Keepalived ChangeLog

Release 1.2.13
* vrrp : Use the standard unsigned int types. This fixes
  building with musl libc, which does not expose the internal
  __uint* defines. (Natanael Copa)
* check : Fix template issue in IPv6 host header.
  (Jan Hugo Prins)
* ipvs : ipvs_syncd_cmd uses memset() to zero the daemonrule
  buffer before populating it and sending it up. daemonrule is
  malloc()ed by ipvs_start(). ipvs_start() can bail early if it
  can't communicate with ipvs. Neither place which call
  ipvs_start() check the return value, allowing them to walk
  straight into a NULL pointer deref. (jsgh)
* check : Without inhibit_on_failure on a real_server, when the
  server is marked down existing TCP connections to it are simply
  blackholed. Hence inhibit_on_failure: by setting the weight to
  zero no new connections are sent to that server, but because the
  server isn't completely removed from the table existing
  connections are allowed to continue. The same problem exists
  with sorry_server. When a real_server comes back up the
  sorry_server is removed from the pool and existing connections
  are blackholed. Instead of continued service, which may usually
  be a fast response indicating overload, the client must engage
  in a lengthy wait for the connection to time out. It would be
  better in many cases to allow the sorry_server connections to
  complete naturally. Luckily the code is structured well enough
  that all is required to get this behaviour is to set the inhibit
  member of the sorry_server structure, which is mostly just a
  change to the config file parser. (jsgh)
* check : unify logging of RS and VS. This fixes the bug of
  displaying a FWM service as [x.x.x.x]:0, where x.x.x.x is the
  first RS of that service. (Alexey Andriyanov)
* check : unify connection options among checkers.
  All the remote checkers (TCP, HTTP/SSL, SMTP) now have the
  same set of connection options:
    . connect_ip (new to TCP, HTTP)
    . connect_port
    . bindto
    . bind_port (new)
    . connect_timeout (new to SMTP)
  All of them are optional with reasonable defaults. The patch
  is designed for simplicity in adding a new option. Since the
  connect_ip could be inequal to the RS address and, worse, the
  same for all RSes, the endpoint is now logged as [RS]:rport,
  not the [connect_ip]:connect_port. (Alexey Andriyanov)
* check : fwmark connection option. (Alexey Andriyanov)
* check : make SO_MARK a compile-time option.
  (Alexey Andriyanov)
* check : documentation for generic connection opts.
  (Alexey Andriyanov)
* check : random delay before doing the first check.
  every RS check is registered with a random delay between 0
  and vs->delay_loop seconds. It helps avoiding multiple
  simultaneous checks to the same RS server.  (Alexey Andriyanov)
* vrrp : Fix sync of interface status flag when using VMAC
  interface. There is a chance that the VMAC interface status
  flags (up/down) could be different from the base interface flags.
  This patch will only change the VMAC interface status flags when
  the base interface is changed. (Jonas Johansson)
* vrrp : Let only base interface change the VMAC interface status
  flags. The interface status flags for a VMAC interface shall
  only be changed by the base interface, never by reading the
  actual VMAC interface flags. (Jonas Johansson)
* vrrp : Fix initial interface status flag value for VMAC
  interface. In commit a05a503, "vrrp: Fix sync of interface
  status flag when using VMAC interface", no inital value for the
  VMAC interface status flag was set. Due to that the VMAC interface
  flags shall follow the base interface, the base interface status
  flags value shall be copied to the VMAC interface status flags
  after the VMAC interface has been created. (Jonas Johansson)
* vrrp : Proper restore of VMAC interface properties on SIGHUP.
  On SIGHUP the VMAC flag and base ifindex for a VMAC interface was
  lost. (Jonas Johansson)
* vrrp : Revert "Honor preempt_delay setting on startup.".
  This commit resulted in two individual bugs:

  1) A keepalived instance coming on-line would not transition to
     MASTER state until the preempt_delay duration had passed, even
     though there was no already existing VRRP speaker in MASTER
     state on the link. In other words, it changed the semantics of
     preempt_delay from a delay that only took place before
     *preemption* of another VRRP speaker, to a delay that
     unconditionally took place after Keepalived came online. The
     keepalived.conf manual page has always documented the former
     meaning, which is also IMHO the only one that you would
     intuitively expect.

  2) The preempt_delay was applied when a Keepalived process was
     reloading its configuration following the recipt of SIGHUP.
     If the Keepalived instance was in MASTER state before the
     reload, it would cease transmitting VRRP hellos for the
     duration of preempt_delay, but *not* actually remove the
     virtual addresses from the network interfaces. This in turn
     resulted in any backup VRRP speakers on the links transition
     to the MASTER state while preempt_delay was still in effect
     on the original MASTER that was reloaded, thus creating a
     service-impacting split-brain scenario where the virtual
     addresses are present and active on multiple VRRP speakers

  (Tore Anderson)
* vrrp : fix ip_address comparison. Extend IP_ISEQ() macro to
  take care of NULL addresses. This issue end on SEGV while
  using virtual_route. thanks to Tore Anderson for reporting.
* vrrp : fix double close issue (DROP_MEMBERSHIP & netlink
  channel). This is a old pending 'bug', not arming at all
  but just frustrating to see again and again this log message :

  "cant do IP_DROP_MEMBERSHIP errno=Bad file descriptor (9)"

  What the hell ! it was due to a double close during reload &
  stop procedure. VRRP fd are stored in a socket pool and use
  the I/O MUX to handle VRRP traffic. While reloading or stopping
  the daemon the I/O MUX was released first and secondly socket
  pool.  The issue spotted here, in thread_destroy_master() all
  pending thread are canceled and read/write fds related are
  close(). Well OK a close on a mcast socket perform kernel side
  the DROP_MEMBERSHIP when needed, but it is much more clean to
  perform proper operations userspace ! This patch sequencely
  cancel pending thread, release socket pool and finally
  destroy master thread. Same 'issue' appear in netlink channel.
Release 1.2.12
* lib: Fix reallocation issue introduced in last merge.
Release 1.2.11
* ipvs: make nlerr2syserr libnl dependent. nlerr2syserr()
  is only used when libnl is present... simply reflect this in
* Fix libnl/libnl-3 logic in configure script.
  This patch causes the configure script to prefer libnl-3 over
  libnl(1). The configure script will first check for libnl-3 and
  libnl-genl-3. If both are found, use them. If not, check for
  libnl(1). This is useful when building on systems that have both
  libnl-3 and libnl(1) installed. It also fixes some redundant
  libraries in LIBS.
* libipvs: libnl-3 include fix.
* lib: extend command lib string parser.
  Extend cmd_make_strvec to support quoted string as a single slot
  and commented string at the end of parsed string.
* lib: cosmetics at command.c.
  Extend command framework to support logger and remove some dead
  code. some cosmetics too.
* lib: extend vty to support logger.
* autoconf: better libnl3 detection.
* Fix memory allocation in parser. The set_value function was
  incorrectly using sizeof (char *) when allocation and reallocating
* Fix memory allocation for MD5 digest.
  The vrrp_in_chk_ipsecah and vrrp_build_ipsecah functions were
  incorrectly using sizeof (unsigned char *) when allocating memory
  for the MD5 digest.
* Fix memory leak in vty_read_config. If vty_use_backup_config
  returns NULL, free any memory that has been allocated before
* Fix memory leak in check_include. The check_include function
  should always free the allocated strvec.
* Check content length before allocating memory.
  Since extract_content_length should return 0 if CONTENT_LENGTH is
  not found in the buffer, this check should be done before
  allocating memory. This avoids unnecessary malloc/free calls and
  fixes a potential memory leak.
* Free memory if realloc fails in vty_out. If realloc returns NULL,
  free the original memory before returning.
* Remove redundant close from vty_use_backup_config. The sav file
  descriptor is closed after read, so there is no need to close it
  again is chmod operation fails.
* Remove unnecessary netlink rtattr structures.
  Both netlink_link_setmode and netlink_link_add_vmac have rtattr
  structures that are no needed. The addattr_l function will handle
  adding the rtattr to the message. Also, this patch removes
  incorrect void pointer arithmetic when setting rta_len.
* vrrp: dont try to leave mcast group in unicast mode.
* vrrp: Release and refresh properly fd hash index.
  Rehashing into the same loop as releasing is not really the best
  idea... Reworked a little previous patch to properly release hash
  entries related to the same instance and then hash it back on new
* vrrp: use configuration mcast group for leave message.
* vrrp: dont try to load ip_vs module when not needed.
Release 1.2.10
* Jonas Johansson removed unused option character in getopt
* vrrp: disable TTL sanity check for unicast use-case.
  In order to protect against any packet injection, VRRP provides
  sanity check over IP header TTL. This TTL MUST be equal to
  255 and means both sender and receiver are attached on the same
  ethernet segment. Now with unicast extension this protection MUST
  be disabled since VRRP adverts will mostly traverse different
  network segments.
  !!! WARNING !!! When using VRRP in unicast use-case in order to
  protect against any packet injection the best practice is to use
  IPSEC-AH auth method otherwise you are exposed to potential
  attackers !
* Christian Albrecht fixed minor typo in man page
* Pim van den Berg work on libipvs-2.6 to sync with libipvs from
  ipvsadm 1.27
* Pim van den Berg work add support to libnk >= 3.
* Pim van den Berg extended libipvs adding nlerr2syserr function
  to translate libnl 3 errors to sys errors. In libnl 3 the return
  codes have changed. nlerr2syserr translates the libnl 3 errors to
  sys errors.
* ipvs: if libnl-3 is installed then check for libnl-gen-3. It is
  mandatory to use generic netlink facilities in new libipvs. This
  test is just here to ensure every needed libs are installed !
* Frank Baalbergen (I suppose github frankbb is you ?) fix
  http checker. literal ipv6 addresses should be enclosed by
* vrrp: Frank Baalbergen add check on IFA_F_NODAD support.
* vrrp: fix unicast handling address selection. SjonHortensius
  reported issue while testing unicast_peer. It wouldn't work
  without adding the native_ipv6 flag. Removed this dependency !
  since it not correlated with VRRP protocol version used.
* vrrp: extend ip parser to support default and default6.
  When you are using virtual_routes you may want to use default
  or default6 while configuring routes. Extended parser
  accordingly !
* vrrp: take care of label while comparing IP addresses.
  Label was not taken into account while comparing 2 IP
  addresses, this can lead to a non deletion while stopping
  daemon and some configuration changes have been done while
  deamon running. This issue was reported by Stepan Rogov.
* vrrp: fix/extend gratuitous ARP handling.
  multiple people reported issues where MASTER didnt recover
  properly after outage due to no gratuitous ARP sent. VRRP
  is a protocol designed to be used between node plugged on
  the same layer2 in order to guarantee link failure is directly
  linked to a protocol FSM handling (FAULT transition). With
  current virtualization env quite every think can be virtualized
  from host (VM) to network (vswitch). In some cases those
  virtualized env offer a virtualized layer2 on which VRRP is
  plugged and sometime forwarding or routing over this virtual
  path can be broken.
  I extended gratuitous ARP handling in 2 ways :
  1) When a MASTER receive a higher prio advert it sends a last
     advert before transiting to BACKUP state. The immediate
     effect at remote MASTER side is to sollicite a gratuitous
     ARP broadcast.
  2) Add an optional support to periodic gratuitous ARP sending
     while in MASTER state. By default it is disabled but one
     can activate this feature by configuring keyword
     "garp_master_refresh" in seconds in vrrp_instance block
     (refer to keepalived.conf.SYNOPSIS).
* Frank Baalbergen fixed genhash. genhash can throw a
  segmentation fault when not providing an argument
* Frank Baalbergen extended genhash code to support IPv6
* Frank Baalbergen extended genhash code to make url default
  value /, same as curl/wget
* Frank Baalbergen extended genhash code to only use default
  url when url is empty
* vrrp: Create configuration alias for unicast_src_ip keyword.
  Add a new keyword more generic to specify VRRP packet source
  IP address. This new keyword is "unicast_src_ip" and have
  exactly the same scope as "mcast_src_ip".
* vrrp: unicast_peer addresses and VRRP instance MUST be of
  the same family. VRRP low-level framework create socket
  pool based on VRRP instance family. If you are using
  unicast_peer, it is mandatory to use addresses of same family
  as VRRP instance. You cant mix IPv4 and IPv6 addresses inside
  same unicast_peer block.  If you need to make it that way, you
  MUST create a VRRP instance per family, eg: one with native_ipv6
  for v6 unicast_peer and another for v4 unicast_peer.
* vrrp: extended unicast code to support IPv6 unicast_src_ip.
  Add support to unicast IPv6 address for
  {unicast,mcast}_src_ip keyword. vrrp instance saddr is now a
  sockaddr_storage and src IPv6 address is set using cmsg ancillary
  data pktinfo. TSource IP address selection is now generic and
  can be IPv4 or IPv6.
* vrrp: fix vrrp socket sync while leaving FAULT state.
  Well, this is a very, VERY old bug here. while leaving FAULT
  state VRRP framework refresh instance socket fd_in & fd_out
  and synchronize all VRRP instance bound to the same socket.
  The patch refresh socket, it also refresh fd hashing ! which
  better for later fault handling :)
* vrrp: Frank Baalbergen fix log-facility handling. log-facility
  should be a required_argument
* vrrp: Support xmit VRRP packets from base VMAC interface.
  Here is a merge of patch from Oliver Smith. Thanks for your
  job and idea in here Oliver. Comments from Olivier :

  This provides a new option to use in conjunction with the VMAC
  functionality which will result in VRRP advertisements being
  sent and received over the underlying interface (and therefore
  having the source MAC of that interface rather than the VMAC

  With this new functionality enabled, VRRP messages will not
  affect the switch MAC address table since the non-unique VMAC
  address is now used only for sending a gratuitous ARP, thereby
  ensuring that in conditions of VRRP message loss, a probing
  partner will not inadvertently take over traffic.

  This also resolves issues where VRRP messages are not
  successfully being seen on the VMAC interface as with the
  new option, the underlying interface is also used to listen out
  for VRRP messages.
* getopt: Make some arguments required
* vrrp: Frank Baalbergen add default case in getopt_long.
  when starting keepalived with an option without an argument
  that requires an argument keepalived should not be started.
* vrrp: VMAC code cleanup and extensions.
  Remastered VMAC code. Interface base_ifindex is set by default
  to interface ifindex during netlink probe. VMAC interface
  base_ifindex is now set during VMAC allocation uppon success
  interface creation. Detect if virtual_router_id is declared
  after use_mvac keyword is invoked. Add some more log while
  setting up and removing VMAC interface.
* vrrp: IPv4 and IPv6 multicast group tweaking.
  Meno Abels extended vrrp framework to support customized
  multicast addresses. The address could be set for ipv4 and
  ipv6 in the global_defs config section using the keywords
  vrrp_mcast_group4 and vrrp_mcast_group6.

  There are some stupid switches which does a special processing
  to multicast packets which causes packets drop from
  queue overflows in environments which creates 100 and more
  multicast control plane packets a second.
Release 1.2.9
* Alexey Andriyanov fixed inaccuracy in VS_ISEQ macro.
* Alexey Andriyanov fixed hysteresis which could be >= quorum now.
* Alexey Andriyanov extended checker framework so that status_code
  and digest can be set together.
* Alexey Andriyanov extended/fixed checker framework for better
  SIGHUP support.
* Jonas Johansson fixed VRRP sync group by sending prio 0 when
  entering FAULT state. This fix will send prio 0 (VRRP_PRIO_STOP)
  when the VRRP router transists from MASTER to FAULT state. This
  will make a sync group leave the MASTER state more quickly by
  notifying the backup router(s) instead of having them to wait
  for time out.
* Jonas Johansson extended VRRP VMAC interface flags (up/down
  status) to follow base interface. When using a VMAC interface,
  this fix will reflect the base interface flags, i.e. up/down
  status, to the VMAC interface. This is useful when using sync
  groups (in combination with VMAC) and a link for one of the
  members in the MASTER sync group goes down. Before this fix,
  this member will not detect the link fault, due to that the
  VMAC interface always is UP regardless of the actual status of
  the base interface, and the sync group will continue to be
  MASTER as if nothing has happend. This fix will however reflect
  the status of the base interface onto the VMAC interface, so if
  the link goes down the member will transit to FAULT state, which
  will make the sync group transit to BACKUP state.
* Jonas Johansson fixed VRRP wrong interface flags corner case.
  If a link event arrives between the initial scanning for
  interfaces and configuration file parsing, the VRRP instance
  will enter an unrecoverable state. This fix will update the
  interface flags even when the interface exists, not only for
  the inital scan.  Note that when all is up and running the link
  events will be properly handled by netlink, so this fix only
  fixes the special case when a link changes state during
* Jonas Johansson fixed VRRP to honor preempt_delay setting on
  startup. If the preempt_delay is set we cannot yet transition
  to master state. We must await the timeout of our preempt_delay.
  The preemption delay is used when starting up, or rebooting, a
  node which needs time to sort out its routing table (e.g., BGP
  or OSPF) before it can assume the master role.
* Jonas Johansson extended VRRP code for faster sync group
* Jonas Johansson replaced popt with getopt. In a embedded
  environment you might not want to have to add yet another
  library dependency. This commit refactors parse_cmdline() to
  use getopt_long() instead och popt.
* EyckWigo proposed to increase defaut socket buf size to handle
  env with lot of IP addresses, Default is now set to 64K on netlink
* Guðmundur Bjarni Ólafsson fixed VRRP unicast code to allow
  packet to be routed !
* Guðmundur Bjarni Ólafsson fixed VRRP checksum before computation.
  When running in unicast mode with multiple peers, the checksum
  was being calculated into itself for consequent peers, causing
  incorrect checksums.
* Extended VRRP framework tweaking IPv6 VIP install by disabling
  DAD algo and setting deprecated.
  Lot of discussions have been made around those 2 topics. First
  idea and initial patch where provided by Leo Baltus. This patch
  fix the use case where VRRP VIPv6 are used in conjonction of IPVS
  healthchecking. If deprecated flag is not set (which is the default
  linux behaviour), then VRRP VIP can be used as source address of
  healthcheking packet. Since this VIP address is also present, in
  most use-cases, on realserver directly so return packets never reach
  the healthchecker and hence no realserver was injected in IPVS table.
  At the same time, I decided to merge Tore Anderson  suggestion of
  disabling Duplicate Address Detection algorithm. Tore's arguments
  are nice ! Thanks Tore : Using the nodad flag has the following
  1) The address becomes immediately usable after they're configured.
  2) In the case of a temporary layer-2 / split-brain problem we can
     avoid that the active VIP transitions into the dadfailed phase
     and stays there forever - leaving us without service. HA/VRRP
     setups have their own "DAD"-like functionality, so it's not
     really needed from the IPv6 stack.

  Acknowledgements to Mark Schouten and Frank Baalbergen for pushing
  me by testing this feature !
Release 1.2.8
* Vincent Bernat fixed issue while pinging master agent.
  The agent needs to be initialized to be able to change the
  AgentX ping interval.
* Revisited the whole code to use posix declaration style.
* fixed some typos
* Created CLI core framework.
* Ryan O'Hara added option to prevent respawn of child process.
  This patch adds a command-line option (--dont-respawn, -R) that
  will prevent the child processes from respawning. When this
  option is specified, if either the checker or vrrp child
  processes exit the parent process will raise the SIGTERM signal
  and exit.
* Ryan O'Hara removed duplicate command-line option code.
  patch removes unnecessary code to process command-line
  options. All options can be processed with a single while loop
  that calls poptGetNextOpt. This patch also adds code to check
  for errors while processing options. Note that errors encountered
  while processing command-line options are fatal.
* Ryan O'Hara add support to usage generation by popt.
  This patch uses the popt library to describe the command-line
  options and print usage to stderr. This provides a more clear,
  concise usage statement.
* Ryan O'Hara and I updated keepalived man page.
* Aleksei Ilin add flexible HTTP checker behaviour for HTTP GET
  request's port settings. VirtualServer's port being specified
  in HTTP GET request only if `VirtualHost` option is not defined,
  otherwise used `VirtualHost` option itself.
* Ryan O'Hara fixed pointer arithmetic for VRRP packet.
  When using IPSEC AH authentication, the pointer arithmetic used
  to get the location of the VRRP packet is incorrect. The address
  of the IPSEC header must be cast as (char *) in order to get
  correct address of the VRRP packet. Without this patch,
  vrrp_in_chk() will fail to verify incoming VRRP packets when
  IPSEC AH is enabled.
* Ryan O'Hara fixed issue while loading SSL certificate.
  This patch fixes a problem where keepalived will attempt to
  load an SSL keyfile as a certificate, resulting in failure to
  initialize SSL context.
* Ryan O'Hara refreshed GPLv2 license with last FSF file.
* junpei-yoshino fixed Library crypt is needed.
* Boon Ang fixed comparison of primary IP addresses.
  If a router in the master state receives an advertisement
  with priority equal to the local priority, it must also
  compare the primary IP addresses (RFC 3768, section 6.4.3).
  The code to handle this was comparing two IP addresses with
  different byte-ordering, resulting in multiple routers in
  the master state. This patches resolves the problem by
  coverting the local primary IP address to network byte order
  for the comparison.
* Henrique Mecking fixed memory leak in libipvs
* Robert James Hernandez fixed RETVAL by setting RETVAL for
  status instead keeping RETVAL set to default of 0
* Robert James Hernandez fixed RETVAL by setting RETVAL for
  catch all and so that it exits like all other matches in
  the case
* Jan Pokorný fixed genhash to ensure CLRF{2} HTML body
  separator won't slip.
* Jan Pokorný extended genhash. Generalize the hash algoi
  parts, add SHA1.
  This patch adds support for hash algo suite extension
  with SHA1 being a first one to be available together with
  a default MD5.  The remaining change on the health-checker
  subsystem side is to make analogous modifications and to teach
  it to recognize the intended hash algorithm based on the length
  of the digest (provided that extra care is taken that no two
  algorithms will ever alias in this regard).  Also the test
  script for genhash was extended to conditionally use SHA1.
* Jan Pokorný cleaned up genhash code. 
  Access to the hash-specific context was simplified as I've
  now checked some C guarantees regarding union/it's members
  initial address vs. aligning so now extra inlined accessor
  function is needed.  This simplified the code a bit.
  Also now the hash-specific object is directly pointed to by
  SOCK object instead of carrying just the index to the table of
  hashes and doing the respective access via a global again and
  again.  Next, I've concentrated some hash-related declarations
  to the new hash.h file.  This was mostly motivated by a need to
  break the circular include dependency that have arisen. As a
  consequence, part of the recent clutter I brought in was removed
  again. Most of FEAT_SHA1 conditional compilation is here.
  Previously separated table in main carrying the hash IDs to be
  printed in the help screen was merged into the table carrying all
  the other necessary information about the particular hashes.
* vrrp: Remi Gacogne fixed invalid use of sizeof.
* Pasi Kärkkäinen Add To header for SMTP alerts.
* vrrp: Robert Sander add IPv6 support for virtual_routes and
* Erik de Groot add support to LVS One-Packet Scheduling
  (known as OPS). Typically RADIUS traffic comes from a limited
  amount of clients and thus you have a very limited range of IP
  tuples in action which will never expire. Issue with Keepalived
  without this patch is that, although it correctly re-assigns
  traffic when a real server dies, it will never re-assign traffic
  back to the real server when it is restored. This is because
  LVS creates virtual connections, for each IP tuple, that will
  never time out as the clients keep sending traffic to the server.
  With this patch is is possible to enable OPS for UDP virtual
  servers which means LVS does not create virtual connections and
  takes a new loadbalancing decision for each UDP packet. The
  result is that a restored server now gets RADIUS traffic as
  soon as LVS has taken it it back into the server pool.
* Willy Tarreau and Ryan O'Hara add the ability to use VRRP over
  unicast. Unicast IP addresses may be specified for each VRRP
  instance with the 'unicast_peer' configuration keyword. When
  a VRRP instance has one or more unicast IP address defined,
  VRRP advertisements will be sent to each of those addresses.
  Unicast IP addresses may be either IPv4 or IPv6.
  If you are planing to use this option, ensure every ip
  addresses present in unicast_peer configuration block do not
  belong to the same router/box. Otherwise it will generate
  duplicate packet at reception point.
Release 1.2.7
* vrrp: fix issue in while using vrrp_script.
  Previous patch introduced by Ryan O'Hara about removing
  shadow declaration was kind of too much hunting.
  Removing element e in this block simply create inconsitency
  in upper list walk. So resurected element declaration with e2.
* snmp: Mikhail Gaydamaka extended MIB and both vrrp and check
  frameworkds to support routerId to var bind.
* snmp: Mikhail Gaydamaka fixed oid for vrrpSyncGroupStateChange
  var bind.
* some cosmetics again and again.
Release 1.2.6
* Rename global config data variable 'global_data'.
  From Ryan O'Hara :
  This patch renames the global configuration data
  variable from 'data' to 'global_data'. Three reasons for
  renaming this varibale:
  - Fixes shadow declaration of 'data' in several locations.
  - Is more consistent with other global data variables
  (ie. vrrp_data, check_data).
  - Functions like free_global_data and dump_global_data were
  ignoring conf_data_t argument and using global variable
* Ryan O'Hara: Fix shadow declaration of 'vrrp_data' variable.
* Ryan O'Hara: Fix shadow declaration of 'check_data' variable.
* Ryan O'Hara: Remove shadow declaration of 'element e' in
* check: Avoid the use of kernel defines in libipvs userland
* vrrp: Correctly handle macvlan interface when config file is
  re-loaded. From Bob Gilligan :
  Testing with the 1.2.0 branch, bring keepalived up with a
  vrrp_instance that is configured with use_vmac.  Then delete
  that vrrp_instance from the config file.  Then tell keepalived
  to re-read its config file with SIGHUP.  The vrrp_instance will
  be stopped, but the macvlan interface will remain.  The obvious
  fix would be to add code to call netlink_link_del_vmac() in
  clear_diff_vrrp().  There's one problem with that: the code
  needs the ifindex of the macvlan interface to delete it, but
  that resides in the interface structure that was freed earlier
  in the reload process.  My fix is to add a field to the
  vrrp_rt struct to remember the macvlan ifindex.  This patch
  addresses this problem plus two others that can occur in
  reloading the config file:  1) If the vrrp_instance
  configuration is kept, but the use_vmac entry is removed, the
  macvlan interface will not be deleted; 2) If a vrrp_instance
  with use_vmac is left unchanged, the code will attempt to
  re-create the macvlan interface, but this will fail and the
  program will end up not using the macvlan interface.
* vrrp: VRRP should notify other routers before it does any
  action that effects traffic flow. From John Southworth:
  Move the shutdown_vrrp_instances code to before the deletion
  of sock_pool. Move sending priority 0 adverts to before address
  removal occurs
* vrrp: From John Southworth: Stop timers before shutting down
  vrrp instances. This is to avoid a possible condition where
  a priority 0 advertisement is sent and before the master
  thread is killed another advertisement can be generated and sent.
* vrrp: Change when socket fd's are freed.
  From John Southworth:
  Priority 0 advertisements were not being sent as desired on
  config reload. This was causing long delays on manually failed
  over instances. The socket pool was being freed too early, as a
  result the file descriptor for the socket was no longer valid at
  the time the priority 0 advertisment was attempted.
* vrrp: Added a separate timeout parameter for vrrp_script checks
  From Jonathan Harden:
  I've added a timeout parameter to the vrrp check scripts which
  allow you to have the check timeout different to the interval.
  When no timeout has been specified the interval is used (which
  mimics the current behaviour).  To explain the reasoning: We
  wanted to have check scripts time out faster than our check
  interval. Doing the check we need to perform is a little load
  intensive and so we don't want to perform it every few seconds.
  With this patch we set an interval of 60 seconds but a timeout
  of 5 seconds (if the check takes more than a few seconds then
  the service is not working correctly).
* Extended vector lib for futur work
* some cosmetics.
Release 1.2.5
* Merge SNMP support from Vincent Bernat.
* SNMP is not compiled nor activated by default.
* Updated autoconf script
* Created Keepalived MIB
* Integration of NetSNMP into main scheduling loop
* vrrp: Most internal data can be queried with SNMP.
* check: Most internal values can be queried using SNMP.
  The main exception is the ability to query checkers
  which is not present.
* check: SNMP support for IPVS stats. IPVS stats are
  exported with SNMP. A cache is used to avoid to query
  the kernel too much.
* Created core framework for SNMP trap
* vrrp: SNMP traps are sent when instance state changes
  and when sync group state changes
* check: SNMP traprs are sent when real server state changes
  and when virtual server quorum state changes
* vrrp: add support to write/update operations from SNMP.
  Write/update support is available for changing the base priority
  and for changing instance preemption.
* check: add support to write/update operations from SNMP.
  Write support is available for changing the weight of a real
* workaround for AgentX ping blocking Keepalived. When establishing
  AgentX session with the master agent, we setup low timeout and
  retries values. If the master agent is blocked, we will wait for
  less than 1 second for them and therefore, there will be no
  disruption for VRRP.
* Copyright update
* some cosmetics.
Release 1.2.4
* Please look at git repo for credits.
* remove CR from manpage
* check: fix pid display in syslog messages
* vrrp: better documentation of the limitation on password
* cosmetics to be pleasant with GCC4
* Update autoconf script to properly detect VRRP VMAC
* security: Fix exploitable issue in sighandler !
* Add datarootdir to files.
* Fix logging to console.
* Remove newlines from log_message calls.
Release 1.2.3
* Please look at git repo for credits.
* VRRP : allow group to use priority with 'global_tracking'
  group keyword
* VRRP : Adjust TOS values. The TOS value used by other
  vendors is ip precedence 6, so change that. Use socket
  priority option to force packets into band 0 of pfifo_fast.
* VRRP : Fix sync-group thrashing.The sync group implementation
  was not very robust. If one synced instance lost communication
  without going to fault state then all synced intances would
  transition to master. Following this all instances would
  transition back to backup because they heard higher priority
  advertisements. This thrashing would continue indefinitely.
  To fix this the sync-group code was made to prefer backup state.
  That is, the sync-groups don't sync to master state unless
  every instance wants to be master.
* VRRP : Fix dst lladdr in IPv6 Unsollicited NA.
* VRRP : fix pid display in syslog messages.
* Fix configure script to correctly identify kernel version.
* check : handle unspecified sockaddr_storage when comparing
* VRRP : ensure VRRP script interval and GARP delay is not 0.
* check: ensure non 0 default values for timeouts.
* VRRP : Fix priority not changing on reload.
* check : Fix IPv4 address comparison routine.
* Don't use bind() with AF_UNSPEC.
* check : enable the use of fwmark with IPv6 virtual servers.
* Fix modprobe arguments.
* Fix double ntohs() in SMTP checker.
* Pretty-print IP:port as [%s]:%d.
* check : keep retry in case of early TCP failures in checks.
* when specifying an IPv6 range, range is hexadecimal value.
* Only define kernel types for ip_vs.h header to avoid problems
  when loading other headers.
* When respawning VRRP or check process, use LOG_ALERT.
* Do not set reload flag in the main process.
* Set correct rights on PID file.
* fix 'gratuitous' typos.
* ipvs: don't include linux/types.h or asm/types.h.
* configure: check for nl_socket_modify_cb for libnl.
* configure: don't check for IPVS support with kernel 2.6.x.
* VRRP : On shutdown, release sockets later to be able to send
  shutdown packet.
* fix documentation on linkbeat_use_polling keyword.
* Fix a typo for healthchecker.
* fix syslog message if bogous vrrp packet (wrong auth type)
* manpage update.
Release 1.2.2 | IPv6 Ready
* IPv6 : extended autoconf script to support libnl detection.
  IPv6 IPVS kernel subsystem is reachable through
  generic netlink configuration interface.
* IPv6 : Enhanced libipvs-2.6 to support generic netlink
  configuration interface. If generic netlink is
  available with kernel then it will be the
  prefered path to configure IPVS.
* IPv6 : Enhanced the whole checker API to use
* IPv6 : Enhanced the whole core framework to use
* IPv6 : Enhanced all checkers to use sockaddr_storage.
* fixed a long time pending issue in all checkers. If
  first connection attempt to remote peer was failing
  no more check was performed to service... Up on error
  connecting remote peer simply register a new timer for
  next check. This is specially needed in IPv6 context
  where a unreachable host can be reached at delayed time.
* code clean-up: revisited the code to use more POSIX
  compliant declaration. thread typedef to use thread_t
  instead. revisisted checker framework to use POSIX typdef
Release 1.2.1 | Bugfixes
* Vincent Bernat <bernat <at>> :
  VRRP: Fix incorrect computation for packet size
* Vincent Bernat <bernat <at>> :
  VRRP: handle passwords up to 8 characters
* Vincent Bernat <bernat <at>> :
  When updating weight, check quorum state.
  MISC check can update the weight of a real server. This
  can lead to a change in quorum state.
  We factor out quorum handling from perform_svr_state()
  into a new function update_quorum_state() that will check if
  the quorum state changed and if yes, update sorry server status,
  exec quorum commands and add back or remove alive real servers
  (with existing function perform_quorum_state()).
  This patch is mostly cut'n'paste and adding a call to
  update_quorum_state() in update_svr_wgt(). We also make
  perform_svr_state() and update_quorum_state() almost symmetric.
* Vincent Bernat <bernat <at>> :
  Fix an infinite loop in master transition with sync groups.
  This patch is from Arjan Filius. See:
  When transitioning to master state, keepalived might try to
  force transition to master state of other VRRP instances into
  the same group before their transition is complete. This leads
  to an infinite loop with huge VRRP trafic.
* Vincent Bernat <bernat <at>> :
  VRRP : Use VRRP_PRIO_DFL instead of 100 for default priority.
* Vincent Bernat <bernat <at>> :
  Use netpacket/packet.h instead of linux/if_packet.h to get
  linux/if_packet.h pulls linux/types.h that should not be used
  by a userland program since types defined here can conflict
  with stdint.h. We use netpacket/packet.h which is a GNU LibC
* Vincent Bernat <bernat <at>> :
  Keep current weight on reload when initial weight is not
  Weight can be changed by MISC_CHECK when using dynamic option.
  In case of reload, the change is lost until the script runs
  again. We record the initial weight in a separate variable and
  use it to check if a real server has changed instead of using
  the actual weight.
* Vincent Bernat <bernat <at>> :
  VRRP : disabled scripts and initially good scripts should be
  considered as OK.
  When a script is not weighted, its failure will lead to a
  failure of the associated VRRP instance. However, disabled
  script and scripts that are initially good (after a reload)
  should be considered as successful and not make the instance
  fail.  Moreover, a disabled script should not be used when
  computing script weights.
* Vincent Bernat <bernat <at>> :
  VRRP : more informative message when disabling a script due
  to use of weights.
  When using a weight for a tracked script, the script is
  disabled.  However, the warning message said that the weight
  was ignored. We change the message to tell that the script is
  ignored. Moreover, we don't change its weight since it can be
  used in another instance, not in a SYNC group.
* Vincent Bernat <bernat <at>> :
  check : include missing virtual server group name in a log
* Vincent Bernat <bernat <at>> :
  configure: add a check for ETHERTYPE_IPV6.
  ETHERTYPE_IPV6 defined in net/ethernet.h is pretty recent.
  If absent, we hard-code the value into CFLAGS. This patch
  requires regeneration of configure.
* Vincent Bernat <bernat <at>> :
  check : update server weight in IPVS only if server is alive
  and in the pool.
  With inhibit_on_failure, a server can be in the pool and not
  alive. We don't want to set the weight of an inhibited server
  or a server in a virtual server whose qorum is not met yet.
* Vincent Bernat <bernat <at>> :
  check: really add back inhibited server when quorum is gained
  A previous change contained an erroneous check to add back
  alive servers when quorum state was gained. This check was
  incompatible with inhibit_on_failure. When servers were added
  back in the pool, the weight was not updated accordingly.
* Vincent Bernat <bernat <at>> :
  check : update server weight despite quorum when no sorry
  In absence of a sorry server, the logic is to not use quorum
  except to run commands when quorum is gained or lost. This
  means that if a MISC check modifies the weight of a server
  and there is no sorry server, we do not consider quorum.
Release 1.2.0 | VRRP IPv6 Release
* Branch 1.2.0 created. This branch will host all new
  developments on Keepalived. New code will be added
  in here only.
* VRRP : Add support to IPv6 protocol. The global framework
  has been extended to support this branch new family !
* VRRP : Implement IPv6 Neighbour Discovery protocol (NDISC).
  In IPv6 gratuitous ARP doesnt exist since ARP is IPv4 only.
  NDISC can provide the same feature by sending so called
  Unsolicited Neighbour Advertisement. A node can send such a
  protocol datagram in order to (unreliable) propagate new
  information quickly (rfc4861.4.4). NDISC build an ICMPv6
  message with taget link-layer address option, this option is
  set icmp6_override flag to indicate that advertisement should
  override an existing cache entry and update the cached
* VRRP : Extend ip address framework to be IPv4 and IPv6
  independant. An ip address, as defined in framework, is
  now {IPv4,broadcast} or {IPv6}. Use struct ifaddrmsg to
  store and prepare netlink related operation. This clean-
  -up the code.
* VRRP : Extend parser to support IPv6 declarations. IPv6
  and IPv4 addresses can be configured inside the same
  configuration block (eg: virtual_ipaddress or
  virtual_ipaddress_excluded). An instance can run IPv4 and
  IPv6 addresses at a time, this can be useful in dual-stack
  env (since this will become certainly the most common use
  case in the next years).
* VRRP : Extend netlink framwork to support IPv6 addresses
  interactions (reflection/addition/deletion).
* VRRP : Extend finite state machine support IPv4 & IPv6
  at a time.
* VRRP : Extend protocol helpers to support IPv6 multicast
  related. AF_INET6 SOCK_RAW tweaking it done through
  socket API instead of PF_PACKET header building... This
  makes code cleaner.
* VRRP : Set default VRRP instance protocol to be IPv4.
  you can use configuration keyword "native_ipv6" inside
  vrrp_instance configuration block to specify that you
  want to use IPv6 for VRRP multicasting protocol instead.
* VRRP : Extend socket option related helpers to support
  IPv6 specifics.
* VRRP : Extend protocol scheduler and dispatcher to
  support IPv6.
* VRRP : Extend socket pool to keep track of socket
* VRRP : Cleanup protocol offset pointer by removing
  duplication code...
* VRRP : some code clean-up...
Release 1.1.20 | Bugfixes
* Vincent Bernat <bernat <at>> extended ip/route
  framework to be able to add route or ip address if they
  already exist.
* Vincent Bernat <bernat <at>> fixed broadcast
  address display.
* Vincent Bernat <bernat <at>> extended genhash to
  display an error when giving an incorrect IP address.
* Vincent Bernat <bernat <at>> When parsing
  "blackhole" route, also parse IP mask.
* Vincent Bernat <bernat <at>>
  On reload, destroy signal pipes before recreating them.
* Vincent Bernat <bernat <at>>
  Fix SMTP checker adding himself repeatedly in the list of
  failed checkers.
* Vincent Bernat <bernat <at>>
  Handle non-existant default interface in VIP definition.
* Vincent Bernat <bernat <at>>
  Remove alive real servers when quorum is lost.
* Vincent Bernat <bernat <at>>
  Fix a segfault when a virtual_server is empty.
* Vincent Bernat <bernat <at>>
  Add real servers to new member of a virtual server group
  on reload.
* Vincent Bernat <bernat <at>>
  Keep previous effective VRRP priority on reload.
* Vincent Bernat <bernat <at>>
  Fix VRRP script not running any more after reload.
* Vincent Bernat <bernat <at>>
  On reload, keep status for all VRRP scripts.
* Removed IPVS Kernel 2.2 support
Release 1.1.19 | Bugfixes
* Cosmetics changes.
* Vincent Bernat <bernat <at>> fix a segfault
  when there is no real server for a virtual server.
* Vincent Bernat <bernat <at>> Willy Tarreau
  and I finally fixed SIGCHLD handling upon reload.
* Vincent Bernat <bernat <at>> fix VS_ISEQ macro.
* VRRP : Kimitoshi Takahashi <ktaka <at>>
  fixed nopreempt from FAULT state. The owner of higher
  priority in FAULT state shouldn't preempt current MASTER
  when it's recovering, if the nopreempt option is set.
Release 1.1.18 | Bugfixes
* Fixed compilation warnings
* Updated autoconf kernel version detection. Created a new
  configuration option to force kernel versioni selection.
  This option can be useful for crosscompilation:
* Updated media link failure detection strategy. Kernel
  linkwatch has been around for long time so set it as
  default strategy. Alternatively you can choose to use
  MII BSMR polling strategy by adding new keyword
  'vrrp_linkbeat_use_polling' in your configuration file.
* Vincent Bernat <bernat <at>> fixed ip_vs.h includes.
* Removed vrrp_running and check_running test since it is
  already performed by keepalived_running.
* Properly handle father pidfile handling.
* fixed reload handler to properly print out PID.
* Willy and I fixed a signal handling issue while reloading
  daemon. A dereferencing master thread issue leading to a
  segfault, so that reload was seen as a restart because it
  was respawned by keepalived father process.
* Willy fixed a missing UNSET_RELOAD declaration leading to
  a potential infinite loop while performing reload.
* Vincent Bernat <bernat <at>> fixed initial value
  of quorum state on startup and reload. Fixed sorry server
  removal to consider quorum state.
* VRRP : Add missing notify calls while entering FAULT state.
* VRRP : Willy added support to delayed script check launch
  (up and down). It defines "rise" and "fall" keywords. "fall"
  defines the required number of failures to switch in KO mode,
  "rise" defines the number of sucesses to switch in OK mode.
* VRRP : Fixed an IP_DROP_MEMBERSHIP issue while performing
  reload. vrrp socket pool is released at first.
Release 1.1.17 | Bugfixes
* Fixed low-level scheduler timer computation to take care to
  monothonic computation. Select returns if timer is null!
* VRRP : Fixed vrrp script initialization to use event thread
  instead of timer thread so that script no longer need to
  wait until first polling timer fired.
* VRRP : Willy and I fixed MII media link failure detection
  to test SIOCGMIIREG call before fetching BMSR.
* VRRP : Resurected VRRP_STATE_GOTO_FAULT. This state is
  really needed to speed-up convergence and prevent against
  any issue while using vrrp_sync_group.
Release 1.1.16 | Bugfixes
* Code clean-up.
* Stefan Rompf, <stefan at> extended scheduler to
  synchronize signal handling by sending the signal number through
  a self pipe, making signals select()able. Child reaping has been
  moved to a simple signal synchronous signal handler. Signal
  shutdown handling has been centralized.
* Denis Ovsienko, <pilot at> extended healthchecker
  framework to support alpha/omega design. It provides virtual
  service control in a more fine-graned maner. You may have a
  look to the SYNOPSIS file to have full picture on configation.
  It addresses the following issues :
  - A virtual service is considered up even with an empty RS pool.
  - There is no reliable mean to avoid service regression, when
    the server pool becomes too small.
  - There is no mean to escalate any of the above fault/recovery
  - Real servers are assumed alive initially. This leads to
    unnecessary state flap on keepalived start.
  - notify_down isn't executed for working real servers on
    keepalived shutdown.
  - There is no reliable mean to handle keepalived stop to move
    the virtual service over another load balancer.
* Stephan Mayr, <Mayr.Stefan at> fixed default value for
  checker loop... a missing TIMER_HZ.
* Merge keepalived.init.suse.
* Robin Garner, <robin.garner at> added support to
  --log-console facility.
* Tobias Klausmann, <klausman at> fixed an openfile
  leak while performing reload.
* Leo Baltus, <Leo.Baltus at> extended pidfile handling
  to allow keepalived to start using configurated pidfile.
* VRRP : Siim Poder, <siim at> fixed IPSEC AH auth
  to skip IPv4 id field of zero. If zeroed kernel will fill it
  and lead to an unwanted protocol re-election.
* VRRP : Siim Poder, <siim at> fixed reloading issue.
  New ip addresses are added (from configuration). State is kept
  instead of starting from whatever is in configuration file.
  If prios are changed in such a way, state change can occur after
* VRRP : Vincent Bernat, <bernat at> extended virtual_route
  to support virtual "black hole" route as well as multihop route.
* VRRP : Stig Thormodsrud, <stig at> fixed a crash while
  using virtual_router_id set to 255.
* VRRP: Jon DeVree, <jadevree at> fixed arp handling to
  to initialize the target hardware address, using 0xff as found
  in arping. Let scripts work without dealing with weight, if the
  script fails, VRRP fails.
* VRRP : Pierre-Yves Ritschard, <pierre-yves at> removed
  the GOTO_FAULT state from FSM.
* VRRP : Willy Tarreau, <w at> fixed link detection handling
  to support right ioctl values for recent kernel ! It can lead
  to issue while running instance on a bonding interface.
* VRRP : Willy Tarreau, <w at> extended scheduler to catch
  time drift. It implements an internal monotonic clock. It
  maintains an offset between sysclock and monotonic clock, if
  computed time if anterior to monotonic time then just update
  offset. If time computed if fare away into the future then
  limit delay and recompute offset.
* VRRP : Willy Tarreau, <w at> fixed autoconf issues.
Release 1.1.15 | Bugfixes
* Matthias Saou, <matthias at> fixed genhash
  Makefile for man page installation.
* Casey Zacek, <keepalived at> provided a patch
  to check_http to remove buffer minimization while processing
  stream. It appears some webserver cause healthchecker crash.
* Chris Marchesi, <chris.marchesi at> provided
  a patch for better handling of SSL handshake errors.
* Shinji Tanaka, <stanaka at> fixed parser "include" 
  directive to support declaration inside configuration directives,
  like including file inside vrrp_instance declaration.
* Andreas Kotes, <count at> fixed HTTP healthchecker
  while handling MD5SUM result. It appears checker never removed
  realserver on MD5SUM mismatch !!! whats that crap.
* VRRP : Willy Tarreau, <w at> fixed a missing notifications
  upon transition from fault to backup.
* VRRP : Add support to route metric in virtual_routes definition.
Release 1.1.14 | Enhancements
* Shinji Tanaka, <stanaka at> extended parsing
  framework to support "include" directives. For more
  informations and documentation please refer to  Shinji website
* Tobias Klausmann, <klausman at> add error loggin
  while parsing configuration file.
* Merged patches from on Makefile and redhat specfile.
* Create a goodies directory to store nice scripts received from
  users. Add Steve Milton <milton AT> arpreset script
  to delete a single ARP entry from a CISCO router.
* VRRP : David Woodhouse, <dwmw2 at> fixed vrrp_arp
* VRRP : Pierre-Yves Ritschard, <pyr at> fixed negative
  weights in script.
* VRRP : Michael Smith, <msmith at> extended
  virtual_ipaddress setting to support Old-style Linux interface
  aliases like eth0:1.
* VRRP : Ward Wouts, <ward.wouts at> add support to
  vrrp_script logging.
Release 1.1.13 | Enhancements
* VRRP : Added a new notify script to be launch during vrrp
  instances shutdown. This new notify hook is configured
  using notify_stop keyword inside vrrp_instance block.
* VRRP : Willy Tarreau <w at> fixed an errno issue in
  thread_fetch(), errno is lost during set_time_now(). This
  patch saves it across the call to set_time_now() in order
  to get the valid error.
* VRRP : Willy Tarreau <w at> extended timer framework
  to save errno in timer_now() and set_time_now() just in
  case other functions do not expect these functions to modify
  it. This is a safer approach than the initial patch to
  thread_fetch(), while still compatible.
* VRRP : Willy Tarreau <w at> fixed an FSM silent issue.
  By default, the VRRP daemon stops sending during new MASTER
  elections. This causes 3 to 4 seconds of silence depending on
  the local priority, and sometimes causes flapping when the
  differences in priorities are very low, due to the kernel timer's
  resolution : sometimes, the old master receives a first
  advertisement, enters backup, waits 3 seconds, sees nothing and
  finally becomes master again, which forces a new reelection on
  the other one.
* VRRP : Willy Tarreau <w at> extended VRRP framework to
  support floating priority. Replace the priority in each
  vrrp_instance with a base priority and an effective priority,
  to prepare the support for floating priorities. The configuration
  sets the base_priority, and all comparisons use the new
  effective_priority value. This one is computed in the
  vrrp_update_priority() thread by adding an offset to base_priority,
  based on the result of various checks.
* VRRP : Willy Tarreau <w at> extended notify script to add
  the priority in "$4" when calling a notify script. This is
  important in labs and datacenters when systems can display the
  priority on a front LCD, because it allows workers to carefully
  operate without causing unexpected reelections.
* VRRP : Willy Tarreau <w at> extended interface tracking
  framework to let interface tracking change the priority by adding
  a "weight" parameter. If the weight is positive, it will be added
  to the priority when the interface is UP. If the weight is negative,
  it will be subtracted from the priority when the interface is down.
  If the weight is zero (default), a down interface will switch the
  instance to the FAULT state.
* VRRP : Willy Tarreau <w at> added a new "vrrp_script" section
  to monitor local processes or do any type of local processing to
  decide whether the machine is in good enough health to be elected
  as master. A same script will be run once for all instances which
  monitor it. If no instance use it, it will not be run, so that it's
  safe to declare a lot of useful scripts. A weight is associated to
  the script result. If the weight is positive, it will be added to
  the priority when the result is OK (exit 0). If the weight is
  negative, it will be subtracted from the priority when the result
  is KO (exit != 0). If the weight is zero, the script will not be
  monitored. The default value is 2.
* VRRP : Willy Tarreau <w at> extended vrrp scheduler so that
  when a VRRP is part of a SYNC group, it must not use floating
  priorities, otherwise this may lead to infinite re-election after
  every advertisement because some VRRPs will announce higher prios
  than the peer, while others will announce lower prios. The solution
  is to set all weights to 0 to enable standard interface tracking,
  and to disable the update prio thread if VRRP SYNC is enabled on a
* VRRP : Willy Tarreau <w at> added some documentation and
  examples for the brand new VRRP tracking mechanisms.
* VRRP : Ranko Zivojnovic, <ranko at> fixed vrrp
  scheduler to execute notify* scripts in transition from the
  failed state to the backup state.
* Nick Couchman, <nick.couchman at>, added support for
  real server upper and lower thresholds.  This allows you to set
  a minimum and maximum number of connections to each real server
  using the "uthreshold" (maximum) and "lthreshold" (minimum)
  options in the real_server section of the configuration file.
* Chris Caputo, <ccaputo at> extended autoconf script
  to support recent move of UTS_RELEASE from linux/version.h to
* Chris Caputo, <ccaputo at> extended ipvswrapper 2.4
  code to support misc_dynamic weight.
Release 1.1.12 | Bugfixes
* VRRP : Christophe Varoqui, <Christophe.Varoqui<at>> extended
  VRRP framework to use virtual_router_id as syncid in LVS mcast
  datagram while using LVS syncd in VRRP instance.
* Kevin Lindsay, <kevinl<at>> and Christophe Varoqui,
  <Christophe.Varoqui<at>> fixed SSL checker to properly
  use openssl when dealing with asynchronous stream handling.
  Kevin fixed asynchronous handling during connection stage
  while Christophe fixed stream handling after connection stage.
* Kjetil Torgrim Homme, <kjetilho<at>> extended keepalived
  spec file to cleanly compile on RedHat enterprise 3 and 4.
* Heinz Knutzen, <Heinz.Knutzen<at>> fixed SMTP checker
  to overwrite default_host while parsing configuration file.
  A SMTP_CHECK without a "host" section should use the ip of the
  current real server as default.
Release 1.1.11 | Bugfixes
* VRRP : extended ipaddress and iproutes code to return
  if vip or vroutes is referencing an unknown interface.
* Kevin Lindsay, <kevinl <at> netnation <dot> com> and I fixed a
  missing bitwise negation while removing signal from
  global signal mask. Set this operation before handler
  is called. This assume that bitwise negation is an
  atomic code generated from compiler. Since gcc 3.3
  this is true.
* Asier Llano Palacios, <a <dot> llano <at> usyscom <dot> com> extended
  autoconf script to support cross-compilation.
Release 1.1.10 | Bugfixes
* VRRP : While restoring interface, release iproutes
  before ipaddresses. Routing daemons needs that order
  for netlink reflection channel.
* VRRP : Bin Guo, <bguo<at>bluesocket<dot>com> fixed a memory
  leak while calling script_open.
* Kevin Lindsay, <kevinl <at> netnation <dot> com> fixed some buffer
  overruns, NULL pointer and dangling pointer references.
* Kevin Lindsay, <kevinl <at> netnation <dot> com> redisigned signal
  handling. When a signal occurs, a global signal_mask is
  modified. In the main loop there is a checked to see if
  the signal_mask has any pending signals. The appropriate
  signal handler is then run at this time. This is to prevent
  races when modifying linked lists.
* Kevin Lindsay, <kevinl <at> netnation <dot> com> fixed shadowed
* Christophe Varoqui, <Christophe<dot>Varoqui<at>free<dot>fr> and I
  Extended libipvs-2.6 to support syncd zombies handling.
  Since ip_vs_sync.c kernel code no longer handle waitpid()
  we fork a child before any ipvs syncd operation in order
  to workaround zombies generation.
* John Ferlito, <johnf<at>inodes<dot>org> and I Fixed a scheduling
  race condition while working with low timers.
* Updated check_http and check_ssl to use non-blocking
* Fixed some race conditions while reloading configuration.
  Prevent against list gardening if list is empty !
* Fixed recursive configuration parsing function to be clean
  with stack. Only one recursion level.
* Some cosmetics cleanup in Makefiles.
Release 1.1.9 | Bugfixes
* VRRP : Chris Caputo, <ccaputo <at> alt <dot> net> updated keepalvied
  manpage for nopreemept and preempt_delay.
* VRRP : Fixed an issue while releasing vrrp socket pool... Just
  release pool one time !
* VRRP : Fixed netlink framework to properly save netlink socket flags
  while setting blocking flags.
* VRRP : Fixed a regression introduced with previous release while
  hashing vrrp fd bucket into fd hash index.
* Patrick Boutilier, <boutilpj <at> ednet <dot> <ns> ca> fixed an issue in the
  extract_html function. Read the full html header.
* Chris Caputo, <ccaputo <at> alt <dot> net> and I fixed compilation issue
  while using --enable-debug configuration option.
* Extended both VRRP and Healthchecker framework to support
  debugging flags.
* Removed the watchdog framework. Since scheduling framework
  support child, we register a child thread for both process
  VRRP and Healthcheck. When child die or stop prematuraly this
  launch scheduling callback previously registered. Watchdog
  is now handled by signaling.
  (credit goes to Kevin Lindsay, <kevinl <at> netnation <dot> com> for nice
* Some cosmetics cleanup.
Release 1.1.8 | Enhancements
* VRRP : Chris Caputo, <ccaputo <at> alt <dot> net> added "dont_track_primary"
  vrrp_instance keyword which tells keepalived to ignore VRRP
  interface faults. Can be useful on setup where two routers
  are connected directly to each other on the interface used
  for VRRP. Without this feature the link down caused
  by one router crashing would also inspire the other router to lose
 (or not gain) MASTER state, since it was also tracking link status.
* VRRP : Chris Caputo, <ccaputo <at> alt <dot> net> added "nopreempt" which
  overrides the VRRP RFC preemption default. This replaces the
  "preempt" keyword which was not fully implemented. "preempt" is
  kept around for backward compatibility but is deprecated.
* VRRP : Chris Caputo, <ccaputo <at> alt <dot> net> added "preempt_delay" which
  allows one to specify number of seconds after startup until VRRP
  preemption. (range 0 to 1,000 seconds) this is useful because
  sometimes when a machine recovers it takes a while for it to become
  usable, such as when it is a router and BGP sessions need to come
  back up.
* Chris Caputo, <ccaputo <at> alt <dot> net> made it so there is a useful "Date:"
  in SMTP alert emails.
* VRRP : Chris Caputo, <ccaputo <at> alt <dot> net>. In debug output log
  gratuitous ARPs with actual IP addresses being ARPed.
* VRRP : Chris Caputo, <ccaputo <at> alt <dot> net>. If started with
  "--dont-release-vrrp" then try to remove addresses even if we didn't
  add them during the current run, when it makes sense to do so.
* VRRP : Chris Caputo, <ccaputo <at> alt <dot> net> added a missing
  free_vrrp_buffer() during VRRP stop.
* VRRP : Kees Bos, <k.bos <at> zx <dot> nl> fixed VRRP sanity check to perform
  checksum computation over incoming packet and not local router
  instance memory representation => Better to log 'invalid vip
  count' instead of 'Invalid vrrp checksum' when the number of
  configured vips differ in the master and backup server :)
* VRRP : Release socket pool during daemon stop and reload
* VRRP : Refresh socket pool during reload
* VRRP : Extended netlink framework to support blocking
  operation. During initialization, set blocking netlink channel
  to wait responses from kernel while parsing result. Kernel netlink
  reflection are still handled using non-blocking.
* Jeremy Rumpf, <rumpf.6 <at> osu <dot> edu> added SMTP checker. It take
  a special care of smtp server return code.
* Merged genhash man page
* Chris Caputo, <ccaputo <at> alt <dot> net> added "misc_dynamic" to a
  MISC_CHECK which makes it so a script can adjust the weight of
  a real server.
* Fixed some assertion issue in memory framework.
* Use router_id instead of lvs_id in the global_def configuration
  block (lvs_id kept for backward compatibility).
* Ronald Wahl <rwa <at> peppercon <dot> com>, fixed declarations to be only
  in includes files.
* Ronald Wahl <rwa <at> peppercon <dot> com>, moved the definition of variables
 to C files
* Ronald Wahl <rwa <at> peppercon <dot> com> and I fixed scanning for header/body
  separator in HTTP protocol
* Ronald Wahl <rwa <at> peppercon <dot> com> replaced memcpy by memmove where source
  & destination may overlap
* Extended checker API to only register checkers when checker callback
  is defined.
* Jacob Rief, <jacob.rief <at> tiscover <dot> com> fixed openlog to take care
  of configured log facility.
* Move in_csum to util file.
* Extended libraries to support some new facilities (list and vector).
* Extended scheduler I/O to use timer decalred on the stack.
* Some cosmetics changes.

Release 1.1.7 | Minor Bug Fixes
* Jacob Rief, <jacob.rief <at> tiscover <dot> com> added target tarball into
root Makefile to facilitate packaging (rpm & tarball).
* Jacob Rief, <jacob.rief <at> tiscover <dot> com> and I unified version
handling. Now only the root file VERSION is used by configure
included into the VERSION_STRING that reflect the building
date into the version banner.
* Andres Salomon, <dilinger <at> voxel <dot> net> wrote the genhash manpage.
* VRRP : Added ipvs_start() and ipvs_stop() calls during vrrp child
start and stop stage.
* Added some assertion test in memory framework to not allocate
bucket if no more place. This option is only used if compiled
with debug flags.
* Some cosmetics patch in Makefiles and autoconf script.
Release 1.1.6 | Bug Fixes
* VRRP : Fixed scheduling timer update. Global scheduling timer is
updated before each thread registering and after scheduling I/O MUX.
Since is needed to take care of scheduling jitter introduced by
overhead (VRRP is using low low timer so more sensitive to overhead).
Thanks to Nathan Neulinger, <nneul <at> umr <dot> edu> for his quick feedback
debugging time.
* VRRP : Nathan Neulinger, <nneul <at> umr <dot> edu> updated vrrp dropping
strategy to not reply to incoming bogus adverts. Since this can
introduce flooding loop, bogus adverts are now simply silently
* VRRP : Fixed a linkbeat issue while polling NIC flags.
* Updated autoconf and Makefile to support 2.6 kernel IPVS code. For
code readability, created 2 differents libipvs for 2.4 and 2.6 kernel
. Fixed autoconf generated warning.
* Extended ipvswrapper to support shared buffer user rule. This
increase performances by limiting memory allocation. OTOH, created
two new ipvs helpers ipvs_start & ipvs_stop to initialize ipvs
* Andres Salomon, <dilinger <at> voxel <dot> net> made some cosmetics update
in Makefiles to support $(DESTDIR) and $(BIN)/$(EXEC) path split.
Release 1.1.5 | Enhancements
* Joseph Mack, <mack <dot> joseph <at> epa <dot> gov> wrote
  keeplived manpages in doc/man/man5/keepalived.conf.5 and
* VRRP : Tsuji Akira, <tsuji <at> centurysys <dot> co <dot> jp> fixed a length issue while testing password field for auth_pass method.
* VRRP : Willy Tarreau, <willy <at> w <dot> ods <dot> org> fixed a quick loop in the watchdog timer thread.
* VRRP : Willy Tarreau, <willy <at> w <dot> ods <dot> org> extended scheduler to support stable scheduling time. There is now, only one time source updated before and after scheduling event. This
solve sliding timer observed on some env, also known as
periodically flapping issue (sometime a VRRP election is
* VRRP : Willy Tarreau, <willy <at> w <dot> ods <dot> org> updated the default media link failure detection strategy to perform a ioctl ifflags even if NIC driver are supporting MII or ETHTOOL. Some buggy drivers need this. Anyway the linkwatch patch still the best solution to support efficient and scalable media link failure detection.
* Some cosmetics clean-up, removed some dead files, updated
autoconf and Makefile prototypes to support dependencies
libs like kerberos for RedHat/Fedora distro. To compile
keepalived properly on redhat 9 box, for example, run :
CPPFLAGS="-I/usr/kerberos/include" && ./configure
Renamed keywords lb_kind to lvs_method and ld_algo to
lvs_sched. For compatibility reasons, old keywords are still
Release 1.1.4 | Enhancements
* Refresh autoconf script to use autoconf 2.5.
* Extended the autoconf script to support linkwatch kernel
* To work-around the SMP forking bug, added support to two
  new daemon starting options :
  --vrrp               -P    Only run with VRRP subsystem.
  --check              -C    Only run with Health-checker
  Those options extend daemon design to support VRRP &
  heathchecking subsystem selection. You can now run
  two Keepalived daemon one invoqued with --vrrp and
  the other with --check. That way we workaround the
  forking issue by running one daemon per subsystem.
* Tiddy cleanup in the daemon code.
* VRRP : Extended the link media failure detection to support
  asynchronous NIC MII polling. The design use now, one
  dedicated polling thread per NIC. This reduce scheduling
  jitter by this way.
* VRRP : Added support to kernel linkwatch subsystem. This
  patch that you will find a copy on the Keepalived website
  for the kernel 2.4 branch, provides kernel netlink broadcast
  events drived by NIC link media state event. That way
  we move from a polling design to an event design. Link
  events are received throught a kernel netlink broadcast
  socket in the userspace land. So, NIC media link failure
  detection is now provided by kernel netlink reflection.
  You can read the paper attached with the patch for
  indepth explanations.
* VRRP : fixed timer computation to prevent against negative
Release 1.1.3 | Enhancements
* Stephan von Krawczynski, <skraw <at> ithnet <dot> com> extended
  ip address framework to support broadcast address selection.
* Extended the scheduling framework to support plain 'long'
timer. Visited the layer4 framework to support this new
scheduling scheme. Reviewed the checkers and VRRP framework
to support long timer.
* VRRP : Removed the timer micro adjust call. Its use is
obsolete with the new scheduling 'long' timer support.
* Jacob Rief, <> and I added support
log level selection for main daemon. A new command line
argument has been created :
--log-facility -S 0-7 Set syslog facility to
LOG_LOCAL[0-7]. (default=LOG_DAEMON)
* Extended the HTTP checker to support non blocking read
while processing stream. NONBLOCK flags is set before
read operation to catch EAGAIN error.
* VRRP : Diego Rivera, <lrivera <at> racsa <dot> co <dot> cr> and I fixed a notify issue while building notify exec string.
* VRRP : Diego Rivera, <lrivera <at> racsa <dot> co <dot> cr> and I extended FSM to support BACKUP state notifiers and smtp_alert call during VRRP initialization.
* Jan Vanhercke, <jan <dot> vanhercke <at> c <dash> cure <dot> be> and I extended scheduling timer computation to support micro-sec second overlap. Extended the whole scheduling framework to support
this scheduling scheme while computing thread timers.
* Fixed scheduling framework to support child thread timers
while computing global scheduling timer.
Release 1.1.2 | Enhancements
* Dominik Vogt, <dominik.vogt <at>> and I extended checker
  framework to support multiple checkers per realserver.
  Each checker own a uniq id, each realserver own a list
  of checkers id. Realserver is considered down if one of the
  checkers fails.
* Dominik Vogt, <dominik.vogt <at>> extended list library to
  support free_list_element.
* Dominik Vogt, <dominik.vogt <at>> and I extended ipwrapper
  to support multiple checkers test. Created a checker state
  updater helper function to perform realserver state according
  to checker state.
* Dominik Vogt, <dominik.vogt <at>> extended all checkers
  code to support multiple checker design (to not perform
  server state according a single checkers test).
* Tobias Klausmann, <klausman <at>> and I extended
  layer4 framework to support socket binding to a specific
  ip address before calling connect(). Extended the TCP, HTTP
  and SSL checker to support binding selection, creating
  a new checker keyword named "bindto".
  look at doc/keepalived.conf.SYNOPSIS for more informations.
* VRRP : Extended the ethtool code to be selected only if
  ETHTOOL_GLINK is available. This is useful for s/390 zSeries
  users :) since zSerie 2.4 kernel doesn't support ethtool
* VRRP : Gatis Peisenieks, <gatis <at>> fixed IPSEC-AH
  code to exclude ip header id filed while computing AH digest.
  Fixed AH sequence number to be set in network byte order.
* VRRP : Fixed a bug in the static_ipaddress block that caused
  a noisy crashing startup.
* VRRP : Kjetil Torgrim Homme, <kjetilho <at>> and I
  fixed a daemon crash while reloading configuration due to a
  vrrp_buffer not freed.
* VRRP : Review the watchdog calling location. watchdog listener
  is reinitialized during a daemon reload.
* VRRP : Diego Rivera, <lrivera <at>> extended notify
  framework to support simple notify script call. Created a new
  keyword "notify", for both vrrp_instance and vrrp_sync_group.
  If configured, this notify script is called after FSM state
  transition notify scripts.
  look at doc/keepalived.conf.SYNOPSIS for more informations.
* Review the checker watchdog calling location like VRRP.
* Fixed code selection to exclude VRRP dependencies if code is
  configured without VRRP framework.
* Extended memory lib free function to reset memory location to
* Diego Rivera, <lrivera <at>> extended global parser
  to support default handlers for lvs_id, smtp_server,
  smtp_connection_timeout and email_from. default values are :
   o lvs_id : box local name
   o smtp_server : localhost
   o email_from : uid@box_local_name
   o smtp_connection_timeout : 30s
Release 1.1.1 | Bug fixes
* VRRP : Fixed an issue while reloading configuration. Fixed 
a dereferencing pointer.
* Fixed misc checker to perform server state according to
checker result !!!
Release 1.1.0 | High Performance
* The release focus is : "High Performance"
* Name cleanup for the healthchecking directory. use check
instead of healthcheck to be in conformance with watchdog and
global software architecture.
* updated the SYNOPSIS file for documenting the table arg inside
virtual/static_routes declaration. You can set routes refering
to a specific TABLE-ID.
* Added a dummy debug var in the genhash declaration code to
support compilation when compilation is done with debug flag.
* Added a set flag inside the real_server declaration correctly
relfect the IPVS topology when inhibit_on_failure is used.
* fixed a daemon.h include depandency on signal.h
* VRRP : Added support to a global shared buffer for incoming
advert handling. A new buffer is no longer allocated each time
processing incoming advert, instead a shared room is used.
* VRRP : Added support to pre-allocated shared buffer for
outgoing adverts. Each vrrp instance use a 'one time'
allocated buffer instead of a 'all time' one.
* VRRP : Extended the socket pool design to support shared fd
for the outbound channel. Now, socket pool create a sending
socket and affect the fd returned to vrrp instances. This
forces instances to use a shared socket instead of creating
new socket for each outgoing adverts. The error detection
is based on the incoming socket, so that outgoing socket is
not created as long as incoming socket can not be created.
* Added support to netlink ipaddress as global keyword
look at doc/samples/keepalived.conf.static_ipaddress.
IP addresses specified into this block will be added during
daemon bootstrap and removed during daemon shutdown.
Differential conf parsing is enabled for this block,
removing/adding static_ipaddress can be done on the fly
sending SIGHUP signal to daemon.
* VRRP : Extended track_interface to support multiple interface
tracking. For those familiar with Nokia monitored circuit,
this extention provide the same functionality.
look at doc/samples/keepalived.conf.track_interface. * VRRP : The VRRP instance lookup framework has been extended
to use a o(1) scheduling design. Rewrote the whole instance
lookup to use o(1) lookup instead of previous o(n^2). When
receiving incoming adverts vrrp_scheduler performs a lookup
over the VRID received to get local instance representation.
Since the internal instance representation is an non-sorted
linked list, then we run a lookup at o(n^2) complexity that
introduce lantency and scheduling jitter side effect when
runing large number of instances. To avoid this limitation
a static hash table of 255 buckets were created. Since
lookup is performed over VRID and since VRID is 8bit fixed,
then the hashkey will be VRID. In order to extend code the
hashkey is based on incoming fd too. Internally, a NIC is
represented by a 2 fds : sending socket and receiving socket.
Those fds are NIC specific so we are using them as a hash
table lookup collision resolver. With this design we can now
use the same VRID on different NICs. The collision design
is a linked list so lookup is o(n^2) but due to low number
of entries we can consider o(1) speed. But to reach best
perf, differents VRID on all instance must be used. The
design can be sumed by :
  VRID hash table :
     | 1 | 2 | 3 | 4 | 5 | 6 |.........| 255 |
           |       |
         +---+   +---+
         |fd3|   |fd1|
         +---+   +---+
  This hash table is filled during configuration parsing and
  VRRP instances are not duplicated but dynamically pointed
  to optimize memory.
* VRRP : The VRRP synchronization group lookup has been
extended. During bootstrap a VRRP instance index is built upon
sync_group instance name. This extension speed up
synchronization since while synchronizing it perfoms the
instance index instead of lookup by instance_name. The
previous synchornization code has been rewritten to use this
'list visiting' design for FAULT/BACKUP/MASTER states
* VRRP : Optimized the vrrp_timer_vrid_timeout(...) to speed
up vrid lookup over timeouted fd using a one pass lookup.
* Bradley Baetz, <bradley.baetz <at>> extended
the scheduler framework to support child process handling.
Adding support to new thread child facility for handling
child processes, and modifying the scheduling select
loop & signal handling to catch SIGCHLD, and call the
appropriate process.
* Bradley Baetz, <bradley.baetz <at>> fixed
the misc_check healthchecker using new thread child
scheduling facility. Introduced a new keyword
"misc_timeout" to kill processes which take too long
time (default is delay_loop). SIGKILL is send to processes
if they take too long time to shutdown.
* Bradley Baetz, <bradley.baetz <at>> extended
daemon framework to block SIGCHLD to only receive it
whn its unblocked in the scheduling loop.
* Extended healthchecker delay_loop to support long
delay (ie: >1000s).
* VRRP : Added support to a shared kernel netlink command
channel for setting ip address and routes.
* Extended the genhash code to support verbose output
selection. command arg '-v' will generate a very verbose
* VRRP : Extended the logging code to select verbose log
output or not. This selection is done by passing the
'-D' option to command line while starting daemon.
By default the output is silent.
* VRRP : Extended the gratuitous ARP framework to support
shared buffer and shared socket. This increase performances
for instances owning a bunch of VIP.
* VRRP : Extended the scheduling timer computation to support
timer auto-recalibrating. While computing next instance
timer, the scheduler will substract the time taken by
previous advert handling. This provide software overhead
adaptation. The recalibration is performed over usec timer
to not pertube global scheduler.
* VRRP : Fixed a gratuitous ARP issue. Extended the
ipaddress framework to point directly to interface
reflected by netlink channel instead of storing device
index. Extended the gratuitous ARP code to use new
ipaddress structure and for sending garp over device
ipaddess belong to. Needed if you run an instance on
one device interface and set VRRP VIP on different
* Extended watchdog framework to support polling delay
selection via daemon command line. Created two new
cmdline options :
--wdog-vrrp -R Define VRRP watchdog polling
delay. (default=5s)
--wdog-check -H Define checkers watchdog
polling delay. (default=5s)
* Extended SMTP code to support bigger buffer while
processing remote mta messages.
* Erik Barker, <erikb <at>> extended initscript
to support native redhat init functions.
* Extended the autoconf scripts and Makefile(s) to support
code profiling. New configure option : --enable-profile
* list library has been extended to support multi-sized list &
specific element deletion. Extended to return when list is
empty. This reduce duplicated code to test is list is empty
while processing.
* VRRP : Extended VRRP scheduler to support fd hash
table design. Speed up instance lookup while
computing instance sands. This offer o(1) design
if we consider limited number of instances per
* VRRP : Extended vrrp new socket creation to replace
refreshed instance fd into fd hash table index.
* VRRP : Extended vrrp framework to support
blank virtual_ipaddress block, can be usefull
if someone want to use just the VRRP advert
as hello monitoring channel.
* Some code cleaning.
Release 1.0.3 | Enhancements
* This release has been sponsorized by :
Tiscover AG, <>
Please visit sponsor homepage. I would just like to thanks
their IT team for interresting design discussions and testing
time, especially Jacob Rief.
* This release consist of a major daemon re-design to increase
security and availability of Keepalived. The daemon has been
split into 3 distinct process. The global design is based
on a minimalistic parent process responsible for monitoring
its forked children process. Then 2 children process, one
responsible for VRRP framework and the other for
healthchecking. Each children process has its own scheduling
I/O multiplexer, that way VRRP scheduling jitter is optimized
since VRRP scheduling must be more sensible than
healthcheckers. On the other hand this split design
minimalize for healthchecking the usage of foreign librairies
and minimalize its own action down to and idle mainloop in
order to avoid malfunctions caused by itself. The parent
process monitoring framework has been called watchdog, the
design is : each children process open an accept unix domain
socket, then while daemon bootstrap, parent process connect to
those unix domain socket and send periodic (5s) hello packets
to children. If parent cannot send hello packet to remote
connected unix domain socket it simply restart children
process. This watchdog design offer 2 benefit, first of all
hello packets sent from parent process to remote connected
children is done throught I/O multiplexer scheduler that way
it can detect deadloop in the children scheduling framework.
The second benefit is brought by the uses of sysV signal to
detect dead children. When running you will see in process
list :
111 keepalived <-- parent process monitoring childs
112 \_ keepalived <-- VRRP children
113 \_ keepalived <-- Healthchecking children * Parent : Created a global data and global keyword parser
* Healthcheck framework : Defined check_conf_data to handle
related checker data structures. Created specific checker
framework parser.
* VRRP framework : Defined vrrp_conf_data to handle related vrrp
data structures. Created specific vrrp framework parser.
* Each child process has its own syslog facility. VRRP use
LOG_LOCAL1 and Healthchecker LOG_LOCAL2. To split log you can
so configure your syslog to log both facilities in a different logfile.
* Modularized the configuration parser to limit code duplication.
* Created modularized software watchdog.
* Extended the recursive stream parser to use sublevel detection
while stream processing. Used to skip end-of-block handling if
still at keyword root level to prevent against end parsing if
unknown block is parsed.
* Extended pidfile framework to be more generic.
* Extended memory framework to log specific child data.
* Fixed a virtual_server_group issue while healthchecker
bringing back real_servers. Modularized virtual_server_group
* Fixed a virtual_server_group issue will reloading
configuration. Remove vsgname test from the VS_ISEQ macro. strcmp(...) comparing null pointer... this must have been done in libc :)
* ipwrapper : set alive flag after ipvs_cmd(...) has been
* VRRP : Extended the netlink framework to support SCOPE
selection for both ipaddress and routes fonctionnalities.
SCOPE available are site, link, host, nowhere & global.
Default value is set to global.
look at doc/keepalived.conf.SYNOPSIS for more informations.
* Renamed doc/samples/keepalived.conf.routes to
* Updated Makefile include dependencies. * Vince Worthington created 'keepalived-lvs-nat-director-proxyarp-firewall-howto'
Release 1.0.2 | Enhancements
* This release has been sponsorized by :
edNET, <>
Please visit sponsor homepage and thanks to them for supporting
keepalived project.
* Added support to virtual_server_group so that a virtual_server
can be either an IP:PORT, a fwmark or group. A group is a set
of virtual_server IP:PORT, IP range and fwmark. So, now a
real_server can be part of multiple virtual_server without launching
multiple time the same healthchecker that finaly flood real_server.
This extension is useful for big ISP/ASP configuration using many
look at doc/samples/keepalived.conf.virtual_server_group.
* Extended differential configuration parser to support diff
virtual_server_group entries keeping current entry state as
persistent (weight, conn, ...) big work here...
* Added support to IP range declaration for virtual_server_group.
The IP range has the notation XXX.YYY.ZZZ.WWW-VVV. This will
set IPVS virtual_server from WWW to VVV monotonaly incremented by
look at doc/samples/keepalived.conf.virtual_server_group.
* Dominik Vogt, <dominik.vogt <at>> enhanced SIGCHLD handler to
reap all zombie child processes.
* Created a generic allocation value block with callback handler for
block parsing. This remove duplicated code in parser.
* VRRP : Jan Holmberg, <jan <at>> extended the virtual_routes
and static_routes to support source route selection (netlink
look at doc/samples/keepalived.conf.routes.
* Some cosmetics patches to reduce code duplication.
Release 1.0.1 | Enhancements
* This release has been sponsorized by :
  Creative Internet Techniques, <>
  Please visit sponsor homepage, open minded people here !
* Fixed some Makefile and autoconf code dependence issues.
* Move keepalived.conf.SYNOPSIS and samples into "doc" directory.
* Enhanced HTTP|SSL check to support large url. Get buffer request is
  now 2KBytes.
* Removed \n in healthchecker smtp_alert call. This cause some troubles
  with MTA like qmail. Thanks go to John Koyle, <jkoyle <at>>.
* Added support to netlink route as global keyword "static_routes".
  look at doc/samples/keepalived.conf.routes. Routes specified into
  this block will be added during daemon bootstrap and removed during
  daemon shutdown. Differential conf parsing is enabled for this block,
  removing/adding static_route can be done on the fly sending SIGHUP
  signal to daemon.
* VRRP : Added support to "virtual_routes". This is the same as
  virtual_address. Those routes are set when VRRP instance enter
  MASTER state and removed otherwise. Differential conf parsing is
  enabled for this block. This concept extend VRRP and bring
  dynamic routing as a "route takeover" concept.
* VRRP : Rewrote the VRRP vip handling to use template lib list
  structure. VIP and E-VIP are no longer a simple array reallocated.
  List library is used to limite code duplication.
* VRRP : Extended virtual_ipaddres and virtual_ipaddress_excluded
  block to support "dev" specification. So that a VIP can be set to
  a specific interface instead of default runing VRRP instance
* VRRP : Added support to "track_interface". Interesting for use with
  vlan interface. The concept here is to drive VRRP FSM according
  do both "interface" and "track_interface" state. If tracked interface
  is down or instance interface is down then VRRP instance transit to
  FAULT state. For use with vlan, add track to interface vlan belong
  to. Look at doc/sample/keepalived.conf.track_interface for sample.
  doc/keepalived.conf.SYNOPSIS for configuration details.
* VRRP : Extended FSM FAULT state to keep in fault if track_interface
  still fault.
* VRRP : Extended sync group design to test if group is unary or not.
* Some code cleaning and cosmetics enhancements.
Release 1.0.0 | STABLE RELEASE
* After fixed all bugs users reported during 2 months, I am glad to
announce the first STABLE production ready Keepalived release.
* Rename keepalived.init to keepalived RedHat startup script. Fixed
some issues to be RedHat release generic. Thanks go to
Jeroen Simonetti <jeroens <at>> & Jason Gilbert <jason <at>>
* Jason Gilbert, <jason <at>> cleaned keepalived.spec.
* Added support to "ha_suspend" for healthcheckers. This option, if set,
inform Keepalived to active/suspend checkers according to netlink
IP address information reflection. If one IP is removed and this is
a virtual_server VIP then the healthcheckers corresponding will be
desactivated. (and reciprocity).
* Added support to "notify_up" & "notify_down" for realserver config.
These options specify a script to be run according to healthchecker
activity. If healthchecking fails then "notify_down" script is
launched (and reciprocity for healthcheck succeed). This can be
usefull for global monitoring system, to send alert to Unicenter TNG
or HPOV.
* Set default realserver weight to 1. So, realserver will be active
if no weight is specified into the configuration file.
* Review the layer4.c/tcp_socket_state to return connection in progress
only if SOL_SOCKET/SO_ERROR return EINPROGRESS. Thanks go to
Mark Weaver, <mark <at>>
* Reviewed the global SIGCHLD handler to not suspend execution of the
calling process if status is not immediately available for one of the
child processes. This remove zombies by reaping.
* Extended the parser.c/set_value() code to accept encapsulated quoted
* Review SMTP DBG() message to LOG_INFO message for more verbose
error handling.
* Review the check_tcp.c/check_http.c logging messages to be more
* Review the check_tcp.c/check_http.c retry facility to fixes some
stalled issues.
* VRRP : Added support to sync_group smtp notification in addition to
the per instances approach.
* VRRP : Fixed some IPSEC-AH seq_num synchronizations issues. Force
seq_num sync if vrrp instance is linked to a group.
* VRRP : In BACKUP state, force a new MASTER election is received adv.
has a lower priority as locale instance.
* VRRP : vrrp.c/vrrp_state_master_rx(), sync IPSEC-AH seq_num counter
(decrement) if receiving higher prio advert in MASTER state.
* VRRP : Reviewed the TSM to be fully filled. Extended speed-up
synchronization handling MASTER sync if group is not already synced.
* VRRP : Leaving fault state, force MASTER transition is received adv
priority is lower than locale.
* VRRP : Extended the parser to not be borred with sync_group
declaration position in the conf file. vrrp_sync_group can be
declared before or after vrrp_instance. Done by adding a reverse
instance lookup during parsing.
* VRRP : sync_master_election cleanup.
* Some cosmetics patches.
* Created the keepalived/samples/keepalived.conf.SYNOPSIS to describe
all keywords available
Release 0.7.6 | Enhancements
* Created a common library for code modularization. This lib will
be used by all Keepalived components (genhash + Keepalived) to
reduce repeated and duplicated code.
* Rewrote the genhash utility using the common lib. The design is
similar to Keepalived core design.
* Reviewed the autoconf and Makefiles for new code architecture.
* Created a html utility lib for HTTP headers manipulations.
* Extended the CHECK_HTTP and CHECK_SSL checkers to support remote
webserver HTTP header status_code. HTTP status_code is parsed
according to rfc2616.6.1. The keyword created for the new feature is
"status_code" inside and "url" declaration. "status_code" feature
can be mixed with "digest" feature. See the samples directory
keepalived/samples/keepalived.conf.status_code for example.
* Review the CHECK_HTTP and CHECK_SSL MD5SUM code to use a common
stream handling function.
* Matthijs van der Klip, <Matthijs.van.der.Klip <at>> and I
fixed a bug into the HTTP/SSL code that close the socket fd even
if remote webserver has not been connected. As a result of fact,
next socket created were imediatly closed. As a side effect, this
altered the SMTP notification when remote webserver checked fall. No
SMTP notification were sent if webserver were detected DOWN. Thanks
to Matthijs for time debugging and investigation.
* VRRP : Rewrote the previous Gratuitous ARP facility. Created a lib
(vrrp_arp.c) dealing with PF_PACKET-SOCK_RAW-ETH_P_RARP and
* VRRP : Some cosmetics patch for messages logging.
* VRRP : Fixed an issue during VRRP packet building, appending VRRP
VIPs to the VRRP packet in the network order form.
* VRRP : Reviewed the previous VRRP packet building process to not
create the ARP header. Removec the previous hacky
kernel appending ARP header since code doesn t currently support
* VRRP : Rewrote the previous vrrp_send_pkt() function to deal with
sendmsg(). optimization lazzyness :)
* VRRP : Extended the interfaces librarie to support common utility
functions (if_setsockopt_hdrincl, if_setsockopt_bindtodevice, ...)
* VRRP : Finally extend the code to support VRRP IPSEC-AH authentication
method. Created a IPSEC-AH seq_number syncrhonization mecanism during
* VRRP : Extended the VRRP TSM to speed up instances syncrhonization
during FAULT->BACKUP & FAULT->MASTER state transition.
* Some cosmetics patches. This release is proposed as a 1.0.0 STABLE
release candidate.
Release 0.7.1 | Enhancements
* Fixed a MISC_CHECK issue when registering next timer checker. Must
register a new timer thread before forking process. This imply for
the user the extra script call must not execute in more than
* Extented the ipfwwrapper (for LVS kernel 2.2) to not set ipchains
rules if nat_mask is not specified in the configuration file.
* VRRP : Added support to delayed gratuitous ARP send. When one instance
enter to MASTER state a timer thread is registered. The default delay
is 5secs. This delay is configurable per vrrp instance and handle the
'garp_master_delay' keyword. This delay refer to the delay after
MASTER state transition we want to launch gratuitous ARP.
* VRRP : Force health checker enable flag if VRRP framework is not
* VRRP : Review the gratuitous ARP helper function to only send
gratuitous ARP if VRRP VIPs are set.
* VRRP : Review the FSM to eliminate stalled flapping loop. The state
transition diagram implemented is :
+----------------| |----------------+
| | Fault | |
| +------------>| |<------------+ |
| | +---------------+ | |
| | | | |
| | V | |
| | +---------------+ | |
| | +--------->| |<---------+ | |
| | | | Initialize | | | |
| | | +-------| |-------+ | | |
| | | | +---------------+ | | | |
| | | | | | | |
V | | V V | | V
+---------------+ +---------------+
| |---------------------->| |
| Master | | Backup |
| |<----------------------| |
+---------------+ +---------------+
The state DUMMY_MASTER state has been removed since it is a fake.
* VRRP : In order to handle all possible state transition, a Transition
State Matrix design (TSM) has been added. This matrix defines
transition state handlers for VRRP sync group extension. The TSM
implemented is (cf: vrrp_scheduler.c for more informations) :
\ E | B | M | F |
S \ | | | |
------+-----+-----+-----+ Legend:
B | x 1 2 | B: VRRP BACKUP state
------+ | M: VRRP MASTER state
M | 3 x 4 | F: VRRP FAULT state
------+ | S: VRRP start state (before transition)
F | 5 6 x | E: VRRP end state (after transition)
------+-----------------+ [1..6]: Handler functions.
* VRRP : Set ms_down_timer to 3 * advert_int + TIMER_SKEW when leaving
MASTER state.
* VRRP : In MASTER state, when incoming advert match or FAULT state is
requested then force leaving MASTER state transition. (review the
previous election approach).
* VRRP : Optimized the leave FAULT state transition. Directly coded into
the FSM for speed up recovery or code readability.
* VRRP : Extended smtp notifier for BACKUP state. Review the MASTER state
notification to only notify when VIPs are set.
* some cosmetics patches.
* Adam Fletcher, <adamf <at>> created the 'LVS-NAT + Keepalived HOWTO'.
Release 0.6.10 | Bug fixes
* Fixed a faked flag during VRRP VIP set. Updated the IP address set flag to reflect
netlink return code.
* Fixed an autoconf issue during selection of VRRP framework.
Release 0.6.9 | Enhancements
* Fixe some code dependence selection during compilation. If autoconf netlink
probe fails then unset VRRP code.
* Cleanup daemon lib. Added some logging info for the daemon processing, removed
some repeated code part.
* Added 2 new daemon arguments :
--dont-release-vrrp : Dont remove VRRP VIPs on daemon stop
--dont-release-ipvs : Dont remove IPVS topology on daemon stop
* Review the global scheduling process to clear FD queues on master thread
* Fixed a forking issue in the MISC_CHECK.
* Review IPVS wrapper functions to use allocated IPVS rules instead of static
referencing pointer.
* Fixed the IPVS wrapper to delete IPVS entries according to their 'alive' state.
* Added IPVS support to alive flag for VS entries.
* Rewrote the previous main.c to support configuration reload on the fly. Extented
signal handling to register a conf reload_thread on SIGHUP. The software design
used here is a dynamic differential conf file reloading framework. This design
offer key decision to add/remove new/old entries to/from low-level framework:
IPVS topology and netlink IP addresses entries. This design reduce to the max
the global service interruption since only negative diff entries are removed.
For VRRP config reload on the fly, if you plan to add/remove many VIPs consider
VIP declaration into the virtual_ipaddress_excluded since they are not present
into VRRP adverts.
* Review the keepalived.init script to support restart and reload arguments.
* Fixed some typo issues.
Release 0.6.8 | Bug fixes
* Alex Kramarov & Remi Nivet, <Remi.Nivet <at>>
reported an assertion error during smtp notification process. The assertion
caused a bad file descriptor registration during in_progress connection
handling. Fixed registering an event thread calling upper level SMTP
protocol in_progress connection handler. So the SMTP stream handlers use
global I/O multiplexer on connection success.
* Benoit Gaussen, <ben <at>> and I added support to "inhibit" feature.
Added a new keyword called "inhibit_on_failure" for real_server declaration.
If specified the real_server will not be removed from the IPVS topology if
real_server fail according to checker result. Instead of removing the entry
from IPVS topology, the corresponding real_server weight will be set to 0.
When real_server will be back, then weight will be set back to original value.
See sample directory for example.
* Added support to IP_MASQ_CMD_SET_DEST for 2.2 krnl and IP_VS_SO_SET_EDITDEST
for 2.4 IPVS code to provide support to "inhibit" feature.
* Review to exit on compilation error.
* Extended autconf script to check for kernel netlink support.
Release 0.6.7 | Code cleanup
* Rewrote the previous SMTP notification framework. New code use a strong
multi-threaded FSM design.
* Moved the SMTP get_local_name() into utils.c
* IPVS : updated the code to support IPVS_SVC_PERSISTENT_TIMEOUT. Introduced
into the new libipvs coming with ipvs-1.0.4.
* VRRP : Extended the mcast membership subscription to handle more robust
mcast subscription errors. Removed the previous ugly stalling sleeping
call retry for membership subscription. Membership subscriptions are now
multi-threaded to not degrade global scheduling timer.
* VRRP : Remi Nivet, <Remi.Nivet <at>> pointed out a buffer
overflow during the sending advert interface binding process.
* Some more cosmetics patches.
Release 0.6.6 | Code cleanup
* added indentation style
* Review the previous source tree. Split the code into functional subdirs.
Added multi-level automake scripts. The source tree looks like :
|-- bin
|-- genhash
|-- keepalived
| |-- core
| |-- etc
| | |-- init.d
| | `-- keepalived
| |-- healthcheck
| |-- include
| |-- libipfwc
| |-- libipvs
| |-- samples
| `-- vrrp
`-- lib
* Refine autoconf/automake scripts. Added automake support to libipvs and
libipfwc. Added code selection compilation for libipvs and libipfwc.
* Review Makefile(s) to use more convenient facilities like distclean, ...
* Review the Makefile(s) code dependencies.
* Added support to modprobe_ipvs if the ip_vs.o module is not loaded.
If modprobe fails then IPVS is assumed unavailable.
* Refine the IPVS wrapper to be more tolerant. When a VS or RS is already
configured don t stop the daemon. The daemon is stopped only on critical
IPVS errors.
* VRRP : Review the bootstrap sequence to start daemon even if one of the
instance want to run on an interface administratively shut. Added extension
to FSM to force transition to FAULT state during bootstrap if the interface
is shut.
* Updated the TODO file.
* Some cosmetics patches.
Release 0.6.5 | Code cleanup
* Fixed a NULL pointer exception while releasing IPVS entries.
* Review the to fixe some conventional issue. Fixed a libipvs
dependance code selection.
* Christophe Varoqui, <Christophe.Varoqui <at>> created the rpm spec file.
* Roberto Nibali, <ratz <at>> helped during OLS with code cleanup.
Review the whole code coding style to use more conventional indentation. The
one used into LVS and Kernel code. Coding style provided by the following
command :
find . -name "*.[chS]" -exec indent -kr -i8 -ts8 -sob -l80 -ss -bs -psl \
{} \; && find . -name "*~" -exec rm {} \;
* Roberto Nibali and I review the DEBUG logging facility adding global DBG()
func declaration.
* Roberto Nibali fixed two potential buffer overflow (strcpy).
* Richard L. Allbery, <rla <at>> pointed out a fwmark issue.
Healthcheckers is enabled if virtual service is a fwmark.
* Some cosmetics patches.
Release 0.6.4 | Enhancements
* Rewrote the previous ip address utilities functions. Review the string
to ulong convertion function to support CIDR filtering and more simple
handling ("without all hexadecimal and shorthand"), pickted from Paul
Vixie code.
* VRRP : extended the notify framework to support scripts inside a
vrrp_sync_group. view the sample/keepalived.conf.vrrp.sync file.
* VRRP : Review the previous vrrp_sync_group block. New declaration
is : view the sample/keepalived.conf.vrrp.sync file.
* VRRP : fixed a FSM sync_group side effect in FAULT state.
* Fixed a Kernel 2.2 code selection issue (ETHTOOL).
* Added support to wensong libipvs.
* Fixed a sorry_server cleanup side effect.
* Alex Karamasov fine the keepalived.init script
to be compatible with redhat chkconfig.
Release 0.6.3 | Bug fixes
* VRRP : Christian Motelet, <cmotelet <at>> pointed out a
flapping issue when runing vrrp_sync_group on multiple NICs. This have
been fixed adding a leave FAULT state transition on both FSM state (read
& read_to). The group leave fault state if all NICs of each VRRP Instance
are working.
* Fixed some issues in the autoconf/automake scripts.
Release 0.6.2 | Bug fixes
* Andres Salomon, <dilinger <at>> enhanced the autoconf/automake
scripts to be more generic and to facilitate cross compilation. Including
more efficient IPVS code detection, Kernel version, install script
location, ...
* Johannes Erdfelt, <johannes <at>> fixed a genhash get request
length calculation issue.
* Johannes Erdfelt, <johannes <at>> fixed a wrong printed IP address
issue due to a static pivot buffer called multiple times for a single
syslog call.
* Johannes Erdfelt, <johannes <at>> enhanced SMTP notification
framework to use more compliant SMTP protocol handling. Enhanced both
sending and receiving functions. A nice response code buffer handling
calculating remote SMTP server retcode.
* Johannes Erdfelt, <johannes <at>> fixed a NULL pointer exception
into the 2.2 ipvswrapper code.
* Aneesh Kumar, <aneesh.kumar <at>> fixed a compilation issue for
CI-LINUX checker compilation.
* Jan Du Caju, <jan <at>> fixed a compilation dependence
selection into the VRRP framework when compiling without LVS support.
This disable checkers activity update when compiled without LVS support.
* fixed a dereferencing pointer into the parser.
* move the dump configuration to printout conf after daemon initialization.
* VRRP : Added support to start on complete init. VRRP framework and thus
keepalived will start if VRRP instances are properly configured.
Release 0.6.1 | Enhancements
* Aneesh Kumar, <aneesh.kumar <at>> and I added support to
Cluster Infrastructure checkers. Providing HA-LVS for their cluster
project ( The new checker added
provide a derivation to the internal CI healthcheck mechanism.
* Enhanced the Kernel netlink reflector to drive global healthcheckers
activity. The policy implemented here is : If healthchecker is performing
test on a service that belong to a VIP not owned by the director, then
the healthchecker is suspended. This suspend/active state is particulary
usefull if runing VRRP for HA => That way the backup LVS will not charge
the realserver pool since LVS VIP is owned by master LVS.
* Cosmetics patches into the vector lib.
* VRRP : Rewrote the previous VRRP synchronization instance policy.
Created a new config block called "vrrp_sync_group" that define VRRP
instances synchronization dependences. That way we replace the previous
"by-pair" sync approach by this "by-group" approach. This can be useefull
for firewall HA with many NICs. Created a dedicated framework to speed up
takeover synchronization.
* VRRP : Added support to CIDR notation for VRRP VIPs definitions
=> VRRP VIPs definition like a.b.c.d/e. By default "e" value is set to 32.
* VRRP : Added support to multicast source IP address selection
=> "mcast_src_ip" keyword. Can be usefull for strongly filtered env.
The mcast group subscription is done using the NIC default IP after this
mcast_src_ip is used if specified.
* VRRP : Enhanced the link media failure detection. Added support to the
new kernel SIOCETHTOOL probing for ETHTOOL_GLINK command. New drivers
use this ETHTOOL interface to report link failure activity. During
bootstrap a probe is done to determine the proper polling method to
use for link media failure detection. The policy used is : probe for
SIOCGMIIREG if not supported then try SIOCETHTOOL GLINK probe, otherwise
use a ioctl SIOCGIFFLAGS polling function mirroring kernel NIC flags to
localy reflected representation.
* Ramon Kagan, <rkagan <at> YorkU.CA> and I updated the UserGuide.pdf.
Release 0.5.9 | Enhancements
* Added support to realserver_group. The work is not yet finished since
it introduces new compilation design currently not supported. So please
do not use yet. * VRRP : Review the script notification. Moved to a script per VRRP
instance state => Created new keywords notify_backup|master|fault
to run a specific script during backup|master|fault state transition. * VRRP : Added support to quoted strings for notify_backup|master|fault.
Can now launch script passing arguments.
See sample directory for examples.
* VRRP : Added a protocol extension called "virtual_ipaddress_excluded".
This configuration block is similar to "virtual_ipaddress" block =>
those VIPs (called E-VIPs) are set throught netlink kernel channel and
gratuitous arp are sent over each E-VIP. The only difference is that
they are not added into VRRP packet adverts. This can be usefull for
big env where you want to run many VRRP VIPs (200 for example).
VRRP packet lenght are limited to a 20 VIPs, if you want more VRRP VIPs
add them to the "virtual_ipaddress_excluded" configuration block.
* VRRP : Added more logging facility when setting/removings VIPs & E-VIPs.
* VRRP : Created a new FSM state called become_master in charge of
VIPs/E-VIPs/notifications handling. The goto_master state is now a state
where the instance send an advert to force a new MASTER election setting
the instance into a transition mode. If election success its finaly
transit to become_master state to own VIPs/E-VIPs and launch scripts.
* VRRP : Force a new MASTER election when receiving a lower prio advert.
* VRRP : Review the vrrp_scheduler.c to use more conventional FSM design.
This reduce and beautifull the code.
* VRRP : Fixed a very noisy flapping issue observed on heavy loaded env.
Simulating big traffic on a backbone figure out this flapping issue.
Added support to a TIMER_MICRO_ADJUST to prevent against timer degradation.
This can be view as a DOS protection policy. VRRP MASTER timers are adjusted
if they are too degradated, due to heavy loaded networking env introducing
latency receiving/sending VRRP protocol adverts.
Thanks goes to Paul, <xerox <at>> for pointing it out and providing
access to its Internet routing backbone.
Release 0.5.8 | Enhancements
* Added an OpenSSL Licence exception to grant Keepalived compilation
with OpenSSL Toolkit.
Thanks to Andres Salomon, <dilinger <at>> for suggesting.
* Added connection port selection for Healthcheckers (TCP_CHECK,
HTTP|SSL_GET). Can be usefull for Healthcheck in fwmark LVS topology
for grouping service.
Thanks to Richard L. Allbery, <rla <at>> for suggesting.
See samples directory for examples.
* Fixed some IPVS exclusion code when running --disable-lvs.
* Added support to VirtualHost selection when using HTTP|SSL_GET.
See samples directory for examples.
* Added VirtualHost selection into the genhash utility.
* Fixed some IPVS sync daemon initializations issues.
* Cometics patches in IPVS wrapper framework.
* Added support to quoted string. This can be usefull if you are using
MISC_CHECK and you want to pass arguments to called script. See samples.
Thanks to Benoit Gaussen, <ben <at>> for suggesting.
* Prepare work on real_server_group in order to group some realserver
* VRRP : Fixed a password length exception causing an unwanted dropping
* VRRP : Enhanced the MASTER state to send gratuitous arp if receiving
a remote lower prio advert => This fix a remote stalled ARP cache.
Thanks to Simon Kirby, <sim <at>> for discussing this case.
Release 0.5.7 | Enhancements
* Review autoconf/automake scripts to be more generic on system and code
selection. Added primitives (configure) :
--disable-lvs-syncd : Do not use IPVS sync daemon
--disable-lvs : Do not use IPVS framework
--disable-vrrp : Do not use VRRP framework
--enable-debug : Compile with debugging flags * Fixed a SSL stream handling bug.
Thanks to Andres Salomon, <dilinger <at>> for pointing the issue. * Added a global memory counter to track global memory used. * Fixed configuration parser. read_line. Remove static allocated temporary read buffer. Only handle stream if line has been split into vector. * Limit maximum number of VIPs per VRRP Instance to 20. (for fragmentation,
overhead, and others reasons). * Added IPVS wrapper support to persistence granularity. Thanks to Mike Zimmerman, <tarmon <at>> for the suggestion.
* Review smtp notifier to handle VRRP MASTER state transition alert.
Thanks to Paul, <xerox <at>> for the suggestion.
* Review the UserGuide.pdf to fixe some english issues :)
Thanks to Jacques Thomas, <jacktom <at>> for reviewing.
Release 0.5.6 | VRRP Bug fixes
* Review in GOTO_MASTER_STATE the IP address  handling.
send protocol adverts before registering IP addresses to the interface.
* Review the LEAVE_MASTER_STATE to only handle state transition
if wanted states are BACKUP or FAULT.
* Review the BACKUP state to force new protocol election if
receiving a lower priority advert.
* Fixed a BACKUP to MASTER state transition if interface is reported UP.
* Fake the ipvs_syncd_cmd function if running LVS using Kernel 2.2
Release 0.5.5 | VRRP
* Fixed a gratuitous ARP porting bug.
* VRRP : Review the data structure to be more generic
and clean with the rest of the code.
* VRRP : Remove the interface flags (NIC) ioctl functions
* VRRP : Created an interface (NIC) library giving access
to common interface helpers functions.
* VRRP : Created an interface lookup function creating a global
interface structure during daemon bootstrap. Consist of a netlink
RTM_GETLINK & RTM_GETADDR lookup, so we can work with a userspace
interface representation.
* VRRP : Create a netlink kernel reflection framework updating
dynamically our interface structure according to kernel
netlink broadcast. This design is highly inspired from zebra.
=> Reflection mean : wait for netlink kernel broadcast, if received,
wakeup netlink filter to update our userspace representation.
Prefer this design instead of a delayed netlink poller. That way
we reduce global overhead.
* VRRP : VRRP need to detect failure from many places.
If netlink can notify for many troubles like mainly
IFF_UP|DOWN & IFF_RUNNING, those flags are kernel drivers dependent.
To reduce takeover time and performance we need to have informations like
: Does the media link is present ?. The fact is that most of the new NICs
own embended hardware chip providing such informations. So created a
MII transceiver status register thread poller. Monitoring Basic Mode
Status Register (BMSR) of the MII status words. Waiting for kernel
NIC drivers hackers to support this functionnality through netlink
(=> Like a IFF_RUNNING update broadcast).
* VRRP : Linked the state machine to the global interface structure.
NIC failure/events are handled.
* VRRP : Review the whole state machine code to be more realistic. The
State transition diagram described into the RFC2338 is an obtimist
view. The VRRP state transition diagram implemented here is :
+--------->| |<-------------+
| | Initialize | |
| +------| |----------+ |
| | +---------------+ | |
| V V |
+---------------+ +---------------+
| |---------------------->| |
| Master | | Backup |
| |<----------------------| |
+---------------+ +---------------+
^ | | | ^
| | | +---------------+ | |
| | +------>| Dummy Master | | |
| | +---------------+ | |
| | | | |
| | V | |
| | +---------------+ | |
| +------------>| |<----------+ |
| | Fault | |
+-----------------| |----------------+
* VRRP : Robust multicast handling. Something really strange
is : after a NIC failure (in fallback mode) without closing
the socket, multicast advert can be sent but not received ?
really strange don t know why probably an IGMP resubmit ?.
So multicast group is left during failover (media trouble,
IFF_DOWN or !IFF_RUNNING). In fallback, we register a new
membership and synchronize all the packet dispatcher fds.
* VRRP : Fixed a checksum trouble using password authentication.
* VRRP : Added support to the LVS sync daemon. This permit
LVS sync daemon to be state drived by a specific VRRP instance.
* Review the autoconf/automake to be more generic.
* Some cosmetics patches.
Release 0.5.3 | Enhancements
* Added autoconf / automake generic scripts.
* Rewrite the configuration file stream parser.
Using a generic keywords tree. Each keyword refer a specific
stream handler. The main stream processor is a multilevel
recursive function getting file stream and backtracking the
keyword tree. Kind of global compiler structure using event driven
stream processing.
* Re-design the global data structure to be much more generic and
to dissociate LVS configuration related to checkers related. Remove
static char lenght to use dynamic length strings.
* Created a global timer framework.
* Created a global vector template, used in cofiguration file
parsing (both stream process & keywords tree generation).
* Created a global list template, used in most of the code.
* Review the global scheduler to remove repeated code.
* Created a global checkers API. The design and goal here is to
facilitate new checkers creation by localizing specific checker
code into a single file without any other global framework
* Patched a SSL stream handling race condition finding end of stream.
* Jan Holmberg, review MISC checker to use forked process to not degrade
global scheduler timer.
* Revisited the whole code to use new templates structures.
* Fixed a url lentgh bug into the genhash utility.
* Fabrice Bucher, <fabrice.bucher <at>> fixed a timeout_persistence
bug in the IPVS wrapper code.
* Bradley McLean, <bradlist <at>> added support to '0' port number
service in VS manipulation. Useful for balancing all services (host rather
than service).
* Matthijs van der Klip, <matthijs.van.der.klip <at>> enhanced smtp
framework to use SMTP header and email enclosed with angle brackets.
Release 0.4.9a | Bug fixes
* Jan and I patched a memory pointer problem in vrrp scheduler. 
Thanks to Negrea Mihai, <mike <at>> for reporting.
* Jan patched a memory reallocation pointer exception in memory
management framework.
* Jan fined a vrrp vip set/remove retry.
* Created the Keepalived UserGuide.
Release 0.4.9 | Enhancements
* Jan Holmberg, <jan <at>> added a memory managment framework.
In debug mode it is used as a memory leak buster. We can so use it
to debug quickly memory leaks (buffer overrun, allocation errors, ...).
* Jan Holmberg and I added support to SSL. Checker SSL_GET. Can be used
with autogenerated cert or with specific cafile, certfile, keyfile.
* Use the OpenSSL, <> library for MD5 & SSL functions.
* Jan Holmberg and I Rewrote the HTTP_GET code to use full asynchronous
stream handling. The code use a common part for HTTP/SSL stream handling.
Review the MD5 digest buffer computation, update MD5 over received buffer.
* Patched some memory leaks in smtp handling.
* Jan Holmbarg added support to LVS FWMARK.
* Added command line option for keepalived. Used the libpopt library.
-h, -v, -n, -d, -l, -f.
* Jan Holmberg and I added debugging facility on keepalived console.
* Added a BOOTSTRAP_DELAY of 1sec when registering checkers during
daemon bootstrap.
* VRRP : Jan Holmberg added possibility to run an extra script when
VRRP Instance become or leave MASTER STATE (=> using a forked process).
* Review/fine the whole code to apply cosmetics patch.
* Rewrote the genhash utility.
* Started checkers API specs.
* doc doc doc...
Release 0.4.8 | MAJOR RELEASE
* Rewrite the whole VRRP previous code.
* VRRP : Created a hierarchic scheduling framework.
Handle VRRP instances multiplexing on the same I/O fd.
VRRP I/O events are handled by our global scheduling
framework. Then the global sheduling framework call a VRRP
I/O instance dispatcher to manage VRRP instances.
* VRRP : Created a temporary socket pool to handle register
our VRRP thread instances.
We create & allocate a socket pool here. The soft design
can be sum up by the following sketch :

fd1 fd2 fd3 fd4 fdi fdi+1
| ETH0 | | ETH1 | | ETHn |
+------+ +------+ +------+

Here we have n physical NIC. Each NIC own a maximum of 2 fds.
(one for VRRP the other for IPSEC_AH). All our VRRP instances
are multiplexed through this fds. So our design can handle 2*n
multiplexing points.
* VRRP : Review the multicast socket creating. We bind the socket
to a specific NIC. inbound & outbound traffic are bound to the
sk->bound_dev_if themself ??? !!!
Needed for filter multicasted advert per interface.
=> For inbound binding we use SO_BINDTODEVICE kernel option.
* VRRP : Created a read dispatcher thread to deal with our sockpool.
Handle VRRP states & transition states.
* VRRP : Created a VRRP synchronization instance circuit. This
functionnality gave you the ability to monitor VRRP instance
each other. This mean that if 2 VRRP instances are monitoring
themself and if one of this instance change state, the other
follow the same state. ex.: With 2 VRRP instances (VI_1 & VI_2)
if VI_1 become backup then VI_2 become backup too. (symetricly
with master VRRP state).
* VRRP : Rewrite the netlink interface to use non blocking socket.
* VRRP : Rewrite the ipaddress handling to use the new netlink
* VRRP : Remove the VRPP VMAC handling since linux kernel only
permit to use one MAC address on a specific NIC. We use gratuitous
arp when setting up VRRP VIP, to uptade remote host arp caches.
=> In certain case this can cause a TCP session renegociation
which can cause a permature session end.
=> To be fully compliant with the VRRP RFC, need to patch the
kernel to gave it the possibility to deal with more than one
MAC address at a time. Give me clue on it please ! to same me
a little time :)
* Starting VRRP documentation.
* Patch a pidfile handling bug when forking the keepalived daemon.
Thanks goes to Gianni D'Aprile for pointing it to me.
* Patch a timer race condition into the scheduling framework.
This bug caused tcpcheck to respawn quickly...
Thanks goes to Gianni D'Aprile for pointing it to me.
Release 0.3.8 | Enhancements
* Added support to native LVS netfilter code on NAT.
=> Using NAT on 2.4 Kernel, ipchains kernel support
has been removed.
* Added support to Direct routing & Tunneling.
* Review the keepalived.init script to make it much more
* Some cosmetics patch.
Release 0.3.7 | Enhancements
* Added support to LVS kernel 2.4 code.
Release 0.3.6 | Bug fixes
* Patch a race condition into the scheduler timer computation.
* Patch a race condition into the tcp checker thread. Only
register next timer thread if tcp connection is not in progress.
* Patch a race condition into the http checker thread. Handle
empty buffer returned from remote http server.
* Patch a race condition into the dumping configuration process.
A simple dereferencing pointer value...oops...
* Eric Jarman, <ehj38230 <at>> added MISC CHECKER.
It Perform a system call to run an extra system or script.
=> security auditing needed for system call,
buffer overflow over script path must be handled.
Release 0.3.5 | MAJOR RELEASE
* Rewrite the whole signal handling, registering a terminating
thread on signal.
* Move logsystem to syslog using facility LOG_INFO & LOG_DEBUG.
* Added a daemonization function imported from zebra.
* Rewrite the pidfile handling, check if daemon is running, if not
remove eventual stalled pidfile and create new pidfile.
* Added a strong scheduling framework based on an I/O multiplexer
to handle asynchronous process. This code is imported from zebra
and have been enhanced for keepalived purposes.

Thread types are :
. timeouted read on fd.
. timeouted write on fd.
. timer.
. event.
. terminate event.

=> The zebra framework have been enhanced to add support for timeouted
read/write fds.
=> With this framework keepalived use a Boss/Worker thread model design,
fetching ready thread from a master threading queues.
* Rewrite the configuration file reader to add flexibility on extending.
The dynamic data structure has been rewritten to use apropriate types.
Right now parsing framework is ready for easy new checker structures
* Rewrite the smtp connector. The implementation take advantage of the
I/O multiplexer. All read/write operations from/to the remote smtp server
are done asynchronously. The implementation is rfc 821 compliant (multiple
receiver are handled by a multiple RCPT TO command as specified in rfc821.3.1).
* Rewrite the IPFW & IPVS wrappers.
* Added support for NAT mask on IP MASQ rules (keyword nat_mask in configuration
file). Added support for sorry server facility, so when all the server from a
VS server pool are removed, a sorry server is automaticaly added to the VS pool
(typically this is used when you have a spare server online).
* Rewrite the previous checkers. Checkers are now based on a hierarchic layer
stack framework. The protocol implemented for the moment is TCP. All layer 5
checkers are using layer4.c primitives with the same design :
. a checker connector thread (creating the socket) registering the connection
checker thread.
. a connection checker thread testing connection states (error, in_progress,
timeout, success). When connection success upper level thread are registered
to handle checks.
* Delay loop is now checkers specifics since we can use a multithreaded framework.
* Update the PDF documentation file.
Release 0.2.7 | Minor Bug fixes
Patch a missed close socket descriptor (oops). Causing a premature daemon hangup.
* ipfwwrapper :
Added an ip firewall kernel wrapper using the 'Rusty' firewall manipulation library.
* ipvswrapper :
Added support to the IP_MASQ_CMD ruleset.
IP_MASQ_CMD_ADD : Adding a virtual service.
IP_MASQ_CMD_DEL : Deleting a virtual service.
IP_MASQ_CMD_ADD_DEST : Adding a real service to a virtual service.
IP_MASQ_CMD_DEL_DEST : Deleting a real service to a virtual service.
* lvs.conf file is now obsolete. All configurations are done in keepalived.conf file.
* Cosmetics patches.
* Starting creating the core documentation.
Release 0.2.6 | Major Bug fixes
* keepalived main program :
Change signal handling.
Adding pidfile lock.
Change the dynamic data structure representation.
Use global var to log daemon pid.
Adding support for multi-url get check.
Creating RPM distribution file.
* cfreader :
Change the dynamic data structure representation. Move to a tree data structure.
Revisited the pointer functions manipulation for the dynamic data structure.
Adding keywords support for the configuration file.
Adding email support for notification alerts.
md5 : Move to the L. Peter Deutsch independent md5 RFC1321 implementation.
* smtpwrapper :
Added smtpwrapper for sending notification via email.
Using smtp protocol according to the RFC822.
Smtp server connection using a NON_BLOCK timeouted tcp connection.
Processing smtp server answer according to the smtp protocol.
Remove the whole RAW_SOCKET tcpcheck level initial implementation.
Adding vanilla tcpcheck using a non blocking/so_linger socket descriptor.
Use a timeval to set the socket descriptor timeout.
* ICMPCHECK : move in a futur work.
Use a non blocking timeouted tcp connection.
Adding support for multi-url. Can perform HTTP GET over multiple url on the
same tcp service (useful for HTTP server owning multiple applications servers).
Adding HTTP GET retry support.
Replace the initial libmd call by L. Peter Deutsch implementation.
Parse the whole HTTP GET reply, computing a md5sum over the html response buffer.
Adding delay support before HTTP GET retry.
Release 0.2.3 | Workaround
Added recvfrom_to() function to handle recvfrom timeouted connection using a select call.
Call this function in TCP_RCV_SYNACK_PACKET with 1s timeout.
Added a timer (2s timeouted) in TCP_RCV_SYNACK_PACKET to check SYN|ACK packet.
Check perform on tcp sequence, remote tcp port number, tcp SYN|ACK flag & remote ip address.
Added a 3 time SYN packet send retry.
Added recvfrom_to() function to handle recvfrom timeouted connection.
Call this function in ICMP_RCV_ECHOREPLY with 1s timeout.
Added a timer (2s timeouted) in ICMP_RCV_ECHOREPLY to check ECHO_REPLY.
Check perform on icmp type flag, remote ip address.
Added a 3 time ECHO_REQUEST send retry.
* Cosmetic debugging messages.
Release 0.2.1 | INITIAL RELEASE