for (ccid = 0; ccid < cid; ccid++) { + if (iftraf_ring[ccid]) + rte_ring_free(iftraf_ring[ccid]); + } + return EDPVS_NOMEM; + } + + RTE_LOG(DEBUG, IFTRAF, + "%s: success to create iftraf_ring[%d]\n", + __func__, cid); + } + + return EDPVS_OK; +} + +static int iftraf_enable_func(void) +{ + int i; + int err; + lcoreid_t cid; + + if (iftraf_disable == false) { + return EDPVS_OK; + } + + err = iftraf_ring_create(); + if (err != EDPVS_OK) { + return err; + } + + iftraf_tbl = rte_malloc_socket(NULL, sizeof(struct list_head) * IFTRAF_TBL_SIZE, + RTE_CACHE_LINE_SIZE, rte_socket_id()); + + if (!iftraf_tbl) { + RTE_LOG(ERR, IFTRAF, + "%s: rte_malloc_socket null\n", + __func__); + goto tbl_fail; + } + + for (i = 0; i < IFTRAF_TBL_SIZE; i++) + INIT_LIST_HEAD(&iftraf_tbl[i]); + + iftraf_iftbl = rte_malloc_socket(NULL, sizeof(struct list_head) * IFTRAF_IFTBL_SIZE, + RTE_CACHE_LINE_SIZE, rte_socket_id()); + + if (!iftraf_iftbl) { + RTE_LOG(ERR, IFTRAF, + "%s: rte_malloc_socket null\n", + __func__); + goto iftbl_fail; + } + + for (i = 0; i < IFTRAF_IFTBL_SIZE; i++) + INIT_LIST_HEAD(&iftraf_iftbl[i]); + + iftraf_disable = false; + RTE_LOG(INFO, IFTRAF, + "%s: %s\n", __func__, "iftraf enabled"); + + return EDPVS_OK; + +iftbl_fail: + if (iftraf_tbl) + rte_free(iftraf_tbl); + +tbl_fail: + for (cid = 0; cid < DPVS_MAX_LCORE; cid++) { + if (!rte_lcore_is_enabled(cid)) { + continue; + } + if (iftraf_ring[cid]) + rte_ring_free(iftraf_ring[cid]); + } + + return EDPVS_NOMEM; +} + +static void iftraf_variable_reset(void) +{ + history_pos = 0; + this_inpkts_count = 0; + this_outpkts_count = 0; +} + +static void iftraf_ring_free(void) +{ + lcoreid_t cid; + + for (cid = 0; cid < DPVS_MAX_LCORE; cid++) { + if (!rte_lcore_is_enabled(cid)) { + continue; + } + if (iftraf_ring[cid]) { + rte_ring_free(iftraf_ring[cid]); + } + + RTE_LOG(DEBUG, IFTRAF, + "%s: iftraf_ring free[%d]\n", + __func__, cid); + } +} + + +static int iftraf_disable_func(void) +{ + uint32_t hash; + int i; + uint16_t nb_rb; + lcoreid_t cid; + struct iftraf_pkt *param; + struct iftraf_pkt *params[NETIF_MAX_PKT_BURST]; + struct iftraf_entry *entry, *nxt; + int count = 0; + + if (iftraf_disable == true) { + return EDPVS_OK; + } + + iftraf_disable = true; + + /* dequeue iftraf ring and free elements */ + for (cid = 0; cid < DPVS_MAX_LCORE; cid++) { + if (!rte_lcore_is_enabled(cid)) { + continue; + } + + nb_rb = rte_ring_dequeue_burst(iftraf_ring[cid], (void **)params, + NETIF_MAX_PKT_BURST, NULL); + + while (nb_rb > 0) { + count += nb_rb; + for (i = 0; i < nb_rb; i++) { + param = params[i]; + rte_free(param); + } + + nb_rb = rte_ring_dequeue_burst(iftraf_ring[cid], (void **)params, + NETIF_MAX_PKT_BURST, NULL); + } + + RTE_LOG(DEBUG, IFTRAF, + "%s: iftraf ring[%d] free [%d] pkts\n", + __func__, cid, count); + + count = 0; + + } + + /* free iftraf ring */ + iftraf_ring_free(); + + /* free tlb */ + if (iftraf_tbl) { + count = 0; + /* delete and free all entry added to iftraf_tbl */ + for(hash = 0; hash < IFTRAF_TBL_SIZE; hash++) { + list_for_each_entry_safe(entry, nxt, &iftraf_tbl[hash], list) { + list_del(&entry->list); + rte_free(entry); + count++; + } + } + + RTE_LOG(DEBUG, IFTRAF, + "%s: iftraf_tbl free [%d]\n", + __func__, count); + + rte_free(iftraf_tbl); + } + + /* free tlb */ + if (iftraf_iftbl) { + count = 0; + /* delete and free all entry added to iftraf_tbl */ + for(hash = 0; hash < IFTRAF_IFTBL_SIZE; hash++) { + list_for_each_entry_safe(entry, nxt, &iftraf_iftbl[hash], list) { + list_del(&entry->list); + rte_free(entry); + count++; + } + } + + RTE_LOG(DEBUG, IFTRAF, + "%s: iftraf_iftbl free [%d]\n", + __func__, count); + + rte_free(iftraf_iftbl); + } + + iftraf_variable_reset(); + RTE_LOG(INFO, IFTRAF, + "%s: %s\n", __func__, "iftraf disabled"); + + return EDPVS_OK; +} + +static void iftraf_sorted_list_init(void) { + portid_t devid = 0; + sorted_list_initialise(&iftraf_sorted_list); + + for (devid = 0; devid < NETIF_MAX_PORTS; devid++) { + sorted_list_initialise(&sorted_list[devid]); + } +} + +static int iftraf_sockopt_set(sockoptid_t opt, const void *conf, size_t size) +{ + switch (opt) { + case SOCKOPT_SET_IFTRAF_ADD: + return iftraf_enable_func(); + case SOCKOPT_SET_IFTRAF_DEL: + return iftraf_disable_func(); + + default: + return EDPVS_NOTSUPP; + } +} + + +static struct dpvs_sockopts iftraf_sockopts = { + .version = SOCKOPT_VERSION, + .set_opt_min = SOCKOPT_SET_IFTRAF_ADD, + .set_opt_max = SOCKOPT_SET_IFTRAF_DEL, + .set = iftraf_sockopt_set, + .get_opt_min = SOCKOPT_GET_IFTRAF_SHOW, + .get_opt_max = SOCKOPT_GET_IFTRAF_SHOW, + .get = iftraf_sockopt_get, +}; + +int iftraf_init(void) +{ + int err; + + iftraf_disable = true; + + iftraf_tlb_rnd = (uint32_t)random(); + + iftraf_sorted_list_init(); + + if ((err = sockopt_register(&iftraf_sockopts)) != EDPVS_OK) + return err; + + return EDPVS_OK; +} + +int iftraf_term(void) +{ + int err; + + err = sockopt_unregister(&iftraf_sockopts); + if (err != EDPVS_OK) + return err; + + err = iftraf_disable_func(); + if (err != EDPVS_OK) + return err; + + return EDPVS_OK; +} diff --git a/src/ipv4.c b/src/ipv4.c index 0bbf1b546..83b5158b4 100644 --- a/src/ipv4.c +++ b/src/ipv4.c @@ -26,7 +26,7 @@ #include "neigh.h" #include "icmp.h" #include "parser/parser.h" -#include "stats.h" +#include "iftraf.h" #define IPV4 #define RTE_LOGTYPE_IPV4 RTE_LOGTYPE_USER1 @@ -263,7 +263,8 @@ int ipv4_output(struct rte_mbuf *mbuf) assert(rt); IP4_UPD_PO_STATS(out, mbuf->pkt_len); - stats_pkt_out(AF_INET, mbuf); + mbuf->port = rt->port->id; + iftraf_pkt_out(AF_INET, mbuf, rt->port); return INET_HOOK(AF_INET, INET_HOOK_POST_ROUTING, mbuf, NULL, rt->port, ipv4_output_fin); @@ -388,8 +389,7 @@ static int ipv4_rcv(struct rte_mbuf *mbuf, struct netif_port *port) } IP4_UPD_PO_STATS(in, mbuf->pkt_len); - stats_pkt_in(AF_INET, mbuf); - + iftraf_pkt_in(AF_INET, mbuf, port); if (mbuf_may_pull(mbuf, sizeof(struct ipv4_hdr)) != 0) goto inhdr_error; diff --git a/src/ipv6/ipv6.c b/src/ipv6/ipv6.c index ebedf251e..3392953f5 100644 --- a/src/ipv6/ipv6.c +++ b/src/ipv6/ipv6.c @@ -35,7 +35,7 @@ #include "parser/parser.h" #include "neigh.h" #include "icmp6.h" -#include "stats.h" +#include "iftraf.h" /* * IPv6 inet hooks @@ -368,9 +368,9 @@ int ip6_output(struct rte_mbuf *mbuf) } IP6_UPD_PO_STATS(out, mbuf->pkt_len); - stats_pkt_out(AF_INET6, mbuf); mbuf->port = dev->id; + iftraf_pkt_out(AF_INET6, mbuf, dev); if (unlikely(conf_ipv6_disable)) { IP6_INC_STATS(outdiscards); if (rt) @@ -538,7 +538,7 @@ static int ip6_rcv(struct rte_mbuf *mbuf, struct netif_port *dev) } IP6_UPD_PO_STATS(in, mbuf->pkt_len); - stats_pkt_in(AF_INET6, mbuf); + iftraf_pkt_in(AF_INET6, mbuf, dev); if (unlikely(conf_ipv6_disable)) { IP6_INC_STATS(indiscards); diff --git a/src/main.c b/src/main.c index d7f1b0639..9848b5952 100644 --- a/src/main.c +++ b/src/main.c @@ -35,7 +35,7 @@ #include "ip_tunnel.h" #include "sys_time.h" #include "route6.h" -#include "stats.h" +#include "iftraf.h" #define DPVS "dpvs" #define RTE_LOGTYPE_DPVS RTE_LOGTYPE_USER1 @@ -241,7 +241,7 @@ int main(int argc, char *argv[]) rte_exit(EXIT_FAILURE, "Fail to init netif_ctrl: %s\n", dpvs_strerror(err)); - if ((err = stats_init()) != EDPVS_OK) + if ((err = iftraf_init()) != EDPVS_OK) rte_exit(EXIT_FAILURE, "Fail to init stats: %s\n", dpvs_strerror(err)); /* config and start all available dpdk ports */ @@ -296,8 +296,8 @@ int main(int argc, char *argv[]) /* process mac ring on master */ neigh_process_ring(NULL); - /* process stats ring */ - stats_process_ring(); + /* process iftraf ring */ + iftraf_process_ring(); /* increase loop counts */ netif_update_master_loop_cnt(); @@ -305,6 +305,10 @@ int main(int argc, char *argv[]) end: dpvs_state_set(DPVS_STATE_FINISH); + if ((err = iftraf_term()) !=0 ) + rte_exit(EXIT_FAILURE, "Fail to term iftraf: %s\n", + dpvs_strerror(err)); + if ((err = netif_ctrl_term()) !=0 ) rte_exit(EXIT_FAILURE, "Fail to term netif_ctrl: %s\n", dpvs_strerror(err)); diff --git a/src/stats.c b/src/stats.c deleted file mode 100644 index dbeea4220..000000000 --- a/src/stats.c +++ /dev/null @@ -1,826 +0,0 @@ -#include -#include -#include "inet.h" -#include "ipv4.h" -#include "ipv6.h" -#include "stats.h" -#include "conf/stats.h" - -#ifndef STATS -#define STATS -#define RTE_LOGTYPE_STATS RTE_LOGTYPE_USER1 -#endif - -#define STATS_TOPN 20 - -#define STATS_RING_SIZE 1024 -#define STATS_INTERVAL 1024 - -#define STATS_PKT_DIR_IN 0 -#define STATS_PKT_DIR_OUT 1 - -#define STATS_TBL_BITS 20 -#define STATS_TBL_SIZE (1 << STATS_TBL_BITS) -#define STATS_TBL_MASK (STATS_TBL_SIZE - 1) - -#define HISTORY_LENGTH 10 -#define RESOLUTION 2 -int history_pos = 0; - -time_t last_timestamp; -bool stats_disable = true; - -typedef struct sorted_list_node_tag { - struct sorted_list_node_tag* next; - void* data; -} sorted_list_node; - -typedef struct { - sorted_list_node root; - int (*compare)(void*, void*); -} sorted_list_type; - -int sorted_list_num = 0; -sorted_list_type stats_sorted_list; - -static struct list_head *stats_tbl; -static struct rte_ring *stats_ring[DPVS_MAX_LCORE]; - -#define this_inpkts_count (RTE_PER_LCORE(inpkts_count)) -#define this_outpkts_count (RTE_PER_LCORE(outpkts_count)) - -static RTE_DEFINE_PER_LCORE(uint32_t, inpkts_count); -static RTE_DEFINE_PER_LCORE(uint32_t, outpkts_count); - -static uint32_t stats_tlb_rnd; /* hash random */ - -typedef enum { - HASH_STATUS_OK, - HASH_STATUS_KEY_NOT_FOUND -} hash_status_enum; - -struct stats_pkt { - int af; - uint32_t pkt_len; - union inet_addr saddr; - union inet_addr daddr; - uint16_t src_port; - uint16_t dst_port; - uint8_t proto; - uint8_t dir; - lcoreid_t cid; -} __rte_cache_aligned; - -struct stats_entry { - struct list_head list; - - uint8_t af; - uint8_t proto; - lcoreid_t cid; - - union inet_addr saddr; - union inet_addr daddr; - uint16_t sport; - uint16_t dport; - - double long recv[HISTORY_LENGTH]; - double long sent[HISTORY_LENGTH]; - - double long total_recv; - double long total_sent; - int last_write; - -} __rte_cache_aligned; - - -static inline uint32_t stats_tlb_hashkey(int af, - const union inet_addr *saddr, uint16_t sport, - const union inet_addr *daddr, uint16_t dport, - uint32_t mask) -{ - switch (af) { - case AF_INET: - return rte_jhash_3words((uint32_t)saddr->in.s_addr, - (uint32_t)daddr->in.s_addr, - ((uint32_t)sport) << 16 | (uint32_t)dport, - stats_tlb_rnd) & mask; - - case AF_INET6: - { - uint32_t vect[9]; - - vect[0] = ((uint32_t)sport) << 16 | (uint32_t)dport; - memcpy(&vect[1], &saddr->in6, 16); - memcpy(&vect[5], &daddr->in6, 16); - - return rte_jhash_32b(vect, 9, stats_tlb_rnd) & mask; - } - - default: - RTE_LOG(DEBUG, STATS, "%s: hashing unsupported protocol %d\n", __func__, af); - return 0; - } -} - -static hash_status_enum stats_entry_get(uint32_t hash, struct stats_pkt *param, struct stats_entry **out_entry) -{ - struct stats_entry *entry; - - list_for_each_entry(entry, &stats_tbl[hash], list) { - if (entry->sport == param->src_port && entry->dport == param->dst_port - && inet_addr_equal(param->af, &entry->saddr, ¶m->saddr) - && inet_addr_equal(param->af, &entry->daddr, ¶m->daddr) - && entry->proto == param->proto - && entry->af == param->af) { - /* hit */ - *out_entry = entry; - RTE_LOG(DEBUG, STATS, - "%s: [hit]\n", __func__); - return HASH_STATUS_OK; - } - } - RTE_LOG(DEBUG, STATS, - "%s: [not found]\n", __func__); - - return HASH_STATUS_KEY_NOT_FOUND; -} - - -static void history_rotate(void) -{ - uint32_t hash = 0; - struct stats_entry *entry, *nxt; - history_pos = (history_pos + 1) % HISTORY_LENGTH; - - for(; hash < STATS_TBL_SIZE; hash++) { - - list_for_each_entry_safe(entry, nxt, &stats_tbl[hash], list) { - - /* no data in the last 20s */ - if (entry->last_write == history_pos) { - list_del(&entry->list); - if (entry->af == AF_INET) { - RTE_LOG(DEBUG, STATS, - "%s:[v4] [history_pos : %d, cid:%d, proto:%u, src:%08X, dst:%08X, sp:%u, dp:%u]\n", - __func__, history_pos, entry->cid, entry->proto, entry->saddr.in.s_addr, entry->daddr.in.s_addr, entry->sport, entry->dport); - } - rte_free(entry); - } else { - entry->total_recv -= entry->recv[history_pos]; - entry->total_sent -= entry->sent[history_pos]; - entry->recv[history_pos] = 0; - entry->sent[history_pos] = 0; - } - } - } -} - -static int stats_entry_compare(void* aa, void* bb) { - struct stats_entry * a = (struct stats_entry *)aa; - struct stats_entry * b = (struct stats_entry *)bb; - - return (a->total_recv + a->total_sent) > (b->total_recv + b->total_sent); -} - -static void sorted_list_initialise(sorted_list_type* list) { - list->root.next = NULL; -} - -static void insert_topN_list(struct stats_entry *entry) -{ - sorted_list_node *node, *p, *first; - struct stats_entry *data; - - p = &(stats_sorted_list.root); - - if (sorted_list_num == STATS_TOPN && stats_sorted_list.compare(p->next->data, entry)) { - RTE_LOG(DEBUG, STATS, - "%s: no need to insert\n", __func__); - return; - } - - while (p->next != NULL && stats_sorted_list.compare(entry, p->next->data) > 0) { - p = p->next; - } - - node = rte_zmalloc(NULL, sizeof(*node), RTE_CACHE_LINE_SIZE); - if (node == NULL) { - RTE_LOG(ERR, STATS, - "%s: no memory\n", __func__); - return; - } - - node->next = p->next; - node->data = entry; - p->next = node; - RTE_LOG(DEBUG, STATS, - "%s: [insert list]cid : %d, sp : %u, dp : %u\n", - __func__, entry->cid, entry->sport, entry->dport); - if(sorted_list_num < STATS_TOPN) - sorted_list_num++; - else { - /* free the first node */ - p = &(stats_sorted_list.root); - first = p->next; - - data = (struct stats_entry *)first->data; - RTE_LOG(DEBUG, STATS, - "%s: [free first entry]cid : %d, sp : %u, dp : %u\n", - __func__, data->cid, data->sport, data->dport); - p->next = first->next; - - rte_free(first); - } -} - -static void stats_sort_topN(void) -{ - uint32_t hash = 0; - struct stats_entry *entry, *nxt; - - for(; hash < STATS_TBL_SIZE; hash++) { - - list_for_each_entry_safe(entry, nxt, &stats_tbl[hash], list) { - insert_topN_list(entry); - } - } -} - -static void stats_addr_cpy(int af, union inet_addr *daddr, union inet_addr *saddr) -{ - if (af == AF_INET) { - daddr->in.s_addr = saddr->in.s_addr; - } else if (af == AF_INET6) { - memcpy(daddr->in6.s6_addr, saddr->in6.s6_addr, 16); - } else { - RTE_LOG(DEBUG, STATS, - "%s: unsupported\n", __func__); - } -} - -int stats_sockopt_get(sockoptid_t opt, const void *conf, size_t size, - void **out, size_t *outsize) -{ - struct stats_param_array *array; - sorted_list_node *node, *p; - struct stats_entry *entry; - uint32_t off; - - if (stats_disable) { - RTE_LOG(DEBUG, STATS, - "%s: stats disable\n", __func__); - return EDPVS_OK; - } - - if (!conf || size < sizeof(struct stats_param) || !out || !outsize) - return EDPVS_INVAL; - - /* sort stats */ - stats_sort_topN(); - - *outsize = sizeof(struct stats_param_array) + \ - sorted_list_num * sizeof(struct stats_param); - *out = rte_calloc(NULL, 1, *outsize, RTE_CACHE_LINE_SIZE); - if (!(*out)) { - RTE_LOG(ERR, STATS, - "%s: no memory \n", __func__); - return EDPVS_NOMEM; - } - - array = *out; - array->nstats = sorted_list_num; - off = 0; - - p = &(stats_sorted_list.root); - while (p->next != NULL && off < sorted_list_num) { - node = p->next; - p->next = node->next; - - entry = (struct stats_entry *)node->data; - array->stats[off].af = entry->af; - array->stats[off].proto = entry->proto; - array->stats[off].cid = entry->cid; - stats_addr_cpy(entry->af, &array->stats[off].saddr, &entry->saddr); - stats_addr_cpy(entry->af, &array->stats[off].daddr, &entry->daddr); - array->stats[off].sport = entry->sport; - array->stats[off].dport = entry->dport; - array->stats[off].total_recv = entry->total_recv * STATS_INTERVAL; - array->stats[off].total_sent = entry->total_sent * STATS_INTERVAL; - - if (AF_INET == entry->af) { - RTE_LOG(DEBUG, STATS,"%s: sip = %s, sport = %u\n", __func__, inet_ntoa(array->stats[off].saddr.in), ntohs(entry->sport)); - RTE_LOG(DEBUG, STATS,"%s: dip = %s, dport = %u\n", __func__, inet_ntoa(array->stats[off].daddr.in), ntohs(entry->dport)); - } else if (AF_INET6 == entry->af) { - char src_addr[INET6_ADDRSTRLEN]; - char dst_addr[INET6_ADDRSTRLEN]; - - inet_ntop(AF_INET6, &entry->saddr.in6, src_addr, INET6_ADDRSTRLEN); - inet_ntop(AF_INET6, &entry->daddr.in6, dst_addr, INET6_ADDRSTRLEN); - - RTE_LOG(DEBUG, STATS,"%s: sip = %s sport = %u, dip = %s, dport = %u\n", - __func__, src_addr, ntohs(entry->sport), dst_addr, ntohs(entry->dport)); - } else { - RTE_LOG(DEBUG, STATS, "%s: unsupported\n", __func__); - } - - RTE_LOG(DEBUG, STATS, - "%s: off : %u, cid : %d, proto: %u, total_recv: %Lf, total_sent : %Lf\n", - __func__, off, entry->cid, entry->proto, array->stats[off].total_recv, array->stats[off].total_sent); - - rte_free(node); - - off++; - } - - sorted_list_num = 0; - return EDPVS_OK; -} - - -void stats_process_ring(void) -{ - int i; - uint16_t nb_rb; - uint32_t hash; - lcoreid_t cid; - struct stats_pkt *param; - struct stats_pkt *params[NETIF_MAX_PKT_BURST]; - struct stats_entry *entry = NULL; - - time_t t; - - if (likely(stats_disable)) { - return; - } - - t = time(NULL); - if(t - last_timestamp >= RESOLUTION) { - history_rotate(); - last_timestamp = t; - } - - for (cid = 0; cid < DPVS_MAX_LCORE; cid++) { - if (!rte_lcore_is_enabled(cid)) { - continue; - } - - nb_rb = rte_ring_dequeue_burst(stats_ring[cid], (void **)params, - NETIF_MAX_PKT_BURST, NULL); - - if (nb_rb > 0) { - for (i = 0; i < nb_rb; i++) { - param = params[i]; - - hash = stats_tlb_hashkey(param->af, ¶m->saddr, param->src_port, ¶m->daddr, - param->dst_port, STATS_TBL_MASK); - - if (stats_entry_get(hash, param, &entry) == HASH_STATUS_KEY_NOT_FOUND) { - - entry = rte_zmalloc(NULL, sizeof(struct stats_entry), RTE_CACHE_LINE_SIZE); - if (entry == NULL) { - RTE_LOG(ERR, STATS, - "%s: no memory\n", __func__); - continue; - } - - memset(entry, 0, sizeof(struct stats_entry)); - entry->af = param->af; - entry->cid = param->cid; - entry->proto = param->proto; - stats_addr_cpy(param->af, &entry->saddr, ¶m->saddr); - stats_addr_cpy(param->af, &entry->daddr, ¶m->daddr); - entry->sport = param->src_port; - entry->dport = param->dst_port; - - list_add(&entry->list, &stats_tbl[hash]); - } - - if (param->af == AF_INET) { - RTE_LOG(DEBUG, STATS, - "%s:[v4] dequeue stats_ring[cid:%d, proto:%u, src:%08X, dst:%08X, sp:%u, dp:%u, len:%u]\n", - __func__, entry->cid, entry->proto, entry->saddr.in.s_addr, - entry->daddr.in.s_addr, entry->sport, entry->dport, param->pkt_len); - } else { - RTE_LOG(DEBUG, STATS, - "%s:[v6] dequeue stats_ring[cid:%d, dir:%d, proto:%u, src:%08X %08X %08X %08X, dst:%08X %08X %08X %08X, sp:%u, dp:%u, len:%u]\n", - __func__, entry->cid, param->dir, entry->proto, - entry->saddr.in6.s6_addr32[0], entry->saddr.in6.s6_addr32[1], - entry->saddr.in6.s6_addr32[2], entry->saddr.in6.s6_addr32[3], - entry->daddr.in6.s6_addr32[0],entry->daddr.in6.s6_addr32[1], - entry->daddr.in6.s6_addr32[2],entry->daddr.in6.s6_addr32[3], - entry->sport, entry->dport, param->pkt_len); - - } - - /* Update record */ - entry->last_write = history_pos; - if (param->dir == STATS_PKT_DIR_IN) { - entry->recv[history_pos] += param->pkt_len; - entry->total_recv += param->pkt_len; - RTE_LOG(DEBUG, STATS, - "%s: history_pos: %d, recv : %Lf, total_recv : %Lf\n", __func__, history_pos, entry->recv[history_pos], entry->total_recv); - - } else { - entry->sent[history_pos] += param->pkt_len; - entry->total_sent += param->pkt_len; - - RTE_LOG(DEBUG, STATS, - "%s: history_pos: %d: sent : %Lf, total_sent: %Lf\n", __func__, history_pos, entry->sent[history_pos], entry->total_sent); - } - } - } - } -} - -static int stats_pkt_deliver(int af, struct rte_mbuf *mbuf, uint8_t dir) -{ - int ret; - struct stats_pkt *pkt; - __be16 _ports[2], *ports; - lcoreid_t cid = rte_lcore_id(); - - if (af == AF_INET) { - struct ipv4_hdr *ip4h = ip4_hdr(mbuf); - - if (unlikely(ip4h->next_proto_id != IPPROTO_TCP && - ip4h->next_proto_id != IPPROTO_UDP)) { - RTE_LOG(DEBUG, STATS, - "%s: unspported proto[core: %d, proto: %d]\n", - __func__, cid, ip4h->next_proto_id); - return EDPVS_NOPROT; - } - - ports = mbuf_header_pointer(mbuf, ip4_hdrlen(mbuf), sizeof(_ports), _ports); - if (!ports) { - RTE_LOG(ERR, STATS, - "%s: invalid pkt[%d, %d]\n", - __func__, cid, dir); - return EDPVS_INVPKT; - } - - pkt = rte_zmalloc("stats_inpkt", sizeof(struct stats_pkt), RTE_CACHE_LINE_SIZE); - if (pkt == NULL) { - RTE_LOG(ERR, STATS, - "%s: no memory[%d, %d]\n", - __func__, cid, dir); - return EDPVS_NOMEM; - } - - pkt->af = AF_INET; - pkt->cid = cid; - pkt->dir = dir; - pkt->proto = ip4h->next_proto_id; - pkt->saddr.in.s_addr = ip4h->src_addr; - pkt->daddr.in.s_addr = ip4h->dst_addr; - pkt->src_port = ports[0]; - pkt->dst_port = ports[1]; - pkt->pkt_len = mbuf->pkt_len; - RTE_LOG(DEBUG, STATS, - "%s:[v4] enqueued to stats_ring[cid:%d, dir:%d, proto:%u, src:%08X, dst:%08X, sp:%u, dp:%u, len:%u]\n", - __func__, cid, dir, pkt->proto, ip4h->src_addr, ip4h->dst_addr, pkt->src_port, pkt->dst_port, pkt->pkt_len); - - } else if (af == AF_INET6) { - struct ip6_hdr *ip6h = ip6_hdr(mbuf); - uint8_t ip6nxt = ip6h->ip6_nxt; - - if (unlikely(ip6nxt != IPPROTO_TCP && - ip6nxt != IPPROTO_UDP)) { - RTE_LOG(DEBUG, STATS, - "%s: unspported proto[core: %d, proto: %d]\n", - __func__, cid, ip6nxt); - return EDPVS_NOPROT; - } - - ports = mbuf_header_pointer(mbuf, ip6_hdrlen(mbuf), sizeof(_ports), _ports); - if (!ports) { - RTE_LOG(ERR, STATS, - "%s: invalid pkt[%d, %d]\n", - __func__, cid, dir); - return EDPVS_INVPKT; - } - - pkt = rte_zmalloc("stats_inpkt", sizeof(struct stats_pkt), RTE_CACHE_LINE_SIZE); - if (pkt == NULL) { - RTE_LOG(ERR, STATS, - "%s: no memory[%d, %d]\n", - __func__, cid, dir); - return EDPVS_NOMEM; - } - - pkt->af = AF_INET6; - pkt->cid = cid; - pkt->dir = dir; - pkt->proto = ip6nxt; - pkt->saddr.in6 = ip6h->ip6_src; - pkt->daddr.in6 = ip6h->ip6_dst; - pkt->src_port = ports[0]; - pkt->dst_port = ports[1]; - pkt->pkt_len = mbuf->pkt_len; - - RTE_LOG(DEBUG, STATS, - "%s:[v6] enqueued to stats_ring[cid:%d, dir:%d, proto:%u, src:%08X %08X %08X %08X, dst:%08X %08X %08X %08X, sp:%u, dp:%u, len:%u]\n", - __func__, cid, dir, pkt->proto, - pkt->saddr.in6.s6_addr32[0], pkt->saddr.in6.s6_addr32[1], - pkt->saddr.in6.s6_addr32[2], pkt->saddr.in6.s6_addr32[3], - pkt->daddr.in6.s6_addr32[0],pkt->daddr.in6.s6_addr32[1], - pkt->daddr.in6.s6_addr32[2],pkt->daddr.in6.s6_addr32[3], - pkt->src_port, pkt->dst_port, pkt->pkt_len); - - } else { -//#ifdef CONFIG_DPVS_IPVS_DEBUG - RTE_LOG(DEBUG, STATS, - "%s: err af\n", __func__); -//#endif - return EDPVS_INVPKT; - } - - ret = rte_ring_enqueue(stats_ring[cid], pkt); - if (ret < 0) { - RTE_LOG(DEBUG, STATS, - "%s: failed to enqueue stats_ring[%d]\n", - __func__, cid); - rte_free(pkt); - return EDPVS_DROP; - } - -//#ifdef CONFIG_DPVS_IPVS_DEBUG - RTE_LOG(DEBUG, STATS, - "%s: enqueued to stats_ring[%d]\n", - __func__, cid); -//#endif - - return EDPVS_OK; -} - -int stats_pkt_in(int af, struct rte_mbuf *mbuf) -{ - if (likely(stats_disable)) { - RTE_LOG(DEBUG, STATS, - "%s: stats disable\n", __func__); - return EDPVS_OK; - } - - this_inpkts_count++; - if (this_inpkts_count % STATS_INTERVAL == 0) { - - stats_pkt_deliver(af, mbuf, STATS_PKT_DIR_IN); - } - - return EDPVS_OK; -} - -int stats_pkt_out(int af, struct rte_mbuf *mbuf) -{ - if (likely(stats_disable)) { - RTE_LOG(DEBUG, STATS, - "%s: stats disable\n", __func__); - return EDPVS_OK; - } - - this_outpkts_count++; - if (this_outpkts_count % STATS_INTERVAL == 0) { - - stats_pkt_deliver(af, mbuf, STATS_PKT_DIR_OUT); - } - - return EDPVS_OK; -} - - -/* - * master core allocates stats rings with the other lcores espectively. - */ -static int stats_ring_create(void) -{ - char name_buf[RTE_RING_NAMESIZE]; - int socket_id; - lcoreid_t cid; - - socket_id = rte_socket_id(); - - for (cid = 0; cid < DPVS_MAX_LCORE; cid++) { - if (!rte_lcore_is_enabled(cid)) { - continue; - } - - snprintf(name_buf, RTE_RING_NAMESIZE, - "stat_ring[%d]", cid); - - stats_ring[cid] = - rte_ring_create(name_buf, STATS_RING_SIZE, socket_id, - RING_F_SP_ENQ | RING_F_SC_DEQ); - - if (!stats_ring[cid]) { - RTE_LOG(ERR, STATS, - "%s: failed to create stat_ring[%d]\n", - __func__, cid); - return EDPVS_NOMEM; - } - - RTE_LOG(DEBUG, STATS, - "%s: success to create stat_ring[%d]\n", - __func__, cid); - } - - return EDPVS_OK; -} - -int stats_enable_func(void) -{ - int i; - int err; - - if (stats_disable == false) { - return EDPVS_OK; - } - - err = stats_ring_create(); - if (err != EDPVS_OK) { - return err; - } - - stats_tbl = rte_malloc_socket(NULL, sizeof(struct list_head) * STATS_TBL_SIZE, - RTE_CACHE_LINE_SIZE, rte_socket_id()); - - if (!stats_tbl) { - RTE_LOG(ERR, STATS, - "%s: rte_malloc_socket null\n", - __func__); - return EDPVS_NOMEM; - } - - for (i = 0; i < STATS_TBL_SIZE; i++) - INIT_LIST_HEAD(&stats_tbl[i]); - - stats_disable = false; - RTE_LOG(DEBUG, STATS, - "%s: stats_disable[%d]\n", - __func__, stats_disable); - - return EDPVS_OK; -} - -static void stats_variable_reset(void) -{ - history_pos = 0; - sorted_list_num = 0; - - this_inpkts_count = 0; - this_outpkts_count = 0; -} - -static void stats_ring_free(void) -{ - lcoreid_t cid; - - for (cid = 0; cid < DPVS_MAX_LCORE; cid++) { - if (!rte_lcore_is_enabled(cid)) { - continue; - } - rte_ring_free(stats_ring[cid]); - RTE_LOG(DEBUG, STATS, - "%s: stats_ring free[%d]\n", - __func__, cid); - } -} - - -int stats_disable_func(void) -{ - uint32_t hash = 0; - int i; - uint16_t nb_rb; - lcoreid_t cid; - struct stats_pkt *param; - struct stats_pkt *params[NETIF_MAX_PKT_BURST]; - struct stats_entry *entry, *nxt; - sorted_list_node *node, *p; - int count = 0; - - if (stats_disable == true) { - return EDPVS_OK; - } - - stats_disable = true; - - /* dequeue stats ring and free elements */ - for (cid = 0; cid < DPVS_MAX_LCORE; cid++) { - if (!rte_lcore_is_enabled(cid)) { - continue; - } - - nb_rb = rte_ring_dequeue_burst(stats_ring[cid], (void **)params, - NETIF_MAX_PKT_BURST, NULL); - - while (nb_rb > 0) { - count += nb_rb; - for (i = 0; i < nb_rb; i++) { - param = params[i]; - rte_free(param); - } - - nb_rb = rte_ring_dequeue_burst(stats_ring[cid], (void **)params, - NETIF_MAX_PKT_BURST, NULL); - } - - RTE_LOG(DEBUG, STATS, - "%s: stats ring[%d] free [%d] pkts\n", - __func__, cid, count); - - count = 0; - - } - - /* free stats ring */ - stats_ring_free(); - - count = 0; - /* delete and free all entry added to stats_tbl */ - for(; hash < STATS_TBL_SIZE; hash++) { - list_for_each_entry_safe(entry, nxt, &stats_tbl[hash], list) { - list_del(&entry->list); - rte_free(entry); - count++; - } - } - - RTE_LOG(DEBUG, STATS, - "%s: stats_tbl free [%d]\n", - __func__, count); - - /* free tlb */ - if (stats_tbl) { - rte_free(stats_tbl); - } - - count = 0; - - /* free sorted list */ - p = &(stats_sorted_list.root); - while (p->next != NULL) { - node = p->next; - p->next = node->next; - rte_free(node); - count++; - } - - RTE_LOG(DEBUG, STATS, - "%s: stats_sorted_list free [%d]\n", - __func__, count); - - stats_variable_reset(); - - return EDPVS_OK; -} - -static void stats_sorted_list_init(void) { - stats_sorted_list.compare = &stats_entry_compare; - sorted_list_initialise(&stats_sorted_list); -} - -static int stats_sockopt_set(sockoptid_t opt, const void *conf, size_t size) -{ - switch (opt) { - case SOCKOPT_SET_STATS_ADD: - - RTE_LOG(DEBUG, STATS, - "%s: enable\n", __func__); - return stats_enable_func(); - case SOCKOPT_SET_STATS_DEL: - RTE_LOG(DEBUG, STATS, - "%s: disable\n", __func__); - return stats_disable_func(); - - default: - RTE_LOG(ERR, STATS, - "%s: NOTSUPP\n", __func__); - return EDPVS_NOTSUPP; - } -} - - -static struct dpvs_sockopts stats_sockopts = { - .version = SOCKOPT_VERSION, - .set_opt_min = SOCKOPT_SET_STATS_ADD, - .set_opt_max = SOCKOPT_SET_STATS_DEL, - .set = stats_sockopt_set, - .get_opt_min = SOCKOPT_GET_STATS_SHOW, - .get_opt_max = SOCKOPT_GET_STATS_SHOW, - .get = stats_sockopt_get, -}; - -int stats_init(void) -{ - int err; - - stats_disable = true; - - stats_tlb_rnd = (uint32_t)random(); - - stats_sorted_list_init(); - - if ((err = sockopt_register(&stats_sockopts)) != EDPVS_OK) - return err; - - return EDPVS_OK; -} diff --git a/tools/dpip/Makefile b/tools/dpip/Makefile index 3ef930cea..04822c80b 100644 --- a/tools/dpip/Makefile +++ b/tools/dpip/Makefile @@ -33,7 +33,7 @@ DEFS = -D DPVS_MAX_LCORE=64 CFLAGS += $(DEFS) OBJS = dpip.o utils.o route.o addr.o neigh.o link.o vlan.o \ - qsch.o cls.o tunnel.o ipset.o ipv6.o stats.o ../../src/common.o \ + qsch.o cls.o tunnel.o ipset.o ipv6.o iftraf.o ../../src/common.o \ ../keepalived/keepalived/libipvs-2.6/sockopt.o all: $(TARGET) diff --git a/tools/dpip/iftraf.c b/tools/dpip/iftraf.c new file mode 100644 index 000000000..5cd4c6330 --- /dev/null +++ b/tools/dpip/iftraf.c @@ -0,0 +1,155 @@ +/* + * DPVS is a software load balancer (Virtual Server) based on DPDK. + * + * Copyright (C) 2017 iQIYI (www.iqiyi.com). + * All Rights Reserved. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + */ +#include +#include +#include +#include +#include "common.h" +#include "dpip.h" +#include "conf/inetaddr.h" +#include "conf/iftraf.h" +#include "sockopt.h" + + +static void iftraf_help(void) +{ + fprintf(stderr, + "Usage:\n" + " dpip iftraf [enable | disable]\n" + " dpip iftraf show\n" + ); +} + +static void iftraf_dump(const struct iftraf_param *param) +{ + if (AF_INET == param->af) { + printf("%s, [%s, %u -> ", + param->ifname, inet_ntoa(param->saddr.in), ntohs(param->sport)); + printf("%s, %u | %u], [%u, %u]", + inet_ntoa(param->daddr.in), ntohs(param->dport), param->proto, param->total_recv, param->total_sent); + + } else if (AF_INET6 == param->af) { + char src_addr[INET6_ADDRSTRLEN]; + char dst_addr[INET6_ADDRSTRLEN]; + + inet_ntop(AF_INET6, ¶m->saddr.in6, src_addr, INET6_ADDRSTRLEN); + inet_ntop(AF_INET6, ¶m->daddr.in6, dst_addr, INET6_ADDRSTRLEN); + + printf("%s, [%s, %u -> %s, %u | %u], [%u, %u]", + param->ifname, src_addr, ntohs(param->sport), dst_addr, ntohs(param->dport), param->proto, param->total_recv, param->total_sent); + + } else { + printf("unsupported"); + } + + printf("\n"); + return; +} + +static int iftraf_parse_args(struct dpip_conf *conf, + struct dp_vs_iftraf_conf *iftraf_conf) +{ + memset(iftraf_conf, 0, sizeof(*iftraf_conf)); + + while (conf->argc > 0) { + if (strcmp(conf->argv[0], "dev") == 0) { + NEXTARG_CHECK(conf, "dev"); + snprintf(iftraf_conf->ifname, sizeof(iftraf_conf->ifname), "%s", conf->argv[0]); + } + NEXTARG(conf); + } + + if (conf->argc > 0) { + fprintf(stderr, "too many arguments\n"); + return -1; + } + + return 0; +} + +static int iftraf_do_cmd(struct dpip_obj *obj, dpip_cmd_t cmd, + struct dpip_conf *conf) +{ + size_t size; + int err, i; + struct dp_vs_iftraf_conf iftraf_conf; + struct iftraf_param iftraf_param; + struct iftraf_param_array *iftraf_array; + + if (iftraf_parse_args(conf, &iftraf_conf) != 0) + return EDPVS_INVAL; + + switch (conf->cmd) { + case DPIP_CMD_ADD: + return dpvs_setsockopt(SOCKOPT_SET_IFTRAF_ADD, &iftraf_param, sizeof(iftraf_param)); + case DPIP_CMD_DEL: + return dpvs_setsockopt(SOCKOPT_SET_IFTRAF_DEL, &iftraf_param, sizeof(iftraf_param)); + case DPIP_CMD_SHOW: + err = dpvs_getsockopt(SOCKOPT_GET_IFTRAF_SHOW, &iftraf_conf, sizeof(iftraf_conf), + (void **)&iftraf_array, &size); + if (err != 0) + return err; + + if (iftraf_array == NULL) { + fprintf(stderr, "warnning: disabled.\n"); + return EDPVS_OK; + + } + + if (size <= sizeof(*iftraf_array) + || size != sizeof(*iftraf_array) + \ + iftraf_array->ntrafs * sizeof(struct iftraf_param)) { + fprintf(stderr, "response nstats : %d.\n", iftraf_array->ntrafs); + dpvs_sockopt_msg_free(iftraf_array); + return EDPVS_NOTEXIST; + } + + //printf("-------------top10 iftraf[in the last 20s]----------\n"); + if (strcmp(iftraf_conf.ifname, "all") == 0) { + for (i = 0; i < iftraf_array->ntrafs; i++) { + printf("top%d: ", i + 1); + iftraf_dump(&iftraf_array->iftraf[i]); + } + } else { + for (i = iftraf_array->ntrafs - 1; i >= 0; i--) { + printf("top%d: ", iftraf_array->ntrafs - i); + iftraf_dump(&iftraf_array->iftraf[i]); + } + } + dpvs_sockopt_msg_free(iftraf_array); + return EDPVS_OK; + default: + return EDPVS_NOTSUPP; + } +} + +struct dpip_obj dpip_iftraf = { + .name = "iftraf", + .help = iftraf_help, + .do_cmd = iftraf_do_cmd, +}; + +static void __init iftraf_init(void) +{ + dpip_register_obj(&dpip_iftraf); +} + +static void __exit iftraf_exit(void) +{ + dpip_unregister_obj(&dpip_iftraf); +} diff --git a/tools/dpip/stats.c b/tools/dpip/stats.c deleted file mode 100644 index 3c4815110..000000000 --- a/tools/dpip/stats.c +++ /dev/null @@ -1,125 +0,0 @@ -/* - * DPVS is a software load balancer (Virtual Server) based on DPDK. - * - * Copyright (C) 2017 iQIYI (www.iqiyi.com). - * All Rights Reserved. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - */ -#include -#include -#include -#include -#include "common.h" -#include "dpip.h" -#include "conf/inetaddr.h" -#include "conf/stats.h" -#include "sockopt.h" - - -static void stats_help(void) -{ - fprintf(stderr, - "Usage:\n" - " dpip stats [enable | disable]\n" - " dpip stats show\n" - ); -} - -static void stats_dump(const struct stats_param *param) -{ - if (AF_INET == param->af) { - printf("lcore: %u, [%s, %u -> ", - param->cid, inet_ntoa(param->saddr.in), ntohs(param->sport)); - printf("%s, %u | %u], [%.0Lf, %.0Lf]", - inet_ntoa(param->daddr.in), ntohs(param->dport), param->proto, param->total_recv, param->total_sent); - - } else if (AF_INET6 == param->af) { - char src_addr[INET6_ADDRSTRLEN]; - char dst_addr[INET6_ADDRSTRLEN]; - - inet_ntop(AF_INET6, ¶m->saddr.in6, src_addr, INET6_ADDRSTRLEN); - inet_ntop(AF_INET6, ¶m->daddr.in6, dst_addr, INET6_ADDRSTRLEN); - - printf("lcore: %u, [%s, %u -> %s, %u | %u], [%.0Lf, %.0Lf]", - param->cid, src_addr, ntohs(param->sport), dst_addr, ntohs(param->dport), param->proto, param->total_recv, param->total_sent); - - } else { - printf("unsupported"); - } - - printf("\n"); - return; -} - -static int stats_do_cmd(struct dpip_obj *obj, dpip_cmd_t cmd, - struct dpip_conf *conf) -{ - size_t size; - int err, i; - struct stats_param stats_param; - struct stats_param_array *stats_array; - - switch (conf->cmd) { - case DPIP_CMD_ADD: - return dpvs_setsockopt(SOCKOPT_SET_STATS_ADD, &stats_param, sizeof(stats_param)); - case DPIP_CMD_DEL: - return dpvs_setsockopt(SOCKOPT_SET_STATS_DEL, &stats_param, sizeof(stats_param)); - case DPIP_CMD_SHOW: - err = dpvs_getsockopt(SOCKOPT_GET_STATS_SHOW, &stats_param, sizeof(stats_param), - (void **)&stats_array, &size); - if (err != 0) - return err; - - if (stats_array == NULL) { - fprintf(stderr, "warnning: disabled.\n"); - return EDPVS_OK; - - } - - if (size <= sizeof(*stats_array) - || size != sizeof(*stats_array) + \ - stats_array->nstats * sizeof(struct stats_param)) { - fprintf(stderr, "response nstats : %d.\n", stats_array->nstats); - dpvs_sockopt_msg_free(stats_array); - return EDPVS_NOTEXIST; - } - - //printf("-------------top10 stats[in the last 20s]----------\n"); - - for (i = stats_array->nstats - 1; i >= 0; i--) { - printf("top%d: ", stats_array->nstats - i); - stats_dump(&stats_array->stats[i]); - } - - dpvs_sockopt_msg_free(stats_array); - return EDPVS_OK; - default: - return EDPVS_NOTSUPP; - } -} - -struct dpip_obj dpip_stats = { - .name = "stats", - .help = stats_help, - .do_cmd = stats_do_cmd, -}; - -static void __init stats_init(void) -{ - dpip_register_obj(&dpip_stats); -} - -static void __exit stats_exit(void) -{ - dpip_unregister_obj(&dpip_stats); -} From c7d5f0af2ad10e04555a5440452dcc1796b19925 Mon Sep 17 00:00:00 2001 From: ywc689 Date: Mon, 24 Jun 2019 20:53:58 +0800 Subject: [PATCH 25/62] dpvs: add mlx5 libs --- src/dpdk.mk | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/dpdk.mk b/src/dpdk.mk index 46bfed724..e1b46a204 100644 --- a/src/dpdk.mk +++ b/src/dpdk.mk @@ -40,7 +40,8 @@ LIBS += -L $(DPDKDIR)/lib LIBS += -Wl,--no-as-needed -fvisibility=default \ -Wl,--whole-archive -lrte_pmd_vmxnet3_uio -lrte_pmd_i40e -lrte_pmd_ixgbe \ - -lrte_pmd_e1000 -lrte_pmd_bnxt -lrte_pmd_ring -lrte_pmd_bond -lrte_ethdev -lrte_ip_frag \ + -lrte_pmd_e1000 -lrte_pmd_bnxt -lrte_pmd_ring -lrte_pmd_bond \ + -lrte_ethdev -lrte_ip_frag -lrte_pmd_mlx5 -libverbs -lmlx5 \ -Wl,--whole-archive -lrte_hash -lrte_kvargs -Wl,-lrte_mbuf -lrte_eal \ -Wl,-lrte_mempool -lrte_ring -lrte_cmdline -lrte_cfgfile -lrte_kni \ -lrte_mempool_ring -lrte_timer -lrte_net -Wl,-lrte_pmd_virtio \ From ff5e2ac76859c86cd240c31cc23da56b3de9434d Mon Sep 17 00:00:00 2001 From: Daniel Benli Ye Date: Thu, 21 Feb 2019 03:06:52 -0500 Subject: [PATCH 26/62] DPVS changes for DPDK 18.11.0 Some initial changes for DPDK 18.11.0. Compared to DPDK 17.11.2, changes are listed below: 1. API change: rte_eth_dev_count() -> rte_eth_dev_count_avail(). 2. In DPDK 18.08 release, ethdev: The old offload API is removed: Rx per-port rte_eth_conf.rxmode.[bit-fields] Tx per-queue rte_eth_txconf.txq_flags ETH_TXQ_FLAGS_NO* The transition bits are removed: rte_eth_conf.rxmode.ignore_offload_bitfield ETH_TXQ_FLAGS_IGNORE 3. In DPDK 18.05, rss_hf check is added. So adapt_device_rss_hf() is added. https://github.com/DPDK/dpdk/commit/8863a1fbfc66f762f70eb486431c23cc55f2cc3c 4. The following warning is presented in DPVS log. "Kni: kni_add_dev: fail to set mac 6C:92:BF:A1:ED:20 for eth0: Timer expired" It doesn't matter as function works well. This log printed because compared to DPDK 17.11.2, kni_net_set_mac callback function in DPDK 18.11 adds kni_net_process_request(). kni_net_process_request() calls wait_event_interruptible_timeout() which returns Timeout err code. 5. When install rte_kni kernel module, parameter "carrier=on" should be added. This is because DPDK 18.11 updated the KNI kernel module with a new kernel module parameter, carrier=[on|off] to allow the user to control the default carrier state of the KNI kernel network interfaces. Actually, rte_kni_update_link API should be used, but it's an experimental API. See release note for detail. --- src/kni.c | 12 ++++++-- src/main.c | 2 +- src/netif.c | 81 +++++++++++++++++++++++++++++++++++------------------ 3 files changed, 65 insertions(+), 30 deletions(-) diff --git a/src/kni.c b/src/kni.c index 77f9ed2e0..c894971bf 100644 --- a/src/kni.c +++ b/src/kni.c @@ -50,6 +50,8 @@ static void kni_fill_conf(const struct netif_port *dev, const char *ifname, struct rte_kni_conf *conf) { struct rte_eth_dev_info info = {0}; + const struct rte_bus *bus = NULL; + const struct rte_pci_device *pci_dev; memset(conf, 0, sizeof(*conf)); conf->group_id = dev->id; @@ -57,8 +59,14 @@ static void kni_fill_conf(const struct netif_port *dev, const char *ifname, if (dev->type == PORT_TYPE_GENERAL) { /* dpdk phy device */ rte_eth_dev_info_get(dev->id, &info); - conf->addr = info.pci_dev->addr; - conf->id = info.pci_dev->id; + if (info.device) { + bus = rte_bus_find_by_device(info.device); + } + if (bus && !strcmp(bus->name, "pci")) { + pci_dev = RTE_DEV_TO_PCI(info.device); + conf->addr = pci_dev->addr; + conf->id = pci_dev->id; + } } if (ifname && strlen(ifname)) diff --git a/src/main.c b/src/main.c index a82a96667..b334eeda8 100644 --- a/src/main.c +++ b/src/main.c @@ -254,7 +254,7 @@ int main(int argc, char *argv[]) rte_exit(EXIT_FAILURE, "Fail to init stats: %s\n", dpvs_strerror(err)); /* config and start all available dpdk ports */ - nports = rte_eth_dev_count(); + nports = rte_eth_dev_count_avail(); for (pid = 0; pid < nports; pid++) { dev = netif_port_get(pid); if (!dev) { diff --git a/src/netif.c b/src/netif.c index 18eeb3ec0..8f801268c 100644 --- a/src/netif.c +++ b/src/netif.c @@ -1394,7 +1394,7 @@ static int check_lcore_conf(int lcores, const struct netif_lcore_conf *lcore_con queueid_t qid; struct netif_lcore_conf mark; memset(&mark, 0, sizeof(mark)); - nports = rte_eth_dev_count(); + nports = rte_eth_dev_count_avail(); while (lcore_conf[i].nports > 0) { if (lcore2index[lcore_conf[i].id] != i) { @@ -2438,7 +2438,7 @@ static void lcore_job_xmit(void *args) for (i = 0; i < lcore_conf[lcore2index[cid]].nports; i++) { pid = lcore_conf[lcore2index[cid]].pqs[i].id; #ifdef CONFIG_DPVS_NETIF_DEBUG - if (unlikely(pid >= rte_eth_dev_count())) { + if (unlikely(pid >= rte_eth_dev_count_avail())) { RTE_LOG(DEBUG, NETIF, "[%s] No enough NICs\n", __func__); continue; } @@ -2877,13 +2877,21 @@ static int dpdk_set_mc_list(struct netif_port *dev) { struct ether_addr addrs[NETIF_MAX_HWADDR]; int err; + int ret = 0; size_t naddr = NELEMS(addrs); err = __netif_mc_dump(dev, addrs, &naddr); if (err != EDPVS_OK) return err; - return rte_eth_dev_set_mc_addr_list((uint8_t)dev->id, addrs, naddr); + ret = rte_eth_dev_set_mc_addr_list((uint8_t)dev->id, addrs, naddr); + if (ret == -ENOTSUP) { + /* If nic doesn't support to set multicast filter, enable all. */ + rte_eth_allmulticast_enable(dev->id); + ret = EDPVS_OK; + } + + return ret; } static int dpdk_filter_supported(struct netif_port *dev, enum rte_filter_type fltype) @@ -2969,13 +2977,9 @@ static inline void setup_dev_of_flags(struct netif_port *port) if (port->dev_info.tx_offload_capa & DEV_TX_OFFLOAD_TCP_CKSUM) port->flag |= NETIF_PORT_FLAG_TX_TCP_CSUM_OFFLOAD; - else - port->dev_info.default_txconf.txq_flags |= ETH_TXQ_FLAGS_NOXSUMTCP; if (port->dev_info.tx_offload_capa & DEV_TX_OFFLOAD_UDP_CKSUM) port->flag |= NETIF_PORT_FLAG_TX_UDP_CSUM_OFFLOAD; - else - port->dev_info.default_txconf.txq_flags |= ETH_TXQ_FLAGS_NOXSUMUDP; /* FIXME: may be a bug in dev_info get for virtio device, * set the txq_of_flags manually for this type device */ @@ -3003,7 +3007,7 @@ static inline void setup_dev_of_flags(struct netif_port *port) /* rx offload conf and flags */ if (port->dev_info.rx_offload_capa & DEV_RX_OFFLOAD_VLAN_STRIP) { port->flag |= NETIF_PORT_FLAG_RX_VLAN_STRIP_OFFLOAD; - port->dev_conf.rxmode.hw_vlan_strip = 1; + port->dev_conf.rxmode.offloads |= DEV_RX_OFFLOAD_VLAN_STRIP; } if (port->dev_info.rx_offload_capa & DEV_RX_OFFLOAD_IPV4_CKSUM) port->flag |= NETIF_PORT_FLAG_RX_IP_CSUM_OFFLOAD; @@ -3283,6 +3287,22 @@ static int rss_resolve_proc(char *rss) return rss_value; } +/* check and adapt device rss hash function */ +static void adapt_device_rss_hf(portid_t port_id, uint64_t *rss_hf) +{ + struct rte_eth_dev_info dev_info; + + rte_eth_dev_info_get(port_id, &dev_info); + if ((dev_info.flow_type_rss_offloads | *rss_hf) != + dev_info.flow_type_rss_offloads) { + RTE_LOG(WARNING, NETIF, + "Ethdev port_id=%u invalid rss_hf: 0x%"PRIx64", valid value: 0x%"PRIx64"\n", + port_id, *rss_hf, dev_info.flow_type_rss_offloads); + /* mask the unsupported rss_hf */ + *rss_hf &= dev_info.flow_type_rss_offloads; + } +} + /* fill in rx/tx queue configurations, including queue number, * decriptor number, bonding device's rss */ static void fill_port_config(struct netif_port *port, char *promisc_on) @@ -3328,6 +3348,9 @@ static void fill_port_config(struct netif_port *port, char *promisc_on) port->dev_conf.fdir_conf.pballoc = cfg_stream->fdir_pballoc; port->dev_conf.fdir_conf.status = cfg_stream->fdir_status; + /* need to adapt configured rss_hf as driver supported RSS offload types are different. */ + adapt_device_rss_hf(port->id, &port->dev_conf.rx_adv_conf.rss_conf.rss_hf); + if (cfg_stream->rx_queue_nb > 0 && port->nrxq > cfg_stream->rx_queue_nb) { RTE_LOG(WARNING, NETIF, "%s: rx-queues(%d) configured in workers != " "rx-queues(%d) configured in device, setup %d rx-queues for %s\n", @@ -3473,6 +3496,13 @@ int netif_port_start(struct netif_port *port) // device configure if ((ret = netif_port_fdir_dstport_mask_set(port)) != EDPVS_OK) return ret; + + if (port->flag & NETIF_PORT_FLAG_TX_IP_CSUM_OFFLOAD) + port->dev_conf.txmode.offloads |= DEV_TX_OFFLOAD_IPV4_CKSUM; + if (port->flag & NETIF_PORT_FLAG_TX_UDP_CSUM_OFFLOAD) + port->dev_conf.txmode.offloads |= DEV_TX_OFFLOAD_UDP_CKSUM; + if (port->flag & NETIF_PORT_FLAG_TX_TCP_CSUM_OFFLOAD) + port->dev_conf.txmode.offloads |= DEV_TX_OFFLOAD_TCP_CKSUM; ret = rte_eth_dev_configure(port->id, port->nrxq, port->ntxq, &port->dev_conf); if (ret < 0 ) { RTE_LOG(ERR, NETIF, "%s: fail to config %s\n", __func__, port->name); @@ -3496,11 +3526,6 @@ int netif_port_start(struct netif_port *port) if (port->ntxq > 0) { for (qid = 0; qid < port->ntxq; qid++) { memcpy(&txconf, &port->dev_info.default_txconf, sizeof(struct rte_eth_txconf)); - if (port->dev_conf.rxmode.jumbo_frame - || (port->flag & NETIF_PORT_FLAG_TX_IP_CSUM_OFFLOAD) - || (port->flag & NETIF_PORT_FLAG_TX_UDP_CSUM_OFFLOAD) - || (port->flag & NETIF_PORT_FLAG_TX_TCP_CSUM_OFFLOAD)) - txconf.txq_flags = 0; ret = rte_eth_tx_queue_setup(port->id, qid, port->txq_desc_nb, port->socket, &txconf); if (ret < 0) { @@ -3733,11 +3758,7 @@ static struct rte_eth_conf default_port_conf = { .mq_mode = ETH_MQ_RX_RSS, .max_rx_pkt_len = ETHER_MAX_LEN, .split_hdr_size = 0, - .header_split = 0, - .hw_ip_checksum = 1, - .hw_vlan_filter = 0, - .jumbo_frame = 0, - .hw_strip_crc = 0, + .offloads = DEV_RX_OFFLOAD_IPV4_CKSUM, }, .rx_adv_conf = { .rss_conf = { @@ -3873,7 +3894,7 @@ inline static void netif_port_init(const struct rte_eth_conf *conf) struct rte_eth_conf this_eth_conf; char *kni_name; - nports = rte_eth_dev_count(); + nports = rte_eth_dev_count_avail(); if (nports <= 0) rte_exit(EXIT_FAILURE, "No dpdk ports found!\n" "Possibly nic or driver is not dpdk-compatible.\n"); @@ -4100,7 +4121,7 @@ int netif_virtual_devices_add(void) } #endif - phy_pid_end = rte_eth_dev_count(); + phy_pid_end = rte_eth_dev_count_avail(); port_id_end = max(port_id_end, phy_pid_end); /* set bond_pid_offset before create bonding device */ @@ -4156,7 +4177,7 @@ int netif_virtual_devices_add(void) } if (!list_empty(&bond_list)) { - bond_pid_end = rte_eth_dev_count(); + bond_pid_end = rte_eth_dev_count_avail(); port_id_end = max(port_id_end, bond_pid_end); RTE_LOG(INFO, NETIF, "bonding device port id range: [%d, %d)\n", @@ -4513,12 +4534,18 @@ static int get_port_basic(struct netif_port *port, void **out, size_t *out_len) static inline void copy_dev_info(struct netif_nic_dev_get *get, const struct rte_eth_dev_info *dev_info) { - if (dev_info->pci_dev) - snprintf(get->pci_addr, sizeof(get->pci_addr), "%04x:%02x:%02x:%0x", - dev_info->pci_dev->addr.domain, - dev_info->pci_dev->addr.bus, - dev_info->pci_dev->addr.devid, - dev_info->pci_dev->addr.function); + if (dev_info->device) { + const struct rte_bus *bus = NULL; + bus = rte_bus_find_by_device(dev_info->device); + if (bus && !strcmp(bus->name, "pci")) { + const struct rte_pci_device *pci_dev = RTE_DEV_TO_PCI(dev_info->device); + snprintf(get->pci_addr, sizeof(get->pci_addr), "%04x:%02x:%02x:%0x", + pci_dev->addr.domain, + pci_dev->addr.bus, + pci_dev->addr.devid, + pci_dev->addr.function); + } + } if (dev_info->driver_name) strncpy(get->driver_name, dev_info->driver_name, sizeof(get->driver_name)); get->if_index = dev_info->if_index; From ee5d2cfd94e8128da36cbc3c1f19ab15d5c891e3 Mon Sep 17 00:00:00 2001 From: ywc689 Date: Fri, 28 Jun 2019 11:11:23 +0800 Subject: [PATCH 27/62] Fix some problems found in using DPDK 18.11 --- src/common.c | 13 ++++++++++--- src/netif.c | 46 +++++++++++++++++++++++++++++++++++++++------- 2 files changed, 49 insertions(+), 10 deletions(-) diff --git a/src/common.c b/src/common.c index ffc25e746..c5c7cd4b1 100644 --- a/src/common.c +++ b/src/common.c @@ -148,8 +148,14 @@ int linux_set_if_mac(const char *ifname, const unsigned char mac[ETH_ALEN]) memcpy(ifr.ifr_hwaddr.sa_data, mac, ETH_ALEN); if (ioctl(sock_fd, SIOCSIFHWADDR, &ifr)) { + /* DPDK 18.11, 'kni_net_process_request' is called when updating + * device's mac address, in which 'wait_event_interruptible_timeout' + * is used to wait for setting results, which may easily get timeout and + * return fail. We ignore the error here and return OK nevertheless.*/ + fprintf(stderr, "%s: fail to set %s's MAC address: %s\n", + __func__, ifname, strerror(errno)); close(sock_fd); - return EDPVS_SYSCALL; + return EDPVS_OK; } close(sock_fd); @@ -174,11 +180,12 @@ static int linux_hw_mc_mod(const char *ifname, fprintf(stderr, "%s: fail to set link mcast to %s: %s\n", __func__, ifname, strerror(errno)); close(fd); - return EDPVS_SYSCALL; + /* Ignore the error because 'kni_net_process_request' may get timeout. */ + return EDPVS_OK; } close(fd); - return 0; + return EDPVS_OK; } int linux_hw_mc_add(const char *ifname, const uint8_t hwma[ETH_ALEN]) diff --git a/src/netif.c b/src/netif.c index 8f801268c..730434981 100644 --- a/src/netif.c +++ b/src/netif.c @@ -2887,6 +2887,8 @@ static int dpdk_set_mc_list(struct netif_port *dev) ret = rte_eth_dev_set_mc_addr_list((uint8_t)dev->id, addrs, naddr); if (ret == -ENOTSUP) { /* If nic doesn't support to set multicast filter, enable all. */ + RTE_LOG(WARNING, NETIF, "%s: rte_eth_dev_set_mc_addr_list is not supported, " + "enable all multicast.\n", __func__); rte_eth_allmulticast_enable(dev->id); ret = EDPVS_OK; } @@ -2906,6 +2908,13 @@ void netif_mask_fdir_filter(int af, const struct netif_port *port, const struct rte_eth_fdir_masks *fmask; union rte_eth_fdir_flow *flow = &filt->input.flow; + /* There exists a defect here. If the netif_port 'port' is not PORT_TYPE_GENERAL, + mask fdir_filter of the port would fail. The correct way to accomplish the + function is to register this method for all device types. Considering the flow + is not changed after masking, we just skip netif_ports other than physical ones. */ + if (port->type != PORT_TYPE_GENERAL) + return; + if (rte_eth_dev_filter_ctrl(port->id, RTE_ETH_FILTER_FDIR, RTE_ETH_FILTER_INFO, &fdir_info) < 0) { RTE_LOG(WARNING, NETIF, "%s: Fail to fetch fdir info of %s !\n", @@ -2948,9 +2957,15 @@ void netif_mask_fdir_filter(int af, const struct netif_port *port, static int dpdk_set_fdir_filt(struct netif_port *dev, enum rte_filter_op op, const struct rte_eth_fdir_filter *filt) { - if (rte_eth_dev_filter_ctrl(dev->id, RTE_ETH_FILTER_FDIR, - op, (void *)filt) < 0) + int ret; + + ret = rte_eth_dev_filter_ctrl(dev->id, + RTE_ETH_FILTER_FDIR, op, (void *)filt); + if (ret < 0) { + RTE_LOG(WARNING, NETIF, "%s: fdir filt set failed for %s -- %s(%d)\n!", + __func__, dev->name, rte_strerror(-ret), ret); return EDPVS_DPDKAPIFAIL; + } return EDPVS_OK; } @@ -3287,12 +3302,14 @@ static int rss_resolve_proc(char *rss) return rss_value; } -/* check and adapt device rss hash function */ -static void adapt_device_rss_hf(portid_t port_id, uint64_t *rss_hf) +/* check and adapt device offloading/rss features */ +static void adapt_device_conf(portid_t port_id, uint64_t *rss_hf, + uint64_t *rx_offload, uint64_t *tx_offload) { struct rte_eth_dev_info dev_info; rte_eth_dev_info_get(port_id, &dev_info); + if ((dev_info.flow_type_rss_offloads | *rss_hf) != dev_info.flow_type_rss_offloads) { RTE_LOG(WARNING, NETIF, @@ -3301,6 +3318,22 @@ static void adapt_device_rss_hf(portid_t port_id, uint64_t *rss_hf) /* mask the unsupported rss_hf */ *rss_hf &= dev_info.flow_type_rss_offloads; } + + if ((dev_info.rx_offload_capa | *rx_offload) != dev_info.rx_offload_capa) { + RTE_LOG(WARNING, NETIF, + "Ethdev port_id=%u invalid rx_offload: 0x%"PRIx64", valid value: 0x%"PRIx64"\n", + port_id, *rx_offload, dev_info.rx_offload_capa); + /* mask the unsupported rx_offload */ + *rx_offload &= dev_info.rx_offload_capa; + } + + if ((dev_info.tx_offload_capa | *tx_offload) != dev_info.tx_offload_capa) { + RTE_LOG(WARNING, NETIF, + "Ethdev port_id=%u invalid tx_offload: 0x%"PRIx64", valid value: 0x%"PRIx64"\n", + port_id, *tx_offload, dev_info.tx_offload_capa); + /* mask the unsupported tx_offload */ + *tx_offload &= dev_info.tx_offload_capa; + } } /* fill in rx/tx queue configurations, including queue number, @@ -3348,9 +3381,6 @@ static void fill_port_config(struct netif_port *port, char *promisc_on) port->dev_conf.fdir_conf.pballoc = cfg_stream->fdir_pballoc; port->dev_conf.fdir_conf.status = cfg_stream->fdir_status; - /* need to adapt configured rss_hf as driver supported RSS offload types are different. */ - adapt_device_rss_hf(port->id, &port->dev_conf.rx_adv_conf.rss_conf.rss_hf); - if (cfg_stream->rx_queue_nb > 0 && port->nrxq > cfg_stream->rx_queue_nb) { RTE_LOG(WARNING, NETIF, "%s: rx-queues(%d) configured in workers != " "rx-queues(%d) configured in device, setup %d rx-queues for %s\n", @@ -3503,6 +3533,8 @@ int netif_port_start(struct netif_port *port) port->dev_conf.txmode.offloads |= DEV_TX_OFFLOAD_UDP_CKSUM; if (port->flag & NETIF_PORT_FLAG_TX_TCP_CSUM_OFFLOAD) port->dev_conf.txmode.offloads |= DEV_TX_OFFLOAD_TCP_CKSUM; + adapt_device_conf(port->id, &port->dev_conf.rx_adv_conf.rss_conf.rss_hf, + &port->dev_conf.rxmode.offloads, &port->dev_conf.txmode.offloads); ret = rte_eth_dev_configure(port->id, port->nrxq, port->ntxq, &port->dev_conf); if (ret < 0 ) { RTE_LOG(ERR, NETIF, "%s: fail to config %s\n", __func__, port->name); From 58a3dde2ab1eecdf44ea8ff92df4672ba1d87b31 Mon Sep 17 00:00:00 2001 From: ywc689 Date: Wed, 26 Jun 2019 10:13:45 +0800 Subject: [PATCH 28/62] Fix backward compatible problem for DPDK 17.11 --- include/dpdk.h | 1 + include/netif.h | 29 ++++++++++++++++++----------- src/Makefile | 2 +- src/kni.c | 19 ++++++++++++------- src/main.c | 2 +- src/netif.c | 26 +++++++++++++++----------- 6 files changed, 48 insertions(+), 31 deletions(-) diff --git a/include/dpdk.h b/include/dpdk.h index aa16c79d7..01fb48451 100644 --- a/include/dpdk.h +++ b/include/dpdk.h @@ -18,6 +18,7 @@ #ifndef __DPVS_DPDK_H__ #define __DPVS_DPDK_H__ #include +#include #include #include #include diff --git a/include/netif.h b/include/netif.h index ca3ef1d82..a0a722a8d 100644 --- a/include/netif.h +++ b/include/netif.h @@ -284,6 +284,8 @@ int netif_lcore_loop_job_unregister(struct netif_lcore_loop_job *lcore_job); int netif_lcore_start(void); bool is_lcore_id_valid(lcoreid_t cid); bool netif_lcore_is_idle(lcoreid_t cid); +void lcore_process_packets(struct netif_queue_conf *qconf, struct rte_mbuf **mbufs, + lcoreid_t cid, uint16_t count, bool pkts_from_ring); /************************** protocol API *****************************/ int netif_register_pkt(struct pkt_type *pt); @@ -311,6 +313,13 @@ int netif_get_queue(struct netif_port *port, lcoreid_t id, queueid_t *qid); int netif_get_link(struct netif_port *dev, struct rte_eth_link *link); int netif_get_promisc(struct netif_port *dev, bool *promisc); int netif_get_stats(struct netif_port *dev, struct rte_eth_stats *stats); +struct netif_port *netif_alloc(size_t priv_size, const char *namefmt, + unsigned int nrxq, unsigned int ntxq, + void (*setup)(struct netif_port *)); +portid_t netif_port_count(void); +int netif_free(struct netif_port *dev); +int netif_port_register(struct netif_port *dev); +int netif_port_unregister(struct netif_port *dev); /************************** module API *****************************/ int netif_virtual_devices_add(void); @@ -326,6 +335,7 @@ void install_netif_keywords(void); /*************************** kni api *******************************/ void kni_process_on_master(void); + static inline void *netif_priv(struct netif_port *dev) { return (char *)dev + __ALIGN_KERNEL(sizeof(struct netif_port), NETIF_ALIGN); @@ -336,14 +346,6 @@ static inline struct netif_tc *netif_tc(struct netif_port *dev) return &dev->tc; } -struct netif_port *netif_alloc(size_t priv_size, const char *namefmt, - unsigned int nrxq, unsigned int ntxq, - void (*setup)(struct netif_port *)); - -int netif_free(struct netif_port *dev); -int netif_port_register(struct netif_port *dev); -int netif_port_unregister(struct netif_port *dev); - static inline int eth_addr_equal(const struct ether_addr *addr1, const struct ether_addr *addr2) { @@ -363,8 +365,13 @@ static inline char *eth_addr_dump(const struct ether_addr *ea, return buf; } -portid_t netif_port_count(void); -void lcore_process_packets(struct netif_queue_conf *qconf, struct rte_mbuf **mbufs, - lcoreid_t cid, uint16_t count, bool pkts_from_ring); +static inline uint16_t dpvs_rte_eth_dev_count(void) +{ +#if RTE_VERSION < RTE_VERSION_NUM(18, 11, 0, 0) + return rte_eth_dev_count(); +#else + return rte_eth_dev_count_avail(); +#endif +} #endif /* __DPVS_NETIF_H__ */ diff --git a/src/Makefile b/src/Makefile index b6893358f..f107f70ac 100644 --- a/src/Makefile +++ b/src/Makefile @@ -57,7 +57,7 @@ else CFLAGS += -rdynamic endif -LIBS += -lpthread -lnuma +LIBS += -lpthread -lnuma -lmnl CFLAGS += $(INCDIRS) $(LIBS) diff --git a/src/kni.c b/src/kni.c index c894971bf..98b84b3d6 100644 --- a/src/kni.c +++ b/src/kni.c @@ -50,8 +50,6 @@ static void kni_fill_conf(const struct netif_port *dev, const char *ifname, struct rte_kni_conf *conf) { struct rte_eth_dev_info info = {0}; - const struct rte_bus *bus = NULL; - const struct rte_pci_device *pci_dev; memset(conf, 0, sizeof(*conf)); conf->group_id = dev->id; @@ -59,14 +57,21 @@ static void kni_fill_conf(const struct netif_port *dev, const char *ifname, if (dev->type == PORT_TYPE_GENERAL) { /* dpdk phy device */ rte_eth_dev_info_get(dev->id, &info); +#if RTE_VERSION < RTE_VERSION_NUM(18, 11, 0, 0) + conf->addr = info.pci_dev->addr; + conf->id = info.pci_dev->id; +#else if (info.device) { + const struct rte_bus *bus = NULL; + const struct rte_pci_device *pci_dev; bus = rte_bus_find_by_device(info.device); + if (bus && !strcmp(bus->name, "pci")) { + pci_dev = RTE_DEV_TO_PCI(info.device); + conf->addr = pci_dev->addr; + conf->id = pci_dev->id; + } } - if (bus && !strcmp(bus->name, "pci")) { - pci_dev = RTE_DEV_TO_PCI(info.device); - conf->addr = pci_dev->addr; - conf->id = pci_dev->id; - } +#endif } if (ifname && strlen(ifname)) diff --git a/src/main.c b/src/main.c index b334eeda8..0b12c5514 100644 --- a/src/main.c +++ b/src/main.c @@ -254,7 +254,7 @@ int main(int argc, char *argv[]) rte_exit(EXIT_FAILURE, "Fail to init stats: %s\n", dpvs_strerror(err)); /* config and start all available dpdk ports */ - nports = rte_eth_dev_count_avail(); + nports = dpvs_rte_eth_dev_count(); for (pid = 0; pid < nports; pid++) { dev = netif_port_get(pid); if (!dev) { diff --git a/src/netif.c b/src/netif.c index 730434981..3149ddcb8 100644 --- a/src/netif.c +++ b/src/netif.c @@ -1394,7 +1394,7 @@ static int check_lcore_conf(int lcores, const struct netif_lcore_conf *lcore_con queueid_t qid; struct netif_lcore_conf mark; memset(&mark, 0, sizeof(mark)); - nports = rte_eth_dev_count_avail(); + nports = dpvs_rte_eth_dev_count(); while (lcore_conf[i].nports > 0) { if (lcore2index[lcore_conf[i].id] != i) { @@ -2438,7 +2438,7 @@ static void lcore_job_xmit(void *args) for (i = 0; i < lcore_conf[lcore2index[cid]].nports; i++) { pid = lcore_conf[lcore2index[cid]].pqs[i].id; #ifdef CONFIG_DPVS_NETIF_DEBUG - if (unlikely(pid >= rte_eth_dev_count_avail())) { + if (unlikely(pid >= dpvs_rte_eth_dev_count())) { RTE_LOG(DEBUG, NETIF, "[%s] No enough NICs\n", __func__); continue; } @@ -3926,7 +3926,7 @@ inline static void netif_port_init(const struct rte_eth_conf *conf) struct rte_eth_conf this_eth_conf; char *kni_name; - nports = rte_eth_dev_count_avail(); + nports = dpvs_rte_eth_dev_count(); if (nports <= 0) rte_exit(EXIT_FAILURE, "No dpdk ports found!\n" "Possibly nic or driver is not dpdk-compatible.\n"); @@ -4153,7 +4153,7 @@ int netif_virtual_devices_add(void) } #endif - phy_pid_end = rte_eth_dev_count_avail(); + phy_pid_end = dpvs_rte_eth_dev_count(); port_id_end = max(port_id_end, phy_pid_end); /* set bond_pid_offset before create bonding device */ @@ -4209,7 +4209,7 @@ int netif_virtual_devices_add(void) } if (!list_empty(&bond_list)) { - bond_pid_end = rte_eth_dev_count_avail(); + bond_pid_end = dpvs_rte_eth_dev_count(); port_id_end = max(port_id_end, bond_pid_end); RTE_LOG(INFO, NETIF, "bonding device port id range: [%d, %d)\n", @@ -4566,18 +4566,22 @@ static int get_port_basic(struct netif_port *port, void **out, size_t *out_len) static inline void copy_dev_info(struct netif_nic_dev_get *get, const struct rte_eth_dev_info *dev_info) { + const struct rte_pci_device *pci_dev = NULL; +#if RTE_VERSION < RTE_VERSION_NUM(18, 11, 0, 0) + pci_dev = dev_info->pci_dev; +#else if (dev_info->device) { const struct rte_bus *bus = NULL; bus = rte_bus_find_by_device(dev_info->device); if (bus && !strcmp(bus->name, "pci")) { - const struct rte_pci_device *pci_dev = RTE_DEV_TO_PCI(dev_info->device); - snprintf(get->pci_addr, sizeof(get->pci_addr), "%04x:%02x:%02x:%0x", - pci_dev->addr.domain, - pci_dev->addr.bus, - pci_dev->addr.devid, - pci_dev->addr.function); + pci_dev = RTE_DEV_TO_PCI(dev_info->device); } } +#endif + if (pci_dev) + snprintf(get->pci_addr, sizeof(get->pci_addr), "%04x:%02x:%02x:%0x", + pci_dev->addr.domain, pci_dev->addr.bus, + pci_dev->addr.devid, pci_dev->addr.function); if (dev_info->driver_name) strncpy(get->driver_name, dev_info->driver_name, sizeof(get->driver_name)); get->if_index = dev_info->if_index; From 2882b7974c9396a925a13c2635db53e609159bc4 Mon Sep 17 00:00:00 2001 From: ywc689 Date: Fri, 28 Jun 2019 13:51:15 +0800 Subject: [PATCH 29/62] Add compile option for MLX5 --- src/Makefile | 4 ++-- src/config.mk | 2 ++ src/dpdk.mk | 8 ++++++-- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/Makefile b/src/Makefile index f107f70ac..971b6babc 100644 --- a/src/Makefile +++ b/src/Makefile @@ -34,8 +34,8 @@ DATE_STRING := $(shell date +%Y.%m.%d.%H:%M:%S) # same path of THIS Makefile SRCDIR := $(dir $(realpath $(firstword $(MAKEFILE_LIST)))) -include $(SRCDIR)/dpdk.mk include $(SRCDIR)/config.mk +include $(SRCDIR)/dpdk.mk INCDIRS += -I $(SRCDIR)/../include @@ -57,7 +57,7 @@ else CFLAGS += -rdynamic endif -LIBS += -lpthread -lnuma -lmnl +LIBS += -lpthread -lnuma CFLAGS += $(INCDIRS) $(LIBS) diff --git a/src/config.mk b/src/config.mk index c288b3ef0..cf1a668a9 100644 --- a/src/config.mk +++ b/src/config.mk @@ -21,6 +21,8 @@ # TODO: use standard way to define compile flags. # +CONFIG_MLX5=n + CFLAGS += -D DPVS_MAX_SOCKET=2 CFLAGS += -D DPVS_MAX_LCORE=64 diff --git a/src/dpdk.mk b/src/dpdk.mk index e1b46a204..f83f8e3cc 100644 --- a/src/dpdk.mk +++ b/src/dpdk.mk @@ -40,10 +40,14 @@ LIBS += -L $(DPDKDIR)/lib LIBS += -Wl,--no-as-needed -fvisibility=default \ -Wl,--whole-archive -lrte_pmd_vmxnet3_uio -lrte_pmd_i40e -lrte_pmd_ixgbe \ - -lrte_pmd_e1000 -lrte_pmd_bnxt -lrte_pmd_ring -lrte_pmd_bond \ - -lrte_ethdev -lrte_ip_frag -lrte_pmd_mlx5 -libverbs -lmlx5 \ + -lrte_pmd_e1000 -lrte_pmd_bnxt -lrte_pmd_ring -lrte_pmd_bond -lrte_ethdev -lrte_ip_frag \ -Wl,--whole-archive -lrte_hash -lrte_kvargs -Wl,-lrte_mbuf -lrte_eal \ -Wl,-lrte_mempool -lrte_ring -lrte_cmdline -lrte_cfgfile -lrte_kni \ -lrte_mempool_ring -lrte_timer -lrte_net -Wl,-lrte_pmd_virtio \ -lrte_pci -lrte_bus_pci -lrte_bus_vdev -lrte_lpm -lrte_pdump \ -Wl,--no-whole-archive -lrt -lm -ldl -lcrypto + +ifeq ($(CONFIG_MLX5), y) +LIBS += -Wl,--whole-archive -lrte_pmd_mlx5 -Wl,--no-whole-archive +LIBS += -libverbs -lmlx5 -lmnl +endif From 35280c003140721caecb94249627a19193d529cc Mon Sep 17 00:00:00 2001 From: ywc689 Date: Fri, 28 Jun 2019 18:22:53 +0800 Subject: [PATCH 30/62] patch: add patched for dpdk-stable-17.11.6 and dpdk-stable-18.11.2 --- ...iable-IP-header-len-for-checksum-API.patch | 56 ++++++++ ...link-event-for-multicast-driver-part.patch | 108 +++++++++++++++ ...iable-IP-header-len-for-checksum-API.patch | 56 ++++++++ ...link-event-for-multicast-driver-part.patch | 124 ++++++++++++++++++ ...e-flow_item-type-comparsion-in-flow_.patch | 33 +++++ 5 files changed, 377 insertions(+) create mode 100644 patch/dpdk-stable-17.11.6/0001-net-support-variable-IP-header-len-for-checksum-API.patch create mode 100644 patch/dpdk-stable-17.11.6/0002-kni-use-netlink-event-for-multicast-driver-part.patch create mode 100644 patch/dpdk-stable-18.11.2/0001-net-support-variable-IP-header-len-for-checksum-API.patch create mode 100644 patch/dpdk-stable-18.11.2/0002-kni-use-netlink-event-for-multicast-driver-part.patch create mode 100644 patch/dpdk-stable-18.11.2/0003-driver-kni-enable-flow_item-type-comparsion-in-flow_.patch diff --git a/patch/dpdk-stable-17.11.6/0001-net-support-variable-IP-header-len-for-checksum-API.patch b/patch/dpdk-stable-17.11.6/0001-net-support-variable-IP-header-len-for-checksum-API.patch new file mode 100644 index 000000000..d423571f8 --- /dev/null +++ b/patch/dpdk-stable-17.11.6/0001-net-support-variable-IP-header-len-for-checksum-API.patch @@ -0,0 +1,56 @@ +From 648ff9e42e58a4fe6587dce05b534fb746ae438f Mon Sep 17 00:00:00 2001 +From: ywc689 +Date: Fri, 28 Jun 2019 17:48:12 +0800 +Subject: [PATCH 1/2] net: support variable IP header len for checksum API. + +IPv4 checksum APIs use fixe IP header length, it will failed if there is +any IP option. Now calculating header length by "ihl" field, so that we +can support options. +--- + dpdk-stable-17.11.6/lib/librte_net/rte_ip.h | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/dpdk-stable-17.11.6/lib/librte_net/rte_ip.h b/dpdk-stable-17.11.6/lib/librte_net/rte_ip.h +index 8d4907f..0d504f6 100644 +--- a/dpdk-stable-17.11.6/lib/librte_net/rte_ip.h ++++ b/dpdk-stable-17.11.6/lib/librte_net/rte_ip.h +@@ -314,7 +314,7 @@ struct ipv4_hdr { + rte_ipv4_cksum(const struct ipv4_hdr *ipv4_hdr) + { + uint16_t cksum; +- cksum = rte_raw_cksum(ipv4_hdr, sizeof(struct ipv4_hdr)); ++ cksum = rte_raw_cksum(ipv4_hdr, (ipv4_hdr->version_ihl & 0xf) * 4); + return (cksum == 0xffff) ? cksum : (uint16_t)~cksum; + } + +@@ -356,7 +356,7 @@ struct ipv4_hdr { + } else { + psd_hdr.len = rte_cpu_to_be_16( + (uint16_t)(rte_be_to_cpu_16(ipv4_hdr->total_length) +- - sizeof(struct ipv4_hdr))); ++ - (ipv4_hdr->version_ihl & 0xf) * 4)); + } + return rte_raw_cksum(&psd_hdr, sizeof(psd_hdr)); + } +@@ -379,13 +379,14 @@ struct ipv4_hdr { + rte_ipv4_udptcp_cksum(const struct ipv4_hdr *ipv4_hdr, const void *l4_hdr) + { + uint32_t cksum; +- uint32_t l3_len, l4_len; ++ uint32_t l3_len, l4_len, iphlen; + + l3_len = rte_be_to_cpu_16(ipv4_hdr->total_length); +- if (l3_len < sizeof(struct ipv4_hdr)) +- return 0; ++ iphlen = (ipv4_hdr->version_ihl & 0xf) * 4; + +- l4_len = l3_len - sizeof(struct ipv4_hdr); ++ if (l3_len < iphlen) ++ return 0; ++ l4_len = l3_len - iphlen; + + cksum = rte_raw_cksum(l4_hdr, l4_len); + cksum += rte_ipv4_phdr_cksum(ipv4_hdr, 0); +-- +1.8.3.1 + diff --git a/patch/dpdk-stable-17.11.6/0002-kni-use-netlink-event-for-multicast-driver-part.patch b/patch/dpdk-stable-17.11.6/0002-kni-use-netlink-event-for-multicast-driver-part.patch new file mode 100644 index 000000000..ed0cbb40d --- /dev/null +++ b/patch/dpdk-stable-17.11.6/0002-kni-use-netlink-event-for-multicast-driver-part.patch @@ -0,0 +1,108 @@ +From dd72a3e2a760131f156f61a37df8826514f1ed4c Mon Sep 17 00:00:00 2001 +From: ywc689 +Date: Fri, 28 Jun 2019 17:52:13 +0800 +Subject: [PATCH 2/2] kni: use netlink event for multicast (driver part) + +kni driver send netlink event every time hw-multicast list updated by +kernel, the user kni app should capture the event and update multicast +to kni device. + +original way is using rte_kni_request to pass hw-multicast to user kni +module. that method works but finally memory corruption found, which is +to kni device. +--- + .../lib/librte_eal/linuxapp/kni/kni_net.c | 68 ++++++++++++++++++++++ + 1 file changed, 68 insertions(+) + +diff --git a/dpdk-stable-17.11.6/lib/librte_eal/linuxapp/kni/kni_net.c b/dpdk-stable-17.11.6/lib/librte_eal/linuxapp/kni/kni_net.c +index db9f489..fab94d1 100644 +--- a/dpdk-stable-17.11.6/lib/librte_eal/linuxapp/kni/kni_net.c ++++ b/dpdk-stable-17.11.6/lib/librte_eal/linuxapp/kni/kni_net.c +@@ -35,6 +35,8 @@ + #include + #include + #include ++#include ++#include + + #include + #include +@@ -579,9 +581,75 @@ + return 0; + } + ++static size_t ++kni_nlmsg_size(void) ++{ ++ return NLMSG_ALIGN(sizeof(struct ifaddrmsg)) ++ + nla_total_size(4) /* IFA_ADDRESS */ ++ + nla_total_size(4) /* IFA_LOCAL */ ++ + nla_total_size(4) /* IFA_BROADCAST */ ++ + nla_total_size(IFNAMSIZ) /* IFA_LABEL */ ++ + nla_total_size(4) /* IFA_FLAGS */ ++ + nla_total_size(sizeof(struct ifa_cacheinfo)); /* IFA_CACHEINFO */ ++} ++ + static void + kni_net_set_rx_mode(struct net_device *dev) + { ++ /* ++ * send event to notify user (DPDK KNI app) that multicast list changed, ++ * so that it can monitor multicast join/leave and set HW mc-addrs to ++ * kni dev accordinglly. ++ * ++ * this event is just an notification, we do not save any mc-addr here ++ * (so attribute space for us). user kni app should get maddrs after ++ * receive this notification. ++ * ++ * I was expecting kernel send some rtnl event for multicast join/leave, ++ * but it doesn't. By checking the call-chain of SIOCADDMULTI (ip maddr, ++ * manages only hardware multicast) and IP_ADD_MEMBERSHIP (ip_mc_join_group, ++ * used to for IPv4 multicast), no rtnl event sent. ++ * ++ * so as workaround, modify kni driver here to send RTM_NEWADDR. ++ * it may not suitalbe to use this event for mcast, but that should works. ++ * hope that won't affect other listener to this event. ++ * ++ * previous solution was using rte_kni_request to pass hw-maddr list to user. ++ * it "works" for times but finally memory corruption found, which is ++ * not easy to address (lock was added and reviewed). That's why we use ++ * netlink event instead. ++ */ ++ struct sk_buff *skb; ++ struct net *net = dev_net(dev); ++ struct nlmsghdr *nlh; ++ struct ifaddrmsg *ifm; ++ ++ skb = nlmsg_new(kni_nlmsg_size(), GFP_ATOMIC); ++ if (!skb) ++ return; ++ ++ /* no other event for us ? */ ++ nlh = nlmsg_put(skb, 0, 0, RTM_NEWADDR, sizeof(*ifm), 0); ++ if (!nlh) { ++ kfree_skb(skb); ++ return; ++ } ++ ++ /* just send an notification so no other info */ ++ ifm = nlmsg_data(nlh); ++ memset(ifm, 0, sizeof(*ifm)); ++ ifm->ifa_family = AF_UNSPEC; ++ ifm->ifa_prefixlen = 0; ++ ifm->ifa_flags = 0; ++ ifm->ifa_scope = RT_SCOPE_NOWHERE; ++ ifm->ifa_index = 0; ++ ++ nlmsg_end(skb, nlh); ++ ++ /* other group ? */ ++ pr_debug("%s: rx-mode/multicast-list changed\n", __func__); ++ rtnl_notify(skb, net, 0, RTNLGRP_NOTIFY, NULL, GFP_ATOMIC); ++ return; + } + + static int +-- +1.8.3.1 + diff --git a/patch/dpdk-stable-18.11.2/0001-net-support-variable-IP-header-len-for-checksum-API.patch b/patch/dpdk-stable-18.11.2/0001-net-support-variable-IP-header-len-for-checksum-API.patch new file mode 100644 index 000000000..0c1852c3a --- /dev/null +++ b/patch/dpdk-stable-18.11.2/0001-net-support-variable-IP-header-len-for-checksum-API.patch @@ -0,0 +1,56 @@ +From 5dac8928f844b4b6cfaeab6c1174b60b7409279b Mon Sep 17 00:00:00 2001 +From: ywc689 +Date: Fri, 28 Jun 2019 16:27:08 +0800 +Subject: [PATCH 1/3] net: support variable IP header len for checksum API. + +IPv4 checksum APIs use fixe IP header length, it will failed if there is +any IP option. Now calculating header length by "ihl" field, so that we +can support options. +--- + dpdk-stable-18.11.2/lib/librte_net/rte_ip.h | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/dpdk-stable-18.11.2/lib/librte_net/rte_ip.h b/dpdk-stable-18.11.2/lib/librte_net/rte_ip.h +index f9b9090..635bdcc 100644 +--- a/dpdk-stable-18.11.2/lib/librte_net/rte_ip.h ++++ b/dpdk-stable-18.11.2/lib/librte_net/rte_ip.h +@@ -252,7 +252,7 @@ struct ipv4_hdr { + rte_ipv4_cksum(const struct ipv4_hdr *ipv4_hdr) + { + uint16_t cksum; +- cksum = rte_raw_cksum(ipv4_hdr, sizeof(struct ipv4_hdr)); ++ cksum = rte_raw_cksum(ipv4_hdr, (ipv4_hdr->version_ihl & 0xf) * 4); + return (cksum == 0xffff) ? cksum : (uint16_t)~cksum; + } + +@@ -294,7 +294,7 @@ struct ipv4_hdr { + } else { + psd_hdr.len = rte_cpu_to_be_16( + (uint16_t)(rte_be_to_cpu_16(ipv4_hdr->total_length) +- - sizeof(struct ipv4_hdr))); ++ - (ipv4_hdr->version_ihl & 0xf) * 4)); + } + return rte_raw_cksum(&psd_hdr, sizeof(psd_hdr)); + } +@@ -317,13 +317,14 @@ struct ipv4_hdr { + rte_ipv4_udptcp_cksum(const struct ipv4_hdr *ipv4_hdr, const void *l4_hdr) + { + uint32_t cksum; +- uint32_t l3_len, l4_len; ++ uint32_t l3_len, l4_len, iphlen; + + l3_len = rte_be_to_cpu_16(ipv4_hdr->total_length); +- if (l3_len < sizeof(struct ipv4_hdr)) +- return 0; ++ iphlen = (ipv4_hdr->version_ihl & 0xf) * 4; + +- l4_len = l3_len - sizeof(struct ipv4_hdr); ++ if (l3_len < iphlen) ++ return 0; ++ l4_len = l3_len - iphlen; + + cksum = rte_raw_cksum(l4_hdr, l4_len); + cksum += rte_ipv4_phdr_cksum(ipv4_hdr, 0); +-- +1.8.3.1 + diff --git a/patch/dpdk-stable-18.11.2/0002-kni-use-netlink-event-for-multicast-driver-part.patch b/patch/dpdk-stable-18.11.2/0002-kni-use-netlink-event-for-multicast-driver-part.patch new file mode 100644 index 000000000..abd9ac448 --- /dev/null +++ b/patch/dpdk-stable-18.11.2/0002-kni-use-netlink-event-for-multicast-driver-part.patch @@ -0,0 +1,124 @@ +From 7a54416e9370be6d573d6b9429002c0712a5851f Mon Sep 17 00:00:00 2001 +From: ywc689 +Date: Fri, 28 Jun 2019 16:52:24 +0800 +Subject: [PATCH 2/3] kni: use netlink event for multicast (driver part) + +kni driver send netlink event every time hw-multicast list updated by +kernel, the user kni app should capture the event and update multicast +to kni device. + +original way is using rte_kni_request to pass hw-multicast to user kni +module. that method works but finally memory corruption found, which is +to kni device. +--- + dpdk-stable-18.11.2/kernel/linux/kni/kni_net.c | 70 ++++++++++++++++++++++++++ + 1 file changed, 70 insertions(+) + +diff --git a/dpdk-stable-18.11.2/kernel/linux/kni/kni_net.c b/dpdk-stable-18.11.2/kernel/linux/kni/kni_net.c +index 7371b6d..edc1416 100644 +--- a/dpdk-stable-18.11.2/kernel/linux/kni/kni_net.c ++++ b/dpdk-stable-18.11.2/kernel/linux/kni/kni_net.c +@@ -16,6 +16,8 @@ + #include + #include + #include ++#include ++#include + + #include + #include +@@ -103,6 +105,7 @@ + ret_val = wait_event_interruptible_timeout(kni->wq, + kni_fifo_count(kni->resp_q), 3 * HZ); + if (signal_pending(current) || ret_val <= 0) { ++ pr_err("%s: wait_event_interruptible timeout\n", __func__); + ret = -ETIME; + goto fail; + } +@@ -605,9 +608,75 @@ void kni_net_release_fifo_phy(struct kni_dev *kni) + return -EOPNOTSUPP; + } + ++static size_t ++kni_nlmsg_size(void) ++{ ++ return NLMSG_ALIGN(sizeof(struct ifaddrmsg)) ++ + nla_total_size(4) /* IFA_ADDRESS */ ++ + nla_total_size(4) /* IFA_LOCAL */ ++ + nla_total_size(4) /* IFA_BROADCAST */ ++ + nla_total_size(IFNAMSIZ) /* IFA_LABEL */ ++ + nla_total_size(4) /* IFA_FLAGS */ ++ + nla_total_size(sizeof(struct ifa_cacheinfo)); /* IFA_CACHEINFO */ ++} ++ + static void + kni_net_set_rx_mode(struct net_device *dev) + { ++ /* ++ * send event to notify user (DPDK KNI app) that multicast list changed, ++ * so that it can monitor multicast join/leave and set HW mc-addrs to ++ * kni dev accordinglly. ++ * ++ * this event is just an notification, we do not save any mc-addr here ++ * (so attribute space for us). user kni app should get maddrs after ++ * receive this notification. ++ * ++ * I was expecting kernel send some rtnl event for multicast join/leave, ++ * but it doesn't. By checking the call-chain of SIOCADDMULTI (ip maddr, ++ * manages only hardware multicast) and IP_ADD_MEMBERSHIP (ip_mc_join_group, ++ * used to for IPv4 multicast), no rtnl event sent. ++ * ++ * so as workaround, modify kni driver here to send RTM_NEWADDR. ++ * it may not suitalbe to use this event for mcast, but that should works. ++ * hope that won't affect other listener to this event. ++ * ++ * previous solution was using rte_kni_request to pass hw-maddr list to user. ++ * it "works" for times but finally memory corruption found, which is ++ * not easy to address (lock was added and reviewed). That's why we use ++ * netlink event instead. ++ */ ++ struct sk_buff *skb; ++ struct net *net = dev_net(dev); ++ struct nlmsghdr *nlh; ++ struct ifaddrmsg *ifm; ++ ++ skb = nlmsg_new(kni_nlmsg_size(), GFP_ATOMIC); ++ if (!skb) ++ return; ++ ++ /* no other event for us ? */ ++ nlh = nlmsg_put(skb, 0, 0, RTM_NEWADDR, sizeof(*ifm), 0); ++ if (!nlh) { ++ kfree_skb(skb); ++ return; ++ } ++ ++ /* just send an notification so no other info */ ++ ifm = nlmsg_data(nlh); ++ memset(ifm, 0, sizeof(*ifm)); ++ ifm->ifa_family = AF_UNSPEC; ++ ifm->ifa_prefixlen = 0; ++ ifm->ifa_flags = 0; ++ ifm->ifa_scope = RT_SCOPE_NOWHERE; ++ ifm->ifa_index = 0; ++ ++ nlmsg_end(skb, nlh); ++ ++ /* other group ? */ ++ pr_debug("%s: rx-mode/multicast-list changed\n", __func__); ++ rtnl_notify(skb, net, 0, RTNLGRP_NOTIFY, NULL, GFP_ATOMIC); ++ return; + } + + static int +@@ -727,6 +796,7 @@ void kni_net_release_fifo_phy(struct kni_dev *kni) + kni = netdev_priv(netdev); + ret = kni_net_process_request(kni, &req); + ++ pr_info("%s request returns %d!\n", __func__, ret); + return (ret == 0 ? req.result : ret); + } + +-- +1.8.3.1 + diff --git a/patch/dpdk-stable-18.11.2/0003-driver-kni-enable-flow_item-type-comparsion-in-flow_.patch b/patch/dpdk-stable-18.11.2/0003-driver-kni-enable-flow_item-type-comparsion-in-flow_.patch new file mode 100644 index 000000000..38c539a33 --- /dev/null +++ b/patch/dpdk-stable-18.11.2/0003-driver-kni-enable-flow_item-type-comparsion-in-flow_.patch @@ -0,0 +1,33 @@ +From 408cda4311b0c10b441fbf8b67614d7873ec718a Mon Sep 17 00:00:00 2001 +From: ywc689 +Date: Fri, 28 Jun 2019 17:02:40 +0800 +Subject: [PATCH 3/3] driver:kni: enable flow_item type comparsion in + flow_fdir_cmp + +the existence is checked before adding/deleting a fdir flow, but +the flow type is not compared in 'flow_fdir_cmp', which resulting +in the failure or unwanted behavior in adding/deleting two same +fdir flows with flow type(such as ipv4 tcp/udp) different only. +--- + dpdk-stable-18.11.2/drivers/net/mlx5/mlx5_flow.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/dpdk-stable-18.11.2/drivers/net/mlx5/mlx5_flow.c b/dpdk-stable-18.11.2/drivers/net/mlx5/mlx5_flow.c +index 222cd81..d99edce 100644 +--- a/dpdk-stable-18.11.2/drivers/net/mlx5/mlx5_flow.c ++++ b/dpdk-stable-18.11.2/drivers/net/mlx5/mlx5_flow.c +@@ -2668,6 +2668,11 @@ struct rte_flow * + static int + flow_fdir_cmp(const struct mlx5_fdir *f1, const struct mlx5_fdir *f2) + { ++ unsigned i; ++ for (i = 0; i < sizeof(f1->items)/sizeof(f1->items[0]); i++) { ++ if (f1->items[i].type != f2->items[i].type) ++ return 1; ++ } + if (FLOW_FDIR_CMP(f1, f2, attr) || + FLOW_FDIR_CMP(f1, f2, l2) || + FLOW_FDIR_CMP(f1, f2, l2_mask) || +-- +1.8.3.1 + From e0c0ed02f50b6795cddde4973bbde049b02c91ec Mon Sep 17 00:00:00 2001 From: ywc689 Date: Sun, 30 Jun 2019 22:37:22 +0800 Subject: [PATCH 31/62] netif: fix tx offloads problem --- src/netif.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/netif.c b/src/netif.c index 3149ddcb8..36ee2e11f 100644 --- a/src/netif.c +++ b/src/netif.c @@ -3533,8 +3533,10 @@ int netif_port_start(struct netif_port *port) port->dev_conf.txmode.offloads |= DEV_TX_OFFLOAD_UDP_CKSUM; if (port->flag & NETIF_PORT_FLAG_TX_TCP_CSUM_OFFLOAD) port->dev_conf.txmode.offloads |= DEV_TX_OFFLOAD_TCP_CKSUM; + port->dev_conf.txmode.offloads |= DEV_TX_OFFLOAD_MBUF_FAST_FREE; adapt_device_conf(port->id, &port->dev_conf.rx_adv_conf.rss_conf.rss_hf, &port->dev_conf.rxmode.offloads, &port->dev_conf.txmode.offloads); + ret = rte_eth_dev_configure(port->id, port->nrxq, port->ntxq, &port->dev_conf); if (ret < 0 ) { RTE_LOG(ERR, NETIF, "%s: fail to config %s\n", __func__, port->name); @@ -3558,6 +3560,14 @@ int netif_port_start(struct netif_port *port) if (port->ntxq > 0) { for (qid = 0; qid < port->ntxq; qid++) { memcpy(&txconf, &port->dev_info.default_txconf, sizeof(struct rte_eth_txconf)); +#if RTE_VERSION < RTE_VERSION_NUM(18, 11, 0, 0) + if (port->dev_conf.rxmode.jumbo_frame + || (port->flag & NETIF_PORT_FLAG_TX_IP_CSUM_OFFLOAD) + || (port->flag & NETIF_PORT_FLAG_TX_UDP_CSUM_OFFLOAD) + || (port->flag & NETIF_PORT_FLAG_TX_TCP_CSUM_OFFLOAD)) + txconf.txq_flags = 0; +#endif + txconf.offloads = port->dev_conf.txmode.offloads; ret = rte_eth_tx_queue_setup(port->id, qid, port->txq_desc_nb, port->socket, &txconf); if (ret < 0) { From b3e4eb4e78adc1df2586f11e49f445a17d66ff51 Mon Sep 17 00:00:00 2001 From: ywc689 Date: Wed, 13 Nov 2019 11:39:54 +0800 Subject: [PATCH 32/62] patch: update dpdk patches --- ...ink-event-for-multicast-driver-part.patch} | 8 +- ...iable-IP-header-len-for-checksum-API.patch | 14 +- ...-and-change-dpdk-pdump-tool-for-DPVS.patch | 8 +- .../0003-rh75-ndo_change_mtu.patch | 25 -- ....2-to-support-rh75-provided-by-Jason.patch | 48 ++ ...ink-event-for-multicast-driver-part.patch} | 12 +- ...able-IP-header-len-for-checksum-API.patch} | 12 +- ...-and-change-dpdk-pdump-tool-for-DPVS.patch | 415 ++++++++++++++++++ ...ink-event-for-multicast-driver-part.patch} | 12 +- ...able-IP-header-len-for-checksum-API.patch} | 12 +- ...e-flow_item-type-comparsion-in-flow_.patch | 10 +- 11 files changed, 507 insertions(+), 69 deletions(-) rename patch/dpdk-stable-17.11.2/{0001-PATCH-kni-use-netlink-event-for-multicast-driver-par.patch => 0001-kni-use-netlink-event-for-multicast-driver-part.patch} (93%) delete mode 100644 patch/dpdk-stable-17.11.2/0003-rh75-ndo_change_mtu.patch create mode 100644 patch/dpdk-stable-17.11.2/0004-patch-dpdk-17.11.2-to-support-rh75-provided-by-Jason.patch rename patch/dpdk-stable-17.11.6/{0002-kni-use-netlink-event-for-multicast-driver-part.patch => 0001-kni-use-netlink-event-for-multicast-driver-part.patch} (87%) rename patch/dpdk-stable-17.11.6/{0001-net-support-variable-IP-header-len-for-checksum-API.patch => 0002-net-support-variable-IP-header-len-for-checksum-API.patch} (78%) create mode 100644 patch/dpdk-stable-17.11.6/0003-enable-pdump-and-change-dpdk-pdump-tool-for-DPVS.patch rename patch/dpdk-stable-18.11.2/{0002-kni-use-netlink-event-for-multicast-driver-part.patch => 0001-kni-use-netlink-event-for-multicast-driver-part.patch} (90%) rename patch/dpdk-stable-18.11.2/{0001-net-support-variable-IP-header-len-for-checksum-API.patch => 0002-net-support-variable-IP-header-len-for-checksum-API.patch} (78%) diff --git a/patch/dpdk-stable-17.11.2/0001-PATCH-kni-use-netlink-event-for-multicast-driver-par.patch b/patch/dpdk-stable-17.11.2/0001-kni-use-netlink-event-for-multicast-driver-part.patch similarity index 93% rename from patch/dpdk-stable-17.11.2/0001-PATCH-kni-use-netlink-event-for-multicast-driver-par.patch rename to patch/dpdk-stable-17.11.2/0001-kni-use-netlink-event-for-multicast-driver-part.patch index 9c37cb46d..05b10eba2 100644 --- a/patch/dpdk-stable-17.11.2/0001-PATCH-kni-use-netlink-event-for-multicast-driver-par.patch +++ b/patch/dpdk-stable-17.11.2/0001-kni-use-netlink-event-for-multicast-driver-part.patch @@ -1,7 +1,7 @@ -From b5843bda351920c27be5e8211ef6fa5d548fa03e Mon Sep 17 00:00:00 2001 +From 52f4389c80b4b41386c53daf16d860305252f325 Mon Sep 17 00:00:00 2001 From: Lei Chen Date: Tue, 23 Jan 2018 12:39:56 +0800 -Subject: [PATCH] kni: use netlink event for multicast (driver part). +Subject: [PATCH 1/4] kni: use netlink event for multicast (driver part). kni driver send netlink event every time hw-multicast list updated by kernel, the user kni app should capture the event and update multicast @@ -27,7 +27,7 @@ index db9f489..fab94d1 100644 #include #include -@@ -579,9 +581,75 @@ kni_net_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) +@@ -579,9 +581,75 @@ return 0; } @@ -104,5 +104,5 @@ index db9f489..fab94d1 100644 static int -- -2.7.4 +1.8.3.1 diff --git a/patch/dpdk-stable-17.11.2/0002-net-support-variable-IP-header-len-for-checksum-API.patch b/patch/dpdk-stable-17.11.2/0002-net-support-variable-IP-header-len-for-checksum-API.patch index 927827a29..96dd76ea8 100644 --- a/patch/dpdk-stable-17.11.2/0002-net-support-variable-IP-header-len-for-checksum-API.patch +++ b/patch/dpdk-stable-17.11.2/0002-net-support-variable-IP-header-len-for-checksum-API.patch @@ -1,7 +1,7 @@ -From c2dfa35bbd68b869f9069ca9b7474dd93e2097ef Mon Sep 17 00:00:00 2001 +From a949f95267849630a750f1e72ee468d58b806589 Mon Sep 17 00:00:00 2001 From: Lei Chen Date: Tue, 6 Mar 2018 16:04:36 +0800 -Subject: [PATCH 2/2] net: support variable IP header len for checksum API. +Subject: [PATCH 2/4] net: support variable IP header len for checksum API. IPv4 checksum APIs use fixe IP header length, it will failed if there is any IP option. Now calculating header length by "ihl" field, so that we @@ -13,10 +13,10 @@ Signed-off-by: Lei Chen 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/librte_net/rte_ip.h b/lib/librte_net/rte_ip.h -index 4491b86..cfbc3bd 100644 +index 73ec398..e03f707 100644 --- a/lib/librte_net/rte_ip.h +++ b/lib/librte_net/rte_ip.h -@@ -314,7 +314,7 @@ static inline uint16_t +@@ -314,7 +314,7 @@ struct ipv4_hdr { rte_ipv4_cksum(const struct ipv4_hdr *ipv4_hdr) { uint16_t cksum; @@ -25,7 +25,7 @@ index 4491b86..cfbc3bd 100644 return (cksum == 0xffff) ? cksum : ~cksum; } -@@ -356,7 +356,7 @@ rte_ipv4_phdr_cksum(const struct ipv4_hdr *ipv4_hdr, uint64_t ol_flags) +@@ -356,7 +356,7 @@ struct ipv4_hdr { } else { psd_hdr.len = rte_cpu_to_be_16( (uint16_t)(rte_be_to_cpu_16(ipv4_hdr->total_length) @@ -34,7 +34,7 @@ index 4491b86..cfbc3bd 100644 } return rte_raw_cksum(&psd_hdr, sizeof(psd_hdr)); } -@@ -381,7 +381,7 @@ rte_ipv4_udptcp_cksum(const struct ipv4_hdr *ipv4_hdr, const void *l4_hdr) +@@ -381,7 +381,7 @@ struct ipv4_hdr { uint32_t l4_len; l4_len = rte_be_to_cpu_16(ipv4_hdr->total_length) - @@ -44,5 +44,5 @@ index 4491b86..cfbc3bd 100644 cksum = rte_raw_cksum(l4_hdr, l4_len); cksum += rte_ipv4_phdr_cksum(ipv4_hdr, 0); -- -2.7.4 +1.8.3.1 diff --git a/patch/dpdk-stable-17.11.2/0003-enable-pdump-and-change-dpdk-pdump-tool-for-DPVS.patch b/patch/dpdk-stable-17.11.2/0003-enable-pdump-and-change-dpdk-pdump-tool-for-DPVS.patch index a10fe4976..48743416d 100644 --- a/patch/dpdk-stable-17.11.2/0003-enable-pdump-and-change-dpdk-pdump-tool-for-DPVS.patch +++ b/patch/dpdk-stable-17.11.2/0003-enable-pdump-and-change-dpdk-pdump-tool-for-DPVS.patch @@ -1,7 +1,7 @@ -From 34d3d8ebc02906739d9ee6c152091eaf628a292e Mon Sep 17 00:00:00 2001 +From 3f2c917cc758f3205ea38447dc7a82215c448cc0 Mon Sep 17 00:00:00 2001 From: Daniel Benli Ye Date: Tue, 18 Dec 2018 09:01:52 -0500 -Subject: [PATCH] enable pdump and change dpdk-pdump tool for DPVS +Subject: [PATCH 3/4] enable pdump and change dpdk-pdump tool for DPVS A fix in app/pdump/main.c is x-ported from later release. rte.app.pdump.mk is copied from rte.app.mk and do several changes @@ -30,7 +30,7 @@ diff --git a/app/pdump/main.c b/app/pdump/main.c index 66272f5..d974583 100644 --- a/app/pdump/main.c +++ b/app/pdump/main.c -@@ -583,11 +583,10 @@ configure_vdev(uint16_t port_id) +@@ -583,11 +583,10 @@ struct parse_val { { struct ether_addr addr; const uint16_t rxRings = 0, txRings = 1; @@ -411,5 +411,5 @@ index 0000000..e425472 +.PHONY: FORCE +FORCE: -- -2.1.4 +1.8.3.1 diff --git a/patch/dpdk-stable-17.11.2/0003-rh75-ndo_change_mtu.patch b/patch/dpdk-stable-17.11.2/0003-rh75-ndo_change_mtu.patch deleted file mode 100644 index 00d96b8c3..000000000 --- a/patch/dpdk-stable-17.11.2/0003-rh75-ndo_change_mtu.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- a/lib/librte_eal/linuxapp/kni/compat.h -+++ b/lib/librte_eal/linuxapp/kni/compat.h -@@ -103,2 +103,8 @@ - -+#if (defined(RHEL_RELEASE_CODE) && \ -+ (RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(7, 5)) && \ -+ (RHEL_RELEASE_CODE < RHEL_RELEASE_VERSION(8, 0))) -+#define ndo_change_mtu ndo_change_mtu_rh74 -+#endif -+ - #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0) - ---- a/lib/librte_eal/linuxapp/kni/ethtool/igb/kcompat.h -+++ b/lib/librte_eal/linuxapp/kni/ethtool/igb/kcompat.h -@@ -3933,4 +3933,10 @@ skb_set_hash(struct sk_buff *skb, __u32 - #endif - -+#if (defined(RHEL_RELEASE_CODE) && \ -+ (RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(7, 5)) && \ -+ (RHEL_RELEASE_CODE < RHEL_RELEASE_VERSION(8, 0))) -+#define ndo_change_mtu ndo_change_mtu_rh74 -+#endif -+ - #if ((LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 0)) || \ - (SLE_VERSION_CODE && SLE_VERSION_CODE >= SLE_VERSION(12, 3, 0))) diff --git a/patch/dpdk-stable-17.11.2/0004-patch-dpdk-17.11.2-to-support-rh75-provided-by-Jason.patch b/patch/dpdk-stable-17.11.2/0004-patch-dpdk-17.11.2-to-support-rh75-provided-by-Jason.patch new file mode 100644 index 000000000..3cb205562 --- /dev/null +++ b/patch/dpdk-stable-17.11.2/0004-patch-dpdk-17.11.2-to-support-rh75-provided-by-Jason.patch @@ -0,0 +1,48 @@ +From 95e115dd2bfe5f7a7e54af0f73577af0a68fdba0 Mon Sep 17 00:00:00 2001 +From: wencyu +Date: Wed, 13 Nov 2019 10:17:35 +0800 +Subject: [PATCH 4/4] patch dpdk-17.11.2 to support rh75 (provided by Jason Joo + ) + +--- + lib/librte_eal/linuxapp/kni/compat.h | 6 ++++++ + lib/librte_eal/linuxapp/kni/ethtool/igb/kcompat.h | 6 ++++++ + 2 files changed, 12 insertions(+) + +diff --git a/lib/librte_eal/linuxapp/kni/compat.h b/lib/librte_eal/linuxapp/kni/compat.h +index 3f8c0bc..be707bc 100644 +--- a/lib/librte_eal/linuxapp/kni/compat.h ++++ b/lib/librte_eal/linuxapp/kni/compat.h +@@ -101,6 +101,12 @@ + #undef NET_NAME_UNKNOWN + #endif + ++#if (defined(RHEL_RELEASE_CODE) && \ ++ (RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(7, 5)) && \ ++ (RHEL_RELEASE_CODE < RHEL_RELEASE_VERSION(8, 0))) ++#define ndo_change_mtu ndo_change_mtu_rh74 ++#endif ++ + #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0) + #define HAVE_SIGNAL_FUNCTIONS_OWN_HEADER + #endif +diff --git a/lib/librte_eal/linuxapp/kni/ethtool/igb/kcompat.h b/lib/librte_eal/linuxapp/kni/ethtool/igb/kcompat.h +index 443a3f2..46cad90 100644 +--- a/lib/librte_eal/linuxapp/kni/ethtool/igb/kcompat.h ++++ b/lib/librte_eal/linuxapp/kni/ethtool/igb/kcompat.h +@@ -3932,6 +3932,12 @@ static inline struct sk_buff *__kc__vlan_hwaccel_put_tag(struct sk_buff *skb, + #define vlan_tx_tag_present skb_vlan_tag_present + #endif + ++#if (defined(RHEL_RELEASE_CODE) && \ ++ (RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(7, 5)) && \ ++ (RHEL_RELEASE_CODE < RHEL_RELEASE_VERSION(8, 0))) ++#define ndo_change_mtu ndo_change_mtu_rh74 ++#endif ++ + #if ((LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 0)) || \ + (SLE_VERSION_CODE && SLE_VERSION_CODE >= SLE_VERSION(12, 3, 0))) + #define HAVE_VF_VLAN_PROTO +-- +1.8.3.1 + diff --git a/patch/dpdk-stable-17.11.6/0002-kni-use-netlink-event-for-multicast-driver-part.patch b/patch/dpdk-stable-17.11.6/0001-kni-use-netlink-event-for-multicast-driver-part.patch similarity index 87% rename from patch/dpdk-stable-17.11.6/0002-kni-use-netlink-event-for-multicast-driver-part.patch rename to patch/dpdk-stable-17.11.6/0001-kni-use-netlink-event-for-multicast-driver-part.patch index ed0cbb40d..0934c174a 100644 --- a/patch/dpdk-stable-17.11.6/0002-kni-use-netlink-event-for-multicast-driver-part.patch +++ b/patch/dpdk-stable-17.11.6/0001-kni-use-netlink-event-for-multicast-driver-part.patch @@ -1,7 +1,7 @@ -From dd72a3e2a760131f156f61a37df8826514f1ed4c Mon Sep 17 00:00:00 2001 +From b5dc636f0ccdccb3d4e94f3453b6e95a631bb10a Mon Sep 17 00:00:00 2001 From: ywc689 Date: Fri, 28 Jun 2019 17:52:13 +0800 -Subject: [PATCH 2/2] kni: use netlink event for multicast (driver part) +Subject: [PATCH 1/3] kni: use netlink event for multicast (driver part) kni driver send netlink event every time hw-multicast list updated by kernel, the user kni app should capture the event and update multicast @@ -11,13 +11,13 @@ original way is using rte_kni_request to pass hw-multicast to user kni module. that method works but finally memory corruption found, which is to kni device. --- - .../lib/librte_eal/linuxapp/kni/kni_net.c | 68 ++++++++++++++++++++++ + lib/librte_eal/linuxapp/kni/kni_net.c | 68 +++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) -diff --git a/dpdk-stable-17.11.6/lib/librte_eal/linuxapp/kni/kni_net.c b/dpdk-stable-17.11.6/lib/librte_eal/linuxapp/kni/kni_net.c +diff --git a/lib/librte_eal/linuxapp/kni/kni_net.c b/lib/librte_eal/linuxapp/kni/kni_net.c index db9f489..fab94d1 100644 ---- a/dpdk-stable-17.11.6/lib/librte_eal/linuxapp/kni/kni_net.c -+++ b/dpdk-stable-17.11.6/lib/librte_eal/linuxapp/kni/kni_net.c +--- a/lib/librte_eal/linuxapp/kni/kni_net.c ++++ b/lib/librte_eal/linuxapp/kni/kni_net.c @@ -35,6 +35,8 @@ #include #include diff --git a/patch/dpdk-stable-17.11.6/0001-net-support-variable-IP-header-len-for-checksum-API.patch b/patch/dpdk-stable-17.11.6/0002-net-support-variable-IP-header-len-for-checksum-API.patch similarity index 78% rename from patch/dpdk-stable-17.11.6/0001-net-support-variable-IP-header-len-for-checksum-API.patch rename to patch/dpdk-stable-17.11.6/0002-net-support-variable-IP-header-len-for-checksum-API.patch index d423571f8..0a24083af 100644 --- a/patch/dpdk-stable-17.11.6/0001-net-support-variable-IP-header-len-for-checksum-API.patch +++ b/patch/dpdk-stable-17.11.6/0002-net-support-variable-IP-header-len-for-checksum-API.patch @@ -1,19 +1,19 @@ -From 648ff9e42e58a4fe6587dce05b534fb746ae438f Mon Sep 17 00:00:00 2001 +From 4be86649fd61173409040093eecffdbc30570988 Mon Sep 17 00:00:00 2001 From: ywc689 Date: Fri, 28 Jun 2019 17:48:12 +0800 -Subject: [PATCH 1/2] net: support variable IP header len for checksum API. +Subject: [PATCH 2/3] net: support variable IP header len for checksum API. IPv4 checksum APIs use fixe IP header length, it will failed if there is any IP option. Now calculating header length by "ihl" field, so that we can support options. --- - dpdk-stable-17.11.6/lib/librte_net/rte_ip.h | 13 +++++++------ + lib/librte_net/rte_ip.h | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) -diff --git a/dpdk-stable-17.11.6/lib/librte_net/rte_ip.h b/dpdk-stable-17.11.6/lib/librte_net/rte_ip.h +diff --git a/lib/librte_net/rte_ip.h b/lib/librte_net/rte_ip.h index 8d4907f..0d504f6 100644 ---- a/dpdk-stable-17.11.6/lib/librte_net/rte_ip.h -+++ b/dpdk-stable-17.11.6/lib/librte_net/rte_ip.h +--- a/lib/librte_net/rte_ip.h ++++ b/lib/librte_net/rte_ip.h @@ -314,7 +314,7 @@ struct ipv4_hdr { rte_ipv4_cksum(const struct ipv4_hdr *ipv4_hdr) { diff --git a/patch/dpdk-stable-17.11.6/0003-enable-pdump-and-change-dpdk-pdump-tool-for-DPVS.patch b/patch/dpdk-stable-17.11.6/0003-enable-pdump-and-change-dpdk-pdump-tool-for-DPVS.patch new file mode 100644 index 000000000..fcc38a6d6 --- /dev/null +++ b/patch/dpdk-stable-17.11.6/0003-enable-pdump-and-change-dpdk-pdump-tool-for-DPVS.patch @@ -0,0 +1,415 @@ +From f15dd5afb3b061ff636b66cb5507f9122e02be55 Mon Sep 17 00:00:00 2001 +From: Daniel Benli Ye +Date: Tue, 18 Dec 2018 09:01:52 -0500 +Subject: [PATCH 3/3] enable pdump and change dpdk-pdump tool for DPVS + +A fix in app/pdump/main.c is x-ported from later release. +rte.app.pdump.mk is copied from rte.app.mk and do several changes +to addapt DPVS. +--- + app/pdump/Makefile | 2 +- + app/pdump/main.c | 3 +- + config/common_base | 2 +- + mk/rte.app.pdump.mk | 348 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 351 insertions(+), 4 deletions(-) + create mode 100644 mk/rte.app.pdump.mk + +diff --git a/app/pdump/Makefile b/app/pdump/Makefile +index 38ac3e9..28b0d3e 100644 +--- a/app/pdump/Makefile ++++ b/app/pdump/Makefile +@@ -41,6 +41,6 @@ CFLAGS += $(WERROR_FLAGS) + + SRCS-y := main.c + +-include $(RTE_SDK)/mk/rte.app.mk ++include $(RTE_SDK)/mk/rte.app.pdump.mk + + endif +diff --git a/app/pdump/main.c b/app/pdump/main.c +index 8e42b36..96d82aa 100644 +--- a/app/pdump/main.c ++++ b/app/pdump/main.c +@@ -583,11 +583,10 @@ struct parse_val { + { + struct ether_addr addr; + const uint16_t rxRings = 0, txRings = 1; +- const uint8_t nb_ports = rte_eth_dev_count(); + int ret; + uint16_t q; + +- if (port_id > nb_ports) ++ if (!rte_eth_dev_is_valid_port(port_id)) + return -1; + + ret = rte_eth_dev_configure(port_id, rxRings, txRings, +diff --git a/config/common_base b/config/common_base +index 7b47922..31f50b4 100644 +--- a/config/common_base ++++ b/config/common_base +@@ -399,7 +399,7 @@ CONFIG_RTE_PMD_RING_MAX_TX_RINGS=16 + # + # Compile software PMD backed by PCAP files + # +-CONFIG_RTE_LIBRTE_PMD_PCAP=n ++CONFIG_RTE_LIBRTE_PMD_PCAP=y + + # + # Compile link bonding PMD library +diff --git a/mk/rte.app.pdump.mk b/mk/rte.app.pdump.mk +new file mode 100644 +index 0000000..e425472 +--- /dev/null ++++ b/mk/rte.app.pdump.mk +@@ -0,0 +1,348 @@ ++# BSD LICENSE ++# ++# Copyright(c) 2010-2017 Intel Corporation. All rights reserved. ++# Copyright(c) 2014-2015 6WIND S.A. ++# All rights reserved. ++# ++# Redistribution and use in source and binary forms, with or without ++# modification, are permitted provided that the following conditions ++# are met: ++# ++# * Redistributions of source code must retain the above copyright ++# notice, this list of conditions and the following disclaimer. ++# * Redistributions in binary form must reproduce the above copyright ++# notice, this list of conditions and the following disclaimer in ++# the documentation and/or other materials provided with the ++# distribution. ++# * Neither the name of Intel Corporation nor the names of its ++# contributors may be used to endorse or promote products derived ++# from this software without specific prior written permission. ++# ++# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR ++# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ ++include $(RTE_SDK)/mk/internal/rte.compile-pre.mk ++include $(RTE_SDK)/mk/internal/rte.install-pre.mk ++include $(RTE_SDK)/mk/internal/rte.clean-pre.mk ++include $(RTE_SDK)/mk/internal/rte.build-pre.mk ++ ++# VPATH contains at least SRCDIR ++VPATH += $(SRCDIR) ++ ++_BUILD = $(APP) ++_INSTALL = $(INSTALL-FILES-y) $(SYMLINK-FILES-y) ++_INSTALL += $(RTE_OUTPUT)/app/$(APP) $(RTE_OUTPUT)/app/$(APP).map ++POSTINSTALL += target-appinstall ++_CLEAN = doclean ++POSTCLEAN += target-appclean ++ ++ifeq ($(NO_LDSCRIPT),) ++LDSCRIPT = $(RTE_LDSCRIPT) ++endif ++ ++# Link only the libraries used in the application ++LDFLAGS += --as-needed ++ ++# default path for libs ++_LDLIBS-y += -L$(RTE_SDK_BIN)/lib ++ ++# ++# Order is important: from higher level to lower level ++# ++_LDLIBS-$(CONFIG_RTE_LIBRTE_FLOW_CLASSIFY) += -lrte_flow_classify ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PIPELINE) += -lrte_pipeline ++_LDLIBS-$(CONFIG_RTE_LIBRTE_TABLE) += -lrte_table ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PORT) += -lrte_port ++ ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PDUMP) += -lrte_pdump ++_LDLIBS-$(CONFIG_RTE_LIBRTE_DISTRIBUTOR) += -lrte_distributor ++_LDLIBS-$(CONFIG_RTE_LIBRTE_IP_FRAG) += -lrte_ip_frag ++_LDLIBS-$(CONFIG_RTE_LIBRTE_GRO) += -lrte_gro ++_LDLIBS-$(CONFIG_RTE_LIBRTE_GSO) += -lrte_gso ++_LDLIBS-$(CONFIG_RTE_LIBRTE_METER) += -lrte_meter ++_LDLIBS-$(CONFIG_RTE_LIBRTE_LPM) += -lrte_lpm ++# librte_acl needs --whole-archive because of weak functions ++_LDLIBS-$(CONFIG_RTE_LIBRTE_ACL) += --whole-archive ++_LDLIBS-$(CONFIG_RTE_LIBRTE_ACL) += --no-whole-archive ++_LDLIBS-$(CONFIG_RTE_LIBRTE_JOBSTATS) += -lrte_jobstats ++_LDLIBS-$(CONFIG_RTE_LIBRTE_METRICS) += -lrte_metrics ++_LDLIBS-$(CONFIG_RTE_LIBRTE_BITRATE) += -lrte_bitratestats ++_LDLIBS-$(CONFIG_RTE_LIBRTE_LATENCY_STATS) += -lrte_latencystats ++_LDLIBS-$(CONFIG_RTE_LIBRTE_POWER) += -lrte_power ++ ++_LDLIBS-$(CONFIG_RTE_LIBRTE_TIMER) += -lrte_timer ++_LDLIBS-$(CONFIG_RTE_LIBRTE_EFD) += -lrte_efd ++ ++_LDLIBS-y += --whole-archive ++ ++_LDLIBS-$(CONFIG_RTE_LIBRTE_CFGFILE) += -lrte_cfgfile ++_LDLIBS-$(CONFIG_RTE_LIBRTE_HASH) += -lrte_hash ++_LDLIBS-$(CONFIG_RTE_LIBRTE_VHOST) += -lrte_vhost ++_LDLIBS-$(CONFIG_RTE_LIBRTE_KVARGS) += -lrte_kvargs ++_LDLIBS-$(CONFIG_RTE_LIBRTE_MBUF) += -lrte_mbuf ++_LDLIBS-$(CONFIG_RTE_LIBRTE_NET) += -lrte_net ++_LDLIBS-$(CONFIG_RTE_LIBRTE_ETHER) += -lrte_ethdev ++_LDLIBS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += -lrte_cryptodev ++_LDLIBS-$(CONFIG_RTE_LIBRTE_SECURITY) += -lrte_security ++_LDLIBS-$(CONFIG_RTE_LIBRTE_MEMPOOL) += -lrte_mempool ++_LDLIBS-$(CONFIG_RTE_DRIVER_MEMPOOL_RING) += -lrte_mempool_ring ++_LDLIBS-$(CONFIG_RTE_LIBRTE_RING) += -lrte_ring ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PCI) += -lrte_pci ++_LDLIBS-$(CONFIG_RTE_LIBRTE_EAL) += -lrte_eal ++_LDLIBS-$(CONFIG_RTE_LIBRTE_CMDLINE) += -lrte_cmdline ++_LDLIBS-$(CONFIG_RTE_LIBRTE_SCHED) += -lrte_sched ++ ++ifeq ($(CONFIG_RTE_EXEC_ENV_LINUXAPP),y) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_KNI) += -lrte_kni ++endif ++ ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PCI_BUS) += -lrte_bus_pci ++_LDLIBS-$(CONFIG_RTE_LIBRTE_VDEV_BUS) += -lrte_bus_vdev ++ ++ifeq ($(CONFIG_RTE_BUILD_SHARED_LIB),n) ++# plugins (link only if static libraries) ++ ++_LDLIBS-$(CONFIG_RTE_DRIVER_MEMPOOL_STACK) += -lrte_mempool_stack ++ ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AF_PACKET) += -lrte_pmd_af_packet ++_LDLIBS-$(CONFIG_RTE_LIBRTE_ARK_PMD) += -lrte_pmd_ark ++_LDLIBS-$(CONFIG_RTE_LIBRTE_AVP_PMD) += -lrte_pmd_avp ++_LDLIBS-$(CONFIG_RTE_LIBRTE_BNX2X_PMD) += -lrte_pmd_bnx2x -lz ++_LDLIBS-$(CONFIG_RTE_LIBRTE_BNXT_PMD) += -lrte_pmd_bnxt ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_BOND) += -lrte_pmd_bond ++_LDLIBS-$(CONFIG_RTE_LIBRTE_CXGBE_PMD) += -lrte_pmd_cxgbe ++ifeq ($(CONFIG_RTE_LIBRTE_DPAA_BUS),y) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_DPAA_BUS) += -lrte_bus_dpaa ++_LDLIBS-$(CONFIG_RTE_LIBRTE_DPAA_MEMPOOL) += -lrte_mempool_dpaa ++_LDLIBS-$(CONFIG_RTE_LIBRTE_DPAA_PMD) += -lrte_pmd_dpaa ++endif ++_LDLIBS-$(CONFIG_RTE_LIBRTE_DPAA2_PMD) += -lrte_pmd_dpaa2 ++_LDLIBS-$(CONFIG_RTE_LIBRTE_E1000_PMD) += -lrte_pmd_e1000 ++_LDLIBS-$(CONFIG_RTE_LIBRTE_ENA_PMD) += -lrte_pmd_ena ++_LDLIBS-$(CONFIG_RTE_LIBRTE_ENIC_PMD) += -lrte_pmd_enic ++_LDLIBS-$(CONFIG_RTE_LIBRTE_FM10K_PMD) += -lrte_pmd_fm10k ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_FAILSAFE) += -lrte_pmd_failsafe ++_LDLIBS-$(CONFIG_RTE_LIBRTE_I40E_PMD) += -lrte_pmd_i40e ++_LDLIBS-$(CONFIG_RTE_LIBRTE_IXGBE_PMD) += -lrte_pmd_ixgbe ++ifeq ($(CONFIG_RTE_LIBRTE_KNI),y) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KNI) += -lrte_pmd_kni ++endif ++_LDLIBS-$(CONFIG_RTE_LIBRTE_LIO_PMD) += -lrte_pmd_lio ++_LDLIBS-$(CONFIG_RTE_LIBRTE_MLX4_PMD) += -lrte_pmd_mlx4 -libverbs -lmlx4 ++_LDLIBS-$(CONFIG_RTE_LIBRTE_MLX5_PMD) += -lrte_pmd_mlx5 -libverbs -lmlx5 ++_LDLIBS-$(CONFIG_RTE_LIBRTE_MRVL_PMD) += -lrte_pmd_mrvl -L$(LIBMUSDK_PATH)/lib -lmusdk ++_LDLIBS-$(CONFIG_RTE_LIBRTE_NFP_PMD) += -lrte_pmd_nfp ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_NULL) += -lrte_pmd_null ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_PCAP) += -lrte_pmd_pcap -lpcap ++_LDLIBS-$(CONFIG_RTE_LIBRTE_QEDE_PMD) += -lrte_pmd_qede ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_RING) += -lrte_pmd_ring ++ifeq ($(CONFIG_RTE_LIBRTE_SCHED),y) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SOFTNIC) += -lrte_pmd_softnic ++endif ++_LDLIBS-$(CONFIG_RTE_LIBRTE_SFC_EFX_PMD) += -lrte_pmd_sfc_efx ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SZEDATA2) += -lrte_pmd_szedata2 -lsze2 ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_TAP) += -lrte_pmd_tap ++_LDLIBS-$(CONFIG_RTE_LIBRTE_THUNDERX_NICVF_PMD) += -lrte_pmd_thunderx_nicvf ++_LDLIBS-$(CONFIG_RTE_LIBRTE_VIRTIO_PMD) += -lrte_pmd_virtio ++ifeq ($(CONFIG_RTE_LIBRTE_VHOST),y) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_VHOST) += -lrte_pmd_vhost ++endif # $(CONFIG_RTE_LIBRTE_VHOST) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_VMXNET3_PMD) += -lrte_pmd_vmxnet3_uio ++ ++ifeq ($(CONFIG_RTE_LIBRTE_CRYPTODEV),y) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB) += -lrte_pmd_aesni_mb ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB) += -L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM) += -lrte_pmd_aesni_gcm ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM) += -L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL) += -lrte_pmd_openssl -lcrypto ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_NULL_CRYPTO) += -lrte_pmd_null_crypto ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_QAT) += -lrte_pmd_qat -lcrypto ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += -lrte_pmd_snow3g ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += -L$(LIBSSO_SNOW3G_PATH)/build -lsso_snow3g ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += -lrte_pmd_kasumi ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -lrte_pmd_zuc ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO) += -lrte_pmd_armv8 ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO) += -L$(ARMV8_CRYPTO_LIB_PATH) -larmv8_crypto ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_MRVL_CRYPTO) += -L$(LIBMUSDK_PATH)/lib -lrte_pmd_mrvl_crypto -lmusdk ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_CRYPTO_SCHEDULER) += -lrte_pmd_crypto_scheduler ++ifeq ($(CONFIG_RTE_LIBRTE_FSLMC_BUS),y) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_DPAA2_SEC) += -lrte_pmd_dpaa2_sec ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_DPAA2_SEC) += -lrte_mempool_dpaa2 ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_DPAA2_SEC) += -lrte_bus_fslmc ++endif # CONFIG_RTE_LIBRTE_FSLMC_BUS ++ ++ifeq ($(CONFIG_RTE_LIBRTE_DPAA_BUS),y) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_DPAA_SEC) += -lrte_bus_dpaa ++_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_DPAA_SEC) += -lrte_pmd_dpaa_sec ++endif # CONFIG_RTE_LIBRTE_DPAA_BUS ++ ++endif # CONFIG_RTE_LIBRTE_CRYPTODEV ++ ++ifeq ($(CONFIG_RTE_LIBRTE_DPAA2_PMD),y) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_DPAA2_PMD) += -lrte_bus_fslmc ++_LDLIBS-$(CONFIG_RTE_LIBRTE_DPAA2_PMD) += -lrte_mempool_dpaa2 ++endif # CONFIG_RTE_LIBRTE_DPAA2_PMD ++ ++endif # !CONFIG_RTE_BUILD_SHARED_LIBS ++ ++_LDLIBS-y += --no-whole-archive ++ ++ifeq ($(CONFIG_RTE_BUILD_SHARED_LIB),n) ++# The static libraries do not know their dependencies. ++# So linking with static library requires explicit dependencies. ++_LDLIBS-$(CONFIG_RTE_LIBRTE_EAL) += -lrt ++ifeq ($(CONFIG_RTE_EXEC_ENV_LINUXAPP)$(CONFIG_RTE_EAL_NUMA_AWARE_HUGEPAGES),yy) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_EAL) += -lnuma ++endif ++_LDLIBS-$(CONFIG_RTE_LIBRTE_SCHED) += -lm ++_LDLIBS-$(CONFIG_RTE_LIBRTE_SCHED) += -lrt ++_LDLIBS-$(CONFIG_RTE_LIBRTE_MEMBER) += -lm ++_LDLIBS-$(CONFIG_RTE_LIBRTE_METER) += -lm ++ifeq ($(CONFIG_RTE_LIBRTE_VHOST_NUMA),y) ++_LDLIBS-$(CONFIG_RTE_LIBRTE_VHOST) += -lnuma ++endif ++_LDLIBS-$(CONFIG_RTE_PORT_PCAP) += -lpcap ++endif # !CONFIG_RTE_BUILD_SHARED_LIBS ++ ++_LDLIBS-y += $(EXECENV_LDLIBS) ++ ++LDLIBS += $(_LDLIBS-y) $(CPU_LDLIBS) $(EXTRA_LDLIBS) ++ ++# all the words except the first one ++allbutfirst = $(wordlist 2,$(words $(1)),$(1)) ++ ++# Eliminate duplicates without sorting, only keep the last occurrence ++filter-libs = \ ++ $(if $(1),$(strip\ ++ $(if \ ++ $(and \ ++ $(filter $(firstword $(1)),$(call allbutfirst,$(1))),\ ++ $(filter -l%,$(firstword $(1)))),\ ++ ,\ ++ $(firstword $(1))) \ ++ $(call filter-libs,$(call allbutfirst,$(1))))) ++ ++LDLIBS := $(call filter-libs,$(LDLIBS)) ++ ++ifeq ($(RTE_DEVEL_BUILD)$(CONFIG_RTE_BUILD_SHARED_LIB),yy) ++LDFLAGS += -rpath=$(RTE_SDK_BIN)/lib ++endif ++ ++MAPFLAGS = -Map=$@.map --cref ++ ++.PHONY: all ++all: install ++ ++.PHONY: install ++install: build _postinstall ++ ++_postinstall: build ++ ++.PHONY: build ++build: _postbuild ++ ++exe2cmd = $(strip $(call dotfile,$(patsubst %,%.cmd,$(1)))) ++ ++ifeq ($(LINK_USING_CC),1) ++O_TO_EXE = $(CC) -o $@ $(CFLAGS) $(EXTRA_CFLAGS) $(OBJS-y) $(call linkerprefix, \ ++ $(LDLIBS) $(LDFLAGS) $(LDFLAGS_$(@)) $(EXTRA_LDFLAGS) \ ++ $(MAPFLAGS)) ++else ++O_TO_EXE = $(LD) -o $@ $(OBJS-y) \ ++ $(LDLIBS) $(LDFLAGS) $(LDFLAGS_$(@)) $(EXTRA_LDFLAGS) \ ++ $(MAPFLAGS) ++endif ++O_TO_EXE_STR = $(subst ','\'',$(O_TO_EXE)) #'# fix syntax highlight ++O_TO_EXE_DISP = $(if $(V),"$(O_TO_EXE_STR)"," LD $(@)") ++O_TO_EXE_CMD = "cmd_$@ = $(O_TO_EXE_STR)" ++O_TO_EXE_DO = @set -e; \ ++ echo $(O_TO_EXE_DISP); \ ++ $(O_TO_EXE) && \ ++ echo $(O_TO_EXE_CMD) > $(call exe2cmd,$(@)) ++ ++-include .$(APP).cmd ++ ++# path where libraries are retrieved ++LDLIBS_PATH := $(subst -Wl$(comma)-L,,$(filter -Wl$(comma)-L%,$(LDLIBS))) ++LDLIBS_PATH += $(subst -L,,$(filter -L%,$(LDLIBS))) ++ ++# list of .a files that are linked to this application ++LDLIBS_NAMES := $(patsubst -l%,lib%.a,$(filter -l%,$(LDLIBS))) ++LDLIBS_NAMES += $(patsubst -Wl$(comma)-l%,lib%.a,$(filter -Wl$(comma)-l%,$(LDLIBS))) ++ ++# list of found libraries files (useful for deps). If not found, the ++# library is silently ignored and dep won't be checked ++LDLIBS_FILES := $(sort $(wildcard $(foreach dir,$(LDLIBS_PATH),\ ++ $(addprefix $(dir)/,$(LDLIBS_NAMES))))) ++ ++# ++# Compile executable file if needed ++# ++$(APP): $(OBJS-y) $(LDLIBS_FILES) $(DEP_$(APP)) $(LDSCRIPT) FORCE ++ @[ -d $(dir $@) ] || mkdir -p $(dir $@) ++ $(if $(D),\ ++ @echo -n "$< -> $@ " ; \ ++ echo -n "file_missing=$(call boolean,$(file_missing)) " ; \ ++ echo -n "cmdline_changed=$(call boolean,$(call cmdline_changed,$(O_TO_EXE_STR))) " ; \ ++ echo -n "depfile_missing=$(call boolean,$(depfile_missing)) " ; \ ++ echo "depfile_newer=$(call boolean,$(depfile_newer)) ") ++ $(if $(or \ ++ $(file_missing),\ ++ $(call cmdline_changed,$(O_TO_EXE_STR)),\ ++ $(depfile_missing),\ ++ $(depfile_newer)),\ ++ $(O_TO_EXE_DO)) ++ ++# ++# install app in $(RTE_OUTPUT)/app ++# ++$(RTE_OUTPUT)/app/$(APP): $(APP) ++ @echo " INSTALL-APP $(APP)" ++ @[ -d $(RTE_OUTPUT)/app ] || mkdir -p $(RTE_OUTPUT)/app ++ $(Q)cp -f $(APP) $(RTE_OUTPUT)/app ++ ++# ++# install app map file in $(RTE_OUTPUT)/app ++# ++$(RTE_OUTPUT)/app/$(APP).map: $(APP) ++ @echo " INSTALL-MAP $(APP).map" ++ @[ -d $(RTE_OUTPUT)/app ] || mkdir -p $(RTE_OUTPUT)/app ++ $(Q)cp -f $(APP).map $(RTE_OUTPUT)/app ++ ++# ++# Clean all generated files ++# ++.PHONY: clean ++clean: _postclean ++ $(Q)rm -f $(_BUILD_TARGETS) $(_INSTALL_TARGETS) $(_CLEAN_TARGETS) ++ ++.PHONY: doclean ++doclean: ++ $(Q)rm -rf $(APP) $(OBJS-all) $(DEPS-all) $(DEPSTMP-all) \ ++ $(CMDS-all) $(INSTALL-FILES-all) .$(APP).cmd $(APP).map ++ ++ ++include $(RTE_SDK)/mk/internal/rte.compile-post.mk ++include $(RTE_SDK)/mk/internal/rte.install-post.mk ++include $(RTE_SDK)/mk/internal/rte.clean-post.mk ++include $(RTE_SDK)/mk/internal/rte.build-post.mk ++ ++ifneq ($(wildcard $(RTE_SDK)/mk/target/$(RTE_TARGET)/rte.app.mk),) ++include $(RTE_SDK)/mk/target/$(RTE_TARGET)/rte.app.mk ++else ++include $(RTE_SDK)/mk/target/generic/rte.app.mk ++endif ++ ++.PHONY: FORCE ++FORCE: +-- +1.8.3.1 + diff --git a/patch/dpdk-stable-18.11.2/0002-kni-use-netlink-event-for-multicast-driver-part.patch b/patch/dpdk-stable-18.11.2/0001-kni-use-netlink-event-for-multicast-driver-part.patch similarity index 90% rename from patch/dpdk-stable-18.11.2/0002-kni-use-netlink-event-for-multicast-driver-part.patch rename to patch/dpdk-stable-18.11.2/0001-kni-use-netlink-event-for-multicast-driver-part.patch index abd9ac448..17aea758a 100644 --- a/patch/dpdk-stable-18.11.2/0002-kni-use-netlink-event-for-multicast-driver-part.patch +++ b/patch/dpdk-stable-18.11.2/0001-kni-use-netlink-event-for-multicast-driver-part.patch @@ -1,7 +1,7 @@ -From 7a54416e9370be6d573d6b9429002c0712a5851f Mon Sep 17 00:00:00 2001 +From 659c6e84e3ae0c5e5b93894aa15dd4983b3ac6c3 Mon Sep 17 00:00:00 2001 From: ywc689 Date: Fri, 28 Jun 2019 16:52:24 +0800 -Subject: [PATCH 2/3] kni: use netlink event for multicast (driver part) +Subject: [PATCH 1/3] kni: use netlink event for multicast (driver part) kni driver send netlink event every time hw-multicast list updated by kernel, the user kni app should capture the event and update multicast @@ -11,13 +11,13 @@ original way is using rte_kni_request to pass hw-multicast to user kni module. that method works but finally memory corruption found, which is to kni device. --- - dpdk-stable-18.11.2/kernel/linux/kni/kni_net.c | 70 ++++++++++++++++++++++++++ + kernel/linux/kni/kni_net.c | 70 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) -diff --git a/dpdk-stable-18.11.2/kernel/linux/kni/kni_net.c b/dpdk-stable-18.11.2/kernel/linux/kni/kni_net.c +diff --git a/kernel/linux/kni/kni_net.c b/kernel/linux/kni/kni_net.c index 7371b6d..edc1416 100644 ---- a/dpdk-stable-18.11.2/kernel/linux/kni/kni_net.c -+++ b/dpdk-stable-18.11.2/kernel/linux/kni/kni_net.c +--- a/kernel/linux/kni/kni_net.c ++++ b/kernel/linux/kni/kni_net.c @@ -16,6 +16,8 @@ #include #include diff --git a/patch/dpdk-stable-18.11.2/0001-net-support-variable-IP-header-len-for-checksum-API.patch b/patch/dpdk-stable-18.11.2/0002-net-support-variable-IP-header-len-for-checksum-API.patch similarity index 78% rename from patch/dpdk-stable-18.11.2/0001-net-support-variable-IP-header-len-for-checksum-API.patch rename to patch/dpdk-stable-18.11.2/0002-net-support-variable-IP-header-len-for-checksum-API.patch index 0c1852c3a..2356e2154 100644 --- a/patch/dpdk-stable-18.11.2/0001-net-support-variable-IP-header-len-for-checksum-API.patch +++ b/patch/dpdk-stable-18.11.2/0002-net-support-variable-IP-header-len-for-checksum-API.patch @@ -1,19 +1,19 @@ -From 5dac8928f844b4b6cfaeab6c1174b60b7409279b Mon Sep 17 00:00:00 2001 +From 86d8695113517403c59497dc2f43a333fa44316b Mon Sep 17 00:00:00 2001 From: ywc689 Date: Fri, 28 Jun 2019 16:27:08 +0800 -Subject: [PATCH 1/3] net: support variable IP header len for checksum API. +Subject: [PATCH 2/3] net: support variable IP header len for checksum API. IPv4 checksum APIs use fixe IP header length, it will failed if there is any IP option. Now calculating header length by "ihl" field, so that we can support options. --- - dpdk-stable-18.11.2/lib/librte_net/rte_ip.h | 13 +++++++------ + lib/librte_net/rte_ip.h | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) -diff --git a/dpdk-stable-18.11.2/lib/librte_net/rte_ip.h b/dpdk-stable-18.11.2/lib/librte_net/rte_ip.h +diff --git a/lib/librte_net/rte_ip.h b/lib/librte_net/rte_ip.h index f9b9090..635bdcc 100644 ---- a/dpdk-stable-18.11.2/lib/librte_net/rte_ip.h -+++ b/dpdk-stable-18.11.2/lib/librte_net/rte_ip.h +--- a/lib/librte_net/rte_ip.h ++++ b/lib/librte_net/rte_ip.h @@ -252,7 +252,7 @@ struct ipv4_hdr { rte_ipv4_cksum(const struct ipv4_hdr *ipv4_hdr) { diff --git a/patch/dpdk-stable-18.11.2/0003-driver-kni-enable-flow_item-type-comparsion-in-flow_.patch b/patch/dpdk-stable-18.11.2/0003-driver-kni-enable-flow_item-type-comparsion-in-flow_.patch index 38c539a33..d5634fb53 100644 --- a/patch/dpdk-stable-18.11.2/0003-driver-kni-enable-flow_item-type-comparsion-in-flow_.patch +++ b/patch/dpdk-stable-18.11.2/0003-driver-kni-enable-flow_item-type-comparsion-in-flow_.patch @@ -1,4 +1,4 @@ -From 408cda4311b0c10b441fbf8b67614d7873ec718a Mon Sep 17 00:00:00 2001 +From 2e26428dc4d450e974ceb9bc737f691057cd80b6 Mon Sep 17 00:00:00 2001 From: ywc689 Date: Fri, 28 Jun 2019 17:02:40 +0800 Subject: [PATCH 3/3] driver:kni: enable flow_item type comparsion in @@ -9,13 +9,13 @@ the flow type is not compared in 'flow_fdir_cmp', which resulting in the failure or unwanted behavior in adding/deleting two same fdir flows with flow type(such as ipv4 tcp/udp) different only. --- - dpdk-stable-18.11.2/drivers/net/mlx5/mlx5_flow.c | 5 +++++ + drivers/net/mlx5/mlx5_flow.c | 5 +++++ 1 file changed, 5 insertions(+) -diff --git a/dpdk-stable-18.11.2/drivers/net/mlx5/mlx5_flow.c b/dpdk-stable-18.11.2/drivers/net/mlx5/mlx5_flow.c +diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c index 222cd81..d99edce 100644 ---- a/dpdk-stable-18.11.2/drivers/net/mlx5/mlx5_flow.c -+++ b/dpdk-stable-18.11.2/drivers/net/mlx5/mlx5_flow.c +--- a/drivers/net/mlx5/mlx5_flow.c ++++ b/drivers/net/mlx5/mlx5_flow.c @@ -2668,6 +2668,11 @@ struct rte_flow * static int flow_fdir_cmp(const struct mlx5_fdir *f1, const struct mlx5_fdir *f2) From 917e4a4c12696ae72561a37a0247b23c45a1587d Mon Sep 17 00:00:00 2001 From: chenwei Date: Tue, 19 Nov 2019 15:08:00 +0000 Subject: [PATCH 33/62] bugfix: fix wrong assignment in assertion expression --- src/ctrl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ctrl.c b/src/ctrl.c index 9ca2f0793..7638fb932 100644 --- a/src/ctrl.c +++ b/src/ctrl.c @@ -697,7 +697,7 @@ int msg_master_process(int step) /* probably previous msg timeout and new msg of this type sent */ RTE_LOG(INFO, MSGMGR, "%s:msg@%p, multicast reply msg from" " lcore %d repeated\n", __func__, msg, msg->type, msg->seq, msg->cid); - assert(msg->mode = DPVS_MSG_UNICAST); + assert(msg->mode == DPVS_MSG_UNICAST); add_msg_flags(msg, DPVS_MSG_F_STATE_DROP); msg_destroy(&msg); /* sorry, you are late */ } From 80d9ee206626ba2ad5be08696849bf80ec6a94b9 Mon Sep 17 00:00:00 2001 From: Weiliang Li Date: Tue, 26 Nov 2019 22:02:20 +0800 Subject: [PATCH 34/62] Delete useless if condition. Delete useless if condition. --- src/ipvs/libconhash/util_rbtree.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/ipvs/libconhash/util_rbtree.c b/src/ipvs/libconhash/util_rbtree.c index 0c0782dac..cb386675b 100644 --- a/src/ipvs/libconhash/util_rbtree.c +++ b/src/ipvs/libconhash/util_rbtree.c @@ -290,10 +290,6 @@ void rbtree_delete_fixup(util_rbtree_t *rbtree, util_rbtree_node_t *node) else /* node is right child */ { w = node->parent->left; - if(w == 0) - { - //int t = 4; - } if(util_rbt_isred(w)) { util_rbt_black(w); From db69cf84706356b3273401930dc33b4e3a0c3c90 Mon Sep 17 00:00:00 2001 From: Haishuang Yan Date: Sun, 1 Dec 2019 22:09:17 +0800 Subject: [PATCH 35/62] ip_tunnel: fix possible memory leak in tunnel_xmit mbuf is leaked when rte_pktmbuf_prepend return fails in tunnel_xmit. Signed-off-by: Haishuang Yan --- src/ip_tunnel.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/ip_tunnel.c b/src/ip_tunnel.c index 4608a401b..e6dfb05ff 100644 --- a/src/ip_tunnel.c +++ b/src/ip_tunnel.c @@ -349,8 +349,10 @@ static int tunnel_xmit(struct rte_mbuf *mbuf, __be32 src, __be32 dst, struct iphdr *oiph; /* outter IP header */ oiph = (struct iphdr *)rte_pktmbuf_prepend(mbuf, sizeof(*oiph)); - if (!oiph) + if (!oiph) { + rte_pktmbuf_free(mbuf); return EDPVS_NOROOM; + } oiph->version = 4; oiph->ihl = sizeof(struct iphdr) >> 2; From a923f2f02ca1d15b2dedc274581f917c10481a15 Mon Sep 17 00:00:00 2001 From: weiyanhua Date: Tue, 17 Dec 2019 17:00:39 +0800 Subject: [PATCH 36/62] fix:no enough memory dpvs crash. --- src/netif.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/netif.c b/src/netif.c index 36ee2e11f..a6328c9f2 100644 --- a/src/netif.c +++ b/src/netif.c @@ -2750,6 +2750,11 @@ struct netif_port *netif_alloc(size_t priv_size, const char *namefmt, } dev = rte_zmalloc("netif", alloc_size, RTE_CACHE_LINE_SIZE); + if (!dev) { + RTE_LOG(ERR, NETIF, "%s: no memory\n", __func__); + return NULL; + } + dev->id = netif_port_id_alloc(); if (strstr(namefmt, "%d")) From 2ad9ffcba9702880939d429643005f83df9b9256 Mon Sep 17 00:00:00 2001 From: mscbg Date: Mon, 23 Dec 2019 16:59:37 +0800 Subject: [PATCH 37/62] fix bug: msg free use msg_reply_free --- src/ipv6/ipv6_ctrl.c | 2 +- src/ipvs/ip_vs_service.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/ipv6/ipv6_ctrl.c b/src/ipv6/ipv6_ctrl.c index ec6d9a7e4..763093ad2 100644 --- a/src/ipv6/ipv6_ctrl.c +++ b/src/ipv6/ipv6_ctrl.c @@ -40,7 +40,7 @@ static int ip6_msg_get_stats(struct dpvs_msg *msg) err = ipv6_stats_cpu(stats); if (err != EDPVS_OK) { - rte_free(stats); + msg_reply_free(stats); return err; } diff --git a/src/ipvs/ip_vs_service.c b/src/ipvs/ip_vs_service.c index ebddcf3a9..5bd23a812 100644 --- a/src/ipvs/ip_vs_service.c +++ b/src/ipvs/ip_vs_service.c @@ -1080,7 +1080,7 @@ static int dp_vs_get_services_uc_cb(struct dpvs_msg *msg) return EDPVS_NOMEM; ret = dp_vs_get_service_entries(get->num_services, output, cid); if (ret != EDPVS_OK) { - rte_free(output); + msg_reply_free(output); return ret; } msg->reply.len = size; @@ -1137,7 +1137,7 @@ static int dp_vs_get_service_uc_cb(struct dpvs_msg *msg) ret = dp_vs_copy_service(entry, svc); if (ret != EDPVS_OK) { - rte_free(entry); + msg_reply_free(entry); return ret; } msg->reply.len = size; @@ -1181,7 +1181,7 @@ static int dp_vs_get_dests_uc_cb(struct dpvs_msg *msg) rte_memcpy(output, get, sizeof(*get)); ret = dp_vs_get_dest_entries(svc, output); if (ret != EDPVS_OK) { - rte_free(output); + msg_reply_free(output); return ret; } From ca664a46f57dbc6fe6f23c81651584ac43208e36 Mon Sep 17 00:00:00 2001 From: ytwang0320 Date: Wed, 25 Dec 2019 16:14:36 +0800 Subject: [PATCH 38/62] updated keepalived 2.0.19 --- .../.github/ISSUE_TEMPLATE/bug_report.md | 43 + .../.github/ISSUE_TEMPLATE/feature_request.md | 26 + .../support-help-request-template.md | 42 + .../ISSUE_TEMPLATE/use-for-any-other-issue.md | 43 + tools/keepalived/.gitignore | 48 + tools/keepalived/.indent.pro | 8 + tools/keepalived/.travis.yml | 47 + tools/keepalived/CONTRIBUTORS | 2 +- tools/keepalived/ChangeLog | 6440 +- tools/keepalived/Dockerfile | 54 + tools/keepalived/INSTALL | 225 +- tools/keepalived/Makefile.am | 80 + tools/keepalived/Makefile.in | 929 +- tools/keepalived/README | 25 - tools/keepalived/README.md | 42 + tools/keepalived/TODO | 153 + tools/keepalived/VERSION | 1 - tools/keepalived/bin_install/Makefile.am | 36 + tools/keepalived/build_setup | 6 + tools/keepalived/config.json | 4919 + tools/keepalived/configure | 12552 +- tools/keepalived/configure.ac | 2795 + tools/keepalived/configure.in | 387 - tools/keepalived/doc/.gitignore | 1 + tools/keepalived/doc/KEEPALIVED-MIB | 2221 - tools/keepalived/doc/KEEPALIVED-MIB.txt | 5265 + tools/keepalived/doc/Makefile.am | 220 + tools/keepalived/doc/NOTE_vrrp_vmac.txt | 40 +- tools/keepalived/doc/README.sphinx | 11 + tools/keepalived/doc/VRRP-MIB.txt | 792 + tools/keepalived/doc/VRRPv3-MIB.txt | 955 + tools/keepalived/doc/keepalived.conf.SYNOPSIS | 442 +- tools/keepalived/doc/man/man1/genhash.1 | 10 + .../keepalived/doc/man/man5/keepalived.conf.5 | 2546 +- tools/keepalived/doc/man/man8/.gitignore | 1 + tools/keepalived/doc/man/man8/Makefile.am | 20 + tools/keepalived/doc/man/man8/keepalived.8 | 107 - tools/keepalived/doc/man/man8/keepalived.8.in | 358 + .../doc/samples/keepalived.conf.HTTP_GET.port | 6 +- .../doc/samples/keepalived.conf.IPv6 | 65 +- .../doc/samples/keepalived.conf.SMTP_CHECK | 5 +- .../doc/samples/keepalived.conf.SSL_GET | 16 +- .../samples/keepalived.conf.conditional_conf | 34 + .../doc/samples/keepalived.conf.inhibit | 7 +- .../doc/samples/keepalived.conf.misc_check | 6 +- .../samples/keepalived.conf.misc_check_arg | 3 +- .../doc/samples/keepalived.conf.sample | 6 +- .../doc/samples/keepalived.conf.status_code | 13 +- .../samples/keepalived.conf.track_interface | 2 +- .../keepalived.conf.virtual_server_group | 10 +- .../doc/samples/keepalived.conf.virtualhost | 8 +- .../doc/samples/keepalived.conf.vrrp | 7 +- .../samples/keepalived.conf.vrrp.lvs_syncd | 1 - .../doc/samples/keepalived.conf.vrrp.routes | 1 + .../doc/samples/keepalived.conf.vrrp.rules | 28 + .../doc/samples/keepalived.conf.vrrp.scripts | 2 +- .../doc/samples/keepalived.conf.vrrp.sync | 2 - .../doc/samples/sample.misccheck.smbcheck.sh | 2 +- .../doc/samples/sample_notify_fifo.sh | 93 + .../source/_static/.gitignore} | 0 tools/keepalived/doc/source/_static/.gitkeep | 0 .../doc/source/_templates/.gitignore | 0 .../keepalived/doc/source/_templates/.gitkeep | 0 tools/keepalived/doc/source/about.rst | 43 + .../doc/source/case_study_failover.rst | 174 + .../doc/source/case_study_healthcheck.rst | 225 + .../doc/source/case_study_mixing.rst | 152 + tools/keepalived/doc/source/conf.py | 297 + .../doc/source/configuration_synopsis.rst | 190 + .../doc/source/images/software_design.png | Bin 0 -> 28145 bytes tools/keepalived/doc/source/index.rst | 24 + .../doc/source/installing_keepalived.rst | 144 + tools/keepalived/doc/source/introduction.rst | 29 + tools/keepalived/doc/source/license.rst | 10 + .../doc/source/load_balancing_techniques.rst | 61 + .../doc/source/programs_synopsis.rst | 172 + .../doc/source/protocol_support.rst | 36 + .../doc/source/scheduling_algorithms.rst | 78 + tools/keepalived/doc/source/snmp_support.rst | 133 + .../keepalived/doc/source/software_design.rst | 330 + tools/keepalived/doc/source/terminology.rst | 75 + tools/keepalived/doc/source/todo.rst | 7 + .../tools/pydoctheme/static/pydoctheme.css | 178 + .../doc/source/tools/pydoctheme/theme.conf | 23 + tools/keepalived/docker/keepalived.conf | 10 + tools/keepalived/genhash/.gitignore | 1 + tools/keepalived/genhash/INSTALL | 4 +- tools/keepalived/genhash/Makefile.am | 22 + tools/keepalived/genhash/Makefile.in | 653 +- tools/keepalived/genhash/README | 4 +- tools/keepalived/genhash/http.c | 282 +- tools/keepalived/genhash/{ => include}/hash.h | 36 +- tools/keepalived/genhash/{ => include}/http.h | 36 +- .../keepalived/genhash/{ => include}/layer4.h | 18 +- tools/keepalived/genhash/{ => include}/main.h | 52 +- tools/keepalived/genhash/{ => include}/sock.h | 28 +- tools/keepalived/genhash/{ => include}/ssl.h | 15 +- tools/keepalived/genhash/layer4.c | 181 +- tools/keepalived/genhash/main.c | 213 +- tools/keepalived/genhash/sock.c | 19 +- tools/keepalived/genhash/ssl.c | 223 +- tools/keepalived/goodies/arpreset.pl | 97 + .../goodies/check_conditional_tests | 16 + tools/keepalived/install-sh | 252 +- tools/keepalived/keepalived.conf | 37053 +++++ tools/keepalived/keepalived.spec.in | 137 +- tools/keepalived/keepalived/.gitignore | 2 + tools/keepalived/keepalived/Makefile.am | 75 + tools/keepalived/keepalived/Makefile.in | 958 +- tools/keepalived/keepalived/bfd/Makefile.am | 24 + tools/keepalived/keepalived/bfd/bfd.c | 308 + tools/keepalived/keepalived/bfd/bfd_daemon.c | 453 + tools/keepalived/keepalived/bfd/bfd_data.c | 360 + tools/keepalived/keepalived/bfd/bfd_event.c | 85 + tools/keepalived/keepalived/bfd/bfd_parser.c | 559 + .../keepalived/keepalived/bfd/bfd_scheduler.c | 1249 + tools/keepalived/keepalived/check/Makefile.am | 36 + tools/keepalived/keepalived/check/Makefile.in | 645 +- tools/keepalived/keepalived/check/check_api.c | 584 +- tools/keepalived/keepalived/check/check_bfd.c | 321 + .../keepalived/check/check_daemon.c | 690 +- .../keepalived/keepalived/check/check_data.c | 1478 +- tools/keepalived/keepalived/check/check_dns.c | 548 + .../keepalived/keepalived/check/check_http.c | 1848 +- .../keepalived/keepalived/check/check_misc.c | 526 +- .../keepalived/check/check_parser.c | 1061 +- .../keepalived/keepalived/check/check_print.c | 50 + .../keepalived/keepalived/check/check_smtp.c | 878 +- .../keepalived/keepalived/check/check_snmp.c | 1223 +- tools/keepalived/keepalived/check/check_ssl.c | 218 +- tools/keepalived/keepalived/check/check_tcp.c | 212 +- .../keepalived/keepalived/check/ipvswrapper.c | 1943 +- tools/keepalived/keepalived/check/ipwrapper.c | 1420 +- .../keepalived/check/ipwrapper.c.TODO | 917 + .../{libipvs-2.6 => check}/libipvs.c | 1054 +- tools/keepalived/keepalived/check/sockopt.c | 285 + tools/keepalived/keepalived/core/Makefile.am | 43 + tools/keepalived/keepalived/core/Makefile.in | 620 +- tools/keepalived/keepalived/core/daemon.c | 31 +- .../keepalived/keepalived/core/global_data.c | 606 +- .../keepalived/core/global_parser.c | 1935 +- .../keepalived/core/keepalived_netlink.c | 2482 + tools/keepalived/keepalived/core/layer4.c | 145 +- tools/keepalived/keepalived/core/libnl_link.c | 137 + tools/keepalived/keepalived/core/main.c | 2010 +- tools/keepalived/keepalived/core/namespaces.c | 302 + tools/keepalived/keepalived/core/pidfile.c | 99 +- tools/keepalived/keepalived/core/smtp.c | 564 +- tools/keepalived/keepalived/core/snmp.c | 385 +- .../keepalived/core/track_process.c | 1193 + tools/keepalived/keepalived/dbus/.gitignore | 1 + tools/keepalived/keepalived/dbus/Makefile.am | 46 + .../dbus/org.keepalived.Vrrp1.Instance.xml | 31 + .../org.keepalived.Vrrp1.Vrrp.xml_template | 94 + .../keepalived/dbus/org.keepalived.Vrrp1.conf | 14 + tools/keepalived/keepalived/etc/.gitignore | 1 + tools/keepalived/keepalived/etc/Makefile.am | 9 + .../keepalived/etc/init.d/.gitignore | 1 + .../keepalived/etc/init.d/Makefile.am | 31 + .../init.d/{keepalived.init => keepalived} | 0 ...ived.suse.init => keepalived.suse.init.in} | 19 +- .../keepalived/keepalived/etc/init/.gitignore | 1 + .../keepalived/etc/init/Makefile.am | 25 + .../keepalived/etc/init/keepalived.conf.in | 11 + .../keepalived/etc/keepalived/keepalived.conf | 42 +- .../keepalived/etc/openrc/keepalived | 11 + .../keepalived} | 0 tools/keepalived/keepalived/include/bfd.h | 244 + .../keepalived/include/bfd_daemon.h | 42 + .../keepalived/keepalived/include/bfd_data.h | 58 + .../keepalived/keepalived/include/bfd_event.h | 36 + .../keepalived/include/bfd_parser.h | 32 + .../keepalived/include/bfd_scheduler.h | 34 + .../keepalived/keepalived/include/check_api.h | 83 +- .../keepalived/keepalived/include/check_bfd.h | 62 + .../keepalived/include/check_daemon.h | 19 +- .../keepalived/include/check_data.h | 349 +- .../keepalived/keepalived/include/check_dns.h | 98 + .../keepalived/include/check_http.h | 131 +- .../keepalived/include/check_misc.h | 24 +- .../keepalived/include/check_parser.h | 14 +- .../keepalived/include/check_print.h | 29 + .../keepalived/include/check_smtp.h | 44 +- .../keepalived/include/check_snmp.h | 114 +- .../keepalived/keepalived/include/check_ssl.h | 19 +- .../keepalived/keepalived/include/check_tcp.h | 16 +- tools/keepalived/keepalived/include/common.h | 152 + .../keepalived/include/conf/blklst.h | 56 + .../keepalived/keepalived/include/conf/conn.h | 91 + .../keepalived/include/conf/inetaddr.h | 68 + .../keepalived/include/conf/ip_tunnel.h | 154 + .../keepalived/keepalived/include/conf/ipv6.h | 39 + .../keepalived/include/conf/laddr.h | 66 + .../keepalived/include/conf/neigh.h | 86 + .../keepalived/include/conf/netif.h | 281 + .../keepalived/include/conf/route.h | 79 + .../keepalived/include/conf/route6.h | 56 + tools/keepalived/keepalived/include/conf/tc.h | 139 + .../keepalived/keepalived/include/conf/vlan.h | 46 + tools/keepalived/keepalived/include/daemon.h | 13 +- tools/keepalived/keepalived/include/dp_vs.h | 35 + tools/keepalived/keepalived/include/flow.h | 122 + .../keepalived/include/global_data.h | 252 +- .../keepalived/include/global_parser.h | 15 +- tools/keepalived/keepalived/include/inet.h | 338 + .../{libipvs-2.6 => include}/ip_vs.h | 507 +- .../keepalived/include/ipvs/blklst.h | 39 + .../keepalived/include/ipvs/conhash.h | 28 + .../keepalived/keepalived/include/ipvs/conn.h | 273 + .../keepalived/keepalived/include/ipvs/dest.h | 210 + .../keepalived/keepalived/include/ipvs/ipvs.h | 58 + .../keepalived/include/ipvs/laddr.h | 35 + .../keepalived/include/ipvs/nat64.h | 49 + .../keepalived/include/ipvs/proto.h | 108 + .../keepalived/include/ipvs/proto_icmp.h | 24 + .../keepalived/include/ipvs/proto_tcp.h | 109 + .../keepalived/include/ipvs/proto_udp.h | 36 + tools/keepalived/keepalived/include/ipvs/rr.h | 28 + .../keepalived/include/ipvs/sched.h | 59 + .../keepalived/include/ipvs/service.h | 255 + .../keepalived/include/ipvs/stats.h | 118 + .../keepalived/include/ipvs/synproxy.h | 128 + .../keepalived/keepalived/include/ipvs/wlc.h | 28 + .../keepalived/keepalived/include/ipvs/wrr.h | 28 + .../keepalived/keepalived/include/ipvs/xmit.h | 63 + .../keepalived/include/ipvswrapper.h | 88 +- .../keepalived/keepalived/include/ipwrapper.h | 36 +- .../keepalived/include/keepalived_netlink.h | 152 + tools/keepalived/keepalived/include/layer4.h | 75 +- .../{libipvs-2.6 => include}/libipvs.h | 84 +- .../keepalived/include/libnl_link.h | 92 + tools/keepalived/keepalived/include/main.h | 89 +- tools/keepalived/keepalived/include/match.h | 143 + .../keepalived/include/namespaces.h | 32 + tools/keepalived/keepalived/include/pidfile.h | 45 +- tools/keepalived/keepalived/include/smtp.h | 89 +- tools/keepalived/keepalived/include/snmp.h | 51 +- tools/keepalived/keepalived/include/sockopt.h | 63 + .../keepalived/include/track_process.h | 49 + tools/keepalived/keepalived/include/vrrp.h | 405 +- .../keepalived/keepalived/include/vrrp_arp.h | 58 +- .../keepalived/include/vrrp_daemon.h | 23 +- .../keepalived/keepalived/include/vrrp_data.h | 96 +- .../keepalived/keepalived/include/vrrp_dbus.h | 43 + .../include/{vrrp_index.h => vrrp_firewall.h} | 38 +- tools/keepalived/keepalived/include/vrrp_if.h | 225 +- .../keepalived/include/vrrp_if_config.h | 43 + .../include/vrrp_ip_rule_route_parser.h | 44 + .../keepalived/include/vrrp_ipaddress.h | 88 +- .../keepalived/include/vrrp_iproute.h | 251 +- .../keepalived/include/vrrp_iprule.h | 129 + .../keepalived/include/vrrp_ipsecah.h | 28 +- .../keepalived/include/vrrp_ipset.h | 48 + .../keepalived/include/vrrp_iptables.h | 58 + .../keepalived/include/vrrp_iptables_calls.h | 52 + .../keepalived/include/vrrp_iptables_cmd.h | 40 + .../keepalived/include/vrrp_iptables_lib.h | 49 + .../keepalived/keepalived/include/vrrp_json.h | 34 + .../keepalived/include/vrrp_ndisc.h | 47 +- .../keepalived/include/vrrp_netlink.h | 69 - .../keepalived/include/vrrp_nftables.h | 52 + .../keepalived/include/vrrp_notify.h | 9 +- .../keepalived/include/vrrp_parser.h | 14 +- .../keepalived/include/vrrp_print.h | 31 + .../keepalived/include/vrrp_scheduler.h | 61 +- .../keepalived/keepalived/include/vrrp_snmp.h | 143 +- .../keepalived/keepalived/include/vrrp_sock.h | 53 + .../keepalived/include/vrrp_static_track.h | 47 + .../keepalived/keepalived/include/vrrp_sync.h | 23 +- .../keepalived/include/vrrp_track.h | 199 +- .../keepalived/keepalived/include/vrrp_vmac.h | 45 +- .../keepalived/keepalived.service.in | 15 + .../keepalived/libipvs-2.4/Makefile.in | 18 - .../keepalived/libipvs-2.4/libipvs.c | 230 - .../keepalived/libipvs-2.4/libipvs.h | 63 - .../keepalived/libipvs-2.6/Makefile.in | 28 - .../keepalived/libipvs-2.6/ip_vs_nl_policy.c | 79 - tools/keepalived/keepalived/main.c | 30 + tools/keepalived/keepalived/vrrp/Makefile.am | 87 + tools/keepalived/keepalived/vrrp/Makefile.in | 708 +- tools/keepalived/keepalived/vrrp/vrrp.c | 4544 +- tools/keepalived/keepalived/vrrp/vrrp_arp.c | 22 +- .../keepalived/keepalived/vrrp/vrrp_daemon.c | 1001 +- tools/keepalived/keepalived/vrrp/vrrp_data.c | 1154 +- tools/keepalived/keepalived/vrrp/vrrp_dbus.c | 1014 + .../keepalived/vrrp/vrrp_firewall.c | 118 + tools/keepalived/keepalived/vrrp/vrrp_if.c | 1388 +- .../keepalived/vrrp/vrrp_if_config.c | 562 + tools/keepalived/keepalived/vrrp/vrrp_index.c | 127 - .../vrrp/vrrp_ip_rule_route_parser.c | 308 + .../keepalived/vrrp/vrrp_ipaddress.c | 691 +- .../keepalived/keepalived/vrrp/vrrp_iproute.c | 1644 +- .../keepalived/keepalived/vrrp/vrrp_iprule.c | 928 + .../keepalived/keepalived/vrrp/vrrp_ipsecah.c | 40 +- tools/keepalived/keepalived/vrrp/vrrp_ipset.c | 458 + .../keepalived/vrrp/vrrp_iptables.c | 350 + .../keepalived/vrrp/vrrp_iptables_calls.c | 882 + .../keepalived/vrrp/vrrp_iptables_cmd.c | 351 + .../keepalived/vrrp/vrrp_iptables_lib.c | 535 + tools/keepalived/keepalived/vrrp/vrrp_json.c | 295 + tools/keepalived/keepalived/vrrp/vrrp_ndisc.c | 195 +- .../keepalived/keepalived/vrrp/vrrp_netlink.c | 774 - .../keepalived/vrrp/vrrp_nftables.c | 1997 + .../keepalived/keepalived/vrrp/vrrp_notify.c | 370 +- .../keepalived/keepalived/vrrp/vrrp_parser.c | 2066 +- tools/keepalived/keepalived/vrrp/vrrp_print.c | 100 + .../keepalived/vrrp/vrrp_scheduler.c | 1607 +- tools/keepalived/keepalived/vrrp/vrrp_snmp.c | 4852 +- .../keepalived/vrrp/vrrp_static_track.c | 219 + tools/keepalived/keepalived/vrrp/vrrp_sync.c | 257 +- tools/keepalived/keepalived/vrrp/vrrp_track.c | 1190 +- tools/keepalived/keepalived/vrrp/vrrp_vmac.c | 733 +- tools/keepalived/kpalive_cluster_test.conf | 104953 +++++++++++++++ tools/keepalived/lib/.gitignore | 4 + tools/keepalived/lib/Makefile.am | 100 + tools/keepalived/lib/Makefile.in | 708 +- tools/keepalived/lib/assert.c | 49 + tools/keepalived/lib/assert_debug.h | 33 + tools/keepalived/lib/bitops.h | 90 + tools/keepalived/lib/buffer.c | 428 - tools/keepalived/lib/buffer.h | 84 - tools/keepalived/lib/command.c | 2681 - tools/keepalived/lib/command.h | 294 - tools/keepalived/lib/config.h.in | 1009 +- tools/keepalived/lib/config_warnings.h.in | 12 + tools/keepalived/lib/container.h | 52 + tools/keepalived/lib/html.c | 77 +- tools/keepalived/lib/html.h | 11 +- tools/keepalived/lib/json_writer.c | 304 + tools/keepalived/lib/json_writer.h | 75 + tools/keepalived/lib/keepalived_magic.h | 70 + tools/keepalived/lib/list.c | 287 +- tools/keepalived/lib/list.h | 93 +- tools/keepalived/lib/list_head.c | 21 +- tools/keepalived/lib/list_head.h | 91 +- tools/keepalived/lib/logger.c | 216 +- tools/keepalived/lib/logger.h | 39 +- tools/keepalived/lib/memory.c | 863 +- tools/keepalived/lib/memory.h | 81 +- tools/keepalived/lib/notify.c | 1205 +- tools/keepalived/lib/notify.h | 93 +- tools/keepalived/lib/old_socket.c | 53 + tools/keepalived/lib/old_socket.h | 46 + tools/keepalived/lib/parser.c | 2173 +- tools/keepalived/lib/parser.h | 130 +- tools/keepalived/lib/process.c | 297 + tools/keepalived/lib/process.h | 53 + tools/keepalived/lib/rbtree.c | 678 + tools/keepalived/lib/rbtree.h | 400 + tools/keepalived/lib/rbtree_augmented.h | 294 + tools/keepalived/lib/rttables.c | 436 + tools/keepalived/lib/rttables.h | 51 + tools/keepalived/lib/scheduler.c | 2050 +- tools/keepalived/lib/scheduler.h | 286 +- tools/keepalived/lib/signals.c | 621 +- tools/keepalived/lib/signals.h | 48 +- tools/keepalived/lib/timer.c | 267 +- tools/keepalived/lib/timer.h | 112 +- tools/keepalived/lib/utils.c | 1090 +- tools/keepalived/lib/utils.h | 268 +- tools/keepalived/lib/vector.c | 131 +- tools/keepalived/lib/vector.h | 62 +- tools/keepalived/lib/vty.c | 2163 - tools/keepalived/lib/vty.h | 196 - tools/keepalived/lib/warnings.h | 110 + .../keepalived/snap-tools/keepalived-wrapper | 28 + tools/keepalived/snap/hooks/install | 15 + tools/keepalived/snap/hooks/post-refresh | 1 + tools/keepalived/snap/snapcraft.yaml | 444 + tools/keepalived/test/.gitignore | 1 + tools/keepalived/test/ci/build.sh | 10 + tools/keepalived/test/ci/setup.sh | 22 + tools/keepalived/test/genhash-test.sh | 62 + tools/keepalived/test/mk_if | 74 + tools/keepalived/test/mk_lots | 59 + tools/keepalived/test/netns-test.sh | 160 + tools/keepalived/test/tcp_server.c | 282 + tools/keepalived/tools/json_tracking/isolate | 172 + .../tools/json_tracking/make_conf.py | 62 + .../json_tracking/template_vrrp_instance | 55 + .../keepalived/tools/json_tracking/vrrp_recap | 66 + 381 files changed, 256783 insertions(+), 26991 deletions(-) create mode 100644 tools/keepalived/.github/ISSUE_TEMPLATE/bug_report.md create mode 100644 tools/keepalived/.github/ISSUE_TEMPLATE/feature_request.md create mode 100644 tools/keepalived/.github/ISSUE_TEMPLATE/support-help-request-template.md create mode 100644 tools/keepalived/.github/ISSUE_TEMPLATE/use-for-any-other-issue.md create mode 100644 tools/keepalived/.gitignore create mode 100644 tools/keepalived/.indent.pro create mode 100644 tools/keepalived/.travis.yml create mode 100644 tools/keepalived/Dockerfile create mode 100644 tools/keepalived/Makefile.am delete mode 100644 tools/keepalived/README create mode 100644 tools/keepalived/README.md delete mode 100644 tools/keepalived/VERSION create mode 100644 tools/keepalived/bin_install/Makefile.am create mode 100755 tools/keepalived/build_setup create mode 100644 tools/keepalived/config.json create mode 100644 tools/keepalived/configure.ac delete mode 100644 tools/keepalived/configure.in create mode 100644 tools/keepalived/doc/.gitignore delete mode 100644 tools/keepalived/doc/KEEPALIVED-MIB create mode 100644 tools/keepalived/doc/KEEPALIVED-MIB.txt create mode 100644 tools/keepalived/doc/Makefile.am create mode 100644 tools/keepalived/doc/README.sphinx create mode 100644 tools/keepalived/doc/VRRP-MIB.txt create mode 100644 tools/keepalived/doc/VRRPv3-MIB.txt create mode 100644 tools/keepalived/doc/man/man8/.gitignore create mode 100644 tools/keepalived/doc/man/man8/Makefile.am delete mode 100644 tools/keepalived/doc/man/man8/keepalived.8 create mode 100644 tools/keepalived/doc/man/man8/keepalived.8.in create mode 100644 tools/keepalived/doc/samples/keepalived.conf.conditional_conf create mode 100644 tools/keepalived/doc/samples/keepalived.conf.vrrp.rules create mode 100755 tools/keepalived/doc/samples/sample_notify_fifo.sh rename tools/keepalived/{keepalived/bin/.gitkeep => doc/source/_static/.gitignore} (100%) create mode 100644 tools/keepalived/doc/source/_static/.gitkeep create mode 100644 tools/keepalived/doc/source/_templates/.gitignore create mode 100644 tools/keepalived/doc/source/_templates/.gitkeep create mode 100644 tools/keepalived/doc/source/about.rst create mode 100644 tools/keepalived/doc/source/case_study_failover.rst create mode 100644 tools/keepalived/doc/source/case_study_healthcheck.rst create mode 100644 tools/keepalived/doc/source/case_study_mixing.rst create mode 100644 tools/keepalived/doc/source/conf.py create mode 100644 tools/keepalived/doc/source/configuration_synopsis.rst create mode 100644 tools/keepalived/doc/source/images/software_design.png create mode 100644 tools/keepalived/doc/source/index.rst create mode 100644 tools/keepalived/doc/source/installing_keepalived.rst create mode 100644 tools/keepalived/doc/source/introduction.rst create mode 100644 tools/keepalived/doc/source/license.rst create mode 100644 tools/keepalived/doc/source/load_balancing_techniques.rst create mode 100644 tools/keepalived/doc/source/programs_synopsis.rst create mode 100644 tools/keepalived/doc/source/protocol_support.rst create mode 100644 tools/keepalived/doc/source/scheduling_algorithms.rst create mode 100644 tools/keepalived/doc/source/snmp_support.rst create mode 100644 tools/keepalived/doc/source/software_design.rst create mode 100644 tools/keepalived/doc/source/terminology.rst create mode 100644 tools/keepalived/doc/source/todo.rst create mode 100644 tools/keepalived/doc/source/tools/pydoctheme/static/pydoctheme.css create mode 100644 tools/keepalived/doc/source/tools/pydoctheme/theme.conf create mode 100644 tools/keepalived/docker/keepalived.conf create mode 100644 tools/keepalived/genhash/.gitignore create mode 100644 tools/keepalived/genhash/Makefile.am rename tools/keepalived/genhash/{ => include}/hash.h (69%) rename tools/keepalived/genhash/{ => include}/http.h (54%) rename tools/keepalived/genhash/{ => include}/layer4.h (72%) rename tools/keepalived/genhash/{ => include}/main.h (66%) rename tools/keepalived/genhash/{ => include}/sock.h (79%) rename tools/keepalived/genhash/{ => include}/ssl.h (77%) create mode 100755 tools/keepalived/goodies/arpreset.pl create mode 100755 tools/keepalived/goodies/check_conditional_tests mode change 100755 => 120000 tools/keepalived/install-sh create mode 100644 tools/keepalived/keepalived.conf create mode 100644 tools/keepalived/keepalived/.gitignore create mode 100644 tools/keepalived/keepalived/Makefile.am create mode 100644 tools/keepalived/keepalived/bfd/Makefile.am create mode 100644 tools/keepalived/keepalived/bfd/bfd.c create mode 100644 tools/keepalived/keepalived/bfd/bfd_daemon.c create mode 100644 tools/keepalived/keepalived/bfd/bfd_data.c create mode 100644 tools/keepalived/keepalived/bfd/bfd_event.c create mode 100644 tools/keepalived/keepalived/bfd/bfd_parser.c create mode 100644 tools/keepalived/keepalived/bfd/bfd_scheduler.c create mode 100644 tools/keepalived/keepalived/check/Makefile.am create mode 100644 tools/keepalived/keepalived/check/check_bfd.c create mode 100644 tools/keepalived/keepalived/check/check_dns.c create mode 100644 tools/keepalived/keepalived/check/check_print.c mode change 100755 => 100644 tools/keepalived/keepalived/check/ipvswrapper.c create mode 100644 tools/keepalived/keepalived/check/ipwrapper.c.TODO rename tools/keepalived/keepalived/{libipvs-2.6 => check}/libipvs.c (50%) create mode 100644 tools/keepalived/keepalived/check/sockopt.c create mode 100644 tools/keepalived/keepalived/core/Makefile.am create mode 100644 tools/keepalived/keepalived/core/keepalived_netlink.c create mode 100644 tools/keepalived/keepalived/core/libnl_link.c create mode 100644 tools/keepalived/keepalived/core/namespaces.c create mode 100644 tools/keepalived/keepalived/core/track_process.c create mode 100644 tools/keepalived/keepalived/dbus/.gitignore create mode 100644 tools/keepalived/keepalived/dbus/Makefile.am create mode 100644 tools/keepalived/keepalived/dbus/org.keepalived.Vrrp1.Instance.xml create mode 100644 tools/keepalived/keepalived/dbus/org.keepalived.Vrrp1.Vrrp.xml_template create mode 100644 tools/keepalived/keepalived/dbus/org.keepalived.Vrrp1.conf create mode 100644 tools/keepalived/keepalived/etc/.gitignore create mode 100644 tools/keepalived/keepalived/etc/Makefile.am create mode 100644 tools/keepalived/keepalived/etc/init.d/.gitignore create mode 100644 tools/keepalived/keepalived/etc/init.d/Makefile.am rename tools/keepalived/keepalived/etc/init.d/{keepalived.init => keepalived} (100%) rename tools/keepalived/keepalived/etc/init.d/{keepalived.suse.init => keepalived.suse.init.in} (91%) create mode 100644 tools/keepalived/keepalived/etc/init/.gitignore create mode 100644 tools/keepalived/keepalived/etc/init/Makefile.am create mode 100644 tools/keepalived/keepalived/etc/init/keepalived.conf.in create mode 100644 tools/keepalived/keepalived/etc/openrc/keepalived rename tools/keepalived/keepalived/etc/{init.d/keepalived.sysconfig => sysconfig/keepalived} (100%) create mode 100644 tools/keepalived/keepalived/include/bfd.h create mode 100644 tools/keepalived/keepalived/include/bfd_daemon.h create mode 100644 tools/keepalived/keepalived/include/bfd_data.h create mode 100644 tools/keepalived/keepalived/include/bfd_event.h create mode 100644 tools/keepalived/keepalived/include/bfd_parser.h create mode 100644 tools/keepalived/keepalived/include/bfd_scheduler.h create mode 100644 tools/keepalived/keepalived/include/check_bfd.h create mode 100644 tools/keepalived/keepalived/include/check_dns.h create mode 100644 tools/keepalived/keepalived/include/check_print.h create mode 100644 tools/keepalived/keepalived/include/common.h create mode 100644 tools/keepalived/keepalived/include/conf/blklst.h create mode 100644 tools/keepalived/keepalived/include/conf/conn.h create mode 100644 tools/keepalived/keepalived/include/conf/inetaddr.h create mode 100644 tools/keepalived/keepalived/include/conf/ip_tunnel.h create mode 100644 tools/keepalived/keepalived/include/conf/ipv6.h create mode 100644 tools/keepalived/keepalived/include/conf/laddr.h create mode 100644 tools/keepalived/keepalived/include/conf/neigh.h create mode 100644 tools/keepalived/keepalived/include/conf/netif.h create mode 100644 tools/keepalived/keepalived/include/conf/route.h create mode 100644 tools/keepalived/keepalived/include/conf/route6.h create mode 100644 tools/keepalived/keepalived/include/conf/tc.h create mode 100644 tools/keepalived/keepalived/include/conf/vlan.h create mode 100644 tools/keepalived/keepalived/include/dp_vs.h create mode 100644 tools/keepalived/keepalived/include/flow.h create mode 100644 tools/keepalived/keepalived/include/inet.h rename tools/keepalived/keepalived/{libipvs-2.6 => include}/ip_vs.h (64%) create mode 100644 tools/keepalived/keepalived/include/ipvs/blklst.h create mode 100644 tools/keepalived/keepalived/include/ipvs/conhash.h create mode 100644 tools/keepalived/keepalived/include/ipvs/conn.h create mode 100644 tools/keepalived/keepalived/include/ipvs/dest.h create mode 100644 tools/keepalived/keepalived/include/ipvs/ipvs.h create mode 100644 tools/keepalived/keepalived/include/ipvs/laddr.h create mode 100644 tools/keepalived/keepalived/include/ipvs/nat64.h create mode 100644 tools/keepalived/keepalived/include/ipvs/proto.h create mode 100644 tools/keepalived/keepalived/include/ipvs/proto_icmp.h create mode 100644 tools/keepalived/keepalived/include/ipvs/proto_tcp.h create mode 100644 tools/keepalived/keepalived/include/ipvs/proto_udp.h create mode 100644 tools/keepalived/keepalived/include/ipvs/rr.h create mode 100644 tools/keepalived/keepalived/include/ipvs/sched.h create mode 100644 tools/keepalived/keepalived/include/ipvs/service.h create mode 100644 tools/keepalived/keepalived/include/ipvs/stats.h create mode 100644 tools/keepalived/keepalived/include/ipvs/synproxy.h create mode 100644 tools/keepalived/keepalived/include/ipvs/wlc.h create mode 100644 tools/keepalived/keepalived/include/ipvs/wrr.h create mode 100644 tools/keepalived/keepalived/include/ipvs/xmit.h create mode 100644 tools/keepalived/keepalived/include/keepalived_netlink.h rename tools/keepalived/keepalived/{libipvs-2.6 => include}/libipvs.h (80%) create mode 100644 tools/keepalived/keepalived/include/libnl_link.h create mode 100644 tools/keepalived/keepalived/include/match.h create mode 100644 tools/keepalived/keepalived/include/namespaces.h create mode 100644 tools/keepalived/keepalived/include/sockopt.h create mode 100644 tools/keepalived/keepalived/include/track_process.h create mode 100644 tools/keepalived/keepalived/include/vrrp_dbus.h rename tools/keepalived/keepalived/include/{vrrp_index.h => vrrp_firewall.h} (61%) create mode 100644 tools/keepalived/keepalived/include/vrrp_if_config.h create mode 100644 tools/keepalived/keepalived/include/vrrp_ip_rule_route_parser.h create mode 100644 tools/keepalived/keepalived/include/vrrp_iprule.h create mode 100644 tools/keepalived/keepalived/include/vrrp_ipset.h create mode 100644 tools/keepalived/keepalived/include/vrrp_iptables.h create mode 100644 tools/keepalived/keepalived/include/vrrp_iptables_calls.h create mode 100644 tools/keepalived/keepalived/include/vrrp_iptables_cmd.h create mode 100644 tools/keepalived/keepalived/include/vrrp_iptables_lib.h create mode 100644 tools/keepalived/keepalived/include/vrrp_json.h delete mode 100644 tools/keepalived/keepalived/include/vrrp_netlink.h create mode 100644 tools/keepalived/keepalived/include/vrrp_nftables.h create mode 100644 tools/keepalived/keepalived/include/vrrp_print.h create mode 100644 tools/keepalived/keepalived/include/vrrp_sock.h create mode 100644 tools/keepalived/keepalived/include/vrrp_static_track.h create mode 100644 tools/keepalived/keepalived/keepalived.service.in delete mode 100644 tools/keepalived/keepalived/libipvs-2.4/Makefile.in delete mode 100644 tools/keepalived/keepalived/libipvs-2.4/libipvs.c delete mode 100644 tools/keepalived/keepalived/libipvs-2.4/libipvs.h delete mode 100644 tools/keepalived/keepalived/libipvs-2.6/Makefile.in delete mode 100644 tools/keepalived/keepalived/libipvs-2.6/ip_vs_nl_policy.c create mode 100644 tools/keepalived/keepalived/main.c create mode 100644 tools/keepalived/keepalived/vrrp/Makefile.am create mode 100644 tools/keepalived/keepalived/vrrp/vrrp_dbus.c create mode 100644 tools/keepalived/keepalived/vrrp/vrrp_firewall.c create mode 100644 tools/keepalived/keepalived/vrrp/vrrp_if_config.c delete mode 100644 tools/keepalived/keepalived/vrrp/vrrp_index.c create mode 100644 tools/keepalived/keepalived/vrrp/vrrp_ip_rule_route_parser.c create mode 100644 tools/keepalived/keepalived/vrrp/vrrp_iprule.c create mode 100644 tools/keepalived/keepalived/vrrp/vrrp_ipset.c create mode 100644 tools/keepalived/keepalived/vrrp/vrrp_iptables.c create mode 100644 tools/keepalived/keepalived/vrrp/vrrp_iptables_calls.c create mode 100644 tools/keepalived/keepalived/vrrp/vrrp_iptables_cmd.c create mode 100644 tools/keepalived/keepalived/vrrp/vrrp_iptables_lib.c create mode 100644 tools/keepalived/keepalived/vrrp/vrrp_json.c delete mode 100644 tools/keepalived/keepalived/vrrp/vrrp_netlink.c create mode 100644 tools/keepalived/keepalived/vrrp/vrrp_nftables.c create mode 100644 tools/keepalived/keepalived/vrrp/vrrp_print.c create mode 100644 tools/keepalived/keepalived/vrrp/vrrp_static_track.c create mode 100644 tools/keepalived/kpalive_cluster_test.conf create mode 100644 tools/keepalived/lib/.gitignore create mode 100644 tools/keepalived/lib/Makefile.am create mode 100644 tools/keepalived/lib/assert.c create mode 100644 tools/keepalived/lib/assert_debug.h create mode 100644 tools/keepalived/lib/bitops.h delete mode 100644 tools/keepalived/lib/buffer.c delete mode 100644 tools/keepalived/lib/buffer.h delete mode 100644 tools/keepalived/lib/command.c delete mode 100644 tools/keepalived/lib/command.h create mode 100644 tools/keepalived/lib/config_warnings.h.in create mode 100644 tools/keepalived/lib/container.h create mode 100644 tools/keepalived/lib/json_writer.c create mode 100644 tools/keepalived/lib/json_writer.h create mode 100644 tools/keepalived/lib/keepalived_magic.h create mode 100644 tools/keepalived/lib/old_socket.c create mode 100644 tools/keepalived/lib/old_socket.h create mode 100644 tools/keepalived/lib/process.c create mode 100644 tools/keepalived/lib/process.h create mode 100644 tools/keepalived/lib/rbtree.c create mode 100644 tools/keepalived/lib/rbtree.h create mode 100644 tools/keepalived/lib/rbtree_augmented.h create mode 100644 tools/keepalived/lib/rttables.c create mode 100644 tools/keepalived/lib/rttables.h delete mode 100644 tools/keepalived/lib/vty.c delete mode 100644 tools/keepalived/lib/vty.h create mode 100644 tools/keepalived/lib/warnings.h create mode 100755 tools/keepalived/snap-tools/keepalived-wrapper create mode 100755 tools/keepalived/snap/hooks/install create mode 120000 tools/keepalived/snap/hooks/post-refresh create mode 100644 tools/keepalived/snap/snapcraft.yaml create mode 100644 tools/keepalived/test/.gitignore create mode 100755 tools/keepalived/test/ci/build.sh create mode 100755 tools/keepalived/test/ci/setup.sh create mode 100755 tools/keepalived/test/genhash-test.sh create mode 100755 tools/keepalived/test/mk_if create mode 100755 tools/keepalived/test/mk_lots create mode 100755 tools/keepalived/test/netns-test.sh create mode 100644 tools/keepalived/test/tcp_server.c create mode 100755 tools/keepalived/tools/json_tracking/isolate create mode 100755 tools/keepalived/tools/json_tracking/make_conf.py create mode 100644 tools/keepalived/tools/json_tracking/template_vrrp_instance create mode 100755 tools/keepalived/tools/json_tracking/vrrp_recap diff --git a/tools/keepalived/.github/ISSUE_TEMPLATE/bug_report.md b/tools/keepalived/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 000000000..53735c6cd --- /dev/null +++ b/tools/keepalived/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,43 @@ +--- +name: Bug report +about: Create a report to help us improve keepalived +title: '' +labels: '' +assignees: '' + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Any steps necessary to reproduce the behaviour: + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Keepalived version** +Output of `keepalived -v` + +**Distro (please complete the following information):** + - Name [e.g. Fedora, Ubuntu] + - Version [e.g. 29] + - Architecture [e.g. x86_64] + +**Details of any containerisation or hosted service (e.g. AWS)** +If keepalived is being run in a container or on a hosted service, provide full details + +**Configuration file:** +A full copy of the configuration file, obfuscated if necessary to protect passwords and IP addresses + +**Notify and track scripts** +If any notify or track scripts are in use, please provide copies of them + +**System Log entries** +Full keepalived system log entries from when keepalived started + +**Did keepalived coredump?** +If so, can you please provide a stacktrace from the coredump, using gdb. + +**Additional context** +Add any other context about the problem here. diff --git a/tools/keepalived/.github/ISSUE_TEMPLATE/feature_request.md b/tools/keepalived/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 000000000..2e71bc0c8 --- /dev/null +++ b/tools/keepalived/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,26 @@ +--- +name: Feature request +about: Suggest an enhancement for keepalived +title: '' +labels: '' +assignees: '' + +--- + +**Is your feature request to resolve a problem or provide enhanced functionality? Please describe.** +A clear and concise description of what the problem is. + +**Describe the solution you would like** +A clear and concise description of what you would like to happen. + +**Describe alternatives you have considered** +A clear and concise description of any alternative solutions or features you have considered. + +**Would the feature request be of benefit only to you, or is it more generally applicable?** +If it would benefit others please describe how. + +**Keepalived version** +Output of `keepalived -v` (the feature may already be supported in a later version). + +**Additional context** +Add any other context about the feature request here. diff --git a/tools/keepalived/.github/ISSUE_TEMPLATE/support-help-request-template.md b/tools/keepalived/.github/ISSUE_TEMPLATE/support-help-request-template.md new file mode 100644 index 000000000..915bd755e --- /dev/null +++ b/tools/keepalived/.github/ISSUE_TEMPLATE/support-help-request-template.md @@ -0,0 +1,42 @@ +--- +name: Support/help request template +about: Title of what you need help/support for +title: '' +labels: '' +assignees: '' + +--- + +_Support requests should be sent to_ keepalived-devel@lists.sourceforge.net + +**Describe why you are unable to send the support request to the above email list** +Understanding why you cannot use the email list should help us improve it. + +**Describe what you need help/support for** +A clear and concise description of what you need help with. + +**Details of what you would like to do with keepalived** +Describe in details what you would like to achieve with keepalived + +**Keepalived version** +Output of `keepalived -v` (a later version of keepalived might be needed). + +**Distro (please complete the following information):** + - Name [e.g. Fedora, Ubuntu] + - Version [e.g. 29] + - Architecture [e.g. x86_64] + +**Details of any containerisation or hosted service (e.g. AWS)** +If keepalived is being run in a container or on a hosted service, provide full details + +**Configuration file:** +Full copy of your configuration file, obfuscated if necessary to protect passwords and IP addresses + +**Notify and track scripts** +If any notify or track scripts are in use, please provide copies of them + +**System Log entries** +Full keepalived system log entries from when keepalived started, if applicable + +**Additional context** +Add any other context about the problem here. diff --git a/tools/keepalived/.github/ISSUE_TEMPLATE/use-for-any-other-issue.md b/tools/keepalived/.github/ISSUE_TEMPLATE/use-for-any-other-issue.md new file mode 100644 index 000000000..93cd8f82a --- /dev/null +++ b/tools/keepalived/.github/ISSUE_TEMPLATE/use-for-any-other-issue.md @@ -0,0 +1,43 @@ +--- +name: Use this for any other issue +about: Please use this rather than 'Open a regular issue' below +title: '' +labels: '' +assignees: '' + +--- + +**Describe the issue** +A clear and concise description of what the issue is. + +**To Reproduce** +Any steps necessary to reproduce the behaviour: + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Keepalived version** +Output of `keepalived -v` + +**Distro (please complete the following information):** + - Name [e.g. Fedora, Ubuntu] + - Version [e.g. 29] + - Architecture [e.g. x86_64] + +**Details of any containerisation or hosted service (e.g. AWS)** +If keepalived is being run in a container or on a hosted service, provide full details + +**Configuration file:** +A full copy of the configuration file, obfuscated if necessary to protect passwords and IP addresses + +**Notify and track scripts** +If any notify or track scripts are in use, please provide copies of them + +**System Log entries** +Full keepalived system log entries from when keepalived started + +**Did keepalived coredump?** +If so, can you please provide a stacktrace from the coredump, using gdb. + +**Additional context** +Add any other context about the problem here. diff --git a/tools/keepalived/.gitignore b/tools/keepalived/.gitignore new file mode 100644 index 000000000..e2a4ac540 --- /dev/null +++ b/tools/keepalived/.gitignore @@ -0,0 +1,48 @@ +*.orig +*.rej +*.o +*.a +README +bin/ +keepalived.spec +*~ +*.swp +.dir-locals.el +keepalived-*.tar.gz + + +# http://www.gnu.org/software/automake +Makefile +Makefile.in + +# http://www.gnu.org/software/autoconf +/ar-lib +/autom4te.cache +/autoscan.log +/autoscan-*.log +/aclocal.m4 +/compile +/config.cache +/config.h.in +/config.log +/config.status +/configure.scan +/depcomp +/install-sh +/missing +stamp-h? + +.deps/ + +/tmp/ +/devel/ + +# To be able to build without automake/autoconf comment out the following +lib/config.h.in +/configure + +# For snap builds +parts/ +prime/ +stage/ +keepalived*.snap diff --git a/tools/keepalived/.indent.pro b/tools/keepalived/.indent.pro new file mode 100644 index 000000000..9864f418c --- /dev/null +++ b/tools/keepalived/.indent.pro @@ -0,0 +1,8 @@ +-kr +-i8 +-ts8 +-sob +-l80 +-ss +-bs +-psl diff --git a/tools/keepalived/.travis.yml b/tools/keepalived/.travis.yml new file mode 100644 index 000000000..df0edd9a8 --- /dev/null +++ b/tools/keepalived/.travis.yml @@ -0,0 +1,47 @@ +git: + depth: 5 + +language: c +compiler: gcc +os: linux +dist: xenial + +addons: + apt: + packages: + - libsnmp-dev + - iptables-dev + - libipset-dev + - libnfnetlink-dev + - libnl-3-dev + - libnl-genl-3-dev + - libnl-route-3-dev + - libssl-dev + - libmagic-dev + - libglib2.0-dev + - libjson-c-dev + - libpcre2-dev + - libmnl-dev + - libnftnl-dev + update: true + +install: + - autoreconf -W portability -visf + +before_script: + - ./test/ci/setup.sh + +script: + - ./test/ci/build.sh + +env: + matrix: + - KEEPALIVED_CONFIG_ARGS="" + - KEEPALIVED_CONFIG_ARGS="--enable-snmp --enable-snmp-rfc --enable-json --enable-dbus --disable-checksum-compat --enable-bfd --enable-asserts" + - KEEPALIVED_CONFIG_ARGS="--enable-sha1 --enable-dbus --enable-dbus-create-instance --disable-dynamic-linking --disable-fwmark --disable-lvs-syncd --enable-snmp-vrrp --enable-timer-check --disable-iptables --disable-nftables --disable-track-process" + - KEEPALIVED_CONFIG_ARGS="--enable-dynamic-linking --disable-vrrp-auth --enable-snmp-rfc --disable-snmp-reply-v3-for-v2 --disable-nftables" + - KEEPALIVED_CONFIG_ARGS="--disable-libiptc --disable-libnl --enable-snmp-checker" + - KEEPALIVED_CONFIG_ARGS="--enable-conversion-checks --enable-stacktrace --enable-mem-check --enable-mem-check-log --disable-lvs-64bit-stats --enable-snmp-rfcv2" + - KEEPALIVED_CONFIG_ARGS="--disable-lvs --enable-snmp-vrrp --enable-snmp-rfc --enable-json --enable-sha1 --enable-dbus --disable-routes --enable-bfd --disable-iptables --disable-linkbeat" + - KEEPALIVED_CONFIG_ARGS="--disable-vrrp --enable-snmp-checker --enable-sha1 --enable-regex" + - KEEPALIVED_CONFIG_ARGS="--disable-hardening --enable-dump-threads --enable-epoll-debug --enable-snmp-rfcv3 --enable-log-file --disable-libipset" diff --git a/tools/keepalived/CONTRIBUTORS b/tools/keepalived/CONTRIBUTORS index de4fdcc11..0dff03f2b 100644 --- a/tools/keepalived/CONTRIBUTORS +++ b/tools/keepalived/CONTRIBUTORS @@ -22,7 +22,7 @@ Kevin Lindsay, : o Redesigned signal handling. Nick Couchman, : - o Patch for u_threshold and l_threshold support. + o Patch for u_threshold and l_threshold support. Willy Tarreau, : o Extended VRRP framework to support floating diff --git a/tools/keepalived/ChangeLog b/tools/keepalived/ChangeLog index 83537e856..dc3022103 100644 --- a/tools/keepalived/ChangeLog +++ b/tools/keepalived/ChangeLog @@ -1,3 +1,6209 @@ +2019-10-19 Alexandre Cassen + * keepalived-2.0.19 + * Allow persistence, scheduler and flags of VS to be changed on reload + A virtual server is identified by its IP address, protocol and port, + or the firewall mark and address family, and not by the persistence + settings or scheduler and scheduler flags. When comparing virtual + servers on a reload, don't check persistence and scheduler settings + match, but update them if necessary. + * Ignore default RS settings when comparing VSs after reload + Various default settings for real servers belonging to a virtual + server can be configured against a virtual server. These settings + should be ignored when comparing virtual servers following a + reload. Any differences in real server settings will be handled + separately. + * Clarify what IPVS persistence engines are supported in man page + * Allow RS forwarding method to be changed on reload + A real server is identified by its IP address and port, and not by + the forwarding method. When comparing real servers on a reload, don't + check the forwarding method, but update it if necessary. + * Check address family when comparing fwmark VSs on reload + * Update test tcp server + * Allow more than one BFD instance with a neighbour + This commit now checks both the neighbour address and the source/local + address when finding a BFD instance. This means that more than one BFD + instance can be set up with the same neighbour, so long as a different + local address is used. + * Make PID files group and world readable + Issue #1378 identified that PID files were created without group + and work read in the file permission bits being set, due to the umask. + This was causing a problem, since a non-root user was needing to read + the PID file. + This commit now forces the file permissions of PID files to be: + owner=rw, group=r, other=r. + * Fix erroneous error message when creating IPv4 ipvlan interfaces + The code was checking for a return value != -1 to identify an error, + whereas it should have been checking for return value != 1. + * Ignore reloading signals till signal_init call + * fix bug in vrrp_json_track_ifp_dump() + * Fix handling unknown user in MISC_CHECK + If the user was unknown, it wasn't dequeuing the new checker, resulting + in a subsequent coredump. + * Fix ~SEQ handling + Commit 47b2207 - "Add const attribute where appropriate in config parser + code" broke handling of ~SEQ, due to including one extra character at the + end of the sequence variable name. + This commit corrects the length of the variable set as part of the ~SEQ + processing. + * Revert "Fix route add/delete on reload if only change via address" + This reverts commit f54c2e8294c6f2080c3ae951ba25bf40d5b8d211. + The commit did the wrong thing: the via address is not part of the + key of the route. + The problem was that if it detected it already had a route with the + same key, it replaced the route, but with the old route and not the + new one. The next commit will rectify this. + * Correct handling of replacing routes on reload + Issue #1390 identified that a route with a changed source address + wasn't being changed on reload, and identified that the problem was + related to issue #1220. + It turns out that commit f54c2e8 which resolved issue #1220 was not + the correct fix. The problem was that when reloading, if a new route + matched an old route, the old route was replaced with the OLD route + (i.e. it did nothing), rather than replacing it with the NEW route. + This commit now replaces the old route with the new route. + * Add addresses/routes/rules in that order and delete in reverse order + Routes can requires addresses to exist in order to be able to add them, + and rules determine which routes are used. + * Fix not logging error on deletion of expired route + * Make netlink_route() return bool, and add some LIST_FOREACH + * Handle changing virtual route to use new VIP on reload + During a reload, routes replacing existing routes are replaced, as + opposed to deleted and added; this avoids the route disappearing for + a short while. However, if a new route uses a VIP that didn't exist + in the old configuration then the route replacement will fail. + The code is now changed so that it attempts to replace the route, but + if that fails, it deletes the old route and later adds the new route + after the new VIPS have been added. + * Don't log EPOLLERR or EPOLLHUP - they can occur with TCP_CHECK + * Fix tcp_server getopt() handling + * Properly handle MISC_CHECK script returning exit status 0 + If a MISC_CHECK script returned an exit status >= 2, and then the + script returns 0, the weight of the real server was not updated + following the script returning 0, and the quorum also wasn't updated. + This commit makes keepalived update the weight of a real server and + the quorum following a MISC_CHECK returning a 0 exit status. + This is a change of behaviour for MISC_CHECKs whose scripts return + an exit status >= 2 subsequently followed by an exit status of 0. + However, the new behaviour is consistent with the documentation and + is also the behaviour that would be expected. Some users may need to + modify their MISC_CHECK scripts if the scripts return an exit code >= 2 + and subsequently return an exit code of 0 expecting that to mean that + the status hasn't changed. + * Correct documentation re range of values for Virtual Router ID + The valid range of values for the VRID is 1 to 255, and does not + include 0. + * Handle script timeouts when child process has terminated + Issue #1364 identified that if a track script timed out and the kill + of the process failed to to its exit status already having been reaped, + keepalived would never run the track scripts again. It transpires that + the same problem existed with MISC_CHECK scripts. + The commit now ensures that after the timeout the script will be set + to idle state, so that it can be run again. + * Clear thread_master current_event when cleanup thread_master + The current_event was left pointing to an event that had been deleted, + with the consequence that if the next epoll event matched the outdated + current_event, that outdated event could be used. + This commit clears the current_event when the thread_master is cleaned up. + * Add errno numbers to some bfd error messages, rather than just text + Although the strerror() text is helpful, it is often useful just to + know the error number. + * Enable FIFOs to receive initial fault notifications at startup + Issue #1399 identified that if a track_file caused a VRRP instance + to start in fault state, there was no notification of the fault sent + to the notify FIFOs. + This commit implements the suggestion of chenwng in issue #1399 and + moves the opening of the notify FIFOs to earlier in the init process. + * Resolve incorectly identified Coverity error + * Define VRRP and BFD initialisms + * Add support for nftables blocking IGMP/MLD packets on VMAC interfaces + Issue #882 identified that VRRP instances using VMACs sent IGMP/MLD + packets using the MAC address of the VMAC interface even when the + vrrp instance was in backup state. This meant that switches would + update what interface the VRRP MAC address was on to the backup + instance, thereby meaning that until the master instance sent another + advert, packets destined to be forwarded by the master instance would + be delivered to the backup instance and lost. + This commit adds support to use nftables to stop the packets being + send from the VMAC interface (and thereby using the 00:00:5e:00:0x:xx + MAC address), and instead the packets are sent on the parent interface. + How this is acheived depends on whether the kernel supports the dup + statement; if it does the IGMP messages are simply moved from the VMAC + interface to the parent interface otherwise the join groups are done on + both the VMAC interface and the parent interface, and nftables drops + the join messages on the VMAC interface. + This functionality might be better implemented using eBPF, but older + systems don't support that, and I still need to work out how to use + eBPF. + * Add support for using iptables to block VMAC IGMP/MLD messages + Commit b10bbfc2a added support for using nftables to block + IGMP/MLD messages being sent VMAC interfaces. This commit adds + the equivalent functionality using iptables. + * Improve checking of incompatible configure options + * Fix Travis-CI build errors + * Don't attempt to remove IGMP blocking iptables rules for IPVLANs + We don't block IGMP/MLD for IPVLANs so there are no rules to remove. + * Turn off nftables mnl debug logging + * Don't log an error when deleting nonexistant nftable at startup + Since there is no native flush command to the kernel to delete all + the rules, sets, meters etc in a table, we just delete the table, + and if the table doesn't exist an error is returned. + This commits stops the error being logged, since it isn't an error + of interest. + * Minor tidying up of setting up nftables + * Fix error when setting up nftables with eVIPs from other family + The sequence number of nftables netlink messages was getting out + of order when a VRRP instance had both IPv4 and IPv6 entries. + This is now resolved by checking for the existance of residual + tables of both families when keepalived first checks for residual + tables. + * Remove some duplicate nftables code + * Remove inhibit_on_failure from keepalived.conf(5) man page + The inhibit_on_failure keyword does not apply to checkers, and is + not implemented for them. + * Remove vi swap file erroneously included in previous commit + * Add additional logging of reasons for vrrp instances going to fault + Pull request #1353 suggested adding additional logging for reasons + for vrrp instances going to fault state at startup, and for track + file status changes. + This commit merges those changes, fixes one error, and only logs + track file status changes if the -D option (log detail) is set. + * Make skip_check_adv_addr work properly + Keepalived was checking the received advert packet length against + the expected length based on the number of VIPs configured on the + vrrp instance. This commit changes the check so that the received + packet length is checked against the number of VIPs in the VRRP + packet header, thereby ensuring that the advert packet is self + consistent. + The check for the number of addresses is now only done if + skip_check_adr_addr is not set (which matches what the RFC says). + Note: skip_check_adv_addr only skips the check of VIPs in a received + packet if the advert is received from the same master as the previous + advert. + With this commit, if skip_check_adv_addr is set, it is possible to + reload a master instance with a different number of VIPs, and then + subsequently reload the backup instance, without the backup instance + becoming master due to the mismatch of the number of VIPs. + +2019-07-26 Alexandre Cassen + * keepalived-2.0.18 + * Set NA_ROUTER flag in gratuitous NA messages appropriately. + Previously keepalived checked the IPv6 forwarding state of the interface/ + parent interface of a VRRP instance, and used that for all GNA messages. + However, if addresses are configured on different interfaces, it should + be the setting for the address's interface that is used. + * Fix memory leak with dbus_instance_name. + * Make set_value() add entry for memcheck identifying where called. + * Add configure option --enable-checksum-debug. + Issue #1175 identified that intermittently they were getting VRRPv3 + checksum errors. The maintainers of keepalived were unable to reproduce + the problem despite extensive testing, and so a special patch was produced + to check and log any checksum changes from previous adverts sent or received. + Almost two months later there has been no feedback. The patch has now been + forward ported from v2.0.12 to v2.0.17 and is included here, enabled by + --enable-checksum-debug option, so that if there are ever any checksum problems + in the future this code can be used to ascertain what is happening. + * Fix configuring LVS sync daemon in backup state. + Commit eb929f8 - "Stop LVS sync daemon on shutdown" moved shutting + down the LVS sync daemon to the wrong place, so that it was called + whenever a VRRP instance transitioned out of master state. This + commit moves the shutting down of the sync daemon to shutdown phase 1, + and it is shutdown before the VRRP instances are shut down. + * Increase open file limit for checker process if no of checkers need it. + TCP, HTTP/SSL, DNS and SMTP checkers all use a socket. If there is a + sufficiently large number of checkers, the default open file limit may + be exceeded. This commits counts the number of such checkers, and also + thr number of smtp_alerts, and if necessary increases the open file limit + to allow them all to run at once. + * Ensure MISC_CHECK processes don't get increase open file limit. + * When checking number of open files for vrrp process, allow for smtp + alerts. + * Combine checker set_max_file_limit() and set_vrrp_max_fds() common + code. + * DNS_CHECK: correct error info in dns_type_handler func. + Sometimes, users set two type values by mistake in keepalived.conf, + and the first is right and the second one is not in DNS_TYPE[]. + Then the dns_check->type is set successfully when parsing first type value + , which may be different from the default SOA. As for the second one, + the dns_type_handler func will print error info "Defaulting to SOA", + actually, currently the dns_check->type may be not equal to SOA. + Here, we will print the dns_type_name(dns_check->type) instead of "SOA". + * Simplify restoring RLIMIT_NOFILE for child processes. + * Simplify handling incorrect dns_check type. + * Add missing track_process documentation to keepalived.conf(5) man + page. + * Add weight "reverse" feature to track_bfd. + The reverse feature allows reducing the priority when the tracker is up + and reducing the priority when the tracker is down. + * Add weight "reverse" feature to track_interface. + The reverse feature allows reducing the priority when the tracker is up + and reducing the priority when the tracker is down. + * Add weight "reverse" feature to track_script. + The reverse feature allows reducing the priority when the tracker is up + and reducing the priority when the tracker is down. + * Update alloc_track_file() and alloc_group_track_file() to be + consistent. + * Allow reverse tracking with weight 0. + This allows a vrrp instance to go to fault state if an interfaces is UP, + or a track script or bfd instance is up, or a track process has achieved + quorum, and down otherwise. + * Fix reverse on track_script when configured on sync group and instance + If a track script was configured on both a vrrp instance and the sync + group that the instance was configured in, then the reverse setting + wasn't being properly carried forward. + * Add weight "reverse" feature to track_file. + The reverse feature allows reducing the priority when the tracker is up + and increasing the priority when the tracker is down. + * Make track_bfd reverse handling consistent with other trackers. + * Add track weight reverse to SNMP output. + * Add vrrp track_bfd details to SNMP output. + * Add vrrp track_process details to SNMP output. + * Disallow --enable-track-process-debug with --disable-track-process. + * Add conditional compilation around track_bfd/process SNMP code. + * Remove duplicate code for parsing vrrp and sync group trackers. + The code for parsing trackers for vrrp instances and sync groups + was to all intents and purposes identical, so this commit now uses + common code for both of them. + * sll_protocol should be set to 0x806. + Some times , send the gratuitous ARP message should set sll_protocol, + let some drivers can evaluate which protocol we use. + * Neighbor discovery set sll_protocol. + * Fix SNMP VRRPv3 IP address OIDs returned. + The OIDs returned for SNMPv3 addresses were incorrectly formatted, + including one extra subid that was the length of the IP address. + * Don't use numeric values of address lengths for VRRP SNMP v3. + * Stop returning not-accessible fields for v2 SNMP. + * Stop return not-accessible fields for v3 SNMP. + * Use common code for VRRP tracker SNMP output. + Many functions were using the same, fairly large, code block to do + the same thing. These are now standardised to use the new function + snmp_find_element(). + * make some vrrp snmp function parameters const. + * Make virtual_server_t vsgname const. + * Fix SNMP reporting of virtual server group fwmark and address + ranges. + * More SNMP fixes for virtual server group fwmark and address ranges. + * If virtual server is fwmark and rs's tunnelled, default to IPv4. + If a virtual server uses a fwmark, and all the real servers are + tunnelled, the address family could be IPv4 or IPv6. If the family + is not specified, default to IPv4 (to match behavious of ipvsadm). + * Make LIST_SIZE safe to use if list is not assigned. + * Optimisations to snmp_header_list_table(). + * Optimisations to snmp_find_element(). + * Further optimisation to snmp_find_element(). + * Add support for IPVS GUE tunnel type + This functionality was introduced in Linux 5.2. + To view the IPVS setup with ipvsadm requires ipvsadm v1.30 plus + commits 2347b504e3ce and c3c2c3c6ae12e3. + * Add support for IPVS GUE tunnel checksum option. + The kernel functionality is scheduled for Linux 5.3. + * Add support for IPVS GRE tunnels. + The kernel functionality is scheduled for Linux 5.3. + In addition to the ipvsadm patch requirements identified for GUE + tunnels, the patch at + * Add pure attribute to http_get_check_compare(). + GCC was suggesting adding the pure attribute to http_get_check_compare() + so let's do so. + * Resolve warnings from gcc 9.1.1. + * Resolve all outstanding coverity issues. + * Fix use of getrandom() in BFD rand_intv(). + * When resetting priority of child process, don't change parent's priority + Issue 1358 identified that it was the priority of the parent process, + rather than the child process, that was being reset. This commit corrects + that and resets the priority of the child process. + * Add missing bfd_instance vrrp and checker keyword documentation. + * Don't send bfd events to vrrp or checker process if no + configuration. + If there is no vrrp configuration, or no checker configuration, there + is no point sending bfd_event notifications to the relevant processes. + Actually, since the processes may not be running, sending such + notifications can cause the pipes to become full, so it is necessary, + as well as desirable, not to write events to the pipes in those + circumstances. + * Revert use of getrandom() for bfd jitter. + This can be called up to 1000 times a second per bfd instance, and + so risks emptying the entropy pool. + * Use random() rather than rand() in bfd rand_intv(). + The rest of keepalived uses random(), so this changes creates more + consistency. + * Allow bfd discriminator to be an odd number. + rand_intv(1, UINT32_MAX) was always returning an even number, since + RAND_MAX == UINT32_MAX / 2. This commit sets the lsb of the discriminator + to the lsb of the current time in seconds. + * Ensure BFD source port in range 49152..65535. + RFC5881 requires the source port for BFD packets to be in the above + range, but keepalived was allowing the port to be randomly generated + by the kernel, and hence could be outside the range. + This commit sets the permitted port range to the intersection of + [49152, 65535] and the values in /proc/sys/net/ipv4/ip_local_port_range, + unless the intersection is too small, in which case it just uses the BFD + specified values. + keepalived generates a random port number in the required range, and then + loops through the range starting from the random port number until it + finds one it can bind to. + * Resolve coverity resource leak issue 218872. + * Resolve coverity Resource leak issue 218875. + * Resolve coverity Resource leak issue 218876. + * Resolve coverity Unexpected control flow issue 218873. + * Change code to avoid coverity String length miscalculation issue 218874 + The code was correct, but as coverity points out, strlen(str + 1) is more + likely to be an error for strlen(str) + 1, so avoid the use of the former + construct. + +2019-06-25 Alexandre Cassen + * keepalived-2.0.17 + * Add support to define CPU affinity for vrrp, checker & bfd processes + Created 3 new configurations keywords to set CPU affinity of Keepalived + processes : vrrp_cpu_affinity, checker_cpu_affinity & bfd_cpu_affinity + This option can be used to force vrrp, checker and bfd processes to run + on a restricted CPU set. You can either bind processes to a single CPU + or define a set of cpu. In that last case Linux kernel will be restricted + to that cpu set during scheduling. Forcing process binding to single CPU + can increase performances on heavy loaded box. for example: + "vrrp_cpu_affinity 2" will force vrrp process to run on cpu_id 2 + "vrrp_cpu_affinity 2 3" will retrict kernel scheduling decision over + cpu_id 2 & 3. + * correct syntax error when _HAVE_VRRP_VMAC_ && no HAVE_IFLA_LINK_NETNSID. + * Stage libmnl and libnftnl4. + * Add dynamic download of kernels using scriplets Also added + Linux 5.0.0 build. + * Example build using EOL kernel from old-releases. + * Modify snapcraft.yaml to dynamically source correct kernel versions. + * dump processes CPU Affinity while dumping global conf. + Add support to dump CPU Affinity for each Keepalived processes where + CPU Affinity has been changed by configuration. + * Don't enclose /dev/tcp/127.0.0.1/22 in ' chars when running as script + RedHat identified a problem with scripts like: + vrrp_script { + script "' resolves the problem. + * Add support for use_ipvlan (use an ipvlan i/f similar to use_vmac) + Issue #1170 identified that use_vmac didn't work with systemd-networkd + since systemd-networkd was removing IP addresses created by keepalived + (and any other application). It was discovered that systemd-networkd + did not remove IP addresses from ipvlans. + This commit adds support for ipvlans, but to work around the problem, + and because it might have other uses. + Systemd commit - https://github.com/systemd/systemd/pull/12511 has added + configuration options to stop systemd-networkd removing IP addresses + added by other applications, but it is not merged yet, and it will be a + while before all the distros merge it. + * Fix building with ipvlans before IFLA_IPVLAN_FLAGS was defined. + * Default IPVLANs to bridge mode + We shouldn't change the behaviour if a kernel is upgraded, so + default to the original mode supported. + * Ensure that -lm linker library flag is always set + configure was testing whether it was necessary to add the -lm option, + but for some reason gcc adds it itself if -Os is not specified, but + does not add it if -Os is specified. Consequently if configure was + run without -Os, and make was run with -Os the link failed. + The commit ensures that -lm is always used. + * Handle checking for -Wl,-z,relro and -Wl,-z,now properly. + * Honour CFLAGS, CPPFLAGS, LDLIBS and LDFLAGS settings when configure runs. + * Propogate CFLAGS, CPPFLAGS, LDFLAGS and LDLIBS from configure to make files + Make sure any settings in CFLAGS etc at the time configure is run are added + to the Makefiles, to ensure that the make is run in the same environement + that configure is run in. + * Use CFLAGS, CPPFLAGS, LDFLAGS and LDLIBS correctly + Use the correct variable for the relevant option type, e.g. -llib + should be in LDLIBS, not LDFLAGS, and -Ddefn should be in CPPFLAGS + not CFLAGS. + * Fix non-ipvlan interfaces broken by adding ipvlans. + * Check bfd instance name length before copying. + * Add lib/container.h to avoid duplicate definition of container_of. + * Revisited code to use const declaration where appropriate. + * Add STRDUP/STRNDUP functions. + * Add FREE_CONST, FREE_CONST_ONLY and REALLOC_CONST. + * Change thread_t * to thread_ref_t except in thread handler code + Treat the thread reference as a handle, so that the only code that + manipulates thread structures is in the scheduler. + * Add STRDUPs in check_data. + * Add STRDUP in bfp parser code. + * -U flags should be included in CPPFLAGS + * Update track_process documentation. + Issue #1265 requested further clarify regarding the track_process + process specification and use of quote marks. + * Fix building on Linux 3.13 (required for building snaps) + * Ensure 4 extra parameters are set for notify scripts with no shebang. + * Streamline functions returning string matching a define. + * Make addattr8/16/32/64 and rta_addrattr8/16/32/64 inline functions + Since these functions simply call addattr_l/rta_addattr_l, making the + functions inline removes the overhead of one function call. + * Add genhash option -P to select HTTP 1.1 or 1.0 with Connection: close + Max Kellerman (max.kellermann@gmail.com) submitted pull request #1260 + to add "Connection: close" to the HTTP header sent by genhash. In order + to maintain backwards compatibility, this has been implemented as an + option '-P 1.0C'. In addition, '-P 1.1' requests that a version 1.1 + header is sent (which includes 'Connection: close'). + * Add http_protocol option for HTTP_GET and SSL_GET checkers. + To be consistent with commit 2ff56f5 - "Add genhash option -P + to select HTTP 1.1 or 1.0 with Connection: close", this commit + adds the http_protocol keyword for HTTP_GET and SSL_GET checkers. + 'http_protocol 1.0C' adds 'Connection: close' to a 1.0 header, and + 'http_protocol 1.1' sends an HTTP/1.1 header, which includes the + 'Connection: close' option. + * Tidy up the recieve message processing code loops in genhash. + * Add genhash -t timeout option. + * Simplify thread process in genhash after send HTTP request. + * support http status_code group + The origin status_code only support one specific code, now we can + support http status_code of the same class. That's to say, we can + use 1xx to represent 100-199, 2xx means 200-299 ans so on. + eg: The configure as follows: + url { + path /index.html + status_code 2xx 3xx + } + which means we consider all status_code range in [200,399] is ok. + Of course the following configure is either 200 or [300,399] is ok. + url { + path /index.html + status_code 2xx 3xx + } + * Fix compiler warnings introduced in commit c7c23a2 + Commit c7c23a2 - "support http status_code group" introduced + two compiler warnings, due to isdigit() being undeclared, and + a shadows declaration. These warnings are now resolved. + * Use standard bit testing and setting functions + Commit c7c23a2 - "support http status_code group" added additional + bit testing and setting functions, rather than using the already + defined ones in bitops.h. + This commit also resolves the assumption that longs are 64 bits, and + will allow the code to work with longs of any length. + The original commit would cause all status codes 100 to 599 to be + written when the configuration was dumped, regardless of whether + the specific codes were set. This commit now writes the status codes + in ranges. + Finally, if no status code is configured, it sets the bits for the + default status codes (200-299). + * Change how http status codes are configured + Commit c7c23a2 - "support http status_code group" allowed status codes to + be specified as 2xx, meaning 200-299. This commit changes the configuration + so that 2xx etc is no longer used, but status code ranges can be specified, + e.g. status_code 150 180-189 200-299 503 510-520 + * Update documentation for commit c7c23a2. + * Fix a memory leak and duplicate free in HTTP_GET checker. + * Fix sending SMTP alerts + Issue #1275 identified that SMTP alerts were not working. The SMTP alerts + were broken by commit 5860cf2 - "Make checker fail if ENETUNREACH returned + by connect()", since the SMTP state machine was not updated to handle the + addition value in enum connect_result. + This commit adds code to handle the additional enum, but also makes the + code less sensitive to such changes, and more likely to produce compiler + warnings/errors if appropriate updates are not done in the future. + * Fix various compilation warnings with certain configure options. + * Update location of PID file to match Filesystem Hierarchy Standard v3.0 + Issue #1277 identified that PID files should be created in /run rather + than /var/run, and that systemd logged a warning if the service file + specified PIDFile under /var/run. + This commit now makes keepalived use the appropriate directory for PID + files as determined by configued (rather than doing its own thing), and + configure now uses /run in preference to /var/run. + * Stop LVS sync daemon on shutdown + The shutdown of the sync daemon was delayed to phase 2 of the shutdown + which meant that the controlling VRRP instance could never be in the + master state. We now stop the sync daemon in phase 1, when the VRRP + instance is transitioned out of master state. + * Use -isystem rather than -I for path to kernel headers + Using -isystem rather than -I allows the dispensation for some warnings + to system headers to apply to the kernel header tree we are specifying. + This stops some warnings that would not occur with kernel headers under + /usr/include but that were being generated when -I was used (it + nevertheless has helped identify two bugs). + * Ensure check system headers for definition of NFT_TABLE_MAXNAMELEN + Prior to Linux 4.1 NFT_TABLE_MAXNAMELEN was not defined, but we must + include linux/netfilter/nf_tables.h before checking whether it is + defined or not! + * Improved configure testing for + * Add warning -Wwrite-strings and resolve new warnings. + * Add -Wdouble-promotion and resolve new warnings. + * Add -Wformat-signedness and resolve new warnings. + * Fix building on Ubuntu 16.04 with --disable-vrrp + The addition of including was needed on Ubuntu 16.04, + whereas it wasn't necessary on Fedora or Debian. + * Explicitly include where print format names are used. + * Add more -Wformat-* options and resolve new warnings. + * Add -Wframe-larger-than=5120 + The largest frame is just under 4200 bytes (which may be more than we + want anyway), but adding this warning will at least tell us if a stupidly + large frame is created in the future. + * Fix spelling of -Wmissing-field-initializers. + * Fix definition of PRI_rlim_t generated by configure on 32 bit systems. + * Rseolve warning re >=0 comparison for unsigned value. + * add min max judge + Although even if min > max, the code works well. We better to print + the error config to let the user know this. + * Ensure correct definition of MAX_ADDR_LEN is used + defines MAX_ADDR_LEN as 7, and + defines MAX_ADDR_LEN as 32. We need to ensure we have the longer one. + * update doc samples of keepalived.conf.status_code. + * Fix compiling on Alpine Linux 3.7. + * Update list of packages to install on Alpine Linux. + * Send GARP/NA message when leaving fault state if using unicast + If the master's ARP entry for a backup route has expired and we are + using a short advert interval (< 0.5 seconds), then the backup router + could timeout receiving adverts before the master sends its next + ARP/NDISC message; until it has had a reply to that it cannot send any + adverts to the backup router in question. + This commit makes a VRRP instance that is using unicast send a GARP/NA + when it transitions out of fault state, to ensure that the master (or + local router) can send adverts to us immediately. + * track_process: handle different threads having different names + prctl(PR_SET_NAME) is a per thread property, not a per process + property, so when a PROC_EVENT_COMM event is received, we need to + check that the tid == pid, so ensure that only the main (initial) + thread that COMM changes are considered for. + * Fix some log_message for specifiers in track_process.c. + * Fix for JSON characters escaping. + * Don't attempt to create a macvlan when using an ipvlan + netlink_link_add_vmac() detected an interface had been created, and + so didn't attempt to create a macvlan, but netlink_link_add_vmac() + shouldn't be called in this circumstance. + * On reload, report addresses being removed as removed, not thos remaining. + * Don't add further iptables entries on reload when using ipsets. + * Stop deleting VMAC/IPVLAN interfaces on reload when still needed. + * Fix formatting of email To: line. + * Improve efficiency of setting up SMTP headers. + * Fix segfault when we do not config vsg. + * Fix issues reported by coverty (unchecked return value, buffer overrun, + Logically dead code, uinitialized var, explicit null dereferenced, ...) + * Resolve compiler warning in list_sort(). + * genhash: make printssl a static function. + * Change strncpy() to strcpy_safe() in smtp_final(). + * Convert some snmp list loops to use LIST_FOREACH. + * Make inet_stosockaddr() return bool rather than int. + * Fix checking for VMAC/IPVLAN no longer used after reload + Pull request 1310 identified that there was a problem building + keepalived with VLANs but without ipvlans. The code that needed + changing was also incorrect so this commit resolves both issues. + * Fix false-positive send_instance_notifies calls + Issue #1311 identified that duplicate notifies were being sent on + a reload, and pull request #1312 provided a fix. Unfortunately other + intervening commits stopped the original patch applying, so this + updates the original patch. + The patch also stops duplicate logging of vrrp instance states on + reload when there has been no change. + * Set thread parameter value explicitly to 0 when add timer thread + It is possible for a function to be called either from a timer thread + or an event thread. When an event thread is added, a vlue can be passed + which will be passed to the function, but currently there is no way to + set the value for a timer thread (a function thread_add_timer_val() can + be added when needed), but in order to allow the value to be used with + an event thread, it needs to be explicitly set to something when called + via a timer thread, so just set it to 0. + * Remove VRRP_DISPATCHER definition - it was not used. + * Some minor tweaks for the format of keepalived.data. + * Make track_process, parser and dump_keywords --debug options. + * Change default to not check for EINTR if use signalfd. + * Don't send prio 0 adverts for deleted VRRP instance that wasn't master + When a VRRP instance ceases to exist following a config reload, we must + only send priority 0 adverts if the deleted instance was in master state + prior to the reload. + * Send notifies when vrrp instance deleted on reload + This commit makes notifies be send saying that the instance is in + fault state, since that is the closest we have to the instance being + deleted (the instance can't run since it is deleted which is quiet + similar to being in fault state). + * Streamline some HTTP_GET code. + * Simplify HTTP_GET epilog parameters + Parameters t and c weren't needed, since they can be determined from + the method parameter if we add REGISTER_CHECKER_FAILED. + * Set checker->has_run for HTTP_GET after failure + The behaviour we want after a failure of checking a URL at startup + is the same as if all checks had completed, so if there is a failure, + just set checker->has_run. + * Make http_get url_it point to list element rather than a counter + This makes fetching the next URL more efficient. + * When we run the initial HTTP_GET check, we don't want any retries + It isn't only the first URL that shouldn't have retries, but all of + them. This commit implements that. + * When an HTTP_GET url check fails, keep checking that URL until success + When a URL check has failed, there is no point checking other URLs until + we know the one that has failed is working again. The approach now is + that the failed URL is checked until it is Ok again, and then all the URLs + are checked before the checker is successful. This will reduce the recovery + time once the failed URL recovers. + * When starting up, don't delay between checking all the URLs + When we start up, particularly in alpha mode, we want to check the + URLs as quickly as possible, so don't delay by delay_loop between + checking each URL, but check them immediately one after the other. + * After HTTP_GET URL failure, delay max of delay_loop and delay_before_retry. + * After an HTTP_GET failure, check the URLs without any delay + This means that recovery will occur as quickly as possible. + * Some cosmetic changes to check_ssl.c. + * Add option fast_recovery for HTTP_GET. + Commits 3027e0c - "When starting up, don't delay between checking all the + URLs" and 86e02dd - "After an HTTP_GET failure, check the URLs without + any delay" removed the delay between URL checks both at startup and after + a URL check failure. This commit makes that options, and it will only do + the fast checking if fast_recovery is configured against the checker. + * Make set_value() check for missing parameter + Pull request #1308 identifed that if set_value() was called when + there wasn't a parameter on the command line, keepalived could + segfault since NULL was returned (examples were HTTP_GET with an + empty path specified, and DNS_CHECK with empty name). + This commit modifies set_value() so that keepalived will exit if + it is called with no keyword parameter is missing. Uses of + set_value() where no parameter did not cause a problem (e.g. where + the whole option was optional, such as virtual_host) now check if + the parameter is mising and report a configuration error. + * Handle vrrp tracked interfaces being down on reload + If the base interface of a vmac interface was down on reload, the + vrrt instance would not come back up after the base interface came + back up. + * Don't log error when sending priority 0 advert after interface goes down. + * Cosmetic change to address_exist(). + * Add information regarding SElinux and keepalived. + * Fix overflow status code + Under normal circumstances, status_code returns 100-599, + but if it is a constructed abnormal reply message, + it may be out of the range, resulting in the status_code + array out of bounds, and then keepalived segfault. + * Ensure HTTP status code is preceeded by a space character. + * Fix setting existing macvlan etc base interfaces at startup. + * Add further SELinux references. + * Resolve implicit declaration of function ‘strdup’ warning. + * Allow location of /run dir to be specified to configure + The commit adds configure option --with-run-dir=PATH + * Fix reloading when interfaces deleted and recreated + If have macvlans on a real interface, with vmacs configured on the + macvlans and the macvlans are deleted, the vmacs from them are removed + from the configuration, the configuration is reloaded, and this is done + for more than one macvlan, and then the configuration is reinstated + one by one with the configuration being reloaded, keepalived was + incorrectly setting some of the vrrp instances to fault state. This commit + resolves the issues. + +2019-05-03 Alexandre Cassen + * keepalived-2.0.16 + * Add log_unknown_vrids keyword. + Commit 21e6f5f added logging when a VRRP packet was received on an + interface and the VRID in the advert was not configured on that + interface. + Due to valid uses of keepalived having a VRRP instance on an + interface, but there being other, independent, VRRP instances with + different VRIDs on the same interface, this patch only enables logging + of unknown VRIDs if it is specifically configured. + * Stop segfault when reload and using -x option. + * Fix compilation error found by Travis-CI. + * Fix a couple of typos. + * Ensure check command line when needed for track process. + * Check if comm really changed when get PROC_EVENT_COMM_CHANGE. + * Fix debounce delay handling for track_process. + * Optimise add_process(). + * Remove processes no longer being monitored. + * Optimise check_process(). + * Ignore process threads for track_process. + * Allow matching of process parameters in track_process + This additional functionality was requested in issue #1190. + * Allow separate delay timers for fork and process exit in + track_process. + * Add quorum_max for track_process. + This allows track_process to go to fault state if more than a + specified number of instances of a process are running. In particular + it can go to fault state if more than one instance is running, and + also if any instance of a process is running. + * Add configuring process name. + With up to 4 processes running all named keepalived, it can be + difficult to know which is which. The commit adds the option to + allow process name to be set independantly for each process. + * Handle macvlans/macvtaps being moved into different namespace from parent + If a macvlan or macvtap interface is moved into a different namespace from + its parent, and the interface is in the namespace in which keepalived is + running, keepalived is unable to get information about, or configure, the + parent interface. In this case, treat the macvlan/macvtap interface as though + it doesn't have a parent interface. + There are a couple of consequences of this in this situation: + 1) If a vrrp instance is configured with use_vmac and its configured interface + is such a macvlan/macvtap interface, keepalived cannot ensure that the + arp_ignore and arp_filter settings are correct on the parent + 2) keepalived cannot check that there a not duplicate VRIDs being used on the + interface. + * Typo writing word error fix. + * Add vrrp instance priority change notifications on FIFOs only. + Issue #1213 requested notification of vrrp instance priority changes, + and this commit implements that with new FIFO messages: + INSTANCE "VI_0" MASTER_PRIORITY 220 + INSTANCE "VI_0" BACKUP_PRIORITY 254 + This has been implemented via notify FIFOs only, since the order of + processing of scripts is indeterminate if events happen quickly in + succession, potentially causing the last processed priority by a + script not to be the lastest priority, and using SMTP notification + would be ridiculous. + * Allow user and group ownership of FIFOs to be configured. + * Remove extraneous debugging message from process_name commit + Commit 4ad6d11 - "Add configuring process name" accidentally left + a debugging log message in the code. This commit removes it. + * Fix FREE error if tracked process has no parameters. + * Fix track processes when reloading. + * Fix route add/delete on reload if only change via address + If a virtual_iproute + src 100.100.100.100 2.2.2.2/32 via 100.100.100.2 dev eth0 + is changed to + src 100.100.100.100 2.2.2.2/32 via 100.100.100.1 dev eth0 + on a reload the route didn't get updated. The reason is that the + via address wasn't used in the comparison of routes, so keepalived + didn't detect that it had changed. + * Define TASK_COMM_LEN rather than use numbers in code. + * Fix promote_secondaries. + * Add snmpd.service to keepalived.service if SNMP enabled. + * Add issue templates for github. + * Make utils.c function parameters const where appropriate. + * Add missing info to check process dump file. + * Make ipvs_talk() error message more meaningful + The error message used to just output the IPVS command number, now + the name of the command is reported too. + * Make more use of LIST_FOREACH in ipwrapper.c. + * Change VS_ISEQ etc to be functions and correct them. + * Resolve removing virtual servers in virtual server groups after + reloading. + * Update NOTE_vrrp_vmac.txt re sysctl settings. + * Ignore base interfaces of macvlans if in a different namespace. + * Don't lose sin_addr_l and sin6_addr_l lists from interface when recreate + Issue #1232 identified that keepalived segfaulted when an interface was + recreated. This commit resolves the problem of the address lists being + lost. + * Fix commit 128bfe6 for pre v4.0 kernels + Commit 128bfe6 - "Ignore base interfaces of macvlans if in a different + namespace" added using IFLA_LINK_NETNSID to detect if the parent of an + interface was in a different namespace. Unfortunately that was only + introduced in Linux v4.0, so don't attempt to use it if it is not + defined. + For kernels older than v4.0 if a macvlan interface's parent is in + another network namespace, but the ifindex of the parent interface also + exists in the namespace in which keepalived is running, then keepalived + will believe the parent of the macvlan is the wrong interface. + * Fix commit 3207f5c - IFLA_LINK_NETNSID is not #define'd + This fixes commit 3207f5c - "Fix commit 128bfe6 for pre v4.0 kernels". + A configure test is needed to check for IFLA_LINK_NETNSID. + * Further fixes/improvements for MACVLAN parents in different + namespaces. + * allow to set zero weight for real server. + * Add comments re needing to enable protocol 112 in an AWS security + group. + * Check if base i/f of a residual macvlan is in correct namespace. + * Stop segfault if using DBus and have invalid VRRP configuration. + If a VRRP instance was removed by vrrp_complete_init() it was causing + a segfault in the DBus code. The commit moves the initialisation of + DBus until after the validity of the VRRP instances has been checked. + * Handle DBus process properly when reloading. + DBus may change from being enabled to disabled or vice versa and + the code didn't handle that. + * Close DBus pipes when stop using DBus. + * Add some more LIST_FOREACH to DBus code. + * Move a g_free() to after last use of the freed string in vrrp_dbus. + * Fix error in man page. + * Handle network namespace name properly when reloading. + * Don't call g_hash_table_remove() when using g_hash_table_foreach_remove() + g_hash_table_foreach_remove() removes each object from the hash table, + so calling g_hash_table_remove() as well made it not work properly. + * Resolve various aspects of reloading when also using DBus. + 1. Add ability for DBus to be enabled and disabled at reload + 2. Correctly handle vrrp_instance name change for matching interface/ + family/VRID. + 3. Correct handling of interface/family/VRID change for a vrrp_instance + with the same name. + * Resolve segfault when a vrrp_instance has no interface specified. + * Fix sending priority 0 adverts after reload for deleted vrrp + instances. + During a reload, vrrp_dispatcher_release() was called prior to + reloading the configuration, and it closed all the vrrp send/receive + sockets. However it isn't until after the reload that it is known which + vrrp instances no longer exist, and clear_diff_vrrp() attempted to send 0 + priority adverts for those instances. Since the sockets had already been + closed, the adverts could not be sent. Worse, the socket_t structures had + been released, but the released memory was accessed in attempting to send + the adverts. + This commit delays calling vrrp_dispatcher_release() until after the new + configuration has been reloaded, and it sends 0 priority adverts before + all the old sockets are closed. Following this new sockets are opened. + It would be possible to make the code more efficient and retain the sockets + that still need to be used, rather than closing them and opening new ones, + but that is for another commit. + * Update some comments in vrrp_snmp.c. + * Use structure initialisation to clear struct, rather than memset. + * Fix logging if receive EPOLLHUP, EPOLLERR and add for EPOLLRDHUP. + * Add support for network timestamp debugging. + * Check return code from recvfrom() before other values for + track_process. + * Use IPV6_RECVPKTINFO rather than IPV6_RECVHOPLIMIT when check + multicast. + * Ensure virtual servers are properly removed when reloading. + Pull request #1246 provided a patch to resolve the issue of virtual + servers in a virtual server group that are deleted from the virtual + server group on a reload weren't being removed from the IPVS + configuration. However, the patch didn't quite work with the current + HEAD of the master branch. + This commit incorporates that patch provided and makes the necessary + adjustments for it to work correctly. + * Cosmetic changes to IPVS code. + * Make clear the IPv6 instances use VRRP version 3. + * Delete redundant code. + * Update comments in vrrp_nftables.c. + * Update for gcc v9 + Detect if -Wchkp is no longer supported, and fix a -Wstrict-overflow + warning in write_backtrace(). + * Add additional compiler warnings available in gcc verion 9. + +2019-04-04 Alexandre Cassen + * keepalived-2.0.15 + * Fix uninitialised variable. + * Fix rpmbuild on CentOS7, and rely on auto-requires. + * Add option to flush lvs on shutdown. + Currently all known virtual servers and their real servers are + removed one at a time at shutdown. With large configurations on + a busy system, this can take some time. + Add an option just like the existing 'lvs_flush' which operates + on shutdown. Typical environments with a single keepalived instance + can take advantage of this option to achieve a faster shutdown or + restart cycle. + * Make alpha mode checkers on new real servers start down on reload. + Patch #1180 identified that new real servers with alpha mode checkers + were being added online immediately, and if the checker then failed + were being removed. This commit makes real servers that didn't exist + before the reload start in down state if they have alpha mode checkers. + * Remove duplicate config dump entry. + * Make new real servers at reload start down if have alpha mode + checkers. + * Close checker and smtp_alert sockets on reload. + Issue #1177 identified that sockets were being left open (lost) after + a reload. It transpired that these were sockets opened by TCP_CHECK, + HTTP_GET, SSL_GET, DNS_CHECK and SMTP_CHECK checkers, and by smtp_alerts + in the process of being sent. + This commit adds an extra parameter to thread_add_read() and + thread_add_write() to allow indicating that the scheduler should close + the socket when destroying threads. + * Send vrrp group backup notifies at startup. + * Make inhibit_on_failure be inherited by real server from virtual + server. + * Allow real and sorry servers to be configured with port 0 + This is to maintain backwards compatibility with keepalived prior + to commit d87f07c - "Ensure always check return from inet_stosockaddr + when parsing config". + The proper way to configure this is to omit the port, which requires + the next commit. + * Don't setup IPVS config with real and virtual servers ports + different. + If the real server is using DR or TUN, the port of the real server must + be the same as the port of the virtual server. This commit uses the + virtual server port for the real server when configuring IPVS. + * Log warnings if real server and virtual server ports don't match + This commit adds logging warnings if virtual and real server ports, + when using TUN or DR, don't match. + It also sets the real server ports to be the same as the virtual server + ports. Although listing the IPVS configuration with ipvsadm will look + different, the kernel ignored the port of a real server when using DR + or TUN, so the behaviour isn't changed, but when looking at the + configuration it now shows what is actually happening. + * Fix warning when protocol specified for virtual server with fwmark. + * Add log message that nb_get_retry is deprecated. + * Fix whitespace in configure.ac. + * Fix configure error when systemd not installed + configure was trying to execute + pkg-config --variable=systemdsystemunitdir systemd + even if systemd was not available. + This commit makes configure only execute the above if it has determined + that systemd is the correct init package to use. + * Correct references to RFC6527 (VRRPv3 SNMP RFC). + * nsure checker->has_run is always set once a checker has run. + * Fix some indentation in configure.ac. + * Update fopen_safe() to open temporary file in destination directory + rename() in fopen_safe() was failing if the file being created + was not on the same filesystem as /tmp. + * Add ${_RANDOM} configuration keyword. + It might seem strange to introduce random elements to configuration + files, but it can be useful for testing. + * Fix using ~SEQ() in multiline configuration definitions. + * Make blank lines terminate a multiline definition. + * Minor updates for lvs_flush_on_stop. + * Add option to skip deleting real servers on shutdown or reload + If a virtual server is removed, the kernel will remove its real servers, + so keepalived doesn't explicitly need to do so. + The lvs_flush_onstop option removes all LVS configuration, whereas this + new option will only remove the virtual servers managed by keepalived. + * Correct error message re checker_log_all_failures. + * Fix syntax error in configure.ac. + * Fix track_process initialisation for processes with PIDs starting 9. + * Remove debugging log message. + * Remove inappropriate function const attributes + They were causing iptables/ipsets not to be initialised. + * Stop warning: function might be candidate for attribute ‘const’ + Depending on what configure options are selected, gcc can output + the above warning for initialise_debug_options(). + This commit ensures that the warning is not produced. + * Enable strict-config-checks option in keepalived.spec RPM file. + * vrrp: relax attribute 'const' warning at iptables helpers. + * Propagate libm to KA_LIBS. + * Fix building on Alpine Linux. + Alpine (musl) doesn't have a definition of __GNU_PREREQ, so create a + dummy definition. + +2019-03-24 Alexandre Cassen + * keepalived-2.0.14 + * Add compiler warning -Wfloat-conversion and fix new warnings. + It was discovered that passing 0.000001 as a parameter specified + as uint32_t to a function did not generate any warning of type + mismatch, or loss of precision. + This commit adds -Wfloat-conversion and fixes 3 instances of new + warnings that were generated. + * For non systemd enviroment, it occurs syntax error 'fi'. + To avoid syntax error, modify keepalived.spec.in. + * When uninstall keepalived with init upstart, stop keepalived process. + * Fix type re LOG_INGO should be LOG_INFO * 6git stash --cached. + The code was actualy in a #ifdef INCLUDE_UNUSED_CODE block, and + so isn't currently compiled. + * Register missing thread function for thread debugging. + * Fix reutrn value of notify_script_compare misusing issue. + * Fix typo in keepalived.conf man page re BFD min_rx. + * Fix segfault when bfd process reloads config. + Issue #1145 reported the bdf process was segfaulting when reloading. + The bfd process was freeing and allocating a new thread_master_t + when reloading, which doesn't work. This commit changes the bfd + process to clean and reinitialise the thread_master_t. + * Fix segfault in handle_proc_ev(). + On Linux 3.10 the ack bit can be set in a connector message, and + the CPU number is set to UINT32_MAX. This commit skips acks, and + also checks that CPU number is within range of the number of CPUs + on the system. + * Fix OpenSSL init failure with OpenSSL v1.1.1. + OpenSSL v1.1.1, but not v1.1.0h or v1.1.1b failed in SSL_CTX_new() + if OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG) had previously + been called. + This commit doesn't call OPENSSL_init_crypto() if doing so causes + SSL_CTX_new() to fail. + * Remove all references to libnfnetlink. + Commit 2899da6 (Stop using linbl for mcast group membership and + setting rx buf sizes) stopped using libnfnetlink, but INSTALL and + keepalived.spec.in were not updated accordingly. + * Fix genhash re OPENSSL_init_crypto bug and improve configure.ac. + Commit fe6d6ac (Fix OpenSSL init failure with OpenSSL v1.1.1) didn't + update the identical code in genhash/ssl.c. Also, an improvement for + the test in configure.ac was suggested. + * Fix log output when real server removed. + FMT_VS() and FMT_RS() both call inet_sockaddrtotrio which uses a + static buffer to return the formatted string, but since FMT_VS(), + wheich simply calls format_vs() copies the returned string to its + own static buffer, if FMT_VS() was called before FMT_RS() then + the returned strings from both could be used. + The problem occurs when both FMT_VS() and FMT_RS() are used as + parameters to log_message() (or printf etc). It appeared to work + fine on x86_64, but was writing the same IP address for both the + real server and virtual server on ARM architectures. This is due + to the compiler evaluating parameters to the log_message() function + call in a different order on the different architectures. + This commit adds inet_sockaddrtotrio_r() which allows the output + to be in a buffer specified by the caller, and so FMT_VS() and + FMT_RS() can now be called in either order without one overwriting + a buffer used by the other. + * Streamline some string formatting with FMT_RS() and FMR_VS(). + Following commit 9fe353d (Fix log output when real server removed) + some code can be streamlined now that the order of calling FMT_VS() + and FMT_RS() does not matter. + * Replace FMT_HTTP_RS(), FMT_TCP_RS() and FMT_DNS_RS() with FMT_CHK(). + They were all simply defined to be FMT_CHK() so just replace them + with that. This made it much simpler to find all used of FMT_CHK(). + * Fix building with gcc 4.4.7 (Centos 6.5). + gcc v4.4.7 doesn't support -Wfloat-conversion, so check for it at + configure time. + * Add dumping checker config/status when receive SIGUSR1. + * Don't put alpha mode checkers into failed state at reload + If a new checker is added at a reload, unless the real server aleady + has failed checkers, then ignore the alpha mode of the checker. This + means that the real server, if up, won't be taken down and then brought + back up again almost straight away. If the real server already has + failed checkers, then setting an alpha mode checker down initially + won't take down the real server, so we can allow the alpha mode setting + to apply. + * Handle alpha mode checkers initial failure at startup better. + * Fix compile failure discovered by Travis-CI. + * Fix calling syslog when not using signalfd(). + Pull request #1149 identified that syslog is AS-Unsafe (see signal-safety + man page), and that therefore signals should be blocked when calling it. + This commit blocks signals when calling syslog()/vsyslog() when signalfd() + is not being used. + * Rationalise function attributes. + * Fix enable-optimise configure option. + * Use AS_HELP_STRING for all options in configure.ac. + * Streamline genhash -h option. + * Make genhash -v version match keepalived. + * Fix config check of virtual server quorum against weights of real + servers. + * Fix some configure tested checks for OPENSSL_init_crypto. + * Add infrastructure for adding additional compiler warnings. + * Add standard and extra compiler warnings. + * Add and resolve missing-declarations and missing-prototypes warnings + Approximately 16 additional functions are now declared static. + * Add and resolve old-style-definitions warnings + * Add and resolve redundant-decls warnings + * Add and resolve jump-misses-init warnings + * Add and resolve shadow warnings + * Add and resolve unsuffixed-float-constants warnings + * Add and resolve suggest-attribute=const warnings + * Add and resolve suggest-attribute=format warnings + * Add and resolve suggest-attribute=malloc warnings + * Add and resolve suggest-attribute=noreturn warnings + * Add and resolve suggest-attribute=pure warnings + * Add and resolve unused-macros warnings + * Add and resolve null-dereference warnings + * Add and resolve float-equal warnings + * Add and resolve stack-protector warnings + * Add and resolve strict-overflow=4 warnings + * Add and resolve pointer-arith warnings + This particularly includes adding a number of bytes to a void *. + * Add and resolve cast-qual warnings + * Resolve additional warnings identified on Centos 6.5/gcc 4.4.7 + * Remove static from zalloc() + * Fix some compiler warnings on Ubuntu Xenial, and add comments re + others. + * Rename LIST parameters to lst in list_head.h to avoid upper case. + * Fix real server checkers moving from failed to OK on reload. + * add rs judgement in migrate_checkers. + * Detect connection failure in genhash and exit rather than loop. + * Add another function pure attribute. + * Fix sending notifies for vrrp instances at startup when in sync group + Issue #1155 idenfified that notify scripts for vrrp instance transition + to backup state when keepalived started up were not being sent if + the vrrp instance was in a sync group. It was also the case that SNMP + traps, SMTP alerts and FIFO notifies were not being sent either. + This commit make keepalived send the initial notifies when the vrrp + instance is in a sync group. + * Fix building keepalived RPM on Fedora 26. + For some reason -fPIC is needed when testing for the presence of + setns(). + * Add vrrp_startup_delay configuration option. + Some systems that start keepalived at boot time need to delay the + startup of the vrrp instances, due to network interfaces taking + time to properly come up. This commit adds a global configuration + option vrrp_startup_delay that delays the vrrp instances starting + up, for the specified number of seconds. + * Handle checkers properly when reload immediately after startup. + * Streamline some of the SMTP checker code. + * Create separate checker for each host in SMTP_CHECK block + Having multiple host entries in an SMTP_CHECK block is deprecated. + This commit streamlines the SMTP_CHECK code by creating a separate + SMTP checker for each host declared in the SMTP_CHECK block, so that + apart from parsing the configuration, the code no longer handles + multiple hosts per checker. + The support for parsing configuration with multiple hosts is only + enabled if WITH_HOST_ENTRIES is defined in check_smtp.c. It is + currently enabled, but when support for multiple hosts in the + SMTP_CHECK block is finally removed, it will simply be a matter of + deleting all code in the WITH_HOST_ENTRIES conditional blocks. + * Make checker fail if ENETUNREACH returned by connect(). + The connect() call can return some immediate errors such as ENETUNREACH. + These were not being treated as a failure of the checker, since the code + used to assume that any non success return by connect() meant that the + connection was in progress. + keepalived will now treat ENETUNREACH, EHOSTUNREACH, ECONNREFUSED, + EHOSTDOWN, ENETDOWN, ECONNRESET, ECONNABORTED, ETIMEDOUT, when returned + by connect(), as meaning that the checker has failed. + * Don't set SO_LINGER with a timeout of 0 + SO_LINGER with a timeout of 0 causes a TCP connection to be reset + rather than cleanly closed. Instead of specifying a timeout of 0, + use 5 seconds, so that there is an orderly shutdown of the TCP + connection, but the close socket doesn't remain in TIMED_WAIT state + for more than a short time. + * nftables: fix build with kernel lower than 4.1. + * Remove dead code & cosmectics. + Remove code marked as UNUSED where things simply go nowhere even if + define is set. We keep for the moment UNUSED code related to debug + helpers used during coding process. + +2019-02-19 Alexandre Cassen + * keepalived-2.0.13 + * Add BFD build option to keepalived.spec rpm file + Issue #1114 identified that the keepalived.spec file was not being + generated to build BFD support even if keepalived had been configured + to support it. + * Copy tarball to rpmbuild/SOURCES when building in place + It seems that even when building in place, rpmbuild expects the + tarball to be in the rpmbuild/SOURCES directory. + * Fix configure check for __always_inline + * Handle interface MAC addresses changing + When an interface is added to a bond interface, if it is the first + interface added, the MAC address of the bond interface is changed + to the MAC address of the added interface. When subsequent interfaces + are added, their MAC addresses are changed to that of the bond + interface. + Issue #1112 identified that if a bond interface is deleted and + recreated, the gratuitous ARPs were sent with the wrong source MAC + address. + This commit now updates interface MAC addresses from the netlink + RTM_NEWLINK messages, so that the correct MAC address is always + used. + * Minor tidying up of opening gratuitous ARP socket. + * Streamline setting SOCK_NONBLOCK on vrrp sockets. + * Use netlink reported hardware address length for unsolicited NAs + ETH_ALEN is correct for Ethernet type interaces, but is not right + for Infiniband interfaces. + * Minor tidying up of opening gratuitous NA socket. + * Make gratuitous ARP/NA sockets non blocking + keepalived shouldn't block when sending gratutious ARP/NA messages. + It is better to lose the messages than for keepalived to block, so + set the sockets non blocking. + * Use netlink provided broadcast address for gratuitous ARP + If an interface has a non-standard broadcast address, we should + honour it. + * Fix building on pre 3.10 kernels re track_process + Issue #1119 reported that keepalived wouldn't build on CentOS 6. + Various PROC_EVENT_* declarations were assumed to exist, some of which + were not introduced until Linux v3.10. Most of them are not needed, but + PROC_EVENT_COMM is used by the track_process code. + This commit now checks for the existence of the PROC_EVENT_* declarations, + but since keepalived uses PROC_EVENT_COMM, track_process is not supported + prior to Linux v3.2. + * Make track_process work prior to Linux 3.2, but with limitations + Prior to Linux 3.2 the PROC_EVENT_COMM event did not exist, which + means that keepalived is unable to detect changes to process name + (/proc/PID/comm) prior to Linux 3.2. most processes do not change + their process name, and so using track_process prior to Linux 3.2 + is safe so long as the monitored processes are known not to change + their process name. + * Stop configure failing when nftables is not supported. + * Streamline socket use with linkbeat. + Previously the socket used for ioctls was opened and closed twice per + poll if using MII or ETHTOOL polling, and once per poll if using ioctl + polling. This commit opens the socket once at startup, uses that socket + for all linkbeat polls, and closes it on termination. + * Enable linkbeat polling to work with dynamic interfaces. + * Add linkbeat_interfaces configuration block + It was not possible to indicate that an interface that wasn't used + as the interface of a vrrp instance, but was used either as a track + interface, or for virtual/static ip addresses or routes should use + linkbeat. This commit adds that capability. + * Add ability to specify linkbeat type in linkbeat_interfaces block. + * Add --disable-linkbeat configure option + Does anyone use linkbeat anymore? This commit enables keepalived to + be build without the linkbeat code. + * Don't remove link local IPv6 address from VMAC that isn't keepalived's + If IFLA_INET6_ADDR_GEN_MODE isn't supported and a macvlan interface + already had a (non-default) link local addresss and the link local + address that matched the interface's MAC address was added, keepalived + was removing it as soon as it was added. This commit stop keepalived + removing the address when we shouldn't. + * Set configure init type correctly in keepalived.spec file. + * Fix handling of VMACs with multiple reloads + If a configuration is loaded that has a VRRP instance using a VMAC, + then the configuration is updated to remove that VRRP instance and + keepalived reloads its configuration, then the configuration is + updated again to reinstate the VRRP instance and the configuration + is again reloaded, keepalived thought the VMAC interface still + existed, whereas it was deleted following the first reload. + This commit ensures that keepalived properly detects whether an + interface exists following a reload. + * Remember more than one interface local address per interface + Keepalived needs a local address for each interface it sends adverts + on. If the address keepalived is using is deleted and another address + is configured on the interface, then keepalived should start using + that address. To do this, a list of configured address on each + interfaces needs to be maintained. + * Don't consider VIPs as local addresses when restart after crash + Keepalived maintains a list of addresses per interface that can be + used as source adddresses for adverts. To build the list, keepalived + reads the addresses configured on interfaces when it starts. However, + if keepalived crashed it will have left VIPs configured on interfaces, + and we don't want to use them as advert source addresses. + This commit makes keepalived compare the addresses on interfaces + to VIPs, and ignores any addresses that are VIPs. + * Fix removing left over VIPs at startup. + * Use read_timer() when parsing config where appropriate. + * Allow fractional warmup, delay_loop and delay_before_retry for checkers + To shorten the real server monitoring interval, make it possible to specify + decimal value for following items: + warmup + delay_loop + delay_before_retry + * Update connect_timeout configuration options + Based on the patch submitted by tamu.0.0.tamu@gmail.com this patch + allows setting the connect_timeout to a resolution of micro-seconds. + The patch also adds the ability to set a default value at the virtual + server and real server levels. + * Fix unused variable warning when building only with RFC compliant + SNMP. + * It enable to set zero value as mintime for delay_loop and connect_timeout. + * Add option not to check for EINTR if using signalfd() + If keepalived is using signalfd(), there are no asynchronous signal + handlers, and therefore EINTR cannot be returned. + Currently the check for EINTR is enabled by default, and configure + option --disable-eintr-debug disables the check, while + --enable-eintr-debug enables writing log entries if EINTR is returned. + Once sufficient testing has been performed, the default will be + changed not to test for EINTR if signalfd() is supported. + * Make checking for EAGAIN/EWOULDBLOCK consistent + The code in some places checked errno for EAGAIN and EWOULDBLOCK + and in other places only checked EAGAIN. On Linux EAGAIN == EWOULDBLOCK, + so the check is not necessary, but EAGAIN is not guaranteed to be the + same value as EWOULDBLOCK, so define check_EAGAIN that only checks EAGAIN + if they are the same value, but checks both if they are different. + * Ensure default connection timeout for smtp checker hosts set. + * Set default connection timeout if no smtp check host specified. + * Fix min timer value, zero to 0.000001Sec. + * Add fixing min time for vs_co_timeout_handler() and rs_co_timeout_handler(). + * Fix parameter of read_timer(), it treat Mintime and Maxtime as microseconds. + * vrrp: vrrp_dispatcher_read() performance extension + We took time with Quentin to simulate and rework this code. We introduced + 2 imbricated while loop: + (1) First one is catching recvfrom EINTR (this code trig + only on kernel older than 2.6.22 where signalfd was firstly introduced). + Newer kernel will immediately break the loop (hey guys: if you are running + older than 2.6.22 it is worth considering upgrading). + (2) Second loop will continue reading from socket until same VRID advert + has been received during the same cycle. After simulating, it appears that + during contention with a lot of VRRP instances (around 1500), this design + is needed to relax socket recvq from growing. This can be viewed as a + Poll-Mode activation during contention and fallback to regular I/O MUX + during normal operations. This loop breaks immediately and re-submit + opration to I/O MUX when there is no more to be read. + * Fix conversion from long for double in read_timer(). + * Remove variable timer of unsigned long cast in read_timer(). + When Double type variable timer is cast to long type, it's scale falls. + +2019-01-26 Alexandre Cassen + * keepalived-2.0.12 + * Documentation related. + Remove keepalived.conf.SYNOPSIS content to make a pointer to manpage. + Update README manifest to reflect actual Keepalived goal and features. + * Improve error message if process events connector not enabled in + kernel. + * Add option to disable track-process functionality + Issue #1099 reported that their kernel did not support the proc events + connector, and it would therefore be helpful to have an option to build + keepalived without the track-process functionality. + This commit adds the --disable-track-process configure option. + * Fix vrrp instances going to fault state when have virtual routes + If an interface going down caused a vrrp instance to go to fault + state, and the vrrp instance also had virtual routes, the state + of the vrrp instance would be set to backup when the deletion of + the virtual route was detected. This commit ensures that the vrrp + instance stays in fault state until the interface is brought up + again. + * Remove Red Hat Linux 9 and RH Enterprise Linux 3 from spec file. + Red Hat Linux 9 and Red Hat Enterprise Linux 3 are both based on + Linux 2.4, which is no longer supported by keepalived. The options + in the spec file for Reh Hat Linux 9 have twice caused people to + specify wrong options to configure when trying to build keepalived, + so the options are removed to i) avoid confusion and ii) they are + not longer relevant. + * Add global option vrrp_min_garp. + By default keepalived sends 5 gratuitous ARP/NA messages after + transitioning to master, and 5 more 5 seconds later. This isn't + necessary with modern switches, and so if the vrrp_min_garp option + is set, only one gratuitious ARP/NA message is sent after transition + to master, and no repeat messages are sent 4 seconds later. + * Standardise definition of _INCLUDE_UNUSED_CODE_ + * Remove out of date comment re VRRP over IPv6. + * Correct typo in keepalived.conf.5. + * Directly use structure sizes for packet header lengths. + * vrrp_state_fault_rx() is not used. + Wrap the function in conditional compilation so it is not compiled + * Convert so list loops to use LIST_FOREACH. + * Don't recalculate vrrp packet header address. + vrrp_get_header() calculates the address of the vrrp header in a + received packet, but it was being recalculated in vrrp_in_chk(). + This commit passes the already calculated address to vrrp_in_chk(). + * Ensure a received packet has an AH header if and only if AH auth. + Ensure that a received packet has an AH header if we expect AH + authentication, and doesn't have an AH header if we don't expect + AH authentication. + * Ensure all protocol headers received before return pointer to vrrp header + vrrp_get_header() returns a pointer to the vrrp header, but it now returns + NULL if insufficient data has been received to include all the (IP, + possibly AH, and VRRP) headers (this does not include the VIPs in the VRRP + packet). + This means that when a pointer to the VRRP header is returned, all fields in + all protocol headers can safely be accessed. + * Add check of received IPv6 hop count in multicast adverts + The VRRP RFC requires that IPv6 hop count MUST be checked to be 255, + just as the TTL for IPv6 must be 255. Previously that wasn't being + checked, since IPv6 raw sockets don't provide access to the IPv6 + header. + Using recvmsg() rather than recvfrom(), and setting socket option + IPV6_RECVHOPLIMIT allows keepalived to receive the hop count as + ancillary data, and that can now be checked. + * Improve reading from vrrp receive sockets. + Previously no check was made of the return value from recvfrom()/ + recvmsg(). This meant than an error could occur (e.g. EINTR), or no + data might be returned, and keepalived would still attempt to process + the receive buffer as though data had been received. + * Enhance and streamline checking of validity of received VRRP packet + This includes checking that a packet is multicast, unless unicast is + expected in which case it is checked for unicast, ensuring that if + AH authentication is used, the next header protocol is VRRP. + The sequence of some checks is revised to ensure that the fields being + checked are valid to be accessed prior to accessing them, e.g. check + that the packet is VRRP version 2 before checking the authentication. + * Stop clearing receive buffer before receiving VRRP packets. + This is no longer necessary now that the appropriate checks are + made of the return status of recvmsg(), and also that the checks + of received packet length and packet headers now do all necessary + checks. + * Add compile time checks for IPV6_RECVHOPLIMIT/IPV6_RECVPKTINFO + support. + * Update keepalived.spec.in build-requires. + The kernel package required for building keepalived is kernel-headers + not kernel-devel. Also, it is superfluous to have package kernel in + the build-requires! + * Add missing file (build.setup) to tarball. + * Fix calculating print format to rlim_t in configure.ac. + * Fix compiler warnings on 32 bit systems re HASH_UPDATE. + Removing all the casts stopped the warnings. + * Use PRI_rlim_t when printing rlim_t types. + * Use %zd/%zu for ssize_t/size_t to avoid warnings on 32 bit systems. + * Fix some space/tab formatting. + * Stop declaring some timer definitions unsigned to stop compiler + warnings. + TIMER_HZ, TIMER_CENTI_HZ, NSEC_PER_SEC were causing some compiler warnings + on some systems due to being defined with a 'U' unsigned suffix. Removing + the unsigned specifier stopped the compiler warnings. + * Fix compiler warning due to incorrect format specifier. + An int64_t should use % PRIi64 and not %ld + * Stop an uninitialized variable compiler warning. + * Fix MEM_CHECK debugging on processors without unaligned memory + access. + * Don't attempt to use unopened socket for getting ipset version. + * Tidy up an error message. + * vrrp: make vrrp_dispatcher_read() async while catching error. + During investigations we decided to update previous patch to resubmit + into I/O MUX on read error. It will make read procedure I/O MUX freindly + by removing potential sync operation potentially leading to a global + I/O MUX desync. We aggreed, the situation is really and very exceptionnal + but could happen. + * vrrp: vrrp_arp_thread split. + Split the function for maintainability purpose. + +2019-01-06 Alexandre Cassen + * keepalived-2.0.11 + * Fix segfault while shutting down when SNMP activity occurs. + Issue #1061 identified that keepalived could segfault when it + shut down. It appears that this was caused by data being received + on the file descriptors that the snmp agent requests keepalived + to monitor with epoll(). Since the read threads weren't being + processed during a shutdown, the first time an snmp fd was ready, + keepalived discarded the read thread. The second time that fd became + ready there was no thread to handle the fd, and, since the assert() + statement was not compiled in, non existant data was queued to the + thread ready queue. + This commit changes the assert() calls to continue, so that non existant + data is no longer queued to the thread ready queue. + * While shutting down, continue to handle snmp agent fds. + Since we don't shutdown the snmp connection until the very end of + the shutdown process (we need to be able to send snmp traps), we + should continue to handle the snmp fds on behalf of the snmp agent + while shutting down. + * Ensure snmp agent is in correct state when initialising/closing + Make sure the snmp agent is not already initialised before + initialising it, and make sure it has been initialised before + closing it. + * Disable asserts in bfd code by default and add --enable-asserts + Asserts were enabled by default in the bfd code, which shouldn't be + the case. + Add --enable-asserts configure option so that the asserts tests can + be enabled while debugging. + * Remove debugging log message accidently left in. + * Update receive buffers when interface is created. + The receive buffer size used by keepalived is based on the largest + MTU of any interface that keepalived uses. If dynamic interfaces + are being used and an interface is created after keepalived has + started, the MTU of the new interface may be larger than the + previous largest, so the receive buffer may need to be increased + in size. + Further, if vrrp_rx_bufs_policy is MTU, then the kernel receive + buffers on the receive socket may need to be increased. + * Handle MTU sizes being changed. + Issue #1068 identified that the MTU size wasn't being updated in + keepalived if it changed. + This commit now updates the MTU size and adjusts receive buffer + sizes accordingly. + * Fix syntax error in configure.ac. + * Fix double free when global data smtp_helo_name copied from local_name + Issue #1071 identified a double free fault. It occurred when smtp_helo_name + was not set, in which case it was set to point to the same malloc'd memory + as local_name. At termination keepalived freed both local_name and + smtp_helo_name. + If keepalived needs to use local_name for smtp_helo_name it now malloc's + additional memory to copy the string into. + * Rename TIMER_MAX to TIMER_MAXIMUM. + ulibC defines TIMER_MAX, so to avoid naming conflict rename it. + This issue was reported by Paul Gildea who also + provided the patch. + * Fix segfault when smtp alerts configured. + * First working version of nftables. + * Restructed code around how iptables/nftables are called + This commit also allows building keepalived without iptables + support, thereby allowing only nftables support. + Adding any other mechanism to handle no_accept mode, i.e. blocking + receiving and sending to/from VIPs should be added to vrrp_firewall.c, + in a similar way to how nftables/iptables are used. + * Update doc files re nftables. + * Make nftables handle dont_track_primary appropriately. + * Fix config reload with nftables. + * Set base chain priorities from configuration. + * Use iptables by default if neither iptables or nftables configured. + But if the build of keepalived does not include iptables, then use + nftables default. + * Stop dumping keywords - left turned on after debugging. + * Make umask configuration apply to created file. + * Add libmnl and libnftnl to travis file. + * Fix compilation failure when NFTNL_EXPR_LOOKUP_FLAGS not defined. + * Fix compilation failure when build with nftables but without iptables. + * Fix order of include files in configure COLLISION test. + Since Linux 4.4.11 (commit 1575c09) including linux/if.h after + net/if.h works, whereas until glibc fix their headers including + net/if.h after linux/if.h causes compiler redefinition errors. + Unfortunately the test for the collision was done the wrong way + round, as identified in issue #1079. The patch included in the + issue report corrects the order of inclusion of the header files. + What we should do is ensure that glibc header files are included + before Linux header files, so that at least if kernel headers from + 4.4.11 onwards are used, the conflict will not occur. + * Set CLOEXEC on netlink sockets. + * Correct error message for invalid route metric. + * Add track_process for vrrp to monitor if another process is running. + Configurations frequently include a track_script to check that a process + is running, often haproxy or nginx. Using any of pgrep, pkill, killall, + pidof, etc, has an overhead of reading all /proc/[1-9]*/status and/or + /proc/[1-9]*/cmdline files. In particular reading the cmdline files + has a significant overhead on a system that is swapping, since the + cmdline files provide access to part of the address space of each + process, which may need to be fetched from the swap space. + This commit reads the /proc/[1-9]*/stat and/or the /proc/[1-9]*/cmdline + files only when keepalived starts, and after that uses the process events + connector to track process creation and termination. + keepalived will ignore zombie processes, whereas pgrep etc include them. + A minimum number of instances of a process can be specified, and also a + delay so that if a process is restarted, it won't cause monitoring vrrp + instances to immediately transition to fault state but to wait the + configured time and it the monitored process starts again it + won't transition to fault state. + There are potential difficulties with the process event connector if a + large number of process events occur very rapidly, since there can be + a receive buffer overrun on the netlink socket. This code will detect + that happening, increase the receive buffer size, and reread the processes + from /proc. + * Add missing #include to track_process.c. + * Fix number of elements of fd_set read for snmp select info. + * Remove thread_event_t when EPOLL_CTL_DEL fails. + If snmpd closes a file descriptor, when keepalived attempts to + unregister the fd from epoll an error is returned. However, we still + need to remove the thread_event_t from the io_events rbtree. + * Fix connection to snmpd after it has to reconnect. + Issue #1080 identified that keepalived wasn't handling a connection + failure and reconnect to snmpd properly. The problem was created when + the change from select() to epoll() was made. + This commit makes keepalived unregister and reregister the snmp file + descriptors after snmpd reconnects. + * Fix retry count for SMTP_CHECK checker. + The checker was doing one too few retries. + * Make healthchecker failure reporting consistent + Some healthcheckers were reporting all failures, and others only when + the retries expired. This commit by default makes the checkers only + report failure when the retries expire, unless the global keyword + checker_log_all_failures or log_all_failures on the specific checker + is configured. + * After reload, reinitialise current track processes state. + * Remove unused variable in track_process.c. + * Add configure checks re --with-kernel-dir. + * Convert remaining select() to epoll_wait(). + keepalived was using select() for handling the termination of child + processes, but the main scheduling loop now uses epoll_wait(), so + convert the select() to epoll_wait() from consistency. + * Stop keepalived leaving zombie child processes. + keepalived wasn't reaping the termination of its child processes, + so this commit adds waitpid() calls once it knows the processes + have terminated. + * Fix make distclean and make distcheck. + * Also skip route not configured with down interface. + Otherwise, if keepalived has virtual_routes configured, we create + a virtual interface and bring it up and down, current code will bring + VRRP state to FAULT and never return. + * Stop vrrp process entering infinite loop when track script times out + Issue #1093 identified that the vrrp process was entering an infinite + loop after a track script timed out. This was due to a child process + thread having an RB tree for PIDs as well as for the timeout, and if + a child process timed out, the thread wasn't being removed from the + PID RB tree. This commit now ensures it is removed. + * Fix the abbreviation of Shortest Expected Delay. + * Don't free unallocated memory if not tracking processes. + * vrrp: Rewrote JSON code + Remove dependency to json-c extralib by using a simple streaming JSON writter. + Refactored code to make it simple to maintain. + * vrrp: Fix JSON handling for v{route;rule}. + * autoconf: fix nftables selection + We need to inhibit nftable compilation if compiling system has + kernel header file nf_tables.h but not libnftnl nor libmnl. + +2018-11-12 Alexandre Cassen + * keepalived-2.0.10 + * Fix compiling on Alpine Linux. + * Stop printf compiler warning on Alpine Linux due to rlim_t. + * manpage cosmetic. + * Fix removing snmpd read threads when snmpd becomes unavailable. + * Update to support libipset version 7. + * Use ipset_printf for ipset messages so can go to log. + * When opening files for write, ensure files can only be read by root. + Issue #1048 referred to CVE-2018-19046 regarding files used for + debugging purposes could potentially be read by non root users. + This commit ensures that such log files cannot be opened by non root + users. + * Disable fopen_safe() append mode by default + If a non privileged user creates /tmp/keepalived.log and has it open + for read (e.g. tail -f), then even though keepalived will change the + owner to root and remove all read/write permissions from non owners, + the application which already has the file open will be able to read + the added log entries. + Accordingly, opening a file in append mode is disabled by default, and + only enabled if --enable-smtp-alert-debug or --enable-log-file (which + are debugging options and unset by default) are enabled. + This should further alleviate security concerns related to CVE-2018-19046. + * vrrp: add support to constant time memcmp. + Just an update to use best practise security design pattern. While + comparing password or hmac you need to ensure comparison function + is time constant in order to figth against any timing attacks. We + turn off potential compiler optimizations for this particular + function to avoid any short circuit. + * Make sure a non privileged user cannot read keepalived file output + Ensure that when a file such as /tmp/keepalived.data is wriiten, + no non privileged can have a previous version of that file already + open, thereby allowing them to read the data. + This should fully resolve CVE-2018-19046. + +2018-11-08 Alexandre Cassen + * keepalived-2.0.9 + * Fix updating a timer thread's timeout. + Issue #1042 identified that the BFD process could segfault. This + was tracked down to a timer thread which had already expired having + its timeout updated by timer_thread_update_timeout(). + The sands timer should only be updated if the thread is on a waiting + queue, and not if it has already timed out or it is unused. + * Don't requeue read thread if it is not waiting. + This update matches commit 09a2a37 - Fix updating a timer thread's + timeout should. + * Allow BFD instance to recover after send error. + If sendto failed in bfd_send_packet(), the bfd instance was put into + admin down state, but there was no means for the bfd instance to + transition out of admin down state. + This commit makes keepalived log the first instance of a sequence of + failures to send a bfd packet, but does not bring the bfd instance down + in case the error is a transient error. If the error is longer lasting, + the remote system will timeout, transition to down state, and send a message + saying it is down. + Once the bfd instance can start sending again the bfd instance can now + transition again to up state. + * Make DGB definition use log_message() rather than syslog(). + * Fix building with --enable-debug configure option. + * Start list of required kernel features in INSTALL file. + Issue #1024 asked what kernel features are needed to support keepalived. + The simple answer was that it isn't recorded anywhere, so this is a + start of making a list of the features required. + * Make list_remove() call list free function and add list_transfer(). + If an element is being removed from a list, the free function should + be called. + list_transfer() allows a list element to be moved from one list to + another without freeing and reallocating the list element control + information. + * Add mem_check diagnostics re calling functions of list functions. + When using mem_check, mallocs and frees were recorded against the + list functions, and the originating functions weren't identified. + This patch adds recording of the functions calling the list + functions so that the originating function is identified. + * Simplify the processing of comments in configuration files. + This commit moves the handling (and removal) of comments to a + single function (called from read_line()) which simplifies the + processing of config files. + * Add ~SEQ(start, step, end) config functionality + Where a configuration has repeated blocks of configuration where + the only thing that changes is a numeric value (e.g. for VRIDs + from 1 to 255) this allows the block to be defined once, and a + single line using ~SEQ can then generate all the blocks. + * Use REALLOC when building a multiline definition. + The code used to use MALLOC, strcpy() and FREE, but REALLOC can do + all this for us. + * Improve mem-check diagnostics. + When using an allocation list of over 50,000 entries, it was quite slow + searching thtough all the entries to find the matching memory allocation, + and to find free entries. This commit changes to using malloc() to create + entries, and a red-black tree to hold the entries. It also has a separate + list of free entries. + This commit also adds 4 more types of memory allocation error, and + improves the consistency of the entries in the log files. + * Don't attempt to delete VMAC when underlying interface is deleted. + If the underlying interface of one of our vmacs is deleted, and we + know the vmac has been deleted, don't attempt to delete it again. + * Include master state in determining if vmacs are up or down + Netlink doesn't send messages for a state change of a macvlan when + the master device changes state, so we have to track that for + ourselves. + * Turn off parser debugging. + * Make test/mk_if create iptables chains. + * Handle interfaces not existing when keepalived terminates. + If the underlying interface of a vmac we created has been deleted, + the vmac will not exist so don't attempt to delete it again. Also, + don't attempt to reset the configuration of the underlying interface. + * Handle the underlying interface of a macvlan interface going up/down. + The kernel doesn't send netlink messages for macvlans going up or + down when the underlying interface transitions (it doesn't even + update their status to say they are up/down), but the interfaces + don't work. We need to track the state of the underlying interfaces + and propagate that to the macvlan interfaces. + * Fix duplicate value in track_t enum. + * Fix check for matching track types. + * Treat macvtap interfaces in the same way as macvlan interfaces. + * Improve handling of interfaces not existing when keepalived starts. + * Fix handling interface deletion and creation of vmacs on macvlan i/fs. + * When interface created, open sockets on it if used by VRRP directly + If an interface is created that has vrrp instances configured on it + that don't use VMACs, or use vmac_xmit_base, then the raw sockets + must be opened. + * Force seeing a transition to up state when an interface is created. + * Fix netlink remnant data error. + * Add command line and configuration option to set umask. + Issue #1048 identified that files created by keepalived are created + with mode 0666. This commit changes the default to 0644, and also + allows the umask to be specified in the configuration or as a command + line option. + * Fix compile warning introduced in commit c6247a9. + Commit c6247a9 - "Add command line and configuration option to set umask" + introduced a compile warning, although the code would have worked OK. + * When opening files for write, ensure they aren't symbolic links. + Issue #1048 identified that if, for example, a non privileged user + created a symbolic link from /etc/keepalvied.data to /etc/passwd, + writing to /etc/keepalived.data (which could be invoked via DBus) + would cause /etc/passwd to be overwritten. + This commit stops keepalived writing to pathnames where the ultimate + component is a symbolic link, by setting O_NOFOLLOW whenever opening + a file for writing. + This might break some setups, where, for example, /etc/keepalived.data + was a symbolic link to /home/fred/keepalived.data. If this was the case, + instead create a symbolic link from /home/fred/keepalived.data to + /tmp/keepalived.data, so that the file is still accessible via + /home/fred/keepalived.data. + There doesn't appear to be a way around this backward incompatibility, + since even checking if the pathname is a symbolic link prior to opening + for writing would create a race condition. + * Make netlink error messages more meaningful. + * Fix compiling without support for macvlans. + * fix uninitialized structure. + The linkinfo and linkattr structures were not initialized, + so we should not expect that unexistant attributes are set + to NULL. Add the missing memset(). + * fix socket allocation with dynamic interfaces. + When there are several vrrp instance binding different interfaces that + don't exist at startup, their ifindex is set to 0 in the sock. The + function already_exist_sock() that lookup for an existing socket will + always return the first sock because the ifindex is the same. + Later, when an interface appears, the fd will be created for one + instance, and all instances will wrongly use this fd to send the + advertisments. + Fix this by using the interface structure pointer instead of the + ifindex as the key for sock lookup. + The problem was identified by Olivier Matz + who also provided a patch fixing the problem. This patch is a slight + rework of Olivier's patch, better using the existing data structures + that keepalived already holds. + * When creating a macvlan interface, use AF_UNSPEC rather than AF_INET. + * Stop using libnl for configuring interfaces. + Since there is code to configure the interfaces using netlink without + using libnl, there is no point in having code to do it using libnl. + * Fix building on Centos 6.5. + * Stop including some files not needed after libnl removal for i/fs. + * Fix some compilation issues when building without vrrp support. + * Stop using linbl for mcast group membership and setting rx buf sizes. + Since there is code to handle multicast group membership and + setting kernel netlink receive buffer sizes without using libnl, + there is no point in having code to do it using libnl. + This now means that the vrrp functionality no longer uses libnl. + * Add some sanity checking of configure options. + Certain invalid combinations of configure options could cause compile + errors, e.g. --disable-vrrp --enable-vrrp-fd-debug. This commit ensures + that invalid combinations aren't allowed, in order to stop the compile + errors. + * Fix invalid configuration combination caught by previous commit. + * Use netlink to set/clear rp_filter on interfaces. + * Fix configure for building without vrrp. + * Actually update the .travis.yml file to fix the problem. + * Fix conditional compilation re epoll-thread-dump debugging. + * Update INSTALL file now no longer use libnl-route-3. + * Stop cast to incompatible function type warnings from gcc 8.1. + * Update snapcraft.yaml not to include libnl-route-3. + * keepalived exit with non-zero exit code if config file not readable. + * Allow specifying default config file at configure time. + * Use keepalived define for exit code when malloc failure. + * Fix configuring fixed interface type. + * Add configuring keepalived default configuration file. + * Fix return value in get_time_rtt() error path. + * Update generation of git-commit.h. + * snapcraft.yaml: Enable all sensible build options. Preserve build time + version in the snap version. Expose genhash. + * snapcraft.yaml: Build keepalived with Linux 3.13 headers. + * snap: Add an install hook to make sure a keepalived configuration exists. + * snap: Move the hooks to the correct location. + * snap: Make sure /etc/keepalived exists. + * Fix building with IP_MULTICAST_ALL in linux/in.h but not netinet/in.h + Issue #1054 identified that configure was checking the definition of + IP_MULTICAST_ALL in linux/in.h but including netinet/in.h, which also + has the definition, but only from glibc 2.17. + This commit creates a local definition (in lib/config.h) of IP_MULTICAST_ALL + if it is defined in linux/in.h but not in netinet/in.h. The reason for + this is that compiles using linux/in.h fail due to conflicting definitions. + * Fix creating iptables tables in mk_if. + * Update .travis.yml to use xenial. + * Update .travis.yml to add --enable-regex option. + * Tidy up .travis.yml file. + * snap: Build multiple keepalived binaries. + * Updated snapcraft builds to support multiple kernel versions. + +2018-10-21 Alexandre Cassen + * keepalived-2.0.8 + * Improve identifing interface as macvlan when reading interface details + * Enslave a VMAC to the VRF master of the underlying interface. + * Use addattr32 rather than addattr_l for if_index. + * Only include VRF support if kernel headers support it. + * Fix --enable-timer-debug configure option. + * Fix some configure.ac enable option tests. + * Include stdbool.h in process.c. + * Fix diagnostic message re ignoring weight of tracked interface. + * Fix track_bfds with weights. + * Correct conditional compilation definition name. + * Fix memory leak in HTTP_GET/SSL_GET. + * Fix two memory leaks in DNS_CHECK. + * Don't consider retries for BFD_CHECK. The BFD_CHECKer doesn't support + retries, and the check was causing the checker not to transition to + down state. + * Fix memory leak with BFD_CHECK. + * Restart global notify FIFO handler after reload. + * modify @WITH_REGEX@ to @WITH_REGEX_TRUE@ + * Fix compiling without BFD support. + * Stop bfd process sending double the number of packets. + If a bfd process received an initial bfd packet, it scheduled a + second bfd_sender_thread thereby causing two packets to be sent + in every interval. + * Use timerfd for select timeouts rather than select timeout parameter + This is a precursor to moving to using epoll. + * Use epoll rather than select. + epoll is both more efficient than select and also doesn't have a + file descriptor limit of 1024, which limited the number of vrrp + instances that could be managed. + This commit also introduces read-black trees and the list_head + list type. + * Add --enable-timer-check option for logging calls for getting time + Calls to update the current time from the kernel are made too + frequently, and this patch logs when the calls are made, and how + long since the previous call, so unnecessary calls can be removed. + * Add debug option for monitoring epoll queues. + This is enabled by --enable-epoll-debug and replaces + --enable-timer-debug. + * Use system monotonic clock to generate a monotonic clock. + Rather than have our own code for creating a monotonic clock, use + the kernel's monotonic clock. + * Make some functions in timer.c inline. + The functions had one line of code so inlining them is more + efficient. + * Fix requeueing read and write threads after read/write timeouts. + * Fix initial allocating and final freeing of thread_master epoll_events. + * When cleaning up threads, also clean up their thread_events. + * Add thread_close_fd() function to release thread_event_t on close + When a file descriptor that has been monitored by epoll is closed + the thread_event_t structure used for managing epoll for that fd + has to be release. Therefore calls to close() and replace by calls + to thread_close_fd(). + * Make parent process write log entry when it is reloading. + * Move checking for thread timeouts to timerfd_handler + There is no point in checking for thread timeouts if the timerfd + isn't readable; in other words only check for thread timeouts if + the timer has expired. + * Make bfd reschuling timer threads more efficient. + * Streamline DNS_CHECK code. + * Fix buffer overrun with track file path names. + * Add timestamp when writing mem_check entries to file. + * Ensure thread_event_t released for ready threads at termination. + * Increase open file limit if large number of VRRP instances. + Each VRRP instance can use up to 2 file descriptors, and so if there + are more than 500 ish VRRP instances the number of open files + can exceed the default per process limit (1024 on my system). + The commit allows 2 file descriptors per vrrp instance plus a few more, + and if the RLIMIT_NOFILE value returned by getrlimit isn't high enough, + keepalived will increase the limit. + * Ensure that child processes run with standard priorities/limits. + When child processes such as notify scripts, track_scripts and + MISC_CHECK scripts are run, they should not inherit any elevated + priorities, system limits etc from the parent keepalived process. + * Change multiple spaces to tabs in scheduler.h. + * Add family to sockpool listing. + * Fix a multiline definition expansion issue. + * Free allocated cache when closing/freeing netlink socket. + When running on a system with 500+ interfaces configured and adding + 1000 VMAC interfaces, the heap was growing by 340Mb due the netlink + cahce not being freed after creating each VMAC interface. With this + patch the heap only grow by 3.7Mb (if creating 1000 VMAC interfaces + the heap grep by 905Mb now reduced to 6.1Mb). + * Stop using netlink cache when adding and configuring VMAC interfaces. + When running on a system with 500+ interfaces configured and adding + 1000 VMAC interfaces, it was taking 2.3 seconds to add the interfaces. + Without populating a netlink cache each time a VMAC interface is created + it now takes 0.38 seconds to add the interfaces (if creating 1000 VMAC + interfaces it was taking 6.1 seconds, now reduced to 0.89 seconds, and + the heap growth is reduced from 6.1Mb to 3.9Mb). + * Add function rtnk_link_get_kernel for dynamic linking. + * Fix compiling without JSON support. + * Add support for recording perf profiling data for vrrp process. + * Add comment re usage of MAX_ALLOC_LIST. + * Some streamlining of scheduler.c. + * Merge --enable-epoll-debug and --enable-dump-threads functionality. + * Let thread_add_unuse() set thread type, and use thread_add_unuse() more. + * Use break rather than return in process_threads(). + * Fix segfault when reloading with HTTP_GET and no regex configured. + * Merge the next-generation scheduler. + * Make all debug options need enabling at runtime. + Previously if configure enabled a debug option its output was always + recorded, which meant that if one didn't want the output, configure/ + compile was needed. This commit adds command line options that need to + be set in order to turn the debugging on. + * Remove unwanted debug message. + * Fix parsing --debug options. + * Fix rb tree insertion with timers. + * Add missing functions for thread debugging. + * Add vrrp instance VMAC flags when dumping configuration. + * Ensure parent thread terminates if child has permanant config error. + * Ensure don't delete VMAC interface if keepalived didn't create it. + and sundry fixes. + * If receive lower priority advert, send GARP messages for sync group. + A recent update to issue #542 identified that following recovery + from a split brain situation, GARP messages weren't being sent. It + transpired that, if a member of a sync group in master state received + a lower priority advert and vrrp_higher_prio_send_advert is set, a + further (lower priority) advert is sent, and the instance and all the + members of the sync group transition to backup (the other members of + the sync group don't send a further advert since they haven't received + a higher priority advert). This meant that the other members of the + sync group on the keepalived instance that remained master didn't + receive a lower priority advert, and so didn't send further GARP + messages. + This commit changes keepalived's behaviour, so that if a vrrp instance + is sending GARP messages due to receiving a lower priority advert + and it is a member of a sync group, keepalived will also send GARP + messages for any other member of the sync group that have + garp_lower_prio_rep set. + * Allow 0.0.0.0 and default/default6 for rule/route to/from addresses. + * Check return value of SSL_CTX_new(). + * Check return values of SSL_new() and BIO_new_socket(). + * Only allow subnet masks with routes or virtual IP addresses. + For example, if specifying a via address or preferred source address + for a route, it isn't valid to specify a subnet mask. + * Add inet/inet6 to specify ip route/rule family if ambiguous. + * Remove superfluous parameter from parse_route(). + * Add "any" and "all" as synonyms for "default". + * Fix memory leak if route destination address is wrong address family. + * Add ttl-propagate route option. + * Fix checking return status of kill(). + * Fix building with --enable-debug configure option. + * Stop delay in reload when using network namespaces. + If running in a network namespace, getaddrinfo() could take over + 30 seconds before timing out while trying to contact a name + server. To alleviate this, the hostname is remembered from when + keepalived started. + * Fix spelling of propagate in propagate_signal(). + * Fix effective_priority after reload if tracked interface down. + * Cosmetic grammatical changes. + * Add debug option for dumping vrrp fd lists. + * Fix calculation for vrrp fd timers. + Starting or reloading keepalived when an interface that was tracked + interface was failed was stopping other vrrp instances that were on + the same interface but not using VMACs coming up. + * Move code for initialising tracking priorities to vrrp_track.c. + * Don't overwrite track file on reload. + * Don't attempt to write track file if path not specified. + * Fix compiling when not using --enable-vrrp-fd-debug. + * Fix compiling with configure --enable-vrrp-fd-debug. + * Add sync group track_bfds and track file status to config dump. + * Move initialisation of track_files. + * Don't alter effective_priority if track_file take vrrp instance down. + * Don't log vrrp instance in fault state at reload if already fault. + * Fix calculating fd timer if all vrrp sands are set to TIMER_DISABLED. + * Don't make all sync groups transition to backup on reload + If a sync group was in master state, and can still be after a reload + then allow it to stay in master state. + * Don't have track_bfd list in vrrp_sgroup_t in BFD not enabled. + * Fix memory leak re vrrp_sgroup_t track lists. + * Tidy up some freeing of MALLOC'd memory. + Use FREE_PTR if it is not known if the pointer is valid, and don't + clear the pointer afterr FREE/FREE_PTR since FREE does it anyway. + * Add memory.c list size definition and move definition from memory.h. + * Increase size of checksum value for MEM_CHECK. + * Don't store checksum of memory allocation block. It can be calculated + from the size, so do so. + * Make the checksum for memory allocation blocks unsigned. + * Use an enum for memory allocation block types. + * Update comment re debug bit for memory detect error. + * In memory alloc debug code report free or realloc for not alloc'd. + * Allow for PIDs up to 2^22 (7 decimal digits). + * Add function for dumping memory allocation while running. + * Fix max memory allocation size calculations. + * Fix reporting original and new file/line/func for realloc. + * Check matching block for realloc is allocated. + The same memory block may have been previously allocated and freed, + so we need to make sure that the block we find is currently marked + as allocated. + * Use a new MEMCHECK struct for realloc overrun detected + It was marking the allocated block as an overrun block, whereas it + needs to be an allocated block, so use a new block to mark the + overrun. + * Tidy up working of a couple of memory allocation messages. + * Use for loops rather than while blocks in memory allocation code. + * Report number of mallocs and reallocs with MEMCHECK. + * Attempt to log first free after double free in MEMCHECK. + * Streamline use of buf/buffer in memory.c. + * Always use first free entry in alloc_list for MEMCHECK. + * Define MEMCHECK alloc_list size via configure. + * Align keepalived_free() and keepalived_realloc(). + * Make char * const where possible for MEMCHECK. + * Merge MEMCHECK keepalived_free() and keepalived_realloc(). + Most of the code was common between the two (or should have been), + so it makes sense for them to use common code. + * Ensure only relevant thread types run during shutdown. + * Fix building without --enable-mem-check. + * Use rbtree search for finding child thread on child termination. + It was doing a linear search of the rbtree in timeout order. This + commit adds another rbtree for child processes (vrrp track scripts + and check_misc scripts), sorted by PID, to make the search by PID + more efficient. + * Make rbtree compare function thread_timer_cmp() more efficient. + * Remove child_remover functionality - it was superfluous. + * Fix checking that there are no duplicate vrrp instances configured + The tuple {interface, family, vrid} must be unique. The check for + this was being made completely incorrectly. + * Delay creating vrrp notify FIFO. + * Remove struct sockaddr_storage saddr from sock_t. + * Use an rbtree for finding vrrp instance for received advert. + Previously the code search a list of pointers to vrrp instances and + looked for a matching fd and vrid. In order to optimise this, it was + implemented using an mlist whose index was a hash of the fd and vrid. + This commit changes the approach and uses an rbtree for each sock_t. + Since the sock_t that the advert was received on is known, the rbtree + search is only searching for a match on the vrid. + Not only is this more efficient, but it is simpler, uses standard code, + and reduces the code by over 60 lines. + * Use an rbtree for finding vrrp instance for socket timeout. + Previously the code search a list of pointers to vrrp instances and + looked for matching file descriptor and sands < time_now. In order to + optimise this, it was implemented using an mlist whose index was a hash + of the fd. + This commit changes the approach and uses a second rbtree for each sock_t. + Since the sock_t that the timeout occurred on is known, the rbtree + search is only searching for a match of the sands. + Not only is this more efficient, but it is simpler, uses standard code, + and reduces the code by over 220 lines. + * Remove superfluous checks of rbtree node != NULL in rb_move(). + * Remove superfluous check of node != NULL in rb_next(). + * Update rbtree code to Linux 4.18.10. + * Fix debug logging of sands timers before time_now. + * Update rb_for_each_entry etc and rb_move to use rb_entry_safe. + With the added definition of rb_entry_safe in the rbtree code + updated to Linux 4.18.10, the refinition of rb_entry was reverted + to the kernel definition. That meant that rb_for_each_entry, + rb_for_eacn_entry_safe and rb_move neded to be updated to use + rb_entry_safe rather than rb_entry. + * Add support functions for rbtree rb_root_cached. + This is in preparation for the use of rb_root_cached in the next + patch. + * Use cached rbtrees where the key is a timeval_t sands + When the key of an rbtree is a timeval_t sands keepalived will frequently + need to access the first node of the tree in order to calculate the next + timeout. This applies to the read, write, child and timer threads queues, + and also the vrrp queues on a sock_t. + The use of cached rbtrees for these is ideal since it gives direct access + to the first node of the queue. + * Add thread_add_read_sands to avoid introducing timer errors. + When using thread_add_read and the timeout was held as timeval_t, + it was converted to and offset from time_now, and then converted + back to a timeval_t, but time_now was updated, resulting in a + slightly different value being used as the timeout. Using + thread_add_read_sands() avoids the double conversion and results in the + timeout being more accurate. + * Replace NETLINK_TIMER with TIMER_NEVER. + It makes the code easier to read, and since NETLINK_TIMER was defined + to be TIMER_NEVER it doesn't change the functionality. + * Handle preempt delays not expiring at same time on sync group + If different vrrp instances in a sync group had preempt delays + that expired at different times keepalived looped with very small + to epoll_wait() until all preempt delays had expired, causing high + CPU utilisation. + Keepalived now reschedules vrrp instances with a delay of + 3 * advert_int + skew time while waiting for all vrrp instances in + the sync group to expire their preempt delays. + * Fix segfault when receive netlink message for default route added. + * Move vrf_master_index into conditional compilation block. + * Store interface macvlan type. + * Make vrp_master_ifp point to self for VRF master interfaces. + * Log if cannot create a VMAC due to existing interface with same name. + * Handle delete/create of macvlan i/fs which aren't keepalived's. + * Tidying up keepalived_netlink.c. + * Handle VRFs changing on macvlan i/fs which have VMACs configured on them. + * Fix recreating our VMACs if they are deleted. + * Fix detecting address add/deletion from underlying i/f of our vmacs. + * Don't use configured_ifp or base_ifp if not _HAVE_VRRP_VMAC_. + * Distinguish between VMAC on real i/f and no VMAC on macvlan i/f + If keepalived is configured to have a non VMAC interface on a macvlan + interface, we want to use the macvlan interface rather than the + underlying interface, whereas if we have a VMAC interface on a macvlan + interface, we create the VMAC on the underlying interface of the macvlan. + * Update duplicate VRID check where vrrp instance configured on macvlan. + If a VRRP instance is configured on a macvlan interface, the duplicate + VRID check needs to be done on the underlying interface. + * Check for VRID conflicts when changeable interfaces are added + For example, a vrrp instance could be configured on a macvlan, and + that macvlan could be deleted and recreated with another base interface. + The VRIDs in this case need to be checked for duplicates against the + base interface, and so the VRID check needs to be done dynamically. + In order to allow VRID conflicts to produce config errors at startup, + by default keepalived assumes that there won't be interface movements + as described above, and will only handle it if the global_defs option + 'dynamic_interfaces' is used along with the option 'allow_if_changes'. + * Remove some comments inserted for tracking changes to code. + * Fix building with --enable-debug configure option. + * Check that '{'s and '}'s are balanced in the configuration file. + * Allow more flexibility re placing of { and }. + * Improve reporting additional '}'s in configuration. + * Minor improvements re thread handling and cancellation. + * Remove unused THREAD_IF_UP and THREAD_IF_DOWN. + * Replace getpagesize() with sysconf(_SC_PAGESIZE). + * Increase netlink receive buffer for dumps to 16KiB. + * Dynamically set the netlink receive buffer size. + * Sort out setting netlink receive buffer size. + +2018-08-23 Alexandre Cassen + * keepalived-2.0.7 + * Fix buffer overflow in extract_status_code(). + Issue #960 identified that the buffer allocated for copying the + HTTP status code could overflow if the http response was corrupted. + This commit changes the way the status code is read, avoids copying + data, and also ensures that the status code is three digits long, + is non-negative and occurs on the first line of the response. + * Some fixes for config-test. + * Change ka_config_error() to report_config_error(). + * Read interface addresses when doing config-test. + * Update documentation re garp_lower_prio_repeat. + * Add comment re tracking routes with nexthops doesn't work. + * Fix handling of default_interface + Issue #963 identified that default_interface wasn't being set + correctly. The problem was that the configuration was read by the + parent process, but the parent process doesn't know about the + system interfaces. + Fix commit makes the vrrp process set the default interface when + it starts. + * Fix a segfault in checker process on reload + Issue #955 identified a segfault when keepalived reloads. This + was caused by attempting to set the receive buffer size on a + netlink socket that was not open. It now only attempts to set + buffer sizes on the netlink sockets that are open. + * Use report_config_error() in check_parser.c. + * Don't run a sublevel close handler on a skipped configuration block + If a configuration block was skipped due to an error, the configuration + read won't be valid and may not even exist, so make sure the sublevel + end handler isn't run. + An example is if a virtual_server block is skipped, then the sublevel + end handler would have run against the previous (if any) virtual_server, + and if there hadn't been a previous virtual_server block it could + segfault. + * Tidy up use of inet_stosockaddr. + * Add more error checking to read_timer() and its uses. + * Add validation of lvs_sched. + * Use report_config_error() in checker parsers + Thwese should have been included in commit ead70947 - + "Update config-test". + * Add stronger validation of numeric fields + Issue #955 identified that invalid parameters in advert_int, delay_loop, + lb_algo/lvs_sched, lb_kind/lvs_method, quorum, ip_family, virtual_server + and real_server ports, weights and connect_timeout were not being reported. + This commit will now report any errors in those fields, and a number of + other fields. + * Improve parsing of virtual_router_id. + * Allow virtual server ports not to be specified + If the service is persistent, a "wild-card" port can be used. + * Prepend WARNING to read_int/unsigned/double messages if not rejecting + read_int()/read_unsigned()/read_double() can output log messages if + the syntax is invalid but the configuration is being accepted, e.g. + parsing 12zyx will return 12 if _STRICT_CONFIG_ is not defined. In + this case we want to indicate that the entry is not valid, but we + are still processing it, so prepend the error message with WARNING. + * Improve parsing of virtual server group address ranges + An address range of 10.9.8.7-10.9.8.15 was parsed as 10.9.8.7-10 + and no error was reported, although someone might have expected + that this would mean 10.9.8.7-15. + keepalived will now report a configuration warning, and if + keepalived is configured with --enable-strict-config-checks the + configuration will be rejected. + * Restore original string in inet_stosockaddr() + If there was a '-' or a '/' after the address, the string was modified + to terminate at that point. This commit now restores the original string. + * Allow keepalived to run with --config-test when live instance running. + * Report errors for invalid smtp_server. + * Remove inet_stom() - it was not used + inet_stom used atoi which is unsafe. Since the function was not used, + it has been simply removed. + * Rename read_(int|unsigned|double) read_(int|unsigned|double)_strvec + Want to be able to have equivalent functions just being passed a string, + so rename the functions using strvec to be explicit about that. + * Fix config dump for vrrp_garp_lower_prio_delay. + * Fix config dump of vrrp garp_refresh. + * Make config dump write fraction part of vrrp preempt delay. + * Simplify config dump of garp/gna_interval. + * dd config dump for VRRP/checker/BFD realtime_priority/limit. + * Ensure structure fully initialised for sched_setscheduler. + * Make set_process_dont_swap() and set_process_priority() static functions. + * Minimise time when keepalived runs with realtime priority + keepalived shouldn't use realtime priority when it is loading or + reloading configurations, so delay setting realtime priorities, and + revert to stardard scheduling when terminating or reloading. + * Report user/system CPU time used when exit with detailed logging. + * Make default rlimit_rtime 10000 microseconds + The previous default of 1000 microseconds was insufficient + * Stop using atoi for readong configuration weight. + * Make read_unsigned, read_int, read_double for parsing strings + These functions are analogous to read_unsigned_strvec, read_int_strvec + and read_double_strvec, but take strings as the parameter rather than + a strvec. + * Stop using atoi for parsing mask of ip addresses. + * Stop using atoi for reading VRID in Dbus code. + * Stop using atoi for reading vrrp debug level, and add to conf dump. + * Stop using atoi for parsing garp_refresh. + * Stop using atoi for parsing preempt_delay. + * Stop using atoi for parsing garp_lower_prio_repeat. + * Stop using atoi for parsing vrrp script rise. + * Stop using atoi for parsing vrrp script fall. + * Stop using atoi for parsing garp_interval/gna_interval + * Stop using atoi for parsing smtp status code + * Stop using atoi for parsing realtime scheduling priority + * Stop using atoi for parsing process priorities + * Stop using atoi for parsing global garp/gna_interval + * top using atoi for parsing genhash port number + * Stop using atoi for parsing tcp_server port number + * Stop using atoi for parsing command line log facility. + * update documentation to show range of bfd weights + * Ensure read_unsigned() detects negative numbers. + * Stop using atoi to parse HTTP_GET status code. + * Stop using atoi to parse checker port numbers. + * Use read_unsigned() for domain/inet_stosockaddr port. + * Make read_unsigned_strvec() recognise minus sign after spaces + It is possible have a word read from the configuration start with + spaces it is is enclosed in quotes, which are then removed, but + the leading spaces aren't removed. + * Make get_u8()/get_u16()/get_u32() use read_unsigned(). + * Make get_u64() properly detect -ve numbers. + * Make get_time_rtt() properly detect -ve numbers. + * Make get_addr64() handle whitespace properly and disallow '-' signs + Skip leading whitespace, don't allow embedded whitespace, and don't + allow minus signs. + * Make get_addr64() and parse_mpls_address handle whitespace + * Change more log_message() to report_config_error() in vrrp_iproute.c. + * Improve use of strtoul() in rttables.c. + * Implement get_u64() in same way as get_u8() etc. + * Fix print format specifier in read_unsigned_base + * Correct error message for garp_master_refresh + * Remove \n from error message. + * Allow round trip time to be UINT32_MAX + * Change mix_rx to min_rx for bfd_instance in documentation. + * Make bfd_parser use read_unsigned_strvec() etc rather than strtoul(). + * Fix config dump for BFD instance timers. + * Fix handling of ip rule ipproto option. + * Add read_unsigned_base_strvec() to allow number base to be specified + This requires renaming static functions read_int_int() etc to + read_int_base() etc. + * Minimise and improve use of strtoul() etc in parsing ip rules. + * Use read_int_strvec() for vrrp_version. + * Use read_int_strvec() instead of strtol() in vrrp_parser.c. + * Use read_int_strvec() instead of strtol() etc in check_parser.c. + * Use read_int_strvec() instead of strtol() etc in check_data.c. + * Improve strtoul handling for '--log_facility' command line option. + * Add documentation for lvs_timeouts config option. + * Allow vrrp garp_delay to be 0 in accordance with documentation. + * Use read_int_strvec() instead of strtol() etc in global_parser.c. + * Corret end of line detection in genhash. + * Improve genhash command line parsing use of strtoul. + * Replace CHECKER_VALUE_INT with read_unsigned_strvec due to use of strtoul. + * Remove CHECKER_VALUE_UINT definition since no longer used. + * Add conditional compilation around variable not always used. + * Only read interfaces in VRRP process. + * Enable --config-test to work with BFD configuration. + * Only add garp_delay_t's to interfaces used by VRRP instances + There is no point allocating a garp_delay_t to an interface that + isn't used by a VRRP instance, so this commit make keepalived only + allocate garp_delay_t scructures to the used interfaces. + In addition, when the configuration is dumped, list the interfaces + relevant to each garp_delay_t. + * Add logging command line options if keepalived segfaults. + * Don't free tcp checker data field on exit, since not used. + * Report configuration file line numbers when errors + Following the recent series of commits for better validation of + the configuration, and the move to reporting all configuration + errors through report_config_error(), it is now feasible to report + the configuration file line number on when the error occurs. + * Rationalise error messages when reading configuration + Now that configuration file line numbers are reported, the error + messages can be simplified since the context doesn't need to be + given in the detail as before. + * Return NULL rather than false as a pointer in parser.c + * Fix an infinite loop when parsing certain parameter substitutions + If a multiline definition had text after the '=' sign, keepalived + would loop. + * Fix a multiline parameter substitution having a replacement on 1st line + If a multiline parameter definition had a replaceable parameter or a + definition on the first non-blank line, it wasn't being handled. This commit + ensures that replaceable parameters/definitions on the first line are + handled correctly. + * Add logging command line options when keepalived starts. + * Change some log_message() to report_config_error() in vrrp_sync.c. + * Improve handling of select() returning an error + If select returned an error, the code was processing the returned + timeout and fds as though they were valid. This commits logs an + error the first time, sleeps for 1 second if it is a programming + error, and then sets up the select call again. + * Remove DBG() statement left over in previous commit. + * improve doc spelling. + * Add mh scheduler for LVS + This is similar to the sh scheduler. Options are the same but we + duplicate everything. An alternative would have been to reuse the + names for the sh scheduler. + The mh scheduler is supported starting from Linux 4.18. It's a + consistent hash scheduler. + * manpage update and re-visited. + keepalived.conf.5 be considered as THE exhaustive source of information + in order to configure Keepalived. This documenation is supported and + maintained by Keepalived Core-Team. + * Fix errors in KEEPALIVED-MIB.txt + Commit 181858d - "Add mh scheduler for LVS" introduced a couple + of formatting errors, and didn't update the revision date. + * Some SNMP library handling improvements. + * Stop bfd -- vrrp pipe read timing out + There is no need for a timeout on reading the pipe, so set the + timeout to TIMER_NEVER. + * manpage updates + Update manpage to make html convertion easy. This manpage is now + sitting in documentation tab of Keepalived website. + * Update libnl_link.c + SegFault when launch with dynamic LIBNL because of loading symbol + from wrong library. + * Fix building rpm package and instructions + Issue #977 identified that the instructions in the INSTALL file + were incorrect. + * Adds regex pattern matching for HTTP_GET and SSL_GET. + * Remove pcre build tests from Travis-CI + Travis-CI environments are too old to support libpcre2, so we have + to remove it. + * Fix #980: coredump on start when logfile cannot be accessed. + * Don't loop forever if configuration has unknown replaceable parameter. + +2018-07-23 Quentin Armitage + * keepalived-2.0.6 + * Fix genhash digest calculation. The bracketting in HASH_UPDATE was wrong. + * Bring keepalived(8) man page up to date. + * Fix segfault when IPVS_DEST_ATTR_ADDR_FAMILY not defined. + Issue #938 identified a segfault on the checker process when using + CentOS/RHEL 6. It turned out that conditional compilation check + for IPVS_DEST_ATTR_ADDR_FAMILY was not being handled correctly. + * Don't create a link-local address for vmac when vmac_xmit_base is set + Since commit 18ec95add483 ("Make vmac_xmit_base work for IPv6 + instances") VRRP advertisements are sent from the base interface and not + from the vmac interface when vmac_xmit_base is set. + Therefore, there is no need to configure a link-local address on the + vmac interface. This also means that we don't need to regenerate a + link-local address for the vmac if the link-local address was removed + from the base interface, or inherit a link-local address in case one was + configured on the base interface. + * Fix setting i/f params on a bridge underlying i/f of a VMAC + Issue #944 identified that when the underlying interface of a VMAC + interface was a bridge, keepalived was failing to set arp_ignore and + arp_filter in the underlying bridge interface. The problem appears to + lie in the libnl3 library. The description of the problem given in the + issue report was: + Problem is that ifi_family is set to AF_BRIDGE, whereas it should be set + to AF_UNSPEC. The kernel function that handles RTM_SETLINK messages for + AF_BRIDGE doesn't know how to process the IFLA_AF_SPEC attribute. + This commit stops using libnl3 for setting/clearing arp_ignore and + arp_filter, and directly constructs the netlink messages in keepalived. + * Use RTM_NEWLINK rather than RTM_SETLINK for setting i/f options + libnl3 uses RTM_NEWLINK rather than RTM_SETLINK for setting + interface options when ifi_family is AF_UNSPEC, so update commit + 9b2b2c9 - "Fix setting i/f params on a bridge underlying i/f of + a VMAC" to do likewise. + * Fix creating VMACs on 2.6.32 and earlier kernels + RTM_NEWLINK didn't support specifying interface by name until + Linux 2.6.33, and if using an earlier kernel, the netlink call + failed. This meant that the VMAC was not enabled. + * Fix setting arp_ignore and arp_filter on bridge interfaces. + * Add diagnostic message if vrrp script time out and kill fails. + * Fix compile errors and warnings when building with --enable-debug. + * Don't do md5 check unless configured. + * In http_handle_response() combine fetched_url and url + fetched_url and url always pointed to the same url, so only use + one variable. + * Store and handle HTTP_GET digest in binary form + Configured digests were being stored in character string form, and + the calculated digests were converted to strings. This commit now + handles digests as fixed length binary data, and validates the + configured digests to make sure they are valid hex strings with + the correct length. + * Add support for quote and escape handling of notify and other scripts. + Notify and other scripts need to be able to be configured with embedded + spaces, quotes and special characters for the command and the parameters. + This commit adds that ability. + * When checking script file path, only replace name part if same file. + Some executables are in the filesystem as symbolic links, and alter + their functionality based on the file part of the name. This was being + incorrectly handled by keepalived, which now checks whether a file exists + using the original name, and it it does whether it is the same file. + * Remove cmd_str from notify_script_t + The cmd_str string (sort of) duplicated what was in the args array + of a notify_script_t, but was not always accurate. With the removal + of cmd_str, whenever it needs to be output, the string is now + generated from the args array, so accurately reflects what is + actually executed. + * Add quoting and escaping for script configuration, and other minor changes. + * Use vsyslog() if available instead of syslog(). + * Report virtual server as well as real server when config dump checker. + * Only report IP_MULTICAST_ALL unset for IPv4 sockets + Commit 6fb5980 - "Stop receive message queues not being read on send + sockets" added a warning if data was received on vrrp send sockets, since + setting IP_MULTICAST_ALL should stop packets being received, but older + kernels still queued packets. + It has now been discovered the IP_MULTICAST_ALL (of course) only applies + to IPv4 and so the warning only makes sense for IPv4 sockets. + I haven't been able to find a way to stop IPv6 multicast packets being + received on the send socket. It appears that if any socket adds an IPv6 + multicast group on an interface, then any raw socket using that interface + will recieve all enabled multicast packets, and the receive socket has to + add the multicast group. + * Properly stop packets being queued on vrrp send sockets + Commit 6fb5980 - "Stop receive message queues not being read on + send sockets" did stop messages building up on the receive queue + of vrrp send sockets, but it wasn't an ideal solution, and it also + made the assumption that the problem was only occurring due to + multicast packets not being filtered when IP_MULTICAST_ALL was set, + which appears not to work properly between at least Linux 3.6.11 and + 3.16. In fact the problem also occurred when using IPv4 unicast and + IPv6 in any form, and so has been a long term issue in keepalived. + The original solution was to listen on the send socket and discard any + packets that were received. This commit takes a completely different + solution (many thanks to Simon Kirby for the suggestion) and sets a + BPF filter on send sockets that filter out all received packets on the + sockets. + This commit effectively reverts commit 6fb5980, and the subsequent + commits 88c698d8 - "Cancel read thread on send sockets when closing", + f981b55d - "Only allow vrrp_rx_bufs_policy NO_SEND_RX if have + IP_MULTICAST_ALL", 7ff7ea1f - "Another fix to listening on send socket", + and 77d947f7 - "Only report IP_MULTICAST_ALL unset for IPv4 sockets" + and partially reverts 4297f0a - "Add options to set vrrp socket receive + buffer sizes". + This commit removes the configuration option NO_SEND_RX from + vrrp_tx_bufs_policy introduced in commit 4297f0a since it is now + no longer relevant, because no packets are queued to the send socket. + * Add newlines to the keepalived.stats output for better readability. + * Add notify_master_rx_lower_pri script option and FIFO output. + If a lower priority router has transitioned to master, there has presumably + been an intermittent communications break between the master and backup. It + appears that servers in an Amazon AWS environment can experience this. + The problem then occurs if a notify_master script is executed on the backup + that has just transitioned to master and the script executes something like + a `aws ec2 assign-private-ip-addresses` command, thereby removing the address + from the 'proper' master. Executing notify_master_rx_lower_pri notification + allows the 'proper' master to recover the secondary addresses. + * Fix malloc'd memory length in open_log_file(). + +2018-06-29 Quentin Armitage + * keepalived-2.0.5 + * Update config-test option so keepalived exits with status 1 on failure. + * Fix config write of virtual server group ip addresses. + * Document default and default6 for virtual/static route destinations. + * Cancel read thread on send sockets when closing. + Commit 4297f0a - "Add options to set vrrp socket receive buffer sizes" + added reading on vrrp send sockets to stop receive queues building up + on some 3.x kernels. The commit didn't cancel the read thread on the + send sockets when the socket was closed, causing several thousand + log writes. This commit cancels the read thread. + * Exit with status 1 if config check fails, and fix terminating when + reading send sockets. + * Stop segfaulting when receive a packet (fixing commit 97aec76). + Commit 97aec76 - "Update config-test option so keepalived exits + with status 1 on failure" had a test for __test_bit(CONFIG_TEST_BIT) + the wrong way round. This commit fixes that. + * Don't assume rpm is available. + * Only allow vrrp_rx_bufs_policy NO_SEND_RX if have IP_MULTICAST_ALL. + * Improve setting up virtual/real servers with virtual server groups. + When setting up virtual servers defined by virtual server groups, + keepalived was getting confused between fwmarks and ip addresses. + This still needs further work, but the setting up of virtual/real + servers now works. + * Fix setting up and deletion of virtual servers with groups + Virtual server entries in virtual server groups can be used + by multiple virtual_server entries. This commit ensures that + virtual servers are not deleted until the last virtual_server + instance using the virtual server is removed. + * Allocate vrrp send buffer during vrrp_complete_instance() + Issue #926 identified a segfault. The vrrp send buffer was not being + allocated early enough, and was being accessed before being allocated + if the checksum algorithm needed updating. + * Fix vrrp v3 with unicast and IPv4. + The checksum calculations were happening in the wrong way, with the + wrong data. This commit sorts all that out. + * Don't set effective priority to 254 when specify dont_track_primary. + * Make csum_incremental_update16/32 inline. + * Add --enable-optimise=LEVEL configure option. + * Remove debug message left in configure.ac from adding --enable-optimise. + * Fix compiling on CentOS 6. + Issue #932 identified that keepalived would not compile on CentOS 6. + The problem is that kernel header file linux/rtnetlink.h needs + sys/socket.h to be included before linux/rtnetlink.h when using old + (e.g. 2.6) kernel headers. + * Another fix to listening on send socket. + Commit 4297f0a - "Add options to set vrrp socket receive buffer sizes" + added reading on vrrp send sockets to stop receive queues building up + on some 3.x kernels. The commit didn't save the new thread in + sock->thread_out when it was added for reading in vrrp_write_fd_read_thread. + It now does so. + +2018-06-17 Quentin Armitage + * keepalived-2.0.4 + * Make vmac_xmit_base work for IPv6 instances. + Issue #917 identified that for IPv6 even when vmac_xmit_base was + configured, the adverts were being sent from the vmac interface. + This commit makes the packets be sent from the underlying interface + when vmac_xmit_base is configured. + * Handle vmac_xmit_base when interfaces are recreated. + * Add -t config-test option. + Issue #389 has received increasing support to add a configuration + validation option. This commit adds the -t/--commit-test option + to report any detected configururation errors and exit. + Errors are logged to the system log by default, but use of the -g + and -G options can make the errors be logged to files. + +2018-06-15 Quentin Armitage + * keepalived-2.0.3 + * Fix building with --disables-routes configure option. + * Fix some compiler warnings on Travis-CI. + * Fix setting vrrp effective priority on reload. + * Add tracking of static addresses, routes and rules + By default a static address, route or rule will now be reinstated + if it is deleted, unless the no_track option is specified. + In addition, if a track_group is specified for an address/route/rule + then if the address/route/rule cannot be reinstated (e.g. if the + specified interface is down or has been deleted), then the vrrp + instances specified in the track group will transition to fault state + until the interface comes back up. + This commit completes the monitoring and reinstatement of addresses + routes and rules and means that keepalived should now fully support + hot-swap devices. + * Log when restoring static addresses, routes or rules. + * Allow static addresses/routes/rules to be configured on VMACs. + When VMACs were using an interface name generated by keepalived, + if static address/routes/rules had beeon configured on a VMAC + interface name, then a different name would be generated for + the vrrp instance. This commit now allows the same name to be used. + * Fix configure when pkg-config --libs returns -L entries. + * Add log message for advert receive timeout when using log detail (-D). + * Stop receive message queues not being read on send sockets. + We shouldn't receive anything on vrrp send sockets since IP_MULTICAST_ALL is + cleared, and no multicast groups are subscribed to on the socket. However, + Debian Jessie with a 3.16.0 kernel, CentOS 7 with a 3.10.0 kernel, + and Fedora 16 with a 3.6.11 kernel all exhibit the problem of multicast + packets being queued on the send socket. Whether this was a kernel problem + that has been subsequently resolved, or a system default configuration + problem isn't yet known. + The workaround to the problem is to read on the send sockets, and to discard + any received data. + If anyone can provide more information about this issue it would be + very helpful. + * Ensure sorry server/virtual server same address family unless tunnelled. + A real server and a virtual server can only be of the same address family + if the forwarding method is tunnelled, and also must have a kernel that + supports IPVS_DEST_ATTR_ADDR_FAMILY. + * Add options to set vrrp socket receive buffer sizes. + Some systems have very large settings for net.core.rmem_default + allowing very large receive queues to build if the sockets aren't + read. keepalived doesn't need large buffers for receive queues, + so this commit allows options for setting the maximum buffer sizes + to be much smaller. It also adds the option of setting the receive + buffer size on the vrrp send sockets to be as small as possible, + since we shouldn't be receiving anything on those. + Following commit 6fb5980 - "Stop receive message queues not being + read on send sockets", this commit also adds the option not to + read the send sockets, which can be used where it is known that the + kernel will not queue unwanted multicasts to the send socket. + * Consider eVIPs when determining if need GARP/NDISC send buffers. + * Fix sending IPv6 unicast vrrp adverts. + +2018-06-06 Quentin Armitage + * keepalived-2.0.2 + * Only compile code in rttables.c that is needed by the + configuration. + * Set default preferences for ip rules if not specified. + Since different vrrp instances can become master in different + orders, if preferences (priorities) are not specified for + ip rules, the order in which they are specified will be + indeterminate. In order to give some consistency, keepalived + will not allocate a default preference to each rule, and will + also warn that this is probably not going to work as intended. + The solution is to specify a preference for each rule. + * Require preference if an ip rule specifies goto. + Since preferences are now auto-generated if not specified, a + rule with a goto must now specify a preference. + * Add tracking of virtual rules. + If a virtual rule is deleted, the vrrp instance will transition + to backup. When it becomes master again the rule will be re-added. + * Fix compilation failure found by Travis-CI. + * In configure.ac check if SHA1_Init() needs -fpic. + * Fix make rpm when rpmbuild doesn't support --build-in-place. + * Update INSTALL file to describe how to build rpm files. + * Fix instructions for building rpm packages. + +2018-06-04 Quentin Armitage + * keepalived-2.0.1 + * Remove '\n' characters from log_message() text. + * Allow IPv6 ip rules to be specified using fwmarks. + * Fix configure generation of keepalived.spec file. + * Stop rebuilding scheduler.o every make. + * Remove ' characters from configure args in keepalived -v output. + * Remove duplicate reporting of network namespace in config dumps + * Add ${_INSTANCE} config parameter. + * Remove debugging log message. + * Recalculate max_fd used for select if it should reduce. + * Add tracking of virtual routes. + If a virtual route is deleted, by default to vrrp instance will + now transition to backup mode, and if it transitions to master + again the route will be re-added. If an interface on which a + route is configured is down, then the instance will go to fault + state, since the route cannot be added. + This commit also adds a no-track option for routes, which means + that deletion of the route will not cause the vrrp instance to + transition to backup. + * Handle interface down at startup with tracked route configured on it + If a virtual route which is tracked is configured on an interface that + is down at startup, then the vrrp instance needs to start in fault + state. + * Rename netlink_reflect_filter() to netlink_link_filter() + The function only handles RTM_NEWLINK/RTM_DELLINK messages and there + are other functions to handle other message types. + * Fix compilation warning. + * Make recreating deleted VMACs work. + * Fix Travis-CI compilation failure and warning. + * Stop duplicate definition and duplicate include in vrrp_iproute.c. + * Add new ip rule options for Linux 4.17 + FRA_PROTOCOL, FRA_IP_PROTO, FRA_SPORT_RANGE and FRA_DPORT_RANGE have + been added in Linux 4.17. + +2018-05-26 Quentin Armitage + * keepalived-2.0.0 + * Beta branch merge into master branch ! 2years of dev here ! + * Transition to master as soon as decision is made to do so + Previously keepalived waited one further advert interval before + transitioning. + This meant that previously if a master went down and sent priority + 0 message, there was one extra advert interval before the highest + priority backup configured the VIP addresses. + Now if vrrp instances have high priorities (i.e. close to 255), + then the transition to master and configuration of addresses will + now occur in a small multiple of advert_interval/256. + * Process interface state changes immediately. + Previously keepalived waited for advert timer expiry. The problem + was that if an interface went down and came back up before the + next timer expiry, and addresses, routes and VMACs that we had + configured on that interface would be removed, but we wouldn't + know about it. + * Add support for hot-swappable NICs + This also handles interfaces being deleted and restored. + * Add vrrp_track_file option. + This allows track_scripts, which are run on a frequent scheduled + basis, to be replaced with a vrrp_track_file, which contains a + number as a text string which is used in the same way as the exit + status from a track script. The track_files are only read if they + are changed, so external events can update a track file, rather + than their status needing to be detected by polling by track + scripts. + * Add notify fifos. + Rather than sending notifications via notify scripts it is now + possible to send notify messages via fifos. Not only does this + mean that the overhead of executing script for each notification + is removed, but it also guarantees the delivery of notifications + in the correct order, whereas if the notification is via scripts, + there is no guarantee that the scripts will execute in the desired + order if two or more notifications are sent in quick succession. + There can be a global fifo to process all notifies, and also + separate fifos for vrrp and checkers. It is possible to specify a + script for keepalived to execute to process the messages on the + fifo(s). + * Stop logging address addition/deletions if addresses not ours + The -a option can be used to override this behaviour and log all + address changes. + * Transition to fault state if source address for adverts is deleted + from interface + * Transition to backup state if a VIP or eVIP is removed + When we next transition to master the addresses will be restored. + If nopreempt is not set, that will be almost immediately. + * Make address owner (priority 255) transition to master immediately + * Don't process a received advert if the authentication fails + * Ignore invalid received adverts totally + Previously the master down timer was being updated, which meant + that a backup could be stuck in backup state even if the only + received adverts were invalid. + * Don't reset timer before sending next advert if receive a lower + priority advert. + This was stopping a higher priority backup instance to stay in + backup state. + * Log if receive invalid authentication header + * Ignore lower priority adverts when backup (to comply with RFCs) + This also means that the master down timer wasn't reset, which + was causing a delay to becoming master + * Fix first advert interval of vrrp instances in a sync group. + * Stop two vrrp instances with preempt delay and equal priorities + flip-flopping between master and backup state + * Make sync group members transition state at same time + When first instance makes transition (i.e. when the trigger event + occurs) rather than wait for next timer expiry + * Process vrrp track script returning a new status code immediately + For all instances (and their sync group members), rather than + waiting for the next timer expiry on each instance, the instance + will transition update it's state immediately. + * On reload, make track scripts inherit the state from before reload + This stops vrrp instances transitioning to down and coming back up + once the script has run. + * Correct the use of adver_int and master_adver_int + * Ensure when leaving fault state that a vrrp instance transitions + to backup unless it has priority 255 + * Remove quick_sync functionality since no longer needed. + * Improved code efficiency: + * Finding vrrp instance after read timeout + * When getting interface information for a new vmac, only request + information for that i/f. + * Directly update effective priority of vrrp instances when scripts + return new status rather than scheduling a thread to do it + * Don't run a read timeout on vrrp instance in fault state + * Don't run a track script if no vrrp instance is tracking it + * Stop checking interface status after every timer expiry since + processing interface state changes is now done synchronously + * The timeout for the select call had a maximum timeout of 1 second, + it now times out only when something needs to happen + * The timeout on netlink reads was 500 seconds and this has been + extended to 1 day. + * Streamline signal handling between main process and child process + by using signalfd if available, rather than using a pipe + * Minimise searching for an interface struct based on its index by + using pointers to the interface structures + * Stop opening and closing vrrp scripts before running them. We can + detect they are missing from the return of the exec call. + * Allow threads that don't need a timeout to never timeout + * Calculate the maximum fd number when calling select() rather than + specifying the maximum of 1024. + * Ignore netlink NEWLINK messages that are only wireless state + changes. + * Don't check whether timers have expired after select() returns if + its timeout didn't expire. + * Termination of child processes (scripts) were being handled twice + * Don't generate the IP header checksum since the kernel will always + generate it. + * Maintain pointers to tracking scripts to save seaching a list to + find the relevant script. + * Vrrp instances to have pointer to interface structure to avoid + having to search based in index + * Fix the checksum calculation for VRRPv3 unicast peers. + * Don't regenerate the full advert packet each time an advert is sent + Keepalived now simply updates the necessary fields and calculates + the change needed to the checksum. + * Detect a vmac interface going down, and make the vrrp instance + transition to fault state. + Previously the instance would only go down if the underlying + interface went down. + * Stop weighted track scripts updating priority of sync group members + * Make vrrp instances go straight to fault state at startup if a + relevant interface is down + Previously an instance would start in up state and transition to + fault at next timer expiry + * Ensure that a sync group starts in backup state unless all members + are address owners + * Restore master down timer after leaving fault state + * Use execve() to execute scripts rather than system(). + This saves a fork and an extra process, and also allows the + parameters to be parsed once only at startup, rather than each + time the script is invoked. + * Don't treat a failure to execute a script as a failure of the script + * Ensure all scripts receive TERM signal when keepalived terminates + * If keepalived is running with an elevated priority, stop running + scripts with that elevated priority. + * Enable an unweighted tracking script make a vrrp instance which is + an address owner transition to fault state + * Delay bringing vrrp instances up at startup until after the first + completion of the tracking scripts + This stops an instance coming up an then being brought back down + again after the script completes with a failure. + * Reduce number of error messages if a script is not executable + * Add linkbeat option per vrrp instance + * Fix timer addition on 32-bit systems + * Ignore netlink messages for interfaces using linkbeat polling + * If priority of vrrp instance changes when in backup due to a vrrp + script, reschedule the read timeout + * If re-using a VMAC after a reload, ensure it is correctly configured + * Don't send priority 0 adverts when transition to fault state unless + were in master mode + * Identify routes added by keepalived as belonging to keepalived + * Enable vrrp instances to be put into fault state if their routes are + removed + * Add track scripts, track files and track_if to sync groups and + deprecate global_tracking + (use sync_group_tracking_weight instead, but only if necessary). + * Improve AH authentication sequence number handling, and (re)enable + sequence number checking for VMACs and sync groups + * Remove autoconf/automake generated files from git repo. + Script build_setup will create the necessary build environment. + * Improve and standardise notifications + * Fix not sending RS and VS notifies if omega set + * Add no_checker_emails to not send emails every time a checker + changes state, but only if a real server changes state + * Monitor VIP/eVIP deletion and transition to backup if a VIP/eVIP + is removed unloes it is configured with the no-track option. + +2018-05-26 Alexandre Cassen + * keepalived-1.4.5 released. + * Update snapcraft.yaml for 1.4.x+git + * Fix generation of git-commit.h with git commit number. + * Set virtual server address family correctly. + * Set virtual server address family correctly when using tunnelled + real servers. + * Fix handling of virtual servers with no real servers at config time. + * Add warning if virtual and real servers are different address families. + Although normally the virtual server and real servers must have the + same address family, if a real server is tunnelled, the address families + can be different. However, the kernel didn't support that until 3.18, + so add a check that the address families are the same if different + address families are not supported by the kernel. + * Send correct status in Dbus VrrpStatusChange notification. + When an instance transitioned from BACKUP to FAULT, the Dbus + status change message reported the old status (BACKUP) rather than + the new status (FAULT). This commit attempts to resolved that. + +2018-05-08 Alexandre Cassen + * keepalived-1.4.4 released. + * doc: ipvs schedulers update + * Fix a couple of typos in configure.ac. + * Fix namespace collision with musl if_ether.h. + * Check if return value from read_value_block() is null before using. + * Fix reporting real server stats via SNMP. + * Make checker process handle RTM_NEWLINK messages with -a option + Even though the checker process doesn't subscribe to RTNLGRP_LINK + messages, it appears that older kernels (certainly 2.6.32) can + send RTM_NEWLINK (but not RTM_DELLINK) messages. This occurs + when the link is set to up state. + Only the VRRP process is interested in link messages, and so the + checker process doesn't do the necessary initialisation to be able + to handle RTM_NEWLINK messages. + This commit makes the checker process simply discard RTM_NEWLINK + and RTM_DELLINK messages, rather than assuming that if it receives + an RTM_NEWLINK message it must be the VRRP process. + This problem was reported in issue #848 since the checker process + was segfaulting when a new interface was added when the -a command + line option was specified. + * Fix handling RTM_NEWLINK when building without VRRP code. + * Fix building on Fedora 28. + net-snmp-config output can include compiler and linker flags that + refer to spec files that were used to build net-snmp but may not + exist on the system building keepalived. That would cause the build + done by configure to test for net-snmp support to fail; in particular + on a Fedora 28 system that doesn't have the redhat-rpm-config package + installed. + This commit checks that any spec files in the compiler and linker + flags returned by net-snmp-config exist on the system building + keepalived, and if not it removes the reference(s) to the spec file(s). + +2018-04-09 Alexandre Cassen + * keepalived-1.4.3 released. + * vrrp: setting '0' as default value for ifa_flags to make gcc happy. + * Add additional libraries when testing for presence of SSL_CTX_new(). + It appears that some systems need -lcrypto when linking with -lssl. + * Sanitise checking of libnl3 in configure.ac. + * Report and handle missing '}'s in config files. + * Add missing '\n' in keepalived.data output. + * Stop backup taking over as master while master reloads. + If a reload was initiated just before an advert, and since it took + one advert interval after a reload before an advert was sent, if the + reload itself took more than one advert interval, the backup could + time out and take over as master. + This commit makes keepalived send adverts for all instances that are + master immediately before a reload, and also sends adverts immediately + after a reload, thereby trippling the time available for the reload + to complete. + * Add route option fastopen_no_cookie and rule option l3mdev. + * Fix errors in KEEPALIVED-MIB.txt. + * Simplify setting on IN6_ADDR_GEN_MODE. + * Cosmetic changes to keepalived(8) man page. + * Don't set ipvs sync daemon to master state before becoming master + If a vrrp instance which was the one specified for the ipvs sync + daemon was configured with initial state master, the sync daemon + was being set to master mode before the vrrp instance transitioned + to master mode. This caused an error message when the vrrp instance + transitioned to master and attempted to make the sync daemon go from + backup to master mode. + This commit stops setting the sync daemon to master mode at initialisation + time, and it is set to master mode when the vrrp instance transitions + to master. + * Fix freeing vector which has not had any entries allocated. + * Add additional mem-check disgnostics + vector_alloc, vectot_alloc_slot, vector_free and alloc_strvec all + call MALLOC/FREE but the functions written in the mem_check log + are vector_alloc etc, not the functions that call them. + This commit adds logging of the originating calling function. + * Fix memory leak in parser.c. + * Improve alignment of new mem-check logging. + * Disable all checkers on a virtual server when ha_suspend set. + Only the first checker was being disabled; this commit now disables + all of them. + Also, make the decision to disable a checker when starting/reloading + when scheduling the checker, so that the existance of the required + address can be checked. + * Stop genhash segfaulting when built with --enable-mem-check. + * Fix memory allocation problems in genhash. + * Properly fix memory allocation problems in genhash. + * Fix persistence_granularity IPv4 netmask validation. + The logic test from inet_aton() appears to be inverted. + * Fix segfault when checker configuration is missing expected parameter + Issue #806 mentioned as an aside that "nb_get_retry" without a parameter + was sigfaulting. Commit be7ae80 - "Stop segfaulting when configuration + keyword is missing its parameter" missed the "hidden" uses of vector_slot() + (i.e. those used via definitions in header files). + This commit now updates those uses of vector_slot() to use strvec_slot() + instead. + * Fix compiling on Linux 2.x kernels. + There were missing checks for HAVE_DECL_CLONE_NEWNET causing + references to an undeclared variable if CLONE_NEWNET wasn't defined. + * Improve parsing of kernel release. + The kernel EXTRAVERSION can start with any character (although + starting with a digit would be daft), so relax the check for it + starting with a '-'. Kernels using both '+' and '.' being the + first character of EXTRAVERSION have been reported. + * Improve grammer. + * add support for SNI in SSL_GET check. + this adds a `enable_sni` parameter to SSL_GET, making sure the check + passes the virtualhost in the SNI extension during SSL handshake. + * Optimise setting host name for SSL_GET requests with SNI. + * Allow SNI to be used with SSL_GET with OpenSSL v1.0.0 and LibreSSL. + * Use configure to check for SSL_set_tlsext_host_name() + Rather than checking for a specific version of the OpenSSL library + (and it would also need checking the version of the LibreSSL library) + let configure check for the presence of SSL_set_tlsext_host_name(). + Also omit all code related to SNI of SSL_set_tlsext_host_name() is + not available. + * Use configure to determine available OpenSSL functionality + Rather than using version numbers of the OpenSSL library to determine + what functions are available, let configure determine whether the + functions are supported. + The also means that the same tests work for LibreSSL. + * Add support for gratuitous ARPs for IP over Infiniband. + * Use system header definition instead of local definition IF_HWADDR_MAX + linux/netdevice.h has definition MAX_ADDR_LEN, which is 32, whereas + IF_HWADDR_MAX was locally defined to be 20. + Unfortunately we end up with more system header file juggling to ensure + we don't have duplicate definitions. + * Fix vrrp_script and check_misc scripts of type + * keepalived-1.4.2 released. + * Make genhash exit with exit code 1 on error. + Issue #766 identified that genhash always exits with exit code 1 + even if an error has occurred. + * Rationalise printing of http header in genhash. + * Use http header Content-Length field in HTTP_CHECK/SSL_CHECK. + If a Content-Length is supplied in the http header, use that as a + limit to the data length (as wget does). If the length of data + received does not match the Content-Length log a warning. + * Optimise parameter passing to fprintf in genhash. + * Don't declare mark variable if don't have MARK socket option. + * Fix sync groups with only one member. + Commit c88744a0 allowed sync groups with only 1 member again, but + didn't stop removing the sync group if there was only 1 member. + This commit now doesn't remove sync groups with only one member. + * Make track scripts work with --enable-debug config option. + * Add warning if --enable-debug configure option is used. + * Allow more flexibility of layout of { and } in config files. + keepalived was a bit fussy about where '{'s and '}'s (braces) could + be placed in terms of after the keyword, or on a line on their own. + It certainly was not possible to have multiple braces on one line. + This commit now provides complete flexibility of where braces are, so + long as they occur in the correct order. + * Make alloc_value_block() report block type if there is an error. + * Simplify alloc_value_block() by using libc string functions. + * Add dumping of garp delay config when using -d option. + * Fix fractions of seconds for garp group garp_interval. + * Make read_value_block() use alloc_value_block(). + This removes quite a bit of duplication of functionality, and + ensures the configuration parsing will be more consistent. + * Fix build with Linux kernel headers v4.15. + Linux kernel version 4.15 changed the libc/kernel headers suppression + logic in a way that introduces collisions. + * Add missing command line options to keepalived(8) man page. + * Fix --dont-release-vrrp. + On github, ushuz reported that commit 62e8455 - "Don't delete vmac + interfaces before dropping multicast membership" broke --dont-release-vrrp. + This commit restores the correct functionality. + * Define _GNU_SOURCE for all compilation units. + Rather than defining _GNU_SOURCE when needed, let configure add + it to the flags passed to the C compiler, so that it is defined + for all compilation units. This ensures consistence. + * Fix new warnings procuded by gcc 8. + * Fix dumping empty lists. + Add a check in dump_list() for an empty list, and don't attempt + to dump it if it is empty. + * Resolve conversion-check compiler warnings. + * Add missing content to installing_keepalived.rst documentation. + Issue #778 identified that there was text missing at the end of + the document, and that is now added. + * Fix systemd service to start after network-online.target. + This fix was merged downstream by RedHat in response to + RHBZ #1413320. + * Update INSTALL file to describe packages needed for building + documentation. + * INSTALL: note linux distro package that provides 'sphinx_rtd_theme' + * Clear /proc/sys/net/ipv6/conf/IF/disable_ipv6 when create VMACs. + An issue was identified where keepalived was reporting permission + denied when attempting to add an IPv6 address to a VMAC interface. + It turned out that this was because + /proc/sys/net/ipv6/conf/default/disable_ipv6 + was set to 1, causing IPv6 to be disables on all interfaces that + keepalived created. + This commit clears disable_ipv6 on any VMAC interfaces that + keepalived creates if the vrrp instance is using IPv6. + +2018-01-27 Alexandre Cassen + * keepalived-1.4.1 released. + * Improve and fix use of getopt_long(). + We musn't use a long option val of 1, since getopt_long() can return + that value. + getopt_long() also returns longindex == 0 when there is no matching + long option, and there needs to be careful checking if there is an + error to work out whether a long or short option was used, which is + needed for meaningful error messages. + * Write assert() messages to syslog. + assert()s are nasty things, but at least let's get the benefit of + them, and write the messages to syslog, rather than losing them down + stderr. + * Enable sorry server at startup if quorum down due to alpha mode + If alpha mode is configured on sufficient checkers so that a + virtual server doesn't have a quorum, we need to add the sorry + server at startup, otherwise it won't be added until a quorum has + been achieved and subsequently lost again. In the case where some + of the checkers remain in the down state at startup, this would have + meant that the sorry server never got added. + * For virtual servers, ensure quorum <= number of real servers + If the quorum were gigher than the number of real servers, the + quorum for the real server to come up could never be achieved, so + if the quorum is greater than the number of real servers, reduce it + to the number of real servers. + * Fix some SNMP keepalived checker integer types and default values. + Some virtual server and real server values were being sent to SNMP + with a signed type whereas the value is unsigned, so set the type + field correctly. + Some virtual server and real server values that apply to checkers + are set to nonsense default values in order to determine if a + value has been specified. Handle these values when reporting them + to SNMP replying with 0 rather than a nonsense value. + * Fix some MALLOC/FREE issues with notify FIFOs. + * Add instance_name/config_id to alert emails' subjects if configured. + If multiple instances of keepalived are running, either different + instance_names and/or config_ids, it is useful to know which + keepalived instance the email relates to. + * Ensure that email body string isn't unterminated. + Using strncpy() needs to ensure that there is a nul termination byte, + so this commits adds always writing a nul byte to the end of the buffer. + * Remove duplicate fault notification. + * Fix problem with scripts found via PATH with a '/' in parameters. + Recent discussions on issue #101 led to discovering that if an + executable without a fully qualified name was specified as a script + and there was a '/' character in the parameters, then the path + resolution would not work. + * Send SNMP traps when go from backup to fault due to sync group. + Commit 020a9ab added executing notify_fault for vrrp instances + transitioning from backup to fault state due to another instance + in the sync group going to fault state. This commit adds sending + SNMP traps in the same circumstance. + * Revert "Add instance_name/config_id to alert emails' subjects if + configured". This should be handled by setting router_id + * Add config option to send smtp-alerts to file rather than send emails + This is useful for debugging purposes. + * Add additional entry to Travis-CI build matrix. + * Fix segfault if no sorry server configured for a virtual server. + Issue #751 identified a segfault in vs_end_handler(), and it + transpires that the forwarding method of the sorry server was being + checked without first testing that a sorry server had been configured. + * Improve the log message when a master receives higher priority advert. + The log message reported in issue #754 + "VRRP_Instance(VI_1) Received advert with higher priority 253, ours 253" + is somewhat misleading since 253 == 253. + This commit improves the log message in this case be reporting that + the sender's IP address is higher and the priority is equal. It also + states the it was a master receiving the advert. + * First stage of making --enable-debug work + Issue #582 identified that compiling with --enable-debug produced + an executable that didn't work. + This commit largely makes that option work, but there needs to be + more work to make signals work. + * Generalise handling of signals. + * Don't assume json header files are in /usr/include/json-c + Use pkg-config to find the location of the json header files + when testing for the presence of the header files in configure. + * Add file updated by configure.ac change. + * Log more helpful message when healthchecker activated or suspended + Include the realserver in the log message + * Fix building with musl libc. + * fix spelling mistakes about keyword promote_secondaries in man page. + +2017-12-29 Alexandre Cassen + * keepalived-1.4.0 released. + * Add Linux build and runtime versions to -v output. + * Log kernel version and build kernel version to log at startup. + * Fix compiling with --enable-debug. + * Don't sleep for 1 send when exiting vrrp process if no vrrp instances. + * Streamline and rationalise use of child_finder function. + The child_finder function is simplified, and also stop using the + parent process' child_finder function in the checker process. + * Don't request bug report if script terminates due to seg fault. + The report_child_status() function would log a message requesting a + bug report if a check_misc script or a vrrp_track script exited due + to a seg fault. + * Handle vrrp track and check_misc scripts being killed by signal. + * Rationalise reporting of child process exit status. + report_child_status() is now only called in the main keepalived + program. The reporting of the exit status of vrrp track scripts + and MISC_CHECK scripts is now handled in the specific code for + those scripts. This means that non 0 exit statuses aren't + repeatedly reported for vrrp track scripts. + * eally fix reporting of child process exit status. + * Log a helpful message i using mem-check and too many allocs. + keepalived simply being terminated by SIGABRT with no diagnostic + message was unhelpful. + * Rename child_finder() to child_finder_name() etc + The function only finds the name of the child process, and not + the thread for the child process, so rename the function accordingly. + * Add log to file and no syslog options. + With large configurations the syslog can get flooded and drop output. + This commit adds options to not log to syslog, and also to log all + output to files. + * Add option to only flush log files before forking. + * Don't poll netlink for all interfaces each time add a VMAC. + We can poll for the individual interface details which significantly + reduces what we have to process. + * Print interface details in keepalived.data output. + * Be consistent with type of size parameter for mlists. + * Fix sign conversion warnings. + * Add high performace child finder code. + The code to find the relevant thread to execute afer a child process + (either a vrrp track script or a misc_check healthchecker) was doing + a linear search for the matching pid, which if there are a large number + of child processes running could become time consuming. + The code now will enable high performance child finding, based on using + mlists hashed by the pid, if there are 32 or more vrrp track scripts or + misc check healthcheckers. The size of the mlist is based on the number + of scripts, with a limit of 256. + * Improve high performance child termination timeout code. + * Fix high performance child finder cleanup code. + * Preserve filename in script path name resolution. + Some executables change their behaviour depending on the name by + which they are invoked (e.g. /usr/sbin/pidof when it is a link to + /usr/sbin/killall5). Using realpath() changes the file name part + if it is a symbolic link. This commit resolves all symbolic links + to directories, but leaves the file name part unaltered. It then + checks the security of both the path to the link and the path to + the real file. + * Handle scripts names that are symbolic links properly. + * Use fstatat() rather than stat() for checking script security. + If we use fstatat() we can discover if a file is a symbolic + link and treat it accordingly. + * Fix building with kernels older than v4.4. + * Fix building with --disable-lipiptc and --enable-dynamic-linking. + * Fix building with --without-vrrp configure option. + * Resolve unused return value warning. + * Fix some RFC SNMP issues. + * Attempt to fix mock builds. + * Fix parsing of broadcast + and broadcast - + * check_http.c: http_get_check_compare crash fixed in case of absense + of digest. + * Add -pie linker option. + Since -fPIE is specified for the compiler, -pie should be specified + for the linker. + * check_http.c: http_get_check_compare crash fixed in case of absense o. + * Fix use S_PATH and fchdir(). + S_PATH wasn't defined until Linux 2.6.39 and fchdir() doesn't work + with S_PATH until Linux 3.5 (according to open(2) man page). + * Fix building with Linux versions between 2.6.39 and 3.3 + Linux 2.6.39 introduced ipsets, but the kernel had some omissions + from linux/netfilter/ipset/ip_set.h header file, so the libipset + provided version needed to be used. + Note: RedHat backported ipsets to at least 2.6.32, so the problem + applied to earlier versions of RedHat Linux and Centos. + * Fix segfault when parsing invalid real server. + If the first real server ip address doesn't match the address + family of the virtual server, then we need to skip parsing the + rest of the real_server block. + * Make when vs_end_handler is executed + Commit 1ba7180b ('ipvs: new service option "ip_family"') added a + sublevel_end_handler vs_end_handler, but this was being executed + at the end of each real_server rather than after the virtual_server. + This commit adds a new parser function install_root_end_handler(), + and vs_end_handler is now installed using that function so that it + is executed at the end of the virtual_server rather than after each + real_server. + * Allow tunnelled rs address family not to match vs family. + The address family of a tunnelled real server does not have to + match the address family of its virtual server, so we need to + delay any setting of the vs address family from an rs address + until the end of the real_server block, so that we know whether + the forwarding method is tunnelling or not. Likewise the check + of the sorry server has to be delayed until the end of the + virtual server configuration (the tunnelling method may be + specified after the address of the real/sorry server). + The address family of a virtual server is only not determined + by the virtual server configuration itself if the virtual server + is defined by a fwmark and all of the real/sorry servers are + tunnelled. In this case the address family cannot properly be + determined from the address family of any tunnelled real servers. + However, to maintain backward compatibility with configurations + used prior to this commit, the address family of the virtual + server will be taken from the address family of the (tunnelled) + real/sorry servers if they are all the same; if they are not all + the same it will default to IPv4 (this is not incompatible since + previously mixed IPv4 and IPv6 real/sorry servers were not allowed, + even if tunnelled). + * Remove bogus warning for fwmark virtual servers. + "Warning: Virtual server FWM 83: protocol specified for fwmark + - protocol will be ignored" should not be given if no protocol has + been specified. + * Fix removing left-over addresses if keepalived aborts. + * Fix use of init_state after a reload. + Issue #627 identified that vrrp->init_state was being incorrectly + used in vrrp_fault(), since it is modified at a reload. + Instead of using init_state, we now use the configured priority + of the vrrp instance, so if the vrrp instance is the address owner + (priority 255) it will transition to master after leaving to fault + state, otherwise it transitions to backup. + * Remove init_state from vrrp structure + init_state is no longer used, so remove it from the vrrp structure. + Since it has been included in keepalived SNMP, it is preserved + solely for reporting in SNMP requests. + * Change conditional compilation _WITH_SNMP_KEEPALIVED_ to + _WITH_SNMP_VRRP_ + The functionality that the conditional compilation enabled was snmp + vrrp functionality, so make the name more relevant. + * Update error message in configure.ac. + * Add more configure options to Travis build matrix. + * Install additional libraries in Travis environment for new options. + * Fix some problem found by Travis-ci. + * Fix configure --disable-checksum-compat option. + * Remove DOS file formatting from .travis.yml. + * Add more configuration option to Travis builds and some build fixes. + * Tidy up some code alignment. + * Update openssl use to stop using deprecated functions + openssl from version 1.1 deprecated certain functions that keepalived + was using. This commit ceases using those functions if the version + of openssl is >= 1.1. + * Fix some issues identified by valgrind. + Some file descriptors weren't being closed at exit, and also one + or two mallocs weren't being freed. + * Set pointer to NULL after FREE_PTR() unless exiting. + * Allow sync groups with only 1 member, but issue a warning. + * Fix building with LibreSSL version of OpenSSL. + Unfortunately LibreSSL updates OPENSSL_VERSION_NUMBER, and its value + is higher that OpenSSL's latest version. When checking the version + number we need to check that we are not using LibreSSL (by checking + whether LIBRESSL_VERSION_NUMBER is defined). + LibreSSL also hasn't implemented the new functions that OpenSSL has + provided to replace functions that are deprecated or it is recommended + should not be used, and so if using LibreSSL the old functions need + to be used. + * Update genhash to stop using deprecated functions openssl functions. + * Remove last few Subversion source file version Id strings. + Some of the genhash source code still had Subversion Id strings, + and these are now removed. + * Add copyright update script. + * Copyright update. + * Remove outdated Version comment. + * Fix update copyright script. + * Include Makefile.in files in copyright update. + * Add replaceable parameters in configuration files. + * Fix some MALLOC/FREE issues with config parameters. + * Add multiline configuration definitions. + * Remove debugging messages left in lib/parser.c. + * Fix a FREE error. + * Fix keepalived.conf(5) man page. + * Fix type in keepalived.conf(5) man page. + * Suppress error message when removing leftover addresses at startup. + +2017-10-21 Alexandre Cassen + * keepalived-1.3.9 released. + * Stop segfault if SSL context cannot be initialised. + * Don't leave point to SSL data after freeing it. + * Fix memory leak if duplicate SSL context values specified. + * Don't initialise an SSL context if it isn't being used. + * Checksum compatibility should refer to v1.3.6. + * Update keepalived.spec.in for differences between Fedora and CentOS. + * change hash to something more even and hash size accordingly. + * also update size of hash in free_list. + +2017-10-15 Alexandre Cassen + * keepalived-1.3.8 released. + * parser: do not exit when glob() doesn't match any files. + * Use nodename as default id for conditional configuration. + If the node name returned by uname() is host123.abc.de, then + lines in the configuration file matching @host123 will match the + conditional configuration test. This means that it is no longer + necessary to specify the -i command line option if the conditional + configuration string used in the configuration is the node name. + * Option --i/--config-id parameter is not optional. + Since the config-id defaults to the hostname, there is no point + in allowing --config-id to be used without a parameter, just to mean + use the hostname. + * Use NULL instead of 0 for pointers in get_longopts struct. + * Some minor tidying up of the new JSON output code. + 1. Use SIGRTMIN+2 rather than (_SIGRTMIN + 4) + 2. Don't include JSON code if not building with VRRP + 3. Some code alignment fixes + 4. Some conditional compilation additions + * Add --signum command line option to report signal numbers. + Since keepalived is starting to use real time signals, and those + signal numbers are not fixes, this commit introduces a way to + ask keepalived to report those signal numbers. + * Stop command line option -i segfaulting. + * Fix config include files when file has no directory par. + When an include file name has no directory part, there is no + directory to change to, so don't try to do so. + * Use getcwd() malloc functionality if available. + * Add support for csh brace globs in config file names. + * Update documentation for config file include directive. + * Use fchdir() when changing direcories while reading include files. + The getcwd(3) man page recommends using open()/fchdir() rather than + getcwd()/chdir() since fchdir() is guarantee to return to the previous + directory even if directories have been renamed in between the first + chdir and the second. It also suggests that it is faster, and saves + mallocs or allocation of arrays on the stack of size PATH_MAX. + * Use alloc_value_block() for vrrp_vip_handler(). + * Fix whitespace error introduced in commit 9458c9b9. + * Reinforce that '@' conditional config character must be 1st on line. + The '@' conditional configuration character must be the very first + on a configuration, meaning that there cannot even by whitespace + before the '@' character. + * Check whether GLOB_BRACE is supported (it is not part of POSIX.2). + * When building a docker image, it appears that autoheader is required. + * Fix IPVS virtual server setup with persistence. + * Remove a merge conflict .rej file accidentally added to git. + This commit also updates the .gitconfig file to ensure that .rej + files will not be added in the future. + * config synopsis - cleanup line endings and comment alignment. + * conf examples - clean eol whitespace. + * conf examples - clean triple line breaks. + * add pair of config options used in misc_check. + * clean surprise tab character. + * many whitespace fixes; some missing docu added to synopsis. + * config docs - apply code review markups. + * Trivial updates to latest format cleaning patches. + * Allow conditional configuration to work with include statements. + * Allow '@' conditional configuration to be preceeded by whitespace. + +2017-10-01 Alexandre Cassen + * keepalived-1.3.7 released. + * Allow broadcast address to be specified as '-' or '+' + When configuring an ip address with a broadcast address, allow the + use of - and + (like ip(8)) to clear or set the host specfic bits of + the address, i.e. + 10.6.23.254/16 broadcast + result in a broadcast address of 10.6.255.255 + 10.6.23.254/16 broadcast - results in a broadcast address of 10.6.0.0 + * Change some code layout and macro/variable names + * Print unicast peer addresses in /tmp/keepalived.data + * Add negative conditional configuration. + A configuration line starting @main will only be included if + keepalived is started with option -i main. + This commit adds configuration option @^main, meaning that the + remainder of the configuration line will only be included if + -i main was NOT specified. + * Fix calculation of checksum for VRRPv3 IPv4 unicast peers. + Alternate unicast peers were being sent adverts with the checksum + set to 0. The reason for this was that the checksum field was not + being set to 0 before the checksum calculation, hence causing the + calculated checksum to be 0 for the second, fourth, sixth etc + unicast peer. + * Generate README from README.md. + * Only declare (and use) auth variables if compiling with authentication. + authtype_mismatch and auth_failure are only used if authentication is + enabled. + * The vrrp_t vmac flag should be a bool. + * Add include guard for vrrp_print.h. + * Log some additional vrrp variables. + * Make checksum change backwards compatible. + This commits adds the ability of keepalived to revert to using the old + checksum calculation if it sees an advert that has an old checksum. This + means that if an old and a new version of keepalived are working + together, once the new version has seen an advert from an old version, + it will drop back to using the old style checksum, and so the two + keepalived instances will work together. + There is a slight problem with this, though. If the old version starts + when a new version is master, if will report bad checksums. This should + be fine, since keepalived should discard the adverts, time out and send + an advert which would make the new keepalived revert to old checksums. + Unfortunately, keepalived does not completely ignore bad adverts, since + it resets its master down timer, even for bad adverts, and so it never + times out. However, in this scenario, there will still remain one master + and all the other keepalived instances will be in backup state, and so + VRRP functionality is preserved. + As identified in commit bcf2936 until commit 67275d2 keepalived did not + work with VRRPv3 and more than one other unicast peer, so for migration + we only need to consider two unicast peers. To upgrade, first upgrade + the keepalived instance that is in backup mode. This will see old + checksums when it starts, and so start using old checksums. The other + keepalived instance can then be upgraded and it will also see old + checksums when it starts up. In order to switch to using new checksums, + temporarily add the following line in the configuration of each vrrp + instance that is in master state: + old_unicast_checksum never + and then reload the keepalived instance by sending it SIGHUP. After the + master has restarted, restart the backup with a SIGHUP, and they will + then be using new checksums. The temporary old_unicast_checksum never + lines can now be removed from the configuration. + * Add checker bind_if keyword. + If a checker binds to a link local IPv6 address, the interface has + to be specified. + * Make DBus service name configurable. + * Make --config-id option default to hostname. + This is the equivalent of specifying --config-id `hostname -s`, and + makes it more straightforward to deploy the same configuration to + multiple hosts. + * Issue warning if more than 1 dynamic misc_checker per real server. + If different scripts return different exit statuses, the priority + of the real server will keep changing. The solution is to combine + the functionality into 1 script. + * Improve DBus error handling. + . Always clear errors to avoid leaks + . Check for errors when emitting signals + . Check for errors when registering objects + * Stop test tcp_server leaving zombie processes. + * Fix persistence_granularity handling + 1. vs->addr.ss_family should never be used to check address family of + vs since there may not be an address is using fwmark. + 2. If using fwmark, the address family may not be known when parsing + persistence_granularity + 3. Set address family from format of persistence_granularity if not + already set + 4. Ensure entire string is a number and is between 1 and 128 for IPv6 + 5. Ensure netmask specified for IPv4 is solid + * Ensure always check return from inet_stosockaddr when parsing config. + * Add lthreshold and uthreshold to keepalived.SYNOPSIS. + * Merge virtual server group addresses and ranges into one list. + A single address can be treated as a range with only 1 address, so + this reduces the number of lists that need to be processed when + handling a virtual server group. + A number of corrections were also made re hton/ntoh(s|l). + * Remove redundant setting of real server weight. + * Don't use vs->addr.ss_family for address family of virtual server. + A virtual server won't use vs->addr if it is defined by a fwmark or + it is uses a firtual server group. vs->af is the correct field to use. + * Make ipvs_update_stats() little/big endian aware. + * Simplify ipvs_update_stats(). + Don't run a state machine to collect all the stats, simple iterate + through the entries. + * Move fetching ipvs stats into ipvs_update_vs_stats(). + * Remove some #defines in ipvs_update_stats(). + * Streamline setup for changing ipvs configuration. + * Fix updating resolved notify script path names with parameters. + * Add silent option to test/tcp_server. + * Document default checker connect ip/port. + * Remove duplicate setting up of file name. + * Validate HTTP_GET and SSL_GET checkers. + Unsure that urls have a path specified, and that the checkers have + at least one url specified. + * Fix memory leak if SMTP_CHECK helo_name specified. + * Fix dumping of SMTP_CHECK host list. + * Don't allocate and copy default SMTP_CHECK helo name unless needed. + * Tidy up dumping SMTP checkers. + * Remove smtp_host_t typedef. + If is passed to functions that take a conn_opts_t parameter, so + we need to explicitly use the correct type. + * Simplify handling of host{} block in SMTP_CHECK. + This also allows specifying connect_ip, connect_port as well as + unsing host blocks. + * Add DNS_CHECK RRSIG and DNSKEY query types. + * Fix documentation re MISC_CHECK. + * Detect if no misc_path specified for MISC_CHECK. + If no path was specified, keepalived was segfaulting. + * Add some more error messages to socket_bind_connect(). + * Checker connections aren't always TCP. + * Report if checker bind_if is missing + If a link local IPv6 address is specified for a checker to + connect to, then a bind interface must also be specified, + otherwise the connect() call fails. + * If a real server has inhibit_on_failure, configure it at start up + If a real server had inhibit_on_failure set, but it also had an + alpha mode checker, then the real server should be installed at + startup with weight 0 to be consistent with what would happen if + the checker had been successful but then failed. + * Improve handling of virtual server groups. + If multiple virtual servers use the same virtual server group, and + the virtual servers have different protocols, or the virtual server + groups are defined using only fwmarks and the virtual servers have + different address families, then multiple versions of the entries + in the virtual server groups will need to be created as IPVS + virtual servers. + This patch handles the creation and removal of the necessary different + virtual servers for the virtual server groups. + * Add virtual server protocol types SCTP and none for SNMP. + * Handle virtual server with no protocol specified + This is valid if fwmarks are being used. + * Warn if a protocol is set on a virtual server using firewall marks. + * Don't check !LIST_ISEMPTY(vs->rs) after config is validated + In validate_check_config() any virtual server without any real + servers is removed, so there is no need to check subsequently. + * Don't allow virtual server groups without any addresses for fwmarks. + * Fix and optimise handling of promote_secondaries. + The promote_secondaries flag was being cleared by the first vrrp + instance that stopped using an interface, rather than by the last + instance. + * Fix the setting of mcast address for checksum compatibility + It was using INADDR_VRRP_GROUP rather than vrrp_mcast_group4. + +2017-09-15 Alexandre Cassen + * keepalived-1.3.6 released. + * Ensure locations of pid files is consistent + Issue #563 identified that the generated keepalived.service has the + wrong location for the pid file. On investigating this it was discovered + that keepalived isn't following the GNU coding standards for location of + pid files; however, we can't now move the default location of pid files. + This commit ensures that the keepalived.service file's location for pid + files is consistent with where keepalived is placing them, but also adds + a configure option --enable-gnu-std-paths, which means that keepalived + will use ${localstatedir} for the location of pid files, while the default + remains /var/run + * Stop logging that preferred_lft has been set to 0. + Some users are interpreting the message as a warning, and hence are + unnecessarily avoiding using a /128 netmask for IPv6 addresses. The + message doesn't really tell us anything useful, so remove it. + * Handle not being able to load ip_tables or ip6_tables modules. + When running in a docker container it isn't possible to load kernel + modules, so we need to cleanly handle a failure to load the modules. + * Don't segfault if unable to load ip_vs module. + In a docker container it isn't possible to load a kernel module. The + check code was detecting that it couldn't load the module, but the + checker process, when cleaning up prior to exiting, was assuming that + certain pointers had been initialised which hadn't been when an error + was detected so early in the initialisation. + This commit adds testing for uninitialised pointers during the exit + sequence. + * Fix releasing malloc'd memory for saved core pattern. + * Fix memory leak when adding iptables entries. + * Handle missing virtual server configuration. + keepalived was segfaulting if a virtual server had no real servers + configured. There were also issues of checkers running even if there + was missing essential configuration from a virtual server which meant + it could be set up. The problems were a virtual server group specified + but it didn't exist, a virtual server group with no configuration, and + a virtual server address family not match the address family of a virtual + server group. + * Don't attempt to remove ipsets if ipset handling not initialised. + * Delay initialising IPVS until affter processing configuration. + If IPVS isn't configured, there is not point in loading the ip_vs + module. + * Fix conditional compilation tests for _HAVE_LIBNL3_ + * Make dynamic flag bool. + * Don't report exit status of misc_check scripts. + The result of a change in status from a misc_check script is reported + by the code anyway, so to log any non-zero exit code is superfluous and + annoying. + * Work around conflict between kernel and libipset header files. + ipset copies linux/netfilter/ipset/ip_set.h (and other) header + files, producing local copies that are installed as + libipset/linux_ip_set.h etc as part of the libipset development + package. Unfortunately although the kernel changes the include + guards when processing its source code, ipset does not, and so + the duplicated header files have different include guards. + This patch detects if the include guards don't match, and if so + if linux/netfilter/ipset/ip_set.h is included, it defines the + include guard used by libipset/linux_ip_set.h before the latter is + indirectly included. + * add Dockerfile. + * Fix detecting default script uid/gid. + * Stop segfault when keepalived can't load ip_vs module. + * Add some additional docker support files and add make target docker. + The configuration file installed by make install isn't ideal to run + keepalived with, so add a simple keepalived.conf that will be + installed into the container. + Add make target docker, to build the docker image. + Add docker/README to give some information about building and using + containers (this is mainly so that I don't forget how to the details). + * Remove a line of debugging code. + * Don't complain about keepalived_script user if not needed. + keepalived logged a warning every time if the keepalived_script user + didn't exist. We only need that warning if there is a script that uses + the default user, and an alternative defult user isn't specified. + * Fix relative script path names with embedded spaces. + The space wasn't being restored after resolving the path name. + * Fix memory leak if notify scripts specified multiple times. + * Remove some residual debugging messages. + * Fix memory leak if quorum up/down scripts specified multiple times. + * Use realpath() to canonicalize script names. + * Fix missing PARAMETER_UNSET, which caused the global value of + vrrp_higher_prio_send_advert not to be used for each VRRP instance. + * Remove unused variable introduced in commit 1c5bfa29. + * Fix using virtual server groups following commit 5ca36cb. + * Set address port to be sequence number for virtual server group. + The format_vs() function uses the virtual server address port as + the sequence number of the virtual server instance using the virtual + server group, so we need to set it up. + * Warn if real server has no checkers when alpha mode. + If a virtual server is configured with alpha mode, and a real server + has no checkers, the real server will never be able to be activated, + so generate an appropriate warning. + * Only delete virtual server once if using a virtual server group. + If multiple virtual servers are using a virtual server group, the + virtual servers are defined by the virtual server group, and so they + should only be deleted for the first virtual server using the group. + There is still an issue that the configuration of all virtual servers + using the virtual server group needs to be consistent. + * Add further checks for LVS configuration. + * Document additional scheduling algorithms for IPVS. + * Change virtual_server_t loadbalancing_kind to forwarding_method. + The variable name loadbalancing_kind didn't represent the meaning of + the parameter, so change it to forwarding_method. + * Add fo and ovf scheduling types to SNMP. + * Only check one packet scheduling if supported. + * Add lvs_method per real server. + The lvs_method should be settable for each real server within a + virtual server. This commit maintains existing default behaviour + by using the lvs_method set against the virtual server as the default + for the real servers, but adds the option to configure the lvs_method + individually for each real server. + * Fix type in printing config of scripts. + * Convert some spaces to tabs. + * logger: output timestamps to console logs. + * Optimise handling of config_id in parser. + * Fix some typos. + * prog_type variable doesn't make sense when building a DEBUG version. + The DEBUG version runs everything in a single process, and to the + prog_type variable is meaningless in this case. This commit excludes + the prog_type variable by conditional compilation when building a + DEBUG version. + * Add home, -nodad, mngtmpaddr, noprefixroute, and autojoin address flags. + * Update documentation for commit cc67476. + * Add notify FIFO. + pull requests #568 and #587 and issue #584 have all identified that if + notify scripts are run in close succession, then order if processing of + those scripts is indeterminate, and this is causing systems that are + monitoring the state of vrrp instances to have the wrong state. + There have been various suggestions about how this should be resolved, + principally along the lines that the notify scripts should be run + synchronously, i.e. a notify script should not be run until the previous + notify script completed. While this would work, it adds some overhead to + keepalived, which currently does not monitor the exit status of notify + scripts. + There is a further issue with notify scripts that if a large number of + events occur in rapid succession (e.g. due to an interface flapping), this + can cause a large number of child processes to be created very rapidly. + This commit adds an alternative method for external processes receiving + notification of events. Instead of forking a script for each event, keepalived + will write to a named pipe. An external process can then read the pipe to + receive notification of events, and process them appropriately. This is + guaranteed to deliver events in the correct order. It also has the benefit + that there isn't the overhead of forking a child process for each event. + * If can't get local host name, set default router_id to "[unknown]". + Issue #588 reported that keepalived was segfaulting when generating + an SNMP trap in strlen(global_data->router_id), which presumable is + due to global_data->router_id being NULL. As a precaution set + router_id to "[unknown]" if get_local_name() fails". + * Implement SNMP reporting smtpServerPort. + Commit 128cd24 added functionality for specifying smtp server port + and commit bcb09b8a added smtpServerPort to the keepalived MIB, but + no code was added to report the port. This commit adds that functionality. + * Don't use PATH when executing FIFO script. + The path has already been resolved as part of checking the script + security, so there is no need to search the path. + * Log error if unable to execute FIFO notify script. + * Pass FIFO name to notify_fifo_script as parameter. + * Add FIFO notify for LVS notifies. + To match the FIFO notifies for VRRP, this commit adds FIFO notifies + for LVS. There are now three FIFOs available, a global one that + will send output for VRRP and LVS, one for VRRP only and one for + LVS only. + * Fix conditional compilation for --enable-debug + Commit 7947247 attempted to sort out making keepalived work with + --enable-debug, but unfortunately it used the wrong conditional + compilation variable (DEBUG instead of _DEBUG_). This commit + corrects the conditional compilation tests. + * Include protocol in virtual and real server output. + * Stop segfaulting if no script given for a vrrp_script. + * Fix a _DEBUG_ conditional compilation test. + * Fix incorrect expression in clear_services(). + * Fix use htons() instead of ntohs(). + * Fix bad file descriptor error at reload with no virtual servers. + * Delete disabled inhibit servers at reload. + * Add logging to remove sorry server at reload. + * Fix bad file descriptor error at reload with no virtual servers. + * Delete disabled inhibit servers at reload. + * Fix thread_cancel() for timed out threads. + * build: add basic .travis.yml file + * README.md: rename from README. + * build: add build status tag in readme file + All that's needed now, is for user `acassen` to + go to `https://travis-ci.org/` login with the Github + account, import repos from Github, and enable build + for keepalived [a checkbox/button]. + * Set sorry_server's fowarding_method. + * Further fix for thread_cancel() for child timeout threads. + Commit ade3d699 fixed removing read and write timeout threads + from the ready queue when they are cancelled. This commits adds + removing child timeout threads from the ready queue too. + * Fix warnings from ignoring seteuid/setegid return results. + * Fix dynamic linking with early versions of libnl3 without nla_get_s32. + * Updated autoconf files due to autoconf upgrade. + * Fix compiling with namespace collisions in net/if.h and linux.if.h. + * Update travis configuration. + This commit includes the installation of development library + packages, updated kernel header files, using trusty for the builds, + and adding more build options. + * Reinstate distributing (renamed) README.md file. + * More updates for updated automake/autoconf. + * Fix new warnings produced by gcc 7. + * Migrate failed checkers at reload (provisional implementation). + * Implement comparison of checkers. + genhash: libraries to link with should be put in LDADD, not LDFLAGS. + * configure.ac: fixed build on older systems, namely CentOS 6. + Provide AS_VAR_COPY if missing and downgrade autoconf dep to 2.63. + * Fix worng migrate of checker-id. + * Set active if new failed_checkers is empty. + * Fix typo in interface details printing. + * Enable vmacs to work when sysctl net.ipv4.conf.all.rp_filter > 0. + A number of distros now set net.ipv4.conf.all.rp_filter = 1 by default. + This means that when a vrrp instance is in the master state, it cannot + receive adverts sent by a higher priority master, and hence we end up + with 2 masters. + I tried an alternative of receiving on the base interface, but no packets + that have the same source MAC address as an interface on the system + (i.e. the vmac interface) get delivered to the socket. + For distros such as Fedora, RHEL, CentOS, ArchLinux, all.rp_filter = 1 + due to systemd commit + https://github.com/systemd/systemd/commit/1836bf9e1d70240c8079e4db4312309f4f1f91fd + The reason given for the commit is to work around a boot-time race condition + where interfaces created before default.rp_filter is set do not get the + updated default.rp_filter setting, and so the all.rp_filter setting is used + to override the individual interface settings. This doesn't seem the right + solution to the problem, since it prevents any interface running with + rp_filter = 0, and that is what we need for vmacs. I have filed an issue + report for systemd at https://github.com/systemd/systemd/issues/6282, but + in the mean time we need to work around the issue. Ubuntu sets all.rp_filter=1 + in /etc/sysctl.d/10-network-security.conf provided by the procps package. + Debian doesn't set all.rp_filter. + The only solution I have found, and I am not entirely happy with this since + it has effects beyond keepalived and affects the system as a whole, is to set + all.rp_filter = 0. In order to seek not to change the operation of the system, + if default.rp_filter < all.rp_filter, default.rp_filter is set to all.rp_filter, + thereby ensuring that any new interfaces created will take the original value + of all.rp_filter. It then iterates through all existing interfaces, and + {interface}.rp_filter is set to the value of all.rp_filter if + {interface}.rp_filter < all.rp_filter. all.rp_filter is then set to 0. + This means that all interfaces should behave in the same way as before, since + the behaviour of rp_filter is defined by the maximum of + {interface,all}.rp_filter, but we are not able to operate the vmac interfaces + with rp_filter = 0. When keepalived exists, it restores the original settings + of rp_filter if they are the same as what we set them to. + * Only restore rp_filter on interfaces if same as we set them to. + If rp_filter has been altered since we set it, then do not restore + it to the original value. + * Update files for build fix commits. + Commits 2cccc97 and a932cf2 provided fixes for building on CentOS6. + This commit updates genhash/Makefile.in in line with + genhash/Makefile.am and adds a comment to autoconf.ac regarding + when autoconf introduced support of AS_VAR_COPY. + * Fix build error at when _HAVE_IPV4_DEVCONF_ was undefined. + * Remove unnecessary parameter compare. + * Resolve compiler warning introduced by commit 8361b11. + * Remove debugging log messages added in commits 99fe626 and 6ec26e0. + * Fix compiler warning and remove unwanted log messages. + * Make a couple of checker variables non global. + * Correct comparison for checker compare in migrate_failed_checkers. + Commit 2ff6b3f changed the sense of the comparisons of checkers, + but didn't make the corresponding change to checking the result. + * Fix keepalived.doc(5) man page. + * Add virtualhost config for real servers. + Different real servers may want different virtualhost config + settings. The real server virtualhost setting overrides the + virtual server virtualhost setting. + * Allow virtualhost to be specified per checker and per url. + * Fix compiling with SNMP enabled. + * Fix compiler warnings when use configure --enable-conversion-checks. + * Fix an unintentional case fall-through. + gcc 7 identified two case statement fall-throughs. One was intentional, + but the other was a bug. The latter is now fixed, a comment is added + for the former so the warning isn't generated. + * Fix commit cc67476 to allow flags for static and virtual ip addresses. + * Fix handling of more recent ip address flags. + Recent ip address flags have exceeded 8 bits, and so the IFA_FLAGS + attribute needs to be used, rather than the ifa_flags field. + * Fix typo in help. + +2017-03-19 Alexandre Cassen + * keepalived-1.3.5 released. + * Ensure nopreempt is not set if address owner. + * Remove hardcoded paths from init files. + * Add configure option to override system init type. + * Fix some configure tests for init type. + * Add support for ip rules uidrange option. + This option was added in Linux 4.10. + * Resolve compiler warning on 32 bit systems. + There were two warnings in lib/timer.c for signed vs. unsigned + comparisons on 32 bit systems. + * Add missing documentation for ip rule uidrange. + * Include snapcraft.yaml tar file. + * Remove extraneous EXTRA_DIST directory. + * Add library requirements for ArchLinux. + * Allow tracking and misc_check scripts time to terminate after + timeout. If a script exceeds the timeout, it is sent a SIGTERM, + and then if it still doesn't terminate, it is sent a SIGKILL. + The problem was that the script was only allowed 2 microseconds + to terminate, whereas it should have been 2 seconds. + * Fix script paths when converted to absolute path names. + If a tracking or misc_check script is not specified by a fully + qualified path name, but rather it is resolved via PATH, the updated + patch name wasn't being saved for tracking or misc_check scripts. + * Remove yet more hardcoded paths. + * Make git ignore keepalived.service file. + * Streamline signal handling initialisation. + * Report track script name if it times out. + keepalived was simply reporting that pid nnnn had timed out, which + didn't give any indication of what script it was that had timed out. + This patch now means that the script name will be logged rather than + the pid. + * Fix conditional configuration for config read via alloc_value_block(). + The code for handling conditional configuration was in the wrong function. + This commit move it to read_line() so all configuration is read in the + context of @system_id conditional lines. + * Fix compiling with --disable-vrrp. + When building without vrrp, the checker process still needs to + know about IP address creationg and deletion in order to allow the + ha_suspend configuration option to work. + * The checker process never needs to monitor interfaces. + * Move vrrp_ipvs_needed() to vrrp_daemon.c. + * Remove some unnecessary includes of check_data.h. + * Make ha_suspend work when building without vrrp. + Support of ha_suspend was only enabled when keepalived was built + with vrrp support. There may be other processes that are adding and + deleting ip addresses, so support of ha_suspend should be enabled when + building without vrrp support. + Also, the vrrp process doesn't need to call the update_checker_activity() + function when addresses are added or deleted. + * Don't use netlink address monitoring if not using ha_suspend. + * Make --release-vips (-X) option work. + 'X' was not included in the optstring for getopt_long(), and so + --release-vips option was not recognised. + Further, only enable VRRP and checker specific options if compiled + with that functionality. + * Only report added/deleted addresses if relevant to keepalived. + Logs could get full of messages reporting address addition/deletion + that were of no relevance to keepalived. By default, keepalived will + now only report address additions/deletions with the -D option if + the address is relevant to keepalived. + The -a option is added to log all address additions/deletions. + * Remove all #ifdef _WITH_LVS_ from checker code. + If building the checker code, _WITH_LVS_ is always defined (_WITH_LVS_ + means build the checker code), so there is no point testing if it is + defined in any of the checker code. + * Only include vrrp header files when building with vrrp and also for + check. Make sure vrrp header files are only included if building with + vrrp (i.e. without --disable-vrrp), and likewise only include check + header files if compiling with LVS support (i.e. without --disable-lvs). + * Add test/tcp_server.c for testing TCP_CHECK. + * Make -a option work without ha_suspend. + * Fix integer types. The correct, standard integer types are uint8_t and + uint16_t, not u_int8_t nor u_int16_t (the latter being kernel types). + glibc and uClibc may define the kernel-compatible types, but musl (which + is standards-compliant) does not. + * Fix warning when compiling without libnl. + * Add including where those types are used. + * Add option to not use dlopen() for libipset, but link at link time. + * Remove superfluous (duplicated) block of code. + * Add option for dynamic (run-time) linking to libip[46]tc. + * Fix dynamic linking of libiptc without ipsets. + * Check iptables/ip6tables commands available before using them. + * Fix some conversion check compiler warnings. + * Make configure option --disable-routes do something. + * Don't link to libdl if not needed. + * Fix compilation with --disable-vrrp. + * Don't link to libraries not required by configuration. + * Remove all authentication code if --disable-vrrp-auth specified. + * Remove FALLBACK_LIBNL1 and use existing _HAVE_LIBNL1_ instead. + There was no point in a separate FALLBACK_LIBNL1 since it and + _HAVE_LIBNL1_ always had the same value. + * Add udp functionality to tcp_server test program. + * Fix check_conditional_tests script. + * Add option for dynamic (run-time) linking to libxtables. + * First stage of run-time linking to libnl-3. + * Dynamic/static linking options of libnl/libnl-3, libip[46]tc and + libipset. libnl/libnl-3, libip[46]tc and libipset can all be dynamically + linked at run-time, and if they are not available, keepalvied will use + the alternative code which is used when the libraries cannot be linked + a build time. + This means that a single executable keepalived can be created that will + use the libraries if they are installed on the target system, but will + fall back to the alternatives if the libraries are not available. + This is useful for build environments such as Buildroot which will not + force optional dependencies (see pull request #540), since now keepalived + can be built so as not to force the optional dependencies, but to make + use of them if they are installed. + * Fix building without libnl/libnl-3. + * Don't allow adver_int to be rounded down to 0. + * Fix creation of iptables entries on more recent kernels. + On a 4.9.13 kernel iptables entries were being created with + return-nomatch ! update-counters ! update-subcounters, as shown by + the iptables command. + Although it is not understood why these options are being added, it + transpires that the problem occurs when using version one of the + xt_info_set_match, but doesn't occur when using version 4 of the + structure. + This patch ensures that the latest version of the structure that is + supported by the kernel is always used. + * Fix updating /proc/sys/kernel/core_pattern. + Reset file offset to beginning of file between reading the file and + writing new contents. + * Fix printing of smtp_server port. + * Handle failure if fail dynamically to get address of a libipset function. + * Be defensive in case fail to get addres of a libipset function dynamically. + * Fix evaluation of library names for run-time linking. + * Show failed ipset dl function. + * Provide explicit DL error messages and fix autobuilt snap version. + * Fix formatting of email message for CHECK_SMTP failures. + The format string passed to smtp_final() can contain format specifiers + so a further pass through printf is required. + * Add printf format attribute to vlog_message(). + * Add higher_prio_send_advert vrrp config option. + There is a problem if two vrrp instances, due to becoming isolated, + both become master, since they will both have sent GARP messages. + Setting higher_prio_send_advert and garp_lower_priority_repeat means + that if a master receives a higher priority advert, it will send its + own lower priority advert before it transitions to backup. The higher + priority master, on receiving a lower priority advert, will then send + GARP messages, and so the ARP caches will then be correctly updated. + Using the higher_prio_send_advert option may be considered not to + conform to the VRRP protocol (725) to (765) in state description of + RFC5798, however, since which of the two masters advertises first + after they can both see each other again is random, there is a 50% + chance that the lower priority instance will send an advert before the + higher priority instance, so to all external observers it will appear + that this is the case, or at least that the adverts overlapped. + * Fix higher_prio_send_advert in lower priority master. + * Load the ip_tables module if using iptables. + We cannot guarantee that the ip_tables modules has been loaded, so + we load it ourself if using libiptc. + * Fix (cosmetic) conditional compilation test. + * Fix building with --enable-libxtables-dynamic --disable-libiptc. + * Enable compilation with namespaces if SYS_setns is not defined. + * Fix compiling with struct xt_set_info_match_v0. + * Check to libnfnetlink.h and netlink.h with libnl v1 too. + * Workaround missing libraries from pkg-config --libs libiptc. + Old version of libiptc don't report requirements on libip4tc and + libip6tc, so check if the output from pkg-config is only -L.* -liptc + and if so add -lip4tc -lip6tc. + +2017-02-18 Alexandre Cassen + * keepalived-1.3.4 released. + * Fix generation of lib/git-commit.h when building a tagged commit. + * Define GIT_DATE and GIT_YEAR when generating default git-commit.h + This issue was caused by commit 5287f03 which didn't define GIT_DATE + and GIT_YEAR in all circumstances. + +2017-02-14 Alexandre Cassen + * keepalived-1.3.3 released. + * Fix unitialised use of misck_checker in script timeout. + * Fix detection of no netlink being installed. + * Fix conditional compilation for LIBIPVS without netlink. + * Terminate child processes if parent dies. + If the parent keepalived process is killed, the child processes will + be orphaned and can cause problem when attempting to restart + keepalived. This patch makes use of prctl with PR_SET_PDEATHSIG such + that all child processes will receive SIGTERM if the parent process + dies. + * Ensure syslog and mem_check_log open before using them. + A segfault was occuring when --enable-mem-check-log option was + selected, due to attempting to write to the log file before it had + been opened. It was also evident that there could be attempts to + write to syslog before that had been opened too. + * Fix building on Centos 7/RHEL 7 re lightweight tunnel encapsulation. + RedHat have partially backported lightweight tunnel encapsulation + into their kernel, but not included MPLS or ILA. We need to have + conditional compilation for LWTUNNEL_ENCAP_MPLS and LWTUNNEL_ENCAP_ILA + rather than just checking for RTA_ENCAP. + * Update documentation for tracking scripts weight 0. + weight default is 0, which means tat a failure implies a FAULT state. + * Reinstate code checking module ip_vs loaded. + Commit d900df2 removed a bit to much code that looked as though it + wasn't doing anything, with the result that the check of whether the + ip_vs module was loaded didn't occur. + This commit reinstates the code for checking, and if necessary loading, + the ip_vs module, but also sanitises the code slightly. + * Fix some more compiler warnings. + * Fix a typo in a help message in configure.ac. + * sorry_server: keep sorry_server on reload. + * sorry_server: set it up on start or reload if quorum is down. + on start: in alpha mode. + on reload: if changed, or no previous sorry_server. + * Added doc for priority 4th parameter to notify script. + * ipwrapper.c: make functions void if return value not used or constant. + Several functions in check/ipwrapper.c were always returnung the same + value, and the code calling the functions then checked and returned an + error if the return value was not the value always returned. Also, for + some functions returning a value the return value was never checked in + the calling function. + Making the functions void, and removing the if (...) makes the code easier + to read, and potentially slightly more efficient. + * Add snapcraft.yaml for CI build publication. + * Fix missing documentation for 4th parameter of notify action. + * Make builds reproducable, and copyright date reflect latest commit. + Pull request #503 provided an update to facilitate reproducable builds, + and also ensure that the copyright date doesn't postdate the last source + code modification. Unfortunately the commits required manual updates to + change the copyright year, thereby creating maintainability issues. The + commit also allowed fake build dates to be specified. + This commit takes an alternative approach, and takes the dates used for + the copyright message and the version date from the date of the last git + commit. + If the code is build from within a git tree, this is straightforward. On + the other hand, the code may be build from tarball, so we ensure that + the lib/git-commit.h file is updated when the tarball is built, and + included in the tarball. + * Add option to force building without libnl/libnl-3. + This option is really only for test purposes to build keepalived + without libnl even though libnl is installed. + * Log errors if configure IPVS with IPv6 if not using libnl. + The socket interface for configurating IPVS does not support IPv6, + so rather than leaving the user with the error message + "Operation not supported with specified address family" + give a meaningful message in the log. + At configure time, a warning will also be generated stating that + IPVS will not support IPv6. + * Ensure IPVS address families match. + Don't allow a mixture of IPv4 and IPv6 addresses in a virtual server + group, or within a virtual server. + * When dumping an IPVS IPv6 address range, use hex. + * Log if virtual_server_group doesn't exists, or address family mismatch. + If a virtual server is configured to use a virtual server group but that + virtual server group doesn't exist, then log an error. + Also, if the address family of the virtual server group and virtual server + don't match, log an error as well. + We really ought to be removing the virtual server from the configuration, + but I haven't worked out how to do that yet. + * Don't flag changes to automake/conf generated files as source changes. + The output of keepalived -v adds a '+' if there are uncommitted changes to + the source code. However, we aren't interested in changes to the autoconf + or automake generated files, since these aren't really "source" files, and + are only included in the git repo to allow building on systems without + autoconf/automake. Further, the differences may simply be due to different + versions of autotools being used. + * Minor formatting updates to Sphinx documentation. + * Enable configure to work with ash. + * Handle sysconf() returning -1 for _SC_GETPW_R_SIZE_MAX. + * Report ignoring virtual server if group specified doesn't exist. + It's too difficult to remove the virtual server from the configuration, + but the error will be reported in the log, and so the sysadmin should + resolve the configuration. + * Updated snapcraft.yaml location. + * Move snapcraft and reflect master version. + * Add libipset3 to snap stage packages. + * Allow for keepalived to be a command in /snap/bin/ as well as a daemon. + * Add 'source-type: git' to avoid dirty commit versions. + * Update gitignore for clean snap commit versions. + * Resolve not adding '+' to git version in snapcraft builds. + This is a temporary workaround to the problem of snapcraft deleting + the snap/snapcraft.yaml file from its clone of the git repo (see + https://bugs.launchpad.net/snapcraft/+bug/1662388 for details). + * Add cleaning of snapcraft generated directories/files. + * Add support for Alpine Linux. + This commit adds detection and support of the OpenRC init system. + * Add details of what libraries are needed for various Linux distros. + * Force recreating automake/autoconf files when building with rpm. + If an autoconf/automake source file is patched as part of the rpmbuild + process, then some of the autoconf/automake generated files may be + regenerated, and this can cause a mismatch if the versions of autoconf/ + automake on the system building the rpm don't match the versions + that were used to generate the files that have been committed to git. + This patch changes the keepalived.spec file to always run autoreconf -f -i + to ensure the generated autoconf/automake files are aligned to the right + version. + +2016-11-26 Alexandre Cassen + * keepalived-1.3.2 released. + * Correctly handle return code from system() call. + If we want to check for an exit status, WIFEXITED(ret) must be + checked first. + * Fix compilation where SNMP enabled. + * Fix a couple of SNMP errors. + The length of KEEPALIVED-MIB::version was being returned a sizeof(char *) + rather than strlen(char *). + VRRPv3 vrrpv3GlobalStatisticsDiscontinuityTime was being completely + mishandled. + * Add additional files needed to build from git without autoconf. + * Don't save and restore current directory twice with config includes. + * Don't recognise an executable file as a configuration file. + * Allow maximum path names for configuration files. + * Don't check for include file after reaching EOF. + * Fix a segfault if terminating at startup do to interface not found. + * notify: log error while performing set{gid,uid}. + Log error message while setting goup and user before system call. + Maybe we should avoid system call on error if {gid,uid} are used, would + be more secure. + * Don't execute a script if setuid or setgid fails. + This was suggested in the comment of commit 849615d and is clearly + the right (secure) thing to do. + * If a script doesn't have a '/' in the name, search PATH for it. + This also handles spaces in script specifications where they are + parameters. + * Don't allow accept when strict mode set if not address owner. + This commit changes keepalived from just issuing a warning to also + disable accept mode when strict mode is set. + Patch submitted by levin1. + * Added init_fail setting to assume failed state for vrrp_script during + startup of keepalived. + * When checking script security check set uid/gid bits too. + Although the setuid/gid bits are ignored for scripts, they are + not ignored for binary executables, and there is no point in having + the bits set for scripts. So we play safe, and simply check those + bits, and don't attempt to ascertain if it is a script or not. + * Disable scripts that aren't executable. + system() on a non-executable script will fail, so we may as well + just not try executing such a script. + * Exit if can't read configuration file. + If we have no configuration, we have nothing to run, so exit. + * Don't chdir("/") if not forking. + In keepalived_main() there is a comment that the working directory + is / unless keepalived is run in non-forked mode, in which case it + remains the current working directory when keepalived was run. + Unfortunately start_vrrp_child() and start_check_child() were + executing chdir("/") regardless of whether they had been forked or not. + Since the parent process does chdir("/") if it is appropriate, the + children will inherit that, so they don't need to chdir() at all. + * Only set umask(0) in parent process. + The children inherit it from the parent, so no need to set it in + the vrrp or checker child processes. + * Further changes for script init state failed. + * notify: use _GNU_SOURCE. + Just to make compiler happy about inconsitent declaration of mempcpy + and strchrnul. Just cosmetics here. + +2016-11-21 Alexandre Cassen + * keepalived-1.3.1 released. + * Ensure lists aren't empty when checking script security. + * Correctly check security of scripts with parameters, and check + checker notify/quorum scripts + * Check security of real/virtual server notify scripts. + * Handle space in filenames appropriately when checking script security. + The generic notify scripts can have spaces in their filenames, all other + scripts spaced delineate parameters. + +2016-11-20 Alexandre Cassen + * keepalived-1.3.0 released. + * Add DBus functionality to VRRP. + Add new pthread off VRRP to expose DBUs service org.keepalived.Vrrp1 + through a GMainLoop. + Create a general /org/keepalived/Vrrp1/Vrrp DBus + object and a /org/keepalived/Vrrp1/Instance/#interface#/#group# object for + each VRRP instance. + Interface org.keepalived.Vrrp1.Vrrp implements methods PrintData, + PrintStats and signal VrrpStopped. + Interface com.keepalived.Vrrp1.Instance implements method SendGarp + (sends a single Gratuitous ARP from the given Instance), + signal VrrpStatusChange, and properties Name and State (retrievable + through calls to org.freedesktop.DBus.Properties.Get) + Interface files are located at location /usr/share/dbus-1/interfaces/ + A policy file, which determines who has access to the service, is + located at /etc/dbus-1/system.d/ + * Resolve DBus working after a reload + thread_destroy_list() was closing file descriptors of read and write + threads, but we wanted the DBus pipes to remain open. It transpires that + closing the fds in thread_destroy_list() is unnecessary, since they are + closed elsewhere anyway, so stop closing the fds in thread_destroy_list(). + * Add stronger compiler warnings (-Wextra). + The following bugs were discovered: + check_smnp_realserver_weight() + comparison if unsigned value < 0 + alloc_ipaddress() + comparison of unsigned == -1 and not checking + return status of find_rttables_scope() correctly + read_line() + accessing element buf[18446744073709551615] + ie. buf[2^64-1], which is the same as buf[-1]. + The following improvements to the code were made: + Many unused function parameters + either removed or marked unused + Many signed vs. unsigned comparisons + In most cases variables change to be unsigned + Lengths being stored in signed variables + * Rationalise checking of libnl-3. + * Bring generation of rpmbuild keepalived.spec file up to date + The keepalived.spec file is now created to match the options passed + to configure. It also detects if the system init process is systemd, + upstart or the traditional SYSV init system. + * Add more BuildRequires to keepalived.spec.in. + * Further improvements to keepalived.spec.in for systemd systems + * Change some configure.ac variable names due to using PKG_PROG_PKG_CONFIG + * Fix configure.ac to make RedHat hardened rpm builds work + CFLAGS, CPPFLAGS and LIBS variables were not being preserved by + configure.ac, and this caused needed CFLAGS to be lost when + configure was run, resulting in a build failure. + This commit ensures the flags are all preserved. + * Allow for automake macro AM_PROG_AR not existing. + * Add support for UDP socket to layer4 library. + * Add DNS checker. + * Update documentation for DNS health checker. + * Fix compile check for PE selection support. + * Add file missing from add-dns-checker commit. + * Update commits for correctly checking for IPVS_SVC_ATTR_PE_NAME. + The upadted configure and lib/config.h.in weren't included in the commits, + and to be consistent the comment on what Linux version introduced the feature + is in configure.ac if the test exists in configure.ac + * Fix conditional compilation test for FRA_OIFNAME. + * Fix compilation test for IFLA_INET6_ADDR_GEN_MODE. + * Fix compilation test for IPVS_DEST_ATTR_ADDR_FAMILY. + * Fix compilation test for IPVS_DEST_ATTR_STATS64 and IPVS_SVC_ATTR_STATS64. + * Fix compilation test for RTA_VIA. + * Fix compilation test for CLONE_NEWNET for DBus. + * Fix issue of overwriting the original disposition of signals. + * Improve forced termination of script execution process and its offspring. + * Improve propagate important signal for the script process groups. + * Use argument instead of static variable. + * Fix bug around the process group. + * Use SIGTERM instead of SIGHUP. + * Stop linking with -lipset. + libipset (if used) is dynamically linked at runtime, and so keepalived + shouldn't be linked with -lipset. + Linking with -lipset was erroneously added when converting the build + system to use automake. + * Report diagnostic message if dlopen() fails. + * Fix loading of ipset library when development library not installed. + * Don't use ipsets with namespaces on Linux < 3.13 by default. + On Linux prior to version 3.13, ipsets were not network namespace + aware, so by default the use if ipsets is disabled if keepalived + is running in a network namespace. Configuration keyword + 'namespace_with_ipsets' enables ipset use with a network namespace + on these older kernels. + * Fix reporting of script exit status. + * Update documentation and fix compiler warning re ipset with Linux < 3.13 + * Make report_child_status() check for vrrp and checker child processes + report_child_status() checks for exit status KEEPALIVED_EXIT_FATAL + and KEEPALIVED_EXIT_CONFIG, but these are only relevant for the vrrp + and checker child processes, and not for track scripts etc. This commit + adds a check that the terminating process is the vrrp or checker process + before checking those exit statuses. + * Add no_accept mode for VRRPv2 and standardise VRRPv3 with it + RFC3768, for VRRPv2, specifies that packets addressed to the VIPs + should not be accepted, unless the router is the address owner. + This commit implements not accepting the packets when running VRRPv2, + but only if no_accept is specified, or running in strict mode. The reason + for not making no_accept the default (which would confirm to the RFCs) is + that if running IPVS, or any other service on top of the VIPs, we need to + be able to accept the packets, and requiring everyone to specify accept + in that case would not be reasonable. + Prior to this commit, VRRPv3 was blocking packets sent to VIPs (and eVIPS), + unless the vrrp instance was the address owner, or accept mode was set. This + commit changes the default behaviour for VRRPv3 to make it consistent with + VRRPv2 (i.e. either strict mode or no_accept needs to be specified to be + conformant with RFC5978). + * Tidy up logged messages if ipset initialisation fails. + * Streamline MII polling. + We only need to read 2 MII registers, and not 32 as was previously being + done. + This commit also uses the header file for field and + register definitions. + * Simplify bitops.h code. + * Resolve warnings generated with compiler option -Dconversion. + Most of the warnings were resolved by changing the data types of some + variables. Others required casting, particularly where kernel interfaces + are involved. + There were a few instances discovered that were errors, for example comparing + an unsigned int against -1, and assigning a 16 bit value to a uint8_t. + This commit also adds configure options --enable-conversion-checks and + --enable-force-conversion-checks, the former adds compiler option -Dconversion + unless the compiler is an old version that throws up false warnings. Option + --enable-force-conversion-checks adds -Dconversion even if the compiler throws + up known false warnings. + * Fix some minor errors/typos in doc/keepalived.conf.SYNOPSIS. + * Fix keyword error in sample configuration. + * Fix typo in genhash error message. + * Fix address ranges for virtual server groups + The handling of address ranges was only written for IPv4 addresses, and + only worked on little endian systems. + This commit enables IPv6 address ranges to work, and also should now + work on big endian systems (but I don't have access to a big endian system + to test it). Validation is added to ensure that the end of the range is after + the start of the range, and that the value of the range end does not exceed + 255 (for IPv4) of ffff (for IPv6). + There is also some optimisation of the code, so that netmask is not set (since + it isn't used by the kernel), and the port is set once only, before the loop + through the addresses. + * Add --enable-Werror configure option. + * Add promote_secondaries keyword for vrrp_instance block. + If two IPv4 VIP addresses are in the same CIDR, and the primary + address is removed, then by default any other address in the same CIDR is + also removed. To stop this happening, the promote_secondaries flag + needs to be set on the interface. + Commit e5526cf added setting the promote_secondaries option on + VMAC interfaces, and stated that adding the option for non-VMAC + interfaces would be added later. This commit now adds a + promote_secondaries configuration option in order to set the flag + on the interface. + * Add reporting of promote_secondaries configuration setting. + * Add conditional configuration feature + It is usually the case that the configurations for keepalived for + systems operating together are virtually identical, and only differ + in vrrp instance priorities, router id, and unicast addresses if + those are being used. + It is a nuisance to have to edit one file for each server to make + identical changes, so this commit adds the facility for conditional + configuration entries. + Any line starting with the '@' character is a conditional line. + Immediately following the '@' character is a config id. The line is + only included in the configuration if the config id matches the + argument passed to keepalived with the -i option on the command line. + For example, consider the following configuration snippet: + global_defs + { + @main router_id main_router + @backup router_id backup_router + } + If keepalived is started with -i main, then the router id will be + main_router, if started with -i backup, then backup_router. If + keepalived is started without the -i option, or -i anything else, + then the above snippet will not configure any router id. + * Fix building with --disable-vrrp. + * Stop segfaulting when configuration keyword is missing its parameter + There are many places where during configuration parsing the code + assumes that if a keyword is specified that requires a parameter, then + the parameter exists. If the parameter doesn't exist, then the code + indexes past the end of the vector, and at best segfaults, and at worst + may carry on, parsing random data. + This commit adds strvec_slot() which checks for the presence of the + parameter, and if configured will call a function that can handle the + error. Currently this logs that the parameter is missing, with as much + helpful information as it can provide, and then terminates. + * Use FMT_STR_VSLOT where appropriate. + * Use TIMER_HZ where appropriate. + * Fix comment and error message re http write timeout. + * More verbose logging on (effective) priorities pt. 2. + * Change configure option --enable-snmp-keepalived to --enable-snmp-vrrp + The option was enabling snmp for vrrp, not all of keepalived (the + --enable-snmp option does that), so this commit renames it to reflect + what it is actually doing. + The --enable-snmp-keepalived option is retained but marked as obsolete. + * Use AS_HELP_STRING autoconf macro. + * Fix process increase + * Add forcing termination of children of scripts if script times out + Commits fe9638b..cebfbf5 resolved problems around forced termination + of scripts if they didn't terminate within the proscribed time. During + the development of the patches, it was identified that after a script + had been terminated by SIGTERM, any child processes created by the + script also need to be kill. + This commit adds the forced termination of any such children. + * Correctly handle existing VMACs on reload. + Anthony Dempsey in issue #449 identified that + keepalived attempts to recreate existing VMAC interfaces on a reload, + and that the subsequent failure causes keepalived not to use the VMAC. + This then identified further issues such as the check for an existing + VMAC in netlink_link_add_vmac() didn't also check the interface a + VMAC was on, and that the checks for conflicts of VMAC interface names + with existing interfaces weren't sufficient. + This patch builds on the patch provided by Anthony Dempsey to also + resolve the additional issues identified. + * Fix check of matching VRRP instances on reload. + On a reload, clear_diff_vrrp() removes vrrp instances that are no + longer in the configuration. The check, however, was based on vrrp + instance name, which might have changed. The check is now based on + VRID, address family and interface, since it is this triplet that + uniquely defines a vrrp instance. + * Fix clearing addresses no longer used after a reload. + The address comparison was including ifa_index, but that wasn't being + set up until after clear_diff_vrrp() was called. + * Don't zero the mem_allocated count during reload. + We want to know if there is a leak during reload, so don't zero the + counter. + * Ensure iptables/sets entries and ip routes/rules not lost on reload. + There were several places in the code that were causing existing + iptables/ipsets entries to be lost on reload, and also new entries + for additional ip addresses were deleted after being added. In + addition, ip rules/routes for existing entries were being removed. + * Ensure GARPs/GNAs are sent after reload if VIP/eVIP addresses added. + Although there have been versions of keepalived when GARPs/GNAs were + sent after a reload, this was due to a bug in determining if the VRRP + instance had existed before. Resolving that bug (commit aaea8a4), + caused keepalived to stop sending GARPs after a reload. This commit + now specifically adds code to send GARPs on a VRRP instance for all + addresses on that instance. It would be better if GARPs were sent only + for the added addresses, and that may be resolved in a future commit. + * Use correct interface for iptables/ipset entries when not accept mode + If an interface was specified for a VIP/eVIP, the iptables/ipset block + if not in accept mode for link local IPV6 addresses was specifying the + interface the vrrp instance was on rather than the interface the address + was added to. + This commit now makes the iptables/ipset entry specify the interface that + the address has been added to. + * Resolve "Netlink: error: message truncated" messages. + On systems with a page size larger than 4096 keepalived may report: + "Netlink: error: message truncated" messages + This error was reported on a ppc64le in an OpenStack/Nutron environment. + Ppc64le is using a 64k pages size. I found that keepalived's netlink recvmsg + buffer was too small causing messages to be truncated. The size of the read + buffer for the netlink socket should be based on page size however, it should + not exceed 8192. See the comment in the patch. + I tested the fix by creating 100 veth interfaces and verifying the errors + did not return. + * Use ipsets with namespaces on Linux < 3.13 if ipset names configured. + The problem with using ipsets with namespaces on Linux < 3.13 is that + ipsets were not namespace aware, and so all ipset entries added are + global to the system, including all network namespaces. This causes + problems if the default ipset names are used, but if set names have + been specified, it is reasonable that they have been set to be + different for each namespace, and hence there will be no clashes. + The documentation is also updated for vrrp_ipsets keyword. + * Don't write MEM_CHECK data to log when forked script child terminates. + The mem check log file was being filled with extraneous termination + information every time a forked child terminated. When a child is forked + it now sets a flag to stop the termination dump. + * Fix illegal syntax in configure script + Indirect expansion (`${!foo}`) is a bashism, it's not POSIX-sh + compatible and is not supported by common shells except Bash and ZSH! + Configure script should be portable, hence strictly POSIX compliant. + Moreover it has shebang /bin/sh. + * Make running scripts more secure + Previously, keepalived ran all scripts as root. This is potentially + dangerous if a non-root user can modify the script, or has write + access to any part of the path to the script. + This commit does the following: + 1) Adds configuration options to specify the user/group under which to + run each script + 2) Adds an option to set the default script user/group. If this is not + set it will default to user keepalived_script if that user exists, + otherwise it will default to root, as before. + 3) If a script is to be executed with root privilege, report if it is + writeable in any way by a non-root user. + 4) Add an option enable_script_security so that any scripts failing + 3) above won't be executed. + 5) Report if any scripts are not executable by the relevant user. + * Fix some lead tab/space issues. + * Fix segfault when terminating with no notify script configured. + * Fix compiler warning generated with --enable-conversion-checks. + * Don't segfault if modules ip_tables or ip6_tables not loaded + If either of the modules is not loaded, then don't use ip(6)tables for + that address family. We could load the module, but there would be no + entries pointing to the chains that we use, and so there is no point + adding entries to chains that won't be traversed. + * Resolve some type mismatch warnings on 32 bit systems. + * Fix checking security of misc_check scripts. + +2016-09-11 Alexandre Cassen + * keepalived-1.2.24 released. + * Declare and use default value for garp_refresh. + * Update documentation for default setting of snmp_server. + * Ensure old VIPs removed after reload. + * Add internet network control support for IPv6. + * Log startup and "already running" messages to console with --log-console. + * Remove VIPs on reload if no longer in configuration. + * Add internet network control support for IPv6. + * Add more lvs syncd options, and various minor fixes. + * Don't attempt to set packet priority for wrong IP protocol. + if_setsockopt_priority() was setting SO_PRIORITY socket option regardless + of whether the socket was IPv4 or IPv6. Although the setsockopt() call doesn't + fail for IPv6, it doesn't do anything. + Commit fc7ea83 added setting IPV6_TCLASS, again for both IPv4 and IPv6, but + the setsockopt() call fails on an IPv4 socket. + This commit makes keepalived only set the appropriate socket option, depending + on whether it is an IPv4 or IPv6 socket. + The commit also changes from using the SO_PRIORITY option for IPv4 to using the + more specific IP_TOS option. + * Avoid compiler warning of duplicate definition. + * Add function attributes to malloc functions. + * KEEPALIVED-MIB vrrpRuleIndex should be unsigned. + * Allow all ip rule/route options for rules and routes. + This commit adds support for all ip rule/route supported options for + rules and routes (and also tunnel-id rule option not yet supported + by ip rule). + * Make ip rules/routes a configuration option. + * Add all ip rules/routes options, and minor fixes. + * Corrections for rule suppress_ifgroup. + * Stop respawning children repeatedly after permanent error. + Keepalived was respawning very rapidly after a permanent error, which + was not useful. + This commit allows the detection of certain errors and if one occurs + keepalived won't respawn the child processes, but will terminate with + an error message. + * Remove all remaining vestiges of Linux 2.4 (and earlier) support. + There was code remaining for supporting ip_vs for Linux 2.4, but + the remainder of the keepalived code requires Linux >= 2.6. + * Make some libipvs functions static. + * Move ipvs source and include files into check/include directories. + * Don't duplicate kernel definitions for IPVS code. + * Remove unused code from libipvs.c. + * Remove ip_vs_nl_policy.c, contents now in libipvs.c. + * Add ipvs 64 bit stats. + * Remove linux 2.4 code, add 64bit ipvs snmp stats, and some minor fixes. + * Fix compiling without SNMP checker support. + The patchset removing support for Linux 2.4 introduced a problem + compiling libipvs.c when SNMP checker support wasn't enabled. + * Remove those annoying "unknown keyword" messages. + A slight reworking of the parsing code manages to get rid of those + annoying "unknown keyword" messages which we all know are't true. + * Remove IP_VS_TEMPLATE_TIMEOUT. It was removed from ipvsadm in + version 1.0.4. + * Remove check for MSG_TRUNC being defined. + It has been defined since glibc 2.2. + * Remove conditionals based on libc5. libc5 predated glibc 2.0. + * Remove conditional compilation checks for defines in Linux 2.6. + ETHTOOOL_GLINK, RTAX_FEATURES, RTAX_INITRWND, SIOCETHTOOL and SIOCGMIIPHY + are all defined in Linux 2.6, so no longer need to be wrapped in + conditional compilation checks. + * Sort out checks for O_CLOEXEC. + * Remove check for SA_RESTART. It existed pre Linux 2.6. + * Change reporting of default snmp socket. + * More updates for removing pre-Linux 2.6 code, and stop "unknown keyword" + messages. + * Fix adding iptables entries on Linux 4.6.3 onwards. + ip[46]tables_add_rules() were allocating space for an additional + struct xt_entry_match. kernel commit 13631bfc6041 added validation + that all offsets and sizes are sane, and the extra + struct entry_match failed that test. + * Fix adding iptables entries on Linux 4.6.3 onwards. + * Fix size parameter for keepalived_malloc/realloc. + lib/memory.h specified the size parameter to keepalived_malloc/realloc + as size_t, whereas lib/memory.c specified unsigned long. + The inconsistency was complained about by the compiler on 32-bit systems. + Fix memory.c to make the parameter a size_t. + Change lib/memory.c and lib/memory.h to use type size_t for size + variables. + Use printf format specified %zu for size parameters. + * Fix building without LVS or without VRRP. + * Convert build system to automake. + The INSTALL file gives instructions for setting up the build system + using automake etc. + For those without automake (and autoconf), just running configure + works as before. + * Convert build system to automake. + * Add network namespace support. + This allows multiple instances of keepalived to be run on a single + system. The instances can communicate with each other as though they + are running in separate systems, but they are also isolated from + each other for all other purposes. + See keepalived/core/namespaces.c for some example configurations and + use cases. + * Use atexit() for reporting malloc/free checks on termination. + * Add + and git commit in -v output if uncommited changes. + * Add network namespace support. + * Remove some superfluous conditional compilation tests. + * Poll for reflection netlink messages after adding each interface. + If a large number of interfaces are added, the kernel reflection + netlink socket can run out of buffers. This commit adds a poll of + the kernel netlink reflection channel after adding each interface, + thereby ensuring that a large queue of messages isn't built up. + * Stop Netlink: Received message overrun (No buffer space available) messages. + * Fix debug build since automake conversion. + * Fix configuration testing for ipset support prior to Linux 3.4. + * Add polling of netlink messages when entering master state. + If a large number of vrrp instances enter master state simultaneously + the netlink socket can run out of buffers, since the netlink socket + isn't read sufficiently frequently. Adding a poll of the netlink socket + after the VIPs/eVIPs are added ensures that the netlink messages are read + when the become available. + * Add some missing '\n's when printing the vrrp configuration. + * Fix generating git-commit.h. + * Ensure xmit_base not set with strict mode. + * Fix detection of code changes not commited to git in git-commit.h. + * Change true/false variables in global_data to bools. + * Fix timer_cmp handling large differences between the two times. + In a struct timeval, tv_sec is a time_t which is a long. Assigning + a.tv_sec - b.tv_sec to an int caused it to overflow if the time + differences were large. + * Add a TIMER_NEVER value. + This allows a thread to specify that it never wants to be woken on a + timed basis. + * Add global default_interface keyword. + default_interfaces sets the default interface to use for static + ipaddresses. If the system does not have an eth0, or one wants to + use a different interface for several static ipaddresses, this makes + the configuration simpler. It also has the potential to reduces + changes required if transferring the configuration to another system. + * Fix skew time for VRRPv3 with low priority and long advert interval. + With a low priority and a long advert interval, the calculation of the + skew time was overflowing a uint32_t. For example, with a priority of + 1 and an advertisment interval of 10 seconds, the skew time was being + calculated as 4288 seconds, rather than 9.96 seconds. This had the + impact that the backup instance would take over an hour to transition + to master. + * Don't set master_adver_int from an invalid packet. + * Make timeout_persistence a uint32 rather than a string. + * Fix some configuration tests and compiling on old Linux version. + * Improve persistence handling. + Properly support persistence_granularity for IPv6. + Set persistence_timeout default if granularity specified. + Only support persistence engine if supported by the kernel. + This commit also changes variables timeout_persistence and + granularity_persistence to persistence_timeout and + granularity_timeout. + * Simplify a bit of indentation. + * Add (commented out) code for writing stack backtrace to a file. + * Free syslog_ident string after logging the free. + When writing mem check entries to the log, the syslog_ident needs to be + freed after the log has been written to. + * Allow FREE_PTR mem check to log the proper function. + Having FREE_PTR as a function meant that whenever any memory was freed by + FREE_PTR() the function that was logged as freeing it was FREE_PTR itself. + Changing FREE_PTR() to be a #define means that the calling function name + is logged. + * Fix tests of HAVE_DECL_CLONE_NEWNET. + * Fix a conditional compilation test re namespaces and rename a variable. + * Fix when some FREE() calls are made. + * Only parse net_namespace in parent process. + * Add VRRP/LVS conditional compilation around PID files. + * Improve removing zombie PID files. + * Add more VRRP/LVS conditional compilation. + * Don't check if instance is a rotuer every time an NA is sent. + keepalived was calling sysctl to check if the interface was configured as + router before sending each gratuitous Neighbour Discovery advertisement. This + patch now checks if the interface is routing when the instance transitions to + master, and uses that for all the NA messages. + * Improve mem check initialisation. + * Add support for running multiple instances of keepalived. + Using network namespaces allows multiple instances of keepalived to run + concurrently, in different namespaces, without any collision of the pid + files. + This patch adds the concept of a keepalived instance name, which is then + use in the pidfile name, so that multiple instances of keepalived can run + in the same namespace without pid file name collisions. + * Add option to write pid files to /var/run/keepalived. + When using namespaces or instances, pid files are written to /var/run/keepalived. + The commit adds an option for the standard pid files to use that directory. + * Add keywords instance and use_pid_dir, plus sundry fixes/improvements. + * Add configure option to enable stacktrace support. + * Fix adding and deleting iptables rules for addresses. + When keepalived was built not using ipsets, the adding and deleting + of rules for addresses was including an extra xt_entry_match struct + that meant that the rules could only be deleted by ithe iptables + command by entry number and not be specifying the parameters. + * Fix compiling without libiptc (iptables) support. + * Don't log error message when trying to remove leftover iptables config. + At startup keepalived attempts to remove any iptables configuration that + may have been left over from a previous run. Of course the entries won't + normally be there, so don't report an error if they are not found. + * Fix iptables entries for accept mode, other iptables fixes, and make + write_stacktrace a configure option. + * Add script to setup interfaces in a network namespace. + The scripts mirrors the running network interfaces that are needed + for a given keepalived configuration into a network namespace + (default test), so that keepalived can be run in that namespace in + order to test the configuration. + * Correct comments re location of network namespace pid files. + * Add -s option for overriding net_namespace configuration option. + * Change test/netns-test.sh -c option to -f to match keepalived. + * Make netns-test.sh report interfaces that don't exist. + * Remove leftover debug message. + * Fix address comparison for equal priority adverts. + * Streamline the specification of libraries to the linker. + Most of the dynamic libraries and static libraries were being specified + twice. This commit removes the duplication of all of the dynamic libraries + and only duplicates core/libcore.a of the static libraries. + * Fix automake files for building on Ubuntu 14.04 LTS. + * Enable building with Net-SNMP on Ubuntu. + * Stop compiler warning on Ubuntu. + * Fix compilation with libipset on Debian wheezy. + * Fix various build problems on Ubuntu 14.04 and Debian. + +2016-07-11 Alexandre Cassen + * keepalived-1.2.23 released. + * Make malloc/free diagnostics a separate configure option. + The commit adds the configure --enable-mem-check option which + allows the MALLOC/FREE diagnostics to be enabled without + the --enable-debug option. This means that the mem-check + diagnostics can be used when running keepalived in it's normal mode + with forking children for vrrp and checkers. + The mem-check diagnostics are written to + /tmp/Keepalived_{,vrrp,healthcheckers}_mem.PID.log + The --mem-check-log configure option enables command line option + -L which also writes zalloc/free details to the syslog. + * Fix compilation error on 32-bit systems with mem-check enabled. + * Replace one zalloc() and one free() call with MALLOC() and FREE(). + This ensures that the mem-check diagnostics cover all mallocs/frees. + * Fix report of malloc'd memory not being freed. + * Streamline read_line(). + * Resolve a segfault when reloading with vmacs. + The vrrp_t entries on the vrrp_data list have pointers to an + interface_t for each vrrp instance. When reloading, the + interface_t items where freed, but a pointer to the old list + of vrrp_t items is held in old_vrrp_data. After the new + configuration is processed, clear_diff_vrrp() is called. clear_diff_vrrp() + uses the interface_t pointers from the old vrrp_t entries, but the + memory pointed to by the interface_t pointers has already been freed, + and probably reallocated for a different use. + This commit delays freeing the old interface_t items until after + clear_diff_vrrp() has completed, so the interface_t pointers remain valid. + * Check valid interface pointer before calling reset_interface_parameters(). + Before resetting the settings on the base interface of a vmac, check that + the interface_t pointer is valid. + * Fix new --mem-check-log option. + * Don't write parent's memory logging into children's log file. + When running with mem-check output to files, the buffer from the + parent process was also being written into the children's log + files. The commit sets the CLOEXEC flag on the log files, and + also sets the log files to be line buffered. + * Fix segfault or infinite loop in thread_child_handler() after reloading. + When the checker and vrrp child processes start up, memory for a + thread_master_t is malloc'd and saved in master. Subsequently, + launch_scheduler() is called, and that sets the parameter to be passed + to the SIGCHLD handler - thread_child_handler() to the value of master, + pointing to a thread_master_t. + If keepalived is signalled to reload, the child processes free all + malloc'd memory, and a new thread_master_t is malloc'd and saved in + master. If this is not the same address as the previous thread_master_t, + then the value being passed to the SIGCHLD handler is a pointer to the + old thread_master_t, whereas everything else is using the new thread_master_t. + If the memory used for the old thread_master_t is then returned in a subsequent + malloc() call, a subsequent SIGCHLD will invoke thread_child_handler() with + a pointer to memory that has now been overwritten for some other purpose, hence + causing either a segfault or an infinite loop. + A further consequence is that new child processes will be added to the new + thread_master_t, but when thread_child_hander() is called after a child + terminates, it won't find the child since it is still looking at the old + thread_master_t. + This commit modifies the behaviour of a reload by not releasing the old + thread_master_t and then malloc'ing a new one, but rather it just reinitialises + the original thread_master_t and continues using it. + * Remove base_iface from struct _vrrp_ - it wasn't used. + * Add configuration option to flush LVS configuration. + This commit adds a global configuration option lvs_flush to flush + the LVS configuration, and if not set, the configuration won't be + flushed. + * Add back real server when return from failure with HTTP_CHECK. + If status_code wasn't specified for a url entry in the configuration + then a real server would never be returned to service following a + failure. + The commit makes keepalived return a real server to service if no + status_code is specified if the HTTP status code returned from the + service is a success code (i.e. 2xx). + * Avoid duplication of keyword installation in check_http.c. + * Fix adding new static ip addresses after reload. + Commit f23ab52, when stopping duplicate static ip routes and rules + being added after a reload also stopped new static ip addresses being + added. The commit reinstates adding new static ip addresses. + * Fix adding static iprule/routes after a reload. + * Stop segfault when configure a route with no destination address. + * Fix unused global vrrp_garp_master_refresh. + * fix healthchecker reload when some healthchecks are failed. + +2016-06-14 Alexandre Cassen + * keepalived-1.2.22 released. + * vrrp: Fix build without VRRP VMAC. + * Fix compilation with RFC SNMP without Keepalived SNMP. + * vrrp: Update master_adver_int when receive higher priority advert + when master. + If VRRPv3 is being used, and a higher priority advert is received when + in master mode, the master_adver_int needs to be updated when transitioning + backup mode. If this isn't done, and our advert interval is less than a third + of the new masters, we will time out and re-enter master mode, send an advert + to which the other master will resond with a higher priority advert, causing + us to go back into backup mode, until our timer expires again, and this will + continue indefinitely. + * vrrp: Don't send advert after receiving higher priority advert. + If a master receives a higher priority advert, there is no need + to send another advert, since the sender of the higher priority + advert is already a master. Further, any other instance in backup + mode will process our subsequent advert, and then consider the + wrong system to be master, until it receives another advert from + the real master. + With VRRPv3, if the other master has an advert interval more than + three times our advert interval, backup routers will be using our + advert interval after we've sent our subsequent advert, and will + then timeout before the new master sends another advert, prompting + (one of) the backup routers to become a master, which will prompt + the higher priority master to send an advert, the ex-backup router + will then send another advert and we could end up in an endless cycle. + * vrrp: Fix receiving advert from address owner when in fault state. + * vrrp: When transitioning from fault state, log state change. + * vrrp: Fix preempt delay when transitioning from fault state. + There were two ways of leaving fault state, either by receiving a packet + on the instance, or by a netlink message indication that the interface is + up again. In neither case was preempt_delay considered in the code. + This commit changes the way vrrp->preempt_time is used. preempt_time is now + only used once a higher priority advert is received, rather than being updated + every time a lower priority advert is received. vrrp->preempt_time is now also + set when transitioning out of fault state. vrrp->preempt_time.tv_sec == 0 now + indicates the timer is not running. + * vrrp: Detect and report duplicate address owners. + If more than one system is configured as an address owner (priority + == 255), this would be a configuration error, and could cause + unexpected behaviour. This commit ensures that the problem is + reported, and sets the local instance not to be the addess owner, + as a temporary workaround for the problem. + * vrrp: Fix maximum number of VIPs allowe. + * ipvs: Fix IPVS with IPv6 addresses. + * ipvs: Don't overwrite errno by another syscall before checking errno. + * ipvs: ipvswrapper.c: fix comparison. + * Enable compilation with development net-snmp headers. + * vrrp: Fix IPv4 vIP removal when addr matches pre-existing interface addr. + For IPv4 vIPs keepalived adds a /32 to the underlying interface. If + this address matches an address already configured, e.g. a /24, when + this vIP is eventually removed due to a configuration change or + keepalived shutdown, the original address matching the vIP, outside + of keepalived's control, is removed instead. This behaviour is + incorrect. The /32 added by keepalived should be the address being + removed. Keepalived should not be touching any addresses it does not + create. + * vrrp: Check for errors when opening VRRP data and stats files. + This fixes crashes when running keepalived under SELinux enforcing mode, + which does not allow keepalived proccess to write to /tmp by default. + * vrrp: Don't assume IPADDRESS_DEL == 0 and IPADDRESS_ADD != 0. + * vrrp: Fix compilation failure. + * vrrp: Fix transition to backup when receive equal priority advert from + higher address. + When a vrrp instance in master mode received an advert from another master + that had equal priority, it wasn't comparing the addresses to determine + whether it should treat the advert as higher priority, and hence the + instance should fall back into backup state. + When checking whether the advert is from a lower priority master, it now + checks if the priorities are equal and then compares the addresses. + * vrrp: Optimise address comparision when receive advert in master mode. + * Optimise inet_inaddr_cmp. + + +2016-05-26 Alexandre Cassen + * keepalived-1.2.21 released. + * Install VRRP-MIB when applicable. + It appears that the condition in Makefile.in for installing VRRP-MIB + was using a non-existent macro, SNMP_RFC2_SUPPORT. This patch removes + two conditions from Makefile.in that use undefined macros and adds a + condition to install VRRP-MIB when SNMP_RFCV2_SUPPORT is set + appropriately. + * Check virtual route has an interface before returning ifindex to SNMP + * Force git-commit.h to be updated when needed + * INSTALL: Keepalived doesn't need popt anymore + * INSTALL: support for 2.2 kernels is long gone. + * INSTALL: fix a few typos + * keepalived.conf(5) some minor improvements + * man keepalived(8): some minor improvements + * Add printing of smtp server port when printing global config + * timeout_epilog: mark argument const. + * parser: mark some function arguments as const. + * terminate argv with NULL. + man execvp says: "The array of pointers must be terminated by a null + pointer." + * ipvswrapper.c: fix comparison. + * mark pidfile strings as const. + * utils.c: mark some arguments a const. + I left inet_stosockaddr alone for now, since it modifies the string. + We should fix that, since we pass in strings which might be const and in + readonly memory. + * netlink_scope_n2a: mark return type as const. + * vector->allocated is unsigned. + * notify_script_exec: mark a few arguments as const. + * vscript_print: mark string as const. + * vector->allocted is unsigned. + * dump_vscript: mark str as const. + * Updated range for virtual_router_id and priority. + * Stop segfaulting with mixed IPv4/IPv6 configuration + After reporting that an ip address was of the wrong family, when + the invalid address was removed from the configuration, keepalived + was segfaulting, which was due to the wrong address being passed to + free_list_element(). + * Updated range for virtual_router_id and priority in + doc/keepalived.conf.SYNOPSIS + * Allow '-' characters in smtp_server hostname. + * Allow smtp_server domain names with '-' characters to be parsed + correctly. + * Report and exit if configuration file(s) not found/readable. + The configuration file is treated as a pattern, and processed + using glob(). If there is no matching file, then it wasn't reading + any file, and keepalived was running with no configuration. + This patch adds a specific check that there is at least one matching + file, and also checks that all the configuration files are readable, + otherwise it reports an error and terminates. + * Fix building with Linux < 3.4 when ipset development libraries + installed. + Prior to Linux 3.4 the ipset header files could not be included in + userspace. This patch adds checking that the ipset headers files can + be included, otherwise it disables using ipsets. + * configure: fix macvlan detection with musl libc. + * Fix compiling without macvlan support. + * Bind read sockets to particular interface. + Otherwise, since we use RAW sockets, we will receive IPPROTO_VRRP + packets that come in on any interface. + * vrrp: read_to() -> read_timeout(). Make function name less confusing. + * vrrp: open_vrrp_socket() -> open_vrrp_read_socket(). + An equivalent open_vrrp_send_socket() exists, therefore make + the read version follow the same naming convention. + * vrrp: fix uninitialized input parameter to setsockopt(). + * Make most functions in vrrp_print.c static. + * Enable compilation on Linux 4.5.x. + Including causes a compilation failure on Linux 4.5 + due to both and being included, and they have + a namespace collision. + As a workaround, this commit defines _LINUX_IF_H before including + , to stop being included. Ugly, yes, + but without editting kernel header files I can't see any other way + of resolving the problem. + * Fix segmentation fault when no VIPs configured. + When checking the VIPs in a received packet, it wasn't correctly + handling the situation when there were no VIPs configured on the + VRRP instance. + * Improve checking of existance and readability of config files. + There was no check of the return value from glob() in read_conf_file() + and check_conf_file(), so that if there were no matching files, they + attempted to use the uninitialised globbuf, with globbuf.gl_pathc taking + a random value. A further check has been added that the files returned + are regular files. + Finally, if no config file name is specified check_conf_file() is now + passed the default config file name rather than null. + * vrrp: update struct msghdr. + The vrrp netlink code assumes an order for the members of struct msghdr. + This breaks recvmsg and sendmsg with musl libc on mips64. Fix this by + using designated initializers instead. + * Initialise structures by field names. + * Detection of priority == 0 seems to be shaded. + * More verbose logging on (effective) priorities. + * Log changes to effective priority made via SNMP. + * vrrp: use proper interface index while handling routes. + It appears current code has a small typos while handling routes trying + to access route->oif where it should be route->index. + * vrrp: make vrrp_set_effective_priority() accessible from snmp code. + just include proper file in order to avoid compilation error. + * monotonic_gettimeofday: make static. + * Disable unused extract_content_length function. + * utils: disable more unused functions. + * utils: make inet_sockaddrtos2 static. + * signal: remove unused functions. + * Disable unused signal_ending() consistently with other unused code. + * parser: make a bunch of stuff static. + * scheduler: make a bunch of stuff static. + * scheduler: disable unused thread_cancel_event(). + * vector: disable unused functions. + * vector: make 2 functions static. + * list: disable unused function. + * genhash: make some functions static. + * Remove unused variable. + * core: make a few functions static. + * checkers: make some functions static. + * vrrp_arp: make some global variables file-scope. + * vrrp_ndisk.c: make 2 global variables file-scope. + * vrrp: make some functions and globals static. + * In get_modprobe(), close file descriptor if MALLOC fails. + The sequencing of the code wasn't quite right, and so if the MALLOC + had failed, the file descriptor would be left open. + * Fix compilation without SOCK_CLOEXEC and SOCK_NONBLOCK. + SOCK_CLOEXEC and SOCK_NONBLOCK weren't introduced until + Linux 2.6.23, so for earlier kernels explicitly call fcntl(). + * Don't include FIB rule/route support if kernel doesn't support it. + * Enable genhash to build without SOCK_CLOEXEC. + * Ignore O_CLOEXEC if not defined when opening and immediately closing file. + * Allow building without --disable-fwmark if SO_MARK not defined. + configure complained "No SO_MARK declaration in headers" if that + was the case, but --disable-fwmark was not specified. The commit + stops the error message, and just defines _WITHOUT_SO_MARK_ if + SO_MARK is not defined. + * Update documentation for debug option. + * Add options -m and -M for producing core dumps. + Many systems won't produce core dumps by default. The -m option + sets the hard and soft RLIMIT_CORE values to unlimited, thereby + allowing core dumps to be produced. + Some systems set /proc/sys/kernel/core_pattern so that a core file + is not produced, but the core image is passed to another process. + The -M option overrides this so that a core file is produced, and + it restores the previous setting on termination of the parent process, + unless it was the parent process that abnormally terminated. + * Add option to specify port of smtp_-server. + * Add comment re when linux/if.h and net/if.h issue resolved upstream. + * Enable building with SNMP with FIB routing support. + * Exclude extraneous code when building with --disable-lvs. + * Update description of location of core files. + * Add support for throttling gratuitous ARPs and NAs. + The commit supersedes pull request #111, and extends its functionality + to also allow throttling of gratuitous NA messages (IPv6), and allows + specifying the delay parameters per interface, since interfaces from + the host may be connected to different switches, which require + different throttling rates. + * Add snmpServerPort to Keepalived MIB. + * Add printing of smtp server port when printing global config. + * Add aggregation of interfaces for throttling ARPs/NAs. + This commit adds support for aggregating interfaces together, so + that if multiple interfaces are connected to the same physical switch + and the switch is limited as a whole on the rate of gratuitous ARPs/ + unsolicited NAs it can process, the interfaces can be grouped together + so that the limit specified is applied across them as a whole. + * In free_interface_queue, don't check LIST_ISEMPTY before freeing. + * Clear pointer freed by free_list(). + * Make FREE_PTR() clear the pointer after freeing the memory. + * Make FREE() clear pointer after memory released. + Since a pointer to allocated memory mustn't be used after the memory is + freed, it is safer to clear the pointer. It also means that if the pointer + is subsequently used, it shoud segfault immediately rather than potentially + trampling over random memory, which might be very difficult to debug. + * vrrp: Improve validation of advert_int. + +2016-04-02 Alexandre Cassen + * keepalived-1.2.20 released. + * better VERSION handling + * ipvs: tcp check supports retry. + New tcp check config option "retry" sets the check retry counter. + If tcp check fails on an alive server, keepalived will perform + another checks until n_retry counter reaches zero, or until the check + succeeds. The delay between retry checks is configured by the + "delay_before_retry" config option. The default value is 1 retry after 1 second. + This is the same feature that already exists in HTTP checker + (config option "nb_get_retry"). + * check_http: retry logic is refined. + Retry on every error, including timeout and connection + error, but only when RS is up. + This is needed to reduce rs flaps: we shut the server down + only after nb_get_retry failed checks. + Also, do not wait for delay_loop after a successfull check to + bring the server UP. + * ipvs: respect the error code of the ipvs_talk. + Previously, if the IPVS reflector was unable to perform + its task, it reported error through syslog and ignored it. + This behavior leads to inconsistancies with quorum-handler: + it is called with UP even if no RS were added into the IPVS. + This could take place, for example, when there is a limit of + opened filehandles and keepalived was unable to open netlink + socket (it is opened on every call to the ipvs_talk). + Now the check is not marked as OK unless IPVS reflector reports + OK. Following successfull check will try to add an RS again. + The special case errors "ENOENT on remove" and "EEXIST on add" + are treated with OK result code. + * ipvs: remove unused resulting error code. + These functions are turned from int into void: + ipvs_group_sync_entry, ipvs_group_remove_entry, ipvs_syncd_cmd. + * check_http: reduce cpu usage. + do MD5 calculation only when configured to do so. + * timer: reduce cpu usage. + timer_cmp is called too often and eats much of cpu cycles. Make + the comparison more effective. Increase code re-using in + monotonic_gettimeofday(). Use timer_reset_lazy() where possible + to omit the excess memset() call. + * scheduler: reduce CPU usage. + Since threads are sorted by t->sands, we could break the cycle + when not expired thread found. + * ipvs: rs weight changes properly on reload. + Do not remove and re-add a real_server when reloading config + if its weight has changed. Just edit the existing ipvs rs entry. + * ipvs: new service option "ip_family". + This option explicitly specifies the address family of a + fwmark IPVS service entry. Previously it was determined by + the AF of the first real server. This logic is kept as a fallback + when the "ip_family" option is missing. + Also, now it is possible to create two different services + for v4 and v6 with the same fwmark number. + * make 'smtp_server' config to support domain name. + * use getaddrinfo() instread of gethostbyname(). + * make 'smtp_server' config to support domain name. + * Added vrrp 'timeout' to synopsis. + * Cleaned/fixed up KEEPALIVED-MIB, it now passes smilint + * Fixed vrrp_snmp_route() - it was returning the address of the pointer + instead of the IP address / network address for dst, gw, gw2, and src + * SNMP fixes/cleanup. + * Added support for static and virtual ip rules for use with policy + based routing + * Add info to set a default gateway into man and sample. + * vrrp: Fix socket setup code for IPv4 multicast. + if_setsockopt_mcast_if was only doing anything for IPv6 interfaces. + Make it work also for IPv4 interfaces, and then don't need to + call if_setsockopt_bindtodevice for multicast. + Is it still necessary to call it for unicast? + * vrrp: Set (and restore) interface parameters. + In order to receive and send multicasts on the correct interfaces + various parameters need to be set via the /proc/sys/net/ipv4/conf + interface. This patch sets them as needed, and restores any + changes on the underlying interface on exit. + If a user currently sets any parameters by scripts, that will + override these changes and still work, but this change in general + will make it unnecessary to change any parameters with scripts. + * vrrp: Leave VRRP multicast group by ifindex. + Since we know the interface index, use that instead of the address + since it is more efficient. Also, in the unlikely event that the + interface doesn't have an address, then this avoids a problem. + * vrrp: Don't delete vmac interfaces before dropping multicast membership. + Further to commit afea07bd94384c8ac8125e8cdbfd18bc4a46b14e, the + dropping multicast memberships were failing, since the vmac + interfaces had already been deleted. This patch keeps the vmac + interfaces until after the IP_DROP_MEMBERSHIP ioctls. Separating + the sending of the VRRP priority 0 messages from the shutdown + of the vrrp instances is necessary since vrrp_dispatcher_release + closes the sockets that are needed for sending the messages. + * vrrp: Don't open vrrp_send_socket if address family is wrong. + open_vrrp_send_socket was opening a socket, and then checking that + the address family was valid. Checking that the address family is + valid at the beginning of the function streamlines the code. + * vrrp: Stop m'cast packets being queued (and not received) on send socket. + If there are other vrrp instances on the same network, their + multicast packets are queued to our vrrp send socket, but since we + don't receive on that socket, the messages just get queued in the + kernel (run netstat -anp | grep keepalived to see the queued + packets increasing). + This patch clears the IP_MULTICAST_ALL option, to stop these + packets being queued. + * vrrp: Fix typos in log messages. + * vrrp: Fix RFC reference. + * vrrp: Fix vrrp parser error message. + * vrrp: Add interface index to vrrp dump data. + * vrrp: Don't specify source address in IP_ADD_MEMBERSHIP ioctl. + If ifindex is specified, any source address given is ignored. + * vrrp: If fail to remove vmac i/f, don't report success after fail message. + * Help vim's formatting to work in configure.in. + The single "'" in a comment confuses vim, and the screen formatting + gets confused. Adding a second "'" in a C comment sorts vim out. + * vrrp: Don't explicitly drop IGMP membership before interface deletion. + The kernel will send IGMP leave group messages when an interface + is deleted, so there is no need for us to do so. Experimentation + has shown that explicity doing IGMP_DROP_MEMBERSHIP doesn't make + it any more likely the IGMP leave group messages will be sent. + Adding the 1 second sleep significantly increases the likelihood + of the IGMP messages being sent, but is doesn't guarantee it. + Extending the sleep time doesn't improve the chances. + * Fix compiler warnings. + * vrrp: Add info to set a default gateway into man and sample. + * vrrp: Don't report error on interface creation/deletion. + netlink_reflect_filter was returning an error if it didn't already + know about an interface that has just been created. If we don't + know about the interface, simply ignore it. Likewise on interface + deletion, if we don't know about the interface, ignore it. + * vrrp: Ensure the first interface's parameters are set when using libnl3. + Patch 60217b63242bee37b1c97a04644be6eb5e18b4c4 sets the interface + parameters for each interface, but when using libnl3 there was a + conflict with libnl, causing the parameters not to be set for the + first interface. This patch makes vrrp_netlink.c use libnl3 if it + is available, to avoid the conflict. + * vrrp: Fix interface parameter setting with libnl3 and error message on + interface creation/deletion + * vrrp: Allow gratuitious ARP parameters to be configured globally. + It is likely that the gratuitions ARP parameters will want to be + the same for all interfaces, so allow the defaults to be set + globally. Also allow vrrp_garp_delay to be set to 0 to indicate not to + send further garp messages after a delay (to emulate how the + kernel sends gratuitous ARPs). + * ipvs: Remove nat_mask configuration parameter. + nat_mask was only valid with 2.2 kernel, and the implementation of + it was removed in patch d51194f... but some of the configuration + code remained. This patch removes all remaining code relating to + nat_mask. + * Update man pages. keepalived.conf.5 is updated to include all + configuration parameters, and keepalived.8 is updated to document the + signals that can be used with keepalived. + * Remove remaining 2.2 kernel code. + * vrrp: Allow specification of default VRRP version to use. + Rather than have to specify using VRRP version 3 on each VRRP + instance, allow global configuration to set the default version. + * vrrp: Remove use of deprecated nl_join_groups(). + The use of nl_join_groups was introduced in commit 84cf733.. in + order to resolve quickly a problem introduced in an earlier patch. + This patch follows the approach adopted by libnl3, which uses a + list of groups, rather than a bitmap which is limited to 32 groups. + * Documentation updates, removal of redundant code, global config. + * vrrp: set router flag in neighbour advertisements. + This is necessary in order to prevent the IPv6 stack on a node that + receives the unsolicited and overriding neighbour advertisement for the + VIP (that gets sent automatically when Keepalived transitions to MASTER + state) from immediately removing the VIP from its list of default + routers. See https://bugs.launchpad.net/bugs/1520517 for an example of + the problems this can cause. + Note that the approach in this patch simply unconditionally sets the + router flag. That is better than having it unconditionally unset (VRRP + stands for Virtual *Router* Redundancy Protocol, after all), but it + might not be appropriate whenever VRRP is used to fail over addresses + that are used for other tasks than being routers. Thus it might be + better to read in the interface's "forwarding" sysctl and set the router + flag accordingly, or making the value of the router flag configurable in + keepalived.conf. + * vrrp: Dynamic addition of interfaces from netlink msg. + When a tracked interface is deleted then recreated with the same config + VRRP groups tracking this interface will remain down. This is due to + tracking of stale information. + This patch listens for netlink messages for the creation of interfaces + and does one of two things. + i) If the interface doesn't exist in the vrrp interface list a new + interface structure is created and the information from the message is + used to fill the structure. This new interface is then added to the + interface queue. + ii) If the interface already exists in the queue we zero it and then + use the information in the message to fill the structure. + * branch to fix empty RS list issue. + * a fix for services with no RS. + * check: segfault when there is no real server for a virtual server. + * vrrp: Stop memory leak rename function for convention. + Renamed netlink_populate_intf_struct to netlink_if_link_populate to fit + with file naming scheme. + It was possible that a created ifp structure would not be cleaned up if + netlink_if_link_populate returned a -1, fixed this so the structure is + FREEd. + * Make parent process handle and propagate USR1/2 signals. + In order to be able to automate writing configuration and/or stats + the signals USR1 and USR2 need to be able to be sent to the parent + process since its pid can be read from /var/run/keepalived.pid. + The parent then needs to propagate these signals to a vrrp child. + * Ignore all signals except those explicitly wanted. + In order to harden keepalived against a user accidentally sending + a wrong signal to keepalived, set all signals other than those we + want actioned to be ignored. + * Remove potential race condition when setting signal handlers. + There was the potential for signal_run_callback to be invoked + after calling sigaction for a signal, prior to the internal signal + handler signal_SIG***_handler and signal_SIG***_v variables being + set up. To remove the race condition, when setting a signal handler + block the signal until the internal handlers have been fully set up. + * Make signal_ignore mean ignore. + signal_ignore was setting a signal handler for the signal, but + then itaking no action when the signal was received. This is now + changed so the signal is actually set to be ignored. + * Streamline signal handling code. + There was some duplication of the code for signal handling, and + this slight restructuring avoids the duplication and makes it + simpler. + * vrrp: Invoke notify scripts with the default signal disposition. + It is reasonable for notify scripts to expect to be invoked with + the standard signal disposition, so when first setting up signal + dispositions, remember the original state so it can be restored + before the notify scripts are exec'd. + * Return address of previous signal handler according to SA_SIGINFO. + The man page for sigaction(2) states that SA_SIGINFO is only + meaningful when establishing a signal handler. This appears not + to be the case, since the flag will be set in the oldact structure + on return from sigaction if the previous signal handler was + established using the SA_SIGINFO flag. + * Invoke all scripts with the default signal disposition. + Just as the change for notify scripts, it should apply to other + scripts as well. + * vrrp: Don't wait on script process being killed after timeout. + The child_timout_thread functions send a SIGKILL to a child + process that has timed out and didn't die quickly enough + after sending a SIGTERM. They then wait on the process dying. + The main problem is that if the waitpid is successful here, then + waitpid in thread_child_handler will never be successful for the + same pid, and so the entry on the child list will never be removed + and the parent thread will not be marked as ready. + There is also a theoretical possibility that the child process is + unkillable, and so the waitpid would hang forever. + * Set thread conditions before adding to list. + It seems safer to set the status and type of a thread before + adding it to the ready list. + * Remove some code duplication re running scripts. + misc_check_thread and vrrp_script_thread were virtually identical + so move duplicate code into new function system_call_script in + notify.c. + * Fix formating of man page. + * Set standard signal disposition before invoking ip(6)tables. + Call signal_handler_notify before running iptables/ip6tables. + Since it is now called for more than notify scripts, rename + signal_handler_notify to signal_handler_script + * Move common code for opening fd 0/1/2 into a function. + The code for setting fd 0/1/2 to /dev/null before running a script + was in several places. All the common code is moved into a function + and the function called from the relevant places. + It is only necessary to reopen fd 0/1/2 if keepalived is running + with the --dont-fork option, since without that option the fds are + already open on /dev/null. + * Optimise closure of fds before invoking scripts. + Every time before a script was invoked, closeall() was called, + which would spin through 1024 file descriptors closing them, even + though the vast majority were not open, resulting in 1024 system + calls. To avoid that, open all sockets and file descriptors + (except fd 0/1/2) with the CLOEXEC flag set, so that the fds will + be closed by the kernel when the script is exec'd. + * Simplify some IPv4/IPv6 code. + Code blocks were (unnecessarily) repeated in functions which + handled both IPv4 and IPv6 situations. + * Fix reloading and invoking notify scripts. + * Update vrrp_scheduler.c. + * Converted pdf user guide to RST with Sphinx. + * Added check for libnfnetlink header during the configure step. + * In free_list_elements invoke the free function if it exists. + * Use of LIST_ISEMPTY to check list exists causes memory leak. + * Stop parse_ipaddress FREEing via pointer passed to it. + parse_ipaddress FREE'd new following an error, but new could be an + address passed to the function, and therefore might not be MALLOC'd + memory. This commit makes the caller of parse_ipaddress free the + memory if there is an error and the calling function MALLOC'd the + memory. + * vrrp: Add vrrp_iptables global configuration option. + The iptables/ip6tables entries were always added at the end of the + INPUT chain, but for many configurations this is too late in the + processing. This patch allows the chain name to which rules are + added to be specified, and also allows the option of specifying + no rules are to be added. + If a chain name is specifed, it is necessary for that chain to + already exist in the iptables and/or ip6tables config, and for + that chain to be called from an appropriate point in the + ip(6)tables configuration. + * vrrp: Add option to block outbound traffic from VIPs. + Unwanted traffic to VIPs is discarded by ip(6)tables. This adds + an option to also block outgoing traffic from VIPs. + * vrrp: Add iptables blocks for E-VIPs just like VIPs. + * vrrp: Allow unicast IPv6 Neighbour Solicits to be received. + An ip6tables rule is added to allow IPv6 NAs to be received, but + we also need to be able to receive NSs to respond to neighbours + attempting to verify our reachability. + * vrrp: Use correct MAC address for IPv6 VRRP packets. + The IPv6 VRRP packets were using the MAC address of the underlying + interface, rather than the MAC address of the vmac. This commit sets + the correct MAC address for IPv6, and also adds the link-local address + of the underlying interface to the vmac interface, so that VRRP + packets can be sent from the vmac interface, thereby using the VRRP + MAC address. + * vrrp: Disable IPv6 on IPv4 VRRP VMAC interfaces. + If IPv6 is not disabled on VMAC interfaces, an IPv6 link local + address is generated based on the virtual MAC address. This is not + only contrary to RFC 5798 para 7.4, but also causes duplicate + address detection failure. The address also just isn't needed! + * vrrp: Fix setting nlmsg_len for netlink messages. + For netlink messages, nlmsg_len must always be set to an aligned + length. Prior to this commit, nlmsg_len was only being aligned when + a subsequent attribute was added to the list. This was fine if the + length of the last attribute added was an aligned length (which had + always the case), but didn't work if the last attribute added didn't + have an aligned length. + This patch is needed in preparation for adding an attribute which + doesn't have an aligned length. + * vrrp: Stop having an IPv6 link-local address added based on VMAC mac + address. + IPv6 link-local addresses that were based on the virtual MAC address of + the VMAC interface were being added. RFC5798 para 7.4 states that this + is not permitted. It also causes duplicate address detection failure, + since each instance of the virtual router was configuring the same + IPv6 address on the same subnet. + This commit stops the offending link-local address being addied (or removes + it if it can't stop it being added), and since VRRP advertisements must + be sent with the virtual MAC address, but a link-local address for the + interface, if a link-local address from the underlying interface exists, + it is added to the VMAC interface, otherwise the MAC address of the + underlying interface is used to generate a link-local address, which is + then added. + It wasn't until Linux 3.17 that the IFLA_INET6_ADDR_GEN_MODE netlink + message was added, via which one can stop a link-local address being + automatically configured. Therefore, if IFLA_INET6_ADDR_GEN_MODE is not + supported, the only way to ensure that the problematic link-local + address is not added is to remove it after the interface is brought up. + This is not ideal, since there is a small window when the "illegal", + and possibly duplicate, link-local address exists, but I haven't + found any other way of doing it for pre 3.17 kernels. + * vrrp: Stop sending unnecessary attributes in netlink messages. + When an IPv6 virtual address was deleted, it was being reported + in the log file that preferred lifetime was being set to 0, which + is only relevant when the address is being added. This commit stops + adding the IFA_CACHEINFO attribute when deleting addresses, and + also stops adding other unnecessary attributes. + * vrrp: Allocate an IPv6 link local address to VMAC if none on real + interface. + The physical interface than a VMAC is configured on may not have an + IPv6 link local address, but we can construct one for the VMAC using + the MAC interface of the underlying interface. + * vrrp: Remove code allowing mixed IPv4/IPv6 addresses. + If addresses of both types were configured, the receiving end would + reject the packet since the count of addresses received would have been + wrong since only addresses of one family can be sent, see vrrp_in_chk: + if (hd->naddr != LIST_SIZE(vrrp->vip)) + Since we don't want to send the addresses of the wrong family, add them + to the virtual_ipaddress_excluded block rather than the virtual_ipaddress + block. + * vrrp: Only set router flag in Neighbour Advertisements if forwarding. + * vrrp: Enforce maximum number of vips per virtual router. + If there were more than one virtual_address blocks in a + virtual_router block, one could add as many virtual addresses as + one wanted, since it didn't check the number already read. + * vrrp: Don't ignore excess virtual_address entries. + If there are too many virtual_address entries, add them to the + excluded block, but still give a warning message. + * vrrp: Verify VRRP configuration after all configuration read. + There was a lot of duplicated checking in vrrp_parser.c to ensure that + configured parameters were consistent, and also a requirement to configure + certain parameters before others. This checking was incomplete, and also + becoming more and more complex as more configuration options were added. + This commit delays a large part of the checking until after all the + configuration has been read. This removes the need for options to be + specified in a certain order and also for checking in multiple places + whether certain combinations are valid. + As a consequence of the delay in checking the configuration, the creation + of the VMAC interfaces is delayed until after the checking. + * vrrp: Accept is only valid for VRRPv3 + * vrrp: Verify priority and init_state consistent. + * vrrp: Verify password specified for authentication. + * vrrp: Verify have an ip address for interface. + * vrrp: xmit_base is only valid on a VMAC. + * vrrp: Ensure at least one VIP is configured on a VRRP instance. + This commit requires at least one VIP to be configured on a + vrrp_instance. Although the code looked as though it was designed to + allow 0 VIPs, not only was that a protocol violation, but also keepalived + rejected any VRRPv3 packets received without any VIPs, and also any VRRPv2 + with IPv6 due to the check in vrrp_in_chk() in vrrp.c. + * vrrp: Generate unique default VMAC interface names. + Since the virtual router ID can be duplicated both between IPv4 and IPv6, + and also between different interfaces, the approach of setting a default + interface name as vrrp.VRID could produce duplicate names. + This commit now attempts to use vrrp.VRID, but if that already exists, + then it will try vrrpN.VRID, where N starts from 1 and increases until an + unused name is found (for IPv6 it tries vrrp6.VRID before vrrp1.VRID). + * vrrp: Ensure necessary uniqueness of VRIDs. + VRIDs must be unique for a given address family and interface. + This commit ensures that there is no duplication of VRID/address family + on any interface. + * vrrp: Don't assign VIPs/eVIPs to the default interface. + alloc_ipaddress was always setting the interface to DLFT_INT (eth0) if no + dev DEVNAME was specified to a VIP/eVIP/static address. This is fine for a + static address, but doesn't make sense for a VIP or eVIP, since they should + be assigned to the vrrp_instance interface, unless explicitly configured + otherwise. + In fact, it probably doesn't make sense to specify dev DEVNAME for a + VIP/eVIP, since the addresses must be assigned to the vrrp_instance + interface. + * If a configuration error occurs between {}, skip to end. + If a configuration error occurred in a block, the parser could get confused. + This commit makes the parser ignore ignore all further entries until the end + of the block. + * Don't allow specification of default as an address where inappropriate. + The function parse_ipaddress would allow default or default6 to be + specified for any address it parsed, but it doesn't makes sense in a + lot of cases, so add a parameter to indicate if default is valid. + * Improve checking of configured advertisement timer. + * vrrp: Make sure that a VRRP instance has a name and is unique. + It was possible to specify a vrrp_instance without a name. It was also + possible to specify the same vrrp instance name twice. + * Extra validation for reading ip addresses. + * vrrp: Ensure a sync group has a name and hasn't already been specified. + * vrrp: VRRP authentication is dependent on VRRPv2 not IPv4. + The check for whether authentication is not dependant on IPv4, but rather + VRRPv2. This check will be conducted following reading the whole configuration. + * vrrp: Log error if unknown authentication type. + * Check for, and handle, '{' at beginning of a block. + There was no check for a '{' at the beginning of a configuration block. + This commit is the start of that check, allowing it either at the end + of the line with the keyword, or on a line of its own. + Also, in respect of group and notification_email, for all other configuration + items, the '{' could follow on a line of its own, but for configuration + items using read_value_block the '{' on a line following the keyword + was read as a configuration entry. + * Check for, and report, unknown keywords. + A misspelt keyword would have been silently ignored, potentially causing + the user difficulty in understanding why his configuration wasn't working. + * If an address fails to parse, ensure don't return an apparent address. + When reading an address, the address family was set early on, and a + subsequent failure to parse the address left the address family configured, + thereby making it appear that a valid address had been read. Simply set the + address family to AF_UNSPEC on a failure. + * Ensure an address option has a value. + There was no check that the parameter was present after a keyword, so for + example : 1.2.3.4 dev + would not have generated an error message, and alloc_ipaddress would have + attempted to read a word after dev, which would either cause a dore dump + or possibly return a parameter from a previous configuration line. + This type of checking probably needs to be added elsewhere too. + * Add validation of address scope. + * vrrp: Don't allow group block more than once in a sync group. + If a second group is configured, the first group is lost, and its + malloc'd memory is also lost. + * vrrp: Make sure sync groups have at least two members. + If a sync group was configured with no group {} statement, or if + the group statement had no entries, then keepalived would core dump. + This commit rejects groups with 0 members, and also with 1 member, + since it isn't a group. It also checks that a virtual_instance isn't + configured in more than one sync group, and also that the group + members specified exist. + * The address must be the first record in an address configuration item. + When an address is configured, it must be the first entry on the line. + This allows options specified afterwards to know the address family, + and also when reporting errors to include the address. + * vrrp: Log error if IPv6 and first address is not link local. + RFC5798 section 5.2.9 requires that if the protocol is IPv6, then + the first address must be the link local address of the virtual + router. + * vrrp: Ensure that the full VRRP packet has been received in the buffer. + Although afer receiving a VRRP packet, it checked that the length + specified in the IP header was long enough to contain all the VRRP data, + it didn't check that the data actually received was sufficiently long, + so this check is added. + * vrrp: Stop VIPs in same CIDR being deleted, but only when using vmac + so far. + If an interface has more than one IP address in the same CIDR, when + the "primary" address is deleted, all the secondary addresses are + also deleted, unless /proc/sys/net/ipv4/conf/IFACE/promote_secondaries + is 1. This commit sets the promote_secondaries flag on vmacs. + * vrrp: Make from and to for VRRP iprules use a define. + "From" and "To" were being stored as words rather than converted to + defined value. This made storage requirements larger and processing + them more time consuming. + * Don't report configuration bytes used if not _DEBUG_. + If _DEBUG_ is not defined, malloc was increasing the count of memory + allocated when called, but free wasn't reducing the count, and so the + figure reported was meaningless. + This commit completely disables the memory allocated counting and + reporting if _DEBUG_ is not defined. + * vrrp: Use defines for address scopes. + Rather than hard coded values for address scopes, use RT_SCOPE_* + * Force order of multiplication and division to avoid underflow. + * Clear list pointer after freeing list. + * Fix handling of active in vectors. active wasn't being consistently + updated or reported for vectors. + * Make functions always returning 0 void. + Three functions in utils.c always returned 0, and the calling + functions weren't checking the return code, since it was pointless, + so the functions have been changed to be of type void. + * Use struct in_addr rather than uint32_t for IPv4 address. + * vrrp: Disable all VMAC configuration code if don't have VMACs. + * Allow multiple spaces in quoted strings. + The handling of quoted strings saved each word separated between + tokens of '"'. This meant reconstructing a quoted string lost multiple + spaces and was hard work. + Quoted strings are now saved as the whole quoted string, without the + quotes, so retrieval is much simpler. This also allows further keywords + to follow the quoted string, if desired. + * vrrp: Remove string length dependencies in vrrp_print. + * vrrp: Stop using deprecated bcopy. + * vrrp: Add vrrp_instance name to some log messages. + * Optimise returning from list_element() when end of list reached. + * Make free_melement a static function. + * Use INET6_ADDRSTRLEN rather than hardcoded length. + * Don't format log message if not going to log it. + * vrrp: Add option to reduce vrrp advert address checking. + By default, every received VRRP advertisement checks the advertised + addresses are the same as the configured addresses, which is o(n^2). + This change adds the option to check the first packet received from + a master, but not to check the VIP list in subsequent adverts from + the same master. + * vrrp: Ensure vrrp_buffer large enough for largest possible received + packet. + The allocated receive buffer had size VRRP_PACKET_TEMP_LEN, which + suggests that it wasn't intended as the final solution. + Instead of using a fixed buffer size, the maximum MTU across all the + interfaces is calculated, and the size of the vrrp_buffer allocated + is the maximum MTU size. This guarantees that any VRRP packet received + will fit in the buffer. + * vrrp: Improved received VRRP packet checking. + First check the protocol headers have been received, then before + checking the overall length of the received data, check the data in + the protocol headers, since this will allow more meaningful errors + to be reported. For example if there was a mismatch between VRRP + versions with IPv4, a length error was being reported, rather than + the version mismatch. + All the error messages in VRRP packet checking now include VRRP + instance name, to help tracking down where the error lies. + * vrrp: Remove fixed limit number of VIPs in a VRRP advert. + There was an arbirtary limit of VRRP_MAX_VIP (20) VIPs for sending + a VRRP advert. Now that the vrrp_buffer is sized to be able to + receive any packet up to the largest MTU size, we can dynamically + allow as many VIPs as will fit in a packet (which varies depending + on IPv4 or IPv6). + There is also an overhead checking the received addresses in an + advert against the VIPs configure on the instance, but this can now + be mitigated by setting skip_chk_adv_addr on the VRRP instance. + * vrrp: Fix printing of vrrp tracking scripts. + * vrrp: Print Last transition time in human readable form. + * Disable assert statements unless _DEBUG_ is defined. + * Streamline free_list_element + * Remove duplication of code between free_list and free_list_elements. + * vrrp: Add vrrp strict mode, enforcing VRRP compliance. + The commit doesn't yet implement strict mode, but it will block + 0 VIPs, unicast peers, IPV6 in VRRPv2. + * vrrp: Add some strict tests. + In strict mode, the following are enforced: + IPv6 required VRRPv3 + There must be at least one VIP per VR instance + No unicast peers + Must be address owner to start in MASTER mode + * vrrp: Don't allow AH authentication with IPv6 and VRRPv2. + Of course, the RFCs don't allow IPv6 in VRRPv2, but it is an + extension supported by keepalived. + * vrrp: Some minor ipsecah updates. + * vrrp: Clearly identify that VRRP has subblocks of VRRP scripts. + The keepalived.conf.5 man page wasn't explicit that there are VRRP script + subblocks as part of the VRRP configuration, and this is now explicit. + * Trivial edits to man page keepalived.conf(5). + * man page remove static_rules configuration from vrrp_instance. + keepalived.conf.5 man page had an entry for static_rules within the + vrrp_instance blocks, and this is clearly wrong. + * vrrp: Fix typo in error message when sending VRRP advert. + * vrrp: Add option not to include vrrp authentication code. + RFC3768 updated VRRPv2 to remove authentication in 2004. This commit + adds a configure time option to exclude authentication code. + * vrrp: When adding ip(6)tables entries, only specify i/f for link_local + addresses. + Packets to/from global address could arrive or be sent on any interface, + so don't specify the interface for blocking the packets. For link local + addresses, the block must relate to the specific interface. + * vrrp: Add ability to use libiptc rather than invoking ip(6)tables. + Invoking ip(6)tables has a high overhead, since the process has to be + forked and exec'd, and then it has to read the whole ip(6)tables + filter chain before it makes a single update and commits it back. + Using libiptc avoids the overhead of multiple forks/execs, and also + means that multiple entries can be added/deleted to/from the ip(6)tables + configuration in a single update. + * vrrp: Add option to use ipsets instead of iptables to block addresses. + Instead of having lists of addresses in iptables, it is much more + efficient to use ipsets to handle those addresses, since that is + what it is designed for. + * Use /proc/sys/kernel/modprobe to find modprobe. + * Reinstate SIGCHLD before forking to exec modprobe for ip_vs. + The fork of modprobe to load ip_vs would have reported a failure + even though it would have succeeded. + * Reinstate SIGCHLD before forking to exec modprobe for ip_vs. + The fork of modprobe to load ip_vs would have reported a failure + even though it would have succeeded. + * Fix forking/execing re closing signal pipe. + When calling scripts, we don't want to give them access to the signal + pipe used between the parent process and the vrrp process. + * vrrp: Fix compile error when net/if.h and netlink/route/link.h conflict. + Some versions of libnl3 netlink/route/link.h conflict with some + versions of kernel header file net/if.h. This commit has a + workaround for when there is a conflict. + * vrrp: Fix compile failure with old kernels and libnl3. + Issue #215 identified a compile error with pre 3.13 kernels when + libnl3 was installed. This commit adds a test for that situation + and avoids using rtnl_link_inet_[sg]et_conf. + I haven't been able to test this on a re 3.13 kernel, but I have + simulated the scenario and it compiles as expected. + * vrrp: Fix compilation when ipsets not installed. + * vrrp: Fix build breakage when not using libiptc. + * vrrp: Fix VRRP respawning when no VIPs specified. + Commit b46dec58fa failed to check the the VIP list existed before + checking how many entries were in the list. + This commit also defaults the address family to IPv4 if no VIPs are + specified. + * vrrp: Make dependency on libnfnetlink/libnfnetlink.h conditional. + * Streamline handling of daemon mode flags. + * Improve handling of not being able to read a pid file. + If a pid file was opened, but for some reason a pid could not + successfully be read, the pid used to check if a process was + running was random. + * Remove unused pid filename definitions. + * Change outstanding debug flag tests to use bitops helpers. + * Allow for different sizes of long ints in bitops. + * vrrp: Ensure conversions of vrrp->adver_int etc don't overflow. + * Use bitops with daemon_mode. + * vrrp: Fix ip_rule direction for SNMP. + Commit 2da11f99 introduced defines for ip_rule directions rather + than using strings, but the commit omitted to update the snmp code + when processing the directions. + * add a line about the 'include' keyword in keepalived.conf(5). + * fix HTTP_GET config dump. The config dumper routine + dump_http_get_check was always printing the last configured checker's + connection info. + * dump_conn_opts: prototype change. + pass the conn_opts_t pointer as a void* parameter to make the + function prototype a valid dump callbac This makes smtp_dump_host() + function needless, it is removed. + * fix build issues on older systems. + Try to avoid the build error on systems which lack of + O_CLOEXEC and IP_MULTICAST_ALL defines (such as Ubuntu lucid and + Debian squeeze). + * Fix compilation with --disable-vrrp-auth + * vrrp: Remove state VRRP_STATE_LEAVE_MASTER since it isn't used. + * vrrp: Fix VRRPv2 authentication issues. + * Don't redefine _GNU_SOURCE. + * vrrp: Exclude function vrrp_ah_sync when --disable_vrrp_auth. + * Fix some conditional compilation errors. + * Streamline getopt_long options. + * Remove '\n's from log messages. + * Ensure standard configure generated defines are used. + The defines used in the compiles in the various subdirectories were + specified in each Makefile.in which could lead to inconsistencies. + This commit defines APP_DEFS in configure.in, which is then used + in each Makefile.in. + * Dump keywords to file rather than stdout. + * Add copyright message and build options to version output. + This commit also ensures that the end year of the copyright date + range is the current year when keepalived was built. + * Stop erroneously logging error message for unknown keywords. + When vrrp_parser parsed the configuration file, it didn't know + about the checker keywords, and vice versa, and so reported errors. + This commits makes the other keywords known but marked as inactive. + * vrrp: Fix SNMP trap NewMaster. + The trap must only be triggered for IPv4, since RFC2787 doesn't + understand IPv6. Also, RFC2787 only supports VRRPv2 instances, + so don't raise the trap for VRRPv3 instances. + The IP address returned must be the actual IPv4 address, and not + the ip_address_t that holds the address. + * vrrp: Use underlying interface for ifindex in NewMaster traps for vmacs. + If the VMAC ifindex is returned, then there is no indication that + multiple VRRP instances are operating on the same physical interface, + so return the ifindex of the underlying interface. This will also + mean that the same ifindex should be maintained between different + invocations of keepalived. + * vrrp: Move SNMP private defines into vrrp_snmp.c/check_snmp.c. + The defines for the net-snmp "magic" were in the header files + which were included by other modules. The defines are private to + the c source file, so move the defines into them, to avoid polution + compilation units which included vrrp_snmp.h/check_snmp.h. + * Use definition for 1.3.6.1.2.1. + * vrrp: Start SNMP after reading configuration. + If SNMP is started before the configuration is read, a meaningless + response will be returned to net-snmp, so don't start the snmp agent + until after all the config has been read. + * vrrp: Fix setting SNMPv2-MIB::sysORID entries in ORTable. + The length of the OID passed to register_sysORTable was wrong. + * vrrp: Allow SNMP agent to unregister cleanly with more than one MIB. + Separate snmp_unregister_mib() out from snmp_agent_close() to allow + multiple MIBs to be unregistered before the snmp agent is closed. + * vrrp: Don't register the global_oid with SNMP twice. + If SNMP is enabled, both the checker process and the vrrp process + were registering the global_oid. This commit makes the checker + process register it if it is running, otherwise the vrrp + thread registers it. + * vrrp: Add read-only support for RFC2787 SNMP (VRRPv2). + * vrrp: Allow any combination of keepalived and RFC SNMP support. + * Allow enabling snmp via config file. + * ipvs: sctp ad persistent engine support. + * Fix building with --disable-lvs + * Stop autoconf complaining. + * vrrp: Use defined value for maximum VRRP priority. + * vrrp: Simplify scheduler code vrrp_leave_fault(). + Two pairs of code blocks were repeated, and each pair could be + reduced to occuring only once if the conditions were merged. + * vrrp: If VRRP priority is 255 and not nopreempt, configure like state + MASTER. + * vrrp: Ensure number of VIPs doesn't exceed 255 per instance. + * vrrp: Don't check second time if IFLA_IFNAME is NULL. + * Dump interface details with rest of config. + * vrrp: When becoming master, block addresses before adding them. + If not accept mode, entries are added to iptables/ipsets to block + traffic to the VIPs/eVIPS. These entries should be added BEFORE the + addresses themselves are added, to ensure there isn't a (small) + window when we might reply from the added addresses. + * vrrp: Document virtual_rules. + * Fix memory leak re some uses of ipaddresstos(). + * Fix parsing ipset names. + * vrrp: Improve and fix finding vmacs left over from previous invocation. + When netlink reports a new or existing interface, we can extract + information that allows us to determine if the interface is a macvlan, + and the type (e.g. private). We can then save that in the interface_t + structure, setting the vlan flag, and base ifindex. + When working out the interface name to use for VMAC instances, we can + then check the interfaces which are macvlans to see if any of them + match the vrrp instance in terms of mac address, underlying interface + and inet address family, and if so we can then reuse the macvlan interface. + Commit 9ae463e7f broke the finding of existing interfaces where the + configuration didn't specify the VMAC interface name, and simply created + a new interface. This commits now resolves that. + There is still an issue that if an interface was in MASTER mode when + keepalived terminated, when keepalived restarts it leaves the VIPs and + eVIPS on the interfaces, meaning that keepalived cannot receive VRRP + packets on the interface from the VRRP instance that has taken over, and + it also means that there are duplicate IP addresses on the network. + Another commit will resolve this issue. + * vrrp: Remove ip addresses left over from previous failure. + If keepalived terminates unexpectedly, for any instances for which + it was master, it leaves ip addresses configured on the interfaces. + When keepalived restarts, if it starts in backup mode, the addresses + must be removed. In addition, any iptables/ipsets entries added for + !accept_mode must also be removed, in order to avoid multiple entries + being created in iptables. + This commit removes any addresses and iptables/ipsets configuration + for any interfaces that exist when iptables starts up. If keepalived + shut down cleanly, that will only be for non-vmac interfaces, but if + it terminated unexpectedly, it can also be for any left-over vmacs. + * Sort out extraneous space and tab characters. + The commit removes spaces followed by tabs, trailing spaces and tabs, + and replaces occurrences of 8 spaces within tabs, except where the + spaces and or tabs occur within strings. + This has the benefit that if blocks of code are copied, git does not + complain when running git am on a file produced by git format-patch. + * vrrp: Simplify RFC SNMP code. + The code was checking VRRP version unnecessarily, and also had code + to return an index element which is not necessary. + * vrrp: Don't send traps for SNMP MIBS which are not enabled. + * vrrp: Don't register SNMP global OID if not handling it. + If neither the checker nor the vrrp components of KEEPALIVED-MIB + are enabled, don't register the global OID. + * Parameters passed to traps don't need to be static. + * Fix --without-lvs and --without-vrrp configure options. + * Ensure general MIB is enabled if --disable-lvs configured + * Avoid compiler warning re function definition to prototype. + * Add RFC6527 SNMP (VRRPv3). + This commit adds read-only and notifiction support for SNMP for VRRPv3 + in accordance with RFC6527. + * vrrp: Fix MAC address for IPv4 VMACs created after IPv6 VMACs. + * vrrp: Allow routes and rules to use tables >= 256 + * Don't recompile libipvs-2.6/*.c every build. + * vrrp: Remove left over ip rules and routes at startup. + * vrrp: Ensure ip routes added before rules, and vice versa. + If ip rules are added before routes, then it is possible for a + packet to be routed while the routing table is only partially + complete. Adding the rule after the routes ensures that the routing + table won't be processed until it is completely set up. + Likewise, when removing rules and routes, remove the rules first. + * vrrp: Add missing reason message for rejected VRRP packet. + Issue #255 show a log identifying bogus VRRP received, but there + was no reason shown for the rejection. The only instance I can find + for this is if vrr->family is neither AF_INET or AF_INET6, which I + think must be a bug in the code parsing and setting up VRRP instances. + This commit just adds a log message to be explicit about why the packet + is rejected, and also reports the value of vrrp->family. + * Reduce number of calls to getaddrinfo() reducing DNS lookups. + * Report if vrrp or checker process abnormally terminates. + * Add option to increase child process priorities and make non swappable. + * Make vrrp_daemon.c and check_daemon.c use header file for externs. + * Add reporting ops mode, and minor tidying up of virtual_server config. + * vrrp: Don't overwrite real interface MAC address with VMAC MAC address. + When a VMAC was being created, the MAC address of the VMAC was + being copied to the MAC address of the underlying interface in the + interface_t structure. + The netlink reflector sets up the MAC address of the new VMAC + interface, so there is no need to copy a MAC address at all. + * vrrp: Stop keepalived_vrrp terminating with SIGSEGV if lvs_syncd_if set. + ipvs_stop() was being called before shutdown_vrrp_instances(), and + so if lvs_syncd_if had been specified on a vrrp instance, keepalived + would subsequently terminate with a SIGSEGV in free_interface_queue(). + * Make lvs_sync_daemon global config rather than vrrp specific. + * Stop lvs sync daemons on restart in case of prior abnormal termination. + * Remove any residual ipvs configuration on restart. + * vrrp: Optimise clear_diff_vrrp_*() functions. + * Check MALLOC returned non NULL before copying to the location. + * Allxoow specifying syncid for lvs syncd. + * vrrp: Send second set of GARP messages afer receiving lower prio advert. + When a VRRP instance transitions to master state, if garp_master_delay + is non-zero, a second set of garp_master_repeat messages is sent after + garp_master_delay seconds (unless 0). However, if a lower priority advert + is received, keepalived didn't send a second set. This commit sends a + second set if a second set would have been sent after transition to master. + * vrrp: Allow setting of graduitius ARP parameters for lower prio adv + separately. + * Don't log a "keepalived stopped" message if keepalived already running. + * vrrp: Add support for iprule and iproute table names. + * Resolve MALLOC/FREE issues to iprule/iproute table names. + * Make keepalived_malloc return void* to match malloc. + * When reporting MALLOC/FREE status on exit, report max MALLOC'd memory. + * Make libipvs use MALLOC/FREE. + * Don't restore original signal state when reloading checker config. + * Ensure signals USR1 and USR2 are set to ignore in checker process. + * vrrp: Only free list of iprule table names if list assigned. + * vrrp: Fix strict mode of vrrp instance overriding global vrrp_strict. + * Attempt to fix build breakage introduced in commit 85f81dd. + * Fix parsing of scope for ip addresses. + * Free global ssl context on reload. + * Free request_t buffer and ssl data on reload. + * vrrp: Restore sync-state after reload. + Currently the sync state is rebuilt from the member states after + config reload. This changes now reloads the previous sync state + after reload, and then pushes this back to the group members. If a + new group member is added during the reload, then the new group + will accept the sync group state. If a group member is removed + during a reload, then a special case will be executed to force + the sync-group state to BACKUP. This is required so that an + alternative backup peer for the removed group is given an + opportunity to take over the gateway. + +2015-07-07 Alexandre Cassen + * keepalived-1.2.19 released. + * vrrp: fix checksum computation in vrrp v2 for socket family AF_INET + One of difference between VRRPv2 and VRRPv3 is the way checksum is + computed. In VRRPv2 no accumulation is specified in RFC while in VRRPv3 + it uses regular accumulator with upper pseudo header. This fix restore + compliant VRRPv2 for AF_INET vrrp instance. Since IPv6 socket are using + IPV6_CHECKSUM option this means that checksum for VRRPv6 instance runing + in native_ipv6 mode are broken. But since this is a end to end sanity + check and both side are operating the same way this OK, no "compliant + with VRRPv3 RFC", but anyway using native IPv6 on VRRPv2 is not really + compliant too ;) + * Some cosmetics at Makefile stuff. + +2015-06-30 Alexandre Cassen + * keepalived-1.2.18 released. + * some cosmetics changes (in memory and parser). + * remove dead/not used code. + * revert notify script brought by last release. + * revert VRRP preemption speed up extension. + * vrrp: ix vrrp removes incorrect IPv4 address when VIPs + are removed. + * vrrp: Re-enable VRRPv2 checksum on inbound pkts. + +2015-05-31 Alexandre Cassen + * keepalived-1.2.17 released. + * zalloc use xalloc for consistency. + * memory: fix wrong size calculation in zfree. + * Fix keepalived snmp configuration. + * Change comments to match kernel style. + * smtp: Fix wrong algorithm in RCPT-TO building. + * vrrp: ICMPv6 : modify the way we copy the src address into the IPv6 + header, in order to not overwrite the header' and the 'hop limit' fields + * vrrp: sync status flag (up/down) for _all_ VMAC interfaces. + When using VMAC and running multiple instances on the same interface, + only one of the VMAC interfaces will get its status flag synched. + This commit will update the status flag for _all_ VMAC interfaces attached + to a base interface. + * ipvs: fix segfault crash when parsing SMTP_CHECK config + * ipvs: SMTP_CHECK now respects configured RS port. Before that it always + used the default port 25. + * ipvs: config parser: handler for the end of block. new function + install_sublevel_end_handler(handler). + * ipvs: new log function vlog_message taking varg_list. log_message now + uses format gcc attribute, not the macro wrapper. + * ipvs: bug: check_smtp was logging "#30" instead of RS address do not do + nested va_start/va_end calls in smtp_final. + * ipvs: clarify snmp_check config syntax. Now host{} section is optional, + and all the standard connection options are available in the SNMP_CHECK{} + level, too. If one or many host section persist, those base-level options + are used to specify default values that can be overriden in a host section. + * vrrp: Use literal constants for bit flags Use literal constants for bit + flags of the "debug" global variable Change from using numeric constants + to literal constants for the bit flags of the "debug" global variable. + * vrrp: Backup obtains VIP resulting in a duplicate IP. VRRP backup obtains + VIP resulting in a duplicate IP situation. When a priority change to the + configuration of a Master router drops its priority to below that of a + backup router, the VIP is not released on the Master router leading to + a duplicate IP situation. + * vrrp: Make preempt_delay work more than once. + * vrrp: Changes needed to support AH auth in VMAC mode. Note according to + the RFC this is not a requirement, but we think that our customers will + expect it to work. The RFC actually discourages its use because it adds + little to no additional security. We are still able to interoperate in + RFC mode by not enabling authentication. + * vrrp: Check VRRP header in the IP auth header is correct. In the middle + of vrrp_in_chk, the existing VRRP packet parsing code does + "return vrrp_in_chk_ipsecah(vrrp, buffer);" if the VRRP version is two, + and the authentication type is IP sec authentication, to check whether + or not the IP sec authentication header is valid. However the "instant" + returns means that is the IP sec authentication header is valid, then + the remaining parts of the VRRP packet (VRRP version, VRRP checksum, + VRID, number of VIPs, advertise-interval) are not parsed or validated. + * vrrp: Add support for SNMP trap: vrrpTrapNewMaster. + * vrrp: Add skeleton code for VRRP-MIB. + * vrrp: Check existing VIF and recreate if VMACs are wrong. Although under + normal circumstances we will cleanup VIF interfaces when shutdown, there + are various scenarios were this is not the case. To make the code more + robust, keepalived now performs a check for matching VIF interfaces at + restart, and if the configuration of the VIF matches the current + keepalived configuration it will reuse the VIF. However, should the + configuration be different, keepalived will remove the existing + interface, and then recreate a new VIF interface with the appropriate + configuration. This fix resolves the continuous crash scenario that can + occur when keepalived fails to configure the VIF because one already + exists. It prevents keepalived from reusing a previous VIF interface + which does not completely match it configuration criteria.` + * vrrp: fix snmp code (cosmetic) + * vrrp: Fix the keepalived mib and agentx warnings. During Keepalived + startup, about twenty "duplicate registration" and a couple of "Failed + to connect to the agentx master agent" warning messages were issued. + Pairs of the "Failed to connect" warning messages were logged every two + minutes. The "duplicate registration" warnings happened because VRRP + called snmp_agent_init twice, once for the keepalived-vrrp MIB, and once + for the rfc2787-vrrp MIB, however each call to snmp_agent_init also + tried to register the keepalived-global MIB (which holds data like + Keepalived version number, SMTP server details, and a "from" email + address). It was the second attempt to register this keepalived-global + MIB that generated the "duplicate registration" warning. The registration + of the keepalived-global MIB is now only done once under the control of + a static variable. init_agent is also called just once under the control + of the same static variable to prevent it logging a warning message. The + "Failed to connect" warnings occur because Keepalived does not know how + to connect to the SNMP AgentX master server. By default the Agent X + master server is listening for MIB registrations on a local TCP socket + with a port number of 705. + * vrrp: Fix VRRP preemption taking too long. VRRP preemption may not work + correctly due to group expiry timers being incorrectly manipulated while + running down the MDT. Also, preemption can be disrupted if the VRRP group + receives an advertisement while running down it's timer. + * vrrp: Initial Implementation of VRRP statistics. + . Add VRRP counters, This is needed by the VRRP-MIB, and will provide + better insight into the operation of VRRP for users. + . Add SIGUSR1 and SIGUSR2 handlers + - SIGUSR1 allows users to dump current state of VRRP instacnes to + /tmp/keepalived.data + - SIGUSR2 allows users to dump VRRP counters to /tmp/keepalived.stats + * vrrp: Copy old VRRP stats on reload. + * vrrp: Seperate printing functions from vrrp_daemon.c. Seperate state + printing code from vrrp_daemon.c so that the code is better organized. + * vrrp: Track master router priority in VRRP. + * vrrp: Added 'Master priority' output to show vrrp detail. + * vrrp: Enhance keepalived vrrp to configure mltp-scripts. Currently, + keepalived vrrp only allows to configure single notification script. + This is a limitation ans should be extended so that keepalived vrrp can + notify multiple scripts about vrrp state changes. + * vrrp: Don't display ipsec ah password in log files. When authentication + type is selected as ipsec ah, password should not be displayed in the + log files. + * vrrp: Fix notify upon reload. When a notify script is configured after + Keepalived has been started, if other notify scripts are already + configured, these scripts get reinvoked even if the state has not + changed. This occurs when in backup state. When in master state, no + notifications are sent out at all if a new notify script is configured. + For the backup case, this problem occurs when the daemon is reloaded. + This causes vrrp to leave the state it's currently in, go to the init + state and from there, go back to backup. However, this transition + causes the notify scripts to be invoked, causing a redundant + notification to be sent. For the master case, there is no call to + notify_instance_exec(), hence why no notifications are seen at all. + The solution is to add a new field to the vrrp struct that stores the + notify scripts that were configured before reload. A new function has + been added to take advantage of this new field. Instead of calling + notify_instance_exec() when we are in the init state, we now call + notify_instance_exec_init(). This is a proxy function that modifies + the 'script' member of a vrrp structure to point to a new list + containing only scripts that have not previously been configured, + thereby preventing the sending of notifications that have already been + sent. This new list is created by utilising the new vrrp struct field. + Inside this new function, notify_instance_exec() is called using the + modified VRRP instance. When this call returns, the member is reset + back to its original value. + * vrrp: Keepalived extension to support VRRP version 3. Updated vrrp_header + and _vrrp_t struct to support version 3 params. Support to build vrrp_v3 + packet. + * vrrp: Keepalived extension to support VRRP version 3 (2). + * vrrp: Keepalived extension to support VRRP version 3 (3). Timer changes + to support centi-sec. + * vrrp: Keepalived extension to support accept mode for v3. + * vrrp: Fix up limitations of keepalived VRRPv3. The current Keepalived is + supporting IPv6 but it is not fully functional and it is not as per + RFC5798. Following are the issues identified and changes done: + - IPv6 address population. + - Correction of Checksum in case of IPv6. + - Getting source address from received advertisements. + - Populating source address in sent VRRP advertisements. + * vrrp: Improve display output for VRRPv3. + - Changed data-type of mcast_saddr to sockaddr_storage to support IPv6 + also. + - Added new parameters version, accept, weight updated advertisement + interval for operational command show output. + * vrrp: MIB enhancements for accept-mode. + * vrrp: Fix mismatched advertisement interval. In VRRP version 3, all + BACKUP routers must set their advertisement intervals to match the current + MASTER's. Although not explicitly stated in RCF5798, when the MASTER falls + over or forfeits its MASTER status, the new MASTER should not continue to + use the old MASTER's advertisement interval value and should instead use + its locally configured value. To achieve this, a new field has been added + to the VRRP structure that stores the most recent advertisement interval + of the current MASTER. We track changes to the current MASTER's interval + and update this new variable accordingly. The value is only updated when + we are in BACKUP state and reconfiguring the local advertisement interval + has no effect on it. + * vrrp: snmp: don't hardcode AgentX socket location. The default location + should be `/var/agentx/master` (as per RFC2741 and this is also the + default for NetSNMP, including on Debian-based distributions). This + default location is set at configure-time for NetSNMP and subagent will + use it automatically (it is also available through `net-snmp-config.h`). + A useful feature would be to have a flag to change that if the user + change this settings in the master agent. This commit just reverts this + change to let SNMP subsystem work as expected for most users. + * vrrp: snmp: restore use of net-snmp-config to build SNMP support. With + a lazy linker, `libnetsnmpmibs` may require some additional libraries + to be linked (like `libsensors`). Therefore, only rely on + `net-snmp-config` to get the appropriate flags. + Also add some additional tests: + - check that we can build a simple executable (NetSNMP can be quite + broken and in this case, the error during compilation is not crystal + clear, checking that in configure is more informative) + - check if we subagent support is compiled in (This is optional and + again, the error is not crystal clear during compilation). + - check that net-snmp/agent/util_funcs.h is present (Due to a flaw in + NetSNMP build process, this header was not installed for quite a long + time, notably on RHEL derivatives; code to handle its absence was + already present in Keepalived). + * vrrp: snmp: don't enable SNMP support automatically. + Most users won't use it and it would fail if NetSNMP is not installed, + unless a user add `--disable-snmp` to configure command line. + * build: move custom include directives (`-I`) first. Some libraries, + notably NetSNMP, may pollute CFLAGS by adding stuff like + `-I/usr/lib/x86_64-linux-gnu/perl/5.20/CORE` in CFLAGS. Instead of + trying to not use CFLAGS from NetSNMP at all (some of those bits are + important as they influence some NetSNMP headers), we ensure that the + bogus include flags are after our own include flags. + * global: Set global data default values after parsing config file. + This patch will defer setting the global data default values until + after the config file has been parsed. This will potentially avoid two + calls to getaddrinfo. For example, if the router_id and/or email_from + parameters are set in the config file, there is no need to call + getaddrinfo twice in order to set a default value. Instead, this patch + will check to see if they values are unset after parsing the config + file. Note that email_from and smtp_connection_to are only set to a + default value if they are unitialized and smtp_server is specified. + * doc: add -x/--snmp flag to keepalived manual page. + * snmp: add -A/--snmp-agent-socket to specify AgentX socket. + +2015-03-31 Alexandre Cassen + * keepalived-1.2.16 released. + * Properly close netlink channel to avoid fd leak. + * Use getaddrinfo instead of gethostbyname to workaround + glibc gethostbyname function buffer overflow. + * ipvs: log http timeout only when server goes down + All other calls to log_message() when a check fails are + performed when a server changes its state. + The http timeout log message is the only exception. + * ipvs: properly fix bug when Q < H. + The commit a77c2c7 has not fixed the issue. + Log messages became accurate, but unsigned comparison + was still in use. + * ipvs: HUP processing refactored. + copy_srv_states is removed: we can copy states with + existing clear_diff_*functions, as long as + clear_diff_services is called before the init_services. + vs_exist, rs_exist: remove side-effects from these functions. + Now they do only search and return pointers. + get_rs_list removed: the new rs list is now passed to + clear_diff_rs. + init_service_vs: quorum_state assignment is not needed + here. It is already assigned either by vs constructor, or + by alpha handler, or by clear_diff_services. + * ipvs: refactoring link vsg structure to vs. + this adds a pointer to virtual_server_group_t into + the virtual_server_t structure and fills these pointers + after config load. + This change will allow to access vsg items of a vs easily, + without iterating and name compare. + * ipvs: refactoring use links to vs->vsg links. + ipvs_cmd: removed vs_group list parameter. Link to vsg + is obtained via vs->vsg. These functions are also modified + in the same way: ipvs_group_cmd, clear_service_rs, + clear_service_vs, clear_diff_rs. + clear_diff_vsg: new_vs is passed as a param, vsg pointers + are retrieved w/o iterating. + * ipvs: fix problems with config reload. + The commit 7bf6fc contained a bad trying to fix the issue + when an alive RS does not appear in a new VSG entry on reload. + It has not fixed the original issue and added a new one: + vs_groups lose quorum on config reload. + This commit fixes the issue properly, and also the case when + RS in VSG is in inhibit mode. + The reloaded flag is added to the virtual_server_group_entry_t. + ipvs_group_sync_entry: add alive destinations to the newly + created vsge. It is aware of inhibit-on-failure destinations. + sync_service_vsg: calls the former for each created vsg entry + vsge_exist: changed just as other *_exist routines. + * genhash: add support of fwmark in genhash + * genhash: terminate thread if connect_error + * Fixed filenames and paths so that make uninstall removes + initscript and man pages. Changed perms for keepalived.sysconfig + from 755 to 644 + * Fix a typo in dump_global-data(). + * vrrp: revert previous buggy preempt extension. + * smtp: fix infinite loop when the smtp server unexpectedly + closes the connection. + +2014-12-21 Alexandre Cassen + * keepalived-1.2.15 released. + * vrrp: Use ancillary data on sending path for IPv6 + mcast_src_ip. Well, previous code used bind() to specify + IPv6 src address. Ancillary data is a much more cleaner + and efficient way... + * ipvs: Fix format of long int in log_message call. + * ipvs: fix building with fwmark disabled. + * vrrp: Pointer dereference before NULL check. + * STR(SMTP_PORT) returns "SMTP_PORT", not "25". + +2014-12-16 Alexandre Cassen + * keepalived-1.2.14 released. + * The "Date:" mail header is now localtime. + * bugfix: fwmark field was formatted as signed int + * dump_conn_opts: fwmark was not displayed. + * log_message: emit -Wformat= compiler warnings. + There could be (and actually are) situations when the format + string and the arguments list passed to the log_message() are + inconsistent or mistyped. The compiler did not show any warnings + because the vsnprintf was called indirectly. + * Further unification of IP endpoints logging. + This change tries to keep usage of the standard "[%s]:%d" format + string to a minimum. Instead, use inet_sockaddrtopair wherever + possible. + * Add SNMP subsystem option to man page. + The keepalived(8) man page did not mention the -x option to + enable the SNMP subsystem. This patch adds the -x (and --smmp) + options to the keepalived(8) man page, as described in the + keepalived help message. + * vrrp: fix gratuitous ARP refresh timer handling. + Previous code was using an 'int' to store parsed timer value. + This value was then expanded to TIMER_HZ which can lead to a + wrapping issue if requested timer is longer than local machine + 'int' representation. This patch reworked the code to use + timeval_t instead and perfrom regular timeval operations. + * vrrp: Fix a memory leak while dropping incoming IPSEC-AH + authenticated advert. Digest was allocated in previous code + without freeing it on HMAC-MD5 missmatch. + * vrrp: Extend IPSEC-AH auth to support unicast. + If you plane to use IPSEC-AH auth in unicast mode (which THE best + idea), then IP header TTL MUST be zeroed since it is mutable field + on transit. + * vrrp: Update VRRP VMAC doc. + Add vmac_xmit_base in configuration example and force rp_filter=0 + on macvlan interface. + * vrrp: make gratuitous ARP repeat count configurable. + . garp_master_repeat : Gratuitous ARP count sent on the wire + after MASTER state transition. + . garp_master_refresh_repeat : Gratuitous ARP count sent on the + wire when garp_refresh_timer fir + * vrrp: fix preempt and state BACKUP when prio 255. + This makes it so that keepalived will respect various settings that + should prevent it from assuming the MASTER role for a vrrp_instance + unconditionally and immediately, even if the priority of the + vrrp_instance in question is set to 255 (VRRP_PRIO_OWNER). These + settings include: + ---- conf ---- + state BACKUP + preempt_delay + nopreempt + * vrrp: in backup state notify when vrrp is not up and move to FAULT + state. + * ipvs: failed RS was flapping on config reload. + The RS disabled by health-checker was turned on w/o health-checking + by SIGHUP handler in the init_service_rs() subroutine. + This did not happen with alpha mode set. + * libipvs: allow IPv4 RS in IPv6 VS and vice versa. + This change syncronizes local copy of libipvs with the upstream + (kernel/ipvsadm/ipvsadm.git) to the date. IPVS in Linux 3.18 will + include the feature of mixing of tunneled RS families in single VS. + The compatibility with older kernel versions is kept. + * libipvs: minor bugfix with retreiving dest af. + This change needs to be sent to the ipvsadm upstream, too. + This clarifies the previous commit, so there is no need to mention + it in the changelog. + * vrrp: check if interface is known when using use_vmac. + vrrp->ifp is NULL when use_vmac keyword is defined before the + interface keyword. This would result in a segfault + * vrrp: simplify macvlan creation. + Create the macvlan interface in one netlink command rather than + three (creation of the macvlan in netlink_link_add_vmac function, + set of the mac address in the netlink_link_setlladdr function, set + macvlan mode in the netlink_link_setmode function). + This simplification: + 1. avoids potential issues if the firt netlink command passes butcw + not the next ones + 2. reduces number of netlink messages (light optimization) + * ipvs: bugfix quorum state was flapping when Q < H. + When a service had quorum < hysteresis, the lower threshold of RS + weights was calculated incorrecly. Unsigned arythmetics was used, so + errors like this appeared in log: Keepalived_healthcheckers[2535]: + Lost quorum 1-2=18446744073709551615 > 10 for VS + The up -> down quorum state transition was happening every time when + alive RS set was changed. This bug was in place since + keepalived-1.2.9 + * vrrp: add support to IPv6 mcast src address specification. + For some reason (well... which one ?), previous code didnt support + specification of multicast source address in IPv6 mode. If you are + using 'native_ipv6' and want to specify IPv6 mcast source ip address + then you can use 'mcast_src_ip' keyword with IPv6 address. + * vrrp: Add support to IPv6 src_address discrimination in master + rx state. + Previous code didnt support IPv6 address discrimination while in + MASTER state receiving same prio advert. This patch extend previous + code to support IP address comparison agnostic. + * vrrp: IPv6 mcast src_addr handling and VMAC fix. + Properly bind socket for v6 use-case when mcasr_src_ip is in use or + when VMAC is used. This patch fix VRRP VMAC in native_ipv6 mode, + previous code just use the vmac interface link-local IP Address as + src_ip leading to a corner case (to keep polite). + * vrrp: in IPv6 scope_id is mandatory to bind link-local address. + In IPv6 use-case, source IP address is set binding sokect to + socaddr_in6. Linux Kernel requires interface to bind link-local + address. + * vrrp: fix nopreempt mode in master_rx. + While receiving lower prio advert, preempt election according to + nopreempt keyword. By default preempt is on as requested by RFC. + * exit on malloc failure. + * genhash: code cleanup. + 2014-05-13 Alexandre Cassen * keepalived-1.2.13 released. * vrrp : Use the standard unsigned int types. This fixes @@ -473,7 +6679,7 @@ of the digest (provided that extra care is taken that no two algorithms will ever alias in this regard). Also the test script for genhash was extended to conditionally use SHA1. - * Jan Pokorný cleaned up genhash code. + * Jan Pokorný cleaned up genhash code. Access to the hash-specific context was simplified as I've now checked some C guarantees regarding union/it's members initial address vs. aligning so now extra inlined accessor @@ -633,7 +6839,7 @@ disruption for VRRP. * Copyright update * some cosmetics. - + 2012-07-27 Alexandre Cassen * keepalived-1.2.4 released. * Please look at git repo for credits. @@ -701,16 +6907,16 @@ 2011-01-09 Alexandre Cassen * keepalived-1.2.2 released. * IPv6 : extended autoconf script to support libnl detection. - IPv6 IPVS kernel subsystem is reachable through - generic netlink configuration interface. + IPv6 IPVS kernel subsystem is reachable through + generic netlink configuration interface. * IPv6 : Enhanced libipvs-2.6 to support generic netlink - configuration interface. If generic netlink is - available with kernel then it will be the - prefered path to configure IPVS. + configuration interface. If generic netlink is + available with kernel then it will be the + prefered path to configure IPVS. * IPv6 : Enhanced the whole checker API to use - sockaddr_storage. + sockaddr_storage. * IPv6 : Enhanced the whole core framework to use - sockaddr_storage. + sockaddr_storage. * IPv6 : Enhanced all checkers to use sockaddr_storage. * fixed a long time pending issue in all checkers. If first connection attempt to remote peer was failing @@ -870,7 +7076,7 @@ address display. * Vincent Bernat luffy.cx> extended genhash to display an error when giving an incorrect IP address. - * Vincent Bernat luffy.cx>: When parsing + * Vincent Bernat luffy.cx>: When parsing "blackhole" route, also parse IP mask. * Vincent Bernat luffy.cx>: On reload, destroy signal pipes before recreating them. @@ -881,16 +7087,16 @@ Handle non-existant default interface in VIP definition. * Vincent Bernat luffy.cx>: Remove alive real servers when quorum is lost. - * Vincent Bernat luffy.cx>: + * Vincent Bernat luffy.cx>: Fix a segfault when a virtual_server is empty. - * Vincent Bernat luffy.cx>: + * Vincent Bernat luffy.cx>: Add real servers to new member of a virtual server group on reload. - * Vincent Bernat luffy.cx>: + * Vincent Bernat luffy.cx>: Keep previous effective VRRP priority on reload. - * Vincent Bernat luffy.cx>: + * Vincent Bernat luffy.cx>: Fix VRRP script not running any more after reload. - * Vincent Bernat luffy.cx>: + * Vincent Bernat luffy.cx>: On reload, keep status for all VRRP scripts. * Removed IPVS Kernel 2.2 support @@ -1025,7 +7231,7 @@ stream. It appears some webserver cause healthchecker crash. * Chris Marchesi, provided a patch for better handling of SSL handshake errors. - * Shinji Tanaka, fixed parser "include" + * Shinji Tanaka, fixed parser "include" directive to support declaration inside configuration directives, like including file inside vrrp_instance declaration. * Andreas Kotes, fixed HTTP healthchecker @@ -1034,13 +7240,13 @@ * VRRP : Willy Tarreau, fixed a missing notifications upon transition from fault to backup. * VRRP : Add support to route metric in virtual_routes definition. - + 2007-09-13 Alexandre Cassen * keepalived-1.1.14 released. * Shinji Tanaka, extended parsing framework to support "include" directives. For more informations and documentation please refer to Shinji - website : + website : http://misccs.dyndns.org/index.php?keepalived%20include%20patch * Tobias Klausmann, add error loggin while parsing configuration file. @@ -1055,7 +7261,7 @@ * VRRP : Michael Smith, extended virtual_ipaddress setting to support Old-style Linux interface aliases like eth0:1. - * VRRP : Ward Wouts, add support to + * VRRP : Ward Wouts, add support to vrrp_script logging. 2006-10-11 Alexandre Cassen @@ -1276,7 +7482,7 @@ * Ronald Wahl , moved the definition of variables to C files * Ronald Wahl and I fixed scanning for header/body - separator in HTTP protocol + separator in HTTP protocol * Ronald Wahl replaced memcpy by memmove where source & destination may overlap * Extended checker API to only register checkers when checker callback @@ -1364,9 +7570,9 @@ detection. * To work-around the SMP forking bug, added support to two new daemon starting options : - --vrrp -P Only run with VRRP subsystem. - --check -C Only run with Health-checker - subsystem. + --vrrp -P Only run with VRRP subsystem. + --check -C Only run with Health-checker + subsystem. Those options extend daemon design to support VRRP & heathchecking subsystem selection. You can now run two Keepalived daemon one invoqued with --vrrp and @@ -1394,7 +7600,7 @@ * keepalived-1.1.3 released. * Stephan von Krawczynski, extended ip address framework to support broadcast address selection. - * Extended the scheduling framework to support plain 'long' + * Extended the scheduling framework to support plain 'long' timer. Visited the layer4 framework to support this new scheduling scheme. Reviewed the checkers and VRRP framework to support long timer. @@ -1404,7 +7610,7 @@ log level selection for main daemon. A new command line argument has been created : --log-facility -S 0-7 Set syslog facility to - LOG_LOCAL[0-7]. (default=LOG_DAEMON) + LOG_LOCAL[0-7]. (default=LOG_DAEMON) * Extended the HTTP checker to support non blocking read while processing stream. NONBLOCK flags is set before read operation to catch EAGAIN error. @@ -1479,14 +7685,14 @@ * keepalived-1.1.1 released. * VRRP : Fixed an issue while reloading configuration. Fixed a dereferencing pointer. - * Fixed misc checker to perform server state according to + * Fixed misc checker to perform server state according to checker result !!! 2003-07-22 Alexandre Cassen * keepalived-1.1.0 released. * The release focus is : "High Performance" - * Name cleanup for the healthchecking directory. use check - instead of healthcheck to be in conformance with watchdog and + * Name cleanup for the healthchecking directory. use check + instead of healthcheck to be in conformance with watchdog and global software architecture. * updated the SYNOPSIS file for documenting the table arg inside virtual/static_routes declaration. You can set routes refering @@ -1499,7 +7705,7 @@ * VRRP : Added support to a global shared buffer for incoming advert handling. A new buffer is no longer allocated each time processing incoming advert, instead a shared room is used. - * VRRP : Added support to pre-allocated shared buffer for + * VRRP : Added support to pre-allocated shared buffer for outgoing adverts. Each vrrp instance use a 'one time' allocated buffer instead of a 'all time' one. * VRRP : Extended the socket pool design to support shared fd @@ -1513,12 +7719,12 @@ "static_ipaddress". look at doc/samples/keepalived.conf.static_ipaddress. IP addresses specified into this block will be added during - daemon bootstrap and removed during daemon shutdown. - Differential conf parsing is enabled for this block, - removing/adding static_ipaddress can be done on the fly + daemon bootstrap and removed during daemon shutdown. + Differential conf parsing is enabled for this block, + removing/adding static_ipaddress can be done on the fly sending SIGHUP signal to daemon. * VRRP : Extended track_interface to support multiple interface - tracking. For those familiar with Nokia monitored circuit, + tracking. For those familiar with Nokia monitored circuit, this extention provide the same functionality. look at doc/samples/keepalived.conf.track_interface. * VRRP : The VRRP instance lookup framework has been extended @@ -1543,30 +7749,30 @@ perf, differents VRID on all instance must be used. The design can be sumed by : - VRID hash table : + VRID hash table : - +---+---+---+---+---+---+.........+-----+ - | 1 | 2 | 3 | 4 | 5 | 6 |.........| 255 | - +---+---+---+---+---+---+.........+-----+ - | | - +---+ +---+ - |fd3| |fd1| - +---+ +---+ - | - +---+ - |fd5| - +---+ + +---+---+---+---+---+---+.........+-----+ + | 1 | 2 | 3 | 4 | 5 | 6 |.........| 255 | + +---+---+---+---+---+---+.........+-----+ + | | + +---+ +---+ + |fd3| |fd1| + +---+ +---+ + | + +---+ + |fd5| + +---+ This hash table is filled during configuration parsing and VRRP instances are not duplicated but dynamically pointed to optimize memory. - * VRRP : The VRRP synchronization group lookup has been + * VRRP : The VRRP synchronization group lookup has been extended. During bootstrap a VRRP instance index is built upon - sync_group instance name. This extension speed up - synchronization since while synchronizing it perfoms the - instance index instead of lookup by instance_name. The - previous synchornization code has been rewritten to use this - 'list visiting' design for FAULT/BACKUP/MASTER states + sync_group instance name. This extension speed up + synchronization since while synchronizing it perfoms the + instance index instead of lookup by instance_name. The + previous synchornization code has been rewritten to use this + 'list visiting' design for FAULT/BACKUP/MASTER states synchronization. * VRRP : Optimized the vrrp_timer_vrid_timeout(...) to speed up vrid lookup over timeouted fd using a one pass lookup. @@ -1617,9 +7823,9 @@ selection via daemon command line. Created two new cmdline options : --wdog-vrrp -R Define VRRP watchdog polling - delay. (default=5s) - --wdog-check -H Define checkers watchdog - polling delay. (default=5s) + delay. (default=5s) + --wdog-check -H Define checkers watchdog + polling delay. (default=5s) * Extended SMTP code to support bigger buffer while processing remote mta messages. * Erik Barker, extended initscript @@ -1745,7 +7951,7 @@ Creative Internet Techniques, Please visit sponsor homepage, open minded people here ! * Fixed some Makefile and autoconf code dependence issues. - * Move keepalived.conf.SYNOPSIS and samples into "doc" directory. + * Move keepalived.conf.SYNOPSIS and samples into "doc" directory. * Enhanced HTTP|SSL check to support large url. Get buffer request is now 2KBytes. * Removed \n in healthchecker smtp_alert call. This cause some troubles @@ -2180,7 +8386,7 @@ VRRP packet lenght are limited to a 20 VIPs, if you want more VRRP VIPs add them to the "virtual_ipaddress_excluded" configuration block. * VRRP : Added more logging facility when setting/removings VIPs & E-VIPs. - * VRRP : Created a new FSM state called become_master in charge of + * VRRP : Created a new FSM state called become_master in charge of VIPs/E-VIPs/notifications handling. The goto_master state is now a state where the instance send an advert to force a new MASTER election setting the instance into a transition mode. If election success its finaly @@ -2287,7 +8493,7 @@ MII transceiver status register thread poller. Monitoring Basic Mode Status Register (BMSR) of the MII status words. Waiting for kernel NIC drivers hackers to support this functionnality through netlink - (=> Like a IFF_RUNNING update broadcast). + (=> Like a IFF_RUNNING update broadcast). * VRRP : Linked the state machine to the global interface structure. NIC failure/events are handled. * VRRP : Review the whole state machine code to be more realistic. The @@ -2322,7 +8528,7 @@ the socket, multicast advert can be sent but not received ? really strange don t know why probably an IGMP resubmit ?. So multicast group is left during failover (media trouble, - IFF_DOWN or !IFF_RUNNING). In fallback, we register a new + IFF_DOWN or !IFF_RUNNING). In fallback, we register a new membership and synchronize all the packet dispatcher fds. * VRRP : Fixed a checksum trouble using password authentication. * VRRP : Added support to the LVS sync daemon. This permit @@ -2404,20 +8610,20 @@ * Rewrite the whole VRRP previous code. * VRRP : Created a hierarchic scheduling framework. Handle VRRP instances multiplexing on the same I/O fd. - VRRP I/O events are handled by our global scheduling + VRRP I/O events are handled by our global scheduling framework. Then the global sheduling framework call a VRRP I/O instance dispatcher to manage VRRP instances. * VRRP : Created a temporary socket pool to handle register - our VRRP thread instances. + our VRRP thread instances. We create & allocate a socket pool here. The soft design can be sum up by the following sketch : - + fd1 fd2 fd3 fd4 fdi fdi+1 -----\__/--------\__/---........---\__/--- | ETH0 | | ETH1 | | ETHn | +------+ +------+ +------+ - - Here we have n physical NIC. Each NIC own a maximum of 2 fds. + + Here we have n physical NIC. Each NIC own a maximum of 2 fds. (one for VRRP the other for IPSEC_AH). All our VRRP instances are multiplexed through this fds. So our design can handle 2*n multiplexing points. @@ -2432,7 +8638,7 @@ Handle VRRP states & transition states. * VRRP : Created a VRRP synchronization instance circuit. This functionnality gave you the ability to monitor VRRP instance - each other. This mean that if 2 VRRP instances are monitoring + each other. This mean that if 2 VRRP instances are monitoring themself and if one of this instance change state, the other follow the same state. ex.: With 2 VRRP instances (VI_1 & VI_2) if VI_1 become backup then VI_2 become backup too. (symetricly @@ -2457,12 +8663,12 @@ Thanks goes to Gianni D'Aprile for pointing it to me. 2001-11-04 Alexandre Cassen - * keepalived-0.3.8 released. - * Added support to native IPTABLE LVS CODE - => using NAT on 2.4 kernel ipchains kernel support - has been removed. - * Added support to Direct Routing & Tunneling. - * Review the keepalived.init script to be much more generic. + * keepalived-0.3.8 released. + * Added support to native IPTABLE LVS CODE + => using NAT on 2.4 kernel ipchains kernel support + has been removed. + * Added support to Direct Routing & Tunneling. + * Review the keepalived.init script to be much more generic. 2001-09-14 Alexandre Cassen * keepalived-0.4.1 released. @@ -2492,50 +8698,50 @@ 2001-07-15 Alexandre Cassen * keepalived-0.3.5 released. - * Rewrite the whole signal handling, registering a terminating - thread on signal. - * Move logsystem to syslog using facility LOG_INFO & LOG_DEBUG. - * Added a daemonization function imported from zebra. - * Rewrite the pidfile handling, check if daemon is running, if not - remove eventual stalled pidfile and create new pidfile. - * Added a strong scheduling framework based on an I/O multiplexer - to handle asynchronous process. This code is imported from zebra - and have been enhanced for keepalived purposes. - - Thread types are : - . timeouted read on fd. - . timeouted write on fd. - . timer. - . event. - . terminate event. - - => The zebra framework have been enhanced to add support for timeouted - read/write fds. - - => With this framework keepalived use a Boss/Worker thread model design, - fetching ready thread from a master threading queues. - - * Rewrite the configuration file reader to add flexibility on extending. - The dynamic data structure has been rewritten to use apropriate types. - Right now parsing framework is ready for easy new checker structures - integration. - * Rewrite the smtp connector. The implementation take advantage of the - I/O multiplexer. All read/write operations from/to the remote smtp server - are done asynchronously. The implementation is rfc 821 compliant (multiple - receiver are handled by a multiple RCPT TO command as specified in rfc821.3.1). - * Rewrite the IPFW & IPVS wrappers. - * Added support for NAT mask on IP MASQ rules (keyword nat_mask in configuration - file). Added support for sorry server facility, so when all the server from a - VS server pool are removed, a sorry server is automaticaly added to the VS pool - (typically this is used when you have a spare server online). - * Rewrite the previous checkers. Checkers are now based on a hierarchic layer - stack framework. The protocol implemented for the moment is TCP. All layer 5 - checkers are using layer4.c primitives with the same design : - - . a checker connector thread (creating the socket) registering the connection - checker thread. - . a connection checker thread testing connection states (error, in_progress, - timeout, success). When connection success upper level thread are registered - to handle checks. - * Delay loop is now checkers specifics since we can use a multithreaded framework. - * Update the PDF documentation file. + * Rewrite the whole signal handling, registering a terminating + thread on signal. + * Move logsystem to syslog using facility LOG_INFO & LOG_DEBUG. + * Added a daemonization function imported from zebra. + * Rewrite the pidfile handling, check if daemon is running, if not + remove eventual stalled pidfile and create new pidfile. + * Added a strong scheduling framework based on an I/O multiplexer + to handle asynchronous process. This code is imported from zebra + and have been enhanced for keepalived purposes. + + Thread types are : + . timeouted read on fd. + . timeouted write on fd. + . timer. + . event. + . terminate event. + + => The zebra framework have been enhanced to add support for timeouted + read/write fds. + + => With this framework keepalived use a Boss/Worker thread model design, + fetching ready thread from a master threading queues. + + * Rewrite the configuration file reader to add flexibility on extending. + The dynamic data structure has been rewritten to use apropriate types. + Right now parsing framework is ready for easy new checker structures + integration. + * Rewrite the smtp connector. The implementation take advantage of the + I/O multiplexer. All read/write operations from/to the remote smtp server + are done asynchronously. The implementation is rfc 821 compliant (multiple + receiver are handled by a multiple RCPT TO command as specified in rfc821.3.1). + * Rewrite the IPFW & IPVS wrappers. + * Added support for NAT mask on IP MASQ rules (keyword nat_mask in configuration + file). Added support for sorry server facility, so when all the server from a + VS server pool are removed, a sorry server is automaticaly added to the VS pool + (typically this is used when you have a spare server online). + * Rewrite the previous checkers. Checkers are now based on a hierarchic layer + stack framework. The protocol implemented for the moment is TCP. All layer 5 + checkers are using layer4.c primitives with the same design : + + . a checker connector thread (creating the socket) registering the connection + checker thread. + . a connection checker thread testing connection states (error, in_progress, + timeout, success). When connection success upper level thread are registered + to handle checks. + * Delay loop is now checkers specifics since we can use a multithreaded framework. + * Update the PDF documentation file. diff --git a/tools/keepalived/Dockerfile b/tools/keepalived/Dockerfile new file mode 100644 index 000000000..fde4be1f2 --- /dev/null +++ b/tools/keepalived/Dockerfile @@ -0,0 +1,54 @@ +FROM alpine:3.5 +MAINTAINER Bertrand Gouny + +# add keepalived sources to /tmp/keepalived-sources +ADD . /tmp/keepalived-sources + +# Add keepalived default script user to make sure their IDs get assigned consistently, +# regardless of whatever dependencies get added +RUN addgroup -S keepalived_script && adduser -D -S -G keepalived_script keepalived_script + +# 1. install required libraries and tools +# 2. compile and install keepalived +# 3. remove keepalived sources and unnecessary libraries and tools +RUN apk --no-cache add \ + gcc \ + ipset \ + ipset-dev \ + iptables \ + iptables-dev \ + libnfnetlink \ + libnfnetlink-dev \ + libnl3 \ + libnl3-dev \ + make \ + musl-dev \ + openssl \ + openssl-dev \ + autoconf \ + + && cd /tmp/keepalived-sources \ + && ./configure --disable-dynamic-linking \ + && make && make install \ + && cd - \ + + && rm -rf /tmp/keepalived-sources \ + && apk --no-cache del \ + gcc \ + ipset-dev \ + iptables-dev \ + libnfnetlink-dev \ + libnl3-dev \ + make \ + musl-dev \ + openssl-dev \ + autoconf + +ADD docker/keepalived.conf /usr/local/etc/keepalived/keepalived.conf + +# set keepalived as image entrypoint with --dont-fork and --log-console (to make it docker friendly) +# define /usr/local/etc/keepalived/keepalived.conf as the configuration file to use +ENTRYPOINT ["/usr/local/sbin/keepalived","--dont-fork","--log-console", "-f","/usr/local/etc/keepalived/keepalived.conf"] + +# example command to customise keepalived daemon: +# CMD ["--log-detail","--dump-conf"] diff --git a/tools/keepalived/INSTALL b/tools/keepalived/INSTALL index 5b2d25ecb..e140ed371 100644 --- a/tools/keepalived/INSTALL +++ b/tools/keepalived/INSTALL @@ -1,56 +1,251 @@ -Kernel needing +Kernel needs ============== Compile a kernel with the following options : Kernel/User netlink socket - Network firewalls (for Kernel 2.2) LinuxVirtualServer - Keepalived support all LVS code : including IPVS code for kernel 2.2 - and kernel 2.4 + Keepalived supports all LVS code. -Libraries dependency +Library dependencies ==================== In order to compile Keepalived needs the following libraries : * OpenSSL, - * popt + +Linux flavours +============== + +RedHat based systems (RedHat Enterprise/CentOS/Fedora) +------------------------------------------------------ +The following build packages are needed: + make + autoconf automake (to build from git source tree rather than tarball) +The following libraries need to be installed: + openssl-devel libnl3-devel ipset-devel iptables-devel +For magic file identification support: + file-devel +For SNMP support: + net-snmp-devel +For DBUS support: + glib2-devel +For JSON support: + json-c-devel +For PCRE support + pcre2-devel +For nftables support + libnftnl-devel libmnl-devel + +For building the documentation, the following packages need to be installed: + Fedora: python-sphinx (will pull in: python2-sphinx_rtd_theme) + CentOS-and-friends: python-sphinx epel-release python-sphinx_rtd_theme + For latex or pdf files, the following are also needed: + Fedora: latexmk python-sphinx-latex + CentOS-and-friends: latexmk texlive texlive-titlesec texlive-framed texlive-threeparttable texlive-wrapfig texlive-multirow + +Debian/Ubuntu +------------- +For building packages: + build-essential pkg-config, and to build from git repo automake autoconf +The following libraries need to be installed: + iptables-dev libipset-dev libnl-3-dev libnl-genl-3-dev libssl-dev +For magic file identification support: + libmagic-dev +For SNMP support: + libsnmp-dev +For DBUS support: + libglib2.0-dev +For JSON support: + libjson-c-dev +For PCRE support: + libpcre2-dev +For nftables support + libnftnl-dev libmnl-dev + +For building the documentation, the following packages need to be installed: + python-sphinx python-sphinx-rtd-theme + For latex or pdf files, the following are also needed: + texlive-latex-base texlive-generic-extra texlive-latex-recommended texlive-fonts-recommended texlive-latex-extra + +Alpine Linux +------------ +The following libraries need to be installed: + iptables-dev ipset-dev libnl3-dev musl-dev libnftnl-dev and openssl-dev or libressl-dev +For magic file identification support: + file-dev +For SNMP support: + net-snmp-dev (requires libressl-dev and not openssl-dev) +For PCRE support + pcre2-dev + +For building the documentation, the following packages need to be installed: + py-sphinx py3-sphinx_rtd_theme + For latex or pdf files, you'll need texlive or similar, which is not yet + available as a distro package. + + +Archlinux +--------- +Run the following to install the required libraries: + pacman -S ipset libnl1 +For magic file identification support: + TDB +For SNMP support: + pacman -S net-snmp +for PCRE support: + pcre-2 (may be installed by default) + +For building the documentation, the following packages need to be installed: + python-sphinx python-sphinx_rtd_theme + For latex or pdf files, the following are also needed: + texlive-core texlive-bin texlive-latexextra + +Kernel configuration requirements +--------------------------------- +The following list is probably incomplete, and will be updated as other +options become known. + +BPF +EPOLL +SIGNALFD +TIMERFD +SYSCTL +PROC_FS +INET +IP_MULTICAST +IPV6 +IP_VS (unless --disable-lvs is specified) + IP_VS suboptions to match the real_server/virtual_server configuration +NETFILTER_XTABLES - if strict_mode or no_accept. + NETFILTER_XT options and IP_SET +NF_TABLES and associated components - to use nftables for strict_mode or no_accept +IP_ADVANCED_ROUTER and various associated options if static/dynamic routes specified +FIB_RULES if static or dynamic rules are specified + +Installing from a git repo +========================== +To install from a git repo, execute: + 1. Ensure you have autoconf and automake installed + 2. git clone http://github.com/acassen/keepalived + 3. cd keepalived + 4. ./build_setup # generate the autoconf and automake environment + 5. Follow the instructions below for Installation, omitting the first two steps. Installation ============ - 1. uncompress the tarball + 1. tar -xf TARFILE 2. cd into the directory 3. './configure' 4. 'make' 5. 'make install'. This will install keepalived on your system, binaries and configuration file : * keepalived : The keepalived daemon program. - * genhash : The MD5 url digest generator. You need it to + * genhash : The MD5 url digest generator. You need it to configure HTTP GET check and SSL GET check in order to compute MD5SUM digest etalon. * /etc/keepalived/keepalived.conf - 6. link keepalived.init into your runlevel directory. On redhat systems : + 6. link keepalived.init into your runlevel directory. On Red Hat systems : ln -s /etc/rc.d/init.d/keepalived.init /etc/rc.d/rc3.d/S99keepalived - By default configure script use /usr/local as base directory. You can change - this value to your own by passing --prefix value to configure script + By default the configure script uses /usr/local as base directory. You can + change this value to your own by passing it the --prefix value. eg: './configure --prefix=/usr/' +Building RPM files +================== + + If building from tarball: + 1a. tar -xf TARFILE + 1b. cd into the directory + + If building from git clone: + 1. ./build_setup + + For tarball and git + 2. ./configure + 3. make rpm + + The .rpm files will be created in directory `rpm --eval "%{_rpmdir}"`/ARCH + +Modifying source code +===================== + +If you modify the source code, especially configure.ac or any Makefile.am +file, you will need to regenerate the build files. Keepalived uses automake +and so you will need to have automake and autoconf installed. + Configuration ============= - Just take a look to the /etc/keepalived/keepalived.conf file installed. - It will give you all the informations needed. If you want more informations - considering keepalived, please refer to the keepalived homepage into the - documentation section. + Just take a look at the /etc/keepalived/keepalived.conf file installed. + It will give you all the information needed. Alternativley, run + 'man keepalived.conf' or look at doc/keepalived.conf.SYNOPSIS. + If you want more information about keepalived, please refer to the + keepalived homepage into the documentation section. http://www.keepalived.org +Creating a docker container +=========================== +There is a very useful github project maintained by osixia for building a +docker container with keepalived. + +To use, run the following: +git clone https://github.com/osixia/docker-keepalived.git +cd docker-keepalived +make build +docker run --name keepalived --cap-add=NET_ADMIN --net=host \ + --env KEEPALIVED_INTERFACE=eth0 -d osixia/keepalived:1.3.5 \ + # or whatever version of keepalived you have + +To update the keepalived source code, put a new tarball in the image +directory (the Dockerfile may need updating with a new version). + +Useful docker commands are: +docker logs keepalvied 2>&1 | lessa # view system logs of container +docker exec it keepalived bash # execute shell in container +docker rm -f keepalived # Remove the container + +keepalived is unable to load the ip_tables, ip6_tables, xt_set and ip_vs +modules from within the container, so ensure they are already loaded in +the host system. + +To generate a core file in the root filesystem of the container, +/proc/sys/kernel/core_pattern needs to be updated in the host system, +and not from the container (or in other words the -M option to keepalived +does not work within a container. Installing gdb in the container (edit +the image/Dockerfile to add it before make build) may be helpful if you +need to examine core files in the container. + + +Running in an AWS container +=========================== +The VRRP protocol is not enabled in AWS security groups. If you are using AWS, +create a rule in the AWS security group. The rule should be "Custom Protocol" +and value should be "112" (the VRRP protocol number). All ports should be opened. + + +Running with SElinux +==================== +If the system running keepalived has SElinux enabled in enforcing mode, keepalived +may have difficulty running scripts, accessing configuration files, etc, especially +if keepalived is being started by systemd. + +By default, scripts should be located in /usr/libexec/keepalived, or alternatively, +to set the necessary security context for a script, execute: +chcon -t keepalived_unconfined_script_exec_t PATH_TO_SCRIPT + +See + https://www.mankier.com/8/keepalived_selinux and + https://www.mankier.com/8/keepalived_unconfined_script_selinux +for further details of SElinux and keepalived. + + Have fun with it ! Alexandre, diff --git a/tools/keepalived/Makefile.am b/tools/keepalived/Makefile.am new file mode 100644 index 000000000..2b44bb356 --- /dev/null +++ b/tools/keepalived/Makefile.am @@ -0,0 +1,80 @@ +# Makefile.am +# +# Keepalived OpenSource project. +# +# Copyright (C) 2001-2017 Alexandre Cassen, + +export DEBUG_CFLAGS +export DEBUG_CPPFLAGS +export DEBUG_LDFLAGS + +edit = echo " EDIT $@"; \ + sed -e "/^\[\!\[/d" + +SUBDIRS = lib keepalived doc + +if BUILD_GENHASH + SUBDIRS += genhash +endif + +SUBDIRS += bin_install + +EXTRA_DIST = AUTHOR CONTRIBUTORS snap README.md build_setup + +doc_DATA = README + +MOSTLYCLEANFILES = README + +MAINTAINERCLEANFILES = @MAINTAINERCLEANFILES@ + +README: $(srcdir)/README.md + @$(edit) '$(srcdir)/$@.md' >$@ + +distclean-local: + @rm -f aclocal.m4 ar-lib compile depcomp install-sh missing keepalived-$(VERSION).tar.gz config.log config.status + @rm -rf autom4te.cache + +dist-hook: + @rm -f $(distdir)/README + +.PHONY: docker +docker: + docker build -t keepalived . + +# clean all files that are generated by automake/autoconf etc +autoclean: + @$(MAKE) distclean + @rm -f configure `find . -name Makefile.in` lib/config.h.in lib/git-commit.h + +git-clean: + @$(MAKE) autoclean + +clean-local: clean-local-snap + +# clean files that are generated by snapcraft +.PHONY: clean-local-snap +clean-local-snap: + -rm -rf parts/ prime/ stage/ keepalived_*.snap + +# Added targets to maintain compatibility with keepalived releases 1.2.22 and earlier +.PHONY: tarball rpm debug profile mrproper + +tarball: dist + +@RPM_TRUE@rpm: +@RPM_TRUE@ @$(MAKE) dist +@RPM_TRUE@ @cp -p keepalived-$(VERSION).tar.gz `rpm --eval "%{_sourcedir}"` +@RPM_TRUE@@RPM_BIP_TRUE@ rpmbuild -ba --build-in-place keepalived.spec +@RPM_TRUE@@RPM_BIP_FALSE@ rpmbuild -ba keepalived.spec + +debug: + @$(MAKE) DEBUG_LDFLAGS=-ggdb + +profile: + @$(MAKE) DEBUG_CFLAGS=-pg + +mrproper: + @echo Please use `make distclean` + +AM_DISTCHECK_CONFIGURE_FLAGS = \ + --with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir) diff --git a/tools/keepalived/Makefile.in b/tools/keepalived/Makefile.in index 749bf9141..1240c6292 100644 --- a/tools/keepalived/Makefile.in +++ b/tools/keepalived/Makefile.in @@ -1,62 +1,887 @@ -# Makefile +# Makefile.in generated by automake 1.13.4 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# Makefile.am # # Keepalived OpenSource project. # -# Copyright (C) 2001-2012 Alexandre Cassen, +# Copyright (C) 2001-2017 Alexandre Cassen, + +VPATH = @srcdir@ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +@BUILD_GENHASH_TRUE@am__append_1 = genhash +subdir = . +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ + $(top_srcdir)/configure $(am__configure_deps) \ + $(srcdir)/keepalived.spec.in COPYING ChangeLog INSTALL README \ + TODO ar-lib depcomp install-sh missing +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ + configure.lineno config.status.lineno +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/lib/config.h \ + $(top_builddir)/lib/config_warnings.h +CONFIG_CLEAN_FILES = keepalived.spec +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(docdir)" +DATA = $(doc_DATA) +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ + cscope distdir dist dist-all distcheck +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +CSCOPE = cscope +DIST_SUBDIRS = lib keepalived doc genhash bin_install +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +distdir = $(PACKAGE)-$(VERSION) +top_distdir = $(distdir) +am__remove_distdir = \ + if test -d "$(distdir)"; then \ + find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ + && rm -rf "$(distdir)" \ + || { sleep 5 && rm -rf "$(distdir)"; }; \ + else :; fi +am__post_remove_distdir = $(am__remove_distdir) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +DIST_ARCHIVES = $(distdir).tar.gz +GZIP_ENV = --best +DIST_TARGETS = dist-gzip +distuninstallcheck_listfiles = find . -type f -print +am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ + | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' +distcleancheck_listfiles = find . -type f -print +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ARFLAGS = @ARFLAGS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFAULT_CONFIG_FILE = @DEFAULT_CONFIG_FILE@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +GENHASH_LIBS = @GENHASH_LIBS@ +GREP = @GREP@ +HAVE_RPM = @HAVE_RPM@ +HAVE_RPMBUILD = @HAVE_RPMBUILD@ +HAVE_SPHINX_BUILD = @HAVE_SPHINX_BUILD@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +KA_CFLAGS = @KA_CFLAGS@ +KA_CPPFLAGS = @KA_CPPFLAGS@ +KA_LDFLAGS = @KA_LDFLAGS@ +KA_LIBS = @KA_LIBS@ +LDD = @LDD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAINTAINERCLEANFILES = @MAINTAINERCLEANFILES@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NETSNMP_CONFIG = @NETSNMP_CONFIG@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PID_DIR = @PID_DIR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SNMP_SERVICE = @SNMP_SERVICE@ +SPHINXBUILDNAME = @SPHINXBUILDNAME@ +STRIP = @STRIP@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build_alias = @build_alias@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host_alias = @host_alias@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +edit = echo " EDIT $@"; \ + sed -e "/^\[\!\[/d" + +SUBDIRS = lib keepalived doc $(am__append_1) bin_install +EXTRA_DIST = AUTHOR CONTRIBUTORS snap README.md build_setup +doc_DATA = README +MOSTLYCLEANFILES = README +AM_DISTCHECK_CONFIGURE_FLAGS = \ + --with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir) + +all: all-recursive + +.SUFFIXES: +am--refresh: Makefile + @: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \ + $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + echo ' $(SHELL) ./config.status'; \ + $(SHELL) ./config.status;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + $(SHELL) ./config.status --recheck + +$(top_srcdir)/configure: $(am__configure_deps) + $(am__cd) $(srcdir) && $(AUTOCONF) +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) +$(am__aclocal_m4_deps): +keepalived.spec: $(top_builddir)/config.status $(srcdir)/keepalived.spec.in + cd $(top_builddir) && $(SHELL) ./config.status $@ +install-docDATA: $(doc_DATA) + @$(NORMAL_INSTALL) + @list='$(doc_DATA)'; test -n "$(docdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(docdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(docdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(docdir)" || exit $$?; \ + done + +uninstall-docDATA: + @$(NORMAL_UNINSTALL) + @list='$(doc_DATA)'; test -n "$(docdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(docdir)'; $(am__uninstall_files_from_dir) + +# This directory's subdirectories are mostly independent; you can cd +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-recursive +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-recursive + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscope: cscope.files + test ! -s cscope.files \ + || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS) +clean-cscope: + -rm -f cscope.files +cscope.files: clean-cscope cscopelist +cscopelist: cscopelist-recursive + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + -rm -f cscope.out cscope.in.out cscope.po.out cscope.files + +distdir: $(DISTFILES) + $(am__remove_distdir) + test -d "$(distdir)" || mkdir "$(distdir)" + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-hook + -test -n "$(am__skip_mode_fix)" \ + || find "$(distdir)" -type d ! -perm -755 \ + -exec chmod u+rwx,go+rx {} \; -o \ + ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ + || chmod -R a+r "$(distdir)" +dist-gzip: distdir + tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + $(am__post_remove_distdir) + +dist-bzip2: distdir + tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 + $(am__post_remove_distdir) + +dist-lzip: distdir + tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz + $(am__post_remove_distdir) + +dist-xz: distdir + tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz + $(am__post_remove_distdir) + +dist-tarZ: distdir + tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z + $(am__post_remove_distdir) + +dist-shar: distdir + shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz + $(am__post_remove_distdir) + +dist-zip: distdir + -rm -f $(distdir).zip + zip -rq $(distdir).zip $(distdir) + $(am__post_remove_distdir) + +dist dist-all: + $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:' + $(am__post_remove_distdir) + +# This target untars the dist file and tries a VPATH configuration. Then +# it guarantees that the distribution is self-contained by making another +# tarfile. +distcheck: dist + case '$(DIST_ARCHIVES)' in \ + *.tar.gz*) \ + GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ + *.tar.bz2*) \ + bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ + *.tar.lz*) \ + lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ + *.tar.xz*) \ + xz -dc $(distdir).tar.xz | $(am__untar) ;;\ + *.tar.Z*) \ + uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ + *.shar.gz*) \ + GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ + *.zip*) \ + unzip $(distdir).zip ;;\ + esac + chmod -R a-w $(distdir) + chmod u+w $(distdir) + mkdir $(distdir)/_build $(distdir)/_inst + chmod a-w $(distdir) + test -d $(distdir)/_build || exit 0; \ + dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ + && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ + && am__cwd=`pwd` \ + && $(am__cd) $(distdir)/_build \ + && ../configure --srcdir=.. --prefix="$$dc_install_base" \ + $(AM_DISTCHECK_CONFIGURE_FLAGS) \ + $(DISTCHECK_CONFIGURE_FLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) dvi \ + && $(MAKE) $(AM_MAKEFLAGS) check \ + && $(MAKE) $(AM_MAKEFLAGS) install \ + && $(MAKE) $(AM_MAKEFLAGS) installcheck \ + && $(MAKE) $(AM_MAKEFLAGS) uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ + distuninstallcheck \ + && chmod -R a-w "$$dc_install_base" \ + && ({ \ + (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ + distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ + } || { rm -rf "$$dc_destdir"; exit 1; }) \ + && rm -rf "$$dc_destdir" \ + && $(MAKE) $(AM_MAKEFLAGS) dist \ + && rm -rf $(DIST_ARCHIVES) \ + && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ + && cd "$$am__cwd" \ + || exit 1 + $(am__post_remove_distdir) + @(echo "$(distdir) archives ready for distribution: "; \ + list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ + sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' +distuninstallcheck: + @test -n '$(distuninstallcheck_dir)' || { \ + echo 'ERROR: trying to run $@ with an empty' \ + '$$(distuninstallcheck_dir)' >&2; \ + exit 1; \ + }; \ + $(am__cd) '$(distuninstallcheck_dir)' || { \ + echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \ + exit 1; \ + }; \ + test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \ + || { echo "ERROR: files left after uninstall:" ; \ + if test -n "$(DESTDIR)"; then \ + echo " (check DESTDIR support)"; \ + fi ; \ + $(distuninstallcheck_listfiles) ; \ + exit 1; } >&2 +distcleancheck: distclean + @if test '$(srcdir)' = . ; then \ + echo "ERROR: distcleancheck can only run from a VPATH build" ; \ + exit 1 ; \ + fi + @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ + || { echo "ERROR: files left in build directory after distclean:" ; \ + $(distcleancheck_listfiles) ; \ + exit 1; } >&2 +check-am: all-am +check: check-recursive +all-am: Makefile $(DATA) +installdirs: installdirs-recursive +installdirs-am: + for dir in "$(DESTDIR)$(docdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + -test -z "$(MOSTLYCLEANFILES)" || rm -f $(MOSTLYCLEANFILES) + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." + -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) +clean: clean-recursive + +clean-am: clean-generic clean-local mostlyclean-am + +distclean: distclean-recursive + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-local \ + distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: -TARFILES = AUTHOR bin ChangeLog configure configure.in CONTRIBUTORS COPYING \ - doc genhash INSTALL install-sh keepalived keepalived.spec.in lib Makefile.in \ - README TODO VERSION +info: info-recursive -TARBALL = keepalived-@VERSION@.tar.gz +info-am: -all: - $(MAKE) -C lib || exit 1; - $(MAKE) -C keepalived - $(MAKE) -C genhash - @echo "" - @echo "Make complete" +install-data-am: install-docDATA + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -rf $(top_srcdir)/autom4te.cache + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: uninstall-docDATA + +.MAKE: $(am__recursive_targets) install-am install-strip + +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ + am--refresh check check-am clean clean-cscope clean-generic \ + clean-local cscope cscopelist-am ctags ctags-am dist dist-all \ + dist-bzip2 dist-gzip dist-hook dist-lzip dist-shar dist-tarZ \ + dist-xz dist-zip distcheck distclean distclean-generic \ + distclean-local distclean-tags distcleancheck distdir \ + distuninstallcheck dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am \ + install-docDATA install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ + pdf-am ps ps-am tags tags-am uninstall uninstall-am \ + uninstall-docDATA + + +export DEBUG_CFLAGS +export DEBUG_CPPFLAGS +export DEBUG_LDFLAGS + +README: $(srcdir)/README.md + @$(edit) '$(srcdir)/$@.md' >$@ + +distclean-local: + @rm -f aclocal.m4 ar-lib compile depcomp install-sh missing keepalived-$(VERSION).tar.gz config.log config.status + @rm -rf autom4te.cache + +dist-hook: + @rm -f $(distdir)/README + +.PHONY: docker +docker: + docker build -t keepalived . + +# clean all files that are generated by automake/autoconf etc +autoclean: + @$(MAKE) distclean + @rm -f configure `find . -name Makefile.in` lib/config.h.in lib/git-commit.h + +git-clean: + @$(MAKE) autoclean + +clean-local: clean-local-snap + +# clean files that are generated by snapcraft +.PHONY: clean-local-snap +clean-local-snap: + -rm -rf parts/ prime/ stage/ keepalived_*.snap + +# Added targets to maintain compatibility with keepalived releases 1.2.22 and earlier +.PHONY: tarball rpm debug profile mrproper + +tarball: dist + +@RPM_TRUE@rpm: +@RPM_TRUE@ @$(MAKE) dist +@RPM_TRUE@ @cp -p keepalived-$(VERSION).tar.gz `rpm --eval "%{_sourcedir}"` +@RPM_TRUE@@RPM_BIP_TRUE@ rpmbuild -ba --build-in-place keepalived.spec +@RPM_TRUE@@RPM_BIP_FALSE@ rpmbuild -ba keepalived.spec debug: - $(MAKE) -C lib || exit 1; - $(MAKE) -C keepalived debug - @echo "" - @echo "Make complete" + @$(MAKE) DEBUG_LDFLAGS=-ggdb profile: - $(MAKE) -C lib || exit 1; - $(MAKE) -C keepalived profile - @echo "" - @echo "Make complete" - -clean: - $(MAKE) -C lib clean - $(MAKE) -C keepalived clean - $(MAKE) -C genhash clean - -distclean: - $(MAKE) -C lib distclean - $(MAKE) -C keepalived distclean - $(MAKE) -C genhash distclean - rm -f Makefile - rm -f keepalived.spec - -mrproper: distclean - rm -f config.* - -uninstall: - $(MAKE) -C keepalived uninstall - $(MAKE) -C genhash uninstall - -install: - $(MAKE) -C keepalived install - $(MAKE) -C genhash install - -tarball: mrproper - mkdir keepalived-@VERSION@ - cp -a $(TARFILES) keepalived-@VERSION@ - tar --exclude .git -czf $(TARBALL) keepalived-@VERSION@ - rm -rf keepalived-@VERSION@ - -rpm: - rpmbuild -ba keepalived.spec + @$(MAKE) DEBUG_CFLAGS=-pg + +mrproper: + @echo Please use `make distclean` + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/tools/keepalived/README b/tools/keepalived/README deleted file mode 100644 index 153816e86..000000000 --- a/tools/keepalived/README +++ /dev/null @@ -1,25 +0,0 @@ -The main goal of the keepalived project is to add a strong & robust -keepalive facility to the Linux Virtual Server project. -It implements a multilayer TCP/IP stack checks. Keepalived implements -a framework based on three family checks : Layer3, Layer4 & Layer5. -This framework gives the daemon the ability of checking a LVS server -pool states. Keepalived can be sumarize as a LVS driving daemon. - -Keepalived implementation is based on an I/O multiplexer to handle a -strong multi-threading framework. All the events process use this I/O -multiplexer. - -Keepalived is free software, Copyright (C) Alexandre Cassen. -See the file COPYING for copying conditions. - - -OPENSSL TOOLKIT LICENCE EXCEPTION - -In addition, as the copyright holder of Keepalived, -I, Alexandre Cassen, , -grant the following special exception: - - I, Alexandre Cassen, , explicitly allow - the compilation and distribution of the Keepalived software with - the OpenSSL Toolkit. - diff --git a/tools/keepalived/README.md b/tools/keepalived/README.md new file mode 100644 index 000000000..49ea1b12b --- /dev/null +++ b/tools/keepalived/README.md @@ -0,0 +1,42 @@ +keepalived: Loadbalancing & High-Availability +============================================= + +[![Build Status](https://travis-ci.org/acassen/keepalived.svg?branch=master)](https://travis-ci.org/acassen/keepalived) [![keepalived](https://snapcraft.io/keepalived/badge.svg)](https://snapcraft.io/keepalived) + +The main goal of this project is to provide simple and robust facilities +for loadbalancing and high-availability to Linux system and Linux based +infrastructures. Loadbalancing framework relies on well-known and widely +used Linux Virtual Server (IPVS) kernel module providing Layer4 loadbalancing. +Keepalived implements a set of checkers to dynamically and adaptively maintain +and manage loadbalanced server pool according their health. On the other hand +high-availability is achieved by the Virtual Router Redundancy Protocol (VRRP). +VRRP is a fundamental brick for router failover. In addition, Keepalived +implements a set of hooks to the VRRP finite state machine providing low-level +and high-speed protocol interactions. In order to offer fastest network +failure detection, Keepalived implements the Bidirectional Forwarding Detection +(BFD) protocol. VRRP state transition can take into account BFD hints to drive +fast state transition. Keepalived frameworks can be used independently or all +together to provide resilient infrastructures. + +Keepalived implementation is based on an I/O multiplexer to handle a +strong multi-threading framework. All the events process use this I/O +multiplexer. + +To build keepalived from the git source tree, you will need to have +autoconf, automake and various libraries installed. See the INSTALL +file for details of what needs to be installed and what needs to be +executed before building keepalived. + +Keepalived is free software, Copyright (C) Alexandre Cassen. +See the file COPYING for copying conditions. + +OPENSSL TOOLKIT LICENCE EXCEPTION + +In addition, as the copyright holder of Keepalived, +I, Alexandre Cassen, , +grant the following special exception: + + I, Alexandre Cassen, , explicitly allow + the compilation and distribution of the Keepalived software with + the OpenSSL Toolkit. + diff --git a/tools/keepalived/TODO b/tools/keepalived/TODO index 52801f45a..cab84bcf5 100644 --- a/tools/keepalived/TODO +++ b/tools/keepalived/TODO @@ -1 +1,154 @@ Whatever you want ! + +Real servers +Add quorum_weight, defaults to weight. May want to set different between quorum and IPVS weight + +Rationalise use of timer_now()/gettimeofday()/set_time_now() + + +virtual route: +1. How do we handle + virtual_routes { + 192.168.210.0/24 via 10.1.0.1 + } + if there is no route to 10.1.0.1? If we go to fault state if it cannot + be installed when attempt to transition to master, how do we know to transiton + out of fault state. + + +IPVS +1. Can we have an IPv4 fwmark and specify tunnel to IPv6, and vice versa etc. + What does ipvsadm do? +2. Sort out IP_VS_SO vs LVS_CMD... +3. Make sure log/email messages contain relevant info re VS -> RS. See FMT_CHK + +The following are still outstanding from the ideas for what became v2.0.0: + + * Sort out termination in vrrp and checker - stop_vrrp/check, and phase2 + are inconsistent between vrrp and checker. What about bfd? + * A route with multiple nexthops will only be deleted if all interfaces + are down. Each nexthop needs to record the interface, and only remove + once all down + * Don't add RTNMGRP_IPV4_ADDR/IPV6_ADDR if not monitoring one of those + families + * May want to stop VS down at start for alpha mode RSs (except SNMP) + * Rate limit respawning if a child process dies + * Have a socket to connect to for receiving notifications. A process + can register for what notifications it wants to receive. + * Allow variable parameters to be passed to scripts - see issue #837 + * Make tarball include git version if not a tag + * If an address owner recovers from fault, transition directly to + master + * If configuration_state=MASTER && !OWNER, transition to master after + 1 * advert_int + skew. Sort out all initialisation around states + * Split vrrp_snmp.c into vrrp_snmp_keepalived.c vrrp_snmp_rfcv2.c and + vrrp_snmp_rfcv3.c + * Only send correct type of trap, and respond to correct SNMP version, + controlled by config, defaults to type of instance. Flags snmp_v2 and + snmp_v3 to force other, or both. + * Ensure unicast peers groups check source address of received advert + so that the same VRID can be used between different peer groups on the + same interface. + * Add process checking: + Add track_process for vrrp instances + Add PROCESS_CHECK for checkers + - Find PID and remember it. If PID has gone, try and find new pid + Look at how pidof/killall find processes + * Allow dynamic definitions, e.g. $_VI_NAME + Also $*_INSTANCE net_namspace $_INSTANCE + so $* means only do if $_INSTANCE not blank. */ + * ng-scheduler + + +Other issues awaiting resolution: + +ipvs_group_range_cmd() appears nonsense, and inet_stor returning a uint8_t +doesn't work for IPv6. The virtual_service_entry_t thing needs range to be +uint32_t. Why would mask be 0xffffffff for IPv6? + +ip_vs_daemon_kern vs /usr/include/linux/ip_vs.h ip_vs_daemon_user + +vrrp_timer_fd should return 0 if an fd's timer is in the past? + +Make vrrp->send_buffer a single buffer for all + +Check timers passto to thread_... functions are reasonable, and stacktrace if not. + +In function socket_state, should thread_add_write use timer_long() or -timer_long() + +vrrp_timer_fd() - see comment + +In thread functions with a timer, ensure not > LONG_MAX (or even some lower value); + +Change tcp_socket_state etc to socket_state etc + +Add noreturn function attribute on stop_vrrp/check + +bin/genhash -s 2001:470:69dd:35::188 --port 80 -u /Harriet/ # works, but +bin/genhash -s 2001:470:69dd:35::188 --port 80 -u /Harriet/ # -S doesn't + # but -S is OK with IPv4 address + +in ipvswrapper.c, get rid of static srule etc and make them procedure local and pass as parameters + +Stop passing base_ifp to netlink3_set_interface_parameters() etc + +ipsecah issues +============== +1. sync and vmac ignore counter + +2. Start up just after master dies, but have lowest priority so become master with counter == 1 + +3. cycle won't happen + +4. In vrrp_backup, don't check auth type matches + +5. ? if cycle becomes set, we must become backup. How do we get out of state? + +epoll +===== +Use timerfd (see timerfd_create(2)) for microsecond timing with epoll, and do not bother with its timeout. +If not available, then simply use the epoll timer. + +Optimise calls to timer_now() and see set_time_now() +==================================================== +After select completes, get time. Before calculating next +select expire time, get time again. +To test time processing, save time after select and log time taken +before next select. Also initialise timer at startup. + +Add api +======= + +Add pipe for updates +==================== +track_script like for absolute or relative priority + +Upstream issues +=============== + +1. Kernel. Socket receive buffers growing to fill memory + See issue #839. If the following setting are in place: +net.core.rmem_default = 37748736 +net.core.rmem_max = 37748736 + and vrrp_tx_bufs_policy NO_SEND_RX is configured, then + all system memory can be consumed. Why is it not limited + to 37748736 bytes? + +2. Kernel. Corruption when netlink sends status of large number + of links - see issues #392/#803. + When using default socket receive buffer size, and have 500 + vmac interfaces configured on a physical interface and the + physical interface is downed, lots of netlink messages are + received, and we get an ENOBUFS. However, after that we then + see a repeat of some of the earlier messages, so it looks like + a circular buffer corruption. Running ip -ts monitor link addr route + we see precisely the same problem at exactly the same message, + although which message it is varies each time. + +3. net-snmp. Display-hint only works on indices. + See issue #866. + # snmpwalk -v2c -c public localhost KEEPALIVED-MIB::virtualServerAddress + KEEPALIVED-MIB::virtualServerAddress.1 = STRING: " +0," + The address is attempted to be output as text, rather than using + the display hint diff --git a/tools/keepalived/VERSION b/tools/keepalived/VERSION deleted file mode 100644 index 0b1f1edf1..000000000 --- a/tools/keepalived/VERSION +++ /dev/null @@ -1 +0,0 @@ -1.2.13 diff --git a/tools/keepalived/bin_install/Makefile.am b/tools/keepalived/bin_install/Makefile.am new file mode 100644 index 000000000..73924de0e --- /dev/null +++ b/tools/keepalived/bin_install/Makefile.am @@ -0,0 +1,36 @@ +# Makefile.am +# +# Keepalived OpenSource project. +# +# Copyright (C) 2001-2016 Alexandre Cassen, + +.PHONY: all debug profile + +all debug profile: $(top_builddir)/bin/keepalived $(top_builddir)/bin/genhash + +$(top_builddir)/bin/keepalived: $(top_builddir)/keepalived/keepalived + @$(MKDIR_P) $(top_builddir)/bin + @(if test -f $(top_builddir)/keepalived/keepalived; then \ + if test -z "$(DEBUG_LDFLAGS)$(DEBUG_CFLAGS)$(DEBUG_CPPFLAGS)"; then \ + @STRIP@ -o $(top_builddir)/bin/keepalived $(top_builddir)/keepalived/keepalived; \ + else \ + cp -p $(top_builddir)/keepalived/keepalived $(top_builddir)/bin; \ + fi; \ + else \ + rm -f $(top_builddir)/bin/keepalived; \ + fi) + +$(top_builddir)/bin/genhash: $(top_builddir)/genhash/genhash + @$(MKDIR_P) $(top_builddir)/bin + @(if test -f $(top_builddir)/genhash/genhash; then \ + if test -z "$(DEBUG_LDFLAGS)$(DEBUG_CFLAGS)$(DEBUG_CPPFLAGS)"; then \ + @STRIP@ -o $(top_builddir)/bin/genhash $(top_builddir)/genhash/genhash; \ + else \ + cp -p $(top_builddir)/genhash/genhash $(top_builddir)/bin; \ + fi; \ + else \ + rm -f $(top_builddir)/bin/genhash; \ + fi) + +clean-local: + rm -f $(top_builddir)/bin/keepalived $(top_builddir)/bin/genhash diff --git a/tools/keepalived/build_setup b/tools/keepalived/build_setup new file mode 100755 index 000000000..c3610d4e5 --- /dev/null +++ b/tools/keepalived/build_setup @@ -0,0 +1,6 @@ +#!/bin/sh + +aclocal +autoheader +automake --add-missing +autoreconf diff --git a/tools/keepalived/config.json b/tools/keepalived/config.json new file mode 100644 index 000000000..a8ae7746e --- /dev/null +++ b/tools/keepalived/config.json @@ -0,0 +1,4919 @@ +{ + "clusterId":"791", + "vipports":[ + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.180:80:100,192.168.34.225:80:100,192.168.54.21:80:100,192.168.26.59:80:100,192.168.17.189:80:100,192.168.5.185:80:100,192.168.14.14:80:100,192.168.38.64:80:100,192.168.26.163:80:100,192.168.45.240:80:100,192.168.45.60:80:100,192.168.37.104:80:100,192.168.17.71:80:100,192.168.21.52:80:100,192.168.37.17:80:100,192.168.9.172:80:100,192.168.14.238:80:100,192.168.38.138:80:100,192.168.53.106:80:100,192.168.15.192:80:100,192.168.26.36:80:100,192.168.46.90:80:100,192.168.31.190:80:100,192.168.31.7:80:100,192.168.26.215:80:100,192.168.15.103:80:100,192.168.49.215:80:100,192.168.15.108:80:100,192.168.33.101:80:100,192.168.5.155:80:100,192.168.10.1:80:100,192.168.29.210:80:100,192.168.51.176:80:100,192.168.51.251:80:100,192.168.23.200:80:100,192.168.33.192:80:100,192.168.1.170:80:100,192.168.50.91:80:100,192.168.47.100:80:100,192.168.11.142:80:100,192.168.25.157:80:100,192.168.46.52:80:100,192.168.30.154:80:100,192.168.6.82:80:100,192.168.47.80:80:100,192.168.54.151:80:100,192.168.19.171:80:100,192.168.18.92:80:100,192.168.3.93:80:100,192.168.59.219:80:100,192.168.25.6:80:100,192.168.26.19:80:100,192.168.53.136:80:100,192.168.22.29:80:100,192.168.15.143:80:100,192.168.46.75:80:100,192.168.21.208:80:100,192.168.35.80:80:100,192.168.57.58:80:100,192.168.26.212:80:100,192.168.14.95:80:100,192.168.47.3:80:100,192.168.31.102:80:100,192.168.47.155:80:100,192.168.58.13:80:100,192.168.1.171:80:100,192.168.31.213:80:100,192.168.29.60:80:100,192.168.37.139:80:100,192.168.13.206:80:100,192.168.29.117:80:100,192.168.26.75:80:100,192.168.25.229:80:100,192.168.5.29:80:100,192.168.38.191:80:100,192.168.58.12:80:100,192.168.3.49:80:100,192.168.53.99:80:100,192.168.25.133:80:100,192.168.50.238:80:100,192.168.7.126:80:100,192.168.43.248:80:100,192.168.15.233:80:100,192.168.55.105:80:100,192.168.43.195:80:100,192.168.42.135:80:100,192.168.38.66:80:100", + "vip":"111.13.235.69" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.15:80:100,192.168.1.142:80:100,192.168.59.105:80:100", + "vip":"192.168.102.169" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.168:80:100,192.168.37.246:80:100", + "vip":"192.168.101.63" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.100:80:100,192.168.57.126:80:100,192.168.19.145:80:100,192.168.58.154:80:100", + "vip":"192.168.102.88" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.59:80:100,192.168.58.241:80:100", + "vip":"111.13.235.132" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.248:80:100,192.168.26.71:80:100,192.168.46.103:80:100,192.168.33.50:80:100", + "vip":"192.168.101.61" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.37:80:100,192.168.49.41:80:100,192.168.33.34:80:100,192.168.18.13:80:100,192.168.23.161:80:100,192.168.43.121:80:100,192.168.49.19:80:100,192.168.13.177:80:100,192.168.18.81:80:100,192.168.2.55:80:100,192.168.37.207:80:100,192.168.14.39:80:100,192.168.15.216:80:100,192.168.6.54:80:100,192.168.17.41:80:100,192.168.1.70:80:100,192.168.31.103:80:100,192.168.11.55:80:100,192.168.25.233:80:100,192.168.3.194:80:100,192.168.34.147:80:100,192.168.3.78:80:100,192.168.43.173:80:100,192.168.47.247:80:100,192.168.54.233:80:100,192.168.1.253:80:100,192.168.38.71:80:100,192.168.3.61:80:100,192.168.22.183:80:100,192.168.7.190:80:100,192.168.10.130:80:100,192.168.45.110:80:100,192.168.34.241:80:100,192.168.57.237:80:100,192.168.10.152:80:100,192.168.1.21:80:100,192.168.37.183:80:100,192.168.6.43:80:100,192.168.59.198:80:100,192.168.6.165:80:100,192.168.35.212:80:100,192.168.58.57:80:100,192.168.47.8:80:100,192.168.47.112:80:100,192.168.10.217:80:100,192.168.59.219:80:100,192.168.15.162:80:100,192.168.19.202:80:100,192.168.2.72:80:100,192.168.17.98:80:100,192.168.11.122:80:100,192.168.6.239:80:100,192.168.9.69:80:100,192.168.59.142:80:100,192.168.25.1:80:100,192.168.13.2:80:100,192.168.33.193:80:100,192.168.54.159:80:100,192.168.55.75:80:100,192.168.3.228:80:100,192.168.34.178:80:100,192.168.58.201:80:100,192.168.42.15:80:100,192.168.22.123:80:100,192.168.35.191:80:100,192.168.11.156:80:100,192.168.11.247:80:100,192.168.38.79:80:100,192.168.59.201:80:100,192.168.22.201:80:100,192.168.49.115:80:100,192.168.9.7:80:100,192.168.10.142:80:100,192.168.6.111:80:100,192.168.43.235:80:100,192.168.17.78:80:100,192.168.2.25:80:100,192.168.45.84:80:100,192.168.53.82:80:100,192.168.59.134:80:100,192.168.46.79:80:100,192.168.5.232:80:100,192.168.5.78:80:100,192.168.53.59:80:100,192.168.17.177:80:100,192.168.3.38:80:100,192.168.19.160:80:100,192.168.49.125:80:100,192.168.18.126:80:100,192.168.41.202:80:100,192.168.33.77:80:100,192.168.17.111:80:100,192.168.30.163:80:100,192.168.13.170:80:100,192.168.5.205:80:100,192.168.39.159:80:100,192.168.30.81:80:100,192.168.11.245:80:100,192.168.6.105:80:100,192.168.11.213:80:100,192.168.21.128:80:100,192.168.14.3:80:100,192.168.1.157:80:100,192.168.31.29:80:100,192.168.11.116:80:100,192.168.54.106:80:100,192.168.38.38:80:100,192.168.57.221:80:100,192.168.35.148:80:100,192.168.10.242:80:100,192.168.43.231:80:100,192.168.31.151:80:100,192.168.58.69:80:100,192.168.55.168:80:100,192.168.27.92:80:100,192.168.17.221:80:100,192.168.47.11:80:100,192.168.5.164:80:100,192.168.18.1:80:100,192.168.42.196:80:100,192.168.3.19:80:100,192.168.30.34:80:100,192.168.6.46:80:100,192.168.42.121:80:100,192.168.51.167:80:100,192.168.42.99:80:100,192.168.11.133:80:100,192.168.54.113:80:100,192.168.17.3:80:100,192.168.57.110:80:100,192.168.42.207:80:100,192.168.37.14:80:100,192.168.57.155:80:100,192.168.49.123:80:100,192.168.23.208:80:100,192.168.6.244:80:100,192.168.19.110:80:100,192.168.47.3:80:100,192.168.23.109:80:100,192.168.23.194:80:100,192.168.29.73:80:100,192.168.7.150:80:100,192.168.27.27:80:100,192.168.29.236:80:100,192.168.49.100:80:100,192.168.14.199:80:100,192.168.34.72:80:100,192.168.7.129:80:100,192.168.7.254:80:100,192.168.39.21:80:100,192.168.22.48:80:100,192.168.47.121:80:100,192.168.1.249:80:100,192.168.37.228:80:100,192.168.37.55:80:100,192.168.3.210:80:100,192.168.57.247:80:100,192.168.27.122:80:100,192.168.11.201:80:100,192.168.42.50:80:100,192.168.55.36:80:100,192.168.41.98:80:100,192.168.37.179:80:100,192.168.46.63:80:100,192.168.55.197:80:100,192.168.22.21:80:100,192.168.25.145:80:100,192.168.2.110:80:100,192.168.51.127:80:100,192.168.43.234:80:100,192.168.54.23:80:100,192.168.18.93:80:100,192.168.18.180:80:100,192.168.14.125:80:100,192.168.33.237:80:100,192.168.54.88:80:100,192.168.54.246:80:100,192.168.51.155:80:100,192.168.37.194:80:100,192.168.39.19:80:100,192.168.54.154:80:100,192.168.57.211:80:100,192.168.30.238:80:100,192.168.10.199:80:100,192.168.15.76:80:100,192.168.13.179:80:100,192.168.17.125:80:100,192.168.39.101:80:100,192.168.6.141:80:100,192.168.35.220:80:100,192.168.45.174:80:100", + "vip":"192.168.101.7" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.176:80:100,192.168.45.176:80:100,192.168.22.165:80:100,192.168.21.204:80:100", + "vip":"111.13.235.154" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.3:80:100,192.168.59.94:80:100,192.168.50.61:80:100,192.168.58.69:80:100,192.168.53.130:80:100,192.168.39.244:80:100,192.168.55.68:80:100,192.168.53.59:80:100,192.168.42.227:80:100,192.168.26.205:80:100,192.168.38.165:80:100", + "vip":"192.168.101.167" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.224:80:100", + "vip":"111.13.235.244" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.237:80:100,192.168.7.46:80:100,192.168.17.203:80:100,192.168.30.48:80:100,192.168.1.210:80:100,192.168.14.45:80:100,192.168.41.162:80:100,192.168.45.239:80:100,192.168.37.23:80:100,192.168.1.221:80:100,192.168.58.26:80:100,192.168.9.78:80:100,192.168.46.249:80:100,192.168.30.186:80:100,192.168.57.70:80:100,192.168.14.236:80:100,192.168.3.226:80:100,192.168.35.131:80:100", + "vip":"192.168.101.122" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.7.173:80:100,192.168.17.25:80:100,192.168.35.130:80:100,192.168.22.130:80:100,192.168.30.103:80:100,192.168.42.89:80:100,192.168.15.59:80:100,192.168.19.100:80:100", + "vip":"192.168.102.135" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.77:80:100,192.168.30.251:80:100", + "vip":"192.168.102.28" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.134:80:100,192.168.35.168:80:100,192.168.14.122:80:100,192.168.21.224:80:100", + "vip":"192.168.101.139" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.189:80:100,192.168.39.238:80:100,192.168.43.25:80:100,192.168.50.69:80:100", + "vip":"192.168.102.62" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.53:80:100,192.168.55.236:80:100", + "vip":"192.168.101.80" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.29:80:100,192.168.6.112:80:100,192.168.6.55:80:100,192.168.57.148:80:100,192.168.14.41:80:100,192.168.6.51:80:100,192.168.47.8:80:100,192.168.10.193:80:100,192.168.47.25:80:100,192.168.59.127:80:100,192.168.42.84:80:100,192.168.19.219:80:100,192.168.13.134:80:100,192.168.55.81:80:100,192.168.14.175:80:100,192.168.50.20:80:100,192.168.37.175:80:100", + "vip":"192.168.102.214" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.61:80:100,192.168.11.140:80:100", + "vip":"111.13.235.85" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.237:80:100,192.168.31.132:80:100,192.168.42.231:80:100,192.168.9.219:80:100,192.168.33.38:80:100,192.168.35.189:80:100", + "vip":"192.168.101.244" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.240:80:100,192.168.1.237:80:100,192.168.53.87:80:100,192.168.53.51:80:100,192.168.1.23:80:100,192.168.33.46:80:100,192.168.33.39:80:100", + "vip":"111.13.235.103" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.196:80:100,192.168.53.184:80:100,192.168.57.200:80:100,192.168.43.26:80:100,192.168.33.144:80:100,192.168.18.177:80:100,192.168.33.114:80:100,192.168.59.117:80:100,192.168.35.106:80:100,192.168.23.141:80:100,192.168.18.212:80:100,192.168.14.244:80:100,192.168.17.103:80:100,192.168.25.150:80:100,192.168.34.130:80:100,192.168.26.155:80:100,192.168.46.179:80:100,192.168.21.59:80:100,192.168.58.117:80:100,192.168.33.240:80:100,192.168.35.207:80:100,192.168.46.106:80:100,192.168.22.20:80:100,192.168.7.3:80:100,192.168.47.91:80:100,192.168.58.124:80:100,192.168.25.124:80:100,192.168.25.139:80:100,192.168.38.83:80:100,192.168.54.54:80:100,192.168.54.19:80:100,192.168.47.107:80:100,192.168.3.110:80:100,192.168.57.36:80:100,192.168.42.19:80:100,192.168.45.110:80:100,192.168.49.227:80:100,192.168.54.89:80:100,192.168.5.2:80:100,192.168.46.44:80:100,192.168.38.17:80:100,192.168.27.202:80:100,192.168.30.77:80:100,192.168.29.176:80:100,192.168.30.4:80:100,192.168.39.153:80:100,192.168.13.79:80:100,192.168.29.118:80:100,192.168.21.146:80:100,192.168.35.151:80:100,192.168.11.77:80:100,192.168.59.123:80:100,192.168.13.148:80:100,192.168.15.58:80:100,192.168.21.48:80:100,192.168.31.180:80:100,192.168.18.173:80:100,192.168.43.44:80:100,192.168.42.45:80:100,192.168.39.41:80:100,192.168.19.209:80:100,192.168.58.207:80:100,192.168.55.209:80:100,192.168.50.178:80:100,192.168.11.101:80:100,192.168.42.152:80:100,192.168.19.223:80:100,192.168.27.207:80:100,192.168.1.104:80:100,192.168.29.30:80:100,192.168.13.202:80:100,192.168.37.123:80:100,192.168.6.72:80:100,192.168.3.7:80:100,192.168.30.249:80:100,192.168.57.153:80:100,192.168.57.81:80:100,192.168.55.191:80:100,192.168.23.248:80:100,192.168.17.204:80:100,192.168.58.30:80:100,192.168.34.215:80:100,192.168.22.237:80:100,192.168.10.201:80:100,192.168.11.103:80:100,192.168.9.170:80:100,192.168.42.156:80:100,192.168.59.168:80:100,192.168.42.198:80:100,192.168.5.198:80:100,192.168.45.175:80:100,192.168.31.223:80:100,192.168.3.164:80:100,192.168.5.28:80:100,192.168.10.42:80:100,192.168.54.227:80:100,192.168.45.199:80:100,192.168.45.42:80:100,192.168.33.149:80:100,192.168.55.222:80:100,192.168.6.101:80:100,192.168.35.183:80:100,192.168.15.177:80:100,192.168.13.170:80:100,192.168.43.105:80:100,192.168.45.63:80:100,192.168.11.65:80:100,192.168.43.199:80:100,192.168.11.245:80:100,192.168.35.13:80:100,192.168.23.111:80:100,192.168.55.233:80:100,192.168.43.227:80:100,192.168.17.124:80:100,192.168.15.71:80:100,192.168.18.53:80:100,192.168.58.235:80:100,192.168.2.35:80:100,192.168.42.140:80:100,192.168.1.229:80:100,192.168.39.115:80:100,192.168.3.62:80:100,192.168.41.37:80:100,192.168.34.87:80:100,192.168.2.251:80:100,192.168.34.75:80:100,192.168.17.130:80:100,192.168.39.105:80:100,192.168.58.189:80:100,192.168.29.188:80:100,192.168.13.130:80:100,192.168.3.97:80:100,192.168.57.82:80:100,192.168.37.1:80:100,192.168.19.40:80:100,192.168.2.197:80:100,192.168.7.94:80:100,192.168.11.112:80:100,192.168.26.139:80:100,192.168.21.25:80:100,192.168.50.207:80:100,192.168.14.106:80:100,192.168.29.166:80:100,192.168.9.152:80:100,192.168.22.147:80:100,192.168.29.242:80:100,192.168.43.249:80:100,192.168.5.64:80:100,192.168.50.232:80:100,192.168.6.60:80:100,192.168.11.246:80:100,192.168.6.42:80:100,192.168.51.136:80:100,192.168.47.137:80:100,192.168.1.173:80:100,192.168.50.7:80:100,192.168.42.161:80:100,192.168.54.95:80:100,192.168.33.169:80:100,192.168.9.23:80:100,192.168.11.62:80:100,192.168.26.4:80:100,192.168.11.235:80:100,192.168.18.233:80:100,192.168.2.218:80:100,192.168.15.210:80:100,192.168.33.6:80:100,192.168.34.13:80:100,192.168.50.44:80:100,192.168.11.76:80:100,192.168.43.202:80:100,192.168.34.249:80:100,192.168.49.5:80:100,192.168.1.184:80:100,192.168.25.99:80:100,192.168.51.19:80:100,192.168.51.221:80:100,192.168.41.36:80:100,192.168.33.227:80:100,192.168.54.146:80:100,192.168.10.116:80:100,192.168.55.127:80:100,192.168.11.215:80:100,192.168.13.215:80:100,192.168.53.205:80:100,192.168.46.228:80:100,192.168.11.86:80:100,192.168.19.158:80:100,192.168.3.139:80:100,192.168.22.188:80:100,192.168.35.245:80:100,192.168.38.117:80:100,192.168.22.33:80:100,192.168.13.29:80:100,192.168.11.38:80:100,192.168.25.215:80:100,192.168.7.177:80:100", + "vip":"192.168.101.82" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.117:80:100,192.168.50.71:80:100,192.168.11.140:80:100,192.168.6.65:80:100,192.168.33.64:80:100,192.168.5.159:80:100,192.168.5.246:80:100,192.168.43.244:80:100,192.168.30.234:80:100,192.168.9.191:80:100,192.168.2.6:80:100,192.168.35.208:80:100,192.168.7.87:80:100,192.168.18.147:80:100,192.168.21.185:80:100,192.168.23.194:80:100,192.168.34.225:80:100,192.168.50.115:80:100", + "vip":"192.168.102.5" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.147:80:100,192.168.30.195:80:100,192.168.17.189:80:100,192.168.31.19:80:100,192.168.21.157:80:100,192.168.26.186:80:100,192.168.23.210:80:100", + "vip":"192.168.102.166" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.196:80:100,192.168.6.5:80:100,192.168.15.121:80:100,192.168.58.164:80:100,192.168.5.162:80:100,192.168.23.242:80:100,192.168.38.113:80:100,192.168.59.25:80:100,192.168.41.20:80:100,192.168.1.151:80:100,192.168.5.187:80:100,192.168.19.84:80:100,192.168.3.105:80:100,192.168.29.89:80:100,192.168.11.243:80:100,192.168.10.193:80:100,192.168.42.176:80:100,192.168.43.170:80:100,192.168.42.129:80:100,192.168.55.11:80:100,192.168.54.53:80:100,192.168.29.132:80:100,192.168.23.221:80:100,192.168.3.96:80:100,192.168.3.29:80:100,192.168.51.78:80:100,192.168.42.233:80:100,192.168.35.41:80:100,192.168.41.40:80:100,192.168.7.10:80:100,192.168.27.11:80:100,192.168.6.211:80:100,192.168.31.143:80:100,192.168.34.207:80:100,192.168.45.235:80:100,192.168.11.114:80:100,192.168.53.158:80:100,192.168.19.159:80:100,192.168.46.101:80:100,192.168.58.122:80:100,192.168.15.177:80:100,192.168.33.253:80:100,192.168.46.212:80:100,192.168.21.242:80:100,192.168.50.227:80:100,192.168.18.197:80:100,192.168.9.126:80:100,192.168.19.61:80:100,192.168.49.231:80:100,192.168.55.219:80:100,192.168.39.247:80:100", + "vip":"192.168.102.33" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.65:80:100,192.168.11.20:80:100,192.168.55.241:80:100", + "vip":"192.168.102.92" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.109:80:100,192.168.14.226:80:100,192.168.42.115:80:100", + "vip":"192.168.101.191" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.132:80:100,192.168.55.248:80:100,192.168.46.105:80:100,192.168.18.124:80:100,192.168.7.69:80:100,192.168.9.30:80:100,192.168.34.181:80:100,192.168.25.35:80:100,192.168.45.239:80:100,192.168.29.73:80:100,192.168.57.81:80:100,192.168.31.119:80:100,192.168.57.248:80:100,192.168.14.183:80:100,192.168.45.6:80:100", + "vip":"192.168.102.170" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.1:80:100,192.168.41.135:80:100,192.168.21.206:80:100,192.168.58.5:80:100,192.168.50.143:80:100,192.168.10.157:80:100,192.168.49.243:80:100,192.168.53.173:80:100,192.168.22.153:80:100,192.168.54.17:80:100,192.168.59.237:80:100,192.168.50.66:80:100,192.168.27.151:80:100,192.168.46.65:80:100,192.168.54.139:80:100,192.168.37.172:80:100,192.168.31.115:80:100,192.168.18.78:80:100,192.168.26.96:80:100,192.168.14.27:80:100,192.168.55.73:80:100,192.168.7.150:80:100,192.168.51.101:80:100,192.168.14.226:80:100,192.168.6.6:80:100,192.168.13.92:80:100,192.168.43.167:80:100,192.168.3.214:80:100,192.168.6.92:80:100,192.168.47.27:80:100,192.168.38.57:80:100,192.168.57.117:80:100,192.168.2.20:80:100,192.168.37.111:80:100,192.168.5.76:80:100,192.168.13.52:80:100,192.168.37.72:80:100,192.168.14.10:80:100,192.168.15.58:80:100,192.168.49.198:80:100,192.168.23.87:80:100,192.168.29.177:80:100,192.168.54.188:80:100,192.168.47.206:80:100,192.168.38.224:80:100,192.168.11.23:80:100,192.168.15.123:80:100,192.168.17.238:80:100,192.168.10.52:80:100,192.168.9.60:80:100,192.168.15.27:80:100,192.168.27.207:80:100,192.168.57.51:80:100,192.168.57.141:80:100,192.168.42.236:80:100,192.168.42.17:80:100,192.168.22.71:80:100,192.168.30.93:80:100,192.168.18.150:80:100,192.168.29.29:80:100,192.168.18.239:80:100,192.168.7.136:80:100,192.168.53.5:80:100,192.168.29.190:80:100,192.168.15.31:80:100,192.168.29.38:80:100,192.168.57.204:80:100,192.168.29.84:80:100,192.168.13.8:80:100,192.168.39.5:80:100,192.168.18.75:80:100,192.168.19.3:80:100,192.168.50.247:80:100,192.168.54.103:80:100,192.168.5.156:80:100,192.168.10.198:80:100,192.168.7.66:80:100,192.168.21.167:80:100,192.168.39.170:80:100,192.168.3.53:80:100,192.168.9.198:80:100,192.168.7.193:80:100,192.168.19.128:80:100,192.168.49.171:80:100,192.168.54.148:80:100,192.168.17.60:80:100,192.168.17.217:80:100,192.168.6.5:80:100,192.168.19.174:80:100,192.168.18.124:80:100,192.168.43.228:80:100,192.168.23.26:80:100,192.168.51.163:80:100,192.168.25.118:80:100,192.168.10.123:80:100,192.168.51.212:80:100,192.168.25.142:80:100,192.168.43.77:80:100,192.168.49.247:80:100,192.168.19.210:80:100,192.168.11.3:80:100,192.168.33.81:80:100,192.168.23.54:80:100,192.168.50.62:80:100,192.168.18.242:80:100,192.168.59.101:80:100,192.168.38.15:80:100,192.168.41.226:80:100,192.168.6.181:80:100,192.168.15.20:80:100,192.168.55.107:80:100,192.168.38.63:80:100,192.168.25.49:80:100,192.168.25.192:80:100,192.168.2.99:80:100,192.168.9.204:80:100,192.168.25.85:80:100,192.168.22.219:80:100,192.168.10.28:80:100,192.168.45.64:80:100,192.168.58.25:80:100,192.168.31.43:80:100,192.168.51.154:80:100,192.168.26.212:80:100,192.168.58.56:80:100,192.168.14.83:80:100,192.168.25.11:80:100,192.168.6.244:80:100,192.168.14.167:80:100,192.168.46.20:80:100,192.168.59.179:80:100,192.168.49.237:80:100,192.168.15.18:80:100,192.168.42.41:80:100,192.168.35.159:80:100,192.168.26.21:80:100,192.168.29.97:80:100,192.168.38.190:80:100,192.168.38.84:80:100,192.168.6.53:80:100,192.168.26.119:80:100,192.168.9.72:80:100,192.168.59.196:80:100,192.168.38.76:80:100,192.168.1.179:80:100,192.168.33.45:80:100,192.168.41.93:80:100,192.168.39.40:80:100,192.168.41.3:80:100,192.168.27.146:80:100,192.168.19.172:80:100,192.168.7.225:80:100,192.168.31.137:80:100,192.168.55.27:80:100,192.168.11.20:80:100,192.168.6.223:80:100,192.168.35.238:80:100,192.168.19.170:80:100,192.168.6.115:80:100,192.168.57.20:80:100,192.168.9.124:80:100,192.168.39.179:80:100,192.168.7.54:80:100,192.168.58.7:80:100,192.168.29.39:80:100,192.168.59.102:80:100,192.168.31.228:80:100,192.168.3.144:80:100,192.168.39.25:80:100,192.168.37.122:80:100,192.168.53.67:80:100,192.168.22.131:80:100,192.168.5.252:80:100", + "vip":"192.168.102.233" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.161:80:100,192.168.26.195:80:100", + "vip":"192.168.101.18" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.240:80:100,192.168.27.197:80:100,192.168.6.18:80:100,192.168.54.20:80:100,192.168.45.187:80:100,192.168.13.74:80:100,192.168.46.23:80:100,192.168.9.188:80:100", + "vip":"192.168.101.42" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.235:80:100,192.168.39.231:80:100,192.168.33.188:80:100,192.168.9.90:80:100,192.168.18.248:80:100,192.168.3.132:80:100,192.168.31.34:80:100,192.168.34.96:80:100,192.168.49.112:80:100,192.168.27.242:80:100,192.168.27.185:80:100,192.168.42.221:80:100,192.168.59.42:80:100,192.168.38.90:80:100,192.168.50.65:80:100,192.168.29.67:80:100,192.168.18.168:80:100,192.168.41.69:80:100,192.168.35.137:80:100,192.168.47.147:80:100,192.168.10.237:80:100,192.168.15.38:80:100,192.168.23.191:80:100,192.168.37.141:80:100,192.168.18.194:80:100,192.168.18.21:80:100,192.168.7.222:80:100,192.168.46.78:80:100,192.168.9.97:80:100,192.168.58.40:80:100,192.168.17.2:80:100,192.168.46.156:80:100,192.168.6.202:80:100,192.168.7.37:80:100,192.168.13.22:80:100,192.168.18.250:80:100,192.168.19.214:80:100,192.168.39.13:80:100,192.168.41.43:80:100,192.168.5.90:80:100,192.168.47.132:80:100,192.168.13.236:80:100,192.168.38.19:80:100,192.168.6.235:80:100,192.168.58.122:80:100,192.168.42.204:80:100,192.168.42.94:80:100,192.168.30.84:80:100,192.168.13.93:80:100,192.168.27.62:80:100,192.168.45.73:80:100,192.168.34.84:80:100,192.168.33.22:80:100,192.168.46.198:80:100,192.168.59.88:80:100,192.168.58.188:80:100,192.168.46.132:80:100,192.168.41.226:80:100,192.168.11.10:80:100,192.168.55.51:80:100,192.168.58.22:80:100,192.168.10.179:80:100,192.168.51.182:80:100,192.168.51.129:80:100,192.168.57.156:80:100,192.168.53.33:80:100,192.168.58.25:80:100,192.168.59.146:80:100,192.168.11.217:80:100,192.168.1.166:80:100,192.168.58.197:80:100,192.168.46.57:80:100,192.168.50.218:80:100,192.168.29.163:80:100,192.168.26.33:80:100,192.168.5.103:80:100,192.168.6.216:80:100,192.168.38.155:80:100,192.168.57.18:80:100,192.168.21.73:80:100,192.168.5.62:80:100,192.168.22.72:80:100,192.168.43.246:80:100,192.168.25.163:80:100,192.168.25.58:80:100,192.168.15.100:80:100", + "vip":"111.13.235.187" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.150:80:100,192.168.46.139:80:100,192.168.37.91:80:100,192.168.25.158:80:100", + "vip":"192.168.101.5" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.156:80:100,192.168.35.136:80:100,192.168.57.127:80:100,192.168.22.11:80:100,192.168.27.75:80:100,192.168.22.222:80:100,192.168.1.144:80:100,192.168.3.166:80:100", + "vip":"111.13.235.174" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.236:80:100,192.168.7.36:80:100,192.168.19.20:80:100,192.168.51.225:80:100", + "vip":"192.168.102.110" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.77:80:100", + "vip":"111.13.235.141" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.117:80:100,192.168.26.227:80:100,192.168.51.168:80:100,192.168.39.218:80:100,192.168.22.103:80:100,192.168.10.129:80:100,192.168.45.157:80:100,192.168.26.113:80:100,192.168.39.62:80:100,192.168.50.217:80:100,192.168.14.177:80:100,192.168.39.197:80:100,192.168.49.45:80:100,192.168.57.72:80:100,192.168.49.61:80:100,192.168.9.202:80:100,192.168.46.104:80:100", + "vip":"192.168.101.150" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.253:80:100", + "vip":"192.168.101.199" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.234:80:100,192.168.30.157:80:100,192.168.18.163:80:100,192.168.49.199:80:100,192.168.54.146:80:100,192.168.45.67:80:100", + "vip":"111.13.235.130" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.192:80:100,192.168.46.92:80:100,192.168.18.168:80:100", + "vip":"192.168.102.94" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.117:80:100,192.168.31.163:80:100", + "vip":"192.168.102.54" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.119:80:100,192.168.30.151:80:100,192.168.18.18:80:100,192.168.49.80:80:100,192.168.3.54:80:100,192.168.10.54:80:100", + "vip":"192.168.102.251" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.188:80:100,192.168.55.1:80:100,192.168.37.7:80:100,192.168.22.56:80:100,192.168.34.202:80:100,192.168.19.177:80:100,192.168.14.111:80:100,192.168.43.9:80:100,192.168.7.120:80:100,192.168.29.116:80:100,192.168.59.1:80:100,192.168.1.139:80:100", + "vip":"111.13.235.220" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.212:80:100", + "vip":"111.13.235.114" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.91:80:100", + "vip":"192.168.102.137" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.26.221:80:100,192.168.33.108:80:100,192.168.46.229:80:100,192.168.39.244:80:100,192.168.47.241:80:100,192.168.1.226:80:100,192.168.10.55:80:100", + "vip":"111.13.235.241" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.54:80:100,192.168.25.135:80:100", + "vip":"111.13.235.89" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.141:80:100", + "vip":"111.13.235.135" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.207:80:100,192.168.29.84:80:100,192.168.49.46:80:100,192.168.23.140:80:100,192.168.47.209:80:100,192.168.53.140:80:100,192.168.50.22:80:100,192.168.31.238:80:100,192.168.42.100:80:100", + "vip":"192.168.102.109" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.178:80:100", + "vip":"192.168.102.60" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.223:80:100", + "vip":"111.13.235.225" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.79:80:100,192.168.29.96:80:100,192.168.11.147:80:100", + "vip":"192.168.102.189" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.215:80:100,192.168.23.161:80:100,192.168.41.57:80:100,192.168.34.17:80:100,192.168.31.146:80:100,192.168.38.252:80:100,192.168.43.219:80:100,192.168.54.204:80:100,192.168.55.5:80:100,192.168.7.3:80:100,192.168.19.242:80:100,192.168.10.12:80:100,192.168.57.119:80:100,192.168.35.145:80:100,192.168.55.249:80:100,192.168.27.36:80:100,192.168.25.79:80:100,192.168.30.239:80:100,192.168.58.226:80:100,192.168.34.26:80:100,192.168.47.176:80:100,192.168.38.43:80:100,192.168.54.15:80:100,192.168.51.47:80:100,192.168.55.26:80:100,192.168.35.48:80:100,192.168.6.219:80:100,192.168.3.174:80:100,192.168.14.5:80:100,192.168.50.222:80:100,192.168.39.118:80:100,192.168.55.111:80:100,192.168.9.12:80:100,192.168.19.53:80:100,192.168.58.81:80:100,192.168.10.75:80:100,192.168.29.83:80:100,192.168.37.82:80:100,192.168.1.29:80:100,192.168.1.247:80:100,192.168.29.116:80:100,192.168.47.216:80:100,192.168.10.247:80:100,192.168.50.43:80:100,192.168.5.215:80:100,192.168.31.117:80:100,192.168.15.121:80:100,192.168.6.208:80:100,192.168.33.179:80:100,192.168.39.57:80:100,192.168.27.229:80:100,192.168.57.76:80:100,192.168.3.20:80:100,192.168.51.22:80:100,192.168.6.70:80:100,192.168.55.70:80:100,192.168.55.213:80:100,192.168.11.116:80:100,192.168.41.159:80:100,192.168.22.217:80:100,192.168.25.243:80:100,192.168.10.236:80:100,192.168.45.164:80:100,192.168.42.122:80:100,192.168.51.156:80:100,192.168.9.30:80:100,192.168.58.176:80:100,192.168.46.114:80:100,192.168.23.181:80:100,192.168.19.140:80:100,192.168.6.1:80:100,192.168.9.164:80:100,192.168.9.207:80:100,192.168.23.92:80:100,192.168.45.80:80:100,192.168.1.232:80:100,192.168.54.184:80:100,192.168.37.154:80:100,192.168.55.175:80:100,192.168.23.216:80:100,192.168.33.169:80:100,192.168.54.237:80:100,192.168.59.27:80:100,192.168.53.101:80:100,192.168.27.239:80:100,192.168.37.99:80:100,192.168.59.162:80:100,192.168.3.149:80:100,192.168.58.254:80:100,192.168.25.235:80:100,192.168.50.193:80:100,192.168.1.63:80:100,192.168.38.209:80:100,192.168.39.40:80:100,192.168.45.55:80:100,192.168.50.87:80:100,192.168.5.65:80:100,192.168.35.47:80:100,192.168.22.53:80:100,192.168.43.201:80:100,192.168.17.35:80:100,192.168.3.71:80:100,192.168.14.24:80:100,192.168.51.209:80:100,192.168.41.165:80:100,192.168.7.103:80:100", + "vip":"192.168.101.255" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.165:80:100", + "vip":"111.13.235.116" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.55:80:100", + "vip":"111.13.235.101" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.66:80:100", + "vip":"192.168.101.241" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.33:80:100,192.168.9.1:80:100,192.168.7.161:80:100,192.168.19.118:80:100,192.168.45.83:80:100,192.168.26.121:80:100,192.168.2.115:80:100,192.168.42.13:80:100,192.168.7.233:80:100,192.168.35.219:80:100,192.168.38.48:80:100,192.168.53.250:80:100,192.168.1.66:80:100,192.168.6.124:80:100,192.168.42.179:80:100,192.168.33.230:80:100,192.168.53.91:80:100,192.168.42.228:80:100,192.168.50.56:80:100,192.168.55.106:80:100,192.168.21.66:80:100,192.168.43.146:80:100,192.168.21.190:80:100,192.168.25.66:80:100,192.168.43.14:80:100,192.168.39.10:80:100,192.168.55.53:80:100,192.168.34.142:80:100,192.168.58.227:80:100,192.168.22.212:80:100,192.168.33.132:80:100,192.168.53.162:80:100,192.168.1.4:80:100,192.168.51.137:80:100,192.168.50.181:80:100,192.168.33.219:80:100,192.168.41.29:80:100,192.168.26.115:80:100,192.168.58.12:80:100,192.168.45.1:80:100,192.168.57.229:80:100,192.168.31.220:80:100,192.168.11.84:80:100,192.168.9.44:80:100,192.168.10.1:80:100,192.168.1.224:80:100,192.168.45.84:80:100,192.168.33.36:80:100,192.168.31.157:80:100,192.168.49.103:80:100,192.168.7.82:80:100,192.168.43.67:80:100,192.168.21.107:80:100,192.168.38.77:80:100,192.168.27.170:80:100,192.168.35.181:80:100,192.168.42.79:80:100,192.168.19.77:80:100,192.168.14.142:80:100,192.168.13.104:80:100,192.168.25.135:80:100,192.168.42.143:80:100,192.168.38.177:80:100,192.168.30.15:80:100,192.168.35.155:80:100,192.168.42.85:80:100,192.168.34.25:80:100,192.168.3.67:80:100,192.168.47.114:80:100,192.168.26.85:80:100,192.168.23.129:80:100,192.168.13.116:80:100,192.168.46.95:80:100,192.168.13.187:80:100,192.168.53.243:80:100,192.168.7.192:80:100,192.168.57.139:80:100,192.168.29.217:80:100,192.168.53.106:80:100,192.168.30.133:80:100,192.168.11.8:80:100,192.168.19.188:80:100,192.168.3.173:80:100,192.168.55.132:80:100,192.168.19.71:80:100", + "vip":"192.168.101.87" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.135:80:100,192.168.3.46:80:100,192.168.3.83:80:100", + "vip":"111.13.235.74" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.199:80:100,192.168.34.211:80:100,192.168.34.194:80:100", + "vip":"192.168.102.15" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.182:80:100,192.168.27.248:80:100,192.168.55.104:80:100,192.168.38.123:80:100,192.168.50.47:80:100", + "vip":"192.168.101.147" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.221:80:100,192.168.50.177:80:100,192.168.5.168:80:100", + "vip":"192.168.101.173" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.110:80:100,192.168.46.88:80:100,192.168.14.69:80:100,192.168.57.137:80:100", + "vip":"192.168.101.67" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.167:80:100,192.168.34.218:80:100,192.168.21.149:80:100,192.168.31.73:80:100,192.168.9.161:80:100,192.168.35.78:80:100,192.168.38.125:80:100,192.168.53.26:80:100,192.168.11.116:80:100,192.168.47.147:80:100,192.168.14.254:80:100,192.168.43.196:80:100,192.168.57.25:80:100,192.168.38.45:80:100,192.168.17.104:80:100,192.168.57.217:80:100,192.168.3.53:80:100,192.168.58.175:80:100,192.168.59.158:80:100,192.168.42.93:80:100,192.168.22.200:80:100,192.168.45.119:80:100,192.168.35.197:80:100,192.168.51.209:80:100,192.168.19.135:80:100,192.168.6.37:80:100,192.168.46.32:80:100,192.168.17.44:80:100,192.168.49.24:80:100,192.168.34.251:80:100,192.168.46.65:80:100,192.168.41.49:80:100,192.168.30.210:80:100,192.168.45.232:80:100,192.168.33.142:80:100,192.168.25.197:80:100,192.168.50.98:80:100,192.168.33.141:80:100,192.168.14.9:80:100,192.168.15.231:80:100,192.168.37.209:80:100,192.168.21.219:80:100,192.168.58.203:80:100,192.168.34.130:80:100,192.168.59.52:80:100,192.168.5.209:80:100,192.168.13.208:80:100,192.168.46.182:80:100,192.168.47.25:80:100,192.168.42.177:80:100,192.168.59.218:80:100,192.168.2.241:80:100,192.168.33.11:80:100,192.168.13.106:80:100,192.168.15.60:80:100,192.168.5.156:80:100,192.168.21.167:80:100,192.168.22.98:80:100,192.168.19.234:80:100,192.168.57.92:80:100,192.168.2.29:80:100,192.168.2.122:80:100,192.168.5.100:80:100,192.168.5.190:80:100,192.168.9.193:80:100,192.168.13.192:80:100,192.168.14.2:80:100,192.168.54.96:80:100,192.168.42.103:80:100,192.168.11.20:80:100,192.168.41.155:80:100,192.168.7.111:80:100,192.168.30.8:80:100,192.168.47.242:80:100,192.168.38.138:80:100,192.168.11.254:80:100,192.168.33.20:80:100,192.168.9.175:80:100,192.168.31.42:80:100", + "vip":"111.13.235.173" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.166:80:100,192.168.33.32:80:100", + "vip":"192.168.102.22" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.191:80:100", + "vip":"192.168.102.184" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.3:80:100,192.168.3.142:80:100,192.168.45.215:80:100,192.168.38.180:80:100,192.168.30.94:80:100,192.168.45.57:80:100,192.168.21.167:80:100,192.168.41.40:80:100,192.168.47.33:80:100,192.168.19.15:80:100,192.168.33.139:80:100,192.168.26.252:80:100,192.168.53.146:80:100,192.168.37.63:80:100,192.168.39.35:80:100", + "vip":"192.168.101.30" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.227:80:100,192.168.43.44:80:100", + "vip":"192.168.101.111" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.139:80:100,192.168.59.153:80:100,192.168.49.32:80:100,192.168.22.65:80:100,192.168.58.154:80:100,192.168.17.70:80:100,192.168.55.214:80:100,192.168.9.152:80:100,192.168.51.32:80:100,192.168.9.115:80:100,192.168.33.189:80:100,192.168.50.70:80:100,192.168.34.118:80:100", + "vip":"192.168.101.50" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.197:80:100,192.168.29.164:80:100,192.168.13.23:80:100,192.168.21.167:80:100", + "vip":"192.168.102.47" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.69:80:100,192.168.23.204:80:100,192.168.38.128:80:100,192.168.10.147:80:100,192.168.29.90:80:100,192.168.3.41:80:100,192.168.59.8:80:100,192.168.2.160:80:100,192.168.51.29:80:100", + "vip":"192.168.102.145" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.160:80:100,192.168.38.53:80:100,192.168.57.7:80:100,192.168.27.204:80:100,192.168.33.144:80:100,192.168.51.170:80:100,192.168.3.24:80:100,192.168.30.70:80:100,192.168.27.32:80:100,192.168.39.48:80:100,192.168.27.221:80:100,192.168.41.26:80:100,192.168.39.254:80:100,192.168.18.62:80:100,192.168.37.45:80:100,192.168.13.57:80:100,192.168.9.200:80:100,192.168.55.16:80:100,192.168.54.1:80:100,192.168.59.135:80:100,192.168.58.14:80:100,192.168.41.97:80:100,192.168.9.192:80:100,192.168.19.219:80:100,192.168.55.100:80:100,192.168.10.12:80:100,192.168.31.151:80:100,192.168.55.189:80:100,192.168.34.131:80:100,192.168.59.254:80:100,192.168.29.209:80:100,192.168.21.134:80:100,192.168.25.218:80:100,192.168.39.248:80:100,192.168.11.242:80:100,192.168.33.176:80:100,192.168.43.54:80:100,192.168.17.187:80:100,192.168.41.4:80:100,192.168.3.67:80:100,192.168.38.134:80:100,192.168.58.228:80:100,192.168.55.161:80:100,192.168.22.87:80:100,192.168.29.72:80:100,192.168.45.20:80:100,192.168.10.170:80:100,192.168.15.252:80:100,192.168.5.189:80:100,192.168.14.99:80:100,192.168.55.132:80:100,192.168.1.115:80:100,192.168.21.84:80:100,192.168.14.80:80:100,192.168.59.106:80:100,192.168.5.162:80:100,192.168.29.109:80:100,192.168.1.3:80:100,192.168.46.180:80:100,192.168.27.101:80:100,192.168.5.187:80:100,192.168.26.187:80:100,192.168.11.184:80:100,192.168.42.96:80:100,192.168.49.90:80:100,192.168.14.86:80:100,192.168.6.182:80:100,192.168.54.161:80:100,192.168.3.79:80:100,192.168.45.90:80:100,192.168.55.193:80:100,192.168.43.27:80:100,192.168.14.6:80:100,192.168.25.211:80:100,192.168.55.65:80:100,192.168.43.74:80:100,192.168.21.36:80:100,192.168.54.70:80:100,192.168.22.94:80:100,192.168.43.182:80:100,192.168.39.156:80:100,192.168.11.191:80:100,192.168.35.241:80:100,192.168.27.166:80:100,192.168.19.162:80:100,192.168.27.167:80:100,192.168.34.152:80:100,192.168.22.55:80:100,192.168.34.5:80:100,192.168.47.171:80:100,192.168.14.41:80:100,192.168.39.51:80:100,192.168.7.101:80:100,192.168.5.138:80:100,192.168.17.123:80:100,192.168.7.11:80:100,192.168.57.162:80:100,192.168.39.237:80:100,192.168.38.189:80:100,192.168.45.199:80:100,192.168.5.86:80:100,192.168.29.95:80:100,192.168.14.118:80:100,192.168.47.245:80:100,192.168.26.97:80:100,192.168.49.199:80:100,192.168.59.208:80:100,192.168.55.164:80:100,192.168.39.97:80:100,192.168.59.174:80:100,192.168.10.149:80:100,192.168.58.218:80:100,192.168.42.70:80:100,192.168.10.191:80:100,192.168.58.91:80:100,192.168.38.112:80:100,192.168.55.135:80:100,192.168.21.90:80:100,192.168.38.126:80:100,192.168.6.174:80:100,192.168.5.220:80:100,192.168.29.196:80:100,192.168.27.55:80:100,192.168.54.232:80:100,192.168.6.53:80:100,192.168.30.2:80:100,192.168.43.164:80:100,192.168.30.19:80:100,192.168.27.90:80:100,192.168.2.254:80:100,192.168.49.114:80:100,192.168.17.18:80:100,192.168.5.85:80:100,192.168.55.166:80:100,192.168.49.186:80:100,192.168.37.68:80:100,192.168.51.159:80:100,192.168.1.52:80:100,192.168.1.179:80:100,192.168.3.229:80:100,192.168.11.180:80:100,192.168.27.80:80:100,192.168.42.59:80:100,192.168.29.14:80:100,192.168.45.212:80:100,192.168.46.239:80:100,192.168.41.23:80:100,192.168.46.83:80:100,192.168.39.131:80:100,192.168.58.143:80:100,192.168.53.242:80:100,192.168.13.197:80:100,192.168.25.13:80:100,192.168.58.18:80:100,192.168.47.162:80:100,192.168.55.99:80:100,192.168.14.66:80:100,192.168.1.39:80:100,192.168.30.31:80:100,192.168.25.125:80:100,192.168.55.117:80:100,192.168.6.238:80:100,192.168.22.33:80:100,192.168.49.60:80:100,192.168.37.119:80:100,192.168.42.78:80:100,192.168.26.208:80:100", + "vip":"192.168.101.141" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.195:80:100,192.168.51.151:80:100,192.168.2.85:80:100,192.168.37.121:80:100,192.168.37.156:80:100,192.168.39.18:80:100,192.168.57.43:80:100,192.168.17.252:80:100,192.168.11.41:80:100,192.168.46.19:80:100,192.168.57.126:80:100,192.168.59.44:80:100,192.168.25.229:80:100,192.168.10.137:80:100,192.168.50.129:80:100,192.168.15.44:80:100,192.168.30.185:80:100,192.168.38.1:80:100,192.168.43.76:80:100,192.168.41.168:80:100,192.168.29.96:80:100,192.168.26.156:80:100,192.168.37.197:80:100,192.168.21.132:80:100,192.168.14.253:80:100,192.168.3.84:80:100,192.168.21.148:80:100,192.168.14.246:80:100,192.168.41.19:80:100,192.168.33.155:80:100,192.168.10.114:80:100,192.168.41.127:80:100,192.168.49.207:80:100", + "vip":"192.168.101.130" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.161:80:100,192.168.9.21:80:100", + "vip":"192.168.102.253" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.56:80:100,192.168.15.62:80:100,192.168.13.60:80:100,192.168.53.100:80:100,192.168.21.157:80:100,192.168.57.18:80:100,192.168.22.91:80:100", + "vip":"192.168.101.142" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.241:80:100", + "vip":"192.168.102.77" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.189:80:100,192.168.57.129:80:100,192.168.58.48:80:100,192.168.39.218:80:100,192.168.39.91:80:100,192.168.15.140:80:100,192.168.42.57:80:100", + "vip":"111.13.235.80" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.252:80:100,192.168.21.240:80:100,192.168.42.244:80:100", + "vip":"192.168.102.198" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.148:80:100,192.168.5.108:80:100,192.168.41.179:80:100,192.168.29.127:80:100,192.168.1.212:80:100", + "vip":"111.13.235.133" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.252:80:100,192.168.26.241:80:100,192.168.53.48:80:100,192.168.11.240:80:100,192.168.22.33:80:100,192.168.59.218:80:100,192.168.7.3:80:100,192.168.50.180:80:100", + "vip":"192.168.102.7" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.86:80:100,192.168.26.121:80:100,192.168.5.14:80:100,192.168.58.247:80:100,192.168.18.9:80:100,192.168.13.94:80:100,192.168.59.90:80:100,192.168.55.220:80:100", + "vip":"192.168.102.249" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.57:80:100,192.168.3.161:80:100,192.168.42.131:80:100,192.168.59.122:80:100,192.168.43.28:80:100,192.168.58.66:80:100,192.168.9.222:80:100,192.168.59.207:80:100,192.168.21.54:80:100", + "vip":"192.168.101.243" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.189:80:100,192.168.55.215:80:100,192.168.22.87:80:100,192.168.47.121:80:100,192.168.30.169:80:100,192.168.2.128:80:100,192.168.46.122:80:100", + "vip":"192.168.102.35" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.81:80:100,192.168.30.33:80:100", + "vip":"111.13.235.204" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.23:80:100", + "vip":"192.168.102.164" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.63:80:100,192.168.9.157:80:100,192.168.27.171:80:100", + "vip":"111.13.235.213" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.218:80:100,192.168.55.61:80:100,192.168.27.8:80:100,192.168.42.10:80:100,192.168.9.151:80:100,192.168.1.90:80:100,192.168.39.225:80:100,192.168.9.163:80:100,192.168.23.83:80:100,192.168.21.133:80:100,192.168.17.184:80:100,192.168.11.4:80:100,192.168.23.88:80:100,192.168.23.152:80:100,192.168.33.53:80:100,192.168.18.146:80:100,192.168.1.11:80:100,192.168.22.141:80:100,192.168.21.54:80:100", + "vip":"192.168.102.247" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.8:80:100,192.168.29.6:80:100,192.168.5.170:80:100,192.168.31.197:80:100,192.168.18.63:80:100,192.168.15.57:80:100,192.168.49.31:80:100,192.168.27.233:80:100,192.168.50.82:80:100,192.168.29.188:80:100,192.168.2.188:80:100,192.168.26.22:80:100,192.168.54.141:80:100", + "vip":"192.168.102.9" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.250:80:100,192.168.21.250:80:100,192.168.7.189:80:100,192.168.43.58:80:100", + "vip":"192.168.102.213" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.220:80:100,192.168.47.146:80:100,192.168.50.195:80:100", + "vip":"192.168.102.12" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.57.135:80:100,192.168.14.223:80:100,192.168.31.2:80:100,192.168.59.205:80:100", + "vip":"192.168.102.129" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.22:80:100,192.168.11.69:80:100,192.168.5.230:80:100,192.168.21.51:80:100,192.168.14.109:80:100", + "vip":"111.13.235.211" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.146:80:100,192.168.37.46:80:100", + "vip":"192.168.102.236" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.110:80:100,192.168.1.188:80:100,192.168.42.252:80:100,192.168.58.190:80:100,192.168.41.157:80:100,192.168.45.245:80:100,192.168.21.145:80:100", + "vip":"192.168.102.209" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.1:80:100", + "vip":"192.168.102.40" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.54:80:100,192.168.33.136:80:100,192.168.17.225:80:100,192.168.59.169:80:100,192.168.41.41:80:100,192.168.35.69:80:100,192.168.9.53:80:100,192.168.2.191:80:100,192.168.50.34:80:100,192.168.7.130:80:100,192.168.46.183:80:100,192.168.30.21:80:100,192.168.35.168:80:100", + "vip":"192.168.101.65" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.5:80:100,192.168.2.142:80:100,192.168.45.30:80:100,192.168.25.26:80:100,192.168.25.70:80:100,192.168.13.243:80:100,192.168.17.103:80:100,192.168.1.66:80:100,192.168.14.183:80:100,192.168.13.109:80:100,192.168.58.32:80:100,192.168.10.202:80:100,192.168.50.166:80:100,192.168.38.11:80:100,192.168.10.40:80:100,192.168.39.144:80:100,192.168.35.134:80:100,192.168.27.242:80:100,192.168.45.238:80:100,192.168.35.17:80:100,192.168.11.232:80:100,192.168.58.71:80:100,192.168.7.150:80:100,192.168.7.128:80:100,192.168.21.140:80:100,192.168.19.145:80:100,192.168.46.196:80:100,192.168.53.172:80:100,192.168.25.137:80:100,192.168.49.174:80:100,192.168.38.122:80:100,192.168.27.43:80:100,192.168.51.92:80:100,192.168.50.202:80:100,192.168.1.32:80:100,192.168.43.108:80:100,192.168.22.32:80:100,192.168.11.200:80:100,192.168.49.148:80:100,192.168.59.154:80:100,192.168.5.60:80:100", + "vip":"192.168.102.10" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.253:80:100,192.168.46.161:80:100,192.168.18.177:80:100,192.168.25.171:80:100,192.168.2.23:80:100", + "vip":"192.168.101.194" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.125:80:100,192.168.19.46:80:100,192.168.13.81:80:100,192.168.47.116:80:100", + "vip":"192.168.102.99" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.252:80:100,192.168.33.74:80:100,192.168.6.54:80:100,192.168.43.24:80:100", + "vip":"192.168.101.19" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.136:80:100,192.168.57.123:80:100,192.168.57.154:80:100,192.168.5.175:80:100,192.168.25.225:80:100,192.168.10.155:80:100", + "vip":"192.168.102.226" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.153:80:100,192.168.29.120:80:100,192.168.7.149:80:100,192.168.59.251:80:100,192.168.54.223:80:100,192.168.50.32:80:100,192.168.2.55:80:100,192.168.7.100:80:100,192.168.21.159:80:100,192.168.19.175:80:100,192.168.31.125:80:100,192.168.25.47:80:100,192.168.37.10:80:100,192.168.6.134:80:100,192.168.47.28:80:100,192.168.26.173:80:100,192.168.9.188:80:100,192.168.46.31:80:100,192.168.55.89:80:100,192.168.59.163:80:100,192.168.23.178:80:100,192.168.59.18:80:100,192.168.22.101:80:100,192.168.15.80:80:100,192.168.58.93:80:100,192.168.13.154:80:100,192.168.23.131:80:100,192.168.37.203:80:100,192.168.55.196:80:100,192.168.9.50:80:100,192.168.58.130:80:100,192.168.31.136:80:100,192.168.39.44:80:100,192.168.35.212:80:100,192.168.15.12:80:100,192.168.13.122:80:100,192.168.3.161:80:100,192.168.53.86:80:100,192.168.41.175:80:100,192.168.31.59:80:100,192.168.31.219:80:100,192.168.42.214:80:100,192.168.1.167:80:100,192.168.7.26:80:100,192.168.31.189:80:100,192.168.19.153:80:100,192.168.15.7:80:100,192.168.15.29:80:100,192.168.14.61:80:100,192.168.25.109:80:100,192.168.1.247:80:100,192.168.19.90:80:100,192.168.22.10:80:100,192.168.49.213:80:100,192.168.13.126:80:100,192.168.29.53:80:100,192.168.57.88:80:100,192.168.45.122:80:100,192.168.49.87:80:100,192.168.38.124:80:100,192.168.47.75:80:100,192.168.15.37:80:100,192.168.59.227:80:100,192.168.2.14:80:100,192.168.10.137:80:100,192.168.33.167:80:100,192.168.25.184:80:100,192.168.17.196:80:100,192.168.13.254:80:100,192.168.25.212:80:100,192.168.57.55:80:100,192.168.49.44:80:100,192.168.58.134:80:100,192.168.7.237:80:100,192.168.10.197:80:100,192.168.5.234:80:100,192.168.33.13:80:100,192.168.2.22:80:100,192.168.13.184:80:100,192.168.37.29:80:100,192.168.31.95:80:100,192.168.33.250:80:100,192.168.22.159:80:100,192.168.38.237:80:100,192.168.6.214:80:100,192.168.49.153:80:100,192.168.35.168:80:100,192.168.5.76:80:100,192.168.33.86:80:100,192.168.49.74:80:100,192.168.59.12:80:100,192.168.3.172:80:100,192.168.31.172:80:100,192.168.3.71:80:100,192.168.23.137:80:100,192.168.18.202:80:100", + "vip":"192.168.102.105" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.60:80:100,192.168.6.132:80:100,192.168.38.248:80:100,192.168.41.18:80:100,192.168.10.231:80:100,192.168.45.253:80:100,192.168.41.212:80:100,192.168.38.25:80:100,192.168.14.101:80:100", + "vip":"192.168.102.42" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.137:80:100,192.168.49.241:80:100,192.168.9.55:80:100,192.168.15.57:80:100,192.168.22.231:80:100,192.168.39.209:80:100,192.168.26.184:80:100", + "vip":"192.168.101.113" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.171:80:100,192.168.49.36:80:100", + "vip":"192.168.102.59" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.222:80:100,192.168.33.123:80:100,192.168.51.36:80:100,192.168.23.184:80:100,192.168.3.224:80:100,192.168.21.119:80:100,192.168.55.16:80:100,192.168.17.251:80:100,192.168.53.120:80:100", + "vip":"192.168.101.135" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.44:80:100,192.168.42.60:80:100,192.168.30.63:80:100", + "vip":"111.13.235.120" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.51:80:100,192.168.55.21:80:100,192.168.39.78:80:100,192.168.13.137:80:100,192.168.21.114:80:100,192.168.15.214:80:100,192.168.1.123:80:100,192.168.47.99:80:100,192.168.37.249:80:100,192.168.25.173:80:100,192.168.38.208:80:100", + "vip":"111.13.235.223" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.251:80:100,192.168.17.23:80:100,192.168.25.19:80:100", + "vip":"192.168.102.96" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.224:80:100,192.168.51.111:80:100,192.168.5.191:80:100", + "vip":"111.13.235.104" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.138:80:100,192.168.47.187:80:100,192.168.10.230:80:100,192.168.45.181:80:100,192.168.14.3:80:100,192.168.42.122:80:100,192.168.45.41:80:100,192.168.50.217:80:100,192.168.39.177:80:100,192.168.50.149:80:100,192.168.23.19:80:100,192.168.39.86:80:100,192.168.19.219:80:100,192.168.7.112:80:100,192.168.9.33:80:100", + "vip":"111.13.235.218" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.7.228:80:100,192.168.35.209:80:100", + "vip":"192.168.101.81" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.3:80:100,192.168.19.238:80:100,192.168.37.90:80:100,192.168.10.64:80:100,192.168.49.138:80:100,192.168.30.110:80:100,192.168.43.7:80:100,192.168.30.111:80:100", + "vip":"111.13.235.248" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.82:80:100,192.168.15.38:80:100,192.168.39.81:80:100,192.168.18.45:80:100,192.168.42.180:80:100,192.168.21.188:80:100,192.168.23.157:80:100,192.168.14.215:80:100,192.168.18.151:80:100,192.168.59.43:80:100,192.168.5.15:80:100,192.168.18.147:80:100,192.168.14.156:80:100,192.168.51.9:80:100,192.168.18.149:80:100,192.168.22.65:80:100,192.168.14.15:80:100,192.168.43.186:80:100,192.168.57.179:80:100,192.168.50.79:80:100,192.168.25.109:80:100,192.168.43.77:80:100,192.168.21.61:80:100,192.168.22.13:80:100,192.168.19.145:80:100,192.168.34.239:80:100,192.168.54.33:80:100,192.168.39.144:80:100,192.168.25.3:80:100,192.168.14.133:80:100,192.168.17.234:80:100,192.168.15.202:80:100,192.168.15.53:80:100,192.168.41.33:80:100,192.168.1.77:80:100,192.168.53.147:80:100,192.168.35.205:80:100,192.168.3.144:80:100,192.168.23.9:80:100,192.168.33.132:80:100,192.168.53.156:80:100,192.168.1.128:80:100,192.168.38.183:80:100,192.168.19.30:80:100,192.168.33.201:80:100", + "vip":"192.168.102.156" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.210:80:100,192.168.11.63:80:100,192.168.42.73:80:100,192.168.19.20:80:100", + "vip":"192.168.101.202" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.208:80:100,192.168.19.69:80:100,192.168.3.180:80:100", + "vip":"111.13.235.206" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.26.226:80:100,192.168.6.165:80:100,192.168.54.214:80:100", + "vip":"192.168.102.187" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.196:80:100,192.168.10.147:80:100,192.168.26.215:80:100,192.168.23.109:80:100,192.168.41.207:80:100,192.168.6.74:80:100,192.168.57.3:80:100", + "vip":"192.168.101.53" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.51:80:100,192.168.51.56:80:100,192.168.14.201:80:100,192.168.25.4:80:100", + "vip":"111.13.235.71" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.188:80:100,192.168.54.142:80:100,192.168.47.196:80:100,192.168.9.69:80:100,192.168.43.59:80:100,192.168.43.243:80:100,192.168.55.116:80:100,192.168.3.88:80:100,192.168.25.14:80:100,192.168.14.152:80:100,192.168.19.95:80:100,192.168.55.61:80:100,192.168.26.8:80:100,192.168.17.236:80:100,192.168.11.112:80:100,192.168.41.17:80:100,192.168.30.108:80:100,192.168.21.72:80:100,192.168.37.178:80:100,192.168.14.57:80:100,192.168.50.148:80:100,192.168.43.179:80:100,192.168.2.186:80:100,192.168.50.83:80:100,192.168.54.124:80:100", + "vip":"111.13.235.102" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.224:80:100,192.168.17.29:80:100,192.168.33.87:80:100,192.168.37.162:80:100", + "vip":"111.13.235.216" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.53:80:100,192.168.23.8:80:100,192.168.17.110:80:100,192.168.50.68:80:100,192.168.49.132:80:100,192.168.22.153:80:100,192.168.31.166:80:100,192.168.14.4:80:100,192.168.13.250:80:100,192.168.29.24:80:100,192.168.30.3:80:100,192.168.50.165:80:100,192.168.5.55:80:100,192.168.50.44:80:100,192.168.47.232:80:100,192.168.2.28:80:100,192.168.9.95:80:100,192.168.54.77:80:100,192.168.59.245:80:100,192.168.46.85:80:100,192.168.5.144:80:100,192.168.38.89:80:100,192.168.49.177:80:100,192.168.45.70:80:100,192.168.31.199:80:100,192.168.21.36:80:100,192.168.13.234:80:100,192.168.17.47:80:100,192.168.31.181:80:100,192.168.34.129:80:100,192.168.6.60:80:100,192.168.43.21:80:100,192.168.26.57:80:100,192.168.45.3:80:100,192.168.29.144:80:100,192.168.41.132:80:100,192.168.59.218:80:100,192.168.51.178:80:100,192.168.47.136:80:100,192.168.9.81:80:100,192.168.33.201:80:100", + "vip":"192.168.101.207" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.126:80:100,192.168.21.23:80:100,192.168.22.25:80:100,192.168.25.197:80:100,192.168.57.233:80:100,192.168.47.23:80:100,192.168.5.36:80:100,192.168.46.186:80:100", + "vip":"192.168.101.105" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.128:80:100,192.168.1.111:80:100,192.168.14.64:80:100,192.168.59.57:80:100,192.168.5.59:80:100,192.168.14.175:80:100,192.168.9.248:80:100", + "vip":"192.168.102.36" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.169:80:100,192.168.45.123:80:100,192.168.15.12:80:100,192.168.18.213:80:100,192.168.22.234:80:100", + "vip":"192.168.101.79" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.82:80:100,192.168.42.34:80:100,192.168.11.218:80:100,192.168.58.77:80:100,192.168.38.192:80:100,192.168.27.62:80:100,192.168.27.254:80:100,192.168.22.117:80:100,192.168.6.233:80:100,192.168.45.17:80:100,192.168.54.228:80:100,192.168.25.126:80:100,192.168.34.94:80:100,192.168.11.67:80:100,192.168.5.133:80:100,192.168.58.37:80:100,192.168.51.146:80:100,192.168.18.27:80:100,192.168.15.49:80:100,192.168.25.4:80:100,192.168.29.145:80:100,192.168.35.79:80:100,192.168.34.211:80:100,192.168.59.161:80:100,192.168.1.65:80:100,192.168.10.190:80:100,192.168.29.42:80:100,192.168.38.228:80:100,192.168.9.202:80:100,192.168.6.121:80:100,192.168.41.100:80:100,192.168.22.47:80:100,192.168.47.115:80:100,192.168.7.236:80:100,192.168.57.14:80:100,192.168.1.162:80:100,192.168.35.167:80:100,192.168.29.254:80:100,192.168.45.110:80:100,192.168.27.111:80:100,192.168.17.243:80:100,192.168.38.176:80:100,192.168.3.82:80:100,192.168.50.102:80:100,192.168.46.250:80:100,192.168.57.94:80:100,192.168.10.248:80:100,192.168.35.227:80:100,192.168.38.241:80:100,192.168.35.117:80:100,192.168.13.9:80:100,192.168.9.235:80:100,192.168.1.172:80:100,192.168.6.178:80:100,192.168.6.241:80:100,192.168.33.152:80:100,192.168.29.81:80:100,192.168.54.156:80:100", + "vip":"192.168.101.138" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.212:80:100", + "vip":"111.13.235.214" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.111:80:100", + "vip":"192.168.101.24" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.235:80:100,192.168.47.80:80:100,192.168.6.3:80:100,192.168.47.96:80:100,192.168.59.215:80:100,192.168.33.243:80:100", + "vip":"192.168.101.35" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.57.232:80:100,192.168.54.159:80:100,192.168.54.115:80:100,192.168.55.254:80:100", + "vip":"192.168.102.234" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.159:80:100,192.168.55.109:80:100,192.168.7.11:80:100,192.168.14.20:80:100,192.168.14.102:80:100,192.168.46.241:80:100,192.168.49.92:80:100,192.168.21.99:80:100,192.168.22.152:80:100,192.168.14.242:80:100,192.168.22.27:80:100,192.168.37.190:80:100,192.168.10.187:80:100,192.168.27.212:80:100,192.168.9.48:80:100,192.168.29.26:80:100,192.168.15.227:80:100,192.168.26.220:80:100,192.168.18.42:80:100,192.168.39.137:80:100,192.168.54.99:80:100,192.168.55.90:80:100,192.168.13.72:80:100,192.168.41.247:80:100,192.168.6.61:80:100,192.168.38.242:80:100,192.168.41.248:80:100,192.168.50.36:80:100,192.168.53.84:80:100,192.168.34.38:80:100,192.168.17.94:80:100,192.168.35.33:80:100,192.168.53.98:80:100,192.168.46.64:80:100,192.168.54.42:80:100,192.168.27.99:80:100,192.168.18.2:80:100,192.168.26.17:80:100,192.168.57.198:80:100", + "vip":"192.168.102.30" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.109:80:100,192.168.13.244:80:100", + "vip":"192.168.101.200" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.37:80:100,192.168.30.123:80:100,192.168.47.94:80:100,192.168.38.35:80:100,192.168.15.42:80:100,192.168.42.210:80:100,192.168.26.177:80:100,192.168.59.10:80:100,192.168.1.34:80:100,192.168.39.249:80:100,192.168.31.150:80:100,192.168.27.99:80:100,192.168.58.51:80:100,192.168.47.136:80:100,192.168.9.215:80:100,192.168.54.99:80:100,192.168.59.80:80:100", + "vip":"192.168.102.178" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.93:80:100,192.168.47.205:80:100,192.168.21.73:80:100", + "vip":"192.168.101.48" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.208:80:100,192.168.55.187:80:100,192.168.39.176:80:100,192.168.51.206:80:100", + "vip":"192.168.102.1" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.177:80:100,192.168.13.215:80:100,192.168.26.74:80:100", + "vip":"111.13.235.82" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.53:80:100,192.168.41.35:80:100,192.168.6.120:80:100,192.168.13.161:80:100,192.168.6.162:80:100", + "vip":"192.168.101.71" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.68:80:100,192.168.33.246:80:100,192.168.14.9:80:100,192.168.5.180:80:100,192.168.41.137:80:100,192.168.57.165:80:100,192.168.1.87:80:100,192.168.17.206:80:100,192.168.35.144:80:100,192.168.7.12:80:100,192.168.13.243:80:100,192.168.26.223:80:100,192.168.30.143:80:100,192.168.50.33:80:100,192.168.43.173:80:100,192.168.58.16:80:100,192.168.39.137:80:100,192.168.25.235:80:100,192.168.1.83:80:100,192.168.59.18:80:100,192.168.9.139:80:100,192.168.47.36:80:100,192.168.41.246:80:100,192.168.37.193:80:100,192.168.14.46:80:100,192.168.43.146:80:100,192.168.58.93:80:100,192.168.7.79:80:100,192.168.54.62:80:100,192.168.58.242:80:100,192.168.57.22:80:100,192.168.9.216:80:100,192.168.17.25:80:100,192.168.41.119:80:100,192.168.42.32:80:100,192.168.26.252:80:100,192.168.10.47:80:100,192.168.21.18:80:100,192.168.38.249:80:100,192.168.30.202:80:100,192.168.27.1:80:100,192.168.15.98:80:100,192.168.54.205:80:100,192.168.50.105:80:100,192.168.57.114:80:100,192.168.54.87:80:100,192.168.47.139:80:100,192.168.14.216:80:100,192.168.38.135:80:100,192.168.13.63:80:100,192.168.1.236:80:100,192.168.22.15:80:100,192.168.15.61:80:100,192.168.14.147:80:100,192.168.49.137:80:100,192.168.1.95:80:100,192.168.58.177:80:100,192.168.17.24:80:100,192.168.26.132:80:100,192.168.50.141:80:100,192.168.1.230:80:100,192.168.59.175:80:100,192.168.49.56:80:100,192.168.46.219:80:100,192.168.43.160:80:100,192.168.34.90:80:100,192.168.10.126:80:100,192.168.18.235:80:100,192.168.59.41:80:100,192.168.18.114:80:100,192.168.3.72:80:100,192.168.34.246:80:100,192.168.2.141:80:100,192.168.55.169:80:100,192.168.11.27:80:100,192.168.15.111:80:100,192.168.19.82:80:100,192.168.35.229:80:100,192.168.33.234:80:100,192.168.19.92:80:100,192.168.23.132:80:100,192.168.10.179:80:100,192.168.21.53:80:100,192.168.31.199:80:100,192.168.50.207:80:100,192.168.59.202:80:100,192.168.26.9:80:100,192.168.1.132:80:100,192.168.13.56:80:100,192.168.39.79:80:100,192.168.10.156:80:100,192.168.34.120:80:100,192.168.47.137:80:100,192.168.23.63:80:100,192.168.59.143:80:100,192.168.42.150:80:100,192.168.37.185:80:100,192.168.58.164:80:100,192.168.39.37:80:100,192.168.37.198:80:100,192.168.5.85:80:100,192.168.11.62:80:100,192.168.45.165:80:100,192.168.3.241:80:100,192.168.38.143:80:100,192.168.57.5:80:100,192.168.26.75:80:100,192.168.11.243:80:100,192.168.41.29:80:100,192.168.38.212:80:100,192.168.9.166:80:100,192.168.37.36:80:100,192.168.30.241:80:100,192.168.59.72:80:100,192.168.6.185:80:100,192.168.3.120:80:100,192.168.11.215:80:100,192.168.57.191:80:100,192.168.14.125:80:100,192.168.58.45:80:100,192.168.18.122:80:100,192.168.11.86:80:100,192.168.46.208:80:100,192.168.55.228:80:100,192.168.7.40:80:100,192.168.13.82:80:100,192.168.38.14:80:100,192.168.53.67:80:100,192.168.30.150:80:100,192.168.11.160:80:100,192.168.18.6:80:100,192.168.34.226:80:100", + "vip":"111.13.235.160" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.76:80:100,192.168.6.216:80:100", + "vip":"111.13.235.221" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.26.232:80:100,192.168.1.20:80:100,192.168.50.60:80:100,192.168.2.198:80:100,192.168.39.80:80:100,192.168.35.205:80:100", + "vip":"192.168.101.158" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.158:80:100,192.168.55.64:80:100,192.168.43.168:80:100,192.168.39.43:80:100,192.168.27.220:80:100,192.168.42.153:80:100,192.168.34.186:80:100,192.168.10.78:80:100", + "vip":"111.13.235.87" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.203:80:100,192.168.33.188:80:100,192.168.6.189:80:100,192.168.35.113:80:100,192.168.34.162:80:100,192.168.54.59:80:100,192.168.15.47:80:100,192.168.17.164:80:100,192.168.43.236:80:100,192.168.39.254:80:100,192.168.10.204:80:100,192.168.6.54:80:100,192.168.34.199:80:100,192.168.30.189:80:100,192.168.10.167:80:100,192.168.54.71:80:100,192.168.19.34:80:100,192.168.15.137:80:100,192.168.46.152:80:100,192.168.50.204:80:100,192.168.39.161:80:100,192.168.22.46:80:100,192.168.29.21:80:100,192.168.21.237:80:100,192.168.37.102:80:100,192.168.30.108:80:100,192.168.39.55:80:100,192.168.9.103:80:100,192.168.54.82:80:100,192.168.26.210:80:100,192.168.21.168:80:100,192.168.31.230:80:100,192.168.3.94:80:100,192.168.47.160:80:100,192.168.11.77:80:100,192.168.14.112:80:100,192.168.23.201:80:100,192.168.39.138:80:100,192.168.53.106:80:100,192.168.33.27:80:100,192.168.2.155:80:100,192.168.38.249:80:100,192.168.23.217:80:100,192.168.10.217:80:100,192.168.35.78:80:100,192.168.53.222:80:100,192.168.3.134:80:100,192.168.19.225:80:100,192.168.27.159:80:100,192.168.2.71:80:100,192.168.55.128:80:100,192.168.17.74:80:100,192.168.54.98:80:100,192.168.3.24:80:100,192.168.54.21:80:100,192.168.13.174:80:100,192.168.57.196:80:100,192.168.29.132:80:100,192.168.53.233:80:100,192.168.14.50:80:100,192.168.1.247:80:100,192.168.25.230:80:100,192.168.9.57:80:100,192.168.6.111:80:100,192.168.11.166:80:100,192.168.11.32:80:100,192.168.33.192:80:100,192.168.47.134:80:100,192.168.9.190:80:100,192.168.23.174:80:100,192.168.54.108:80:100,192.168.6.198:80:100,192.168.29.53:80:100,192.168.50.247:80:100,192.168.57.192:80:100,192.168.34.18:80:100,192.168.51.239:80:100,192.168.1.182:80:100,192.168.34.92:80:100,192.168.53.188:80:100,192.168.34.49:80:100,192.168.38.5:80:100,192.168.58.190:80:100,192.168.1.130:80:100,192.168.33.152:80:100,192.168.23.99:80:100,192.168.46.109:80:100,192.168.53.252:80:100,192.168.25.208:80:100,192.168.46.151:80:100,192.168.46.206:80:100,192.168.9.145:80:100,192.168.14.110:80:100,192.168.29.194:80:100,192.168.35.5:80:100,192.168.31.203:80:100,192.168.10.236:80:100,192.168.55.95:80:100,192.168.39.36:80:100,192.168.26.117:80:100,192.168.46.93:80:100,192.168.54.85:80:100,192.168.54.103:80:100,192.168.1.134:80:100,192.168.31.81:80:100,192.168.13.214:80:100,192.168.19.243:80:100,192.168.51.182:80:100,192.168.22.64:80:100,192.168.47.175:80:100,192.168.23.10:80:100,192.168.41.126:80:100,192.168.46.39:80:100,192.168.18.59:80:100,192.168.43.107:80:100,192.168.51.107:80:100,192.168.46.64:80:100,192.168.11.61:80:100,192.168.34.198:80:100,192.168.21.173:80:100,192.168.21.172:80:100,192.168.57.210:80:100,192.168.27.235:80:100,192.168.51.45:80:100,192.168.7.132:80:100,192.168.34.65:80:100,192.168.53.186:80:100,192.168.31.213:80:100,192.168.22.117:80:100,192.168.37.180:80:100,192.168.19.109:80:100,192.168.19.169:80:100,192.168.13.115:80:100,192.168.11.201:80:100,192.168.59.39:80:100,192.168.45.31:80:100,192.168.45.170:80:100,192.168.17.1:80:100,192.168.53.85:80:100,192.168.35.252:80:100,192.168.43.202:80:100,192.168.38.212:80:100,192.168.26.122:80:100,192.168.23.78:80:100,192.168.23.35:80:100,192.168.15.195:80:100,192.168.31.23:80:100,192.168.1.55:80:100,192.168.55.79:80:100,192.168.25.50:80:100,192.168.6.7:80:100,192.168.13.137:80:100,192.168.35.171:80:100,192.168.39.233:80:100,192.168.57.96:80:100,192.168.7.211:80:100,192.168.42.227:80:100,192.168.5.192:80:100,192.168.50.22:80:100", + "vip":"111.13.235.228" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.108:80:100,192.168.29.211:80:100", + "vip":"192.168.101.83" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.200:80:100", + "vip":"111.13.235.73" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.225:80:100,192.168.27.47:80:100", + "vip":"111.13.235.226" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.236:80:100,192.168.46.47:80:100,192.168.5.177:80:100,192.168.1.79:80:100,192.168.47.187:80:100", + "vip":"192.168.102.191" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.32:80:100,192.168.25.127:80:100", + "vip":"192.168.101.99" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.239:80:100,192.168.42.168:80:100,192.168.50.50:80:100,192.168.27.64:80:100,192.168.3.149:80:100,192.168.25.155:80:100,192.168.7.73:80:100,192.168.27.8:80:100,192.168.11.190:80:100", + "vip":"192.168.102.27" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.225:80:100,192.168.15.108:80:100,192.168.47.191:80:100,192.168.39.99:80:100", + "vip":"192.168.101.169" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.147:80:100,192.168.51.218:80:100,192.168.10.48:80:100", + "vip":"192.168.102.126" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.160:80:100,192.168.49.248:80:100,192.168.5.225:80:100,192.168.45.184:80:100,192.168.46.253:80:100,192.168.2.111:80:100,192.168.7.119:80:100,192.168.6.119:80:100,192.168.46.86:80:100", + "vip":"192.168.101.181" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.70:80:100", + "vip":"192.168.102.44" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.5:80:100,192.168.29.165:80:100,192.168.26.33:80:100", + "vip":"192.168.101.97" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.100:80:100", + "vip":"192.168.101.217" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.239:80:100,192.168.1.44:80:100,192.168.11.8:80:100,192.168.7.144:80:100", + "vip":"111.13.235.238" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.130:80:100,192.168.30.19:80:100", + "vip":"192.168.101.54" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.212:80:100,192.168.25.235:80:100,192.168.41.8:80:100,192.168.37.170:80:100,192.168.18.26:80:100,192.168.49.38:80:100,192.168.38.93:80:100,192.168.47.94:80:100,192.168.13.69:80:100,192.168.10.98:80:100,192.168.29.93:80:100,192.168.39.150:80:100,192.168.35.19:80:100,192.168.31.180:80:100,192.168.3.153:80:100", + "vip":"192.168.101.133" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.181:80:100,192.168.45.134:80:100", + "vip":"192.168.102.190" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.138:80:100,192.168.15.19:80:100,192.168.2.142:80:100,192.168.27.27:80:100", + "vip":"192.168.101.10" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.173:80:100,192.168.55.17:80:100,192.168.23.217:80:100,192.168.43.16:80:100", + "vip":"111.13.235.185" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.125:80:100,192.168.46.149:80:100,192.168.49.58:80:100,192.168.14.215:80:100,192.168.51.249:80:100,192.168.9.196:80:100,192.168.26.102:80:100", + "vip":"192.168.102.91" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.155:80:100", + "vip":"111.13.235.125" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.209:80:100,192.168.59.111:80:100,192.168.37.203:80:100,192.168.35.57:80:100,192.168.30.117:80:100,192.168.45.194:80:100,192.168.47.81:80:100,192.168.43.22:80:100,192.168.42.124:80:100", + "vip":"192.168.101.72" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.182:80:100,192.168.45.16:80:100,192.168.49.234:80:100,192.168.50.21:80:100", + "vip":"192.168.102.210" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.213:80:100,192.168.9.223:80:100,192.168.9.95:80:100,192.168.1.78:80:100,192.168.13.164:80:100,192.168.29.47:80:100,192.168.3.130:80:100", + "vip":"192.168.101.206" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.251:80:100,192.168.6.184:80:100,192.168.43.97:80:100,192.168.31.112:80:100", + "vip":"192.168.102.100" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.113:80:100,192.168.25.240:80:100,192.168.58.8:80:100", + "vip":"192.168.102.19" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.105:80:100,192.168.7.224:80:100,192.168.23.225:80:100,192.168.53.86:80:100", + "vip":"192.168.102.117" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.65:80:100,192.168.17.140:80:100,192.168.38.52:80:100,192.168.21.27:80:100", + "vip":"192.168.102.144" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.252:80:100,192.168.43.116:80:100,192.168.25.163:80:100,192.168.31.37:80:100", + "vip":"192.168.101.58" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.232:80:100,192.168.14.79:80:100,192.168.1.203:80:100,192.168.11.125:80:100,192.168.35.3:80:100,192.168.9.15:80:100,192.168.29.239:80:100,192.168.15.226:80:100,192.168.59.127:80:100,192.168.50.24:80:100,192.168.13.231:80:100,192.168.49.45:80:100", + "vip":"192.168.101.254" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.152:80:100,192.168.59.218:80:100,192.168.35.215:80:100,192.168.3.213:80:100", + "vip":"192.168.102.153" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.9:80:100,192.168.50.84:80:100,192.168.27.75:80:100", + "vip":"111.13.235.81" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.34:80:100,192.168.51.98:80:100,192.168.9.222:80:100,192.168.2.4:80:100", + "vip":"111.13.235.176" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.239:80:100,192.168.2.86:80:100,192.168.13.92:80:100,192.168.49.244:80:100", + "vip":"192.168.101.174" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.130:80:100,192.168.34.246:80:100", + "vip":"192.168.101.68" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.176:80:100", + "vip":"192.168.102.216" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.47:80:100,192.168.9.134:80:100,192.168.2.57:80:100,192.168.23.103:80:100,192.168.31.202:80:100,192.168.45.25:80:100,192.168.9.89:80:100,192.168.47.129:80:100,192.168.7.33:80:100,192.168.37.32:80:100,192.168.39.143:80:100,192.168.25.177:80:100,192.168.21.23:80:100,192.168.14.16:80:100,192.168.45.114:80:100,192.168.30.227:80:100,192.168.46.75:80:100,192.168.17.178:80:100,192.168.2.42:80:100,192.168.43.147:80:100,192.168.33.36:80:100,192.168.14.24:80:100,192.168.50.213:80:100,192.168.25.127:80:100", + "vip":"192.168.101.201" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.253:80:100,192.168.35.132:80:100,192.168.1.81:80:100", + "vip":"192.168.102.217" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.57.120:80:100", + "vip":"192.168.101.196" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.5:80:100,192.168.13.180:80:100,192.168.57.114:80:100,192.168.17.138:80:100", + "vip":"192.168.102.231" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.9:80:100,192.168.15.104:80:100,192.168.43.132:80:100,192.168.54.83:80:100,192.168.34.9:80:100,192.168.14.128:80:100", + "vip":"111.13.235.212" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.188:80:100,192.168.18.51:80:100,192.168.35.110:80:100,192.168.33.142:80:100,192.168.11.13:80:100", + "vip":"192.168.101.37" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.152:80:100", + "vip":"192.168.101.186" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.26.34:80:100,192.168.41.70:80:100", + "vip":"192.168.102.32" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.143:80:100,192.168.58.51:80:100,192.168.26.231:80:100,192.168.49.15:80:100", + "vip":"192.168.101.226" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.104:80:100,192.168.29.90:80:100", + "vip":"111.13.235.246" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.156:80:100,192.168.49.183:80:100,192.168.21.187:80:100,192.168.30.22:80:100,192.168.26.70:80:100,192.168.59.126:80:100,192.168.7.181:80:100,192.168.51.165:80:100,192.168.38.234:80:100", + "vip":"192.168.101.109" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.86:80:100,192.168.25.60:80:100,192.168.9.79:80:100,192.168.59.230:80:100", + "vip":"192.168.101.184" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.6:80:100,192.168.46.210:80:100", + "vip":"192.168.102.89" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.104:80:100,192.168.21.107:80:100", + "vip":"192.168.101.73" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.173:80:100,192.168.23.103:80:100,192.168.42.82:80:100,192.168.31.11:80:100", + "vip":"192.168.101.128" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.223:80:100,192.168.9.172:80:100", + "vip":"192.168.102.237" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.191:80:100", + "vip":"111.13.235.153" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.73:80:100,192.168.22.204:80:100,192.168.9.79:80:100,192.168.2.191:80:100,192.168.31.24:80:100,192.168.26.152:80:100,192.168.29.13:80:100", + "vip":"192.168.102.123" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.55:80:100", + "vip":"192.168.102.46" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.204:80:100,192.168.50.7:80:100,192.168.57.203:80:100", + "vip":"111.13.235.243" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.194:80:100,192.168.38.83:80:100,192.168.23.185:80:100,192.168.37.29:80:100", + "vip":"192.168.101.131" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.80:80:100,192.168.1.254:80:100,192.168.54.2:80:100,192.168.7.124:80:100,192.168.1.202:80:100,192.168.23.156:80:100,192.168.39.107:80:100,192.168.57.40:80:100,192.168.22.109:80:100,192.168.26.69:80:100,192.168.3.22:80:100,192.168.45.75:80:100,192.168.42.234:80:100,192.168.46.174:80:100,192.168.34.70:80:100,192.168.17.50:80:100,192.168.3.58:80:100,192.168.38.110:80:100", + "vip":"192.168.102.121" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.96:80:100,192.168.2.217:80:100,192.168.6.135:80:100,192.168.15.164:80:100,192.168.55.178:80:100,192.168.27.172:80:100,192.168.34.31:80:100", + "vip":"111.13.235.127" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.182:80:100,192.168.37.121:80:100,192.168.50.72:80:100,192.168.43.49:80:100", + "vip":"111.13.235.100" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.55:80:100,192.168.42.58:80:100,192.168.35.158:80:100,192.168.26.180:80:100", + "vip":"192.168.102.93" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.157:80:100", + "vip":"192.168.102.248" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.182:80:100,192.168.46.108:80:100,192.168.42.203:80:100", + "vip":"192.168.102.6" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.157:80:100,192.168.43.16:80:100,192.168.13.38:80:100,192.168.34.125:80:100", + "vip":"111.13.235.76" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.85:80:100", + "vip":"111.13.235.109" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.163:80:100,192.168.42.5:80:100,192.168.46.148:80:100", + "vip":"192.168.101.154" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.33:80:100,192.168.10.118:80:100,192.168.13.128:80:100,192.168.46.152:80:100,192.168.29.88:80:100", + "vip":"111.13.235.175" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.1:80:100,192.168.18.192:80:100,192.168.34.47:80:100,192.168.57.195:80:100,192.168.10.167:80:100,192.168.2.217:80:100,192.168.3.194:80:100,192.168.31.167:80:100,192.168.58.16:80:100,192.168.10.90:80:100,192.168.31.217:80:100,192.168.53.32:80:100,192.168.13.154:80:100,192.168.29.144:80:100,192.168.47.16:80:100,192.168.39.168:80:100,192.168.17.146:80:100,192.168.9.168:80:100,192.168.42.52:80:100,192.168.49.3:80:100,192.168.18.163:80:100,192.168.25.65:80:100,192.168.18.215:80:100,192.168.30.107:80:100,192.168.42.174:80:100,192.168.38.204:80:100,192.168.33.7:80:100,192.168.51.138:80:100,192.168.59.125:80:100,192.168.14.181:80:100,192.168.33.73:80:100,192.168.6.130:80:100,192.168.18.233:80:100,192.168.47.70:80:100,192.168.11.43:80:100,192.168.11.225:80:100,192.168.37.216:80:100,192.168.5.158:80:100,192.168.41.25:80:100,192.168.23.239:80:100,192.168.7.43:80:100,192.168.2.141:80:100,192.168.58.36:80:100,192.168.11.6:80:100,192.168.35.163:80:100,192.168.39.237:80:100,192.168.39.204:80:100,192.168.17.34:80:100,192.168.14.47:80:100,192.168.26.212:80:100,192.168.29.217:80:100,192.168.13.234:80:100,192.168.29.199:80:100,192.168.31.199:80:100,192.168.15.132:80:100,192.168.17.3:80:100,192.168.17.212:80:100,192.168.29.244:80:100,192.168.33.123:80:100,192.168.23.206:80:100,192.168.14.57:80:100,192.168.50.224:80:100,192.168.17.171:80:100,192.168.25.6:80:100,192.168.1.50:80:100,192.168.7.150:80:100,192.168.15.18:80:100,192.168.26.116:80:100,192.168.59.27:80:100,192.168.38.151:80:100,192.168.57.247:80:100,192.168.11.102:80:100,192.168.1.208:80:100,192.168.27.37:80:100,192.168.29.24:80:100,192.168.29.28:80:100,192.168.25.57:80:100,192.168.29.21:80:100,192.168.51.221:80:100,192.168.31.25:80:100,192.168.2.190:80:100,192.168.15.244:80:100,192.168.15.105:80:100,192.168.1.116:80:100,192.168.54.14:80:100,192.168.25.223:80:100,192.168.5.252:80:100,192.168.9.107:80:100,192.168.14.164:80:100", + "vip":"111.13.235.224" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.241:80:100,192.168.39.201:80:100,192.168.18.17:80:100,192.168.17.11:80:100,192.168.30.156:80:100,192.168.57.241:80:100,192.168.47.4:80:100,192.168.23.157:80:100,192.168.30.200:80:100,192.168.47.121:80:100,192.168.15.21:80:100,192.168.41.115:80:100,192.168.9.215:80:100,192.168.55.129:80:100,192.168.46.180:80:100,192.168.27.122:80:100,192.168.34.214:80:100,192.168.22.210:80:100,192.168.47.72:80:100,192.168.29.58:80:100,192.168.29.234:80:100,192.168.50.78:80:100,192.168.39.36:80:100,192.168.3.28:80:100,192.168.50.40:80:100,192.168.27.204:80:100,192.168.38.215:80:100,192.168.10.111:80:100,192.168.43.217:80:100,192.168.23.23:80:100,192.168.19.199:80:100,192.168.33.126:80:100,192.168.1.64:80:100,192.168.47.125:80:100,192.168.51.14:80:100,192.168.38.121:80:100,192.168.11.70:80:100,192.168.11.234:80:100,192.168.47.71:80:100,192.168.10.112:80:100,192.168.50.204:80:100,192.168.41.240:80:100,192.168.45.132:80:100,192.168.33.204:80:100,192.168.54.79:80:100,192.168.17.31:80:100,192.168.3.156:80:100,192.168.9.95:80:100,192.168.18.239:80:100,192.168.10.216:80:100,192.168.19.62:80:100,192.168.46.147:80:100,192.168.53.56:80:100,192.168.33.26:80:100,192.168.3.70:80:100,192.168.33.57:80:100,192.168.47.2:80:100,192.168.33.213:80:100,192.168.35.137:80:100,192.168.31.139:80:100,192.168.10.152:80:100,192.168.41.160:80:100,192.168.35.238:80:100,192.168.54.5:80:100,192.168.35.20:80:100,192.168.53.6:80:100,192.168.45.237:80:100,192.168.49.248:80:100,192.168.29.103:80:100,192.168.10.115:80:100,192.168.45.45:80:100,192.168.57.41:80:100,192.168.59.28:80:100,192.168.59.112:80:100,192.168.55.60:80:100,192.168.13.104:80:100,192.168.7.169:80:100,192.168.3.218:80:100", + "vip":"192.168.101.203" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.216:80:100,192.168.33.142:80:100,192.168.47.223:80:100,192.168.7.47:80:100,192.168.51.176:80:100", + "vip":"111.13.235.70" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.50:80:100,192.168.39.187:80:100,192.168.33.39:80:100,192.168.41.175:80:100,192.168.15.101:80:100,192.168.37.246:80:100,192.168.3.193:80:100,192.168.19.149:80:100,192.168.57.103:80:100", + "vip":"111.13.235.210" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.247:80:100,192.168.29.88:80:100,192.168.19.118:80:100", + "vip":"192.168.101.177" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.121:80:100", + "vip":"192.168.102.78" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.221:80:100,192.168.2.40:80:100,192.168.14.7:80:100,192.168.47.89:80:100,192.168.31.25:80:100,192.168.58.51:80:100", + "vip":"111.13.235.139" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.7.68:80:100,192.168.35.254:80:100", + "vip":"111.13.235.177" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.215:80:100,192.168.50.202:80:100", + "vip":"192.168.101.238" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.119:80:100,192.168.35.186:80:100,192.168.39.201:80:100,192.168.51.187:80:100", + "vip":"111.13.235.155" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.122:80:100,192.168.21.13:80:100,192.168.26.43:80:100,192.168.6.75:80:100,192.168.13.75:80:100,192.168.53.103:80:100,192.168.34.116:80:100,192.168.17.74:80:100,192.168.53.164:80:100,192.168.58.139:80:100,192.168.58.195:80:100,192.168.3.97:80:100,192.168.10.188:80:100,192.168.35.35:80:100,192.168.38.72:80:100,192.168.1.27:80:100,192.168.26.97:80:100,192.168.25.202:80:100,192.168.18.130:80:100,192.168.11.30:80:100,192.168.27.166:80:100,192.168.10.133:80:100,192.168.11.209:80:100,192.168.29.240:80:100,192.168.11.213:80:100,192.168.23.147:80:100", + "vip":"192.168.102.158" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.108:80:100,192.168.18.181:80:100,192.168.9.149:80:100,192.168.9.41:80:100", + "vip":"111.13.235.131" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.213:80:100,192.168.57.46:80:100", + "vip":"192.168.102.67" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.219:80:100,192.168.43.185:80:100", + "vip":"192.168.102.102" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.175:80:100,192.168.41.145:80:100,192.168.54.199:80:100", + "vip":"111.13.235.235" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.239:80:100,192.168.50.61:80:100,192.168.57.222:80:100,192.168.27.25:80:100,192.168.49.121:80:100,192.168.37.27:80:100,192.168.53.37:80:100,192.168.11.102:80:100,192.168.27.20:80:100,192.168.13.115:80:100,192.168.17.190:80:100,192.168.15.245:80:100,192.168.49.230:80:100,192.168.31.254:80:100,192.168.59.207:80:100,192.168.53.249:80:100,192.168.33.234:80:100,192.168.37.97:80:100,192.168.45.82:80:100,192.168.1.59:80:100,192.168.43.184:80:100,192.168.53.117:80:100,192.168.58.26:80:100,192.168.18.237:80:100,192.168.18.162:80:100,192.168.14.125:80:100,192.168.43.101:80:100,192.168.54.64:80:100,192.168.35.227:80:100,192.168.41.79:80:100,192.168.26.85:80:100,192.168.10.124:80:100,192.168.43.148:80:100,192.168.27.147:80:100", + "vip":"192.168.102.115" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.190:80:100,192.168.7.51:80:100,192.168.7.166:80:100,192.168.49.94:80:100,192.168.50.237:80:100,192.168.17.194:80:100,192.168.5.195:80:100,192.168.23.251:80:100,192.168.29.60:80:100,192.168.21.117:80:100", + "vip":"111.13.235.161" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.176:80:100,192.168.9.149:80:100,192.168.10.84:80:100,192.168.30.198:80:100", + "vip":"192.168.102.146" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.229:80:100,192.168.54.226:80:100", + "vip":"192.168.101.55" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.109:80:100,192.168.25.167:80:100,192.168.46.31:80:100", + "vip":"192.168.102.151" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.145:80:100,192.168.49.218:80:100,192.168.55.166:80:100,192.168.38.127:80:100", + "vip":"111.13.235.128" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.96:80:100,192.168.30.125:80:100,192.168.43.185:80:100,192.168.35.117:80:100,192.168.17.223:80:100,192.168.57.21:80:100,192.168.45.170:80:100,192.168.9.137:80:100,192.168.27.106:80:100,192.168.14.137:80:100,192.168.33.225:80:100", + "vip":"111.13.235.237" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.148:80:100,192.168.34.172:80:100,192.168.42.202:80:100,192.168.43.167:80:100,192.168.3.113:80:100", + "vip":"192.168.102.154" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.193:80:100,192.168.13.153:80:100,192.168.3.35:80:100,192.168.58.108:80:100,192.168.51.14:80:100,192.168.37.229:80:100,192.168.3.12:80:100,192.168.19.151:80:100", + "vip":"111.13.235.136" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.247:80:100,192.168.49.86:80:100,192.168.58.83:80:100", + "vip":"192.168.102.254" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.185:80:100,192.168.35.52:80:100", + "vip":"192.168.102.124" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.142:80:100,192.168.9.79:80:100", + "vip":"111.13.235.79" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.3:80:100,192.168.9.200:80:100,192.168.14.252:80:100,192.168.58.62:80:100", + "vip":"192.168.101.153" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.132:80:100,192.168.58.126:80:100,192.168.15.98:80:100,192.168.19.30:80:100,192.168.10.66:80:100", + "vip":"192.168.101.11" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.126:80:100,192.168.7.108:80:100,192.168.14.89:80:100,192.168.30.188:80:100,192.168.33.147:80:100,192.168.34.212:80:100,192.168.2.147:80:100", + "vip":"111.13.235.245" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.108:80:100,192.168.11.121:80:100,192.168.6.163:80:100", + "vip":"192.168.102.188" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.192:80:100,192.168.43.41:80:100,192.168.41.131:80:100,192.168.49.235:80:100", + "vip":"192.168.102.202" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.253:80:100,192.168.38.108:80:100,192.168.39.11:80:100,192.168.39.25:80:100,192.168.19.7:80:100,192.168.6.252:80:100", + "vip":"192.168.102.127" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.159:80:100,192.168.38.44:80:100,192.168.59.185:80:100,192.168.34.29:80:100", + "vip":"111.13.235.122" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.26:80:100,192.168.19.148:80:100,192.168.22.221:80:100,192.168.25.228:80:100", + "vip":"192.168.102.243" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.108:80:100,192.168.17.153:80:100,192.168.37.44:80:100", + "vip":"192.168.102.112" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.152:80:100", + "vip":"192.168.102.95" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.174:80:100,192.168.19.138:80:100,192.168.13.96:80:100", + "vip":"192.168.101.121" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.177:80:100", + "vip":"192.168.101.110" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.29:80:100,192.168.46.211:80:100,192.168.27.187:80:100,192.168.27.26:80:100,192.168.41.210:80:100,192.168.31.127:80:100,192.168.49.8:80:100,192.168.9.101:80:100,192.168.42.9:80:100,192.168.15.241:80:100,192.168.45.102:80:100,192.168.54.111:80:100,192.168.1.184:80:100,192.168.29.234:80:100,192.168.22.35:80:100,192.168.25.15:80:100,192.168.53.116:80:100,192.168.55.99:80:100,192.168.18.75:80:100,192.168.1.67:80:100,192.168.25.93:80:100,192.168.15.229:80:100,192.168.13.233:80:100,192.168.21.215:80:100,192.168.37.222:80:100,192.168.11.19:80:100,192.168.29.81:80:100", + "vip":"111.13.235.83" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.148:80:100,192.168.30.108:80:100,192.168.53.242:80:100,192.168.7.62:80:100", + "vip":"192.168.101.228" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.57:80:100,192.168.46.137:80:100,192.168.13.55:80:100,192.168.1.42:80:100,192.168.38.200:80:100,192.168.59.73:80:100", + "vip":"192.168.102.65" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.155:80:100", + "vip":"192.168.101.249" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.66:80:100,192.168.57.133:80:100,192.168.55.220:80:100,192.168.18.215:80:100", + "vip":"192.168.101.189" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.186:80:100,192.168.14.88:80:100,192.168.9.227:80:100", + "vip":"111.13.235.124" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.53:80:100,192.168.37.200:80:100", + "vip":"111.13.235.230" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.82:80:100", + "vip":"192.168.102.241" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.54:80:100,192.168.53.245:80:100,192.168.10.217:80:100,192.168.6.178:80:100", + "vip":"192.168.102.29" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.25:80:100", + "vip":"192.168.101.123" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.51:80:100", + "vip":"192.168.102.14" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.12:80:100,192.168.27.113:80:100,192.168.10.249:80:100,192.168.54.50:80:100,192.168.3.143:80:100,192.168.21.21:80:100,192.168.34.225:80:100,192.168.10.175:80:100,192.168.1.45:80:100,192.168.42.159:80:100,192.168.58.52:80:100,192.168.21.44:80:100,192.168.27.68:80:100,192.168.21.160:80:100,192.168.41.94:80:100,192.168.33.108:80:100,192.168.54.30:80:100,192.168.53.250:80:100,192.168.58.144:80:100,192.168.3.2:80:100,192.168.35.247:80:100,192.168.10.35:80:100,192.168.54.171:80:100,192.168.33.42:80:100,192.168.50.39:80:100,192.168.29.92:80:100,192.168.50.78:80:100,192.168.50.198:80:100,192.168.39.246:80:100,192.168.5.72:80:100,192.168.53.53:80:100,192.168.37.148:80:100,192.168.39.41:80:100,192.168.27.91:80:100,192.168.27.243:80:100,192.168.23.192:80:100,192.168.42.103:80:100,192.168.50.130:80:100,192.168.47.42:80:100,192.168.23.25:80:100,192.168.33.97:80:100,192.168.18.163:80:100,192.168.49.230:80:100,192.168.38.240:80:100,192.168.43.112:80:100,192.168.5.236:80:100,192.168.21.89:80:100,192.168.54.188:80:100,192.168.5.66:80:100,192.168.5.174:80:100,192.168.49.24:80:100,192.168.2.132:80:100,192.168.33.179:80:100,192.168.57.202:80:100,192.168.3.216:80:100,192.168.33.183:80:100,192.168.23.99:80:100,192.168.9.229:80:100,192.168.39.146:80:100,192.168.31.130:80:100,192.168.47.14:80:100,192.168.10.40:80:100,192.168.5.31:80:100,192.168.23.170:80:100,192.168.9.38:80:100,192.168.42.61:80:100,192.168.49.13:80:100,192.168.54.212:80:100,192.168.31.199:80:100,192.168.50.207:80:100,192.168.31.251:80:100,192.168.57.19:80:100,192.168.27.116:80:100,192.168.9.240:80:100,192.168.55.208:80:100,192.168.30.181:80:100,192.168.47.137:80:100,192.168.21.138:80:100,192.168.19.71:80:100,192.168.42.41:80:100,192.168.30.19:80:100,192.168.18.211:80:100,192.168.43.118:80:100,192.168.30.175:80:100,192.168.25.236:80:100,192.168.5.180:80:100,192.168.50.193:80:100,192.168.42.183:80:100,192.168.46.79:80:100,192.168.39.40:80:100,192.168.50.149:80:100,192.168.13.127:80:100,192.168.22.96:80:100,192.168.35.31:80:100,192.168.19.101:80:100,192.168.29.185:80:100,192.168.22.58:80:100,192.168.53.205:80:100,192.168.3.253:80:100,192.168.49.100:80:100,192.168.7.111:80:100,192.168.2.12:80:100", + "vip":"192.168.102.143" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.55:80:100", + "vip":"192.168.102.255" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.99:80:100", + "vip":"111.13.235.232" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.153:80:100,192.168.11.191:80:100,192.168.27.154:80:100,192.168.27.21:80:100,192.168.54.31:80:100,192.168.25.14:80:100,192.168.45.26:80:100,192.168.7.98:80:100,192.168.14.54:80:100,192.168.41.163:80:100,192.168.3.111:80:100,192.168.25.238:80:100,192.168.43.127:80:100,192.168.35.240:80:100,192.168.22.181:80:100,192.168.43.152:80:100,192.168.13.194:80:100,192.168.31.141:80:100,192.168.10.134:80:100", + "vip":"111.13.235.229" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.41:80:100,192.168.26.25:80:100,192.168.53.45:80:100,192.168.1.249:80:100,192.168.45.141:80:100,192.168.25.39:80:100,192.168.11.138:80:100,192.168.27.60:80:100,192.168.38.129:80:100,192.168.2.218:80:100,192.168.42.48:80:100,192.168.53.159:80:100,192.168.22.121:80:100,192.168.54.178:80:100,192.168.3.186:80:100,192.168.5.12:80:100,192.168.27.206:80:100,192.168.34.249:80:100,192.168.23.218:80:100,192.168.26.78:80:100,192.168.42.184:80:100,192.168.34.25:80:100,192.168.21.237:80:100,192.168.58.23:80:100,192.168.43.181:80:100,192.168.38.110:80:100,192.168.58.76:80:100,192.168.30.168:80:100,192.168.59.216:80:100,192.168.23.143:80:100,192.168.17.93:80:100,192.168.59.195:80:100,192.168.57.3:80:100", + "vip":"192.168.102.152" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.24:80:100,192.168.49.2:80:100,192.168.58.110:80:100", + "vip":"192.168.102.235" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.203:80:100,192.168.37.121:80:100,192.168.10.181:80:100,192.168.21.162:80:100,192.168.27.244:80:100,192.168.22.42:80:100,192.168.42.205:80:100,192.168.13.182:80:100", + "vip":"192.168.101.211" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.176:80:100,192.168.55.59:80:100", + "vip":"192.168.101.62" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.173:80:100", + "vip":"111.13.235.190" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.126:80:100,192.168.11.135:80:100,192.168.1.199:80:100,192.168.38.236:80:100", + "vip":"192.168.101.98" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.150:80:100,192.168.55.135:80:100,192.168.27.235:80:100", + "vip":"192.168.101.180" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.228:80:100,192.168.59.39:80:100", + "vip":"192.168.101.6" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.167:80:100,192.168.13.148:80:100,192.168.55.117:80:100", + "vip":"192.168.102.49" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.23:80:100,192.168.31.110:80:100,192.168.3.136:80:100,192.168.43.71:80:100,192.168.42.168:80:100,192.168.42.124:80:100,192.168.58.213:80:100,192.168.1.48:80:100,192.168.49.108:80:100,192.168.25.18:80:100,192.168.1.161:80:100,192.168.30.55:80:100,192.168.3.203:80:100,192.168.14.141:80:100,192.168.9.35:80:100,192.168.15.57:80:100", + "vip":"192.168.102.63" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.124:80:100,192.168.9.64:80:100,192.168.35.216:80:100,192.168.50.58:80:100", + "vip":"111.13.235.192" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.84:80:100,192.168.25.38:80:100,192.168.53.227:80:100", + "vip":"192.168.101.216" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.112:80:100,192.168.55.192:80:100,192.168.14.143:80:100,192.168.18.191:80:100", + "vip":"111.13.235.247" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.139:80:100", + "vip":"192.168.102.239" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.169:80:100,192.168.35.228:80:100", + "vip":"192.168.101.172" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.57.14:80:100,192.168.1.75:80:100,192.168.26.63:80:100", + "vip":"192.168.102.125" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.152:80:100,192.168.3.10:80:100,192.168.35.103:80:100,192.168.25.206:80:100,192.168.3.143:80:100,192.168.57.172:80:100,192.168.46.225:80:100,192.168.35.144:80:100,192.168.22.173:80:100,192.168.31.110:80:100,192.168.11.14:80:100,192.168.39.248:80:100,192.168.37.229:80:100,192.168.47.65:80:100,192.168.49.211:80:100,192.168.14.25:80:100,192.168.33.215:80:100,192.168.10.90:80:100,192.168.19.145:80:100,192.168.19.206:80:100,192.168.29.238:80:100,192.168.2.127:80:100,192.168.14.148:80:100,192.168.51.150:80:100,192.168.3.84:80:100,192.168.25.161:80:100,192.168.17.187:80:100,192.168.37.183:80:100,192.168.7.162:80:100,192.168.38.134:80:100,192.168.50.198:80:100,192.168.46.18:80:100,192.168.37.74:80:100,192.168.34.247:80:100,192.168.35.168:80:100,192.168.5.187:80:100,192.168.5.69:80:100,192.168.15.32:80:100,192.168.51.36:80:100,192.168.58.148:80:100,192.168.51.251:80:100,192.168.39.58:80:100,192.168.35.166:80:100,192.168.7.76:80:100,192.168.14.129:80:100,192.168.42.84:80:100,192.168.54.191:80:100,192.168.1.13:80:100,192.168.2.161:80:100,192.168.53.174:80:100,192.168.45.76:80:100,192.168.47.243:80:100,192.168.37.202:80:100,192.168.34.208:80:100,192.168.10.222:80:100,192.168.17.145:80:100,192.168.46.19:80:100,192.168.42.251:80:100,192.168.18.154:80:100,192.168.38.222:80:100,192.168.30.125:80:100,192.168.29.18:80:100,192.168.30.186:80:100,192.168.57.124:80:100,192.168.9.241:80:100,192.168.59.34:80:100,192.168.3.109:80:100,192.168.27.212:80:100,192.168.27.15:80:100,192.168.5.124:80:100,192.168.18.86:80:100,192.168.23.100:80:100,192.168.7.16:80:100,192.168.27.87:80:100,192.168.13.56:80:100,192.168.38.166:80:100,192.168.54.225:80:100,192.168.7.137:80:100,192.168.6.205:80:100,192.168.50.100:80:100,192.168.1.238:80:100,192.168.37.174:80:100,192.168.59.78:80:100,192.168.51.68:80:100,192.168.29.60:80:100,192.168.57.164:80:100,192.168.3.105:80:100,192.168.29.89:80:100,192.168.42.203:80:100,192.168.50.60:80:100,192.168.19.84:80:100,192.168.3.30:80:100,192.168.43.186:80:100,192.168.34.1:80:100,192.168.39.56:80:100,192.168.23.112:80:100,192.168.35.199:80:100,192.168.13.61:80:100,192.168.5.171:80:100,192.168.15.195:80:100,192.168.33.221:80:100,192.168.31.143:80:100,192.168.37.140:80:100,192.168.7.134:80:100,192.168.25.117:80:100,192.168.22.183:80:100,192.168.9.199:80:100,192.168.13.229:80:100,192.168.17.27:80:100,192.168.51.74:80:100,192.168.39.82:80:100,192.168.6.13:80:100,192.168.30.118:80:100", + "vip":"111.13.235.179" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.176:80:100,192.168.51.116:80:100,192.168.22.123:80:100,192.168.25.220:80:100", + "vip":"111.13.235.199" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.203:80:100,192.168.14.22:80:100,192.168.42.222:80:100,192.168.39.34:80:100", + "vip":"192.168.101.4" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.239:80:100,192.168.46.57:80:100,192.168.13.109:80:100", + "vip":"111.13.235.172" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.224:80:100,192.168.46.93:80:100,192.168.41.205:80:100,192.168.7.183:80:100,192.168.26.175:80:100,192.168.14.111:80:100,192.168.13.49:80:100,192.168.27.156:80:100", + "vip":"192.168.101.22" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.115:80:100,192.168.41.101:80:100,192.168.18.53:80:100", + "vip":"192.168.101.101" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.206:80:100,192.168.38.184:80:100,192.168.49.180:80:100,192.168.22.100:80:100", + "vip":"192.168.101.17" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.71:80:100", + "vip":"111.13.235.99" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.249:80:100,192.168.5.244:80:100,192.168.53.71:80:100,192.168.27.45:80:100,192.168.2.191:80:100,192.168.46.14:80:100", + "vip":"192.168.101.115" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.54:80:100", + "vip":"192.168.102.244" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.100:80:100,192.168.42.233:80:100,192.168.17.170:80:100,192.168.2.5:80:100", + "vip":"111.13.235.240" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.250:80:100,192.168.17.78:80:100,192.168.19.111:80:100,192.168.58.30:80:100,192.168.22.63:80:100,192.168.29.162:80:100", + "vip":"111.13.235.72" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.1:80:100", + "vip":"192.168.101.175" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.238:80:100,192.168.5.91:80:100,192.168.55.192:80:100,192.168.46.187:80:100,192.168.11.42:80:100,192.168.23.167:80:100,192.168.33.233:80:100,192.168.21.230:80:100,192.168.42.218:80:100,192.168.21.229:80:100,192.168.33.120:80:100,192.168.23.73:80:100,192.168.26.218:80:100,192.168.21.45:80:100,192.168.9.167:80:100,192.168.59.128:80:100,192.168.2.233:80:100,192.168.10.84:80:100,192.168.45.190:80:100", + "vip":"192.168.101.14" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.74:80:100,192.168.39.192:80:100,192.168.30.40:80:100,192.168.31.147:80:100,192.168.18.92:80:100,192.168.9.63:80:100,192.168.49.232:80:100,192.168.26.190:80:100,192.168.42.9:80:100,192.168.49.135:80:100,192.168.2.250:80:100,192.168.34.227:80:100,192.168.54.53:80:100,192.168.37.248:80:100,192.168.57.166:80:100,192.168.43.15:80:100,192.168.30.239:80:100,192.168.27.17:80:100,192.168.35.196:80:100,192.168.18.142:80:100,192.168.55.84:80:100,192.168.27.43:80:100,192.168.47.167:80:100,192.168.47.151:80:100,192.168.49.97:80:100,192.168.46.20:80:100,192.168.2.86:80:100,192.168.5.189:80:100,192.168.53.9:80:100,192.168.29.51:80:100", + "vip":"111.13.235.68" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.127:80:100,192.168.54.112:80:100", + "vip":"192.168.101.155" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.22:80:100,192.168.22.139:80:100,192.168.47.136:80:100,192.168.39.105:80:100,192.168.37.89:80:100,192.168.43.45:80:100,192.168.33.117:80:100", + "vip":"192.168.101.161" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.51:80:100,192.168.21.198:80:100,192.168.50.133:80:100", + "vip":"111.13.235.157" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.135:80:100,192.168.2.238:80:100,192.168.47.211:80:100,192.168.39.108:80:100,192.168.15.8:80:100,192.168.35.82:80:100,192.168.49.158:80:100,192.168.59.152:80:100,192.168.31.24:80:100,192.168.15.220:80:100,192.168.53.109:80:100,192.168.30.224:80:100,192.168.21.41:80:100,192.168.3.204:80:100,192.168.27.213:80:100,192.168.18.103:80:100", + "vip":"192.168.101.60" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.112:80:100,192.168.26.11:80:100,192.168.55.186:80:100,192.168.2.241:80:100,192.168.51.33:80:100", + "vip":"192.168.101.209" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.160:80:100", + "vip":"192.168.101.74" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.218:80:100,192.168.15.65:80:100,192.168.53.110:80:100,192.168.11.25:80:100", + "vip":"192.168.102.139" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.252:80:100,192.168.10.201:80:100,192.168.50.107:80:100,192.168.18.240:80:100,192.168.3.165:80:100,192.168.37.100:80:100", + "vip":"192.168.102.97" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.196:80:100,192.168.31.215:80:100,192.168.30.132:80:100,192.168.55.244:80:100,192.168.6.107:80:100,192.168.23.26:80:100,192.168.15.27:80:100,192.168.11.102:80:100,192.168.50.56:80:100,192.168.59.237:80:100,192.168.59.33:80:100,192.168.9.64:80:100,192.168.3.228:80:100,192.168.21.46:80:100,192.168.14.240:80:100,192.168.51.137:80:100,192.168.35.21:80:100,192.168.5.203:80:100,192.168.53.165:80:100,192.168.47.89:80:100,192.168.41.106:80:100,192.168.45.86:80:100,192.168.10.178:80:100,192.168.43.131:80:100,192.168.51.193:80:100,192.168.49.161:80:100,192.168.29.230:80:100,192.168.35.245:80:100,192.168.39.182:80:100,192.168.54.184:80:100,192.168.19.165:80:100,192.168.34.42:80:100", + "vip":"111.13.235.197" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.151:80:100,192.168.37.155:80:100,192.168.1.81:80:100,192.168.37.46:80:100,192.168.31.227:80:100", + "vip":"192.168.102.55" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.113:80:100,192.168.13.212:80:100,192.168.45.242:80:100,192.168.22.186:80:100", + "vip":"192.168.102.175" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.19:80:100", + "vip":"192.168.102.204" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.82:80:100,192.168.25.228:80:100,192.168.17.21:80:100,192.168.33.233:80:100,192.168.13.225:80:100,192.168.33.181:80:100,192.168.31.219:80:100,192.168.43.72:80:100,192.168.21.38:80:100,192.168.39.2:80:100", + "vip":"192.168.101.36" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.57.13:80:100,192.168.25.137:80:100,192.168.15.65:80:100,192.168.6.143:80:100,192.168.7.80:80:100,192.168.30.37:80:100,192.168.47.145:80:100", + "vip":"192.168.101.117" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.1:80:100,192.168.30.243:80:100,192.168.2.179:80:100,192.168.22.120:80:100", + "vip":"192.168.102.108" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.141:80:100,192.168.51.99:80:100,192.168.55.142:80:100,192.168.1.245:80:100", + "vip":"111.13.235.137" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.11:80:100,192.168.25.132:80:100,192.168.50.31:80:100,192.168.26.79:80:100,192.168.49.105:80:100,192.168.6.133:80:100,192.168.17.178:80:100,192.168.5.162:80:100,192.168.9.233:80:100,192.168.11.198:80:100,192.168.35.250:80:100,192.168.33.4:80:100,192.168.53.230:80:100,192.168.9.110:80:100,192.168.17.233:80:100", + "vip":"192.168.101.93" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.30:80:100,192.168.30.141:80:100,192.168.6.9:80:100", + "vip":"192.168.102.18" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.4:80:100,192.168.3.206:80:100,192.168.41.174:80:100", + "vip":"192.168.101.240" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.165:80:100,192.168.3.127:80:100,192.168.53.252:80:100,192.168.18.184:80:100,192.168.35.100:80:100,192.168.2.44:80:100,192.168.23.4:80:100,192.168.25.126:80:100,192.168.41.82:80:100", + "vip":"192.168.102.159" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.92:80:100,192.168.19.83:80:100,192.168.34.95:80:100", + "vip":"111.13.235.96" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.211:80:100", + "vip":"111.13.235.108" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.231:80:100,192.168.46.224:80:100,192.168.6.26:80:100,192.168.19.1:80:100,192.168.37.233:80:100,192.168.33.108:80:100,192.168.33.233:80:100,192.168.46.1:80:100,192.168.33.114:80:100,192.168.33.121:80:100,192.168.19.223:80:100,192.168.29.107:80:100,192.168.6.124:80:100,192.168.38.213:80:100,192.168.27.128:80:100,192.168.59.142:80:100,192.168.27.108:80:100,192.168.53.240:80:100,192.168.13.75:80:100,192.168.21.251:80:100,192.168.26.84:80:100,192.168.54.69:80:100,192.168.50.110:80:100,192.168.34.184:80:100,192.168.26.94:80:100,192.168.26.117:80:100,192.168.30.68:80:100,192.168.3.26:80:100,192.168.2.167:80:100,192.168.57.160:80:100,192.168.22.150:80:100,192.168.23.197:80:100,192.168.34.75:80:100,192.168.5.38:80:100,192.168.43.143:80:100,192.168.57.82:80:100,192.168.14.168:80:100,192.168.19.151:80:100,192.168.58.252:80:100,192.168.15.179:80:100,192.168.5.125:80:100,192.168.6.45:80:100,192.168.43.177:80:100,192.168.30.127:80:100,192.168.57.166:80:100,192.168.45.114:80:100,192.168.59.54:80:100,192.168.7.247:80:100,192.168.53.83:80:100,192.168.25.67:80:100,192.168.3.61:80:100,192.168.33.1:80:100,192.168.5.58:80:100,192.168.17.196:80:100,192.168.58.65:80:100,192.168.59.34:80:100,192.168.37.154:80:100,192.168.22.112:80:100,192.168.31.184:80:100,192.168.27.33:80:100,192.168.50.233:80:100,192.168.25.36:80:100,192.168.47.187:80:100,192.168.57.11:80:100,192.168.57.88:80:100,192.168.53.40:80:100,192.168.27.201:80:100,192.168.18.162:80:100,192.168.23.63:80:100,192.168.29.73:80:100,192.168.53.126:80:100,192.168.57.189:80:100,192.168.42.78:80:100,192.168.47.37:80:100,192.168.46.213:80:100,192.168.22.137:80:100,192.168.47.106:80:100", + "vip":"192.168.101.39" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.30:80:100", + "vip":"192.168.101.86" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.72:80:100", + "vip":"192.168.101.31" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.237:80:100,192.168.54.27:80:100,192.168.45.209:80:100,192.168.29.205:80:100,192.168.14.144:80:100,192.168.34.65:80:100,192.168.23.189:80:100,192.168.19.151:80:100", + "vip":"192.168.101.91" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.254:80:100,192.168.53.181:80:100,192.168.46.20:80:100,192.168.50.157:80:100,192.168.17.145:80:100,192.168.19.223:80:100,192.168.54.117:80:100,192.168.3.8:80:100", + "vip":"192.168.101.242" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.196:80:100", + "vip":"192.168.101.157" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.246:80:100,192.168.47.206:80:100,192.168.6.19:80:100,192.168.49.235:80:100", + "vip":"192.168.101.85" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.23:80:100,192.168.41.42:80:100", + "vip":"192.168.101.182" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.57:80:100,192.168.51.104:80:100,192.168.6.169:80:100,192.168.7.229:80:100", + "vip":"111.13.235.78" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.140:80:100,192.168.41.131:80:100", + "vip":"192.168.102.119" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.142:80:100", + "vip":"111.13.235.156" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.143:80:100,192.168.55.222:80:100,192.168.34.148:80:100,192.168.17.191:80:100", + "vip":"192.168.102.224" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.74:80:100,192.168.31.21:80:100", + "vip":"111.13.235.126" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.239:80:100", + "vip":"111.13.235.170" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.132:80:100,192.168.7.221:80:100", + "vip":"192.168.101.20" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.164:80:100,192.168.10.205:80:100", + "vip":"192.168.101.15" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.137:80:100", + "vip":"192.168.101.143" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.167:80:100,192.168.41.77:80:100,192.168.15.70:80:100,192.168.17.5:80:100", + "vip":"192.168.102.114" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.196:80:100,192.168.46.186:80:100,192.168.25.39:80:100,192.168.51.186:80:100,192.168.29.57:80:100,192.168.46.222:80:100,192.168.47.101:80:100,192.168.45.205:80:100,192.168.45.139:80:100,192.168.15.163:80:100,192.168.14.155:80:100,192.168.58.225:80:100,192.168.53.88:80:100,192.168.35.173:80:100,192.168.33.171:80:100,192.168.14.184:80:100,192.168.19.89:80:100,192.168.21.78:80:100,192.168.39.7:80:100,192.168.9.20:80:100,192.168.6.94:80:100,192.168.17.158:80:100,192.168.49.145:80:100,192.168.23.151:80:100,192.168.43.240:80:100,192.168.51.208:80:100,192.168.53.109:80:100,192.168.38.136:80:100,192.168.47.54:80:100", + "vip":"111.13.235.242" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.244:80:100,192.168.31.236:80:100,192.168.25.140:80:100,192.168.29.254:80:100,192.168.23.181:80:100,192.168.57.95:80:100", + "vip":"192.168.102.242" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.92:80:100,192.168.53.17:80:100,192.168.38.107:80:100", + "vip":"111.13.235.195" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.138:80:100,192.168.38.139:80:100,192.168.7.184:80:100", + "vip":"192.168.102.150" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.6:80:100,192.168.54.254:80:100", + "vip":"192.168.101.8" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.103:80:100,192.168.23.215:80:100,192.168.50.142:80:100,192.168.26.209:80:100,192.168.23.73:80:100,192.168.6.243:80:100,192.168.23.130:80:100", + "vip":"192.168.102.17" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.118:80:100,192.168.38.98:80:100", + "vip":"111.13.235.107" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.77:80:100,192.168.54.177:80:100,192.168.47.228:80:100,192.168.39.191:80:100", + "vip":"192.168.101.229" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.254:80:100,192.168.18.57:80:100,192.168.43.90:80:100,192.168.57.222:80:100,192.168.42.206:80:100,192.168.46.225:80:100,192.168.55.16:80:100,192.168.43.48:80:100,192.168.58.117:80:100,192.168.25.31:80:100,192.168.17.151:80:100,192.168.13.228:80:100,192.168.58.65:80:100,192.168.57.36:80:100,192.168.11.44:80:100,192.168.13.9:80:100,192.168.15.119:80:100,192.168.45.157:80:100,192.168.42.31:80:100,192.168.9.69:80:100,192.168.31.94:80:100,192.168.15.152:80:100,192.168.2.151:80:100,192.168.15.219:80:100,192.168.14.72:80:100,192.168.9.144:80:100,192.168.13.151:80:100,192.168.17.39:80:100,192.168.7.247:80:100,192.168.3.245:80:100,192.168.57.111:80:100,192.168.49.64:80:100,192.168.10.251:80:100,192.168.22.254:80:100,192.168.17.154:80:100,192.168.53.174:80:100,192.168.47.54:80:100,192.168.11.80:80:100,192.168.19.177:80:100,192.168.30.89:80:100,192.168.14.110:80:100,192.168.26.253:80:100,192.168.59.114:80:100,192.168.10.145:80:100,192.168.27.230:80:100,192.168.17.221:80:100,192.168.13.133:80:100,192.168.35.189:80:100,192.168.31.51:80:100,192.168.41.40:80:100,192.168.27.170:80:100,192.168.10.28:80:100,192.168.29.244:80:100,192.168.51.66:80:100,192.168.42.109:80:100,192.168.58.41:80:100,192.168.59.250:80:100,192.168.6.205:80:100,192.168.1.173:80:100,192.168.31.21:80:100,192.168.57.139:80:100,192.168.14.26:80:100,192.168.14.225:80:100,192.168.18.27:80:100,192.168.13.142:80:100,192.168.23.76:80:100,192.168.53.12:80:100,192.168.14.123:80:100,192.168.42.211:80:100,192.168.6.34:80:100,192.168.34.157:80:100,192.168.57.241:80:100,192.168.59.215:80:100,192.168.17.252:80:100,192.168.41.241:80:100,192.168.33.184:80:100,192.168.55.185:80:100,192.168.35.197:80:100,192.168.39.251:80:100,192.168.21.213:80:100,192.168.6.45:80:100,192.168.55.199:80:100,192.168.35.215:80:100,192.168.11.78:80:100,192.168.59.57:80:100,192.168.43.179:80:100,192.168.19.61:80:100,192.168.18.202:80:100", + "vip":"111.13.235.252" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.125:80:100,192.168.49.64:80:100,192.168.22.58:80:100", + "vip":"192.168.102.199" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.240:80:100,192.168.21.51:80:100,192.168.42.210:80:100,192.168.59.174:80:100,192.168.15.71:80:100,192.168.18.3:80:100,192.168.58.115:80:100,192.168.17.42:80:100,192.168.46.186:80:100,192.168.53.23:80:100,192.168.33.214:80:100,192.168.13.15:80:100,192.168.17.156:80:100", + "vip":"111.13.235.236" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.114:80:100,192.168.41.210:80:100", + "vip":"192.168.102.185" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.18:80:100", + "vip":"192.168.101.220" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.7:80:100,192.168.7.15:80:100,192.168.17.127:80:100,192.168.46.113:80:100", + "vip":"111.13.235.105" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.52:80:100,192.168.45.135:80:100", + "vip":"192.168.101.78" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.240:80:100,192.168.49.178:80:100,192.168.9.173:80:100,192.168.11.125:80:100,192.168.23.145:80:100,192.168.2.43:80:100,192.168.37.109:80:100,192.168.25.173:80:100", + "vip":"192.168.101.252" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.104:80:100,192.168.19.62:80:100,192.168.37.122:80:100", + "vip":"192.168.102.3" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.77:80:100,192.168.15.134:80:100,192.168.45.12:80:100", + "vip":"192.168.101.94" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.152:80:100,192.168.17.151:80:100,192.168.29.100:80:100,192.168.41.79:80:100,192.168.3.234:80:100,192.168.42.152:80:100,192.168.6.178:80:100,192.168.30.128:80:100,192.168.53.214:80:100,192.168.49.209:80:100,192.168.45.2:80:100,192.168.51.144:80:100,192.168.29.47:80:100,192.168.22.222:80:100,192.168.6.22:80:100,192.168.33.236:80:100,192.168.33.183:80:100,192.168.1.67:80:100", + "vip":"192.168.102.205" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.21:80:100,192.168.37.138:80:100,192.168.31.156:80:100,192.168.27.230:80:100,192.168.2.186:80:100,192.168.54.213:80:100,192.168.14.110:80:100,192.168.14.93:80:100", + "vip":"192.168.101.231" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.238:80:100,192.168.6.246:80:100,192.168.6.175:80:100,192.168.2.237:80:100", + "vip":"192.168.102.41" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.217:80:100,192.168.34.10:80:100,192.168.9.142:80:100", + "vip":"192.168.102.128" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.239:80:100,192.168.3.107:80:100,192.168.37.7:80:100,192.168.2.49:80:100,192.168.19.38:80:100,192.168.3.179:80:100,192.168.25.180:80:100,192.168.7.24:80:100,192.168.19.171:80:100,192.168.34.35:80:100,192.168.2.170:80:100,192.168.54.41:80:100,192.168.21.195:80:100,192.168.22.175:80:100,192.168.46.10:80:100,192.168.23.127:80:100,192.168.39.174:80:100,192.168.59.135:80:100,192.168.45.21:80:100,192.168.30.38:80:100,192.168.15.4:80:100,192.168.30.45:80:100,192.168.26.98:80:100,192.168.38.105:80:100,192.168.6.146:80:100,192.168.25.27:80:100,192.168.49.63:80:100,192.168.5.14:80:100,192.168.47.37:80:100,192.168.51.192:80:100,192.168.49.188:80:100,192.168.10.158:80:100,192.168.46.237:80:100,192.168.18.68:80:100,192.168.37.20:80:100,192.168.33.197:80:100,192.168.14.223:80:100,192.168.15.7:80:100,192.168.27.142:80:100,192.168.2.89:80:100,192.168.47.252:80:100,192.168.22.142:80:100,192.168.49.97:80:100,192.168.33.126:80:100,192.168.26.67:80:100", + "vip":"192.168.102.98" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.213:80:100,192.168.3.126:80:100,192.168.15.199:80:100", + "vip":"192.168.101.164" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.161:80:100,192.168.11.47:80:100,192.168.26.245:80:100,192.168.19.176:80:100,192.168.35.209:80:100,192.168.38.247:80:100,192.168.35.214:80:100,192.168.59.246:80:100,192.168.10.38:80:100,192.168.5.205:80:100,192.168.27.104:80:100", + "vip":"192.168.101.70" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.111:80:100,192.168.54.227:80:100,192.168.43.50:80:100", + "vip":"192.168.102.207" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.197:80:100,192.168.37.44:80:100", + "vip":"192.168.101.27" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.137:80:100,192.168.51.133:80:100", + "vip":"192.168.102.177" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.83:80:100,192.168.58.78:80:100,192.168.1.192:80:100,192.168.47.197:80:100,192.168.38.157:80:100,192.168.47.150:80:100,192.168.25.215:80:100,192.168.46.118:80:100", + "vip":"192.168.101.148" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.7.113:80:100,192.168.35.169:80:100,192.168.34.131:80:100", + "vip":"111.13.235.142" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.170:80:100,192.168.7.88:80:100", + "vip":"192.168.102.45" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.81:80:100,192.168.2.145:80:100,192.168.55.54:80:100,192.168.29.115:80:100,192.168.46.140:80:100", + "vip":"192.168.101.102" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.122:80:100,192.168.9.211:80:100,192.168.33.226:80:100,192.168.21.22:80:100,192.168.43.18:80:100,192.168.25.143:80:100,192.168.47.238:80:100,192.168.7.100:80:100", + "vip":"192.168.101.25" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.65:80:100,192.168.38.112:80:100,192.168.19.30:80:100,192.168.5.31:80:100,192.168.57.77:80:100,192.168.23.6:80:100,192.168.22.99:80:100", + "vip":"192.168.102.72" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.182:80:100,192.168.53.196:80:100,192.168.47.231:80:100,192.168.6.17:80:100,192.168.45.178:80:100,192.168.9.86:80:100,192.168.2.213:80:100,192.168.13.157:80:100,192.168.58.60:80:100,192.168.26.53:80:100,192.168.45.89:80:100,192.168.31.157:80:100,192.168.19.62:80:100,192.168.15.153:80:100", + "vip":"192.168.102.172" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.85:80:100,192.168.39.194:80:100,192.168.2.11:80:100,192.168.49.73:80:100", + "vip":"192.168.101.134" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.250:80:100,192.168.14.27:80:100,192.168.50.18:80:100", + "vip":"192.168.101.188" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.126:80:100,192.168.1.209:80:100", + "vip":"192.168.101.76" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.95:80:100,192.168.22.159:80:100,192.168.45.206:80:100,192.168.46.147:80:100,192.168.54.159:80:100,192.168.57.9:80:100", + "vip":"111.13.235.239" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.206:80:100,192.168.39.190:80:100,192.168.2.205:80:100", + "vip":"192.168.102.218" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.26.176:80:100,192.168.21.168:80:100,192.168.19.9:80:100,192.168.31.190:80:100,192.168.29.16:80:100,192.168.42.79:80:100,192.168.57.3:80:100", + "vip":"192.168.102.240" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.130:80:100,192.168.1.24:80:100,192.168.9.184:80:100,192.168.1.146:80:100,192.168.37.64:80:100,192.168.3.165:80:100,192.168.46.166:80:100,192.168.27.120:80:100,192.168.29.41:80:100,192.168.26.130:80:100,192.168.29.14:80:100,192.168.59.209:80:100,192.168.1.2:80:100,192.168.58.106:80:100,192.168.33.210:80:100,192.168.27.123:80:100", + "vip":"111.13.235.208" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.116:80:100", + "vip":"111.13.235.84" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.166:80:100,192.168.21.5:80:100", + "vip":"111.13.235.93" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.77:80:100,192.168.41.56:80:100,192.168.57.189:80:100", + "vip":"192.168.101.179" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.201:80:100,192.168.45.229:80:100,192.168.29.141:80:100,192.168.27.229:80:100", + "vip":"192.168.101.235" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.180:80:100,192.168.6.144:80:100,192.168.41.49:80:100,192.168.33.25:80:100", + "vip":"192.168.101.250" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.11:80:100,192.168.53.75:80:100,192.168.46.169:80:100,192.168.35.193:80:100", + "vip":"192.168.102.26" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.222:80:100,192.168.26.116:80:100", + "vip":"111.13.235.217" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.44:80:100,192.168.57.200:80:100,192.168.31.79:80:100,192.168.38.108:80:100,192.168.23.8:80:100,192.168.38.115:80:100,192.168.51.120:80:100,192.168.7.68:80:100,192.168.33.87:80:100,192.168.35.100:80:100,192.168.14.71:80:100,192.168.9.58:80:100,192.168.43.236:80:100,192.168.42.51:80:100,192.168.37.48:80:100,192.168.42.62:80:100,192.168.53.34:80:100,192.168.25.148:80:100,192.168.6.231:80:100,192.168.2.60:80:100,192.168.17.193:80:100,192.168.2.52:80:100,192.168.57.124:80:100,192.168.5.200:80:100,192.168.19.248:80:100,192.168.29.178:80:100,192.168.23.138:80:100,192.168.19.41:80:100,192.168.55.249:80:100,192.168.34.185:80:100,192.168.43.133:80:100,192.168.23.136:80:100,192.168.42.111:80:100,192.168.6.10:80:100,192.168.17.71:80:100,192.168.15.222:80:100,192.168.10.225:80:100,192.168.15.64:80:100,192.168.19.159:80:100,192.168.34.197:80:100,192.168.11.250:80:100,192.168.22.18:80:100,192.168.30.37:80:100,192.168.18.24:80:100,192.168.38.206:80:100,192.168.10.211:80:100,192.168.17.148:80:100,192.168.34.238:80:100,192.168.53.95:80:100,192.168.33.231:80:100,192.168.11.45:80:100,192.168.14.166:80:100,192.168.29.141:80:100,192.168.45.99:80:100,192.168.38.56:80:100,192.168.13.205:80:100,192.168.22.50:80:100,192.168.7.243:80:100,192.168.33.85:80:100,192.168.13.223:80:100,192.168.22.187:80:100,192.168.18.79:80:100,192.168.10.75:80:100,192.168.42.31:80:100,192.168.43.221:80:100,192.168.5.31:80:100,192.168.57.152:80:100,192.168.58.15:80:100,192.168.41.108:80:100,192.168.31.94:80:100,192.168.50.8:80:100,192.168.33.210:80:100,192.168.34.160:80:100,192.168.27.34:80:100,192.168.42.9:80:100,192.168.46.78:80:100,192.168.59.225:80:100,192.168.26.191:80:100,192.168.15.182:80:100,192.168.9.243:80:100,192.168.21.71:80:100,192.168.33.33:80:100,192.168.41.28:80:100,192.168.29.38:80:100,192.168.45.178:80:100,192.168.13.208:80:100,192.168.13.129:80:100,192.168.47.134:80:100,192.168.43.9:80:100,192.168.59.64:80:100,192.168.46.22:80:100,192.168.51.15:80:100,192.168.10.112:80:100,192.168.15.13:80:100,192.168.33.149:80:100,192.168.55.222:80:100,192.168.3.53:80:100,192.168.31.41:80:100,192.168.41.99:80:100,192.168.37.31:80:100,192.168.49.162:80:100,192.168.50.113:80:100,192.168.2.173:80:100,192.168.18.87:80:100,192.168.3.20:80:100,192.168.46.229:80:100,192.168.31.254:80:100,192.168.17.7:80:100,192.168.7.212:80:100,192.168.6.106:80:100,192.168.17.160:80:100,192.168.59.212:80:100,192.168.7.29:80:100,192.168.58.202:80:100,192.168.46.227:80:100,192.168.1.46:80:100,192.168.50.226:80:100,192.168.26.5:80:100,192.168.59.15:80:100,192.168.51.148:80:100,192.168.26.62:80:100,192.168.50.242:80:100,192.168.35.36:80:100,192.168.47.245:80:100,192.168.49.30:80:100,192.168.11.249:80:100,192.168.17.251:80:100,192.168.29.65:80:100,192.168.11.106:80:100,192.168.46.9:80:100,192.168.37.185:80:100,192.168.21.183:80:100,192.168.31.220:80:100,192.168.15.2:80:100,192.168.18.103:80:100,192.168.51.13:80:100,192.168.17.129:80:100,192.168.34.25:80:100,192.168.38.242:80:100,192.168.47.5:80:100,192.168.13.11:80:100,192.168.33.180:80:100,192.168.37.226:80:100,192.168.3.124:80:100,192.168.35.190:80:100,192.168.30.96:80:100,192.168.29.99:80:100,192.168.55.58:80:100,192.168.13.111:80:100,192.168.42.161:80:100,192.168.14.182:80:100,192.168.21.68:80:100,192.168.6.74:80:100,192.168.59.132:80:100,192.168.13.7:80:100,192.168.39.217:80:100,192.168.39.124:80:100,192.168.21.144:80:100,192.168.58.240:80:100,192.168.21.166:80:100,192.168.3.114:80:100,192.168.53.186:80:100,192.168.42.234:80:100,192.168.17.42:80:100,192.168.33.236:80:100,192.168.43.217:80:100,192.168.50.5:80:100,192.168.58.125:80:100,192.168.7.75:80:100,192.168.3.83:80:100,192.168.21.155:80:100,192.168.43.136:80:100,192.168.1.186:80:100,192.168.39.188:80:100,192.168.17.70:80:100,192.168.58.46:80:100,192.168.18.128:80:100,192.168.15.45:80:100,192.168.41.68:80:100,192.168.15.17:80:100,192.168.43.233:80:100,192.168.42.125:80:100,192.168.45.132:80:100,192.168.17.76:80:100,192.168.22.176:80:100,192.168.17.104:80:100,192.168.33.57:80:100,192.168.29.167:80:100,192.168.50.243:80:100,192.168.38.61:80:100,192.168.14.249:80:100,192.168.35.186:80:100,192.168.31.228:80:100,192.168.29.67:80:100,192.168.13.180:80:100,192.168.33.41:80:100", + "vip":"192.168.101.132" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.196:80:100,192.168.53.193:80:100,192.168.47.97:80:100,192.168.47.233:80:100,192.168.9.179:80:100,192.168.15.29:80:100,192.168.53.143:80:100,192.168.15.142:80:100,192.168.13.111:80:100,192.168.59.242:80:100,192.168.14.61:80:100,192.168.49.92:80:100,192.168.2.223:80:100,192.168.46.203:80:100,192.168.35.168:80:100", + "vip":"192.168.101.32" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.253:80:100,192.168.19.37:80:100,192.168.1.192:80:100,192.168.10.138:80:100,192.168.23.110:80:100,192.168.19.216:80:100,192.168.29.177:80:100", + "vip":"111.13.235.148" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.130:80:100,192.168.14.249:80:100,192.168.53.238:80:100,192.168.30.146:80:100,192.168.9.78:80:100,192.168.1.252:80:100,192.168.23.5:80:100,192.168.9.211:80:100,192.168.6.24:80:100,192.168.5.162:80:100,192.168.46.158:80:100,192.168.59.105:80:100,192.168.25.212:80:100,192.168.18.100:80:100,192.168.42.200:80:100,192.168.50.250:80:100,192.168.57.228:80:100,192.168.33.48:80:100", + "vip":"192.168.102.200" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.226:80:100,192.168.22.219:80:100,192.168.2.18:80:100", + "vip":"192.168.102.197" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.124:80:100,192.168.33.13:80:100,192.168.43.158:80:100,192.168.14.56:80:100,192.168.21.207:80:100,192.168.47.165:80:100,192.168.11.75:80:100,192.168.6.103:80:100,192.168.49.207:80:100", + "vip":"192.168.102.43" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.23:80:100,192.168.50.35:80:100,192.168.53.82:80:100,192.168.22.240:80:100", + "vip":"192.168.102.221" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.76:80:100,192.168.2.40:80:100,192.168.51.116:80:100", + "vip":"111.13.235.159" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.161:80:100,192.168.49.62:80:100,192.168.22.89:80:100,192.168.35.91:80:100,192.168.39.138:80:100,192.168.34.244:80:100,192.168.2.135:80:100,192.168.33.87:80:100,192.168.10.144:80:100,192.168.15.120:80:100,192.168.3.194:80:100,192.168.45.222:80:100,192.168.54.253:80:100,192.168.29.198:80:100", + "vip":"192.168.102.75" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.26.74:80:100", + "vip":"111.13.235.193" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.58:80:100,192.168.58.222:80:100,192.168.7.32:80:100,192.168.2.8:80:100", + "vip":"192.168.101.218" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.239:80:100,192.168.46.249:80:100,192.168.23.104:80:100,192.168.23.170:80:100,192.168.45.185:80:100,192.168.38.170:80:100,192.168.7.103:80:100", + "vip":"192.168.101.187" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.41:80:100,192.168.59.215:80:100,192.168.54.176:80:100,192.168.38.24:80:100,192.168.29.83:80:100,192.168.23.162:80:100,192.168.11.12:80:100,192.168.42.116:80:100,192.168.14.214:80:100,192.168.22.90:80:100,192.168.47.96:80:100,192.168.3.231:80:100,192.168.25.156:80:100,192.168.5.5:80:100,192.168.14.250:80:100,192.168.59.168:80:100,192.168.27.71:80:100,192.168.31.251:80:100,192.168.55.179:80:100,192.168.2.51:80:100,192.168.33.57:80:100,192.168.35.253:80:100,192.168.29.39:80:100,192.168.7.66:80:100,192.168.59.37:80:100,192.168.33.42:80:100,192.168.23.145:80:100,192.168.46.98:80:100,192.168.43.52:80:100,192.168.14.191:80:100,192.168.13.231:80:100,192.168.51.160:80:100,192.168.2.53:80:100", + "vip":"192.168.102.206" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.235:80:100", + "vip":"192.168.102.86" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.9:80:100,192.168.50.73:80:100,192.168.10.147:80:100,192.168.26.148:80:100", + "vip":"192.168.102.186" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.6:80:100,192.168.18.190:80:100,192.168.2.20:80:100,192.168.55.90:80:100,192.168.42.10:80:100,192.168.50.109:80:100,192.168.15.130:80:100,192.168.13.136:80:100,192.168.9.1:80:100,192.168.7.167:80:100,192.168.37.72:80:100,192.168.14.184:80:100,192.168.1.160:80:100,192.168.19.98:80:100,192.168.22.90:80:100,192.168.43.62:80:100,192.168.38.212:80:100", + "vip":"192.168.102.116" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.95:80:100,192.168.55.28:80:100,192.168.33.187:80:100", + "vip":"111.13.235.151" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.212:80:100,192.168.37.223:80:100,192.168.42.166:80:100,192.168.50.63:80:100", + "vip":"192.168.101.100" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.8:80:100,192.168.27.101:80:100,192.168.45.92:80:100,192.168.45.136:80:100,192.168.27.133:80:100,192.168.31.156:80:100,192.168.25.99:80:100,192.168.15.231:80:100", + "vip":"192.168.101.224" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.98:80:100,192.168.15.71:80:100,192.168.58.115:80:100", + "vip":"192.168.102.174" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.19:80:100", + "vip":"111.13.235.115" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.15:80:100,192.168.25.48:80:100,192.168.15.243:80:100,192.168.54.57:80:100,192.168.43.116:80:100,192.168.54.188:80:100,192.168.59.149:80:100,192.168.26.81:80:100,192.168.13.230:80:100,192.168.19.12:80:100,192.168.23.201:80:100,192.168.54.2:80:100", + "vip":"192.168.101.92" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.232:80:100,192.168.25.241:80:100,192.168.34.204:80:100,192.168.51.237:80:100,192.168.30.246:80:100,192.168.2.68:80:100,192.168.3.134:80:100", + "vip":"111.13.235.171" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.245:80:100,192.168.43.131:80:100,192.168.42.221:80:100,192.168.17.58:80:100,192.168.46.32:80:100,192.168.6.21:80:100,192.168.33.6:80:100,192.168.15.26:80:100,192.168.55.130:80:100,192.168.53.203:80:100,192.168.31.192:80:100,192.168.34.235:80:100,192.168.43.183:80:100,192.168.17.156:80:100,192.168.3.48:80:100", + "vip":"111.13.235.215" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.24:80:100,192.168.49.194:80:100,192.168.53.161:80:100,192.168.51.108:80:100,192.168.17.27:80:100,192.168.13.169:80:100,192.168.5.193:80:100,192.168.1.115:80:100", + "vip":"192.168.102.232" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.127:80:100,192.168.47.29:80:100,192.168.54.179:80:100,192.168.50.80:80:100", + "vip":"192.168.101.230" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.139:80:100,192.168.18.206:80:100,192.168.55.223:80:100,192.168.41.216:80:100,192.168.38.19:80:100,192.168.54.53:80:100,192.168.23.198:80:100,192.168.50.220:80:100", + "vip":"192.168.102.24" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.1:80:100,192.168.30.214:80:100", + "vip":"192.168.102.180" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.147:80:100,192.168.38.133:80:100,192.168.1.87:80:100,192.168.55.77:80:100,192.168.41.10:80:100,192.168.27.42:80:100,192.168.7.57:80:100,192.168.1.176:80:100,192.168.31.14:80:100,192.168.49.155:80:100,192.168.29.147:80:100,192.168.13.104:80:100", + "vip":"192.168.101.52" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.87:80:100,192.168.30.235:80:100,192.168.39.83:80:100", + "vip":"111.13.235.207" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.111:80:100", + "vip":"192.168.101.214" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.1:80:100,192.168.15.169:80:100,192.168.38.161:80:100,192.168.29.188:80:100,192.168.15.58:80:100,192.168.11.173:80:100,192.168.37.21:80:100,192.168.9.245:80:100", + "vip":"111.13.235.234" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.209:80:100,192.168.15.201:80:100,192.168.46.232:80:100,192.168.25.133:80:100,192.168.35.213:80:100,192.168.27.163:80:100,192.168.1.249:80:100,192.168.37.152:80:100", + "vip":"192.168.101.44" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.41:80:100,192.168.37.177:80:100,192.168.9.59:80:100,192.168.43.86:80:100,192.168.50.171:80:100,192.168.13.174:80:100,192.168.13.68:80:100,192.168.54.180:80:100,192.168.10.196:80:100,192.168.21.247:80:100,192.168.25.79:80:100,192.168.19.12:80:100,192.168.54.199:80:100,192.168.18.142:80:100,192.168.15.202:80:100,192.168.19.228:80:100,192.168.49.68:80:100,192.168.17.63:80:100,192.168.43.108:80:100,192.168.33.106:80:100,192.168.23.201:80:100,192.168.1.99:80:100", + "vip":"192.168.101.127" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.85:80:100,192.168.18.107:80:100,192.168.2.35:80:100,192.168.39.77:80:100,192.168.1.204:80:100", + "vip":"111.13.235.150" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.126:80:100,192.168.2.246:80:100,192.168.19.120:80:100,192.168.45.40:80:100,192.168.34.198:80:100,192.168.54.222:80:100,192.168.21.221:80:100,192.168.47.51:80:100,192.168.15.126:80:100,192.168.35.207:80:100,192.168.51.150:80:100,192.168.37.221:80:100", + "vip":"192.168.102.230" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.93:80:100,192.168.1.201:80:100", + "vip":"192.168.102.39" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.218:80:100,192.168.51.29:80:100,192.168.2.212:80:100", + "vip":"111.13.235.147" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.122:80:100,192.168.54.183:80:100,192.168.19.167:80:100,192.168.53.94:80:100,192.168.39.3:80:100,192.168.21.150:80:100,192.168.31.124:80:100,192.168.58.166:80:100", + "vip":"192.168.102.223" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.191:80:100,192.168.26.45:80:100,192.168.2.31:80:100", + "vip":"192.168.101.129" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.231:80:100,192.168.26.86:80:100,192.168.33.166:80:100,192.168.15.10:80:100,192.168.59.79:80:100,192.168.29.136:80:100", + "vip":"192.168.102.23" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.100:80:100,192.168.57.30:80:100", + "vip":"111.13.235.98" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.159:80:100,192.168.9.168:80:100,192.168.53.15:80:100,192.168.47.174:80:100", + "vip":"192.168.102.90" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.193:80:100,192.168.45.211:80:100,192.168.18.209:80:100,192.168.30.45:80:100,192.168.50.194:80:100", + "vip":"192.168.102.250" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.1:80:100,192.168.5.72:80:100,192.168.25.202:80:100,192.168.38.209:80:100,192.168.50.120:80:100,192.168.26.64:80:100,192.168.27.150:80:100,192.168.27.5:80:100,192.168.46.137:80:100,192.168.50.53:80:100,192.168.53.117:80:100,192.168.47.237:80:100,192.168.10.235:80:100,192.168.21.179:80:100,192.168.55.151:80:100,192.168.7.158:80:100,192.168.18.100:80:100,192.168.25.215:80:100,192.168.46.122:80:100", + "vip":"192.168.102.83" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.119:80:100,192.168.33.251:80:100,192.168.19.209:80:100,192.168.51.235:80:100,192.168.18.2:80:100,192.168.27.20:80:100,192.168.39.211:80:100,192.168.59.186:80:100,192.168.41.107:80:100,192.168.22.136:80:100,192.168.51.65:80:100,192.168.37.151:80:100,192.168.14.151:80:100,192.168.2.49:80:100,192.168.59.217:80:100,192.168.22.36:80:100,192.168.6.30:80:100,192.168.54.102:80:100,192.168.38.43:80:100,192.168.35.39:80:100,192.168.57.92:80:100,192.168.37.241:80:100,192.168.51.25:80:100,192.168.5.142:80:100,192.168.42.14:80:100,192.168.46.191:80:100", + "vip":"111.13.235.169" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.168:80:100,192.168.3.67:80:100,192.168.17.236:80:100,192.168.39.163:80:100,192.168.42.215:80:100,192.168.31.104:80:100,192.168.18.186:80:100,192.168.9.99:80:100,192.168.17.116:80:100", + "vip":"111.13.235.86" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.239:80:100,192.168.53.218:80:100,192.168.22.254:80:100,192.168.3.3:80:100,192.168.49.52:80:100", + "vip":"111.13.235.91" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.139:80:100,192.168.15.87:80:100", + "vip":"192.168.101.223" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.218:80:100,192.168.21.122:80:100,192.168.18.125:80:100,192.168.49.157:80:100,192.168.13.243:80:100,192.168.31.15:80:100,192.168.49.72:80:100", + "vip":"111.13.235.75" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.55:80:100,192.168.43.158:80:100,192.168.55.141:80:100,192.168.10.69:80:100,192.168.57.214:80:100,192.168.1.170:80:100,192.168.50.25:80:100,192.168.1.80:80:100,192.168.34.15:80:100", + "vip":"192.168.101.28" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.7:80:100,192.168.10.189:80:100,192.168.22.29:80:100,192.168.35.73:80:100,192.168.35.54:80:100,192.168.22.63:80:100,192.168.31.99:80:100", + "vip":"192.168.101.9" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.254:80:100,192.168.7.6:80:100,192.168.41.19:80:100,192.168.57.194:80:100,192.168.27.186:80:100", + "vip":"111.13.235.94" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.253:80:100,192.168.37.196:80:100,192.168.35.12:80:100,192.168.50.14:80:100,192.168.14.145:80:100,192.168.59.47:80:100,192.168.30.53:80:100,192.168.50.30:80:100,192.168.54.59:80:100,192.168.41.166:80:100,192.168.2.81:80:100,192.168.3.50:80:100,192.168.31.24:80:100,192.168.22.153:80:100,192.168.31.34:80:100,192.168.18.195:80:100,192.168.59.135:80:100,192.168.30.177:80:100,192.168.9.218:80:100,192.168.1.240:80:100,192.168.27.198:80:100,192.168.10.49:80:100,192.168.27.29:80:100,192.168.2.160:80:100,192.168.27.22:80:100,192.168.42.136:80:100,192.168.51.78:80:100,192.168.21.140:80:100,192.168.23.72:80:100,192.168.10.164:80:100,192.168.38.238:80:100,192.168.58.239:80:100,192.168.46.163:80:100,192.168.27.106:80:100,192.168.14.224:80:100,192.168.49.182:80:100,192.168.29.100:80:100,192.168.42.43:80:100,192.168.27.234:80:100,192.168.43.194:80:100,192.168.5.105:80:100,192.168.55.196:80:100,192.168.29.42:80:100,192.168.33.118:80:100,192.168.45.138:80:100,192.168.5.151:80:100,192.168.53.203:80:100,192.168.37.124:80:100,192.168.11.178:80:100,192.168.2.34:80:100,192.168.43.215:80:100,192.168.41.189:80:100,192.168.39.199:80:100,192.168.11.23:80:100,192.168.45.103:80:100,192.168.43.240:80:100,192.168.5.143:80:100,192.168.54.235:80:100,192.168.46.172:80:100,192.168.37.48:80:100,192.168.30.146:80:100,192.168.45.215:80:100,192.168.33.150:80:100,192.168.18.125:80:100,192.168.19.187:80:100,192.168.53.13:80:100,192.168.49.27:80:100,192.168.15.44:80:100,192.168.37.219:80:100,192.168.37.227:80:100,192.168.37.242:80:100,192.168.26.22:80:100,192.168.23.160:80:100,192.168.7.247:80:100,192.168.53.204:80:100,192.168.27.217:80:100,192.168.14.250:80:100,192.168.49.38:80:100,192.168.30.171:80:100,192.168.53.59:80:100,192.168.54.108:80:100,192.168.34.122:80:100,192.168.10.158:80:100,192.168.38.51:80:100,192.168.7.99:80:100,192.168.23.2:80:100,192.168.54.42:80:100,192.168.35.111:80:100,192.168.2.176:80:100,192.168.5.205:80:100,192.168.43.144:80:100,192.168.29.104:80:100,192.168.38.116:80:100,192.168.33.194:80:100,192.168.3.187:80:100,192.168.22.167:80:100,192.168.45.147:80:100,192.168.7.83:80:100,192.168.17.124:80:100,192.168.53.154:80:100,192.168.7.223:80:100,192.168.21.128:80:100,192.168.2.139:80:100,192.168.50.191:80:100,192.168.30.52:80:100,192.168.39.80:80:100,192.168.37.77:80:100,192.168.42.30:80:100,192.168.31.130:80:100,192.168.51.48:80:100,192.168.47.163:80:100,192.168.10.85:80:100,192.168.14.75:80:100,192.168.38.22:80:100,192.168.14.23:80:100,192.168.46.198:80:100,192.168.3.104:80:100,192.168.14.2:80:100,192.168.34.79:80:100,192.168.14.118:80:100,192.168.37.28:80:100,192.168.31.81:80:100,192.168.39.238:80:100,192.168.23.212:80:100,192.168.22.192:80:100,192.168.51.123:80:100,192.168.15.87:80:100,192.168.57.180:80:100,192.168.10.13:80:100,192.168.21.233:80:100,192.168.26.157:80:100,192.168.58.98:80:100,192.168.41.162:80:100,192.168.3.225:80:100,192.168.58.42:80:100,192.168.43.95:80:100,192.168.33.84:80:100,192.168.7.16:80:100,192.168.42.133:80:100,192.168.13.155:80:100,192.168.17.117:80:100,192.168.34.242:80:100,192.168.47.22:80:100,192.168.3.3:80:100,192.168.10.60:80:100,192.168.9.196:80:100,192.168.59.11:80:100,192.168.57.193:80:100,192.168.55.203:80:100,192.168.25.102:80:100,192.168.19.52:80:100,192.168.26.116:80:100,192.168.55.248:80:100,192.168.18.2:80:100,192.168.35.208:80:100,192.168.26.23:80:100,192.168.46.11:80:100,192.168.45.126:80:100,192.168.47.116:80:100,192.168.15.142:80:100,192.168.21.6:80:100,192.168.42.233:80:100,192.168.55.81:80:100,192.168.15.227:80:100,192.168.10.33:80:100,192.168.54.137:80:100,192.168.3.111:80:100,192.168.17.157:80:100,192.168.57.134:80:100,192.168.53.99:80:100,192.168.53.52:80:100,192.168.11.174:80:100,192.168.23.108:80:100,192.168.39.36:80:100,192.168.33.140:80:100,192.168.55.218:80:100,192.168.42.155:80:100,192.168.59.75:80:100,192.168.19.178:80:100,192.168.42.24:80:100,192.168.7.177:80:100,192.168.42.115:80:100,192.168.17.125:80:100,192.168.45.87:80:100", + "vip":"192.168.102.25" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.249:80:100,192.168.22.210:80:100,192.168.58.134:80:100,192.168.51.45:80:100,192.168.33.155:80:100,192.168.15.11:80:100,192.168.31.209:80:100,192.168.38.79:80:100,192.168.14.46:80:100", + "vip":"192.168.101.90" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.65:80:100,192.168.39.63:80:100,192.168.25.190:80:100", + "vip":"111.13.235.77" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.57.107:80:100,192.168.41.105:80:100,192.168.29.156:80:100,192.168.53.29:80:100,192.168.11.47:80:100,192.168.51.126:80:100,192.168.7.2:80:100,192.168.49.83:80:100,192.168.15.53:80:100,192.168.19.167:80:100,192.168.31.116:80:100,192.168.18.78:80:100,192.168.37.89:80:100", + "vip":"192.168.101.170" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.34:80:100,192.168.34.194:80:100", + "vip":"192.168.101.118" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.38:80:100,192.168.53.247:80:100", + "vip":"192.168.102.52" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.19:80:100,192.168.21.108:80:100,192.168.18.199:80:100", + "vip":"192.168.101.75" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.185:80:100", + "vip":"192.168.101.185" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.172:80:100,192.168.51.243:80:100", + "vip":"192.168.102.103" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.127:80:100,192.168.15.42:80:100,192.168.46.211:80:100,192.168.21.139:80:100,192.168.45.77:80:100,192.168.23.239:80:100,192.168.31.146:80:100,192.168.7.242:80:100,192.168.7.59:80:100,192.168.10.93:80:100,192.168.29.222:80:100,192.168.5.185:80:100,192.168.43.219:80:100,192.168.1.2:80:100,192.168.37.78:80:100,192.168.15.115:80:100,192.168.3.146:80:100,192.168.45.240:80:100,192.168.2.130:80:100,192.168.31.217:80:100,192.168.31.152:80:100,192.168.57.234:80:100,192.168.35.207:80:100,192.168.17.156:80:100,192.168.46.49:80:100,192.168.37.97:80:100,192.168.45.192:80:100,192.168.41.245:80:100,192.168.49.248:80:100,192.168.13.198:80:100,192.168.19.231:80:100,192.168.54.174:80:100,192.168.2.155:80:100,192.168.55.209:80:100,192.168.31.10:80:100,192.168.47.139:80:100,192.168.59.62:80:100,192.168.33.208:80:100,192.168.6.73:80:100,192.168.21.7:80:100,192.168.58.201:80:100,192.168.35.230:80:100,192.168.3.102:80:100,192.168.27.100:80:100,192.168.29.180:80:100,192.168.35.166:80:100,192.168.7.5:80:100,192.168.1.7:80:100,192.168.31.149:80:100,192.168.37.66:80:100,192.168.41.35:80:100,192.168.15.197:80:100,192.168.47.148:80:100,192.168.10.213:80:100,192.168.10.229:80:100,192.168.35.183:80:100,192.168.6.108:80:100,192.168.15.204:80:100,192.168.47.74:80:100,192.168.26.179:80:100,192.168.18.218:80:100,192.168.37.42:80:100,192.168.38.179:80:100,192.168.39.105:80:100,192.168.14.47:80:100,192.168.26.212:80:100,192.168.30.245:80:100,192.168.41.100:80:100,192.168.49.10:80:100,192.168.19.131:80:100,192.168.30.209:80:100,192.168.7.88:80:100,192.168.54.201:80:100,192.168.7.157:80:100,192.168.26.211:80:100,192.168.59.2:80:100,192.168.11.147:80:100,192.168.43.33:80:100,192.168.35.75:80:100,192.168.34.89:80:100,192.168.30.142:80:100,192.168.34.198:80:100,192.168.18.134:80:100,192.168.53.183:80:100,192.168.5.234:80:100,192.168.13.36:80:100,192.168.50.31:80:100,192.168.10.192:80:100,192.168.45.167:80:100,192.168.2.115:80:100,192.168.43.142:80:100,192.168.31.95:80:100,192.168.50.250:80:100,192.168.57.140:80:100,192.168.15.128:80:100,192.168.14.212:80:100,192.168.29.89:80:100,192.168.41.68:80:100,192.168.19.229:80:100,192.168.11.20:80:100,192.168.39.73:80:100,192.168.42.53:80:100,192.168.35.199:80:100,192.168.26.54:80:100,192.168.46.102:80:100,192.168.22.127:80:100,192.168.47.59:80:100,192.168.59.75:80:100,192.168.49.206:80:100,192.168.54.210:80:100,192.168.53.156:80:100,192.168.26.49:80:100,192.168.57.19:80:100", + "vip":"192.168.102.71" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.140:80:100,192.168.23.173:80:100,192.168.9.167:80:100,192.168.59.48:80:100", + "vip":"192.168.102.84" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.222:80:100,192.168.2.135:80:100,192.168.25.177:80:100,192.168.49.75:80:100", + "vip":"192.168.101.21" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.228:80:100,192.168.18.2:80:100,192.168.59.179:80:100", + "vip":"111.13.235.158" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.199:80:100", + "vip":"111.13.235.178" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.68:80:100,192.168.34.228:80:100,192.168.42.40:80:100,192.168.18.68:80:100,192.168.7.162:80:100,192.168.27.164:80:100,192.168.18.207:80:100,192.168.10.187:80:100,192.168.18.148:80:100,192.168.59.99:80:100,192.168.30.165:80:100,192.168.35.103:80:100,192.168.47.160:80:100,192.168.31.59:80:100,192.168.59.146:80:100,192.168.15.19:80:100,192.168.58.224:80:100", + "vip":"192.168.102.181" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.147:80:100,192.168.13.104:80:100,192.168.11.39:80:100,192.168.10.192:80:100", + "vip":"192.168.102.79" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.60:80:100,192.168.38.254:80:100", + "vip":"192.168.101.137" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.82:80:100", + "vip":"192.168.102.133" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.60:80:100,192.168.21.111:80:100,192.168.21.87:80:100,192.168.34.24:80:100,192.168.41.184:80:100,192.168.33.56:80:100,192.168.5.196:80:100,192.168.6.97:80:100,192.168.33.86:80:100,192.168.14.179:80:100,192.168.55.187:80:100,192.168.42.19:80:100,192.168.31.182:80:100,192.168.59.92:80:100,192.168.35.7:80:100,192.168.38.7:80:100", + "vip":"192.168.102.203" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.199:80:100,192.168.57.203:80:100,192.168.15.54:80:100,192.168.6.136:80:100", + "vip":"192.168.102.113" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.199:80:100,192.168.14.55:80:100,192.168.5.231:80:100,192.168.29.5:80:100", + "vip":"192.168.102.162" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.100:80:100", + "vip":"192.168.102.157" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.217:80:100,192.168.39.126:80:100", + "vip":"192.168.101.221" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.81:80:100,192.168.23.243:80:100,192.168.37.52:80:100,192.168.27.221:80:100", + "vip":"192.168.102.238" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.10:80:100,192.168.15.103:80:100", + "vip":"111.13.235.92" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.215:80:100,192.168.45.103:80:100,192.168.9.40:80:100,192.168.15.108:80:100,192.168.33.39:80:100,192.168.11.79:80:100,192.168.18.50:80:100", + "vip":"192.168.101.163" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.137:80:100,192.168.58.63:80:100,192.168.21.174:80:100,192.168.1.185:80:100,192.168.3.222:80:100,192.168.5.118:80:100", + "vip":"192.168.101.212" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.175:80:100,192.168.17.189:80:100,192.168.43.130:80:100,192.168.2.61:80:100", + "vip":"192.168.101.46" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.172:80:100,192.168.5.91:80:100,192.168.10.200:80:100,192.168.58.207:80:100,192.168.26.167:80:100,192.168.33.106:80:100,192.168.46.65:80:100,192.168.19.53:80:100,192.168.9.17:80:100,192.168.29.55:80:100,192.168.5.16:80:100,192.168.37.214:80:100,192.168.18.96:80:100", + "vip":"192.168.101.33" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.66:80:100", + "vip":"192.168.101.12" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.235:80:100,192.168.43.208:80:100,192.168.58.131:80:100,192.168.29.107:80:100,192.168.18.9:80:100,192.168.57.84:80:100,192.168.39.113:80:100,192.168.9.63:80:100,192.168.14.185:80:100,192.168.9.2:80:100,192.168.58.36:80:100,192.168.38.237:80:100,192.168.7.32:80:100,192.168.58.52:80:100,192.168.3.79:80:100,192.168.18.60:80:100,192.168.19.56:80:100,192.168.25.49:80:100,192.168.59.109:80:100,192.168.59.112:80:100,192.168.2.14:80:100,192.168.22.195:80:100,192.168.25.200:80:100,192.168.30.122:80:100,192.168.35.129:80:100,192.168.49.204:80:100,192.168.35.52:80:100,192.168.53.169:80:100,192.168.38.153:80:100,192.168.13.194:80:100,192.168.42.249:80:100,192.168.29.177:80:100", + "vip":"111.13.235.145" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.100:80:100,192.168.29.117:80:100,192.168.54.191:80:100,192.168.34.199:80:100,192.168.29.55:80:100,192.168.33.66:80:100,192.168.53.10:80:100", + "vip":"192.168.102.21" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.236:80:100", + "vip":"192.168.101.239" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.100:80:100,192.168.30.49:80:100,192.168.30.246:80:100,192.168.58.71:80:100,192.168.57.241:80:100,192.168.51.87:80:100,192.168.18.7:80:100,192.168.10.209:80:100,192.168.10.127:80:100,192.168.47.72:80:100,192.168.29.181:80:100,192.168.46.249:80:100,192.168.2.165:80:100,192.168.43.84:80:100,192.168.3.7:80:100,192.168.31.87:80:100,192.168.59.41:80:100,192.168.15.23:80:100,192.168.19.147:80:100,192.168.6.86:80:100,192.168.34.253:80:100,192.168.13.97:80:100,192.168.22.112:80:100,192.168.7.215:80:100,192.168.6.28:80:100,192.168.25.181:80:100,192.168.45.54:80:100,192.168.41.53:80:100,192.168.43.210:80:100,192.168.47.57:80:100,192.168.21.200:80:100,192.168.15.26:80:100,192.168.13.148:80:100,192.168.39.125:80:100,192.168.17.82:80:100,192.168.41.31:80:100,192.168.25.42:80:100,192.168.1.79:80:100,192.168.13.38:80:100,192.168.33.5:80:100,192.168.57.29:80:100,192.168.9.66:80:100,192.168.39.79:80:100,192.168.5.143:80:100,192.168.13.116:80:100,192.168.34.214:80:100,192.168.38.190:80:100,192.168.54.177:80:100,192.168.1.9:80:100,192.168.46.56:80:100,192.168.41.58:80:100,192.168.43.86:80:100,192.168.33.116:80:100,192.168.26.39:80:100,192.168.5.73:80:100,192.168.3.140:80:100,192.168.58.231:80:100,192.168.10.1:80:100,192.168.3.79:80:100,192.168.50.89:80:100,192.168.43.177:80:100,192.168.5.210:80:100,192.168.25.211:80:100,192.168.50.187:80:100,192.168.26.196:80:100,192.168.33.211:80:100,192.168.1.170:80:100,192.168.26.222:80:100,192.168.31.91:80:100,192.168.50.70:80:100,192.168.42.49:80:100,192.168.42.139:80:100,192.168.53.90:80:100,192.168.17.134:80:100,192.168.19.9:80:100,192.168.47.146:80:100,192.168.10.36:80:100,192.168.3.187:80:100,192.168.21.192:80:100,192.168.7.186:80:100,192.168.30.94:80:100,192.168.59.174:80:100,192.168.43.120:80:100,192.168.15.71:80:100,192.168.42.195:80:100,192.168.13.85:80:100,192.168.10.8:80:100,192.168.18.17:80:100,192.168.50.235:80:100,192.168.35.5:80:100,192.168.25.103:80:100,192.168.9.225:80:100,192.168.53.142:80:100,192.168.38.123:80:100,192.168.13.17:80:100,192.168.31.252:80:100,192.168.5.165:80:100,192.168.29.217:80:100,192.168.58.197:80:100,192.168.46.144:80:100,192.168.46.208:80:100,192.168.27.250:80:100,192.168.26.120:80:100,192.168.13.254:80:100,192.168.42.62:80:100,192.168.6.236:80:100,192.168.54.129:80:100,192.168.34.129:80:100,192.168.19.96:80:100,192.168.27.218:80:100,192.168.42.133:80:100,192.168.3.201:80:100,192.168.13.30:80:100,192.168.22.128:80:100,192.168.55.58:80:100,192.168.33.126:80:100,192.168.47.92:80:100,192.168.23.216:80:100,192.168.53.189:80:100,192.168.38.198:80:100,192.168.29.85:80:100,192.168.9.217:80:100,192.168.35.25:80:100,192.168.14.17:80:100,192.168.6.193:80:100,192.168.43.96:80:100,192.168.47.76:80:100,192.168.10.51:80:100,192.168.38.143:80:100,192.168.43.122:80:100,192.168.23.214:80:100,192.168.43.47:80:100,192.168.37.210:80:100,192.168.3.186:80:100,192.168.13.175:80:100,192.168.5.29:80:100,192.168.59.192:80:100,192.168.7.109:80:100,192.168.46.233:80:100,192.168.51.54:80:100,192.168.43.79:80:100,192.168.57.226:80:100,192.168.3.162:80:100,192.168.41.162:80:100,192.168.43.166:80:100,192.168.37.77:80:100,192.168.50.233:80:100,192.168.11.78:80:100,192.168.31.139:80:100,192.168.54.182:80:100,192.168.25.194:80:100,192.168.27.184:80:100,192.168.15.105:80:100,192.168.46.226:80:100,192.168.25.163:80:100,192.168.29.135:80:100,192.168.57.57:80:100,192.168.41.165:80:100,192.168.21.236:80:100,192.168.57.189:80:100,192.168.27.213:80:100,192.168.13.33:80:100", + "vip":"192.168.102.66" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.157:80:100,192.168.47.130:80:100,192.168.31.63:80:100,192.168.21.167:80:100,192.168.19.124:80:100,192.168.47.111:80:100,192.168.3.157:80:100,192.168.39.21:80:100,192.168.25.142:80:100,192.168.33.175:80:100,192.168.22.83:80:100,192.168.22.247:80:100,192.168.18.168:80:100,192.168.39.68:80:100,192.168.31.111:80:100,192.168.5.129:80:100,192.168.51.34:80:100,192.168.13.109:80:100,192.168.58.32:80:100", + "vip":"111.13.235.255" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.136:80:100,192.168.46.173:80:100,192.168.10.243:80:100,192.168.55.137:80:100,192.168.15.55:80:100,192.168.42.136:80:100,192.168.34.17:80:100,192.168.6.207:80:100,192.168.46.4:80:100,192.168.57.156:80:100,192.168.38.232:80:100,192.168.10.81:80:100,192.168.58.63:80:100,192.168.9.218:80:100,192.168.47.142:80:100,192.168.46.14:80:100,192.168.13.89:80:100,192.168.57.94:80:100,192.168.31.145:80:100,192.168.43.133:80:100,192.168.26.175:80:100,192.168.2.130:80:100,192.168.33.26:80:100,192.168.27.157:80:100,192.168.6.92:80:100,192.168.23.183:80:100,192.168.49.88:80:100,192.168.33.176:80:100,192.168.5.120:80:100,192.168.27.234:80:100,192.168.57.22:80:100,192.168.22.132:80:100,192.168.34.3:80:100,192.168.19.107:80:100,192.168.50.57:80:100,192.168.42.185:80:100,192.168.6.126:80:100,192.168.13.99:80:100,192.168.53.222:80:100,192.168.3.65:80:100,192.168.22.143:80:100,192.168.19.4:80:100,192.168.49.149:80:100,192.168.42.134:80:100,192.168.41.105:80:100,192.168.27.103:80:100,192.168.21.30:80:100,192.168.11.227:80:100,192.168.10.245:80:100,192.168.41.49:80:100,192.168.14.147:80:100,192.168.41.154:80:100,192.168.41.104:80:100,192.168.43.177:80:100,192.168.55.141:80:100,192.168.29.180:80:100,192.168.13.157:80:100,192.168.27.162:80:100,192.168.5.66:80:100,192.168.41.8:80:100,192.168.54.68:80:100,192.168.45.229:80:100,192.168.43.55:80:100,192.168.14.83:80:100,192.168.27.199:80:100,192.168.37.231:80:100,192.168.2.6:80:100,192.168.5.106:80:100,192.168.37.133:80:100,192.168.53.7:80:100,192.168.6.251:80:100,192.168.49.40:80:100,192.168.26.6:80:100,192.168.55.139:80:100,192.168.25.249:80:100,192.168.18.9:80:100,192.168.27.144:80:100,192.168.54.41:80:100,192.168.49.179:80:100,192.168.53.15:80:100,192.168.35.163:80:100,192.168.23.170:80:100,192.168.9.48:80:100,192.168.38.15:80:100,192.168.5.165:80:100,192.168.59.74:80:100,192.168.7.164:80:100,192.168.27.28:80:100,192.168.51.182:80:100,192.168.18.120:80:100,192.168.39.84:80:100,192.168.15.228:80:100,192.168.34.210:80:100,192.168.13.130:80:100,192.168.31.43:80:100,192.168.22.225:80:100,192.168.2.182:80:100,192.168.26.9:80:100,192.168.10.80:80:100,192.168.26.158:80:100,192.168.51.43:80:100,192.168.23.9:80:100,192.168.3.101:80:100,192.168.53.12:80:100,192.168.2.63:80:100,192.168.13.184:80:100,192.168.25.7:80:100,192.168.50.250:80:100,192.168.47.195:80:100,192.168.35.108:80:100,192.168.55.226:80:100,192.168.58.163:80:100,192.168.15.242:80:100,192.168.29.5:80:100,192.168.37.226:80:100,192.168.9.128:80:100,192.168.22.42:80:100,192.168.5.169:80:100,192.168.25.252:80:100,192.168.23.16:80:100,192.168.29.82:80:100,192.168.55.199:80:100,192.168.45.82:80:100,192.168.39.155:80:100,192.168.45.235:80:100,192.168.50.63:80:100,192.168.11.165:80:100,192.168.31.216:80:100,192.168.17.214:80:100,192.168.10.124:80:100,192.168.30.120:80:100,192.168.6.29:80:100,192.168.50.22:80:100,192.168.22.248:80:100,192.168.31.237:80:100", + "vip":"192.168.101.171" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.26.118:80:100,192.168.43.183:80:100", + "vip":"111.13.235.121" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.148:80:100,192.168.21.125:80:100,192.168.13.157:80:100,192.168.51.202:80:100,192.168.22.103:80:100,192.168.34.10:80:100,192.168.51.167:80:100,192.168.13.113:80:100,192.168.39.155:80:100,192.168.34.170:80:100,192.168.49.6:80:100,192.168.26.70:80:100,192.168.21.36:80:100,192.168.17.180:80:100,192.168.11.103:80:100,192.168.6.188:80:100,192.168.55.7:80:100,192.168.25.41:80:100", + "vip":"192.168.102.120" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.78:80:100,192.168.2.101:80:100,192.168.47.151:80:100", + "vip":"192.168.102.57" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.135:80:100,192.168.9.157:80:100,192.168.57.36:80:100,192.168.33.11:80:100", + "vip":"192.168.102.81" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.229:80:100,192.168.50.176:80:100,192.168.49.166:80:100,192.168.30.88:80:100,192.168.42.3:80:100", + "vip":"192.168.102.252" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.90:80:100,192.168.5.105:80:100,192.168.57.151:80:100,192.168.45.189:80:100,192.168.38.154:80:100,192.168.22.76:80:100,192.168.47.110:80:100,192.168.5.143:80:100,192.168.54.3:80:100", + "vip":"192.168.102.220" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.94:80:100,192.168.25.32:80:100,192.168.15.178:80:100,192.168.5.166:80:100,192.168.29.24:80:100,192.168.29.70:80:100,192.168.23.40:80:100,192.168.2.231:80:100,192.168.37.129:80:100,192.168.14.175:80:100,192.168.3.111:80:100,192.168.35.96:80:100,192.168.1.226:80:100,192.168.49.151:80:100,192.168.7.93:80:100", + "vip":"111.13.235.140" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.40:80:100,192.168.5.225:80:100,192.168.37.250:80:100,192.168.19.128:80:100", + "vip":"192.168.102.134" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.26:80:100,192.168.22.225:80:100", + "vip":"192.168.102.73" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.26:80:100,192.168.37.228:80:100,192.168.23.206:80:100,192.168.49.50:80:100", + "vip":"111.13.235.250" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.38:80:100,192.168.47.128:80:100", + "vip":"192.168.101.246" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.217:80:100,192.168.35.163:80:100", + "vip":"111.13.235.123" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.62:80:100,192.168.47.49:80:100,192.168.34.37:80:100", + "vip":"111.13.235.112" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.245:80:100", + "vip":"192.168.102.20" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.94:80:100", + "vip":"192.168.101.248" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.247:80:100,192.168.25.152:80:100,192.168.33.229:80:100,192.168.21.240:80:100,192.168.47.240:80:100", + "vip":"192.168.102.122" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.212:80:100,192.168.47.84:80:100,192.168.38.34:80:100,192.168.59.204:80:100,192.168.41.150:80:100,192.168.43.20:80:100,192.168.33.142:80:100,192.168.14.33:80:100,192.168.19.156:80:100,192.168.37.8:80:100,192.168.59.9:80:100,192.168.57.190:80:100,192.168.49.19:80:100,192.168.38.158:80:100,192.168.15.92:80:100,192.168.54.87:80:100,192.168.53.239:80:100,192.168.13.135:80:100,192.168.43.75:80:100,192.168.37.62:80:100,192.168.31.126:80:100,192.168.45.65:80:100,192.168.54.73:80:100,192.168.54.45:80:100,192.168.17.109:80:100,192.168.47.86:80:100,192.168.53.89:80:100,192.168.45.109:80:100,192.168.41.230:80:100,192.168.5.191:80:100,192.168.18.119:80:100,192.168.41.107:80:100,192.168.26.204:80:100,192.168.55.95:80:100,192.168.2.124:80:100,192.168.27.46:80:100,192.168.9.8:80:100,192.168.33.101:80:100,192.168.29.225:80:100,192.168.25.23:80:100,192.168.26.38:80:100,192.168.39.58:80:100,192.168.31.162:80:100,192.168.30.50:80:100,192.168.7.174:80:100,192.168.14.70:80:100,192.168.7.94:80:100,192.168.15.97:80:100,192.168.21.162:80:100,192.168.54.4:80:100,192.168.41.171:80:100,192.168.7.156:80:100,192.168.57.44:80:100,192.168.42.74:80:100,192.168.51.164:80:100,192.168.46.22:80:100,192.168.7.35:80:100,192.168.2.184:80:100,192.168.43.202:80:100,192.168.46.77:80:100,192.168.49.161:80:100,192.168.13.144:80:100,192.168.13.192:80:100,192.168.3.58:80:100,192.168.51.245:80:100,192.168.2.110:80:100,192.168.13.187:80:100,192.168.29.151:80:100,192.168.29.229:80:100,192.168.21.207:80:100,192.168.45.206:80:100,192.168.29.236:80:100,192.168.13.104:80:100,192.168.17.89:80:100,192.168.33.31:80:100", + "vip":"192.168.102.192" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.216:80:100,192.168.2.161:80:100,192.168.21.147:80:100,192.168.33.221:80:100,192.168.6.145:80:100,192.168.18.23:80:100,192.168.1.215:80:100,192.168.46.250:80:100", + "vip":"192.168.101.41" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.124:80:100,192.168.37.236:80:100,192.168.41.101:80:100,192.168.7.65:80:100,192.168.54.127:80:100", + "vip":"192.168.101.166" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.201:80:100,192.168.31.62:80:100,192.168.29.128:80:100,192.168.43.34:80:100", + "vip":"192.168.102.131" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.25:80:100,192.168.1.112:80:100,192.168.11.48:80:100,192.168.34.58:80:100,192.168.37.109:80:100,192.168.2.245:80:100,192.168.29.131:80:100,192.168.45.75:80:100,192.168.57.125:80:100", + "vip":"192.168.102.179" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.245:80:100,192.168.19.60:80:100,192.168.2.72:80:100", + "vip":"192.168.101.124" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.123:80:100,192.168.6.204:80:100,192.168.59.110:80:100,192.168.58.30:80:100,192.168.29.147:80:100", + "vip":"192.168.101.43" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.31:80:100,192.168.17.201:80:100", + "vip":"192.168.101.210" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.22:80:100,192.168.19.30:80:100,192.168.49.189:80:100,192.168.41.211:80:100", + "vip":"192.168.101.152" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.17:80:100,192.168.1.127:80:100,192.168.27.126:80:100,192.168.59.253:80:100,192.168.5.59:80:100", + "vip":"192.168.101.145" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.58:80:100,192.168.27.110:80:100,192.168.22.50:80:100,192.168.47.226:80:100,192.168.26.162:80:100,192.168.11.135:80:100,192.168.46.108:80:100,192.168.2.228:80:100,192.168.59.130:80:100,192.168.41.110:80:100,192.168.25.73:80:100,192.168.17.45:80:100,192.168.13.182:80:100,192.168.33.168:80:100,192.168.43.50:80:100", + "vip":"192.168.101.160" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.190:80:100,192.168.18.233:80:100", + "vip":"192.168.101.151" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.214:80:100,192.168.27.216:80:100,192.168.33.60:80:100,192.168.31.138:80:100", + "vip":"192.168.101.219" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.19:80:100,192.168.26.33:80:100,192.168.26.171:80:100,192.168.7.129:80:100,192.168.27.85:80:100,192.168.13.200:80:100,192.168.11.71:80:100,192.168.55.25:80:100,192.168.53.15:80:100", + "vip":"192.168.101.23" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.90:80:100,192.168.9.126:80:100,192.168.34.56:80:100,192.168.50.167:80:100", + "vip":"192.168.102.229" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.5:80:100,192.168.1.87:80:100,192.168.15.20:80:100,192.168.49.252:80:100,192.168.53.13:80:100,192.168.38.8:80:100,192.168.13.171:80:100,192.168.54.224:80:100", + "vip":"111.13.235.146" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.150:80:100,192.168.49.24:80:100", + "vip":"111.13.235.231" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.229:80:100", + "vip":"192.168.102.111" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.175:80:100,192.168.11.184:80:100,192.168.11.18:80:100", + "vip":"111.13.235.200" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.171:80:100,192.168.29.97:80:100", + "vip":"192.168.102.160" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.195:80:100,192.168.11.234:80:100,192.168.1.239:80:100,192.168.43.185:80:100", + "vip":"111.13.235.168" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.97:80:100,192.168.41.204:80:100,192.168.6.109:80:100,192.168.10.125:80:100,192.168.6.239:80:100,192.168.2.224:80:100,192.168.2.233:80:100,192.168.1.138:80:100,192.168.17.60:80:100", + "vip":"192.168.102.155" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.219:80:100,192.168.3.97:80:100,192.168.43.3:80:100,192.168.55.113:80:100", + "vip":"111.13.235.162" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.112:80:100,192.168.59.153:80:100,192.168.41.164:80:100,192.168.35.57:80:100,192.168.27.190:80:100,192.168.2.222:80:100", + "vip":"192.168.102.16" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.163:80:100,192.168.6.167:80:100,192.168.22.13:80:100,192.168.57.123:80:100,192.168.55.75:80:100,192.168.38.71:80:100,192.168.31.172:80:100", + "vip":"192.168.102.212" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.11:80:100,192.168.42.155:80:100,192.168.2.6:80:100,192.168.1.196:80:100", + "vip":"192.168.101.3" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.37:80:100,192.168.1.114:80:100,192.168.31.77:80:100,192.168.59.68:80:100,192.168.27.232:80:100,192.168.3.25:80:100,192.168.43.134:80:100,192.168.35.149:80:100", + "vip":"111.13.235.202" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.222:80:100", + "vip":"192.168.101.156" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.125:80:100,192.168.25.159:80:100,192.168.17.242:80:100", + "vip":"192.168.101.88" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.34:80:100,192.168.50.101:80:100,192.168.47.249:80:100,192.168.34.250:80:100,192.168.21.32:80:100,192.168.51.196:80:100,192.168.31.156:80:100,192.168.19.42:80:100,192.168.45.15:80:100,192.168.25.68:80:100,192.168.54.31:80:100,192.168.2.59:80:100,192.168.37.107:80:100,192.168.26.127:80:100,192.168.25.233:80:100,192.168.34.27:80:100,192.168.46.122:80:100,192.168.23.252:80:100,192.168.41.130:80:100,192.168.35.41:80:100,192.168.37.131:80:100,192.168.58.18:80:100,192.168.37.31:80:100,192.168.9.105:80:100,192.168.53.15:80:100,192.168.18.217:80:100,192.168.18.43:80:100,192.168.54.125:80:100,192.168.9.240:80:100,192.168.59.216:80:100,192.168.34.70:80:100,192.168.10.133:80:100,192.168.33.117:80:100,192.168.3.81:80:100", + "vip":"192.168.101.190" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.164:80:100,192.168.18.213:80:100,192.168.2.63:80:100,192.168.55.178:80:100,192.168.38.192:80:100,192.168.5.10:80:100,192.168.35.139:80:100,192.168.7.29:80:100,192.168.14.218:80:100,192.168.38.107:80:100,192.168.19.19:80:100,192.168.23.205:80:100,192.168.55.145:80:100,192.168.53.20:80:100,192.168.19.109:80:100,192.168.30.36:80:100,192.168.13.2:80:100,192.168.27.38:80:100,192.168.53.180:80:100,192.168.46.129:80:100,192.168.7.242:80:100,192.168.37.133:80:100,192.168.17.163:80:100,192.168.2.251:80:100,192.168.58.117:80:100,192.168.26.245:80:100,192.168.22.239:80:100,192.168.10.120:80:100,192.168.7.9:80:100,192.168.9.85:80:100,192.168.39.166:80:100,192.168.11.141:80:100,192.168.57.153:80:100,192.168.58.82:80:100,192.168.50.204:80:100,192.168.3.231:80:100,192.168.35.213:80:100,192.168.7.164:80:100,192.168.2.197:80:100,192.168.26.88:80:100,192.168.7.107:80:100,192.168.58.253:80:100,192.168.30.93:80:100,192.168.51.130:80:100,192.168.39.9:80:100,192.168.51.12:80:100,192.168.47.89:80:100,192.168.19.90:80:100,192.168.33.7:80:100,192.168.30.75:80:100,192.168.27.21:80:100,192.168.29.166:80:100,192.168.18.78:80:100,192.168.54.161:80:100,192.168.7.81:80:100,192.168.3.169:80:100,192.168.23.136:80:100,192.168.11.131:80:100,192.168.23.234:80:100,192.168.34.129:80:100,192.168.25.66:80:100,192.168.3.136:80:100,192.168.37.157:80:100,192.168.31.61:80:100,192.168.45.189:80:100,192.168.1.48:80:100,192.168.53.156:80:100,192.168.49.78:80:100,192.168.15.246:80:100,192.168.19.59:80:100,192.168.45.143:80:100,192.168.1.154:80:100,192.168.46.18:80:100,192.168.13.46:80:100", + "vip":"192.168.102.219" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.172:80:100", + "vip":"192.168.101.26" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.163:80:100,192.168.30.215:80:100,192.168.41.217:80:100,192.168.46.112:80:100,192.168.22.177:80:100,192.168.15.153:80:100", + "vip":"192.168.102.138" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.4:80:100,192.168.45.167:80:100,192.168.6.205:80:100", + "vip":"192.168.101.126" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.92:80:100,192.168.30.36:80:100,192.168.5.89:80:100,192.168.25.125:80:100,192.168.46.31:80:100,192.168.14.30:80:100,192.168.58.42:80:100,192.168.7.161:80:100,192.168.54.161:80:100,192.168.58.129:80:100,192.168.10.57:80:100,192.168.29.152:80:100,192.168.41.156:80:100,192.168.54.129:80:100,192.168.6.170:80:100", + "vip":"192.168.101.51" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.169:80:100,192.168.7.23:80:100,192.168.35.13:80:100", + "vip":"192.168.101.140" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.185:80:100,192.168.3.69:80:100,192.168.2.234:80:100,192.168.6.32:80:100", + "vip":"192.168.101.108" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.38:80:100,192.168.30.151:80:100,192.168.7.25:80:100,192.168.19.156:80:100,192.168.29.45:80:100,192.168.41.30:80:100", + "vip":"192.168.101.59" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.26.21:80:100,192.168.21.154:80:100,192.168.58.138:80:100", + "vip":"192.168.102.130" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.231:80:100,192.168.49.45:80:100,192.168.54.33:80:100,192.168.26.126:80:100,192.168.18.107:80:100", + "vip":"111.13.235.117" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.11:80:100,192.168.43.167:80:100,192.168.17.76:80:100,192.168.2.234:80:100,192.168.14.44:80:100,192.168.33.197:80:100,192.168.23.38:80:100,192.168.55.82:80:100,192.168.57.218:80:100,192.168.34.251:80:100,192.168.53.109:80:100,192.168.31.245:80:100,192.168.33.67:80:100,192.168.3.39:80:100,192.168.31.158:80:100,192.168.42.138:80:100,192.168.39.81:80:100,192.168.6.192:80:100,192.168.5.103:80:100,192.168.34.109:80:100,192.168.10.127:80:100", + "vip":"111.13.235.163" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.198:80:100,192.168.25.61:80:100,192.168.41.179:80:100,192.168.22.199:80:100", + "vip":"192.168.102.167" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.5:80:100,192.168.18.115:80:100,192.168.39.221:80:100,192.168.54.59:80:100,192.168.34.171:80:100,192.168.47.20:80:100,192.168.10.127:80:100,192.168.35.66:80:100,192.168.59.69:80:100,192.168.9.158:80:100,192.168.7.150:80:100,192.168.45.65:80:100,192.168.43.156:80:100,192.168.7.61:80:100,192.168.34.26:80:100,192.168.43.92:80:100,192.168.11.53:80:100,192.168.9.136:80:100,192.168.11.30:80:100,192.168.11.193:80:100,192.168.26.29:80:100,192.168.58.205:80:100,192.168.33.162:80:100,192.168.11.101:80:100,192.168.18.92:80:100,192.168.54.131:80:100,192.168.59.166:80:100,192.168.5.69:80:100,192.168.14.86:80:100,192.168.26.245:80:100,192.168.54.143:80:100,192.168.41.138:80:100,192.168.25.13:80:100,192.168.27.100:80:100,192.168.47.43:80:100,192.168.6.184:80:100,192.168.17.230:80:100,192.168.42.198:80:100,192.168.5.171:80:100,192.168.50.161:80:100,192.168.38.65:80:100,192.168.43.191:80:100,192.168.54.209:80:100,192.168.43.123:80:100,192.168.51.28:80:100,192.168.33.194:80:100,192.168.23.124:80:100,192.168.31.148:80:100,192.168.27.30:80:100,192.168.21.26:80:100,192.168.59.19:80:100,192.168.9.74:80:100,192.168.41.1:80:100,192.168.50.245:80:100,192.168.59.174:80:100,192.168.35.55:80:100,192.168.30.219:80:100,192.168.22.75:80:100,192.168.43.4:80:100,192.168.5.123:80:100,192.168.51.167:80:100,192.168.29.120:80:100,192.168.5.4:80:100,192.168.23.233:80:100,192.168.57.58:80:100,192.168.7.245:80:100,192.168.47.53:80:100,192.168.10.215:80:100,192.168.17.120:80:100,192.168.46.64:80:100,192.168.15.122:80:100,192.168.25.72:80:100,192.168.14.225:80:100,192.168.47.82:80:100,192.168.5.214:80:100,192.168.27.239:80:100,192.168.14.215:80:100,192.168.34.157:80:100,192.168.23.43:80:100,192.168.18.32:80:100,192.168.17.163:80:100,192.168.10.224:80:100,192.168.46.155:80:100,192.168.33.204:80:100,192.168.37.41:80:100,192.168.23.49:80:100,192.168.21.107:80:100,192.168.43.79:80:100,192.168.29.218:80:100,192.168.25.146:80:100,192.168.45.206:80:100,192.168.34.188:80:100,192.168.19.25:80:100,192.168.30.70:80:100,192.168.3.81:80:100,192.168.25.16:80:100", + "vip":"192.168.102.82" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.133:80:100,192.168.2.244:80:100", + "vip":"192.168.101.114" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.103:80:100,192.168.7.190:80:100,192.168.49.197:80:100", + "vip":"192.168.101.103" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.64:80:100,192.168.59.17:80:100", + "vip":"111.13.235.90" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.185:80:100", + "vip":"192.168.101.237" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.126:80:100,192.168.7.77:80:100,192.168.10.253:80:100,192.168.10.73:80:100,192.168.30.153:80:100,192.168.10.209:80:100,192.168.51.139:80:100,192.168.21.60:80:100,192.168.17.189:80:100,192.168.1.221:80:100,192.168.54.214:80:100,192.168.7.25:80:100,192.168.54.71:80:100,192.168.27.174:80:100,192.168.17.4:80:100,192.168.47.71:80:100,192.168.58.29:80:100,192.168.21.239:80:100,192.168.3.85:80:100,192.168.33.173:80:100,192.168.18.189:80:100,192.168.50.252:80:100,192.168.54.240:80:100,192.168.30.101:80:100,192.168.5.25:80:100,192.168.35.51:80:100,192.168.10.116:80:100,192.168.55.195:80:100,192.168.10.28:80:100,192.168.27.203:80:100,192.168.7.140:80:100,192.168.51.150:80:100,192.168.43.107:80:100,192.168.51.154:80:100,192.168.21.46:80:100,192.168.19.98:80:100,192.168.21.16:80:100,192.168.51.8:80:100,192.168.38.153:80:100,192.168.14.92:80:100,192.168.7.143:80:100,192.168.55.238:80:100", + "vip":"111.13.235.233" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.96:80:100,192.168.2.1:80:100,192.168.49.66:80:100", + "vip":"192.168.102.165" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.211:80:100,192.168.17.41:80:100,192.168.17.189:80:100,192.168.23.34:80:100,192.168.17.119:80:100,192.168.38.65:80:100", + "vip":"192.168.101.56" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.158:80:100,192.168.46.52:80:100,192.168.7.225:80:100,192.168.15.187:80:100,192.168.37.108:80:100", + "vip":"111.13.235.66" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.120:80:100", + "vip":"111.13.235.111" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.6:80:100,192.168.19.246:80:100,192.168.54.1:80:100", + "vip":"192.168.102.245" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.213:80:100,192.168.1.57:80:100,192.168.1.124:80:100,192.168.27.254:80:100,192.168.11.109:80:100,192.168.3.134:80:100,192.168.15.222:80:100,192.168.27.235:80:100", + "vip":"111.13.235.205" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.205:80:100,192.168.49.29:80:100,192.168.35.241:80:100,192.168.18.226:80:100,192.168.2.87:80:100,192.168.21.207:80:100,192.168.51.68:80:100,192.168.3.50:80:100,192.168.37.229:80:100,192.168.57.165:80:100", + "vip":"192.168.101.29" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.68:80:100,192.168.10.226:80:100,192.168.47.217:80:100", + "vip":"192.168.101.232" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.15:80:100,192.168.21.111:80:100,192.168.51.215:80:100", + "vip":"111.13.235.110" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.112:80:100,192.168.7.149:80:100,192.168.46.140:80:100,192.168.22.199:80:100,192.168.55.146:80:100,192.168.41.153:80:100,192.168.43.73:80:100,192.168.19.155:80:100,192.168.50.84:80:100,192.168.37.207:80:100,192.168.47.117:80:100,192.168.58.107:80:100,192.168.54.45:80:100,192.168.22.173:80:100,192.168.50.239:80:100,192.168.54.1:80:100,192.168.30.9:80:100,192.168.57.100:80:100,192.168.15.224:80:100,192.168.26.223:80:100,192.168.46.106:80:100,192.168.58.168:80:100,192.168.19.219:80:100,192.168.53.135:80:100,192.168.37.88:80:100,192.168.14.101:80:100,192.168.21.42:80:100,192.168.15.173:80:100,192.168.34.91:80:100,192.168.31.77:80:100,192.168.35.235:80:100,192.168.1.251:80:100,192.168.33.26:80:100,192.168.41.69:80:100,192.168.5.191:80:100,192.168.43.63:80:100,192.168.34.83:80:100,192.168.29.2:80:100,192.168.47.112:80:100,192.168.29.118:80:100,192.168.47.57:80:100,192.168.22.87:80:100,192.168.57.63:80:100,192.168.30.105:80:100,192.168.10.37:80:100,192.168.26.215:80:100,192.168.59.192:80:100,192.168.1.232:80:100,192.168.26.171:80:100,192.168.30.68:80:100,192.168.11.188:80:100,192.168.7.133:80:100,192.168.29.76:80:100,192.168.26.204:80:100,192.168.5.113:80:100,192.168.50.19:80:100,192.168.18.215:80:100,192.168.34.195:80:100,192.168.43.87:80:100,192.168.1.10:80:100,192.168.59.223:80:100,192.168.31.205:80:100,192.168.57.204:80:100,192.168.34.10:80:100,192.168.35.87:80:100,192.168.35.192:80:100,192.168.50.4:80:100,192.168.11.171:80:100,192.168.19.165:80:100,192.168.53.92:80:100,192.168.25.107:80:100,192.168.46.184:80:100,192.168.43.232:80:100,192.168.23.189:80:100,192.168.43.97:80:100,192.168.2.6:80:100,192.168.31.198:80:100,192.168.11.137:80:100,192.168.49.160:80:100,192.168.43.72:80:100,192.168.19.8:80:100,192.168.31.117:80:100,192.168.19.168:80:100,192.168.33.35:80:100,192.168.14.38:80:100,192.168.26.170:80:100,192.168.38.71:80:100,192.168.9.40:80:100,192.168.30.205:80:100,192.168.42.146:80:100,192.168.58.132:80:100,192.168.42.140:80:100,192.168.27.211:80:100,192.168.29.249:80:100,192.168.11.75:80:100,192.168.41.177:80:100,192.168.29.223:80:100,192.168.11.27:80:100,192.168.46.58:80:100,192.168.39.97:80:100,192.168.26.44:80:100,192.168.7.46:80:100,192.168.54.49:80:100,192.168.43.161:80:100,192.168.11.135:80:100,192.168.59.34:80:100,192.168.41.173:80:100,192.168.46.195:80:100,192.168.49.72:80:100,192.168.13.96:80:100,192.168.37.76:80:100,192.168.34.37:80:100,192.168.18.38:80:100,192.168.42.47:80:100,192.168.29.99:80:100,192.168.41.79:80:100,192.168.49.168:80:100,192.168.50.156:80:100,192.168.46.174:80:100,192.168.15.126:80:100,192.168.35.40:80:100,192.168.58.137:80:100,192.168.42.237:80:100,192.168.29.133:80:100,192.168.50.31:80:100,192.168.15.117:80:100,192.168.30.78:80:100,192.168.14.254:80:100,192.168.26.119:80:100,192.168.22.184:80:100,192.168.3.207:80:100,192.168.29.34:80:100,192.168.19.207:80:100,192.168.22.93:80:100,192.168.1.85:80:100,192.168.58.230:80:100,192.168.31.33:80:100,192.168.50.90:80:100,192.168.49.208:80:100,192.168.9.166:80:100,192.168.55.125:80:100,192.168.17.161:80:100,192.168.33.49:80:100,192.168.11.48:80:100,192.168.23.2:80:100,192.168.10.116:80:100,192.168.57.38:80:100,192.168.31.134:80:100,192.168.54.69:80:100,192.168.41.59:80:100,192.168.3.71:80:100,192.168.41.160:80:100,192.168.6.77:80:100,192.168.34.98:80:100,192.168.18.207:80:100,192.168.1.225:80:100,192.168.7.52:80:100,192.168.25.129:80:100,192.168.13.29:80:100,192.168.18.162:80:100,192.168.39.186:80:100,192.168.22.111:80:100", + "vip":"192.168.101.116" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.123:80:100,192.168.19.226:80:100,192.168.7.203:80:100", + "vip":"192.168.102.8" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.83:80:100,192.168.50.199:80:100,192.168.31.115:80:100,192.168.6.209:80:100,192.168.47.101:80:100,192.168.29.148:80:100,192.168.5.88:80:100,192.168.58.2:80:100", + "vip":"192.168.102.246" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.7.176:80:100,192.168.58.61:80:100,192.168.26.187:80:100,192.168.15.226:80:100,192.168.35.7:80:100,192.168.38.198:80:100", + "vip":"111.13.235.249" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.28:80:100,192.168.2.82:80:100", + "vip":"192.168.102.13" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.244:80:100,192.168.17.215:80:100,192.168.2.156:80:100", + "vip":"192.168.101.1" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.26:80:100,192.168.14.57:80:100,192.168.7.18:80:100,192.168.51.31:80:100,192.168.35.85:80:100,192.168.14.122:80:100,192.168.17.133:80:100,192.168.37.172:80:100,192.168.34.198:80:100,192.168.55.186:80:100,192.168.38.234:80:100,192.168.15.72:80:100,192.168.15.87:80:100", + "vip":"192.168.102.208" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.245:80:100,192.168.39.176:80:100,192.168.31.2:80:100", + "vip":"192.168.101.106" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.68:80:100,192.168.9.40:80:100,192.168.41.70:80:100", + "vip":"192.168.102.222" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.186:80:100,192.168.18.12:80:100,192.168.2.153:80:100", + "vip":"111.13.235.194" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.21:80:100", + "vip":"192.168.102.69" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.127:80:100,192.168.17.225:80:100,192.168.39.119:80:100,192.168.15.54:80:100,192.168.49.124:80:100,192.168.57.220:80:100,192.168.11.196:80:100,192.168.31.176:80:100,192.168.18.152:80:100", + "vip":"111.13.235.183" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.248:80:100", + "vip":"192.168.101.34" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.155:80:100,192.168.11.30:80:100,192.168.21.171:80:100,192.168.18.188:80:100,192.168.37.212:80:100,192.168.35.41:80:100", + "vip":"192.168.101.215" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.181:80:100,192.168.53.117:80:100,192.168.17.141:80:100", + "vip":"192.168.102.183" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.191:80:100,192.168.47.153:80:100", + "vip":"192.168.101.245" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.252:80:100,192.168.21.157:80:100,192.168.55.84:80:100,192.168.34.114:80:100,192.168.47.197:80:100,192.168.59.209:80:100,192.168.49.86:80:100,192.168.27.186:80:100,192.168.22.38:80:100,192.168.5.183:80:100,192.168.59.163:80:100,192.168.45.34:80:100,192.168.7.189:80:100,192.168.38.13:80:100,192.168.59.175:80:100,192.168.37.17:80:100,192.168.53.179:80:100,192.168.27.2:80:100,192.168.49.117:80:100,192.168.25.230:80:100,192.168.54.40:80:100,192.168.9.11:80:100,192.168.27.141:80:100,192.168.9.153:80:100,192.168.33.50:80:100,192.168.35.174:80:100,192.168.29.63:80:100,192.168.1.216:80:100,192.168.14.111:80:100,192.168.58.126:80:100,192.168.29.152:80:100,192.168.34.69:80:100,192.168.49.9:80:100,192.168.30.206:80:100,192.168.23.57:80:100,192.168.25.4:80:100,192.168.7.57:80:100,192.168.3.27:80:100,192.168.57.50:80:100,192.168.14.151:80:100,192.168.29.116:80:100,192.168.47.97:80:100,192.168.50.29:80:100,192.168.30.107:80:100,192.168.23.200:80:100,192.168.9.126:80:100,192.168.10.166:80:100,192.168.58.100:80:100,192.168.38.207:80:100,192.168.27.12:80:100,192.168.17.54:80:100,192.168.5.84:80:100,192.168.37.165:80:100,192.168.27.147:80:100,192.168.46.191:80:100,192.168.18.139:80:100,192.168.22.165:80:100,192.168.1.103:80:100,192.168.41.180:80:100,192.168.15.85:80:100,192.168.59.10:80:100,192.168.11.110:80:100,192.168.22.88:80:100,192.168.53.105:80:100,192.168.53.117:80:100,192.168.50.207:80:100,192.168.26.55:80:100,192.168.6.11:80:100,192.168.35.193:80:100,192.168.21.150:80:100,192.168.50.209:80:100,192.168.57.28:80:100,192.168.6.86:80:100,192.168.13.192:80:100,192.168.14.167:80:100,192.168.18.214:80:100,192.168.17.93:80:100,192.168.58.152:80:100,192.168.21.68:80:100,192.168.59.133:80:100,192.168.47.82:80:100,192.168.39.124:80:100,192.168.50.73:80:100,192.168.43.208:80:100,192.168.1.171:80:100,192.168.49.223:80:100,192.168.9.120:80:100,192.168.57.5:80:100,192.168.21.152:80:100,192.168.21.6:80:100,192.168.41.3:80:100,192.168.37.131:80:100,192.168.51.130:80:100,192.168.26.34:80:100,192.168.50.42:80:100,192.168.45.40:80:100,192.168.57.37:80:100,192.168.59.137:80:100,192.168.21.170:80:100,192.168.46.101:80:100,192.168.1.210:80:100,192.168.51.25:80:100,192.168.6.2:80:100,192.168.57.170:80:100", + "vip":"111.13.235.181" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.16:80:100", + "vip":"111.13.235.254" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.229:80:100,192.168.22.85:80:100", + "vip":"192.168.101.165" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.244:80:100,192.168.58.150:80:100,192.168.3.27:80:100,192.168.43.219:80:100,192.168.41.227:80:100,192.168.41.233:80:100,192.168.54.117:80:100,192.168.19.77:80:100,192.168.37.3:80:100,192.168.51.105:80:100", + "vip":"192.168.102.149" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.134:80:100,192.168.39.223:80:100,192.168.6.150:80:100,192.168.29.243:80:100,192.168.3.21:80:100,192.168.17.2:80:100,192.168.51.180:80:100,192.168.54.1:80:100,192.168.34.199:80:100,192.168.7.59:80:100,192.168.17.30:80:100,192.168.17.218:80:100,192.168.46.217:80:100,192.168.51.6:80:100,192.168.10.190:80:100,192.168.26.159:80:100,192.168.46.142:80:100,192.168.43.29:80:100,192.168.27.17:80:100,192.168.49.144:80:100,192.168.13.9:80:100,192.168.17.182:80:100,192.168.27.249:80:100,192.168.51.220:80:100,192.168.11.119:80:100,192.168.45.186:80:100,192.168.59.17:80:100,192.168.38.166:80:100,192.168.10.209:80:100,192.168.31.189:80:100,192.168.30.81:80:100,192.168.31.169:80:100,192.168.59.158:80:100,192.168.50.223:80:100,192.168.51.177:80:100,192.168.42.52:80:100,192.168.45.52:80:100,192.168.21.89:80:100,192.168.3.203:80:100,192.168.11.82:80:100,192.168.39.156:80:100,192.168.45.229:80:100,192.168.37.157:80:100,192.168.3.216:80:100,192.168.15.120:80:100,192.168.58.105:80:100,192.168.34.176:80:100,192.168.54.120:80:100,192.168.10.68:80:100,192.168.57.33:80:100,192.168.25.118:80:100,192.168.45.194:80:100,192.168.7.123:80:100,192.168.19.180:80:100,192.168.58.181:80:100,192.168.49.71:80:100,192.168.49.113:80:100,192.168.47.7:80:100,192.168.53.35:80:100,192.168.30.184:80:100,192.168.17.242:80:100,192.168.53.151:80:100,192.168.13.12:80:100,192.168.1.243:80:100,192.168.5.182:80:100,192.168.17.110:80:100,192.168.54.18:80:100,192.168.38.112:80:100,192.168.29.120:80:100,192.168.7.35:80:100,192.168.38.210:80:100,192.168.5.71:80:100,192.168.46.127:80:100,192.168.53.130:80:100,192.168.46.139:80:100,192.168.54.95:80:100,192.168.38.198:80:100,192.168.34.238:80:100,192.168.26.26:80:100,192.168.30.35:80:100,192.168.35.64:80:100,192.168.18.74:80:100,192.168.26.192:80:100,192.168.33.236:80:100,192.168.34.202:80:100,192.168.21.251:80:100,192.168.59.39:80:100,192.168.39.145:80:100,192.168.27.174:80:100,192.168.25.57:80:100,192.168.21.66:80:100,192.168.34.32:80:100,192.168.34.128:80:100,192.168.3.253:80:100,192.168.15.130:80:100,192.168.53.75:80:100,192.168.2.64:80:100,192.168.43.213:80:100,192.168.51.89:80:100,192.168.3.238:80:100", + "vip":"192.168.102.132" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.174:80:100,192.168.11.101:80:100,192.168.50.122:80:100", + "vip":"192.168.101.233" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.100:80:100,192.168.6.60:80:100,192.168.9.34:80:100", + "vip":"111.13.235.165" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.57:80:100,192.168.54.200:80:100", + "vip":"192.168.102.215" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.55:80:100,192.168.51.173:80:100", + "vip":"111.13.235.129" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.81:80:100,192.168.31.3:80:100", + "vip":"111.13.235.64" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.154:80:100,192.168.9.231:80:100,192.168.21.59:80:100,192.168.59.70:80:100", + "vip":"111.13.235.118" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.62:80:100", + "vip":"111.13.235.253" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.72:80:100,192.168.55.225:80:100,192.168.9.203:80:100,192.168.27.184:80:100,192.168.27.89:80:100,192.168.26.71:80:100,192.168.55.107:80:100,192.168.46.79:80:100,192.168.26.150:80:100,192.168.35.30:80:100,192.168.47.11:80:100,192.168.51.55:80:100,192.168.39.81:80:100,192.168.11.65:80:100,192.168.45.65:80:100", + "vip":"192.168.102.182" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.98:80:100,192.168.17.11:80:100", + "vip":"192.168.102.34" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.63:80:100,192.168.27.147:80:100", + "vip":"192.168.101.183" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.11:80:100", + "vip":"192.168.101.162" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.131:80:100", + "vip":"192.168.102.107" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.98:80:100,192.168.31.88:80:100,192.168.1.105:80:100,192.168.45.80:80:100,192.168.37.249:80:100,192.168.50.23:80:100,192.168.3.50:80:100,192.168.41.123:80:100", + "vip":"192.168.101.192" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.209:80:100,192.168.10.111:80:100,192.168.35.31:80:100,192.168.34.120:80:100,192.168.35.99:80:100,192.168.38.116:80:100,192.168.59.122:80:100,192.168.19.205:80:100", + "vip":"192.168.101.84" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.162:80:100,192.168.14.180:80:100,192.168.5.76:80:100,192.168.46.160:80:100,192.168.35.93:80:100", + "vip":"111.13.235.188" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.196:80:100,192.168.26.151:80:100", + "vip":"192.168.101.146" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.27:80:100,192.168.6.159:80:100,192.168.5.241:80:100", + "vip":"111.13.235.144" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.213:80:100", + "vip":"192.168.101.77" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.4:80:100,192.168.51.83:80:100,192.168.53.245:80:100,192.168.35.103:80:100,192.168.7.71:80:100,192.168.13.188:80:100,192.168.19.83:80:100,192.168.49.173:80:100,192.168.5.139:80:100,192.168.49.33:80:100,192.168.7.84:80:100,192.168.54.126:80:100,192.168.29.51:80:100,192.168.25.59:80:100,192.168.37.112:80:100,192.168.54.252:80:100,192.168.39.159:80:100,192.168.30.54:80:100,192.168.17.95:80:100,192.168.43.231:80:100,192.168.17.202:80:100,192.168.25.181:80:100,192.168.22.168:80:100,192.168.50.120:80:100,192.168.17.36:80:100,192.168.9.238:80:100,192.168.42.195:80:100,192.168.31.142:80:100,192.168.41.120:80:100,192.168.51.205:80:100,192.168.39.1:80:100,192.168.39.204:80:100,192.168.10.49:80:100,192.168.57.153:80:100,192.168.49.86:80:100,192.168.10.32:80:100,192.168.7.14:80:100,192.168.29.221:80:100,192.168.17.77:80:100,192.168.33.224:80:100,192.168.11.186:80:100,192.168.31.16:80:100,192.168.35.84:80:100,192.168.31.31:80:100,192.168.15.175:80:100,192.168.45.200:80:100,192.168.41.77:80:100,192.168.57.164:80:100,192.168.30.23:80:100,192.168.49.109:80:100,192.168.22.207:80:100,192.168.2.7:80:100,192.168.17.133:80:100,192.168.14.170:80:100,192.168.49.24:80:100,192.168.13.107:80:100,192.168.10.215:80:100,192.168.7.18:80:100,192.168.17.194:80:100,192.168.2.125:80:100,192.168.58.34:80:100,192.168.39.232:80:100,192.168.58.182:80:100,192.168.9.73:80:100,192.168.9.71:80:100,192.168.50.251:80:100,192.168.7.15:80:100,192.168.59.132:80:100,192.168.15.218:80:100,192.168.14.203:80:100,192.168.7.177:80:100", + "vip":"111.13.235.186" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.96:80:100,192.168.38.139:80:100,192.168.9.160:80:100,192.168.21.53:80:100", + "vip":"192.168.102.104" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.74:80:100", + "vip":"111.13.235.209" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.213:80:100,192.168.59.198:80:100,192.168.57.18:80:100,192.168.34.240:80:100", + "vip":"111.13.235.184" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.187:80:100,192.168.17.27:80:100", + "vip":"192.168.101.247" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.239:80:100,192.168.5.155:80:100,192.168.18.214:80:100,192.168.31.129:80:100,192.168.26.122:80:100,192.168.13.134:80:100,192.168.47.76:80:100,192.168.14.186:80:100,192.168.27.70:80:100,192.168.47.159:80:100,192.168.10.127:80:100", + "vip":"192.168.102.140" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.205:80:100,192.168.25.167:80:100", + "vip":"192.168.102.228" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.194:80:100", + "vip":"192.168.101.149" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.65:80:100", + "vip":"111.13.235.222" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.130:80:100,192.168.2.1:80:100,192.168.21.206:80:100,192.168.15.42:80:100,192.168.58.47:80:100,192.168.21.157:80:100,192.168.43.63:80:100,192.168.26.193:80:100,192.168.26.206:80:100,192.168.2.171:80:100,192.168.53.103:80:100,192.168.43.48:80:100,192.168.54.92:80:100,192.168.17.53:80:100,192.168.50.33:80:100,192.168.18.213:80:100,192.168.7.87:80:100,192.168.10.121:80:100,192.168.38.216:80:100,192.168.11.24:80:100,192.168.25.31:80:100,192.168.42.250:80:100,192.168.14.143:80:100,192.168.5.168:80:100,192.168.21.19:80:100,192.168.9.138:80:100,192.168.23.243:80:100,192.168.22.132:80:100,192.168.47.136:80:100,192.168.13.52:80:100,192.168.15.19:80:100,192.168.15.153:80:100,192.168.53.8:80:100,192.168.43.183:80:100,192.168.23.241:80:100,192.168.46.175:80:100,192.168.6.56:80:100,192.168.10.148:80:100,192.168.45.59:80:100,192.168.30.187:80:100,192.168.18.171:80:100,192.168.55.123:80:100,192.168.1.3:80:100,192.168.5.137:80:100,192.168.33.228:80:100,192.168.34.178:80:100,192.168.29.167:80:100,192.168.27.212:80:100,192.168.34.237:80:100,192.168.18.52:80:100,192.168.57.196:80:100,192.168.5.229:80:100,192.168.45.106:80:100,192.168.37.145:80:100,192.168.21.175:80:100,192.168.5.213:80:100,192.168.41.84:80:100,192.168.31.184:80:100,192.168.53.15:80:100,192.168.10.4:80:100,192.168.29.50:80:100,192.168.1.70:80:100,192.168.49.64:80:100,192.168.9.198:80:100,192.168.31.198:80:100,192.168.57.137:80:100,192.168.41.106:80:100,192.168.21.13:80:100,192.168.10.68:80:100,192.168.1.149:80:100,192.168.17.229:80:100,192.168.43.39:80:100,192.168.50.20:80:100,192.168.54.253:80:100,192.168.55.144:80:100,192.168.29.57:80:100,192.168.47.11:80:100,192.168.1.102:80:100,192.168.49.193:80:100,192.168.39.76:80:100,192.168.30.209:80:100,192.168.18.244:80:100,192.168.15.52:80:100,192.168.3.139:80:100,192.168.47.246:80:100,192.168.42.253:80:100,192.168.15.203:80:100,192.168.19.96:80:100,192.168.19.199:80:100,192.168.37.64:80:100,192.168.27.227:80:100,192.168.42.209:80:100,192.168.54.220:80:100,192.168.33.75:80:100,192.168.39.244:80:100,192.168.41.32:80:100,192.168.13.1:80:100,192.168.43.122:80:100,192.168.2.33:80:100,192.168.46.214:80:100,192.168.33.64:80:100,192.168.25.140:80:100,192.168.19.213:80:100,192.168.2.219:80:100,192.168.6.107:80:100,192.168.13.42:80:100,192.168.3.183:80:100,192.168.37.137:80:100,192.168.29.71:80:100,192.168.37.85:80:100,192.168.6.112:80:100,192.168.49.58:80:100,192.168.9.47:80:100,192.168.30.150:80:100", + "vip":"192.168.102.195" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.74:80:100,192.168.59.244:80:100,192.168.3.66:80:100", + "vip":"192.168.101.104" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.242:80:100,192.168.45.145:80:100,192.168.37.136:80:100,192.168.25.118:80:100,192.168.15.177:80:100,192.168.47.244:80:100,192.168.51.119:80:100,192.168.11.235:80:100,192.168.29.46:80:100", + "vip":"192.168.101.234" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.123:80:100,192.168.39.26:80:100,192.168.57.157:80:100,192.168.58.148:80:100,192.168.1.43:80:100,192.168.7.47:80:100,192.168.13.219:80:100,192.168.46.122:80:100", + "vip":"111.13.235.201" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.7.191:80:100,192.168.17.146:80:100,192.168.57.116:80:100,192.168.18.141:80:100", + "vip":"192.168.101.195" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.62:80:100", + "vip":"192.168.101.47" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.142:80:100,192.168.38.26:80:100,192.168.43.157:80:100", + "vip":"192.168.101.253" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.74:80:100,192.168.51.80:80:100,192.168.41.234:80:100,192.168.34.61:80:100,192.168.5.23:80:100,192.168.27.97:80:100,192.168.26.25:80:100,192.168.5.221:80:100,192.168.22.41:80:100,192.168.22.234:80:100,192.168.57.76:80:100,192.168.6.239:80:100,192.168.29.159:80:100,192.168.46.40:80:100,192.168.18.250:80:100,192.168.21.165:80:100,192.168.57.242:80:100,192.168.51.15:80:100,192.168.21.83:80:100", + "vip":"192.168.102.50" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.190:80:100,192.168.21.136:80:100,192.168.11.137:80:100", + "vip":"192.168.101.222" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.188:80:100,192.168.29.145:80:100,192.168.29.235:80:100,192.168.17.114:80:100,192.168.30.14:80:100,192.168.17.73:80:100", + "vip":"192.168.101.197" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.135:80:100,192.168.14.239:80:100,192.168.45.28:80:100", + "vip":"192.168.102.31" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.112:80:100,192.168.57.158:80:100,192.168.38.251:80:100", + "vip":"192.168.102.168" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.196:80:100", + "vip":"192.168.101.95" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.114:80:100", + "vip":"192.168.101.89" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.47:80:100,192.168.29.14:80:100,192.168.31.134:80:100", + "vip":"192.168.101.251" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.224:80:100", + "vip":"192.168.101.144" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.39:80:100", + "vip":"192.168.101.96" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.222:80:100,192.168.53.11:80:100,192.168.15.103:80:100,192.168.22.173:80:100,192.168.13.209:80:100,192.168.38.113:80:100,192.168.9.158:80:100,192.168.27.242:80:100,192.168.42.200:80:100,192.168.57.124:80:100,192.168.41.152:80:100,192.168.29.178:80:100,192.168.19.36:80:100,192.168.17.151:80:100,192.168.2.209:80:100,192.168.58.26:80:100,192.168.42.218:80:100,192.168.58.102:80:100,192.168.1.119:80:100,192.168.45.203:80:100,192.168.21.19:80:100,192.168.54.40:80:100,192.168.45.5:80:100,192.168.58.49:80:100,192.168.47.51:80:100,192.168.46.248:80:100,192.168.17.219:80:100,192.168.31.16:80:100,192.168.54.131:80:100,192.168.22.44:80:100,192.168.55.96:80:100,192.168.23.77:80:100,192.168.21.30:80:100,192.168.54.92:80:100,192.168.39.117:80:100,192.168.58.142:80:100,192.168.54.181:80:100,192.168.41.52:80:100,192.168.59.4:80:100,192.168.35.87:80:100,192.168.18.63:80:100,192.168.53.15:80:100,192.168.27.121:80:100,192.168.39.93:80:100,192.168.35.13:80:100,192.168.1.73:80:100,192.168.33.95:80:100,192.168.5.112:80:100,192.168.57.128:80:100,192.168.33.240:80:100,192.168.14.53:80:100,192.168.53.119:80:100,192.168.7.166:80:100,192.168.10.137:80:100,192.168.38.171:80:100,192.168.30.125:80:100,192.168.14.36:80:100,192.168.10.215:80:100,192.168.53.130:80:100,192.168.38.79:80:100,192.168.5.27:80:100,192.168.15.126:80:100,192.168.47.38:80:100,192.168.41.112:80:100,192.168.50.203:80:100,192.168.26.192:80:100,192.168.10.51:80:100,192.168.6.31:80:100,192.168.50.185:80:100,192.168.43.207:80:100,192.168.46.222:80:100,192.168.39.150:80:100,192.168.30.4:80:100,192.168.6.48:80:100,192.168.51.13:80:100,192.168.27.143:80:100,192.168.45.72:80:100,192.168.58.160:80:100,192.168.58.213:80:100,192.168.50.101:80:100,192.168.18.180:80:100,192.168.55.244:80:100,192.168.30.206:80:100,192.168.53.178:80:100,192.168.23.98:80:100,192.168.5.163:80:100,192.168.9.221:80:100,192.168.23.24:80:100,192.168.2.246:80:100,192.168.27.216:80:100,192.168.3.111:80:100", + "vip":"111.13.235.149" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.147:80:100,192.168.59.200:80:100,192.168.34.67:80:100,192.168.21.71:80:100", + "vip":"111.13.235.138" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.161:80:100", + "vip":"192.168.101.208" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.54:80:100,192.168.19.9:80:100,192.168.13.82:80:100,192.168.14.179:80:100,192.168.58.83:80:100,192.168.9.36:80:100", + "vip":"192.168.102.201" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.160:80:100,192.168.2.40:80:100,192.168.47.180:80:100,192.168.49.73:80:100", + "vip":"111.13.235.113" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.173:80:100,192.168.27.144:80:100,192.168.26.109:80:100", + "vip":"111.13.235.167" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.39:80:100", + "vip":"111.13.235.196" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.24:80:100,192.168.58.236:80:100,192.168.41.47:80:100,192.168.10.127:80:100", + "vip":"192.168.101.136" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.140:80:100,192.168.6.21:80:100,192.168.26.200:80:100,192.168.2.138:80:100", + "vip":"192.168.102.161" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.184:80:100", + "vip":"111.13.235.189" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.110:80:100,192.168.59.205:80:100,192.168.25.26:80:100,192.168.3.27:80:100,192.168.57.105:80:100,192.168.54.168:80:100", + "vip":"111.13.235.251" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.27:80:100,192.168.55.38:80:100,192.168.14.83:80:100,192.168.26.173:80:100,192.168.9.84:80:100,192.168.42.90:80:100,192.168.14.237:80:100,192.168.29.162:80:100,192.168.41.145:80:100", + "vip":"192.168.102.118" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.26.172:80:100", + "vip":"192.168.101.69" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.114:80:100", + "vip":"192.168.101.236" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.33:80:100", + "vip":"111.13.235.227" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.221:80:100,192.168.25.238:80:100", + "vip":"111.13.235.67" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.105:80:100", + "vip":"192.168.101.178" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.172:80:100,192.168.51.131:80:100,192.168.51.35:80:100", + "vip":"111.13.235.152" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.43:80:100", + "vip":"111.13.235.203" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.126:80:100,192.168.41.5:80:100,192.168.57.70:80:100,192.168.27.57:80:100,192.168.2.44:80:100", + "vip":"192.168.102.196" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.69:80:100,192.168.25.17:80:100,192.168.53.172:80:100,192.168.25.228:80:100,192.168.6.104:80:100,192.168.11.94:80:100,192.168.37.202:80:100,192.168.26.51:80:100,192.168.5.198:80:100,192.168.38.105:80:100,192.168.37.213:80:100,192.168.29.167:80:100", + "vip":"192.168.101.45" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.7.172:80:100,192.168.49.223:80:100", + "vip":"192.168.101.227" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.120:80:100,192.168.2.53:80:100", + "vip":"192.168.101.120" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.139:80:100,192.168.26.223:80:100,192.168.15.220:80:100,192.168.39.151:80:100,192.168.29.157:80:100,192.168.3.146:80:100,192.168.46.117:80:100", + "vip":"192.168.102.74" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.208:80:100,192.168.47.119:80:100,192.168.50.26:80:100,192.168.25.241:80:100", + "vip":"192.168.101.159" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.118:80:100,192.168.13.21:80:100,192.168.25.57:80:100,192.168.55.84:80:100,192.168.47.64:80:100,192.168.31.35:80:100,192.168.53.105:80:100,192.168.15.250:80:100,192.168.29.33:80:100,192.168.34.98:80:100,192.168.22.29:80:100,192.168.42.87:80:100,192.168.7.127:80:100,192.168.13.92:80:100,192.168.38.222:80:100,192.168.55.130:80:100,192.168.18.109:80:100,192.168.9.4:80:100,192.168.45.131:80:100,192.168.30.190:80:100", + "vip":"192.168.102.106" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.38:80:100,192.168.41.229:80:100,192.168.47.16:80:100,192.168.21.132:80:100,192.168.19.24:80:100,192.168.43.115:80:100,192.168.54.196:80:100,192.168.10.214:80:100,192.168.1.92:80:100,192.168.21.201:80:100,192.168.1.246:80:100,192.168.47.76:80:100,192.168.11.141:80:100,192.168.26.75:80:100,192.168.1.206:80:100,192.168.51.198:80:100,192.168.22.138:80:100,192.168.15.234:80:100", + "vip":"111.13.235.182" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.7.165:80:100,192.168.31.151:80:100,192.168.6.158:80:100", + "vip":"192.168.102.173" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.82:80:100,192.168.34.28:80:100,192.168.47.178:80:100,192.168.39.65:80:100,192.168.3.25:80:100,192.168.38.122:80:100,192.168.43.20:80:100,192.168.39.166:80:100,192.168.53.235:80:100,192.168.13.243:80:100,192.168.21.56:80:100,192.168.54.249:80:100,192.168.17.227:80:100,192.168.46.186:80:100,192.168.43.216:80:100,192.168.19.62:80:100,192.168.6.243:80:100,192.168.47.144:80:100,192.168.57.132:80:100,192.168.30.50:80:100,192.168.9.218:80:100,192.168.18.123:80:100,192.168.27.151:80:100,192.168.47.74:80:100,192.168.58.201:80:100,192.168.27.60:80:100,192.168.17.4:80:100,192.168.1.28:80:100,192.168.17.143:80:100,192.168.27.240:80:100,192.168.7.164:80:100,192.168.53.143:80:100,192.168.13.77:80:100,192.168.25.139:80:100,192.168.11.85:80:100,192.168.13.61:80:100,192.168.29.95:80:100,192.168.15.54:80:100,192.168.18.22:80:100,192.168.41.194:80:100,192.168.27.6:80:100,192.168.58.6:80:100,192.168.1.144:80:100,192.168.42.169:80:100,192.168.41.136:80:100,192.168.37.183:80:100,192.168.29.33:80:100,192.168.38.207:80:100,192.168.59.193:80:100,192.168.42.226:80:100,192.168.5.223:80:100,192.168.21.193:80:100,192.168.19.61:80:100,192.168.23.87:80:100,192.168.25.223:80:100,192.168.51.234:80:100", + "vip":"192.168.102.171" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.142:80:100,192.168.53.206:80:100", + "vip":"192.168.102.142" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.1:80:100,192.168.5.8:80:100,192.168.1.250:80:100,192.168.11.2:80:100,192.168.23.112:80:100,192.168.53.102:80:100,192.168.7.41:80:100,192.168.25.105:80:100,192.168.13.91:80:100,192.168.18.218:80:100,192.168.6.188:80:100,192.168.17.247:80:100,192.168.21.61:80:100", + "vip":"192.168.101.49" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.148:80:100,192.168.11.168:80:100,192.168.51.190:80:100", + "vip":"192.168.101.16" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.95:80:100,192.168.46.112:80:100,192.168.41.10:80:100,192.168.57.147:80:100,192.168.51.77:80:100,192.168.6.174:80:100,192.168.17.227:80:100,192.168.27.33:80:100,192.168.59.80:80:100", + "vip":"192.168.101.107" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.7.173:80:100,192.168.31.233:80:100,192.168.21.102:80:100,192.168.3.203:80:100,192.168.45.171:80:100,192.168.19.35:80:100,192.168.19.141:80:100,192.168.50.96:80:100,192.168.35.208:80:100,192.168.14.137:80:100,192.168.1.222:80:100,192.168.27.58:80:100,192.168.3.89:80:100,192.168.37.63:80:100,192.168.1.241:80:100,192.168.43.140:80:100,192.168.23.149:80:100,192.168.15.101:80:100,192.168.30.109:80:100,192.168.51.210:80:100,192.168.47.81:80:100,192.168.13.252:80:100,192.168.47.164:80:100,192.168.22.49:80:100,192.168.46.220:80:100,192.168.13.204:80:100,192.168.26.120:80:100,192.168.1.55:80:100,192.168.21.78:80:100,192.168.58.110:80:100,192.168.39.61:80:100,192.168.25.107:80:100,192.168.25.224:80:100,192.168.26.179:80:100,192.168.10.86:80:100,192.168.18.84:80:100,192.168.26.230:80:100,192.168.25.144:80:100,192.168.22.15:80:100,192.168.17.138:80:100,192.168.33.189:80:100,192.168.34.161:80:100,192.168.57.170:80:100", + "vip":"192.168.102.61" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.27:80:100,192.168.30.238:80:100,192.168.54.84:80:100,192.168.23.192:80:100", + "vip":"192.168.102.147" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.184:80:100,192.168.14.105:80:100,192.168.35.101:80:100,192.168.37.191:80:100", + "vip":"192.168.102.2" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.230:80:100,192.168.26.37:80:100,192.168.51.166:80:100,192.168.6.123:80:100,192.168.41.212:80:100,192.168.18.85:80:100,192.168.49.247:80:100,192.168.18.88:80:100", + "vip":"111.13.235.95" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.44:80:100,192.168.49.73:80:100", + "vip":"192.168.102.85" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.59:80:100,192.168.49.176:80:100,192.168.34.179:80:100,192.168.1.101:80:100,192.168.26.231:80:100,192.168.3.172:80:100,192.168.46.165:80:100", + "vip":"192.168.102.176" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.231:80:100,192.168.41.54:80:100,192.168.41.218:80:100,192.168.50.94:80:100,192.168.6.223:80:100,192.168.38.233:80:100,192.168.22.18:80:100,192.168.42.211:80:100,192.168.15.209:80:100,192.168.21.119:80:100,192.168.2.141:80:100,192.168.43.152:80:100,192.168.25.77:80:100,192.168.45.6:80:100,192.168.7.222:80:100,192.168.11.131:80:100", + "vip":"111.13.235.97" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.6:80:100,192.168.57.96:80:100,192.168.23.113:80:100,192.168.50.154:80:100", + "vip":"111.13.235.119" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.2:80:100", + "vip":"192.168.101.38" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.97:80:100", + "vip":"192.168.101.225" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.193:80:100,192.168.9.185:80:100,192.168.21.252:80:100,192.168.45.163:80:100,192.168.2.26:80:100,192.168.19.72:80:100,192.168.51.250:80:100", + "vip":"192.168.102.53" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.8:80:100,192.168.49.177:80:100,192.168.39.138:80:100,192.168.34.46:80:100", + "vip":"192.168.101.119" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.117:80:100,192.168.19.9:80:100", + "vip":"192.168.101.198" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.221:80:100,192.168.21.82:80:100,192.168.50.185:80:100,192.168.54.59:80:100,192.168.57.205:80:100,192.168.25.96:80:100,192.168.10.31:80:100,192.168.53.173:80:100,192.168.5.111:80:100,192.168.23.85:80:100,192.168.27.164:80:100,192.168.43.229:80:100,192.168.49.194:80:100,192.168.2.217:80:100,192.168.18.213:80:100,192.168.5.129:80:100,192.168.14.25:80:100,192.168.30.167:80:100,192.168.54.86:80:100,192.168.54.247:80:100,192.168.21.94:80:100,192.168.51.133:80:100,192.168.18.66:80:100,192.168.25.118:80:100,192.168.45.124:80:100,192.168.23.201:80:100,192.168.53.203:80:100,192.168.5.160:80:100,192.168.43.188:80:100,192.168.50.94:80:100,192.168.43.183:80:100,192.168.38.56:80:100,192.168.15.38:80:100,192.168.38.34:80:100,192.168.21.250:80:100,192.168.1.120:80:100,192.168.14.102:80:100,192.168.19.223:80:100,192.168.54.217:80:100,192.168.31.219:80:100,192.168.10.254:80:100,192.168.50.84:80:100,192.168.59.241:80:100,192.168.53.20:80:100,192.168.33.226:80:100,192.168.25.217:80:100,192.168.34.165:80:100,192.168.21.184:80:100,192.168.42.143:80:100,192.168.15.167:80:100,192.168.57.30:80:100,192.168.6.158:80:100,192.168.58.142:80:100,192.168.25.253:80:100,192.168.45.178:80:100,192.168.30.95:80:100,192.168.25.132:80:100,192.168.41.21:80:100,192.168.34.166:80:100,192.168.11.171:80:100,192.168.45.199:80:100,192.168.9.133:80:100,192.168.37.157:80:100,192.168.11.15:80:100,192.168.6.108:80:100,192.168.46.174:80:100,192.168.37.231:80:100,192.168.59.214:80:100,192.168.38.201:80:100,192.168.47.243:80:100,192.168.2.250:80:100,192.168.18.114:80:100,192.168.30.108:80:100,192.168.13.17:80:100,192.168.15.37:80:100,192.168.54.253:80:100,192.168.25.43:80:100,192.168.19.214:80:100,192.168.37.190:80:100,192.168.17.193:80:100,192.168.11.87:80:100,192.168.26.177:80:100,192.168.51.60:80:100,192.168.51.203:80:100,192.168.25.6:80:100,192.168.6.59:80:100,192.168.57.67:80:100,192.168.34.204:80:100,192.168.50.49:80:100,192.168.57.231:80:100,192.168.21.25:80:100,192.168.1.39:80:100,192.168.14.106:80:100,192.168.27.248:80:100,192.168.37.89:80:100,192.168.27.244:80:100,192.168.50.11:80:100,192.168.26.105:80:100,192.168.37.149:80:100,192.168.34.82:80:100,192.168.21.56:80:100,192.168.35.163:80:100,192.168.34.78:80:100,192.168.1.244:80:100,192.168.14.180:80:100,192.168.25.70:80:100,192.168.22.105:80:100,192.168.51.68:80:100,192.168.22.149:80:100,192.168.30.131:80:100,192.168.3.26:80:100,192.168.33.20:80:100,192.168.2.88:80:100,192.168.2.49:80:100,192.168.33.224:80:100,192.168.58.213:80:100,192.168.10.62:80:100,192.168.42.27:80:100,192.168.30.91:80:100,192.168.13.215:80:100,192.168.26.188:80:100,192.168.43.93:80:100,192.168.34.103:80:100,192.168.31.253:80:100,192.168.7.155:80:100,192.168.13.237:80:100,192.168.21.112:80:100,192.168.46.226:80:100,192.168.31.37:80:100,192.168.7.52:80:100,192.168.25.78:80:100,192.168.5.239:80:100,192.168.9.81:80:100,192.168.45.87:80:100,192.168.14.164:80:100", + "vip":"192.168.102.211" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.85:80:100", + "vip":"192.168.102.194" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.147:80:100,192.168.1.213:80:100,192.168.30.98:80:100", + "vip":"192.168.102.101" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.84:80:100,192.168.59.215:80:100", + "vip":"192.168.102.68" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.44:80:100,192.168.42.101:80:100,192.168.58.81:80:100,192.168.5.1:80:100,192.168.19.105:80:100,192.168.33.128:80:100,192.168.35.174:80:100,192.168.11.71:80:100,192.168.29.115:80:100,192.168.9.60:80:100,192.168.39.18:80:100,192.168.17.80:80:100,192.168.1.149:80:100,192.168.10.241:80:100,192.168.45.103:80:100,192.168.27.122:80:100,192.168.57.160:80:100,192.168.34.224:80:100,192.168.47.251:80:100,192.168.21.113:80:100,192.168.29.129:80:100,192.168.18.55:80:100,192.168.15.8:80:100,192.168.39.106:80:100,192.168.42.124:80:100,192.168.42.194:80:100,192.168.26.69:80:100,192.168.1.151:80:100,192.168.18.20:80:100,192.168.57.34:80:100,192.168.15.57:80:100,192.168.29.182:80:100,192.168.34.216:80:100,192.168.9.92:80:100,192.168.55.114:80:100,192.168.3.8:80:100,192.168.59.6:80:100,192.168.59.72:80:100,192.168.33.175:80:100,192.168.23.188:80:100,192.168.27.217:80:100,192.168.31.20:80:100,192.168.45.108:80:100,192.168.25.38:80:100,192.168.38.95:80:100,192.168.47.37:80:100,192.168.3.109:80:100,192.168.31.178:80:100,192.168.3.214:80:100,192.168.6.78:80:100,192.168.11.147:80:100,192.168.53.205:80:100,192.168.21.55:80:100,192.168.34.200:80:100,192.168.59.102:80:100,192.168.18.185:80:100,192.168.53.98:80:100,192.168.7.155:80:100,192.168.29.122:80:100,192.168.49.58:80:100,192.168.42.103:80:100,192.168.34.107:80:100,192.168.31.239:80:100,192.168.55.86:80:100,192.168.30.197:80:100,192.168.38.96:80:100,192.168.9.16:80:100,192.168.9.221:80:100,192.168.53.25:80:100,192.168.50.10:80:100,192.168.41.35:80:100,192.168.51.103:80:100,192.168.42.36:80:100,192.168.38.30:80:100", + "vip":"192.168.102.38" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.168:80:100,192.168.31.163:80:100,192.168.45.215:80:100,192.168.51.195:80:100,192.168.31.22:80:100,192.168.1.155:80:100,192.168.17.118:80:100,192.168.6.225:80:100,192.168.22.62:80:100", + "vip":"192.168.101.125" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.170:80:100,192.168.55.195:80:100", + "vip":"192.168.102.76" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.225:80:100,192.168.45.72:80:100,192.168.39.237:80:100", + "vip":"192.168.102.70" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.226:80:100,192.168.43.182:80:100,192.168.1.161:80:100", + "vip":"192.168.102.80" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.231:80:100,192.168.33.229:80:100,192.168.58.182:80:100,192.168.11.62:80:100,192.168.55.11:80:100,192.168.25.59:80:100,192.168.11.172:80:100,192.168.7.20:80:100", + "vip":"111.13.235.88" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.234:80:100,192.168.53.229:80:100,192.168.41.190:80:100,192.168.49.66:80:100,192.168.5.242:80:100,192.168.42.15:80:100,192.168.46.33:80:100,192.168.37.62:80:100", + "vip":"192.168.102.148" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.229:80:100,192.168.51.28:80:100,192.168.34.153:80:100,192.168.23.136:80:100", + "vip":"192.168.102.11" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.93:80:100,192.168.5.232:80:100", + "vip":"111.13.235.180" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.146:80:100,192.168.15.123:80:100,192.168.6.71:80:100,192.168.15.207:80:100,192.168.37.223:80:100,192.168.35.147:80:100,192.168.57.193:80:100", + "vip":"111.13.235.191" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.116:80:100,192.168.58.93:80:100", + "vip":"192.168.102.37" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.166:80:100,192.168.17.109:80:100,192.168.57.233:80:100,192.168.49.236:80:100,192.168.50.120:80:100,192.168.18.21:80:100,192.168.17.239:80:100,192.168.34.42:80:100,192.168.50.42:80:100,192.168.59.161:80:100,192.168.13.5:80:100,192.168.21.151:80:100,192.168.18.216:80:100", + "vip":"192.168.102.163" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.109:80:100,192.168.6.91:80:100,192.168.3.128:80:100,192.168.22.144:80:100", + "vip":"192.168.102.64" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.122:80:100,192.168.39.173:80:100,192.168.53.165:80:100,192.168.9.17:80:100,192.168.58.88:80:100,192.168.46.213:80:100,192.168.6.225:80:100", + "vip":"192.168.102.141" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.65:80:100,192.168.15.147:80:100,192.168.9.230:80:100,192.168.58.147:80:100,192.168.33.139:80:100,192.168.29.13:80:100,192.168.59.184:80:100,192.168.15.221:80:100,192.168.14.187:80:100,192.168.15.80:80:100,192.168.55.6:80:100,192.168.25.187:80:100,192.168.45.28:80:100,192.168.15.165:80:100,192.168.55.171:80:100,192.168.3.174:80:100,192.168.21.146:80:100,192.168.26.7:80:100,192.168.19.107:80:100,192.168.50.6:80:100,192.168.6.165:80:100,192.168.39.201:80:100,192.168.21.250:80:100,192.168.57.218:80:100,192.168.7.122:80:100,192.168.43.148:80:100,192.168.58.126:80:100,192.168.7.207:80:100,192.168.47.159:80:100,192.168.31.169:80:100,192.168.46.134:80:100,192.168.39.117:80:100,192.168.1.107:80:100,192.168.7.73:80:100,192.168.5.203:80:100,192.168.19.71:80:100,192.168.50.141:80:100,192.168.51.138:80:100,192.168.25.18:80:100,192.168.25.17:80:100,192.168.17.55:80:100,192.168.47.15:80:100,192.168.43.161:80:100,192.168.33.138:80:100,192.168.33.249:80:100,192.168.46.168:80:100,192.168.14.245:80:100,192.168.6.52:80:100,192.168.58.105:80:100,192.168.46.109:80:100,192.168.18.177:80:100,192.168.13.72:80:100,192.168.58.131:80:100,192.168.7.115:80:100,192.168.2.90:80:100,192.168.19.131:80:100,192.168.26.18:80:100,192.168.41.218:80:100,192.168.30.157:80:100,192.168.6.135:80:100,192.168.7.188:80:100,192.168.1.78:80:100,192.168.5.41:80:100,192.168.13.192:80:100,192.168.1.203:80:100,192.168.45.44:80:100,192.168.51.214:80:100,192.168.19.196:80:100,192.168.13.36:80:100,192.168.58.138:80:100,192.168.29.97:80:100,192.168.21.80:80:100,192.168.51.159:80:100,192.168.51.98:80:100,192.168.15.125:80:100,192.168.57.31:80:100,192.168.37.179:80:100,192.168.25.229:80:100,192.168.5.200:80:100,192.168.23.33:80:100,192.168.37.131:80:100,192.168.7.34:80:100,192.168.38.89:80:100,192.168.21.242:80:100,192.168.26.16:80:100,192.168.50.145:80:100,192.168.59.252:80:100,192.168.53.38:80:100,192.168.7.106:80:100,192.168.49.91:80:100", + "vip":"111.13.235.106" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.207:80:100,192.168.46.148:80:100", + "vip":"111.13.235.164" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.8:80:100,192.168.55.104:80:100,192.168.18.179:80:100,192.168.45.136:80:100,192.168.7.95:80:100,192.168.46.170:80:100,192.168.33.26:80:100,192.168.26.172:80:100,192.168.54.168:80:100", + "vip":"192.168.101.66" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.61:80:100,192.168.37.233:80:100,192.168.46.90:80:100,192.168.11.116:80:100,192.168.25.236:80:100,192.168.33.66:80:100,192.168.55.80:80:100,192.168.43.59:80:100,192.168.51.55:80:100,192.168.54.253:80:100,192.168.47.251:80:100,192.168.6.54:80:100,192.168.23.155:80:100,192.168.6.16:80:100,192.168.25.130:80:100,192.168.9.38:80:100,192.168.41.46:80:100,192.168.18.127:80:100,192.168.46.163:80:100,192.168.51.219:80:100,192.168.6.121:80:100,192.168.41.72:80:100,192.168.45.35:80:100,192.168.3.250:80:100,192.168.10.30:80:100,192.168.15.54:80:100,192.168.53.77:80:100,192.168.15.239:80:100,192.168.9.21:80:100,192.168.57.237:80:100,192.168.13.118:80:100,192.168.23.36:80:100,192.168.7.21:80:100,192.168.47.132:80:100,192.168.14.204:80:100,192.168.9.15:80:100,192.168.39.246:80:100,192.168.49.207:80:100", + "vip":"192.168.101.193" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.92:80:100,192.168.29.173:80:100,192.168.38.88:80:100,192.168.11.87:80:100,192.168.5.25:80:100,192.168.57.76:80:100,192.168.6.205:80:100,192.168.54.108:80:100,192.168.59.118:80:100,192.168.27.82:80:100,192.168.42.163:80:100", + "vip":"192.168.101.176" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.101:80:100", + "vip":"192.168.101.2" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.1:80:100,192.168.30.114:80:100,192.168.26.231:80:100,192.168.47.46:80:100,192.168.59.110:80:100,192.168.54.130:80:100,192.168.29.229:80:100,192.168.41.42:80:100,192.168.38.74:80:100,192.168.11.232:80:100,192.168.43.156:80:100,192.168.42.149:80:100,192.168.37.104:80:100,192.168.50.16:80:100,192.168.30.148:80:100,192.168.18.140:80:100,192.168.10.115:80:100,192.168.6.254:80:100,192.168.19.105:80:100,192.168.15.162:80:100,192.168.42.52:80:100,192.168.33.150:80:100,192.168.30.3:80:100,192.168.3.140:80:100,192.168.10.111:80:100,192.168.49.120:80:100,192.168.25.23:80:100,192.168.58.252:80:100,192.168.39.58:80:100,192.168.13.145:80:100,192.168.54.188:80:100,192.168.30.59:80:100,192.168.25.2:80:100,192.168.17.61:80:100,192.168.9.80:80:100,192.168.21.231:80:100,192.168.23.189:80:100,192.168.30.41:80:100,192.168.2.161:80:100,192.168.59.176:80:100,192.168.2.173:80:100,192.168.30.90:80:100,192.168.2.208:80:100,192.168.59.113:80:100,192.168.30.240:80:100,192.168.57.128:80:100,192.168.41.159:80:100,192.168.39.113:80:100,192.168.14.53:80:100,192.168.2.242:80:100,192.168.26.117:80:100,192.168.13.242:80:100,192.168.1.241:80:100,192.168.33.74:80:100,192.168.29.26:80:100,192.168.26.13:80:100,192.168.23.252:80:100,192.168.45.218:80:100,192.168.5.242:80:100,192.168.31.210:80:100,192.168.13.210:80:100,192.168.45.48:80:100,192.168.1.176:80:100,192.168.29.73:80:100,192.168.49.45:80:100,192.168.59.235:80:100,192.168.35.208:80:100,192.168.22.117:80:100,192.168.58.115:80:100,192.168.41.144:80:100,192.168.55.36:80:100,192.168.13.187:80:100,192.168.30.24:80:100,192.168.58.73:80:100,192.168.33.20:80:100,192.168.14.1:80:100,192.168.43.202:80:100,192.168.42.188:80:100,192.168.55.110:80:100,192.168.27.78:80:100,192.168.46.220:80:100,192.168.34.81:80:100,192.168.47.52:80:100,192.168.59.131:80:100,192.168.10.162:80:100,192.168.19.20:80:100,192.168.3.222:80:100,192.168.17.27:80:100,192.168.6.152:80:100,192.168.18.143:80:100", + "vip":"192.168.102.225" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.148:80:100,192.168.46.5:80:100,192.168.27.245:80:100,192.168.29.45:80:100,192.168.17.218:80:100,192.168.31.62:80:100", + "vip":"192.168.101.64" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.152:80:100,192.168.19.20:80:100,192.168.25.134:80:100", + "vip":"192.168.101.205" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.152:80:100,192.168.23.136:80:100,192.168.41.168:80:100,192.168.9.227:80:100", + "vip":"192.168.102.51" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.36:80:100,192.168.46.101:80:100,192.168.29.89:80:100,192.168.3.191:80:100,192.168.26.137:80:100", + "vip":"192.168.102.193" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.214:80:100,192.168.7.131:80:100,192.168.33.216:80:100,192.168.34.228:80:100,192.168.25.47:80:100,192.168.49.119:80:100,192.168.43.140:80:100,192.168.2.124:80:100,192.168.27.68:80:100,192.168.18.58:80:100,192.168.14.101:80:100,192.168.43.190:80:100,192.168.30.20:80:100,192.168.17.56:80:100,192.168.49.253:80:100,192.168.23.53:80:100,192.168.45.66:80:100,192.168.6.110:80:100,192.168.58.196:80:100,192.168.34.241:80:100,192.168.15.74:80:100,192.168.55.246:80:100,192.168.38.206:80:100,192.168.50.176:80:100,192.168.21.119:80:100,192.168.26.220:80:100,192.168.45.20:80:100,192.168.57.63:80:100,192.168.23.154:80:100,192.168.55.14:80:100,192.168.47.206:80:100,192.168.27.91:80:100,192.168.45.157:80:100,192.168.23.222:80:100,192.168.55.128:80:100,192.168.41.164:80:100,192.168.45.149:80:100,192.168.51.50:80:100,192.168.14.135:80:100,192.168.18.129:80:100,192.168.14.195:80:100,192.168.19.14:80:100,192.168.59.79:80:100,192.168.31.224:80:100,192.168.23.118:80:100,192.168.13.57:80:100,192.168.2.102:80:100,192.168.11.241:80:100,192.168.7.5:80:100,192.168.7.176:80:100,192.168.10.42:80:100,192.168.19.212:80:100,192.168.19.166:80:100,192.168.57.92:80:100,192.168.22.110:80:100,192.168.10.172:80:100,192.168.41.132:80:100,192.168.22.224:80:100,192.168.35.19:80:100,192.168.41.1:80:100,192.168.25.208:80:100,192.168.14.32:80:100,192.168.23.167:80:100,192.168.5.195:80:100,192.168.17.205:80:100,192.168.50.38:80:100,192.168.45.222:80:100,192.168.15.43:80:100,192.168.2.92:80:100,192.168.23.250:80:100,192.168.9.212:80:100,192.168.17.221:80:100,192.168.6.12:80:100,192.168.57.76:80:100,192.168.57.179:80:100,192.168.55.248:80:100,192.168.42.200:80:100,192.168.42.99:80:100,192.168.1.39:80:100,192.168.13.44:80:100,192.168.49.236:80:100,192.168.46.195:80:100,192.168.42.109:80:100,192.168.11.147:80:100,192.168.9.164:80:100,192.168.21.114:80:100,192.168.41.155:80:100,192.168.34.67:80:100,192.168.34.104:80:100,192.168.27.235:80:100,192.168.1.33:80:100,192.168.50.164:80:100,192.168.34.111:80:100,192.168.31.195:80:100,192.168.15.73:80:100,192.168.39.202:80:100,192.168.35.10:80:100,192.168.1.97:80:100,192.168.59.153:80:100,192.168.2.136:80:100,192.168.3.141:80:100,192.168.46.155:80:100,192.168.47.133:80:100,192.168.9.91:80:100,192.168.34.7:80:100,192.168.46.231:80:100,192.168.10.43:80:100,192.168.9.135:80:100,192.168.13.252:80:100,192.168.49.5:80:100,192.168.21.247:80:100,192.168.7.236:80:100,192.168.46.233:80:100,192.168.31.23:80:100,192.168.59.131:80:100,192.168.19.16:80:100,192.168.15.111:80:100,192.168.18.122:80:100,192.168.31.39:80:100,192.168.29.127:80:100,192.168.19.203:80:100,192.168.14.134:80:100,192.168.19.91:80:100", + "vip":"192.168.101.213" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.68:80:100,192.168.37.33:80:100,192.168.45.227:80:100,192.168.19.107:80:100,192.168.50.183:80:100,192.168.38.59:80:100,192.168.7.50:80:100,192.168.10.205:80:100", + "vip":"192.168.102.4" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.56:80:100,192.168.29.156:80:100,192.168.7.109:80:100,192.168.33.23:80:100,192.168.2.210:80:100,192.168.7.147:80:100,192.168.9.191:80:100,192.168.1.235:80:100,192.168.18.182:80:100,192.168.29.51:80:100,192.168.29.66:80:100", + "vip":"111.13.235.134" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.199:80:100,192.168.54.191:80:100", + "vip":"192.168.101.40" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.114:80:100,192.168.26.58:80:100,192.168.19.99:80:100,192.168.37.54:80:100,192.168.47.202:80:100,192.168.38.78:80:100,192.168.14.166:80:100,192.168.47.63:80:100,192.168.7.184:80:100", + "vip":"192.168.102.58" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.100:80:100,192.168.25.82:80:100,192.168.1.214:80:100,192.168.31.233:80:100,192.168.47.244:80:100,192.168.27.87:80:100,192.168.55.232:80:100,192.168.25.70:80:100,192.168.42.15:80:100,192.168.59.223:80:100,192.168.50.211:80:100,192.168.2.44:80:100,192.168.51.75:80:100,192.168.43.225:80:100,192.168.41.20:80:100,192.168.37.140:80:100,192.168.25.223:80:100,192.168.51.26:80:100", + "vip":"192.168.101.57" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.84:80:100,192.168.39.65:80:100,192.168.59.213:80:100,192.168.49.19:80:100,192.168.35.106:80:100,192.168.22.129:80:100,192.168.19.55:80:100,192.168.6.102:80:100,192.168.21.139:80:100,192.168.34.47:80:100,192.168.31.110:80:100,192.168.21.222:80:100,192.168.57.15:80:100,192.168.47.41:80:100,192.168.25.233:80:100,192.168.58.29:80:100,192.168.1.185:80:100,192.168.46.142:80:100,192.168.19.240:80:100,192.168.43.53:80:100,192.168.30.239:80:100,192.168.58.226:80:100,192.168.11.18:80:100,192.168.2.174:80:100,192.168.5.148:80:100,192.168.11.143:80:100,192.168.41.53:80:100,192.168.38.134:80:100,192.168.39.44:80:100,192.168.27.141:80:100,192.168.38.182:80:100,192.168.27.134:80:100,192.168.22.92:80:100,192.168.53.236:80:100,192.168.54.177:80:100,192.168.17.169:80:100,192.168.19.235:80:100,192.168.19.88:80:100,192.168.59.127:80:100,192.168.58.252:80:100,192.168.3.1:80:100,192.168.57.105:80:100,192.168.42.156:80:100,192.168.51.33:80:100,192.168.23.200:80:100,192.168.37.206:80:100,192.168.53.92:80:100,192.168.14.58:80:100,192.168.59.56:80:100,192.168.21.116:80:100,192.168.46.238:80:100,192.168.43.227:80:100,192.168.11.253:80:100,192.168.55.213:80:100,192.168.21.67:80:100,192.168.27.50:80:100,192.168.54.75:80:100,192.168.51.240:80:100,192.168.14.118:80:100,192.168.46.170:80:100,192.168.6.51:80:100,192.168.39.204:80:100,192.168.22.106:80:100,192.168.45.19:80:100,192.168.30.157:80:100,192.168.58.91:80:100,192.168.38.114:80:100,192.168.23.10:80:100,192.168.2.75:80:100,192.168.35.229:80:100,192.168.35.190:80:100,192.168.17.233:80:100,192.168.13.249:80:100,192.168.10.60:80:100,192.168.47.155:80:100,192.168.3.155:80:100,192.168.42.36:80:100,192.168.25.102:80:100,192.168.51.144:80:100,192.168.13.158:80:100,192.168.22.17:80:100,192.168.42.211:80:100,192.168.9.251:80:100,192.168.33.236:80:100,192.168.33.250:80:100,192.168.11.201:80:100,192.168.7.240:80:100,192.168.19.211:80:100,192.168.10.41:80:100,192.168.23.108:80:100,192.168.9.222:80:100,192.168.18.122:80:100,192.168.39.6:80:100,192.168.1.188:80:100,192.168.19.183:80:100,192.168.58.150:80:100,192.168.45.117:80:100,192.168.7.211:80:100,192.168.14.164:80:100", + "vip":"192.168.101.112" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.129:80:100,192.168.6.187:80:100,192.168.3.16:80:100,192.168.39.179:80:100,192.168.54.149:80:100", + "vip":"111.13.235.143" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.3:80:100", + "vip":"192.168.102.227" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.62:80:100,192.168.35.27:80:100,192.168.26.91:80:100,192.168.47.238:80:100", + "vip":"192.168.101.13" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.145:80:100,192.168.19.135:80:100,192.168.11.64:80:100,192.168.11.22:80:100,192.168.50.132:80:100,192.168.23.114:80:100,192.168.30.242:80:100,192.168.55.128:80:100,192.168.59.208:80:100,192.168.49.186:80:100,192.168.41.233:80:100,192.168.25.155:80:100,192.168.17.139:80:100,192.168.10.38:80:100,192.168.53.170:80:100,192.168.54.165:80:100,192.168.42.188:80:100", + "vip":"192.168.102.56" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.22:80:100,192.168.9.220:80:100,192.168.53.47:80:100,192.168.55.158:80:100", + "vip":"111.13.235.65" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.50:80:100,192.168.15.55:80:100,192.168.26.167:80:100,192.168.9.14:80:100,192.168.18.216:80:100,192.168.18.224:80:100,192.168.49.241:80:100,192.168.2.165:80:100,192.168.47.133:80:100,192.168.38.81:80:100,192.168.10.49:80:100,192.168.43.6:80:100,192.168.22.207:80:100,192.168.26.2:80:100,192.168.17.76:80:100,192.168.54.114:80:100,192.168.50.195:80:100,192.168.25.133:80:100,192.168.51.113:80:100,192.168.31.69:80:100,192.168.59.3:80:100,192.168.46.88:80:100,192.168.35.226:80:100,192.168.6.98:80:100,192.168.21.58:80:100,192.168.15.164:80:100,192.168.53.38:80:100,192.168.17.95:80:100,192.168.14.42:80:100,192.168.47.112:80:100,192.168.57.115:80:100,192.168.15.220:80:100,192.168.35.3:80:100,192.168.15.80:80:100,192.168.39.200:80:100,192.168.18.169:80:100,192.168.49.1:80:100", + "vip":"192.168.102.87" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.138:80:100,192.168.50.245:80:100,192.168.39.11:80:100,192.168.10.95:80:100,192.168.39.225:80:100,192.168.14.79:80:100,192.168.43.21:80:100,192.168.53.100:80:100,192.168.9.234:80:100,192.168.54.89:80:100,192.168.49.172:80:100,192.168.2.44:80:100,192.168.26.168:80:100", + "vip":"111.13.235.219" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.55:80:100", + "vip":"111.13.235.198" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.3:80:100,192.168.23.238:80:100,192.168.57.253:80:100", + "vip":"192.168.102.48" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.249:80:100,192.168.54.154:80:100,192.168.21.17:80:100,192.168.35.10:80:100,192.168.53.138:80:100", + "vip":"192.168.101.168" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.129:80:100,192.168.57.22:80:100,192.168.14.196:80:100,192.168.10.128:80:100,192.168.55.75:80:100,192.168.2.35:80:100,192.168.41.70:80:100,192.168.55.160:80:100,192.168.42.25:80:100,192.168.21.203:80:100,192.168.51.95:80:100,192.168.21.1:80:100,192.168.22.131:80:100,192.168.41.203:80:100,192.168.30.118:80:100,192.168.31.203:80:100,192.168.46.225:80:100", + "vip":"192.168.102.136" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.208:80:100,192.168.58.20:80:100,192.168.3.98:80:100,192.168.25.242:80:100", + "vip":"111.13.235.166" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.82:80:100,192.168.18.234:80:100,192.168.19.148:80:100,192.168.55.145:80:100,192.168.15.42:80:100,192.168.22.37:80:100,192.168.59.47:80:100,192.168.5.159:80:100,192.168.25.209:80:100,192.168.37.215:80:100,192.168.6.81:80:100,192.168.19.26:80:100,192.168.34.126:80:100,192.168.43.198:80:100,192.168.29.40:80:100,192.168.9.149:80:100,192.168.46.225:80:100,192.168.31.146:80:100,192.168.38.252:80:100,192.168.51.103:80:100,192.168.47.28:80:100,192.168.21.12:80:100,192.168.25.249:80:100,192.168.22.234:80:100,192.168.54.204:80:100,192.168.9.2:80:100,192.168.33.239:80:100,192.168.10.134:80:100,192.168.41.94:80:100,192.168.11.99:80:100,192.168.33.196:80:100,192.168.10.55:80:100,192.168.38.121:80:100,192.168.38.238:80:100,192.168.21.79:80:100,192.168.11.181:80:100,192.168.49.48:80:100,192.168.10.78:80:100,192.168.45.28:80:100,192.168.59.156:80:100,192.168.38.221:80:100,192.168.18.251:80:100,192.168.17.94:80:100,192.168.37.183:80:100,192.168.37.181:80:100,192.168.54.100:80:100,192.168.58.44:80:100,192.168.45.20:80:100,192.168.29.136:80:100,192.168.18.252:80:100,192.168.30.182:80:100,192.168.7.11:80:100,192.168.54.36:80:100,192.168.59.219:80:100,192.168.42.197:80:100,192.168.5.178:80:100,192.168.47.196:80:100,192.168.22.44:80:100,192.168.14.167:80:100,192.168.19.80:80:100,192.168.37.123:80:100,192.168.14.150:80:100,192.168.5.68:80:100,192.168.18.210:80:100,192.168.55.227:80:100,192.168.35.105:80:100,192.168.18.129:80:100,192.168.25.65:80:100,192.168.45.133:80:100,192.168.34.31:80:100,192.168.45.90:80:100,192.168.17.107:80:100,192.168.14.169:80:100,192.168.47.90:80:100,192.168.11.191:80:100,192.168.46.184:80:100,192.168.49.64:80:100,192.168.13.142:80:100,192.168.25.157:80:100,192.168.30.71:80:100,192.168.53.169:80:100,192.168.54.231:80:100,192.168.53.162:80:100,192.168.10.212:80:100,192.168.27.151:80:100,192.168.57.112:80:100,192.168.33.91:80:100,192.168.2.85:80:100,192.168.14.74:80:100,192.168.39.192:80:100,192.168.2.35:80:100,192.168.7.123:80:100,192.168.17.229:80:100,192.168.10.203:80:100,192.168.59.243:80:100,192.168.54.41:80:100,192.168.47.227:80:100,192.168.14.12:80:100,192.168.22.75:80:100,192.168.43.80:80:100,192.168.15.1:80:100,192.168.58.69:80:100,192.168.55.206:80:100,192.168.23.250:80:100,192.168.45.67:80:100,192.168.41.67:80:100,192.168.53.187:80:100,192.168.59.60:80:100,192.168.35.229:80:100,192.168.5.165:80:100,192.168.33.76:80:100,192.168.50.167:80:100,192.168.10.173:80:100,192.168.18.228:80:100,192.168.41.40:80:100,192.168.46.103:80:100,192.168.1.100:80:100,192.168.6.137:80:100,192.168.29.171:80:100,192.168.38.50:80:100,192.168.26.211:80:100,192.168.7.153:80:100,192.168.27.15:80:100,192.168.42.221:80:100,192.168.17.152:80:100,192.168.50.133:80:100,192.168.23.249:80:100,192.168.58.208:80:100,192.168.9.80:80:100,192.168.25.179:80:100,192.168.58.246:80:100,192.168.6.114:80:100,192.168.17.52:80:100,192.168.29.85:80:100,192.168.35.225:80:100,192.168.49.116:80:100,192.168.30.78:80:100,192.168.6.32:80:100,192.168.53.129:80:100,192.168.5.22:80:100,192.168.35.108:80:100,192.168.21.29:80:100,192.168.26.183:80:100,192.168.22.243:80:100,192.168.7.225:80:100,192.168.9.108:80:100,192.168.37.131:80:100,192.168.51.70:80:100,192.168.9.202:80:100,192.168.59.217:80:100,192.168.14.202:80:100,192.168.38.175:80:100,192.168.41.59:80:100,192.168.1.140:80:100,192.168.54.182:80:100,192.168.18.14:80:100,192.168.3.153:80:100,192.168.6.238:80:100,192.168.55.131:80:100,192.168.39.101:80:100,192.168.34.23:80:100,192.168.31.138:80:100", + "vip":"192.168.101.204" + } + ] +} diff --git a/tools/keepalived/configure b/tools/keepalived/configure index dcb9f06fa..d0ff7d95e 100755 --- a/tools/keepalived/configure +++ b/tools/keepalived/configure @@ -1,6 +1,8 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69. +# Generated by GNU Autoconf 2.69 for Keepalived 2.0.19. +# +# Report bugs to . # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -264,10 +266,11 @@ fi $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" $as_echo "$0: be upgraded to zsh 4.3.4 or later." else - $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, -$0: including any error possibly output before this -$0: message. Then install a modern shell, or manually run -$0: the script under such a shell if you do have one." + $as_echo "$0: Please tell bug-autoconf@gnu.org and +$0: keepalived-users@groups.io about your system, including +$0: any error possibly output before this message. Then +$0: install a modern shell, or manually run the script +$0: under such a shell if you do have one." fi exit 1 fi @@ -575,12 +578,12 @@ MFLAGS= MAKEFLAGS= # Identity of this package. -PACKAGE_NAME= -PACKAGE_TARNAME= -PACKAGE_VERSION= -PACKAGE_STRING= -PACKAGE_BUGREPORT= -PACKAGE_URL= +PACKAGE_NAME='Keepalived' +PACKAGE_TARNAME='keepalived' +PACKAGE_VERSION='2.0.19' +PACKAGE_STRING='Keepalived 2.0.19' +PACKAGE_BUGREPORT='keepalived-users@groups.io' +PACKAGE_URL='http://www.keepalived.org/' ac_unique_file="keepalived/core/main.c" # Factoring default headers for most tests. @@ -619,28 +622,138 @@ ac_includes_default="\ # include #endif" -ac_subst_vars='LTLIBOBJS -LIBOBJS -VRRP_SUPPORT -USE_NL -IPVS_SUPPORT -VERSION_DATE -VERSION -DFLAGS -SO_MARK_SUPPORT -SHA1_SUPPORT -SNMP_SUPPORT +ac_subst_vars='am__EXEEXT_FALSE +am__EXEEXT_TRUE +LTLIBOBJS +INIT_SUSE_FALSE +INIT_SUSE_TRUE +INIT_OPENRC_FALSE +INIT_OPENRC_TRUE +INIT_SYSV_FALSE +INIT_SYSV_TRUE +INIT_SYSTEMD_FALSE +INIT_SYSTEMD_TRUE +INIT_UPSTART_FALSE +INIT_UPSTART_TRUE +systemdsystemunitdir +DEFAULT_CONFIG_FILE +RPM_BIP_FALSE +RPM_BIP_TRUE +RPM_FALSE +RPM_TRUE +HAVE_RPMBUILD +HAVE_RPM +PROFILE_FALSE +PROFILE_TRUE +ASSERTS_FALSE +ASSERTS_TRUE +DEBUG_FALSE +DEBUG_TRUE +BUILD_DOCS_FALSE +BUILD_DOCS_TRUE +HAVE_SPHINX_BUILD +SPHINXBUILDNAME +PID_DIR +WITH_NAMESPACES_FALSE +WITH_NAMESPACES_TRUE +WITH_SHA1_FALSE +WITH_SHA1_TRUE +DBUS_CREATE_INSTANCE_FALSE +DBUS_CREATE_INSTANCE_TRUE +WITH_DBUS_FALSE +WITH_DBUS_TRUE +SNMP_SERVICE +SNMP_REPLY_V3_FOR_V2_FALSE +SNMP_REPLY_V3_FOR_V2_TRUE +SNMP_RFCV3_FALSE +SNMP_RFCV3_TRUE +SNMP_RFCV2_FALSE +SNMP_RFCV2_TRUE +SNMP_RFC_FALSE +SNMP_RFC_TRUE +SNMP_CHECKER_FALSE +SNMP_CHECKER_TRUE +SNMP_VRRP_FALSE +SNMP_VRRP_TRUE +SNMP_KEEPALIVED_FALSE +SNMP_KEEPALIVED_TRUE +SNMP_FALSE +SNMP_TRUE NETSNMP_CONFIG -VRRP_VMAC -IPVS_SYNCD -KERN +FIB_ROUTING_FALSE +FIB_ROUTING_TRUE +SOCK_NONBLOCK_FALSE +SOCK_NONBLOCK_TRUE +CN_PROC_FALSE +CN_PROC_TRUE +WITH_BFD_FALSE +WITH_BFD_TRUE +WITH_JSON_FALSE +WITH_JSON_TRUE +VMAC_FALSE +VMAC_TRUE +VRRP_AUTH_FALSE +VRRP_AUTH_TRUE +WITH_VRRP_FALSE +WITH_VRRP_TRUE +WITH_REGEX_FALSE +WITH_REGEX_TRUE +WITH_IPVS_FALSE +WITH_IPVS_TRUE +FIREWALL_FALSE +FIREWALL_TRUE +NFTABLES_FALSE +NFTABLES_TRUE +REQUIRE_IPTABLES_LIBS_FALSE +REQUIRE_IPTABLES_LIBS_TRUE +LIBIPSET_DYNAMIC_FALSE +LIBIPSET_DYNAMIC_TRUE +LIBIPTC_DYNAMIC_FALSE +LIBIPTC_DYNAMIC_TRUE +IPTABLES_CMD_FALSE +IPTABLES_CMD_TRUE +IPTABLES_FALSE +IPTABLES_TRUE +LIBIPSET_FALSE +LIBIPSET_TRUE +LIBIPTC_FALSE +LIBIPTC_TRUE +LIBNL_DYNAMIC_FALSE +LIBNL_DYNAMIC_TRUE +LIBNL3_FALSE +LIBNL3_TRUE +LIBNL1_FALSE +LIBNL1_TRUE +BUILD_GENHASH_FALSE +BUILD_GENHASH_TRUE +GENHASH_LIBS +LIBOBJS EGREP -GREP CPP -STRIP -INSTALL_DATA -INSTALL_SCRIPT -INSTALL_PROGRAM +KA_LIBS +KA_LDFLAGS +KA_CFLAGS +KA_CPPFLAGS +WITH_STRICT_CONFIG_CHECKS_FALSE +WITH_STRICT_CONFIG_CHECKS_TRUE +ARFLAGS +ac_ct_AR +AR +LDD +SED +LN_S +GREP +RANLIB +am__fastdepCC_FALSE +am__fastdepCC_TRUE +CCDEPMODE +am__nodep +AMDEPBACKSLASH +AMDEP_FALSE +AMDEP_TRUE +am__quote +am__include +DEPDIR OBJEXT EXEEXT ac_ct_CC @@ -648,6 +761,37 @@ CPPFLAGS LDFLAGS CFLAGS CC +PKG_CONFIG_LIBDIR +PKG_CONFIG_PATH +PKG_CONFIG +MAINTAINERCLEANFILES +AM_BACKSLASH +AM_DEFAULT_VERBOSITY +AM_DEFAULT_V +AM_V +am__untar +am__tar +AMTAR +am__leading_dot +SET_MAKE +AWK +mkdir_p +MKDIR_P +INSTALL_STRIP_PROGRAM +STRIP +install_sh +MAKEINFO +AUTOHEADER +AUTOMAKE +AUTOCONF +ACLOCAL +VERSION +PACKAGE +CYGPATH_W +am__isrc +INSTALL_DATA +INSTALL_SCRIPT +INSTALL_PROGRAM target_alias host_alias build_alias @@ -689,20 +833,87 @@ SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking +enable_silent_rules enable_lvs_syncd enable_lvs +enable_lvs_64bit_stats enable_vrrp +enable_bfd with_kernel_dir -with_kernel_version enable_fwmark enable_snmp +enable_snmp_vrrp +enable_snmp_keepalived +enable_snmp_checker +enable_snmp_rfc +enable_snmp_rfcv2 +enable_snmp_rfcv3 +enable_snmp_reply_v3_for_v2 +enable_dbus +enable_dbus_create_instance enable_sha1 +enable_regex +enable_regex_timers +enable_json +with_init +enable_vrrp_auth +enable_checksum_compat +enable_routes +enable_linkbeat +enable_gnu_std_paths +enable_dynamic_linking +enable_iptables +enable_libiptc_dynamic +enable_libipset_dynamic +enable_libnl_dynamic +enable_libiptc +enable_libipset +enable_nftables +enable_libnl +enable_track_process +with_run_dir +enable_strict_config_checks +enable_hardening +enable_optimise +enable_warnings +enable_extra_warnings +enable_mem_check +enable_mem_check_log +enable_timer_check enable_debug +enable_netlink_timers +enable_smtp_alert_debug +enable_stacktrace +enable_perf +enable_log_file +enable_dump_threads +enable_epoll_debug +enable_epoll_thread_dump +enable_regex_debug +enable_tsm_debug +enable_vrrp_fd_debug +enable_eintr_debug +enable_track_process_debug +enable_parser_debug +enable_checksum_debug +enable_dump_keywords +enable_network_timestamp +enable_asserts +with_fixed_if_type +with_default_config_file enable_profile +enable_conversion_checks +enable_force_conversion_checks +enable_Werror +with_systemdsystemunitdir +enable_dependency_tracking ' ac_precious_vars='build_alias host_alias target_alias +PKG_CONFIG +PKG_CONFIG_PATH +PKG_CONFIG_LIBDIR CC CFLAGS LDFLAGS @@ -749,7 +960,7 @@ sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' includedir='${prefix}/include' oldincludedir='/usr/include' -docdir='${datarootdir}/doc/${PACKAGE}' +docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' infodir='${datarootdir}/info' htmldir='${docdir}' dvidir='${docdir}' @@ -1249,7 +1460,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures this package to adapt to many kinds of systems. +\`configure' configures Keepalived 2.0.19 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1297,7 +1508,7 @@ Fine tuning of the installation directories: --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] - --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE] + --docdir=DIR documentation root [DATAROOTDIR/doc/keepalived] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] @@ -1305,33 +1516,143 @@ Fine tuning of the installation directories: _ACEOF cat <<\_ACEOF + +Program names: + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM run sed PROGRAM on installed program names _ACEOF fi if test -n "$ac_init_help"; then - + case $ac_init_help in + short | recursive ) echo "Configuration of Keepalived 2.0.19:";; + esac cat <<\_ACEOF Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --enable-silent-rules less verbose build output (undo: "make V=1") + --disable-silent-rules verbose build output (undo: "make V=0") --disable-lvs-syncd do not use LVS synchronization daemon --disable-lvs do not use the LVS framework + --disable-lvs-64bit-stats + do not use the LVS 64-bit stats --disable-vrrp do not use the VRRP framework + --enable-bfd use the BFD framework --disable-fwmark compile without SO_MARK support --enable-snmp compile with SNMP support + --enable-snmp-vrrp compile with SNMP vrrp support + --enable-snmp-keepalived + obsolete - use --enable-snmp-vrrp + --enable-snmp-checker compile with SNMP checker support + --enable-snmp-rfc compile with SNMP RFC2787 (VRRPv2) and SNMP RFC6527 + (VRRPv3) support + --enable-snmp-rfcv2 compile with SNMP RFC2787 (VRRPv2) support + --enable-snmp-rfcv3 compile with SNMP RFC6527 (VRRPv3) support + --disable-snmp-reply-v3-for-v2 + disable RFC6527 responses for VRRPv2 instances + --enable-dbus compile with dbus support + --enable-dbus-create-instance + compile with dbus support for creating instances --enable-sha1 compile with SHA1 support + --enable-regex build with HTTP_GET regex checking + --enable-regex-timers build with HTTP_GET regex timers + --enable-json compile with signal to dump configuration and stats + as json + --disable-vrrp-auth compile without VRRP authentication + --disable-checksum-compat + compile without v1.3.6 and earlier VRRPv3 unicast + checksum compatibility + --disable-routes compile without ip rules/routes + --disable-linkbeat build without linkbeat support + --enable-gnu-std-paths use GNU standard paths for pid files etc + --enable-dynamic-linking + compile with/without dynamically linked + libiptc/libipset/libnl + --disable-iptables compile without iptables support + --enable-libiptc-dynamic + compile with libiptc dynamically linked + --disable-libipset-dynamic + compile with libipset statically linked + --enable-libnl-dynamic compile with libnl dynamically linked + --disable-libiptc compile without libiptc + --disable-libipset compile without libipset + --disable-nftables build without nftables support + --disable-libnl compile without libnl + --disable-track-process build without track-process functionality + --enable-strict-config-checks + build with strict configuration checking + --disable-hardening do not build with security hardening + --enable-optimise compiler optimisation level + --enable-warnings[=WARNINGS] + additional compiler warnings, disable for reduced + set + --enable-extra-warnings extra compiler warnings that will probably produce + many warnings + --enable-mem-check compile with memory alloc checking + --enable-mem-check-log compile with memory alloc checking writing to syslog + --enable-timer-check compile with set time logging --enable-debug compile with debugging flags + --enable-netlink-timers compile with netlink command timers + --enable-smtp-alert-debug + compile with smtp-alert debugging + --enable-stacktrace compile with stacktrace support + --enable-perf compile with perf performance data recording support + for vrrp process + --enable-log-file enable logging to file (-g) + --enable-dump-threads compile with thread dumping support + --enable-epoll-debug compile with epoll_wait() debugging support + --enable-epoll-thread-dump + compile with epoll thread dumping support + --enable-regex-debug compile with regex debugging support + --enable-tsm-debug compile with TSM debugging support + --enable-vrrp-fd-debug compile with vrrp fd debugging support + --enable-eintr-debug compile with EINTR debugging support, set to + check/nocheck to check/not check for EINTR + --enable-track-process-debug + compile with track process debugging support, set to + log all process connector events + --enable-parser-debug compile with parser debugging support + --enable-checksum-debug compile with checksum debugging support + --enable-dump-keywords compile with keyword dumping support + --enable-network-timestamp + compile with network timestamp debugging support + --enable-asserts compile with assert() enabled --enable-profile compile with profiling flags + --enable-conversion-checks + compile with conversion warnings if sensible + --enable-force-conversion-checks + compile with conversion warnings + --enable-Werror compile with warnings being errors + --enable-dependency-tracking + do not reject slow dependency extractors + --disable-dependency-tracking + speeds up one-time build Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-kernel-dir=DIR path to linux kernel source directory - --with-kernel-version=VER forced value for linux kernel version (VER=2.4|2.6) + --with-init=(upstart|systemd|SYSV|SUSE|openrc) + specify init type + --with-run-dir=PATH_TO_RUN + specify directory where /run is located + --with-fixed-if-type=TYPE + treat interface type TYPE as unchangeable + --with-default-config-file=FILE + Default configuration file + --with-systemdsystemunitdir=DIR + Directory for systemd service files] Some influential environment variables: + PKG_CONFIG path to pkg-config utility + PKG_CONFIG_PATH + directories to add to pkg-config's search path + PKG_CONFIG_LIBDIR + path overriding pkg-config's built-in search path CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a @@ -1344,7 +1665,8 @@ Some influential environment variables: Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. -Report bugs to the package provider. +Report bugs to . +Keepalived home page: . _ACEOF ac_status=$? fi @@ -1407,7 +1729,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -configure +Keepalived configure 2.0.19 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1459,20 +1781,21 @@ fi } # ac_fn_c_try_compile -# ac_fn_c_try_cpp LINENO -# ---------------------- -# Try to preprocess conftest.$ac_ext, and return whether this succeeded. -ac_fn_c_try_cpp () +# ac_fn_c_try_link LINENO +# ----------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_link () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { { ac_try="$ac_cpp conftest.$ac_ext" + rm -f conftest.$ac_objext conftest$ac_exeext + if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + (eval "$ac_link") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 @@ -1480,21 +1803,29 @@ $as_echo "$ac_try_echo"; } >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } > conftest.i && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + test -x conftest$ac_exeext }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_retval=1 + ac_retval=1 fi + # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information + # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would + # interfere with the next link command; also delete a directory that is + # left behind by Apple's compiler. We do this before executing the actions. + rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval -} # ac_fn_c_try_cpp +} # ac_fn_c_try_link # ac_fn_c_try_run LINENO # ---------------------- @@ -1538,6 +1869,43 @@ fi } # ac_fn_c_try_run +# ac_fn_c_try_cpp LINENO +# ---------------------- +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_cpp + # ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists, giving a warning if it cannot be compiled using @@ -1608,6 +1976,10 @@ $as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} $as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} +( $as_echo "## ----------------------------------------- ## +## Report this to keepalived-users@groups.io ## +## ----------------------------------------- ##" + ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 @@ -1656,42 +2028,50 @@ $as_echo "$ac_res" >&6; } } # ac_fn_c_check_header_compile -# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES -# --------------------------------------------- -# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR -# accordingly. -ac_fn_c_check_decl () +# ac_fn_c_check_type LINENO TYPE VAR INCLUDES +# ------------------------------------------- +# Tests whether TYPE exists after having included INCLUDES, setting cache +# variable VAR accordingly. +ac_fn_c_check_type () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - as_decl_name=`echo $2|sed 's/ *(.*//'` - as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 -$as_echo_n "checking whether $as_decl_name is declared... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else + eval "$3=no" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { -#ifndef $as_decl_name -#ifdef __cplusplus - (void) $as_decl_use; -#else - (void) $as_decl_name; -#endif -#endif - +if (sizeof ($2)) + return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - eval "$3=yes" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +if (sizeof (($2))) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + else - eval "$3=no" + eval "$3=yes" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi @@ -1700,75 +2080,36 @@ eval ac_res=\$$3 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno -} # ac_fn_c_check_decl - -# ac_fn_c_try_link LINENO -# ----------------------- -# Try to link conftest.$ac_ext, and return whether this succeeded. -ac_fn_c_try_link () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - rm -f conftest.$ac_objext conftest$ac_exeext - if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - grep -v '^ *+' conftest.err >conftest.er1 - cat conftest.er1 >&5 - mv -f conftest.er1 conftest.err - fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - test -x conftest$ac_exeext - }; then : - ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=1 -fi - # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information - # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would - # interfere with the next link command; also delete a directory that is - # left behind by Apple's compiler. We do this before executing the actions. - rm -rf conftest.dSYM conftest_ipa8_conftest.oo - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_link +} # ac_fn_c_check_type -# ac_fn_c_check_type LINENO TYPE VAR INCLUDES -# ------------------------------------------- -# Tests whether TYPE exists after having included INCLUDES, setting cache -# variable VAR accordingly. -ac_fn_c_check_type () +# ac_fn_c_find_intX_t LINENO BITS VAR +# ----------------------------------- +# Finds a signed integer type with width BITS, setting cache variable VAR +# accordingly. +ac_fn_c_find_intX_t () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for int$2_t" >&5 +$as_echo_n "checking for int$2_t... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=no" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + # Order is important - never check a type that is potentially smaller + # than half of the expected target width. + for ac_type in int$2_t 'int' 'long int' \ + 'long long int' 'short int' 'signed char'; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -$4 +$ac_includes_default + enum { N = $2 / 2 - 1 }; int main () { -if (sizeof ($2)) - return 0; +static int test_array [1 - 2 * !(0 < ($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 1))]; +test_array [0] = 0; +return test_array [0]; + ; return 0; } @@ -1776,12 +2117,16 @@ _ACEOF if ac_fn_c_try_compile "$LINENO"; then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -$4 +$ac_includes_default + enum { N = $2 / 2 - 1 }; int main () { -if (sizeof (($2))) - return 0; +static int test_array [1 - 2 * !(($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 1) + < ($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 2))]; +test_array [0] = 0; +return test_array [0]; + ; return 0; } @@ -1789,18 +2134,83 @@ _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else - eval "$3=yes" + case $ac_type in #( + int$2_t) : + eval "$3=yes" ;; #( + *) : + eval "$3=\$ac_type" ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if eval test \"x\$"$3"\" = x"no"; then : + +else + break +fi + done fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno -} # ac_fn_c_check_type +} # ac_fn_c_find_intX_t + +# ac_fn_c_find_uintX_t LINENO BITS VAR +# ------------------------------------ +# Finds an unsigned integer type with width BITS, setting cache variable VAR +# accordingly. +ac_fn_c_find_uintX_t () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uint$2_t" >&5 +$as_echo_n "checking for uint$2_t... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=no" + # Order is important - never check a type that is potentially smaller + # than half of the expected target width. + for ac_type in uint$2_t 'unsigned int' 'unsigned long int' \ + 'unsigned long long int' 'unsigned short int' 'unsigned char'; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +static int test_array [1 - 2 * !((($ac_type) -1 >> ($2 / 2 - 1)) >> ($2 / 2 - 1) == 3)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + case $ac_type in #( + uint$2_t) : + eval "$3=yes" ;; #( + *) : + eval "$3=\$ac_type" ;; +esac +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if eval test \"x\$"$3"\" = x"no"; then : + +else + break +fi + done +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_find_uintX_t # ac_fn_c_check_func LINENO FUNC VAR # ---------------------------------- @@ -1868,23 +2278,126 @@ $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_func -cat >config.log <<_ACEOF -This file contains any messages produced by compilers while -running configure, to aid debugging if configure makes a mistake. -It was created by $as_me, which was -generated by GNU Autoconf 2.69. Invocation command line was - - $ $0 $@ - -_ACEOF -exec 5>>config.log +# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES +# --------------------------------------------- +# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR +# accordingly. +ac_fn_c_check_decl () { -cat <<_ASUNAME -## --------- ## -## Platform. ## -## --------- ## - + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + as_decl_name=`echo $2|sed 's/ *(.*//'` + as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 +$as_echo_n "checking whether $as_decl_name is declared... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +#ifndef $as_decl_name +#ifdef __cplusplus + (void) $as_decl_use; +#else + (void) $as_decl_name; +#endif +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_decl + +# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES +# ---------------------------------------------------- +# Tries to find if the field MEMBER exists in type AGGR, after including +# INCLUDES, setting cache variable VAR accordingly. +ac_fn_c_check_member () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 +$as_echo_n "checking for $2.$3... " >&6; } +if eval \${$4+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$5 +int +main () +{ +static $2 ac_aggr; +if (ac_aggr.$3) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$4=yes" +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$5 +int +main () +{ +static $2 ac_aggr; +if (sizeof ac_aggr.$3) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$4=yes" +else + eval "$4=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$4 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_member +cat >config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by Keepalived $as_me 2.0.19, which was +generated by GNU Autoconf 2.69. Invocation command line was + + $ $0 $@ + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` @@ -2220,25 +2733,251 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu -VERSION=`cat VERSION` -VERSION_DATE=`date +%m/%d,20%y` -OUTPUT_TARGET="Makefile genhash/Makefile keepalived/core/Makefile lib/config.h keepalived.spec" +am__api_version='1.13' -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. -set dummy ${ac_tool_prefix}gcc; ac_word=$2 +ac_aux_dir= +for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f "$ac_dir/install.sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f "$ac_dir/shtool"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 +fi + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. +ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. +ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +# Reject install programs that cannot install multiple files. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 +$as_echo_n "checking for a BSD-compatible install... " >&6; } +if test -z "$INSTALL"; then +if ${ac_cv_path_install+:} false; then : + $as_echo_n "(cached) " >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in #(( + ./ | .// | /[cC]/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then + if test $ac_prog = install && + grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + rm -rf conftest.one conftest.two conftest.dir + echo one > conftest.one + echo two > conftest.two + mkdir conftest.dir + if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && + test -s conftest.one && test -s conftest.two && + test -s conftest.dir/conftest.one && + test -s conftest.dir/conftest.two + then + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + fi + done + done + ;; +esac + + done +IFS=$as_save_IFS + +rm -rf conftest.one conftest.two conftest.dir + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. Don't cache a + # value for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + INSTALL=$ac_install_sh + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 +$as_echo "$INSTALL" >&6; } + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 +$as_echo_n "checking whether build environment is sane... " >&6; } +# Reject unsafe characters in $srcdir or the absolute working directory +# name. Accept space and tab only in the latter. +am_lf=' +' +case `pwd` in + *[\\\"\#\$\&\'\`$am_lf]*) + as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;; +esac +case $srcdir in + *[\\\"\#\$\&\'\`$am_lf\ \ ]*) + as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;; +esac + +# Do 'set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + am_has_slept=no + for am_try in 1 2; do + echo "timestamp, slept: $am_has_slept" > conftest.file + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$*" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + if test "$*" != "X $srcdir/configure conftest.file" \ + && test "$*" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + as_fn_error $? "ls -t appears to fail. Make sure there is not a broken + alias in your environment" "$LINENO" 5 + fi + if test "$2" = conftest.file || test $am_try -eq 2; then + break + fi + # Just in case. + sleep 1 + am_has_slept=yes + done + test "$2" = conftest.file + ) +then + # Ok. + : +else + as_fn_error $? "newly created file is older than distributed files! +Check your system clock" "$LINENO" 5 +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +# If we didn't sleep, we still need to ensure time stamps of config.status and +# generated files are strictly newer. +am_sleep_pid= +if grep 'slept: no' conftest.file >/dev/null 2>&1; then + ( sleep 1 ) & + am_sleep_pid=$! +fi + +rm -f conftest.file + +test "$program_prefix" != NONE && + program_transform_name="s&^&$program_prefix&;$program_transform_name" +# Use a double $ so make ignores it. +test "$program_suffix" != NONE && + program_transform_name="s&\$&$program_suffix&;$program_transform_name" +# Double any \ or $. +# By default was `s,x,x', remove it if useless. +ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' +program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` + +# expand $ac_aux_dir to an absolute path +am_aux_dir=`cd $ac_aux_dir && pwd` + +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi +# Use eval to expand $SHELL +if eval "$MISSING --is-lightweight"; then + am_missing_run="$MISSING " +else + am_missing_run= + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 +$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} +fi + +if test x"${install_sh}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; + *) + install_sh="\${SHELL} $am_aux_dir/install-sh" + esac +fi + +# Installed binaries are usually stripped using 'strip' when the user +# run "make install-strip". However 'strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the 'STRIP' environment variable to overrule this program. +if test "$cross_compiling" != no; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : +if ${ac_cv_prog_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH @@ -2247,7 +2986,7 @@ do test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="${ac_tool_prefix}gcc" + ac_cv_prog_STRIP="${ac_tool_prefix}strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi @@ -2257,10 +2996,10 @@ IFS=$as_save_IFS fi fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -2268,17 +3007,17 @@ fi fi -if test -z "$ac_cv_prog_CC"; then - ac_ct_CC=$CC - # Extract the first word of "gcc", so it can be a program name with args. -set dummy gcc; ac_word=$2 +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : +if ${ac_cv_prog_ac_ct_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH @@ -2287,7 +3026,7 @@ do test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_CC="gcc" + ac_cv_prog_ac_ct_STRIP="strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi @@ -2297,17 +3036,17 @@ IFS=$as_save_IFS fi fi -ac_ct_CC=$ac_cv_prog_ac_ct_CC -if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi - if test "x$ac_ct_CC" = x; then - CC="" + if test "x$ac_ct_STRIP" = x; then + STRIP=":" else case $cross_compiling:$ac_tool_warned in yes:) @@ -2315,65 +3054,69 @@ yes:) $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac - CC=$ac_ct_CC + STRIP=$ac_ct_STRIP fi else - CC="$ac_cv_prog_CC" + STRIP="$ac_cv_prog_STRIP" fi -if test -z "$CC"; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. -set dummy ${ac_tool_prefix}cc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : +fi +INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 +$as_echo_n "checking for a thread-safe mkdir -p... " >&6; } +if test -z "$MKDIR_P"; then + if ${ac_cv_path_mkdir+:} false; then : $as_echo_n "(cached) " >&6 else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="${ac_tool_prefix}cc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done + for ac_prog in mkdir gmkdir; do + for ac_exec_ext in '' $ac_executable_extensions; do + as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue + case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( + 'mkdir (GNU coreutils) '* | \ + 'mkdir (coreutils) '* | \ + 'mkdir (fileutils) '4.1*) + ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext + break 3;; + esac + done + done done IFS=$as_save_IFS fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - + test -d ./--version && rmdir ./--version + if test "${ac_cv_path_mkdir+set}" = set; then + MKDIR_P="$ac_cv_path_mkdir -p" + else + # As a last resort, use the slow shell script. Don't cache a + # value for MKDIR_P within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + MKDIR_P="$ac_install_sh -d" fi fi -if test -z "$CC"; then - # Extract the first word of "cc", so it can be a program name with args. -set dummy cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 +$as_echo "$MKDIR_P" >&6; } + +for ac_prog in gawk mawk nawk awk +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : +if ${ac_cv_prog_AWK+:} false; then : $as_echo_n "(cached) " >&6 else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. + if test -n "$AWK"; then + ac_cv_prog_AWK="$AWK" # Let the user override the test. else - ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -2381,11 +3124,7 @@ do test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then - ac_prog_rejected=yes - continue - fi - ac_cv_prog_CC="cc" + ac_cv_prog_AWK="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi @@ -2393,53 +3132,260 @@ done done IFS=$as_save_IFS -if test $ac_prog_rejected = yes; then - # We found a bogon in the path, so make sure we never use it. - set dummy $ac_cv_prog_CC - shift - if test $# != 0; then - # We chose a different compiler from the bogus one. - # However, it has the same basename, so the bogon will be chosen - # first if we set CC to just the basename; use the full file name. - shift - ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" - fi fi fi +AWK=$ac_cv_prog_AWK +if test -n "$AWK"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 +$as_echo "$AWK" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } + + + test -n "$AWK" && break +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } +set x ${MAKE-make} +ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` +if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat >conftest.make <<\_ACEOF +SHELL = /bin/sh +all: + @echo '@@@%%%=$(MAKE)=@@@%%%' +_ACEOF +# GNU make sometimes prints "make[1]: Entering ...", which would confuse us. +case `${MAKE-make} -f conftest.make 2>/dev/null` in + *@@@%%%=?*=@@@%%%*) + eval ac_cv_prog_make_${ac_make}_set=yes;; + *) + eval ac_cv_prog_make_${ac_make}_set=no;; +esac +rm -f conftest.make +fi +if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + SET_MAKE= else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } + SET_MAKE="MAKE=${MAKE-make}" fi +rm -rf .tst 2>/dev/null +mkdir .tst 2>/dev/null +if test -d .tst; then + am__leading_dot=. +else + am__leading_dot=_ +fi +rmdir .tst 2>/dev/null +# Check whether --enable-silent-rules was given. +if test "${enable_silent_rules+set}" = set; then : + enableval=$enable_silent_rules; fi -if test -z "$CC"; then - if test -n "$ac_tool_prefix"; then - for ac_prog in cl.exe - do - # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. -set dummy $ac_tool_prefix$ac_prog; ac_word=$2 + +case $enable_silent_rules in # ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; + *) AM_DEFAULT_VERBOSITY=1;; +esac +am_make=${MAKE-make} +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 +$as_echo_n "checking whether $am_make supports nested variables... " >&6; } +if ${am_cv_make_support_nested_variables+:} false; then : + $as_echo_n "(cached) " >&6 +else + if $as_echo 'TRUE=$(BAR$(V)) +BAR0=false +BAR1=true +V=1 +am__doit: + @$(TRUE) +.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then + am_cv_make_support_nested_variables=yes +else + am_cv_make_support_nested_variables=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 +$as_echo "$am_cv_make_support_nested_variables" >&6; } +if test $am_cv_make_support_nested_variables = yes; then + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +AM_BACKSLASH='\' + +if test "`cd $srcdir && pwd`" != "`pwd`"; then + # Use -I$(srcdir) only when $(srcdir) != ., so that make's output + # is not polluted with repeated "-I." + am__isrc=' -I$(srcdir)' + # test to see if srcdir already configured + if test -f $srcdir/config.status; then + as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 + fi +fi + +# test whether we have cygpath +if test -z "$CYGPATH_W"; then + if (cygpath --version) >/dev/null 2>/dev/null; then + CYGPATH_W='cygpath -w' + else + CYGPATH_W=echo + fi +fi + + +# Define the identity of the package. + PACKAGE='keepalived' + VERSION='2.0.19' + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE "$PACKAGE" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define VERSION "$VERSION" +_ACEOF + +# Some tools Automake needs. + +ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"} + + +AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} + + +AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"} + + +AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} + + +MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} + +# For better backward compatibility. To be removed once Automake 1.9.x +# dies out for good. For more background, see: +# +# +mkdir_p='$(MKDIR_P)' + +# We need awk for the "check" target. The system "awk" is bad on +# some platforms. +# Always define AMTAR for backward compatibility. Yes, it's still used +# in the wild :-( We should find a proper way to deprecate it ... +AMTAR='$${TAR-tar}' + + +# We'll loop over all known methods to create a tar archive until one works. +_am_tools='gnutar pax cpio none' + +am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -' + + + + + + + + + +ac_config_headers="$ac_config_headers lib/config.h lib/config_warnings.h" + + + + + +ac_config_files="$ac_config_files Makefile keepalived/Makefile lib/Makefile keepalived/core/Makefile keepalived.spec genhash/Makefile keepalived/check/Makefile keepalived/vrrp/Makefile keepalived/bfd/Makefile doc/Makefile bin_install/Makefile keepalived/dbus/Makefile keepalived/etc/Makefile keepalived/etc/init/Makefile keepalived/etc/init.d/Makefile doc/man/man8/Makefile" + + + +MAINTAINERCLEANFILES="*~ *.orig *.rej core core.*" + +CONFIG_OPTIONS= +SYSTEM_OPTIONS= + +# Check whether --enable-silent-rules was given. +if test "${enable_silent_rules+set}" = set; then : + enableval=$enable_silent_rules; +fi + +case $enable_silent_rules in # ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; + *) AM_DEFAULT_VERBOSITY=0;; +esac +am_make=${MAKE-make} +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 +$as_echo_n "checking whether $am_make supports nested variables... " >&6; } +if ${am_cv_make_support_nested_variables+:} false; then : + $as_echo_n "(cached) " >&6 +else + if $as_echo 'TRUE=$(BAR$(V)) +BAR0=false +BAR1=true +V=1 +am__doit: + @$(TRUE) +.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then + am_cv_make_support_nested_variables=yes +else + am_cv_make_support_nested_variables=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 +$as_echo "$am_cv_make_support_nested_variables" >&6; } +if test $am_cv_make_support_nested_variables = yes; then + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +AM_BACKSLASH='\' + + + + + + + + + +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : +if ${ac_cv_path_PKG_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi @@ -2447,43 +3393,42 @@ done done IFS=$as_save_IFS + ;; +esac fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } +PKG_CONFIG=$ac_cv_path_PKG_CONFIG +if test -n "$PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 +$as_echo "$PKG_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi - test -n "$CC" && break - done fi -if test -z "$CC"; then - ac_ct_CC=$CC - for ac_prog in cl.exe -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 +if test -z "$ac_cv_path_PKG_CONFIG"; then + ac_pt_PKG_CONFIG=$PKG_CONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : +if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + case $ac_pt_PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_CC="$ac_prog" + ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi @@ -2491,23 +3436,20 @@ done done IFS=$as_save_IFS + ;; +esac fi -fi -ac_ct_CC=$ac_cv_prog_ac_ct_CC -if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } +ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG +if test -n "$ac_pt_PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 +$as_echo "$ac_pt_PKG_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi - - test -n "$ac_ct_CC" && break -done - - if test "x$ac_ct_CC" = x; then - CC="" + if test "x$ac_pt_PKG_CONFIG" = x; then + PKG_CONFIG="" else case $cross_compiling:$ac_tool_warned in yes:) @@ -2515,1261 +3457,8148 @@ yes:) $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac - CC=$ac_ct_CC + PKG_CONFIG=$ac_pt_PKG_CONFIG fi +else + PKG_CONFIG="$ac_cv_path_PKG_CONFIG" fi fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=0.9.0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 +$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + PKG_CONFIG="" + fi +fi +# Check whether --enable-lvs-syncd was given. +if test "${enable_lvs_syncd+set}" = set; then : + enableval=$enable_lvs_syncd; +fi -test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "no acceptable C compiler found in \$PATH -See \`config.log' for more details" "$LINENO" 5; } - -# Provide some information about the compiler. -$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 -set X $ac_compile -ac_compiler=$2 -for ac_option in --version -v -V -qversion; do - { { ac_try="$ac_compiler $ac_option >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_compiler $ac_option >&5") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - sed '10a\ -... rest of stderr output deleted ... - 10q' conftest.err >conftest.er1 - cat conftest.er1 >&5 +# Check whether --enable-lvs was given. +if test "${enable_lvs+set}" = set; then : + enableval=$enable_lvs; +fi + +# Check whether --enable-lvs-64bit-stats was given. +if test "${enable_lvs_64bit_stats+set}" = set; then : + enableval=$enable_lvs_64bit_stats; +fi + +# Check whether --enable-vrrp was given. +if test "${enable_vrrp+set}" = set; then : + enableval=$enable_vrrp; +fi + +# Check whether --enable-bfd was given. +if test "${enable_bfd+set}" = set; then : + enableval=$enable_bfd; +fi + + +# Check whether --with-kernel-dir was given. +if test "${with_kernel_dir+set}" = set; then : + withval=$with_kernel_dir; kernel_src_path="$withval" + else kernel_src_path="" +fi + +# Check whether --enable-fwmark was given. +if test "${enable_fwmark+set}" = set; then : + enableval=$enable_fwmark; +fi + +# Check whether --enable-snmp was given. +if test "${enable_snmp+set}" = set; then : + enableval=$enable_snmp; +fi + +# Check whether --enable-snmp-vrrp was given. +if test "${enable_snmp_vrrp+set}" = set; then : + enableval=$enable_snmp_vrrp; +fi + +# Check whether --enable-snmp-keepalived was given. +if test "${enable_snmp_keepalived+set}" = set; then : + enableval=$enable_snmp_keepalived; +fi + +# Check whether --enable-snmp-checker was given. +if test "${enable_snmp_checker+set}" = set; then : + enableval=$enable_snmp_checker; +fi + +# Check whether --enable-snmp-rfc was given. +if test "${enable_snmp_rfc+set}" = set; then : + enableval=$enable_snmp_rfc; +fi + +# Check whether --enable-snmp-rfcv2 was given. +if test "${enable_snmp_rfcv2+set}" = set; then : + enableval=$enable_snmp_rfcv2; +fi + +# Check whether --enable-snmp-rfcv3 was given. +if test "${enable_snmp_rfcv3+set}" = set; then : + enableval=$enable_snmp_rfcv3; +fi + +# Check whether --enable-snmp-reply-v3-for-v2 was given. +if test "${enable_snmp_reply_v3_for_v2+set}" = set; then : + enableval=$enable_snmp_reply_v3_for_v2; +fi + +# Check whether --enable-dbus was given. +if test "${enable_dbus+set}" = set; then : + enableval=$enable_dbus; +fi + +# Check whether --enable-dbus-create-instance was given. +if test "${enable_dbus_create_instance+set}" = set; then : + enableval=$enable_dbus_create_instance; +fi + +# Check whether --enable-sha1 was given. +if test "${enable_sha1+set}" = set; then : + enableval=$enable_sha1; +fi + +# Check whether --enable-regex was given. +if test "${enable_regex+set}" = set; then : + enableval=$enable_regex; +fi + +# Check whether --enable-regex-timers was given. +if test "${enable_regex_timers+set}" = set; then : + enableval=$enable_regex_timers; +fi + +# Check whether --enable-json was given. +if test "${enable_json+set}" = set; then : + enableval=$enable_json; +fi + + +# Check whether --with-init was given. +if test "${with_init+set}" = set; then : + withval=$with_init; init_type="$withval" +else + init_type="" +fi + +# Check whether --enable-vrrp-auth was given. +if test "${enable_vrrp_auth+set}" = set; then : + enableval=$enable_vrrp_auth; +fi + +# Check whether --enable-checksum_compat was given. +if test "${enable_checksum_compat+set}" = set; then : + enableval=$enable_checksum_compat; +fi + +# Check whether --enable-routes was given. +if test "${enable_routes+set}" = set; then : + enableval=$enable_routes; +fi + +# Check whether --enable-linkbeat was given. +if test "${enable_linkbeat+set}" = set; then : + enableval=$enable_linkbeat; +fi + +# Check whether --enable-gnu-std-paths was given. +if test "${enable_gnu_std_paths+set}" = set; then : + enableval=$enable_gnu_std_paths; +fi + +# Check whether --enable-dynamic-linking was given. +if test "${enable_dynamic_linking+set}" = set; then : + enableval=$enable_dynamic_linking; +fi + +# Check whether --enable-iptables was given. +if test "${enable_iptables+set}" = set; then : + enableval=$enable_iptables; +else + IPTABLES_SILENT=Yes +fi + +# Check whether --enable-libiptc-dynamic was given. +if test "${enable_libiptc_dynamic+set}" = set; then : + enableval=$enable_libiptc_dynamic; +fi + +# Check whether --enable-libipset-dynamic was given. +if test "${enable_libipset_dynamic+set}" = set; then : + enableval=$enable_libipset_dynamic; +fi + +# Check whether --enable-libnl-dynamic was given. +if test "${enable_libnl_dynamic+set}" = set; then : + enableval=$enable_libnl_dynamic; +fi + +# Check whether --enable-libiptc was given. +if test "${enable_libiptc+set}" = set; then : + enableval=$enable_libiptc; +fi + +# Check whether --enable-libipset was given. +if test "${enable_libipset+set}" = set; then : + enableval=$enable_libipset; +fi + +# Check whether --enable-nftables was given. +if test "${enable_nftables+set}" = set; then : + enableval=$enable_nftables; +else + NFTABLES_SILENT=Yes +fi + +# Check whether --enable-libnl was given. +if test "${enable_libnl+set}" = set; then : + enableval=$enable_libnl; +fi + +# Check whether --enable-track-process was given. +if test "${enable_track_process+set}" = set; then : + enableval=$enable_track_process; +fi + + +# Check whether --with-run-dir was given. +if test "${with_run_dir+set}" = set; then : + withval=$with_run_dir; RUN_DIR_SPECIFIED=Y +else + RUN_DIR_SPECIFIED=N +fi + +# Check whether --enable-strict-config-checks was given. +if test "${enable_strict_config_checks+set}" = set; then : + enableval=$enable_strict_config_checks; +fi + +# Check whether --enable-hardening was given. +if test "${enable_hardening+set}" = set; then : + enableval=$enable_hardening; +fi + +# Check whether --enable-optimise was given. +if test "${enable_optimise+set}" = set; then : + enableval=$enable_optimise; +else + enable_optimise=not-specified +fi + +# Check whether --enable-warnings was given. +if test "${enable_warnings+set}" = set; then : + enableval=$enable_warnings; +else + enable_warnings=yes +fi + +# Check whether --enable-extra-warnings was given. +if test "${enable_extra_warnings+set}" = set; then : + enableval=$enable_extra_warnings; +fi + +# Check whether --enable-mem-check was given. +if test "${enable_mem_check+set}" = set; then : + enableval=$enable_mem_check; +fi + +# Check whether --enable-mem-check-log was given. +if test "${enable_mem_check_log+set}" = set; then : + enableval=$enable_mem_check_log; +fi + +# Check whether --enable-timer-check was given. +if test "${enable_timer_check+set}" = set; then : + enableval=$enable_timer_check; +fi + +# Check whether --enable-debug was given. +if test "${enable_debug+set}" = set; then : + enableval=$enable_debug; +fi + +# Check whether --enable-netlink-timers was given. +if test "${enable_netlink_timers+set}" = set; then : + enableval=$enable_netlink_timers; +fi + +# Check whether --enable-smtp-alert-debug was given. +if test "${enable_smtp_alert_debug+set}" = set; then : + enableval=$enable_smtp_alert_debug; +fi + +# Check whether --enable-stacktrace was given. +if test "${enable_stacktrace+set}" = set; then : + enableval=$enable_stacktrace; +fi + +# Check whether --enable-perf was given. +if test "${enable_perf+set}" = set; then : + enableval=$enable_perf; +fi + +# Check whether --enable-log-file was given. +if test "${enable_log_file+set}" = set; then : + enableval=$enable_log_file; +fi + +# Check whether --enable-dump-threads was given. +if test "${enable_dump_threads+set}" = set; then : + enableval=$enable_dump_threads; +fi + +# Check whether --enable-epoll-debug was given. +if test "${enable_epoll_debug+set}" = set; then : + enableval=$enable_epoll_debug; +fi + +# Check whether --enable-epoll-thread-dump was given. +if test "${enable_epoll_thread_dump+set}" = set; then : + enableval=$enable_epoll_thread_dump; +fi + +# Check whether --enable-regex-debug was given. +if test "${enable_regex_debug+set}" = set; then : + enableval=$enable_regex_debug; +fi + +# Check whether --enable-tsm-debug was given. +if test "${enable_tsm_debug+set}" = set; then : + enableval=$enable_tsm_debug; +fi + +# Check whether --enable-vrrp-fd-debug was given. +if test "${enable_vrrp_fd_debug+set}" = set; then : + enableval=$enable_vrrp_fd_debug; +fi + +# Check whether --enable-eintr-debug was given. +if test "${enable_eintr_debug+set}" = set; then : + enableval=$enable_eintr_debug; +fi + +# Check whether --enable-track-process-debug was given. +if test "${enable_track_process_debug+set}" = set; then : + enableval=$enable_track_process_debug; +fi + +# Check whether --enable-parser-debug was given. +if test "${enable_parser_debug+set}" = set; then : + enableval=$enable_parser_debug; +fi + +# Check whether --enable-checksum-debug was given. +if test "${enable_checksum_debug+set}" = set; then : + enableval=$enable_checksum_debug; +fi + +# Check whether --enable-dump-keywords was given. +if test "${enable_dump_keywords+set}" = set; then : + enableval=$enable_dump_keywords; +fi + +# Check whether --enable-network-timestamp was given. +if test "${enable_network_timestamp+set}" = set; then : + enableval=$enable_network_timestamp; +fi + +# Check whether --enable-asserts was given. +if test "${enable_asserts+set}" = set; then : + enableval=$enable_asserts; +fi + + +# Check whether --with-fixed-if-type was given. +if test "${with_fixed_if_type+set}" = set; then : + withval=$with_fixed_if_type; +fi + + +# Check whether --with-default-config-file was given. +if test "${with_default_config_file+set}" = set; then : + withval=$with_default_config_file; default_config_file="$withval" +else + default_config_file="" +fi + +# Check whether --enable-profile was given. +if test "${enable_profile+set}" = set; then : + enableval=$enable_profile; +fi + +# Check whether --enable-conversion-checks was given. +if test "${enable_conversion_checks+set}" = set; then : + enableval=$enable_conversion_checks; +fi + +# Check whether --enable-force-conversion-checks was given. +if test "${enable_force_conversion_checks+set}" = set; then : + enableval=$enable_force_conversion_checks; +fi + +# Check whether --enable-Werror was given. +if test "${enable_Werror+set}" = set; then : + enableval=$enable_Werror; +fi + + + +# Check whether --with-systemdsystemunitdir was given. +if test "${with_systemdsystemunitdir+set}" = set; then : + withval=$with_systemdsystemunitdir; +fi + + +# Set the kernel headers path +if test -n "$kernel_src_path"; then + if test ! -d $kernel_src_path/include; then + as_fn_error $? "kernel source path $kernel_src_path/include does not exist" "$LINENO" 5 + fi + if test ! -d $kernel_src_path/include/linux; then + as_fn_error $? "kernel source path $kernel_src_path/include does not appear to include linux header files" "$LINENO" 5 + fi + if test -d $kernel_src_path/include/uapi/linux; then + as_fn_error $? "kernel source path $kernel_src_path appears to be an unprocessed kernel source tree" "$LINENO" 5 + fi + kernelinc="-isystem $kernel_src_path/include" +elif test ! -d /usr/include/linux -a \ + -d /usr/src/linux/include; then + kernelinc="-isystem /usr/src/linux/include" +else + kernelinc= +fi + +CPPFLAGS="$kernelinc $CPPFLAGS" + +# Checks for programs. +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 fi - rm -f conftest.er1 conftest.err - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5; } + +# Provide some information about the compiler. +$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion; do + { { ac_try="$ac_compiler $ac_option >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 +$as_echo_n "checking whether the C compiler works... " >&6; } +ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` + +# The possible output files: +ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" + +ac_rmfiles= +for ac_file in $ac_files +do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + * ) ac_rmfiles="$ac_rmfiles $ac_file";; + esac +done +rm -f $ac_rmfiles + +if { { ac_try="$ac_link_default" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link_default") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. +# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' +# in a Makefile. We should not override ac_cv_exeext if it was cached, +# so that the user can short-circuit this test for compilers unknown to +# Autoconf. +for ac_file in $ac_files '' +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; + then :; else + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + fi + # We set ac_cv_exeext here because the later test for it is not + # safe: cross compilers may not add the suffix if given an `-o' + # argument, so we may need to know it at that point already. + # Even if this section looks crufty: it has the advantage of + # actually working. + break;; + * ) + break;; + esac +done +test "$ac_cv_exeext" = no && ac_cv_exeext= + +else + ac_file='' +fi +if test -z "$ac_file"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +$as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "C compiler cannot create executables +See \`config.log' for more details" "$LINENO" 5; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 +$as_echo_n "checking for C compiler default output file name... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 +$as_echo "$ac_file" >&6; } +ac_exeext=$ac_cv_exeext + +rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 +$as_echo_n "checking for suffix of executables... " >&6; } +if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + break;; + * ) break;; + esac +done +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest conftest$ac_cv_exeext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 +$as_echo "$ac_cv_exeext" >&6; } + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +FILE *f = fopen ("conftest.out", "w"); + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +ac_clean_files="$ac_clean_files conftest.out" +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 +$as_echo_n "checking whether we are cross compiling... " >&6; } +if test "$cross_compiling" != yes; then + { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if { ac_try='./conftest$ac_cv_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details" "$LINENO" 5; } + fi + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 +$as_echo "$cross_compiling" >&6; } + +rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 +$as_echo_n "checking for suffix of object files... " >&6; } +if ${ac_cv_objext+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + for ac_file in conftest.o conftest.obj conftest.*; do + test -f "$ac_file" || continue; + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of object files: cannot compile +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 +$as_echo "$ac_cv_objext" >&6; } +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if ${ac_cv_c_compiler_gnu+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_compiler_gnu=yes +else + ac_compiler_gnu=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if ${ac_cv_prog_cc_g+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +else + CFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if ${ac_cv_prog_cc_c89+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +struct stat; +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_c89=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +esac +if test "x$ac_cv_prog_cc_c89" != xno; then : + +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +DEPDIR="${am__leading_dot}deps" + +ac_config_commands="$ac_config_commands depfiles" + + +am_make=${MAKE-make} +cat > confinc << 'END' +am__doit: + @echo this is the am__doit target +.PHONY: am__doit +END +# If we don't find an include directive, just comment out the code. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5 +$as_echo_n "checking for style of include used by $am_make... " >&6; } +am__include="#" +am__quote= +_am_result=none +# First try GNU make style include. +echo "include confinc" > confmf +# Ignore all kinds of additional output from 'make'. +case `$am_make -s -f confmf 2> /dev/null` in #( +*the\ am__doit\ target*) + am__include=include + am__quote= + _am_result=GNU + ;; +esac +# Now try BSD make style include. +if test "$am__include" = "#"; then + echo '.include "confinc"' > confmf + case `$am_make -s -f confmf 2> /dev/null` in #( + *the\ am__doit\ target*) + am__include=.include + am__quote="\"" + _am_result=BSD + ;; + esac +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5 +$as_echo "$_am_result" >&6; } +rm -f confinc confmf + +# Check whether --enable-dependency-tracking was given. +if test "${enable_dependency_tracking+set}" = set; then : + enableval=$enable_dependency_tracking; +fi + +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' + am__nodep='_no' +fi + if test "x$enable_dependency_tracking" != xno; then + AMDEP_TRUE= + AMDEP_FALSE='#' +else + AMDEP_TRUE='#' + AMDEP_FALSE= +fi + + + +depcc="$CC" am_compiler_list= + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 +$as_echo_n "checking dependency style of $depcc... " >&6; } +if ${am_cv_CC_dependencies_compiler_type+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named 'D' -- because '-MD' means "put the output + # in D". + rm -rf conftest.dir + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_CC_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` + fi + am__universal=false + case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with + # Solaris 10 /bin/sh. + echo '/* dummy */' > sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with '-c' and '-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle '-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs. + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # After this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested. + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvc7 | msvc7msys | msvisualcpp | msvcmsys) + # This compiler won't grok '-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_CC_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_CC_dependencies_compiler_type=none +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 +$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } +CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type + + if + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then + am__fastdepCC_TRUE= + am__fastdepCC_FALSE='#' +else + am__fastdepCC_TRUE='#' + am__fastdepCC_FALSE= +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } +set x ${MAKE-make} +ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` +if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat >conftest.make <<\_ACEOF +SHELL = /bin/sh +all: + @echo '@@@%%%=$(MAKE)=@@@%%%' +_ACEOF +# GNU make sometimes prints "make[1]: Entering ...", which would confuse us. +case `${MAKE-make} -f conftest.make 2>/dev/null` in + *@@@%%%=?*=@@@%%%*) + eval ac_cv_prog_make_${ac_make}_set=yes;; + *) + eval ac_cv_prog_make_${ac_make}_set=no;; +esac +rm -f conftest.make +fi +if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + SET_MAKE= +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + SET_MAKE="MAKE=${MAKE-make}" +fi + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. +set dummy ${ac_tool_prefix}ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +RANLIB=$ac_cv_prog_RANLIB +if test -n "$RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 +$as_echo "$RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_RANLIB"; then + ac_ct_RANLIB=$RANLIB + # Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_RANLIB"; then + ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_RANLIB="ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB +if test -n "$ac_ct_RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 +$as_echo "$ac_ct_RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_RANLIB" = x; then + RANLIB=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + RANLIB=$ac_ct_RANLIB + fi +else + RANLIB="$ac_cv_prog_RANLIB" +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +$as_echo_n "checking for grep that handles long lines and -e... " >&6; } +if ${ac_cv_path_GREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in grep ggrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_GREP" || continue +# Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_GREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_GREP"; then + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_GREP=$GREP +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +$as_echo "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 +$as_echo_n "checking whether ln -s works... " >&6; } +LN_S=$as_ln_s +if test "$LN_S" = "ln -s"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 +$as_echo "no, using $LN_S" >&6; } +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 +$as_echo_n "checking for a sed that does not truncate output... " >&6; } +if ${ac_cv_path_SED+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for ac_i in 1 2 3 4 5 6 7; do + ac_script="$ac_script$as_nl$ac_script" + done + echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed + { ac_script=; unset ac_script;} + if test -z "$SED"; then + ac_path_SED_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_SED" || continue +# Check for GNU ac_path_SED and select it if it is found. + # Check for GNU $ac_path_SED +case `"$ac_path_SED" --version 2>&1` in +*GNU*) + ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo '' >> "conftest.nl" + "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_SED_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_SED="$ac_path_SED" + ac_path_SED_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_SED_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_SED"; then + as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 + fi +else + ac_cv_path_SED=$SED +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 +$as_echo "$ac_cv_path_SED" >&6; } + SED="$ac_cv_path_SED" + rm -f conftest.sed + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_STRIP="strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_STRIP" = x; then + STRIP="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ldd", so it can be a program name with args. +set dummy ${ac_tool_prefix}ldd; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_LDD+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$LDD"; then + ac_cv_prog_LDD="$LDD" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_LDD="${ac_tool_prefix}ldd" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +LDD=$ac_cv_prog_LDD +if test -n "$LDD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LDD" >&5 +$as_echo "$LDD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_LDD"; then + ac_ct_LDD=$LDD + # Extract the first word of "ldd", so it can be a program name with args. +set dummy ldd; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_LDD+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_LDD"; then + ac_cv_prog_ac_ct_LDD="$ac_ct_LDD" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_LDD="ldd" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_LDD=$ac_cv_prog_ac_ct_LDD +if test -n "$ac_ct_LDD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LDD" >&5 +$as_echo "$ac_ct_LDD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_LDD" = x; then + LDD="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + LDD=$ac_ct_LDD + fi +else + LDD="$ac_cv_prog_LDD" +fi + + + +if test -n "$ac_tool_prefix"; then + for ac_prog in ar lib "link -lib" + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AR"; then + ac_cv_prog_AR="$AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_AR="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AR=$ac_cv_prog_AR +if test -n "$AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 +$as_echo "$AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AR" && break + done +fi +if test -z "$AR"; then + ac_ct_AR=$AR + for ac_prog in ar lib "link -lib" +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_AR"; then + ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_AR="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_AR=$ac_cv_prog_ac_ct_AR +if test -n "$ac_ct_AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 +$as_echo "$ac_ct_AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_AR" && break +done + + if test "x$ac_ct_AR" = x; then + AR="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + AR=$ac_ct_AR + fi +fi + +: ${AR=ar} + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the archiver ($AR) interface" >&5 +$as_echo_n "checking the archiver ($AR) interface... " >&6; } +if ${am_cv_ar_interface+:} false; then : + $as_echo_n "(cached) " >&6 +else + am_cv_ar_interface=ar + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int some_variable = 0; +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + am_ar_try='$AR cru libconftest.a conftest.$ac_objext >&5' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5 + (eval $am_ar_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test "$ac_status" -eq 0; then + am_cv_ar_interface=ar + else + am_ar_try='$AR -NOLOGO -OUT:conftest.lib conftest.$ac_objext >&5' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5 + (eval $am_ar_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test "$ac_status" -eq 0; then + am_cv_ar_interface=lib + else + am_cv_ar_interface=unknown + fi + fi + rm -f conftest.lib libconftest.a + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_ar_interface" >&5 +$as_echo "$am_cv_ar_interface" >&6; } + +case $am_cv_ar_interface in +ar) + ;; +lib) + # Microsoft lib, so override with the ar-lib wrapper script. + # FIXME: It is wrong to rewrite AR. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__AR in this case, + # and then we could set am__AR="$am_aux_dir/ar-lib \$(AR)" or something + # similar. + AR="$am_aux_dir/ar-lib $AR" + ;; +unknown) + as_fn_error $? "could not determine $AR interface" "$LINENO" 5 + ;; +esac + +ARFLAGS=cr + + +# Default settings +ENABLE_LOG_FILE_APPEND=No + +# AC_PROG_LIBTOOL + +# +# save the configure arguments +# +args=`echo $ac_configure_args | $SED -e "s/'//g"` + +cat >>confdefs.h <<_ACEOF +#define KEEPALIVED_CONFIGURE_OPTIONS "$args" +_ACEOF + + +# Save the CPPFLAGS, CFLAGS, LDFLAGS and LDLIBS settings for make time +KA_CPPFLAGS="$kernelinc -D_GNU_SOURCE $CPPFLAGS" +KA_CFLAGS="-g $CFLAGS" +KA_LDFLAGS=$LDFLAGS +KA_LIBS=$LDLIBS + +NEED_LIBDL=No +#KA_LIBTOOLFLAGS = + +# Set up the compiler warnings we want +MAX_FRAME_SIZE=5120 +WARNINGS_BASIC="all extra unused strict-prototypes" +WARNINGS_STD="absolute-value address-of-packed-member alloca alloc-zero array-bounds=2 attribute-alias bad-function-cast cast-align cast-qual chkp date-time disabled-optimization double-promotion duplicated-branches duplicated-cond float-conversion float-equal format-overflow format-security format-signedness format-truncation frame-larger-than=$MAX_FRAME_SIZE implicit-fallthrough=3 init-self inline jump-misses-init logical-op missing-declarations missing-field-initializers missing-prototypes nested-externs normalized null-dereference old-style-definition overlength-strings pointer-arith redundant-decls shadow shift-overflow=2 stack-protector strict-overflow=4 strict-prototypes stringop-overflow=2 suggest-attribute=cold suggest-attribute=const suggest-attribute=format suggest-attribute=malloc suggest-attribute=noreturn suggest-attribute=pure sync-nand trampolines undef uninitialized unknown-pragmas unsuffixed-float-constants unused-const-variable=2 unused-macros variadic-macros write-strings" +WARNINGS_EXTRA="aggregate-return cast-align= strict conversion format-nonliteral format-overflow=2 format-truncation=2 padded pedantic sign-conversion stack-usage=$MAX_FRAME_SIZE strict-overflow=5 stringop-overflow=3 stringop-overflow=4 switch-enum system-headers traditional-conversion" + +# We want _GNU_SOURCE defined always +CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE" + +# fpclassify() needs -lm +KA_LIBS="$KA_LIBS -lm" + +# Some sanity checks on configure options +if test .$enable_vrrp = .no; then : + if test .$IPTABLES_SILENT == .Yes; then : + enable_iptables=no +fi + if test .$NFTABLES_SILENT == .Yes; then : + enable_nftables=no +fi + + if test .$enable_perf != .; then : + as_fn_error $? "enable-perf requires vrrp" "$LINENO" 5 +fi + if test $with_fixed_if_type; then : + as_fn_error $? "with-fixed-if-type requires vrrp" "$LINENO" 5 +fi + if test .$enable_vrrp_fd_debug != .; then : + as_fn_error $? "enable-vrrp-fd-debug requires vrrp" "$LINENO" 5 +fi + if test .$enable_tsm_debug != .; then : + as_fn_error $? "enable-tsm-debug requires vrrp" "$LINENO" 5 +fi + if test .$enable_json != .; then : + as_fn_error $? "enable-json requires vrrp" "$LINENO" 5 +fi + if test .$enable_snmp_vrrp != .; then : + as_fn_error $? "enable-snmp-vrrp requires vrrp" "$LINENO" 5 +fi + if test .$enable_snmp_keepalived != .; then : + as_fn_error $? "enable-snmp-keepalived requires vrrp" "$LINENO" 5 +fi + if test .$enable_snmp_rfc != .; then : + as_fn_error $? "enable-snmp-rfc requires vrrp" "$LINENO" 5 +fi + if test .$enable_snmp_rfcv2 != .; then : + as_fn_error $? "enable-snmp-rfcv2 requires vrrp" "$LINENO" 5 +fi + if test .$enable_snmp_rfcv3 != .; then : + as_fn_error $? "enable-snmp-rfcv3 requires vrrp" "$LINENO" 5 +fi + if test .$enable_dbus != .; then : + as_fn_error $? "enable-dbus requires vrrp" "$LINENO" 5 +fi + if test .$enable_vrrp_auth != .; then : + as_fn_error $? "disable-vrrp-auth requires vrrp" "$LINENO" 5 +fi + if test .$enable_checksum_compat != .; then : + as_fn_error $? "disable-checksum-compat requires vrrp" "$LINENO" 5 +fi + if test .$enable_routes != .; then : + as_fn_error $? "disable-routes requires vrrp" "$LINENO" 5 +fi + if test .$enable_linkbeat != .; then : + as_fn_error $? "disable-linkbeat requires vrrp" "$LINENO" 5 +fi + if test .$enable_bfd != .; then : + as_fn_error $? "enable-bfd requires vrrp" "$LINENO" 5 +fi + if test .$enable_iptables != .no; then : + as_fn_error $? "enable-iptables requires vrrp" "$LINENO" 5 +fi + if test .$enable_nftables != .no; then : + as_fn_error $? "enable-nftables requires vrrp" "$LINENO" 5 +fi + if test .$enable_track_process != .; then : + as_fn_error $? "enable-track-process requires vrrp" "$LINENO" 5 +fi + if test .$enable_network_timestamp != .; then : + as_fn_error $? "enable-network_timestamp requires vrrp" "$LINENO" 5 +fi + +fi +if test .$enable_iptables = .no; then : + if test .$enable_libiptc != .; then : + as_fn_error $? "disable-libiptc requires vrrp and iptables" "$LINENO" 5 +fi + if test .$enable_libipset != .; then : + as_fn_error $? "disable-libipset requires vrrp and iptables" "$LINENO" 5 +fi + +fi +if test .$enable_libiptc = .no; then : + if test .$enable_libiptc_dynamic != .; then : + as_fn_error $? "enable-libiptc-dynamic requires vrrp and libiptc" "$LINENO" 5 +fi + if test .$enable_libipset != .; then : + as_fn_error $? "disable-libipset requires libiptc" "$LINENO" 5 +fi + if test .$enable_libipset_dynamic != .; then : + as_fn_error $? "disable-libipset-dynamic requires libiptc" "$LINENO" 5 +fi + +fi +if test .$enable_libipset = .no; then : + if test .$enable_libipset_dynamic != .; then : + as_fn_error $? "disable-libipset-dynamic requires ipsets" "$LINENO" 5 +fi + +fi +if test .$enable_snmp_rfc != .yes -a .$enable_snmp_rfcv3 != yes; then : + if test .$enable_snmp_reply_v3_for_v2 != .; then : + as_fn_error $? "enable-snmp-reply-v3-for-v2 requires enable-snmp-rfcv3 or enable-snmp-rfc" "$LINENO" 5 +fi + +fi +if test .$enable_dbus != .yes; then : + if test .$enable_dbus_create_instance != .; then : + as_fn_error $? "enable-dbus-create-instance requires enable-dbus" "$LINENO" 5 +fi + +fi +if test .$enable_lvs = .no; then : + if test .$enable_regex != .; then : + as_fn_error $? "enable-regex requires lvs" "$LINENO" 5 +fi + if test .$enable_libnl != .; then : + as_fn_error $? "disable-libnl requires lvs" "$LINENO" 5 +fi + if test .$enable_lvs_syncd != .; then : + as_fn_error $? "disable-lvs-syncd requires lvs" "$LINENO" 5 +fi + if test .$enable_lvs_64bit_stats != .; then : + as_fn_error $? "disable-lvs-64bit-stats requires lvs" "$LINENO" 5 +fi + if test .$enable_fwmark != .; then : + as_fn_error $? "enable-fwmark requires lvs" "$LINENO" 5 +fi + +fi +if test .$enable_lvs = .no; then : + if test .$enable_libnl_dynamic != .; then : + as_fn_error $? "enable-libnl-dynamic requires lvs and libnl" "$LINENO" 5 +fi + +fi +if test .$enable_regex != .yes; then : + if test .$enable_regex_timers != .; then : + as_fn_error $? "enable-regex-timers requires enable-regex" "$LINENO" 5 +fi + if test .$enable_regex_debug != .; then : + as_fn_error $? "enable-regex-debug requires enable-regex" "$LINENO" 5 +fi + +fi +if test .$enable_track_process = .no; then : + if test .$enable_track_process_debug != .; then : + as_fn_error $? "enable-track-process-debug incompatible with disable-track-process" "$LINENO" 5 +fi + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking diagnostic pragmas in functions" >&5 +$as_echo_n "checking diagnostic pragmas in functions... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + int main(int argc, char**argv) + { +_Pragma("GCC diagnostic warning \"-Wall\"") + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define _HAVE_FUNCTION_DIAGNOSTIC_PRAGMAS_ 1 " >>confdefs.h + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking diagnostic push/pop pragmas" >&5 +$as_echo_n "checking diagnostic push/pop pragmas... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + int main(int argc, char**argv) + { +_Pragma("GCC diagnostic push") + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define _HAVE_DIAGNOSTIC_PUSH_POP_PRAGMAS_ 1 " >>confdefs.h + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test ".$enable_warnings" = .no; then : + WARNINGS_ENABLED=$WARNINGS_BASIC +else + if test ".$enable_warnings" != .yes; then : + WARN_LIST=`echo $enable_warnings | sed -e "s/-W//g"` + WARNINGS_ENABLED="$WARNINGS_ENABLED "$WARN_LIST"" + +fi + + +fi +if test .$enable_extra_warnings = .yes; then : + WARNINGS_ENABLED="$WARNINGS_ENABLED "$WARNINGS_EXTRA"" +fi + +if test "$enable_conversion_checks" = yes; then + # Check if we can sensibly enable -Wconversion + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for usable -Wconversion" >&5 +$as_echo_n "checking for usable -Wconversion... " >&6; } + SAV_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -Wconversion -O2 -Wp,-D_FORTIFY_SOURCE=2 -Werror" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + #include + #include + #include + + #define VAL 255 + + static void + fun(uint8_t val) + { + } + + int main(int argc, char**argv) + { + fd_set set; + uint8_t val = 42; + unsigned u; + bool b; + size_t size = 17; + char c[2]; + char *c_ptr = c; + struct rtattr rta; + struct rtattr *rta_p = &rta; + + FD_SET(argc+1, &set); + + fun(argc == VAL ? VAL : val); + + // vrrp->lower_prio_no_advert = vrrp->strict_mode ? true : global_data->vrrp_lower_prio_no_advert; + u = u ? true : b; + + size = RTA_LENGTH(size); + c_ptr = RTA_DATA(c_ptr); + rta_p = RTA_NEXT(rta_p, size); + + val = (u < 256 ) ? u & 0xff : 0; + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + WARNINGS_ENABLED="$WARNINGS_ENABLED conversion" + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: -Wconversion is not sensible with this compiler. Use --enable-force-conversion-checks to override." >&5 +$as_echo "$as_me: WARNING: -Wconversion is not sensible with this compiler. Use --enable-force-conversion-checks to override." >&2;} + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS="$SAV_CFLAGS" +elif test "$enable_force_conversion_checks" = yes; then + WARNINGS_ENABLED="$WARNINGS_ENABLED conversion" +fi + +if test "$enable_Werror" = yes; then + WARNINGS_ENABLED="$WARNINGS_ENABLED error" +fi + +CONFIG_WARNINGS=lib/config_warnings.h.in + +# Save (or restore) lib/config_warnings.h.in +if test ! -f ${CONFIG_WARNINGS}.sav; then : + cp -p ${CONFIG_WARNINGS} ${CONFIG_WARNINGS}.sav +else + cp -p ${CONFIG_WARNINGS}.sav ${CONFIG_WARNINGS} +fi + +SAV_CFLAGS="$CFLAGS" +for WARN in $WARNINGS_ENABLED +do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -W$WARN" >&5 +$as_echo_n "checking for -W$WARN... " >&6; } + CFLAGS="$SAV_CFLAGS -W$WARN" + + WARN_VAR=_HAVE_WARNING_`echo $WARN | tr "a-z=-" "A-Z__"`_ + LOCAL_WARN_VAR=HAVE_WARNING_`echo $WARN | sed -e "s/=.*//" | tr "a-z-" "A-Z_"` + grep -q "^#undef $WARN_VAR$" $CONFIG_WARNINGS + if test $? -ne 0; then : + echo -e "\n/* Define to 1 if -W$WARN in use */\n#undef $WARN_VAR" >>$CONFIG_WARNINGS + +fi + + test `echo $WARN | grep "=[0-9][0-9]*$"` + if test $? -eq 0; then : + WARN_SHORT=`echo $WARN | sed -e 's/=[0-9][0-9]*$//'` + WARN_VAR_SHORT=_HAVE_WARNING_`echo $WARN_SHORT | tr "a-z=-" "A-Z__"`_ + grep -q "^#undef $WARN_VAR_SHORT$" $CONFIG_WARNINGS + if test $? -ne 0; then : + echo -e "\n/* Define to 1 if -W$WARN_SHORT in use */\n#undef $WARN_VAR_SHORT" >>$CONFIG_WARNINGS + +fi + +else + unset WARN_VAR_SHORT + +fi + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + int main(int argc, char**argv) + { + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + # gcc 9 removed -Wchkp and doesn't error if it is specified, + # but rather outputs: + # warning: switch '-Wchkp' is no longer supported + # so check for the warning. + touch conftest.err + grep -q "is no longer supported" conftest.err + if test $? -ne 0; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + eval $LOCAL_WARN_VAR=yes + KA_CFLAGS="$KA_CFLAGS -W$WARN" + cat >>confdefs.h <<_ACEOF +#define $WARN_VAR 1 +_ACEOF + + if test -z "$WARN_VAR_SHORT"; then : + +else + cat >>confdefs.h <<_ACEOF +#define $WARN_VAR_SHORT 1 +_ACEOF + + +fi + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + eval $LOCAL_WARN_VAR=no + +fi + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + eval $LOCAL_WARN_VAR=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +done +if test .$HAVE_WARNING_STRICT_OVERFLOW = .yes; then : + + # The following is not supported in gcc 5.4.0 + CFLAGS="$CFLAGS -Werror" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + _Pragma("GCC diagnostic warning \"-Wstrict-overflow=1\"") + int main(int argc, char**argv) + { + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +$as_echo "#define _HAVE_PRAGMA_WARN_STRICT_OVERFLOW_1_ 1 " >>confdefs.h + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + +fi +CFLAGS="$SAV_CFLAGS" + +STRICT_CONFIG=No +if test "$enable_strict_config_checks" = yes; then + +$as_echo "#define _STRICT_CONFIG_ 1 " >>confdefs.h + + STRICT_CONFIG=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS STRICT_CONFIG" +fi + if test $STRICT_CONFIG = Yes; then + WITH_STRICT_CONFIG_CHECKS_TRUE= + WITH_STRICT_CONFIG_CHECKS_FALSE='#' +else + WITH_STRICT_CONFIG_CHECKS_TRUE='#' + WITH_STRICT_CONFIG_CHECKS_FALSE= +fi + + +if test "$enable_hardening" != no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PIE support" >&5 +$as_echo_n "checking for PIE support... " >&6; } + SAV_CFLAGS="$CFLAGS" + SAV_LDFLAGS="$LDFLAGS" + CFLAGS="$CFLAGS -fPIE" + LDFLAGS="$LDFLAGS -pie" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + int main(int argc, char **argv) + { + int i = 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + KA_CFLAGS="$KA_CFLAGS -fPIE" + KA_LDFLAGS="$KA_LDFLAGS -pie" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CFLAGS=$SAV_CFLAGS + LDFLAGS=$SAV_LDFLAGS + + for FLAG in \ + "-Wformat -Werror=format-security" \ + "-Wp,-D_FORTIFY_SOURCE=2" \ + "-fexceptions" \ + "-fstack-protector-strong" \ + "--param=ssp-buffer-size=4" \ + "-grecord-gcc-switches" + do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $FLAG support" >&5 +$as_echo_n "checking for $FLAG support... " >&6; } + CFLAGS="$CFLAGS $FLAG" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + KA_CFLAGS="$KA_CFLAGS $FLAG" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$SAV_CFLAGS + done + + WL_FLAGS= + for FLAG in \ + "-z,relro" \ + "-z,now" + do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -Wl,$FLAG support" >&5 +$as_echo_n "checking for -Wl,$FLAG support... " >&6; } + LDFLAGS="$LDFLAGS -Wl,$FLAG" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + int main(int argc, char **argv) + { + int i = 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + WL_FLAGS="$WL_FLAGS -Wl,$FLAG" + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CFLAGS=$SAV_CFLAGS + LDFLAGS=$SAV_LDFLAGS + done + if test -n "$WL_FLAGS"; then + KA_LDFLAGS="$KA_LDFLAGS $WL_FLAGS" + fi +fi + +# enable-optimise +if test "$enable_optimise" = yes -o "$enable_optimise" = not-specified; then : + optimise_level=2 +else + optimise_level=$enable_optimise +fi +if test "$enable_optimise" = no; then : + optimise_level=0 +fi +if test "$optimise_level" -eq 0; then : + + echo $KA_CFLAGS | $GREP -q -- "-D_FORTIFY_SOURCE=[^0]" + if test $? -eq 0; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --disable-optimise requires --disable-hardening" >&5 +$as_echo "$as_me: WARNING: --disable-optimise requires --disable-hardening" >&2;} +fi + +fi +FLAG="-O$optimise_level" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $FLAG support" >&5 +$as_echo_n "checking for $FLAG support... " >&6; } +SAV_CFLAGS=$CFLAGS +CFLAGS="$CFLAGS $FLAG" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + KA_CFLAGS="$KA_CFLAGS $FLAG" +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + if test "$enable_optimise" != not-specified; then : + as_fn_error $? "Invalid optimisation level specified" "$LINENO" 5 +fi + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +CFLAGS=$SAV_CFLAGS + + + + + +# AC_SUBST(KA_LIBTOOLFLAGS) + +# Check if unaligned memory access is supported (for ARM not supported prior to ARMv6 processors) +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for unaligned memory access" >&5 +$as_echo_n "checking for unaligned memory access... " >&6; } +if test "$cross_compiling" = yes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unknown" >&5 +$as_echo "unknown" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot determine if unaligned access supported. Assuming yes." >&5 +$as_echo "$as_me: WARNING: Cannot determine if unaligned access supported. Assuming yes." >&2;} + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + + #include + #include + + #if __BYTE_ORDER == __BIG_ENDIAN + #if ULONG_MAX == 0xffffffffffffffffUL + #define CHK_VAL 0x1234567890abcdefUL + #elif ULONG_MAX == 0xffffffffUL + #define CHK_VAL 0x12345678UL + #else + #define CHK_VAL 0x1234UL + #endif + #elif __BYTE_ORDER == __LITTLE_ENDIAN + #if ULONG_MAX == 0xffffffffffffffffUL + #define CHK_VAL 0xefcdab9078563412UL + #elif ULONG_MAX == 0xffffffffUL + #define CHK_VAL 0x78563412UL + #else + #define CHK_VAL 0x3412UL + #endif + #else + #error Neither big nor little endian - unsupported + #endif + +int +main () +{ + + unsigned long arr[2] = { 0, 0 }; + unsigned char *p = (unsigned char *)arr + 1; + unsigned i; + + *(unsigned long *)p = CHK_VAL; + + return !!(arr[0] == CHK_VAL || p[0] != 0x12 || p[1] != 0x34 || p[2] != 0x56); + + + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define _NO_UNALIGNED_ACCESS_ 1 " >>confdefs.h + + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +# Checks for libraries. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for clock_gettime() requires -lrt" >&5 +$as_echo_n "checking for clock_gettime() requires -lrt... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + int main(int argc, char **argv) + { + int i; + struct timespec ts; + + i = clock_gettime(CLOCK_MONOTONIC, &ts); + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +else + + SAV_LIBS="$LIBS" + LIBS="$LIBS -lrt" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + int main(int argc, char **argv) + { + int i; + struct timespec ts; + + i = clock_gettime(CLOCK_MONOTONIC, &ts); + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + KA_LIBS="$KA_LIBS -lrt" +else + as_fn_error $? "clock_gettime() not supported" "$LINENO" 5 +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS=$SAV_LIBS + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +# Checks for header files. +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +$as_echo_n "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if ${ac_cv_prog_CPP+:} false; then : + $as_echo_n "(cached) " >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 +$as_echo "$CPP" >&6; } +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +$as_echo_n "checking for egrep... " >&6; } +if ${ac_cv_path_EGREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + if test -z "$EGREP"; then + ac_path_EGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in egrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP" || continue +# Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP"; then + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_EGREP=$EGREP +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +$as_echo "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if ${ac_cv_header_stdc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + +else + ac_cv_header_stdc=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +$as_echo "#define STDC_HEADERS 1" >>confdefs.h + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_header in arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stdint.h stdlib.h string.h sys/ioctl.h sys/param.h sys/prctl.h sys/socket.h sys/time.h syslog.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +else + as_fn_error $? "Missing/unusable system header file <$ac_header>" "$LINENO" 5 +fi + +done + + +# check for kernel headers +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +NETLINK_EXTRA_INCLUDE= +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + ac_fn_c_check_header_compile "$LINENO" "linux/netlink.h" "ac_cv_header_linux_netlink_h" "#include +" +if test "x$ac_cv_header_linux_netlink_h" = xyes; then : + + +$as_echo "#define NETLINK_H_NEEDS_SYS_SOCKET_H 1 " >>confdefs.h + + NETLINK_EXTRA_INCLUDE="#include " + +else + as_fn_error $? "Missing/unusable kernel header file " "$LINENO" 5 +fi + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +RTNETLINK_EXTRA_INCLUDE= +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + ac_fn_c_check_header_compile "$LINENO" "linux/rtnetlink.h" "ac_cv_header_linux_rtnetlink_h" "#include +" +if test "x$ac_cv_header_linux_rtnetlink_h" = xyes; then : + + +$as_echo "#define RTNETLINK_H_NEEDS_SYS_SOCKET_H 1 " >>confdefs.h + + RTNETLINK_EXTRA_INCLUDE="#include " + +else + as_fn_error $? "Missing/unusable kernel header file " "$LINENO" 5 +fi + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +for ac_header in asm/types.h linux/ethtool.h linux/icmpv6.h linux/if_ether.h linux/if_packet.h linux/ip.h linux/sockios.h linux/types.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +else + as_fn_error $? "Missing/unusable kernel header file <$ac_header>" "$LINENO" 5 +fi + +done + +for ac_header in linux/fib_rules.h linux/if_addr.h linux/if_link.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$NETLINK_EXTRA_INCLUDE +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +else + as_fn_error $? "Missing/unusable kernel header file <$ac_header>" "$LINENO" 5 +fi + +done + +for ac_header in linux/if_arp.h +do : + ac_fn_c_check_header_compile "$LINENO" "linux/if_arp.h" "ac_cv_header_linux_if_arp_h" "#include +" +if test "x$ac_cv_header_linux_if_arp_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LINUX_IF_ARP_H 1 +_ACEOF + +else + as_fn_error $? "Missing/unusable <$ac_header>" "$LINENO" 5 +fi + +done + +CPPFLAGS="$SAV_CPPFLAGS" + +# Checks for typedefs, structures, and compiler characteristics. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdbool.h that conforms to C99" >&5 +$as_echo_n "checking for stdbool.h that conforms to C99... " >&6; } +if ${ac_cv_header_stdbool_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #ifndef bool + "error: bool is not defined" + #endif + #ifndef false + "error: false is not defined" + #endif + #if false + "error: false is not 0" + #endif + #ifndef true + "error: true is not defined" + #endif + #if true != 1 + "error: true is not 1" + #endif + #ifndef __bool_true_false_are_defined + "error: __bool_true_false_are_defined is not defined" + #endif + + struct s { _Bool s: 1; _Bool t; } s; + + char a[true == 1 ? 1 : -1]; + char b[false == 0 ? 1 : -1]; + char c[__bool_true_false_are_defined == 1 ? 1 : -1]; + char d[(bool) 0.5 == true ? 1 : -1]; + /* See body of main program for 'e'. */ + char f[(_Bool) 0.0 == false ? 1 : -1]; + char g[true]; + char h[sizeof (_Bool)]; + char i[sizeof s.t]; + enum { j = false, k = true, l = false * true, m = true * 256 }; + /* The following fails for + HP aC++/ANSI C B3910B A.05.55 [Dec 04 2003]. */ + _Bool n[m]; + char o[sizeof n == m * sizeof n[0] ? 1 : -1]; + char p[-1 - (_Bool) 0 < 0 && -1 - (bool) 0 < 0 ? 1 : -1]; + /* Catch a bug in an HP-UX C compiler. See + http://gcc.gnu.org/ml/gcc-patches/2003-12/msg02303.html + http://lists.gnu.org/archive/html/bug-coreutils/2005-11/msg00161.html + */ + _Bool q = true; + _Bool *pq = &q; + +int +main () +{ + + bool e = &s; + *pq |= q; + *pq |= ! q; + /* Refer to every declared value, to avoid compiler optimizations. */ + return (!a + !b + !c + !d + !e + !f + !g + !h + !i + !!j + !k + !!l + + !m + !n + !o + !p + !q + !pq); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdbool_h=yes +else + ac_cv_header_stdbool_h=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdbool_h" >&5 +$as_echo "$ac_cv_header_stdbool_h" >&6; } + ac_fn_c_check_type "$LINENO" "_Bool" "ac_cv_type__Bool" "$ac_includes_default" +if test "x$ac_cv_type__Bool" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE__BOOL 1 +_ACEOF + + +fi + + +if test $ac_cv_header_stdbool_h = yes; then + +$as_echo "#define HAVE_STDBOOL_H 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 +$as_echo_n "checking for inline... " >&6; } +if ${ac_cv_c_inline+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_c_inline=no +for ac_kw in inline __inline__ __inline; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifndef __cplusplus +typedef int foo_t; +static $ac_kw foo_t static_foo () {return 0; } +$ac_kw foo_t foo () {return 0; } +#endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_inline=$ac_kw +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + test "$ac_cv_c_inline" != no && break +done + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 +$as_echo "$ac_cv_c_inline" >&6; } + +case $ac_cv_c_inline in + inline | yes) ;; + *) + case $ac_cv_c_inline in + no) ac_val=;; + *) ac_val=$ac_cv_c_inline;; + esac + cat >>confdefs.h <<_ACEOF +#ifndef __cplusplus +#define inline $ac_val +#endif +_ACEOF + ;; +esac + +ac_fn_c_find_intX_t "$LINENO" "64" "ac_cv_c_int64_t" +case $ac_cv_c_int64_t in #( + no|yes) ;; #( + *) + +cat >>confdefs.h <<_ACEOF +#define int64_t $ac_cv_c_int64_t +_ACEOF +;; +esac + +ac_fn_c_check_type "$LINENO" "pid_t" "ac_cv_type_pid_t" "$ac_includes_default" +if test "x$ac_cv_type_pid_t" = xyes; then : + +else + +cat >>confdefs.h <<_ACEOF +#define pid_t int +_ACEOF + +fi + +ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" +if test "x$ac_cv_type_size_t" = xyes; then : + +else + +cat >>confdefs.h <<_ACEOF +#define size_t unsigned int +_ACEOF + +fi + +ac_fn_c_find_uintX_t "$LINENO" "16" "ac_cv_c_uint16_t" +case $ac_cv_c_uint16_t in #( + no|yes) ;; #( + *) + + +cat >>confdefs.h <<_ACEOF +#define uint16_t $ac_cv_c_uint16_t +_ACEOF +;; + esac + +ac_fn_c_find_uintX_t "$LINENO" "32" "ac_cv_c_uint32_t" +case $ac_cv_c_uint32_t in #( + no|yes) ;; #( + *) + +$as_echo "#define _UINT32_T 1" >>confdefs.h + + +cat >>confdefs.h <<_ACEOF +#define uint32_t $ac_cv_c_uint32_t +_ACEOF +;; + esac + +ac_fn_c_find_uintX_t "$LINENO" "64" "ac_cv_c_uint64_t" +case $ac_cv_c_uint64_t in #( + no|yes) ;; #( + *) + +$as_echo "#define _UINT64_T 1" >>confdefs.h + + +cat >>confdefs.h <<_ACEOF +#define uint64_t $ac_cv_c_uint64_t +_ACEOF +;; + esac + +ac_fn_c_find_uintX_t "$LINENO" "8" "ac_cv_c_uint8_t" +case $ac_cv_c_uint8_t in #( + no|yes) ;; #( + *) + +$as_echo "#define _UINT8_T 1" >>confdefs.h + + +cat >>confdefs.h <<_ACEOF +#define uint8_t $ac_cv_c_uint8_t +_ACEOF +;; + esac + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 +$as_echo_n "checking for an ANSI C-conforming const... " >&6; } +if ${ac_cv_c_const+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + +#ifndef __cplusplus + /* Ultrix mips cc rejects this sort of thing. */ + typedef int charset[2]; + const charset cs = { 0, 0 }; + /* SunOS 4.1.1 cc rejects this. */ + char const *const *pcpcc; + char **ppc; + /* NEC SVR4.0.2 mips cc rejects this. */ + struct point {int x, y;}; + static struct point const zero = {0,0}; + /* AIX XL C 1.02.0.0 rejects this. + It does not let you subtract one const X* pointer from another in + an arm of an if-expression whose if-part is not a constant + expression */ + const char *g = "string"; + pcpcc = &g + (g ? g-g : 0); + /* HPUX 7.0 cc rejects these. */ + ++pcpcc; + ppc = (char**) pcpcc; + pcpcc = (char const *const *) ppc; + { /* SCO 3.2v4 cc rejects this sort of thing. */ + char tx; + char *t = &tx; + char const *s = 0 ? (char *) 0 : (char const *) 0; + + *t++ = 0; + if (s) return 0; + } + { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ + int x[] = {25, 17}; + const int *foo = &x[0]; + ++foo; + } + { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ + typedef const int *iptr; + iptr p = 0; + ++p; + } + { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying + "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ + struct s { int j; const int *ap[3]; } bx; + struct s *b = &bx; b->j = 5; + } + { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ + const int foo = 10; + if (!foo) return 0; + } + return !cs[0] && !zero.x; +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_const=yes +else + ac_cv_c_const=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 +$as_echo "$ac_cv_c_const" >&6; } +if test $ac_cv_c_const = no; then + +$as_echo "#define const /**/" >>confdefs.h + +fi + + +# Checks for library functions. +for ac_header in vfork.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "vfork.h" "ac_cv_header_vfork_h" "$ac_includes_default" +if test "x$ac_cv_header_vfork_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_VFORK_H 1 +_ACEOF + +fi + +done + +for ac_func in fork vfork +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +if test "x$ac_cv_func_fork" = xyes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working fork" >&5 +$as_echo_n "checking for working fork... " >&6; } +if ${ac_cv_func_fork_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + ac_cv_func_fork_works=cross +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ + + /* By Ruediger Kuhlmann. */ + return fork () < 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_func_fork_works=yes +else + ac_cv_func_fork_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_fork_works" >&5 +$as_echo "$ac_cv_func_fork_works" >&6; } + +else + ac_cv_func_fork_works=$ac_cv_func_fork +fi +if test "x$ac_cv_func_fork_works" = xcross; then + case $host in + *-*-amigaos* | *-*-msdosdjgpp*) + # Override, as these systems have only a dummy fork() stub + ac_cv_func_fork_works=no + ;; + *) + ac_cv_func_fork_works=yes + ;; + esac + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&5 +$as_echo "$as_me: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&2;} +fi +ac_cv_func_vfork_works=$ac_cv_func_vfork +if test "x$ac_cv_func_vfork" = xyes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working vfork" >&5 +$as_echo_n "checking for working vfork... " >&6; } +if ${ac_cv_func_vfork_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + ac_cv_func_vfork_works=cross +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Thanks to Paul Eggert for this test. */ +$ac_includes_default +#include +#ifdef HAVE_VFORK_H +# include +#endif +/* On some sparc systems, changes by the child to local and incoming + argument registers are propagated back to the parent. The compiler + is told about this with #include , but some compilers + (e.g. gcc -O) don't grok . Test for this by using a + static variable whose address is put into a register that is + clobbered by the vfork. */ +static void +#ifdef __cplusplus +sparc_address_test (int arg) +# else +sparc_address_test (arg) int arg; +#endif +{ + static pid_t child; + if (!child) { + child = vfork (); + if (child < 0) { + perror ("vfork"); + _exit(2); + } + if (!child) { + arg = getpid(); + write(-1, "", 0); + _exit (arg); + } + } +} + +int +main () +{ + pid_t parent = getpid (); + pid_t child; + + sparc_address_test (0); + + child = vfork (); + + if (child == 0) { + /* Here is another test for sparc vfork register problems. This + test uses lots of local variables, at least as many local + variables as main has allocated so far including compiler + temporaries. 4 locals are enough for gcc 1.40.3 on a Solaris + 4.1.3 sparc, but we use 8 to be safe. A buggy compiler should + reuse the register of parent for one of the local variables, + since it will think that parent can't possibly be used any more + in this routine. Assigning to the local variable will thus + munge parent in the parent process. */ + pid_t + p = getpid(), p1 = getpid(), p2 = getpid(), p3 = getpid(), + p4 = getpid(), p5 = getpid(), p6 = getpid(), p7 = getpid(); + /* Convince the compiler that p..p7 are live; otherwise, it might + use the same hardware register for all 8 local variables. */ + if (p != p1 || p != p2 || p != p3 || p != p4 + || p != p5 || p != p6 || p != p7) + _exit(1); + + /* On some systems (e.g. IRIX 3.3), vfork doesn't separate parent + from child file descriptors. If the child closes a descriptor + before it execs or exits, this munges the parent's descriptor + as well. Test for this by closing stdout in the child. */ + _exit(close(fileno(stdout)) != 0); + } else { + int status; + struct stat st; + + while (wait(&status) != child) + ; + return ( + /* Was there some problem with vforking? */ + child < 0 + + /* Did the child fail? (This shouldn't happen.) */ + || status + + /* Did the vfork/compiler bug occur? */ + || parent != getpid() + + /* Did the file descriptor bug occur? */ + || fstat(fileno(stdout), &st) != 0 + ); + } +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_func_vfork_works=yes +else + ac_cv_func_vfork_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vfork_works" >&5 +$as_echo "$ac_cv_func_vfork_works" >&6; } + +fi; +if test "x$ac_cv_func_fork_works" = xcross; then + ac_cv_func_vfork_works=$ac_cv_func_vfork + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&5 +$as_echo "$as_me: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&2;} +fi + +if test "x$ac_cv_func_vfork_works" = xyes; then + +$as_echo "#define HAVE_WORKING_VFORK 1" >>confdefs.h + +else + +$as_echo "#define vfork fork" >>confdefs.h + +fi +if test "x$ac_cv_func_fork_works" = xyes; then + +$as_echo "#define HAVE_WORKING_FORK 1" >>confdefs.h + +fi + +for ac_header in stdlib.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default" +if test "x$ac_cv_header_stdlib_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STDLIB_H 1 +_ACEOF + +fi + +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible malloc" >&5 +$as_echo_n "checking for GNU libc compatible malloc... " >&6; } +if ${ac_cv_func_malloc_0_nonnull+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + ac_cv_func_malloc_0_nonnull=no +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined STDC_HEADERS || defined HAVE_STDLIB_H +# include +#else +char *malloc (); +#endif + +int +main () +{ +return ! malloc (0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_func_malloc_0_nonnull=yes +else + ac_cv_func_malloc_0_nonnull=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_malloc_0_nonnull" >&5 +$as_echo "$ac_cv_func_malloc_0_nonnull" >&6; } +if test $ac_cv_func_malloc_0_nonnull = yes; then : + +$as_echo "#define HAVE_MALLOC 1" >>confdefs.h + +else + $as_echo "#define HAVE_MALLOC 0" >>confdefs.h + + case " $LIBOBJS " in + *" malloc.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS malloc.$ac_objext" + ;; +esac + + +$as_echo "#define malloc rpl_malloc" >>confdefs.h + +fi + + +for ac_header in stdlib.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default" +if test "x$ac_cv_header_stdlib_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STDLIB_H 1 +_ACEOF + +fi + +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible realloc" >&5 +$as_echo_n "checking for GNU libc compatible realloc... " >&6; } +if ${ac_cv_func_realloc_0_nonnull+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + ac_cv_func_realloc_0_nonnull=no +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined STDC_HEADERS || defined HAVE_STDLIB_H +# include +#else +char *realloc (); +#endif + +int +main () +{ +return ! realloc (0, 0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_func_realloc_0_nonnull=yes +else + ac_cv_func_realloc_0_nonnull=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_realloc_0_nonnull" >&5 +$as_echo "$ac_cv_func_realloc_0_nonnull" >&6; } +if test $ac_cv_func_realloc_0_nonnull = yes; then : + +$as_echo "#define HAVE_REALLOC 1" >>confdefs.h + +else + $as_echo "#define HAVE_REALLOC 0" >>confdefs.h + + case " $LIBOBJS " in + *" realloc.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS realloc.$ac_objext" + ;; +esac + + +$as_echo "#define realloc rpl_realloc" >>confdefs.h + +fi + + +for ac_func in dup2 getcwd gettimeofday memmove memset select setenv socket strcasecmp strchr strdup strerror strpbrk strstr strtol strtoul uname +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +for ac_func in pipe2 +do : + ac_fn_c_check_func "$LINENO" "pipe2" "ac_cv_func_pipe2" +if test "x$ac_cv_func_pipe2" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_PIPE2 1 +_ACEOF + SYSTEM_OPTIONS="$SYSTEM_OPTIONS PIPE2" +fi +done + +for ac_func in signalfd +do : + ac_fn_c_check_func "$LINENO" "signalfd" "ac_cv_func_signalfd" +if test "x$ac_cv_func_signalfd" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SIGNALFD 1 +_ACEOF + SYSTEM_OPTIONS="$SYSTEM_OPTIONS SIGNALFD" +fi +done + +for ac_func in inotify_init1 +do : + ac_fn_c_check_func "$LINENO" "inotify_init1" "ac_cv_func_inotify_init1" +if test "x$ac_cv_func_inotify_init1" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_INOTIFY_INIT1 1 +_ACEOF + SYSTEM_OPTIONS="$SYSTEM_OPTIONS INOTIFY_INIT1" +fi +done + +for ac_func in vsyslog +do : + ac_fn_c_check_func "$LINENO" "vsyslog" "ac_cv_func_vsyslog" +if test "x$ac_cv_func_vsyslog" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_VSYSLOG 1 +_ACEOF + SYSTEM_OPTIONS="$SYSTEM_OPTIONS VSYSLOG" +fi +done + +for ac_func in epoll_create1 +do : + ac_fn_c_check_func "$LINENO" "epoll_create1" "ac_cv_func_epoll_create1" +if test "x$ac_cv_func_epoll_create1" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_EPOLL_CREATE1 1 +_ACEOF + SYSTEM_OPTIONS="$SYSTEM_OPTIONS EPOLL_CREATE1" +fi +done + + +# glibc uses unsigned int as 3rd parameter to __assert_fail(), musl uses int. +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + + void __assert_fail(const char * a, const char *b, unsigned int l, const char *c) + { + exit(a[0] + b[0] + c[0] + l == 0); + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + LINE_type="unsigned int" +else + LINE_type="int" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +cat >>confdefs.h <<_ACEOF +#define LINE_type $LINE_type +_ACEOF + + +SAV_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -Wattributes -Werror" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + static __always_inline int + test_func(int val) + { + return val; + } + + int + main(int argc, char **argv) + { + int val = test_func(3); + return val; + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + static __inline __attribute__ ((__always_inline__)) int + test_func(int val) + { + return val; + } + + int + main(int argc, char **argv) + { + int val = test_func(3); + return val; + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +$as_echo "#define __always_inline __inline __attribute__ ((__always_inline__))" >>confdefs.h + +else + +$as_echo "#define __always_inline inline" >>confdefs.h + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +CFLAGS="$SAV_CFLAGS" + +if test "$enable_dynamic_linking"; then : + + if test .$enable_vrrp != .no; then : + + enable_libiptc_dynamic=$enable_dynamic_linking + enable_libipset_dynamic=$enable_dynamic_linking + +fi + if test .$enable_lvs != .no; then : + + enable_libnl_dynamic=$enable_dynamic_linking + +fi + +fi + +# check for missing definition - added in glibc 2.8 +ac_fn_c_check_decl "$LINENO" "ETHERTYPE_IPV6" "ac_cv_have_decl_ETHERTYPE_IPV6" "#include +" +if test "x$ac_cv_have_decl_ETHERTYPE_IPV6" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_ETHERTYPE_IPV6 $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + + +$as_echo "#define ETHERTYPE_IPV6 0x86dd" >>confdefs.h + + +fi + + +BUILD_GENHASH=Yes +# check for openssl headers +NEED_MD5=no +NEED_SSL=no +if test "$enable_vrrp" != no -a \ + "$enable_vrrp_auth" != no; then + NEED_MD5=yes +fi +if test "$enable_lvs" != no; then + NEED_MD5=yes + NEED_SSL=yes +fi +for ac_header in openssl/ssl.h openssl/err.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +else + + if test $NEED_SSL = yes; then + as_fn_error $? " + !!! OpenSSL is not properly installed on your system. !!! + !!! Can not include OpenSSL headers files. !!!" "$LINENO" 5 + fi + BUILD_GENHASH=No + NEED_SSL=no + break + +fi + +done + +for ac_header in openssl/md5.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "openssl/md5.h" "ac_cv_header_openssl_md5_h" "$ac_includes_default" +if test "x$ac_cv_header_openssl_md5_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_OPENSSL_MD5_H 1 +_ACEOF + +else + + if test $NEED_MD5 = yes; then + as_fn_error $? " + !!! OpenSSL is not properly installed on your system. !!! + !!! Can not include OpenSSL MD5 headers files. !!!" "$LINENO" 5 + fi + BUILD_GENHASH=No + NEED_MD5=no + break + +fi + +done + +unset LIBS + +$PKG_CONFIG --exists openssl +if test $? -eq 0; then + if test -n "OPENSSL"; then + KA_PKG_PFX=OPENSSL + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I openssl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other openssl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires openssl` + var=`$PKG_CONFIG --libs-only-l openssl` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs openssl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + +else + OPENSSL_LIBS="-lssl -lcrypto" +fi + +EXTRA_LIBS=`echo $OPENSSL_LIBS | sed -e "s/-lcrypto//"` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for MD5_Init in -lcrypto" >&5 +$as_echo_n "checking for MD5_Init in -lcrypto... " >&6; } +if ${ac_cv_lib_crypto_MD5_Init+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcrypto $EXTRA_LIBS $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char MD5_Init (); +int +main () +{ +return MD5_Init (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_crypto_MD5_Init=yes +else + ac_cv_lib_crypto_MD5_Init=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_MD5_Init" >&5 +$as_echo "$ac_cv_lib_crypto_MD5_Init" >&6; } +if test "x$ac_cv_lib_crypto_MD5_Init" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBCRYPTO 1 +_ACEOF + + LIBS="-lcrypto $LIBS" + +else + + if test $NEED_MD5 = yes; then + as_fn_error $? "OpenSSL MD5 libraries are required" "$LINENO" 5 + fi + BUILD_GENHASH=No + +fi + +if test $NEED_MD5 = yes; then + KA_LIBS="$KA_LIBS $LIBS" +fi +GENHASH_LIBS="$GENHASH_LIBS $LIBS" +unset LIBS + +EXTRA_LIBS=`echo $OPENSSL_LIBS | sed -e "s/-lssl//"` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_new in -lssl" >&5 +$as_echo_n "checking for SSL_CTX_new in -lssl... " >&6; } +if ${ac_cv_lib_ssl_SSL_CTX_new+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lssl $EXTRA_LIBS $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char SSL_CTX_new (); +int +main () +{ +return SSL_CTX_new (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_ssl_SSL_CTX_new=yes +else + ac_cv_lib_ssl_SSL_CTX_new=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_CTX_new" >&5 +$as_echo "$ac_cv_lib_ssl_SSL_CTX_new" >&6; } +if test "x$ac_cv_lib_ssl_SSL_CTX_new" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBSSL 1 +_ACEOF + + LIBS="-lssl $LIBS" + +else + + if test $NEED_SSL = yes; then + as_fn_error $? "OpenSSL libraries are required" "$LINENO" 5 + fi + BUILD_GENHASH=No + +fi + +if test $NEED_SSL = yes; then + KA_LIBS="$KA_LIBS $LIBS" +fi +GENHASH_LIBS="$GENHASH_LIBS $LIBS" +unset LIBS + +# Introduced in OpenSSL ver 0.9.9 +LIBS=$OPENSSL_LIBS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking SSL_set_tlsext_host_name() - may be a definition" >&5 +$as_echo_n "checking SSL_set_tlsext_host_name() - may be a definition... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + int main(void) + { + request_t req; + SSL_set_tlsext_host_name(req.ssl, "SSL"); + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define _HAVE_SSL_SET_TLSEXT_HOST_NAME_ 1 " >>confdefs.h + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +# SSL_CTX_set_verify_depth() introduced OpenSSL v0.9.5a +for ac_func in SSL_CTX_set_verify_depth +do : + ac_fn_c_check_func "$LINENO" "SSL_CTX_set_verify_depth" "ac_cv_func_SSL_CTX_set_verify_depth" +if test "x$ac_cv_func_SSL_CTX_set_verify_depth" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SSL_CTX_SET_VERIFY_DEPTH 1 +_ACEOF + +fi +done + + +# SSL_set0_rbio(), SSL_set0_wbio() OPENSSL_init_crypto() and TLS_method() introduced OpenSSL v1.1.0 +for ac_func in SSL_set0_rbio OPENSSL_init_crypto TLS_method +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + +# In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with +# OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b. +if test .$ac_cv_func_OPENSSL_init_crypto = .yes; then : + + if test .$ac_cv_func_TLS_method = .yes; then : + method_func=TLS_method +else + method_func=SSLv23_method +fi + if test "$cross_compiling" = yes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety." >&5 +$as_echo "$as_me: WARNING: Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety." >&2;} + openssl_init_no_load_bug=1 + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ + + const SSL_METHOD *meth; + SSL_CTX *ctx; + + if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)) + return 1; + + /* Initialize SSL context */ + meth = $method_func(); + if (!(ctx = SSL_CTX_new(meth))) + return 1; + return 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + openssl_init_no_load_bug=0 +else + openssl_init_no_load_bug=1 +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + if test $openssl_init_no_load_bug -eq 1; then : + +$as_echo "#define HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG 1 " >>confdefs.h + +fi + +fi +unset LIBS + +if test $BUILD_GENHASH = No; then + { $as_echo "$as_me:${as_lineno-$LINENO}: Unable to build genhash due to missing openssl headers/libraries" >&5 +$as_echo "$as_me: Unable to build genhash due to missing openssl headers/libraries" >&6;} + GENHASH_LIBS= +fi + + if test $BUILD_GENHASH = Yes; then + BUILD_GENHASH_TRUE= + BUILD_GENHASH_FALSE='#' +else + BUILD_GENHASH_TRUE='#' + BUILD_GENHASH_FALSE= +fi + + +IPV4_DEVCONF=No +if test .$enable_vrrp != .no; then + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPP_FLAGS $kernelinc" + IPV4_DEVCONF=Yes + ac_fn_c_check_decl "$LINENO" "IPV4_DEVCONF_ARP_IGNORE" "ac_cv_have_decl_IPV4_DEVCONF_ARP_IGNORE" "#include +" +if test "x$ac_cv_have_decl_IPV4_DEVCONF_ARP_IGNORE" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPV4_DEVCONF_ARP_IGNORE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + + IPV4_DEVCONF=No + break + +fi +ac_fn_c_check_decl "$LINENO" "IPV4_DEVCONF_ACCEPT_LOCAL" "ac_cv_have_decl_IPV4_DEVCONF_ACCEPT_LOCAL" "#include +" +if test "x$ac_cv_have_decl_IPV4_DEVCONF_ACCEPT_LOCAL" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPV4_DEVCONF_ACCEPT_LOCAL $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + + IPV4_DEVCONF=No + break + +fi +ac_fn_c_check_decl "$LINENO" "IPV4_DEVCONF_RP_FILTER" "ac_cv_have_decl_IPV4_DEVCONF_RP_FILTER" "#include +" +if test "x$ac_cv_have_decl_IPV4_DEVCONF_RP_FILTER" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPV4_DEVCONF_RP_FILTER $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + + IPV4_DEVCONF=No + break + +fi +ac_fn_c_check_decl "$LINENO" "IPV4_DEVCONF_ARPFILTER" "ac_cv_have_decl_IPV4_DEVCONF_ARPFILTER" "#include +" +if test "x$ac_cv_have_decl_IPV4_DEVCONF_ARPFILTER" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPV4_DEVCONF_ARPFILTER $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + + IPV4_DEVCONF=No + break + +fi + + if test $IPV4_DEVCONF = Yes; then + +$as_echo "#define _HAVE_IPV4_DEVCONF_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPV4_DEVCONF" + fi + for ac_header in linux/rtnetlink.h +do : + ac_fn_c_check_header_compile "$LINENO" "linux/rtnetlink.h" "ac_cv_header_linux_rtnetlink_h" "$RTNETLINK_EXTRA_INCLUDE +" +if test "x$ac_cv_header_linux_rtnetlink_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LINUX_RTNETLINK_H 1 +_ACEOF + +else + as_fn_error $? "Unusable linux/rtnetlink.h" "$LINENO" 5 +fi + +done + + CPPFLAGS="$SAV_CPPFLAGS" +fi + +IPV6_ADVANCED_API=No +ac_fn_c_check_decl "$LINENO" "IPV6_RECVHOPLIMIT" "ac_cv_have_decl_IPV6_RECVHOPLIMIT" "#include +" +if test "x$ac_cv_have_decl_IPV6_RECVHOPLIMIT" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPV6_RECVHOPLIMIT $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + IPV6_ADVANCED_API=Yes +fi +ac_fn_c_check_decl "$LINENO" "IPV6_RECVPKTINFO" "ac_cv_have_decl_IPV6_RECVPKTINFO" "#include +" +if test "x$ac_cv_have_decl_IPV6_RECVPKTINFO" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPV6_RECVPKTINFO $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + IPV6_ADVANCED_API=Yes +fi + +if test $IPV6_ADVANCED_API = Yes; then : + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPV6_ADVANCED_API" +fi + +NETLINK_VER=0 +IPVS_USE_NL=No +if test .$enable_lvs != .no -a .${enable_libnl} != .no; then + $PKG_CONFIG --exists libnl-3.0 + if test $? -eq 0; then + if test -n "NL3"; then + KA_PKG_PFX=NL3 + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libnl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libnl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test .remove-requires = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libnl-3.0` + var=`$PKG_CONFIG --libs-only-l libnl-3.0` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libnl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + as_ac_Lib=`$as_echo "ac_cv_lib_$NL3_LIB_NAMES''_nl_socket_alloc" | $as_tr_sh` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_socket_alloc in -l$NL3_LIB_NAMES" >&5 +$as_echo_n "checking for nl_socket_alloc in -l$NL3_LIB_NAMES... " >&6; } +if eval \${$as_ac_Lib+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-l$NL3_LIB_NAMES $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char nl_socket_alloc (); +int +main () +{ +return nl_socket_alloc (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$as_ac_Lib=yes" +else + eval "$as_ac_Lib=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +eval ac_res=\$$as_ac_Lib + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : + + NETLINK_VER=3 + NEED_NL3=No + + if test -n "GENL"; then + KA_PKG_PFX=GENL + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libnl-genl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libnl-genl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test .remove-requires = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libnl-genl-3.0` + var=`$PKG_CONFIG --libs-only-l libnl-genl-3.0` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libnl-genl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + as_ac_Lib=`$as_echo "ac_cv_lib_$GENL_LIB_NAMES''_genl_connect" | $as_tr_sh` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for genl_connect in -l$GENL_LIB_NAMES" >&5 +$as_echo_n "checking for genl_connect in -l$GENL_LIB_NAMES... " >&6; } +if eval \${$as_ac_Lib+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-l$GENL_LIB_NAMES $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char genl_connect (); +int +main () +{ +return genl_connect (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$as_ac_Lib=yes" +else + eval "$as_ac_Lib=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +eval ac_res=\$$as_ac_Lib + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_LIB$GENL_LIB_NAMES" | $as_tr_cpp` 1 +_ACEOF + + LIBS="-l$GENL_LIB_NAMES $LIBS" + +else + as_fn_error $? "libnl-3 is installed but not libnl-gen-3. Please, install libnl-gen-3/libnl-genl-3." "$LINENO" 5 +fi + + IPVS_USE_NL=Yes + if test .$enable_libnl_dynamic = .yes; then + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in $($PKG_CONFIG --cflags-only-I libnl-genl-3.0); do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in $($PKG_CONFIG --cflags-only-other libnl-genl-3.0); do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + + if test $LDD = :; then + as_fn_error $? "ldd is required for dynamic run-time linking support" "$LINENO" 5 + fi + + SAV_LIBS="$LIBS" + LIBS="$LIBS -l$GENL_LIB_NAMES" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + extern void genl_connect(void); + int main(void) + { + genl_connect(); + return 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep $GENL_LIB_NAMES.so | sed -e "s/^[ \t]*//"` + LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$SAV_LIBS" + + +cat >>confdefs.h <<_ACEOF +#define NL3_GENL_LIB_NAME "$LIB_NAME" +_ACEOF + + else + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libnl-genl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libnl-genl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libnl-genl-3.0` + var=`$PKG_CONFIG --libs-only-l libnl-genl-3.0` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libnl-genl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + fi + NEED_NL3=Yes + + if test $NEED_NL3 = Yes; then + +$as_echo "#define _HAVE_LIBNL3_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS LIBNL3" + if test .$enable_libnl_dynamic = .yes; then + SYSTEM_OPTIONS="$SYSTEM_OPTIONS LIBNL_DYNAMIC" + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in $($PKG_CONFIG --cflags-only-I libnl-3.0); do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in $($PKG_CONFIG --cflags-only-other libnl-3.0); do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + +$as_echo "#define _LIBNL_DYNAMIC_ 1 " >>confdefs.h + + NEED_LIBDL=Yes + + if test $LDD = :; then + as_fn_error $? "ldd is required for dynamic run-time linking support" "$LINENO" 5 + fi + + SAV_LIBS="$LIBS" + LIBS="$LIBS -l$NL3_LIB_NAMES" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + extern void nl_socket_alloc(void); + int main(void) + { + nl_socket_alloc(); + return 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep $NL3_LIB_NAMES.so | sed -e "s/^[ \t]*//"` + LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$SAV_LIBS" + + +cat >>confdefs.h <<_ACEOF +#define NL3_LIB_NAME "$LIB_NAME" +_ACEOF + + else + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libnl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libnl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libnl-3.0` + var=`$PKG_CONFIG --libs-only-l libnl-3.0` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libnl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + fi + fi + +fi + + fi + + if test $NETLINK_VER -eq 0; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_socket_modify_cb in -lnl" >&5 +$as_echo_n "checking for nl_socket_modify_cb in -lnl... " >&6; } +if ${ac_cv_lib_nl_nl_socket_modify_cb+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lnl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char nl_socket_modify_cb (); +int +main () +{ +return nl_socket_modify_cb (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_nl_nl_socket_modify_cb=yes +else + ac_cv_lib_nl_nl_socket_modify_cb=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_nl_socket_modify_cb" >&5 +$as_echo "$ac_cv_lib_nl_nl_socket_modify_cb" >&6; } +if test "x$ac_cv_lib_nl_nl_socket_modify_cb" = xyes; then : + + IPVS_USE_NL=Yes + NETLINK_VER=1 + +$as_echo "#define _HAVE_LIBNL1_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS LIBNL1" + if test .$enable_libnl_dynamic = .yes; then + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in $($PKG_CONFIG --cflags-only-I libnl-1); do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in $($PKG_CONFIG --cflags-only-other libnl-1); do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + CONFIG_OPTIONS="$CONFIG_OPTIONS LIBNL_DYNAMIC" + +$as_echo "#define _LIBNL_DYNAMIC_ 1 " >>confdefs.h + + NEED_LIBDL=Yes + + if test $LDD = :; then + as_fn_error $? "ldd is required for dynamic run-time linking support" "$LINENO" 5 + fi + + SAV_LIBS="$LIBS" + LIBS="$LIBS -lnl" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + extern void nl_socket_modify_cb(void); + int main(void) + { + nl_socket_modify_cb(); + return 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep nl.so | sed -e "s/^[ \t]*//"` + LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$SAV_LIBS" + + +cat >>confdefs.h <<_ACEOF +#define NL_LIB_NAME "$LIB_NAME" +_ACEOF + + else + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libnl-1`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libnl-1`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libnl-1` + var=`$PKG_CONFIG --libs-only-l libnl-1` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libnl-1`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + fi + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: keepalived will be built without libnl support." >&5 +$as_echo "$as_me: WARNING: keepalived will be built without libnl support." >&2;} + +fi + + fi + + if test $NETLINK_VER -ne 0; then + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$SAV_CPPFLAGS $NL3_CPPFLAGS" + for ac_header in netlink/netlink.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "netlink/netlink.h" "ac_cv_header_netlink_netlink_h" "$ac_includes_default" +if test "x$ac_cv_header_netlink_netlink_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NETLINK_NETLINK_H 1 +_ACEOF + +else + as_fn_error $? "netlink headers missing" "$LINENO" 5 +fi + +done + + for ac_header in netlink/genl/ctrl.h netlink/genl/genl.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +else + as_fn_error $? "netlink genl headers missing" "$LINENO" 5 +fi + +done + + CPPFLAGS="$SAV_CPPFLAGS" + fi +fi + if test $NETLINK_VER -eq 1; then + LIBNL1_TRUE= + LIBNL1_FALSE='#' +else + LIBNL1_TRUE='#' + LIBNL1_FALSE= +fi + + if test $NETLINK_VER -eq 3; then + LIBNL3_TRUE= + LIBNL3_FALSE='#' +else + LIBNL3_TRUE='#' + LIBNL3_FALSE= +fi + + if test .$enable_lvs != .no -a .$enable_libnl_dynamic = .yes -a $NETLINK_VER -ne 0; then + LIBNL_DYNAMIC_TRUE= + LIBNL_DYNAMIC_FALSE='#' +else + LIBNL_DYNAMIC_TRUE='#' + LIBNL_DYNAMIC_FALSE= +fi + +unset LIBS + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for magic_open in -lmagic" >&5 +$as_echo_n "checking for magic_open in -lmagic... " >&6; } +if ${ac_cv_lib_magic_magic_open+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lmagic $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char magic_open (); +int +main () +{ +return magic_open (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_magic_magic_open=yes +else + ac_cv_lib_magic_magic_open=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_magic_magic_open" >&5 +$as_echo "$ac_cv_lib_magic_magic_open" >&6; } +if test "x$ac_cv_lib_magic_magic_open" = xyes; then : + + +$as_echo "#define _HAVE_LIBMAGIC_ 1 " >>confdefs.h + + KA_LIBS="$KA_LIBS -lmagic" + +fi + +unset LIBS + +ac_fn_c_check_decl "$LINENO" "RTA_ENCAP" "ac_cv_have_decl_RTA_ENCAP" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_RTA_ENCAP" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RTA_ENCAP $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "RTA_EXPIRES" "ac_cv_have_decl_RTA_EXPIRES" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_RTA_EXPIRES" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RTA_EXPIRES $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "RTA_NEWDST" "ac_cv_have_decl_RTA_NEWDST" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_RTA_NEWDST" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RTA_NEWDST $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "RTA_PREF" "ac_cv_have_decl_RTA_PREF" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_RTA_PREF" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RTA_PREF $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "FRA_SUPPRESS_PREFIXLEN" "ac_cv_have_decl_FRA_SUPPRESS_PREFIXLEN" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_FRA_SUPPRESS_PREFIXLEN" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FRA_SUPPRESS_PREFIXLEN $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "FRA_SUPPRESS_IFGROUP" "ac_cv_have_decl_FRA_SUPPRESS_IFGROUP" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_FRA_SUPPRESS_IFGROUP" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FRA_SUPPRESS_IFGROUP $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "FRA_TUN_ID" "ac_cv_have_decl_FRA_TUN_ID" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_FRA_TUN_ID" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FRA_TUN_ID $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "RTAX_CC_ALGO" "ac_cv_have_decl_RTAX_CC_ALGO" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_RTAX_CC_ALGO" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RTAX_CC_ALGO $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "RTAX_QUICKACK" "ac_cv_have_decl_RTAX_QUICKACK" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_RTAX_QUICKACK" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RTAX_QUICKACK $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "RTEXT_FILTER_SKIP_STATS" "ac_cv_have_decl_RTEXT_FILTER_SKIP_STATS" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_RTEXT_FILTER_SKIP_STATS" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RTEXT_FILTER_SKIP_STATS $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "FRA_L3MDEV" "ac_cv_have_decl_FRA_L3MDEV" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_FRA_L3MDEV" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FRA_L3MDEV $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "FRA_UID_RANGE" "ac_cv_have_decl_FRA_UID_RANGE" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_FRA_UID_RANGE" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FRA_UID_RANGE $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "RTAX_FASTOPEN_NO_COOKIE" "ac_cv_have_decl_RTAX_FASTOPEN_NO_COOKIE" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_RTAX_FASTOPEN_NO_COOKIE" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RTAX_FASTOPEN_NO_COOKIE $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "RTA_VIA" "ac_cv_have_decl_RTA_VIA" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_RTA_VIA" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RTA_VIA $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "FRA_OIFNAME" "ac_cv_have_decl_FRA_OIFNAME" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_FRA_OIFNAME" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FRA_OIFNAME $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "FRA_PROTOCOL" "ac_cv_have_decl_FRA_PROTOCOL" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_FRA_PROTOCOL" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FRA_PROTOCOL $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "FRA_IP_PROTO" "ac_cv_have_decl_FRA_IP_PROTO" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_FRA_IP_PROTO" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FRA_IP_PROTO $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "FRA_SPORT_RANGE" "ac_cv_have_decl_FRA_SPORT_RANGE" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_FRA_SPORT_RANGE" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FRA_SPORT_RANGE $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "FRA_DPORT_RANGE" "ac_cv_have_decl_FRA_DPORT_RANGE" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_FRA_DPORT_RANGE" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FRA_DPORT_RANGE $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "RTA_TTL_PROPAGATE" "ac_cv_have_decl_RTA_TTL_PROPAGATE" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_RTA_TTL_PROPAGATE" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RTA_TTL_PROPAGATE $ac_have_decl +_ACEOF + +for flag in RTA_ENCAP RTA_EXPIRES RTA_NEWDST RTA_PREF FRA_SUPPRESS_PREFIXLEN FRA_SUPPRESS_IFGROUP FRA_TUN_ID RTAX_CC_ALGO RTAX_QUICKACK RTEXT_FILTER_SKIP_STATS FRA_L3MDEV FRA_UID_RANGE RTAX_FASTOPEN_NO_COOKIE RTA_VIA FRA_OIFNAME FRA_PROTOCOL FRA_IP_PROTO FRA_SPORT_RANGE FRA_DPORT_RANGE RTA_TTL_PROPAGATE; do + eval decl_var=\$ac_cv_have_decl_$flag + if test ${decl_var} = yes; then + SYSTEM_OPTIONS="$SYSTEM_OPTIONS "${flag} + fi +done + +ac_fn_c_check_decl "$LINENO" "IFA_FLAGS" "ac_cv_have_decl_IFA_FLAGS" "#include +" +if test "x$ac_cv_have_decl_IFA_FLAGS" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IFA_FLAGS $ac_have_decl +_ACEOF + +for flag in IFA_FLAGS; do + eval decl_var=\$ac_cv_have_decl_$flag + if test ${decl_var} = yes; then + SYSTEM_OPTIONS="$SYSTEM_OPTIONS "${flag} + fi +done + +ac_fn_c_check_decl "$LINENO" "IP_MULTICAST_ALL" "ac_cv_have_decl_IP_MULTICAST_ALL" " + #include + #include + +" +if test "x$ac_cv_have_decl_IP_MULTICAST_ALL" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IP_MULTICAST_ALL $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS "IP_MULTICAST_ALL + # Check if definition is in netinet/in.h, since we can't include linux/in.h + # due to conflicting definitions + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + + #include + int main(int argc, char **argv) + { + int i = IP_MULTICAST_ALL; + } + + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +else + + # No - netinet/in.h doesn't have IP_MULTICAST_ALL + # Build a program that will output the value of the kernel's IP_MULTICAST_ALL + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + + #include + #include + #include + int main(int argc, char **argv) + { + printf("%d\n", IP_MULTICAST_ALL); + } + + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + # Create local definition of IP_MULTICAST_ALL + IMA=$(./conftest$EXEEXT) + +cat >>confdefs.h <<_ACEOF +#define IP_MULTICAST_ALL $IMA +_ACEOF + + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi + + +if test $ac_cv_have_decl_RTA_ENCAP = yes; then : + + ac_fn_c_check_decl "$LINENO" "LWTUNNEL_ENCAP_MPLS" "ac_cv_have_decl_LWTUNNEL_ENCAP_MPLS" "#include +" +if test "x$ac_cv_have_decl_LWTUNNEL_ENCAP_MPLS" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_LWTUNNEL_ENCAP_MPLS $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "LWTUNNEL_ENCAP_ILA" "ac_cv_have_decl_LWTUNNEL_ENCAP_ILA" "#include +" +if test "x$ac_cv_have_decl_LWTUNNEL_ENCAP_ILA" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_LWTUNNEL_ENCAP_ILA $ac_have_decl +_ACEOF + + for flag in LWTUNNEL_ENCAP_MPLS LWTUNNEL_ENCAP_ILA; do + eval decl_var=\$ac_cv_have_decl_$flag + if test ${decl_var} = yes; then + SYSTEM_OPTIONS="$SYSTEM_OPTIONS ${flag}" + fi + done + +fi + +USE_IPTABLES=No +USE_LIBIPTC=No +USE_LIBIPSET=No +if test .$enable_iptables != .no; then : + + USE_IPTABLES=Yes + +$as_echo "#define _WITH_IPTABLES_ 1 " >>confdefs.h + + if test .${enable_libiptc} = .no; then + CONFIG_OPTIONS="$CONFIG_OPTIONS IPTABLES_CMD" + else + USE_LIBIPTC=Yes + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + for ac_header in linux/netfilter/x_tables.h libiptc/libip6tc.h libiptc/libiptc.h libiptc/libxtc.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +else + + USE_LIBIPTC=No + break + +fi + +done + + CPPFLAGS="$SAV_CPPFLAGS" + + if test $USE_LIBIPTC = Yes; then + if test -n "IPTC"; then + KA_PKG_PFX=IPTC + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I --static libiptc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other --static libiptc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires --static libiptc` + var=`$PKG_CONFIG --libs-only-l --static libiptc` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs --static libiptc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + LIBS="$IPTC_LIBS" + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for iptc_init in -liptc" >&5 +$as_echo_n "checking for iptc_init in -liptc... " >&6; } +if ${ac_cv_lib_iptc_iptc_init+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-liptc $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char iptc_init (); +int +main () +{ +return iptc_init (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_iptc_iptc_init=yes +else + ac_cv_lib_iptc_iptc_init=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_iptc_iptc_init" >&5 +$as_echo "$ac_cv_lib_iptc_iptc_init" >&6; } +if test "x$ac_cv_lib_iptc_iptc_init" = xyes; then : + + +$as_echo "#define _HAVE_LIBIPTC_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS LIBIPTC" + if test .${enable_libiptc_dynamic} != .yes; then + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I --static libiptc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other --static libiptc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires --static libiptc` + var=`$PKG_CONFIG --libs-only-l --static libiptc` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs --static libiptc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + CONFIG_OPTIONS="$CONFIG_OPTIONS LIBIPTC" + KA_LIBS=`echo $KA_LIBS | sed -e "s/ -liptc//"` + IPTC_LIBS=`echo $IPTC_LIBS | sed -e "s/ *-L[^ ]* */ /" -e "s/ *-liptc */ /" -e "s/^ *$//"` + if test ".$IPTC_LIBS" = .; then + KA_LIBS=`echo $KA_LIBS -lip4tc -lip6tc` + fi + else + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in $($PKG_CONFIG --cflags-only-I libiptc); do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in $($PKG_CONFIG --cflags-only-other libiptc); do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + CONFIG_OPTIONS="$CONFIG_OPTIONS LIBIPTC_DYNAMIC" + +$as_echo "#define _LIBIPTC_DYNAMIC_ 1 " >>confdefs.h + + NEED_LIBDL=Yes + + if test $LDD = :; then + as_fn_error $? "ldd is required for dynamic run-time linking support" "$LINENO" 5 + fi + + SAV_LIBS="$LIBS" + LIBS="$LIBS -lip4tc" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + extern void iptc_init(void); + int main(void) + { + iptc_init(); + return 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep ip4tc.so | sed -e "s/^[ \t]*//"` + LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$SAV_LIBS" + + +cat >>confdefs.h <<_ACEOF +#define IP4TC_LIB_NAME "$LIB_NAME" +_ACEOF + + + if test $LDD = :; then + as_fn_error $? "ldd is required for dynamic run-time linking support" "$LINENO" 5 + fi + + SAV_LIBS="$LIBS" + LIBS="$LIBS -lip6tc" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + extern void ip6tc_init(void); + int main(void) + { + ip6tc_init(); + return 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep ip6tc.so | sed -e "s/^[ \t]*//"` + LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$SAV_LIBS" + + +cat >>confdefs.h <<_ACEOF +#define IP6TC_LIB_NAME "$LIB_NAME" +_ACEOF + + LIBIPTC_DYNAMIC=Yes + fi + +else + USE_LIBIPTC=No +fi + + CPPFLAGS="$SAV_CPPFLAGS" + fi + + if test $USE_LIBIPTC = Yes; then + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + if test "${enable_libipset}" != no; then + $PKG_CONFIG --exists libipset + if test $? -eq 0; then + if test -n "IPSET"; then + KA_PKG_PFX=IPSET + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libipset`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libipset`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libipset` + var=`$PKG_CONFIG --libs-only-l libipset` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libipset`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + else + IPSET_LIBS="-lipset" + fi + SAV_LIBS=$LIBS + LIBS="$IPTC_LIBS $IPSET_LIBS" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ipset_session_init in -lipset" >&5 +$as_echo_n "checking for ipset_session_init in -lipset... " >&6; } +if ${ac_cv_lib_ipset_ipset_session_init+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lipset $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char ipset_session_init (); +int +main () +{ +return ipset_session_init (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_ipset_ipset_session_init=yes +else + ac_cv_lib_ipset_ipset_session_init=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ipset_ipset_session_init" >&5 +$as_echo "$ac_cv_lib_ipset_ipset_session_init" >&6; } +if test "x$ac_cv_lib_ipset_ipset_session_init" = xyes; then : + + USE_LIBIPSET=Yes + for ac_header in libipset/data.h libipset/linux_ip_set.h libipset/session.h libipset/types.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +else + + USE_LIBIPSET=No + break + +fi + +done + + + if test $USE_LIBIPSET = Yes; then + EXTRA_INCLUDE= + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + for ac_header in linux/netfilter/xt_set.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "linux/netfilter/xt_set.h" "ac_cv_header_linux_netfilter_xt_set_h" "$ac_includes_default" +if test "x$ac_cv_header_linux_netfilter_xt_set_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LINUX_NETFILTER_XT_SET_H 1 +_ACEOF + +else + USE_LIBIPSET=No +fi + +done + +else + ac_fn_c_check_header_compile "$LINENO" "linux/netfilter/xt_set.h" "ac_cv_header_linux_netfilter_xt_set_h" "#include +" +if test "x$ac_cv_header_linux_netfilter_xt_set_h" = xyes; then : + + +$as_echo "#define USE_LIBIPSET_LINUX_IP_SET_H 1 " >>confdefs.h + + EXTRA_INCLUDE="#include " + +else + USE_LIBIPSET=No +fi + + + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + + if test $USE_LIBIPSET = Yes; then + +$as_echo "#define _HAVE_LIBIPSET_ 1 " >>confdefs.h + + $PKG_CONFIG --exists libipset + if test $? -eq 0; then + if test .${enable_libipset_dynamic} = .no; then + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libipset`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libipset`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libipset` + var=`$PKG_CONFIG --libs-only-l libipset` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libipset`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + else + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in $($PKG_CONFIG --cflags-only-I libipset); do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in $($PKG_CONFIG --cflags-only-other libipset); do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + fi + elif test .${enable_libipset_dynamic} = .no; then + KA_LIBS="$KA_LIBS -lipset" + fi + if test .${enable_libipset_dynamic} != .no; then + +$as_echo "#define _LIBIPSET_DYNAMIC_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS LIBIPSET_DYNAMIC" + NEED_LIBDL=Yes + + if test $LDD = :; then + as_fn_error $? "ldd is required for dynamic run-time linking support" "$LINENO" 5 + fi + + SAV_LIBS="$LIBS" + LIBS="$LIBS -lipset" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + extern void ipset_session_init(void); + int main(void) + { + ipset_session_init(); + return 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep ipset.so | sed -e "s/^[ \t]*//"` + LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$SAV_LIBS" + + +cat >>confdefs.h <<_ACEOF +#define IPSET_LIB_NAME "$LIB_NAME" +_ACEOF + + else + CONFIG_OPTIONS="$CONFIG_OPTIONS LIBIPSET" + fi + + ac_fn_c_check_member "$LINENO" "struct xt_set_info_match_v1" "match_set.index" "ac_cv_member_struct_xt_set_info_match_v1_match_set_index" " + $EXTRA_INCLUDE + #include + +" +if test "x$ac_cv_member_struct_xt_set_info_match_v1_match_set_index" = xyes; then : + +$as_echo "#define HAVE_XT_SET_INFO_MATCH_V1 1 " >>confdefs.h + +fi + + ac_fn_c_check_member "$LINENO" "struct xt_set_info_match_v3" "match_set.index" "ac_cv_member_struct_xt_set_info_match_v3_match_set_index" " + $EXTRA_INCLUDE + #include + +" +if test "x$ac_cv_member_struct_xt_set_info_match_v3_match_set_index" = xyes; then : + +$as_echo "#define HAVE_XT_SET_INFO_MATCH_V3 1 " >>confdefs.h + +fi + + ac_fn_c_check_member "$LINENO" "struct xt_set_info_match_v4" "match_set.index" "ac_cv_member_struct_xt_set_info_match_v4_match_set_index" " + $EXTRA_INCLUDE + #include + +" +if test "x$ac_cv_member_struct_xt_set_info_match_v4_match_set_index" = xyes; then : + +$as_echo "#define HAVE_XT_SET_INFO_MATCH_V4 1 " >>confdefs.h + +fi + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + int main(void) { int var = IPSET_ATTR_IFACE; } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +$as_echo "#define HAVE_IPSET_ATTR_IFACE 1 " >>confdefs.h + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + int main(void) {} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #ifdef _UAPI_IP_SET_H + #error _UAPI_IP_SET_H defined + #endif + int main(void) {} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : -cat confdefs.h - <<_ACEOF >conftest.$ac_ext +$as_echo "#define LIBIPSET_H_ADD_UAPI_IP_SET_H_GUARD 1" >>confdefs.h + +else + +$as_echo "#define LIBIPSET_H_ADD_IP_SET_H_GUARD 1" >>confdefs.h + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + + if test $USE_LIBIPSET = Yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libipset version 7 or later" >&5 +$as_echo_n "checking for libipset version 7 or later... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -int -main () -{ + #include + + void test_func(void) + { + ipset_session_init(NULL, NULL); + } - ; - return 0; -} _ACEOF -ac_clean_files_save=$ac_clean_files -ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" -# Try to create an executable without -o first, disregard a.out. -# It will help us diagnose broken compilers, and finding out an intuition -# of exeext. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 -$as_echo_n "checking whether the C compiler works... " >&6; } -ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` +if ac_fn_c_try_compile "$LINENO"; then : -# The possible output files: -ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } -ac_rmfiles= -for ac_file in $ac_files -do - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; - * ) ac_rmfiles="$ac_rmfiles $ac_file";; - esac -done -rm -f $ac_rmfiles +else -if { { ac_try="$ac_link_default" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link_default") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : - # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. -# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' -# in a Makefile. We should not override ac_cv_exeext if it was cached, -# so that the user can short-circuit this test for compilers unknown to -# Autoconf. -for ac_file in $ac_files '' -do - test -f "$ac_file" || continue - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) - ;; - [ab].out ) - # We found the default executable, but exeext='' is most - # certainly right. - break;; - *.* ) - if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; - then :; else - ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define LIBIPSET_PRE_V7_COMPAT 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS "LIBIPSET_PRE_V7 + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + +fi + + LIBS="$SAV_LIBS" fi - # We set ac_cv_exeext here because the later test for it is not - # safe: cross compilers may not add the suffix if given an `-o' - # argument, so we may need to know it at that point already. - # Even if this section looks crufty: it has the advantage of - # actually working. - break;; - * ) - break;; - esac -done -test "$ac_cv_exeext" = no && ac_cv_exeext= + + ac_fn_c_check_decl "$LINENO" "XT_EXTENSION_MAXNAMELEN" "ac_cv_have_decl_XT_EXTENSION_MAXNAMELEN" "#include +" +if test "x$ac_cv_have_decl_XT_EXTENSION_MAXNAMELEN" = xyes; then : else - ac_file='' + +$as_echo "#define XT_EXTENSION_MAXNAMELEN (XT_FUNCTION_MAXNAMELEN - 1) " >>confdefs.h + fi -if test -z "$ac_file"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -$as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 -{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error 77 "C compiler cannot create executables -See \`config.log' for more details" "$LINENO" 5; } + + CPPFLAGS="$SAV_CPPFLAGS" + fi + fi + if test $USE_LIBIPTC = No -o .$LIBIPTC_DYNAMIC = .Yes; then : + +$as_echo "#define _USE_IPTABLES_CMD_ 1 " >>confdefs.h + +fi + +fi + if test $USE_LIBIPTC = Yes; then + LIBIPTC_TRUE= + LIBIPTC_FALSE='#' else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + LIBIPTC_TRUE='#' + LIBIPTC_FALSE= +fi + + if test $USE_LIBIPSET = Yes; then + LIBIPSET_TRUE= + LIBIPSET_FALSE='#' +else + LIBIPSET_TRUE='#' + LIBIPSET_FALSE= +fi + + if test $USE_IPTABLES = Yes; then + IPTABLES_TRUE= + IPTABLES_FALSE='#' +else + IPTABLES_TRUE='#' + IPTABLES_FALSE= +fi + + if test $USE_IPTABLES = Yes -a \( $USE_LIBIPTC = No -o .$LIBIPTC_DYNAMIC = .Yes \); then + IPTABLES_CMD_TRUE= + IPTABLES_CMD_FALSE='#' +else + IPTABLES_CMD_TRUE='#' + IPTABLES_CMD_FALSE= +fi + + if test $USE_LIBIPTC = Yes -a .$LIBIPTC_DYNAMIC = .Yes; then + LIBIPTC_DYNAMIC_TRUE= + LIBIPTC_DYNAMIC_FALSE='#' +else + LIBIPTC_DYNAMIC_TRUE='#' + LIBIPTC_DYNAMIC_FALSE= +fi + + if test $USE_LIBIPSET = Yes -a .${enable_libipset_dynamic} != .no; then + LIBIPSET_DYNAMIC_TRUE= + LIBIPSET_DYNAMIC_FALSE='#' +else + LIBIPSET_DYNAMIC_TRUE='#' + LIBIPSET_DYNAMIC_FALSE= +fi + + if test $USE_IPTABLES = Yes -a $USE_LIBIPTC = Yes -a .$LIBIPTC_DYNAMIC = .Yes; then + REQUIRE_IPTABLES_LIBS_TRUE= + REQUIRE_IPTABLES_LIBS_FALSE='#' +else + REQUIRE_IPTABLES_LIBS_TRUE='#' + REQUIRE_IPTABLES_LIBS_FALSE= +fi + +unset LIBS + +USE_NFTABLES=No +if test .${enable_nftables} != .no; then + USE_NFTABLES=Yes + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + ac_fn_c_check_decl "$LINENO" "NFTA_TABLE_MAX" "ac_cv_have_decl_NFTA_TABLE_MAX" "#include +" +if test "x$ac_cv_have_decl_NFTA_TABLE_MAX" = xyes; then : + +else + + if test .${enable_nftables} = .yes; then : + as_fn_error $? "nftables header files missing/not useable" "$LINENO" 5 +fi + USE_NFTABLES=No + +fi + + + if test $USE_NFTABLES = Yes; then + $PKG_CONFIG --exists libnftnl + if test $? -ne 0; then + USE_NFTABLES=No + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libnftnl missing" >&5 +$as_echo "$as_me: WARNING: libnftnl missing" >&2;} + fi + $PKG_CONFIG --exists libmnl + if test $? -ne 0; then + USE_NFTABLES=No + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libmnl missing" >&5 +$as_echo "$as_me: WARNING: libmnl missing" >&2;} + fi + + if test $USE_NFTABLES = Yes; then + # nft prior to version 0.8.3 does not support type ifname in sets. We can't check the version of + # nft, but we can check the version of libnftnl. nft v0.8.3 required libnftnl v1.0.9, but so did + # nft v0.8.2. So play safe, and require the next version. + #LIBNFTNL_VERSION=`printf "0x%2.2x%2.2x%2.2xU" \`pkg-config --modversion libnftnl | sed -e "s/\./ /g"\`` + #AC_DEFINE_UNQUOTED([LIBNFTNL_VERSION], [ $LIBNFTNL_VERSION ], [libnftnl version in hex]) + + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libnftnl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libnftnl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libnftnl` + var=`$PKG_CONFIG --libs-only-l libnftnl` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libnftnl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libmnl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libmnl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libmnl` + var=`$PKG_CONFIG --libs-only-l libmnl` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libmnl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + +$as_echo "#define _WITH_NFTABLES_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS NFTABLES" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether NFTNL_EXPR_LOOKUP_FLAGS is defined" >&5 +$as_echo_n "checking whether NFTNL_EXPR_LOOKUP_FLAGS is defined... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + int main(void) + { + int i = NFTNL_EXPR_LOOKUP_FLAGS; + return 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } + +$as_echo "#define HAVE_NFTNL_EXPR_LOOKUP_FLAGS 1 " >>confdefs.h + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + # nft dup from Linux 4.3 + ac_fn_c_check_decl "$LINENO" "NFTA_DUP_MAX" "ac_cv_have_decl_NFTA_DUP_MAX" "#include +" +if test "x$ac_cv_have_decl_NFTA_DUP_MAX" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_NFTA_DUP_MAX $ac_have_decl +_ACEOF + + + for ac_header in libnftnl/udata.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "libnftnl/udata.h" "ac_cv_header_libnftnl_udata_h" "$ac_includes_default" +if test "x$ac_cv_header_libnftnl_udata_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBNFTNL_UDATA_H 1 +_ACEOF + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nftnl_udata_put_u32" >&5 +$as_echo_n "checking for nftnl_udata_put_u32... " >&6; } + SAV_LIBS="$LIBS" + LIBS="$LIBS `$PKG_CONFIG --libs libnftnl`" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + int main(void) + { + nftnl_udata_put_u32(NULL, 0, 0); + return 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define HAVE_NFTNL_UDATA_PUT_U32 1 " >>confdefs.h + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$SAV_LIBS" + fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 -$as_echo_n "checking for C compiler default output file name... " >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 -$as_echo "$ac_file" >&6; } -ac_exeext=$ac_cv_exeext -rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out -ac_clean_files=$ac_clean_files_save -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 -$as_echo_n "checking for suffix of executables... " >&6; } -if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : - # If both `conftest.exe' and `conftest' are `present' (well, observable) -# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will -# work properly (i.e., refer to `conftest.exe'), while it won't with -# `rm'. -for ac_file in conftest.exe conftest conftest.*; do - test -f "$ac_file" || continue - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; - *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` - break;; - * ) break;; - esac done + + fi + fi + CPPFLAGS="$SAV_CPPFLAGS" +fi + if test $USE_NFTABLES = Yes; then + NFTABLES_TRUE= + NFTABLES_FALSE='#' else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details" "$LINENO" 5; } + NFTABLES_TRUE='#' + NFTABLES_FALSE= fi -rm -f conftest conftest$ac_cv_exeext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 -$as_echo "$ac_cv_exeext" >&6; } -rm -f conftest.$ac_ext -EXEEXT=$ac_cv_exeext -ac_exeext=$EXEEXT +unset LIBS + +if test $USE_IPTABLES = Yes -o $USE_NFTABLES = Yes; then : + +$as_echo "#define _WITH_FIREWALL_ 1 " >>confdefs.h + +fi + if test $USE_IPTABLES = Yes -o $USE_NFTABLES = Yes; then + FIREWALL_TRUE= + FIREWALL_FALSE='#' +else + FIREWALL_TRUE='#' + FIREWALL_FALSE= +fi + + +# Including and can cause a namespace collision. +# Later versions of the headers are OK if linux/if.h is included second +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for linux/if.h and net/if.h namespace collision" >&5 +$as_echo_n "checking for linux/if.h and net/if.h namespace collision... " >&6; } +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include -int -main () -{ -FILE *f = fopen ("conftest.out", "w"); - return ferror (f) || fclose (f) != 0; - ; - return 0; -} + #include + #include + _ACEOF -ac_clean_files="$ac_clean_files conftest.out" -# Check that the compiler produces executables we can run. If not, either -# the compiler is broken, or we cross compile. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 -$as_echo_n "checking whether we are cross compiling... " >&6; } -if test "$cross_compiling" != yes; then - { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - if { ac_try='./conftest$ac_cv_exeext' - { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; }; then - cross_compiling=no - else - if test "$cross_compiling" = maybe; then - cross_compiling=yes - else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot run C compiled programs. -If you meant to cross compile, use \`--host'. -See \`config.log' for more details" "$LINENO" 5; } - fi - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 -$as_echo "$cross_compiling" >&6; } +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } -rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out -ac_clean_files=$ac_clean_files_save -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 -$as_echo_n "checking for suffix of object files... " >&6; } -if ${ac_cv_objext+:} false; then : - $as_echo_n "(cached) " >&6 else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define _HAVE_NET_LINUX_IF_H_COLLISION_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS NET_LINUX_IF_H_COLLISION" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +CPPFLAGS="$SAV_CPPFLAGS" + +# Including and causes a namespace collision +# with musl libc, but the collision only occurs if linux/ip_ether.h is included +# before netinet/if_ether.h. The problem is that we want to include them in that +# order. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for linux/if_ether.h then netinet/if_ether.h namespace collision" >&5 +$as_echo_n "checking for linux/if_ether.h then netinet/if_ether.h namespace collision... " >&6; } +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -int -main () -{ + #include + #include - ; - return 0; -} _ACEOF -rm -f conftest.o conftest.obj -if { { ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_compile") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : - for ac_file in conftest.o conftest.obj conftest.*; do - test -f "$ac_file" || continue; - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; - *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` - break;; - esac -done +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 -{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot compute suffix of object files: cannot compile -See \`config.log' for more details" "$LINENO" 5; } -fi -rm -f conftest.$ac_cv_objext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define _HAVE_NETINET_LINUX_IF_ETHER_H_COLLISION_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS NETINET_LINUX_IF_ETHER_H_COLLISION" + fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 -$as_echo "$ac_cv_objext" >&6; } -OBJEXT=$ac_cv_objext -ac_objext=$OBJEXT -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 -$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } -if ${ac_cv_c_compiler_gnu+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +CPPFLAGS="$SAV_CPPFLAGS" + +# Linux 4.5 to 4.5.4 has indirectly including +# and which causes a namespace collision. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libiptc/libiptc.h linux/if.h and net/if.h namespace collision" >&5 +$as_echo_n "checking for libiptc/libiptc.h linux/if.h and net/if.h namespace collision... " >&6; } +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -int -main () -{ -#ifndef __GNUC__ - choke me -#endif + #include - ; - return 0; -} _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_compiler_gnu=yes + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + else - ac_compiler_gnu=no + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define _HAVE_LIBIPTC_LINUX_NET_IF_H_COLLISION_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS LIBIPTC_LINUX_NET_IF_H_COLLISION" + fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -ac_cv_c_compiler_gnu=$ac_compiler_gnu +CPPFLAGS="$SAV_CPPFLAGS" + +IPVS_SYNCD_ATTRIBUTES=No +IPVS_64BIT_STATS=No +WITH_REGEX=No +ENABLE_REGEX_DEBUG=No +if test "$enable_lvs" != no; then + IPVS_SUPPORT=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS LVS" + +$as_echo "#define _WITH_LVS_ 1 " >>confdefs.h + + + for ac_header in linux/ip_vs.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "linux/ip_vs.h" "ac_cv_header_linux_ip_vs_h" "$ac_includes_default" +if test "x$ac_cv_header_linux_ip_vs_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LINUX_IP_VS_H 1 +_ACEOF + ac_fn_c_check_decl "$LINENO" "IP_VS_SVC_F_ONEPACKET" "ac_cv_have_decl_IP_VS_SVC_F_ONEPACKET" "#include +" +if test "x$ac_cv_have_decl_IP_VS_SVC_F_ONEPACKET" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 -$as_echo "$ac_cv_c_compiler_gnu" >&6; } -if test $ac_compiler_gnu = yes; then - GCC=yes + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IP_VS_SVC_F_ONEPACKET $ac_have_decl +_ACEOF + + +fi + +done + + + if test $IPVS_USE_NL = Yes; then + +$as_echo "#define LIBIPVS_USE_NL 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS LIBIPVS_NETLINK" + fi + + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + + ac_fn_c_check_decl "$LINENO" "IPVS_DEST_ATTR_ADDR_FAMILY" "ac_cv_have_decl_IPVS_DEST_ATTR_ADDR_FAMILY" "#include +" +if test "x$ac_cv_have_decl_IPVS_DEST_ATTR_ADDR_FAMILY" = xyes; then : + ac_have_decl=1 else - GCC= + ac_have_decl=0 fi -ac_test_CFLAGS=${CFLAGS+set} -ac_save_CFLAGS=$CFLAGS -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 -$as_echo_n "checking whether $CC accepts -g... " >&6; } -if ${ac_cv_prog_cc_g+:} false; then : - $as_echo_n "(cached) " >&6 + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPVS_DEST_ATTR_ADDR_FAMILY $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPVS_DEST_ATTR_ADDR_FAMILY" +fi + + + IPVS_SYNCD_ATTRIBUTES=Yes + ac_fn_c_check_decl "$LINENO" "IPVS_DAEMON_ATTR_SYNC_MAXLEN" "ac_cv_have_decl_IPVS_DAEMON_ATTR_SYNC_MAXLEN" "#include +" +if test "x$ac_cv_have_decl_IPVS_DAEMON_ATTR_SYNC_MAXLEN" = xyes; then : + ac_have_decl=1 else - ac_save_c_werror_flag=$ac_c_werror_flag - ac_c_werror_flag=yes - ac_cv_prog_cc_g=no - CFLAGS="-g" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + ac_have_decl=0 +fi -int -main () -{ +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPVS_DAEMON_ATTR_SYNC_MAXLEN $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : - ; - return 0; -} +else + + IPVS_SYNCD_ATTRIBUTES=No + break + +fi +ac_fn_c_check_decl "$LINENO" "IPVS_DAEMON_ATTR_MCAST_GROUP" "ac_cv_have_decl_IPVS_DAEMON_ATTR_MCAST_GROUP" "#include +" +if test "x$ac_cv_have_decl_IPVS_DAEMON_ATTR_MCAST_GROUP" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPVS_DAEMON_ATTR_MCAST_GROUP $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + + IPVS_SYNCD_ATTRIBUTES=No + break + +fi +ac_fn_c_check_decl "$LINENO" "IPVS_DAEMON_ATTR_MCAST_GROUP6" "ac_cv_have_decl_IPVS_DAEMON_ATTR_MCAST_GROUP6" "#include +" +if test "x$ac_cv_have_decl_IPVS_DAEMON_ATTR_MCAST_GROUP6" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPVS_DAEMON_ATTR_MCAST_GROUP6 $ac_have_decl _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_g=yes +if test $ac_have_decl = 1; then : + else - CFLAGS="" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -int -main () -{ + IPVS_SYNCD_ATTRIBUTES=No + break - ; - return 0; -} +fi +ac_fn_c_check_decl "$LINENO" "IPVS_DAEMON_ATTR_MCAST_PORT" "ac_cv_have_decl_IPVS_DAEMON_ATTR_MCAST_PORT" "#include +" +if test "x$ac_cv_have_decl_IPVS_DAEMON_ATTR_MCAST_PORT" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPVS_DAEMON_ATTR_MCAST_PORT $ac_have_decl _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if test $ac_have_decl = 1; then : else - ac_c_werror_flag=$ac_save_c_werror_flag - CFLAGS="-g" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -int -main () -{ + IPVS_SYNCD_ATTRIBUTES=No + break - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_g=yes -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_fn_c_check_decl "$LINENO" "IPVS_DAEMON_ATTR_MCAST_TTL" "ac_cv_have_decl_IPVS_DAEMON_ATTR_MCAST_TTL" "#include +" +if test "x$ac_cv_have_decl_IPVS_DAEMON_ATTR_MCAST_TTL" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_c_werror_flag=$ac_save_c_werror_flag + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPVS_DAEMON_ATTR_MCAST_TTL $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + + IPVS_SYNCD_ATTRIBUTES=No + break + fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 -$as_echo "$ac_cv_prog_cc_g" >&6; } -if test "$ac_test_CFLAGS" = set; then - CFLAGS=$ac_save_CFLAGS -elif test $ac_cv_prog_cc_g = yes; then - if test "$GCC" = yes; then - CFLAGS="-g -O2" - else - CFLAGS="-g" + + + if test $IPVS_SYNCD_ATTRIBUTES = Yes; then + +$as_echo "#define _HAVE_IPVS_SYNCD_ATTRIBUTES_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPVS_SYNCD_ATTRIBUTES" fi + + if test "$enable_lvs_64bit_stats" != "no"; then + IPVS_64BIT_STATS=Yes + ac_fn_c_check_decl "$LINENO" "IPVS_SVC_ATTR_STATS64" "ac_cv_have_decl_IPVS_SVC_ATTR_STATS64" "#include +" +if test "x$ac_cv_have_decl_IPVS_SVC_ATTR_STATS64" = xyes; then : + ac_have_decl=1 else - if test "$GCC" = yes; then - CFLAGS="-O2" - else - CFLAGS= - fi + ac_have_decl=0 fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 -$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } -if ${ac_cv_prog_cc_c89+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_prog_cc_c89=no -ac_save_CC=$CC -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -struct stat; -/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ -struct buf { int x; }; -FILE * (*rcsopen) (struct buf *, struct stat *, int); -static char *e (p, i) - char **p; - int i; -{ - return p[i]; -} -static char *f (char * (*g) (char **, int), char **p, ...) -{ - char *s; - va_list v; - va_start (v,p); - s = g (p, va_arg (v,int)); - va_end (v); - return s; -} -/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has - function prototypes and stuff, but not '\xHH' hex character constants. - These don't provoke an error unfortunately, instead are silently treated - as 'x'. The following induces an error, until -std is added to get - proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an - array size at least. It's necessary to write '\x00'==0 to get something - that's true only with -std. */ -int osf4_cc_array ['\x00' == 0 ? 1 : -1]; +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPVS_SVC_ATTR_STATS64 $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : -/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters - inside strings and character constants. */ -#define FOO(x) 'x' -int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; +else -int test (int i, double x); -struct s1 {int (*f) (int a);}; -struct s2 {int (*f) (double a);}; -int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); -int argc; -char **argv; -int -main () -{ -return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; - ; - return 0; -} -_ACEOF -for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ - -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" -do - CC="$ac_save_CC $ac_arg" - if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_c89=$ac_arg -fi -rm -f core conftest.err conftest.$ac_objext - test "x$ac_cv_prog_cc_c89" != "xno" && break -done -rm -f conftest.$ac_ext -CC=$ac_save_CC + IPVS_64BIT_STATS=No + break fi -# AC_CACHE_VAL -case "x$ac_cv_prog_cc_c89" in - x) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 -$as_echo "none needed" >&6; } ;; - xno) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 -$as_echo "unsupported" >&6; } ;; - *) - CC="$CC $ac_cv_prog_cc_c89" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 -$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; -esac -if test "x$ac_cv_prog_cc_c89" != xno; then : - +ac_fn_c_check_decl "$LINENO" "IPVS_DEST_ATTR_STATS64" "ac_cv_have_decl_IPVS_DEST_ATTR_STATS64" "#include +" +if test "x$ac_cv_have_decl_IPVS_DEST_ATTR_STATS64" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPVS_DEST_ATTR_STATS64 $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + + IPVS_64BIT_STATS=No + break -ac_aux_dir= -for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do - if test -f "$ac_dir/install-sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install-sh -c" - break - elif test -f "$ac_dir/install.sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install.sh -c" - break - elif test -f "$ac_dir/shtool"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/shtool install -c" - break - fi -done -if test -z "$ac_aux_dir"; then - as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 fi -# These three variables are undocumented and unsupported, -# and are intended to be withdrawn in a future Autoconf release. -# They can cause serious problems if a builder's source tree is in a directory -# whose full name contains unusual characters. -ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. -ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. -ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + if test $IPVS_64BIT_STATS = Yes; then +$as_echo "#define _WITH_LVS_64BIT_STATS_ 1 " >>confdefs.h -# Find a good install program. We prefer a C program (faster), -# so one script is as good as another. But avoid the broken or -# incompatible versions: -# SysV /etc/install, /usr/sbin/install -# SunOS /usr/etc/install -# IRIX /sbin/install -# AIX /bin/install -# AmigaOS /C/install, which installs bootblocks on floppy discs -# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag -# AFS /usr/afsws/bin/install, which mishandles nonexistent args -# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" -# OS/2's system install, which has a completely different semantic -# ./install, which can be erroneously created by make from ./install.sh. -# Reject install programs that cannot install multiple files. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 -$as_echo_n "checking for a BSD-compatible install... " >&6; } -if test -z "$INSTALL"; then -if ${ac_cv_path_install+:} false; then : - $as_echo_n "(cached) " >&6 + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPVS_64BIT_STATS" + fi + fi + + ac_fn_c_check_decl "$LINENO" "IPVS_DEST_ATTR_TUN_TYPE" "ac_cv_have_decl_IPVS_DEST_ATTR_TUN_TYPE" "#include +" +if test "x$ac_cv_have_decl_IPVS_DEST_ATTR_TUN_TYPE" = xyes; then : + ac_have_decl=1 else - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - # Account for people who put trailing slashes in PATH elements. -case $as_dir/ in #(( - ./ | .// | /[cC]/* | \ - /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ - ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ - /usr/ucb/* ) ;; - *) - # OSF1 and SCO ODT 3.0 have their own names for install. - # Don't use installbsd from OSF since it installs stuff as root - # by default. - for ac_prog in ginstall scoinst install; do - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then - if test $ac_prog = install && - grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then - # AIX install. It has an incompatible calling convention. - : - elif test $ac_prog = install && - grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then - # program-specific install script used by HP pwplus--don't use. - : - else - rm -rf conftest.one conftest.two conftest.dir - echo one > conftest.one - echo two > conftest.two - mkdir conftest.dir - if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && - test -s conftest.one && test -s conftest.two && - test -s conftest.dir/conftest.one && - test -s conftest.dir/conftest.two - then - ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" - break 3 - fi - fi - fi + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPVS_DEST_ATTR_TUN_TYPE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + + +$as_echo "#define _HAVE_IPVS_TUN_TYPE_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPVS_TUN_TYPE" + +fi + + + ac_fn_c_check_decl "$LINENO" "IP_VS_TUNNEL_ENCAP_FLAG_NOCSUM" "ac_cv_have_decl_IP_VS_TUNNEL_ENCAP_FLAG_NOCSUM" "#include +" +if test "x$ac_cv_have_decl_IP_VS_TUNNEL_ENCAP_FLAG_NOCSUM" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IP_VS_TUNNEL_ENCAP_FLAG_NOCSUM $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + + +$as_echo "#define _HAVE_IPVS_TUN_CSUM_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPVS_TUN_CSUM" + +fi + + + ac_fn_c_check_decl "$LINENO" "IP_VS_CONN_F_TUNNEL_TYPE_GRE" "ac_cv_have_decl_IP_VS_CONN_F_TUNNEL_TYPE_GRE" "#include +" +if test "x$ac_cv_have_decl_IP_VS_CONN_F_TUNNEL_TYPE_GRE" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IP_VS_CONN_F_TUNNEL_TYPE_GRE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + + +$as_echo "#define _HAVE_IPVS_TUN_GRE_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPVS_TUN_GRE" + +fi + + + CPPFLAGS="$SAV_CPPFLAGS" + + if test "$enable_regex" = yes; then : + + $PKG_CONFIG --exists libpcre2-8 + HAVE_PCRE2=$? + if test $HAVE_PCRE2 -ne 0; then : + as_fn_error $? "cannot find pcre library" "$LINENO" 5 +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcre.h" >&5 +$as_echo_n "checking for pcre.h... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #define PCRE2_CODE_UNIT_WIDTH 8 + #include + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + WITH_REGEX=Yes + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libpcre2-8`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libpcre2-8`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libpcre2-8` + var=`$PKG_CONFIG --libs-only-l libpcre2-8` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libpcre2-8`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi done - ;; -esac + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" - done -IFS=$as_save_IFS + fi -rm -rf conftest.one conftest.two conftest.dir + +$as_echo "#define _WITH_REGEX_CHECK_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS REGEX" + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "pcre2.h is missing" "$LINENO" 5 fi - if test "${ac_cv_path_install+set}" = set; then - INSTALL=$ac_cv_path_install - else - # As a last resort, use the slow shell script. Don't cache a - # value for INSTALL within a source directory, because that will - # break other packages using the cache if that directory is - # removed, or if the value is a relative name. - INSTALL=$ac_install_sh - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 -$as_echo "$INSTALL" >&6; } +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test "$enable_regex_timers" = yes; then -# Use test -z because SunOS4 sh mishandles braces in ${var-val}. -# It thinks the first close brace ends the variable substitution. -test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' +$as_echo "#define _WITH_REGEX_TIMERS_ 1 " >>confdefs.h -test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + fi -test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + if test "${enable_regex_debug}" = yes; then -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. -set dummy ${ac_tool_prefix}strip; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_STRIP+:} false; then : - $as_echo_n "(cached) " >&6 +$as_echo "#define _REGEX_DEBUG_ 1 " >>confdefs.h + + ENABLE_REGEX_DEBUG=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS REGEX_DEBUG" + fi + +fi else - if test -n "$STRIP"; then - ac_cv_prog_STRIP="$STRIP" # Let the user override the test. + IPVS_SUPPORT=No +fi + if test $IPVS_SUPPORT = Yes; then + WITH_IPVS_TRUE= + WITH_IPVS_FALSE='#' else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_STRIP="${ac_tool_prefix}strip" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 + WITH_IPVS_TRUE='#' + WITH_IPVS_FALSE= +fi + + if test $WITH_REGEX = Yes; then + WITH_REGEX_TRUE= + WITH_REGEX_FALSE='#' +else + WITH_REGEX_TRUE='#' + WITH_REGEX_FALSE= +fi + + +VRRP_SUPPORT=No +VRRP_AUTH_SUPPORT=No +MACVLAN_SUPPORT=No +ENABLE_JSON=No +BFD_SUPPORT=No +HAVE_CN_PROC=No +if test "$enable_vrrp" != no; then + VRRP_SUPPORT=Yes + +$as_echo "#define _WITH_VRRP_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS VRRP" + + if test "${enable_vrrp_auth}" != no; then + VRRP_AUTH_SUPPORT=Yes + +$as_echo "#define _WITH_VRRP_AUTH_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS VRRP_AUTH" fi -done - done -IFS=$as_save_IFS + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + MACVLAN_SUPPORT=Yes + ac_fn_c_check_decl "$LINENO" "IFLA_MACVLAN_MODE" "ac_cv_have_decl_IFLA_MACVLAN_MODE" " + #include + #include + +" +if test "x$ac_cv_have_decl_IFLA_MACVLAN_MODE" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IFLA_MACVLAN_MODE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + + MACVLAN_SUPPORT=No + break + fi -STRIP=$ac_cv_prog_STRIP -if test -n "$STRIP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 -$as_echo "$STRIP" >&6; } +ac_fn_c_check_decl "$LINENO" "MACVLAN_MODE_PRIVATE" "ac_cv_have_decl_MACVLAN_MODE_PRIVATE" " + #include + #include + +" +if test "x$ac_cv_have_decl_MACVLAN_MODE_PRIVATE" = xyes; then : + ac_have_decl=1 else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + ac_have_decl=0 fi +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_MACVLAN_MODE_PRIVATE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + + MACVLAN_SUPPORT=No + break fi -if test -z "$ac_cv_prog_STRIP"; then - ac_ct_STRIP=$STRIP - # Extract the first word of "strip", so it can be a program name with args. -set dummy strip; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_STRIP+:} false; then : - $as_echo_n "(cached) " >&6 + + if test $MACVLAN_SUPPORT = Yes; then + +$as_echo "#define _HAVE_VRRP_VMAC_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS VRRP_VMAC" + fi + CPPFLAGS="$SAV_CPPFLAGS" + + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + IPVLAN_SUPPORT=Yes + ac_fn_c_check_decl "$LINENO" "IFLA_IPVLAN_MODE" "ac_cv_have_decl_IFLA_IPVLAN_MODE" " + #include + #include + +" +if test "x$ac_cv_have_decl_IFLA_IPVLAN_MODE" = xyes; then : + ac_have_decl=1 else - if test -n "$ac_ct_STRIP"; then - ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IFLA_IPVLAN_MODE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_STRIP="strip" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 + + IPVLAN_SUPPORT=No + break + +fi + + if test $IPVLAN_SUPPORT = Yes; then + +$as_echo "#define _HAVE_VRRP_IPVLAN_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS VRRP_IPVLAN" fi -done - done -IFS=$as_save_IFS + CPPFLAGS="$SAV_CPPFLAGS" + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + int main(void) { int var = IFLA_LINK_NETNSID; } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + +$as_echo "#define HAVE_IFLA_LINK_NETNSID 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IFLA_LINK_NETNSID" fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + if test "${enable_json}" = yes; then + ENABLE_JSON=Yes + +$as_echo "#define _WITH_JSON_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS JSON" + fi + + if test "${enable_bfd}" = yes; then + BFD_SUPPORT=Yes + +$as_echo "#define _WITH_BFD_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS BFD" + fi + + if test .$enable_track_process != .no; then : + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS CN_PROC" + HAVE_CN_PROC=Yes + +$as_echo "#define _WITH_CN_PROC_ 1 " >>confdefs.h + + ac_fn_c_check_decl "$LINENO" "PROC_EVENT_SID" "ac_cv_have_decl_PROC_EVENT_SID" "#include +" +if test "x$ac_cv_have_decl_PROC_EVENT_SID" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi -ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP -if test -n "$ac_ct_STRIP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 -$as_echo "$ac_ct_STRIP" >&6; } + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_PROC_EVENT_SID $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "PROC_EVENT_PTRACE" "ac_cv_have_decl_PROC_EVENT_PTRACE" "#include +" +if test "x$ac_cv_have_decl_PROC_EVENT_PTRACE" = xyes; then : + ac_have_decl=1 else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + ac_have_decl=0 fi - if test "x$ac_ct_STRIP" = x; then - STRIP="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - STRIP=$ac_ct_STRIP - fi +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_PROC_EVENT_PTRACE $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "PROC_EVENT_COMM" "ac_cv_have_decl_PROC_EVENT_COMM" "#include +" +if test "x$ac_cv_have_decl_PROC_EVENT_COMM" = xyes; then : + ac_have_decl=1 else - STRIP="$ac_cv_prog_STRIP" + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_PROC_EVENT_COMM $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "PROC_EVENT_COREDUMP" "ac_cv_have_decl_PROC_EVENT_COREDUMP" "#include +" +if test "x$ac_cv_have_decl_PROC_EVENT_COREDUMP" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_PROC_EVENT_COREDUMP $ac_have_decl +_ACEOF + + +else + CONFIG_OPTIONS="$CONFIG_OPTIONS DISABLE_TRACK_PROCESS" +fi +fi + if test $VRRP_SUPPORT = Yes; then + WITH_VRRP_TRUE= + WITH_VRRP_FALSE='#' +else + WITH_VRRP_TRUE='#' + WITH_VRRP_FALSE= +fi -# Check whether --enable-lvs-syncd was given. -if test "${enable_lvs_syncd+set}" = set; then : - enableval=$enable_lvs_syncd; + if test $VRRP_AUTH_SUPPORT = Yes; then + VRRP_AUTH_TRUE= + VRRP_AUTH_FALSE='#' +else + VRRP_AUTH_TRUE='#' + VRRP_AUTH_FALSE= fi -# Check whether --enable-lvs was given. -if test "${enable_lvs+set}" = set; then : - enableval=$enable_lvs; + if test $MACVLAN_SUPPORT = Yes; then + VMAC_TRUE= + VMAC_FALSE='#' +else + VMAC_TRUE='#' + VMAC_FALSE= fi -# Check whether --enable-vrrp was given. -if test "${enable_vrrp+set}" = set; then : - enableval=$enable_vrrp; + if test $ENABLE_JSON = Yes; then + WITH_JSON_TRUE= + WITH_JSON_FALSE='#' +else + WITH_JSON_TRUE='#' + WITH_JSON_FALSE= fi + if test $BFD_SUPPORT = Yes; then + WITH_BFD_TRUE= + WITH_BFD_FALSE='#' +else + WITH_BFD_TRUE='#' + WITH_BFD_FALSE= +fi -# Check whether --with-kernel-dir was given. -if test "${with_kernel_dir+set}" = set; then : - withval=$with_kernel_dir; kernelinc="$withval/include" kernelpath="$withval" + if test $HAVE_CN_PROC = Yes; then + CN_PROC_TRUE= + CN_PROC_FALSE='#' else - kernelinc="/usr/src/linux/include" kernelpath="/usr/src/linux" + CN_PROC_TRUE='#' + CN_PROC_FALSE= fi -# Check whether --with-kernel-version was given. -if test "${with_kernel_version+set}" = set; then : - withval=$with_kernel_version; kernelversion="$withval" -else - kernelversion="" +if test ${IPVS_SUPPORT} = No -a ${VRRP_SUPPORT} = No; then + as_fn_error $? "keepalived MUST be compiled with at least one of LVS or VRRP framework" "$LINENO" 5 fi -# Check whether --enable-fwmark was given. -if test "${enable_fwmark+set}" = set; then : - enableval=$enable_fwmark; +# Introduced in Linux 2.6.27 and glibc 2.9 +ac_fn_c_check_decl "$LINENO" "SOCK_NONBLOCK" "ac_cv_have_decl_SOCK_NONBLOCK" "#include +" +if test "x$ac_cv_have_decl_SOCK_NONBLOCK" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi -# Check whether --enable-snmp was given. -if test "${enable_snmp+set}" = set; then : - enableval=$enable_snmp; +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SOCK_NONBLOCK $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + SYSTEM_OPTIONS="$SYSTEM_OPTIONS SOCK_NONBLOCK" fi -# Check whether --enable-sha1 was given. -if test "${enable_sha1+set}" = set; then : - enableval=$enable_sha1; + if test $ac_cv_have_decl_SOCK_NONBLOCK = yes; then + SOCK_NONBLOCK_TRUE= + SOCK_NONBLOCK_FALSE='#' +else + SOCK_NONBLOCK_TRUE='#' + SOCK_NONBLOCK_FALSE= fi -# Check whether --enable-debug was given. -if test "${enable_debug+set}" = set; then : - enableval=$enable_debug; + +# Introduced in Linux 2.6.27 and glibc 2.9 +ac_fn_c_check_decl "$LINENO" "SOCK_CLOEXEC" "ac_cv_have_decl_SOCK_CLOEXEC" "#include +" +if test "x$ac_cv_have_decl_SOCK_CLOEXEC" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi -# Check whether --enable-profile was given. -if test "${enable_profile+set}" = set; then : - enableval=$enable_profile; +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SOCK_CLOEXEC $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + SYSTEM_OPTIONS="$SYSTEM_OPTIONS SOCK_CLOEXEC" fi +# Introduced in Linux 2.6.37 +ac_fn_c_check_decl "$LINENO" "IPVS_SVC_ATTR_PE_NAME" "ac_cv_have_decl_IPVS_SVC_ATTR_PE_NAME" "#include +" +if test "x$ac_cv_have_decl_IPVS_SVC_ATTR_PE_NAME" = xyes; then : + + +$as_echo "#define _HAVE_PE_NAME_ 1 " >>confdefs.h + -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 -$as_echo_n "checking how to run the C preprocessor... " >&6; } -# On Suns, sometimes $CPP names a directory. -if test -n "$CPP" && test -d "$CPP"; then - CPP= fi -if test -z "$CPP"; then - if ${ac_cv_prog_CPP+:} false; then : - $as_echo_n "(cached) " >&6 + + +# Introduced in Linux 2.6.39 +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE" +ac_fn_c_check_decl "$LINENO" "O_PATH" "ac_cv_have_decl_O_PATH" "#include +" +if test "x$ac_cv_have_decl_O_PATH" = xyes; then : + ac_have_decl=1 else - # Double quotes because CPP needs to be expanded - for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" - do - ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif - Syntax error + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_O_PATH $ac_have_decl _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : +if test $ac_have_decl = 1; then : + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS O_PATH" + +fi + +CPPFLAGS="$SAV_CPPFLAGS" +ac_fn_c_check_decl "$LINENO" "GLOB_BRACE" "ac_cv_have_decl_GLOB_BRACE" "#include +" +if test "x$ac_cv_have_decl_GLOB_BRACE" = xyes; then : + ac_have_decl=1 else - # Broken: fails on valid input. -continue + ac_have_decl=0 fi -rm -f conftest.err conftest.i conftest.$ac_ext - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_GLOB_BRACE $ac_have_decl _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - # Broken: success on invalid input. -continue -else - # Passes both tests. -ac_preproc_ok=: -break +if test $ac_have_decl = 1; then : + SYSTEM_OPTIONS="$SYSTEM_OPTIONS GLOB_BRACE" fi -rm -f conftest.err conftest.i conftest.$ac_ext -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok; then : - break + +UNICAST_CHKSUM_COMPAT_SUPPORT=No +if test .$enable_checksum_compat != .no; then + UNICAST_CHKSUM_COMPAT_SUPPORT=Yes + +$as_echo "#define _WITH_UNICAST_CHKSUM_COMPAT_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS OLD_CHKSUM_COMPAT" fi - done - ac_cv_prog_CPP=$CPP +FIB_ROUTING_SUPPORT=No +if test .$enable_vrrp != .no -a .$enable_routes != .no; then + # Introduced in Linux 2.6.19 + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + ac_fn_c_check_decl "$LINENO" "FRA_SRC" "ac_cv_have_decl_FRA_SRC" "#include + #include +" +if test "x$ac_cv_have_decl_FRA_SRC" = xyes; then : + + FIB_ROUTING_SUPPORT=Yes + +$as_echo "#define _HAVE_FIB_ROUTING_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS FIB_ROUTING" fi - CPP=$ac_cv_prog_CPP + + CPPFLAGS="$SAV_CPPFLAGS" +fi + if test $FIB_ROUTING_SUPPORT = Yes; then + FIB_ROUTING_TRUE= + FIB_ROUTING_FALSE='#' else - ac_cv_prog_CPP=$CPP + FIB_ROUTING_TRUE='#' + FIB_ROUTING_FALSE= fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 -$as_echo "$CPP" >&6; } -ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif - Syntax error -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : + + +if test .$enable_linkbeat = .no; then : + + LINKBEAT_SUPPORT=No + CONFIG_OPTIONS="$CONFIG_OPTIONS NO_LINKBEAT" else - # Broken: fails on valid input. -continue + + LINKBEAT_SUPPORT=Yes + +$as_echo "#define _WITH_LINKBEAT_ 1 " >>confdefs.h + + fi -rm -f conftest.err conftest.i conftest.$ac_ext - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - # Broken: success on invalid input. -continue +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +if test ${MACVLAN_SUPPORT} = Yes; then + # Introduced in Linux 3.17 + ac_fn_c_check_decl "$LINENO" "IFLA_INET6_ADDR_GEN_MODE" "ac_cv_have_decl_IFLA_INET6_ADDR_GEN_MODE" " + #include + +" +if test "x$ac_cv_have_decl_IFLA_INET6_ADDR_GEN_MODE" = xyes; then : + ac_have_decl=1 else - # Passes both tests. -ac_preproc_ok=: -break + ac_have_decl=0 fi -rm -f conftest.err conftest.i conftest.$ac_ext -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok; then : +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IFLA_INET6_ADDR_GEN_MODE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS INET6_ADDR_GEN_MODE" + +fi + +fi +CPPFLAGS="$SAV_CPPFLAGS" + +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +if test ${MACVLAN_SUPPORT} = Yes; then + # Introduced in Linux 4.3 + ac_fn_c_check_decl "$LINENO" "IFLA_VRF_MAX" "ac_cv_have_decl_IFLA_VRF_MAX" " + #include +" +if test "x$ac_cv_have_decl_IFLA_VRF_MAX" = xyes; then : + ac_have_decl=1 else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details" "$LINENO" 5; } + ac_have_decl=0 fi -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IFLA_VRF_MAX $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + SYSTEM_OPTIONS="$SYSTEM_OPTIONS VRF" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 -$as_echo_n "checking for grep that handles long lines and -e... " >&6; } -if ${ac_cv_path_GREP+:} false; then : +$as_echo "#define _HAVE_VRF_ 1 " >>confdefs.h + + +fi + +fi +CPPFLAGS="$SAV_CPPFLAGS" + +SNMP_SUPPORT=No +SNMP_KEEPALIVED_SUPPORT=No +SNMP_VRRP_SUPPORT=No +SNMP_RFC_SUPPORT=No +SNMP_RFCV2_SUPPORT=No +SNMP_RFCV3_SUPPORT=No +SNMP_CHECKER_SUPPORT=No +SNMP_V3_FOR_V2=No +if test "$enable_snmp_keepalived" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --enable-snmp-keepalived is obsolete. Use --enable-snmp-vrrp." >&5 +$as_echo "$as_me: WARNING: --enable-snmp-keepalived is obsolete. Use --enable-snmp-vrrp." >&2;} + enable_snmp_vrrp=$enable_snmp_keepalived +fi +if test "$enable_snmp" = yes -o \ + "$enable_snmp_vrrp" = yes -o \ + "$enable_snmp_checker" = yes -o \ + "$enable_snmp_rfc" = yes -o \ + "$enable_snmp_rfcv2" = yes -o \ + "$enable_snmp_rfcv3" = yes; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}net-snmp-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}net-snmp-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_NETSNMP_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else - if test -z "$GREP"; then - ac_path_GREP_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in grep ggrep; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_GREP" || continue -# Check for GNU ac_path_GREP and select it if it is found. - # Check for GNU $ac_path_GREP -case `"$ac_path_GREP" --version 2>&1` in -*GNU*) - ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; -*) - ac_count=0 - $as_echo_n 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - $as_echo 'GREP' >> "conftest.nl" - "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_GREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_GREP="$ac_path_GREP" - ac_path_GREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_GREP_found && break 3 - done - done + case $NETSNMP_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_NETSNMP_CONFIG="$NETSNMP_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_NETSNMP_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done done IFS=$as_save_IFS - if test -z "$ac_cv_path_GREP"; then - as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi -else - ac_cv_path_GREP=$GREP -fi + ;; +esac +fi +NETSNMP_CONFIG=$ac_cv_path_NETSNMP_CONFIG +if test -n "$NETSNMP_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NETSNMP_CONFIG" >&5 +$as_echo "$NETSNMP_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 -$as_echo "$ac_cv_path_GREP" >&6; } - GREP="$ac_cv_path_GREP" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 -$as_echo_n "checking for egrep... " >&6; } -if ${ac_cv_path_EGREP+:} false; then : +fi +if test -z "$ac_cv_path_NETSNMP_CONFIG"; then + ac_pt_NETSNMP_CONFIG=$NETSNMP_CONFIG + # Extract the first word of "net-snmp-config", so it can be a program name with args. +set dummy net-snmp-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ac_pt_NETSNMP_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else - if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 - then ac_cv_path_EGREP="$GREP -E" - else - if test -z "$EGREP"; then - ac_path_EGREP_found=false - # Loop through the user's path and test for each of PROGNAME-LIST + case $ac_pt_NETSNMP_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_NETSNMP_CONFIG="$ac_pt_NETSNMP_CONFIG" # Let the user override the test with a path. + ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_EGREP" || continue -# Check for GNU ac_path_EGREP and select it if it is found. - # Check for GNU $ac_path_EGREP -case `"$ac_path_EGREP" --version 2>&1` in -*GNU*) - ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; -*) - ac_count=0 - $as_echo_n 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - $as_echo 'EGREP' >> "conftest.nl" - "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_EGREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_EGREP="$ac_path_EGREP" - ac_path_EGREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_EGREP_found && break 3 - done - done + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_NETSNMP_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done done IFS=$as_save_IFS - if test -z "$ac_cv_path_EGREP"; then - as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi + + ;; +esac +fi +ac_pt_NETSNMP_CONFIG=$ac_cv_path_ac_pt_NETSNMP_CONFIG +if test -n "$ac_pt_NETSNMP_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_NETSNMP_CONFIG" >&5 +$as_echo "$ac_pt_NETSNMP_CONFIG" >&6; } else - ac_cv_path_EGREP=$EGREP + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi - fi + if test "x$ac_pt_NETSNMP_CONFIG" = x; then + NETSNMP_CONFIG="no" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + NETSNMP_CONFIG=$ac_pt_NETSNMP_CONFIG + fi +else + NETSNMP_CONFIG="$ac_cv_path_NETSNMP_CONFIG" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 -$as_echo "$ac_cv_path_EGREP" >&6; } - EGREP="$ac_cv_path_EGREP" + if test "$NETSNMP_CONFIG" = no; then + as_fn_error $? "*** unable to find net-snmp-config" "$LINENO" 5 + fi + NETSNMP_LIBS_AGENT=`${NETSNMP_CONFIG} --netsnmp-agent-libs` + NETSNMP_LIBS_EXT=`${NETSNMP_CONFIG} --external-libs` + NETSNMP_LIBS="$NETSNMP_LIBS_AGENT $NETSNMP_LIBS_EXT" + NETSNMP_CFLAGS="`${NETSNMP_CONFIG} --base-cflags`" + NETSNMP_CPPFLAGS="-DNETSNMP_NO_INLINE" + + # net-snmp-config adds compiler and linker options that were set at the time + # net-snmp was built, and this can include spec files that may not exist + # on the system building keepalived. We need to check if any spec files + # are specified, and if they do not exist on this system, then remove them + # from NETSNMP_LIBS or NETSNMP_CFLAGS. + # For further information, see https://bugzilla.redhat.com/show_bug.cgi?id=1544527 + # and the other bugs referred to in it. + for spec in `echo $NETSNMP_LIBS | sed -e "s? ?\n?g" | grep "^-specs="`; do + SPEC_FILE=`echo $spec | sed -e "s?^-spaces=??"` + if test ! -f $SPEC_FILE; then + NETSNMP_LIBS=`echo $NETSNMP_LIBS | sed -e "s? *$spec *? ?"` + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Removing $spec from NETSNMP_LIBS since spec file not installed" >&5 +$as_echo "$as_me: WARNING: Removing $spec from NETSNMP_LIBS since spec file not installed" >&2;} + fi + done + for spec in `echo $NETSNMP_CFLAGS | sed -e "s? ?\n?g" | grep "^-specs="`; do + SPEC_FILE=`echo $spec | sed -e "s?^-spaces=??"` + if test ! -f $SPEC_FILE; then + NETSNMP_CFLAGS=`echo $NETSNMP_CFLAGS | sed -e "s? *$spec *? ?"` + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Removing $spec from NETSNMP_CFLAGS since spec file not installed" >&5 +$as_echo "$as_me: WARNING: Removing $spec from NETSNMP_CFLAGS since spec file not installed" >&2;} + fi + done -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 -$as_echo_n "checking for ANSI C header files... " >&6; } -if ${ac_cv_header_stdc+:} false; then : - $as_echo_n "(cached) " >&6 -else + SAV_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS ${NETSNMP_CFLAGS}" + SAV_LIBS="$LIBS" + LIBS="$LIBS ${NETSNMP_LIBS}" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler supports flag \"${NETSNMP_CFLAGS} ${NETSNMP_LIBS}\" from Net-SNMP" >&5 +$as_echo_n "checking whether C compiler supports flag \"${NETSNMP_CFLAGS} ${NETSNMP_LIBS}\" from Net-SNMP... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include -#include -#include -#include -int -main () -{ + int main(void) + { + return 0; + } - ; - return 0; -} _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_stdc=yes +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else - ac_cv_header_stdc=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "*** incorrect CFLAGS from net-snmp-config" "$LINENO" 5 +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + # Do we have subagent support? + for ac_func in netsnmp_enable_subagent +do : + ac_fn_c_check_func "$LINENO" "netsnmp_enable_subagent" "ac_cv_func_netsnmp_enable_subagent" +if test "x$ac_cv_func_netsnmp_enable_subagent" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NETSNMP_ENABLE_SUBAGENT 1 _ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "memchr" >/dev/null 2>&1; then : else - ac_cv_header_stdc=no + as_fn_error $? "*** no subagent support in net-snmp" "$LINENO" 5 fi -rm -f conftest* +done -fi -if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include + # check for net-snmp headers + # Some ancient distributions may miss header + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $NETSNMP_CFLAGS" + for ac_header in net-snmp/agent/agent_sysORTable.h net-snmp/agent/snmp_vars.h net-snmp/agent/util_funcs.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" " + #include + #include + #include +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "free" >/dev/null 2>&1; then : else - ac_cv_header_stdc=no + as_fn_error $? "missing net-snmp headers" "$LINENO" 5 fi -rm -f conftest* -fi +done -if test $ac_cv_header_stdc = yes; then - # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. - if test "$cross_compiling" = yes; then : - : -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#if ((' ' & 0x0FF) == 0x020) -# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) -#else -# define ISLOWER(c) \ - (('a' <= (c) && (c) <= 'i') \ - || ('j' <= (c) && (c) <= 'r') \ - || ('s' <= (c) && (c) <= 'z')) -# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) -#endif -#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) -int -main () -{ - int i; - for (i = 0; i < 256; i++) - if (XOR (islower (i), ISLOWER (i)) - || toupper (i) != TOUPPER (i)) - return 2; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : + SNMP_SUPPORT=Yes -else - ac_cv_header_stdc=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi + # NETSNMP_CFLAGS can have CPPFLAGS options, so separate them + NETSNMP_CPPFLAGS_XTRA=`echo " $NETSNMP_CFLAGS " | sed -e "s/ / /g" -e "s/ -[^IDU] *-/ -/g" -e "s/ -[^IDU] *[^-][^ ]* / /g" -e "s/ */ /g"` + NETSNMP_CFLAGS=`echo " $NETSNMP_CFLAGS " | sed -e "s/ / /g" -e "s/ -[IDU] *[^ ]* / /g" -e "s/ */ /g"` + KA_CFLAGS="$KA_CFLAGS $NETSNMP_CFLAGS" + KA_CPPFLAGS="$KA_CPPFLAGS $NETSNMP_CPPFLAGS $NETSNMP_CPPFLAGS_XTRA" + + # NETSNMP_LIBS may have some LDFLAGS options, so separate them + NETSNMP_LDFLAGS_XTRA=`echo " $NETSNMP_LIBS " | sed -e "s/ / /g" -e "s/ -l *[^ ]* / /g" -e "s/ */ /g" -e "s/ -/ @-/g" | tr "@" "\n" | sed -e "s/^ *//" -e "s/ *$//" | sort -u | tr "\n" " "` + NETSNMP_LIBS=`echo " $NETSNMP_LIBS " | sed -e "s/ / /g" -e "s/ \(-l *[^ ]*\) /@\1@/g" | tr "@" "\n" | grep "^-l" | tr "\n" " " | sed -e "s/ */ /g"` + KA_LDFLAGS="$KA_LDFLAGS $NETSNMP_LDFLAGS $NETSNMP_LDFLAGS_XTRA" + KA_LIBS="$KA_LIBS $NETSNMP_LIBS" + + if test "$enable_snmp_rfc" = yes; then + SNMP_RFCV2_SUPPORT=Yes + SNMP_RFCV3_SUPPORT=Yes + else + if test "$enable_snmp_rfcv2" = yes; then + SNMP_RFCV2_SUPPORT=Yes + fi + if test "$enable_snmp_rfcv3" = yes; then + SNMP_RFCV3_SUPPORT=Yes + fi + fi + if test ${SNMP_RFCV2_SUPPORT} = Yes -o \ + ${SNMP_RFCV3_SUPPORT} = Yes; then + if test ${VRRP_SUPPORT} != Yes; then + as_fn_error $? "RFC SNMP support requires VRRP" "$LINENO" 5 + fi + SNMP_RFC_SUPPORT=Yes + fi + if test ${SNMP_RFCV3_SUPPORT} = Yes -a \ + "$enable_snmp_reply_v3_for_v2" != no; then + +$as_echo "#define _SNMP_REPLY_V3_FOR_V2_ 1 " >>confdefs.h + + SNMP_V3_FOR_V2=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS SNMP_V3_FOR_V2" + fi + + if test "$enable_snmp" = yes; then + if test ${VRRP_SUPPORT} = Yes; then + SNMP_VRRP_SUPPORT=Yes + fi + if test ${IPVS_SUPPORT} = Yes; then + SNMP_CHECKER_SUPPORT=Yes + fi + else + if test "$enable_snmp_vrrp" = yes; then + SNMP_VRRP_SUPPORT=Yes + fi + if test "$enable_snmp_checker" = yes; then + SNMP_CHECKER_SUPPORT=Yes + fi + fi + if test ${VRRP_SUPPORT} != Yes -a \ + ${SNMP_VRRP_SUPPORT} = Yes; then + as_fn_error $? "VRRP SNMP support requires VRRP" "$LINENO" 5 + fi + if test ${IPVS_SUPPORT} = No -a \ + ${SNMP_CHECKER_SUPPORT} = Yes; then + as_fn_error $? "CHECKER SNMP support requires checker" "$LINENO" 5 + fi + + if test ${SNMP_VRRP_SUPPORT} = Yes -o \ + ${SNMP_CHECKER_SUPPORT} = Yes; then + SNMP_KEEPALIVED_SUPPORT=Yes + fi + CPPFLAGS="$SAV_CPPFLAGS" + CFLAGS="$SAV_CFLAGS" + LIBS="$SAV_LIBS" fi + +if test $SNMP_SUPPORT = Yes; then + +$as_echo "#define _WITH_SNMP_ 1 " >>confdefs.h + fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 -$as_echo "$ac_cv_header_stdc" >&6; } -if test $ac_cv_header_stdc = yes; then +if test $SNMP_KEEPALIVED_SUPPORT = Yes; then -$as_echo "#define STDC_HEADERS 1" >>confdefs.h +$as_echo "#define _WITH_SNMP_KEEPALIVED_ 1 " >>confdefs.h fi +if test $SNMP_VRRP_SUPPORT = Yes; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sys/wait.h that is POSIX.1 compatible" >&5 -$as_echo_n "checking for sys/wait.h that is POSIX.1 compatible... " >&6; } -if ${ac_cv_header_sys_wait_h+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#ifndef WEXITSTATUS -# define WEXITSTATUS(stat_val) ((unsigned int) (stat_val) >> 8) -#endif -#ifndef WIFEXITED -# define WIFEXITED(stat_val) (((stat_val) & 255) == 0) -#endif +$as_echo "#define _WITH_SNMP_VRRP_ 1 " >>confdefs.h -int -main () -{ - int s; - wait (&s); - s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_sys_wait_h=yes -else - ac_cv_header_sys_wait_h=no + CONFIG_OPTIONS="$CONFIG_OPTIONS SNMP_VRRP" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +if test $SNMP_CHECKER_SUPPORT = Yes; then + +$as_echo "#define _WITH_SNMP_CHECKER_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS SNMP_CHECKER" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_sys_wait_h" >&5 -$as_echo "$ac_cv_header_sys_wait_h" >&6; } -if test $ac_cv_header_sys_wait_h = yes; then +if test $SNMP_RFC_SUPPORT = Yes; then -$as_echo "#define HAVE_SYS_WAIT_H 1" >>confdefs.h +$as_echo "#define _WITH_SNMP_RFC_ 1 " >>confdefs.h fi +if test $SNMP_RFCV2_SUPPORT = Yes; then -# On IRIX 5.3, sys/types and inttypes.h are conflicting. -for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ - inttypes.h stdint.h unistd.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default -" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF +$as_echo "#define _WITH_SNMP_RFCV2_ 1 " >>confdefs.h + CONFIG_OPTIONS="$CONFIG_OPTIONS SNMP_RFCV2" fi +if test $SNMP_RFCV3_SUPPORT = Yes; then -done +$as_echo "#define _WITH_SNMP_RFCV3_ 1 " >>confdefs.h + CONFIG_OPTIONS="$CONFIG_OPTIONS SNMP_RFCV3" +fi + if test $SNMP_SUPPORT = Yes; then + SNMP_TRUE= + SNMP_FALSE='#' +else + SNMP_TRUE='#' + SNMP_FALSE= +fi -for ac_header in fcntl.h syslog.h unistd.h sys/ioctl.h sys/time.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF + if test $SNMP_KEEPALIVED_SUPPORT = Yes; then + SNMP_KEEPALIVED_TRUE= + SNMP_KEEPALIVED_FALSE='#' +else + SNMP_KEEPALIVED_TRUE='#' + SNMP_KEEPALIVED_FALSE= +fi + if test $SNMP_VRRP_SUPPORT = Yes -o $SNMP_RFC_SUPPORT = Yes; then + SNMP_VRRP_TRUE= + SNMP_VRRP_FALSE='#' +else + SNMP_VRRP_TRUE='#' + SNMP_VRRP_FALSE= fi -done + if test $SNMP_CHECKER_SUPPORT = Yes; then + SNMP_CHECKER_TRUE= + SNMP_CHECKER_FALSE='#' +else + SNMP_CHECKER_TRUE='#' + SNMP_CHECKER_FALSE= +fi -for ac_header in openssl/ssl.h openssl/md5.h openssl/err.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF + if test $SNMP_RFCV2_SUPPORT = Yes -o $SNMP_RFCV3_SUPPORT = Yes; then + SNMP_RFC_TRUE= + SNMP_RFC_FALSE='#' +else + SNMP_RFC_TRUE='#' + SNMP_RFC_FALSE= +fi + if test $SNMP_RFCV2_SUPPORT = Yes; then + SNMP_RFCV2_TRUE= + SNMP_RFCV2_FALSE='#' else - as_fn_error $? " - !!! OpenSSL is not properly installed on your system. !!! - !!! Can not include OpenSSL headers files. !!!" "$LINENO" 5 + SNMP_RFCV2_TRUE='#' + SNMP_RFCV2_FALSE= fi -done + if test $SNMP_RFCV3_SUPPORT = Yes; then + SNMP_RFCV3_TRUE= + SNMP_RFCV3_FALSE='#' +else + SNMP_RFCV3_TRUE='#' + SNMP_RFCV3_FALSE= +fi -ac_fn_c_check_decl "$LINENO" "ETHERTYPE_IPV6" "ac_cv_have_decl_ETHERTYPE_IPV6" "#include -" -if test "x$ac_cv_have_decl_ETHERTYPE_IPV6" = xyes; then : + if test $SNMP_V3_FOR_V2 = Yes; then + SNMP_REPLY_V3_FOR_V2_TRUE= + SNMP_REPLY_V3_FOR_V2_FALSE='#' +else + SNMP_REPLY_V3_FOR_V2_TRUE='#' + SNMP_REPLY_V3_FOR_V2_FALSE= +fi +if test $SNMP_SUPPORT = Yes; then : + SNMP_SERVICE=snmpd.service else - CFLAGS="$CFLAGS -DETHERTYPE_IPV6=0x86dd" + SNMP_SERVICE= fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5 -$as_echo_n "checking for crypt in -lcrypt... " >&6; } -if ${ac_cv_lib_crypt_crypt+:} false; then : +DBUS_SUPPORT=No +DBUS_CREATE_INSTANCE=No +if test "$enable_dbus" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for g_bus_own_name in -lgio-2.0" >&5 +$as_echo_n "checking for g_bus_own_name in -lgio-2.0... " >&6; } +if ${ac_cv_lib_gio_2_0_g_bus_own_name+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-lcrypt $LIBS" +LIBS="-lgio-2.0 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -3779,139 +11608,182 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext #ifdef __cplusplus extern "C" #endif -char crypt (); +char g_bus_own_name (); int main () { -return crypt (); +return g_bus_own_name (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_crypt_crypt=yes + ac_cv_lib_gio_2_0_g_bus_own_name=yes else - ac_cv_lib_crypt_crypt=no + ac_cv_lib_gio_2_0_g_bus_own_name=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5 -$as_echo "$ac_cv_lib_crypt_crypt" >&6; } -if test "x$ac_cv_lib_crypt_crypt" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBCRYPT 1 -_ACEOF +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gio_2_0_g_bus_own_name" >&5 +$as_echo "$ac_cv_lib_gio_2_0_g_bus_own_name" >&6; } +if test "x$ac_cv_lib_gio_2_0_g_bus_own_name" = xyes; then : + + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I gio-2.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other gio-2.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" - LIBS="-lcrypt $LIBS" -else - as_fn_error $? "crypt() function is required" "$LINENO" 5 -fi + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires gio-2.0` + var=`$PKG_CONFIG --libs-only-l gio-2.0` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs gio-2.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + DBUS_SUPPORT=Yes + +$as_echo "#define _WITH_DBUS_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS DBUS" + + SAV_CFLAGS=$CFLAGS + CFLAGS="$($PKG_CONFIG --cflags gio-2.0)" + SAV_LIBS=$LIBS + LIBS="$($PKG_CONFIG --libs gio-2.0)" + if test "$cross_compiling" = yes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot determine if need to call g_type_init(). Assuming yes for safety." >&5 +$as_echo "$as_me: WARNING: Cannot determine if need to call g_type_init(). Assuming yes for safety." >&2;} + need_g_type_init=1 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for MD5_Init in -lcrypto" >&5 -$as_echo_n "checking for MD5_Init in -lcrypto... " >&6; } -if ${ac_cv_lib_crypto_MD5_Init+:} false; then : - $as_echo_n "(cached) " >&6 else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcrypto $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char MD5_Init (); + #include int main () { -return MD5_Init (); +return !g_thread_functions_for_glib_use.mutex_lock; ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_crypto_MD5_Init=yes +if ac_fn_c_try_run "$LINENO"; then : + need_g_type_init=0 else - ac_cv_lib_crypto_MD5_Init=no + need_g_type_init=1 fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_MD5_Init" >&5 -$as_echo "$ac_cv_lib_crypto_MD5_Init" >&6; } -if test "x$ac_cv_lib_crypto_MD5_Init" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBCRYPTO 1 -_ACEOF - LIBS="-lcrypto $LIBS" + if test $need_g_type_init -eq 1; then + +$as_echo "#define DBUS_NEED_G_TYPE_INIT 1 " >>confdefs.h + + fi + LIBS=$SAV_LIBS + CFLAGS=$SAV_CFLAGS + if test "$enable_dbus_create_instance" = yes; then + +$as_echo "#define _WITH_DBUS_CREATE_INSTANCE_ 1 " >>confdefs.h + + DBUS_CREATE_INSTANCE=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS DBUS_CREATE_INSTANCE" + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: DBus create instance functionality is dangerous - why do you want it?" >&5 +$as_echo "$as_me: WARNING: DBus create instance functionality is dangerous - why do you want it?" >&2;} + fi else - as_fn_error $? "OpenSSL libraries are required" "$LINENO" 5 + as_fn_error $? "DBUS support requested but libgio-2.0 not found." "$LINENO" 5 fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_new in -lssl" >&5 -$as_echo_n "checking for SSL_CTX_new in -lssl... " >&6; } -if ${ac_cv_lib_ssl_SSL_CTX_new+:} false; then : - $as_echo_n "(cached) " >&6 + unset LIBS +fi + if test $DBUS_SUPPORT = Yes; then + WITH_DBUS_TRUE= + WITH_DBUS_FALSE='#' else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lssl $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + WITH_DBUS_TRUE='#' + WITH_DBUS_FALSE= +fi -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char SSL_CTX_new (); -int -main () -{ -return SSL_CTX_new (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_ssl_SSL_CTX_new=yes + if test $DBUS_CREATE_INSTANCE = Yes; then + DBUS_CREATE_INSTANCE_TRUE= + DBUS_CREATE_INSTANCE_FALSE='#' else - ac_cv_lib_ssl_SSL_CTX_new=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS + DBUS_CREATE_INSTANCE_TRUE='#' + DBUS_CREATE_INSTANCE_FALSE= fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_CTX_new" >&5 -$as_echo "$ac_cv_lib_ssl_SSL_CTX_new" >&6; } -if test "x$ac_cv_lib_ssl_SSL_CTX_new" = xyes; then : + + +SHA1_SUPPORT=No +if test "${enable_sha1}" = yes; then + for ac_header in openssl/sha.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "openssl/sha.h" "ac_cv_header_openssl_sha_h" "$ac_includes_default" +if test "x$ac_cv_header_openssl_sha_h" = xyes; then : cat >>confdefs.h <<_ACEOF -#define HAVE_LIBSSL 1 +#define HAVE_OPENSSL_SHA_H 1 _ACEOF - LIBS="-lssl $LIBS" - else - as_fn_error $? "OpenSSL libraries are required" "$LINENO" 5 + as_fn_error $? "unable to find openssl/sha.h" "$LINENO" 5 fi +done -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_socket_alloc in -lnl-3" >&5 -$as_echo_n "checking for nl_socket_alloc in -lnl-3... " >&6; } -if ${ac_cv_lib_nl_3_nl_socket_alloc+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SHA1_Init in -lcrypto" >&5 +$as_echo_n "checking for SHA1_Init in -lcrypto... " >&6; } +if ${ac_cv_lib_crypto_SHA1_Init+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-lnl-3 $LIBS" +LIBS="-lcrypto $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -3921,35 +11793,45 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext #ifdef __cplusplus extern "C" #endif -char nl_socket_alloc (); +char SHA1_Init (); int main () { -return nl_socket_alloc (); +return SHA1_Init (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_nl_3_nl_socket_alloc=yes + ac_cv_lib_crypto_SHA1_Init=yes else - ac_cv_lib_nl_3_nl_socket_alloc=no + ac_cv_lib_crypto_SHA1_Init=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_3_nl_socket_alloc" >&5 -$as_echo "$ac_cv_lib_nl_3_nl_socket_alloc" >&6; } -if test "x$ac_cv_lib_nl_3_nl_socket_alloc" = xyes; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_SHA1_Init" >&5 +$as_echo "$ac_cv_lib_crypto_SHA1_Init" >&6; } +if test "x$ac_cv_lib_crypto_SHA1_Init" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBCRYPTO 1 +_ACEOF + + LIBS="-lcrypto $LIBS" + +else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for genl_connect in -lnl-genl-3" >&5 -$as_echo_n "checking for genl_connect in -lnl-genl-3... " >&6; } -if ${ac_cv_lib_nl_genl_3_genl_connect+:} false; then : + { ac_cv_lib_crypto_SHA1_Init=; unset ac_cv_lib_crypto_SHA1_Init;} + SAV_CFLAGS=$CFLAGS + CFLAGS="$CFLAGS -fpic" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SHA1_Init in -lcrypto" >&5 +$as_echo_n "checking for SHA1_Init in -lcrypto... " >&6; } +if ${ac_cv_lib_crypto_SHA1_Init+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-lnl-genl-3 $LIBS" +LIBS="-lcrypto $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -3959,293 +11841,265 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext #ifdef __cplusplus extern "C" #endif -char genl_connect (); +char SHA1_Init (); int main () { -return genl_connect (); +return SHA1_Init (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_nl_genl_3_genl_connect=yes + ac_cv_lib_crypto_SHA1_Init=yes else - ac_cv_lib_nl_genl_3_genl_connect=no + ac_cv_lib_crypto_SHA1_Init=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_genl_3_genl_connect" >&5 -$as_echo "$ac_cv_lib_nl_genl_3_genl_connect" >&6; } -if test "x$ac_cv_lib_nl_genl_3_genl_connect" = xyes; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_SHA1_Init" >&5 +$as_echo "$ac_cv_lib_crypto_SHA1_Init" >&6; } +if test "x$ac_cv_lib_crypto_SHA1_Init" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBCRYPTO 1 +_ACEOF - USE_NL="LIBIPVS_USE_NL" - CFLAGS="$CFLAGS $(pkg-config --cflags libnl-genl-3.0)" - LIBS="$LIBS $(pkg-config --libs libnl-genl-3.0)" + LIBS="-lcrypto $LIBS" else + as_fn_error $? "SHA1 in OpenSSL required" "$LINENO" 5 +fi - as_fn_error $? "libnl-3 is installed but not libnl-gen-3. Please, install libnl-gen-3." "$LINENO" 5 + CFLAGS=$SAV_CFLAGS + KA_CFLAGS="$KA_CFLAGS -fpic" fi + SHA1_SUPPORT=Yes -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_socket_modify_cb in -lnl" >&5 -$as_echo_n "checking for nl_socket_modify_cb in -lnl... " >&6; } -if ${ac_cv_lib_nl_nl_socket_modify_cb+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lnl $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ +$as_echo "#define _WITH_SHA1_ 1 " >>confdefs.h -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char nl_socket_modify_cb (); -int -main () -{ -return nl_socket_modify_cb (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_nl_nl_socket_modify_cb=yes -else - ac_cv_lib_nl_nl_socket_modify_cb=no fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS + if test $SHA1_SUPPORT = Yes; then + WITH_SHA1_TRUE= + WITH_SHA1_FALSE='#' +else + WITH_SHA1_TRUE='#' + WITH_SHA1_FALSE= fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_nl_socket_modify_cb" >&5 -$as_echo "$ac_cv_lib_nl_nl_socket_modify_cb" >&6; } -if test "x$ac_cv_lib_nl_nl_socket_modify_cb" = xyes; then : - USE_NL="LIBIPVS_USE_NL" - CFLAGS="$CFLAGS -DFALLBACK_LIBNL1" - LIBS="$LIBS $(pkg-config --libs libnl-1)" +unset LIBS +SO_MARK_SUPPORT=No +if test "${enable_fwmark}" != no; then + ac_fn_c_check_decl "$LINENO" "SO_MARK" "ac_cv_have_decl_SO_MARK" "#include +" +if test "x$ac_cv_have_decl_SO_MARK" = xyes; then : + ac_have_decl=1 else + ac_have_decl=0 +fi - USE_NL="LIBIPVS_DONTUSE_NL" - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: keepalived will be built without libnl support." >&5 -$as_echo "$as_me: WARNING: keepalived will be built without libnl support." >&2;} +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SO_MARK $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : -fi + SO_MARK_SUPPORT=Yes +$as_echo "#define _WITH_SO_MARK_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS SO_MARK" fi +fi -CPPFLAGS="$CPPFLAGS -I$kernelinc" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for kernel version" >&5 -$as_echo_n "checking for kernel version... " >&6; } -if test "$cross_compiling" = yes; then : +SAV_CFLAGS="$CFLAGS" +ac_fn_c_check_decl "$LINENO" "CLONE_NEWNET" "ac_cv_have_decl_CLONE_NEWNET" "#include +" +if test "x$ac_cv_have_decl_CLONE_NEWNET" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_CLONE_NEWNET $ac_have_decl +_ACEOF - LINUX_MAJOR="0" - LINUX_MINOR="0" - LINUX_PATCH="0" +for ac_func in setns +do : + ac_fn_c_check_func "$LINENO" "setns" "ac_cv_func_setns" +if test "x$ac_cv_func_setns" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SETNS 1 +_ACEOF -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ +fi +done - #include - #include - #include - #if !defined(UTS_RELEASE) && !defined(LINUX_VERSION_CODE) - #include - #endif - int main (void) { - FILE *fp = fopen ("linuxinfo", "w"); - if (!fp) return 1; - #if defined(UTS_RELEASE) - fprintf (fp, "%s\n", UTS_RELEASE); - #elif defined(LINUX_VERSION_CODE) - fprintf (fp, "%d.%d.%d\n", LINUX_VERSION_CODE >> 16, (LINUX_VERSION_CODE >> 8) & 0xFF, LINUX_VERSION_CODE & 0xFF); - #else - fprintf (fp, "0.0.0\n"); /* Let's fail gently */ - #endif - fclose (fp); - return 0; - } +if test $ac_cv_func_setns = no; then : + { ac_cv_func_setns=; unset ac_cv_func_setns;} + CFLAGS="$CFLAGS -fPIC" + for ac_func in setns +do : + ac_fn_c_check_func "$LINENO" "setns" "ac_cv_func_setns" +if test "x$ac_cv_func_setns" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SETNS 1 _ACEOF -if ac_fn_c_try_run "$LINENO"; then : - LINUX_MAJOR=`cat linuxinfo | cut -d'.' -f1` - LINUX_MINOR=`cat linuxinfo | cut -d'.' -f2` - LINUX_PATCH=`cat linuxinfo | cut -d'.' -f3` +fi +done + +fi +CFLAGS="$SAV_CFLAGS" + if test $ac_cv_have_decl_CLONE_NEWNET = yes; then + WITH_NAMESPACES_TRUE= + WITH_NAMESPACES_FALSE='#' else + WITH_NAMESPACES_TRUE='#' + WITH_NAMESPACES_FALSE= +fi - LINUX_MAJOR="0" - LINUX_MINOR="0" - LINUX_PATCH="0" -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext +ac_fn_c_check_decl "$LINENO" "SCHED_RR" "ac_cv_have_decl_SCHED_RR" "#include +" +if test "x$ac_cv_have_decl_SCHED_RR" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi - rm -f linuxinfo +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SCHED_RR $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : - if test "$kernelversion" = "2.4"; then - KERN="_KRNL_2_4_" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.4" >&5 -$as_echo "2.4" >&6; } - elif test "$kernelversion" = "2.6"; then - KERN="_KRNL_2_6_" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.6" >&5 -$as_echo "2.6" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LINUX_MAJOR.$LINUX_MINOR.$LINUX_PATCH" >&5 -$as_echo "$LINUX_MAJOR.$LINUX_MINOR.$LINUX_PATCH" >&6; } - if test "$LINUX_MAJOR" = "2" && test "$LINUX_MINOR" = "6"; then - KERN="_KRNL_2_6_" - elif test "$LINUX_MAJOR" = "2" && test "$LINUX_MINOR" = "4"; then - KERN="_KRNL_2_4_" - else - KERN="_KRNL_2_6_" - fi - if test "$LINUX_MAJOR" = "0" -a "$LINUX_MINOR" = "0" -a "$LINUX_PATCH" = "0"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot determine Linux Kernel version." >&5 -$as_echo "$as_me: WARNING: Cannot determine Linux Kernel version." >&2;} - fi - fi + SCHED_RT_SUPPORT=Yes +$as_echo "#define _HAVE_SCHED_RT_ 1 " >>confdefs.h + SYSTEM_OPTIONS="$SYSTEM_OPTIONS SCHED_RT" -IPVS_SUPPORT="_WITHOUT_LVS_" -if test "$enable_lvs" != "no"; then - if test "$KERN" = "_KRNL_2_6_"; then - IPVS_SUPPORT="_WITH_LVS_" - else - ac_fn_c_check_header_mongrel "$LINENO" "net/ip_vs.h" "ac_cv_header_net_ip_vs_h" "$ac_includes_default" -if test "x$ac_cv_header_net_ip_vs_h" = xyes; then : - IPVS_SUPPORT="_WITH_LVS_" + ac_fn_c_check_decl "$LINENO" "RLIMIT_RTTIME" "ac_cv_have_decl_RLIMIT_RTTIME" "#include +" +if test "x$ac_cv_have_decl_RLIMIT_RTTIME" = xyes; then : + ac_have_decl=1 else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RLIMIT_RTTIME $ac_have_decl +_ACEOF - IPVS_SUPPORT="_WITHOUT_LVS_" - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: keepalived will be built without LVS support." >&5 -$as_echo "$as_me: WARNING: keepalived will be built without LVS support." >&2;} + ac_fn_c_check_decl "$LINENO" "SCHED_RESET_ON_FORK" "ac_cv_have_decl_SCHED_RESET_ON_FORK" "#include +" +if test "x$ac_cv_have_decl_SCHED_RESET_ON_FORK" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SCHED_RESET_ON_FORK $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + SYSTEM_OPTIONS="$SYSTEM_OPTIONS SCHED_RESET_ON_FORK" +else - fi -fi +$as_echo "#define SCHED_RESET_ON_FORK 0 " >>confdefs.h -if test "$IPVS_SUPPORT" = "_WITHOUT_LVS_" -a "$enable_vrrp" = "no"; then - as_fn_error $? "keepalived MUST be compiled at least with LVS or VRRP framework" "$LINENO" 5 fi -IPVS_SYNCD="_WITHOUT_IPVS_SYNCD_" -if test "$IPVS_SUPPORT" = "_WITH_LVS_"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for IPVS syncd support" >&5 -$as_echo_n "checking for IPVS syncd support... " >&6; } - if test "$KERN" = "_KRNL_2_6_"; then - IPVS_SYNCD="_HAVE_IPVS_SYNCD_" - elif test "_KRNL_2_4_"; then - IPVS_SYNCD="_HAVE_IPVS_SYNCD_" - else - IPVS_SYNCD="_WITHOUT_IPVS_SYNCD_" - fi - if test "${IPVS_SUPPORT}" = "_WITHOUT_LVS_" -o "$enable_lvs_syncd" = "no"; then - IPVS_SYNCD="_WITHOUT_IPVS_SYNCD_" - fi +else + + SCHED_RT_SUPPORT=No - if test "$IPVS_SYNCD" = "_HAVE_IPVS_SYNCD_"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi fi +GNU_STD_PATHS=No +if test "${enable_gnu_std_paths}" = "yes"; then -VRRP_SUPPORT="_WITHOUT_VRRP_" -if test "$enable_vrrp" != "no"; then - VRRP_SUPPORT="_WITH_VRRP_" +$as_echo "#define GNU_STD_PATHS 1 " >>confdefs.h + + PID_DIR=$localstatedir +elif test $RUN_DIR_SPECIFIED = Y -a .${with_run_dir} != .no; then + PID_DIR=`echo ${with_run_dir} | sed -e "s:/run$::"` # Remove a trailing /run - somewill will include it sometime +elif test -d /run; then + PID_DIR= +else + PID_DIR=/var fi -CPPFLAGS="$CPPFLAGS -I$kernelinc" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for kernel macvlan support" >&5 -$as_echo_n "checking for kernel macvlan support... " >&6; } +cat >>confdefs.h <<_ACEOF +#define PID_DIR_ROOT "${PID_DIR}" +_ACEOF + + + +SAV_CFLAGS="$CFLAGS" +CFLAGS="-Wformat -Werror=format $SAV_CPPFLAGS $KA_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - #include - #include - int macvlan; - -int -main () -{ + #include + #include + int + main(int argc, char **argv) + { + rlim_t val = 23U; + printf("%lu %d %p", val, argc, argv); - macvlan = IFLA_MACVLAN_MODE; - macvlan = MACVLAN_MODE_PRIVATE; + return 0; + } - ; - return 0; -} _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - MACVLAN_SUPPORT=yes +$as_echo "#define PRI_rlim_t \"lu\"" >>confdefs.h -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext; +else - if test "$MACVLAN_SUPPORT" = "yes"; then - VRRP_VMAC="_HAVE_VRRP_VMAC_" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - else - VRRP_VMAC="_WITHOUT_VRRP_VMAC_" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi +$as_echo "#define PRI_rlim_t \"llu\"" >>confdefs.h +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +CFLAGS="$SAV_CFLAGS" +if test -z "$SPHINXBUILD"; then + SPHINXBUILDNAME=sphinx-build +else + SPHINXBUILDNAME=${SPHINXBUILD} +fi -SNMP_SUPPORT="_WITHOUT_SNMP_" -if test "$enable_snmp" = "yes"; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}net-snmp-config", so it can be a program name with args. -set dummy ${ac_tool_prefix}net-snmp-config; ac_word=$2 +# Extract the first word of "$SPHINXBUILDNAME", so it can be a program name with args. +set dummy $SPHINXBUILDNAME; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_NETSNMP_CONFIG+:} false; then : +if ${ac_cv_prog_HAVE_SPHINX_BUILD+:} false; then : $as_echo_n "(cached) " >&6 else - case $NETSNMP_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_NETSNMP_CONFIG="$NETSNMP_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + if test -n "$HAVE_SPHINX_BUILD"; then + ac_cv_prog_HAVE_SPHINX_BUILD="$HAVE_SPHINX_BUILD" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_NETSNMP_CONFIG="$as_dir/$ac_word$ac_exec_ext" + ac_cv_prog_HAVE_SPHINX_BUILD="Yes" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi @@ -4253,532 +12107,557 @@ done done IFS=$as_save_IFS - ;; -esac + test -z "$ac_cv_prog_HAVE_SPHINX_BUILD" && ac_cv_prog_HAVE_SPHINX_BUILD="No" fi -NETSNMP_CONFIG=$ac_cv_path_NETSNMP_CONFIG -if test -n "$NETSNMP_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NETSNMP_CONFIG" >&5 -$as_echo "$NETSNMP_CONFIG" >&6; } +fi +HAVE_SPHINX_BUILD=$ac_cv_prog_HAVE_SPHINX_BUILD +if test -n "$HAVE_SPHINX_BUILD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $HAVE_SPHINX_BUILD" >&5 +$as_echo "$HAVE_SPHINX_BUILD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi -fi -if test -z "$ac_cv_path_NETSNMP_CONFIG"; then - ac_pt_NETSNMP_CONFIG=$NETSNMP_CONFIG - # Extract the first word of "net-snmp-config", so it can be a program name with args. -set dummy net-snmp-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_ac_pt_NETSNMP_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 + if test $HAVE_SPHINX_BUILD = Yes; then + BUILD_DOCS_TRUE= + BUILD_DOCS_FALSE='#' else - case $ac_pt_NETSNMP_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_ac_pt_NETSNMP_CONFIG="$ac_pt_NETSNMP_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_ac_pt_NETSNMP_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 + BUILD_DOCS_TRUE='#' + BUILD_DOCS_FALSE= +fi + + +MEM_CHECK=No +MEM_CHECK_LOG=No +if test "${enable_mem_check}" = "yes"; then + MEM_CHECK=Yes + +$as_echo "#define _MEM_CHECK_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS MEM_CHECK" + if test "${enable_mem_check_log}" = "yes"; then + MEM_CHECK_LOG=Yes + +$as_echo "#define _MEM_CHECK_LOG_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS MEM_CHECK_LOG" fi -done - done -IFS=$as_save_IFS +fi - ;; -esac +TIMER_CHECK=No +if test "${enable_timer_check}" = "yes"; then + TIMER_CHECK=Yes + +$as_echo "#define _TIMER_CHECK_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS TIMER_CHECK" fi -ac_pt_NETSNMP_CONFIG=$ac_cv_path_ac_pt_NETSNMP_CONFIG -if test -n "$ac_pt_NETSNMP_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_NETSNMP_CONFIG" >&5 -$as_echo "$ac_pt_NETSNMP_CONFIG" >&6; } + +if test "${enable_debug}" = yes; then + +$as_echo "#define _DEBUG_ 1 " >>confdefs.h + + ENABLE_DEBUG=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS DEBUG" else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + ENABLE_DEBUG=No +fi + if test $ENABLE_DEBUG = Yes; then + DEBUG_TRUE= + DEBUG_FALSE='#' +else + DEBUG_TRUE='#' + DEBUG_FALSE= fi - if test "x$ac_pt_NETSNMP_CONFIG" = x; then - NETSNMP_CONFIG="no" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - NETSNMP_CONFIG=$ac_pt_NETSNMP_CONFIG - fi + +if test "${enable_netlink_timers}" = yes; then + +$as_echo "#define _NETLINK_TIMERS_ 1 " >>confdefs.h + + ENABLE_NETLINK_TIMERS=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS NETLINK_TIMERS" else - NETSNMP_CONFIG="$ac_cv_path_NETSNMP_CONFIG" + ENABLE_NETLINK_TIMERS=No fi - if test x"$NETSNMP_CONFIG" = x"no"; then - as_fn_error $? "unable to find net-snmp-config" "$LINENO" 5 - fi - NETSNMP_LIBS=`${NETSNMP_CONFIG} --agent-libs` - #NETSNMP_CFLAGS="`${NETSNMP_CONFIG} --base-cflags`" - #CFLAGS="${NETSNMP_CFLAGS} $CFLAGS" - LIBS="${NETSNMP_LIBS} $LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler supports flag \"${NETSNMP_LIBS}\" from Net-SNMP" >&5 -$as_echo_n "checking whether C compiler supports flag \"${NETSNMP_LIBS}\" from Net-SNMP... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ +if test "${enable_smtp_alert_debug}" = yes; then -int main(void); +$as_echo "#define _SMTP_ALERT_DEBUG_ 1 " >>confdefs.h -int -main () -{ + ENABLE_SMTP_ALERT_DEBUG=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS SMTP_ALERT_DEBUG" + ENABLE_LOG_FILE_APPEND=Yes +else + ENABLE_SMTP_ALERT_DEBUG=No +fi -{ - return 0; -} +if test "${enable_stacktrace}" = yes; then - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } +$as_echo "#define _WITH_STACKTRACE_ 1 " >>confdefs.h + + ENABLE_STACKTRACE=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS STACKTRACE" + KA_LDFLAGS="$KA_LDFLAGS -rdynamic" else + ENABLE_STACKTRACE=No +fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - as_fn_error $? "incorrect CFLAGS from net-snmp-config" "$LINENO" 5 +if test "${enable_dump_threads}" = yes; then + +$as_echo "#define _WITH_DUMP_THREADS_ 1 " >>confdefs.h + + ENABLE_DUMP_THREADS=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS DUMP_THREADS" +else + ENABLE_DUMP_THREADS=No fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - # Do we have a usable header? - for ac_header in net-snmp/agent/util_funcs.h -do : - ac_fn_c_check_header_compile "$LINENO" "net-snmp/agent/util_funcs.h" "ac_cv_header_net_snmp_agent_util_funcs_h" " -#include -#include -#include -#include -#include +if test "${enable_epoll_debug}" = yes; then -" -if test "x$ac_cv_header_net_snmp_agent_util_funcs_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_NET_SNMP_AGENT_UTIL_FUNCS_H 1 -_ACEOF +$as_echo "#define _EPOLL_DEBUG_ 1 " >>confdefs.h + + ENABLE_EPOLL_DEBUG=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS EPOLL_DEBUG" +else + ENABLE_EPOLL_DEBUG=No +fi + +if test "${enable_epoll_thread_dump}" = yes; then + +$as_echo "#define _EPOLL_THREAD_DUMP_ 1 " >>confdefs.h + ENABLE_EPOLL_THREAD_DUMP=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS EPOLL_THREAD_DUMP" +else + ENABLE_EPOLL_THREAD_DUMP=No fi -done +if test $ENABLE_EPOLL_THREAD_DUMP = Yes -o $ENABLE_DUMP_THREADS = Yes -o $ENABLE_EPOLL_DEBUG = Yes; then + +$as_echo "#define THREAD_DUMP 1 " >>confdefs.h + +fi + +if test "${enable_tsm_debug}" = yes; then + +$as_echo "#define _TSM_DEBUG_ 1 " >>confdefs.h + + ENABLE_TSM_DEBUG=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS TSM_DEBUG" +else + ENABLE_TSM_DEBUG=No +fi + +if test "${enable_vrrp_fd_debug}" = yes; then + +$as_echo "#define _VRRP_FD_DEBUG_ 1 " >>confdefs.h + + ENABLE_VRRP_FD_DEBUG=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS VRRP_FD_DEBUG" +else + ENABLE_VRRP_FD_DEBUG=No +fi + +if test "${enable_network_timestamp}" = yes; then + +$as_echo "#define _NETWORK_TIMESTAMP_ 1 " >>confdefs.h + + ENABLE_NETWORK_TIMESTAMP=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS NETWORK_TIMESTAMP" +else + ENABLE_NETWORK_TIMESTAMP=No +fi + +if test "${enable_asserts}" = yes; then + +$as_echo "#define _ENABLE_ASSERT_ 1 " >>confdefs.h + + ENABLE_ASSERT=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS ASSERT" +else + ENABLE_ASSERT=No +fi + if test $ENABLE_ASSERT = Yes; then + ASSERTS_TRUE= + ASSERTS_FALSE='#' +else + ASSERTS_TRUE='#' + ASSERTS_FALSE= +fi + + +if test "${with_fixed_if_type}"; then + if test "${with_fixed_if_type}" = yes -o ${with_fixed_if_type} = no; then + as_fn_error $? "An interface type must be specified with --with-fixed-if-type" "$LINENO" 5 + fi + +cat >>confdefs.h <<_ACEOF +#define _FIXED_IF_TYPE_ "${with_fixed_if_type}" +_ACEOF + + FIXED_IF_TYPE=${with_fixed_if_type} + CONFIG_OPTIONS="$CONFIG_OPTIONS FIXED_IF_TYPE=${with_fixed_if_type}" +else + FIXED_IF_TYPE= +fi - SNMP_SUPPORT="_WITH_SNMP_" +WITH_PROFILING=No +if test "${enable_profile}" = yes; then + WITH_PROFILING=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS PROFILING" + KA_CFLAGS="$KA_CFLAGS -pg" +fi + if test $WITH_PROFILING = Yes; then + PROFILE_TRUE= + PROFILE_FALSE='#' +else + PROFILE_TRUE='#' + PROFILE_FALSE= fi +if test "${enable_perf}" = yes; then -SHA1_SUPPORT="_WITHOUT_SHA1_" -if test "${enable_sha1}" = "yes"; then - CFLAGS="$CFLAGS -DFEAT_SHA1" - for ac_header in openssl/sha.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "openssl/sha.h" "ac_cv_header_openssl_sha_h" "$ac_includes_default" -if test "x$ac_cv_header_openssl_sha_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_OPENSSL_SHA_H 1 -_ACEOF +$as_echo "#define _WITH_PERF_ 1 " >>confdefs.h + ENABLE_PERF=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS PERF" + KA_CFLAGS="$KA_CFLAGS -pg" else - as_fn_error $? "unable to find openssl/sha.h" "$LINENO" 5 + ENABLE_PERF=No fi -done +if test "${enable_log_file}" = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SHA1_Init in -lcrypto" >&5 -$as_echo_n "checking for SHA1_Init in -lcrypto... " >&6; } -if ${ac_cv_lib_crypto_SHA1_Init+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcrypto $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ +$as_echo "#define ENABLE_LOG_TO_FILE 1 " >>confdefs.h -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char SHA1_Init (); -int -main () -{ -return SHA1_Init (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_crypto_SHA1_Init=yes -else - ac_cv_lib_crypto_SHA1_Init=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS + ENABLE_LOG_FILE_APPEND=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS FILE_LOGGING" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_SHA1_Init" >&5 -$as_echo "$ac_cv_lib_crypto_SHA1_Init" >&6; } -if test "x$ac_cv_lib_crypto_SHA1_Init" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBCRYPTO 1 -_ACEOF - LIBS="-lcrypto $LIBS" +if test ${ENABLE_LOG_FILE_APPEND} = Yes; then -else - as_fn_error $? "SHA1 in OpenSSL required" "$LINENO" 5 -fi +$as_echo "#define ENABLE_LOG_FILE_APPEND 1 " >>confdefs.h - SHA1_SUPPORT="_WITH_SHA1_" + CONFIG_OPTIONS="$CONFIG_OPTIONS LOG_FILE_APPEND" fi +if test .$enable_eintr_debug = .yes; then : -if test "${enable_fwmark}" = "no"; then - SO_MARK_SUPPORT="_WITHOUT_SO_MARK_" -else - ac_fn_c_check_decl "$LINENO" "SO_MARK" "ac_cv_have_decl_SO_MARK" "#include +$as_echo "#define DEBUG_EINTR 1 " >>confdefs.h -" -if test "x$ac_cv_have_decl_SO_MARK" = xyes; then : + CONFIG_OPTIONS="$CONFIG_OPTIONS EINTR_DEBUG" else - as_fn_error $? "No SO_MARK declaration in headers" "$LINENO" 5 + + if test .$ac_cv_func_signalfd != .yes -o .$enable_eintr_debug = .check; then : + + +$as_echo "#define CHECK_EINTR 1 " >>confdefs.h + + if test .$ac_cv_func_signalfd = .yes; then : + CONFIG_OPTIONS="$CONFIG_OPTIONS EINTR_CHECK" fi - SO_MARK_SUPPORT="_WITH_SO_MARK_" fi +fi +if test .$enable_track_process_debug = .yes; then : -if test "${enable_debug}" = "yes"; then - DFLAGS="-D_DEBUG_" +$as_echo "#define _TRACK_PROCESS_DEBUG_ 1 " >>confdefs.h -fi + CONFIG_OPTIONS="$CONFIG_OPTIONS TRACK_PROCESS_DEBUG" -if test "${enable_profile}" = "yes"; then - CFLAGS="$CFLAGS -pg" fi +if test .$enable_parser_debug = .yes; then : +$as_echo "#define _PARSER_DEBUG_ 1 " >>confdefs.h + CONFIG_OPTIONS="$CONFIG_OPTIONS PARSER_DEBUG" +fi +if test .$enable_checksum_debug = .yes; then : -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 -$as_echo_n "checking for an ANSI C-conforming const... " >&6; } -if ${ac_cv_c_const+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -#ifndef __cplusplus - /* Ultrix mips cc rejects this sort of thing. */ - typedef int charset[2]; - const charset cs = { 0, 0 }; - /* SunOS 4.1.1 cc rejects this. */ - char const *const *pcpcc; - char **ppc; - /* NEC SVR4.0.2 mips cc rejects this. */ - struct point {int x, y;}; - static struct point const zero = {0,0}; - /* AIX XL C 1.02.0.0 rejects this. - It does not let you subtract one const X* pointer from another in - an arm of an if-expression whose if-part is not a constant - expression */ - const char *g = "string"; - pcpcc = &g + (g ? g-g : 0); - /* HPUX 7.0 cc rejects these. */ - ++pcpcc; - ppc = (char**) pcpcc; - pcpcc = (char const *const *) ppc; - { /* SCO 3.2v4 cc rejects this sort of thing. */ - char tx; - char *t = &tx; - char const *s = 0 ? (char *) 0 : (char const *) 0; +$as_echo "#define CHECKSUM_DIAGNOSTICS 1 " >>confdefs.h - *t++ = 0; - if (s) return 0; - } - { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ - int x[] = {25, 17}; - const int *foo = &x[0]; - ++foo; - } - { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ - typedef const int *iptr; - iptr p = 0; - ++p; - } - { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying - "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ - struct s { int j; const int *ap[3]; } bx; - struct s *b = &bx; b->j = 5; - } - { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ - const int foo = 10; - if (!foo) return 0; - } - return !cs[0] && !zero.x; -#endif + CONFIG_OPTIONS="$CONFIG_OPTIONS CHECKSUM_DEBUG" - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_c_const=yes -else - ac_cv_c_const=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 -$as_echo "$ac_cv_c_const" >&6; } -if test $ac_cv_c_const = no; then -$as_echo "#define const /**/" >>confdefs.h +if test .$enable_dump_keywords = .yes; then : + + +$as_echo "#define _DUMP_KEYWORDS_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS DUMP_KEYWORDS" fi -ac_fn_c_check_type "$LINENO" "pid_t" "ac_cv_type_pid_t" "$ac_includes_default" -if test "x$ac_cv_type_pid_t" = xyes; then : +if test ${NEED_LIBDL} = Yes; then + KA_LIBS="$KA_LIBS -ldl" +fi -else +echo " $KA_LIBS" | grep -qE -- " -l?pthread " +if test $? -eq 0 ;then -cat >>confdefs.h <<_ACEOF -#define pid_t int -_ACEOF +$as_echo "#define _WITH_PTHREADS_ 1 " >>confdefs.h fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5 -$as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; } -if ${ac_cv_header_time+:} false; then : +RPM_NO_BIP=1 +# Extract the first word of "rpm", so it can be a program name with args. +set dummy rpm; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_HAVE_RPM+:} false; then : $as_echo_n "(cached) " >&6 else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#include + if test -n "$HAVE_RPM"; then + ac_cv_prog_HAVE_RPM="$HAVE_RPM" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_HAVE_RPM="Yes" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS -int -main () -{ -if ((struct tm *) 0) -return 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_time=yes + test -z "$ac_cv_prog_HAVE_RPM" && ac_cv_prog_HAVE_RPM="No" +fi +fi +HAVE_RPM=$ac_cv_prog_HAVE_RPM +if test -n "$HAVE_RPM"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $HAVE_RPM" >&5 +$as_echo "$HAVE_RPM" >&6; } else - ac_cv_header_time=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + +if test $HAVE_RPM = Yes; then + # Extract the first word of "rpmbuild", so it can be a program name with args. +set dummy rpmbuild; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_HAVE_RPMBUILD+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$HAVE_RPMBUILD"; then + ac_cv_prog_HAVE_RPMBUILD="$HAVE_RPMBUILD" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_HAVE_RPMBUILD="Yes" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_prog_HAVE_RPMBUILD" && ac_cv_prog_HAVE_RPMBUILD="No" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5 -$as_echo "$ac_cv_header_time" >&6; } -if test $ac_cv_header_time = yes; then +fi +HAVE_RPMBUILD=$ac_cv_prog_HAVE_RPMBUILD +if test -n "$HAVE_RPMBUILD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $HAVE_RPMBUILD" >&5 +$as_echo "$HAVE_RPMBUILD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + -$as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h + RPM_SRC_DIR=`rpm --eval "%{_sourcedir}"` + if ! test -d $RPM_SRC_DIR; then + HAVE_RPMBUILD=No + fi + if test $HAVE_RPMBUILD = Yes; then + rpmbuild --help | grep -q -- --build-in-place + RPM_NO_BIP=$? + fi +fi + if test $HAVE_RPM = Yes; then + RPM_TRUE= + RPM_FALSE='#' +else + RPM_TRUE='#' + RPM_FALSE= +fi + if test $RPM_NO_BIP -eq 0; then + RPM_BIP_TRUE= + RPM_BIP_FALSE='#' +else + RPM_BIP_TRUE='#' + RPM_BIP_FALSE= fi -if test $ac_cv_c_compiler_gnu = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC needs -traditional" >&5 -$as_echo_n "checking whether $CC needs -traditional... " >&6; } -if ${ac_cv_prog_gcc_traditional+:} false; then : - $as_echo_n "(cached) " >&6 +INIT_TYPE= +if test -n "$init_type"; then : + INIT_TYPE=$init_type +elif test -n "$with_systemdsystemunitdir"; then : + INIT_TYPE=systemd else - ac_pattern="Autoconf.*'x'" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -Autoconf TIOCGETP -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "$ac_pattern" >/dev/null 2>&1; then : - ac_cv_prog_gcc_traditional=yes + + /sbin/init --version 2>/dev/null | grep -q upstart + if test $? -eq 0; then : + INIT_TYPE=upstart else - ac_cv_prog_gcc_traditional=no + + init_path=`which systemctl 2>/dev/null` + if test \( $? -eq 0 -a -x "$init_path" \); then : + + systemctl | grep -q -- "-\.mount" + if test $? -eq 0; then : + INIT_TYPE=systemd fi -rm -f conftest* +fi + if test \( -z "$INIT_TYPE" -a -f /etc/init.d/networking \); then : - if test $ac_cv_prog_gcc_traditional = no; then - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -Autoconf TCGETA -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "$ac_pattern" >/dev/null 2>&1; then : - ac_cv_prog_gcc_traditional=yes + init_path=`which openrc-run 2>/dev/null` + if test \( $? -eq 0 -a -x "$init_path" \); then : + + head -1 /etc/init.d/networking | grep -q "^#! */.*/openrc-run$" + if test $? -eq 0; then : + INIT_TYPE=openrc fi -rm -f conftest* - fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_gcc_traditional" >&5 -$as_echo "$ac_cv_prog_gcc_traditional" >&6; } - if test $ac_cv_prog_gcc_traditional = yes; then - CC="$CC -traditional" - fi + +fi + if test \( -z "$INIT_TYPE" -a -f /etc/init.d/cron -a ! -h /etc/init.d/cron \); then : + INIT_TYPE=SYSV fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working memcmp" >&5 -$as_echo_n "checking for working memcmp... " >&6; } -if ${ac_cv_func_memcmp_working+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "$cross_compiling" = yes; then : - ac_cv_func_memcmp_working=no -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$ac_includes_default -int -main () -{ +fi - /* Some versions of memcmp are not 8-bit clean. */ - char c0 = '\100', c1 = '\200', c2 = '\201'; - if (memcmp(&c0, &c2, 1) >= 0 || memcmp(&c1, &c2, 1) >= 0) - return 1; +fi +if test \( .$INIT_TYPE = .systemd -a -z "$with_systemdsystemunitdir" \); then : + with_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd) +fi - /* The Next x86 OpenStep bug shows up only when comparing 16 bytes - or more and with at least one buffer not starting on a 4-byte boundary. - William Lewis provided this test program. */ - { - char foo[21]; - char bar[21]; - int i; - for (i = 0; i < 4; i++) - { - char *a = foo + i; - char *b = bar + i; - strcpy (a, "--------01111111"); - strcpy (b, "--------10000000"); - if (memcmp (a, b, 16) >= 0) - return 1; - } - return 0; - } +if test $default_config_file; then : + + if test $default_config_file = yes -o $default_config_file = no; then : + as_fn_error $? "A filename must be specified for default-config-file" "$LINENO" 5 +fi + CONFIG_FILE=$default_config_file + CONFIG_OPTIONS="$CONFIG_OPTIONS DEFAULT_CONFIG_FILE=${default_config_file}" - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - ac_cv_func_memcmp_working=yes else - ac_cv_func_memcmp_working=no + default_config_file="/etc/$PACKAGE/$PACKAGE.conf" fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_CONFIG_FILE "$default_config_file" +_ACEOF + +DEFAULT_CONFIG_FILE=$default_config_file + + +if test -z "$INIT_TYPE"; then + INIT_TYPE=undetected +elif test $INIT_TYPE = systemd; then + systemdsystemunitdir=$with_systemdsystemunitdir + fi + if test $INIT_TYPE = upstart; then + INIT_UPSTART_TRUE= + INIT_UPSTART_FALSE='#' +else + INIT_UPSTART_TRUE='#' + INIT_UPSTART_FALSE= fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_memcmp_working" >&5 -$as_echo "$ac_cv_func_memcmp_working" >&6; } -test $ac_cv_func_memcmp_working = no && case " $LIBOBJS " in - *" memcmp.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS memcmp.$ac_objext" - ;; -esac + if test $INIT_TYPE = systemd; then + INIT_SYSTEMD_TRUE= + INIT_SYSTEMD_FALSE='#' +else + INIT_SYSTEMD_TRUE='#' + INIT_SYSTEMD_FALSE= +fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5 -$as_echo_n "checking return type of signal handlers... " >&6; } -if ${ac_cv_type_signal+:} false; then : - $as_echo_n "(cached) " >&6 + if test $INIT_TYPE = SYSV; then + INIT_SYSV_TRUE= + INIT_SYSV_FALSE='#' else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include + INIT_SYSV_TRUE='#' + INIT_SYSV_FALSE= +fi -int -main () -{ -return *(signal (0, 0)) (0) == 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_type_signal=int + if test $INIT_TYPE = openrc; then + INIT_OPENRC_TRUE= + INIT_OPENRC_FALSE='#' else - ac_cv_type_signal=void + INIT_OPENRC_TRUE='#' + INIT_OPENRC_FALSE= fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + if test $INIT_TYPE = SUSE; then + INIT_SUSE_TRUE= + INIT_SUSE_FALSE='#' +else + INIT_SUSE_TRUE='#' + INIT_SUSE_FALSE= fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_signal" >&5 -$as_echo "$ac_cv_type_signal" >&6; } + + cat >>confdefs.h <<_ACEOF -#define RETSIGTYPE $ac_cv_type_signal +#define CONFIGURATION_OPTIONS "$CONFIG_OPTIONS" _ACEOF -for ac_func in gettimeofday select socket strerror strtol uname -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +cat >>confdefs.h <<_ACEOF +#define SYSTEM_OPTIONS "$SYSTEM_OPTIONS" _ACEOF + +if test $NETLINK_VER -eq 0; then + NETLINK_VER=None fi -done +echo -OUTPUT_TARGET="$OUTPUT_TARGET keepalived/Makefile lib/Makefile" -if test "${VRRP_SUPPORT}" = "_WITH_VRRP_"; then - OUTPUT_TARGET="$OUTPUT_TARGET keepalived/vrrp/Makefile" -fi -if test "$IPVS_SUPPORT" = "_WITH_LVS_"; then - OUTPUT_TARGET="$OUTPUT_TARGET keepalived/check/Makefile" - if test "$KERN" = "_KRNL_2_6_"; then - OUTPUT_TARGET="$OUTPUT_TARGET keepalived/libipvs-2.6/Makefile" - elif test "$KERN" = "_KRNL_2_4_"; then - OUTPUT_TARGET="$OUTPUT_TARGET keepalived/libipvs-2.4/Makefile" - fi -fi -ac_config_files="$ac_config_files $OUTPUT_TARGET" +# Tidy up some strings +KA_CPPFLAGS=`echo $KA_CPPFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_CFLAGS=`echo $KA_CFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LDFLAGS=`echo $KA_LDFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LIBS=`echo $KA_LIBS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` + +# Tidy up some strings +KA_CPPFLAGS=`echo $KA_CPPFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_CFLAGS=`echo $KA_CFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LDFLAGS=`echo $KA_LDFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LIBS=`echo $KA_LIBS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -4870,43 +12749,7 @@ test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' -# Transform confdefs.h into DEFS. -# Protect against shell expansion while executing Makefile rules. -# Protect against Makefile macro expansion. -# -# If the first sed substitution is executed (which looks for macros that -# take arguments), then branch to the quote section. Otherwise, -# look for a macro that doesn't take arguments. -ac_script=' -:mline -/\\$/{ - N - s,\\\n,, - b mline -} -t clear -:clear -s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g -t quote -s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g -t quote -b any -:quote -s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g -s/\[/\\&/g -s/\]/\\&/g -s/\$/$$/g -H -:any -${ - g - s/^\n// - s/\n/ /g - p -} -' -DEFS=`sed -n "$ac_script" confdefs.h` - +DEFS=-DHAVE_CONFIG_H ac_libobjs= ac_ltlibobjs= @@ -4925,6 +12768,218 @@ LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5 +$as_echo_n "checking that generated files are newer than configure... " >&6; } + if test -n "$am_sleep_pid"; then + # Hide warnings about reused PIDs. + wait $am_sleep_pid 2>/dev/null + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5 +$as_echo "done" >&6; } + if test -n "$EXEEXT"; then + am__EXEEXT_TRUE= + am__EXEEXT_FALSE='#' +else + am__EXEEXT_TRUE='#' + am__EXEEXT_FALSE= +fi + +if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then + as_fn_error $? "conditional \"AMDEP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then + as_fn_error $? "conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_STRICT_CONFIG_CHECKS_TRUE}" && test -z "${WITH_STRICT_CONFIG_CHECKS_FALSE}"; then + as_fn_error $? "conditional \"WITH_STRICT_CONFIG_CHECKS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${BUILD_GENHASH_TRUE}" && test -z "${BUILD_GENHASH_FALSE}"; then + as_fn_error $? "conditional \"BUILD_GENHASH\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBNL1_TRUE}" && test -z "${LIBNL1_FALSE}"; then + as_fn_error $? "conditional \"LIBNL1\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBNL3_TRUE}" && test -z "${LIBNL3_FALSE}"; then + as_fn_error $? "conditional \"LIBNL3\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBNL_DYNAMIC_TRUE}" && test -z "${LIBNL_DYNAMIC_FALSE}"; then + as_fn_error $? "conditional \"LIBNL_DYNAMIC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBIPTC_TRUE}" && test -z "${LIBIPTC_FALSE}"; then + as_fn_error $? "conditional \"LIBIPTC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBIPSET_TRUE}" && test -z "${LIBIPSET_FALSE}"; then + as_fn_error $? "conditional \"LIBIPSET\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${IPTABLES_TRUE}" && test -z "${IPTABLES_FALSE}"; then + as_fn_error $? "conditional \"IPTABLES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${IPTABLES_CMD_TRUE}" && test -z "${IPTABLES_CMD_FALSE}"; then + as_fn_error $? "conditional \"IPTABLES_CMD\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBIPTC_DYNAMIC_TRUE}" && test -z "${LIBIPTC_DYNAMIC_FALSE}"; then + as_fn_error $? "conditional \"LIBIPTC_DYNAMIC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBIPSET_DYNAMIC_TRUE}" && test -z "${LIBIPSET_DYNAMIC_FALSE}"; then + as_fn_error $? "conditional \"LIBIPSET_DYNAMIC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${REQUIRE_IPTABLES_LIBS_TRUE}" && test -z "${REQUIRE_IPTABLES_LIBS_FALSE}"; then + as_fn_error $? "conditional \"REQUIRE_IPTABLES_LIBS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${NFTABLES_TRUE}" && test -z "${NFTABLES_FALSE}"; then + as_fn_error $? "conditional \"NFTABLES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${FIREWALL_TRUE}" && test -z "${FIREWALL_FALSE}"; then + as_fn_error $? "conditional \"FIREWALL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_IPVS_TRUE}" && test -z "${WITH_IPVS_FALSE}"; then + as_fn_error $? "conditional \"WITH_IPVS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_REGEX_TRUE}" && test -z "${WITH_REGEX_FALSE}"; then + as_fn_error $? "conditional \"WITH_REGEX\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_VRRP_TRUE}" && test -z "${WITH_VRRP_FALSE}"; then + as_fn_error $? "conditional \"WITH_VRRP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${VRRP_AUTH_TRUE}" && test -z "${VRRP_AUTH_FALSE}"; then + as_fn_error $? "conditional \"VRRP_AUTH\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${VMAC_TRUE}" && test -z "${VMAC_FALSE}"; then + as_fn_error $? "conditional \"VMAC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_JSON_TRUE}" && test -z "${WITH_JSON_FALSE}"; then + as_fn_error $? "conditional \"WITH_JSON\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_BFD_TRUE}" && test -z "${WITH_BFD_FALSE}"; then + as_fn_error $? "conditional \"WITH_BFD\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${CN_PROC_TRUE}" && test -z "${CN_PROC_FALSE}"; then + as_fn_error $? "conditional \"CN_PROC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${SOCK_NONBLOCK_TRUE}" && test -z "${SOCK_NONBLOCK_FALSE}"; then + as_fn_error $? "conditional \"SOCK_NONBLOCK\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${FIB_ROUTING_TRUE}" && test -z "${FIB_ROUTING_FALSE}"; then + as_fn_error $? "conditional \"FIB_ROUTING\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${SNMP_TRUE}" && test -z "${SNMP_FALSE}"; then + as_fn_error $? "conditional \"SNMP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${SNMP_KEEPALIVED_TRUE}" && test -z "${SNMP_KEEPALIVED_FALSE}"; then + as_fn_error $? "conditional \"SNMP_KEEPALIVED\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${SNMP_VRRP_TRUE}" && test -z "${SNMP_VRRP_FALSE}"; then + as_fn_error $? "conditional \"SNMP_VRRP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${SNMP_CHECKER_TRUE}" && test -z "${SNMP_CHECKER_FALSE}"; then + as_fn_error $? "conditional \"SNMP_CHECKER\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${SNMP_RFC_TRUE}" && test -z "${SNMP_RFC_FALSE}"; then + as_fn_error $? "conditional \"SNMP_RFC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${SNMP_RFCV2_TRUE}" && test -z "${SNMP_RFCV2_FALSE}"; then + as_fn_error $? "conditional \"SNMP_RFCV2\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${SNMP_RFCV3_TRUE}" && test -z "${SNMP_RFCV3_FALSE}"; then + as_fn_error $? "conditional \"SNMP_RFCV3\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${SNMP_REPLY_V3_FOR_V2_TRUE}" && test -z "${SNMP_REPLY_V3_FOR_V2_FALSE}"; then + as_fn_error $? "conditional \"SNMP_REPLY_V3_FOR_V2\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_DBUS_TRUE}" && test -z "${WITH_DBUS_FALSE}"; then + as_fn_error $? "conditional \"WITH_DBUS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${DBUS_CREATE_INSTANCE_TRUE}" && test -z "${DBUS_CREATE_INSTANCE_FALSE}"; then + as_fn_error $? "conditional \"DBUS_CREATE_INSTANCE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_SHA1_TRUE}" && test -z "${WITH_SHA1_FALSE}"; then + as_fn_error $? "conditional \"WITH_SHA1\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_NAMESPACES_TRUE}" && test -z "${WITH_NAMESPACES_FALSE}"; then + as_fn_error $? "conditional \"WITH_NAMESPACES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${BUILD_DOCS_TRUE}" && test -z "${BUILD_DOCS_FALSE}"; then + as_fn_error $? "conditional \"BUILD_DOCS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${DEBUG_TRUE}" && test -z "${DEBUG_FALSE}"; then + as_fn_error $? "conditional \"DEBUG\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ASSERTS_TRUE}" && test -z "${ASSERTS_FALSE}"; then + as_fn_error $? "conditional \"ASSERTS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${PROFILE_TRUE}" && test -z "${PROFILE_FALSE}"; then + as_fn_error $? "conditional \"PROFILE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${RPM_TRUE}" && test -z "${RPM_FALSE}"; then + as_fn_error $? "conditional \"RPM\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${RPM_BIP_TRUE}" && test -z "${RPM_BIP_FALSE}"; then + as_fn_error $? "conditional \"RPM_BIP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${INIT_UPSTART_TRUE}" && test -z "${INIT_UPSTART_FALSE}"; then + as_fn_error $? "conditional \"INIT_UPSTART\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${INIT_SYSTEMD_TRUE}" && test -z "${INIT_SYSTEMD_FALSE}"; then + as_fn_error $? "conditional \"INIT_SYSTEMD\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${INIT_SYSV_TRUE}" && test -z "${INIT_SYSV_FALSE}"; then + as_fn_error $? "conditional \"INIT_SYSV\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${INIT_OPENRC_TRUE}" && test -z "${INIT_OPENRC_FALSE}"; then + as_fn_error $? "conditional \"INIT_OPENRC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${INIT_SUSE_TRUE}" && test -z "${INIT_SUSE_FALSE}"; then + as_fn_error $? "conditional \"INIT_SUSE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 @@ -5322,7 +13377,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by $as_me, which was +This file was extended by Keepalived $as_me 2.0.19, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -5340,11 +13395,16 @@ case $ac_config_files in *" "*) set x $ac_config_files; shift; ac_config_files=$*;; esac +case $ac_config_headers in *" +"*) set x $ac_config_headers; shift; ac_config_headers=$*;; +esac cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # Files that config.status was made for. config_files="$ac_config_files" +config_headers="$ac_config_headers" +config_commands="$ac_config_commands" _ACEOF @@ -5365,17 +13425,26 @@ Usage: $0 [OPTION]... [TAG]... --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE Configuration files: $config_files -Report bugs to the package provider." +Configuration headers: +$config_headers + +Configuration commands: +$config_commands + +Report bugs to . +Keepalived home page: ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -config.status +Keepalived config.status 2.0.19 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -5386,6 +13455,8 @@ gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' INSTALL='$INSTALL' +MKDIR_P='$MKDIR_P' +AWK='$AWK' test -n "\$AWK" || AWK=awk _ACEOF @@ -5430,7 +13501,18 @@ do esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; - --he | --h | --help | --hel | -h ) + --header | --heade | --head | --hea ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append CONFIG_HEADERS " '$ac_optarg'" + ac_need_defaults=false;; + --he | --h) + # Conflict between --help and --header + as_fn_error $? "ambiguous option: \`$1' +Try \`$0 --help' for more information.";; + --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) @@ -5478,6 +13560,11 @@ _ASBOX _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# +# INIT-COMMANDS +# +AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" + _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 @@ -5486,7 +13573,25 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 for ac_config_target in $ac_config_targets do case $ac_config_target in - "$OUTPUT_TARGET") CONFIG_FILES="$CONFIG_FILES $OUTPUT_TARGET" ;; + "lib/config.h") CONFIG_HEADERS="$CONFIG_HEADERS lib/config.h" ;; + "lib/config_warnings.h") CONFIG_HEADERS="$CONFIG_HEADERS lib/config_warnings.h" ;; + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "keepalived/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/Makefile" ;; + "lib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/Makefile" ;; + "keepalived/core/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/core/Makefile" ;; + "keepalived.spec") CONFIG_FILES="$CONFIG_FILES keepalived.spec" ;; + "genhash/Makefile") CONFIG_FILES="$CONFIG_FILES genhash/Makefile" ;; + "keepalived/check/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/check/Makefile" ;; + "keepalived/vrrp/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/vrrp/Makefile" ;; + "keepalived/bfd/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/bfd/Makefile" ;; + "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; + "bin_install/Makefile") CONFIG_FILES="$CONFIG_FILES bin_install/Makefile" ;; + "keepalived/dbus/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/dbus/Makefile" ;; + "keepalived/etc/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/etc/Makefile" ;; + "keepalived/etc/init/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/etc/init/Makefile" ;; + "keepalived/etc/init.d/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/etc/init.d/Makefile" ;; + "doc/man/man8/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/man8/Makefile" ;; + "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac @@ -5499,6 +13604,8 @@ done # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers + test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands fi # Have a temporary directory for convenience. Make it in the build tree @@ -5686,8 +13793,116 @@ fi cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 fi # test -n "$CONFIG_FILES" +# Set up the scripts for CONFIG_HEADERS section. +# No need to generate them if there are no CONFIG_HEADERS. +# This happens for instance with `./config.status Makefile'. +if test -n "$CONFIG_HEADERS"; then +cat >"$ac_tmp/defines.awk" <<\_ACAWK || +BEGIN { +_ACEOF + +# Transform confdefs.h into an awk script `defines.awk', embedded as +# here-document in config.status, that substitutes the proper values into +# config.h.in to produce config.h. + +# Create a delimiter string that does not exist in confdefs.h, to ease +# handling of long lines. +ac_delim='%!_!# ' +for ac_last_try in false false :; do + ac_tt=`sed -n "/$ac_delim/p" confdefs.h` + if test -z "$ac_tt"; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done + +# For the awk script, D is an array of macro values keyed by name, +# likewise P contains macro parameters if any. Preserve backslash +# newline sequences. -eval set X " :F $CONFIG_FILES " +ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* +sed -n ' +s/.\{148\}/&'"$ac_delim"'/g +t rset +:rset +s/^[ ]*#[ ]*define[ ][ ]*/ / +t def +d +:def +s/\\$// +t bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3"/p +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p +d +:bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3\\\\\\n"\\/p +t cont +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p +t cont +d +:cont +n +s/.\{148\}/&'"$ac_delim"'/g +t clear +:clear +s/\\$// +t bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/"/p +d +:bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p +b cont +' >$CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + for (key in D) D_is_set[key] = 1 + FS = "" +} +/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { + line = \$ 0 + split(line, arg, " ") + if (arg[1] == "#") { + defundef = arg[2] + mac1 = arg[3] + } else { + defundef = substr(arg[1], 2) + mac1 = arg[2] + } + split(mac1, mac2, "(") #) + macro = mac2[1] + prefix = substr(line, 1, index(line, defundef) - 1) + if (D_is_set[macro]) { + # Preserve the white space surrounding the "#". + print prefix "define", macro P[macro] D[macro] + next + } else { + # Replace #undef with comments. This is necessary, for example, + # in the case of _POSIX_SOURCE, which is predefined and required + # on some systems where configure will not decide to define it. + if (defundef == "undef") { + print "/*", prefix defundef, macro, "*/" + next + } + } +} +{ print } +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 +fi # test -n "$CONFIG_HEADERS" + + +eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" shift for ac_tag do @@ -5825,6 +14040,11 @@ ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; esac + ac_MKDIR_P=$MKDIR_P + case $MKDIR_P in + [\\/$]* | ?:[\\/]* ) ;; + */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; + esac _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 @@ -5879,6 +14099,7 @@ s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t s&@INSTALL@&$ac_INSTALL&;t t +s&@MKDIR_P@&$ac_MKDIR_P&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ @@ -5900,11 +14121,167 @@ which seems to be undefined. Please make sure it is defined" >&2;} esac \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; + :H) + # + # CONFIG_HEADER + # + if test x"$ac_file" != x-; then + { + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" + } >"$ac_tmp/config.h" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then + { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 +$as_echo "$as_me: $ac_file is unchanged" >&6;} + else + rm -f "$ac_file" + mv "$ac_tmp/config.h" "$ac_file" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + fi + else + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ + || as_fn_error $? "could not create -" "$LINENO" 5 + fi +# Compute "$ac_file"'s index in $config_headers. +_am_arg="$ac_file" +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $_am_arg | $_am_arg:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" || +$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$_am_arg" : 'X\(//\)[^/]' \| \ + X"$_am_arg" : 'X\(//\)$' \| \ + X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$_am_arg" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'`/stamp-h$_am_stamp_count + ;; + :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 +$as_echo "$as_me: executing $ac_file commands" >&6;} + ;; + esac + case $ac_file$ac_mode in + "depfiles":C) test x"$AMDEP_TRUE" != x"" || { + # Older Autoconf quotes --file arguments for eval, but not when files + # are listed without --file. Let's play safe and only enable the eval + # if we detect the quoting. + case $CONFIG_FILES in + *\'*) eval set x "$CONFIG_FILES" ;; + *) set x $CONFIG_FILES ;; esac + shift + for mf + do + # Strip MF so we end up with the name of the file. + mf=`echo "$mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile or not. + # We used to match only the files named 'Makefile.in', but + # some people rename them; so instead we look at the file content. + # Grep'ing the first line is not enough: some people post-process + # each Makefile.in and add a new line on top of each file to say so. + # Grep'ing the whole file is not good either: AIX grep has a line + # limit of 2048, but all sed's we know have understand at least 4000. + if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then + dirpart=`$as_dirname -- "$mf" || +$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$mf" : 'X\(//\)[^/]' \| \ + X"$mf" : 'X\(//\)$' \| \ + X"$mf" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$mf" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + else + continue + fi + # Extract the definition of DEPDIR, am__include, and am__quote + # from the Makefile without running 'make'. + DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` + test -z "$DEPDIR" && continue + am__include=`sed -n 's/^am__include = //p' < "$mf"` + test -z "$am__include" && continue + am__quote=`sed -n 's/^am__quote = //p' < "$mf"` + # Find all dependency output files, they are included files with + # $(DEPDIR) in their names. We invoke sed twice because it is the + # simplest approach to changing $(DEPDIR) to its actual value in the + # expansion. + for file in `sed -n " + s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do + # Make sure the directory exists. + test -f "$dirpart/$file" && continue + fdir=`$as_dirname -- "$file" || +$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$file" : 'X\(//\)[^/]' \| \ + X"$file" : 'X\(//\)$' \| \ + X"$file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir=$dirpart/$fdir; as_fn_mkdir_p + # echo "creating $dirpart/$file" + echo '# dummy' > "$dirpart/$file" + done + done +} + ;; + esac done # for ac_tag @@ -5942,6 +14319,8 @@ $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi +# Restore lib/config_warnings.h.in +mv ${CONFIG_WARNINGS}.sav ${CONFIG_WARNINGS} cat < + +AC_DEFUN([add_to_var], [$1="$$1 $2"]) +AC_DEFUN([add_to_var_ind], [eval $1=\"\$$1 $2\"]) dnl " + +AC_DEFUN([add_to_var_ind_unique], + ADD_NEW= + [ eval var=\$$1 + for item in $2; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + add_to_var([ADD_NEW], [$item]) + fi + done + add_to_var_ind([$1], [$ADD_NEW]) + ]) + +AC_DEFUN([add_pkg_config], + [ if test -n "$2"; then + KA_PKG_PFX=$2 + else + KA_PKG_PFX=KA + fi + add_to_var_ind_unique([${KA_PKG_PFX}_CPPFLAGS], [`$PKG_CONFIG --cflags-only-I $1`]) + add_to_var_ind_unique([${KA_PKG_PFX}_CFLAGS], [`$PKG_CONFIG --cflags-only-other $1`]) + + if test .$3 = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires $1` + var=`$PKG_CONFIG --libs-only-l $1` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + add_to_var_ind_unique([${KA_PKG_PFX}_LIBS], [`$PKG_CONFIG --libs $1`]) + fi + ]) + +AC_DEFUN([add_pkg_config_without_libs], + [ if test -n "$2"; then + KA_PKG_PFX=$2 + else + KA_PKG_PFX=KA + fi + add_to_var_ind_unique([${KA_PKG_PFX}_CPPFLAGS], [$($PKG_CONFIG --cflags-only-I $1)]) + add_to_var_ind_unique([${KA_PKG_PFX}_CFLAGS], [$($PKG_CONFIG --cflags-only-other $1)]) + ]) + +AC_DEFUN([add_config_opt], [add_to_var([CONFIG_OPTIONS], [$1])]) + +AC_DEFUN([add_system_opt], [add_to_var([SYSTEM_OPTIONS], [$1])]) + +AC_DEFUN([get_lib_name], + [ + if test $LDD = :; then + AC_MSG_ERROR([ldd is required for dynamic run-time linking support]) + fi + + SAV_LIBS="$LIBS" + LIBS="$LIBS -l$1" + AC_LINK_IFELSE([AC_LANG_SOURCE([[ + extern void $2(void); + int main(void) + { + $2(); + return 0; + } + ]])], [ + LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep $1.so | sed -e "s/^[[ \t]]*//"` + LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` + ],[ + ]) + LIBS="$SAV_LIBS" + ]) + +# AS_VAR_COPY was introduced in autoconf 2.63b. +# Remove the following definition once require autoconf >= 2.64. +m4_ifndef([AS_VAR_COPY], +[m4_define([AS_VAR_COPY], +[AS_LITERAL_IF([$1[]$2], [$1=$$2], [eval $1=\$$2])])]) + +dnl ----[ Process this file with autoconf to produce a configure script ]---- +AC_PREREQ([2.63]) +AC_INIT([Keepalived], [2.0.19], [keepalived-users@groups.io], [], [http://www.keepalived.org/]) +AM_INIT_AUTOMAKE([-Wall -Werror -Woverride foreign]) + +AC_CONFIG_SRCDIR([keepalived/core/main.c]) + +AC_CONFIG_HEADERS([lib/config.h lib/config_warnings.h]) + +AH_TOP( + [ +#ifndef _CONFIG_H +#define _CONFIG_H + ]) +AH_BOTTOM( + [ +#include "config_warnings.h" + +#ifndef _GNU_SOURCE +#define _GNU_SOURCE +#endif + +#endif]) + +AC_CONFIG_FILES([Makefile keepalived/Makefile lib/Makefile keepalived/core/Makefile keepalived.spec \ + genhash/Makefile keepalived/check/Makefile keepalived/vrrp/Makefile \ + keepalived/bfd/Makefile doc/Makefile bin_install/Makefile keepalived/dbus/Makefile \ + keepalived/etc/Makefile keepalived/etc/init/Makefile keepalived/etc/init.d/Makefile \ + doc/man/man8/Makefile]) + + +MAINTAINERCLEANFILES="*~ *.orig *.rej core core.*" +AC_SUBST(MAINTAINERCLEANFILES) +CONFIG_OPTIONS= +SYSTEM_OPTIONS= + +AM_SILENT_RULES([yes]) + +PKG_PROG_PKG_CONFIG + +dnl ----[ Keepalived specific configure options ]---- +AC_ARG_ENABLE(lvs-syncd, + [AS_HELP_STRING([--disable-lvs-syncd], [do not use LVS synchronization daemon])]) +AC_ARG_ENABLE(lvs, + [AS_HELP_STRING([--disable-lvs], [do not use the LVS framework])]) +AC_ARG_ENABLE(lvs-64bit-stats, + [AS_HELP_STRING([--disable-lvs-64bit-stats], [do not use the LVS 64-bit stats])]) +AC_ARG_ENABLE(vrrp, + [AS_HELP_STRING([--disable-vrrp], [do not use the VRRP framework])]) +AC_ARG_ENABLE(bfd, + [AS_HELP_STRING([--enable-bfd], [use the BFD framework])]) +AC_ARG_WITH(kernel-dir, + [AS_HELP_STRING([--with-kernel-dir=DIR], [path to linux kernel source directory])], + [AS_HELP_STRING([kernel_src_path="$withval"],], [[kernel_src_path=""])]) +AC_ARG_ENABLE(fwmark, + [AS_HELP_STRING([--disable-fwmark], [compile without SO_MARK support])]) +AC_ARG_ENABLE(snmp, + [AS_HELP_STRING([--enable-snmp], [compile with SNMP support])]) +AC_ARG_ENABLE(snmp-vrrp, + [AS_HELP_STRING([--enable-snmp-vrrp], [compile with SNMP vrrp support])]) +AC_ARG_ENABLE(snmp-keepalived, + [AS_HELP_STRING([--enable-snmp-keepalived], [obsolete - use --enable-snmp-vrrp])]) +AC_ARG_ENABLE(snmp-checker, + [AS_HELP_STRING([--enable-snmp-checker], [compile with SNMP checker support])]) +AC_ARG_ENABLE(snmp-rfc, + [AS_HELP_STRING([--enable-snmp-rfc], [compile with SNMP RFC2787 (VRRPv2) and SNMP RFC6527 (VRRPv3) support])]) +AC_ARG_ENABLE(snmp-rfcv2, + [AS_HELP_STRING([--enable-snmp-rfcv2], [compile with SNMP RFC2787 (VRRPv2) support])]) +AC_ARG_ENABLE(snmp-rfcv3, + [AS_HELP_STRING([--enable-snmp-rfcv3], [compile with SNMP RFC6527 (VRRPv3) support])]) +AC_ARG_ENABLE(snmp-reply-v3-for-v2, + [AS_HELP_STRING([--disable-snmp-reply-v3-for-v2], [disable RFC6527 responses for VRRPv2 instances])]) +AC_ARG_ENABLE(dbus, + [AS_HELP_STRING([--enable-dbus], [compile with dbus support])]) +AC_ARG_ENABLE(dbus-create-instance, + [AS_HELP_STRING([--enable-dbus-create-instance], [compile with dbus support for creating instances])]) +AC_ARG_ENABLE(sha1, + [AS_HELP_STRING([--enable-sha1], [compile with SHA1 support])]) +AC_ARG_ENABLE(regex, + [AS_HELP_STRING([--enable-regex], [build with HTTP_GET regex checking])]) +AC_ARG_ENABLE(regex-timers, + [AS_HELP_STRING([--enable-regex-timers], [build with HTTP_GET regex timers])]) +AC_ARG_ENABLE(json, + [AS_HELP_STRING([--enable-json], [compile with signal to dump configuration and stats as json])]) +AC_ARG_WITH(init, + [AS_HELP_STRING([--with-init=(upstart|systemd|SYSV|SUSE|openrc)], [specify init type])], + [init_type="$withval"], [init_type=""]) +AC_ARG_ENABLE(vrrp-auth, + [AS_HELP_STRING([--disable-vrrp-auth], [compile without VRRP authentication])]) +AC_ARG_ENABLE(checksum_compat, + [AS_HELP_STRING([--disable-checksum-compat], [compile without v1.3.6 and earlier VRRPv3 unicast checksum compatibility])]) +AC_ARG_ENABLE(routes, + [AS_HELP_STRING([--disable-routes], [compile without ip rules/routes])]) +AC_ARG_ENABLE(linkbeat, + [AS_HELP_STRING([--disable-linkbeat], [build without linkbeat support])]) +AC_ARG_ENABLE(gnu-std-paths, + [AS_HELP_STRING([--enable-gnu-std-paths], [use GNU standard paths for pid files etc])]) +AC_ARG_ENABLE(dynamic-linking, + [AS_HELP_STRING([--enable-dynamic-linking], [compile with/without dynamically linked libiptc/libipset/libnl])]) +AC_ARG_ENABLE(iptables, + [AS_HELP_STRING([--disable-iptables], [compile without iptables support])], + [], [IPTABLES_SILENT=Yes]) +AC_ARG_ENABLE(libiptc-dynamic, + [AS_HELP_STRING([--enable-libiptc-dynamic], [compile with libiptc dynamically linked])]) +AC_ARG_ENABLE(libipset-dynamic, + [AS_HELP_STRING([--disable-libipset-dynamic], [compile with libipset statically linked])]) +AC_ARG_ENABLE(libnl-dynamic, + [AS_HELP_STRING([--enable-libnl-dynamic], [compile with libnl dynamically linked])]) +AC_ARG_ENABLE(libiptc, + [AS_HELP_STRING([--disable-libiptc], [compile without libiptc])]) +AC_ARG_ENABLE(libipset, + [AS_HELP_STRING([--disable-libipset], [compile without libipset])]) +AC_ARG_ENABLE(nftables, + [AS_HELP_STRING([--disable-nftables], [build without nftables support])], + [], [NFTABLES_SILENT=Yes]) +AC_ARG_ENABLE(libnl, + [AS_HELP_STRING([--disable-libnl], [compile without libnl])]) +AC_ARG_ENABLE(track-process, + [AS_HELP_STRING([--disable-track-process], [build without track-process functionality])]) +AC_ARG_WITH(run-dir, + [AS_HELP_STRING([--with-run-dir=PATH_TO_RUN], [specify directory where /run is located])], + [RUN_DIR_SPECIFIED=Y], [RUN_DIR_SPECIFIED=N]) +AC_ARG_ENABLE(strict-config-checks, + [AS_HELP_STRING([--enable-strict-config-checks], [build with strict configuration checking])]) +AC_ARG_ENABLE(hardening, + [AS_HELP_STRING([--disable-hardening], [do not build with security hardening])]) +AC_ARG_ENABLE(optimise, + [AS_HELP_STRING([--enable-optimise], [compiler optimisation level])], [], [enable_optimise=not-specified]) +AC_ARG_ENABLE(warnings, + [AS_HELP_STRING([--enable-warnings[[=WARNINGS]]], [additional compiler warnings, disable for reduced set])], [], [enable_warnings=yes]) +AC_ARG_ENABLE(extra-warnings, + [AS_HELP_STRING([--enable-extra-warnings], [extra compiler warnings that will probably produce many warnings])]) +AC_ARG_ENABLE(mem-check, + [AS_HELP_STRING([--enable-mem-check], [compile with memory alloc checking])]) +AC_ARG_ENABLE(mem-check-log, + [AS_HELP_STRING([--enable-mem-check-log], [compile with memory alloc checking writing to syslog])]) +AC_ARG_ENABLE(timer-check, + [AS_HELP_STRING([--enable-timer-check], [compile with set time logging])]) +AC_ARG_ENABLE(debug, + [AS_HELP_STRING([--enable-debug], [compile with debugging flags])]) +AC_ARG_ENABLE(netlink-timers, + [AS_HELP_STRING([--enable-netlink-timers], [compile with netlink command timers])]) +AC_ARG_ENABLE(smtp-alert-debug, + [AS_HELP_STRING([--enable-smtp-alert-debug], [compile with smtp-alert debugging])]) +AC_ARG_ENABLE(stacktrace, + [AS_HELP_STRING([--enable-stacktrace], [compile with stacktrace support])]) +AC_ARG_ENABLE(perf, + [AS_HELP_STRING([--enable-perf], [compile with perf performance data recording support for vrrp process])]) +AC_ARG_ENABLE(log-file, + [AS_HELP_STRING([--enable-log-file], [enable logging to file (-g)])]) +AC_ARG_ENABLE(dump-threads, + [AS_HELP_STRING([--enable-dump-threads], [compile with thread dumping support])]) +AC_ARG_ENABLE(epoll-debug, + [AS_HELP_STRING([--enable-epoll-debug], [compile with epoll_wait() debugging support])]) +AC_ARG_ENABLE(epoll-thread-dump, + [AS_HELP_STRING([--enable-epoll-thread-dump], [compile with epoll thread dumping support])]) +AC_ARG_ENABLE(regex-debug, + [AS_HELP_STRING([--enable-regex-debug], [compile with regex debugging support])]) +AC_ARG_ENABLE(tsm-debug, + [AS_HELP_STRING([--enable-tsm-debug], [compile with TSM debugging support])]) +AC_ARG_ENABLE(vrrp-fd-debug, + [AS_HELP_STRING([--enable-vrrp-fd-debug], [compile with vrrp fd debugging support])]) +AC_ARG_ENABLE(eintr-debug, + [AS_HELP_STRING([--enable-eintr-debug], [compile with EINTR debugging support, set to check/nocheck to check/not check for EINTR])]) +AC_ARG_ENABLE(track-process-debug, + [AS_HELP_STRING([--enable-track-process-debug], [compile with track process debugging support, set to log all process connector events])]) +AC_ARG_ENABLE(parser-debug, + [AS_HELP_STRING([--enable-parser-debug], [compile with parser debugging support])]) +AC_ARG_ENABLE(checksum-debug, + [AS_HELP_STRING([--enable-checksum-debug], [compile with checksum debugging support])]) +AC_ARG_ENABLE(dump-keywords, + [AS_HELP_STRING([--enable-dump-keywords], [compile with keyword dumping support])]) +AC_ARG_ENABLE(network-timestamp, + [AS_HELP_STRING([--enable-network-timestamp], [compile with network timestamp debugging support])]) +AC_ARG_ENABLE(asserts, + [AS_HELP_STRING([--enable-asserts], [compile with assert() enabled])]) +AC_ARG_WITH(fixed-if-type, + [AS_HELP_STRING([--with-fixed-if-type=TYPE], [treat interface type TYPE as unchangeable])]) +AC_ARG_WITH(default-config-file, + AS_HELP_STRING([--with-default-config-file=FILE], [Default configuration file]), + [default_config_file="$withval"], [default_config_file=""]) +AC_ARG_ENABLE(profile, + [AS_HELP_STRING([--enable-profile], [compile with profiling flags])]) +AC_ARG_ENABLE(conversion-checks, + [AS_HELP_STRING([--enable-conversion-checks], [compile with conversion warnings if sensible])]) +AC_ARG_ENABLE(force-conversion-checks, + [AS_HELP_STRING([--enable-force-conversion-checks], [compile with conversion warnings])]) +AC_ARG_ENABLE(Werror, + [AS_HELP_STRING([--enable-Werror], [compile with warnings being errors])]) + +AC_ARG_WITH([systemdsystemunitdir], + AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files])]) + +# Set the kernel headers path +if test -n "$kernel_src_path"; then + if test ! -d $kernel_src_path/include; then + AC_MSG_ERROR([kernel source path $kernel_src_path/include does not exist]) + fi + if test ! -d $kernel_src_path/include/linux; then + AC_MSG_ERROR([kernel source path $kernel_src_path/include does not appear to include linux header files]) + fi + if test -d $kernel_src_path/include/uapi/linux; then + AC_MSG_ERROR([kernel source path $kernel_src_path appears to be an unprocessed kernel source tree]) + fi + kernelinc="-isystem $kernel_src_path/include" +elif test ! -d /usr/include/linux -a \ + -d /usr/src/linux/include; then + kernelinc="-isystem /usr/src/linux/include" +else + kernelinc= +fi + +CPPFLAGS="$kernelinc $CPPFLAGS" + +# Checks for programs. +AC_PROG_CC +AC_PROG_MAKE_SET +AC_PROG_INSTALL +AC_PROG_RANLIB +AC_PROG_GREP +AC_PROG_LN_S +AC_PROG_SED +AC_CHECK_TOOL(STRIP,strip) +AC_CHECK_TOOL(LDD,ldd) + +m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) +ARFLAGS=cr +AC_SUBST(ARFLAGS) + +# Default settings +ENABLE_LOG_FILE_APPEND=No + +# AC_PROG_LIBTOOL + +# +# save the configure arguments +# +args=`echo $ac_configure_args | $SED -e "s/'//g"` +AC_DEFINE_UNQUOTED(KEEPALIVED_CONFIGURE_OPTIONS,"$args", [configure options specified]) + +# Save the CPPFLAGS, CFLAGS, LDFLAGS and LDLIBS settings for make time +KA_CPPFLAGS="$kernelinc -D_GNU_SOURCE $CPPFLAGS" +KA_CFLAGS="-g $CFLAGS" +KA_LDFLAGS=$LDFLAGS +KA_LIBS=$LDLIBS + +NEED_LIBDL=No +#KA_LIBTOOLFLAGS = + +# Set up the compiler warnings we want +dnl -- Unused warnings - traditional +MAX_FRAME_SIZE=5120 +WARNINGS_BASIC="all extra unused strict-prototypes" +WARNINGS_STD="absolute-value address-of-packed-member alloca alloc-zero array-bounds=2 attribute-alias bad-function-cast cast-align cast-qual chkp date-time disabled-optimization double-promotion duplicated-branches duplicated-cond float-conversion float-equal format-overflow format-security format-signedness format-truncation frame-larger-than=$MAX_FRAME_SIZE implicit-fallthrough=3 init-self inline jump-misses-init logical-op missing-declarations missing-field-initializers missing-prototypes nested-externs normalized null-dereference old-style-definition overlength-strings pointer-arith redundant-decls shadow shift-overflow=2 stack-protector strict-overflow=4 strict-prototypes stringop-overflow=2 suggest-attribute=cold suggest-attribute=const suggest-attribute=format suggest-attribute=malloc suggest-attribute=noreturn suggest-attribute=pure sync-nand trampolines undef uninitialized unknown-pragmas unsuffixed-float-constants unused-const-variable=2 unused-macros variadic-macros write-strings" +WARNINGS_EXTRA="aggregate-return cast-align= strict conversion format-nonliteral format-overflow=2 format-truncation=2 padded pedantic sign-conversion stack-usage=$MAX_FRAME_SIZE strict-overflow=5 stringop-overflow=3 stringop-overflow=4 switch-enum system-headers traditional-conversion" + +# We want _GNU_SOURCE defined always +add_to_var([CPPFLAGS], [-D_GNU_SOURCE]) + +# fpclassify() needs -lm +add_to_var([KA_LIBS], [-lm]) + +# Some sanity checks on configure options +AS_IF([test .$enable_vrrp = .no], + AS_IF([test .$IPTABLES_SILENT == .Yes], [enable_iptables=no]) + AS_IF([test .$NFTABLES_SILENT == .Yes], [enable_nftables=no]) + + AS_IF([test .$enable_perf != .], [AC_MSG_ERROR([enable-perf requires vrrp])]) + AS_IF([test $with_fixed_if_type], [AC_MSG_ERROR([with-fixed-if-type requires vrrp])]) + AS_IF([test .$enable_vrrp_fd_debug != .], [AC_MSG_ERROR([enable-vrrp-fd-debug requires vrrp])]) + AS_IF([test .$enable_tsm_debug != .], [AC_MSG_ERROR([enable-tsm-debug requires vrrp])]) + AS_IF([test .$enable_json != .], [AC_MSG_ERROR([enable-json requires vrrp])]) + AS_IF([test .$enable_snmp_vrrp != .], [AC_MSG_ERROR([enable-snmp-vrrp requires vrrp])]) + AS_IF([test .$enable_snmp_keepalived != .], [AC_MSG_ERROR([enable-snmp-keepalived requires vrrp])]) + AS_IF([test .$enable_snmp_rfc != .], [AC_MSG_ERROR([enable-snmp-rfc requires vrrp])]) + AS_IF([test .$enable_snmp_rfcv2 != .], [AC_MSG_ERROR([enable-snmp-rfcv2 requires vrrp])]) + AS_IF([test .$enable_snmp_rfcv3 != .], [AC_MSG_ERROR([enable-snmp-rfcv3 requires vrrp])]) + AS_IF([test .$enable_dbus != .], [AC_MSG_ERROR([enable-dbus requires vrrp])]) + AS_IF([test .$enable_vrrp_auth != .], [AC_MSG_ERROR([disable-vrrp-auth requires vrrp])]) + AS_IF([test .$enable_checksum_compat != .], [AC_MSG_ERROR([disable-checksum-compat requires vrrp])]) + AS_IF([test .$enable_routes != .], [AC_MSG_ERROR([disable-routes requires vrrp])]) + AS_IF([test .$enable_linkbeat != .], [AC_MSG_ERROR([disable-linkbeat requires vrrp])]) + AS_IF([test .$enable_bfd != .], [AC_MSG_ERROR([enable-bfd requires vrrp])]) + AS_IF([test .$enable_iptables != .no], [AC_MSG_ERROR([enable-iptables requires vrrp])]) + AS_IF([test .$enable_nftables != .no], [AC_MSG_ERROR([enable-nftables requires vrrp])]) + AS_IF([test .$enable_track_process != .], [AC_MSG_ERROR([enable-track-process requires vrrp])]) + AS_IF([test .$enable_network_timestamp != .], [AC_MSG_ERROR([enable-network_timestamp requires vrrp])]) + ) +AS_IF([test .$enable_iptables = .no], + AS_IF([test .$enable_libiptc != .], [AC_MSG_ERROR([disable-libiptc requires vrrp and iptables])]) + AS_IF([test .$enable_libipset != .], [AC_MSG_ERROR([disable-libipset requires vrrp and iptables])]) + ) +AS_IF([test .$enable_libiptc = .no], + AS_IF([test .$enable_libiptc_dynamic != .], [AC_MSG_ERROR([enable-libiptc-dynamic requires vrrp and libiptc])]) + AS_IF([test .$enable_libipset != .], [AC_MSG_ERROR([disable-libipset requires libiptc])]) + AS_IF([test .$enable_libipset_dynamic != .], [AC_MSG_ERROR([disable-libipset-dynamic requires libiptc])]) + ) +AS_IF([test .$enable_libipset = .no], + AS_IF([test .$enable_libipset_dynamic != .], [AC_MSG_ERROR([disable-libipset-dynamic requires ipsets])]) + ) +AS_IF([test .$enable_snmp_rfc != .yes -a .$enable_snmp_rfcv3 != yes], + AS_IF([test .$enable_snmp_reply_v3_for_v2 != .], [AC_MSG_ERROR([enable-snmp-reply-v3-for-v2 requires enable-snmp-rfcv3 or enable-snmp-rfc])]) + ) +AS_IF([test .$enable_dbus != .yes], + AS_IF([test .$enable_dbus_create_instance != .], [AC_MSG_ERROR([enable-dbus-create-instance requires enable-dbus])]) + ) +AS_IF([test .$enable_lvs = .no], + AS_IF([test .$enable_regex != .], [AC_MSG_ERROR([enable-regex requires lvs])]) + AS_IF([test .$enable_libnl != .], [AC_MSG_ERROR([disable-libnl requires lvs])]) + AS_IF([test .$enable_lvs_syncd != .], [AC_MSG_ERROR([disable-lvs-syncd requires lvs])]) + AS_IF([test .$enable_lvs_64bit_stats != .], [AC_MSG_ERROR([disable-lvs-64bit-stats requires lvs])]) + AS_IF([test .$enable_fwmark != .], [AC_MSG_ERROR([enable-fwmark requires lvs])]) + ) +AS_IF([test .$enable_lvs = .no], + AS_IF([test .$enable_libnl_dynamic != .], [AC_MSG_ERROR([enable-libnl-dynamic requires lvs and libnl])]) + ) +AS_IF([test .$enable_regex != .yes], + AS_IF([test .$enable_regex_timers != .], [AC_MSG_ERROR([enable-regex-timers requires enable-regex])]) + AS_IF([test .$enable_regex_debug != .], [AC_MSG_ERROR([enable-regex-debug requires enable-regex])]) + ) +AS_IF([test .$enable_track_process = .no], + AS_IF([test .$enable_track_process_debug != .], [AC_MSG_ERROR([enable-track-process-debug incompatible with disable-track-process])]) + ) + +dnl -- Check for diagnostic pragmas in functions - GCC 4.6.0 +AC_MSG_CHECKING([diagnostic pragmas in functions]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + int main(int argc, char**argv) + { +_Pragma("GCC diagnostic warning \"-Wall\"") + } + ]])], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([_HAVE_FUNCTION_DIAGNOSTIC_PRAGMAS_], [ 1 ], [Define to 1 if can have _Pragma GCC diagnostic in functions]) + ], + [ + AC_MSG_RESULT([no]) + ]) + +dnl -- Check for diagnostic push/pop pragmas - GCC 4.6.0 +AC_MSG_CHECKING([diagnostic push/pop pragmas]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + int main(int argc, char**argv) + { +_Pragma("GCC diagnostic push") + } + ]])], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([_HAVE_DIAGNOSTIC_PUSH_POP_PRAGMAS_], [ 1 ], [Define to 1 if can have _Pragma GCC diagnostic push/pop]) + ], + [ + AC_MSG_RESULT([no]) + ]) + +dnl - Set up warnings list +AS_IF([test ".$enable_warnings" = .no], + [WARNINGS_ENABLED=$WARNINGS_BASIC], + [AS_IF([test ".$enable_warnings" != .yes], + [WARN_LIST=`echo $enable_warnings | sed -e "s/-W//g"` + add_to_var([WARNINGS_ENABLED], ["$WARN_LIST"]) + ]) + ] + ) +AS_IF([test .$enable_extra_warnings = .yes], + [add_to_var([WARNINGS_ENABLED], ["$WARNINGS_EXTRA"])]) + +if test "$enable_conversion_checks" = yes; then + # Check if we can sensibly enable -Wconversion + AC_MSG_CHECKING([for usable -Wconversion]) + SAV_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -Wconversion -O2 -Wp,-D_FORTIFY_SOURCE=2 -Werror" + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #include + #include + #include + #include + #include + + #define VAL 255 + + static void + fun(uint8_t val) + { + } + + int main(int argc, char**argv) + { + fd_set set; + uint8_t val = 42; + unsigned u; + bool b; + size_t size = 17; + char c[2]; + char *c_ptr = c; + struct rtattr rta; + struct rtattr *rta_p = &rta; + + FD_SET(argc+1, &set); + + fun(argc == VAL ? VAL : val); + + // vrrp->lower_prio_no_advert = vrrp->strict_mode ? true : global_data->vrrp_lower_prio_no_advert; + u = u ? true : b; + + size = RTA_LENGTH(size); + c_ptr = RTA_DATA(c_ptr); + rta_p = RTA_NEXT(rta_p, size); + + val = (u < 256 ) ? u & 0xff : 0; + } + ]])], + [ + AC_MSG_RESULT([yes]) + add_to_var([WARNINGS_ENABLED], [conversion]) + ], + [ + AC_MSG_RESULT([no]) + AC_MSG_WARN([-Wconversion is not sensible with this compiler. Use --enable-force-conversion-checks to override.]) + ]) + CFLAGS="$SAV_CFLAGS" +elif test "$enable_force_conversion_checks" = yes; then + add_to_var([WARNINGS_ENABLED], [conversion]) +fi + +if test "$enable_Werror" = yes; then + add_to_var([WARNINGS_ENABLED], [error]) +fi + +CONFIG_WARNINGS=lib/config_warnings.h.in + +# Save (or restore) lib/config_warnings.h.in +AS_IF([test ! -f ${CONFIG_WARNINGS}.sav], + [cp -p ${CONFIG_WARNINGS} ${CONFIG_WARNINGS}.sav], + [cp -p ${CONFIG_WARNINGS}.sav ${CONFIG_WARNINGS}]) + +SAV_CFLAGS="$CFLAGS" +for WARN in $WARNINGS_ENABLED +do + AC_MSG_CHECKING([for -W$WARN]) + CFLAGS="$SAV_CFLAGS -W$WARN" + + WARN_VAR=_HAVE_WARNING_`echo $WARN | tr "a-z=-" "A-Z__"`_ + LOCAL_WARN_VAR=HAVE_WARNING_`echo $WARN | sed -e "s/=.*//" | tr "a-z-" "A-Z_"` + grep -q "^#undef $WARN_VAR$" $CONFIG_WARNINGS + AS_IF([test $? -ne 0], + [echo -e "\n/* Define to 1 if -W$WARN in use */\n#undef $WARN_VAR" >>$CONFIG_WARNINGS] + ) + + test `echo $WARN | grep "=[[0-9]][[0-9]]*$"` + AS_IF([test $? -eq 0], + [ WARN_SHORT=`echo $WARN | sed -e 's/=[[0-9]][[0-9]]*$//'` + WARN_VAR_SHORT=_HAVE_WARNING_`echo $WARN_SHORT | tr "a-z=-" "A-Z__"`_ + grep -q "^#undef $WARN_VAR_SHORT$" $CONFIG_WARNINGS + AS_IF([test $? -ne 0], + [echo -e "\n/* Define to 1 if -W$WARN_SHORT in use */\n#undef $WARN_VAR_SHORT" >>$CONFIG_WARNINGS] + ) + ], + [ unset WARN_VAR_SHORT ] + ) + + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + int main(int argc, char**argv) + { + } + ]])], + [ + # gcc 9 removed -Wchkp and doesn't error if it is specified, + # but rather outputs: + # warning: switch '-Wchkp' is no longer supported + # so check for the warning. + touch conftest.err + grep -q "is no longer supported" conftest.err + AS_IF([test $? -ne 0], + [ + AC_MSG_RESULT([yes]) + eval $LOCAL_WARN_VAR=yes + add_to_var([KA_CFLAGS], [-W$WARN]) + AC_DEFINE_UNQUOTED([$WARN_VAR], [ 1 ]) + AS_IF([test -z "$WARN_VAR_SHORT"], [], + [AC_DEFINE_UNQUOTED([$WARN_VAR_SHORT], [ 1 ])] + ) + ], + [ + AC_MSG_RESULT([no]) + eval $LOCAL_WARN_VAR=no + ]) + ], + [ + AC_MSG_RESULT([no]) + eval $LOCAL_WARN_VAR=no + ]) +done +AS_IF([test .$HAVE_WARNING_STRICT_OVERFLOW = .yes], + [ + # The following is not supported in gcc 5.4.0 + CFLAGS="$CFLAGS -Werror" + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + _Pragma("GCC diagnostic warning \"-Wstrict-overflow=1\"") + int main(int argc, char**argv) + { + } + ]])], + [AC_DEFINE([_HAVE_PRAGMA_WARN_STRICT_OVERFLOW_1_], [ 1 ], [Define to 1 if _Pragma("GCC diagnostic warning \"-Wstrict-overflow=1\"") supported]) + ]) + ] + ) +CFLAGS="$SAV_CFLAGS" + +dnl ---- [ Do we want stricter configuration checking? ] ---- +STRICT_CONFIG=No +if test "$enable_strict_config_checks" = yes; then + AC_DEFINE([_STRICT_CONFIG_], [ 1 ], [Define to 1 if want stricter configuration checking]) + STRICT_CONFIG=Yes + add_config_opt([STRICT_CONFIG]) +fi +AM_CONDITIONAL([WITH_STRICT_CONFIG_CHECKS], [test $STRICT_CONFIG = Yes]) + +if test "$enable_hardening" != no; then + AC_MSG_CHECKING([for PIE support]) + SAV_CFLAGS="$CFLAGS" + SAV_LDFLAGS="$LDFLAGS" + CFLAGS="$CFLAGS -fPIE" + LDFLAGS="$LDFLAGS -pie" + AC_LINK_IFELSE([AC_LANG_SOURCE([[ + int main(int argc, char **argv) + { + int i = 0; + } + ]])], + AC_MSG_RESULT([yes]) + add_to_var([KA_CFLAGS], [-fPIE]) + add_to_var([KA_LDFLAGS], [-pie]), + AC_MSG_RESULT([no])) + CFLAGS=$SAV_CFLAGS + LDFLAGS=$SAV_LDFLAGS + + for FLAG in \ + "-Wformat -Werror=format-security" \ + "-Wp,-D_FORTIFY_SOURCE=2" \ + "-fexceptions" \ + "-fstack-protector-strong" \ + "--param=ssp-buffer-size=4" \ + "-grecord-gcc-switches" + do + AC_MSG_CHECKING([for $FLAG support]) + CFLAGS="$CFLAGS $FLAG" + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE([[ ]])], + [AC_MSG_RESULT([yes])] + add_to_var([KA_CFLAGS], [$FLAG]), + [AC_MSG_RESULT([no])]) + CFLAGS=$SAV_CFLAGS + done + + WL_FLAGS= + for FLAG in \ + "-z,relro" \ + "-z,now" + do + AC_MSG_CHECKING([for -Wl,$FLAG support]) + LDFLAGS="$LDFLAGS -Wl,$FLAG" + AC_LINK_IFELSE( + [AC_LANG_SOURCE([[ + int main(int argc, char **argv) + { + int i = 0; + } + ]])], + [ + AC_MSG_RESULT([yes]) + WL_FLAGS="$WL_FLAGS -Wl,$FLAG" + ], + [AC_MSG_RESULT([no])] + ) + CFLAGS=$SAV_CFLAGS + LDFLAGS=$SAV_LDFLAGS + done + if test -n "$WL_FLAGS"; then + add_to_var([KA_LDFLAGS], [$WL_FLAGS]) + fi +fi + +# enable-optimise +AS_IF([test "$enable_optimise" = yes -o "$enable_optimise" = not-specified], [optimise_level=2], [optimise_level=$enable_optimise]) +AS_IF([test "$enable_optimise" = no], [optimise_level=0]) +AS_IF([test "$optimise_level" -eq 0], + [ + echo $KA_CFLAGS | $GREP -q -- "-D_FORTIFY_SOURCE=[[^0]]" + AS_IF([test $? -eq 0], [AC_MSG_WARN([--disable-optimise requires --disable-hardening])]) + ]) +FLAG="-O$optimise_level" +AC_MSG_CHECKING([for $FLAG support]) +SAV_CFLAGS=$CFLAGS +CFLAGS="$CFLAGS $FLAG" +AC_COMPILE_IFELSE( + [AC_LANG_SOURCE([[ ]])], + [AC_MSG_RESULT([yes])] + add_to_var([KA_CFLAGS], [$FLAG]), + [ + AC_MSG_RESULT([no]) + AS_IF([test "$enable_optimise" != not-specified], [AC_MSG_ERROR([Invalid optimisation level specified])]) + ]) +CFLAGS=$SAV_CFLAGS + +AC_SUBST(KA_CPPFLAGS) +AC_SUBST(KA_CFLAGS) +AC_SUBST(KA_LDFLAGS) +AC_SUBST(KA_LIBS) +# AC_SUBST(KA_LIBTOOLFLAGS) + +# Check if unaligned memory access is supported (for ARM not supported prior to ARMv6 processors) +AC_MSG_CHECKING([for unaligned memory access]) +AC_RUN_IFELSE( + [ + AC_LANG_PROGRAM( + [[ + #include + #include + + #if __BYTE_ORDER == __BIG_ENDIAN + #if ULONG_MAX == 0xffffffffffffffffUL + #define CHK_VAL 0x1234567890abcdefUL + #elif ULONG_MAX == 0xffffffffUL + #define CHK_VAL 0x12345678UL + #else + #define CHK_VAL 0x1234UL + #endif + #elif __BYTE_ORDER == __LITTLE_ENDIAN + #if ULONG_MAX == 0xffffffffffffffffUL + #define CHK_VAL 0xefcdab9078563412UL + #elif ULONG_MAX == 0xffffffffUL + #define CHK_VAL 0x78563412UL + #else + #define CHK_VAL 0x3412UL + #endif + #else + #error Neither big nor little endian - unsupported + #endif + ]], + [[ + unsigned long arr[2] = { 0, 0 }; + unsigned char *p = (unsigned char *)arr + 1; + unsigned i; + + *(unsigned long *)p = CHK_VAL; + + return !!(arr[0] == CHK_VAL || p[0] != 0x12 || p[1] != 0x34 || p[2] != 0x56); + ]] + ) + ], + [AC_MSG_RESULT([yes])], + [ + AC_MSG_RESULT([no]) + AC_DEFINE([_NO_UNALIGNED_ACCESS_], [ 1 ], [Define to 1 if unaligned memory access not supported]) + ], + [ + AC_MSG_RESULT([unknown]) + AC_MSG_WARN([Cannot determine if unaligned access supported. Assuming yes.]) + ] + ) + +# Checks for libraries. +dnl clock_gettime() required -lt before glibc 2.17 +AC_MSG_CHECKING([for clock_gettime() requires -lrt]) +AC_LINK_IFELSE([AC_LANG_SOURCE([[ + #include + int main(int argc, char **argv) + { + int i; + struct timespec ts; + + i = clock_gettime(CLOCK_MONOTONIC, &ts); + } + ]])], + [AC_MSG_RESULT([no])], + [ + SAV_LIBS="$LIBS" + LIBS="$LIBS -lrt" + AC_LINK_IFELSE([AC_LANG_SOURCE([[ + #include + int main(int argc, char **argv) + { + int i; + struct timespec ts; + + i = clock_gettime(CLOCK_MONOTONIC, &ts); + } + ]])], + [AC_MSG_RESULT([yes])] + add_to_var([KA_LIBS], [-lrt]), + [AC_MSG_ERROR([clock_gettime() not supported])]) + LIBS=$SAV_LIBS + ]) + +# Checks for header files. +AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stdint.h stdlib.h string.h sys/ioctl.h sys/param.h sys/prctl.h sys/socket.h sys/time.h syslog.h unistd.h], + [], [AC_MSG_ERROR([Missing/unusable system header file <$ac_header>])]) + +# check for kernel headers +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +dnl -- needed until Linux 3.1 +dnl -- using AC_CHECK_HEADER causes a horrible error message for the user +NETLINK_EXTRA_INCLUDE= +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + ]])], [], + [AC_CHECK_HEADER([linux/netlink.h], + [ + AC_DEFINE([NETLINK_H_NEEDS_SYS_SOCKET_H], [ 1 ], [Define to 1 if needs ]) + NETLINK_EXTRA_INCLUDE="#include " + ], [AC_MSG_ERROR([Missing/unusable kernel header file ])], + [[#include ]])]) + +dnl -- needed until ? Linux 3.1 +dnl -- using AC_CHECK_HEADER causes a horrible error message for the user +RTNETLINK_EXTRA_INCLUDE= +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + ]])], [], + [AC_CHECK_HEADER([linux/rtnetlink.h], + [ + AC_DEFINE([RTNETLINK_H_NEEDS_SYS_SOCKET_H], [ 1 ], [Define to 1 if needs ]) + RTNETLINK_EXTRA_INCLUDE="#include " + ], [AC_MSG_ERROR([Missing/unusable kernel header file ])], + [[#include ]])]) + +AC_CHECK_HEADERS([asm/types.h linux/ethtool.h linux/icmpv6.h linux/if_ether.h linux/if_packet.h linux/ip.h linux/sockios.h linux/types.h], + [], [AC_MSG_ERROR([Missing/unusable kernel header file <$ac_header>])]) +AC_CHECK_HEADERS([linux/fib_rules.h linux/if_addr.h linux/if_link.h], + [], [AC_MSG_ERROR([Missing/unusable kernel header file <$ac_header>])], + [[$NETLINK_EXTRA_INCLUDE]]) +AC_CHECK_HEADERS([linux/if_arp.h], + [], [AC_MSG_ERROR([Missing/unusable <$ac_header>])], + [[#include ]]) +CPPFLAGS="$SAV_CPPFLAGS" + +# Checks for typedefs, structures, and compiler characteristics. +AC_HEADER_STDBOOL +AC_C_INLINE +AC_TYPE_INT64_T +AC_TYPE_PID_T +AC_TYPE_SIZE_T +AC_TYPE_UINT16_T +AC_TYPE_UINT32_T +AC_TYPE_UINT64_T +AC_TYPE_UINT8_T +AC_C_CONST + +# Checks for library functions. +AC_FUNC_FORK +AC_FUNC_MALLOC +AC_FUNC_REALLOC +AC_CHECK_FUNCS([dup2 getcwd gettimeofday memmove memset select setenv socket strcasecmp strchr strdup strerror strpbrk strstr strtol strtoul uname]) +dnl - pipe2() since Linux 2.6.27 and glibc 2.9. +AC_CHECK_FUNCS([pipe2], [add_system_opt([PIPE2])]) +dnl - signalfd() since Linux 2.6.22 and glibc 2.8 +AC_CHECK_FUNCS([signalfd], [add_system_opt([SIGNALFD])]) +dnl - inotify_init1() since Linux 2.6.27 +AC_CHECK_FUNCS([inotify_init1], [add_system_opt([INOTIFY_INIT1])]) +dnl - vsyslog() Not defined by Posix, but available in glibc and musl +AC_CHECK_FUNCS([vsyslog], [add_system_opt([VSYSLOG])]) +dnl - epoll_create1() since Linux 2.6.27 and glibc 2.9 +AC_CHECK_FUNCS([epoll_create1], [add_system_opt([EPOLL_CREATE1])]) + +# glibc uses unsigned int as 3rd parameter to __assert_fail(), musl uses int. +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #include + + void __assert_fail(const char * a, const char *b, unsigned int l, const char *c) + { + exit(a[0] + b[0] + c[0] + l == 0); + } + ]])], + [LINE_type="unsigned int"], [LINE_type="int"]) +AC_DEFINE_UNQUOTED([LINE_type], [ $LINE_type ], [The type of parameter __line passed to __assert_fail()]) + +dnl Check if libc supports __always_inline +dnl See glibc sys/cdefs.h definition of __always_inline and comment +SAV_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -Wattributes -Werror" +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + static __always_inline int + test_func(int val) + { + return val; + } + + int + main(int argc, char **argv) + { + int val = test_func(3); + return val; + } + ]])], + [], + [AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + static __inline __attribute__ ((__always_inline__)) int + test_func(int val) + { + return val; + } + + int + main(int argc, char **argv) + { + int val = test_func(3); + return val; + } + ]])], + [AC_DEFINE([__always_inline], [__inline __attribute__ ((__always_inline__))], [Define __always_inline if libc does not define it])], + [AC_DEFINE([__always_inline], [inline], [Define __always_inline if libc does not define it])] + )]) +CFLAGS="$SAV_CFLAGS" + +dnl - Do we want to override dynamic/static linking? +AS_IF([test "$enable_dynamic_linking"], + [ + AS_IF([test .$enable_vrrp != .no], + [ + enable_libiptc_dynamic=$enable_dynamic_linking + enable_libipset_dynamic=$enable_dynamic_linking + ]) + AS_IF([test .$enable_lvs != .no], + [ + enable_libnl_dynamic=$enable_dynamic_linking + ]) + ]) + +# check for missing definition - added in glibc 2.8 +AC_CHECK_DECLS([ETHERTYPE_IPV6], [], + [ + AC_DEFINE([ETHERTYPE_IPV6], [0x86dd], [Defined here if not found in .]) + ], + [[#include ]]) + +BUILD_GENHASH=Yes +dnl ----[ Checks for openssl ]---- +# check for openssl headers +NEED_MD5=no +NEED_SSL=no +if test "$enable_vrrp" != no -a \ + "$enable_vrrp_auth" != no; then + NEED_MD5=yes +fi +if test "$enable_lvs" != no; then + NEED_MD5=yes + NEED_SSL=yes +fi +AC_CHECK_HEADERS([openssl/ssl.h openssl/err.h], [], + [ + if test $NEED_SSL = yes; then + AC_MSG_ERROR([ + !!! OpenSSL is not properly installed on your system. !!! + !!! Can not include OpenSSL headers files. !!!]) + fi + BUILD_GENHASH=No + NEED_SSL=no + break + ]) +AC_CHECK_HEADERS([openssl/md5.h], [], + [ + if test $NEED_MD5 = yes; then + AC_MSG_ERROR([ + !!! OpenSSL is not properly installed on your system. !!! + !!! Can not include OpenSSL MD5 headers files. !!!]) + fi + BUILD_GENHASH=No + NEED_MD5=no + break + ]) +unset LIBS + +$PKG_CONFIG --exists openssl +if test $? -eq 0; then + add_pkg_config([openssl], [OPENSSL]) +else + OPENSSL_LIBS="-lssl -lcrypto" +fi + +EXTRA_LIBS=`echo $OPENSSL_LIBS | sed -e "s/-lcrypto//"` +AC_CHECK_LIB(crypto, MD5_Init, [], + [ + if test $NEED_MD5 = yes; then + AC_MSG_ERROR([OpenSSL MD5 libraries are required]) + fi + BUILD_GENHASH=No + ], [$EXTRA_LIBS]) +if test $NEED_MD5 = yes; then + add_to_var([KA_LIBS], [$LIBS]) +fi +add_to_var([GENHASH_LIBS], [$LIBS]) +unset LIBS + +EXTRA_LIBS=`echo $OPENSSL_LIBS | sed -e "s/-lssl//"` +AC_CHECK_LIB(ssl, SSL_CTX_new, [], + [ + if test $NEED_SSL = yes; then + AC_MSG_ERROR([OpenSSL libraries are required]) + fi + BUILD_GENHASH=No + ], [$EXTRA_LIBS]) +if test $NEED_SSL = yes; then + add_to_var([KA_LIBS], [$LIBS]) +fi +add_to_var([GENHASH_LIBS], [$LIBS]) +unset LIBS + +# Introduced in OpenSSL ver 0.9.9 +LIBS=$OPENSSL_LIBS +AC_MSG_CHECKING([SSL_set_tlsext_host_name() - may be a definition]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + int main(void) + { + request_t req; + SSL_set_tlsext_host_name(req.ssl, "SSL"); + } + ]])], [ + AC_MSG_RESULT([no]) + ], [ + AC_MSG_RESULT([yes]) + AC_DEFINE([_HAVE_SSL_SET_TLSEXT_HOST_NAME_], [ 1 ], [Define to 1 if have SSL_set_tlsext_host_name()]) +]) + +# SSL_CTX_set_verify_depth() introduced OpenSSL v0.9.5a +AC_CHECK_FUNCS([SSL_CTX_set_verify_depth]) + +# SSL_set0_rbio(), SSL_set0_wbio() OPENSSL_init_crypto() and TLS_method() introduced OpenSSL v1.1.0 +AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto TLS_method]) + +# In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with +# OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b. +AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes], + [ + AS_IF([test .$ac_cv_func_TLS_method = .yes], [method_func=TLS_method], [method_func=SSLv23_method]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM( + [[#include ]], + [[ + const SSL_METHOD *meth; + SSL_CTX *ctx; + + if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)) + return 1; + + /* Initialize SSL context */ + meth = $method_func(); + if (!(ctx = SSL_CTX_new(meth))) + return 1; + return 0; + ]])], + [openssl_init_no_load_bug=0], + [openssl_init_no_load_bug=1], + [ + AC_MSG_WARN([Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety.]) + openssl_init_no_load_bug=1 + ] + ) + AS_IF([test $openssl_init_no_load_bug -eq 1], + [AC_DEFINE([HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG], [ 1 ], [Define to 1 if OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG) bug)])]) + ]) +unset LIBS + +if test $BUILD_GENHASH = No; then + AC_MSG_NOTICE([Unable to build genhash due to missing openssl headers/libraries]) + GENHASH_LIBS= +fi +AC_SUBST([GENHASH_LIBS]) +AM_CONDITIONAL([BUILD_GENHASH], [test $BUILD_GENHASH = Yes]) + +dnl ----[ Check for IPv4 devconf netlink support ]---- +IPV4_DEVCONF=No +if test .$enable_vrrp != .no; then + dnl ----[Check have IPV4_DEVCONF defines - since Linux 3.11]---- + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPP_FLAGS $kernelinc" + IPV4_DEVCONF=Yes + AC_CHECK_DECLS([ + IPV4_DEVCONF_ARP_IGNORE, + IPV4_DEVCONF_ACCEPT_LOCAL, + IPV4_DEVCONF_RP_FILTER, + IPV4_DEVCONF_ARPFILTER], + [], + [ + IPV4_DEVCONF=No + break + ], + [[#include ]]) + if test $IPV4_DEVCONF = Yes; then + AC_DEFINE([_HAVE_IPV4_DEVCONF_], [ 1 ], [Define to 1 if have IPv4 netlink device configuration]) + add_system_opt([IPV4_DEVCONF]) + fi + AC_CHECK_HEADERS([linux/rtnetlink.h], [], [AC_MSG_ERROR([Unusable linux/rtnetlink.h])], [$RTNETLINK_EXTRA_INCLUDE]) + CPPFLAGS="$SAV_CPPFLAGS" +fi + +dnl ----[ Check for IPv6 Advanced API (RFC3542) - since Linux 2.6.14 ]---- +IPV6_ADVANCED_API=No +AC_CHECK_DECLS([ + IPV6_RECVHOPLIMIT, + IPV6_RECVPKTINFO], + [IPV6_ADVANCED_API=Yes], + [], + [[#include ]]) +AS_IF([test $IPV6_ADVANCED_API = Yes], [add_system_opt([IPV6_ADVANCED_API])]) + +dnl ----[ Checks for libraries ]---- +NETLINK_VER=0 +IPVS_USE_NL=No +if test .$enable_lvs != .no -a .${enable_libnl} != .no; then + $PKG_CONFIG --exists libnl-3.0 + if test $? -eq 0; then + add_pkg_config([libnl-3.0], [NL3], [remove-requires]) + AC_CHECK_LIB($NL3_LIB_NAMES, nl_socket_alloc, + [ + NETLINK_VER=3 + NEED_NL3=No + + add_pkg_config([libnl-genl-3.0], [GENL], [remove-requires]) + AC_CHECK_LIB($GENL_LIB_NAMES, genl_connect, [], + [AC_MSG_ERROR([libnl-3 is installed but not libnl-gen-3. Please, install libnl-gen-3/libnl-genl-3.])]) + IPVS_USE_NL=Yes + if test .$enable_libnl_dynamic = .yes; then + add_pkg_config_without_libs([libnl-genl-3.0]) + get_lib_name([$GENL_LIB_NAMES], [genl_connect]) + AC_DEFINE_UNQUOTED([NL3_GENL_LIB_NAME], [ "$LIB_NAME" ], [Define the nl-genl-3.0 library name]) + else + add_pkg_config([libnl-genl-3.0]) + fi + NEED_NL3=Yes + + if test $NEED_NL3 = Yes; then + AC_DEFINE([_HAVE_LIBNL3_], [ 1 ], [Define to 1 if using libnl-3]) + add_system_opt([LIBNL3]) + if test .$enable_libnl_dynamic = .yes; then + add_system_opt([LIBNL_DYNAMIC]) + add_pkg_config_without_libs([libnl-3.0]) + AC_DEFINE([_LIBNL_DYNAMIC_], [ 1 ], [Define to 1 if building with libnl dynamic linking]) + NEED_LIBDL=Yes + get_lib_name([$NL3_LIB_NAMES], [nl_socket_alloc]) + AC_DEFINE_UNQUOTED([NL3_LIB_NAME], [ "$LIB_NAME" ], [Define the nl-3 library name]) + else + add_pkg_config([libnl-3.0]) + fi + fi + ], []) + fi + + if test $NETLINK_VER -eq 0; then + AC_CHECK_LIB(nl, nl_socket_modify_cb, + [ + IPVS_USE_NL=Yes + NETLINK_VER=1 + AC_DEFINE([_HAVE_LIBNL1_], [ 1 ], [Define to 1 if using libnl-1]) + add_system_opt([LIBNL1]) + if test .$enable_libnl_dynamic = .yes; then + add_pkg_config_without_libs([libnl-1]) + add_config_opt([LIBNL_DYNAMIC]) + AC_DEFINE([_LIBNL_DYNAMIC_], [ 1 ], [Define to 1 if building with libnl dynamic linking]) + NEED_LIBDL=Yes + get_lib_name([nl], [nl_socket_modify_cb]) + AC_DEFINE_UNQUOTED([NL_LIB_NAME], [ "$LIB_NAME" ], [Define the nl library name]) + else + add_pkg_config([libnl-1]) + fi + ], + [AC_MSG_WARN([keepalived will be built without libnl support.]) + ]) + fi + + if test $NETLINK_VER -ne 0; then + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$SAV_CPPFLAGS $NL3_CPPFLAGS" + AC_CHECK_HEADERS([netlink/netlink.h], [], [AC_MSG_ERROR([netlink headers missing])]) + AC_CHECK_HEADERS([netlink/genl/ctrl.h netlink/genl/genl.h], [], [AC_MSG_ERROR([netlink genl headers missing])]) + CPPFLAGS="$SAV_CPPFLAGS" + fi +fi +AM_CONDITIONAL([LIBNL1], [test $NETLINK_VER -eq 1]) +AM_CONDITIONAL([LIBNL3], [test $NETLINK_VER -eq 3]) +AM_CONDITIONAL([LIBNL_DYNAMIC], [test .$enable_lvs != .no -a .$enable_libnl_dynamic = .yes -a $NETLINK_VER -ne 0]) +unset LIBS + +AC_CHECK_LIB(magic, magic_open, + [ + AC_DEFINE([_HAVE_LIBMAGIC_], [ 1 ], [Define to 1 if have magic library]) + add_to_var([KA_LIBS], [-lmagic]) + ]) +unset LIBS + +dnl -- Check for the following variables introduced at various times into Linux +dnl --FRA_OIFNAME dnl -- Linux 2.6.33 +dnl --RTAX_QUICKACK dnl -- Linux 3.11 +dnl --FRA_SUPPRESS_PREFIXLEN dnl -- Linux 3.12 +dnl --FRA_SUPPRESS_IFGROUP dnl -- Linux 3.12 +dnl --RTAX_CC_ALGO dnl -- Linux 4.0 +dnl --RTA_VIA dnl -- Linux 4.1 +dnl --RTA_NEWDST dnl -- Linux 4.1 +dnl --RTA_PREF dnl -- Linux 4.1 +dnl --FRA_TUN_ID dnl -- Linux 4.3 +dnl --RTA_ENCAP dnl -- Linux 4.3 +dnl --RTEXT_FILTER_SKIP_STATS dnl -- Linux 4.4 +dnl --RTA_EXPIRES dnl -- Linux 4.5 +dnl --FRA_L3MDEV dnl -- Linux 4.8 +dnl --FRA_UID_RANGE dnl -- Linux 4.10 +dnl --RTAX_FASTOPEN_NO_COOKIE dnl -- Linux 4.15 +dnl --FRA_PROTOCOL dnl -- Linux 4.17 +dnl --FRA_IP_PROTO dnl -- Linux 4.17 +dnl --FRA_SPORT_RANGE dnl -- Linux 4.17 +dnl --FRA_DPORT_RANGE dnl -- Linux 4.17 +dnl --RTA_TTL_PROPAGATE dnl -- Linux 4.12 +AC_CHECK_DECLS([RTA_ENCAP, RTA_EXPIRES, RTA_NEWDST, RTA_PREF, FRA_SUPPRESS_PREFIXLEN, FRA_SUPPRESS_IFGROUP, FRA_TUN_ID, RTAX_CC_ALGO, RTAX_QUICKACK, RTEXT_FILTER_SKIP_STATS, FRA_L3MDEV, FRA_UID_RANGE, RTAX_FASTOPEN_NO_COOKIE, RTA_VIA, FRA_OIFNAME, FRA_PROTOCOL, FRA_IP_PROTO, FRA_SPORT_RANGE, FRA_DPORT_RANGE, RTA_TTL_PROPAGATE], [], [], + [[$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include ]]) +for flag in RTA_ENCAP RTA_EXPIRES RTA_NEWDST RTA_PREF FRA_SUPPRESS_PREFIXLEN FRA_SUPPRESS_IFGROUP FRA_TUN_ID RTAX_CC_ALGO RTAX_QUICKACK RTEXT_FILTER_SKIP_STATS FRA_L3MDEV FRA_UID_RANGE RTAX_FASTOPEN_NO_COOKIE RTA_VIA FRA_OIFNAME FRA_PROTOCOL FRA_IP_PROTO FRA_SPORT_RANGE FRA_DPORT_RANGE RTA_TTL_PROPAGATE; do + AS_VAR_COPY([decl_var], [ac_cv_have_decl_$flag]) + if test ${decl_var} = yes; then + add_system_opt[${flag}] + fi +done + +dnl - Introduced in Linux 3.14 +AC_CHECK_DECLS([IFA_FLAGS], [], [], [[#include ]]) +for flag in IFA_FLAGS; do + AS_VAR_COPY([decl_var], [ac_cv_have_decl_$flag]) + if test ${decl_var} = yes; then + add_system_opt[${flag}] + fi +done + +dnl - Introduced in Linux 2.6.31, but not until glibc 2.17 +AC_CHECK_DECLS([IP_MULTICAST_ALL], + [ + add_system_opt[IP_MULTICAST_ALL] + # Check if definition is in netinet/in.h, since we can't include linux/in.h + # due to conflicting definitions + AC_LINK_IFELSE( + [ + AC_LANG_SOURCE( + [[ + #include + int main(int argc, char **argv) + { + int i = IP_MULTICAST_ALL; + } + ]]) + ], + [], + [ + # No - netinet/in.h doesn't have IP_MULTICAST_ALL + # Build a program that will output the value of the kernel's IP_MULTICAST_ALL + AC_LINK_IFELSE( + [ + AC_LANG_SOURCE( + [[ + #include + #include + #include + int main(int argc, char **argv) + { + printf("%d\n", IP_MULTICAST_ALL); + } + ]]) + ], + [ + # Create local definition of IP_MULTICAST_ALL + IMA=$(./conftest$EXEEXT) + AC_DEFINE_UNQUOTED([IP_MULTICAST_ALL], [ $IMA ], [Defined to value in if not in ]) + ]) + ] + ) + ], + [], + [[ + #include + #include + ]]) + +dnl -- RedHat backported ENCAP_IP and ENCAP_IP6 without MPLS and ILA +AS_IF([test $ac_cv_have_decl_RTA_ENCAP = yes], + [ + AC_CHECK_DECLS([LWTUNNEL_ENCAP_MPLS, LWTUNNEL_ENCAP_ILA], [], [], + [[#include ]]) + for flag in LWTUNNEL_ENCAP_MPLS LWTUNNEL_ENCAP_ILA; do + AS_VAR_COPY([decl_var], [ac_cv_have_decl_$flag]) + if test ${decl_var} = yes; then + add_system_opt([${flag}]) + fi + done + ]) + +dnl ----[Check for iptables libraries]---- +USE_IPTABLES=No +USE_LIBIPTC=No +USE_LIBIPSET=No +AS_IF([test .$enable_iptables != .no], + [ + USE_IPTABLES=Yes + AC_DEFINE([_WITH_IPTABLES_], [ 1 ], [Define to 1 if want iptables support]) + if test .${enable_libiptc} = .no; then + add_config_opt([IPTABLES_CMD]) + else + USE_LIBIPTC=Yes + dnl -- linux/netfilter/x_tables.h since Linux 2.6.16 + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + AC_CHECK_HEADERS([linux/netfilter/x_tables.h libiptc/libip6tc.h libiptc/libiptc.h libiptc/libxtc.h], [], + [ + USE_LIBIPTC=No + break + ]) + CPPFLAGS="$SAV_CPPFLAGS" + + if test $USE_LIBIPTC = Yes; then + add_pkg_config([--static libiptc], [IPTC]) + LIBS="$IPTC_LIBS" + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + AC_CHECK_LIB(iptc, iptc_init, + [ + AC_DEFINE([_HAVE_LIBIPTC_], [ 1 ], [Define to 1 if have iptables libraries]) + add_system_opt([LIBIPTC]) + if test .${enable_libiptc_dynamic} != .yes; then + add_pkg_config([--static libiptc]) + add_config_opt([LIBIPTC]) + dnl - Older versions of libiptc produced a requirement for -liptc, but we don't need it + KA_LIBS=`echo $KA_LIBS | sed -e "s/ -liptc//"` + dnl - Even older versions of libiptc don't produce any requirement other than -liptc + IPTC_LIBS=`echo $IPTC_LIBS | sed -e "s/ *-L[[^ ]]* */ /" -e "s/ *-liptc */ /" -e "s/^ *$//"` + if test ".$IPTC_LIBS" = .; then + KA_LIBS=`echo $KA_LIBS -lip4tc -lip6tc` + fi + else + add_pkg_config_without_libs([libiptc]) + add_config_opt([LIBIPTC_DYNAMIC]) + AC_DEFINE([_LIBIPTC_DYNAMIC_], [ 1 ], [Define to 1 if building with libiptc dynamic linking]) + NEED_LIBDL=Yes + get_lib_name([ip4tc], [iptc_init]) + AC_DEFINE_UNQUOTED([IP4TC_LIB_NAME], [ "$LIB_NAME" ], [Define the ip4tc library name]) + get_lib_name([ip6tc], [ip6tc_init]) + AC_DEFINE_UNQUOTED([IP6TC_LIB_NAME], [ "$LIB_NAME" ], [Define the ip6tc library name]) + LIBIPTC_DYNAMIC=Yes + fi + ], + [USE_LIBIPTC=No]) + CPPFLAGS="$SAV_CPPFLAGS" + fi + + if test $USE_LIBIPTC = Yes; then + dnl ----[Check for ipset libraries]---- + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + if test "${enable_libipset}" != no; then + $PKG_CONFIG --exists libipset + if test $? -eq 0; then + add_pkg_config([libipset], [IPSET]) + else + IPSET_LIBS="-lipset" + fi + SAV_LIBS=$LIBS + LIBS="$IPTC_LIBS $IPSET_LIBS" + + AC_CHECK_LIB(ipset, ipset_session_init, + [ + USE_LIBIPSET=Yes + AC_CHECK_HEADERS([libipset/data.h libipset/linux_ip_set.h libipset/session.h libipset/types.h], [], + [ + USE_LIBIPSET=No + break + ]) + + if test $USE_LIBIPSET = Yes; then + dnl -- Need to use for prior to Linux 3.4 + EXTRA_INCLUDE= + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + ]])], + [AC_CHECK_HEADERS([linux/netfilter/xt_set.h], [], [USE_LIBIPSET=No], [])], + [AC_CHECK_HEADER([linux/netfilter/xt_set.h], + [ + AC_DEFINE([USE_LIBIPSET_LINUX_IP_SET_H], [ 1 ], [Define to 1 if needs ]) + EXTRA_INCLUDE="#include " + ], [USE_LIBIPSET=No], + [[#include ]]) + ] + ) + fi + + if test $USE_LIBIPSET = Yes; then + AC_DEFINE([_HAVE_LIBIPSET_], [ 1 ], [Define to 1 if have ipset library]) + $PKG_CONFIG --exists libipset + if test $? -eq 0; then + if test .${enable_libipset_dynamic} = .no; then + add_pkg_config([libipset]) + else + add_pkg_config_without_libs([libipset]) + fi + elif test .${enable_libipset_dynamic} = .no; then + add_to_var([KA_LIBS], [-lipset]) + fi + if test .${enable_libipset_dynamic} != .no; then + AC_DEFINE([_LIBIPSET_DYNAMIC_], [ 1 ], [Define to 1 if building with libipset dynamic linking]) + add_config_opt([LIBIPSET_DYNAMIC]) + NEED_LIBDL=Yes + get_lib_name([ipset], [ipset_session_init]) + AC_DEFINE_UNQUOTED([IPSET_LIB_NAME], [ "$LIB_NAME" ], [Define the ipset library name]) + else + add_config_opt([LIBIPSET]) + fi + + dnl -- xt_set_info_match first introduced in Linux 2.6.39 (initial implementation of ipsets) + dnl -- xt_set_info_match_v1 declared since Linux 3.1 + AC_CHECK_MEMBER([struct xt_set_info_match_v1.match_set.index], [AC_DEFINE([HAVE_XT_SET_INFO_MATCH_V1], [ 1 ], [Define to 1 if have struct xt_set_info_match_v1])], [], + [ + $EXTRA_INCLUDE + #include + ]) + dnl -- xt_set_info_match_v3 declared since Linux 3.10 + AC_CHECK_MEMBER([struct xt_set_info_match_v3.match_set.index], [AC_DEFINE([HAVE_XT_SET_INFO_MATCH_V3], [ 1 ], [Define to 1 if have struct xt_set_info_match_v3])], [], + [ + $EXTRA_INCLUDE + #include + ]) + dnl -- xt_set_info_match_v4 declared since Linux 3.19 + AC_CHECK_MEMBER([struct xt_set_info_match_v4.match_set.index], [AC_DEFINE([HAVE_XT_SET_INFO_MATCH_V4], [ 1 ], [Define to 1 if have struct xt_set_info_match_v4])], [], + [ + $EXTRA_INCLUDE + #include + ]) + + dnl - ipset type iface introduced in Linux 3.1 + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + int main(void) { int var = IPSET_ATTR_IFACE; } + ]])], + [AC_DEFINE([HAVE_IPSET_ATTR_IFACE], [ 1 ], [Define to 1 if ipset supports iface type])]) + + dnl - The include guard for has the leading _UAPI remove when + dnl - the source code is processed to produce the actual header files. + dnl - Unfortunately libipset provides a copy of the kernel headers, as , + dnl - but it doesn't remove the _UAPI from the header files when installing them. + dnl - Unfortunately we need to include some libipset header files, which include the + dnl - libipset version, and also which includes the kernel version. + dnl - To get around this problem, after include one of these we need to define the header guard + dnl - for the other, to stop it being included as well. + dnl - This is reported as a bug against ipset at https://bugzilla.netfilter.org/show_bug.cgi?id=1139 + dnl - We will take the kernel version if there is an inclusion collision. + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #include + int main(void) {} + ]])], [], + [AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #ifdef _UAPI_IP_SET_H + #error _UAPI_IP_SET_H defined + #endif + int main(void) {} + ]])], + [AC_DEFINE([LIBIPSET_H_ADD_UAPI_IP_SET_H_GUARD], [1], [Define to add guard _UAPI_IP_SET_H before including ])], + [AC_DEFINE([LIBIPSET_H_ADD_IP_SET_H_GUARD], [1], [Define to add guard _IP_SET_H before including ])]) + ]) + fi + + if test $USE_LIBIPSET = Yes; then + AC_MSG_CHECKING([for libipset version 7 or later]) + AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [[ + #include + + void test_func(void) + { + ipset_session_init(NULL, NULL); + } + ]])], + [ + AC_MSG_RESULT([yes]) + ], + [ + AC_MSG_RESULT([no]) + AC_DEFINE([LIBIPSET_PRE_V7_COMPAT], [ 1 ], [Define to 1 if libipset library version prior to v7]) + add_system_opt[LIBIPSET_PRE_V7] + ]) + fi + ]) + LIBS="$SAV_LIBS" + fi + + dnl -- XT_EXTENSION_MAXNAMELEN not defined until Linux 2.6.35 + AC_CHECK_DECL([XT_EXTENSION_MAXNAMELEN], [], + [AC_DEFINE([XT_EXTENSION_MAXNAMELEN], [ (XT_FUNCTION_MAXNAMELEN - 1) ], [Define if doesnt define it])], + [#include ]) + + CPPFLAGS="$SAV_CPPFLAGS" + fi + fi + AS_IF([test $USE_LIBIPTC = No -o .$LIBIPTC_DYNAMIC = .Yes], + [AC_DEFINE([_USE_IPTABLES_CMD_], [ 1 ], [Define to 1 if using iptables command enabled])]) + ]) +AM_CONDITIONAL([LIBIPTC], [test $USE_LIBIPTC = Yes]) +AM_CONDITIONAL([LIBIPSET], [test $USE_LIBIPSET = Yes]) +AM_CONDITIONAL([IPTABLES], [test $USE_IPTABLES = Yes]) +AM_CONDITIONAL([IPTABLES_CMD], [test $USE_IPTABLES = Yes -a \( $USE_LIBIPTC = No -o .$LIBIPTC_DYNAMIC = .Yes \)]) +AM_CONDITIONAL([LIBIPTC_DYNAMIC], [test $USE_LIBIPTC = Yes -a .$LIBIPTC_DYNAMIC = .Yes]) +AM_CONDITIONAL([LIBIPSET_DYNAMIC], [test $USE_LIBIPSET = Yes -a .${enable_libipset_dynamic} != .no]) +AM_CONDITIONAL([REQUIRE_IPTABLES_LIBS], [test $USE_IPTABLES = Yes -a $USE_LIBIPTC = Yes -a .$LIBIPTC_DYNAMIC = .Yes]) +unset LIBS + +dnl ----[Check for nftables libraries]---- +USE_NFTABLES=No +if test .${enable_nftables} != .no; then + USE_NFTABLES=Yes + dnl -- linux/netfilter/nf_tables.h since Linux 3.13 + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + AC_CHECK_DECL([NFTA_TABLE_MAX], [], + [ + AS_IF([test .${enable_nftables} = .yes], [AC_MSG_ERROR([nftables header files missing/not useable])]) + USE_NFTABLES=No + ], + [#include ]) + + if test $USE_NFTABLES = Yes; then + $PKG_CONFIG --exists libnftnl + if test $? -ne 0; then + USE_NFTABLES=No + AC_MSG_WARN([libnftnl missing]) + fi + $PKG_CONFIG --exists libmnl + if test $? -ne 0; then + USE_NFTABLES=No + AC_MSG_WARN([libmnl missing]) + fi + + if test $USE_NFTABLES = Yes; then + # nft prior to version 0.8.3 does not support type ifname in sets. We can't check the version of + # nft, but we can check the version of libnftnl. nft v0.8.3 required libnftnl v1.0.9, but so did + # nft v0.8.2. So play safe, and require the next version. + #LIBNFTNL_VERSION=`printf "0x%2.2x%2.2x%2.2xU" \`pkg-config --modversion libnftnl | sed -e "s/\./ /g"\`` + #AC_DEFINE_UNQUOTED([LIBNFTNL_VERSION], [ $LIBNFTNL_VERSION ], [libnftnl version in hex]) + + add_pkg_config([libnftnl]) + add_pkg_config([libmnl]) + AC_DEFINE([_WITH_NFTABLES_], [ 1 ], [Define to 1 if want nftables support]) + add_config_opt([NFTABLES]) + AC_MSG_CHECKING([whether NFTNL_EXPR_LOOKUP_FLAGS is defined]) + AC_LINK_IFELSE([AC_LANG_SOURCE([[ + #include + int main(void) + { + int i = NFTNL_EXPR_LOOKUP_FLAGS; + return 0; + } + ]])], [ + AC_MSG_RESULT(yes) + AC_DEFINE([HAVE_NFTNL_EXPR_LOOKUP_FLAGS], [ 1 ], [Define to 1 if NFTNL_EXPR_LOOKUP_FLAGS defined]) + ],[ + AC_MSG_RESULT(no) + ]) + # nft dup from Linux 4.3 + AC_CHECK_DECLS([NFTA_DUP_MAX], [], [], + [#include ]) + + AC_CHECK_HEADERS([libnftnl/udata.h], + [ + AC_MSG_CHECKING([for nftnl_udata_put_u32]) + SAV_LIBS="$LIBS" + LIBS="$LIBS `$PKG_CONFIG --libs libnftnl`" + AC_LINK_IFELSE([AC_LANG_SOURCE([[ + #include + int main(void) + { + nftnl_udata_put_u32(NULL, 0, 0); + return 0; + } + ]])], [ + AC_MSG_RESULT(yes) + AC_DEFINE([HAVE_NFTNL_UDATA_PUT_U32], [ 1 ], [Define to 1 if nftnl_udata_put_u32 declared]) + ],[ + AC_MSG_RESULT(no) + ]) + LIBS="$SAV_LIBS" + ]) + fi + fi + CPPFLAGS="$SAV_CPPFLAGS" +fi +AM_CONDITIONAL([NFTABLES], [test $USE_NFTABLES = Yes]) +unset LIBS + +AS_IF([test $USE_IPTABLES = Yes -o $USE_NFTABLES = Yes], [AC_DEFINE([_WITH_FIREWALL_], [ 1 ], [Define to 1 if using iptables or nftables])]) +AM_CONDITIONAL([FIREWALL], [test $USE_IPTABLES = Yes -o $USE_NFTABLES = Yes]) + +dnl ----[Check if have linux/if.h and net/if.h namespace collision]---- +# Including and can cause a namespace collision. +# Later versions of the headers are OK if linux/if.h is included second +AC_MSG_CHECKING([for linux/if.h and net/if.h namespace collision]) +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #include + ]])], + [ + AC_MSG_RESULT([no]) + ], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([_HAVE_NET_LINUX_IF_H_COLLISION_], [ 1 ], [Define to 1 if have linux/if.h followed by net/if.h namespace collision]) + add_system_opt([NET_LINUX_IF_H_COLLISION]) + ]) +CPPFLAGS="$SAV_CPPFLAGS" + +dnl ----[Check if have linux/if_ether.h and netinet/if_ether.h namespace collision]---- +# Including and causes a namespace collision +# with musl libc, but the collision only occurs if linux/ip_ether.h is included +# before netinet/if_ether.h. The problem is that we want to include them in that +# order. +AC_MSG_CHECKING([for linux/if_ether.h then netinet/if_ether.h namespace collision]) +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #include + ]])], + [ + AC_MSG_RESULT([no]) + ], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([_HAVE_NETINET_LINUX_IF_ETHER_H_COLLISION_], [ 1 ], [Define to 1 if have linux/if_ether.h then netinet/if_ether.h namespace collision]) + add_system_opt([NETINET_LINUX_IF_ETHER_H_COLLISION]) + ]) +CPPFLAGS="$SAV_CPPFLAGS" + +# Linux 4.5 to 4.5.4 has indirectly including +# and which causes a namespace collision. +AC_MSG_CHECKING([for libiptc/libiptc.h linux/if.h and net/if.h namespace collision]) +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + ]])], + [ + AC_MSG_RESULT([no]) + ], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([_HAVE_LIBIPTC_LINUX_NET_IF_H_COLLISION_], [ 1 ], [Define to 1 if have libiptc/libiptc.h linux/if.h and net/if.h namespace collision]) + add_system_opt([LIBIPTC_LINUX_NET_IF_H_COLLISION]) + ]) +CPPFLAGS="$SAV_CPPFLAGS" + +dnl ----[ Checks for LVS, VRRP and BFD support ]---- +IPVS_SYNCD_ATTRIBUTES=No +IPVS_64BIT_STATS=No +WITH_REGEX=No +ENABLE_REGEX_DEBUG=No +if test "$enable_lvs" != no; then + IPVS_SUPPORT=Yes + add_config_opt([LVS]) + AC_DEFINE([_WITH_LVS_], [ 1 ], [Define to 1 if have IPVS support]) + + dnl -- exists from Linux 2.6.27; prior to that is used + AC_CHECK_HEADERS([linux/ip_vs.h], + [ + dnl -- From Linux 2.6.35 (but CentOS has it in 2.6.32) + AC_CHECK_DECLS([IP_VS_SVC_F_ONEPACKET], [], [], + [[#include ]]) + ]) + + if test $IPVS_USE_NL = Yes; then + AC_DEFINE([LIBIPVS_USE_NL], [ 1 ], [Define to 1 if libipvs can use netlink]) + add_system_opt([LIBIPVS_NETLINK]) + fi + + dnl ----[ IPVS syncd options ]--- + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + + dnl -- Since Linux 3.18 + AC_CHECK_DECLS([IPVS_DEST_ATTR_ADDR_FAMILY], [add_system_opt([IPVS_DEST_ATTR_ADDR_FAMILY])], [], [#include ]) + + dnl -- Since Linux ?.?.? + IPVS_SYNCD_ATTRIBUTES=Yes + AC_CHECK_DECLS([ + IPVS_DAEMON_ATTR_SYNC_MAXLEN, + IPVS_DAEMON_ATTR_MCAST_GROUP, + IPVS_DAEMON_ATTR_MCAST_GROUP6, + IPVS_DAEMON_ATTR_MCAST_PORT, + IPVS_DAEMON_ATTR_MCAST_TTL], [], + [ + IPVS_SYNCD_ATTRIBUTES=No + break + ], + [[#include ]]) + + dnl -- Since Linux 4.3 + if test $IPVS_SYNCD_ATTRIBUTES = Yes; then + AC_DEFINE([_HAVE_IPVS_SYNCD_ATTRIBUTES_], [ 1 ], [Define to 1 if have IPVS syncd attributes]) + add_system_opt([IPVS_SYNCD_ATTRIBUTES]) + fi + + dnl ----[ IPVS 64-bit stats ]---- + dnl -- Since Linux 4.1 + if test "$enable_lvs_64bit_stats" != "no"; then + IPVS_64BIT_STATS=Yes + AC_CHECK_DECLS([ + IPVS_SVC_ATTR_STATS64, + IPVS_DEST_ATTR_STATS64], [], + [ + IPVS_64BIT_STATS=No + break + ], + [[#include ]]) + if test $IPVS_64BIT_STATS = Yes; then + AC_DEFINE([_WITH_LVS_64BIT_STATS_], [ 1 ], [Define to 1 if have IPVS 64 bit stats]) + add_system_opt([IPVS_64BIT_STATS]) + fi + fi + + dnl ----[ IPVS tunnel type ]---- + dnl -- Since Linux 5.2 + AC_CHECK_DECLS([IPVS_DEST_ATTR_TUN_TYPE], + [ + AC_DEFINE([_HAVE_IPVS_TUN_TYPE_], [ 1 ], [Define to 1 if have IPVS tunnel type]) + add_system_opt([IPVS_TUN_TYPE]) + ], [], + [[#include ]]) + + dnl -- Since Linux 5.3 + AC_CHECK_DECLS([IP_VS_TUNNEL_ENCAP_FLAG_NOCSUM], + [ + AC_DEFINE([_HAVE_IPVS_TUN_CSUM_], [ 1 ], [Define to 1 if have IPVS tunnel checksum options]) + add_system_opt([IPVS_TUN_CSUM]) + ], [], + [[#include ]]) + + dnl -- Since Linux 5.3 + AC_CHECK_DECLS([IP_VS_CONN_F_TUNNEL_TYPE_GRE], + [ + AC_DEFINE([_HAVE_IPVS_TUN_GRE_], [ 1 ], [Define to 1 if have IPVS gre tunnel]) + add_system_opt([IPVS_TUN_GRE]) + ], [], + [[#include ]]) + + CPPFLAGS="$SAV_CPPFLAGS" + + dnl ----[ Is HTTP_GET regex checking wanted? ]---- + AS_IF([test "$enable_regex" = yes], + [ + $PKG_CONFIG --exists libpcre2-8 + HAVE_PCRE2=$? + AS_IF([test $HAVE_PCRE2 -ne 0], [AC_MSG_ERROR([cannot find pcre library])]) + AC_MSG_CHECKING([for pcre.h]) + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #define PCRE2_CODE_UNIT_WIDTH 8 + #include + ]])], + [ + AC_MSG_RESULT([yes]) + WITH_REGEX=Yes + add_pkg_config([libpcre2-8]) + AC_DEFINE([_WITH_REGEX_CHECK_], [ 1 ], [Define to 1 to build with HTTP_GET regex checking]) + add_config_opt([REGEX]) + ], + [ + AC_MSG_RESULT([no]) + AC_MSG_ERROR([pcre2.h is missing]) + ]) + if test "$enable_regex_timers" = yes; then + AC_DEFINE([_WITH_REGEX_TIMERS_], [ 1 ], [Define to 1 to include regex timers]) + fi + + if test "${enable_regex_debug}" = yes; then + AC_DEFINE([_REGEX_DEBUG_], [ 1 ], [Define to 1 to build with regex debugging support]) + ENABLE_REGEX_DEBUG=Yes + add_config_opt([REGEX_DEBUG]) + fi + ]) +else + IPVS_SUPPORT=No +fi +AM_CONDITIONAL([WITH_IPVS], [test $IPVS_SUPPORT = Yes]) +AM_CONDITIONAL([WITH_REGEX], [test $WITH_REGEX = Yes]) + +dnl ----[ Checks for kernel netlink support ]---- +VRRP_SUPPORT=No +VRRP_AUTH_SUPPORT=No +MACVLAN_SUPPORT=No +ENABLE_JSON=No +BFD_SUPPORT=No +HAVE_CN_PROC=No +if test "$enable_vrrp" != no; then + VRRP_SUPPORT=Yes + AC_DEFINE([_WITH_VRRP_], [ 1 ], [Define to 1 if have VRRP support]) + add_config_opt([VRRP]) + + dnl ----[ check for VRRP authentication support ]---- + if test "${enable_vrrp_auth}" != no; then + VRRP_AUTH_SUPPORT=Yes + AC_DEFINE([_WITH_VRRP_AUTH_], [ 1 ], [Define to 1 if want ARRP authentication support]) + add_config_opt([VRRP_AUTH]) + fi + + dnl ----[ Checks for kernel VMAC support ]---- + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + MACVLAN_SUPPORT=Yes + dnl -- Since Linux 2.6.33 + AC_CHECK_DECLS([ + IFLA_MACVLAN_MODE, + MACVLAN_MODE_PRIVATE], [], + [ + MACVLAN_SUPPORT=No + break + ], [[ + #include + #include + ]]) + if test $MACVLAN_SUPPORT = Yes; then + AC_DEFINE([_HAVE_VRRP_VMAC_], [ 1 ], [Define to 1 if have MAC VLAN support]) + add_system_opt([VRRP_VMAC]) + fi + CPPFLAGS="$SAV_CPPFLAGS" + + dnl ----[ Checks for kernel IPVLAN support ]---- + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + IPVLAN_SUPPORT=Yes + dnl -- Since Linux 3.19 + AC_CHECK_DECLS([ + IFLA_IPVLAN_MODE], [], + [ + IPVLAN_SUPPORT=No + break + ], [[ + #include + #include + ]]) + if test $IPVLAN_SUPPORT = Yes; then + AC_DEFINE([_HAVE_VRRP_IPVLAN_], [ 1 ], [Define to 1 if have IP VLAN support]) + add_system_opt([VRRP_IPVLAN]) + fi + CPPFLAGS="$SAV_CPPFLAGS" + + dnl ----[ Check for IFLA_LINK_NETNSID support ]---- since Linux v4.0 + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + int main(void) { int var = IFLA_LINK_NETNSID; } + ]])], + [ + AC_DEFINE([HAVE_IFLA_LINK_NETNSID], [ 1 ], [Define to 1 if IFLA_LINK_NETNSID supported]) + add_system_opt([IFLA_LINK_NETNSID]) + ]) + + dnl ----[ JSON output or not ? ]---- + if test "${enable_json}" = yes; then + ENABLE_JSON=Yes + AC_DEFINE([_WITH_JSON_], [ 1 ], [Define to 1 to build with JSON output support]) + add_config_opt([JSON]) + fi + + dnl ----[ BFD support ? ]---- + if test "${enable_bfd}" = yes; then + BFD_SUPPORT=Yes + AC_DEFINE([_WITH_BFD_], [ 1 ], [Define to 1 if have BFD support]) + add_config_opt([BFD]) + fi + + dnl -- Check for process events connector - Linux v2.6.15 + AS_IF([test .$enable_track_process != .no], + [ + add_system_opt([CN_PROC]) + HAVE_CN_PROC=Yes + AC_DEFINE([_WITH_CN_PROC_], [ 1 ], [Define to 1 if have linux/cn_proc.h and track-process not disabled]) + dnl -- PROC_EVENT_SID since Linux v2.6.32 + dnl -- PROC_EVENT_PTRACE since Linux v3.1 + dnl -- PROC_EVENT_COMM since Linux v3.2 + dnl -- PROC_EVENT_COREDUMP since Linux v3.10 + AC_CHECK_DECLS([PROC_EVENT_SID, PROC_EVENT_PTRACE, PROC_EVENT_COMM, PROC_EVENT_COREDUMP], [], [], [[#include ]]) + ], + [add_config_opt([DISABLE_TRACK_PROCESS])]) +fi +AM_CONDITIONAL([WITH_VRRP], [test $VRRP_SUPPORT = Yes]) +AM_CONDITIONAL([VRRP_AUTH], [test $VRRP_AUTH_SUPPORT = Yes]) +AM_CONDITIONAL([VMAC], [test $MACVLAN_SUPPORT = Yes]) +AM_CONDITIONAL([WITH_JSON], [test $ENABLE_JSON = Yes]) +AM_CONDITIONAL([WITH_BFD], [test $BFD_SUPPORT = Yes]) +AM_CONDITIONAL([CN_PROC], [test $HAVE_CN_PROC = Yes]) + +if test ${IPVS_SUPPORT} = No -a ${VRRP_SUPPORT} = No; then + AC_MSG_ERROR([keepalived MUST be compiled with at least one of LVS or VRRP framework]) +fi + +dnl ----[ Checks for glibc SOCK_NONBLOCK support ]---- +# Introduced in Linux 2.6.27 and glibc 2.9 +AC_CHECK_DECLS([SOCK_NONBLOCK], [add_system_opt([SOCK_NONBLOCK])], [],[[#include ]]) +AM_CONDITIONAL([SOCK_NONBLOCK], [test $ac_cv_have_decl_SOCK_NONBLOCK = yes]) + +dnl ----[ Checks for glibc SOCK_CLOEXEC support ]---- +# Introduced in Linux 2.6.27 and glibc 2.9 +AC_CHECK_DECLS([SOCK_CLOEXEC], [add_system_opt([SOCK_CLOEXEC])], [],[[#include ]]) + +dnl ----[ Checks for pe support ]---- +# Introduced in Linux 2.6.37 +AC_CHECK_DECL([IPVS_SVC_ATTR_PE_NAME], + [ + AC_DEFINE([_HAVE_PE_NAME_], [ 1 ], [Define to 1 if have pe selection support]) + ], + [], [[#include ]]) + +dnl ----[ Checks for O_PATH support ]---- +# Introduced in Linux 2.6.39 +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE" +AC_CHECK_DECLS([O_PATH], + [ + add_system_opt([O_PATH]) + ], [],[[#include ]]) +CPPFLAGS="$SAV_CPPFLAGS" + +dnl ----[ Check for GLOB_BRACE support ]---- +AC_CHECK_DECLS([GLOB_BRACE], [add_system_opt([GLOB_BRACE])], [], [[#include ]]) + +dnl ----[ Do we want v1.3.6 and earlier VRRPv3 unicast checksum compatibility support ]---- +UNICAST_CHKSUM_COMPAT_SUPPORT=No +if test .$enable_checksum_compat != .no; then + UNICAST_CHKSUM_COMPAT_SUPPORT=Yes + AC_DEFINE([_WITH_UNICAST_CHKSUM_COMPAT_], [ 1 ], [Define to 1 to enable v1.3.6 and earlier VRRPv3 unicast checksum compatibility]) + add_config_opt([OLD_CHKSUM_COMPAT]) +fi + +dnl ----[ Checks for FIB routing support ]---- +FIB_ROUTING_SUPPORT=No +if test .$enable_vrrp != .no -a .$enable_routes != .no; then + # Introduced in Linux 2.6.19 + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + AC_CHECK_DECL([FRA_SRC], + [ + FIB_ROUTING_SUPPORT=Yes + AC_DEFINE([_HAVE_FIB_ROUTING_], [ 1 ], [Define to 1 if have FIB routing support]) + add_config_opt([FIB_ROUTING]) + ], [], + [[#include + #include ]]) + CPPFLAGS="$SAV_CPPFLAGS" +fi +AM_CONDITIONAL([FIB_ROUTING], [test $FIB_ROUTING_SUPPORT = Yes]) + +dnl ----[ Check if linkbeat wanted ]---- +AS_IF([test .$enable_linkbeat = .no], + [ + LINKBEAT_SUPPORT=No + add_config_opt([NO_LINKBEAT]) + ], + [ + LINKBEAT_SUPPORT=Yes + AC_DEFINE([_WITH_LINKBEAT_], [ 1 ], [Define to 1 if have linkbeat support]) + ]) + +dnl ----[ Checks for kernel IFLA_INET6_ADDR_GEN_MODE support ]---- +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +if test ${MACVLAN_SUPPORT} = Yes; then + # Introduced in Linux 3.17 + AC_CHECK_DECLS([IFLA_INET6_ADDR_GEN_MODE], + [ + add_system_opt([INET6_ADDR_GEN_MODE]) + ], [], [[ + #include + ]]) +fi +CPPFLAGS="$SAV_CPPFLAGS" + +dnl ----[ Checks for kernel IFLA_VRF_... support ]---- +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +if test ${MACVLAN_SUPPORT} = Yes; then + # Introduced in Linux 4.3 + AC_CHECK_DECLS([IFLA_VRF_MAX], + [ + add_system_opt([VRF]) + AC_DEFINE([_HAVE_VRF_], [ 1 ], [Define to 1 if have kernel VRF support]) + ], [], [[ + #include + ]]) +fi +CPPFLAGS="$SAV_CPPFLAGS" + +dnl ----[ Checks for SNMP support ]---- +SNMP_SUPPORT=No +SNMP_KEEPALIVED_SUPPORT=No +SNMP_VRRP_SUPPORT=No +SNMP_RFC_SUPPORT=No +SNMP_RFCV2_SUPPORT=No +SNMP_RFCV3_SUPPORT=No +SNMP_CHECKER_SUPPORT=No +SNMP_V3_FOR_V2=No +if test "$enable_snmp_keepalived" = yes; then + AC_MSG_WARN([--enable-snmp-keepalived is obsolete. Use --enable-snmp-vrrp.]) + enable_snmp_vrrp=$enable_snmp_keepalived +fi +if test "$enable_snmp" = yes -o \ + "$enable_snmp_vrrp" = yes -o \ + "$enable_snmp_checker" = yes -o \ + "$enable_snmp_rfc" = yes -o \ + "$enable_snmp_rfcv2" = yes -o \ + "$enable_snmp_rfcv3" = yes; then + AC_PATH_TOOL([NETSNMP_CONFIG], [net-snmp-config], [no]) + if test "$NETSNMP_CONFIG" = no; then + AC_MSG_ERROR([*** unable to find net-snmp-config]) + fi + NETSNMP_LIBS_AGENT=`${NETSNMP_CONFIG} --netsnmp-agent-libs` + NETSNMP_LIBS_EXT=`${NETSNMP_CONFIG} --external-libs` + NETSNMP_LIBS="$NETSNMP_LIBS_AGENT $NETSNMP_LIBS_EXT" + NETSNMP_CFLAGS="`${NETSNMP_CONFIG} --base-cflags`" + NETSNMP_CPPFLAGS="-DNETSNMP_NO_INLINE" + + # net-snmp-config adds compiler and linker options that were set at the time + # net-snmp was built, and this can include spec files that may not exist + # on the system building keepalived. We need to check if any spec files + # are specified, and if they do not exist on this system, then remove them + # from NETSNMP_LIBS or NETSNMP_CFLAGS. + # For further information, see https://bugzilla.redhat.com/show_bug.cgi?id=1544527 + # and the other bugs referred to in it. + for spec in `echo $NETSNMP_LIBS | sed -e "s? ?\n?g" | grep "^-specs="`; do + SPEC_FILE=`echo $spec | sed -e "s?^-spaces=??"` + if test ! -f $SPEC_FILE; then + NETSNMP_LIBS=`echo $NETSNMP_LIBS | sed -e "s? *$spec *? ?"` + AC_MSG_WARN([Removing $spec from NETSNMP_LIBS since spec file not installed]) + fi + done + for spec in `echo $NETSNMP_CFLAGS | sed -e "s? ?\n?g" | grep "^-specs="`; do + SPEC_FILE=`echo $spec | sed -e "s?^-spaces=??"` + if test ! -f $SPEC_FILE; then + NETSNMP_CFLAGS=`echo $NETSNMP_CFLAGS | sed -e "s? *$spec *? ?"` + AC_MSG_WARN([Removing $spec from NETSNMP_CFLAGS since spec file not installed]) + fi + done + + SAV_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS ${NETSNMP_CFLAGS}" + SAV_LIBS="$LIBS" + LIBS="$LIBS ${NETSNMP_LIBS}" + AC_MSG_CHECKING([whether C compiler supports flag "${NETSNMP_CFLAGS} ${NETSNMP_LIBS}" from Net-SNMP]) + AC_LINK_IFELSE([AC_LANG_SOURCE([[ + int main(void) + { + return 0; + } + ]])], [ + AC_MSG_RESULT(yes) + ],[ + AC_MSG_RESULT(no) + AC_MSG_ERROR([*** incorrect CFLAGS from net-snmp-config]) + ]) + + # Do we have subagent support? + AC_CHECK_FUNCS([netsnmp_enable_subagent], [], + [AC_MSG_ERROR([*** no subagent support in net-snmp])]) + + # check for net-snmp headers + # Some ancient distributions may miss header + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $NETSNMP_CFLAGS" + AC_CHECK_HEADERS(net-snmp/agent/agent_sysORTable.h net-snmp/agent/snmp_vars.h net-snmp/agent/util_funcs.h,[], + [AC_MSG_ERROR([missing net-snmp headers])],[[ + #include + #include + #include + ]]) + + SNMP_SUPPORT=Yes + + # NETSNMP_CFLAGS can have CPPFLAGS options, so separate them + NETSNMP_CPPFLAGS_XTRA=`echo " $NETSNMP_CFLAGS " | sed -e "s/ / /g" -e "s/ -[[^IDU]] *-/ -/g" -e "s/ -[[^IDU]] *[[^-]][[^ ]]* / /g" -e "s/ */ /g"` + NETSNMP_CFLAGS=`echo " $NETSNMP_CFLAGS " | sed -e "s/ / /g" -e "s/ -[[IDU]] *[[^ ]]* / /g" -e "s/ */ /g"` + add_to_var([KA_CFLAGS], [$NETSNMP_CFLAGS]) + add_to_var([KA_CPPFLAGS], [$NETSNMP_CPPFLAGS $NETSNMP_CPPFLAGS_XTRA]) + + # NETSNMP_LIBS may have some LDFLAGS options, so separate them + NETSNMP_LDFLAGS_XTRA=`echo " $NETSNMP_LIBS " | sed -e "s/ / /g" -e "s/ -l *[[^ ]]* / /g" -e "s/ */ /g" -e "s/ -/ @-/g" | tr "@" "\n" | sed -e "s/^ *//" -e "s/ *$//" | sort -u | tr "\n" " "` + NETSNMP_LIBS=`echo " $NETSNMP_LIBS " | sed -e "s/ / /g" -e "s/ \(-l *[[^ ]]*\) /@\1@/g" | tr "@" "\n" | grep "^-l" | tr "\n" " " | sed -e "s/ */ /g"` + add_to_var([KA_LDFLAGS], [$NETSNMP_LDFLAGS $NETSNMP_LDFLAGS_XTRA]) + add_to_var([KA_LIBS], [$NETSNMP_LIBS]) + + if test "$enable_snmp_rfc" = yes; then + SNMP_RFCV2_SUPPORT=Yes + SNMP_RFCV3_SUPPORT=Yes + else + if test "$enable_snmp_rfcv2" = yes; then + SNMP_RFCV2_SUPPORT=Yes + fi + if test "$enable_snmp_rfcv3" = yes; then + SNMP_RFCV3_SUPPORT=Yes + fi + fi + if test ${SNMP_RFCV2_SUPPORT} = Yes -o \ + ${SNMP_RFCV3_SUPPORT} = Yes; then + if test ${VRRP_SUPPORT} != Yes; then + AC_MSG_ERROR([RFC SNMP support requires VRRP]) + fi + SNMP_RFC_SUPPORT=Yes + fi + if test ${SNMP_RFCV3_SUPPORT} = Yes -a \ + "$enable_snmp_reply_v3_for_v2" != no; then + AC_DEFINE([_SNMP_REPLY_V3_FOR_V2_], [ 1 ], [Define to 1 to have keepalived send RFC6527 SNMP responses for VRRPv2 instances]) + SNMP_V3_FOR_V2=Yes + add_config_opt([SNMP_V3_FOR_V2]) + fi + + if test "$enable_snmp" = yes; then + if test ${VRRP_SUPPORT} = Yes; then + SNMP_VRRP_SUPPORT=Yes + fi + if test ${IPVS_SUPPORT} = Yes; then + SNMP_CHECKER_SUPPORT=Yes + fi + else + if test "$enable_snmp_vrrp" = yes; then + SNMP_VRRP_SUPPORT=Yes + fi + if test "$enable_snmp_checker" = yes; then + SNMP_CHECKER_SUPPORT=Yes + fi + fi + if test ${VRRP_SUPPORT} != Yes -a \ + ${SNMP_VRRP_SUPPORT} = Yes; then + AC_MSG_ERROR([VRRP SNMP support requires VRRP]) + fi + if test ${IPVS_SUPPORT} = No -a \ + ${SNMP_CHECKER_SUPPORT} = Yes; then + AC_MSG_ERROR([CHECKER SNMP support requires checker]) + fi + + if test ${SNMP_VRRP_SUPPORT} = Yes -o \ + ${SNMP_CHECKER_SUPPORT} = Yes; then + SNMP_KEEPALIVED_SUPPORT=Yes + fi + + CPPFLAGS="$SAV_CPPFLAGS" + CFLAGS="$SAV_CFLAGS" + LIBS="$SAV_LIBS" +fi + +dnl ----[What SNMP support is required]---- +if test $SNMP_SUPPORT = Yes; then + AC_DEFINE([_WITH_SNMP_], [ 1 ], [Define to 1 to have SNMP support]) +fi +if test $SNMP_KEEPALIVED_SUPPORT = Yes; then + AC_DEFINE([_WITH_SNMP_KEEPALIVED_], [ 1 ], [Define to 1 to have keepalived SNMP support]) +fi +if test $SNMP_VRRP_SUPPORT = Yes; then + AC_DEFINE([_WITH_SNMP_VRRP_], [ 1 ], [Define to 1 to have keepalived SNMP VRRP support]) + add_config_opt([SNMP_VRRP]) +fi +if test $SNMP_CHECKER_SUPPORT = Yes; then + AC_DEFINE([_WITH_SNMP_CHECKER_], [ 1 ], [Define to 1 to have keepalived SNMP checker support]) + add_config_opt([SNMP_CHECKER]) +fi +if test $SNMP_RFC_SUPPORT = Yes; then + AC_DEFINE([_WITH_SNMP_RFC_], [ 1 ], [Define to 1 to have RFC SNMP support]) +fi +if test $SNMP_RFCV2_SUPPORT = Yes; then + AC_DEFINE([_WITH_SNMP_RFCV2_], [ 1 ], [Define to 1 to have RFCv2 SNMP support]) + add_config_opt([SNMP_RFCV2]) +fi +if test $SNMP_RFCV3_SUPPORT = Yes; then + AC_DEFINE([_WITH_SNMP_RFCV3_], [ 1 ], [Define to 1 to have RFCv3 SNMP support]) + add_config_opt([SNMP_RFCV3]) +fi +AM_CONDITIONAL([SNMP], [test $SNMP_SUPPORT = Yes]) +AM_CONDITIONAL([SNMP_KEEPALIVED], [test $SNMP_KEEPALIVED_SUPPORT = Yes]) +AM_CONDITIONAL([SNMP_VRRP], [test $SNMP_VRRP_SUPPORT = Yes -o $SNMP_RFC_SUPPORT = Yes]) +AM_CONDITIONAL([SNMP_CHECKER], [test $SNMP_CHECKER_SUPPORT = Yes]) +AM_CONDITIONAL([SNMP_RFC], [test $SNMP_RFCV2_SUPPORT = Yes -o $SNMP_RFCV3_SUPPORT = Yes]) +AM_CONDITIONAL([SNMP_RFCV2], [test $SNMP_RFCV2_SUPPORT = Yes]) +AM_CONDITIONAL([SNMP_RFCV3], [test $SNMP_RFCV3_SUPPORT = Yes]) +AM_CONDITIONAL([SNMP_REPLY_V3_FOR_V2], [test $SNMP_V3_FOR_V2 = Yes]) +AS_IF([test $SNMP_SUPPORT = Yes], [SNMP_SERVICE=snmpd.service], [SNMP_SERVICE=]) +AC_SUBST([SNMP_SERVICE]) + +dnl ----[ Check for Dbus support ]---- +DBUS_SUPPORT=No +DBUS_CREATE_INSTANCE=No +if test "$enable_dbus" = yes; then + AC_CHECK_LIB(gio-2.0, g_bus_own_name, + [ + add_pkg_config([gio-2.0]) + DBUS_SUPPORT=Yes + AC_DEFINE([_WITH_DBUS_], [ 1 ], [Define to 1 to have DBUS support]) + add_config_opt([DBUS]) + + dnl -- g_type_init() not needed and deprecated since glib 2.36 + SAV_CFLAGS=$CFLAGS + CFLAGS="$($PKG_CONFIG --cflags gio-2.0)" + SAV_LIBS=$LIBS + LIBS="$($PKG_CONFIG --libs gio-2.0)" + AC_RUN_IFELSE( + [ + AC_LANG_PROGRAM( + [[#include ]], + [[return !g_thread_functions_for_glib_use.mutex_lock;]])], + [need_g_type_init=0], + [need_g_type_init=1], + [ + AC_MSG_WARN([Cannot determine if need to call g_type_init(). Assuming yes for safety.]) + need_g_type_init=1 + ]) + if test $need_g_type_init -eq 1; then + AC_DEFINE([DBUS_NEED_G_TYPE_INIT], [ 1 ], [Define to 1 if need to call g_type_init()]) + fi + LIBS=$SAV_LIBS + CFLAGS=$SAV_CFLAGS + if test "$enable_dbus_create_instance" = yes; then + AC_DEFINE([_WITH_DBUS_CREATE_INSTANCE_], [ 1 ], [Define to 1 to have DBus create instance support]) + DBUS_CREATE_INSTANCE=Yes + add_config_opt([DBUS_CREATE_INSTANCE]) + AC_MSG_WARN([DBus create instance functionality is dangerous - why do you want it?]) + fi + ], + [AC_MSG_ERROR([DBUS support requested but libgio-2.0 not found.])]) + unset LIBS +fi +AM_CONDITIONAL([WITH_DBUS], [test $DBUS_SUPPORT = Yes]) +AM_CONDITIONAL([DBUS_CREATE_INSTANCE], [test $DBUS_CREATE_INSTANCE = Yes]) + +dnl ----[ SHA1 or not ? ]---- +SHA1_SUPPORT=No +if test "${enable_sha1}" = yes; then + AC_CHECK_HEADERS(openssl/sha.h,,AC_MSG_ERROR([unable to find openssl/sha.h])) + AC_CHECK_LIB(crypto, SHA1_Init,, + [ + dnl libcrypto can require -fpic + AS_UNSET([ac_cv_lib_crypto_SHA1_Init]) + SAV_CFLAGS=$CFLAGS + CFLAGS="$CFLAGS -fpic" + AC_CHECK_LIB(crypto, SHA1_Init,,AC_MSG_ERROR([SHA1 in OpenSSL required])) + CFLAGS=$SAV_CFLAGS + add_to_var([KA_CFLAGS],[-fpic]) + ]) + SHA1_SUPPORT=Yes + AC_DEFINE([_WITH_SHA1_], [ 1 ], [Define to 1 to have SHA1 support]) +fi +AM_CONDITIONAL([WITH_SHA1], [test $SHA1_SUPPORT = Yes]) +unset LIBS + +dnl ----[ check for SO_MARK support ]---- +dnl -- Since Linux 2.6.25 +SO_MARK_SUPPORT=No +if test "${enable_fwmark}" != no; then + AC_CHECK_DECLS([SO_MARK], + [ + SO_MARK_SUPPORT=Yes + AC_DEFINE([_WITH_SO_MARK_], [ 1 ], [Define to 1 if have SO_MARK]) + add_system_opt([SO_MARK]) + ], [], + [[#include ]]) +fi + +dnl ---[ check for setns() ]---- +dnl -- CLONE_NEWNET defined from Linux 3.0 +SAV_CFLAGS="$CFLAGS" +AC_CHECK_DECLS([CLONE_NEWNET], [], [], [[#include ]]) +dnl -- From glibc 2.14. Otherwise use setns syscall, since Linux 2.4.x +AC_CHECK_FUNCS([setns]) +dnl -- When building a RedHat RPM with hardening enabled, -pie is specified, +dnl -- and for setns this requires -fPIC +AS_IF([test $ac_cv_func_setns = no], + [ + AS_UNSET([ac_cv_func_setns]) + CFLAGS="$CFLAGS -fPIC" + AC_CHECK_FUNCS([setns]) + ]) +CFLAGS="$SAV_CFLAGS" +AM_CONDITIONAL([WITH_NAMESPACES], [test $ac_cv_have_decl_CLONE_NEWNET = yes]) + +dnl ----[ check for realtime scheduling support ]---- +dnl -- from Linux ?.?.? +AC_CHECK_DECLS([SCHED_RR], + [ + SCHED_RT_SUPPORT=Yes + AC_DEFINE([_HAVE_SCHED_RT_], [ 1 ], [Define to 1 if have SCHED_RR]) + add_system_opt([SCHED_RT]) + + dnl -- RLIMIT_RTTIME since Linux 2.6.25 - not supported wwith musl libc + AC_CHECK_DECLS([RLIMIT_RTTIME], [], [], [[#include ]]) + + dnl -- SCHED_RESET_ON_FORK since Linux 2.6.32 + AC_CHECK_DECLS([SCHED_RESET_ON_FORK], + [add_system_opt([SCHED_RESET_ON_FORK])], + [AC_DEFINE([SCHED_RESET_ON_FORK], [ 0 ], [Dummy definition if not defined in system headers])], + [[#include ]]) + ], + [ + SCHED_RT_SUPPORT=No + ], [[#include ]]) + +dnl -- Do we want GNU standard paths (moves .pid files) +GNU_STD_PATHS=No +if test "${enable_gnu_std_paths}" = "yes"; then + AC_DEFINE([GNU_STD_PATHS], [ 1 ], [set to enforce GNU standard paths, for .pid files etc]) + PID_DIR=$localstatedir +elif test $RUN_DIR_SPECIFIED = Y -a .${with_run_dir} != .no; then + PID_DIR=`echo ${with_run_dir} | sed -e "s:/run$::"` # Remove a trailing /run - somewill will include it sometime +elif test -d /run; then + PID_DIR= +else + PID_DIR=/var +fi +AC_DEFINE_UNQUOTED([PID_DIR_ROOT], [ "${PID_DIR}" ], [Parent directory of /run]) +AC_SUBST([PID_DIR]) + +dnl - Check type of rlim_t for printf() - this check needs to be late on +dnl - since _FILE_OFFSET_BITS (set when using netsnmp) alters sizeof(rlim_t) +SAV_CFLAGS="$CFLAGS" +CFLAGS="-Wformat -Werror=format $SAV_CPPFLAGS $KA_CPPFLAGS" +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #include + int + main(int argc, char **argv) + { + rlim_t val = 23U; + printf("%lu %d %p", val, argc, argv); + + return 0; + } + ]])], + [AC_DEFINE([PRI_rlim_t], ["lu"], [Define printf format specifier for rlim_t])], + [AC_DEFINE([PRI_rlim_t], ["llu"], [Define printf format specifier for rlim_t])], + ) +CFLAGS="$SAV_CFLAGS" + +dnl ---[ check for sphinx-build executable ]---- +if test -z "$SPHINXBUILD"; then + SPHINXBUILDNAME=sphinx-build +else + SPHINXBUILDNAME=${SPHINXBUILD} +fi +AC_SUBST(SPHINXBUILDNAME) +AC_CHECK_PROG([HAVE_SPHINX_BUILD], [$SPHINXBUILDNAME], [Yes], [No]) +AM_CONDITIONAL([BUILD_DOCS], [test $HAVE_SPHINX_BUILD = Yes]) + +dnl ----[ Memory alloc check or not ? ]---- +MEM_CHECK=No +MEM_CHECK_LOG=No +if test "${enable_mem_check}" = "yes"; then + MEM_CHECK=Yes + AC_DEFINE([_MEM_CHECK_], [ 1 ], [Define to 1 to build with malloc/free checks]) + add_config_opt([MEM_CHECK]) + if test "${enable_mem_check_log}" = "yes"; then + MEM_CHECK_LOG=Yes + AC_DEFINE([_MEM_CHECK_LOG_], [ 1 ], [Define to 1 to log malloc/free checks to syslog]) + add_config_opt([MEM_CHECK_LOG]) + fi +fi + +dnl ----[ Memory alloc check or not ? ]---- +TIMER_CHECK=No +if test "${enable_timer_check}" = "yes"; then + TIMER_CHECK=Yes + AC_DEFINE([_TIMER_CHECK_], [ 1 ], [Define to 1 to build with set time logging]) + add_config_opt([TIMER_CHECK]) +fi + +dnl ----[ Debug or not ? ]---- +if test "${enable_debug}" = yes; then + AC_DEFINE([_DEBUG_], [ 1 ], [Define to 1 to build with debugging support]) + ENABLE_DEBUG=Yes + add_config_opt([DEBUG]) +else + ENABLE_DEBUG=No +fi +AM_CONDITIONAL([DEBUG], [test $ENABLE_DEBUG = Yes]) + +dnl ----[ Netlink command timers or not ? ]---- +if test "${enable_netlink_timers}" = yes; then + AC_DEFINE([_NETLINK_TIMERS_], [ 1 ], [Define to 1 to build with netlink command timers support]) + ENABLE_NETLINK_TIMERS=Yes + add_config_opt([NETLINK_TIMERS]) +else + ENABLE_NETLINK_TIMERS=No +fi + +dnl ----[ smtp-alert debugging or not ? ]---- +if test "${enable_smtp_alert_debug}" = yes; then + AC_DEFINE([_SMTP_ALERT_DEBUG_], [ 1 ], [Define to 1 to build with smtp-alert debugging support]) + ENABLE_SMTP_ALERT_DEBUG=Yes + add_config_opt([SMTP_ALERT_DEBUG]) + ENABLE_LOG_FILE_APPEND=Yes +else + ENABLE_SMTP_ALERT_DEBUG=No +fi + +dnl ----[ Stacktrace support or not ? ]---- +if test "${enable_stacktrace}" = yes; then + AC_DEFINE([_WITH_STACKTRACE_], [ 1 ], [Define to 1 to build with stacktrace support]) + ENABLE_STACKTRACE=Yes + add_config_opt([STACKTRACE]) + add_to_var([KA_LDFLAGS], [-rdynamic]) +else + ENABLE_STACKTRACE=No +fi + +dnl ----[ Thread dumping support or not ? ]---- +if test "${enable_dump_threads}" = yes; then + AC_DEFINE([_WITH_DUMP_THREADS_], [ 1 ], [Define to 1 to build with thread dumping support]) + ENABLE_DUMP_THREADS=Yes + add_config_opt([DUMP_THREADS]) +else + ENABLE_DUMP_THREADS=No +fi + +dnl ----[ epoll() debugging support or not ? ]---- +if test "${enable_epoll_debug}" = yes; then + AC_DEFINE([_EPOLL_DEBUG_], [ 1 ], [Define to 1 to build with epoll_wait() debugging support]) + ENABLE_EPOLL_DEBUG=Yes + add_config_opt([EPOLL_DEBUG]) +else + ENABLE_EPOLL_DEBUG=No +fi + +dnl ----[ epoll() thread dumping support or not ? ]---- +if test "${enable_epoll_thread_dump}" = yes; then + AC_DEFINE([_EPOLL_THREAD_DUMP_], [ 1 ], [Define to 1 to build with epoll thread dumping support]) + ENABLE_EPOLL_THREAD_DUMP=Yes + add_config_opt([EPOLL_THREAD_DUMP]) +else + ENABLE_EPOLL_THREAD_DUMP=No +fi + +if test $ENABLE_EPOLL_THREAD_DUMP = Yes -o $ENABLE_DUMP_THREADS = Yes -o $ENABLE_EPOLL_DEBUG = Yes; then + AC_DEFINE([THREAD_DUMP], [ 1 ], [Define to 1 to build with thread dumping support]) +fi + +dnl ----[ TSM debugging support or not ? ]---- +if test "${enable_tsm_debug}" = yes; then + AC_DEFINE([_TSM_DEBUG_], [ 1 ], [Define to 1 to build with TSM debugging support]) + ENABLE_TSM_DEBUG=Yes + add_config_opt([TSM_DEBUG]) +else + ENABLE_TSM_DEBUG=No +fi + +dnl ----[ VRRP FD debugging support or not ? ]---- +if test "${enable_vrrp_fd_debug}" = yes; then + AC_DEFINE([_VRRP_FD_DEBUG_], [ 1 ], [Define to 1 to build with vrrp fd debugging support]) + ENABLE_VRRP_FD_DEBUG=Yes + add_config_opt([VRRP_FD_DEBUG]) +else + ENABLE_VRRP_FD_DEBUG=No +fi + +dnl ----[ network timestamp support or not ? ]---- +if test "${enable_network_timestamp}" = yes; then + AC_DEFINE([_NETWORK_TIMESTAMP_], [ 1 ], [Define to 1 to build with network timestamp support]) + ENABLE_NETWORK_TIMESTAMP=Yes + add_config_opt([NETWORK_TIMESTAMP]) +else + ENABLE_NETWORK_TIMESTAMP=No +fi + +dnl ----[ asserts enabled or not ? ]---- +if test "${enable_asserts}" = yes; then + AC_DEFINE([_ENABLE_ASSERT_], [ 1 ], [Define to 1 to enable asserts]) + ENABLE_ASSERT=Yes + add_config_opt([ASSERT]) +else + ENABLE_ASSERT=No +fi +AM_CONDITIONAL([ASSERTS], [test $ENABLE_ASSERT = Yes]) + +dnl ----[ Specify interface type to be unchangeable ]---- +if test "${with_fixed_if_type}"; then + if test "${with_fixed_if_type}" = yes -o ${with_fixed_if_type} = no; then + AC_MSG_ERROR([An interface type must be specified with --with-fixed-if-type]) + fi + AC_DEFINE_UNQUOTED([_FIXED_IF_TYPE_], [ "${with_fixed_if_type}" ], [Consider ${with_fixed_if_type} interfaces to be unchangeable]) + FIXED_IF_TYPE=${with_fixed_if_type} + add_config_opt([FIXED_IF_TYPE=${with_fixed_if_type}]) +else + FIXED_IF_TYPE= +fi + +dnl ----[ Profiling or not ? ]---- +WITH_PROFILING=No +if test "${enable_profile}" = yes; then + WITH_PROFILING=Yes + add_config_opt([PROFILING]) + add_to_var([KA_CFLAGS], [-pg]) +fi +AM_CONDITIONAL([PROFILE], [test $WITH_PROFILING = Yes]) + +dnl ----[ perf support or not? keepalived provides runtime options ]---- +if test "${enable_perf}" = yes; then + AC_DEFINE([_WITH_PERF_], [ 1 ], [Define to 1 to build with perf support]) + ENABLE_PERF=Yes + add_config_opt([PERF]) + add_to_var([KA_CFLAGS], [-pg]) +else + ENABLE_PERF=No +fi + +if test "${enable_log_file}" = yes; then + AC_DEFINE([ENABLE_LOG_TO_FILE], [ 1 ], [Define if enabling logging to files]) + ENABLE_LOG_FILE_APPEND=Yes + add_config_opt([FILE_LOGGING]) +fi + +if test ${ENABLE_LOG_FILE_APPEND} = Yes; then + AC_DEFINE([ENABLE_LOG_FILE_APPEND], [ 1 ], [Define if appending to log files is allowed]) + add_config_opt([LOG_FILE_APPEND]) +fi + +dnl ----[ Do we need to check for EINTR, or enable EINTR debugging code]---- +AS_IF([test .$enable_eintr_debug = .yes], + [ + AC_DEFINE([DEBUG_EINTR], [ 1 ], [Define to test for and log errno == EINTR when no asynchronous signal handlers]) + add_config_opt([EINTR_DEBUG]) + ], + [ + dnl --- We need to check for EINTR if we are not using signalfd + AS_IF([test .$ac_cv_func_signalfd != .yes -o .$enable_eintr_debug = .check], + [ + AC_DEFINE([CHECK_EINTR], [ 1 ], [Define if need to check for EINTR errno]) + AS_IF([test .$ac_cv_func_signalfd = .yes], [add_config_opt([EINTR_CHECK])]) + ]) + ]) + +dnl ----[ Do we want to enable track process debugging code]---- +AS_IF([test .$enable_track_process_debug = .yes], + [ + AC_DEFINE([_TRACK_PROCESS_DEBUG_], [ 1 ], [Define to enable logging all process connector events]) + add_config_opt([TRACK_PROCESS_DEBUG]) + ]) + +dnl ----[ Do we want to enable parser debugging code]---- +AS_IF([test .$enable_parser_debug = .yes], + [ + AC_DEFINE([_PARSER_DEBUG_], [ 1 ], [Define to enable parser debugging]) + add_config_opt([PARSER_DEBUG]) + ]) + +dnl ----[ Do we want to enable checksum debugging code]---- +AS_IF([test .$enable_checksum_debug = .yes], + [ + AC_DEFINE([CHECKSUM_DIAGNOSTICS], [ 1 ], [Define to enable checksum debugging]) + add_config_opt([CHECKSUM_DEBUG]) + ]) + +dnl ----[ Do we want to enable dump keywords code]---- +AS_IF([test .$enable_dump_keywords = .yes], + [ + AC_DEFINE([_DUMP_KEYWORDS_], [ 1 ], [Define to enable keyword dumping]) + add_config_opt([DUMP_KEYWORDS]) + ]) + +if test ${NEED_LIBDL} = Yes; then + add_to_var([KA_LIBS], [-ldl]) +fi + +dnl ----[ Determine if we are using pthreads ]---- +echo " $KA_LIBS" | grep -qE -- " -l?pthread " +if test $? -eq 0 ;then + AC_DEFINE([_WITH_PTHREADS_], [ 1 ], [Define to 1 if using pthreads]) +fi + +dnl ----[ Check if rpmbuild supports --build-in-place ]---- +RPM_NO_BIP=1 +AC_CHECK_PROG([HAVE_RPM], [rpm], [Yes], [No]) +if test $HAVE_RPM = Yes; then + AC_CHECK_PROG([HAVE_RPMBUILD], [rpmbuild], [Yes], [No]) + RPM_SRC_DIR=`rpm --eval "%{_sourcedir}"` + if ! test -d $RPM_SRC_DIR; then + HAVE_RPMBUILD=No + fi + if test $HAVE_RPMBUILD = Yes; then + rpmbuild --help | grep -q -- --build-in-place + RPM_NO_BIP=$? + fi +fi +AM_CONDITIONAL([RPM], [test $HAVE_RPM = Yes]) +AM_CONDITIONAL([RPM_BIP], [test $RPM_NO_BIP -eq 0]) + +dnl ----[ Determine system init type]---- +INIT_TYPE= +AS_IF( + [test -n "$init_type"], [INIT_TYPE=$init_type], + [test -n "$with_systemdsystemunitdir"], [INIT_TYPE=systemd], + [ + /sbin/init --version 2>/dev/null | grep -q upstart + AS_IF( + [test $? -eq 0], [INIT_TYPE=upstart], + [ + init_path=`which systemctl 2>/dev/null` + AS_IF([test \( $? -eq 0 -a -x "$init_path" \)], + [ + systemctl | grep -q -- "-\.mount" + AS_IF([test $? -eq 0], [INIT_TYPE=systemd]) + ]) + AS_IF([test \( -z "$INIT_TYPE" -a -f /etc/init.d/networking \)], + [ + init_path=`which openrc-run 2>/dev/null` + AS_IF([test \( $? -eq 0 -a -x "$init_path" \)], + [ + head -1 /etc/init.d/networking | grep -q "^#! */.*/openrc-run$" + AS_IF([test $? -eq 0], [INIT_TYPE=openrc]) + ]) + ]) + AS_IF([test \( -z "$INIT_TYPE" -a -f /etc/init.d/cron -a ! -h /etc/init.d/cron \)], [INIT_TYPE=SYSV]) + ]) + ]) +AS_IF([test \( .$INIT_TYPE = .systemd -a -z "$with_systemdsystemunitdir" \)], [with_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)]) + +dnl ----[Default keepalived configuration file]---- +AS_IF([test $default_config_file], + [ + AS_IF([test $default_config_file = yes -o $default_config_file = no], + [AC_MSG_ERROR([A filename must be specified for default-config-file])]) + CONFIG_FILE=$default_config_file + add_config_opt([DEFAULT_CONFIG_FILE=${default_config_file}]) + ], + [default_config_file="/etc/$PACKAGE/$PACKAGE.conf"]) +AC_DEFINE_UNQUOTED([DEFAULT_CONFIG_FILE], ["$default_config_file"], [The default configuration file]) +AC_SUBST([DEFAULT_CONFIG_FILE], [$default_config_file]) + +if test -z "$INIT_TYPE"; then + INIT_TYPE=undetected +elif test $INIT_TYPE = systemd; then + AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir]) +fi + +AM_CONDITIONAL([INIT_UPSTART], [test $INIT_TYPE = upstart]) +AM_CONDITIONAL([INIT_SYSTEMD], [test $INIT_TYPE = systemd]) +AM_CONDITIONAL([INIT_SYSV], [test $INIT_TYPE = SYSV]) +AM_CONDITIONAL([INIT_OPENRC], [test $INIT_TYPE = openrc]) +AM_CONDITIONAL([INIT_SUSE], [test $INIT_TYPE = SUSE]) + +AC_DEFINE_UNQUOTED([CONFIGURATION_OPTIONS], ["$CONFIG_OPTIONS"], [The configuration options from which the package is built]) +AC_DEFINE_UNQUOTED([SYSTEM_OPTIONS], ["$SYSTEM_OPTIONS"], [The system options from which the package is built]) + +if test $NETLINK_VER -eq 0; then + NETLINK_VER=None +fi + +dnl ----[ Process output target ]---- +echo + +# Tidy up some strings +KA_CPPFLAGS=`echo $KA_CPPFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_CFLAGS=`echo $KA_CFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LDFLAGS=`echo $KA_LDFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LIBS=`echo $KA_LIBS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` + +# Tidy up some strings +KA_CPPFLAGS=`echo $KA_CPPFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_CFLAGS=`echo $KA_CFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LDFLAGS=`echo $KA_LDFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LIBS=`echo $KA_LIBS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` + +AC_OUTPUT + +# Restore lib/config_warnings.h.in +mv ${CONFIG_WARNINGS}.sav ${CONFIG_WARNINGS} + +dnl ----[ Display current configuration ]---- +cat < - -dnl ----[ Process this file with autoconf to produce a configure script ]---- -AC_INIT(keepalived/core/main.c) -VERSION=`cat VERSION` -VERSION_DATE=`date +%m/%d,20%y` -OUTPUT_TARGET="Makefile genhash/Makefile keepalived/core/Makefile lib/config.h keepalived.spec" - -dnl ----[ Checks for programs ]---- -AC_PROG_CC -AC_PROG_INSTALL -AC_CHECK_TOOL(STRIP,strip) - -dnl ----[ Keepalived specific configure options ]---- -AC_ARG_ENABLE(lvs-syncd, - [ --disable-lvs-syncd do not use LVS synchronization daemon]) -AC_ARG_ENABLE(lvs, - [ --disable-lvs do not use the LVS framework]) -AC_ARG_ENABLE(vrrp, - [ --disable-vrrp do not use the VRRP framework]) -AC_ARG_WITH(kernel-dir, - [ --with-kernel-dir=DIR path to linux kernel source directory], - [kernelinc="$withval/include" kernelpath="$withval"], - [kernelinc="/usr/src/linux/include" kernelpath="/usr/src/linux"]) -AC_ARG_WITH(kernel-version, - [ --with-kernel-version=VER forced value for linux kernel version (VER=2.4|2.6)], - [kernelversion="$withval"], [kernelversion=""]) -AC_ARG_ENABLE(fwmark, - [ --disable-fwmark compile without SO_MARK support]) -AC_ARG_ENABLE(snmp, - [ --enable-snmp compile with SNMP support]) -AC_ARG_ENABLE(sha1, - [ --enable-sha1 compile with SHA1 support]) -AC_ARG_ENABLE(debug, - [ --enable-debug compile with debugging flags]) -AC_ARG_ENABLE(profile, - [ --enable-profile compile with profiling flags]) - -dnl ----[ Checks for header files ]---- -AC_HEADER_STDC -AC_HEADER_SYS_WAIT -AC_CHECK_HEADERS(fcntl.h syslog.h unistd.h sys/ioctl.h sys/time.h) -dnl [do we really need this ?] AC_CHECK_HEADERS(linux/netlink.h linux/rtnetlink.h) -AC_CHECK_HEADERS(openssl/ssl.h openssl/md5.h openssl/err.h,,AC_MSG_ERROR([ - !!! OpenSSL is not properly installed on your system. !!! - !!! Can not include OpenSSL headers files. !!!])) -AC_CHECK_DECL([ETHERTYPE_IPV6],[],[CFLAGS="$CFLAGS -DETHERTYPE_IPV6=0x86dd"], - [[@%:@include ]]) - -dnl ----[ Checks for libraries ]---- -AC_CHECK_LIB(crypt, crypt,,AC_MSG_ERROR([crypt() function is required])) -AC_CHECK_LIB(crypto, MD5_Init,,AC_MSG_ERROR([OpenSSL libraries are required])) -AC_CHECK_LIB(ssl, SSL_CTX_new,,AC_MSG_ERROR([OpenSSL libraries are required])) - -AC_CHECK_LIB(nl-3, nl_socket_alloc, - [ - AC_CHECK_LIB(nl-genl-3, genl_connect, - [ - USE_NL="LIBIPVS_USE_NL" - CFLAGS="$CFLAGS $(pkg-config --cflags libnl-genl-3.0)" - LIBS="$LIBS $(pkg-config --libs libnl-genl-3.0)" - ], - [ - AC_MSG_ERROR([libnl-3 is installed but not libnl-gen-3. Please, install libnl-gen-3.]) - ]) - ], - [ - AC_CHECK_LIB(nl, nl_socket_modify_cb, - [ - USE_NL="LIBIPVS_USE_NL" - CFLAGS="$CFLAGS -DFALLBACK_LIBNL1" - LIBS="$LIBS $(pkg-config --libs libnl-1)" - ], - [ - USE_NL="LIBIPVS_DONTUSE_NL" - AC_MSG_WARN([keepalived will be built without libnl support.]) - ]) - ]) - -dnl ----[ Kernel version check ]---- -CPPFLAGS="$CPPFLAGS -I$kernelinc" -AC_MSG_CHECKING([for kernel version]) -AC_TRY_RUN([ - #include - #include - #include - #if !defined(UTS_RELEASE) && !defined(LINUX_VERSION_CODE) - #include - #endif - int main (void) { - FILE *fp = fopen ("linuxinfo", "w"); - if (!fp) return 1; - #if defined(UTS_RELEASE) - fprintf (fp, "%s\n", UTS_RELEASE); - #elif defined(LINUX_VERSION_CODE) - fprintf (fp, "%d.%d.%d\n", LINUX_VERSION_CODE >> 16, (LINUX_VERSION_CODE >> 8) & 0xFF, LINUX_VERSION_CODE & 0xFF); - #else - fprintf (fp, "0.0.0\n"); /* Let's fail gently */ - #endif - fclose (fp); - return 0; - } - ], [ - LINUX_MAJOR=`cat linuxinfo | cut -d'.' -f1` - LINUX_MINOR=`cat linuxinfo | cut -d'.' -f2` - LINUX_PATCH=`cat linuxinfo | cut -d'.' -f3` - ], [ - LINUX_MAJOR="0" - LINUX_MINOR="0" - LINUX_PATCH="0" - ], [ - LINUX_MAJOR="0" - LINUX_MINOR="0" - LINUX_PATCH="0" - ]) - rm -f linuxinfo - - if test "$kernelversion" = "2.4"; then - KERN="_KRNL_2_4_" - AC_MSG_RESULT([2.4]) - elif test "$kernelversion" = "2.6"; then - KERN="_KRNL_2_6_" - AC_MSG_RESULT([2.6]) - else - AC_MSG_RESULT([$LINUX_MAJOR.$LINUX_MINOR.$LINUX_PATCH]) - if test "$LINUX_MAJOR" = "2" && test "$LINUX_MINOR" = "6"; then - KERN="_KRNL_2_6_" - elif test "$LINUX_MAJOR" = "2" && test "$LINUX_MINOR" = "4"; then - KERN="_KRNL_2_4_" - else - KERN="_KRNL_2_6_" - fi - if test "$LINUX_MAJOR" = "0" -a "$LINUX_MINOR" = "0" -a "$LINUX_PATCH" = "0"; then - AC_MSG_WARN([Cannot determine Linux Kernel version.]) - fi - fi - -AC_SUBST(KERN) - -dnl ----[ Checks for LVS and VRRP support ]---- -IPVS_SUPPORT="_WITHOUT_LVS_" -if test "$enable_lvs" != "no"; then - if test "$KERN" = "_KRNL_2_6_"; then - IPVS_SUPPORT="_WITH_LVS_" - else - AC_CHECK_HEADER([net/ip_vs.h], - [IPVS_SUPPORT="_WITH_LVS_"], - [ - IPVS_SUPPORT="_WITHOUT_LVS_" - AC_MSG_WARN([keepalived will be built without LVS support.]) - ]) - fi -fi - -if test "$IPVS_SUPPORT" = "_WITHOUT_LVS_" -a "$enable_vrrp" = "no"; then - AC_MSG_ERROR([keepalived MUST be compiled at least with LVS or VRRP framework]) -fi - -dnl ----[ IPVS syncd support probe ]--- -IPVS_SYNCD="_WITHOUT_IPVS_SYNCD_" -if test "$IPVS_SUPPORT" = "_WITH_LVS_"; then - AC_MSG_CHECKING([for IPVS syncd support]) - if test "$KERN" = "_KRNL_2_6_"; then - IPVS_SYNCD="_HAVE_IPVS_SYNCD_" - elif test "_KRNL_2_4_"; then - IPVS_SYNCD="_HAVE_IPVS_SYNCD_" - else - IPVS_SYNCD="_WITHOUT_IPVS_SYNCD_" - fi - - if test "${IPVS_SUPPORT}" = "_WITHOUT_LVS_" -o "$enable_lvs_syncd" = "no"; then - IPVS_SYNCD="_WITHOUT_IPVS_SYNCD_" - fi - - if test "$IPVS_SYNCD" = "_HAVE_IPVS_SYNCD_"; then - AC_MSG_RESULT([yes]) - else - AC_MSG_RESULT([no]) - fi -fi - -AC_SUBST(IPVS_SYNCD) - -dnl ----[ Checks for kernel netlink support ]---- -VRRP_SUPPORT="_WITHOUT_VRRP_" -if test "$enable_vrrp" != "no"; then - VRRP_SUPPORT="_WITH_VRRP_" -fi - -dnl ----[ Checks for kernel VMAC support ]---- -CPPFLAGS="$CPPFLAGS -I$kernelinc" -AC_MSG_CHECKING([for kernel macvlan support]) -AC_TRY_COMPILE([ - #include - #include - int macvlan; - ], [ - macvlan = IFLA_MACVLAN_MODE; - macvlan = MACVLAN_MODE_PRIVATE; - ], [ - MACVLAN_SUPPORT=yes - ], []); - - if test "$MACVLAN_SUPPORT" = "yes"; then - VRRP_VMAC="_HAVE_VRRP_VMAC_" - AC_MSG_RESULT([yes]) - else - VRRP_VMAC="_WITHOUT_VRRP_VMAC_" - AC_MSG_RESULT([no]) - fi - -AC_SUBST(VRRP_VMAC) - -dnl ----[ Checks for SNMP support ]---- -SNMP_SUPPORT="_WITHOUT_SNMP_" -if test "$enable_snmp" = "yes"; then - AC_PATH_TOOL([NETSNMP_CONFIG], [net-snmp-config], [no]) - if test x"$NETSNMP_CONFIG" = x"no"; then - AC_MSG_ERROR([unable to find net-snmp-config]) - fi - NETSNMP_LIBS=`${NETSNMP_CONFIG} --agent-libs` - #NETSNMP_CFLAGS="`${NETSNMP_CONFIG} --base-cflags`" - #CFLAGS="${NETSNMP_CFLAGS} $CFLAGS" - LIBS="${NETSNMP_LIBS} $LIBS" - AC_MSG_CHECKING([whether C compiler supports flag "${NETSNMP_LIBS}" from Net-SNMP]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([ -int main(void); -], -[ -{ - return 0; -} -])],[AC_MSG_RESULT(yes)],[ - AC_MSG_RESULT(no) - AC_MSG_ERROR([incorrect CFLAGS from net-snmp-config])]) - - # Do we have a usable header? - AC_CHECK_HEADERS([net-snmp/agent/util_funcs.h],,,[ -@%:@include -@%:@include -@%:@include -@%:@include -@%:@include - ]) - SNMP_SUPPORT="_WITH_SNMP_" -fi - -AC_SUBST(SNMP_SUPPORT) - -dnl ----[ SHA1 or not ? ]---- -SHA1_SUPPORT="_WITHOUT_SHA1_" -if test "${enable_sha1}" = "yes"; then - CFLAGS="$CFLAGS -DFEAT_SHA1" - AC_CHECK_HEADERS(openssl/sha.h,,AC_MSG_ERROR([unable to find openssl/sha.h])) - AC_CHECK_LIB(crypto, SHA1_Init,,AC_MSG_ERROR([SHA1 in OpenSSL required])) - SHA1_SUPPORT="_WITH_SHA1_" -fi - -AC_SUBST(SHA1_SUPPORT) - -dnl ----[ check for SO_MARK support ]---- -if test "${enable_fwmark}" = "no"; then - SO_MARK_SUPPORT="_WITHOUT_SO_MARK_" -else - AC_CHECK_DECL(SO_MARK,,AC_MSG_ERROR([No SO_MARK declaration in headers]), - #include - ) - SO_MARK_SUPPORT="_WITH_SO_MARK_" -fi - -AC_SUBST(SO_MARK_SUPPORT) - - -dnl ----[ Debug or not ? ]---- -if test "${enable_debug}" = "yes"; then - DFLAGS="-D_DEBUG_" - AC_SUBST(DFLAGS) -fi - -dnl ----[ Profiling or not ? ]---- -if test "${enable_profile}" = "yes"; then - CFLAGS="$CFLAGS -pg" -fi - -AC_SUBST(VERSION) -AC_SUBST(VERSION_DATE) -AC_SUBST(IPVS_SUPPORT) -AC_SUBST(USE_NL) -AC_SUBST(VRRP_SUPPORT) - -dnl ----[ Checks for typedefs, structures, and compiler characteristics ]---- -AC_C_CONST -AC_TYPE_PID_T -AC_HEADER_TIME - -dnl ----[ Checks for library functions ]---- -AC_PROG_GCC_TRADITIONAL -AC_FUNC_MEMCMP -AC_TYPE_SIGNAL -AC_CHECK_FUNCS(gettimeofday select socket strerror strtol uname) - -dnl ----[ Process output target ]---- -OUTPUT_TARGET="$OUTPUT_TARGET keepalived/Makefile lib/Makefile" -if test "${VRRP_SUPPORT}" = "_WITH_VRRP_"; then - OUTPUT_TARGET="$OUTPUT_TARGET keepalived/vrrp/Makefile" -fi -if test "$IPVS_SUPPORT" = "_WITH_LVS_"; then - OUTPUT_TARGET="$OUTPUT_TARGET keepalived/check/Makefile" - if test "$KERN" = "_KRNL_2_6_"; then - OUTPUT_TARGET="$OUTPUT_TARGET keepalived/libipvs-2.6/Makefile" - elif test "$KERN" = "_KRNL_2_4_"; then - OUTPUT_TARGET="$OUTPUT_TARGET keepalived/libipvs-2.4/Makefile" - fi -fi -AC_OUTPUT($OUTPUT_TARGET) - - -dnl ----[ Display current configuration ]---- -cat <= 4.3." + ::= { lvsSyncDaemon 5 } + +lvsSyncDaemonPort OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "LVS sync daemon UDP port, 0 means default setting. + Only available on Linux >= 4.3." + ::= { lvsSyncDaemon 6 } + +lvsSyncDaemonTTL OBJECT-TYPE + SYNTAX Integer32 (0..255) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "LVS sync daemon packet TTL, 0 means default setting. + Only available on Linux >= 4.3." + ::= { lvsSyncDaemon 7 } + +lvsSyncDaemonMcastGroupAddrType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "LVS sync daemon multicast group address type. + Only available on Linux >= 4.3." + ::= { lvsSyncDaemon 8 } + +lvsSyncDaemonMcastGroupAddrValue OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "LVS sync daemon multicast group IP address. + Only available on Linux >= 4.3." + ::= { lvsSyncDaemon 9 } + +lvsTimeouts OBJECT IDENTIFIER ::= { check 7 } + +lvsTimeoutTcp OBJECT-TYPE + SYNTAX Integer32 (1..2678400) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "LVS TCP timeout" + ::= { lvsTimeouts 1 } + +lvsTimeoutTcpFin OBJECT-TYPE + SYNTAX Integer32 (1..2678400) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "LVS TCP FIN timeout" + ::= { lvsTimeouts 2 } + +lvsTimeoutUdp OBJECT-TYPE + SYNTAX Integer32 (1..2678400) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "LVS UDP timeout" + ::= { lvsTimeouts 3 } + +-- Traps + +checkTrap OBJECT IDENTIFIER ::= { check 5 } +checkTraps OBJECT IDENTIFIER ::= { checkTrap 0 } -- Reverse-mappable +checkTrapControl OBJECT IDENTIFIER ::= { checkTrap 1 } + +realServerStateChange NOTIFICATION-TYPE + OBJECTS { + realServerAddrType, + realServerAddress, + realServerPort, + realServerStatus, + virtualServerType, + virtualServerProtocol, + virtualServerRealServersUp, + virtualServerRealServersTotal, + routerId + } + STATUS current + DESCRIPTION + "This trap signifies that the state of a real server has + changed. Additional varbinds will be added depending on the + value of virtualServerType: virtualServerNameOfGroup, + virtualServerFwMark, virtualServerAddrType, + virtualServerAddress, virtualServerPort." + ::= { checkTraps 1 } + +virtualServerQuorumStateChange NOTIFICATION-TYPE + OBJECTS { + virtualServerType, + virtualServerProtocol, + virtualServerQuorumStatus, + virtualServerQuorum, + virtualServerRealServersUp, + virtualServerRealServersTotal, + routerId + } + STATUS current + DESCRIPTION + "This trap signifies that the quorum of a virtual server has + changed. Additional varbinds will be added depending on the + value of virtualServerType: virtualServerNameOfGroup, + virtualServerFwMark, virtualServerAddrType, + virtualServerAddress, virtualServerPort." + ::= { checkTraps 2 } + +-- ---------------------------------------------------------------------- +-- Conformance +-- ---------------------------------------------------------------------- + +compliances OBJECT IDENTIFIER ::= { conformance 1 } +groups OBJECT IDENTIFIER ::= { conformance 2 } + +globalCompliances MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "Compliance statement for global data" + MODULE -- this module + MANDATORY-GROUPS { + globalGroup + } + ::= { compliances 1 } + +vrrpCompliances MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The VRRP compliance statement" + MODULE -- this module + MANDATORY-GROUPS { + vrrpScriptGroup, + vrrpSyncGroup, + vrrpInstanceGroup, + vrrpTrapsGroup, + vrrpFileGroup, + vrrpBfdGroup, + vrrpProcessGroup + } + ::= { compliances 2 } + +checkCompliances MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The check compliance statement" + MODULE -- this module + MANDATORY-GROUPS { + virtualServerGroupGroup, + virtualServerGroup, + realServerGroup, + checkTrapsGroup, + lvsSyncDaemonGroup, + lvsTimeoutsGroup + } + ::= { compliances 3 } + +vrrpLvsSyncGroupCompliances MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The compliance statement for LVS sync group associated + with a VRRP instance. This is deprecated in favour of + lvsSyncDaemonGroup." + MODULE -- this module + MANDATORY-GROUPS { + vrrpLvsSyncGroup + } + ::= { compliances 4 } + +globalGroup OBJECT-GROUP + OBJECTS { + version, + routerId, + smtpServerAddressType, + smtpServerAddress, + smtpServerTimeout, + emailFrom, + emailAddress, + smtpServerPort, + smtpEmailFaults, + smtpEmailSmtpAlert, + smtpEmailSmtpAlertVrrp, + smtpEmailSmtpAlertChecker, + trapEnable, + linkBeat, + lvsFlush, + ipvs64BitStats, + netNamespace, + dbus, + dynamicInterfaces, + lvsFlushOnStop + } + STATUS current + DESCRIPTION + "Conformance group for global data." + ::= { groups 1 } + +vrrpGroups OBJECT IDENTIFIER ::= { groups 2 } + +vrrpSyncGroup OBJECT-GROUP + OBJECTS { + vrrpSyncGroupName, + vrrpSyncGroupState, + vrrpSyncGroupSmtpAlert, + vrrpSyncGroupNotifyExec, + vrrpSyncGroupScriptMaster, + vrrpSyncGroupScriptBackup, + vrrpSyncGroupScriptFault, + vrrpSyncGroupScript, + vrrpSyncGroupTrackingWeight, + vrrpSyncGroupScriptStop, + vrrpSyncGroupMemberName, + vrrpSyncTrackedInterfaceName, + vrrpSyncTrackedInterfaceWeight, + vrrpSyncTrackedInterfaceWgtRev, + vrrpSyncTrackedScriptName, + vrrpSyncTrackedScriptWeight, + vrrpSyncTrackedScriptWgtRev, + vrrpSyncTrackedFileName, + vrrpSyncTrackedFileWeight, + vrrpSyncTrackedFileWgtRev, + vrrpSyncTrackedBfdName, + vrrpSyncTrackedBfdWeight, + vrrpSyncTrackedBfdWgtRev, + vrrpSyncTrackedProcessName, + vrrpSyncTrackedProcessWeight, + vrrpSyncTrackedProcessWgtRev + } + STATUS current + DESCRIPTION + "Conformance group for synchronisation groups." + ::= { vrrpGroups 1 } + +vrrpInstanceGroup OBJECT-GROUP + OBJECTS { + vrrpInstanceName, + vrrpInstanceVirtualRouterId, + vrrpInstanceState, + vrrpInstanceInitialState, + vrrpInstanceWantedState, + vrrpInstanceBasePriority, + vrrpInstanceEffectivePriority, + vrrpInstanceVipsStatus, + vrrpInstancePrimaryInterface, + vrrpInstanceTrackPrimaryIf, + vrrpInstanceAdvertisementsInt, + vrrpInstancePreempt, + vrrpInstancePreemptDelay, + vrrpInstanceAuthType, + vrrpInstanceSyncGroup, + vrrpInstanceGarpDelay, + vrrpInstanceSmtpAlert, + vrrpInstanceNotifyExec, + vrrpInstanceScriptMaster, + vrrpInstanceScriptBackup, + vrrpInstanceScriptFault, + vrrpInstanceScriptStop, + vrrpInstanceScript, + vrrpInstanceAccept, + vrrpInstancePromoteSecondaries, + vrrpInstanceUseLinkbeat, + vrrpInstanceVrrpVersion, + vrrpInstanceScriptMstrRxLowerPri, + vrrpTrackedInterfaceName, + vrrpTrackedInterfaceWeight, + vrrpTrackedInterfaceWgtRev, + vrrpTrackedScriptName, + vrrpTrackedScriptWeight, + vrrpTrackedScriptWgtRev, + vrrpTrackedFileName, + vrrpTrackedFileWeight, + vrrpTrackedFileWgtRev, + vrrpTrackedBfdName, + vrrpTrackedBfdWeight, + vrrpTrackedBfdWgtRev, + vrrpTrackedProcessName, + vrrpTrackedProcessWeight, + vrrpTrackedProcessWgtRev, + vrrpAddressType, + vrrpAddressValue, + vrrpAddressBroadcast, + vrrpAddressMask, + vrrpAddressScope, + vrrpAddressIfIndex, + vrrpAddressIfName, + vrrpAddressIfAlias, + vrrpAddressStatus, + vrrpAddressAdvertising, + vrrpAddressPeer, + vrrpRouteAddressType, + vrrpRouteDestination, + vrrpRouteDestinationMask, + vrrpRouteGateway, + vrrpRouteSecondaryGateway, + vrrpRouteSource, + vrrpRouteMetric, + vrrpRouteScope, + vrrpRouteType, + vrrpRouteIfIndex, + vrrpRouteIfName, + vrrpRouteRoutingTable, + vrrpRouteStatus, + vrrpRouteFromAddress, + vrrpRouteFromAddressMask, + vrrpRouteTos, + vrrpRouteProtocol, + vrrpRouteECN, + vrrpRouteQuickAck, + vrrpRouteExpires, + vrrpRouteMTU, + vrrpRouteMTULock, + vrrpRouteHopLimit, + vrrpRouteAdvmss, + vrrpRouteAdvmssLock, + vrrpRouteRTT, + vrrpRouteRTTLock, + vrrpRouteRTTvar, + vrrpRouteRTTvarLock, + vrrpRouteReordering, + vrrpRouteReorderingLock, + vrrpRouteWindow, + vrrpRouteCwnd, + vrrpRouteCwndLock, + vrrpRouteSSthresh, + vrrpRouteSSthreshLock, + vrrpRouteRTOMin, + vrrpRouteRTOMinLock, + vrrpRouteInitCwnd, + vrrpRouteInitRwnd, + vrrpRouteCongCtl, + vrrpRoutePref, + vrrpRouteRealmDst, + vrrpRouteRealmSrc, + vrrpRouteEncapType, + vrrpRouteEncapMplsLabels, + vrrpRouteEncapId, + vrrpRouteEncapDstAddress, + vrrpRouteEncapSrcAddress, + vrrpRouteEncapTOS, + vrrpRouteEncapTTL, + vrrpRouteEncapFlags, + vrrpRouteEncapIlaLocator, + vrrpRouteFastOpenNoCookie, + vrrpRouteNextHopAddressType, + vrrpRouteNextHopAddress, + vrrpRouteNextHopIfIndex, + vrrpRouteNextHopIfName, + vrrpRouteNextHopWeight, + vrrpRouteNextHopOnlink, + vrrpRouteNextHopRealmDst, + vrrpRouteNextHopRealmSrc, + vrrpRouteNextHopEncapMplsLabels, + vrrpRouteNextHopEncapId, + vrrpRouteNextHopEncapDstAddress, + vrrpRouteNextHopEncapSrcAddress, + vrrpRouteNextHopEncapTOS, + vrrpRouteNextHopEncapTTL, + vrrpRouteNextHopEncapFlags, + vrrpRouteNextHopEncapIlaLocator, + vrrpRuleRoutingTable, + vrrpRuleStatus, + vrrpRuleInvert, + vrrpRuleDestinationAddressType, + vrrpRuleDestinationAddress, + vrrpRuleDestinationAddressMask, + vrrpRuleSourceAddressType, + vrrpRuleSourceAddress, + vrrpRuleSourceAddressMask, + vrrpRuleTos, + vrrpRuleFwmark, + vrrpRuleFwmask, + vrrpRuleRealmDst, + vrrpRuleRealmSrc, + vrrpRuleInInterface, + vrrpRuleOutInterface, + vrrpRuleTarget, + vrrpRuleAction, + vrrpRuleTableNo, + vrrpRulePreference, + vrrpRuleSuppressPrefixLen, + vrrpRuleSuppressGroup, + vrrpRuleTunnelIdHigh, + vrrpRuleTunnelIdLow, + vrrpRuleUidRangeStart, + vrrpRuleUidRangeEnd, + vrrpRuleL3mdev, + vrrpRuleProtocol, + vrrpRuleIPProto, + vrrpRuleSrcPortStart, + vrrpRuleSrcPortEnd, + vrrpRuleDstPortStart, + vrrpRuleDstPortEnd + } + STATUS current + DESCRIPTION + "Conformance group for VRRP instances." + ::= { vrrpGroups 2 } + +vrrpScriptGroup OBJECT-GROUP + OBJECTS { + vrrpScriptName, + vrrpScriptCommand, + vrrpScriptInterval, + vrrpScriptWeight, + vrrpScriptResult, + vrrpScriptRise, + vrrpScriptFall, + vrrpScriptWgtRev + } + STATUS current + DESCRIPTION + "Conformance group for VRRP scripts." + ::= { vrrpGroups 3 } + +vrrpTrapsGroup NOTIFICATION-GROUP + NOTIFICATIONS { + vrrpSyncGroupStateChange, + vrrpInstanceStateChange + } + STATUS current + DESCRIPTION + "Conformance group for VRRP traps." + ::= { vrrpGroups 4 } + +vrrpLvsSyncGroup OBJECT-GROUP + OBJECTS { + vrrpInstanceLvsSyncDaemon, + vrrpInstanceLvsSyncInterface + } + STATUS deprecated + DESCRIPTION + "The deprecated LVS sync daemon configuration + objects associated with a VRRP instance." + ::= { vrrpGroups 5 } + +vrrpObsoleteInstanceGroup OBJECT-GROUP + OBJECTS { + vrrpRuleDirection, + vrrpRuleAddressType, + vrrpRuleAddress, + vrrpRuleAddressMask } + STATUS obsolete + DESCRIPTION + "Obsolete group for VRRP instances." + ::= { vrrpGroups 6 } + +vrrpFileGroup OBJECT-GROUP + OBJECTS { + vrrpFileName, + vrrpFilePath, + vrrpFileResult, + vrrpFileWeight, + vrrpFileWgtRev + } + STATUS current + DESCRIPTION + "Conformance group for VRRP track files." + ::= { vrrpGroups 7 } + +vrrpBfdGroup OBJECT-GROUP + OBJECTS { + vrrpBfdName, + vrrpBfdResult, + vrrpBfdWeight, + vrrpBfdWgtRev + } + STATUS current + DESCRIPTION + "Conformance group for VRRP track BFDs." + ::= { vrrpGroups 8 } + +vrrpProcessGroup OBJECT-GROUP + OBJECTS { + vrrpProcessName, + vrrpProcessPath, + vrrpProcessParams, + vrrpProcessParamMatch, + vrrpProcessWeight, + vrrpProcessWgtRev, + vrrpProcessQuorum, + vrrpProcessQuorumMax, + vrrpProcessForkDelay, + vrrpProcessTerminateDelay, + vrrpProcessFullCommand, + vrrpProcessCurProc, + vrrpProcessResult + } + STATUS current + DESCRIPTION + "Conformance group for VRRP track processes." + ::= { vrrpGroups 9 } + +checkGroups OBJECT IDENTIFIER ::= { groups 3 } + +virtualServerGroupGroup OBJECT-GROUP + OBJECTS { + virtualServerGroupName, + virtualServerGroupMemberType, + virtualServerGroupMemberFwMark, + virtualServerGroupMemberAddrType, + virtualServerGroupMemberAddress, + virtualServerGroupMemberAddr1, + virtualServerGroupMemberAddr2, + virtualServerGroupMemberPort + } + STATUS current + DESCRIPTION + "Conformance group for virtual server groups." + ::= { checkGroups 1 } + +virtualServerGroup OBJECT-GROUP + OBJECTS { + virtualServerType, + virtualServerNameOfGroup, + virtualServerFwMark, + virtualServerAddrType, + virtualServerAddress, + virtualServerPort, + virtualServerProtocol, + virtualServerLoadBalancingAlgo, + virtualServerLoadBalancingKind, + virtualServerStatus, + virtualServerVirtualHost, + virtualServerPersist, + virtualServerPersistTimeout, + virtualServerPersistGranularity, + virtualServerDelayLoop, + virtualServerHaSuspend, + virtualServerAlpha, + virtualServerOmega, + virtualServerRealServersTotal, + virtualServerRealServersUp, + virtualServerQuorum, + virtualServerQuorumStatus, + virtualServerQuorumUp, + virtualServerQuorumDown, + virtualServerHysteresis, + virtualServerStatsConns, + virtualServerStatsInPkts, + virtualServerStatsOutPkts, + virtualServerStatsInBytes, + virtualServerStatsOutBytes, + virtualServerRateCps, + virtualServerRateInPPS, + virtualServerRateOutPPS, + virtualServerRateInBPS, + virtualServerRateOutBPS, + virtualServerOPS, + virtualServerStatsConns64, + virtualServerStatsInPkts64, + virtualServerStatsOutPkts64, + virtualServerRateCpsLow, + virtualServerRateCpsHigh, + virtualServerRateInPPSLow, + virtualServerRateInPPSHigh, + virtualServerRateOutPPSLow, + virtualServerRateOutPPSHigh, + virtualServerRateInBPSLow, + virtualServerRateInBPSHigh, + virtualServerRateOutBPSLow, + virtualServerRateOutBPSHigh, + virtualServerPersistGranularity6, + virtualServerHashed, + virtualServerSHFallback, + virtualServerSHPort, + virtualServerSched3, + virtualServerActionWhenDown, + virtualServerRetry, + virtualServerDelayBeforeRetry, + virtualServerWarmup, + virtualServerWeight, + virtualServerSmtpAlert, + virtualServerMHFallback, + virtualServerMHPort, + virtualServerDelayLoopUsec, + virtualServerDelayBeforeRetrUsec, + virtualServerWarmupUsec, + virtualServerConnTimeoutUsec, + virtualServerTunnelType, + virtualServerTunnelPort, + virtualServerTunnelCsum + } + STATUS current + DESCRIPTION + "Conformance group for virtual servers." + ::= { checkGroups 2 } + +realServerGroup OBJECT-GROUP + OBJECTS { + realServerType, + realServerAddrType, + realServerAddress, + realServerPort, + realServerStatus, + realServerWeight, + realServerUpperConnectionLimit, + realServerLowerConnectionLimit, + realServerActionWhenDown, + realServerNotifyUp, + realServerNotifyDown, + realServerFailedChecks, + realServerStatsConns, + realServerStatsActiveConns, + realServerStatsInactiveConns, + realServerStatsPersistentConns, + realServerStatsInPkts, + realServerStatsOutPkts, + realServerStatsInBytes, + realServerStatsOutBytes, + realServerRateCps, + realServerRateInPPS, + realServerRateOutPPS, + realServerRateInBPS, + realServerRateOutBPS, + realServerStatsConns64, + realServerStatsInPkts64, + realServerStatsOutPkts64, + realServerRateCpsLow, + realServerRateCpsHigh, + realServerRateInPPSLow, + realServerRateInPPSHigh, + realServerRateOutPPSLow, + realServerRateOutPPSHigh, + realServerRateInBPSLow, + realServerRateInBPSHigh, + realServerRateOutBPSLow, + realServerRateOutBPSHigh, + realServerForwardingMethod, + realServerVirtualHost, + realServerAlpha, + realServerRetry, + realServerDelayBeforeRetry, + realServerWarmup, + realServerDelayLoop, + realServerSmtpAlert, + realServerDelayBeforeRetryUsec, + realServerWarmupUsec, + realServerDelayLoopUsec, + realServerConnTimeoutUsec, + realServerTunnelType, + realServerTunnelPort, + realServerTunnelCsum + } + STATUS current + DESCRIPTION + "Conformance group for real servers." + ::= { checkGroups 3 } + +checkTrapsGroup NOTIFICATION-GROUP + NOTIFICATIONS { + realServerStateChange, + virtualServerQuorumStateChange + } + STATUS current + DESCRIPTION + "Conformance group for check traps." + ::= { checkGroups 4 } + +lvsSyncDaemonGroup OBJECT-GROUP + OBJECTS { + lvsSyncDaemonEnabled, + lvsSyncDaemonInterface, + lvsSyncDaemonVrrpInstance, + lvsSyncDaemonSyncId, + lvsSyncDaemonMaxLen, + lvsSyncDaemonPort, + lvsSyncDaemonTTL, + lvsSyncDaemonMcastGroupAddrType, + lvsSyncDaemonMcastGroupAddrValue + } + STATUS current + DESCRIPTION + "Conformance group for LVS sync daemon." + ::= { checkGroups 5 } + +lvsTimeoutsGroup OBJECT-GROUP + OBJECTS { + lvsTimeoutTcp, + lvsTimeoutTcpFin, + lvsTimeoutUdp + } + STATUS current + DESCRIPTION + "Conformance group for LVS timeouts." + ::= { checkGroups 6 } + +END diff --git a/tools/keepalived/doc/Makefile.am b/tools/keepalived/doc/Makefile.am new file mode 100644 index 000000000..7a888375e --- /dev/null +++ b/tools/keepalived/doc/Makefile.am @@ -0,0 +1,220 @@ +# Makefile.am +# +# Keepalived OpenSource project. + +SUBDIRS = man/man8 + +if BUILD_GENHASH +dist_man1_MANS = man/man1/genhash.1 +endif +dist_man5_MANS = man/man5/keepalived.conf.5 + +EXTRA_DIST = source samples keepalived.conf.SYNOPSIS NOTE_vrrp_vmac.txt KEEPALIVED-MIB.txt VRRP-MIB.txt VRRPv3-MIB.txt + +sampledir = $(sysconfdir)/@PACKAGE@/samples +sample_DATA = $(srcdir)/samples/* + +mibsdir = $(datarootdir)/snmp/mibs +mibs_DATA = +if SNMP_KEEPALIVED +mibs_DATA += KEEPALIVED-MIB.txt +endif +if SNMP_RFCV2 +mibs_DATA += VRRP-MIB.txt +endif +if SNMP_RFCV3 +mibs_DATA += VRRPv3-MIB.txt +endif + +dist-hook: + rm -rf `find $(distdir)/doc -type d -name ".git*"` + +if !BUILD_DOCS + +.PHONY: all help + +all: + @true + +help: + @echo "To build the documentation, make sure you have Sphinx installed, then" + @echo "run configure with the SPHINXBUILD environment variable pointing to" + @echo "the path of the 'sphinx-build' executable. Alternatively you can add" + @echo "the directory with the executable to your PATH. If you don't have" + @echo "Sphinx installed, either try installing package python-sphinx or" + @echo "equivalent, or grab it from http://sphinx-doc.org/." +endif + +if BUILD_DOCS + +# You can set these variables from the command line. +SPHINXOPTS = +SPHINXBUILD = @SPHINXBUILDNAME@ +PAPER = a4 +BUILDDIR = build + + +# Internal variables. +PAPEROPT = -D latex_paper_size=$(PAPER) +ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT) $(SPHINXOPTS) source +# the i18n builder cannot share the environment and doctrees with the others +I18NSPHINXOPTS = $(PAPEROPT) $(SPHINXOPTS) source + +.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext + +default: man + +help: + @echo "Please use \`make ' where is one of" + @echo " html to make standalone HTML files" + @echo " singlehtml to make a single large HTML file" + @echo " pickle to make pickle files" + @echo " json to make JSON files" + @echo " htmlhelp to make HTML files and a HTML help project" + @echo " qthelp to make HTML files and a qthelp project" + @echo " devhelp to make HTML files and a Devhelp project" + @echo " epub to make an epub" + @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" + @echo " latexpdf to make LaTeX files and run them through pdflatex" + @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" + @echo " text to make text files" + @echo " man to make manual pages" + @echo " texinfo to make Texinfo files" + @echo " info to make Texinfo files and run them through makeinfo" + @echo " gettext to make PO message catalogs" + @echo " changes to make an overview of all changed/added/deprecated items" + @echo " xml to make Docutils-native XML files" + @echo " pseudoxml to make pseudoxml-XML files for display purposes" + @echo " linkcheck to check all external links for integrity" + @echo " doctest to run all doctests embedded in the documentation (if enabled)" + +clean: + rm -rf $(BUILDDIR) + +html: + $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." + +dirhtml: + $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." + +singlehtml: + $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml + @echo + @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." + +pickle: + $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle + @echo + @echo "Build finished; now you can process the pickle files." + +json: + $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json + @echo + @echo "Build finished; now you can process the JSON files." + +htmlhelp: + $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp + @echo + @echo "Build finished; now you can run HTML Help Workshop with the" \ + ".hhp project file in $(BUILDDIR)/htmlhelp." + +qthelp: + $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp + @echo + @echo "Build finished; now you can run "qcollectiongenerator" with the" \ + ".qhcp project file in $(BUILDDIR)/qthelp, like this:" + @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/Keepalived.qhcp" + @echo "To view the help file:" + @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/Keepalived.qhc" + +devhelp: + $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp + @echo + @echo "Build finished." + @echo "To view the help file:" + @echo "# mkdir -p $$HOME/.local/share/devhelp/Keepalived" + @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/Keepalived" + @echo "# devhelp" + +epub: + $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub + @echo + @echo "Build finished. The epub file is in $(BUILDDIR)/epub." + +latex: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo + @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." + @echo "Run \`make' in that directory to run these through (pdf)latex" \ + "(use \`make latexpdf' here to do that automatically)." + +latexpdf: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through pdflatex..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +latexpdfja: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through platex and dvipdfmx..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +text: + $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text + @echo + @echo "Build finished. The text files are in $(BUILDDIR)/text." + +man: + $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man + @echo + @echo "Build finished. The manual pages are in $(BUILDDIR)/man." + +texinfo: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo + @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." + @echo "Run \`make' in that directory to run these through makeinfo" \ + "(use \`make info' here to do that automatically)." + +info: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo "Running Texinfo files through makeinfo..." + make -C $(BUILDDIR)/texinfo info + @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." + +gettext: + $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale + @echo + @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." + +changes: + $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes + @echo + @echo "The overview file is in $(BUILDDIR)/changes." + +linkcheck: + $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck + @echo + @echo "Link check complete; look for any errors in the above output " \ + "or in $(BUILDDIR)/linkcheck/output.txt." + +doctest: + $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest + @echo "Testing of doctests in the sources finished, look at the " \ + "results in $(BUILDDIR)/doctest/output.txt." + +xml: + $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml + @echo + @echo "Build finished. The XML files are in $(BUILDDIR)/xml." + +pseudoxml: + $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml + @echo + @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." +endif diff --git a/tools/keepalived/doc/NOTE_vrrp_vmac.txt b/tools/keepalived/doc/NOTE_vrrp_vmac.txt index 35a5fe8ba..52e29fda4 100644 --- a/tools/keepalived/doc/NOTE_vrrp_vmac.txt +++ b/tools/keepalived/doc/NOTE_vrrp_vmac.txt @@ -4,6 +4,8 @@ Alexandre Cassen July 11th 2012 + latest update + April 20th 2019 To reduce takeover impact, some networking environment would require using VRRP with VMAC address. To reach that goal Keepalived VRRP framework implements @@ -15,7 +17,7 @@ driver to defines thoses interfaces. It is then mandatory to use kernel compiled with macvlan support. In addition we can mention that VRRP VMAC will work only with kernel including -the following patch : +the following patch (include in Linux from v3.2): http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=729e72a10930ef765c11a5a35031ba47f18221c4 @@ -27,30 +29,26 @@ Alternatively, you can specify 'vmac_xmit_base' which will cause the VRRP messages to be transmitted and received on the underlying interface whilst ARP will happen from the the VMAC interface. -You may also need to tweak your physical interfaces to play around with well -known ARP issues. If you have issues, try the following configurations : +keepalived now sets the necessary interface configuration options, but if the +settings in net.ipv4.conf.all are non-standard, then these may override the +specific settings for the interface. Source file keepalived/vrrp/vrrp_if_config.c +documents what interface parameters are set for both the VMAC interface and its +parent interface. Kernel source file doc/Documentation/networking/ip-sysctl.txt +documents how the conf.all settings can override the specific settings for +individual interfaces. If using MACVLAN interfaces is not working as you expect, +check the interface settings, include the conf.all settings and compare it with +the documentation. -1) Global configuration +VMAC interface - net.ipv4.conf.all.arp_ignore = 1 - net.ipv4.conf.all.arp_announce = 1 - net.ipv4.conf.all.arp_filter = 0 - -2) Physical interface configuration - -For the physical ethernet interface running VRRP instance use: - -net.ipv4.conf.eth0.arp_filter = 1 - -3) VMAC interface - -consider the following VRRP configuration : +consider the following VRRP configuration : vrrp_instance instance1 { state BACKUP interface eth0 virtual_router_id 250 use_vmac + vmac_xmit_base # Transmit VRRP adverts over physical interface priority 150 advert_int 1 virtual_ipaddress { @@ -63,11 +61,9 @@ named 'vrrp.250' (default internal paradigm is vrrp.{virtual_router_id}, you can override this naming by giving an argument to 'use_vmac' keyword, eg: use_vmac vrrp250). -you then need to configure interface with : -net.ipv4.conf.vrrp.250.arp_filter = 0 -net.ipv4.conf.vrrp.250.accept_local = 1 (this is needed for the address owner case) - -you can create notify_master script to automate this configuration step for you : +If you need to change interface configuration settings, you can create notify_master +script to automate this configuration step for you. You may also need to use a +notify_backup script to set interface settings to apply before becoming master. vrrp_instance instance1 { state BACKUP diff --git a/tools/keepalived/doc/README.sphinx b/tools/keepalived/doc/README.sphinx new file mode 100644 index 000000000..05ca42320 --- /dev/null +++ b/tools/keepalived/doc/README.sphinx @@ -0,0 +1,11 @@ +# To build the documentation with sphinx, the following packages were required +# to be installed on Fedora 24: + +dnf install python-sphinx \ # this which will pull in python-sphinx_rtd_theme + texlive-cm texlive-ec texlive-times texlive-helvetic texlive-courier \ + texlive-cmap texlive-fancyhdr texlive-fancybox texlive-titlesec texlive-framed texlive-threeparttable texlive-babel-english \ + texlive-mdwtools texlive-wrapfig texlive-parskip texlive-upquote texlive-capt-of texlive-multirow texlive-eqparbox texlive-dvips + +On Fedora 25, the following are also required: + texlive-mfware-bin texlive-gsftopk-bin + diff --git a/tools/keepalived/doc/VRRP-MIB.txt b/tools/keepalived/doc/VRRP-MIB.txt new file mode 100644 index 000000000..81a2f74ec --- /dev/null +++ b/tools/keepalived/doc/VRRP-MIB.txt @@ -0,0 +1,792 @@ +VRRP-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + NOTIFICATION-TYPE, Counter32, + Integer32, IpAddress, mib-2 FROM SNMPv2-SMI + + TEXTUAL-CONVENTION, RowStatus, + MacAddress, TruthValue, TimeStamp FROM SNMPv2-TC + + MODULE-COMPLIANCE, OBJECT-GROUP, + NOTIFICATION-GROUP FROM SNMPv2-CONF + ifIndex FROM IF-MIB; + + + vrrpMIB MODULE-IDENTITY + LAST-UPDATED "200003030000Z" + ORGANIZATION "IETF VRRP Working Group" + CONTACT-INFO + "Brian R. Jewell + Postal: Copper Mountain Networks, Inc. + 2470 Embarcadero Way + Palo Alto, California 94303 + Tel: +1 650 687 3367 + E-Mail: bjewell@coppermountain.com" + + DESCRIPTION + "This MIB describes objects used for managing Virtual Router + Redundancy Protocol (VRRP) routers." + REVISION "200003030000Z" -- 03 Mar 2000 + DESCRIPTION "Initial version as published in RFC 2787." + ::= { mib-2 68 } + +-- ******************************************************************* +-- Textual Conventions +-- ******************************************************************* + + VrId ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "A number which, along with an interface index (ifIndex), + serves to uniquely identify a virtual router on a given VRRP + router. A set of one or more associated addresses is assigned + to a VRID." + SYNTAX Integer32 (1..255) + +-- ******************************************************************* +-- VRRP MIB Groups +-- ******************************************************************* + + vrrpOperations OBJECT IDENTIFIER ::= { vrrpMIB 1 } + vrrpStatistics OBJECT IDENTIFIER ::= { vrrpMIB 2 } + vrrpConformance OBJECT IDENTIFIER ::= { vrrpMIB 3 } + + +-- ******************************************************************* +-- Start of MIB objects +-- ******************************************************************* + + vrrpNodeVersion OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This value identifies the particular version of the VRRP + supported by this node." + ::= { vrrpOperations 1 } + + vrrpNotificationCntl OBJECT-TYPE + SYNTAX INTEGER { + enabled (1), + disabled (2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Indicates whether the VRRP-enabled router will generate + SNMP traps for events defined in this MIB. 'Enabled' + results in SNMP traps; 'disabled', no traps are sent." + DEFVAL { enabled } + ::= { vrrpOperations 2 } + +-- ******************************************************************* +-- VRRP Operations Table +-- ******************************************************************* + + vrrpOperTable OBJECT-TYPE + SYNTAX SEQUENCE OF VrrpOperEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Operations table for a VRRP router which consists of a + sequence (i.e., one or more conceptual rows) of + 'vrrpOperEntry' items." + ::= { vrrpOperations 3 } + + vrrpOperEntry OBJECT-TYPE + SYNTAX VrrpOperEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the vrrpOperTable containing the operational + characteristics of a virtual router. On a VRRP router, + a given virtual router is identified by a combination + of the IF index and VRID. + + Rows in the table cannot be modified unless the value + of `vrrpOperAdminState' is `disabled' and the + `vrrpOperState' has transitioned to `initialize'." + + INDEX { ifIndex, vrrpOperVrId } + ::= { vrrpOperTable 1 } + + VrrpOperEntry ::= + SEQUENCE { + vrrpOperVrId + VrId, + vrrpOperVirtualMacAddr + MacAddress, + vrrpOperState + INTEGER, + vrrpOperAdminState + INTEGER, + vrrpOperPriority + Integer32, + vrrpOperIpAddrCount + Integer32, + vrrpOperMasterIpAddr + IpAddress, + vrrpOperPrimaryIpAddr + IpAddress, + vrrpOperAuthType + INTEGER, + vrrpOperAuthKey + OCTET STRING, + vrrpOperAdvertisementInterval + Integer32, + vrrpOperPreemptMode + TruthValue, + vrrpOperVirtualRouterUpTime + TimeStamp, + vrrpOperProtocol + INTEGER, + vrrpOperRowStatus + RowStatus + } + + vrrpOperVrId OBJECT-TYPE + SYNTAX VrId + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This object contains the Virtual Router Identifier (VRID)." + ::= { vrrpOperEntry 1 } + + vrrpOperVirtualMacAddr OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The virtual MAC address of the virtual router. Although this + object can be derived from the 'vrrpOperVrId' object, it is + defined so that it is easily obtainable by a management + application and can be included in VRRP-related SNMP traps." + ::= { vrrpOperEntry 2 } + + vrrpOperState OBJECT-TYPE + SYNTAX INTEGER { + initialize(1), + backup(2), + master(3) + } + MAX-ACCESS read-only + STATUS current + + DESCRIPTION + "The current state of the virtual router. This object has + three defined values: + + - `initialize', which indicates that all the + virtual router is waiting for a startup event. + + - `backup', which indicates the virtual router is + monitoring the availability of the master router. + + - `master', which indicates that the virtual router + is forwarding packets for IP addresses that are + associated with this router. + + Setting the `vrrpOperAdminState' object (below) initiates + transitions in the value of this object." + ::= { vrrpOperEntry 3 } + + vrrpOperAdminState OBJECT-TYPE + SYNTAX INTEGER { + up(1), + down(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object will enable/disable the virtual router + function. Setting the value to `up', will transition + the state of the virtual router from `initialize' to `backup' + or `master', depending on the value of `vrrpOperPriority'. + Setting the value to `down', will transition the + router from `master' or `backup' to `initialize'. State + transitions may not be immediate; they sometimes depend on + other factors, such as the interface (IF) state. + + The `vrrpOperAdminState' object must be set to `down' prior + to modifying the other read-create objects in the conceptual + row. The value of the `vrrpOperRowStatus' object (below) + must be `active', signifying that the conceptual row + is valid (i.e., the objects are correctly set), + in order for this object to be set to `up'." + DEFVAL { down } + ::= { vrrpOperEntry 4 } + + vrrpOperPriority OBJECT-TYPE + SYNTAX Integer32 (0..255) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object specifies the priority to be used for the + virtual router master election process. Higher values imply + higher priority. + + A priority of '0', although not settable, is sent by + the master router to indicate that this router has ceased + to participate in VRRP and a backup virtual router should + transition to become a new master. + + A priority of 255 is used for the router that owns the + associated IP address(es)." + DEFVAL { 100 } + ::= { vrrpOperEntry 5 } + + vrrpOperIpAddrCount OBJECT-TYPE + SYNTAX Integer32 (0..255) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP addresses that are associated with this + virtual router. This number is equal to the number of rows + in the vrrpAssoIpAddrTable that correspond to a given IF + index/VRID pair." + ::= { vrrpOperEntry 6 } + + vrrpOperMasterIpAddr OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The master router's real (primary) IP address. This is + the IP address listed as the source in VRRP advertisement + last received by this virtual router." + ::= { vrrpOperEntry 7 } + + vrrpOperPrimaryIpAddr OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "In the case where there is more than one IP address for + a given `ifIndex', this object is used to specify the IP + address that will become the `vrrpOperMasterIpAddr', should + the virtual router transition from backup to master. If + this object is set to 0.0.0.0, the IP address which is + numerically lowest will be selected." + DEFVAL { '00000000'H } -- 0.0.0.0 + ::= { vrrpOperEntry 8 } + + vrrpOperAuthType OBJECT-TYPE + SYNTAX INTEGER { + noAuthentication(1), -- VRRP protocol exchanges are not + -- authenticated. + simpleTextPassword(2), -- Exchanges are authenticated by a + -- clear text password. + ipAuthenticationHeader(3) -- Exchanges are authenticated using + -- the IP authentication header. + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Authentication type used for VRRP protocol exchanges between + virtual routers. This value of this object is the same for a + given ifIndex. + + New enumerations to this list can only be added via a new + RFC on the standards track." + DEFVAL { noAuthentication } + ::= { vrrpOperEntry 9 } + + vrrpOperAuthKey OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (0..16)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The Authentication Key. This object is set according to + the value of the 'vrrpOperAuthType' object + ('simpleTextPassword' or 'ipAuthenticationHeader'). If the + length of the value is less than 16 octets, the agent will + left adjust and zero fill to 16 octets. The value of this + object is the same for a given ifIndex. + + When read, vrrpOperAuthKey always returns an Octet String + of length zero." + ::= { vrrpOperEntry 10 } + + vrrpOperAdvertisementInterval OBJECT-TYPE + SYNTAX Integer32 (1..255) + UNITS "seconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The time interval, in seconds, between sending + advertisement messages. Only the master router sends + VRRP advertisements." + DEFVAL { 1 } + ::= { vrrpOperEntry 11 } + + vrrpOperPreemptMode OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Controls whether a higher priority virtual router will + preempt a lower priority master." + DEFVAL { true } + ::= { vrrpOperEntry 12 } + + vrrpOperVirtualRouterUpTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This is the value of the `sysUpTime' object when this + virtual router (i.e., the `vrrpOperState') transitioned + out of `initialized'." + ::= { vrrpOperEntry 13 } + + vrrpOperProtocol OBJECT-TYPE + SYNTAX INTEGER { + ip (1), + bridge (2), + decnet (3), + other (4) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The particular protocol being controlled by this Virtual + Router. + + New enumerations to this list can only be added via a new + RFC on the standards track." + DEFVAL { ip } + ::= { vrrpOperEntry 14 } + + vrrpOperRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The row status variable, used in accordance to installation + and removal conventions for conceptual rows. The rowstatus of + a currently active row in the vrrpOperTable is constrained + by the operational state of the corresponding virtual router. + When `vrrpOperRowStatus' is set to active(1), no other + objects in the conceptual row, with the exception of + `vrrpOperAdminState', can be modified. Prior to setting the + `vrrpOperRowStatus' object from `active' to a different value, + the `vrrpOperAdminState' object must be set to `down' and the + `vrrpOperState' object be transitioned to `initialize'. + + To create a row in this table, a manager sets this object + to either createAndGo(4) or createAndWait(5). Until instances + of all corresponding columns are appropriately configured, + the value of the corresponding instance of the `vrrpOperRowStatus' + column will be read as notReady(3). + In particular, a newly created row cannot be made active(1) + until (minimally) the corresponding instance of + `vrrpOperVrId' has been set and there is at least one active + row in the `vrrpAssoIpAddrTable' defining an associated + IP address for the virtual router." + ::= { vrrpOperEntry 15 } + + +-- ******************************************************************* +-- VRRP Associated IP Address Table +-- ******************************************************************* + + vrrpAssoIpAddrTable OBJECT-TYPE + SYNTAX SEQUENCE OF VrrpAssoIpAddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table of addresses associated with this virtual router." + ::= { vrrpOperations 4 } + + vrrpAssoIpAddrEntry OBJECT-TYPE + SYNTAX VrrpAssoIpAddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the table contains an IP address that is + associated with a virtual router. The number of rows for + a given ifIndex and VrId will equal the number of IP + addresses associated (e.g., backed up) by the virtual + router (equivalent to 'vrrpOperIpAddrCount'). + + Rows in the table cannot be modified unless the value + of `vrrpOperAdminState' is `disabled' and the + `vrrpOperState' has transitioned to `initialize'." + + INDEX { ifIndex, vrrpOperVrId, vrrpAssoIpAddr } + ::= { vrrpAssoIpAddrTable 1 } + + VrrpAssoIpAddrEntry ::= + SEQUENCE { + vrrpAssoIpAddr + IpAddress, + vrrpAssoIpAddrRowStatus + RowStatus + } + + vrrpAssoIpAddr OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The assigned IP addresses that a virtual router is + responsible for backing up." + ::= { vrrpAssoIpAddrEntry 1 } + + vrrpAssoIpAddrRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The row status variable, used according to installation + and removal conventions for conceptual rows. Setting this + object to active(1) or createAndGo(4) results in the + addition of an associated address for a virtual router. + Destroying the entry or setting it to notInService(2) + removes the associated address from the virtual router. + The use of other values is implementation-dependent." + ::= { vrrpAssoIpAddrEntry 2 } + + +-- ******************************************************************* +-- VRRP Router Statistics +-- ******************************************************************* + + vrrpRouterChecksumErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received with an invalid + VRRP checksum value." + ::= { vrrpStatistics 1 } + + vrrpRouterVersionErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received with an unknown + or unsupported version number." + ::= { vrrpStatistics 2 } + + vrrpRouterVrIdErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received with an invalid + VRID for this virtual router." + ::= { vrrpStatistics 3 } + +-- ******************************************************************* +-- VRRP Router Statistics Table +-- ******************************************************************* + + vrrpRouterStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF VrrpRouterStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table of virtual router statistics." + ::= { vrrpStatistics 4 } + + vrrpRouterStatsEntry OBJECT-TYPE + SYNTAX VrrpRouterStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the table, containing statistics information + about a given virtual router." + AUGMENTS { vrrpOperEntry } + ::= { vrrpRouterStatsTable 1 } + + VrrpRouterStatsEntry ::= + SEQUENCE { + vrrpStatsBecomeMaster + Counter32, + vrrpStatsAdvertiseRcvd + Counter32, + vrrpStatsAdvertiseIntervalErrors + Counter32, + vrrpStatsAuthFailures + Counter32, + vrrpStatsIpTtlErrors + Counter32, + vrrpStatsPriorityZeroPktsRcvd + Counter32, + vrrpStatsPriorityZeroPktsSent + Counter32, + vrrpStatsInvalidTypePktsRcvd + Counter32, + vrrpStatsAddressListErrors + Counter32, + vrrpStatsInvalidAuthType + Counter32, + vrrpStatsAuthTypeMismatch + Counter32, + vrrpStatsPacketLengthErrors + Counter32 + } + + vrrpStatsBecomeMaster OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of times that this virtual router's state + has transitioned to MASTER." + ::= { vrrpRouterStatsEntry 1 } + + vrrpStatsAdvertiseRcvd OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP advertisements received by this + virtual router." + ::= { vrrpRouterStatsEntry 2 } + + vrrpStatsAdvertiseIntervalErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP advertisement packets received + for which the advertisement interval is different than the + one configured for the local virtual router." + ::= { vrrpRouterStatsEntry 3 } + + vrrpStatsAuthFailures OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received that do not pass + the authentication check." + ::= { vrrpRouterStatsEntry 4 } + + vrrpStatsIpTtlErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received by the virtual + router with IP TTL (Time-To-Live) not equal to 255." + ::= { vrrpRouterStatsEntry 5 } + + vrrpStatsPriorityZeroPktsRcvd OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received by the virtual + router with a priority of '0'." + ::= { vrrpRouterStatsEntry 6 } + + vrrpStatsPriorityZeroPktsSent OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets sent by the virtual router + with a priority of '0'." + ::= { vrrpRouterStatsEntry 7 } + + vrrpStatsInvalidTypePktsRcvd OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of VRRP packets received by the virtual router + with an invalid value in the 'type' field." + ::= { vrrpRouterStatsEntry 8 } + + vrrpStatsAddressListErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received for which the address + list does not match the locally configured list for the + virtual router." + ::= { vrrpRouterStatsEntry 9 } + + vrrpStatsInvalidAuthType OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received with an unknown + authentication type." + ::= { vrrpRouterStatsEntry 10 } + + vrrpStatsAuthTypeMismatch OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received with 'Auth Type' not + equal to the locally configured authentication method + (`vrrpOperAuthType')." + ::= { vrrpRouterStatsEntry 11 } + + vrrpStatsPacketLengthErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received with a packet length + less than the length of the VRRP header." + ::= { vrrpRouterStatsEntry 12 } + +-- ******************************************************************* +-- Trap Definitions +-- ******************************************************************* + + vrrpNotifications OBJECT IDENTIFIER ::= { vrrpMIB 0 } + + vrrpTrapPacketSrc OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "The IP address of an inbound VRRP packet. Used by + vrrpTrapAuthFailure trap." + ::= { vrrpOperations 5 } + + vrrpTrapAuthErrorType OBJECT-TYPE + SYNTAX INTEGER { + invalidAuthType (1), + authTypeMismatch (2), + authFailure (3) + } + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Potential types of configuration conflicts. + Used by vrrpAuthFailure trap." + ::= { vrrpOperations 6 } + + vrrpTrapNewMaster NOTIFICATION-TYPE + OBJECTS { vrrpOperMasterIpAddr + } + STATUS current + DESCRIPTION + "The newMaster trap indicates that the sending agent + has transitioned to 'Master' state." + ::= { vrrpNotifications 1 } + + vrrpTrapAuthFailure NOTIFICATION-TYPE + OBJECTS { vrrpTrapPacketSrc, + vrrpTrapAuthErrorType + } + STATUS current + DESCRIPTION + "A vrrpAuthFailure trap signifies that a packet has + been received from a router whose authentication key + or authentication type conflicts with this router's + authentication key or authentication type. Implementation + of this trap is optional." + ::= { vrrpNotifications 2 } + + +-- ******************************************************************* +-- Conformance Information +-- ******************************************************************* + + vrrpMIBCompliances OBJECT IDENTIFIER ::= { vrrpConformance 1 } + vrrpMIBGroups OBJECT IDENTIFIER ::= { vrrpConformance 2 } + +-- ................................................................... +-- Compliance Statements +-- ................................................................... + + vrrpMIBCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The core compliance statement for all VRRP implementations." + MODULE -- this module + MANDATORY-GROUPS { + vrrpOperGroup, + vrrpStatsGroup + } + OBJECT vrrpOperPriority + WRITE-SYNTAX Integer32 (1..255) + DESCRIPTION "SETable values are from 1 to 255." + ::= { vrrpMIBCompliances 1 } + +-- ................................................................... +-- Conformance Groups +-- ................................................................... + + vrrpOperGroup OBJECT-GROUP + OBJECTS { + vrrpNodeVersion, + vrrpNotificationCntl, + vrrpOperVirtualMacAddr, + vrrpOperState, + vrrpOperAdminState, + vrrpOperPriority, + vrrpOperIpAddrCount, + vrrpOperMasterIpAddr, + vrrpOperPrimaryIpAddr, + vrrpOperAuthType, + vrrpOperAuthKey, + vrrpOperAdvertisementInterval, + vrrpOperPreemptMode, + vrrpOperVirtualRouterUpTime, + vrrpOperProtocol, + vrrpOperRowStatus, + vrrpAssoIpAddrRowStatus + } + STATUS current + DESCRIPTION + "Conformance group for VRRP operations." + ::= { vrrpMIBGroups 1 } + + vrrpStatsGroup OBJECT-GROUP + OBJECTS { + vrrpRouterChecksumErrors, + vrrpRouterVersionErrors, + vrrpRouterVrIdErrors, + vrrpStatsBecomeMaster, + vrrpStatsAdvertiseRcvd, + vrrpStatsAdvertiseIntervalErrors, + vrrpStatsAuthFailures, + vrrpStatsIpTtlErrors, + vrrpStatsPriorityZeroPktsRcvd, + vrrpStatsPriorityZeroPktsSent, + vrrpStatsInvalidTypePktsRcvd, + vrrpStatsAddressListErrors, + vrrpStatsInvalidAuthType, + vrrpStatsAuthTypeMismatch, + vrrpStatsPacketLengthErrors + } + STATUS current + DESCRIPTION + "Conformance group for VRRP statistics." + ::= { vrrpMIBGroups 2 } + + vrrpTrapGroup OBJECT-GROUP + OBJECTS { + vrrpTrapPacketSrc, + vrrpTrapAuthErrorType + } + STATUS current + DESCRIPTION + "Conformance group for objects contained in VRRP notifications." + ::= { vrrpMIBGroups 3 } + + vrrpNotificationGroup NOTIFICATION-GROUP + NOTIFICATIONS { + vrrpTrapNewMaster, + vrrpTrapAuthFailure + } + STATUS current + DESCRIPTION + "The VRRP MIB Notification Group." + ::= { vrrpMIBGroups 4 } + +END diff --git a/tools/keepalived/doc/VRRPv3-MIB.txt b/tools/keepalived/doc/VRRPv3-MIB.txt new file mode 100644 index 000000000..5b935f822 --- /dev/null +++ b/tools/keepalived/doc/VRRPv3-MIB.txt @@ -0,0 +1,955 @@ +VRRPV3-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + NOTIFICATION-TYPE, Counter32, + Integer32, mib-2, Unsigned32, + Counter64, TimeTicks + FROM SNMPv2-SMI -- RFC2578 + + TEXTUAL-CONVENTION, RowStatus, + MacAddress, TruthValue, TimeStamp, + TimeInterval + FROM SNMPv2-TC -- RFC2579 + + MODULE-COMPLIANCE, OBJECT-GROUP, + NOTIFICATION-GROUP + FROM SNMPv2-CONF -- RFC2580 + + ifIndex + FROM IF-MIB -- RFC2863 + + InetAddressType, InetAddress + FROM INET-ADDRESS-MIB; -- RFC4001 + + vrrpv3MIB MODULE-IDENTITY + LAST-UPDATED "201708140000Z" -- Aug 14, 2017 + ORGANIZATION "IETF VRRP Working Group" + CONTACT-INFO + "WG E-Mail: vrrp@ietf.org + + Editor: Kalyan Tata + Nokia + 313 Fairchild Dr, + Mountain View, CA 94043 + Tata_kalyan@yahoo.com" + + DESCRIPTION + "This MIB describes objects used for managing Virtual + Router Redundancy Protocol version 3 (VRRPv3). + + Copyright (c) 2012 IETF Trust and the persons + identified as authors of the code. All rights + reserved. + + Redistribution and use in source and binary forms, + with or without modification, is permitted pursuant + to, and subject to the license terms contained in, + the Simplified BSD License set forth in Section + 4.c of the IETF Trust's Legal Provisions Relating + to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of the MIB module is part of RFC 6527. + Please see the RFC for full legal notices." + + REVISION "201708140000Z" -- Aug 14, 2017 + DESCRIPTION "Apply RFC 6527 errata id 4168 and 5086." + + REVISION "201202130000Z" -- Feb 13, 2012 + DESCRIPTION "Initial version as published in RFC 6527." + + ::= { mib-2 207 } + +-- Textual Conventions + + Vrrpv3VrIdTC ::= TEXTUAL-CONVENTION + DISPLAY-HINT "d" + STATUS current + DESCRIPTION + "The value of the Virtual Router Identifier noted as + (VRID) in RFC 5798. This, along with interface index + (ifIndex) and IP version, serves to uniquely identify + a virtual router on a given VRRP router." + REFERENCE "RFC 5798 (Sections 3 and 5.2.3)" + SYNTAX Integer32 (1..255) + +-- VRRPv3 MIB Groups + + vrrpv3Notifications OBJECT IDENTIFIER ::= { vrrpv3MIB 0 } + vrrpv3Objects OBJECT IDENTIFIER ::= { vrrpv3MIB 1 } + vrrpv3Conformance OBJECT IDENTIFIER ::= { vrrpv3MIB 2 } + +-- VRRPv3 MIB Objects + + vrrpv3Operations OBJECT IDENTIFIER ::= { vrrpv3Objects 1 } + vrrpv3Statistics OBJECT IDENTIFIER ::= { vrrpv3Objects 2 } + +-- VRRPv3 Operations Table + + vrrpv3OperationsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Vrrpv3OperationsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Unified Operations table for a VRRP router that + consists of a sequence (i.e., one or more conceptual + rows) of 'vrrpv3OperationsEntry' items each of which + describe the operational characteristics of a virtual + router." + + ::= { vrrpv3Operations 1 } + + vrrpv3OperationsEntry OBJECT-TYPE + SYNTAX Vrrpv3OperationsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the vrrpv3OperationsTable containing the + operational characteristics of a virtual router. + On a VRRP router, a given virtual router is + identified by a combination of ifIndex, VRID, and + the IP version. ifIndex represents an interface of + the router. + + A row must be created with vrrpv3OperationsStatus + set to initialize(1) and cannot transition to + backup(2) or master(3) until + vrrpv3OperationsRowStatus is transitioned to + active(1). + + The information in this table is persistent and when + written the entity SHOULD save the change to non- + volatile storage." + + INDEX { ifIndex, vrrpv3OperationsVrId, + vrrpv3OperationsInetAddrType + } + ::= { vrrpv3OperationsTable 1 } + + Vrrpv3OperationsEntry ::= + + SEQUENCE { + vrrpv3OperationsVrId + Vrrpv3VrIdTC, + vrrpv3OperationsInetAddrType + InetAddressType, + vrrpv3OperationsMasterIpAddr + InetAddress, + vrrpv3OperationsPrimaryIpAddr + InetAddress, + vrrpv3OperationsVirtualMacAddr + MacAddress, + vrrpv3OperationsStatus + INTEGER, + vrrpv3OperationsPriority + Unsigned32, + vrrpv3OperationsAddrCount + Integer32, + vrrpv3OperationsAdvInterval + TimeInterval, + vrrpv3OperationsPreemptMode + TruthValue, + vrrpv3OperationsAcceptMode + TruthValue, + vrrpv3OperationsUpTime + TimeTicks, + vrrpv3OperationsRowStatus + RowStatus + } + vrrpv3OperationsVrId OBJECT-TYPE + SYNTAX Vrrpv3VrIdTC + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This object contains the Virtual Router Identifier + (VRID)." + REFERENCE "RFC 4001" + ::= { vrrpv3OperationsEntry 1 } + + vrrpv3OperationsInetAddrType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IP address type of Vrrpv3OperationsEntry and + Vrrpv3AssociatedIpAddrEntry. This value determines + the type for vrrpv3OperationsMasterIpAddr, + vrrpv3OperationsPrimaryIpAddr, and + vrrpv3AssociatedIpAddrAddress. + + ipv4(1) and ipv6(2) are the only two values supported + in this MIB module." + REFERENCE "RFC 4001" + ::= { vrrpv3OperationsEntry 2 } + + vrrpv3OperationsMasterIpAddr OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The master router's real IP address. The master router + would set this address to vrrpv3OperationsPrimaryIpAddr + while transitioning to master state. For backup + routers, this is the IP address listed as the source in + the VRRP advertisement last received by this virtual + router." + REFERENCE "RFC 5798" + ::= { vrrpv3OperationsEntry 3 } + + vrrpv3OperationsPrimaryIpAddr OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "In the case where there is more than one IP + Address (associated IP addresses) for a given + 'ifIndex', this object is used to specify the IP + address that will become the + vrrpv3OperationsMasterIpAddr', should the virtual + router transition from backup state to master." + ::= { vrrpv3OperationsEntry 4 } + + vrrpv3OperationsVirtualMacAddr OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The virtual MAC address of the virtual router. + Although this object can be derived from the + 'vrrpv3OperationsVrId' object, it is defined so that it + is easily obtainable by a management application and + can be included in VRRP-related SNMP notifications." + ::= { vrrpv3OperationsEntry 5 } + + vrrpv3OperationsStatus OBJECT-TYPE + SYNTAX INTEGER { + initialize(1), + backup(2), + master(3) + } + MAX-ACCESS read-only + STATUS current + + DESCRIPTION + "The current state of the virtual router. This object + has three defined values: + + - 'initialize', which indicates that the + virtual router is waiting for a startup event. + + - 'backup', which indicates that the virtual router is + monitoring the availability of the master router. + + - 'master', which indicates that the virtual router + is forwarding packets for IP addresses that are + associated with this router." + REFERENCE "RFC 5798" + ::= { vrrpv3OperationsEntry 6 } + + vrrpv3OperationsPriority OBJECT-TYPE + SYNTAX Unsigned32 (0..255) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object specifies the priority to be used for the + virtual router master election process; higher values + imply higher priority. + + A priority of '0', although not settable, is sent by + the master router to indicate that this router has + ceased to participate in VRRP, and a backup virtual + router should transition to become a new master. + + A priority of 255 is used for the router that owns the + associated IP address(es) for VRRP over IPv4 and hence + is not settable. + + Setting the values of this object to 0 or 255 should be + rejected by the agents implementing this MIB module. + For example, an SNMP agent would return 'badValue(3)' + when a user tries to set the values 0 or 255 for this + object." + + REFERENCE "RFC 5798, Section 6.1" + DEFVAL { 100 } + ::= { vrrpv3OperationsEntry 7 } + + vrrpv3OperationsAddrCount OBJECT-TYPE + SYNTAX Integer32 (0..255) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP addresses that are associated with + this virtual router. This number is equal to the + number of rows in the vrrpv3AssociatedAddrTable that + correspond to a given ifIndex/VRID/IP version." + REFERENCE "RFC 5798, Section 6.1" + ::= { vrrpv3OperationsEntry 8 } + + vrrpv3OperationsAdvInterval OBJECT-TYPE + SYNTAX TimeInterval (1..4095) + UNITS "centiseconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The time interval, in centiseconds, between sending + advertisement messages. Only the master router sends + VRRP advertisements." + REFERENCE "RFC 5798, Section 6.1" + DEFVAL { 100} + ::= { vrrpv3OperationsEntry 9 } + + vrrpv3OperationsPreemptMode OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Controls whether a higher priority virtual router will + preempt a lower priority master." + REFERENCE "RFC 5798, Section 6.1" + DEFVAL { true } + ::= { vrrpv3OperationsEntry 10 } + + vrrpv3OperationsAcceptMode OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Controls whether a virtual router in master state + will accept packets addressed to the address owner's + address as its own if it is not the address + owner. Default is false(2)." + DEFVAL { false } + ::= { vrrpv3OperationsEntry 11 } + + vrrpv3OperationsUpTime OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This value represents the amount of time, in + TimeTicks (hundredth of a second), since this virtual + router (i.e., the 'vrrpv3OperationsStatus') + transitioned out of 'initialize'." + REFERENCE "RFC 5798, Section 6.1" + ::= { vrrpv3OperationsEntry 12 } + + vrrpv3OperationsRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The RowStatus variable should be used in accordance to + installation and removal conventions for conceptual + rows. + + To create a row in this table, a manager sets this + object to either createAndGo(4) or createAndWait(5). + Until instances of all corresponding columns are + appropriately configured, the value of the + corresponding instance of the + 'vrrpv3OperationsRowStatus' column will be read as + notReady(3). + In particular, a newly created row cannot be made + active(1) until (minimally) the corresponding instance + of vrrpv3OperationsInetAddrType, vrrpv3OperationsVrId, + and vrrpv3OperationsPrimaryIpAddr has been set, and + there is at least one active row in the + 'vrrpv3AssociatedIpAddrTable' defining an associated + IP address. + + notInService(2) should be used to administratively + bring the row down. + + A typical order of operation to add a row is: + 1. Create a row in vrrpv3OperationsTable with + createAndWait(5). + 2. Create one or more corresponding rows in + vrrpv3AssociatedIpAddrTable. + 3. Populate the vrrpv3OperationsEntry. + 4. Set vrrpv3OperationsRowStatus to active(1). + + A typical order of operation to delete an entry is: + 1. Set vrrpv3OperationsRowStatus to notInService(2). + 2. Set the corresponding rows in + vrrpv3AssociatedIpAddrTable to destroy(6) to delete + the entry. + 3. Set vrrpv3OperationsRowStatus to destroy(6) to + delete the entry." + ::= { vrrpv3OperationsEntry 13 } + +-- VRRP Associated Address Table + + vrrpv3AssociatedIpAddrTable OBJECT-TYPE + SYNTAX SEQUENCE OF Vrrpv3AssociatedIpAddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table of addresses associated with each virtual + router." + ::= { vrrpv3Operations 2 } + + vrrpv3AssociatedIpAddrEntry OBJECT-TYPE + SYNTAX Vrrpv3AssociatedIpAddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the table contains an IP address that is + associated with a virtual router. The number of rows + for a given IP version, VrID, and ifIndex will equal + the number of IP addresses associated (e.g., backed up) + by the virtual router (equivalent to + 'vrrpv3OperationsIpAddrCount'). + + Rows in the table cannot be modified unless the value + of 'vrrpv3OperationsStatus' for the corresponding entry + in the vrrpv3OperationsTable has transitioned to + initialize(1). + + The information in this table is persistent and when + written the entity SHOULD save the change to non- + volatile storage." + + INDEX { ifIndex, vrrpv3OperationsVrId, + vrrpv3OperationsInetAddrType, + vrrpv3AssociatedIpAddrAddress } + + ::= { vrrpv3AssociatedIpAddrTable 1 } + + Vrrpv3AssociatedIpAddrEntry ::= + SEQUENCE { + vrrpv3AssociatedIpAddrAddress + + InetAddress, + vrrpv3AssociatedIpAddrRowStatus + RowStatus + } + + vrrpv3AssociatedIpAddrAddress OBJECT-TYPE + SYNTAX InetAddress (SIZE (0|4|16)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The assigned IP addresses that a virtual router is + responsible for backing up. + + The IP address type is determined by the value of + vrrpv3OperationsInetAddrType in the index of this + row." + REFERENCE "RFC 5798" + ::= { vrrpv3AssociatedIpAddrEntry 1 } + + vrrpv3AssociatedIpAddrRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The row status variable, used according to + installation and removal conventions for conceptual + rows. To create a row in this table, a manager sets + this object to either createAndGo(4) or + createAndWait(5). Setting this object to active(1) + results in the addition of an associated address for a + virtual router. Setting this object to notInService(2) + results in administratively bringing down the row. + + Destroying the entry or setting it to destroy(6) + removes the associated address from the virtual router. + The use of other values is implementation-dependent. + + Implementations should not allow deletion of the last + row corresponding to an active row in + vrrpv3OperationsTable. + + Refer to the description of vrrpv3OperationsRowStatus + for typical row creation and deletion scenarios." + ::= { vrrpv3AssociatedIpAddrEntry 2 } + +-- VRRP Router Statistics + + vrrpv3RouterChecksumErrors OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received with an + invalid VRRP checksum value. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3GlobalStatisticsDiscontinuityTime." + + REFERENCE "RFC 5798, Section 5.2.8" + ::= { vrrpv3Statistics 1 } + + vrrpv3RouterVersionErrors OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received with an + unknown or unsupported version number. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3GlobalStatisticsDiscontinuityTime." + + REFERENCE "RFC 5798, Section 5.2.1" + ::= { vrrpv3Statistics 2 } + + vrrpv3RouterVrIdErrors OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received with a + VRID that is not valid for any virtual router on this + router. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3GlobalStatisticsDiscontinuityTime." + + REFERENCE "RFC 5798, Section 5.2.3" + ::= { vrrpv3Statistics 3 } + + vrrpv3GlobalStatisticsDiscontinuityTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime on the most recent occasion at + which one of vrrpv3RouterChecksumErrors, + vrrpv3RouterVersionErrors, and vrrpv3RouterVrIdErrors + suffered a discontinuity. + + If no such discontinuities have occurred since the last + re-initialization of the local management subsystem, + then this object contains a zero value." + + ::= { vrrpv3Statistics 4 } + +-- VRRP Router Statistics Table + + vrrpv3StatisticsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Vrrpv3StatisticsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table of virtual router statistics." + ::= { vrrpv3Statistics 5 } + + vrrpv3StatisticsEntry OBJECT-TYPE + SYNTAX Vrrpv3StatisticsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the table containing statistics + information about a given virtual router." + AUGMENTS { vrrpv3OperationsEntry } + ::= { vrrpv3StatisticsTable 1 } + + Vrrpv3StatisticsEntry ::= + SEQUENCE { + vrrpv3StatisticsMasterTransitions + Counter32, + vrrpv3StatisticsNewMasterReason + INTEGER, + vrrpv3StatisticsRcvdAdvertisements + Counter64, + vrrpv3StatisticsAdvIntervalErrors + Counter64, + vrrpv3StatisticsIpTtlErrors + Counter64, + vrrpv3StatisticsProtoErrReason + INTEGER, + vrrpv3StatisticsRcvdPriZeroPackets + Counter64, + vrrpv3StatisticsSentPriZeroPackets + Counter64, + vrrpv3StatisticsRcvdInvalidTypePackets + Counter64, + vrrpv3StatisticsAddressListErrors + Counter64, + vrrpv3StatisticsPacketLengthErrors + Counter64, + vrrpv3StatisticsRowDiscontinuityTime + TimeStamp, + vrrpv3StatisticsRefreshRate + Unsigned32 + } + + vrrpv3StatisticsMasterTransitions OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of times that this virtual router's + state has transitioned to master state. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3StatisticsRowDiscontinuityTime." + ::= { vrrpv3StatisticsEntry 1 } + + vrrpv3StatisticsNewMasterReason OBJECT-TYPE + SYNTAX INTEGER { + notMaster (0), + priority (1), + preempted (2), + masterNoResponse (3) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This indicates the reason for the virtual router to + transition to master state. If the virtual router + never transitioned to master state, the value of this + object is notMaster(0). Otherwise, this indicates the + reason this virtual router transitioned to master + state the last time. Used by vrrpv3NewMaster + notification." + ::= { vrrpv3StatisticsEntry 2 } + + vrrpv3StatisticsRcvdAdvertisements OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP advertisements received by + this virtual router. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3StatisticsRowDiscontinuityTime." + + ::= { vrrpv3StatisticsEntry 3 } + + vrrpv3StatisticsAdvIntervalErrors OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP advertisement packets + received for which the advertisement interval is + different from the vrrpv3OperationsAdvInterval + configured on this virtual router. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3StatisticsRowDiscontinuityTime." + + ::= { vrrpv3StatisticsEntry 4 } + + vrrpv3StatisticsIpTtlErrors OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received by the + virtual router with IPv4 TTL (for VRRP over IPv4) or + IPv6 Hop Limit (for VRRP over IPv6) not equal to 255. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3StatisticsRowDiscontinuityTime." + REFERENCE "RFC 5798, Section 5.1.1.3" + ::= { vrrpv3StatisticsEntry 5 } + + vrrpv3StatisticsProtoErrReason OBJECT-TYPE + SYNTAX INTEGER { + noError (0), + ipTtlError (1), + versionError (2), + checksumError (3), + vrIdError(4) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This indicates the reason for the last protocol + error. This SHOULD be set to noError(0) when no + protocol errors are encountered. Used by + vrrpv3ProtoError notification." + ::= { vrrpv3StatisticsEntry 6 } + + vrrpv3StatisticsRcvdPriZeroPackets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received by the + virtual router with a priority of '0'. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3StatisticsRowDiscontinuityTime." + REFERENCE "RFC 5798, Section 5.2.4" + ::= { vrrpv3StatisticsEntry 7 } + + vrrpv3StatisticsSentPriZeroPackets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets sent by the virtual + router with a priority of '0'. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3StatisticsRowDiscontinuityTime." + REFERENCE "RFC 5798, Section 5.2.4" + ::= { vrrpv3StatisticsEntry 8 } + + vrrpv3StatisticsRcvdInvalidTypePackets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of VRRP packets received by the virtual + router with an invalid value in the 'type' field. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3StatisticsRowDiscontinuityTime." + ::= { vrrpv3StatisticsEntry 9 } + + vrrpv3StatisticsAddressListErrors OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received for which the + address list does not match the locally configured + list for the virtual router. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3StatisticsRowDiscontinuityTime." + ::= { vrrpv3StatisticsEntry 10 } + + vrrpv3StatisticsPacketLengthErrors OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received with a packet + length less than the length of the VRRP header. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3StatisticsRowDiscontinuityTime." + ::= { vrrpv3StatisticsEntry 11 } + + vrrpv3StatisticsRowDiscontinuityTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime on the most recent occasion at + which any one or more of this entry's counters + suffered a discontinuity. + + If no such discontinuities have occurred since the last + re-initialization of the local management subsystem, + then this object contains a zero value." + ::= { vrrpv3StatisticsEntry 12 } + + vrrpv3StatisticsRefreshRate OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The minimum reasonable polling interval for this entry. + This object provides an indication of the minimum + amount of time required to update the counters in this + entry." + ::= { vrrpv3StatisticsEntry 13 } + +-- Notification Definitions +-- Notifications may be controlled using SNMP-NOTIFICATION-MIB + + vrrpv3NewMaster NOTIFICATION-TYPE + OBJECTS { + vrrpv3OperationsMasterIpAddr, + vrrpv3StatisticsNewMasterReason + } + STATUS current + DESCRIPTION + "The newMaster notification indicates that the sending + agent has transitioned to master state." + ::= { vrrpv3Notifications 1 } + + vrrpv3ProtoError NOTIFICATION-TYPE + OBJECTS { + vrrpv3StatisticsProtoErrReason + } + STATUS current + DESCRIPTION + "The notification indicates that the sending agent has + encountered the protocol error indicated by + vrrpv3StatisticsProtoErrReason." + ::= { vrrpv3Notifications 2 } + +-- Conformance Information + + vrrpv3Compliances OBJECT IDENTIFIER ::= { vrrpv3Conformance 1 } + vrrpv3Groups OBJECT IDENTIFIER ::= { vrrpv3Conformance 2 } + +-- Compliance Statements + + vrrpv3FullCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement" + MODULE -- this module + MANDATORY-GROUPS { + vrrpv3OperationsGroup, + vrrpv3StatisticsGroup, + vrrpv3InfoGroup, + vrrpv3NotificationsGroup + } + OBJECT vrrpv3OperationsPriority + WRITE-SYNTAX Unsigned32 (1..254) + DESCRIPTION "Setable values are from 1 to 254." + ::= { vrrpv3Compliances 1 } + + vrrpv3ReadOnlyCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "When this MIB module is implemented without support + for read-create (i.e., in read-only mode), then such + an implementation can claim read-only compliance. + Such a device can then be monitored, but cannot be + configured with this MIB." + + MODULE -- this module + MANDATORY-GROUPS { + vrrpv3OperationsGroup, + vrrpv3StatisticsGroup, + vrrpv3StatisticsDiscontinuityGroup, + vrrpv3InfoGroup, + vrrpv3NotificationsGroup + } + + OBJECT vrrpv3OperationsPriority + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vrrpv3OperationsPrimaryIpAddr + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + OBJECT vrrpv3OperationsAdvInterval + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vrrpv3OperationsPreemptMode + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vrrpv3OperationsAcceptMode + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vrrpv3OperationsRowStatus + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vrrpv3AssociatedIpAddrRowStatus + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + ::= { vrrpv3Compliances 2 } + +-- Conformance Groups + + vrrpv3OperationsGroup OBJECT-GROUP + OBJECTS { + vrrpv3OperationsVirtualMacAddr, + vrrpv3OperationsStatus, + vrrpv3OperationsPriority, + vrrpv3OperationsMasterIpAddr, + vrrpv3OperationsAdvInterval, + vrrpv3OperationsPreemptMode, + vrrpv3OperationsAcceptMode, + vrrpv3OperationsUpTime, + vrrpv3OperationsRowStatus, + vrrpv3OperationsAddrCount, + vrrpv3OperationsPrimaryIpAddr, + vrrpv3AssociatedIpAddrRowStatus + } + STATUS current + DESCRIPTION + "Conformance group for VRRPv3 operations." + ::= { vrrpv3Groups 1 } + + vrrpv3StatisticsGroup OBJECT-GROUP + OBJECTS { + vrrpv3RouterChecksumErrors, + vrrpv3RouterVersionErrors, + vrrpv3RouterVrIdErrors, + vrrpv3StatisticsMasterTransitions, + vrrpv3StatisticsNewMasterReason, + vrrpv3StatisticsRcvdAdvertisements, + vrrpv3StatisticsAdvIntervalErrors, + vrrpv3StatisticsRcvdPriZeroPackets, + vrrpv3StatisticsSentPriZeroPackets, + vrrpv3StatisticsRcvdInvalidTypePackets, + vrrpv3StatisticsIpTtlErrors, + vrrpv3StatisticsProtoErrReason, + vrrpv3StatisticsAddressListErrors, + vrrpv3StatisticsPacketLengthErrors, + vrrpv3StatisticsRowDiscontinuityTime, + vrrpv3StatisticsRefreshRate + } + STATUS current + DESCRIPTION + "Conformance group for VRRPv3 statistics." + ::= { vrrpv3Groups 2 } + + vrrpv3StatisticsDiscontinuityGroup OBJECT-GROUP + OBJECTS { + vrrpv3GlobalStatisticsDiscontinuityTime + } + STATUS current + DESCRIPTION + "Objects providing information about counter + discontinuities." + ::= { vrrpv3Groups 3 } + + vrrpv3InfoGroup OBJECT-GROUP + OBJECTS { + vrrpv3StatisticsProtoErrReason, + vrrpv3StatisticsNewMasterReason + } + STATUS current + DESCRIPTION + "Conformance group for objects contained in VRRPv3 + notifications." + ::= { vrrpv3Groups 4 } + + vrrpv3NotificationsGroup NOTIFICATION-GROUP + NOTIFICATIONS { + vrrpv3NewMaster, + vrrpv3ProtoError + } + STATUS current + DESCRIPTION + "The VRRP MIB Notification Group." + ::= { vrrpv3Groups 5 } + +END diff --git a/tools/keepalived/doc/keepalived.conf.SYNOPSIS b/tools/keepalived/doc/keepalived.conf.SYNOPSIS index b8a09eecd..1ae228b7c 100644 --- a/tools/keepalived/doc/keepalived.conf.SYNOPSIS +++ b/tools/keepalived/doc/keepalived.conf.SYNOPSIS @@ -1,439 +1,5 @@ -This file describe all the Keepalived available keywords. The keepalived.conf -file is compounded by three configurations parts : - - * Globals configurations - * VRRP configuration - * LVS configuration - -0. Comment string - -There is 2 valid comment valid string : # or ! If you want to add comment -in you configuration file use this char. - -1. Globals configurations - -This block is divided in 2 sub-block : - - * Global definitions - * Static routes - - 1.1. Global definitions - - The configuration block looks like : - -global_defs { # Block identification - notification_email { # Email to send alertes to - # Standard email address - - ... - } - notification_email_from # Email From dealing with SMTP proto - smtp_server # SMTP server IP address - smtp_connect_timeout # Number of seconds timeout connect - # remote SMTP server - router_id # String identifying router - vrrp_mcast_group4 # optional, default 224.0.0.18 - vrrp_mcast_group6 # optional, default ff02::12 -} - -linkbeat_use_polling # Use media link failure detection polling fashion - - 1.2. Static addresses - - The configuration block looks like : - -static_ipaddress { # block identification - / brd dev scope - / brd dev scope - ... -} - -SCOPE can take the following values : - * site - * link - * host - * nowhere - * global - - 1.3. Static routes - - The configuration block looks like : - -static_routes { # block identification - src [to] / via|gw dev scope table # to is optional - src [to] / via|gw dev scope table # to is optional - src [to] / via|gw or dev scope table # will use multipath route - blackhole [/] - ... -} - -SCOPE can take the following values : - * site - * link - * host - * nowhere - * global - -2. VRRP configuration - -This block is divided in 3 sub-block : - - * VRRP scripts - * VRRP synchronization group - * VRRP instance - - 2.1. VRRP scripts - - The configuration block looks like : - -vrrp_script { # VRRP script declaration - script # script to run periodically - interval # run the script this every seconds - weight # adjust priority by this weight - fall # required number of failures for KO switch - rise # required number of successes for OK switch -} - -The script will be executed periodically, every seconds. Its exit -code will be recorded for all VRRP instances which will want to monitor it. -Note that the script will only be executed if at least one VRRP instance -monitors it with a non-zero weight. Thus, any number of scripts may be -declared without taking the system down. - -If unspecified, the weight equals 2, which means that a success will add +2 -to the priority of all VRRP instances which monitor it. On the opposite, a -negative weight will be subtracted from the initial priority in case of -failure. - - 2.2. VRRP synchronization group - - The configuration block looks like : - -vrrp_sync_group { # VRRP sync group declaration - group { # group of instance to sync together - # a - # set - ... # of VRRP_Instance string - } - notify_master | # Script to run during MASTER transit - notify_backup | # Script to run during BACKUP transit - notify_fault | # Script to run during FAULT transit - notify | # Script to run during ANY state transit (1) - smtp_alert # Send email notif during state transit -} - -(1) The "notify" script is called AFTER the corresponding notify_* script has - been called, and is given exactly 4 arguments (the whole string is interpreted - as a litteral filename so don't add parameters!): - - $1 = A string indicating whether it's a "GROUP" or an "INSTANCE" - $2 = The name of said group or instance - $3 = The state it's transitioning to ("MASTER", "BACKUP" or "FAULT") - $4 = The priority value - - $1 and $3 are ALWAYS sent in uppercase, and the possible strings sent are the - same ones listed above ("GROUP"/"INSTANCE", "MASTER"/"BACKUP"/"FAULT"). - -Important: for a SYNC group to run reliably, it is vital that all instances in - the group are MASTER or that they are all either BACKUP or FAULT. A - situation with half instances having higher priority on machine A - half others with higher priority on machine B will lead to constant - re-elections. For this reason, when instances are grouped, their - tracking weights are automatically set to zero, in order to avoid - inconsistent priorities across instances. - - 2.3. VRRP instance - - The configuration block looks like : - -vrrp_instance { # VRRP instance declaration - use_vmac # Use VRRP Virtual MAC - vmac_xmit_base # Send/Recv VRRP messages from base - # interface instead of VMAC interface - native_ipv6 # Force instance to use IPv6 - # when using mixed IPv4&IPv6 conf - state MASTER|BACKUP # Start-up default state - interface # Binding interface - track_interface { # Interfaces state we monitor - - - weight - ... - } - track_script { # Scripts state we monitor - - weight - ... - } - dont_track_primary # (default unset) ignore VRRP interface faults. - # useful for cross-connect VRRP config. - mcast_src_ip # src_ip to use into the VRRP packets - unicast_src_ip # src_ip to use into the VRRP packets (alias to mcast_src_ip) - unicast_peer { # Do not use multicast, instead send VRRP - # adverts to following list of ip address - ... # in unicast design fashion - } - lvs_sync_daemon_interface # Binding interface for lvs syncd - garp_master_delay # delay for gratuitous ARP after MASTER - # state transition - garp_master_refresh # Periodic delay in seconds sending - # gratuitous ARP while in MASTER state - virtual_router_id # VRRP VRID - priority # VRRP PRIO - advert_int # VRRP Advert interval (use default) - authentication { # Authentication block - auth_type PASS|AH # Simple Passwd or IPSEC AH - auth_pass # Password string (up to 8 characters) - } - virtual_ipaddress { # VRRP IP addres block - / brd dev scope label