diff --git a/src/ipset.c b/src/ipset.c index 9195f2ba5..0cddc3e26 100644 --- a/src/ipset.c +++ b/src/ipset.c @@ -332,8 +332,7 @@ static struct dpvs_sockopts ipset_sockopts = { static int ipset_parse_conf_file(void) { - char *buf, *pstr; - bool found_num = false; + char *buf, ch; struct dp_vs_multi_ipset_conf *ips = NULL; int ip_num = 0, ipset_size = 0, ip_index = 0; @@ -342,24 +341,30 @@ static int ipset_parse_conf_file(void) RTE_LOG(WARNING, IPSET, "no memory for ipset buf\n"); return -1; } + while(!feof(g_current_stream)) { + if((ch=getc(g_current_stream))=='\n') + ip_num++; + } + if (!ip_num) { + RTE_LOG(WARNING, IPSET, "no ip in the gfwip \n"); + FREE(buf); + return -1; + } + + RTE_LOG(DEBUG, IPSET, "gfwip list has %u ips\n", ip_num); + + fseek(g_current_stream, 0, SEEK_SET); + + ipset_size = sizeof(struct dp_vs_multi_ipset_conf) + ip_num*sizeof(struct dp_vs_ipset_conf); + ips = rte_calloc_socket(NULL, 1, ipset_size, 0, rte_socket_id()); + if (ips == NULL) { + RTE_LOG(WARNING, IPSET, "no memory for ipset conf\n"); + FREE(buf); + return -1; + } + ips->num = ip_num; + while (read_line(buf, CFG_FILE_MAX_BUF_SZ)) { - if (false == found_num && NULL != (pstr = strstr(buf, IPSET_CFG_MEMBERS))) { - pstr += strlen(IPSET_CFG_MEMBERS); - ip_num = atoi(pstr); - found_num = true; - ipset_size = sizeof(struct dp_vs_multi_ipset_conf) + ip_num*sizeof(struct dp_vs_ipset_conf); - ips = rte_calloc_socket(NULL, 1, ipset_size, 0, rte_socket_id()); - if (ips == NULL) { - RTE_LOG(WARNING, IPSET, "no memory for ipset conf\n"); - break; - } - ips->num = ip_num; - continue; - } - if (ips == NULL) { - RTE_LOG(WARNING, IPSET, "cannot get gfwip members\n"); - break; - } if (inet_pton(AF_INET, buf, &ips->ipset_conf[ip_index].addr) <= 0) ips->ipset_conf[ip_index].af = 0; else diff --git a/tools/ipvsadm/Makefile b/tools/ipvsadm/Makefile index dc5464001..413cfc238 100644 --- a/tools/ipvsadm/Makefile +++ b/tools/ipvsadm/Makefile @@ -43,7 +43,7 @@ MAN = $(RPM_BUILD_ROOT)/$(MANDIR)/man8 INIT = $(RPM_BUILD_ROOT)/etc/rc.d/init.d MKDIR = mkdir INSTALL = install -STATIC_LIBS = ../keepalived/keepalived/libipvs-2.6/libipvs.a +STATIC_LIBS = ../keepalived/keepalived/check/libcheck.a DPVSDEPS = ../../src/common.o ifeq "${ARCH}" "sparc64" diff --git a/tools/ipvsadm/ipvsadm.c b/tools/ipvsadm/ipvsadm.c index 9d78051cb..a986e7989 100644 --- a/tools/ipvsadm/ipvsadm.c +++ b/tools/ipvsadm/ipvsadm.c @@ -115,7 +115,7 @@ #define IPVS_OPTION_PROCESSING "popt" #include "config_stream.h" -#include "../keepalived/keepalived/libipvs-2.6/libipvs.h" +#include "../keepalived/keepalived/include/libipvs.h" #define IPVSADM_VERSION_NO "v" VERSION #define IPVSADM_VERSION_DATE "2008/5/15" @@ -193,7 +193,7 @@ static const char* optnames[] = { "syncid", "exact", "ops", - "pe" , + "pe" , "local-address" , "blklst-address", "synproxy" , @@ -576,13 +576,13 @@ parse_options(int argc, char **argv, struct ipvs_command_entry *ce, case 'q': set_option(options, OPT_SERVICE); if (c == 't') - ce->svc.protocol = IPPROTO_TCP; + ce->svc.user.protocol = IPPROTO_TCP; else if (c == 'u') - ce->svc.protocol = IPPROTO_UDP; + ce->svc.user.protocol = IPPROTO_UDP; else if (c == 'q') - ce->svc.protocol = IPPROTO_ICMP; + ce->svc.user.protocol = IPPROTO_ICMP; else if (c == '1') // a~Z is out. ipvsadm is really not friendly here - ce->svc.protocol = IPPROTO_ICMPV6; + ce->svc.user.protocol = IPPROTO_ICMPV6; parse = parse_service(optarg, &ce->svc); if (!(parse & SERVICE_ADDR)) @@ -591,7 +591,7 @@ parse_options(int argc, char **argv, struct ipvs_command_entry *ce, break; case 'H': set_option(options, OPT_SERVICE); - ce->svc.flags |= IP_VS_SVC_F_MATCH; + ce->svc.user.flags |= IP_VS_SVC_F_MATCH; if (parse_match_snat(optarg, &ce->svc) != 0) fail(2, "illegal match specified"); break; @@ -602,32 +602,32 @@ parse_options(int argc, char **argv, struct ipvs_command_entry *ce, * though it is not used */ ce->svc.af = AF_INET;/*FIXME:DPVS not support fwmark?*/ - ce->svc.protocol = IPPROTO_TCP; - ce->svc.fwmark = parse_fwmark(optarg); + ce->svc.user.protocol = IPPROTO_TCP; + ce->svc.user.fwmark = parse_fwmark(optarg); break; case 's': set_option(options, OPT_SCHEDULER); - strncpy(ce->svc.sched_name, + strncpy(ce->svc.user.sched_name, optarg, IP_VS_SCHEDNAME_MAXLEN); - if (!memcmp(ce->svc.sched_name, "conhash", strlen("conhash"))) - ce->svc.flags = ce->svc.flags | IP_VS_SVC_F_SIP_HASH; + if (!memcmp(ce->svc.user.sched_name, "conhash", strlen("conhash"))) + ce->svc.user.flags = ce->svc.user.flags | IP_VS_SVC_F_SIP_HASH; break; case 'p': set_option(options, OPT_PERSISTENT); - ce->svc.flags |= IP_VS_SVC_F_PERSISTENT; - ce->svc.timeout = + ce->svc.user.flags |= IP_VS_SVC_F_PERSISTENT; + ce->svc.user.timeout = parse_timeout(optarg, 1, MAX_TIMEOUT); break; case 'M': set_option(options, OPT_NETMASK); if (ce->svc.af != AF_INET6) { - parse = parse_netmask(optarg, &ce->svc.netmask); + parse = parse_netmask(optarg, &ce->svc.user.netmask); if (parse != 1) fail(2, "illegal virtual server " "persistent mask specified"); } else { - ce->svc.netmask = atoi(optarg); - if ((ce->svc.netmask < 1) || (ce->svc.netmask > 128)) + ce->svc.user.netmask = atoi(optarg); + if ((ce->svc.user.netmask < 1) || (ce->svc.user.netmask > 128)) fail(2, "illegal ipv6 netmask specified"); } break; @@ -636,50 +636,50 @@ parse_options(int argc, char **argv, struct ipvs_command_entry *ce, ipvs_service_t t_dest = ce->svc; parse = parse_service(optarg, &t_dest); ce->dest.af = t_dest.af; - ce->dest.addr = t_dest.addr; - ce->dest.port = t_dest.port; + ce->dest.nf_addr = t_dest.nf_addr; + ce->dest.user.port = t_dest.user.port; if (!(parse & SERVICE_ADDR)) fail(2, "illegal real server " "address[:port] specified"); /* copy vport to dport if not specified */ if (parse == 1) - ce->dest.port = ce->svc.port; + ce->dest.user.port = ce->svc.user.port; break; case 'i': set_option(options, OPT_FORWARD); - ce->dest.conn_flags = IP_VS_CONN_F_TUNNEL; + ce->dest.user.conn_flags = IP_VS_CONN_F_TUNNEL; break; case 'g': set_option(options, OPT_FORWARD); - ce->dest.conn_flags = IP_VS_CONN_F_DROUTE; + ce->dest.user.conn_flags = IP_VS_CONN_F_DROUTE; break; case 'b': set_option(options, OPT_FORWARD); - ce->dest.conn_flags = IP_VS_CONN_F_FULLNAT; + ce->dest.user.conn_flags = IP_VS_CONN_F_FULLNAT; break; case 'J': set_option(options, OPT_FORWARD); - ce->dest.conn_flags = IP_VS_CONN_F_SNAT; + ce->dest.user.conn_flags = IP_VS_CONN_F_SNAT; break; case 'm': set_option(options, OPT_FORWARD); - ce->dest.conn_flags = IP_VS_CONN_F_MASQ; + ce->dest.user.conn_flags = IP_VS_CONN_F_MASQ; break; case 'w': set_option(options, OPT_WEIGHT); - if ((ce->dest.weight = + if ((ce->dest.user.weight = string_to_number(optarg, 0, 65535)) == -1) fail(2, "illegal weight specified"); break; case 'x': set_option(options, OPT_UTHRESHOLD); - if ((ce->dest.u_threshold = + if ((ce->dest.user.u_threshold = string_to_number(optarg, 0, INT_MAX)) == -1) fail(2, "illegal u_threshold specified"); break; case 'y': set_option(options, OPT_LTHRESHOLD); - if ((ce->dest.l_threshold = + if ((ce->dest.user.l_threshold = string_to_number(optarg, 0, INT_MAX)) == -1) fail(2, "illegal l_threshold specified"); break; @@ -741,16 +741,16 @@ parse_options(int argc, char **argv, struct ipvs_command_entry *ce, *format |= FMT_EXACT; break; case '6': - if (ce->svc.fwmark) { + if (ce->svc.user.fwmark) { ce->svc.af = AF_INET6; - ce->svc.netmask = 128; + ce->svc.user.netmask = 128; } else { fail(2, "-6 used before -f\n"); } break; case 'o': set_option(options, OPT_ONEPACKET); - ce->svc.flags |= IP_VS_SVC_F_ONEPACKET; + ce->svc.user.flags |= IP_VS_SVC_F_ONEPACKET; break; case TAG_PERSISTENCE_ENGINE: set_option(options, OPT_PERSISTENCE_ENGINE); @@ -765,8 +765,8 @@ parse_options(int argc, char **argv, struct ipvs_command_entry *ce, if (!(parse & SERVICE_ADDR)) fail(2, "illegal local address"); ce->laddr.af = nsvc.af; - ce->laddr.addr = nsvc.addr; - ce->laddr.__addr_v4 = nsvc.addr.ip; + ce->laddr.addr = nsvc.nf_addr; + ce->laddr.__addr_v4 = nsvc.nf_addr.ip; break; } @@ -778,8 +778,8 @@ parse_options(int argc, char **argv, struct ipvs_command_entry *ce, if (!(parse & SERVICE_ADDR)) fail(2, "illegal blacklist address"); ce->blklst.af = nsvc.af; - ce->blklst.addr = nsvc.addr; - ce->blklst.__addr_v4 = nsvc.addr.ip; + ce->blklst.addr = nsvc.nf_addr; + ce->blklst.__addr_v4 = nsvc.nf_addr.ip; break; } @@ -792,9 +792,9 @@ parse_options(int argc, char **argv, struct ipvs_command_entry *ce, set_option(options, OPT_SYNPROXY); if(!memcmp(optarg , "enable" , strlen("enable"))) - ce->svc.flags = ce->svc.flags | IP_VS_CONN_F_SYNPROXY; + ce->svc.user.flags = ce->svc.user.flags | IP_VS_CONN_F_SYNPROXY; else if(!memcmp(optarg , "disable" , strlen("disable"))) - ce->svc.flags = ce->svc.flags & (~IP_VS_CONN_F_SYNPROXY); + ce->svc.user.flags = ce->svc.user.flags & (~IP_VS_CONN_F_SYNPROXY); else fail(2 , "synproxy switch must be enable or disable\n"); @@ -804,17 +804,17 @@ parse_options(int argc, char **argv, struct ipvs_command_entry *ce, { set_option(options, OPT_HASHTAG); - if (strcmp(ce->svc.sched_name, "conhash")) + if (strcmp(ce->svc.user.sched_name, "conhash")) fail(2 , "hash target can only be set when schedule is conhash\n"); if (!memcmp(optarg, "sip", strlen("sip"))) { - ce->svc.flags = ce->svc.flags | IP_VS_SVC_F_SIP_HASH; - ce->svc.flags = ce->svc.flags & (~IP_VS_SVC_F_QID_HASH); + ce->svc.user.flags = ce->svc.user.flags | IP_VS_SVC_F_SIP_HASH; + ce->svc.user.flags = ce->svc.user.flags & (~IP_VS_SVC_F_QID_HASH); } else if (!memcmp(optarg, "qid", strlen("qid"))) { - if (ce->svc.protocol != IPPROTO_UDP) + if (ce->svc.user.protocol != IPPROTO_UDP) fail(2 , "qid hash can only be set in udp service\n"); - ce->svc.flags = ce->svc.flags | IP_VS_SVC_F_QID_HASH; - ce->svc.flags = ce->svc.flags & (~IP_VS_SVC_F_SIP_HASH); + ce->svc.user.flags = ce->svc.user.flags | IP_VS_SVC_F_QID_HASH; + ce->svc.user.flags = ce->svc.user.flags & (~IP_VS_SVC_F_SIP_HASH); } else fail(2 , "hash target not support\n"); @@ -896,11 +896,11 @@ static int process_options(int argc, char **argv, int reading_stdin) memset(&ce, 0, sizeof(struct ipvs_command_entry)); ce.cmd = CMD_NONE; /* Set the default weight 1 */ - ce.dest.weight = 1; + ce.dest.user.weight = 1; /* Set direct routing as default forwarding method */ - ce.dest.conn_flags = IP_VS_CONN_F_DROUTE; + ce.dest.user.conn_flags = IP_VS_CONN_F_DROUTE; /* Set the default persistent granularity to /32 mask */ - ce.svc.netmask = ((u_int32_t) 0xffffffff); + ce.svc.user.netmask = ((u_int32_t) 0xffffffff); /* Set the default cpu be master */ ce.cid = 0; @@ -911,21 +911,21 @@ static int process_options(int argc, char **argv, int reading_stdin) if (ce.cmd == CMD_ADD || ce.cmd == CMD_EDIT) { /* Make sure that port zero service is persistent */ - if (!ce.svc.fwmark && !ce.svc.port && - !(ce.svc.flags & IP_VS_SVC_F_PERSISTENT) && - (!strlen(ce.svc.srange) && !strlen(ce.svc.drange) && - !strlen(ce.svc.iifname) && !strlen(ce.svc.oifname))) + if (!ce.svc.user.fwmark && !ce.svc.user.port && + !(ce.svc.user.flags & IP_VS_SVC_F_PERSISTENT) && + (!strlen(ce.svc.user.srange) && !strlen(ce.svc.user.drange) && + !strlen(ce.svc.user.iifname) && !strlen(ce.svc.user.oifname))) fail(2, "Zero port specified " "for no-match and non-persistent service"); - if (ce.svc.flags & IP_VS_SVC_F_ONEPACKET && - !ce.svc.fwmark && ce.svc.protocol != IPPROTO_UDP) + if (ce.svc.user.flags & IP_VS_SVC_F_ONEPACKET && + !ce.svc.user.fwmark && ce.svc.user.protocol != IPPROTO_UDP) fail(2, "One-Packet Scheduling is only " "for UDP virtual services"); /* Set the default scheduling algorithm if not specified */ - if (strlen(ce.svc.sched_name) == 0) - strcpy(ce.svc.sched_name, DEF_SCHED); + if (strlen(ce.svc.user.sched_name) == 0) + strcpy(ce.svc.user.sched_name, DEF_SCHED); } if (ce.cmd == CMD_STARTDAEMON && strlen(ce.daemon.mcast_ifn) == 0) @@ -937,10 +937,10 @@ static int process_options(int argc, char **argv, int reading_stdin) * if the IP_VS_CONN_F_TUNNEL or IP_VS_CONN_F_DROUTE is set. * Don't worry about this if fwmark is used. */ - if (!ce.svc.fwmark && - (ce.dest.conn_flags == IP_VS_CONN_F_TUNNEL - || ce.dest.conn_flags == IP_VS_CONN_F_DROUTE)) - ce.dest.port = ce.svc.port; + if (!ce.svc.user.fwmark && + (ce.dest.user.conn_flags == IP_VS_CONN_F_TUNNEL + || ce.dest.user.conn_flags == IP_VS_CONN_F_DROUTE)) + ce.dest.user.port = ce.svc.user.port; } switch (ce.cmd) { @@ -1046,7 +1046,7 @@ static int process_options(int argc, char **argv, int reading_stdin) case CMD_GETBLKLST: if(options & OPT_SERVICE) { list_blklsts_print_title(); - result = list_blklst(ce.svc.addr.ip, ce.svc.port, ce.svc.protocol); + result = list_blklst(ce.svc.nf_addr.ip, ce.svc.user.port, ce.svc.user.protocol); } else result = list_all_blklsts(); @@ -1165,19 +1165,19 @@ parse_service(char *buf, ipvs_service_t *svc) return SERVICE_NONE; } if (inet_pton(AF_INET6, buf, &inaddr6) > 0) { - svc->addr.in6 = inaddr6; + svc->nf_addr.in6 = inaddr6; svc->af = AF_INET6; - svc->netmask = 128; + svc->user.netmask = 128; } else { portp = strrchr(buf, ':'); if (portp != NULL) *portp = '\0'; if (inet_aton(buf, &inaddr) != 0) { - svc->addr.ip = inaddr.s_addr; + svc->nf_addr.ip = inaddr.s_addr; svc->af = AF_INET; } else if (host_to_addr(buf, &inaddr) != -1) { - svc->addr.ip = inaddr.s_addr; + svc->nf_addr.ip = inaddr.s_addr; svc->af = AF_INET; } else return SERVICE_NONE; @@ -1189,9 +1189,9 @@ parse_service(char *buf, ipvs_service_t *svc) result |= SERVICE_PORT; if ((portn = string_to_number(portp+1, 0, 65535)) != -1) - svc->port = htons(portn); - else if ((portn = service_to_port(portp+1, svc->protocol)) != -1) - svc->port = htons(portn); + svc->user.port = htons(portn); + else if ((portn = service_to_port(portp+1, svc->user.protocol)) != -1) + svc->user.port = htons(portn); else return SERVICE_NONE; } @@ -1202,7 +1202,7 @@ parse_service(char *buf, ipvs_service_t *svc) * Get sockpair from the arguments. * sockpair := PROTO:SIP:SPORT:TIP:TPORT * PROTO := [tcp|udp] - * SIP,TIP := dotted-decimal ip address or square-blacketed ip6 address + * SIP,TIP := dotted-decimal ip address * SPORT,TPORT := range(0, 65535) */ static int @@ -1285,9 +1285,9 @@ parse_sockpair(char *buf, ipvs_sockpair_t *sockpair) sockpair->af = af; sockpair->proto = proto; - sockpair->sip = sip; + memcpy(&sockpair->sip, &sip, sizeof(sockpair->sip)); sockpair->sport = ntohs(sport); - sockpair->tip = tip; + memcpy(&sockpair->tip, &tip, sizeof(sockpair->tip)); sockpair->tport = ntohs(tport); return 1; @@ -1317,7 +1317,7 @@ static int parse_match_snat(const char *buf, ipvs_service_t *svc) snprintf(params, sizeof(params), "%s", buf); - svc->protocol = IPPROTO_NONE; + svc->user.protocol = IPPROTO_NONE; for (start = params; (arg = strtok_r(start, ",", &sp)); start = NULL) { r = sscanf(arg, "%31[^=]=%127s", key, val); @@ -1329,13 +1329,13 @@ static int parse_match_snat(const char *buf, ipvs_service_t *svc) if (strcmp(key, "proto") == 0) { if (strcmp(val, "tcp") == 0) - svc->protocol = IPPROTO_TCP; + svc->user.protocol = IPPROTO_TCP; else if (strcmp(val, "udp") == 0) - svc->protocol = IPPROTO_UDP; + svc->user.protocol = IPPROTO_UDP; else if (strcmp(val, "icmp") == 0) - svc->protocol = IPPROTO_ICMP; + svc->user.protocol = IPPROTO_ICMP; else if (strcmp(val, "icmpv6") == 0) - svc->protocol = IPPROTO_ICMPV6; + svc->user.protocol = IPPROTO_ICMPV6; else return -1; } else if (strcmp(key, "af") == 0){ @@ -1348,14 +1348,14 @@ static int parse_match_snat(const char *buf, ipvs_service_t *svc) return -1; } else if (strcmp(key, "src-range") == 0) { range = true; - snprintf(svc->srange, sizeof(svc->srange), "%s", val); + snprintf(svc->user.srange, sizeof(svc->user.srange), "%s", val); } else if (strcmp(key, "dst-range") == 0) { range = true; - snprintf(svc->drange, sizeof(svc->drange), "%s", val); + snprintf(svc->user.drange, sizeof(svc->user.drange), "%s", val); } else if (strcmp(key, "iif") == 0) { - snprintf(svc->iifname, sizeof(svc->iifname), "%s", val); + snprintf(svc->user.iifname, sizeof(svc->user.iifname), "%s", val); } else if (strcmp(key, "oif") == 0) { - snprintf(svc->oifname, sizeof(svc->oifname), "%s", val); + snprintf(svc->user.oifname, sizeof(svc->user.oifname), "%s", val); } else { return -1; } @@ -1716,11 +1716,11 @@ static inline char *fwd_switch(unsigned flags) } /*notice when rs is deleted svc stats count will be less than before*/ -static void copy_stats_from_dest(ipvs_service_entry_t *se, struct ip_vs_get_dests *d) +static void copy_stats_from_dest(ipvs_service_entry_t *se, struct ip_vs_get_dests_app *d) { int i = 0; - for (i = 0; i < d->num_dests; i++) { - ipvs_dest_entry_t *e = &d->entrytable[i]; + for (i = 0; i < d->user.num_dests; i++) { + ipvs_dest_entry_t *e = &d->user.entrytable[i]; se->stats.conns += e->stats.conns; se->stats.inpkts += e->stats.inpkts; se->stats.outpkts += e->stats.outpkts; @@ -1739,7 +1739,7 @@ static void print_largenum(unsigned long long i, unsigned int format) printf("%*llu", len <= 8 ? 9 : len + 1, i); return; } - + if (i < 100000000) /* less than 100 million */ printf("%9llu", i); else if (i < 1000000000) /* less than 1 billion */ @@ -1784,7 +1784,7 @@ static void print_title(unsigned int format) static void print_service_entry(ipvs_service_entry_t *se, unsigned int format, lcoreid_t cid) { - struct ip_vs_get_dests *d; + struct ip_vs_get_dests_app *d; char svc_name[256]; int i; @@ -1793,40 +1793,40 @@ print_service_entry(ipvs_service_entry_t *se, unsigned int format, lcoreid_t cid exit(1); } - if (se->fwmark) { + if (se->user.fwmark) { if (format & FMT_RULE) if (se->af == AF_INET6) - sprintf(svc_name, "-f %d -6", se->fwmark); + sprintf(svc_name, "-f %d -6", se->user.fwmark); else - sprintf(svc_name, "-f %d", se->fwmark); + sprintf(svc_name, "-f %d", se->user.fwmark); else if (se->af == AF_INET6) - sprintf(svc_name, "FWM %d IPv6", se->fwmark); + sprintf(svc_name, "FWM %d IPv6", se->user.fwmark); else - sprintf(svc_name, "FWM %d", se->fwmark); - } else if (se->__addr_v4 || se->port) { + sprintf(svc_name, "FWM %d", se->user.fwmark); + } else if (se->user.__addr_v4 || se->user.port) { char *vname, *proto; - if (!(vname = addrport_to_anyname(se->af, &se->addr, ntohs(se->port), - se->protocol, format))) + if (!(vname = addrport_to_anyname(se->af, &se->nf_addr, ntohs(se->user.port), + se->user.protocol, format))) fail(2, "addrport_to_anyname: %s", strerror(errno)); if (format & FMT_RULE) { - if (se->protocol == IPPROTO_TCP) + if (se->user.protocol == IPPROTO_TCP) proto = "-t"; - else if (se->protocol == IPPROTO_UDP) + else if (se->user.protocol == IPPROTO_UDP) proto = "-u"; else proto = "-q"; sprintf(svc_name, "%s %s", proto, vname); } else { - if (se->protocol == IPPROTO_TCP) + if (se->user.protocol == IPPROTO_TCP) proto = "TCP"; - else if (se->protocol == IPPROTO_UDP) + else if (se->user.protocol == IPPROTO_UDP) proto = "UDP"; - else if (se->protocol == IPPROTO_ICMP) + else if (se->user.protocol == IPPROTO_ICMP) proto = "ICMP"; - else + else proto = "ICMPv6"; sprintf(svc_name, "%s %s", proto, vname); @@ -1838,11 +1838,11 @@ print_service_entry(ipvs_service_entry_t *se, unsigned int format, lcoreid_t cid char *proto; char af[10]; - if (se->protocol == IPPROTO_TCP) + if (se->user.protocol == IPPROTO_TCP) proto = "tcp"; - else if (se->protocol == IPPROTO_UDP) + else if (se->user.protocol == IPPROTO_UDP) proto = "udp"; - else if (se->protocol == IPPROTO_ICMP) + else if (se->user.protocol == IPPROTO_ICMP) proto = "icmp"; else proto = "icmpv6"; @@ -1855,7 +1855,7 @@ print_service_entry(ipvs_service_entry_t *se, unsigned int format, lcoreid_t cid if (format & FMT_RULE) { snprintf(svc_name, sizeof(svc_name), "-H af=%s, proto=%s,src-range=%s,dst-range=%s,iif=%s,oif=%s", - proto, af, se->srange, se->drange, se->iifname, se->oifname); + af, proto, se->user.srange, se->user.drange, se->user.iifname, se->user.oifname); } else { int left = sizeof(svc_name); @@ -1866,24 +1866,24 @@ print_service_entry(ipvs_service_entry_t *se, unsigned int format, lcoreid_t cid left -= snprintf(svc_name + strlen(svc_name), left, ",MATCH %s", proto); - - if (strcmp(se->srange, "[::-::]:0-0") != 0 && - strcmp(se->srange, "0.0.0.0-0.0.0.0:0-0") != 0) + + if (strcmp(se->user.srange, "[::-::]:0-0") != 0 && + strcmp(se->user.srange, "0.0.0.0-0.0.0.0:0-0") != 0) left -= snprintf(svc_name + strlen(svc_name), left, - ",from=%s", se->srange); + ",from=%s", se->user.srange); - if (strcmp(se->drange, "[::-::]:0-0") != 0 && - strcmp(se->drange, "0.0.0.0-0.0.0.0:0-0") != 0) + if (strcmp(se->user.drange, "[::-::]:0-0") != 0 && + strcmp(se->user.drange, "0.0.0.0-0.0.0.0:0-0") != 0) left -= snprintf(svc_name + strlen(svc_name), left, - ",to=%s", se->drange); + ",to=%s", se->user.drange); - if (strlen(se->iifname)) + if (strlen(se->user.iifname)) left -= snprintf(svc_name + strlen(svc_name), left, - ",iif=%s", se->iifname); + ",iif=%s", se->user.iifname); - if (strlen(se->oifname)) + if (strlen(se->user.oifname)) left -= snprintf(svc_name + strlen(svc_name), left, - ",oif=%s", se->oifname); + ",oif=%s", se->user.oifname); } } @@ -1892,23 +1892,23 @@ print_service_entry(ipvs_service_entry_t *se, unsigned int format, lcoreid_t cid /* print virtual service info */ if (format & FMT_RULE) { - printf("-A %s -s %s", svc_name, se->sched_name); - if (se->flags & IP_VS_SVC_F_PERSISTENT) { - printf(" -p %u", se->timeout); + printf("-A %s -s %s", svc_name, se->user.sched_name); + if (se->user.flags & IP_VS_SVC_F_PERSISTENT) { + printf(" -p %u", se->user.timeout); if (se->af == AF_INET) - if (se->netmask != (unsigned long int) 0xffffffff) { + if (se->user.netmask != (unsigned long int) 0xffffffff) { struct in_addr mask; - mask.s_addr = se->netmask; + mask.s_addr = se->user.netmask; printf(" -M %s", inet_ntoa(mask)); } if (se->af == AF_INET6) - if (se->netmask != 128) { - printf(" -M %i", se->netmask); + if (se->user.netmask != 128) { + printf(" -M %i", se->user.netmask); } } if (se->pe_name[0]) printf(" pe %s", se->pe_name); - if (se->flags & IP_VS_SVC_F_ONEPACKET) + if (se->user.flags & IP_VS_SVC_F_ONEPACKET) printf(" ops"); } else if (format & FMT_STATS) { printf("%-33s", svc_name); @@ -1918,8 +1918,8 @@ print_service_entry(ipvs_service_entry_t *se, unsigned int format, lcoreid_t cid print_largenum(se->stats.inbytes, format); print_largenum(se->stats.outbytes, format); } else if (format & FMT_RATE) { - if (se->bps > 0) { - sprintf(svc_name, "%s bps %dM", svc_name, se->bps); + if (se->user.bps > 0) { + sprintf(svc_name, "%s bps %dM", svc_name, se->user.bps); } printf("%-33s", svc_name); print_largenum(se->stats.cps, format); @@ -1928,31 +1928,31 @@ print_service_entry(ipvs_service_entry_t *se, unsigned int format, lcoreid_t cid print_largenum(se->stats.inbps, format); print_largenum(se->stats.outbps, format); } else { - printf("%s %s", svc_name, se->sched_name); - if (se->flags & IP_VS_SVC_F_SIP_HASH) + printf("%s %s", svc_name, se->user.sched_name); + if (se->user.flags & IP_VS_SVC_F_SIP_HASH) printf(" sip"); - if (se->flags & IP_VS_SVC_F_QID_HASH) + if (se->user.flags & IP_VS_SVC_F_QID_HASH) printf(" qid"); - if (se->flags & IP_VS_SVC_F_PERSISTENT) { - printf(" persistent %u", se->timeout); + if (se->user.flags & IP_VS_SVC_F_PERSISTENT) { + printf(" persistent %u", se->user.timeout); if (se->af == AF_INET) - if (se->netmask != (unsigned long int) 0xffffffff) { + if (se->user.netmask != (unsigned long int) 0xffffffff) { struct in_addr mask; - mask.s_addr = se->netmask; + mask.s_addr = se->user.netmask; printf(" mask %s", inet_ntoa(mask)); } if (se->af == AF_INET6) - if (se->netmask != 128) - printf(" mask %i", se->netmask); + if (se->user.netmask != 128) + printf(" mask %i", se->user.netmask); if (se->pe_name[0]) printf(" pe %s", se->pe_name); - if (se->flags & IP_VS_SVC_F_ONEPACKET) + if (se->user.flags & IP_VS_SVC_F_ONEPACKET) printf(" ops"); } - if (se->flags & IP_VS_CONN_F_SYNPROXY) + if (se->user.flags & IP_VS_CONN_F_SYNPROXY) printf(" synproxy"); - if (se->conn_timeout != 0) - printf(" conn_timeout %u", se->conn_timeout); + if (se->user.conn_timeout != 0) + printf(" conn_timeout %u", se->user.conn_timeout); } printf("\n"); @@ -1960,12 +1960,12 @@ print_service_entry(ipvs_service_entry_t *se, unsigned int format, lcoreid_t cid if (!(format & FMT_NOSORT)) ipvs_sort_dests(d, ipvs_cmp_dests); - for (i = 0; i < d->num_dests; i++) { + for (i = 0; i < d->user.num_dests; i++) { char *dname; - ipvs_dest_entry_t *e = &d->entrytable[i]; + ipvs_dest_entry_t *e = &d->user.entrytable[i]; - if (!(dname = addrport_to_anyname(e->af, &(e->addr), ntohs(e->port), - se->protocol, format))) { + if (!(dname = addrport_to_anyname(e->af, &(e->nf_addr), ntohs(e->user.port), + se->user.protocol, format))) { fprintf(stderr, "addrport_to_anyname fails\n"); exit(1); } @@ -1974,7 +1974,7 @@ print_service_entry(ipvs_service_entry_t *se, unsigned int format, lcoreid_t cid if (format & FMT_RULE) { printf("-a %s -r %s %s -w %d\n", svc_name, dname, - fwd_switch(e->conn_flags), e->weight); + fwd_switch(e->user.conn_flags), e->user.weight); } else if (format & FMT_STATS) { printf(" -> %-28s", dname); print_largenum(e->stats.conns, format); @@ -1993,16 +1993,16 @@ print_service_entry(ipvs_service_entry_t *se, unsigned int format, lcoreid_t cid printf("\n"); } else if (format & FMT_THRESHOLDS) { printf(" -> %-28s %-10u %-10u %-10u %-10u\n", dname, - e->u_threshold, e->l_threshold, - e->activeconns, e->inactconns); + e->user.u_threshold, e->user.l_threshold, + e->user.activeconns, e->user.inactconns); } else if (format & FMT_PERSISTENTCONN) { printf(" -> %-28s %-9u %-11u %-10u %-10u\n", dname, - e->weight, e->persistconns, - e->activeconns, e->inactconns); + e->user.weight, e->user.persistconns, + e->user.activeconns, e->user.inactconns); } else printf(" -> %-28s %-7s %-6d %-10u %-10u\n", - dname, fwd_name(e->conn_flags), - e->weight, e->activeconns, e->inactconns); + dname, fwd_name(e->user.conn_flags), + e->user.weight, e->user.activeconns, e->user.inactconns); free(dname); } free(d); @@ -2024,7 +2024,7 @@ static void list_laddrs_print_service(struct ip_vs_get_laddrs *d) if (!(vname = addrport_to_anyname(d->af, &d->addr, ntohs(d->port), d->protocol, FMT_NUMERIC))) - fail(2, "addrport_to_anyname: %s", strerror(errno)); + fail(2, "addrport_to_anyname: %s", strerror(errno)); printf("%-20s %-8u \n" , vname , d->num_laddrs); free(vname); @@ -2041,7 +2041,7 @@ static void list_laddrs_print_laddr(struct ip_vs_laddr_entry * entry) char pbuf[INET6_ADDRSTRLEN]; inet_ntop(entry->af, (char *)&entry->addr, pbuf, sizeof(pbuf)); - + printf("%-20s %-8s %-20s %-10lu %-10u\n", "", "", @@ -2053,13 +2053,12 @@ static void list_laddrs_print_laddr(struct ip_vs_laddr_entry * entry) static void print_service_and_laddrs(struct ip_vs_get_laddrs* d, int with_title) { int i = 0; - if(with_title) list_laddrs_print_title(); list_laddrs_print_service(d); for(i = 0 ; i < d->num_laddrs ; i ++){ - list_laddrs_print_laddr(d->entrytable + i); + list_laddrs_print_laddr(d->entrytable + i); } return; @@ -2075,15 +2074,12 @@ static int list_laddrs(ipvs_service_t *svc , int with_title, lcoreid_t cid) fprintf(stderr, "%s\n", ipvs_strerror(errno)); return -1; } - if (!(d = ipvs_get_laddrs(entry, cid))) { fprintf(stderr, "%s\n", ipvs_strerror(errno)); free(entry); return -1; - } - + } print_service_and_laddrs(d, with_title); - free(entry); free(d); @@ -2093,7 +2089,7 @@ static int list_laddrs(ipvs_service_t *svc , int with_title, lcoreid_t cid) static int list_all_laddrs(lcoreid_t cid) { - struct ip_vs_get_services *get; + struct ip_vs_get_services_app *get; struct ip_vs_get_laddrs *d; int i; int title_enable = 1; @@ -2102,21 +2098,18 @@ static int list_all_laddrs(lcoreid_t cid) fprintf(stderr, "%s\n", ipvs_strerror(errno)); return -1; } - - for (i = 0; i < get->num_services; i++){ - if(!(d = ipvs_get_laddrs(&(get->entrytable[i]), cid))) { + for (i = 0; i < get->user.num_services; i++){ + if(!(d = ipvs_get_laddrs(&(get->user.entrytable[i]), cid))) { free(get); fprintf(stderr, "%s\n", ipvs_strerror(errno)); return -1; } - + if(i != 0) title_enable = 0; print_service_and_laddrs(d, title_enable); - free(d); } - free(get); return 0; @@ -2168,7 +2161,7 @@ static int list_blklst(uint32_t addr_v4, uint16_t port, uint16_t protocol) static int list_all_blklsts(void) { - struct ip_vs_get_services *get; + struct ip_vs_get_services_app *get; int i; if (!(get = ipvs_get_services(0))) { @@ -2177,10 +2170,9 @@ static int list_all_blklsts(void) } list_blklsts_print_title(); - for (i = 0; i < get->num_services; i++) - list_blklst(get->entrytable[i].__addr_v4, get->entrytable[i].port, - get->entrytable[i].protocol); - + for (i = 0; i < get->user.num_services; i++) + list_blklst(get->user.entrytable[i].user.__addr_v4, get->user.entrytable[i].user.port, + get->user.entrytable[i].user.protocol); free(get); return 0; } @@ -2203,12 +2195,12 @@ static void list_service(ipvs_service_t *svc, unsigned int format, lcoreid_t cid static void list_all(unsigned int format, lcoreid_t cid) { - struct ip_vs_get_services *get; + struct ip_vs_get_services_app *get; int i; if (!(format & FMT_RULE)) printf("IP Virtual Server version %d.%d.%d (size=%d)\n", - NVERSION(ipvs_info.version), ipvs_info.size); + NVERSION(g_ipvs_info.version), g_ipvs_info.size); if (!(get = ipvs_get_services(cid))) { fprintf(stderr, "%s\n", ipvs_strerror(errno)); @@ -2219,8 +2211,8 @@ static void list_all(unsigned int format, lcoreid_t cid) ipvs_sort_services(get, ipvs_cmp_services); print_title(format); - for (i = 0; i < get->num_services; i++) - print_service_entry(&get->entrytable[i], format, cid); + for (i = 0; i < get->user.num_services; i++) + print_service_entry(&get->user.entrytable[i], format, cid); free(get); } diff --git a/tools/keepalived/.github/ISSUE_TEMPLATE/bug_report.md b/tools/keepalived/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 000000000..53735c6cd --- /dev/null +++ b/tools/keepalived/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,43 @@ +--- +name: Bug report +about: Create a report to help us improve keepalived +title: '' +labels: '' +assignees: '' + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Any steps necessary to reproduce the behaviour: + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Keepalived version** +Output of `keepalived -v` + +**Distro (please complete the following information):** + - Name [e.g. Fedora, Ubuntu] + - Version [e.g. 29] + - Architecture [e.g. x86_64] + +**Details of any containerisation or hosted service (e.g. AWS)** +If keepalived is being run in a container or on a hosted service, provide full details + +**Configuration file:** +A full copy of the configuration file, obfuscated if necessary to protect passwords and IP addresses + +**Notify and track scripts** +If any notify or track scripts are in use, please provide copies of them + +**System Log entries** +Full keepalived system log entries from when keepalived started + +**Did keepalived coredump?** +If so, can you please provide a stacktrace from the coredump, using gdb. + +**Additional context** +Add any other context about the problem here. diff --git a/tools/keepalived/.github/ISSUE_TEMPLATE/feature_request.md b/tools/keepalived/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 000000000..2e71bc0c8 --- /dev/null +++ b/tools/keepalived/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,26 @@ +--- +name: Feature request +about: Suggest an enhancement for keepalived +title: '' +labels: '' +assignees: '' + +--- + +**Is your feature request to resolve a problem or provide enhanced functionality? Please describe.** +A clear and concise description of what the problem is. + +**Describe the solution you would like** +A clear and concise description of what you would like to happen. + +**Describe alternatives you have considered** +A clear and concise description of any alternative solutions or features you have considered. + +**Would the feature request be of benefit only to you, or is it more generally applicable?** +If it would benefit others please describe how. + +**Keepalived version** +Output of `keepalived -v` (the feature may already be supported in a later version). + +**Additional context** +Add any other context about the feature request here. diff --git a/tools/keepalived/.github/ISSUE_TEMPLATE/support-help-request-template.md b/tools/keepalived/.github/ISSUE_TEMPLATE/support-help-request-template.md new file mode 100644 index 000000000..915bd755e --- /dev/null +++ b/tools/keepalived/.github/ISSUE_TEMPLATE/support-help-request-template.md @@ -0,0 +1,42 @@ +--- +name: Support/help request template +about: Title of what you need help/support for +title: '' +labels: '' +assignees: '' + +--- + +_Support requests should be sent to_ keepalived-devel@lists.sourceforge.net + +**Describe why you are unable to send the support request to the above email list** +Understanding why you cannot use the email list should help us improve it. + +**Describe what you need help/support for** +A clear and concise description of what you need help with. + +**Details of what you would like to do with keepalived** +Describe in details what you would like to achieve with keepalived + +**Keepalived version** +Output of `keepalived -v` (a later version of keepalived might be needed). + +**Distro (please complete the following information):** + - Name [e.g. Fedora, Ubuntu] + - Version [e.g. 29] + - Architecture [e.g. x86_64] + +**Details of any containerisation or hosted service (e.g. AWS)** +If keepalived is being run in a container or on a hosted service, provide full details + +**Configuration file:** +Full copy of your configuration file, obfuscated if necessary to protect passwords and IP addresses + +**Notify and track scripts** +If any notify or track scripts are in use, please provide copies of them + +**System Log entries** +Full keepalived system log entries from when keepalived started, if applicable + +**Additional context** +Add any other context about the problem here. diff --git a/tools/keepalived/.github/ISSUE_TEMPLATE/use-for-any-other-issue.md b/tools/keepalived/.github/ISSUE_TEMPLATE/use-for-any-other-issue.md new file mode 100644 index 000000000..93cd8f82a --- /dev/null +++ b/tools/keepalived/.github/ISSUE_TEMPLATE/use-for-any-other-issue.md @@ -0,0 +1,43 @@ +--- +name: Use this for any other issue +about: Please use this rather than 'Open a regular issue' below +title: '' +labels: '' +assignees: '' + +--- + +**Describe the issue** +A clear and concise description of what the issue is. + +**To Reproduce** +Any steps necessary to reproduce the behaviour: + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Keepalived version** +Output of `keepalived -v` + +**Distro (please complete the following information):** + - Name [e.g. Fedora, Ubuntu] + - Version [e.g. 29] + - Architecture [e.g. x86_64] + +**Details of any containerisation or hosted service (e.g. AWS)** +If keepalived is being run in a container or on a hosted service, provide full details + +**Configuration file:** +A full copy of the configuration file, obfuscated if necessary to protect passwords and IP addresses + +**Notify and track scripts** +If any notify or track scripts are in use, please provide copies of them + +**System Log entries** +Full keepalived system log entries from when keepalived started + +**Did keepalived coredump?** +If so, can you please provide a stacktrace from the coredump, using gdb. + +**Additional context** +Add any other context about the problem here. diff --git a/tools/keepalived/.gitignore b/tools/keepalived/.gitignore new file mode 100644 index 000000000..e2a4ac540 --- /dev/null +++ b/tools/keepalived/.gitignore @@ -0,0 +1,48 @@ +*.orig +*.rej +*.o +*.a +README +bin/ +keepalived.spec +*~ +*.swp +.dir-locals.el +keepalived-*.tar.gz + + +# http://www.gnu.org/software/automake +Makefile +Makefile.in + +# http://www.gnu.org/software/autoconf +/ar-lib +/autom4te.cache +/autoscan.log +/autoscan-*.log +/aclocal.m4 +/compile +/config.cache +/config.h.in +/config.log +/config.status +/configure.scan +/depcomp +/install-sh +/missing +stamp-h? + +.deps/ + +/tmp/ +/devel/ + +# To be able to build without automake/autoconf comment out the following +lib/config.h.in +/configure + +# For snap builds +parts/ +prime/ +stage/ +keepalived*.snap diff --git a/tools/keepalived/.indent.pro b/tools/keepalived/.indent.pro new file mode 100644 index 000000000..9864f418c --- /dev/null +++ b/tools/keepalived/.indent.pro @@ -0,0 +1,8 @@ +-kr +-i8 +-ts8 +-sob +-l80 +-ss +-bs +-psl diff --git a/tools/keepalived/.travis.yml b/tools/keepalived/.travis.yml new file mode 100644 index 000000000..df0edd9a8 --- /dev/null +++ b/tools/keepalived/.travis.yml @@ -0,0 +1,47 @@ +git: + depth: 5 + +language: c +compiler: gcc +os: linux +dist: xenial + +addons: + apt: + packages: + - libsnmp-dev + - iptables-dev + - libipset-dev + - libnfnetlink-dev + - libnl-3-dev + - libnl-genl-3-dev + - libnl-route-3-dev + - libssl-dev + - libmagic-dev + - libglib2.0-dev + - libjson-c-dev + - libpcre2-dev + - libmnl-dev + - libnftnl-dev + update: true + +install: + - autoreconf -W portability -visf + +before_script: + - ./test/ci/setup.sh + +script: + - ./test/ci/build.sh + +env: + matrix: + - KEEPALIVED_CONFIG_ARGS="" + - KEEPALIVED_CONFIG_ARGS="--enable-snmp --enable-snmp-rfc --enable-json --enable-dbus --disable-checksum-compat --enable-bfd --enable-asserts" + - KEEPALIVED_CONFIG_ARGS="--enable-sha1 --enable-dbus --enable-dbus-create-instance --disable-dynamic-linking --disable-fwmark --disable-lvs-syncd --enable-snmp-vrrp --enable-timer-check --disable-iptables --disable-nftables --disable-track-process" + - KEEPALIVED_CONFIG_ARGS="--enable-dynamic-linking --disable-vrrp-auth --enable-snmp-rfc --disable-snmp-reply-v3-for-v2 --disable-nftables" + - KEEPALIVED_CONFIG_ARGS="--disable-libiptc --disable-libnl --enable-snmp-checker" + - KEEPALIVED_CONFIG_ARGS="--enable-conversion-checks --enable-stacktrace --enable-mem-check --enable-mem-check-log --disable-lvs-64bit-stats --enable-snmp-rfcv2" + - KEEPALIVED_CONFIG_ARGS="--disable-lvs --enable-snmp-vrrp --enable-snmp-rfc --enable-json --enable-sha1 --enable-dbus --disable-routes --enable-bfd --disable-iptables --disable-linkbeat" + - KEEPALIVED_CONFIG_ARGS="--disable-vrrp --enable-snmp-checker --enable-sha1 --enable-regex" + - KEEPALIVED_CONFIG_ARGS="--disable-hardening --enable-dump-threads --enable-epoll-debug --enable-snmp-rfcv3 --enable-log-file --disable-libipset" diff --git a/tools/keepalived/CONTRIBUTORS b/tools/keepalived/CONTRIBUTORS index de4fdcc11..0dff03f2b 100644 --- a/tools/keepalived/CONTRIBUTORS +++ b/tools/keepalived/CONTRIBUTORS @@ -22,7 +22,7 @@ Kevin Lindsay, : o Redesigned signal handling. Nick Couchman, : - o Patch for u_threshold and l_threshold support. + o Patch for u_threshold and l_threshold support. Willy Tarreau, : o Extended VRRP framework to support floating diff --git a/tools/keepalived/ChangeLog b/tools/keepalived/ChangeLog index 83537e856..dc3022103 100644 --- a/tools/keepalived/ChangeLog +++ b/tools/keepalived/ChangeLog @@ -1,3 +1,6209 @@ +2019-10-19 Alexandre Cassen + * keepalived-2.0.19 + * Allow persistence, scheduler and flags of VS to be changed on reload + A virtual server is identified by its IP address, protocol and port, + or the firewall mark and address family, and not by the persistence + settings or scheduler and scheduler flags. When comparing virtual + servers on a reload, don't check persistence and scheduler settings + match, but update them if necessary. + * Ignore default RS settings when comparing VSs after reload + Various default settings for real servers belonging to a virtual + server can be configured against a virtual server. These settings + should be ignored when comparing virtual servers following a + reload. Any differences in real server settings will be handled + separately. + * Clarify what IPVS persistence engines are supported in man page + * Allow RS forwarding method to be changed on reload + A real server is identified by its IP address and port, and not by + the forwarding method. When comparing real servers on a reload, don't + check the forwarding method, but update it if necessary. + * Check address family when comparing fwmark VSs on reload + * Update test tcp server + * Allow more than one BFD instance with a neighbour + This commit now checks both the neighbour address and the source/local + address when finding a BFD instance. This means that more than one BFD + instance can be set up with the same neighbour, so long as a different + local address is used. + * Make PID files group and world readable + Issue #1378 identified that PID files were created without group + and work read in the file permission bits being set, due to the umask. + This was causing a problem, since a non-root user was needing to read + the PID file. + This commit now forces the file permissions of PID files to be: + owner=rw, group=r, other=r. + * Fix erroneous error message when creating IPv4 ipvlan interfaces + The code was checking for a return value != -1 to identify an error, + whereas it should have been checking for return value != 1. + * Ignore reloading signals till signal_init call + * fix bug in vrrp_json_track_ifp_dump() + * Fix handling unknown user in MISC_CHECK + If the user was unknown, it wasn't dequeuing the new checker, resulting + in a subsequent coredump. + * Fix ~SEQ handling + Commit 47b2207 - "Add const attribute where appropriate in config parser + code" broke handling of ~SEQ, due to including one extra character at the + end of the sequence variable name. + This commit corrects the length of the variable set as part of the ~SEQ + processing. + * Revert "Fix route add/delete on reload if only change via address" + This reverts commit f54c2e8294c6f2080c3ae951ba25bf40d5b8d211. + The commit did the wrong thing: the via address is not part of the + key of the route. + The problem was that if it detected it already had a route with the + same key, it replaced the route, but with the old route and not the + new one. The next commit will rectify this. + * Correct handling of replacing routes on reload + Issue #1390 identified that a route with a changed source address + wasn't being changed on reload, and identified that the problem was + related to issue #1220. + It turns out that commit f54c2e8 which resolved issue #1220 was not + the correct fix. The problem was that when reloading, if a new route + matched an old route, the old route was replaced with the OLD route + (i.e. it did nothing), rather than replacing it with the NEW route. + This commit now replaces the old route with the new route. + * Add addresses/routes/rules in that order and delete in reverse order + Routes can requires addresses to exist in order to be able to add them, + and rules determine which routes are used. + * Fix not logging error on deletion of expired route + * Make netlink_route() return bool, and add some LIST_FOREACH + * Handle changing virtual route to use new VIP on reload + During a reload, routes replacing existing routes are replaced, as + opposed to deleted and added; this avoids the route disappearing for + a short while. However, if a new route uses a VIP that didn't exist + in the old configuration then the route replacement will fail. + The code is now changed so that it attempts to replace the route, but + if that fails, it deletes the old route and later adds the new route + after the new VIPS have been added. + * Don't log EPOLLERR or EPOLLHUP - they can occur with TCP_CHECK + * Fix tcp_server getopt() handling + * Properly handle MISC_CHECK script returning exit status 0 + If a MISC_CHECK script returned an exit status >= 2, and then the + script returns 0, the weight of the real server was not updated + following the script returning 0, and the quorum also wasn't updated. + This commit makes keepalived update the weight of a real server and + the quorum following a MISC_CHECK returning a 0 exit status. + This is a change of behaviour for MISC_CHECKs whose scripts return + an exit status >= 2 subsequently followed by an exit status of 0. + However, the new behaviour is consistent with the documentation and + is also the behaviour that would be expected. Some users may need to + modify their MISC_CHECK scripts if the scripts return an exit code >= 2 + and subsequently return an exit code of 0 expecting that to mean that + the status hasn't changed. + * Correct documentation re range of values for Virtual Router ID + The valid range of values for the VRID is 1 to 255, and does not + include 0. + * Handle script timeouts when child process has terminated + Issue #1364 identified that if a track script timed out and the kill + of the process failed to to its exit status already having been reaped, + keepalived would never run the track scripts again. It transpires that + the same problem existed with MISC_CHECK scripts. + The commit now ensures that after the timeout the script will be set + to idle state, so that it can be run again. + * Clear thread_master current_event when cleanup thread_master + The current_event was left pointing to an event that had been deleted, + with the consequence that if the next epoll event matched the outdated + current_event, that outdated event could be used. + This commit clears the current_event when the thread_master is cleaned up. + * Add errno numbers to some bfd error messages, rather than just text + Although the strerror() text is helpful, it is often useful just to + know the error number. + * Enable FIFOs to receive initial fault notifications at startup + Issue #1399 identified that if a track_file caused a VRRP instance + to start in fault state, there was no notification of the fault sent + to the notify FIFOs. + This commit implements the suggestion of chenwng in issue #1399 and + moves the opening of the notify FIFOs to earlier in the init process. + * Resolve incorectly identified Coverity error + * Define VRRP and BFD initialisms + * Add support for nftables blocking IGMP/MLD packets on VMAC interfaces + Issue #882 identified that VRRP instances using VMACs sent IGMP/MLD + packets using the MAC address of the VMAC interface even when the + vrrp instance was in backup state. This meant that switches would + update what interface the VRRP MAC address was on to the backup + instance, thereby meaning that until the master instance sent another + advert, packets destined to be forwarded by the master instance would + be delivered to the backup instance and lost. + This commit adds support to use nftables to stop the packets being + send from the VMAC interface (and thereby using the 00:00:5e:00:0x:xx + MAC address), and instead the packets are sent on the parent interface. + How this is acheived depends on whether the kernel supports the dup + statement; if it does the IGMP messages are simply moved from the VMAC + interface to the parent interface otherwise the join groups are done on + both the VMAC interface and the parent interface, and nftables drops + the join messages on the VMAC interface. + This functionality might be better implemented using eBPF, but older + systems don't support that, and I still need to work out how to use + eBPF. + * Add support for using iptables to block VMAC IGMP/MLD messages + Commit b10bbfc2a added support for using nftables to block + IGMP/MLD messages being sent VMAC interfaces. This commit adds + the equivalent functionality using iptables. + * Improve checking of incompatible configure options + * Fix Travis-CI build errors + * Don't attempt to remove IGMP blocking iptables rules for IPVLANs + We don't block IGMP/MLD for IPVLANs so there are no rules to remove. + * Turn off nftables mnl debug logging + * Don't log an error when deleting nonexistant nftable at startup + Since there is no native flush command to the kernel to delete all + the rules, sets, meters etc in a table, we just delete the table, + and if the table doesn't exist an error is returned. + This commits stops the error being logged, since it isn't an error + of interest. + * Minor tidying up of setting up nftables + * Fix error when setting up nftables with eVIPs from other family + The sequence number of nftables netlink messages was getting out + of order when a VRRP instance had both IPv4 and IPv6 entries. + This is now resolved by checking for the existance of residual + tables of both families when keepalived first checks for residual + tables. + * Remove some duplicate nftables code + * Remove inhibit_on_failure from keepalived.conf(5) man page + The inhibit_on_failure keyword does not apply to checkers, and is + not implemented for them. + * Remove vi swap file erroneously included in previous commit + * Add additional logging of reasons for vrrp instances going to fault + Pull request #1353 suggested adding additional logging for reasons + for vrrp instances going to fault state at startup, and for track + file status changes. + This commit merges those changes, fixes one error, and only logs + track file status changes if the -D option (log detail) is set. + * Make skip_check_adv_addr work properly + Keepalived was checking the received advert packet length against + the expected length based on the number of VIPs configured on the + vrrp instance. This commit changes the check so that the received + packet length is checked against the number of VIPs in the VRRP + packet header, thereby ensuring that the advert packet is self + consistent. + The check for the number of addresses is now only done if + skip_check_adr_addr is not set (which matches what the RFC says). + Note: skip_check_adv_addr only skips the check of VIPs in a received + packet if the advert is received from the same master as the previous + advert. + With this commit, if skip_check_adv_addr is set, it is possible to + reload a master instance with a different number of VIPs, and then + subsequently reload the backup instance, without the backup instance + becoming master due to the mismatch of the number of VIPs. + +2019-07-26 Alexandre Cassen + * keepalived-2.0.18 + * Set NA_ROUTER flag in gratuitous NA messages appropriately. + Previously keepalived checked the IPv6 forwarding state of the interface/ + parent interface of a VRRP instance, and used that for all GNA messages. + However, if addresses are configured on different interfaces, it should + be the setting for the address's interface that is used. + * Fix memory leak with dbus_instance_name. + * Make set_value() add entry for memcheck identifying where called. + * Add configure option --enable-checksum-debug. + Issue #1175 identified that intermittently they were getting VRRPv3 + checksum errors. The maintainers of keepalived were unable to reproduce + the problem despite extensive testing, and so a special patch was produced + to check and log any checksum changes from previous adverts sent or received. + Almost two months later there has been no feedback. The patch has now been + forward ported from v2.0.12 to v2.0.17 and is included here, enabled by + --enable-checksum-debug option, so that if there are ever any checksum problems + in the future this code can be used to ascertain what is happening. + * Fix configuring LVS sync daemon in backup state. + Commit eb929f8 - "Stop LVS sync daemon on shutdown" moved shutting + down the LVS sync daemon to the wrong place, so that it was called + whenever a VRRP instance transitioned out of master state. This + commit moves the shutting down of the sync daemon to shutdown phase 1, + and it is shutdown before the VRRP instances are shut down. + * Increase open file limit for checker process if no of checkers need it. + TCP, HTTP/SSL, DNS and SMTP checkers all use a socket. If there is a + sufficiently large number of checkers, the default open file limit may + be exceeded. This commits counts the number of such checkers, and also + thr number of smtp_alerts, and if necessary increases the open file limit + to allow them all to run at once. + * Ensure MISC_CHECK processes don't get increase open file limit. + * When checking number of open files for vrrp process, allow for smtp + alerts. + * Combine checker set_max_file_limit() and set_vrrp_max_fds() common + code. + * DNS_CHECK: correct error info in dns_type_handler func. + Sometimes, users set two type values by mistake in keepalived.conf, + and the first is right and the second one is not in DNS_TYPE[]. + Then the dns_check->type is set successfully when parsing first type value + , which may be different from the default SOA. As for the second one, + the dns_type_handler func will print error info "Defaulting to SOA", + actually, currently the dns_check->type may be not equal to SOA. + Here, we will print the dns_type_name(dns_check->type) instead of "SOA". + * Simplify restoring RLIMIT_NOFILE for child processes. + * Simplify handling incorrect dns_check type. + * Add missing track_process documentation to keepalived.conf(5) man + page. + * Add weight "reverse" feature to track_bfd. + The reverse feature allows reducing the priority when the tracker is up + and reducing the priority when the tracker is down. + * Add weight "reverse" feature to track_interface. + The reverse feature allows reducing the priority when the tracker is up + and reducing the priority when the tracker is down. + * Add weight "reverse" feature to track_script. + The reverse feature allows reducing the priority when the tracker is up + and reducing the priority when the tracker is down. + * Update alloc_track_file() and alloc_group_track_file() to be + consistent. + * Allow reverse tracking with weight 0. + This allows a vrrp instance to go to fault state if an interfaces is UP, + or a track script or bfd instance is up, or a track process has achieved + quorum, and down otherwise. + * Fix reverse on track_script when configured on sync group and instance + If a track script was configured on both a vrrp instance and the sync + group that the instance was configured in, then the reverse setting + wasn't being properly carried forward. + * Add weight "reverse" feature to track_file. + The reverse feature allows reducing the priority when the tracker is up + and increasing the priority when the tracker is down. + * Make track_bfd reverse handling consistent with other trackers. + * Add track weight reverse to SNMP output. + * Add vrrp track_bfd details to SNMP output. + * Add vrrp track_process details to SNMP output. + * Disallow --enable-track-process-debug with --disable-track-process. + * Add conditional compilation around track_bfd/process SNMP code. + * Remove duplicate code for parsing vrrp and sync group trackers. + The code for parsing trackers for vrrp instances and sync groups + was to all intents and purposes identical, so this commit now uses + common code for both of them. + * sll_protocol should be set to 0x806. + Some times , send the gratuitous ARP message should set sll_protocol, + let some drivers can evaluate which protocol we use. + * Neighbor discovery set sll_protocol. + * Fix SNMP VRRPv3 IP address OIDs returned. + The OIDs returned for SNMPv3 addresses were incorrectly formatted, + including one extra subid that was the length of the IP address. + * Don't use numeric values of address lengths for VRRP SNMP v3. + * Stop returning not-accessible fields for v2 SNMP. + * Stop return not-accessible fields for v3 SNMP. + * Use common code for VRRP tracker SNMP output. + Many functions were using the same, fairly large, code block to do + the same thing. These are now standardised to use the new function + snmp_find_element(). + * make some vrrp snmp function parameters const. + * Make virtual_server_t vsgname const. + * Fix SNMP reporting of virtual server group fwmark and address + ranges. + * More SNMP fixes for virtual server group fwmark and address ranges. + * If virtual server is fwmark and rs's tunnelled, default to IPv4. + If a virtual server uses a fwmark, and all the real servers are + tunnelled, the address family could be IPv4 or IPv6. If the family + is not specified, default to IPv4 (to match behavious of ipvsadm). + * Make LIST_SIZE safe to use if list is not assigned. + * Optimisations to snmp_header_list_table(). + * Optimisations to snmp_find_element(). + * Further optimisation to snmp_find_element(). + * Add support for IPVS GUE tunnel type + This functionality was introduced in Linux 5.2. + To view the IPVS setup with ipvsadm requires ipvsadm v1.30 plus + commits 2347b504e3ce and c3c2c3c6ae12e3. + * Add support for IPVS GUE tunnel checksum option. + The kernel functionality is scheduled for Linux 5.3. + * Add support for IPVS GRE tunnels. + The kernel functionality is scheduled for Linux 5.3. + In addition to the ipvsadm patch requirements identified for GUE + tunnels, the patch at + * Add pure attribute to http_get_check_compare(). + GCC was suggesting adding the pure attribute to http_get_check_compare() + so let's do so. + * Resolve warnings from gcc 9.1.1. + * Resolve all outstanding coverity issues. + * Fix use of getrandom() in BFD rand_intv(). + * When resetting priority of child process, don't change parent's priority + Issue 1358 identified that it was the priority of the parent process, + rather than the child process, that was being reset. This commit corrects + that and resets the priority of the child process. + * Add missing bfd_instance vrrp and checker keyword documentation. + * Don't send bfd events to vrrp or checker process if no + configuration. + If there is no vrrp configuration, or no checker configuration, there + is no point sending bfd_event notifications to the relevant processes. + Actually, since the processes may not be running, sending such + notifications can cause the pipes to become full, so it is necessary, + as well as desirable, not to write events to the pipes in those + circumstances. + * Revert use of getrandom() for bfd jitter. + This can be called up to 1000 times a second per bfd instance, and + so risks emptying the entropy pool. + * Use random() rather than rand() in bfd rand_intv(). + The rest of keepalived uses random(), so this changes creates more + consistency. + * Allow bfd discriminator to be an odd number. + rand_intv(1, UINT32_MAX) was always returning an even number, since + RAND_MAX == UINT32_MAX / 2. This commit sets the lsb of the discriminator + to the lsb of the current time in seconds. + * Ensure BFD source port in range 49152..65535. + RFC5881 requires the source port for BFD packets to be in the above + range, but keepalived was allowing the port to be randomly generated + by the kernel, and hence could be outside the range. + This commit sets the permitted port range to the intersection of + [49152, 65535] and the values in /proc/sys/net/ipv4/ip_local_port_range, + unless the intersection is too small, in which case it just uses the BFD + specified values. + keepalived generates a random port number in the required range, and then + loops through the range starting from the random port number until it + finds one it can bind to. + * Resolve coverity resource leak issue 218872. + * Resolve coverity Resource leak issue 218875. + * Resolve coverity Resource leak issue 218876. + * Resolve coverity Unexpected control flow issue 218873. + * Change code to avoid coverity String length miscalculation issue 218874 + The code was correct, but as coverity points out, strlen(str + 1) is more + likely to be an error for strlen(str) + 1, so avoid the use of the former + construct. + +2019-06-25 Alexandre Cassen + * keepalived-2.0.17 + * Add support to define CPU affinity for vrrp, checker & bfd processes + Created 3 new configurations keywords to set CPU affinity of Keepalived + processes : vrrp_cpu_affinity, checker_cpu_affinity & bfd_cpu_affinity + This option can be used to force vrrp, checker and bfd processes to run + on a restricted CPU set. You can either bind processes to a single CPU + or define a set of cpu. In that last case Linux kernel will be restricted + to that cpu set during scheduling. Forcing process binding to single CPU + can increase performances on heavy loaded box. for example: + "vrrp_cpu_affinity 2" will force vrrp process to run on cpu_id 2 + "vrrp_cpu_affinity 2 3" will retrict kernel scheduling decision over + cpu_id 2 & 3. + * correct syntax error when _HAVE_VRRP_VMAC_ && no HAVE_IFLA_LINK_NETNSID. + * Stage libmnl and libnftnl4. + * Add dynamic download of kernels using scriplets Also added + Linux 5.0.0 build. + * Example build using EOL kernel from old-releases. + * Modify snapcraft.yaml to dynamically source correct kernel versions. + * dump processes CPU Affinity while dumping global conf. + Add support to dump CPU Affinity for each Keepalived processes where + CPU Affinity has been changed by configuration. + * Don't enclose /dev/tcp/127.0.0.1/22 in ' chars when running as script + RedHat identified a problem with scripts like: + vrrp_script { + script "' resolves the problem. + * Add support for use_ipvlan (use an ipvlan i/f similar to use_vmac) + Issue #1170 identified that use_vmac didn't work with systemd-networkd + since systemd-networkd was removing IP addresses created by keepalived + (and any other application). It was discovered that systemd-networkd + did not remove IP addresses from ipvlans. + This commit adds support for ipvlans, but to work around the problem, + and because it might have other uses. + Systemd commit - https://github.com/systemd/systemd/pull/12511 has added + configuration options to stop systemd-networkd removing IP addresses + added by other applications, but it is not merged yet, and it will be a + while before all the distros merge it. + * Fix building with ipvlans before IFLA_IPVLAN_FLAGS was defined. + * Default IPVLANs to bridge mode + We shouldn't change the behaviour if a kernel is upgraded, so + default to the original mode supported. + * Ensure that -lm linker library flag is always set + configure was testing whether it was necessary to add the -lm option, + but for some reason gcc adds it itself if -Os is not specified, but + does not add it if -Os is specified. Consequently if configure was + run without -Os, and make was run with -Os the link failed. + The commit ensures that -lm is always used. + * Handle checking for -Wl,-z,relro and -Wl,-z,now properly. + * Honour CFLAGS, CPPFLAGS, LDLIBS and LDFLAGS settings when configure runs. + * Propogate CFLAGS, CPPFLAGS, LDFLAGS and LDLIBS from configure to make files + Make sure any settings in CFLAGS etc at the time configure is run are added + to the Makefiles, to ensure that the make is run in the same environement + that configure is run in. + * Use CFLAGS, CPPFLAGS, LDFLAGS and LDLIBS correctly + Use the correct variable for the relevant option type, e.g. -llib + should be in LDLIBS, not LDFLAGS, and -Ddefn should be in CPPFLAGS + not CFLAGS. + * Fix non-ipvlan interfaces broken by adding ipvlans. + * Check bfd instance name length before copying. + * Add lib/container.h to avoid duplicate definition of container_of. + * Revisited code to use const declaration where appropriate. + * Add STRDUP/STRNDUP functions. + * Add FREE_CONST, FREE_CONST_ONLY and REALLOC_CONST. + * Change thread_t * to thread_ref_t except in thread handler code + Treat the thread reference as a handle, so that the only code that + manipulates thread structures is in the scheduler. + * Add STRDUPs in check_data. + * Add STRDUP in bfp parser code. + * -U flags should be included in CPPFLAGS + * Update track_process documentation. + Issue #1265 requested further clarify regarding the track_process + process specification and use of quote marks. + * Fix building on Linux 3.13 (required for building snaps) + * Ensure 4 extra parameters are set for notify scripts with no shebang. + * Streamline functions returning string matching a define. + * Make addattr8/16/32/64 and rta_addrattr8/16/32/64 inline functions + Since these functions simply call addattr_l/rta_addattr_l, making the + functions inline removes the overhead of one function call. + * Add genhash option -P to select HTTP 1.1 or 1.0 with Connection: close + Max Kellerman (max.kellermann@gmail.com) submitted pull request #1260 + to add "Connection: close" to the HTTP header sent by genhash. In order + to maintain backwards compatibility, this has been implemented as an + option '-P 1.0C'. In addition, '-P 1.1' requests that a version 1.1 + header is sent (which includes 'Connection: close'). + * Add http_protocol option for HTTP_GET and SSL_GET checkers. + To be consistent with commit 2ff56f5 - "Add genhash option -P + to select HTTP 1.1 or 1.0 with Connection: close", this commit + adds the http_protocol keyword for HTTP_GET and SSL_GET checkers. + 'http_protocol 1.0C' adds 'Connection: close' to a 1.0 header, and + 'http_protocol 1.1' sends an HTTP/1.1 header, which includes the + 'Connection: close' option. + * Tidy up the recieve message processing code loops in genhash. + * Add genhash -t timeout option. + * Simplify thread process in genhash after send HTTP request. + * support http status_code group + The origin status_code only support one specific code, now we can + support http status_code of the same class. That's to say, we can + use 1xx to represent 100-199, 2xx means 200-299 ans so on. + eg: The configure as follows: + url { + path /index.html + status_code 2xx 3xx + } + which means we consider all status_code range in [200,399] is ok. + Of course the following configure is either 200 or [300,399] is ok. + url { + path /index.html + status_code 2xx 3xx + } + * Fix compiler warnings introduced in commit c7c23a2 + Commit c7c23a2 - "support http status_code group" introduced + two compiler warnings, due to isdigit() being undeclared, and + a shadows declaration. These warnings are now resolved. + * Use standard bit testing and setting functions + Commit c7c23a2 - "support http status_code group" added additional + bit testing and setting functions, rather than using the already + defined ones in bitops.h. + This commit also resolves the assumption that longs are 64 bits, and + will allow the code to work with longs of any length. + The original commit would cause all status codes 100 to 599 to be + written when the configuration was dumped, regardless of whether + the specific codes were set. This commit now writes the status codes + in ranges. + Finally, if no status code is configured, it sets the bits for the + default status codes (200-299). + * Change how http status codes are configured + Commit c7c23a2 - "support http status_code group" allowed status codes to + be specified as 2xx, meaning 200-299. This commit changes the configuration + so that 2xx etc is no longer used, but status code ranges can be specified, + e.g. status_code 150 180-189 200-299 503 510-520 + * Update documentation for commit c7c23a2. + * Fix a memory leak and duplicate free in HTTP_GET checker. + * Fix sending SMTP alerts + Issue #1275 identified that SMTP alerts were not working. The SMTP alerts + were broken by commit 5860cf2 - "Make checker fail if ENETUNREACH returned + by connect()", since the SMTP state machine was not updated to handle the + addition value in enum connect_result. + This commit adds code to handle the additional enum, but also makes the + code less sensitive to such changes, and more likely to produce compiler + warnings/errors if appropriate updates are not done in the future. + * Fix various compilation warnings with certain configure options. + * Update location of PID file to match Filesystem Hierarchy Standard v3.0 + Issue #1277 identified that PID files should be created in /run rather + than /var/run, and that systemd logged a warning if the service file + specified PIDFile under /var/run. + This commit now makes keepalived use the appropriate directory for PID + files as determined by configued (rather than doing its own thing), and + configure now uses /run in preference to /var/run. + * Stop LVS sync daemon on shutdown + The shutdown of the sync daemon was delayed to phase 2 of the shutdown + which meant that the controlling VRRP instance could never be in the + master state. We now stop the sync daemon in phase 1, when the VRRP + instance is transitioned out of master state. + * Use -isystem rather than -I for path to kernel headers + Using -isystem rather than -I allows the dispensation for some warnings + to system headers to apply to the kernel header tree we are specifying. + This stops some warnings that would not occur with kernel headers under + /usr/include but that were being generated when -I was used (it + nevertheless has helped identify two bugs). + * Ensure check system headers for definition of NFT_TABLE_MAXNAMELEN + Prior to Linux 4.1 NFT_TABLE_MAXNAMELEN was not defined, but we must + include linux/netfilter/nf_tables.h before checking whether it is + defined or not! + * Improved configure testing for + * Add warning -Wwrite-strings and resolve new warnings. + * Add -Wdouble-promotion and resolve new warnings. + * Add -Wformat-signedness and resolve new warnings. + * Fix building on Ubuntu 16.04 with --disable-vrrp + The addition of including was needed on Ubuntu 16.04, + whereas it wasn't necessary on Fedora or Debian. + * Explicitly include where print format names are used. + * Add more -Wformat-* options and resolve new warnings. + * Add -Wframe-larger-than=5120 + The largest frame is just under 4200 bytes (which may be more than we + want anyway), but adding this warning will at least tell us if a stupidly + large frame is created in the future. + * Fix spelling of -Wmissing-field-initializers. + * Fix definition of PRI_rlim_t generated by configure on 32 bit systems. + * Rseolve warning re >=0 comparison for unsigned value. + * add min max judge + Although even if min > max, the code works well. We better to print + the error config to let the user know this. + * Ensure correct definition of MAX_ADDR_LEN is used + defines MAX_ADDR_LEN as 7, and + defines MAX_ADDR_LEN as 32. We need to ensure we have the longer one. + * update doc samples of keepalived.conf.status_code. + * Fix compiling on Alpine Linux 3.7. + * Update list of packages to install on Alpine Linux. + * Send GARP/NA message when leaving fault state if using unicast + If the master's ARP entry for a backup route has expired and we are + using a short advert interval (< 0.5 seconds), then the backup router + could timeout receiving adverts before the master sends its next + ARP/NDISC message; until it has had a reply to that it cannot send any + adverts to the backup router in question. + This commit makes a VRRP instance that is using unicast send a GARP/NA + when it transitions out of fault state, to ensure that the master (or + local router) can send adverts to us immediately. + * track_process: handle different threads having different names + prctl(PR_SET_NAME) is a per thread property, not a per process + property, so when a PROC_EVENT_COMM event is received, we need to + check that the tid == pid, so ensure that only the main (initial) + thread that COMM changes are considered for. + * Fix some log_message for specifiers in track_process.c. + * Fix for JSON characters escaping. + * Don't attempt to create a macvlan when using an ipvlan + netlink_link_add_vmac() detected an interface had been created, and + so didn't attempt to create a macvlan, but netlink_link_add_vmac() + shouldn't be called in this circumstance. + * On reload, report addresses being removed as removed, not thos remaining. + * Don't add further iptables entries on reload when using ipsets. + * Stop deleting VMAC/IPVLAN interfaces on reload when still needed. + * Fix formatting of email To: line. + * Improve efficiency of setting up SMTP headers. + * Fix segfault when we do not config vsg. + * Fix issues reported by coverty (unchecked return value, buffer overrun, + Logically dead code, uinitialized var, explicit null dereferenced, ...) + * Resolve compiler warning in list_sort(). + * genhash: make printssl a static function. + * Change strncpy() to strcpy_safe() in smtp_final(). + * Convert some snmp list loops to use LIST_FOREACH. + * Make inet_stosockaddr() return bool rather than int. + * Fix checking for VMAC/IPVLAN no longer used after reload + Pull request 1310 identified that there was a problem building + keepalived with VLANs but without ipvlans. The code that needed + changing was also incorrect so this commit resolves both issues. + * Fix false-positive send_instance_notifies calls + Issue #1311 identified that duplicate notifies were being sent on + a reload, and pull request #1312 provided a fix. Unfortunately other + intervening commits stopped the original patch applying, so this + updates the original patch. + The patch also stops duplicate logging of vrrp instance states on + reload when there has been no change. + * Set thread parameter value explicitly to 0 when add timer thread + It is possible for a function to be called either from a timer thread + or an event thread. When an event thread is added, a vlue can be passed + which will be passed to the function, but currently there is no way to + set the value for a timer thread (a function thread_add_timer_val() can + be added when needed), but in order to allow the value to be used with + an event thread, it needs to be explicitly set to something when called + via a timer thread, so just set it to 0. + * Remove VRRP_DISPATCHER definition - it was not used. + * Some minor tweaks for the format of keepalived.data. + * Make track_process, parser and dump_keywords --debug options. + * Change default to not check for EINTR if use signalfd. + * Don't send prio 0 adverts for deleted VRRP instance that wasn't master + When a VRRP instance ceases to exist following a config reload, we must + only send priority 0 adverts if the deleted instance was in master state + prior to the reload. + * Send notifies when vrrp instance deleted on reload + This commit makes notifies be send saying that the instance is in + fault state, since that is the closest we have to the instance being + deleted (the instance can't run since it is deleted which is quiet + similar to being in fault state). + * Streamline some HTTP_GET code. + * Simplify HTTP_GET epilog parameters + Parameters t and c weren't needed, since they can be determined from + the method parameter if we add REGISTER_CHECKER_FAILED. + * Set checker->has_run for HTTP_GET after failure + The behaviour we want after a failure of checking a URL at startup + is the same as if all checks had completed, so if there is a failure, + just set checker->has_run. + * Make http_get url_it point to list element rather than a counter + This makes fetching the next URL more efficient. + * When we run the initial HTTP_GET check, we don't want any retries + It isn't only the first URL that shouldn't have retries, but all of + them. This commit implements that. + * When an HTTP_GET url check fails, keep checking that URL until success + When a URL check has failed, there is no point checking other URLs until + we know the one that has failed is working again. The approach now is + that the failed URL is checked until it is Ok again, and then all the URLs + are checked before the checker is successful. This will reduce the recovery + time once the failed URL recovers. + * When starting up, don't delay between checking all the URLs + When we start up, particularly in alpha mode, we want to check the + URLs as quickly as possible, so don't delay by delay_loop between + checking each URL, but check them immediately one after the other. + * After HTTP_GET URL failure, delay max of delay_loop and delay_before_retry. + * After an HTTP_GET failure, check the URLs without any delay + This means that recovery will occur as quickly as possible. + * Some cosmetic changes to check_ssl.c. + * Add option fast_recovery for HTTP_GET. + Commits 3027e0c - "When starting up, don't delay between checking all the + URLs" and 86e02dd - "After an HTTP_GET failure, check the URLs without + any delay" removed the delay between URL checks both at startup and after + a URL check failure. This commit makes that options, and it will only do + the fast checking if fast_recovery is configured against the checker. + * Make set_value() check for missing parameter + Pull request #1308 identifed that if set_value() was called when + there wasn't a parameter on the command line, keepalived could + segfault since NULL was returned (examples were HTTP_GET with an + empty path specified, and DNS_CHECK with empty name). + This commit modifies set_value() so that keepalived will exit if + it is called with no keyword parameter is missing. Uses of + set_value() where no parameter did not cause a problem (e.g. where + the whole option was optional, such as virtual_host) now check if + the parameter is mising and report a configuration error. + * Handle vrrp tracked interfaces being down on reload + If the base interface of a vmac interface was down on reload, the + vrrt instance would not come back up after the base interface came + back up. + * Don't log error when sending priority 0 advert after interface goes down. + * Cosmetic change to address_exist(). + * Add information regarding SElinux and keepalived. + * Fix overflow status code + Under normal circumstances, status_code returns 100-599, + but if it is a constructed abnormal reply message, + it may be out of the range, resulting in the status_code + array out of bounds, and then keepalived segfault. + * Ensure HTTP status code is preceeded by a space character. + * Fix setting existing macvlan etc base interfaces at startup. + * Add further SELinux references. + * Resolve implicit declaration of function ‘strdup’ warning. + * Allow location of /run dir to be specified to configure + The commit adds configure option --with-run-dir=PATH + * Fix reloading when interfaces deleted and recreated + If have macvlans on a real interface, with vmacs configured on the + macvlans and the macvlans are deleted, the vmacs from them are removed + from the configuration, the configuration is reloaded, and this is done + for more than one macvlan, and then the configuration is reinstated + one by one with the configuration being reloaded, keepalived was + incorrectly setting some of the vrrp instances to fault state. This commit + resolves the issues. + +2019-05-03 Alexandre Cassen + * keepalived-2.0.16 + * Add log_unknown_vrids keyword. + Commit 21e6f5f added logging when a VRRP packet was received on an + interface and the VRID in the advert was not configured on that + interface. + Due to valid uses of keepalived having a VRRP instance on an + interface, but there being other, independent, VRRP instances with + different VRIDs on the same interface, this patch only enables logging + of unknown VRIDs if it is specifically configured. + * Stop segfault when reload and using -x option. + * Fix compilation error found by Travis-CI. + * Fix a couple of typos. + * Ensure check command line when needed for track process. + * Check if comm really changed when get PROC_EVENT_COMM_CHANGE. + * Fix debounce delay handling for track_process. + * Optimise add_process(). + * Remove processes no longer being monitored. + * Optimise check_process(). + * Ignore process threads for track_process. + * Allow matching of process parameters in track_process + This additional functionality was requested in issue #1190. + * Allow separate delay timers for fork and process exit in + track_process. + * Add quorum_max for track_process. + This allows track_process to go to fault state if more than a + specified number of instances of a process are running. In particular + it can go to fault state if more than one instance is running, and + also if any instance of a process is running. + * Add configuring process name. + With up to 4 processes running all named keepalived, it can be + difficult to know which is which. The commit adds the option to + allow process name to be set independantly for each process. + * Handle macvlans/macvtaps being moved into different namespace from parent + If a macvlan or macvtap interface is moved into a different namespace from + its parent, and the interface is in the namespace in which keepalived is + running, keepalived is unable to get information about, or configure, the + parent interface. In this case, treat the macvlan/macvtap interface as though + it doesn't have a parent interface. + There are a couple of consequences of this in this situation: + 1) If a vrrp instance is configured with use_vmac and its configured interface + is such a macvlan/macvtap interface, keepalived cannot ensure that the + arp_ignore and arp_filter settings are correct on the parent + 2) keepalived cannot check that there a not duplicate VRIDs being used on the + interface. + * Typo writing word error fix. + * Add vrrp instance priority change notifications on FIFOs only. + Issue #1213 requested notification of vrrp instance priority changes, + and this commit implements that with new FIFO messages: + INSTANCE "VI_0" MASTER_PRIORITY 220 + INSTANCE "VI_0" BACKUP_PRIORITY 254 + This has been implemented via notify FIFOs only, since the order of + processing of scripts is indeterminate if events happen quickly in + succession, potentially causing the last processed priority by a + script not to be the lastest priority, and using SMTP notification + would be ridiculous. + * Allow user and group ownership of FIFOs to be configured. + * Remove extraneous debugging message from process_name commit + Commit 4ad6d11 - "Add configuring process name" accidentally left + a debugging log message in the code. This commit removes it. + * Fix FREE error if tracked process has no parameters. + * Fix track processes when reloading. + * Fix route add/delete on reload if only change via address + If a virtual_iproute + src 100.100.100.100 2.2.2.2/32 via 100.100.100.2 dev eth0 + is changed to + src 100.100.100.100 2.2.2.2/32 via 100.100.100.1 dev eth0 + on a reload the route didn't get updated. The reason is that the + via address wasn't used in the comparison of routes, so keepalived + didn't detect that it had changed. + * Define TASK_COMM_LEN rather than use numbers in code. + * Fix promote_secondaries. + * Add snmpd.service to keepalived.service if SNMP enabled. + * Add issue templates for github. + * Make utils.c function parameters const where appropriate. + * Add missing info to check process dump file. + * Make ipvs_talk() error message more meaningful + The error message used to just output the IPVS command number, now + the name of the command is reported too. + * Make more use of LIST_FOREACH in ipwrapper.c. + * Change VS_ISEQ etc to be functions and correct them. + * Resolve removing virtual servers in virtual server groups after + reloading. + * Update NOTE_vrrp_vmac.txt re sysctl settings. + * Ignore base interfaces of macvlans if in a different namespace. + * Don't lose sin_addr_l and sin6_addr_l lists from interface when recreate + Issue #1232 identified that keepalived segfaulted when an interface was + recreated. This commit resolves the problem of the address lists being + lost. + * Fix commit 128bfe6 for pre v4.0 kernels + Commit 128bfe6 - "Ignore base interfaces of macvlans if in a different + namespace" added using IFLA_LINK_NETNSID to detect if the parent of an + interface was in a different namespace. Unfortunately that was only + introduced in Linux v4.0, so don't attempt to use it if it is not + defined. + For kernels older than v4.0 if a macvlan interface's parent is in + another network namespace, but the ifindex of the parent interface also + exists in the namespace in which keepalived is running, then keepalived + will believe the parent of the macvlan is the wrong interface. + * Fix commit 3207f5c - IFLA_LINK_NETNSID is not #define'd + This fixes commit 3207f5c - "Fix commit 128bfe6 for pre v4.0 kernels". + A configure test is needed to check for IFLA_LINK_NETNSID. + * Further fixes/improvements for MACVLAN parents in different + namespaces. + * allow to set zero weight for real server. + * Add comments re needing to enable protocol 112 in an AWS security + group. + * Check if base i/f of a residual macvlan is in correct namespace. + * Stop segfault if using DBus and have invalid VRRP configuration. + If a VRRP instance was removed by vrrp_complete_init() it was causing + a segfault in the DBus code. The commit moves the initialisation of + DBus until after the validity of the VRRP instances has been checked. + * Handle DBus process properly when reloading. + DBus may change from being enabled to disabled or vice versa and + the code didn't handle that. + * Close DBus pipes when stop using DBus. + * Add some more LIST_FOREACH to DBus code. + * Move a g_free() to after last use of the freed string in vrrp_dbus. + * Fix error in man page. + * Handle network namespace name properly when reloading. + * Don't call g_hash_table_remove() when using g_hash_table_foreach_remove() + g_hash_table_foreach_remove() removes each object from the hash table, + so calling g_hash_table_remove() as well made it not work properly. + * Resolve various aspects of reloading when also using DBus. + 1. Add ability for DBus to be enabled and disabled at reload + 2. Correctly handle vrrp_instance name change for matching interface/ + family/VRID. + 3. Correct handling of interface/family/VRID change for a vrrp_instance + with the same name. + * Resolve segfault when a vrrp_instance has no interface specified. + * Fix sending priority 0 adverts after reload for deleted vrrp + instances. + During a reload, vrrp_dispatcher_release() was called prior to + reloading the configuration, and it closed all the vrrp send/receive + sockets. However it isn't until after the reload that it is known which + vrrp instances no longer exist, and clear_diff_vrrp() attempted to send 0 + priority adverts for those instances. Since the sockets had already been + closed, the adverts could not be sent. Worse, the socket_t structures had + been released, but the released memory was accessed in attempting to send + the adverts. + This commit delays calling vrrp_dispatcher_release() until after the new + configuration has been reloaded, and it sends 0 priority adverts before + all the old sockets are closed. Following this new sockets are opened. + It would be possible to make the code more efficient and retain the sockets + that still need to be used, rather than closing them and opening new ones, + but that is for another commit. + * Update some comments in vrrp_snmp.c. + * Use structure initialisation to clear struct, rather than memset. + * Fix logging if receive EPOLLHUP, EPOLLERR and add for EPOLLRDHUP. + * Add support for network timestamp debugging. + * Check return code from recvfrom() before other values for + track_process. + * Use IPV6_RECVPKTINFO rather than IPV6_RECVHOPLIMIT when check + multicast. + * Ensure virtual servers are properly removed when reloading. + Pull request #1246 provided a patch to resolve the issue of virtual + servers in a virtual server group that are deleted from the virtual + server group on a reload weren't being removed from the IPVS + configuration. However, the patch didn't quite work with the current + HEAD of the master branch. + This commit incorporates that patch provided and makes the necessary + adjustments for it to work correctly. + * Cosmetic changes to IPVS code. + * Make clear the IPv6 instances use VRRP version 3. + * Delete redundant code. + * Update comments in vrrp_nftables.c. + * Update for gcc v9 + Detect if -Wchkp is no longer supported, and fix a -Wstrict-overflow + warning in write_backtrace(). + * Add additional compiler warnings available in gcc verion 9. + +2019-04-04 Alexandre Cassen + * keepalived-2.0.15 + * Fix uninitialised variable. + * Fix rpmbuild on CentOS7, and rely on auto-requires. + * Add option to flush lvs on shutdown. + Currently all known virtual servers and their real servers are + removed one at a time at shutdown. With large configurations on + a busy system, this can take some time. + Add an option just like the existing 'lvs_flush' which operates + on shutdown. Typical environments with a single keepalived instance + can take advantage of this option to achieve a faster shutdown or + restart cycle. + * Make alpha mode checkers on new real servers start down on reload. + Patch #1180 identified that new real servers with alpha mode checkers + were being added online immediately, and if the checker then failed + were being removed. This commit makes real servers that didn't exist + before the reload start in down state if they have alpha mode checkers. + * Remove duplicate config dump entry. + * Make new real servers at reload start down if have alpha mode + checkers. + * Close checker and smtp_alert sockets on reload. + Issue #1177 identified that sockets were being left open (lost) after + a reload. It transpired that these were sockets opened by TCP_CHECK, + HTTP_GET, SSL_GET, DNS_CHECK and SMTP_CHECK checkers, and by smtp_alerts + in the process of being sent. + This commit adds an extra parameter to thread_add_read() and + thread_add_write() to allow indicating that the scheduler should close + the socket when destroying threads. + * Send vrrp group backup notifies at startup. + * Make inhibit_on_failure be inherited by real server from virtual + server. + * Allow real and sorry servers to be configured with port 0 + This is to maintain backwards compatibility with keepalived prior + to commit d87f07c - "Ensure always check return from inet_stosockaddr + when parsing config". + The proper way to configure this is to omit the port, which requires + the next commit. + * Don't setup IPVS config with real and virtual servers ports + different. + If the real server is using DR or TUN, the port of the real server must + be the same as the port of the virtual server. This commit uses the + virtual server port for the real server when configuring IPVS. + * Log warnings if real server and virtual server ports don't match + This commit adds logging warnings if virtual and real server ports, + when using TUN or DR, don't match. + It also sets the real server ports to be the same as the virtual server + ports. Although listing the IPVS configuration with ipvsadm will look + different, the kernel ignored the port of a real server when using DR + or TUN, so the behaviour isn't changed, but when looking at the + configuration it now shows what is actually happening. + * Fix warning when protocol specified for virtual server with fwmark. + * Add log message that nb_get_retry is deprecated. + * Fix whitespace in configure.ac. + * Fix configure error when systemd not installed + configure was trying to execute + pkg-config --variable=systemdsystemunitdir systemd + even if systemd was not available. + This commit makes configure only execute the above if it has determined + that systemd is the correct init package to use. + * Correct references to RFC6527 (VRRPv3 SNMP RFC). + * nsure checker->has_run is always set once a checker has run. + * Fix some indentation in configure.ac. + * Update fopen_safe() to open temporary file in destination directory + rename() in fopen_safe() was failing if the file being created + was not on the same filesystem as /tmp. + * Add ${_RANDOM} configuration keyword. + It might seem strange to introduce random elements to configuration + files, but it can be useful for testing. + * Fix using ~SEQ() in multiline configuration definitions. + * Make blank lines terminate a multiline definition. + * Minor updates for lvs_flush_on_stop. + * Add option to skip deleting real servers on shutdown or reload + If a virtual server is removed, the kernel will remove its real servers, + so keepalived doesn't explicitly need to do so. + The lvs_flush_onstop option removes all LVS configuration, whereas this + new option will only remove the virtual servers managed by keepalived. + * Correct error message re checker_log_all_failures. + * Fix syntax error in configure.ac. + * Fix track_process initialisation for processes with PIDs starting 9. + * Remove debugging log message. + * Remove inappropriate function const attributes + They were causing iptables/ipsets not to be initialised. + * Stop warning: function might be candidate for attribute ‘const’ + Depending on what configure options are selected, gcc can output + the above warning for initialise_debug_options(). + This commit ensures that the warning is not produced. + * Enable strict-config-checks option in keepalived.spec RPM file. + * vrrp: relax attribute 'const' warning at iptables helpers. + * Propagate libm to KA_LIBS. + * Fix building on Alpine Linux. + Alpine (musl) doesn't have a definition of __GNU_PREREQ, so create a + dummy definition. + +2019-03-24 Alexandre Cassen + * keepalived-2.0.14 + * Add compiler warning -Wfloat-conversion and fix new warnings. + It was discovered that passing 0.000001 as a parameter specified + as uint32_t to a function did not generate any warning of type + mismatch, or loss of precision. + This commit adds -Wfloat-conversion and fixes 3 instances of new + warnings that were generated. + * For non systemd enviroment, it occurs syntax error 'fi'. + To avoid syntax error, modify keepalived.spec.in. + * When uninstall keepalived with init upstart, stop keepalived process. + * Fix type re LOG_INGO should be LOG_INFO * 6git stash --cached. + The code was actualy in a #ifdef INCLUDE_UNUSED_CODE block, and + so isn't currently compiled. + * Register missing thread function for thread debugging. + * Fix reutrn value of notify_script_compare misusing issue. + * Fix typo in keepalived.conf man page re BFD min_rx. + * Fix segfault when bfd process reloads config. + Issue #1145 reported the bdf process was segfaulting when reloading. + The bfd process was freeing and allocating a new thread_master_t + when reloading, which doesn't work. This commit changes the bfd + process to clean and reinitialise the thread_master_t. + * Fix segfault in handle_proc_ev(). + On Linux 3.10 the ack bit can be set in a connector message, and + the CPU number is set to UINT32_MAX. This commit skips acks, and + also checks that CPU number is within range of the number of CPUs + on the system. + * Fix OpenSSL init failure with OpenSSL v1.1.1. + OpenSSL v1.1.1, but not v1.1.0h or v1.1.1b failed in SSL_CTX_new() + if OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG) had previously + been called. + This commit doesn't call OPENSSL_init_crypto() if doing so causes + SSL_CTX_new() to fail. + * Remove all references to libnfnetlink. + Commit 2899da6 (Stop using linbl for mcast group membership and + setting rx buf sizes) stopped using libnfnetlink, but INSTALL and + keepalived.spec.in were not updated accordingly. + * Fix genhash re OPENSSL_init_crypto bug and improve configure.ac. + Commit fe6d6ac (Fix OpenSSL init failure with OpenSSL v1.1.1) didn't + update the identical code in genhash/ssl.c. Also, an improvement for + the test in configure.ac was suggested. + * Fix log output when real server removed. + FMT_VS() and FMT_RS() both call inet_sockaddrtotrio which uses a + static buffer to return the formatted string, but since FMT_VS(), + wheich simply calls format_vs() copies the returned string to its + own static buffer, if FMT_VS() was called before FMT_RS() then + the returned strings from both could be used. + The problem occurs when both FMT_VS() and FMT_RS() are used as + parameters to log_message() (or printf etc). It appeared to work + fine on x86_64, but was writing the same IP address for both the + real server and virtual server on ARM architectures. This is due + to the compiler evaluating parameters to the log_message() function + call in a different order on the different architectures. + This commit adds inet_sockaddrtotrio_r() which allows the output + to be in a buffer specified by the caller, and so FMT_VS() and + FMT_RS() can now be called in either order without one overwriting + a buffer used by the other. + * Streamline some string formatting with FMT_RS() and FMR_VS(). + Following commit 9fe353d (Fix log output when real server removed) + some code can be streamlined now that the order of calling FMT_VS() + and FMT_RS() does not matter. + * Replace FMT_HTTP_RS(), FMT_TCP_RS() and FMT_DNS_RS() with FMT_CHK(). + They were all simply defined to be FMT_CHK() so just replace them + with that. This made it much simpler to find all used of FMT_CHK(). + * Fix building with gcc 4.4.7 (Centos 6.5). + gcc v4.4.7 doesn't support -Wfloat-conversion, so check for it at + configure time. + * Add dumping checker config/status when receive SIGUSR1. + * Don't put alpha mode checkers into failed state at reload + If a new checker is added at a reload, unless the real server aleady + has failed checkers, then ignore the alpha mode of the checker. This + means that the real server, if up, won't be taken down and then brought + back up again almost straight away. If the real server already has + failed checkers, then setting an alpha mode checker down initially + won't take down the real server, so we can allow the alpha mode setting + to apply. + * Handle alpha mode checkers initial failure at startup better. + * Fix compile failure discovered by Travis-CI. + * Fix calling syslog when not using signalfd(). + Pull request #1149 identified that syslog is AS-Unsafe (see signal-safety + man page), and that therefore signals should be blocked when calling it. + This commit blocks signals when calling syslog()/vsyslog() when signalfd() + is not being used. + * Rationalise function attributes. + * Fix enable-optimise configure option. + * Use AS_HELP_STRING for all options in configure.ac. + * Streamline genhash -h option. + * Make genhash -v version match keepalived. + * Fix config check of virtual server quorum against weights of real + servers. + * Fix some configure tested checks for OPENSSL_init_crypto. + * Add infrastructure for adding additional compiler warnings. + * Add standard and extra compiler warnings. + * Add and resolve missing-declarations and missing-prototypes warnings + Approximately 16 additional functions are now declared static. + * Add and resolve old-style-definitions warnings + * Add and resolve redundant-decls warnings + * Add and resolve jump-misses-init warnings + * Add and resolve shadow warnings + * Add and resolve unsuffixed-float-constants warnings + * Add and resolve suggest-attribute=const warnings + * Add and resolve suggest-attribute=format warnings + * Add and resolve suggest-attribute=malloc warnings + * Add and resolve suggest-attribute=noreturn warnings + * Add and resolve suggest-attribute=pure warnings + * Add and resolve unused-macros warnings + * Add and resolve null-dereference warnings + * Add and resolve float-equal warnings + * Add and resolve stack-protector warnings + * Add and resolve strict-overflow=4 warnings + * Add and resolve pointer-arith warnings + This particularly includes adding a number of bytes to a void *. + * Add and resolve cast-qual warnings + * Resolve additional warnings identified on Centos 6.5/gcc 4.4.7 + * Remove static from zalloc() + * Fix some compiler warnings on Ubuntu Xenial, and add comments re + others. + * Rename LIST parameters to lst in list_head.h to avoid upper case. + * Fix real server checkers moving from failed to OK on reload. + * add rs judgement in migrate_checkers. + * Detect connection failure in genhash and exit rather than loop. + * Add another function pure attribute. + * Fix sending notifies for vrrp instances at startup when in sync group + Issue #1155 idenfified that notify scripts for vrrp instance transition + to backup state when keepalived started up were not being sent if + the vrrp instance was in a sync group. It was also the case that SNMP + traps, SMTP alerts and FIFO notifies were not being sent either. + This commit make keepalived send the initial notifies when the vrrp + instance is in a sync group. + * Fix building keepalived RPM on Fedora 26. + For some reason -fPIC is needed when testing for the presence of + setns(). + * Add vrrp_startup_delay configuration option. + Some systems that start keepalived at boot time need to delay the + startup of the vrrp instances, due to network interfaces taking + time to properly come up. This commit adds a global configuration + option vrrp_startup_delay that delays the vrrp instances starting + up, for the specified number of seconds. + * Handle checkers properly when reload immediately after startup. + * Streamline some of the SMTP checker code. + * Create separate checker for each host in SMTP_CHECK block + Having multiple host entries in an SMTP_CHECK block is deprecated. + This commit streamlines the SMTP_CHECK code by creating a separate + SMTP checker for each host declared in the SMTP_CHECK block, so that + apart from parsing the configuration, the code no longer handles + multiple hosts per checker. + The support for parsing configuration with multiple hosts is only + enabled if WITH_HOST_ENTRIES is defined in check_smtp.c. It is + currently enabled, but when support for multiple hosts in the + SMTP_CHECK block is finally removed, it will simply be a matter of + deleting all code in the WITH_HOST_ENTRIES conditional blocks. + * Make checker fail if ENETUNREACH returned by connect(). + The connect() call can return some immediate errors such as ENETUNREACH. + These were not being treated as a failure of the checker, since the code + used to assume that any non success return by connect() meant that the + connection was in progress. + keepalived will now treat ENETUNREACH, EHOSTUNREACH, ECONNREFUSED, + EHOSTDOWN, ENETDOWN, ECONNRESET, ECONNABORTED, ETIMEDOUT, when returned + by connect(), as meaning that the checker has failed. + * Don't set SO_LINGER with a timeout of 0 + SO_LINGER with a timeout of 0 causes a TCP connection to be reset + rather than cleanly closed. Instead of specifying a timeout of 0, + use 5 seconds, so that there is an orderly shutdown of the TCP + connection, but the close socket doesn't remain in TIMED_WAIT state + for more than a short time. + * nftables: fix build with kernel lower than 4.1. + * Remove dead code & cosmectics. + Remove code marked as UNUSED where things simply go nowhere even if + define is set. We keep for the moment UNUSED code related to debug + helpers used during coding process. + +2019-02-19 Alexandre Cassen + * keepalived-2.0.13 + * Add BFD build option to keepalived.spec rpm file + Issue #1114 identified that the keepalived.spec file was not being + generated to build BFD support even if keepalived had been configured + to support it. + * Copy tarball to rpmbuild/SOURCES when building in place + It seems that even when building in place, rpmbuild expects the + tarball to be in the rpmbuild/SOURCES directory. + * Fix configure check for __always_inline + * Handle interface MAC addresses changing + When an interface is added to a bond interface, if it is the first + interface added, the MAC address of the bond interface is changed + to the MAC address of the added interface. When subsequent interfaces + are added, their MAC addresses are changed to that of the bond + interface. + Issue #1112 identified that if a bond interface is deleted and + recreated, the gratuitous ARPs were sent with the wrong source MAC + address. + This commit now updates interface MAC addresses from the netlink + RTM_NEWLINK messages, so that the correct MAC address is always + used. + * Minor tidying up of opening gratuitous ARP socket. + * Streamline setting SOCK_NONBLOCK on vrrp sockets. + * Use netlink reported hardware address length for unsolicited NAs + ETH_ALEN is correct for Ethernet type interaces, but is not right + for Infiniband interfaces. + * Minor tidying up of opening gratuitous NA socket. + * Make gratuitous ARP/NA sockets non blocking + keepalived shouldn't block when sending gratutious ARP/NA messages. + It is better to lose the messages than for keepalived to block, so + set the sockets non blocking. + * Use netlink provided broadcast address for gratuitous ARP + If an interface has a non-standard broadcast address, we should + honour it. + * Fix building on pre 3.10 kernels re track_process + Issue #1119 reported that keepalived wouldn't build on CentOS 6. + Various PROC_EVENT_* declarations were assumed to exist, some of which + were not introduced until Linux v3.10. Most of them are not needed, but + PROC_EVENT_COMM is used by the track_process code. + This commit now checks for the existence of the PROC_EVENT_* declarations, + but since keepalived uses PROC_EVENT_COMM, track_process is not supported + prior to Linux v3.2. + * Make track_process work prior to Linux 3.2, but with limitations + Prior to Linux 3.2 the PROC_EVENT_COMM event did not exist, which + means that keepalived is unable to detect changes to process name + (/proc/PID/comm) prior to Linux 3.2. most processes do not change + their process name, and so using track_process prior to Linux 3.2 + is safe so long as the monitored processes are known not to change + their process name. + * Stop configure failing when nftables is not supported. + * Streamline socket use with linkbeat. + Previously the socket used for ioctls was opened and closed twice per + poll if using MII or ETHTOOL polling, and once per poll if using ioctl + polling. This commit opens the socket once at startup, uses that socket + for all linkbeat polls, and closes it on termination. + * Enable linkbeat polling to work with dynamic interfaces. + * Add linkbeat_interfaces configuration block + It was not possible to indicate that an interface that wasn't used + as the interface of a vrrp instance, but was used either as a track + interface, or for virtual/static ip addresses or routes should use + linkbeat. This commit adds that capability. + * Add ability to specify linkbeat type in linkbeat_interfaces block. + * Add --disable-linkbeat configure option + Does anyone use linkbeat anymore? This commit enables keepalived to + be build without the linkbeat code. + * Don't remove link local IPv6 address from VMAC that isn't keepalived's + If IFLA_INET6_ADDR_GEN_MODE isn't supported and a macvlan interface + already had a (non-default) link local addresss and the link local + address that matched the interface's MAC address was added, keepalived + was removing it as soon as it was added. This commit stop keepalived + removing the address when we shouldn't. + * Set configure init type correctly in keepalived.spec file. + * Fix handling of VMACs with multiple reloads + If a configuration is loaded that has a VRRP instance using a VMAC, + then the configuration is updated to remove that VRRP instance and + keepalived reloads its configuration, then the configuration is + updated again to reinstate the VRRP instance and the configuration + is again reloaded, keepalived thought the VMAC interface still + existed, whereas it was deleted following the first reload. + This commit ensures that keepalived properly detects whether an + interface exists following a reload. + * Remember more than one interface local address per interface + Keepalived needs a local address for each interface it sends adverts + on. If the address keepalived is using is deleted and another address + is configured on the interface, then keepalived should start using + that address. To do this, a list of configured address on each + interfaces needs to be maintained. + * Don't consider VIPs as local addresses when restart after crash + Keepalived maintains a list of addresses per interface that can be + used as source adddresses for adverts. To build the list, keepalived + reads the addresses configured on interfaces when it starts. However, + if keepalived crashed it will have left VIPs configured on interfaces, + and we don't want to use them as advert source addresses. + This commit makes keepalived compare the addresses on interfaces + to VIPs, and ignores any addresses that are VIPs. + * Fix removing left over VIPs at startup. + * Use read_timer() when parsing config where appropriate. + * Allow fractional warmup, delay_loop and delay_before_retry for checkers + To shorten the real server monitoring interval, make it possible to specify + decimal value for following items: + warmup + delay_loop + delay_before_retry + * Update connect_timeout configuration options + Based on the patch submitted by tamu.0.0.tamu@gmail.com this patch + allows setting the connect_timeout to a resolution of micro-seconds. + The patch also adds the ability to set a default value at the virtual + server and real server levels. + * Fix unused variable warning when building only with RFC compliant + SNMP. + * It enable to set zero value as mintime for delay_loop and connect_timeout. + * Add option not to check for EINTR if using signalfd() + If keepalived is using signalfd(), there are no asynchronous signal + handlers, and therefore EINTR cannot be returned. + Currently the check for EINTR is enabled by default, and configure + option --disable-eintr-debug disables the check, while + --enable-eintr-debug enables writing log entries if EINTR is returned. + Once sufficient testing has been performed, the default will be + changed not to test for EINTR if signalfd() is supported. + * Make checking for EAGAIN/EWOULDBLOCK consistent + The code in some places checked errno for EAGAIN and EWOULDBLOCK + and in other places only checked EAGAIN. On Linux EAGAIN == EWOULDBLOCK, + so the check is not necessary, but EAGAIN is not guaranteed to be the + same value as EWOULDBLOCK, so define check_EAGAIN that only checks EAGAIN + if they are the same value, but checks both if they are different. + * Ensure default connection timeout for smtp checker hosts set. + * Set default connection timeout if no smtp check host specified. + * Fix min timer value, zero to 0.000001Sec. + * Add fixing min time for vs_co_timeout_handler() and rs_co_timeout_handler(). + * Fix parameter of read_timer(), it treat Mintime and Maxtime as microseconds. + * vrrp: vrrp_dispatcher_read() performance extension + We took time with Quentin to simulate and rework this code. We introduced + 2 imbricated while loop: + (1) First one is catching recvfrom EINTR (this code trig + only on kernel older than 2.6.22 where signalfd was firstly introduced). + Newer kernel will immediately break the loop (hey guys: if you are running + older than 2.6.22 it is worth considering upgrading). + (2) Second loop will continue reading from socket until same VRID advert + has been received during the same cycle. After simulating, it appears that + during contention with a lot of VRRP instances (around 1500), this design + is needed to relax socket recvq from growing. This can be viewed as a + Poll-Mode activation during contention and fallback to regular I/O MUX + during normal operations. This loop breaks immediately and re-submit + opration to I/O MUX when there is no more to be read. + * Fix conversion from long for double in read_timer(). + * Remove variable timer of unsigned long cast in read_timer(). + When Double type variable timer is cast to long type, it's scale falls. + +2019-01-26 Alexandre Cassen + * keepalived-2.0.12 + * Documentation related. + Remove keepalived.conf.SYNOPSIS content to make a pointer to manpage. + Update README manifest to reflect actual Keepalived goal and features. + * Improve error message if process events connector not enabled in + kernel. + * Add option to disable track-process functionality + Issue #1099 reported that their kernel did not support the proc events + connector, and it would therefore be helpful to have an option to build + keepalived without the track-process functionality. + This commit adds the --disable-track-process configure option. + * Fix vrrp instances going to fault state when have virtual routes + If an interface going down caused a vrrp instance to go to fault + state, and the vrrp instance also had virtual routes, the state + of the vrrp instance would be set to backup when the deletion of + the virtual route was detected. This commit ensures that the vrrp + instance stays in fault state until the interface is brought up + again. + * Remove Red Hat Linux 9 and RH Enterprise Linux 3 from spec file. + Red Hat Linux 9 and Red Hat Enterprise Linux 3 are both based on + Linux 2.4, which is no longer supported by keepalived. The options + in the spec file for Reh Hat Linux 9 have twice caused people to + specify wrong options to configure when trying to build keepalived, + so the options are removed to i) avoid confusion and ii) they are + not longer relevant. + * Add global option vrrp_min_garp. + By default keepalived sends 5 gratuitous ARP/NA messages after + transitioning to master, and 5 more 5 seconds later. This isn't + necessary with modern switches, and so if the vrrp_min_garp option + is set, only one gratuitious ARP/NA message is sent after transition + to master, and no repeat messages are sent 4 seconds later. + * Standardise definition of _INCLUDE_UNUSED_CODE_ + * Remove out of date comment re VRRP over IPv6. + * Correct typo in keepalived.conf.5. + * Directly use structure sizes for packet header lengths. + * vrrp_state_fault_rx() is not used. + Wrap the function in conditional compilation so it is not compiled + * Convert so list loops to use LIST_FOREACH. + * Don't recalculate vrrp packet header address. + vrrp_get_header() calculates the address of the vrrp header in a + received packet, but it was being recalculated in vrrp_in_chk(). + This commit passes the already calculated address to vrrp_in_chk(). + * Ensure a received packet has an AH header if and only if AH auth. + Ensure that a received packet has an AH header if we expect AH + authentication, and doesn't have an AH header if we don't expect + AH authentication. + * Ensure all protocol headers received before return pointer to vrrp header + vrrp_get_header() returns a pointer to the vrrp header, but it now returns + NULL if insufficient data has been received to include all the (IP, + possibly AH, and VRRP) headers (this does not include the VIPs in the VRRP + packet). + This means that when a pointer to the VRRP header is returned, all fields in + all protocol headers can safely be accessed. + * Add check of received IPv6 hop count in multicast adverts + The VRRP RFC requires that IPv6 hop count MUST be checked to be 255, + just as the TTL for IPv6 must be 255. Previously that wasn't being + checked, since IPv6 raw sockets don't provide access to the IPv6 + header. + Using recvmsg() rather than recvfrom(), and setting socket option + IPV6_RECVHOPLIMIT allows keepalived to receive the hop count as + ancillary data, and that can now be checked. + * Improve reading from vrrp receive sockets. + Previously no check was made of the return value from recvfrom()/ + recvmsg(). This meant than an error could occur (e.g. EINTR), or no + data might be returned, and keepalived would still attempt to process + the receive buffer as though data had been received. + * Enhance and streamline checking of validity of received VRRP packet + This includes checking that a packet is multicast, unless unicast is + expected in which case it is checked for unicast, ensuring that if + AH authentication is used, the next header protocol is VRRP. + The sequence of some checks is revised to ensure that the fields being + checked are valid to be accessed prior to accessing them, e.g. check + that the packet is VRRP version 2 before checking the authentication. + * Stop clearing receive buffer before receiving VRRP packets. + This is no longer necessary now that the appropriate checks are + made of the return status of recvmsg(), and also that the checks + of received packet length and packet headers now do all necessary + checks. + * Add compile time checks for IPV6_RECVHOPLIMIT/IPV6_RECVPKTINFO + support. + * Update keepalived.spec.in build-requires. + The kernel package required for building keepalived is kernel-headers + not kernel-devel. Also, it is superfluous to have package kernel in + the build-requires! + * Add missing file (build.setup) to tarball. + * Fix calculating print format to rlim_t in configure.ac. + * Fix compiler warnings on 32 bit systems re HASH_UPDATE. + Removing all the casts stopped the warnings. + * Use PRI_rlim_t when printing rlim_t types. + * Use %zd/%zu for ssize_t/size_t to avoid warnings on 32 bit systems. + * Fix some space/tab formatting. + * Stop declaring some timer definitions unsigned to stop compiler + warnings. + TIMER_HZ, TIMER_CENTI_HZ, NSEC_PER_SEC were causing some compiler warnings + on some systems due to being defined with a 'U' unsigned suffix. Removing + the unsigned specifier stopped the compiler warnings. + * Fix compiler warning due to incorrect format specifier. + An int64_t should use % PRIi64 and not %ld + * Stop an uninitialized variable compiler warning. + * Fix MEM_CHECK debugging on processors without unaligned memory + access. + * Don't attempt to use unopened socket for getting ipset version. + * Tidy up an error message. + * vrrp: make vrrp_dispatcher_read() async while catching error. + During investigations we decided to update previous patch to resubmit + into I/O MUX on read error. It will make read procedure I/O MUX freindly + by removing potential sync operation potentially leading to a global + I/O MUX desync. We aggreed, the situation is really and very exceptionnal + but could happen. + * vrrp: vrrp_arp_thread split. + Split the function for maintainability purpose. + +2019-01-06 Alexandre Cassen + * keepalived-2.0.11 + * Fix segfault while shutting down when SNMP activity occurs. + Issue #1061 identified that keepalived could segfault when it + shut down. It appears that this was caused by data being received + on the file descriptors that the snmp agent requests keepalived + to monitor with epoll(). Since the read threads weren't being + processed during a shutdown, the first time an snmp fd was ready, + keepalived discarded the read thread. The second time that fd became + ready there was no thread to handle the fd, and, since the assert() + statement was not compiled in, non existant data was queued to the + thread ready queue. + This commit changes the assert() calls to continue, so that non existant + data is no longer queued to the thread ready queue. + * While shutting down, continue to handle snmp agent fds. + Since we don't shutdown the snmp connection until the very end of + the shutdown process (we need to be able to send snmp traps), we + should continue to handle the snmp fds on behalf of the snmp agent + while shutting down. + * Ensure snmp agent is in correct state when initialising/closing + Make sure the snmp agent is not already initialised before + initialising it, and make sure it has been initialised before + closing it. + * Disable asserts in bfd code by default and add --enable-asserts + Asserts were enabled by default in the bfd code, which shouldn't be + the case. + Add --enable-asserts configure option so that the asserts tests can + be enabled while debugging. + * Remove debugging log message accidently left in. + * Update receive buffers when interface is created. + The receive buffer size used by keepalived is based on the largest + MTU of any interface that keepalived uses. If dynamic interfaces + are being used and an interface is created after keepalived has + started, the MTU of the new interface may be larger than the + previous largest, so the receive buffer may need to be increased + in size. + Further, if vrrp_rx_bufs_policy is MTU, then the kernel receive + buffers on the receive socket may need to be increased. + * Handle MTU sizes being changed. + Issue #1068 identified that the MTU size wasn't being updated in + keepalived if it changed. + This commit now updates the MTU size and adjusts receive buffer + sizes accordingly. + * Fix syntax error in configure.ac. + * Fix double free when global data smtp_helo_name copied from local_name + Issue #1071 identified a double free fault. It occurred when smtp_helo_name + was not set, in which case it was set to point to the same malloc'd memory + as local_name. At termination keepalived freed both local_name and + smtp_helo_name. + If keepalived needs to use local_name for smtp_helo_name it now malloc's + additional memory to copy the string into. + * Rename TIMER_MAX to TIMER_MAXIMUM. + ulibC defines TIMER_MAX, so to avoid naming conflict rename it. + This issue was reported by Paul Gildea who also + provided the patch. + * Fix segfault when smtp alerts configured. + * First working version of nftables. + * Restructed code around how iptables/nftables are called + This commit also allows building keepalived without iptables + support, thereby allowing only nftables support. + Adding any other mechanism to handle no_accept mode, i.e. blocking + receiving and sending to/from VIPs should be added to vrrp_firewall.c, + in a similar way to how nftables/iptables are used. + * Update doc files re nftables. + * Make nftables handle dont_track_primary appropriately. + * Fix config reload with nftables. + * Set base chain priorities from configuration. + * Use iptables by default if neither iptables or nftables configured. + But if the build of keepalived does not include iptables, then use + nftables default. + * Stop dumping keywords - left turned on after debugging. + * Make umask configuration apply to created file. + * Add libmnl and libnftnl to travis file. + * Fix compilation failure when NFTNL_EXPR_LOOKUP_FLAGS not defined. + * Fix compilation failure when build with nftables but without iptables. + * Fix order of include files in configure COLLISION test. + Since Linux 4.4.11 (commit 1575c09) including linux/if.h after + net/if.h works, whereas until glibc fix their headers including + net/if.h after linux/if.h causes compiler redefinition errors. + Unfortunately the test for the collision was done the wrong way + round, as identified in issue #1079. The patch included in the + issue report corrects the order of inclusion of the header files. + What we should do is ensure that glibc header files are included + before Linux header files, so that at least if kernel headers from + 4.4.11 onwards are used, the conflict will not occur. + * Set CLOEXEC on netlink sockets. + * Correct error message for invalid route metric. + * Add track_process for vrrp to monitor if another process is running. + Configurations frequently include a track_script to check that a process + is running, often haproxy or nginx. Using any of pgrep, pkill, killall, + pidof, etc, has an overhead of reading all /proc/[1-9]*/status and/or + /proc/[1-9]*/cmdline files. In particular reading the cmdline files + has a significant overhead on a system that is swapping, since the + cmdline files provide access to part of the address space of each + process, which may need to be fetched from the swap space. + This commit reads the /proc/[1-9]*/stat and/or the /proc/[1-9]*/cmdline + files only when keepalived starts, and after that uses the process events + connector to track process creation and termination. + keepalived will ignore zombie processes, whereas pgrep etc include them. + A minimum number of instances of a process can be specified, and also a + delay so that if a process is restarted, it won't cause monitoring vrrp + instances to immediately transition to fault state but to wait the + configured time and it the monitored process starts again it + won't transition to fault state. + There are potential difficulties with the process event connector if a + large number of process events occur very rapidly, since there can be + a receive buffer overrun on the netlink socket. This code will detect + that happening, increase the receive buffer size, and reread the processes + from /proc. + * Add missing #include to track_process.c. + * Fix number of elements of fd_set read for snmp select info. + * Remove thread_event_t when EPOLL_CTL_DEL fails. + If snmpd closes a file descriptor, when keepalived attempts to + unregister the fd from epoll an error is returned. However, we still + need to remove the thread_event_t from the io_events rbtree. + * Fix connection to snmpd after it has to reconnect. + Issue #1080 identified that keepalived wasn't handling a connection + failure and reconnect to snmpd properly. The problem was created when + the change from select() to epoll() was made. + This commit makes keepalived unregister and reregister the snmp file + descriptors after snmpd reconnects. + * Fix retry count for SMTP_CHECK checker. + The checker was doing one too few retries. + * Make healthchecker failure reporting consistent + Some healthcheckers were reporting all failures, and others only when + the retries expired. This commit by default makes the checkers only + report failure when the retries expire, unless the global keyword + checker_log_all_failures or log_all_failures on the specific checker + is configured. + * After reload, reinitialise current track processes state. + * Remove unused variable in track_process.c. + * Add configure checks re --with-kernel-dir. + * Convert remaining select() to epoll_wait(). + keepalived was using select() for handling the termination of child + processes, but the main scheduling loop now uses epoll_wait(), so + convert the select() to epoll_wait() from consistency. + * Stop keepalived leaving zombie child processes. + keepalived wasn't reaping the termination of its child processes, + so this commit adds waitpid() calls once it knows the processes + have terminated. + * Fix make distclean and make distcheck. + * Also skip route not configured with down interface. + Otherwise, if keepalived has virtual_routes configured, we create + a virtual interface and bring it up and down, current code will bring + VRRP state to FAULT and never return. + * Stop vrrp process entering infinite loop when track script times out + Issue #1093 identified that the vrrp process was entering an infinite + loop after a track script timed out. This was due to a child process + thread having an RB tree for PIDs as well as for the timeout, and if + a child process timed out, the thread wasn't being removed from the + PID RB tree. This commit now ensures it is removed. + * Fix the abbreviation of Shortest Expected Delay. + * Don't free unallocated memory if not tracking processes. + * vrrp: Rewrote JSON code + Remove dependency to json-c extralib by using a simple streaming JSON writter. + Refactored code to make it simple to maintain. + * vrrp: Fix JSON handling for v{route;rule}. + * autoconf: fix nftables selection + We need to inhibit nftable compilation if compiling system has + kernel header file nf_tables.h but not libnftnl nor libmnl. + +2018-11-12 Alexandre Cassen + * keepalived-2.0.10 + * Fix compiling on Alpine Linux. + * Stop printf compiler warning on Alpine Linux due to rlim_t. + * manpage cosmetic. + * Fix removing snmpd read threads when snmpd becomes unavailable. + * Update to support libipset version 7. + * Use ipset_printf for ipset messages so can go to log. + * When opening files for write, ensure files can only be read by root. + Issue #1048 referred to CVE-2018-19046 regarding files used for + debugging purposes could potentially be read by non root users. + This commit ensures that such log files cannot be opened by non root + users. + * Disable fopen_safe() append mode by default + If a non privileged user creates /tmp/keepalived.log and has it open + for read (e.g. tail -f), then even though keepalived will change the + owner to root and remove all read/write permissions from non owners, + the application which already has the file open will be able to read + the added log entries. + Accordingly, opening a file in append mode is disabled by default, and + only enabled if --enable-smtp-alert-debug or --enable-log-file (which + are debugging options and unset by default) are enabled. + This should further alleviate security concerns related to CVE-2018-19046. + * vrrp: add support to constant time memcmp. + Just an update to use best practise security design pattern. While + comparing password or hmac you need to ensure comparison function + is time constant in order to figth against any timing attacks. We + turn off potential compiler optimizations for this particular + function to avoid any short circuit. + * Make sure a non privileged user cannot read keepalived file output + Ensure that when a file such as /tmp/keepalived.data is wriiten, + no non privileged can have a previous version of that file already + open, thereby allowing them to read the data. + This should fully resolve CVE-2018-19046. + +2018-11-08 Alexandre Cassen + * keepalived-2.0.9 + * Fix updating a timer thread's timeout. + Issue #1042 identified that the BFD process could segfault. This + was tracked down to a timer thread which had already expired having + its timeout updated by timer_thread_update_timeout(). + The sands timer should only be updated if the thread is on a waiting + queue, and not if it has already timed out or it is unused. + * Don't requeue read thread if it is not waiting. + This update matches commit 09a2a37 - Fix updating a timer thread's + timeout should. + * Allow BFD instance to recover after send error. + If sendto failed in bfd_send_packet(), the bfd instance was put into + admin down state, but there was no means for the bfd instance to + transition out of admin down state. + This commit makes keepalived log the first instance of a sequence of + failures to send a bfd packet, but does not bring the bfd instance down + in case the error is a transient error. If the error is longer lasting, + the remote system will timeout, transition to down state, and send a message + saying it is down. + Once the bfd instance can start sending again the bfd instance can now + transition again to up state. + * Make DGB definition use log_message() rather than syslog(). + * Fix building with --enable-debug configure option. + * Start list of required kernel features in INSTALL file. + Issue #1024 asked what kernel features are needed to support keepalived. + The simple answer was that it isn't recorded anywhere, so this is a + start of making a list of the features required. + * Make list_remove() call list free function and add list_transfer(). + If an element is being removed from a list, the free function should + be called. + list_transfer() allows a list element to be moved from one list to + another without freeing and reallocating the list element control + information. + * Add mem_check diagnostics re calling functions of list functions. + When using mem_check, mallocs and frees were recorded against the + list functions, and the originating functions weren't identified. + This patch adds recording of the functions calling the list + functions so that the originating function is identified. + * Simplify the processing of comments in configuration files. + This commit moves the handling (and removal) of comments to a + single function (called from read_line()) which simplifies the + processing of config files. + * Add ~SEQ(start, step, end) config functionality + Where a configuration has repeated blocks of configuration where + the only thing that changes is a numeric value (e.g. for VRIDs + from 1 to 255) this allows the block to be defined once, and a + single line using ~SEQ can then generate all the blocks. + * Use REALLOC when building a multiline definition. + The code used to use MALLOC, strcpy() and FREE, but REALLOC can do + all this for us. + * Improve mem-check diagnostics. + When using an allocation list of over 50,000 entries, it was quite slow + searching thtough all the entries to find the matching memory allocation, + and to find free entries. This commit changes to using malloc() to create + entries, and a red-black tree to hold the entries. It also has a separate + list of free entries. + This commit also adds 4 more types of memory allocation error, and + improves the consistency of the entries in the log files. + * Don't attempt to delete VMAC when underlying interface is deleted. + If the underlying interface of one of our vmacs is deleted, and we + know the vmac has been deleted, don't attempt to delete it again. + * Include master state in determining if vmacs are up or down + Netlink doesn't send messages for a state change of a macvlan when + the master device changes state, so we have to track that for + ourselves. + * Turn off parser debugging. + * Make test/mk_if create iptables chains. + * Handle interfaces not existing when keepalived terminates. + If the underlying interface of a vmac we created has been deleted, + the vmac will not exist so don't attempt to delete it again. Also, + don't attempt to reset the configuration of the underlying interface. + * Handle the underlying interface of a macvlan interface going up/down. + The kernel doesn't send netlink messages for macvlans going up or + down when the underlying interface transitions (it doesn't even + update their status to say they are up/down), but the interfaces + don't work. We need to track the state of the underlying interfaces + and propagate that to the macvlan interfaces. + * Fix duplicate value in track_t enum. + * Fix check for matching track types. + * Treat macvtap interfaces in the same way as macvlan interfaces. + * Improve handling of interfaces not existing when keepalived starts. + * Fix handling interface deletion and creation of vmacs on macvlan i/fs. + * When interface created, open sockets on it if used by VRRP directly + If an interface is created that has vrrp instances configured on it + that don't use VMACs, or use vmac_xmit_base, then the raw sockets + must be opened. + * Force seeing a transition to up state when an interface is created. + * Fix netlink remnant data error. + * Add command line and configuration option to set umask. + Issue #1048 identified that files created by keepalived are created + with mode 0666. This commit changes the default to 0644, and also + allows the umask to be specified in the configuration or as a command + line option. + * Fix compile warning introduced in commit c6247a9. + Commit c6247a9 - "Add command line and configuration option to set umask" + introduced a compile warning, although the code would have worked OK. + * When opening files for write, ensure they aren't symbolic links. + Issue #1048 identified that if, for example, a non privileged user + created a symbolic link from /etc/keepalvied.data to /etc/passwd, + writing to /etc/keepalived.data (which could be invoked via DBus) + would cause /etc/passwd to be overwritten. + This commit stops keepalived writing to pathnames where the ultimate + component is a symbolic link, by setting O_NOFOLLOW whenever opening + a file for writing. + This might break some setups, where, for example, /etc/keepalived.data + was a symbolic link to /home/fred/keepalived.data. If this was the case, + instead create a symbolic link from /home/fred/keepalived.data to + /tmp/keepalived.data, so that the file is still accessible via + /home/fred/keepalived.data. + There doesn't appear to be a way around this backward incompatibility, + since even checking if the pathname is a symbolic link prior to opening + for writing would create a race condition. + * Make netlink error messages more meaningful. + * Fix compiling without support for macvlans. + * fix uninitialized structure. + The linkinfo and linkattr structures were not initialized, + so we should not expect that unexistant attributes are set + to NULL. Add the missing memset(). + * fix socket allocation with dynamic interfaces. + When there are several vrrp instance binding different interfaces that + don't exist at startup, their ifindex is set to 0 in the sock. The + function already_exist_sock() that lookup for an existing socket will + always return the first sock because the ifindex is the same. + Later, when an interface appears, the fd will be created for one + instance, and all instances will wrongly use this fd to send the + advertisments. + Fix this by using the interface structure pointer instead of the + ifindex as the key for sock lookup. + The problem was identified by Olivier Matz + who also provided a patch fixing the problem. This patch is a slight + rework of Olivier's patch, better using the existing data structures + that keepalived already holds. + * When creating a macvlan interface, use AF_UNSPEC rather than AF_INET. + * Stop using libnl for configuring interfaces. + Since there is code to configure the interfaces using netlink without + using libnl, there is no point in having code to do it using libnl. + * Fix building on Centos 6.5. + * Stop including some files not needed after libnl removal for i/fs. + * Fix some compilation issues when building without vrrp support. + * Stop using linbl for mcast group membership and setting rx buf sizes. + Since there is code to handle multicast group membership and + setting kernel netlink receive buffer sizes without using libnl, + there is no point in having code to do it using libnl. + This now means that the vrrp functionality no longer uses libnl. + * Add some sanity checking of configure options. + Certain invalid combinations of configure options could cause compile + errors, e.g. --disable-vrrp --enable-vrrp-fd-debug. This commit ensures + that invalid combinations aren't allowed, in order to stop the compile + errors. + * Fix invalid configuration combination caught by previous commit. + * Use netlink to set/clear rp_filter on interfaces. + * Fix configure for building without vrrp. + * Actually update the .travis.yml file to fix the problem. + * Fix conditional compilation re epoll-thread-dump debugging. + * Update INSTALL file now no longer use libnl-route-3. + * Stop cast to incompatible function type warnings from gcc 8.1. + * Update snapcraft.yaml not to include libnl-route-3. + * keepalived exit with non-zero exit code if config file not readable. + * Allow specifying default config file at configure time. + * Use keepalived define for exit code when malloc failure. + * Fix configuring fixed interface type. + * Add configuring keepalived default configuration file. + * Fix return value in get_time_rtt() error path. + * Update generation of git-commit.h. + * snapcraft.yaml: Enable all sensible build options. Preserve build time + version in the snap version. Expose genhash. + * snapcraft.yaml: Build keepalived with Linux 3.13 headers. + * snap: Add an install hook to make sure a keepalived configuration exists. + * snap: Move the hooks to the correct location. + * snap: Make sure /etc/keepalived exists. + * Fix building with IP_MULTICAST_ALL in linux/in.h but not netinet/in.h + Issue #1054 identified that configure was checking the definition of + IP_MULTICAST_ALL in linux/in.h but including netinet/in.h, which also + has the definition, but only from glibc 2.17. + This commit creates a local definition (in lib/config.h) of IP_MULTICAST_ALL + if it is defined in linux/in.h but not in netinet/in.h. The reason for + this is that compiles using linux/in.h fail due to conflicting definitions. + * Fix creating iptables tables in mk_if. + * Update .travis.yml to use xenial. + * Update .travis.yml to add --enable-regex option. + * Tidy up .travis.yml file. + * snap: Build multiple keepalived binaries. + * Updated snapcraft builds to support multiple kernel versions. + +2018-10-21 Alexandre Cassen + * keepalived-2.0.8 + * Improve identifing interface as macvlan when reading interface details + * Enslave a VMAC to the VRF master of the underlying interface. + * Use addattr32 rather than addattr_l for if_index. + * Only include VRF support if kernel headers support it. + * Fix --enable-timer-debug configure option. + * Fix some configure.ac enable option tests. + * Include stdbool.h in process.c. + * Fix diagnostic message re ignoring weight of tracked interface. + * Fix track_bfds with weights. + * Correct conditional compilation definition name. + * Fix memory leak in HTTP_GET/SSL_GET. + * Fix two memory leaks in DNS_CHECK. + * Don't consider retries for BFD_CHECK. The BFD_CHECKer doesn't support + retries, and the check was causing the checker not to transition to + down state. + * Fix memory leak with BFD_CHECK. + * Restart global notify FIFO handler after reload. + * modify @WITH_REGEX@ to @WITH_REGEX_TRUE@ + * Fix compiling without BFD support. + * Stop bfd process sending double the number of packets. + If a bfd process received an initial bfd packet, it scheduled a + second bfd_sender_thread thereby causing two packets to be sent + in every interval. + * Use timerfd for select timeouts rather than select timeout parameter + This is a precursor to moving to using epoll. + * Use epoll rather than select. + epoll is both more efficient than select and also doesn't have a + file descriptor limit of 1024, which limited the number of vrrp + instances that could be managed. + This commit also introduces read-black trees and the list_head + list type. + * Add --enable-timer-check option for logging calls for getting time + Calls to update the current time from the kernel are made too + frequently, and this patch logs when the calls are made, and how + long since the previous call, so unnecessary calls can be removed. + * Add debug option for monitoring epoll queues. + This is enabled by --enable-epoll-debug and replaces + --enable-timer-debug. + * Use system monotonic clock to generate a monotonic clock. + Rather than have our own code for creating a monotonic clock, use + the kernel's monotonic clock. + * Make some functions in timer.c inline. + The functions had one line of code so inlining them is more + efficient. + * Fix requeueing read and write threads after read/write timeouts. + * Fix initial allocating and final freeing of thread_master epoll_events. + * When cleaning up threads, also clean up their thread_events. + * Add thread_close_fd() function to release thread_event_t on close + When a file descriptor that has been monitored by epoll is closed + the thread_event_t structure used for managing epoll for that fd + has to be release. Therefore calls to close() and replace by calls + to thread_close_fd(). + * Make parent process write log entry when it is reloading. + * Move checking for thread timeouts to timerfd_handler + There is no point in checking for thread timeouts if the timerfd + isn't readable; in other words only check for thread timeouts if + the timer has expired. + * Make bfd reschuling timer threads more efficient. + * Streamline DNS_CHECK code. + * Fix buffer overrun with track file path names. + * Add timestamp when writing mem_check entries to file. + * Ensure thread_event_t released for ready threads at termination. + * Increase open file limit if large number of VRRP instances. + Each VRRP instance can use up to 2 file descriptors, and so if there + are more than 500 ish VRRP instances the number of open files + can exceed the default per process limit (1024 on my system). + The commit allows 2 file descriptors per vrrp instance plus a few more, + and if the RLIMIT_NOFILE value returned by getrlimit isn't high enough, + keepalived will increase the limit. + * Ensure that child processes run with standard priorities/limits. + When child processes such as notify scripts, track_scripts and + MISC_CHECK scripts are run, they should not inherit any elevated + priorities, system limits etc from the parent keepalived process. + * Change multiple spaces to tabs in scheduler.h. + * Add family to sockpool listing. + * Fix a multiline definition expansion issue. + * Free allocated cache when closing/freeing netlink socket. + When running on a system with 500+ interfaces configured and adding + 1000 VMAC interfaces, the heap was growing by 340Mb due the netlink + cahce not being freed after creating each VMAC interface. With this + patch the heap only grow by 3.7Mb (if creating 1000 VMAC interfaces + the heap grep by 905Mb now reduced to 6.1Mb). + * Stop using netlink cache when adding and configuring VMAC interfaces. + When running on a system with 500+ interfaces configured and adding + 1000 VMAC interfaces, it was taking 2.3 seconds to add the interfaces. + Without populating a netlink cache each time a VMAC interface is created + it now takes 0.38 seconds to add the interfaces (if creating 1000 VMAC + interfaces it was taking 6.1 seconds, now reduced to 0.89 seconds, and + the heap growth is reduced from 6.1Mb to 3.9Mb). + * Add function rtnk_link_get_kernel for dynamic linking. + * Fix compiling without JSON support. + * Add support for recording perf profiling data for vrrp process. + * Add comment re usage of MAX_ALLOC_LIST. + * Some streamlining of scheduler.c. + * Merge --enable-epoll-debug and --enable-dump-threads functionality. + * Let thread_add_unuse() set thread type, and use thread_add_unuse() more. + * Use break rather than return in process_threads(). + * Fix segfault when reloading with HTTP_GET and no regex configured. + * Merge the next-generation scheduler. + * Make all debug options need enabling at runtime. + Previously if configure enabled a debug option its output was always + recorded, which meant that if one didn't want the output, configure/ + compile was needed. This commit adds command line options that need to + be set in order to turn the debugging on. + * Remove unwanted debug message. + * Fix parsing --debug options. + * Fix rb tree insertion with timers. + * Add missing functions for thread debugging. + * Add vrrp instance VMAC flags when dumping configuration. + * Ensure parent thread terminates if child has permanant config error. + * Ensure don't delete VMAC interface if keepalived didn't create it. + and sundry fixes. + * If receive lower priority advert, send GARP messages for sync group. + A recent update to issue #542 identified that following recovery + from a split brain situation, GARP messages weren't being sent. It + transpired that, if a member of a sync group in master state received + a lower priority advert and vrrp_higher_prio_send_advert is set, a + further (lower priority) advert is sent, and the instance and all the + members of the sync group transition to backup (the other members of + the sync group don't send a further advert since they haven't received + a higher priority advert). This meant that the other members of the + sync group on the keepalived instance that remained master didn't + receive a lower priority advert, and so didn't send further GARP + messages. + This commit changes keepalived's behaviour, so that if a vrrp instance + is sending GARP messages due to receiving a lower priority advert + and it is a member of a sync group, keepalived will also send GARP + messages for any other member of the sync group that have + garp_lower_prio_rep set. + * Allow 0.0.0.0 and default/default6 for rule/route to/from addresses. + * Check return value of SSL_CTX_new(). + * Check return values of SSL_new() and BIO_new_socket(). + * Only allow subnet masks with routes or virtual IP addresses. + For example, if specifying a via address or preferred source address + for a route, it isn't valid to specify a subnet mask. + * Add inet/inet6 to specify ip route/rule family if ambiguous. + * Remove superfluous parameter from parse_route(). + * Add "any" and "all" as synonyms for "default". + * Fix memory leak if route destination address is wrong address family. + * Add ttl-propagate route option. + * Fix checking return status of kill(). + * Fix building with --enable-debug configure option. + * Stop delay in reload when using network namespaces. + If running in a network namespace, getaddrinfo() could take over + 30 seconds before timing out while trying to contact a name + server. To alleviate this, the hostname is remembered from when + keepalived started. + * Fix spelling of propagate in propagate_signal(). + * Fix effective_priority after reload if tracked interface down. + * Cosmetic grammatical changes. + * Add debug option for dumping vrrp fd lists. + * Fix calculation for vrrp fd timers. + Starting or reloading keepalived when an interface that was tracked + interface was failed was stopping other vrrp instances that were on + the same interface but not using VMACs coming up. + * Move code for initialising tracking priorities to vrrp_track.c. + * Don't overwrite track file on reload. + * Don't attempt to write track file if path not specified. + * Fix compiling when not using --enable-vrrp-fd-debug. + * Fix compiling with configure --enable-vrrp-fd-debug. + * Add sync group track_bfds and track file status to config dump. + * Move initialisation of track_files. + * Don't alter effective_priority if track_file take vrrp instance down. + * Don't log vrrp instance in fault state at reload if already fault. + * Fix calculating fd timer if all vrrp sands are set to TIMER_DISABLED. + * Don't make all sync groups transition to backup on reload + If a sync group was in master state, and can still be after a reload + then allow it to stay in master state. + * Don't have track_bfd list in vrrp_sgroup_t in BFD not enabled. + * Fix memory leak re vrrp_sgroup_t track lists. + * Tidy up some freeing of MALLOC'd memory. + Use FREE_PTR if it is not known if the pointer is valid, and don't + clear the pointer afterr FREE/FREE_PTR since FREE does it anyway. + * Add memory.c list size definition and move definition from memory.h. + * Increase size of checksum value for MEM_CHECK. + * Don't store checksum of memory allocation block. It can be calculated + from the size, so do so. + * Make the checksum for memory allocation blocks unsigned. + * Use an enum for memory allocation block types. + * Update comment re debug bit for memory detect error. + * In memory alloc debug code report free or realloc for not alloc'd. + * Allow for PIDs up to 2^22 (7 decimal digits). + * Add function for dumping memory allocation while running. + * Fix max memory allocation size calculations. + * Fix reporting original and new file/line/func for realloc. + * Check matching block for realloc is allocated. + The same memory block may have been previously allocated and freed, + so we need to make sure that the block we find is currently marked + as allocated. + * Use a new MEMCHECK struct for realloc overrun detected + It was marking the allocated block as an overrun block, whereas it + needs to be an allocated block, so use a new block to mark the + overrun. + * Tidy up working of a couple of memory allocation messages. + * Use for loops rather than while blocks in memory allocation code. + * Report number of mallocs and reallocs with MEMCHECK. + * Attempt to log first free after double free in MEMCHECK. + * Streamline use of buf/buffer in memory.c. + * Always use first free entry in alloc_list for MEMCHECK. + * Define MEMCHECK alloc_list size via configure. + * Align keepalived_free() and keepalived_realloc(). + * Make char * const where possible for MEMCHECK. + * Merge MEMCHECK keepalived_free() and keepalived_realloc(). + Most of the code was common between the two (or should have been), + so it makes sense for them to use common code. + * Ensure only relevant thread types run during shutdown. + * Fix building without --enable-mem-check. + * Use rbtree search for finding child thread on child termination. + It was doing a linear search of the rbtree in timeout order. This + commit adds another rbtree for child processes (vrrp track scripts + and check_misc scripts), sorted by PID, to make the search by PID + more efficient. + * Make rbtree compare function thread_timer_cmp() more efficient. + * Remove child_remover functionality - it was superfluous. + * Fix checking that there are no duplicate vrrp instances configured + The tuple {interface, family, vrid} must be unique. The check for + this was being made completely incorrectly. + * Delay creating vrrp notify FIFO. + * Remove struct sockaddr_storage saddr from sock_t. + * Use an rbtree for finding vrrp instance for received advert. + Previously the code search a list of pointers to vrrp instances and + looked for a matching fd and vrid. In order to optimise this, it was + implemented using an mlist whose index was a hash of the fd and vrid. + This commit changes the approach and uses an rbtree for each sock_t. + Since the sock_t that the advert was received on is known, the rbtree + search is only searching for a match on the vrid. + Not only is this more efficient, but it is simpler, uses standard code, + and reduces the code by over 60 lines. + * Use an rbtree for finding vrrp instance for socket timeout. + Previously the code search a list of pointers to vrrp instances and + looked for matching file descriptor and sands < time_now. In order to + optimise this, it was implemented using an mlist whose index was a hash + of the fd. + This commit changes the approach and uses a second rbtree for each sock_t. + Since the sock_t that the timeout occurred on is known, the rbtree + search is only searching for a match of the sands. + Not only is this more efficient, but it is simpler, uses standard code, + and reduces the code by over 220 lines. + * Remove superfluous checks of rbtree node != NULL in rb_move(). + * Remove superfluous check of node != NULL in rb_next(). + * Update rbtree code to Linux 4.18.10. + * Fix debug logging of sands timers before time_now. + * Update rb_for_each_entry etc and rb_move to use rb_entry_safe. + With the added definition of rb_entry_safe in the rbtree code + updated to Linux 4.18.10, the refinition of rb_entry was reverted + to the kernel definition. That meant that rb_for_each_entry, + rb_for_eacn_entry_safe and rb_move neded to be updated to use + rb_entry_safe rather than rb_entry. + * Add support functions for rbtree rb_root_cached. + This is in preparation for the use of rb_root_cached in the next + patch. + * Use cached rbtrees where the key is a timeval_t sands + When the key of an rbtree is a timeval_t sands keepalived will frequently + need to access the first node of the tree in order to calculate the next + timeout. This applies to the read, write, child and timer threads queues, + and also the vrrp queues on a sock_t. + The use of cached rbtrees for these is ideal since it gives direct access + to the first node of the queue. + * Add thread_add_read_sands to avoid introducing timer errors. + When using thread_add_read and the timeout was held as timeval_t, + it was converted to and offset from time_now, and then converted + back to a timeval_t, but time_now was updated, resulting in a + slightly different value being used as the timeout. Using + thread_add_read_sands() avoids the double conversion and results in the + timeout being more accurate. + * Replace NETLINK_TIMER with TIMER_NEVER. + It makes the code easier to read, and since NETLINK_TIMER was defined + to be TIMER_NEVER it doesn't change the functionality. + * Handle preempt delays not expiring at same time on sync group + If different vrrp instances in a sync group had preempt delays + that expired at different times keepalived looped with very small + to epoll_wait() until all preempt delays had expired, causing high + CPU utilisation. + Keepalived now reschedules vrrp instances with a delay of + 3 * advert_int + skew time while waiting for all vrrp instances in + the sync group to expire their preempt delays. + * Fix segfault when receive netlink message for default route added. + * Move vrf_master_index into conditional compilation block. + * Store interface macvlan type. + * Make vrp_master_ifp point to self for VRF master interfaces. + * Log if cannot create a VMAC due to existing interface with same name. + * Handle delete/create of macvlan i/fs which aren't keepalived's. + * Tidying up keepalived_netlink.c. + * Handle VRFs changing on macvlan i/fs which have VMACs configured on them. + * Fix recreating our VMACs if they are deleted. + * Fix detecting address add/deletion from underlying i/f of our vmacs. + * Don't use configured_ifp or base_ifp if not _HAVE_VRRP_VMAC_. + * Distinguish between VMAC on real i/f and no VMAC on macvlan i/f + If keepalived is configured to have a non VMAC interface on a macvlan + interface, we want to use the macvlan interface rather than the + underlying interface, whereas if we have a VMAC interface on a macvlan + interface, we create the VMAC on the underlying interface of the macvlan. + * Update duplicate VRID check where vrrp instance configured on macvlan. + If a VRRP instance is configured on a macvlan interface, the duplicate + VRID check needs to be done on the underlying interface. + * Check for VRID conflicts when changeable interfaces are added + For example, a vrrp instance could be configured on a macvlan, and + that macvlan could be deleted and recreated with another base interface. + The VRIDs in this case need to be checked for duplicates against the + base interface, and so the VRID check needs to be done dynamically. + In order to allow VRID conflicts to produce config errors at startup, + by default keepalived assumes that there won't be interface movements + as described above, and will only handle it if the global_defs option + 'dynamic_interfaces' is used along with the option 'allow_if_changes'. + * Remove some comments inserted for tracking changes to code. + * Fix building with --enable-debug configure option. + * Check that '{'s and '}'s are balanced in the configuration file. + * Allow more flexibility re placing of { and }. + * Improve reporting additional '}'s in configuration. + * Minor improvements re thread handling and cancellation. + * Remove unused THREAD_IF_UP and THREAD_IF_DOWN. + * Replace getpagesize() with sysconf(_SC_PAGESIZE). + * Increase netlink receive buffer for dumps to 16KiB. + * Dynamically set the netlink receive buffer size. + * Sort out setting netlink receive buffer size. + +2018-08-23 Alexandre Cassen + * keepalived-2.0.7 + * Fix buffer overflow in extract_status_code(). + Issue #960 identified that the buffer allocated for copying the + HTTP status code could overflow if the http response was corrupted. + This commit changes the way the status code is read, avoids copying + data, and also ensures that the status code is three digits long, + is non-negative and occurs on the first line of the response. + * Some fixes for config-test. + * Change ka_config_error() to report_config_error(). + * Read interface addresses when doing config-test. + * Update documentation re garp_lower_prio_repeat. + * Add comment re tracking routes with nexthops doesn't work. + * Fix handling of default_interface + Issue #963 identified that default_interface wasn't being set + correctly. The problem was that the configuration was read by the + parent process, but the parent process doesn't know about the + system interfaces. + Fix commit makes the vrrp process set the default interface when + it starts. + * Fix a segfault in checker process on reload + Issue #955 identified a segfault when keepalived reloads. This + was caused by attempting to set the receive buffer size on a + netlink socket that was not open. It now only attempts to set + buffer sizes on the netlink sockets that are open. + * Use report_config_error() in check_parser.c. + * Don't run a sublevel close handler on a skipped configuration block + If a configuration block was skipped due to an error, the configuration + read won't be valid and may not even exist, so make sure the sublevel + end handler isn't run. + An example is if a virtual_server block is skipped, then the sublevel + end handler would have run against the previous (if any) virtual_server, + and if there hadn't been a previous virtual_server block it could + segfault. + * Tidy up use of inet_stosockaddr. + * Add more error checking to read_timer() and its uses. + * Add validation of lvs_sched. + * Use report_config_error() in checker parsers + Thwese should have been included in commit ead70947 - + "Update config-test". + * Add stronger validation of numeric fields + Issue #955 identified that invalid parameters in advert_int, delay_loop, + lb_algo/lvs_sched, lb_kind/lvs_method, quorum, ip_family, virtual_server + and real_server ports, weights and connect_timeout were not being reported. + This commit will now report any errors in those fields, and a number of + other fields. + * Improve parsing of virtual_router_id. + * Allow virtual server ports not to be specified + If the service is persistent, a "wild-card" port can be used. + * Prepend WARNING to read_int/unsigned/double messages if not rejecting + read_int()/read_unsigned()/read_double() can output log messages if + the syntax is invalid but the configuration is being accepted, e.g. + parsing 12zyx will return 12 if _STRICT_CONFIG_ is not defined. In + this case we want to indicate that the entry is not valid, but we + are still processing it, so prepend the error message with WARNING. + * Improve parsing of virtual server group address ranges + An address range of 10.9.8.7-10.9.8.15 was parsed as 10.9.8.7-10 + and no error was reported, although someone might have expected + that this would mean 10.9.8.7-15. + keepalived will now report a configuration warning, and if + keepalived is configured with --enable-strict-config-checks the + configuration will be rejected. + * Restore original string in inet_stosockaddr() + If there was a '-' or a '/' after the address, the string was modified + to terminate at that point. This commit now restores the original string. + * Allow keepalived to run with --config-test when live instance running. + * Report errors for invalid smtp_server. + * Remove inet_stom() - it was not used + inet_stom used atoi which is unsafe. Since the function was not used, + it has been simply removed. + * Rename read_(int|unsigned|double) read_(int|unsigned|double)_strvec + Want to be able to have equivalent functions just being passed a string, + so rename the functions using strvec to be explicit about that. + * Fix config dump for vrrp_garp_lower_prio_delay. + * Fix config dump of vrrp garp_refresh. + * Make config dump write fraction part of vrrp preempt delay. + * Simplify config dump of garp/gna_interval. + * dd config dump for VRRP/checker/BFD realtime_priority/limit. + * Ensure structure fully initialised for sched_setscheduler. + * Make set_process_dont_swap() and set_process_priority() static functions. + * Minimise time when keepalived runs with realtime priority + keepalived shouldn't use realtime priority when it is loading or + reloading configurations, so delay setting realtime priorities, and + revert to stardard scheduling when terminating or reloading. + * Report user/system CPU time used when exit with detailed logging. + * Make default rlimit_rtime 10000 microseconds + The previous default of 1000 microseconds was insufficient + * Stop using atoi for readong configuration weight. + * Make read_unsigned, read_int, read_double for parsing strings + These functions are analogous to read_unsigned_strvec, read_int_strvec + and read_double_strvec, but take strings as the parameter rather than + a strvec. + * Stop using atoi for parsing mask of ip addresses. + * Stop using atoi for reading VRID in Dbus code. + * Stop using atoi for reading vrrp debug level, and add to conf dump. + * Stop using atoi for parsing garp_refresh. + * Stop using atoi for parsing preempt_delay. + * Stop using atoi for parsing garp_lower_prio_repeat. + * Stop using atoi for parsing vrrp script rise. + * Stop using atoi for parsing vrrp script fall. + * Stop using atoi for parsing garp_interval/gna_interval + * Stop using atoi for parsing smtp status code + * Stop using atoi for parsing realtime scheduling priority + * Stop using atoi for parsing process priorities + * Stop using atoi for parsing global garp/gna_interval + * top using atoi for parsing genhash port number + * Stop using atoi for parsing tcp_server port number + * Stop using atoi for parsing command line log facility. + * update documentation to show range of bfd weights + * Ensure read_unsigned() detects negative numbers. + * Stop using atoi to parse HTTP_GET status code. + * Stop using atoi to parse checker port numbers. + * Use read_unsigned() for domain/inet_stosockaddr port. + * Make read_unsigned_strvec() recognise minus sign after spaces + It is possible have a word read from the configuration start with + spaces it is is enclosed in quotes, which are then removed, but + the leading spaces aren't removed. + * Make get_u8()/get_u16()/get_u32() use read_unsigned(). + * Make get_u64() properly detect -ve numbers. + * Make get_time_rtt() properly detect -ve numbers. + * Make get_addr64() handle whitespace properly and disallow '-' signs + Skip leading whitespace, don't allow embedded whitespace, and don't + allow minus signs. + * Make get_addr64() and parse_mpls_address handle whitespace + * Change more log_message() to report_config_error() in vrrp_iproute.c. + * Improve use of strtoul() in rttables.c. + * Implement get_u64() in same way as get_u8() etc. + * Fix print format specifier in read_unsigned_base + * Correct error message for garp_master_refresh + * Remove \n from error message. + * Allow round trip time to be UINT32_MAX + * Change mix_rx to min_rx for bfd_instance in documentation. + * Make bfd_parser use read_unsigned_strvec() etc rather than strtoul(). + * Fix config dump for BFD instance timers. + * Fix handling of ip rule ipproto option. + * Add read_unsigned_base_strvec() to allow number base to be specified + This requires renaming static functions read_int_int() etc to + read_int_base() etc. + * Minimise and improve use of strtoul() etc in parsing ip rules. + * Use read_int_strvec() for vrrp_version. + * Use read_int_strvec() instead of strtol() in vrrp_parser.c. + * Use read_int_strvec() instead of strtol() etc in check_parser.c. + * Use read_int_strvec() instead of strtol() etc in check_data.c. + * Improve strtoul handling for '--log_facility' command line option. + * Add documentation for lvs_timeouts config option. + * Allow vrrp garp_delay to be 0 in accordance with documentation. + * Use read_int_strvec() instead of strtol() etc in global_parser.c. + * Corret end of line detection in genhash. + * Improve genhash command line parsing use of strtoul. + * Replace CHECKER_VALUE_INT with read_unsigned_strvec due to use of strtoul. + * Remove CHECKER_VALUE_UINT definition since no longer used. + * Add conditional compilation around variable not always used. + * Only read interfaces in VRRP process. + * Enable --config-test to work with BFD configuration. + * Only add garp_delay_t's to interfaces used by VRRP instances + There is no point allocating a garp_delay_t to an interface that + isn't used by a VRRP instance, so this commit make keepalived only + allocate garp_delay_t scructures to the used interfaces. + In addition, when the configuration is dumped, list the interfaces + relevant to each garp_delay_t. + * Add logging command line options if keepalived segfaults. + * Don't free tcp checker data field on exit, since not used. + * Report configuration file line numbers when errors + Following the recent series of commits for better validation of + the configuration, and the move to reporting all configuration + errors through report_config_error(), it is now feasible to report + the configuration file line number on when the error occurs. + * Rationalise error messages when reading configuration + Now that configuration file line numbers are reported, the error + messages can be simplified since the context doesn't need to be + given in the detail as before. + * Return NULL rather than false as a pointer in parser.c + * Fix an infinite loop when parsing certain parameter substitutions + If a multiline definition had text after the '=' sign, keepalived + would loop. + * Fix a multiline parameter substitution having a replacement on 1st line + If a multiline parameter definition had a replaceable parameter or a + definition on the first non-blank line, it wasn't being handled. This commit + ensures that replaceable parameters/definitions on the first line are + handled correctly. + * Add logging command line options when keepalived starts. + * Change some log_message() to report_config_error() in vrrp_sync.c. + * Improve handling of select() returning an error + If select returned an error, the code was processing the returned + timeout and fds as though they were valid. This commits logs an + error the first time, sleeps for 1 second if it is a programming + error, and then sets up the select call again. + * Remove DBG() statement left over in previous commit. + * improve doc spelling. + * Add mh scheduler for LVS + This is similar to the sh scheduler. Options are the same but we + duplicate everything. An alternative would have been to reuse the + names for the sh scheduler. + The mh scheduler is supported starting from Linux 4.18. It's a + consistent hash scheduler. + * manpage update and re-visited. + keepalived.conf.5 be considered as THE exhaustive source of information + in order to configure Keepalived. This documenation is supported and + maintained by Keepalived Core-Team. + * Fix errors in KEEPALIVED-MIB.txt + Commit 181858d - "Add mh scheduler for LVS" introduced a couple + of formatting errors, and didn't update the revision date. + * Some SNMP library handling improvements. + * Stop bfd -- vrrp pipe read timing out + There is no need for a timeout on reading the pipe, so set the + timeout to TIMER_NEVER. + * manpage updates + Update manpage to make html convertion easy. This manpage is now + sitting in documentation tab of Keepalived website. + * Update libnl_link.c + SegFault when launch with dynamic LIBNL because of loading symbol + from wrong library. + * Fix building rpm package and instructions + Issue #977 identified that the instructions in the INSTALL file + were incorrect. + * Adds regex pattern matching for HTTP_GET and SSL_GET. + * Remove pcre build tests from Travis-CI + Travis-CI environments are too old to support libpcre2, so we have + to remove it. + * Fix #980: coredump on start when logfile cannot be accessed. + * Don't loop forever if configuration has unknown replaceable parameter. + +2018-07-23 Quentin Armitage + * keepalived-2.0.6 + * Fix genhash digest calculation. The bracketting in HASH_UPDATE was wrong. + * Bring keepalived(8) man page up to date. + * Fix segfault when IPVS_DEST_ATTR_ADDR_FAMILY not defined. + Issue #938 identified a segfault on the checker process when using + CentOS/RHEL 6. It turned out that conditional compilation check + for IPVS_DEST_ATTR_ADDR_FAMILY was not being handled correctly. + * Don't create a link-local address for vmac when vmac_xmit_base is set + Since commit 18ec95add483 ("Make vmac_xmit_base work for IPv6 + instances") VRRP advertisements are sent from the base interface and not + from the vmac interface when vmac_xmit_base is set. + Therefore, there is no need to configure a link-local address on the + vmac interface. This also means that we don't need to regenerate a + link-local address for the vmac if the link-local address was removed + from the base interface, or inherit a link-local address in case one was + configured on the base interface. + * Fix setting i/f params on a bridge underlying i/f of a VMAC + Issue #944 identified that when the underlying interface of a VMAC + interface was a bridge, keepalived was failing to set arp_ignore and + arp_filter in the underlying bridge interface. The problem appears to + lie in the libnl3 library. The description of the problem given in the + issue report was: + Problem is that ifi_family is set to AF_BRIDGE, whereas it should be set + to AF_UNSPEC. The kernel function that handles RTM_SETLINK messages for + AF_BRIDGE doesn't know how to process the IFLA_AF_SPEC attribute. + This commit stops using libnl3 for setting/clearing arp_ignore and + arp_filter, and directly constructs the netlink messages in keepalived. + * Use RTM_NEWLINK rather than RTM_SETLINK for setting i/f options + libnl3 uses RTM_NEWLINK rather than RTM_SETLINK for setting + interface options when ifi_family is AF_UNSPEC, so update commit + 9b2b2c9 - "Fix setting i/f params on a bridge underlying i/f of + a VMAC" to do likewise. + * Fix creating VMACs on 2.6.32 and earlier kernels + RTM_NEWLINK didn't support specifying interface by name until + Linux 2.6.33, and if using an earlier kernel, the netlink call + failed. This meant that the VMAC was not enabled. + * Fix setting arp_ignore and arp_filter on bridge interfaces. + * Add diagnostic message if vrrp script time out and kill fails. + * Fix compile errors and warnings when building with --enable-debug. + * Don't do md5 check unless configured. + * In http_handle_response() combine fetched_url and url + fetched_url and url always pointed to the same url, so only use + one variable. + * Store and handle HTTP_GET digest in binary form + Configured digests were being stored in character string form, and + the calculated digests were converted to strings. This commit now + handles digests as fixed length binary data, and validates the + configured digests to make sure they are valid hex strings with + the correct length. + * Add support for quote and escape handling of notify and other scripts. + Notify and other scripts need to be able to be configured with embedded + spaces, quotes and special characters for the command and the parameters. + This commit adds that ability. + * When checking script file path, only replace name part if same file. + Some executables are in the filesystem as symbolic links, and alter + their functionality based on the file part of the name. This was being + incorrectly handled by keepalived, which now checks whether a file exists + using the original name, and it it does whether it is the same file. + * Remove cmd_str from notify_script_t + The cmd_str string (sort of) duplicated what was in the args array + of a notify_script_t, but was not always accurate. With the removal + of cmd_str, whenever it needs to be output, the string is now + generated from the args array, so accurately reflects what is + actually executed. + * Add quoting and escaping for script configuration, and other minor changes. + * Use vsyslog() if available instead of syslog(). + * Report virtual server as well as real server when config dump checker. + * Only report IP_MULTICAST_ALL unset for IPv4 sockets + Commit 6fb5980 - "Stop receive message queues not being read on send + sockets" added a warning if data was received on vrrp send sockets, since + setting IP_MULTICAST_ALL should stop packets being received, but older + kernels still queued packets. + It has now been discovered the IP_MULTICAST_ALL (of course) only applies + to IPv4 and so the warning only makes sense for IPv4 sockets. + I haven't been able to find a way to stop IPv6 multicast packets being + received on the send socket. It appears that if any socket adds an IPv6 + multicast group on an interface, then any raw socket using that interface + will recieve all enabled multicast packets, and the receive socket has to + add the multicast group. + * Properly stop packets being queued on vrrp send sockets + Commit 6fb5980 - "Stop receive message queues not being read on + send sockets" did stop messages building up on the receive queue + of vrrp send sockets, but it wasn't an ideal solution, and it also + made the assumption that the problem was only occurring due to + multicast packets not being filtered when IP_MULTICAST_ALL was set, + which appears not to work properly between at least Linux 3.6.11 and + 3.16. In fact the problem also occurred when using IPv4 unicast and + IPv6 in any form, and so has been a long term issue in keepalived. + The original solution was to listen on the send socket and discard any + packets that were received. This commit takes a completely different + solution (many thanks to Simon Kirby for the suggestion) and sets a + BPF filter on send sockets that filter out all received packets on the + sockets. + This commit effectively reverts commit 6fb5980, and the subsequent + commits 88c698d8 - "Cancel read thread on send sockets when closing", + f981b55d - "Only allow vrrp_rx_bufs_policy NO_SEND_RX if have + IP_MULTICAST_ALL", 7ff7ea1f - "Another fix to listening on send socket", + and 77d947f7 - "Only report IP_MULTICAST_ALL unset for IPv4 sockets" + and partially reverts 4297f0a - "Add options to set vrrp socket receive + buffer sizes". + This commit removes the configuration option NO_SEND_RX from + vrrp_tx_bufs_policy introduced in commit 4297f0a since it is now + no longer relevant, because no packets are queued to the send socket. + * Add newlines to the keepalived.stats output for better readability. + * Add notify_master_rx_lower_pri script option and FIFO output. + If a lower priority router has transitioned to master, there has presumably + been an intermittent communications break between the master and backup. It + appears that servers in an Amazon AWS environment can experience this. + The problem then occurs if a notify_master script is executed on the backup + that has just transitioned to master and the script executes something like + a `aws ec2 assign-private-ip-addresses` command, thereby removing the address + from the 'proper' master. Executing notify_master_rx_lower_pri notification + allows the 'proper' master to recover the secondary addresses. + * Fix malloc'd memory length in open_log_file(). + +2018-06-29 Quentin Armitage + * keepalived-2.0.5 + * Update config-test option so keepalived exits with status 1 on failure. + * Fix config write of virtual server group ip addresses. + * Document default and default6 for virtual/static route destinations. + * Cancel read thread on send sockets when closing. + Commit 4297f0a - "Add options to set vrrp socket receive buffer sizes" + added reading on vrrp send sockets to stop receive queues building up + on some 3.x kernels. The commit didn't cancel the read thread on the + send sockets when the socket was closed, causing several thousand + log writes. This commit cancels the read thread. + * Exit with status 1 if config check fails, and fix terminating when + reading send sockets. + * Stop segfaulting when receive a packet (fixing commit 97aec76). + Commit 97aec76 - "Update config-test option so keepalived exits + with status 1 on failure" had a test for __test_bit(CONFIG_TEST_BIT) + the wrong way round. This commit fixes that. + * Don't assume rpm is available. + * Only allow vrrp_rx_bufs_policy NO_SEND_RX if have IP_MULTICAST_ALL. + * Improve setting up virtual/real servers with virtual server groups. + When setting up virtual servers defined by virtual server groups, + keepalived was getting confused between fwmarks and ip addresses. + This still needs further work, but the setting up of virtual/real + servers now works. + * Fix setting up and deletion of virtual servers with groups + Virtual server entries in virtual server groups can be used + by multiple virtual_server entries. This commit ensures that + virtual servers are not deleted until the last virtual_server + instance using the virtual server is removed. + * Allocate vrrp send buffer during vrrp_complete_instance() + Issue #926 identified a segfault. The vrrp send buffer was not being + allocated early enough, and was being accessed before being allocated + if the checksum algorithm needed updating. + * Fix vrrp v3 with unicast and IPv4. + The checksum calculations were happening in the wrong way, with the + wrong data. This commit sorts all that out. + * Don't set effective priority to 254 when specify dont_track_primary. + * Make csum_incremental_update16/32 inline. + * Add --enable-optimise=LEVEL configure option. + * Remove debug message left in configure.ac from adding --enable-optimise. + * Fix compiling on CentOS 6. + Issue #932 identified that keepalived would not compile on CentOS 6. + The problem is that kernel header file linux/rtnetlink.h needs + sys/socket.h to be included before linux/rtnetlink.h when using old + (e.g. 2.6) kernel headers. + * Another fix to listening on send socket. + Commit 4297f0a - "Add options to set vrrp socket receive buffer sizes" + added reading on vrrp send sockets to stop receive queues building up + on some 3.x kernels. The commit didn't save the new thread in + sock->thread_out when it was added for reading in vrrp_write_fd_read_thread. + It now does so. + +2018-06-17 Quentin Armitage + * keepalived-2.0.4 + * Make vmac_xmit_base work for IPv6 instances. + Issue #917 identified that for IPv6 even when vmac_xmit_base was + configured, the adverts were being sent from the vmac interface. + This commit makes the packets be sent from the underlying interface + when vmac_xmit_base is configured. + * Handle vmac_xmit_base when interfaces are recreated. + * Add -t config-test option. + Issue #389 has received increasing support to add a configuration + validation option. This commit adds the -t/--commit-test option + to report any detected configururation errors and exit. + Errors are logged to the system log by default, but use of the -g + and -G options can make the errors be logged to files. + +2018-06-15 Quentin Armitage + * keepalived-2.0.3 + * Fix building with --disables-routes configure option. + * Fix some compiler warnings on Travis-CI. + * Fix setting vrrp effective priority on reload. + * Add tracking of static addresses, routes and rules + By default a static address, route or rule will now be reinstated + if it is deleted, unless the no_track option is specified. + In addition, if a track_group is specified for an address/route/rule + then if the address/route/rule cannot be reinstated (e.g. if the + specified interface is down or has been deleted), then the vrrp + instances specified in the track group will transition to fault state + until the interface comes back up. + This commit completes the monitoring and reinstatement of addresses + routes and rules and means that keepalived should now fully support + hot-swap devices. + * Log when restoring static addresses, routes or rules. + * Allow static addresses/routes/rules to be configured on VMACs. + When VMACs were using an interface name generated by keepalived, + if static address/routes/rules had beeon configured on a VMAC + interface name, then a different name would be generated for + the vrrp instance. This commit now allows the same name to be used. + * Fix configure when pkg-config --libs returns -L entries. + * Add log message for advert receive timeout when using log detail (-D). + * Stop receive message queues not being read on send sockets. + We shouldn't receive anything on vrrp send sockets since IP_MULTICAST_ALL is + cleared, and no multicast groups are subscribed to on the socket. However, + Debian Jessie with a 3.16.0 kernel, CentOS 7 with a 3.10.0 kernel, + and Fedora 16 with a 3.6.11 kernel all exhibit the problem of multicast + packets being queued on the send socket. Whether this was a kernel problem + that has been subsequently resolved, or a system default configuration + problem isn't yet known. + The workaround to the problem is to read on the send sockets, and to discard + any received data. + If anyone can provide more information about this issue it would be + very helpful. + * Ensure sorry server/virtual server same address family unless tunnelled. + A real server and a virtual server can only be of the same address family + if the forwarding method is tunnelled, and also must have a kernel that + supports IPVS_DEST_ATTR_ADDR_FAMILY. + * Add options to set vrrp socket receive buffer sizes. + Some systems have very large settings for net.core.rmem_default + allowing very large receive queues to build if the sockets aren't + read. keepalived doesn't need large buffers for receive queues, + so this commit allows options for setting the maximum buffer sizes + to be much smaller. It also adds the option of setting the receive + buffer size on the vrrp send sockets to be as small as possible, + since we shouldn't be receiving anything on those. + Following commit 6fb5980 - "Stop receive message queues not being + read on send sockets", this commit also adds the option not to + read the send sockets, which can be used where it is known that the + kernel will not queue unwanted multicasts to the send socket. + * Consider eVIPs when determining if need GARP/NDISC send buffers. + * Fix sending IPv6 unicast vrrp adverts. + +2018-06-06 Quentin Armitage + * keepalived-2.0.2 + * Only compile code in rttables.c that is needed by the + configuration. + * Set default preferences for ip rules if not specified. + Since different vrrp instances can become master in different + orders, if preferences (priorities) are not specified for + ip rules, the order in which they are specified will be + indeterminate. In order to give some consistency, keepalived + will not allocate a default preference to each rule, and will + also warn that this is probably not going to work as intended. + The solution is to specify a preference for each rule. + * Require preference if an ip rule specifies goto. + Since preferences are now auto-generated if not specified, a + rule with a goto must now specify a preference. + * Add tracking of virtual rules. + If a virtual rule is deleted, the vrrp instance will transition + to backup. When it becomes master again the rule will be re-added. + * Fix compilation failure found by Travis-CI. + * In configure.ac check if SHA1_Init() needs -fpic. + * Fix make rpm when rpmbuild doesn't support --build-in-place. + * Update INSTALL file to describe how to build rpm files. + * Fix instructions for building rpm packages. + +2018-06-04 Quentin Armitage + * keepalived-2.0.1 + * Remove '\n' characters from log_message() text. + * Allow IPv6 ip rules to be specified using fwmarks. + * Fix configure generation of keepalived.spec file. + * Stop rebuilding scheduler.o every make. + * Remove ' characters from configure args in keepalived -v output. + * Remove duplicate reporting of network namespace in config dumps + * Add ${_INSTANCE} config parameter. + * Remove debugging log message. + * Recalculate max_fd used for select if it should reduce. + * Add tracking of virtual routes. + If a virtual route is deleted, by default to vrrp instance will + now transition to backup mode, and if it transitions to master + again the route will be re-added. If an interface on which a + route is configured is down, then the instance will go to fault + state, since the route cannot be added. + This commit also adds a no-track option for routes, which means + that deletion of the route will not cause the vrrp instance to + transition to backup. + * Handle interface down at startup with tracked route configured on it + If a virtual route which is tracked is configured on an interface that + is down at startup, then the vrrp instance needs to start in fault + state. + * Rename netlink_reflect_filter() to netlink_link_filter() + The function only handles RTM_NEWLINK/RTM_DELLINK messages and there + are other functions to handle other message types. + * Fix compilation warning. + * Make recreating deleted VMACs work. + * Fix Travis-CI compilation failure and warning. + * Stop duplicate definition and duplicate include in vrrp_iproute.c. + * Add new ip rule options for Linux 4.17 + FRA_PROTOCOL, FRA_IP_PROTO, FRA_SPORT_RANGE and FRA_DPORT_RANGE have + been added in Linux 4.17. + +2018-05-26 Quentin Armitage + * keepalived-2.0.0 + * Beta branch merge into master branch ! 2years of dev here ! + * Transition to master as soon as decision is made to do so + Previously keepalived waited one further advert interval before + transitioning. + This meant that previously if a master went down and sent priority + 0 message, there was one extra advert interval before the highest + priority backup configured the VIP addresses. + Now if vrrp instances have high priorities (i.e. close to 255), + then the transition to master and configuration of addresses will + now occur in a small multiple of advert_interval/256. + * Process interface state changes immediately. + Previously keepalived waited for advert timer expiry. The problem + was that if an interface went down and came back up before the + next timer expiry, and addresses, routes and VMACs that we had + configured on that interface would be removed, but we wouldn't + know about it. + * Add support for hot-swappable NICs + This also handles interfaces being deleted and restored. + * Add vrrp_track_file option. + This allows track_scripts, which are run on a frequent scheduled + basis, to be replaced with a vrrp_track_file, which contains a + number as a text string which is used in the same way as the exit + status from a track script. The track_files are only read if they + are changed, so external events can update a track file, rather + than their status needing to be detected by polling by track + scripts. + * Add notify fifos. + Rather than sending notifications via notify scripts it is now + possible to send notify messages via fifos. Not only does this + mean that the overhead of executing script for each notification + is removed, but it also guarantees the delivery of notifications + in the correct order, whereas if the notification is via scripts, + there is no guarantee that the scripts will execute in the desired + order if two or more notifications are sent in quick succession. + There can be a global fifo to process all notifies, and also + separate fifos for vrrp and checkers. It is possible to specify a + script for keepalived to execute to process the messages on the + fifo(s). + * Stop logging address addition/deletions if addresses not ours + The -a option can be used to override this behaviour and log all + address changes. + * Transition to fault state if source address for adverts is deleted + from interface + * Transition to backup state if a VIP or eVIP is removed + When we next transition to master the addresses will be restored. + If nopreempt is not set, that will be almost immediately. + * Make address owner (priority 255) transition to master immediately + * Don't process a received advert if the authentication fails + * Ignore invalid received adverts totally + Previously the master down timer was being updated, which meant + that a backup could be stuck in backup state even if the only + received adverts were invalid. + * Don't reset timer before sending next advert if receive a lower + priority advert. + This was stopping a higher priority backup instance to stay in + backup state. + * Log if receive invalid authentication header + * Ignore lower priority adverts when backup (to comply with RFCs) + This also means that the master down timer wasn't reset, which + was causing a delay to becoming master + * Fix first advert interval of vrrp instances in a sync group. + * Stop two vrrp instances with preempt delay and equal priorities + flip-flopping between master and backup state + * Make sync group members transition state at same time + When first instance makes transition (i.e. when the trigger event + occurs) rather than wait for next timer expiry + * Process vrrp track script returning a new status code immediately + For all instances (and their sync group members), rather than + waiting for the next timer expiry on each instance, the instance + will transition update it's state immediately. + * On reload, make track scripts inherit the state from before reload + This stops vrrp instances transitioning to down and coming back up + once the script has run. + * Correct the use of adver_int and master_adver_int + * Ensure when leaving fault state that a vrrp instance transitions + to backup unless it has priority 255 + * Remove quick_sync functionality since no longer needed. + * Improved code efficiency: + * Finding vrrp instance after read timeout + * When getting interface information for a new vmac, only request + information for that i/f. + * Directly update effective priority of vrrp instances when scripts + return new status rather than scheduling a thread to do it + * Don't run a read timeout on vrrp instance in fault state + * Don't run a track script if no vrrp instance is tracking it + * Stop checking interface status after every timer expiry since + processing interface state changes is now done synchronously + * The timeout for the select call had a maximum timeout of 1 second, + it now times out only when something needs to happen + * The timeout on netlink reads was 500 seconds and this has been + extended to 1 day. + * Streamline signal handling between main process and child process + by using signalfd if available, rather than using a pipe + * Minimise searching for an interface struct based on its index by + using pointers to the interface structures + * Stop opening and closing vrrp scripts before running them. We can + detect they are missing from the return of the exec call. + * Allow threads that don't need a timeout to never timeout + * Calculate the maximum fd number when calling select() rather than + specifying the maximum of 1024. + * Ignore netlink NEWLINK messages that are only wireless state + changes. + * Don't check whether timers have expired after select() returns if + its timeout didn't expire. + * Termination of child processes (scripts) were being handled twice + * Don't generate the IP header checksum since the kernel will always + generate it. + * Maintain pointers to tracking scripts to save seaching a list to + find the relevant script. + * Vrrp instances to have pointer to interface structure to avoid + having to search based in index + * Fix the checksum calculation for VRRPv3 unicast peers. + * Don't regenerate the full advert packet each time an advert is sent + Keepalived now simply updates the necessary fields and calculates + the change needed to the checksum. + * Detect a vmac interface going down, and make the vrrp instance + transition to fault state. + Previously the instance would only go down if the underlying + interface went down. + * Stop weighted track scripts updating priority of sync group members + * Make vrrp instances go straight to fault state at startup if a + relevant interface is down + Previously an instance would start in up state and transition to + fault at next timer expiry + * Ensure that a sync group starts in backup state unless all members + are address owners + * Restore master down timer after leaving fault state + * Use execve() to execute scripts rather than system(). + This saves a fork and an extra process, and also allows the + parameters to be parsed once only at startup, rather than each + time the script is invoked. + * Don't treat a failure to execute a script as a failure of the script + * Ensure all scripts receive TERM signal when keepalived terminates + * If keepalived is running with an elevated priority, stop running + scripts with that elevated priority. + * Enable an unweighted tracking script make a vrrp instance which is + an address owner transition to fault state + * Delay bringing vrrp instances up at startup until after the first + completion of the tracking scripts + This stops an instance coming up an then being brought back down + again after the script completes with a failure. + * Reduce number of error messages if a script is not executable + * Add linkbeat option per vrrp instance + * Fix timer addition on 32-bit systems + * Ignore netlink messages for interfaces using linkbeat polling + * If priority of vrrp instance changes when in backup due to a vrrp + script, reschedule the read timeout + * If re-using a VMAC after a reload, ensure it is correctly configured + * Don't send priority 0 adverts when transition to fault state unless + were in master mode + * Identify routes added by keepalived as belonging to keepalived + * Enable vrrp instances to be put into fault state if their routes are + removed + * Add track scripts, track files and track_if to sync groups and + deprecate global_tracking + (use sync_group_tracking_weight instead, but only if necessary). + * Improve AH authentication sequence number handling, and (re)enable + sequence number checking for VMACs and sync groups + * Remove autoconf/automake generated files from git repo. + Script build_setup will create the necessary build environment. + * Improve and standardise notifications + * Fix not sending RS and VS notifies if omega set + * Add no_checker_emails to not send emails every time a checker + changes state, but only if a real server changes state + * Monitor VIP/eVIP deletion and transition to backup if a VIP/eVIP + is removed unloes it is configured with the no-track option. + +2018-05-26 Alexandre Cassen + * keepalived-1.4.5 released. + * Update snapcraft.yaml for 1.4.x+git + * Fix generation of git-commit.h with git commit number. + * Set virtual server address family correctly. + * Set virtual server address family correctly when using tunnelled + real servers. + * Fix handling of virtual servers with no real servers at config time. + * Add warning if virtual and real servers are different address families. + Although normally the virtual server and real servers must have the + same address family, if a real server is tunnelled, the address families + can be different. However, the kernel didn't support that until 3.18, + so add a check that the address families are the same if different + address families are not supported by the kernel. + * Send correct status in Dbus VrrpStatusChange notification. + When an instance transitioned from BACKUP to FAULT, the Dbus + status change message reported the old status (BACKUP) rather than + the new status (FAULT). This commit attempts to resolved that. + +2018-05-08 Alexandre Cassen + * keepalived-1.4.4 released. + * doc: ipvs schedulers update + * Fix a couple of typos in configure.ac. + * Fix namespace collision with musl if_ether.h. + * Check if return value from read_value_block() is null before using. + * Fix reporting real server stats via SNMP. + * Make checker process handle RTM_NEWLINK messages with -a option + Even though the checker process doesn't subscribe to RTNLGRP_LINK + messages, it appears that older kernels (certainly 2.6.32) can + send RTM_NEWLINK (but not RTM_DELLINK) messages. This occurs + when the link is set to up state. + Only the VRRP process is interested in link messages, and so the + checker process doesn't do the necessary initialisation to be able + to handle RTM_NEWLINK messages. + This commit makes the checker process simply discard RTM_NEWLINK + and RTM_DELLINK messages, rather than assuming that if it receives + an RTM_NEWLINK message it must be the VRRP process. + This problem was reported in issue #848 since the checker process + was segfaulting when a new interface was added when the -a command + line option was specified. + * Fix handling RTM_NEWLINK when building without VRRP code. + * Fix building on Fedora 28. + net-snmp-config output can include compiler and linker flags that + refer to spec files that were used to build net-snmp but may not + exist on the system building keepalived. That would cause the build + done by configure to test for net-snmp support to fail; in particular + on a Fedora 28 system that doesn't have the redhat-rpm-config package + installed. + This commit checks that any spec files in the compiler and linker + flags returned by net-snmp-config exist on the system building + keepalived, and if not it removes the reference(s) to the spec file(s). + +2018-04-09 Alexandre Cassen + * keepalived-1.4.3 released. + * vrrp: setting '0' as default value for ifa_flags to make gcc happy. + * Add additional libraries when testing for presence of SSL_CTX_new(). + It appears that some systems need -lcrypto when linking with -lssl. + * Sanitise checking of libnl3 in configure.ac. + * Report and handle missing '}'s in config files. + * Add missing '\n' in keepalived.data output. + * Stop backup taking over as master while master reloads. + If a reload was initiated just before an advert, and since it took + one advert interval after a reload before an advert was sent, if the + reload itself took more than one advert interval, the backup could + time out and take over as master. + This commit makes keepalived send adverts for all instances that are + master immediately before a reload, and also sends adverts immediately + after a reload, thereby trippling the time available for the reload + to complete. + * Add route option fastopen_no_cookie and rule option l3mdev. + * Fix errors in KEEPALIVED-MIB.txt. + * Simplify setting on IN6_ADDR_GEN_MODE. + * Cosmetic changes to keepalived(8) man page. + * Don't set ipvs sync daemon to master state before becoming master + If a vrrp instance which was the one specified for the ipvs sync + daemon was configured with initial state master, the sync daemon + was being set to master mode before the vrrp instance transitioned + to master mode. This caused an error message when the vrrp instance + transitioned to master and attempted to make the sync daemon go from + backup to master mode. + This commit stops setting the sync daemon to master mode at initialisation + time, and it is set to master mode when the vrrp instance transitions + to master. + * Fix freeing vector which has not had any entries allocated. + * Add additional mem-check disgnostics + vector_alloc, vectot_alloc_slot, vector_free and alloc_strvec all + call MALLOC/FREE but the functions written in the mem_check log + are vector_alloc etc, not the functions that call them. + This commit adds logging of the originating calling function. + * Fix memory leak in parser.c. + * Improve alignment of new mem-check logging. + * Disable all checkers on a virtual server when ha_suspend set. + Only the first checker was being disabled; this commit now disables + all of them. + Also, make the decision to disable a checker when starting/reloading + when scheduling the checker, so that the existance of the required + address can be checked. + * Stop genhash segfaulting when built with --enable-mem-check. + * Fix memory allocation problems in genhash. + * Properly fix memory allocation problems in genhash. + * Fix persistence_granularity IPv4 netmask validation. + The logic test from inet_aton() appears to be inverted. + * Fix segfault when checker configuration is missing expected parameter + Issue #806 mentioned as an aside that "nb_get_retry" without a parameter + was sigfaulting. Commit be7ae80 - "Stop segfaulting when configuration + keyword is missing its parameter" missed the "hidden" uses of vector_slot() + (i.e. those used via definitions in header files). + This commit now updates those uses of vector_slot() to use strvec_slot() + instead. + * Fix compiling on Linux 2.x kernels. + There were missing checks for HAVE_DECL_CLONE_NEWNET causing + references to an undeclared variable if CLONE_NEWNET wasn't defined. + * Improve parsing of kernel release. + The kernel EXTRAVERSION can start with any character (although + starting with a digit would be daft), so relax the check for it + starting with a '-'. Kernels using both '+' and '.' being the + first character of EXTRAVERSION have been reported. + * Improve grammer. + * add support for SNI in SSL_GET check. + this adds a `enable_sni` parameter to SSL_GET, making sure the check + passes the virtualhost in the SNI extension during SSL handshake. + * Optimise setting host name for SSL_GET requests with SNI. + * Allow SNI to be used with SSL_GET with OpenSSL v1.0.0 and LibreSSL. + * Use configure to check for SSL_set_tlsext_host_name() + Rather than checking for a specific version of the OpenSSL library + (and it would also need checking the version of the LibreSSL library) + let configure check for the presence of SSL_set_tlsext_host_name(). + Also omit all code related to SNI of SSL_set_tlsext_host_name() is + not available. + * Use configure to determine available OpenSSL functionality + Rather than using version numbers of the OpenSSL library to determine + what functions are available, let configure determine whether the + functions are supported. + The also means that the same tests work for LibreSSL. + * Add support for gratuitous ARPs for IP over Infiniband. + * Use system header definition instead of local definition IF_HWADDR_MAX + linux/netdevice.h has definition MAX_ADDR_LEN, which is 32, whereas + IF_HWADDR_MAX was locally defined to be 20. + Unfortunately we end up with more system header file juggling to ensure + we don't have duplicate definitions. + * Fix vrrp_script and check_misc scripts of type + * keepalived-1.4.2 released. + * Make genhash exit with exit code 1 on error. + Issue #766 identified that genhash always exits with exit code 1 + even if an error has occurred. + * Rationalise printing of http header in genhash. + * Use http header Content-Length field in HTTP_CHECK/SSL_CHECK. + If a Content-Length is supplied in the http header, use that as a + limit to the data length (as wget does). If the length of data + received does not match the Content-Length log a warning. + * Optimise parameter passing to fprintf in genhash. + * Don't declare mark variable if don't have MARK socket option. + * Fix sync groups with only one member. + Commit c88744a0 allowed sync groups with only 1 member again, but + didn't stop removing the sync group if there was only 1 member. + This commit now doesn't remove sync groups with only one member. + * Make track scripts work with --enable-debug config option. + * Add warning if --enable-debug configure option is used. + * Allow more flexibility of layout of { and } in config files. + keepalived was a bit fussy about where '{'s and '}'s (braces) could + be placed in terms of after the keyword, or on a line on their own. + It certainly was not possible to have multiple braces on one line. + This commit now provides complete flexibility of where braces are, so + long as they occur in the correct order. + * Make alloc_value_block() report block type if there is an error. + * Simplify alloc_value_block() by using libc string functions. + * Add dumping of garp delay config when using -d option. + * Fix fractions of seconds for garp group garp_interval. + * Make read_value_block() use alloc_value_block(). + This removes quite a bit of duplication of functionality, and + ensures the configuration parsing will be more consistent. + * Fix build with Linux kernel headers v4.15. + Linux kernel version 4.15 changed the libc/kernel headers suppression + logic in a way that introduces collisions. + * Add missing command line options to keepalived(8) man page. + * Fix --dont-release-vrrp. + On github, ushuz reported that commit 62e8455 - "Don't delete vmac + interfaces before dropping multicast membership" broke --dont-release-vrrp. + This commit restores the correct functionality. + * Define _GNU_SOURCE for all compilation units. + Rather than defining _GNU_SOURCE when needed, let configure add + it to the flags passed to the C compiler, so that it is defined + for all compilation units. This ensures consistence. + * Fix new warnings procuded by gcc 8. + * Fix dumping empty lists. + Add a check in dump_list() for an empty list, and don't attempt + to dump it if it is empty. + * Resolve conversion-check compiler warnings. + * Add missing content to installing_keepalived.rst documentation. + Issue #778 identified that there was text missing at the end of + the document, and that is now added. + * Fix systemd service to start after network-online.target. + This fix was merged downstream by RedHat in response to + RHBZ #1413320. + * Update INSTALL file to describe packages needed for building + documentation. + * INSTALL: note linux distro package that provides 'sphinx_rtd_theme' + * Clear /proc/sys/net/ipv6/conf/IF/disable_ipv6 when create VMACs. + An issue was identified where keepalived was reporting permission + denied when attempting to add an IPv6 address to a VMAC interface. + It turned out that this was because + /proc/sys/net/ipv6/conf/default/disable_ipv6 + was set to 1, causing IPv6 to be disables on all interfaces that + keepalived created. + This commit clears disable_ipv6 on any VMAC interfaces that + keepalived creates if the vrrp instance is using IPv6. + +2018-01-27 Alexandre Cassen + * keepalived-1.4.1 released. + * Improve and fix use of getopt_long(). + We musn't use a long option val of 1, since getopt_long() can return + that value. + getopt_long() also returns longindex == 0 when there is no matching + long option, and there needs to be careful checking if there is an + error to work out whether a long or short option was used, which is + needed for meaningful error messages. + * Write assert() messages to syslog. + assert()s are nasty things, but at least let's get the benefit of + them, and write the messages to syslog, rather than losing them down + stderr. + * Enable sorry server at startup if quorum down due to alpha mode + If alpha mode is configured on sufficient checkers so that a + virtual server doesn't have a quorum, we need to add the sorry + server at startup, otherwise it won't be added until a quorum has + been achieved and subsequently lost again. In the case where some + of the checkers remain in the down state at startup, this would have + meant that the sorry server never got added. + * For virtual servers, ensure quorum <= number of real servers + If the quorum were gigher than the number of real servers, the + quorum for the real server to come up could never be achieved, so + if the quorum is greater than the number of real servers, reduce it + to the number of real servers. + * Fix some SNMP keepalived checker integer types and default values. + Some virtual server and real server values were being sent to SNMP + with a signed type whereas the value is unsigned, so set the type + field correctly. + Some virtual server and real server values that apply to checkers + are set to nonsense default values in order to determine if a + value has been specified. Handle these values when reporting them + to SNMP replying with 0 rather than a nonsense value. + * Fix some MALLOC/FREE issues with notify FIFOs. + * Add instance_name/config_id to alert emails' subjects if configured. + If multiple instances of keepalived are running, either different + instance_names and/or config_ids, it is useful to know which + keepalived instance the email relates to. + * Ensure that email body string isn't unterminated. + Using strncpy() needs to ensure that there is a nul termination byte, + so this commits adds always writing a nul byte to the end of the buffer. + * Remove duplicate fault notification. + * Fix problem with scripts found via PATH with a '/' in parameters. + Recent discussions on issue #101 led to discovering that if an + executable without a fully qualified name was specified as a script + and there was a '/' character in the parameters, then the path + resolution would not work. + * Send SNMP traps when go from backup to fault due to sync group. + Commit 020a9ab added executing notify_fault for vrrp instances + transitioning from backup to fault state due to another instance + in the sync group going to fault state. This commit adds sending + SNMP traps in the same circumstance. + * Revert "Add instance_name/config_id to alert emails' subjects if + configured". This should be handled by setting router_id + * Add config option to send smtp-alerts to file rather than send emails + This is useful for debugging purposes. + * Add additional entry to Travis-CI build matrix. + * Fix segfault if no sorry server configured for a virtual server. + Issue #751 identified a segfault in vs_end_handler(), and it + transpires that the forwarding method of the sorry server was being + checked without first testing that a sorry server had been configured. + * Improve the log message when a master receives higher priority advert. + The log message reported in issue #754 + "VRRP_Instance(VI_1) Received advert with higher priority 253, ours 253" + is somewhat misleading since 253 == 253. + This commit improves the log message in this case be reporting that + the sender's IP address is higher and the priority is equal. It also + states the it was a master receiving the advert. + * First stage of making --enable-debug work + Issue #582 identified that compiling with --enable-debug produced + an executable that didn't work. + This commit largely makes that option work, but there needs to be + more work to make signals work. + * Generalise handling of signals. + * Don't assume json header files are in /usr/include/json-c + Use pkg-config to find the location of the json header files + when testing for the presence of the header files in configure. + * Add file updated by configure.ac change. + * Log more helpful message when healthchecker activated or suspended + Include the realserver in the log message + * Fix building with musl libc. + * fix spelling mistakes about keyword promote_secondaries in man page. + +2017-12-29 Alexandre Cassen + * keepalived-1.4.0 released. + * Add Linux build and runtime versions to -v output. + * Log kernel version and build kernel version to log at startup. + * Fix compiling with --enable-debug. + * Don't sleep for 1 send when exiting vrrp process if no vrrp instances. + * Streamline and rationalise use of child_finder function. + The child_finder function is simplified, and also stop using the + parent process' child_finder function in the checker process. + * Don't request bug report if script terminates due to seg fault. + The report_child_status() function would log a message requesting a + bug report if a check_misc script or a vrrp_track script exited due + to a seg fault. + * Handle vrrp track and check_misc scripts being killed by signal. + * Rationalise reporting of child process exit status. + report_child_status() is now only called in the main keepalived + program. The reporting of the exit status of vrrp track scripts + and MISC_CHECK scripts is now handled in the specific code for + those scripts. This means that non 0 exit statuses aren't + repeatedly reported for vrrp track scripts. + * eally fix reporting of child process exit status. + * Log a helpful message i using mem-check and too many allocs. + keepalived simply being terminated by SIGABRT with no diagnostic + message was unhelpful. + * Rename child_finder() to child_finder_name() etc + The function only finds the name of the child process, and not + the thread for the child process, so rename the function accordingly. + * Add log to file and no syslog options. + With large configurations the syslog can get flooded and drop output. + This commit adds options to not log to syslog, and also to log all + output to files. + * Add option to only flush log files before forking. + * Don't poll netlink for all interfaces each time add a VMAC. + We can poll for the individual interface details which significantly + reduces what we have to process. + * Print interface details in keepalived.data output. + * Be consistent with type of size parameter for mlists. + * Fix sign conversion warnings. + * Add high performace child finder code. + The code to find the relevant thread to execute afer a child process + (either a vrrp track script or a misc_check healthchecker) was doing + a linear search for the matching pid, which if there are a large number + of child processes running could become time consuming. + The code now will enable high performance child finding, based on using + mlists hashed by the pid, if there are 32 or more vrrp track scripts or + misc check healthcheckers. The size of the mlist is based on the number + of scripts, with a limit of 256. + * Improve high performance child termination timeout code. + * Fix high performance child finder cleanup code. + * Preserve filename in script path name resolution. + Some executables change their behaviour depending on the name by + which they are invoked (e.g. /usr/sbin/pidof when it is a link to + /usr/sbin/killall5). Using realpath() changes the file name part + if it is a symbolic link. This commit resolves all symbolic links + to directories, but leaves the file name part unaltered. It then + checks the security of both the path to the link and the path to + the real file. + * Handle scripts names that are symbolic links properly. + * Use fstatat() rather than stat() for checking script security. + If we use fstatat() we can discover if a file is a symbolic + link and treat it accordingly. + * Fix building with kernels older than v4.4. + * Fix building with --disable-lipiptc and --enable-dynamic-linking. + * Fix building with --without-vrrp configure option. + * Resolve unused return value warning. + * Fix some RFC SNMP issues. + * Attempt to fix mock builds. + * Fix parsing of broadcast + and broadcast - + * check_http.c: http_get_check_compare crash fixed in case of absense + of digest. + * Add -pie linker option. + Since -fPIE is specified for the compiler, -pie should be specified + for the linker. + * check_http.c: http_get_check_compare crash fixed in case of absense o. + * Fix use S_PATH and fchdir(). + S_PATH wasn't defined until Linux 2.6.39 and fchdir() doesn't work + with S_PATH until Linux 3.5 (according to open(2) man page). + * Fix building with Linux versions between 2.6.39 and 3.3 + Linux 2.6.39 introduced ipsets, but the kernel had some omissions + from linux/netfilter/ipset/ip_set.h header file, so the libipset + provided version needed to be used. + Note: RedHat backported ipsets to at least 2.6.32, so the problem + applied to earlier versions of RedHat Linux and Centos. + * Fix segfault when parsing invalid real server. + If the first real server ip address doesn't match the address + family of the virtual server, then we need to skip parsing the + rest of the real_server block. + * Make when vs_end_handler is executed + Commit 1ba7180b ('ipvs: new service option "ip_family"') added a + sublevel_end_handler vs_end_handler, but this was being executed + at the end of each real_server rather than after the virtual_server. + This commit adds a new parser function install_root_end_handler(), + and vs_end_handler is now installed using that function so that it + is executed at the end of the virtual_server rather than after each + real_server. + * Allow tunnelled rs address family not to match vs family. + The address family of a tunnelled real server does not have to + match the address family of its virtual server, so we need to + delay any setting of the vs address family from an rs address + until the end of the real_server block, so that we know whether + the forwarding method is tunnelling or not. Likewise the check + of the sorry server has to be delayed until the end of the + virtual server configuration (the tunnelling method may be + specified after the address of the real/sorry server). + The address family of a virtual server is only not determined + by the virtual server configuration itself if the virtual server + is defined by a fwmark and all of the real/sorry servers are + tunnelled. In this case the address family cannot properly be + determined from the address family of any tunnelled real servers. + However, to maintain backward compatibility with configurations + used prior to this commit, the address family of the virtual + server will be taken from the address family of the (tunnelled) + real/sorry servers if they are all the same; if they are not all + the same it will default to IPv4 (this is not incompatible since + previously mixed IPv4 and IPv6 real/sorry servers were not allowed, + even if tunnelled). + * Remove bogus warning for fwmark virtual servers. + "Warning: Virtual server FWM 83: protocol specified for fwmark + - protocol will be ignored" should not be given if no protocol has + been specified. + * Fix removing left-over addresses if keepalived aborts. + * Fix use of init_state after a reload. + Issue #627 identified that vrrp->init_state was being incorrectly + used in vrrp_fault(), since it is modified at a reload. + Instead of using init_state, we now use the configured priority + of the vrrp instance, so if the vrrp instance is the address owner + (priority 255) it will transition to master after leaving to fault + state, otherwise it transitions to backup. + * Remove init_state from vrrp structure + init_state is no longer used, so remove it from the vrrp structure. + Since it has been included in keepalived SNMP, it is preserved + solely for reporting in SNMP requests. + * Change conditional compilation _WITH_SNMP_KEEPALIVED_ to + _WITH_SNMP_VRRP_ + The functionality that the conditional compilation enabled was snmp + vrrp functionality, so make the name more relevant. + * Update error message in configure.ac. + * Add more configure options to Travis build matrix. + * Install additional libraries in Travis environment for new options. + * Fix some problem found by Travis-ci. + * Fix configure --disable-checksum-compat option. + * Remove DOS file formatting from .travis.yml. + * Add more configuration option to Travis builds and some build fixes. + * Tidy up some code alignment. + * Update openssl use to stop using deprecated functions + openssl from version 1.1 deprecated certain functions that keepalived + was using. This commit ceases using those functions if the version + of openssl is >= 1.1. + * Fix some issues identified by valgrind. + Some file descriptors weren't being closed at exit, and also one + or two mallocs weren't being freed. + * Set pointer to NULL after FREE_PTR() unless exiting. + * Allow sync groups with only 1 member, but issue a warning. + * Fix building with LibreSSL version of OpenSSL. + Unfortunately LibreSSL updates OPENSSL_VERSION_NUMBER, and its value + is higher that OpenSSL's latest version. When checking the version + number we need to check that we are not using LibreSSL (by checking + whether LIBRESSL_VERSION_NUMBER is defined). + LibreSSL also hasn't implemented the new functions that OpenSSL has + provided to replace functions that are deprecated or it is recommended + should not be used, and so if using LibreSSL the old functions need + to be used. + * Update genhash to stop using deprecated functions openssl functions. + * Remove last few Subversion source file version Id strings. + Some of the genhash source code still had Subversion Id strings, + and these are now removed. + * Add copyright update script. + * Copyright update. + * Remove outdated Version comment. + * Fix update copyright script. + * Include Makefile.in files in copyright update. + * Add replaceable parameters in configuration files. + * Fix some MALLOC/FREE issues with config parameters. + * Add multiline configuration definitions. + * Remove debugging messages left in lib/parser.c. + * Fix a FREE error. + * Fix keepalived.conf(5) man page. + * Fix type in keepalived.conf(5) man page. + * Suppress error message when removing leftover addresses at startup. + +2017-10-21 Alexandre Cassen + * keepalived-1.3.9 released. + * Stop segfault if SSL context cannot be initialised. + * Don't leave point to SSL data after freeing it. + * Fix memory leak if duplicate SSL context values specified. + * Don't initialise an SSL context if it isn't being used. + * Checksum compatibility should refer to v1.3.6. + * Update keepalived.spec.in for differences between Fedora and CentOS. + * change hash to something more even and hash size accordingly. + * also update size of hash in free_list. + +2017-10-15 Alexandre Cassen + * keepalived-1.3.8 released. + * parser: do not exit when glob() doesn't match any files. + * Use nodename as default id for conditional configuration. + If the node name returned by uname() is host123.abc.de, then + lines in the configuration file matching @host123 will match the + conditional configuration test. This means that it is no longer + necessary to specify the -i command line option if the conditional + configuration string used in the configuration is the node name. + * Option --i/--config-id parameter is not optional. + Since the config-id defaults to the hostname, there is no point + in allowing --config-id to be used without a parameter, just to mean + use the hostname. + * Use NULL instead of 0 for pointers in get_longopts struct. + * Some minor tidying up of the new JSON output code. + 1. Use SIGRTMIN+2 rather than (_SIGRTMIN + 4) + 2. Don't include JSON code if not building with VRRP + 3. Some code alignment fixes + 4. Some conditional compilation additions + * Add --signum command line option to report signal numbers. + Since keepalived is starting to use real time signals, and those + signal numbers are not fixes, this commit introduces a way to + ask keepalived to report those signal numbers. + * Stop command line option -i segfaulting. + * Fix config include files when file has no directory par. + When an include file name has no directory part, there is no + directory to change to, so don't try to do so. + * Use getcwd() malloc functionality if available. + * Add support for csh brace globs in config file names. + * Update documentation for config file include directive. + * Use fchdir() when changing direcories while reading include files. + The getcwd(3) man page recommends using open()/fchdir() rather than + getcwd()/chdir() since fchdir() is guarantee to return to the previous + directory even if directories have been renamed in between the first + chdir and the second. It also suggests that it is faster, and saves + mallocs or allocation of arrays on the stack of size PATH_MAX. + * Use alloc_value_block() for vrrp_vip_handler(). + * Fix whitespace error introduced in commit 9458c9b9. + * Reinforce that '@' conditional config character must be 1st on line. + The '@' conditional configuration character must be the very first + on a configuration, meaning that there cannot even by whitespace + before the '@' character. + * Check whether GLOB_BRACE is supported (it is not part of POSIX.2). + * When building a docker image, it appears that autoheader is required. + * Fix IPVS virtual server setup with persistence. + * Remove a merge conflict .rej file accidentally added to git. + This commit also updates the .gitconfig file to ensure that .rej + files will not be added in the future. + * config synopsis - cleanup line endings and comment alignment. + * conf examples - clean eol whitespace. + * conf examples - clean triple line breaks. + * add pair of config options used in misc_check. + * clean surprise tab character. + * many whitespace fixes; some missing docu added to synopsis. + * config docs - apply code review markups. + * Trivial updates to latest format cleaning patches. + * Allow conditional configuration to work with include statements. + * Allow '@' conditional configuration to be preceeded by whitespace. + +2017-10-01 Alexandre Cassen + * keepalived-1.3.7 released. + * Allow broadcast address to be specified as '-' or '+' + When configuring an ip address with a broadcast address, allow the + use of - and + (like ip(8)) to clear or set the host specfic bits of + the address, i.e. + 10.6.23.254/16 broadcast + result in a broadcast address of 10.6.255.255 + 10.6.23.254/16 broadcast - results in a broadcast address of 10.6.0.0 + * Change some code layout and macro/variable names + * Print unicast peer addresses in /tmp/keepalived.data + * Add negative conditional configuration. + A configuration line starting @main will only be included if + keepalived is started with option -i main. + This commit adds configuration option @^main, meaning that the + remainder of the configuration line will only be included if + -i main was NOT specified. + * Fix calculation of checksum for VRRPv3 IPv4 unicast peers. + Alternate unicast peers were being sent adverts with the checksum + set to 0. The reason for this was that the checksum field was not + being set to 0 before the checksum calculation, hence causing the + calculated checksum to be 0 for the second, fourth, sixth etc + unicast peer. + * Generate README from README.md. + * Only declare (and use) auth variables if compiling with authentication. + authtype_mismatch and auth_failure are only used if authentication is + enabled. + * The vrrp_t vmac flag should be a bool. + * Add include guard for vrrp_print.h. + * Log some additional vrrp variables. + * Make checksum change backwards compatible. + This commits adds the ability of keepalived to revert to using the old + checksum calculation if it sees an advert that has an old checksum. This + means that if an old and a new version of keepalived are working + together, once the new version has seen an advert from an old version, + it will drop back to using the old style checksum, and so the two + keepalived instances will work together. + There is a slight problem with this, though. If the old version starts + when a new version is master, if will report bad checksums. This should + be fine, since keepalived should discard the adverts, time out and send + an advert which would make the new keepalived revert to old checksums. + Unfortunately, keepalived does not completely ignore bad adverts, since + it resets its master down timer, even for bad adverts, and so it never + times out. However, in this scenario, there will still remain one master + and all the other keepalived instances will be in backup state, and so + VRRP functionality is preserved. + As identified in commit bcf2936 until commit 67275d2 keepalived did not + work with VRRPv3 and more than one other unicast peer, so for migration + we only need to consider two unicast peers. To upgrade, first upgrade + the keepalived instance that is in backup mode. This will see old + checksums when it starts, and so start using old checksums. The other + keepalived instance can then be upgraded and it will also see old + checksums when it starts up. In order to switch to using new checksums, + temporarily add the following line in the configuration of each vrrp + instance that is in master state: + old_unicast_checksum never + and then reload the keepalived instance by sending it SIGHUP. After the + master has restarted, restart the backup with a SIGHUP, and they will + then be using new checksums. The temporary old_unicast_checksum never + lines can now be removed from the configuration. + * Add checker bind_if keyword. + If a checker binds to a link local IPv6 address, the interface has + to be specified. + * Make DBus service name configurable. + * Make --config-id option default to hostname. + This is the equivalent of specifying --config-id `hostname -s`, and + makes it more straightforward to deploy the same configuration to + multiple hosts. + * Issue warning if more than 1 dynamic misc_checker per real server. + If different scripts return different exit statuses, the priority + of the real server will keep changing. The solution is to combine + the functionality into 1 script. + * Improve DBus error handling. + . Always clear errors to avoid leaks + . Check for errors when emitting signals + . Check for errors when registering objects + * Stop test tcp_server leaving zombie processes. + * Fix persistence_granularity handling + 1. vs->addr.ss_family should never be used to check address family of + vs since there may not be an address is using fwmark. + 2. If using fwmark, the address family may not be known when parsing + persistence_granularity + 3. Set address family from format of persistence_granularity if not + already set + 4. Ensure entire string is a number and is between 1 and 128 for IPv6 + 5. Ensure netmask specified for IPv4 is solid + * Ensure always check return from inet_stosockaddr when parsing config. + * Add lthreshold and uthreshold to keepalived.SYNOPSIS. + * Merge virtual server group addresses and ranges into one list. + A single address can be treated as a range with only 1 address, so + this reduces the number of lists that need to be processed when + handling a virtual server group. + A number of corrections were also made re hton/ntoh(s|l). + * Remove redundant setting of real server weight. + * Don't use vs->addr.ss_family for address family of virtual server. + A virtual server won't use vs->addr if it is defined by a fwmark or + it is uses a firtual server group. vs->af is the correct field to use. + * Make ipvs_update_stats() little/big endian aware. + * Simplify ipvs_update_stats(). + Don't run a state machine to collect all the stats, simple iterate + through the entries. + * Move fetching ipvs stats into ipvs_update_vs_stats(). + * Remove some #defines in ipvs_update_stats(). + * Streamline setup for changing ipvs configuration. + * Fix updating resolved notify script path names with parameters. + * Add silent option to test/tcp_server. + * Document default checker connect ip/port. + * Remove duplicate setting up of file name. + * Validate HTTP_GET and SSL_GET checkers. + Unsure that urls have a path specified, and that the checkers have + at least one url specified. + * Fix memory leak if SMTP_CHECK helo_name specified. + * Fix dumping of SMTP_CHECK host list. + * Don't allocate and copy default SMTP_CHECK helo name unless needed. + * Tidy up dumping SMTP checkers. + * Remove smtp_host_t typedef. + If is passed to functions that take a conn_opts_t parameter, so + we need to explicitly use the correct type. + * Simplify handling of host{} block in SMTP_CHECK. + This also allows specifying connect_ip, connect_port as well as + unsing host blocks. + * Add DNS_CHECK RRSIG and DNSKEY query types. + * Fix documentation re MISC_CHECK. + * Detect if no misc_path specified for MISC_CHECK. + If no path was specified, keepalived was segfaulting. + * Add some more error messages to socket_bind_connect(). + * Checker connections aren't always TCP. + * Report if checker bind_if is missing + If a link local IPv6 address is specified for a checker to + connect to, then a bind interface must also be specified, + otherwise the connect() call fails. + * If a real server has inhibit_on_failure, configure it at start up + If a real server had inhibit_on_failure set, but it also had an + alpha mode checker, then the real server should be installed at + startup with weight 0 to be consistent with what would happen if + the checker had been successful but then failed. + * Improve handling of virtual server groups. + If multiple virtual servers use the same virtual server group, and + the virtual servers have different protocols, or the virtual server + groups are defined using only fwmarks and the virtual servers have + different address families, then multiple versions of the entries + in the virtual server groups will need to be created as IPVS + virtual servers. + This patch handles the creation and removal of the necessary different + virtual servers for the virtual server groups. + * Add virtual server protocol types SCTP and none for SNMP. + * Handle virtual server with no protocol specified + This is valid if fwmarks are being used. + * Warn if a protocol is set on a virtual server using firewall marks. + * Don't check !LIST_ISEMPTY(vs->rs) after config is validated + In validate_check_config() any virtual server without any real + servers is removed, so there is no need to check subsequently. + * Don't allow virtual server groups without any addresses for fwmarks. + * Fix and optimise handling of promote_secondaries. + The promote_secondaries flag was being cleared by the first vrrp + instance that stopped using an interface, rather than by the last + instance. + * Fix the setting of mcast address for checksum compatibility + It was using INADDR_VRRP_GROUP rather than vrrp_mcast_group4. + +2017-09-15 Alexandre Cassen + * keepalived-1.3.6 released. + * Ensure locations of pid files is consistent + Issue #563 identified that the generated keepalived.service has the + wrong location for the pid file. On investigating this it was discovered + that keepalived isn't following the GNU coding standards for location of + pid files; however, we can't now move the default location of pid files. + This commit ensures that the keepalived.service file's location for pid + files is consistent with where keepalived is placing them, but also adds + a configure option --enable-gnu-std-paths, which means that keepalived + will use ${localstatedir} for the location of pid files, while the default + remains /var/run + * Stop logging that preferred_lft has been set to 0. + Some users are interpreting the message as a warning, and hence are + unnecessarily avoiding using a /128 netmask for IPv6 addresses. The + message doesn't really tell us anything useful, so remove it. + * Handle not being able to load ip_tables or ip6_tables modules. + When running in a docker container it isn't possible to load kernel + modules, so we need to cleanly handle a failure to load the modules. + * Don't segfault if unable to load ip_vs module. + In a docker container it isn't possible to load a kernel module. The + check code was detecting that it couldn't load the module, but the + checker process, when cleaning up prior to exiting, was assuming that + certain pointers had been initialised which hadn't been when an error + was detected so early in the initialisation. + This commit adds testing for uninitialised pointers during the exit + sequence. + * Fix releasing malloc'd memory for saved core pattern. + * Fix memory leak when adding iptables entries. + * Handle missing virtual server configuration. + keepalived was segfaulting if a virtual server had no real servers + configured. There were also issues of checkers running even if there + was missing essential configuration from a virtual server which meant + it could be set up. The problems were a virtual server group specified + but it didn't exist, a virtual server group with no configuration, and + a virtual server address family not match the address family of a virtual + server group. + * Don't attempt to remove ipsets if ipset handling not initialised. + * Delay initialising IPVS until affter processing configuration. + If IPVS isn't configured, there is not point in loading the ip_vs + module. + * Fix conditional compilation tests for _HAVE_LIBNL3_ + * Make dynamic flag bool. + * Don't report exit status of misc_check scripts. + The result of a change in status from a misc_check script is reported + by the code anyway, so to log any non-zero exit code is superfluous and + annoying. + * Work around conflict between kernel and libipset header files. + ipset copies linux/netfilter/ipset/ip_set.h (and other) header + files, producing local copies that are installed as + libipset/linux_ip_set.h etc as part of the libipset development + package. Unfortunately although the kernel changes the include + guards when processing its source code, ipset does not, and so + the duplicated header files have different include guards. + This patch detects if the include guards don't match, and if so + if linux/netfilter/ipset/ip_set.h is included, it defines the + include guard used by libipset/linux_ip_set.h before the latter is + indirectly included. + * add Dockerfile. + * Fix detecting default script uid/gid. + * Stop segfault when keepalived can't load ip_vs module. + * Add some additional docker support files and add make target docker. + The configuration file installed by make install isn't ideal to run + keepalived with, so add a simple keepalived.conf that will be + installed into the container. + Add make target docker, to build the docker image. + Add docker/README to give some information about building and using + containers (this is mainly so that I don't forget how to the details). + * Remove a line of debugging code. + * Don't complain about keepalived_script user if not needed. + keepalived logged a warning every time if the keepalived_script user + didn't exist. We only need that warning if there is a script that uses + the default user, and an alternative defult user isn't specified. + * Fix relative script path names with embedded spaces. + The space wasn't being restored after resolving the path name. + * Fix memory leak if notify scripts specified multiple times. + * Remove some residual debugging messages. + * Fix memory leak if quorum up/down scripts specified multiple times. + * Use realpath() to canonicalize script names. + * Fix missing PARAMETER_UNSET, which caused the global value of + vrrp_higher_prio_send_advert not to be used for each VRRP instance. + * Remove unused variable introduced in commit 1c5bfa29. + * Fix using virtual server groups following commit 5ca36cb. + * Set address port to be sequence number for virtual server group. + The format_vs() function uses the virtual server address port as + the sequence number of the virtual server instance using the virtual + server group, so we need to set it up. + * Warn if real server has no checkers when alpha mode. + If a virtual server is configured with alpha mode, and a real server + has no checkers, the real server will never be able to be activated, + so generate an appropriate warning. + * Only delete virtual server once if using a virtual server group. + If multiple virtual servers are using a virtual server group, the + virtual servers are defined by the virtual server group, and so they + should only be deleted for the first virtual server using the group. + There is still an issue that the configuration of all virtual servers + using the virtual server group needs to be consistent. + * Add further checks for LVS configuration. + * Document additional scheduling algorithms for IPVS. + * Change virtual_server_t loadbalancing_kind to forwarding_method. + The variable name loadbalancing_kind didn't represent the meaning of + the parameter, so change it to forwarding_method. + * Add fo and ovf scheduling types to SNMP. + * Only check one packet scheduling if supported. + * Add lvs_method per real server. + The lvs_method should be settable for each real server within a + virtual server. This commit maintains existing default behaviour + by using the lvs_method set against the virtual server as the default + for the real servers, but adds the option to configure the lvs_method + individually for each real server. + * Fix type in printing config of scripts. + * Convert some spaces to tabs. + * logger: output timestamps to console logs. + * Optimise handling of config_id in parser. + * Fix some typos. + * prog_type variable doesn't make sense when building a DEBUG version. + The DEBUG version runs everything in a single process, and to the + prog_type variable is meaningless in this case. This commit excludes + the prog_type variable by conditional compilation when building a + DEBUG version. + * Add home, -nodad, mngtmpaddr, noprefixroute, and autojoin address flags. + * Update documentation for commit cc67476. + * Add notify FIFO. + pull requests #568 and #587 and issue #584 have all identified that if + notify scripts are run in close succession, then order if processing of + those scripts is indeterminate, and this is causing systems that are + monitoring the state of vrrp instances to have the wrong state. + There have been various suggestions about how this should be resolved, + principally along the lines that the notify scripts should be run + synchronously, i.e. a notify script should not be run until the previous + notify script completed. While this would work, it adds some overhead to + keepalived, which currently does not monitor the exit status of notify + scripts. + There is a further issue with notify scripts that if a large number of + events occur in rapid succession (e.g. due to an interface flapping), this + can cause a large number of child processes to be created very rapidly. + This commit adds an alternative method for external processes receiving + notification of events. Instead of forking a script for each event, keepalived + will write to a named pipe. An external process can then read the pipe to + receive notification of events, and process them appropriately. This is + guaranteed to deliver events in the correct order. It also has the benefit + that there isn't the overhead of forking a child process for each event. + * If can't get local host name, set default router_id to "[unknown]". + Issue #588 reported that keepalived was segfaulting when generating + an SNMP trap in strlen(global_data->router_id), which presumable is + due to global_data->router_id being NULL. As a precaution set + router_id to "[unknown]" if get_local_name() fails". + * Implement SNMP reporting smtpServerPort. + Commit 128cd24 added functionality for specifying smtp server port + and commit bcb09b8a added smtpServerPort to the keepalived MIB, but + no code was added to report the port. This commit adds that functionality. + * Don't use PATH when executing FIFO script. + The path has already been resolved as part of checking the script + security, so there is no need to search the path. + * Log error if unable to execute FIFO notify script. + * Pass FIFO name to notify_fifo_script as parameter. + * Add FIFO notify for LVS notifies. + To match the FIFO notifies for VRRP, this commit adds FIFO notifies + for LVS. There are now three FIFOs available, a global one that + will send output for VRRP and LVS, one for VRRP only and one for + LVS only. + * Fix conditional compilation for --enable-debug + Commit 7947247 attempted to sort out making keepalived work with + --enable-debug, but unfortunately it used the wrong conditional + compilation variable (DEBUG instead of _DEBUG_). This commit + corrects the conditional compilation tests. + * Include protocol in virtual and real server output. + * Stop segfaulting if no script given for a vrrp_script. + * Fix a _DEBUG_ conditional compilation test. + * Fix incorrect expression in clear_services(). + * Fix use htons() instead of ntohs(). + * Fix bad file descriptor error at reload with no virtual servers. + * Delete disabled inhibit servers at reload. + * Add logging to remove sorry server at reload. + * Fix bad file descriptor error at reload with no virtual servers. + * Delete disabled inhibit servers at reload. + * Fix thread_cancel() for timed out threads. + * build: add basic .travis.yml file + * README.md: rename from README. + * build: add build status tag in readme file + All that's needed now, is for user `acassen` to + go to `https://travis-ci.org/` login with the Github + account, import repos from Github, and enable build + for keepalived [a checkbox/button]. + * Set sorry_server's fowarding_method. + * Further fix for thread_cancel() for child timeout threads. + Commit ade3d699 fixed removing read and write timeout threads + from the ready queue when they are cancelled. This commits adds + removing child timeout threads from the ready queue too. + * Fix warnings from ignoring seteuid/setegid return results. + * Fix dynamic linking with early versions of libnl3 without nla_get_s32. + * Updated autoconf files due to autoconf upgrade. + * Fix compiling with namespace collisions in net/if.h and linux.if.h. + * Update travis configuration. + This commit includes the installation of development library + packages, updated kernel header files, using trusty for the builds, + and adding more build options. + * Reinstate distributing (renamed) README.md file. + * More updates for updated automake/autoconf. + * Fix new warnings produced by gcc 7. + * Migrate failed checkers at reload (provisional implementation). + * Implement comparison of checkers. + genhash: libraries to link with should be put in LDADD, not LDFLAGS. + * configure.ac: fixed build on older systems, namely CentOS 6. + Provide AS_VAR_COPY if missing and downgrade autoconf dep to 2.63. + * Fix worng migrate of checker-id. + * Set active if new failed_checkers is empty. + * Fix typo in interface details printing. + * Enable vmacs to work when sysctl net.ipv4.conf.all.rp_filter > 0. + A number of distros now set net.ipv4.conf.all.rp_filter = 1 by default. + This means that when a vrrp instance is in the master state, it cannot + receive adverts sent by a higher priority master, and hence we end up + with 2 masters. + I tried an alternative of receiving on the base interface, but no packets + that have the same source MAC address as an interface on the system + (i.e. the vmac interface) get delivered to the socket. + For distros such as Fedora, RHEL, CentOS, ArchLinux, all.rp_filter = 1 + due to systemd commit + https://github.com/systemd/systemd/commit/1836bf9e1d70240c8079e4db4312309f4f1f91fd + The reason given for the commit is to work around a boot-time race condition + where interfaces created before default.rp_filter is set do not get the + updated default.rp_filter setting, and so the all.rp_filter setting is used + to override the individual interface settings. This doesn't seem the right + solution to the problem, since it prevents any interface running with + rp_filter = 0, and that is what we need for vmacs. I have filed an issue + report for systemd at https://github.com/systemd/systemd/issues/6282, but + in the mean time we need to work around the issue. Ubuntu sets all.rp_filter=1 + in /etc/sysctl.d/10-network-security.conf provided by the procps package. + Debian doesn't set all.rp_filter. + The only solution I have found, and I am not entirely happy with this since + it has effects beyond keepalived and affects the system as a whole, is to set + all.rp_filter = 0. In order to seek not to change the operation of the system, + if default.rp_filter < all.rp_filter, default.rp_filter is set to all.rp_filter, + thereby ensuring that any new interfaces created will take the original value + of all.rp_filter. It then iterates through all existing interfaces, and + {interface}.rp_filter is set to the value of all.rp_filter if + {interface}.rp_filter < all.rp_filter. all.rp_filter is then set to 0. + This means that all interfaces should behave in the same way as before, since + the behaviour of rp_filter is defined by the maximum of + {interface,all}.rp_filter, but we are not able to operate the vmac interfaces + with rp_filter = 0. When keepalived exists, it restores the original settings + of rp_filter if they are the same as what we set them to. + * Only restore rp_filter on interfaces if same as we set them to. + If rp_filter has been altered since we set it, then do not restore + it to the original value. + * Update files for build fix commits. + Commits 2cccc97 and a932cf2 provided fixes for building on CentOS6. + This commit updates genhash/Makefile.in in line with + genhash/Makefile.am and adds a comment to autoconf.ac regarding + when autoconf introduced support of AS_VAR_COPY. + * Fix build error at when _HAVE_IPV4_DEVCONF_ was undefined. + * Remove unnecessary parameter compare. + * Resolve compiler warning introduced by commit 8361b11. + * Remove debugging log messages added in commits 99fe626 and 6ec26e0. + * Fix compiler warning and remove unwanted log messages. + * Make a couple of checker variables non global. + * Correct comparison for checker compare in migrate_failed_checkers. + Commit 2ff6b3f changed the sense of the comparisons of checkers, + but didn't make the corresponding change to checking the result. + * Fix keepalived.doc(5) man page. + * Add virtualhost config for real servers. + Different real servers may want different virtualhost config + settings. The real server virtualhost setting overrides the + virtual server virtualhost setting. + * Allow virtualhost to be specified per checker and per url. + * Fix compiling with SNMP enabled. + * Fix compiler warnings when use configure --enable-conversion-checks. + * Fix an unintentional case fall-through. + gcc 7 identified two case statement fall-throughs. One was intentional, + but the other was a bug. The latter is now fixed, a comment is added + for the former so the warning isn't generated. + * Fix commit cc67476 to allow flags for static and virtual ip addresses. + * Fix handling of more recent ip address flags. + Recent ip address flags have exceeded 8 bits, and so the IFA_FLAGS + attribute needs to be used, rather than the ifa_flags field. + * Fix typo in help. + +2017-03-19 Alexandre Cassen + * keepalived-1.3.5 released. + * Ensure nopreempt is not set if address owner. + * Remove hardcoded paths from init files. + * Add configure option to override system init type. + * Fix some configure tests for init type. + * Add support for ip rules uidrange option. + This option was added in Linux 4.10. + * Resolve compiler warning on 32 bit systems. + There were two warnings in lib/timer.c for signed vs. unsigned + comparisons on 32 bit systems. + * Add missing documentation for ip rule uidrange. + * Include snapcraft.yaml tar file. + * Remove extraneous EXTRA_DIST directory. + * Add library requirements for ArchLinux. + * Allow tracking and misc_check scripts time to terminate after + timeout. If a script exceeds the timeout, it is sent a SIGTERM, + and then if it still doesn't terminate, it is sent a SIGKILL. + The problem was that the script was only allowed 2 microseconds + to terminate, whereas it should have been 2 seconds. + * Fix script paths when converted to absolute path names. + If a tracking or misc_check script is not specified by a fully + qualified path name, but rather it is resolved via PATH, the updated + patch name wasn't being saved for tracking or misc_check scripts. + * Remove yet more hardcoded paths. + * Make git ignore keepalived.service file. + * Streamline signal handling initialisation. + * Report track script name if it times out. + keepalived was simply reporting that pid nnnn had timed out, which + didn't give any indication of what script it was that had timed out. + This patch now means that the script name will be logged rather than + the pid. + * Fix conditional configuration for config read via alloc_value_block(). + The code for handling conditional configuration was in the wrong function. + This commit move it to read_line() so all configuration is read in the + context of @system_id conditional lines. + * Fix compiling with --disable-vrrp. + When building without vrrp, the checker process still needs to + know about IP address creationg and deletion in order to allow the + ha_suspend configuration option to work. + * The checker process never needs to monitor interfaces. + * Move vrrp_ipvs_needed() to vrrp_daemon.c. + * Remove some unnecessary includes of check_data.h. + * Make ha_suspend work when building without vrrp. + Support of ha_suspend was only enabled when keepalived was built + with vrrp support. There may be other processes that are adding and + deleting ip addresses, so support of ha_suspend should be enabled when + building without vrrp support. + Also, the vrrp process doesn't need to call the update_checker_activity() + function when addresses are added or deleted. + * Don't use netlink address monitoring if not using ha_suspend. + * Make --release-vips (-X) option work. + 'X' was not included in the optstring for getopt_long(), and so + --release-vips option was not recognised. + Further, only enable VRRP and checker specific options if compiled + with that functionality. + * Only report added/deleted addresses if relevant to keepalived. + Logs could get full of messages reporting address addition/deletion + that were of no relevance to keepalived. By default, keepalived will + now only report address additions/deletions with the -D option if + the address is relevant to keepalived. + The -a option is added to log all address additions/deletions. + * Remove all #ifdef _WITH_LVS_ from checker code. + If building the checker code, _WITH_LVS_ is always defined (_WITH_LVS_ + means build the checker code), so there is no point testing if it is + defined in any of the checker code. + * Only include vrrp header files when building with vrrp and also for + check. Make sure vrrp header files are only included if building with + vrrp (i.e. without --disable-vrrp), and likewise only include check + header files if compiling with LVS support (i.e. without --disable-lvs). + * Add test/tcp_server.c for testing TCP_CHECK. + * Make -a option work without ha_suspend. + * Fix integer types. The correct, standard integer types are uint8_t and + uint16_t, not u_int8_t nor u_int16_t (the latter being kernel types). + glibc and uClibc may define the kernel-compatible types, but musl (which + is standards-compliant) does not. + * Fix warning when compiling without libnl. + * Add including where those types are used. + * Add option to not use dlopen() for libipset, but link at link time. + * Remove superfluous (duplicated) block of code. + * Add option for dynamic (run-time) linking to libip[46]tc. + * Fix dynamic linking of libiptc without ipsets. + * Check iptables/ip6tables commands available before using them. + * Fix some conversion check compiler warnings. + * Make configure option --disable-routes do something. + * Don't link to libdl if not needed. + * Fix compilation with --disable-vrrp. + * Don't link to libraries not required by configuration. + * Remove all authentication code if --disable-vrrp-auth specified. + * Remove FALLBACK_LIBNL1 and use existing _HAVE_LIBNL1_ instead. + There was no point in a separate FALLBACK_LIBNL1 since it and + _HAVE_LIBNL1_ always had the same value. + * Add udp functionality to tcp_server test program. + * Fix check_conditional_tests script. + * Add option for dynamic (run-time) linking to libxtables. + * First stage of run-time linking to libnl-3. + * Dynamic/static linking options of libnl/libnl-3, libip[46]tc and + libipset. libnl/libnl-3, libip[46]tc and libipset can all be dynamically + linked at run-time, and if they are not available, keepalvied will use + the alternative code which is used when the libraries cannot be linked + a build time. + This means that a single executable keepalived can be created that will + use the libraries if they are installed on the target system, but will + fall back to the alternatives if the libraries are not available. + This is useful for build environments such as Buildroot which will not + force optional dependencies (see pull request #540), since now keepalived + can be built so as not to force the optional dependencies, but to make + use of them if they are installed. + * Fix building without libnl/libnl-3. + * Don't allow adver_int to be rounded down to 0. + * Fix creation of iptables entries on more recent kernels. + On a 4.9.13 kernel iptables entries were being created with + return-nomatch ! update-counters ! update-subcounters, as shown by + the iptables command. + Although it is not understood why these options are being added, it + transpires that the problem occurs when using version one of the + xt_info_set_match, but doesn't occur when using version 4 of the + structure. + This patch ensures that the latest version of the structure that is + supported by the kernel is always used. + * Fix updating /proc/sys/kernel/core_pattern. + Reset file offset to beginning of file between reading the file and + writing new contents. + * Fix printing of smtp_server port. + * Handle failure if fail dynamically to get address of a libipset function. + * Be defensive in case fail to get addres of a libipset function dynamically. + * Fix evaluation of library names for run-time linking. + * Show failed ipset dl function. + * Provide explicit DL error messages and fix autobuilt snap version. + * Fix formatting of email message for CHECK_SMTP failures. + The format string passed to smtp_final() can contain format specifiers + so a further pass through printf is required. + * Add printf format attribute to vlog_message(). + * Add higher_prio_send_advert vrrp config option. + There is a problem if two vrrp instances, due to becoming isolated, + both become master, since they will both have sent GARP messages. + Setting higher_prio_send_advert and garp_lower_priority_repeat means + that if a master receives a higher priority advert, it will send its + own lower priority advert before it transitions to backup. The higher + priority master, on receiving a lower priority advert, will then send + GARP messages, and so the ARP caches will then be correctly updated. + Using the higher_prio_send_advert option may be considered not to + conform to the VRRP protocol (725) to (765) in state description of + RFC5798, however, since which of the two masters advertises first + after they can both see each other again is random, there is a 50% + chance that the lower priority instance will send an advert before the + higher priority instance, so to all external observers it will appear + that this is the case, or at least that the adverts overlapped. + * Fix higher_prio_send_advert in lower priority master. + * Load the ip_tables module if using iptables. + We cannot guarantee that the ip_tables modules has been loaded, so + we load it ourself if using libiptc. + * Fix (cosmetic) conditional compilation test. + * Fix building with --enable-libxtables-dynamic --disable-libiptc. + * Enable compilation with namespaces if SYS_setns is not defined. + * Fix compiling with struct xt_set_info_match_v0. + * Check to libnfnetlink.h and netlink.h with libnl v1 too. + * Workaround missing libraries from pkg-config --libs libiptc. + Old version of libiptc don't report requirements on libip4tc and + libip6tc, so check if the output from pkg-config is only -L.* -liptc + and if so add -lip4tc -lip6tc. + +2017-02-18 Alexandre Cassen + * keepalived-1.3.4 released. + * Fix generation of lib/git-commit.h when building a tagged commit. + * Define GIT_DATE and GIT_YEAR when generating default git-commit.h + This issue was caused by commit 5287f03 which didn't define GIT_DATE + and GIT_YEAR in all circumstances. + +2017-02-14 Alexandre Cassen + * keepalived-1.3.3 released. + * Fix unitialised use of misck_checker in script timeout. + * Fix detection of no netlink being installed. + * Fix conditional compilation for LIBIPVS without netlink. + * Terminate child processes if parent dies. + If the parent keepalived process is killed, the child processes will + be orphaned and can cause problem when attempting to restart + keepalived. This patch makes use of prctl with PR_SET_PDEATHSIG such + that all child processes will receive SIGTERM if the parent process + dies. + * Ensure syslog and mem_check_log open before using them. + A segfault was occuring when --enable-mem-check-log option was + selected, due to attempting to write to the log file before it had + been opened. It was also evident that there could be attempts to + write to syslog before that had been opened too. + * Fix building on Centos 7/RHEL 7 re lightweight tunnel encapsulation. + RedHat have partially backported lightweight tunnel encapsulation + into their kernel, but not included MPLS or ILA. We need to have + conditional compilation for LWTUNNEL_ENCAP_MPLS and LWTUNNEL_ENCAP_ILA + rather than just checking for RTA_ENCAP. + * Update documentation for tracking scripts weight 0. + weight default is 0, which means tat a failure implies a FAULT state. + * Reinstate code checking module ip_vs loaded. + Commit d900df2 removed a bit to much code that looked as though it + wasn't doing anything, with the result that the check of whether the + ip_vs module was loaded didn't occur. + This commit reinstates the code for checking, and if necessary loading, + the ip_vs module, but also sanitises the code slightly. + * Fix some more compiler warnings. + * Fix a typo in a help message in configure.ac. + * sorry_server: keep sorry_server on reload. + * sorry_server: set it up on start or reload if quorum is down. + on start: in alpha mode. + on reload: if changed, or no previous sorry_server. + * Added doc for priority 4th parameter to notify script. + * ipwrapper.c: make functions void if return value not used or constant. + Several functions in check/ipwrapper.c were always returnung the same + value, and the code calling the functions then checked and returned an + error if the return value was not the value always returned. Also, for + some functions returning a value the return value was never checked in + the calling function. + Making the functions void, and removing the if (...) makes the code easier + to read, and potentially slightly more efficient. + * Add snapcraft.yaml for CI build publication. + * Fix missing documentation for 4th parameter of notify action. + * Make builds reproducable, and copyright date reflect latest commit. + Pull request #503 provided an update to facilitate reproducable builds, + and also ensure that the copyright date doesn't postdate the last source + code modification. Unfortunately the commits required manual updates to + change the copyright year, thereby creating maintainability issues. The + commit also allowed fake build dates to be specified. + This commit takes an alternative approach, and takes the dates used for + the copyright message and the version date from the date of the last git + commit. + If the code is build from within a git tree, this is straightforward. On + the other hand, the code may be build from tarball, so we ensure that + the lib/git-commit.h file is updated when the tarball is built, and + included in the tarball. + * Add option to force building without libnl/libnl-3. + This option is really only for test purposes to build keepalived + without libnl even though libnl is installed. + * Log errors if configure IPVS with IPv6 if not using libnl. + The socket interface for configurating IPVS does not support IPv6, + so rather than leaving the user with the error message + "Operation not supported with specified address family" + give a meaningful message in the log. + At configure time, a warning will also be generated stating that + IPVS will not support IPv6. + * Ensure IPVS address families match. + Don't allow a mixture of IPv4 and IPv6 addresses in a virtual server + group, or within a virtual server. + * When dumping an IPVS IPv6 address range, use hex. + * Log if virtual_server_group doesn't exists, or address family mismatch. + If a virtual server is configured to use a virtual server group but that + virtual server group doesn't exist, then log an error. + Also, if the address family of the virtual server group and virtual server + don't match, log an error as well. + We really ought to be removing the virtual server from the configuration, + but I haven't worked out how to do that yet. + * Don't flag changes to automake/conf generated files as source changes. + The output of keepalived -v adds a '+' if there are uncommitted changes to + the source code. However, we aren't interested in changes to the autoconf + or automake generated files, since these aren't really "source" files, and + are only included in the git repo to allow building on systems without + autoconf/automake. Further, the differences may simply be due to different + versions of autotools being used. + * Minor formatting updates to Sphinx documentation. + * Enable configure to work with ash. + * Handle sysconf() returning -1 for _SC_GETPW_R_SIZE_MAX. + * Report ignoring virtual server if group specified doesn't exist. + It's too difficult to remove the virtual server from the configuration, + but the error will be reported in the log, and so the sysadmin should + resolve the configuration. + * Updated snapcraft.yaml location. + * Move snapcraft and reflect master version. + * Add libipset3 to snap stage packages. + * Allow for keepalived to be a command in /snap/bin/ as well as a daemon. + * Add 'source-type: git' to avoid dirty commit versions. + * Update gitignore for clean snap commit versions. + * Resolve not adding '+' to git version in snapcraft builds. + This is a temporary workaround to the problem of snapcraft deleting + the snap/snapcraft.yaml file from its clone of the git repo (see + https://bugs.launchpad.net/snapcraft/+bug/1662388 for details). + * Add cleaning of snapcraft generated directories/files. + * Add support for Alpine Linux. + This commit adds detection and support of the OpenRC init system. + * Add details of what libraries are needed for various Linux distros. + * Force recreating automake/autoconf files when building with rpm. + If an autoconf/automake source file is patched as part of the rpmbuild + process, then some of the autoconf/automake generated files may be + regenerated, and this can cause a mismatch if the versions of autoconf/ + automake on the system building the rpm don't match the versions + that were used to generate the files that have been committed to git. + This patch changes the keepalived.spec file to always run autoreconf -f -i + to ensure the generated autoconf/automake files are aligned to the right + version. + +2016-11-26 Alexandre Cassen + * keepalived-1.3.2 released. + * Correctly handle return code from system() call. + If we want to check for an exit status, WIFEXITED(ret) must be + checked first. + * Fix compilation where SNMP enabled. + * Fix a couple of SNMP errors. + The length of KEEPALIVED-MIB::version was being returned a sizeof(char *) + rather than strlen(char *). + VRRPv3 vrrpv3GlobalStatisticsDiscontinuityTime was being completely + mishandled. + * Add additional files needed to build from git without autoconf. + * Don't save and restore current directory twice with config includes. + * Don't recognise an executable file as a configuration file. + * Allow maximum path names for configuration files. + * Don't check for include file after reaching EOF. + * Fix a segfault if terminating at startup do to interface not found. + * notify: log error while performing set{gid,uid}. + Log error message while setting goup and user before system call. + Maybe we should avoid system call on error if {gid,uid} are used, would + be more secure. + * Don't execute a script if setuid or setgid fails. + This was suggested in the comment of commit 849615d and is clearly + the right (secure) thing to do. + * If a script doesn't have a '/' in the name, search PATH for it. + This also handles spaces in script specifications where they are + parameters. + * Don't allow accept when strict mode set if not address owner. + This commit changes keepalived from just issuing a warning to also + disable accept mode when strict mode is set. + Patch submitted by levin1. + * Added init_fail setting to assume failed state for vrrp_script during + startup of keepalived. + * When checking script security check set uid/gid bits too. + Although the setuid/gid bits are ignored for scripts, they are + not ignored for binary executables, and there is no point in having + the bits set for scripts. So we play safe, and simply check those + bits, and don't attempt to ascertain if it is a script or not. + * Disable scripts that aren't executable. + system() on a non-executable script will fail, so we may as well + just not try executing such a script. + * Exit if can't read configuration file. + If we have no configuration, we have nothing to run, so exit. + * Don't chdir("/") if not forking. + In keepalived_main() there is a comment that the working directory + is / unless keepalived is run in non-forked mode, in which case it + remains the current working directory when keepalived was run. + Unfortunately start_vrrp_child() and start_check_child() were + executing chdir("/") regardless of whether they had been forked or not. + Since the parent process does chdir("/") if it is appropriate, the + children will inherit that, so they don't need to chdir() at all. + * Only set umask(0) in parent process. + The children inherit it from the parent, so no need to set it in + the vrrp or checker child processes. + * Further changes for script init state failed. + * notify: use _GNU_SOURCE. + Just to make compiler happy about inconsitent declaration of mempcpy + and strchrnul. Just cosmetics here. + +2016-11-21 Alexandre Cassen + * keepalived-1.3.1 released. + * Ensure lists aren't empty when checking script security. + * Correctly check security of scripts with parameters, and check + checker notify/quorum scripts + * Check security of real/virtual server notify scripts. + * Handle space in filenames appropriately when checking script security. + The generic notify scripts can have spaces in their filenames, all other + scripts spaced delineate parameters. + +2016-11-20 Alexandre Cassen + * keepalived-1.3.0 released. + * Add DBus functionality to VRRP. + Add new pthread off VRRP to expose DBUs service org.keepalived.Vrrp1 + through a GMainLoop. + Create a general /org/keepalived/Vrrp1/Vrrp DBus + object and a /org/keepalived/Vrrp1/Instance/#interface#/#group# object for + each VRRP instance. + Interface org.keepalived.Vrrp1.Vrrp implements methods PrintData, + PrintStats and signal VrrpStopped. + Interface com.keepalived.Vrrp1.Instance implements method SendGarp + (sends a single Gratuitous ARP from the given Instance), + signal VrrpStatusChange, and properties Name and State (retrievable + through calls to org.freedesktop.DBus.Properties.Get) + Interface files are located at location /usr/share/dbus-1/interfaces/ + A policy file, which determines who has access to the service, is + located at /etc/dbus-1/system.d/ + * Resolve DBus working after a reload + thread_destroy_list() was closing file descriptors of read and write + threads, but we wanted the DBus pipes to remain open. It transpires that + closing the fds in thread_destroy_list() is unnecessary, since they are + closed elsewhere anyway, so stop closing the fds in thread_destroy_list(). + * Add stronger compiler warnings (-Wextra). + The following bugs were discovered: + check_smnp_realserver_weight() + comparison if unsigned value < 0 + alloc_ipaddress() + comparison of unsigned == -1 and not checking + return status of find_rttables_scope() correctly + read_line() + accessing element buf[18446744073709551615] + ie. buf[2^64-1], which is the same as buf[-1]. + The following improvements to the code were made: + Many unused function parameters + either removed or marked unused + Many signed vs. unsigned comparisons + In most cases variables change to be unsigned + Lengths being stored in signed variables + * Rationalise checking of libnl-3. + * Bring generation of rpmbuild keepalived.spec file up to date + The keepalived.spec file is now created to match the options passed + to configure. It also detects if the system init process is systemd, + upstart or the traditional SYSV init system. + * Add more BuildRequires to keepalived.spec.in. + * Further improvements to keepalived.spec.in for systemd systems + * Change some configure.ac variable names due to using PKG_PROG_PKG_CONFIG + * Fix configure.ac to make RedHat hardened rpm builds work + CFLAGS, CPPFLAGS and LIBS variables were not being preserved by + configure.ac, and this caused needed CFLAGS to be lost when + configure was run, resulting in a build failure. + This commit ensures the flags are all preserved. + * Allow for automake macro AM_PROG_AR not existing. + * Add support for UDP socket to layer4 library. + * Add DNS checker. + * Update documentation for DNS health checker. + * Fix compile check for PE selection support. + * Add file missing from add-dns-checker commit. + * Update commits for correctly checking for IPVS_SVC_ATTR_PE_NAME. + The upadted configure and lib/config.h.in weren't included in the commits, + and to be consistent the comment on what Linux version introduced the feature + is in configure.ac if the test exists in configure.ac + * Fix conditional compilation test for FRA_OIFNAME. + * Fix compilation test for IFLA_INET6_ADDR_GEN_MODE. + * Fix compilation test for IPVS_DEST_ATTR_ADDR_FAMILY. + * Fix compilation test for IPVS_DEST_ATTR_STATS64 and IPVS_SVC_ATTR_STATS64. + * Fix compilation test for RTA_VIA. + * Fix compilation test for CLONE_NEWNET for DBus. + * Fix issue of overwriting the original disposition of signals. + * Improve forced termination of script execution process and its offspring. + * Improve propagate important signal for the script process groups. + * Use argument instead of static variable. + * Fix bug around the process group. + * Use SIGTERM instead of SIGHUP. + * Stop linking with -lipset. + libipset (if used) is dynamically linked at runtime, and so keepalived + shouldn't be linked with -lipset. + Linking with -lipset was erroneously added when converting the build + system to use automake. + * Report diagnostic message if dlopen() fails. + * Fix loading of ipset library when development library not installed. + * Don't use ipsets with namespaces on Linux < 3.13 by default. + On Linux prior to version 3.13, ipsets were not network namespace + aware, so by default the use if ipsets is disabled if keepalived + is running in a network namespace. Configuration keyword + 'namespace_with_ipsets' enables ipset use with a network namespace + on these older kernels. + * Fix reporting of script exit status. + * Update documentation and fix compiler warning re ipset with Linux < 3.13 + * Make report_child_status() check for vrrp and checker child processes + report_child_status() checks for exit status KEEPALIVED_EXIT_FATAL + and KEEPALIVED_EXIT_CONFIG, but these are only relevant for the vrrp + and checker child processes, and not for track scripts etc. This commit + adds a check that the terminating process is the vrrp or checker process + before checking those exit statuses. + * Add no_accept mode for VRRPv2 and standardise VRRPv3 with it + RFC3768, for VRRPv2, specifies that packets addressed to the VIPs + should not be accepted, unless the router is the address owner. + This commit implements not accepting the packets when running VRRPv2, + but only if no_accept is specified, or running in strict mode. The reason + for not making no_accept the default (which would confirm to the RFCs) is + that if running IPVS, or any other service on top of the VIPs, we need to + be able to accept the packets, and requiring everyone to specify accept + in that case would not be reasonable. + Prior to this commit, VRRPv3 was blocking packets sent to VIPs (and eVIPS), + unless the vrrp instance was the address owner, or accept mode was set. This + commit changes the default behaviour for VRRPv3 to make it consistent with + VRRPv2 (i.e. either strict mode or no_accept needs to be specified to be + conformant with RFC5978). + * Tidy up logged messages if ipset initialisation fails. + * Streamline MII polling. + We only need to read 2 MII registers, and not 32 as was previously being + done. + This commit also uses the header file for field and + register definitions. + * Simplify bitops.h code. + * Resolve warnings generated with compiler option -Dconversion. + Most of the warnings were resolved by changing the data types of some + variables. Others required casting, particularly where kernel interfaces + are involved. + There were a few instances discovered that were errors, for example comparing + an unsigned int against -1, and assigning a 16 bit value to a uint8_t. + This commit also adds configure options --enable-conversion-checks and + --enable-force-conversion-checks, the former adds compiler option -Dconversion + unless the compiler is an old version that throws up false warnings. Option + --enable-force-conversion-checks adds -Dconversion even if the compiler throws + up known false warnings. + * Fix some minor errors/typos in doc/keepalived.conf.SYNOPSIS. + * Fix keyword error in sample configuration. + * Fix typo in genhash error message. + * Fix address ranges for virtual server groups + The handling of address ranges was only written for IPv4 addresses, and + only worked on little endian systems. + This commit enables IPv6 address ranges to work, and also should now + work on big endian systems (but I don't have access to a big endian system + to test it). Validation is added to ensure that the end of the range is after + the start of the range, and that the value of the range end does not exceed + 255 (for IPv4) of ffff (for IPv6). + There is also some optimisation of the code, so that netmask is not set (since + it isn't used by the kernel), and the port is set once only, before the loop + through the addresses. + * Add --enable-Werror configure option. + * Add promote_secondaries keyword for vrrp_instance block. + If two IPv4 VIP addresses are in the same CIDR, and the primary + address is removed, then by default any other address in the same CIDR is + also removed. To stop this happening, the promote_secondaries flag + needs to be set on the interface. + Commit e5526cf added setting the promote_secondaries option on + VMAC interfaces, and stated that adding the option for non-VMAC + interfaces would be added later. This commit now adds a + promote_secondaries configuration option in order to set the flag + on the interface. + * Add reporting of promote_secondaries configuration setting. + * Add conditional configuration feature + It is usually the case that the configurations for keepalived for + systems operating together are virtually identical, and only differ + in vrrp instance priorities, router id, and unicast addresses if + those are being used. + It is a nuisance to have to edit one file for each server to make + identical changes, so this commit adds the facility for conditional + configuration entries. + Any line starting with the '@' character is a conditional line. + Immediately following the '@' character is a config id. The line is + only included in the configuration if the config id matches the + argument passed to keepalived with the -i option on the command line. + For example, consider the following configuration snippet: + global_defs + { + @main router_id main_router + @backup router_id backup_router + } + If keepalived is started with -i main, then the router id will be + main_router, if started with -i backup, then backup_router. If + keepalived is started without the -i option, or -i anything else, + then the above snippet will not configure any router id. + * Fix building with --disable-vrrp. + * Stop segfaulting when configuration keyword is missing its parameter + There are many places where during configuration parsing the code + assumes that if a keyword is specified that requires a parameter, then + the parameter exists. If the parameter doesn't exist, then the code + indexes past the end of the vector, and at best segfaults, and at worst + may carry on, parsing random data. + This commit adds strvec_slot() which checks for the presence of the + parameter, and if configured will call a function that can handle the + error. Currently this logs that the parameter is missing, with as much + helpful information as it can provide, and then terminates. + * Use FMT_STR_VSLOT where appropriate. + * Use TIMER_HZ where appropriate. + * Fix comment and error message re http write timeout. + * More verbose logging on (effective) priorities pt. 2. + * Change configure option --enable-snmp-keepalived to --enable-snmp-vrrp + The option was enabling snmp for vrrp, not all of keepalived (the + --enable-snmp option does that), so this commit renames it to reflect + what it is actually doing. + The --enable-snmp-keepalived option is retained but marked as obsolete. + * Use AS_HELP_STRING autoconf macro. + * Fix process increase + * Add forcing termination of children of scripts if script times out + Commits fe9638b..cebfbf5 resolved problems around forced termination + of scripts if they didn't terminate within the proscribed time. During + the development of the patches, it was identified that after a script + had been terminated by SIGTERM, any child processes created by the + script also need to be kill. + This commit adds the forced termination of any such children. + * Correctly handle existing VMACs on reload. + Anthony Dempsey in issue #449 identified that + keepalived attempts to recreate existing VMAC interfaces on a reload, + and that the subsequent failure causes keepalived not to use the VMAC. + This then identified further issues such as the check for an existing + VMAC in netlink_link_add_vmac() didn't also check the interface a + VMAC was on, and that the checks for conflicts of VMAC interface names + with existing interfaces weren't sufficient. + This patch builds on the patch provided by Anthony Dempsey to also + resolve the additional issues identified. + * Fix check of matching VRRP instances on reload. + On a reload, clear_diff_vrrp() removes vrrp instances that are no + longer in the configuration. The check, however, was based on vrrp + instance name, which might have changed. The check is now based on + VRID, address family and interface, since it is this triplet that + uniquely defines a vrrp instance. + * Fix clearing addresses no longer used after a reload. + The address comparison was including ifa_index, but that wasn't being + set up until after clear_diff_vrrp() was called. + * Don't zero the mem_allocated count during reload. + We want to know if there is a leak during reload, so don't zero the + counter. + * Ensure iptables/sets entries and ip routes/rules not lost on reload. + There were several places in the code that were causing existing + iptables/ipsets entries to be lost on reload, and also new entries + for additional ip addresses were deleted after being added. In + addition, ip rules/routes for existing entries were being removed. + * Ensure GARPs/GNAs are sent after reload if VIP/eVIP addresses added. + Although there have been versions of keepalived when GARPs/GNAs were + sent after a reload, this was due to a bug in determining if the VRRP + instance had existed before. Resolving that bug (commit aaea8a4), + caused keepalived to stop sending GARPs after a reload. This commit + now specifically adds code to send GARPs on a VRRP instance for all + addresses on that instance. It would be better if GARPs were sent only + for the added addresses, and that may be resolved in a future commit. + * Use correct interface for iptables/ipset entries when not accept mode + If an interface was specified for a VIP/eVIP, the iptables/ipset block + if not in accept mode for link local IPV6 addresses was specifying the + interface the vrrp instance was on rather than the interface the address + was added to. + This commit now makes the iptables/ipset entry specify the interface that + the address has been added to. + * Resolve "Netlink: error: message truncated" messages. + On systems with a page size larger than 4096 keepalived may report: + "Netlink: error: message truncated" messages + This error was reported on a ppc64le in an OpenStack/Nutron environment. + Ppc64le is using a 64k pages size. I found that keepalived's netlink recvmsg + buffer was too small causing messages to be truncated. The size of the read + buffer for the netlink socket should be based on page size however, it should + not exceed 8192. See the comment in the patch. + I tested the fix by creating 100 veth interfaces and verifying the errors + did not return. + * Use ipsets with namespaces on Linux < 3.13 if ipset names configured. + The problem with using ipsets with namespaces on Linux < 3.13 is that + ipsets were not namespace aware, and so all ipset entries added are + global to the system, including all network namespaces. This causes + problems if the default ipset names are used, but if set names have + been specified, it is reasonable that they have been set to be + different for each namespace, and hence there will be no clashes. + The documentation is also updated for vrrp_ipsets keyword. + * Don't write MEM_CHECK data to log when forked script child terminates. + The mem check log file was being filled with extraneous termination + information every time a forked child terminated. When a child is forked + it now sets a flag to stop the termination dump. + * Fix illegal syntax in configure script + Indirect expansion (`${!foo}`) is a bashism, it's not POSIX-sh + compatible and is not supported by common shells except Bash and ZSH! + Configure script should be portable, hence strictly POSIX compliant. + Moreover it has shebang /bin/sh. + * Make running scripts more secure + Previously, keepalived ran all scripts as root. This is potentially + dangerous if a non-root user can modify the script, or has write + access to any part of the path to the script. + This commit does the following: + 1) Adds configuration options to specify the user/group under which to + run each script + 2) Adds an option to set the default script user/group. If this is not + set it will default to user keepalived_script if that user exists, + otherwise it will default to root, as before. + 3) If a script is to be executed with root privilege, report if it is + writeable in any way by a non-root user. + 4) Add an option enable_script_security so that any scripts failing + 3) above won't be executed. + 5) Report if any scripts are not executable by the relevant user. + * Fix some lead tab/space issues. + * Fix segfault when terminating with no notify script configured. + * Fix compiler warning generated with --enable-conversion-checks. + * Don't segfault if modules ip_tables or ip6_tables not loaded + If either of the modules is not loaded, then don't use ip(6)tables for + that address family. We could load the module, but there would be no + entries pointing to the chains that we use, and so there is no point + adding entries to chains that won't be traversed. + * Resolve some type mismatch warnings on 32 bit systems. + * Fix checking security of misc_check scripts. + +2016-09-11 Alexandre Cassen + * keepalived-1.2.24 released. + * Declare and use default value for garp_refresh. + * Update documentation for default setting of snmp_server. + * Ensure old VIPs removed after reload. + * Add internet network control support for IPv6. + * Log startup and "already running" messages to console with --log-console. + * Remove VIPs on reload if no longer in configuration. + * Add internet network control support for IPv6. + * Add more lvs syncd options, and various minor fixes. + * Don't attempt to set packet priority for wrong IP protocol. + if_setsockopt_priority() was setting SO_PRIORITY socket option regardless + of whether the socket was IPv4 or IPv6. Although the setsockopt() call doesn't + fail for IPv6, it doesn't do anything. + Commit fc7ea83 added setting IPV6_TCLASS, again for both IPv4 and IPv6, but + the setsockopt() call fails on an IPv4 socket. + This commit makes keepalived only set the appropriate socket option, depending + on whether it is an IPv4 or IPv6 socket. + The commit also changes from using the SO_PRIORITY option for IPv4 to using the + more specific IP_TOS option. + * Avoid compiler warning of duplicate definition. + * Add function attributes to malloc functions. + * KEEPALIVED-MIB vrrpRuleIndex should be unsigned. + * Allow all ip rule/route options for rules and routes. + This commit adds support for all ip rule/route supported options for + rules and routes (and also tunnel-id rule option not yet supported + by ip rule). + * Make ip rules/routes a configuration option. + * Add all ip rules/routes options, and minor fixes. + * Corrections for rule suppress_ifgroup. + * Stop respawning children repeatedly after permanent error. + Keepalived was respawning very rapidly after a permanent error, which + was not useful. + This commit allows the detection of certain errors and if one occurs + keepalived won't respawn the child processes, but will terminate with + an error message. + * Remove all remaining vestiges of Linux 2.4 (and earlier) support. + There was code remaining for supporting ip_vs for Linux 2.4, but + the remainder of the keepalived code requires Linux >= 2.6. + * Make some libipvs functions static. + * Move ipvs source and include files into check/include directories. + * Don't duplicate kernel definitions for IPVS code. + * Remove unused code from libipvs.c. + * Remove ip_vs_nl_policy.c, contents now in libipvs.c. + * Add ipvs 64 bit stats. + * Remove linux 2.4 code, add 64bit ipvs snmp stats, and some minor fixes. + * Fix compiling without SNMP checker support. + The patchset removing support for Linux 2.4 introduced a problem + compiling libipvs.c when SNMP checker support wasn't enabled. + * Remove those annoying "unknown keyword" messages. + A slight reworking of the parsing code manages to get rid of those + annoying "unknown keyword" messages which we all know are't true. + * Remove IP_VS_TEMPLATE_TIMEOUT. It was removed from ipvsadm in + version 1.0.4. + * Remove check for MSG_TRUNC being defined. + It has been defined since glibc 2.2. + * Remove conditionals based on libc5. libc5 predated glibc 2.0. + * Remove conditional compilation checks for defines in Linux 2.6. + ETHTOOOL_GLINK, RTAX_FEATURES, RTAX_INITRWND, SIOCETHTOOL and SIOCGMIIPHY + are all defined in Linux 2.6, so no longer need to be wrapped in + conditional compilation checks. + * Sort out checks for O_CLOEXEC. + * Remove check for SA_RESTART. It existed pre Linux 2.6. + * Change reporting of default snmp socket. + * More updates for removing pre-Linux 2.6 code, and stop "unknown keyword" + messages. + * Fix adding iptables entries on Linux 4.6.3 onwards. + ip[46]tables_add_rules() were allocating space for an additional + struct xt_entry_match. kernel commit 13631bfc6041 added validation + that all offsets and sizes are sane, and the extra + struct entry_match failed that test. + * Fix adding iptables entries on Linux 4.6.3 onwards. + * Fix size parameter for keepalived_malloc/realloc. + lib/memory.h specified the size parameter to keepalived_malloc/realloc + as size_t, whereas lib/memory.c specified unsigned long. + The inconsistency was complained about by the compiler on 32-bit systems. + Fix memory.c to make the parameter a size_t. + Change lib/memory.c and lib/memory.h to use type size_t for size + variables. + Use printf format specified %zu for size parameters. + * Fix building without LVS or without VRRP. + * Convert build system to automake. + The INSTALL file gives instructions for setting up the build system + using automake etc. + For those without automake (and autoconf), just running configure + works as before. + * Convert build system to automake. + * Add network namespace support. + This allows multiple instances of keepalived to be run on a single + system. The instances can communicate with each other as though they + are running in separate systems, but they are also isolated from + each other for all other purposes. + See keepalived/core/namespaces.c for some example configurations and + use cases. + * Use atexit() for reporting malloc/free checks on termination. + * Add + and git commit in -v output if uncommited changes. + * Add network namespace support. + * Remove some superfluous conditional compilation tests. + * Poll for reflection netlink messages after adding each interface. + If a large number of interfaces are added, the kernel reflection + netlink socket can run out of buffers. This commit adds a poll of + the kernel netlink reflection channel after adding each interface, + thereby ensuring that a large queue of messages isn't built up. + * Stop Netlink: Received message overrun (No buffer space available) messages. + * Fix debug build since automake conversion. + * Fix configuration testing for ipset support prior to Linux 3.4. + * Add polling of netlink messages when entering master state. + If a large number of vrrp instances enter master state simultaneously + the netlink socket can run out of buffers, since the netlink socket + isn't read sufficiently frequently. Adding a poll of the netlink socket + after the VIPs/eVIPs are added ensures that the netlink messages are read + when the become available. + * Add some missing '\n's when printing the vrrp configuration. + * Fix generating git-commit.h. + * Ensure xmit_base not set with strict mode. + * Fix detection of code changes not commited to git in git-commit.h. + * Change true/false variables in global_data to bools. + * Fix timer_cmp handling large differences between the two times. + In a struct timeval, tv_sec is a time_t which is a long. Assigning + a.tv_sec - b.tv_sec to an int caused it to overflow if the time + differences were large. + * Add a TIMER_NEVER value. + This allows a thread to specify that it never wants to be woken on a + timed basis. + * Add global default_interface keyword. + default_interfaces sets the default interface to use for static + ipaddresses. If the system does not have an eth0, or one wants to + use a different interface for several static ipaddresses, this makes + the configuration simpler. It also has the potential to reduces + changes required if transferring the configuration to another system. + * Fix skew time for VRRPv3 with low priority and long advert interval. + With a low priority and a long advert interval, the calculation of the + skew time was overflowing a uint32_t. For example, with a priority of + 1 and an advertisment interval of 10 seconds, the skew time was being + calculated as 4288 seconds, rather than 9.96 seconds. This had the + impact that the backup instance would take over an hour to transition + to master. + * Don't set master_adver_int from an invalid packet. + * Make timeout_persistence a uint32 rather than a string. + * Fix some configuration tests and compiling on old Linux version. + * Improve persistence handling. + Properly support persistence_granularity for IPv6. + Set persistence_timeout default if granularity specified. + Only support persistence engine if supported by the kernel. + This commit also changes variables timeout_persistence and + granularity_persistence to persistence_timeout and + granularity_timeout. + * Simplify a bit of indentation. + * Add (commented out) code for writing stack backtrace to a file. + * Free syslog_ident string after logging the free. + When writing mem check entries to the log, the syslog_ident needs to be + freed after the log has been written to. + * Allow FREE_PTR mem check to log the proper function. + Having FREE_PTR as a function meant that whenever any memory was freed by + FREE_PTR() the function that was logged as freeing it was FREE_PTR itself. + Changing FREE_PTR() to be a #define means that the calling function name + is logged. + * Fix tests of HAVE_DECL_CLONE_NEWNET. + * Fix a conditional compilation test re namespaces and rename a variable. + * Fix when some FREE() calls are made. + * Only parse net_namespace in parent process. + * Add VRRP/LVS conditional compilation around PID files. + * Improve removing zombie PID files. + * Add more VRRP/LVS conditional compilation. + * Don't check if instance is a rotuer every time an NA is sent. + keepalived was calling sysctl to check if the interface was configured as + router before sending each gratuitous Neighbour Discovery advertisement. This + patch now checks if the interface is routing when the instance transitions to + master, and uses that for all the NA messages. + * Improve mem check initialisation. + * Add support for running multiple instances of keepalived. + Using network namespaces allows multiple instances of keepalived to run + concurrently, in different namespaces, without any collision of the pid + files. + This patch adds the concept of a keepalived instance name, which is then + use in the pidfile name, so that multiple instances of keepalived can run + in the same namespace without pid file name collisions. + * Add option to write pid files to /var/run/keepalived. + When using namespaces or instances, pid files are written to /var/run/keepalived. + The commit adds an option for the standard pid files to use that directory. + * Add keywords instance and use_pid_dir, plus sundry fixes/improvements. + * Add configure option to enable stacktrace support. + * Fix adding and deleting iptables rules for addresses. + When keepalived was built not using ipsets, the adding and deleting + of rules for addresses was including an extra xt_entry_match struct + that meant that the rules could only be deleted by ithe iptables + command by entry number and not be specifying the parameters. + * Fix compiling without libiptc (iptables) support. + * Don't log error message when trying to remove leftover iptables config. + At startup keepalived attempts to remove any iptables configuration that + may have been left over from a previous run. Of course the entries won't + normally be there, so don't report an error if they are not found. + * Fix iptables entries for accept mode, other iptables fixes, and make + write_stacktrace a configure option. + * Add script to setup interfaces in a network namespace. + The scripts mirrors the running network interfaces that are needed + for a given keepalived configuration into a network namespace + (default test), so that keepalived can be run in that namespace in + order to test the configuration. + * Correct comments re location of network namespace pid files. + * Add -s option for overriding net_namespace configuration option. + * Change test/netns-test.sh -c option to -f to match keepalived. + * Make netns-test.sh report interfaces that don't exist. + * Remove leftover debug message. + * Fix address comparison for equal priority adverts. + * Streamline the specification of libraries to the linker. + Most of the dynamic libraries and static libraries were being specified + twice. This commit removes the duplication of all of the dynamic libraries + and only duplicates core/libcore.a of the static libraries. + * Fix automake files for building on Ubuntu 14.04 LTS. + * Enable building with Net-SNMP on Ubuntu. + * Stop compiler warning on Ubuntu. + * Fix compilation with libipset on Debian wheezy. + * Fix various build problems on Ubuntu 14.04 and Debian. + +2016-07-11 Alexandre Cassen + * keepalived-1.2.23 released. + * Make malloc/free diagnostics a separate configure option. + The commit adds the configure --enable-mem-check option which + allows the MALLOC/FREE diagnostics to be enabled without + the --enable-debug option. This means that the mem-check + diagnostics can be used when running keepalived in it's normal mode + with forking children for vrrp and checkers. + The mem-check diagnostics are written to + /tmp/Keepalived_{,vrrp,healthcheckers}_mem.PID.log + The --mem-check-log configure option enables command line option + -L which also writes zalloc/free details to the syslog. + * Fix compilation error on 32-bit systems with mem-check enabled. + * Replace one zalloc() and one free() call with MALLOC() and FREE(). + This ensures that the mem-check diagnostics cover all mallocs/frees. + * Fix report of malloc'd memory not being freed. + * Streamline read_line(). + * Resolve a segfault when reloading with vmacs. + The vrrp_t entries on the vrrp_data list have pointers to an + interface_t for each vrrp instance. When reloading, the + interface_t items where freed, but a pointer to the old list + of vrrp_t items is held in old_vrrp_data. After the new + configuration is processed, clear_diff_vrrp() is called. clear_diff_vrrp() + uses the interface_t pointers from the old vrrp_t entries, but the + memory pointed to by the interface_t pointers has already been freed, + and probably reallocated for a different use. + This commit delays freeing the old interface_t items until after + clear_diff_vrrp() has completed, so the interface_t pointers remain valid. + * Check valid interface pointer before calling reset_interface_parameters(). + Before resetting the settings on the base interface of a vmac, check that + the interface_t pointer is valid. + * Fix new --mem-check-log option. + * Don't write parent's memory logging into children's log file. + When running with mem-check output to files, the buffer from the + parent process was also being written into the children's log + files. The commit sets the CLOEXEC flag on the log files, and + also sets the log files to be line buffered. + * Fix segfault or infinite loop in thread_child_handler() after reloading. + When the checker and vrrp child processes start up, memory for a + thread_master_t is malloc'd and saved in master. Subsequently, + launch_scheduler() is called, and that sets the parameter to be passed + to the SIGCHLD handler - thread_child_handler() to the value of master, + pointing to a thread_master_t. + If keepalived is signalled to reload, the child processes free all + malloc'd memory, and a new thread_master_t is malloc'd and saved in + master. If this is not the same address as the previous thread_master_t, + then the value being passed to the SIGCHLD handler is a pointer to the + old thread_master_t, whereas everything else is using the new thread_master_t. + If the memory used for the old thread_master_t is then returned in a subsequent + malloc() call, a subsequent SIGCHLD will invoke thread_child_handler() with + a pointer to memory that has now been overwritten for some other purpose, hence + causing either a segfault or an infinite loop. + A further consequence is that new child processes will be added to the new + thread_master_t, but when thread_child_hander() is called after a child + terminates, it won't find the child since it is still looking at the old + thread_master_t. + This commit modifies the behaviour of a reload by not releasing the old + thread_master_t and then malloc'ing a new one, but rather it just reinitialises + the original thread_master_t and continues using it. + * Remove base_iface from struct _vrrp_ - it wasn't used. + * Add configuration option to flush LVS configuration. + This commit adds a global configuration option lvs_flush to flush + the LVS configuration, and if not set, the configuration won't be + flushed. + * Add back real server when return from failure with HTTP_CHECK. + If status_code wasn't specified for a url entry in the configuration + then a real server would never be returned to service following a + failure. + The commit makes keepalived return a real server to service if no + status_code is specified if the HTTP status code returned from the + service is a success code (i.e. 2xx). + * Avoid duplication of keyword installation in check_http.c. + * Fix adding new static ip addresses after reload. + Commit f23ab52, when stopping duplicate static ip routes and rules + being added after a reload also stopped new static ip addresses being + added. The commit reinstates adding new static ip addresses. + * Fix adding static iprule/routes after a reload. + * Stop segfault when configure a route with no destination address. + * Fix unused global vrrp_garp_master_refresh. + * fix healthchecker reload when some healthchecks are failed. + +2016-06-14 Alexandre Cassen + * keepalived-1.2.22 released. + * vrrp: Fix build without VRRP VMAC. + * Fix compilation with RFC SNMP without Keepalived SNMP. + * vrrp: Update master_adver_int when receive higher priority advert + when master. + If VRRPv3 is being used, and a higher priority advert is received when + in master mode, the master_adver_int needs to be updated when transitioning + backup mode. If this isn't done, and our advert interval is less than a third + of the new masters, we will time out and re-enter master mode, send an advert + to which the other master will resond with a higher priority advert, causing + us to go back into backup mode, until our timer expires again, and this will + continue indefinitely. + * vrrp: Don't send advert after receiving higher priority advert. + If a master receives a higher priority advert, there is no need + to send another advert, since the sender of the higher priority + advert is already a master. Further, any other instance in backup + mode will process our subsequent advert, and then consider the + wrong system to be master, until it receives another advert from + the real master. + With VRRPv3, if the other master has an advert interval more than + three times our advert interval, backup routers will be using our + advert interval after we've sent our subsequent advert, and will + then timeout before the new master sends another advert, prompting + (one of) the backup routers to become a master, which will prompt + the higher priority master to send an advert, the ex-backup router + will then send another advert and we could end up in an endless cycle. + * vrrp: Fix receiving advert from address owner when in fault state. + * vrrp: When transitioning from fault state, log state change. + * vrrp: Fix preempt delay when transitioning from fault state. + There were two ways of leaving fault state, either by receiving a packet + on the instance, or by a netlink message indication that the interface is + up again. In neither case was preempt_delay considered in the code. + This commit changes the way vrrp->preempt_time is used. preempt_time is now + only used once a higher priority advert is received, rather than being updated + every time a lower priority advert is received. vrrp->preempt_time is now also + set when transitioning out of fault state. vrrp->preempt_time.tv_sec == 0 now + indicates the timer is not running. + * vrrp: Detect and report duplicate address owners. + If more than one system is configured as an address owner (priority + == 255), this would be a configuration error, and could cause + unexpected behaviour. This commit ensures that the problem is + reported, and sets the local instance not to be the addess owner, + as a temporary workaround for the problem. + * vrrp: Fix maximum number of VIPs allowe. + * ipvs: Fix IPVS with IPv6 addresses. + * ipvs: Don't overwrite errno by another syscall before checking errno. + * ipvs: ipvswrapper.c: fix comparison. + * Enable compilation with development net-snmp headers. + * vrrp: Fix IPv4 vIP removal when addr matches pre-existing interface addr. + For IPv4 vIPs keepalived adds a /32 to the underlying interface. If + this address matches an address already configured, e.g. a /24, when + this vIP is eventually removed due to a configuration change or + keepalived shutdown, the original address matching the vIP, outside + of keepalived's control, is removed instead. This behaviour is + incorrect. The /32 added by keepalived should be the address being + removed. Keepalived should not be touching any addresses it does not + create. + * vrrp: Check for errors when opening VRRP data and stats files. + This fixes crashes when running keepalived under SELinux enforcing mode, + which does not allow keepalived proccess to write to /tmp by default. + * vrrp: Don't assume IPADDRESS_DEL == 0 and IPADDRESS_ADD != 0. + * vrrp: Fix compilation failure. + * vrrp: Fix transition to backup when receive equal priority advert from + higher address. + When a vrrp instance in master mode received an advert from another master + that had equal priority, it wasn't comparing the addresses to determine + whether it should treat the advert as higher priority, and hence the + instance should fall back into backup state. + When checking whether the advert is from a lower priority master, it now + checks if the priorities are equal and then compares the addresses. + * vrrp: Optimise address comparision when receive advert in master mode. + * Optimise inet_inaddr_cmp. + + +2016-05-26 Alexandre Cassen + * keepalived-1.2.21 released. + * Install VRRP-MIB when applicable. + It appears that the condition in Makefile.in for installing VRRP-MIB + was using a non-existent macro, SNMP_RFC2_SUPPORT. This patch removes + two conditions from Makefile.in that use undefined macros and adds a + condition to install VRRP-MIB when SNMP_RFCV2_SUPPORT is set + appropriately. + * Check virtual route has an interface before returning ifindex to SNMP + * Force git-commit.h to be updated when needed + * INSTALL: Keepalived doesn't need popt anymore + * INSTALL: support for 2.2 kernels is long gone. + * INSTALL: fix a few typos + * keepalived.conf(5) some minor improvements + * man keepalived(8): some minor improvements + * Add printing of smtp server port when printing global config + * timeout_epilog: mark argument const. + * parser: mark some function arguments as const. + * terminate argv with NULL. + man execvp says: "The array of pointers must be terminated by a null + pointer." + * ipvswrapper.c: fix comparison. + * mark pidfile strings as const. + * utils.c: mark some arguments a const. + I left inet_stosockaddr alone for now, since it modifies the string. + We should fix that, since we pass in strings which might be const and in + readonly memory. + * netlink_scope_n2a: mark return type as const. + * vector->allocated is unsigned. + * notify_script_exec: mark a few arguments as const. + * vscript_print: mark string as const. + * vector->allocted is unsigned. + * dump_vscript: mark str as const. + * Updated range for virtual_router_id and priority. + * Stop segfaulting with mixed IPv4/IPv6 configuration + After reporting that an ip address was of the wrong family, when + the invalid address was removed from the configuration, keepalived + was segfaulting, which was due to the wrong address being passed to + free_list_element(). + * Updated range for virtual_router_id and priority in + doc/keepalived.conf.SYNOPSIS + * Allow '-' characters in smtp_server hostname. + * Allow smtp_server domain names with '-' characters to be parsed + correctly. + * Report and exit if configuration file(s) not found/readable. + The configuration file is treated as a pattern, and processed + using glob(). If there is no matching file, then it wasn't reading + any file, and keepalived was running with no configuration. + This patch adds a specific check that there is at least one matching + file, and also checks that all the configuration files are readable, + otherwise it reports an error and terminates. + * Fix building with Linux < 3.4 when ipset development libraries + installed. + Prior to Linux 3.4 the ipset header files could not be included in + userspace. This patch adds checking that the ipset headers files can + be included, otherwise it disables using ipsets. + * configure: fix macvlan detection with musl libc. + * Fix compiling without macvlan support. + * Bind read sockets to particular interface. + Otherwise, since we use RAW sockets, we will receive IPPROTO_VRRP + packets that come in on any interface. + * vrrp: read_to() -> read_timeout(). Make function name less confusing. + * vrrp: open_vrrp_socket() -> open_vrrp_read_socket(). + An equivalent open_vrrp_send_socket() exists, therefore make + the read version follow the same naming convention. + * vrrp: fix uninitialized input parameter to setsockopt(). + * Make most functions in vrrp_print.c static. + * Enable compilation on Linux 4.5.x. + Including causes a compilation failure on Linux 4.5 + due to both and being included, and they have + a namespace collision. + As a workaround, this commit defines _LINUX_IF_H before including + , to stop being included. Ugly, yes, + but without editting kernel header files I can't see any other way + of resolving the problem. + * Fix segmentation fault when no VIPs configured. + When checking the VIPs in a received packet, it wasn't correctly + handling the situation when there were no VIPs configured on the + VRRP instance. + * Improve checking of existance and readability of config files. + There was no check of the return value from glob() in read_conf_file() + and check_conf_file(), so that if there were no matching files, they + attempted to use the uninitialised globbuf, with globbuf.gl_pathc taking + a random value. A further check has been added that the files returned + are regular files. + Finally, if no config file name is specified check_conf_file() is now + passed the default config file name rather than null. + * vrrp: update struct msghdr. + The vrrp netlink code assumes an order for the members of struct msghdr. + This breaks recvmsg and sendmsg with musl libc on mips64. Fix this by + using designated initializers instead. + * Initialise structures by field names. + * Detection of priority == 0 seems to be shaded. + * More verbose logging on (effective) priorities. + * Log changes to effective priority made via SNMP. + * vrrp: use proper interface index while handling routes. + It appears current code has a small typos while handling routes trying + to access route->oif where it should be route->index. + * vrrp: make vrrp_set_effective_priority() accessible from snmp code. + just include proper file in order to avoid compilation error. + * monotonic_gettimeofday: make static. + * Disable unused extract_content_length function. + * utils: disable more unused functions. + * utils: make inet_sockaddrtos2 static. + * signal: remove unused functions. + * Disable unused signal_ending() consistently with other unused code. + * parser: make a bunch of stuff static. + * scheduler: make a bunch of stuff static. + * scheduler: disable unused thread_cancel_event(). + * vector: disable unused functions. + * vector: make 2 functions static. + * list: disable unused function. + * genhash: make some functions static. + * Remove unused variable. + * core: make a few functions static. + * checkers: make some functions static. + * vrrp_arp: make some global variables file-scope. + * vrrp_ndisk.c: make 2 global variables file-scope. + * vrrp: make some functions and globals static. + * In get_modprobe(), close file descriptor if MALLOC fails. + The sequencing of the code wasn't quite right, and so if the MALLOC + had failed, the file descriptor would be left open. + * Fix compilation without SOCK_CLOEXEC and SOCK_NONBLOCK. + SOCK_CLOEXEC and SOCK_NONBLOCK weren't introduced until + Linux 2.6.23, so for earlier kernels explicitly call fcntl(). + * Don't include FIB rule/route support if kernel doesn't support it. + * Enable genhash to build without SOCK_CLOEXEC. + * Ignore O_CLOEXEC if not defined when opening and immediately closing file. + * Allow building without --disable-fwmark if SO_MARK not defined. + configure complained "No SO_MARK declaration in headers" if that + was the case, but --disable-fwmark was not specified. The commit + stops the error message, and just defines _WITHOUT_SO_MARK_ if + SO_MARK is not defined. + * Update documentation for debug option. + * Add options -m and -M for producing core dumps. + Many systems won't produce core dumps by default. The -m option + sets the hard and soft RLIMIT_CORE values to unlimited, thereby + allowing core dumps to be produced. + Some systems set /proc/sys/kernel/core_pattern so that a core file + is not produced, but the core image is passed to another process. + The -M option overrides this so that a core file is produced, and + it restores the previous setting on termination of the parent process, + unless it was the parent process that abnormally terminated. + * Add option to specify port of smtp_-server. + * Add comment re when linux/if.h and net/if.h issue resolved upstream. + * Enable building with SNMP with FIB routing support. + * Exclude extraneous code when building with --disable-lvs. + * Update description of location of core files. + * Add support for throttling gratuitous ARPs and NAs. + The commit supersedes pull request #111, and extends its functionality + to also allow throttling of gratuitous NA messages (IPv6), and allows + specifying the delay parameters per interface, since interfaces from + the host may be connected to different switches, which require + different throttling rates. + * Add snmpServerPort to Keepalived MIB. + * Add printing of smtp server port when printing global config. + * Add aggregation of interfaces for throttling ARPs/NAs. + This commit adds support for aggregating interfaces together, so + that if multiple interfaces are connected to the same physical switch + and the switch is limited as a whole on the rate of gratuitous ARPs/ + unsolicited NAs it can process, the interfaces can be grouped together + so that the limit specified is applied across them as a whole. + * In free_interface_queue, don't check LIST_ISEMPTY before freeing. + * Clear pointer freed by free_list(). + * Make FREE_PTR() clear the pointer after freeing the memory. + * Make FREE() clear pointer after memory released. + Since a pointer to allocated memory mustn't be used after the memory is + freed, it is safer to clear the pointer. It also means that if the pointer + is subsequently used, it shoud segfault immediately rather than potentially + trampling over random memory, which might be very difficult to debug. + * vrrp: Improve validation of advert_int. + +2016-04-02 Alexandre Cassen + * keepalived-1.2.20 released. + * better VERSION handling + * ipvs: tcp check supports retry. + New tcp check config option "retry" sets the check retry counter. + If tcp check fails on an alive server, keepalived will perform + another checks until n_retry counter reaches zero, or until the check + succeeds. The delay between retry checks is configured by the + "delay_before_retry" config option. The default value is 1 retry after 1 second. + This is the same feature that already exists in HTTP checker + (config option "nb_get_retry"). + * check_http: retry logic is refined. + Retry on every error, including timeout and connection + error, but only when RS is up. + This is needed to reduce rs flaps: we shut the server down + only after nb_get_retry failed checks. + Also, do not wait for delay_loop after a successfull check to + bring the server UP. + * ipvs: respect the error code of the ipvs_talk. + Previously, if the IPVS reflector was unable to perform + its task, it reported error through syslog and ignored it. + This behavior leads to inconsistancies with quorum-handler: + it is called with UP even if no RS were added into the IPVS. + This could take place, for example, when there is a limit of + opened filehandles and keepalived was unable to open netlink + socket (it is opened on every call to the ipvs_talk). + Now the check is not marked as OK unless IPVS reflector reports + OK. Following successfull check will try to add an RS again. + The special case errors "ENOENT on remove" and "EEXIST on add" + are treated with OK result code. + * ipvs: remove unused resulting error code. + These functions are turned from int into void: + ipvs_group_sync_entry, ipvs_group_remove_entry, ipvs_syncd_cmd. + * check_http: reduce cpu usage. + do MD5 calculation only when configured to do so. + * timer: reduce cpu usage. + timer_cmp is called too often and eats much of cpu cycles. Make + the comparison more effective. Increase code re-using in + monotonic_gettimeofday(). Use timer_reset_lazy() where possible + to omit the excess memset() call. + * scheduler: reduce CPU usage. + Since threads are sorted by t->sands, we could break the cycle + when not expired thread found. + * ipvs: rs weight changes properly on reload. + Do not remove and re-add a real_server when reloading config + if its weight has changed. Just edit the existing ipvs rs entry. + * ipvs: new service option "ip_family". + This option explicitly specifies the address family of a + fwmark IPVS service entry. Previously it was determined by + the AF of the first real server. This logic is kept as a fallback + when the "ip_family" option is missing. + Also, now it is possible to create two different services + for v4 and v6 with the same fwmark number. + * make 'smtp_server' config to support domain name. + * use getaddrinfo() instread of gethostbyname(). + * make 'smtp_server' config to support domain name. + * Added vrrp 'timeout' to synopsis. + * Cleaned/fixed up KEEPALIVED-MIB, it now passes smilint + * Fixed vrrp_snmp_route() - it was returning the address of the pointer + instead of the IP address / network address for dst, gw, gw2, and src + * SNMP fixes/cleanup. + * Added support for static and virtual ip rules for use with policy + based routing + * Add info to set a default gateway into man and sample. + * vrrp: Fix socket setup code for IPv4 multicast. + if_setsockopt_mcast_if was only doing anything for IPv6 interfaces. + Make it work also for IPv4 interfaces, and then don't need to + call if_setsockopt_bindtodevice for multicast. + Is it still necessary to call it for unicast? + * vrrp: Set (and restore) interface parameters. + In order to receive and send multicasts on the correct interfaces + various parameters need to be set via the /proc/sys/net/ipv4/conf + interface. This patch sets them as needed, and restores any + changes on the underlying interface on exit. + If a user currently sets any parameters by scripts, that will + override these changes and still work, but this change in general + will make it unnecessary to change any parameters with scripts. + * vrrp: Leave VRRP multicast group by ifindex. + Since we know the interface index, use that instead of the address + since it is more efficient. Also, in the unlikely event that the + interface doesn't have an address, then this avoids a problem. + * vrrp: Don't delete vmac interfaces before dropping multicast membership. + Further to commit afea07bd94384c8ac8125e8cdbfd18bc4a46b14e, the + dropping multicast memberships were failing, since the vmac + interfaces had already been deleted. This patch keeps the vmac + interfaces until after the IP_DROP_MEMBERSHIP ioctls. Separating + the sending of the VRRP priority 0 messages from the shutdown + of the vrrp instances is necessary since vrrp_dispatcher_release + closes the sockets that are needed for sending the messages. + * vrrp: Don't open vrrp_send_socket if address family is wrong. + open_vrrp_send_socket was opening a socket, and then checking that + the address family was valid. Checking that the address family is + valid at the beginning of the function streamlines the code. + * vrrp: Stop m'cast packets being queued (and not received) on send socket. + If there are other vrrp instances on the same network, their + multicast packets are queued to our vrrp send socket, but since we + don't receive on that socket, the messages just get queued in the + kernel (run netstat -anp | grep keepalived to see the queued + packets increasing). + This patch clears the IP_MULTICAST_ALL option, to stop these + packets being queued. + * vrrp: Fix typos in log messages. + * vrrp: Fix RFC reference. + * vrrp: Fix vrrp parser error message. + * vrrp: Add interface index to vrrp dump data. + * vrrp: Don't specify source address in IP_ADD_MEMBERSHIP ioctl. + If ifindex is specified, any source address given is ignored. + * vrrp: If fail to remove vmac i/f, don't report success after fail message. + * Help vim's formatting to work in configure.in. + The single "'" in a comment confuses vim, and the screen formatting + gets confused. Adding a second "'" in a C comment sorts vim out. + * vrrp: Don't explicitly drop IGMP membership before interface deletion. + The kernel will send IGMP leave group messages when an interface + is deleted, so there is no need for us to do so. Experimentation + has shown that explicity doing IGMP_DROP_MEMBERSHIP doesn't make + it any more likely the IGMP leave group messages will be sent. + Adding the 1 second sleep significantly increases the likelihood + of the IGMP messages being sent, but is doesn't guarantee it. + Extending the sleep time doesn't improve the chances. + * Fix compiler warnings. + * vrrp: Add info to set a default gateway into man and sample. + * vrrp: Don't report error on interface creation/deletion. + netlink_reflect_filter was returning an error if it didn't already + know about an interface that has just been created. If we don't + know about the interface, simply ignore it. Likewise on interface + deletion, if we don't know about the interface, ignore it. + * vrrp: Ensure the first interface's parameters are set when using libnl3. + Patch 60217b63242bee37b1c97a04644be6eb5e18b4c4 sets the interface + parameters for each interface, but when using libnl3 there was a + conflict with libnl, causing the parameters not to be set for the + first interface. This patch makes vrrp_netlink.c use libnl3 if it + is available, to avoid the conflict. + * vrrp: Fix interface parameter setting with libnl3 and error message on + interface creation/deletion + * vrrp: Allow gratuitious ARP parameters to be configured globally. + It is likely that the gratuitions ARP parameters will want to be + the same for all interfaces, so allow the defaults to be set + globally. Also allow vrrp_garp_delay to be set to 0 to indicate not to + send further garp messages after a delay (to emulate how the + kernel sends gratuitous ARPs). + * ipvs: Remove nat_mask configuration parameter. + nat_mask was only valid with 2.2 kernel, and the implementation of + it was removed in patch d51194f... but some of the configuration + code remained. This patch removes all remaining code relating to + nat_mask. + * Update man pages. keepalived.conf.5 is updated to include all + configuration parameters, and keepalived.8 is updated to document the + signals that can be used with keepalived. + * Remove remaining 2.2 kernel code. + * vrrp: Allow specification of default VRRP version to use. + Rather than have to specify using VRRP version 3 on each VRRP + instance, allow global configuration to set the default version. + * vrrp: Remove use of deprecated nl_join_groups(). + The use of nl_join_groups was introduced in commit 84cf733.. in + order to resolve quickly a problem introduced in an earlier patch. + This patch follows the approach adopted by libnl3, which uses a + list of groups, rather than a bitmap which is limited to 32 groups. + * Documentation updates, removal of redundant code, global config. + * vrrp: set router flag in neighbour advertisements. + This is necessary in order to prevent the IPv6 stack on a node that + receives the unsolicited and overriding neighbour advertisement for the + VIP (that gets sent automatically when Keepalived transitions to MASTER + state) from immediately removing the VIP from its list of default + routers. See https://bugs.launchpad.net/bugs/1520517 for an example of + the problems this can cause. + Note that the approach in this patch simply unconditionally sets the + router flag. That is better than having it unconditionally unset (VRRP + stands for Virtual *Router* Redundancy Protocol, after all), but it + might not be appropriate whenever VRRP is used to fail over addresses + that are used for other tasks than being routers. Thus it might be + better to read in the interface's "forwarding" sysctl and set the router + flag accordingly, or making the value of the router flag configurable in + keepalived.conf. + * vrrp: Dynamic addition of interfaces from netlink msg. + When a tracked interface is deleted then recreated with the same config + VRRP groups tracking this interface will remain down. This is due to + tracking of stale information. + This patch listens for netlink messages for the creation of interfaces + and does one of two things. + i) If the interface doesn't exist in the vrrp interface list a new + interface structure is created and the information from the message is + used to fill the structure. This new interface is then added to the + interface queue. + ii) If the interface already exists in the queue we zero it and then + use the information in the message to fill the structure. + * branch to fix empty RS list issue. + * a fix for services with no RS. + * check: segfault when there is no real server for a virtual server. + * vrrp: Stop memory leak rename function for convention. + Renamed netlink_populate_intf_struct to netlink_if_link_populate to fit + with file naming scheme. + It was possible that a created ifp structure would not be cleaned up if + netlink_if_link_populate returned a -1, fixed this so the structure is + FREEd. + * Make parent process handle and propagate USR1/2 signals. + In order to be able to automate writing configuration and/or stats + the signals USR1 and USR2 need to be able to be sent to the parent + process since its pid can be read from /var/run/keepalived.pid. + The parent then needs to propagate these signals to a vrrp child. + * Ignore all signals except those explicitly wanted. + In order to harden keepalived against a user accidentally sending + a wrong signal to keepalived, set all signals other than those we + want actioned to be ignored. + * Remove potential race condition when setting signal handlers. + There was the potential for signal_run_callback to be invoked + after calling sigaction for a signal, prior to the internal signal + handler signal_SIG***_handler and signal_SIG***_v variables being + set up. To remove the race condition, when setting a signal handler + block the signal until the internal handlers have been fully set up. + * Make signal_ignore mean ignore. + signal_ignore was setting a signal handler for the signal, but + then itaking no action when the signal was received. This is now + changed so the signal is actually set to be ignored. + * Streamline signal handling code. + There was some duplication of the code for signal handling, and + this slight restructuring avoids the duplication and makes it + simpler. + * vrrp: Invoke notify scripts with the default signal disposition. + It is reasonable for notify scripts to expect to be invoked with + the standard signal disposition, so when first setting up signal + dispositions, remember the original state so it can be restored + before the notify scripts are exec'd. + * Return address of previous signal handler according to SA_SIGINFO. + The man page for sigaction(2) states that SA_SIGINFO is only + meaningful when establishing a signal handler. This appears not + to be the case, since the flag will be set in the oldact structure + on return from sigaction if the previous signal handler was + established using the SA_SIGINFO flag. + * Invoke all scripts with the default signal disposition. + Just as the change for notify scripts, it should apply to other + scripts as well. + * vrrp: Don't wait on script process being killed after timeout. + The child_timout_thread functions send a SIGKILL to a child + process that has timed out and didn't die quickly enough + after sending a SIGTERM. They then wait on the process dying. + The main problem is that if the waitpid is successful here, then + waitpid in thread_child_handler will never be successful for the + same pid, and so the entry on the child list will never be removed + and the parent thread will not be marked as ready. + There is also a theoretical possibility that the child process is + unkillable, and so the waitpid would hang forever. + * Set thread conditions before adding to list. + It seems safer to set the status and type of a thread before + adding it to the ready list. + * Remove some code duplication re running scripts. + misc_check_thread and vrrp_script_thread were virtually identical + so move duplicate code into new function system_call_script in + notify.c. + * Fix formating of man page. + * Set standard signal disposition before invoking ip(6)tables. + Call signal_handler_notify before running iptables/ip6tables. + Since it is now called for more than notify scripts, rename + signal_handler_notify to signal_handler_script + * Move common code for opening fd 0/1/2 into a function. + The code for setting fd 0/1/2 to /dev/null before running a script + was in several places. All the common code is moved into a function + and the function called from the relevant places. + It is only necessary to reopen fd 0/1/2 if keepalived is running + with the --dont-fork option, since without that option the fds are + already open on /dev/null. + * Optimise closure of fds before invoking scripts. + Every time before a script was invoked, closeall() was called, + which would spin through 1024 file descriptors closing them, even + though the vast majority were not open, resulting in 1024 system + calls. To avoid that, open all sockets and file descriptors + (except fd 0/1/2) with the CLOEXEC flag set, so that the fds will + be closed by the kernel when the script is exec'd. + * Simplify some IPv4/IPv6 code. + Code blocks were (unnecessarily) repeated in functions which + handled both IPv4 and IPv6 situations. + * Fix reloading and invoking notify scripts. + * Update vrrp_scheduler.c. + * Converted pdf user guide to RST with Sphinx. + * Added check for libnfnetlink header during the configure step. + * In free_list_elements invoke the free function if it exists. + * Use of LIST_ISEMPTY to check list exists causes memory leak. + * Stop parse_ipaddress FREEing via pointer passed to it. + parse_ipaddress FREE'd new following an error, but new could be an + address passed to the function, and therefore might not be MALLOC'd + memory. This commit makes the caller of parse_ipaddress free the + memory if there is an error and the calling function MALLOC'd the + memory. + * vrrp: Add vrrp_iptables global configuration option. + The iptables/ip6tables entries were always added at the end of the + INPUT chain, but for many configurations this is too late in the + processing. This patch allows the chain name to which rules are + added to be specified, and also allows the option of specifying + no rules are to be added. + If a chain name is specifed, it is necessary for that chain to + already exist in the iptables and/or ip6tables config, and for + that chain to be called from an appropriate point in the + ip(6)tables configuration. + * vrrp: Add option to block outbound traffic from VIPs. + Unwanted traffic to VIPs is discarded by ip(6)tables. This adds + an option to also block outgoing traffic from VIPs. + * vrrp: Add iptables blocks for E-VIPs just like VIPs. + * vrrp: Allow unicast IPv6 Neighbour Solicits to be received. + An ip6tables rule is added to allow IPv6 NAs to be received, but + we also need to be able to receive NSs to respond to neighbours + attempting to verify our reachability. + * vrrp: Use correct MAC address for IPv6 VRRP packets. + The IPv6 VRRP packets were using the MAC address of the underlying + interface, rather than the MAC address of the vmac. This commit sets + the correct MAC address for IPv6, and also adds the link-local address + of the underlying interface to the vmac interface, so that VRRP + packets can be sent from the vmac interface, thereby using the VRRP + MAC address. + * vrrp: Disable IPv6 on IPv4 VRRP VMAC interfaces. + If IPv6 is not disabled on VMAC interfaces, an IPv6 link local + address is generated based on the virtual MAC address. This is not + only contrary to RFC 5798 para 7.4, but also causes duplicate + address detection failure. The address also just isn't needed! + * vrrp: Fix setting nlmsg_len for netlink messages. + For netlink messages, nlmsg_len must always be set to an aligned + length. Prior to this commit, nlmsg_len was only being aligned when + a subsequent attribute was added to the list. This was fine if the + length of the last attribute added was an aligned length (which had + always the case), but didn't work if the last attribute added didn't + have an aligned length. + This patch is needed in preparation for adding an attribute which + doesn't have an aligned length. + * vrrp: Stop having an IPv6 link-local address added based on VMAC mac + address. + IPv6 link-local addresses that were based on the virtual MAC address of + the VMAC interface were being added. RFC5798 para 7.4 states that this + is not permitted. It also causes duplicate address detection failure, + since each instance of the virtual router was configuring the same + IPv6 address on the same subnet. + This commit stops the offending link-local address being addied (or removes + it if it can't stop it being added), and since VRRP advertisements must + be sent with the virtual MAC address, but a link-local address for the + interface, if a link-local address from the underlying interface exists, + it is added to the VMAC interface, otherwise the MAC address of the + underlying interface is used to generate a link-local address, which is + then added. + It wasn't until Linux 3.17 that the IFLA_INET6_ADDR_GEN_MODE netlink + message was added, via which one can stop a link-local address being + automatically configured. Therefore, if IFLA_INET6_ADDR_GEN_MODE is not + supported, the only way to ensure that the problematic link-local + address is not added is to remove it after the interface is brought up. + This is not ideal, since there is a small window when the "illegal", + and possibly duplicate, link-local address exists, but I haven't + found any other way of doing it for pre 3.17 kernels. + * vrrp: Stop sending unnecessary attributes in netlink messages. + When an IPv6 virtual address was deleted, it was being reported + in the log file that preferred lifetime was being set to 0, which + is only relevant when the address is being added. This commit stops + adding the IFA_CACHEINFO attribute when deleting addresses, and + also stops adding other unnecessary attributes. + * vrrp: Allocate an IPv6 link local address to VMAC if none on real + interface. + The physical interface than a VMAC is configured on may not have an + IPv6 link local address, but we can construct one for the VMAC using + the MAC interface of the underlying interface. + * vrrp: Remove code allowing mixed IPv4/IPv6 addresses. + If addresses of both types were configured, the receiving end would + reject the packet since the count of addresses received would have been + wrong since only addresses of one family can be sent, see vrrp_in_chk: + if (hd->naddr != LIST_SIZE(vrrp->vip)) + Since we don't want to send the addresses of the wrong family, add them + to the virtual_ipaddress_excluded block rather than the virtual_ipaddress + block. + * vrrp: Only set router flag in Neighbour Advertisements if forwarding. + * vrrp: Enforce maximum number of vips per virtual router. + If there were more than one virtual_address blocks in a + virtual_router block, one could add as many virtual addresses as + one wanted, since it didn't check the number already read. + * vrrp: Don't ignore excess virtual_address entries. + If there are too many virtual_address entries, add them to the + excluded block, but still give a warning message. + * vrrp: Verify VRRP configuration after all configuration read. + There was a lot of duplicated checking in vrrp_parser.c to ensure that + configured parameters were consistent, and also a requirement to configure + certain parameters before others. This checking was incomplete, and also + becoming more and more complex as more configuration options were added. + This commit delays a large part of the checking until after all the + configuration has been read. This removes the need for options to be + specified in a certain order and also for checking in multiple places + whether certain combinations are valid. + As a consequence of the delay in checking the configuration, the creation + of the VMAC interfaces is delayed until after the checking. + * vrrp: Accept is only valid for VRRPv3 + * vrrp: Verify priority and init_state consistent. + * vrrp: Verify password specified for authentication. + * vrrp: Verify have an ip address for interface. + * vrrp: xmit_base is only valid on a VMAC. + * vrrp: Ensure at least one VIP is configured on a VRRP instance. + This commit requires at least one VIP to be configured on a + vrrp_instance. Although the code looked as though it was designed to + allow 0 VIPs, not only was that a protocol violation, but also keepalived + rejected any VRRPv3 packets received without any VIPs, and also any VRRPv2 + with IPv6 due to the check in vrrp_in_chk() in vrrp.c. + * vrrp: Generate unique default VMAC interface names. + Since the virtual router ID can be duplicated both between IPv4 and IPv6, + and also between different interfaces, the approach of setting a default + interface name as vrrp.VRID could produce duplicate names. + This commit now attempts to use vrrp.VRID, but if that already exists, + then it will try vrrpN.VRID, where N starts from 1 and increases until an + unused name is found (for IPv6 it tries vrrp6.VRID before vrrp1.VRID). + * vrrp: Ensure necessary uniqueness of VRIDs. + VRIDs must be unique for a given address family and interface. + This commit ensures that there is no duplication of VRID/address family + on any interface. + * vrrp: Don't assign VIPs/eVIPs to the default interface. + alloc_ipaddress was always setting the interface to DLFT_INT (eth0) if no + dev DEVNAME was specified to a VIP/eVIP/static address. This is fine for a + static address, but doesn't make sense for a VIP or eVIP, since they should + be assigned to the vrrp_instance interface, unless explicitly configured + otherwise. + In fact, it probably doesn't make sense to specify dev DEVNAME for a + VIP/eVIP, since the addresses must be assigned to the vrrp_instance + interface. + * If a configuration error occurs between {}, skip to end. + If a configuration error occurred in a block, the parser could get confused. + This commit makes the parser ignore ignore all further entries until the end + of the block. + * Don't allow specification of default as an address where inappropriate. + The function parse_ipaddress would allow default or default6 to be + specified for any address it parsed, but it doesn't makes sense in a + lot of cases, so add a parameter to indicate if default is valid. + * Improve checking of configured advertisement timer. + * vrrp: Make sure that a VRRP instance has a name and is unique. + It was possible to specify a vrrp_instance without a name. It was also + possible to specify the same vrrp instance name twice. + * Extra validation for reading ip addresses. + * vrrp: Ensure a sync group has a name and hasn't already been specified. + * vrrp: VRRP authentication is dependent on VRRPv2 not IPv4. + The check for whether authentication is not dependant on IPv4, but rather + VRRPv2. This check will be conducted following reading the whole configuration. + * vrrp: Log error if unknown authentication type. + * Check for, and handle, '{' at beginning of a block. + There was no check for a '{' at the beginning of a configuration block. + This commit is the start of that check, allowing it either at the end + of the line with the keyword, or on a line of its own. + Also, in respect of group and notification_email, for all other configuration + items, the '{' could follow on a line of its own, but for configuration + items using read_value_block the '{' on a line following the keyword + was read as a configuration entry. + * Check for, and report, unknown keywords. + A misspelt keyword would have been silently ignored, potentially causing + the user difficulty in understanding why his configuration wasn't working. + * If an address fails to parse, ensure don't return an apparent address. + When reading an address, the address family was set early on, and a + subsequent failure to parse the address left the address family configured, + thereby making it appear that a valid address had been read. Simply set the + address family to AF_UNSPEC on a failure. + * Ensure an address option has a value. + There was no check that the parameter was present after a keyword, so for + example : 1.2.3.4 dev + would not have generated an error message, and alloc_ipaddress would have + attempted to read a word after dev, which would either cause a dore dump + or possibly return a parameter from a previous configuration line. + This type of checking probably needs to be added elsewhere too. + * Add validation of address scope. + * vrrp: Don't allow group block more than once in a sync group. + If a second group is configured, the first group is lost, and its + malloc'd memory is also lost. + * vrrp: Make sure sync groups have at least two members. + If a sync group was configured with no group {} statement, or if + the group statement had no entries, then keepalived would core dump. + This commit rejects groups with 0 members, and also with 1 member, + since it isn't a group. It also checks that a virtual_instance isn't + configured in more than one sync group, and also that the group + members specified exist. + * The address must be the first record in an address configuration item. + When an address is configured, it must be the first entry on the line. + This allows options specified afterwards to know the address family, + and also when reporting errors to include the address. + * vrrp: Log error if IPv6 and first address is not link local. + RFC5798 section 5.2.9 requires that if the protocol is IPv6, then + the first address must be the link local address of the virtual + router. + * vrrp: Ensure that the full VRRP packet has been received in the buffer. + Although afer receiving a VRRP packet, it checked that the length + specified in the IP header was long enough to contain all the VRRP data, + it didn't check that the data actually received was sufficiently long, + so this check is added. + * vrrp: Stop VIPs in same CIDR being deleted, but only when using vmac + so far. + If an interface has more than one IP address in the same CIDR, when + the "primary" address is deleted, all the secondary addresses are + also deleted, unless /proc/sys/net/ipv4/conf/IFACE/promote_secondaries + is 1. This commit sets the promote_secondaries flag on vmacs. + * vrrp: Make from and to for VRRP iprules use a define. + "From" and "To" were being stored as words rather than converted to + defined value. This made storage requirements larger and processing + them more time consuming. + * Don't report configuration bytes used if not _DEBUG_. + If _DEBUG_ is not defined, malloc was increasing the count of memory + allocated when called, but free wasn't reducing the count, and so the + figure reported was meaningless. + This commit completely disables the memory allocated counting and + reporting if _DEBUG_ is not defined. + * vrrp: Use defines for address scopes. + Rather than hard coded values for address scopes, use RT_SCOPE_* + * Force order of multiplication and division to avoid underflow. + * Clear list pointer after freeing list. + * Fix handling of active in vectors. active wasn't being consistently + updated or reported for vectors. + * Make functions always returning 0 void. + Three functions in utils.c always returned 0, and the calling + functions weren't checking the return code, since it was pointless, + so the functions have been changed to be of type void. + * Use struct in_addr rather than uint32_t for IPv4 address. + * vrrp: Disable all VMAC configuration code if don't have VMACs. + * Allow multiple spaces in quoted strings. + The handling of quoted strings saved each word separated between + tokens of '"'. This meant reconstructing a quoted string lost multiple + spaces and was hard work. + Quoted strings are now saved as the whole quoted string, without the + quotes, so retrieval is much simpler. This also allows further keywords + to follow the quoted string, if desired. + * vrrp: Remove string length dependencies in vrrp_print. + * vrrp: Stop using deprecated bcopy. + * vrrp: Add vrrp_instance name to some log messages. + * Optimise returning from list_element() when end of list reached. + * Make free_melement a static function. + * Use INET6_ADDRSTRLEN rather than hardcoded length. + * Don't format log message if not going to log it. + * vrrp: Add option to reduce vrrp advert address checking. + By default, every received VRRP advertisement checks the advertised + addresses are the same as the configured addresses, which is o(n^2). + This change adds the option to check the first packet received from + a master, but not to check the VIP list in subsequent adverts from + the same master. + * vrrp: Ensure vrrp_buffer large enough for largest possible received + packet. + The allocated receive buffer had size VRRP_PACKET_TEMP_LEN, which + suggests that it wasn't intended as the final solution. + Instead of using a fixed buffer size, the maximum MTU across all the + interfaces is calculated, and the size of the vrrp_buffer allocated + is the maximum MTU size. This guarantees that any VRRP packet received + will fit in the buffer. + * vrrp: Improved received VRRP packet checking. + First check the protocol headers have been received, then before + checking the overall length of the received data, check the data in + the protocol headers, since this will allow more meaningful errors + to be reported. For example if there was a mismatch between VRRP + versions with IPv4, a length error was being reported, rather than + the version mismatch. + All the error messages in VRRP packet checking now include VRRP + instance name, to help tracking down where the error lies. + * vrrp: Remove fixed limit number of VIPs in a VRRP advert. + There was an arbirtary limit of VRRP_MAX_VIP (20) VIPs for sending + a VRRP advert. Now that the vrrp_buffer is sized to be able to + receive any packet up to the largest MTU size, we can dynamically + allow as many VIPs as will fit in a packet (which varies depending + on IPv4 or IPv6). + There is also an overhead checking the received addresses in an + advert against the VIPs configure on the instance, but this can now + be mitigated by setting skip_chk_adv_addr on the VRRP instance. + * vrrp: Fix printing of vrrp tracking scripts. + * vrrp: Print Last transition time in human readable form. + * Disable assert statements unless _DEBUG_ is defined. + * Streamline free_list_element + * Remove duplication of code between free_list and free_list_elements. + * vrrp: Add vrrp strict mode, enforcing VRRP compliance. + The commit doesn't yet implement strict mode, but it will block + 0 VIPs, unicast peers, IPV6 in VRRPv2. + * vrrp: Add some strict tests. + In strict mode, the following are enforced: + IPv6 required VRRPv3 + There must be at least one VIP per VR instance + No unicast peers + Must be address owner to start in MASTER mode + * vrrp: Don't allow AH authentication with IPv6 and VRRPv2. + Of course, the RFCs don't allow IPv6 in VRRPv2, but it is an + extension supported by keepalived. + * vrrp: Some minor ipsecah updates. + * vrrp: Clearly identify that VRRP has subblocks of VRRP scripts. + The keepalived.conf.5 man page wasn't explicit that there are VRRP script + subblocks as part of the VRRP configuration, and this is now explicit. + * Trivial edits to man page keepalived.conf(5). + * man page remove static_rules configuration from vrrp_instance. + keepalived.conf.5 man page had an entry for static_rules within the + vrrp_instance blocks, and this is clearly wrong. + * vrrp: Fix typo in error message when sending VRRP advert. + * vrrp: Add option not to include vrrp authentication code. + RFC3768 updated VRRPv2 to remove authentication in 2004. This commit + adds a configure time option to exclude authentication code. + * vrrp: When adding ip(6)tables entries, only specify i/f for link_local + addresses. + Packets to/from global address could arrive or be sent on any interface, + so don't specify the interface for blocking the packets. For link local + addresses, the block must relate to the specific interface. + * vrrp: Add ability to use libiptc rather than invoking ip(6)tables. + Invoking ip(6)tables has a high overhead, since the process has to be + forked and exec'd, and then it has to read the whole ip(6)tables + filter chain before it makes a single update and commits it back. + Using libiptc avoids the overhead of multiple forks/execs, and also + means that multiple entries can be added/deleted to/from the ip(6)tables + configuration in a single update. + * vrrp: Add option to use ipsets instead of iptables to block addresses. + Instead of having lists of addresses in iptables, it is much more + efficient to use ipsets to handle those addresses, since that is + what it is designed for. + * Use /proc/sys/kernel/modprobe to find modprobe. + * Reinstate SIGCHLD before forking to exec modprobe for ip_vs. + The fork of modprobe to load ip_vs would have reported a failure + even though it would have succeeded. + * Reinstate SIGCHLD before forking to exec modprobe for ip_vs. + The fork of modprobe to load ip_vs would have reported a failure + even though it would have succeeded. + * Fix forking/execing re closing signal pipe. + When calling scripts, we don't want to give them access to the signal + pipe used between the parent process and the vrrp process. + * vrrp: Fix compile error when net/if.h and netlink/route/link.h conflict. + Some versions of libnl3 netlink/route/link.h conflict with some + versions of kernel header file net/if.h. This commit has a + workaround for when there is a conflict. + * vrrp: Fix compile failure with old kernels and libnl3. + Issue #215 identified a compile error with pre 3.13 kernels when + libnl3 was installed. This commit adds a test for that situation + and avoids using rtnl_link_inet_[sg]et_conf. + I haven't been able to test this on a re 3.13 kernel, but I have + simulated the scenario and it compiles as expected. + * vrrp: Fix compilation when ipsets not installed. + * vrrp: Fix build breakage when not using libiptc. + * vrrp: Fix VRRP respawning when no VIPs specified. + Commit b46dec58fa failed to check the the VIP list existed before + checking how many entries were in the list. + This commit also defaults the address family to IPv4 if no VIPs are + specified. + * vrrp: Make dependency on libnfnetlink/libnfnetlink.h conditional. + * Streamline handling of daemon mode flags. + * Improve handling of not being able to read a pid file. + If a pid file was opened, but for some reason a pid could not + successfully be read, the pid used to check if a process was + running was random. + * Remove unused pid filename definitions. + * Change outstanding debug flag tests to use bitops helpers. + * Allow for different sizes of long ints in bitops. + * vrrp: Ensure conversions of vrrp->adver_int etc don't overflow. + * Use bitops with daemon_mode. + * vrrp: Fix ip_rule direction for SNMP. + Commit 2da11f99 introduced defines for ip_rule directions rather + than using strings, but the commit omitted to update the snmp code + when processing the directions. + * add a line about the 'include' keyword in keepalived.conf(5). + * fix HTTP_GET config dump. The config dumper routine + dump_http_get_check was always printing the last configured checker's + connection info. + * dump_conn_opts: prototype change. + pass the conn_opts_t pointer as a void* parameter to make the + function prototype a valid dump callbac This makes smtp_dump_host() + function needless, it is removed. + * fix build issues on older systems. + Try to avoid the build error on systems which lack of + O_CLOEXEC and IP_MULTICAST_ALL defines (such as Ubuntu lucid and + Debian squeeze). + * Fix compilation with --disable-vrrp-auth + * vrrp: Remove state VRRP_STATE_LEAVE_MASTER since it isn't used. + * vrrp: Fix VRRPv2 authentication issues. + * Don't redefine _GNU_SOURCE. + * vrrp: Exclude function vrrp_ah_sync when --disable_vrrp_auth. + * Fix some conditional compilation errors. + * Streamline getopt_long options. + * Remove '\n's from log messages. + * Ensure standard configure generated defines are used. + The defines used in the compiles in the various subdirectories were + specified in each Makefile.in which could lead to inconsistencies. + This commit defines APP_DEFS in configure.in, which is then used + in each Makefile.in. + * Dump keywords to file rather than stdout. + * Add copyright message and build options to version output. + This commit also ensures that the end year of the copyright date + range is the current year when keepalived was built. + * Stop erroneously logging error message for unknown keywords. + When vrrp_parser parsed the configuration file, it didn't know + about the checker keywords, and vice versa, and so reported errors. + This commits makes the other keywords known but marked as inactive. + * vrrp: Fix SNMP trap NewMaster. + The trap must only be triggered for IPv4, since RFC2787 doesn't + understand IPv6. Also, RFC2787 only supports VRRPv2 instances, + so don't raise the trap for VRRPv3 instances. + The IP address returned must be the actual IPv4 address, and not + the ip_address_t that holds the address. + * vrrp: Use underlying interface for ifindex in NewMaster traps for vmacs. + If the VMAC ifindex is returned, then there is no indication that + multiple VRRP instances are operating on the same physical interface, + so return the ifindex of the underlying interface. This will also + mean that the same ifindex should be maintained between different + invocations of keepalived. + * vrrp: Move SNMP private defines into vrrp_snmp.c/check_snmp.c. + The defines for the net-snmp "magic" were in the header files + which were included by other modules. The defines are private to + the c source file, so move the defines into them, to avoid polution + compilation units which included vrrp_snmp.h/check_snmp.h. + * Use definition for 1.3.6.1.2.1. + * vrrp: Start SNMP after reading configuration. + If SNMP is started before the configuration is read, a meaningless + response will be returned to net-snmp, so don't start the snmp agent + until after all the config has been read. + * vrrp: Fix setting SNMPv2-MIB::sysORID entries in ORTable. + The length of the OID passed to register_sysORTable was wrong. + * vrrp: Allow SNMP agent to unregister cleanly with more than one MIB. + Separate snmp_unregister_mib() out from snmp_agent_close() to allow + multiple MIBs to be unregistered before the snmp agent is closed. + * vrrp: Don't register the global_oid with SNMP twice. + If SNMP is enabled, both the checker process and the vrrp process + were registering the global_oid. This commit makes the checker + process register it if it is running, otherwise the vrrp + thread registers it. + * vrrp: Add read-only support for RFC2787 SNMP (VRRPv2). + * vrrp: Allow any combination of keepalived and RFC SNMP support. + * Allow enabling snmp via config file. + * ipvs: sctp ad persistent engine support. + * Fix building with --disable-lvs + * Stop autoconf complaining. + * vrrp: Use defined value for maximum VRRP priority. + * vrrp: Simplify scheduler code vrrp_leave_fault(). + Two pairs of code blocks were repeated, and each pair could be + reduced to occuring only once if the conditions were merged. + * vrrp: If VRRP priority is 255 and not nopreempt, configure like state + MASTER. + * vrrp: Ensure number of VIPs doesn't exceed 255 per instance. + * vrrp: Don't check second time if IFLA_IFNAME is NULL. + * Dump interface details with rest of config. + * vrrp: When becoming master, block addresses before adding them. + If not accept mode, entries are added to iptables/ipsets to block + traffic to the VIPs/eVIPS. These entries should be added BEFORE the + addresses themselves are added, to ensure there isn't a (small) + window when we might reply from the added addresses. + * vrrp: Document virtual_rules. + * Fix memory leak re some uses of ipaddresstos(). + * Fix parsing ipset names. + * vrrp: Improve and fix finding vmacs left over from previous invocation. + When netlink reports a new or existing interface, we can extract + information that allows us to determine if the interface is a macvlan, + and the type (e.g. private). We can then save that in the interface_t + structure, setting the vlan flag, and base ifindex. + When working out the interface name to use for VMAC instances, we can + then check the interfaces which are macvlans to see if any of them + match the vrrp instance in terms of mac address, underlying interface + and inet address family, and if so we can then reuse the macvlan interface. + Commit 9ae463e7f broke the finding of existing interfaces where the + configuration didn't specify the VMAC interface name, and simply created + a new interface. This commits now resolves that. + There is still an issue that if an interface was in MASTER mode when + keepalived terminated, when keepalived restarts it leaves the VIPs and + eVIPS on the interfaces, meaning that keepalived cannot receive VRRP + packets on the interface from the VRRP instance that has taken over, and + it also means that there are duplicate IP addresses on the network. + Another commit will resolve this issue. + * vrrp: Remove ip addresses left over from previous failure. + If keepalived terminates unexpectedly, for any instances for which + it was master, it leaves ip addresses configured on the interfaces. + When keepalived restarts, if it starts in backup mode, the addresses + must be removed. In addition, any iptables/ipsets entries added for + !accept_mode must also be removed, in order to avoid multiple entries + being created in iptables. + This commit removes any addresses and iptables/ipsets configuration + for any interfaces that exist when iptables starts up. If keepalived + shut down cleanly, that will only be for non-vmac interfaces, but if + it terminated unexpectedly, it can also be for any left-over vmacs. + * Sort out extraneous space and tab characters. + The commit removes spaces followed by tabs, trailing spaces and tabs, + and replaces occurrences of 8 spaces within tabs, except where the + spaces and or tabs occur within strings. + This has the benefit that if blocks of code are copied, git does not + complain when running git am on a file produced by git format-patch. + * vrrp: Simplify RFC SNMP code. + The code was checking VRRP version unnecessarily, and also had code + to return an index element which is not necessary. + * vrrp: Don't send traps for SNMP MIBS which are not enabled. + * vrrp: Don't register SNMP global OID if not handling it. + If neither the checker nor the vrrp components of KEEPALIVED-MIB + are enabled, don't register the global OID. + * Parameters passed to traps don't need to be static. + * Fix --without-lvs and --without-vrrp configure options. + * Ensure general MIB is enabled if --disable-lvs configured + * Avoid compiler warning re function definition to prototype. + * Add RFC6527 SNMP (VRRPv3). + This commit adds read-only and notifiction support for SNMP for VRRPv3 + in accordance with RFC6527. + * vrrp: Fix MAC address for IPv4 VMACs created after IPv6 VMACs. + * vrrp: Allow routes and rules to use tables >= 256 + * Don't recompile libipvs-2.6/*.c every build. + * vrrp: Remove left over ip rules and routes at startup. + * vrrp: Ensure ip routes added before rules, and vice versa. + If ip rules are added before routes, then it is possible for a + packet to be routed while the routing table is only partially + complete. Adding the rule after the routes ensures that the routing + table won't be processed until it is completely set up. + Likewise, when removing rules and routes, remove the rules first. + * vrrp: Add missing reason message for rejected VRRP packet. + Issue #255 show a log identifying bogus VRRP received, but there + was no reason shown for the rejection. The only instance I can find + for this is if vrr->family is neither AF_INET or AF_INET6, which I + think must be a bug in the code parsing and setting up VRRP instances. + This commit just adds a log message to be explicit about why the packet + is rejected, and also reports the value of vrrp->family. + * Reduce number of calls to getaddrinfo() reducing DNS lookups. + * Report if vrrp or checker process abnormally terminates. + * Add option to increase child process priorities and make non swappable. + * Make vrrp_daemon.c and check_daemon.c use header file for externs. + * Add reporting ops mode, and minor tidying up of virtual_server config. + * vrrp: Don't overwrite real interface MAC address with VMAC MAC address. + When a VMAC was being created, the MAC address of the VMAC was + being copied to the MAC address of the underlying interface in the + interface_t structure. + The netlink reflector sets up the MAC address of the new VMAC + interface, so there is no need to copy a MAC address at all. + * vrrp: Stop keepalived_vrrp terminating with SIGSEGV if lvs_syncd_if set. + ipvs_stop() was being called before shutdown_vrrp_instances(), and + so if lvs_syncd_if had been specified on a vrrp instance, keepalived + would subsequently terminate with a SIGSEGV in free_interface_queue(). + * Make lvs_sync_daemon global config rather than vrrp specific. + * Stop lvs sync daemons on restart in case of prior abnormal termination. + * Remove any residual ipvs configuration on restart. + * vrrp: Optimise clear_diff_vrrp_*() functions. + * Check MALLOC returned non NULL before copying to the location. + * Allxoow specifying syncid for lvs syncd. + * vrrp: Send second set of GARP messages afer receiving lower prio advert. + When a VRRP instance transitions to master state, if garp_master_delay + is non-zero, a second set of garp_master_repeat messages is sent after + garp_master_delay seconds (unless 0). However, if a lower priority advert + is received, keepalived didn't send a second set. This commit sends a + second set if a second set would have been sent after transition to master. + * vrrp: Allow setting of graduitius ARP parameters for lower prio adv + separately. + * Don't log a "keepalived stopped" message if keepalived already running. + * vrrp: Add support for iprule and iproute table names. + * Resolve MALLOC/FREE issues to iprule/iproute table names. + * Make keepalived_malloc return void* to match malloc. + * When reporting MALLOC/FREE status on exit, report max MALLOC'd memory. + * Make libipvs use MALLOC/FREE. + * Don't restore original signal state when reloading checker config. + * Ensure signals USR1 and USR2 are set to ignore in checker process. + * vrrp: Only free list of iprule table names if list assigned. + * vrrp: Fix strict mode of vrrp instance overriding global vrrp_strict. + * Attempt to fix build breakage introduced in commit 85f81dd. + * Fix parsing of scope for ip addresses. + * Free global ssl context on reload. + * Free request_t buffer and ssl data on reload. + * vrrp: Restore sync-state after reload. + Currently the sync state is rebuilt from the member states after + config reload. This changes now reloads the previous sync state + after reload, and then pushes this back to the group members. If a + new group member is added during the reload, then the new group + will accept the sync group state. If a group member is removed + during a reload, then a special case will be executed to force + the sync-group state to BACKUP. This is required so that an + alternative backup peer for the removed group is given an + opportunity to take over the gateway. + +2015-07-07 Alexandre Cassen + * keepalived-1.2.19 released. + * vrrp: fix checksum computation in vrrp v2 for socket family AF_INET + One of difference between VRRPv2 and VRRPv3 is the way checksum is + computed. In VRRPv2 no accumulation is specified in RFC while in VRRPv3 + it uses regular accumulator with upper pseudo header. This fix restore + compliant VRRPv2 for AF_INET vrrp instance. Since IPv6 socket are using + IPV6_CHECKSUM option this means that checksum for VRRPv6 instance runing + in native_ipv6 mode are broken. But since this is a end to end sanity + check and both side are operating the same way this OK, no "compliant + with VRRPv3 RFC", but anyway using native IPv6 on VRRPv2 is not really + compliant too ;) + * Some cosmetics at Makefile stuff. + +2015-06-30 Alexandre Cassen + * keepalived-1.2.18 released. + * some cosmetics changes (in memory and parser). + * remove dead/not used code. + * revert notify script brought by last release. + * revert VRRP preemption speed up extension. + * vrrp: ix vrrp removes incorrect IPv4 address when VIPs + are removed. + * vrrp: Re-enable VRRPv2 checksum on inbound pkts. + +2015-05-31 Alexandre Cassen + * keepalived-1.2.17 released. + * zalloc use xalloc for consistency. + * memory: fix wrong size calculation in zfree. + * Fix keepalived snmp configuration. + * Change comments to match kernel style. + * smtp: Fix wrong algorithm in RCPT-TO building. + * vrrp: ICMPv6 : modify the way we copy the src address into the IPv6 + header, in order to not overwrite the header' and the 'hop limit' fields + * vrrp: sync status flag (up/down) for _all_ VMAC interfaces. + When using VMAC and running multiple instances on the same interface, + only one of the VMAC interfaces will get its status flag synched. + This commit will update the status flag for _all_ VMAC interfaces attached + to a base interface. + * ipvs: fix segfault crash when parsing SMTP_CHECK config + * ipvs: SMTP_CHECK now respects configured RS port. Before that it always + used the default port 25. + * ipvs: config parser: handler for the end of block. new function + install_sublevel_end_handler(handler). + * ipvs: new log function vlog_message taking varg_list. log_message now + uses format gcc attribute, not the macro wrapper. + * ipvs: bug: check_smtp was logging "#30" instead of RS address do not do + nested va_start/va_end calls in smtp_final. + * ipvs: clarify snmp_check config syntax. Now host{} section is optional, + and all the standard connection options are available in the SNMP_CHECK{} + level, too. If one or many host section persist, those base-level options + are used to specify default values that can be overriden in a host section. + * vrrp: Use literal constants for bit flags Use literal constants for bit + flags of the "debug" global variable Change from using numeric constants + to literal constants for the bit flags of the "debug" global variable. + * vrrp: Backup obtains VIP resulting in a duplicate IP. VRRP backup obtains + VIP resulting in a duplicate IP situation. When a priority change to the + configuration of a Master router drops its priority to below that of a + backup router, the VIP is not released on the Master router leading to + a duplicate IP situation. + * vrrp: Make preempt_delay work more than once. + * vrrp: Changes needed to support AH auth in VMAC mode. Note according to + the RFC this is not a requirement, but we think that our customers will + expect it to work. The RFC actually discourages its use because it adds + little to no additional security. We are still able to interoperate in + RFC mode by not enabling authentication. + * vrrp: Check VRRP header in the IP auth header is correct. In the middle + of vrrp_in_chk, the existing VRRP packet parsing code does + "return vrrp_in_chk_ipsecah(vrrp, buffer);" if the VRRP version is two, + and the authentication type is IP sec authentication, to check whether + or not the IP sec authentication header is valid. However the "instant" + returns means that is the IP sec authentication header is valid, then + the remaining parts of the VRRP packet (VRRP version, VRRP checksum, + VRID, number of VIPs, advertise-interval) are not parsed or validated. + * vrrp: Add support for SNMP trap: vrrpTrapNewMaster. + * vrrp: Add skeleton code for VRRP-MIB. + * vrrp: Check existing VIF and recreate if VMACs are wrong. Although under + normal circumstances we will cleanup VIF interfaces when shutdown, there + are various scenarios were this is not the case. To make the code more + robust, keepalived now performs a check for matching VIF interfaces at + restart, and if the configuration of the VIF matches the current + keepalived configuration it will reuse the VIF. However, should the + configuration be different, keepalived will remove the existing + interface, and then recreate a new VIF interface with the appropriate + configuration. This fix resolves the continuous crash scenario that can + occur when keepalived fails to configure the VIF because one already + exists. It prevents keepalived from reusing a previous VIF interface + which does not completely match it configuration criteria.` + * vrrp: fix snmp code (cosmetic) + * vrrp: Fix the keepalived mib and agentx warnings. During Keepalived + startup, about twenty "duplicate registration" and a couple of "Failed + to connect to the agentx master agent" warning messages were issued. + Pairs of the "Failed to connect" warning messages were logged every two + minutes. The "duplicate registration" warnings happened because VRRP + called snmp_agent_init twice, once for the keepalived-vrrp MIB, and once + for the rfc2787-vrrp MIB, however each call to snmp_agent_init also + tried to register the keepalived-global MIB (which holds data like + Keepalived version number, SMTP server details, and a "from" email + address). It was the second attempt to register this keepalived-global + MIB that generated the "duplicate registration" warning. The registration + of the keepalived-global MIB is now only done once under the control of + a static variable. init_agent is also called just once under the control + of the same static variable to prevent it logging a warning message. The + "Failed to connect" warnings occur because Keepalived does not know how + to connect to the SNMP AgentX master server. By default the Agent X + master server is listening for MIB registrations on a local TCP socket + with a port number of 705. + * vrrp: Fix VRRP preemption taking too long. VRRP preemption may not work + correctly due to group expiry timers being incorrectly manipulated while + running down the MDT. Also, preemption can be disrupted if the VRRP group + receives an advertisement while running down it's timer. + * vrrp: Initial Implementation of VRRP statistics. + . Add VRRP counters, This is needed by the VRRP-MIB, and will provide + better insight into the operation of VRRP for users. + . Add SIGUSR1 and SIGUSR2 handlers + - SIGUSR1 allows users to dump current state of VRRP instacnes to + /tmp/keepalived.data + - SIGUSR2 allows users to dump VRRP counters to /tmp/keepalived.stats + * vrrp: Copy old VRRP stats on reload. + * vrrp: Seperate printing functions from vrrp_daemon.c. Seperate state + printing code from vrrp_daemon.c so that the code is better organized. + * vrrp: Track master router priority in VRRP. + * vrrp: Added 'Master priority' output to show vrrp detail. + * vrrp: Enhance keepalived vrrp to configure mltp-scripts. Currently, + keepalived vrrp only allows to configure single notification script. + This is a limitation ans should be extended so that keepalived vrrp can + notify multiple scripts about vrrp state changes. + * vrrp: Don't display ipsec ah password in log files. When authentication + type is selected as ipsec ah, password should not be displayed in the + log files. + * vrrp: Fix notify upon reload. When a notify script is configured after + Keepalived has been started, if other notify scripts are already + configured, these scripts get reinvoked even if the state has not + changed. This occurs when in backup state. When in master state, no + notifications are sent out at all if a new notify script is configured. + For the backup case, this problem occurs when the daemon is reloaded. + This causes vrrp to leave the state it's currently in, go to the init + state and from there, go back to backup. However, this transition + causes the notify scripts to be invoked, causing a redundant + notification to be sent. For the master case, there is no call to + notify_instance_exec(), hence why no notifications are seen at all. + The solution is to add a new field to the vrrp struct that stores the + notify scripts that were configured before reload. A new function has + been added to take advantage of this new field. Instead of calling + notify_instance_exec() when we are in the init state, we now call + notify_instance_exec_init(). This is a proxy function that modifies + the 'script' member of a vrrp structure to point to a new list + containing only scripts that have not previously been configured, + thereby preventing the sending of notifications that have already been + sent. This new list is created by utilising the new vrrp struct field. + Inside this new function, notify_instance_exec() is called using the + modified VRRP instance. When this call returns, the member is reset + back to its original value. + * vrrp: Keepalived extension to support VRRP version 3. Updated vrrp_header + and _vrrp_t struct to support version 3 params. Support to build vrrp_v3 + packet. + * vrrp: Keepalived extension to support VRRP version 3 (2). + * vrrp: Keepalived extension to support VRRP version 3 (3). Timer changes + to support centi-sec. + * vrrp: Keepalived extension to support accept mode for v3. + * vrrp: Fix up limitations of keepalived VRRPv3. The current Keepalived is + supporting IPv6 but it is not fully functional and it is not as per + RFC5798. Following are the issues identified and changes done: + - IPv6 address population. + - Correction of Checksum in case of IPv6. + - Getting source address from received advertisements. + - Populating source address in sent VRRP advertisements. + * vrrp: Improve display output for VRRPv3. + - Changed data-type of mcast_saddr to sockaddr_storage to support IPv6 + also. + - Added new parameters version, accept, weight updated advertisement + interval for operational command show output. + * vrrp: MIB enhancements for accept-mode. + * vrrp: Fix mismatched advertisement interval. In VRRP version 3, all + BACKUP routers must set their advertisement intervals to match the current + MASTER's. Although not explicitly stated in RCF5798, when the MASTER falls + over or forfeits its MASTER status, the new MASTER should not continue to + use the old MASTER's advertisement interval value and should instead use + its locally configured value. To achieve this, a new field has been added + to the VRRP structure that stores the most recent advertisement interval + of the current MASTER. We track changes to the current MASTER's interval + and update this new variable accordingly. The value is only updated when + we are in BACKUP state and reconfiguring the local advertisement interval + has no effect on it. + * vrrp: snmp: don't hardcode AgentX socket location. The default location + should be `/var/agentx/master` (as per RFC2741 and this is also the + default for NetSNMP, including on Debian-based distributions). This + default location is set at configure-time for NetSNMP and subagent will + use it automatically (it is also available through `net-snmp-config.h`). + A useful feature would be to have a flag to change that if the user + change this settings in the master agent. This commit just reverts this + change to let SNMP subsystem work as expected for most users. + * vrrp: snmp: restore use of net-snmp-config to build SNMP support. With + a lazy linker, `libnetsnmpmibs` may require some additional libraries + to be linked (like `libsensors`). Therefore, only rely on + `net-snmp-config` to get the appropriate flags. + Also add some additional tests: + - check that we can build a simple executable (NetSNMP can be quite + broken and in this case, the error during compilation is not crystal + clear, checking that in configure is more informative) + - check if we subagent support is compiled in (This is optional and + again, the error is not crystal clear during compilation). + - check that net-snmp/agent/util_funcs.h is present (Due to a flaw in + NetSNMP build process, this header was not installed for quite a long + time, notably on RHEL derivatives; code to handle its absence was + already present in Keepalived). + * vrrp: snmp: don't enable SNMP support automatically. + Most users won't use it and it would fail if NetSNMP is not installed, + unless a user add `--disable-snmp` to configure command line. + * build: move custom include directives (`-I`) first. Some libraries, + notably NetSNMP, may pollute CFLAGS by adding stuff like + `-I/usr/lib/x86_64-linux-gnu/perl/5.20/CORE` in CFLAGS. Instead of + trying to not use CFLAGS from NetSNMP at all (some of those bits are + important as they influence some NetSNMP headers), we ensure that the + bogus include flags are after our own include flags. + * global: Set global data default values after parsing config file. + This patch will defer setting the global data default values until + after the config file has been parsed. This will potentially avoid two + calls to getaddrinfo. For example, if the router_id and/or email_from + parameters are set in the config file, there is no need to call + getaddrinfo twice in order to set a default value. Instead, this patch + will check to see if they values are unset after parsing the config + file. Note that email_from and smtp_connection_to are only set to a + default value if they are unitialized and smtp_server is specified. + * doc: add -x/--snmp flag to keepalived manual page. + * snmp: add -A/--snmp-agent-socket to specify AgentX socket. + +2015-03-31 Alexandre Cassen + * keepalived-1.2.16 released. + * Properly close netlink channel to avoid fd leak. + * Use getaddrinfo instead of gethostbyname to workaround + glibc gethostbyname function buffer overflow. + * ipvs: log http timeout only when server goes down + All other calls to log_message() when a check fails are + performed when a server changes its state. + The http timeout log message is the only exception. + * ipvs: properly fix bug when Q < H. + The commit a77c2c7 has not fixed the issue. + Log messages became accurate, but unsigned comparison + was still in use. + * ipvs: HUP processing refactored. + copy_srv_states is removed: we can copy states with + existing clear_diff_*functions, as long as + clear_diff_services is called before the init_services. + vs_exist, rs_exist: remove side-effects from these functions. + Now they do only search and return pointers. + get_rs_list removed: the new rs list is now passed to + clear_diff_rs. + init_service_vs: quorum_state assignment is not needed + here. It is already assigned either by vs constructor, or + by alpha handler, or by clear_diff_services. + * ipvs: refactoring link vsg structure to vs. + this adds a pointer to virtual_server_group_t into + the virtual_server_t structure and fills these pointers + after config load. + This change will allow to access vsg items of a vs easily, + without iterating and name compare. + * ipvs: refactoring use links to vs->vsg links. + ipvs_cmd: removed vs_group list parameter. Link to vsg + is obtained via vs->vsg. These functions are also modified + in the same way: ipvs_group_cmd, clear_service_rs, + clear_service_vs, clear_diff_rs. + clear_diff_vsg: new_vs is passed as a param, vsg pointers + are retrieved w/o iterating. + * ipvs: fix problems with config reload. + The commit 7bf6fc contained a bad trying to fix the issue + when an alive RS does not appear in a new VSG entry on reload. + It has not fixed the original issue and added a new one: + vs_groups lose quorum on config reload. + This commit fixes the issue properly, and also the case when + RS in VSG is in inhibit mode. + The reloaded flag is added to the virtual_server_group_entry_t. + ipvs_group_sync_entry: add alive destinations to the newly + created vsge. It is aware of inhibit-on-failure destinations. + sync_service_vsg: calls the former for each created vsg entry + vsge_exist: changed just as other *_exist routines. + * genhash: add support of fwmark in genhash + * genhash: terminate thread if connect_error + * Fixed filenames and paths so that make uninstall removes + initscript and man pages. Changed perms for keepalived.sysconfig + from 755 to 644 + * Fix a typo in dump_global-data(). + * vrrp: revert previous buggy preempt extension. + * smtp: fix infinite loop when the smtp server unexpectedly + closes the connection. + +2014-12-21 Alexandre Cassen + * keepalived-1.2.15 released. + * vrrp: Use ancillary data on sending path for IPv6 + mcast_src_ip. Well, previous code used bind() to specify + IPv6 src address. Ancillary data is a much more cleaner + and efficient way... + * ipvs: Fix format of long int in log_message call. + * ipvs: fix building with fwmark disabled. + * vrrp: Pointer dereference before NULL check. + * STR(SMTP_PORT) returns "SMTP_PORT", not "25". + +2014-12-16 Alexandre Cassen + * keepalived-1.2.14 released. + * The "Date:" mail header is now localtime. + * bugfix: fwmark field was formatted as signed int + * dump_conn_opts: fwmark was not displayed. + * log_message: emit -Wformat= compiler warnings. + There could be (and actually are) situations when the format + string and the arguments list passed to the log_message() are + inconsistent or mistyped. The compiler did not show any warnings + because the vsnprintf was called indirectly. + * Further unification of IP endpoints logging. + This change tries to keep usage of the standard "[%s]:%d" format + string to a minimum. Instead, use inet_sockaddrtopair wherever + possible. + * Add SNMP subsystem option to man page. + The keepalived(8) man page did not mention the -x option to + enable the SNMP subsystem. This patch adds the -x (and --smmp) + options to the keepalived(8) man page, as described in the + keepalived help message. + * vrrp: fix gratuitous ARP refresh timer handling. + Previous code was using an 'int' to store parsed timer value. + This value was then expanded to TIMER_HZ which can lead to a + wrapping issue if requested timer is longer than local machine + 'int' representation. This patch reworked the code to use + timeval_t instead and perfrom regular timeval operations. + * vrrp: Fix a memory leak while dropping incoming IPSEC-AH + authenticated advert. Digest was allocated in previous code + without freeing it on HMAC-MD5 missmatch. + * vrrp: Extend IPSEC-AH auth to support unicast. + If you plane to use IPSEC-AH auth in unicast mode (which THE best + idea), then IP header TTL MUST be zeroed since it is mutable field + on transit. + * vrrp: Update VRRP VMAC doc. + Add vmac_xmit_base in configuration example and force rp_filter=0 + on macvlan interface. + * vrrp: make gratuitous ARP repeat count configurable. + . garp_master_repeat : Gratuitous ARP count sent on the wire + after MASTER state transition. + . garp_master_refresh_repeat : Gratuitous ARP count sent on the + wire when garp_refresh_timer fir + * vrrp: fix preempt and state BACKUP when prio 255. + This makes it so that keepalived will respect various settings that + should prevent it from assuming the MASTER role for a vrrp_instance + unconditionally and immediately, even if the priority of the + vrrp_instance in question is set to 255 (VRRP_PRIO_OWNER). These + settings include: + ---- conf ---- + state BACKUP + preempt_delay + nopreempt + * vrrp: in backup state notify when vrrp is not up and move to FAULT + state. + * ipvs: failed RS was flapping on config reload. + The RS disabled by health-checker was turned on w/o health-checking + by SIGHUP handler in the init_service_rs() subroutine. + This did not happen with alpha mode set. + * libipvs: allow IPv4 RS in IPv6 VS and vice versa. + This change syncronizes local copy of libipvs with the upstream + (kernel/ipvsadm/ipvsadm.git) to the date. IPVS in Linux 3.18 will + include the feature of mixing of tunneled RS families in single VS. + The compatibility with older kernel versions is kept. + * libipvs: minor bugfix with retreiving dest af. + This change needs to be sent to the ipvsadm upstream, too. + This clarifies the previous commit, so there is no need to mention + it in the changelog. + * vrrp: check if interface is known when using use_vmac. + vrrp->ifp is NULL when use_vmac keyword is defined before the + interface keyword. This would result in a segfault + * vrrp: simplify macvlan creation. + Create the macvlan interface in one netlink command rather than + three (creation of the macvlan in netlink_link_add_vmac function, + set of the mac address in the netlink_link_setlladdr function, set + macvlan mode in the netlink_link_setmode function). + This simplification: + 1. avoids potential issues if the firt netlink command passes butcw + not the next ones + 2. reduces number of netlink messages (light optimization) + * ipvs: bugfix quorum state was flapping when Q < H. + When a service had quorum < hysteresis, the lower threshold of RS + weights was calculated incorrecly. Unsigned arythmetics was used, so + errors like this appeared in log: Keepalived_healthcheckers[2535]: + Lost quorum 1-2=18446744073709551615 > 10 for VS + The up -> down quorum state transition was happening every time when + alive RS set was changed. This bug was in place since + keepalived-1.2.9 + * vrrp: add support to IPv6 mcast src address specification. + For some reason (well... which one ?), previous code didnt support + specification of multicast source address in IPv6 mode. If you are + using 'native_ipv6' and want to specify IPv6 mcast source ip address + then you can use 'mcast_src_ip' keyword with IPv6 address. + * vrrp: Add support to IPv6 src_address discrimination in master + rx state. + Previous code didnt support IPv6 address discrimination while in + MASTER state receiving same prio advert. This patch extend previous + code to support IP address comparison agnostic. + * vrrp: IPv6 mcast src_addr handling and VMAC fix. + Properly bind socket for v6 use-case when mcasr_src_ip is in use or + when VMAC is used. This patch fix VRRP VMAC in native_ipv6 mode, + previous code just use the vmac interface link-local IP Address as + src_ip leading to a corner case (to keep polite). + * vrrp: in IPv6 scope_id is mandatory to bind link-local address. + In IPv6 use-case, source IP address is set binding sokect to + socaddr_in6. Linux Kernel requires interface to bind link-local + address. + * vrrp: fix nopreempt mode in master_rx. + While receiving lower prio advert, preempt election according to + nopreempt keyword. By default preempt is on as requested by RFC. + * exit on malloc failure. + * genhash: code cleanup. + 2014-05-13 Alexandre Cassen * keepalived-1.2.13 released. * vrrp : Use the standard unsigned int types. This fixes @@ -473,7 +6679,7 @@ of the digest (provided that extra care is taken that no two algorithms will ever alias in this regard). Also the test script for genhash was extended to conditionally use SHA1. - * Jan Pokorný cleaned up genhash code. + * Jan Pokorný cleaned up genhash code. Access to the hash-specific context was simplified as I've now checked some C guarantees regarding union/it's members initial address vs. aligning so now extra inlined accessor @@ -633,7 +6839,7 @@ disruption for VRRP. * Copyright update * some cosmetics. - + 2012-07-27 Alexandre Cassen * keepalived-1.2.4 released. * Please look at git repo for credits. @@ -701,16 +6907,16 @@ 2011-01-09 Alexandre Cassen * keepalived-1.2.2 released. * IPv6 : extended autoconf script to support libnl detection. - IPv6 IPVS kernel subsystem is reachable through - generic netlink configuration interface. + IPv6 IPVS kernel subsystem is reachable through + generic netlink configuration interface. * IPv6 : Enhanced libipvs-2.6 to support generic netlink - configuration interface. If generic netlink is - available with kernel then it will be the - prefered path to configure IPVS. + configuration interface. If generic netlink is + available with kernel then it will be the + prefered path to configure IPVS. * IPv6 : Enhanced the whole checker API to use - sockaddr_storage. + sockaddr_storage. * IPv6 : Enhanced the whole core framework to use - sockaddr_storage. + sockaddr_storage. * IPv6 : Enhanced all checkers to use sockaddr_storage. * fixed a long time pending issue in all checkers. If first connection attempt to remote peer was failing @@ -870,7 +7076,7 @@ address display. * Vincent Bernat luffy.cx> extended genhash to display an error when giving an incorrect IP address. - * Vincent Bernat luffy.cx>: When parsing + * Vincent Bernat luffy.cx>: When parsing "blackhole" route, also parse IP mask. * Vincent Bernat luffy.cx>: On reload, destroy signal pipes before recreating them. @@ -881,16 +7087,16 @@ Handle non-existant default interface in VIP definition. * Vincent Bernat luffy.cx>: Remove alive real servers when quorum is lost. - * Vincent Bernat luffy.cx>: + * Vincent Bernat luffy.cx>: Fix a segfault when a virtual_server is empty. - * Vincent Bernat luffy.cx>: + * Vincent Bernat luffy.cx>: Add real servers to new member of a virtual server group on reload. - * Vincent Bernat luffy.cx>: + * Vincent Bernat luffy.cx>: Keep previous effective VRRP priority on reload. - * Vincent Bernat luffy.cx>: + * Vincent Bernat luffy.cx>: Fix VRRP script not running any more after reload. - * Vincent Bernat luffy.cx>: + * Vincent Bernat luffy.cx>: On reload, keep status for all VRRP scripts. * Removed IPVS Kernel 2.2 support @@ -1025,7 +7231,7 @@ stream. It appears some webserver cause healthchecker crash. * Chris Marchesi, provided a patch for better handling of SSL handshake errors. - * Shinji Tanaka, fixed parser "include" + * Shinji Tanaka, fixed parser "include" directive to support declaration inside configuration directives, like including file inside vrrp_instance declaration. * Andreas Kotes, fixed HTTP healthchecker @@ -1034,13 +7240,13 @@ * VRRP : Willy Tarreau, fixed a missing notifications upon transition from fault to backup. * VRRP : Add support to route metric in virtual_routes definition. - + 2007-09-13 Alexandre Cassen * keepalived-1.1.14 released. * Shinji Tanaka, extended parsing framework to support "include" directives. For more informations and documentation please refer to Shinji - website : + website : http://misccs.dyndns.org/index.php?keepalived%20include%20patch * Tobias Klausmann, add error loggin while parsing configuration file. @@ -1055,7 +7261,7 @@ * VRRP : Michael Smith, extended virtual_ipaddress setting to support Old-style Linux interface aliases like eth0:1. - * VRRP : Ward Wouts, add support to + * VRRP : Ward Wouts, add support to vrrp_script logging. 2006-10-11 Alexandre Cassen @@ -1276,7 +7482,7 @@ * Ronald Wahl , moved the definition of variables to C files * Ronald Wahl and I fixed scanning for header/body - separator in HTTP protocol + separator in HTTP protocol * Ronald Wahl replaced memcpy by memmove where source & destination may overlap * Extended checker API to only register checkers when checker callback @@ -1364,9 +7570,9 @@ detection. * To work-around the SMP forking bug, added support to two new daemon starting options : - --vrrp -P Only run with VRRP subsystem. - --check -C Only run with Health-checker - subsystem. + --vrrp -P Only run with VRRP subsystem. + --check -C Only run with Health-checker + subsystem. Those options extend daemon design to support VRRP & heathchecking subsystem selection. You can now run two Keepalived daemon one invoqued with --vrrp and @@ -1394,7 +7600,7 @@ * keepalived-1.1.3 released. * Stephan von Krawczynski, extended ip address framework to support broadcast address selection. - * Extended the scheduling framework to support plain 'long' + * Extended the scheduling framework to support plain 'long' timer. Visited the layer4 framework to support this new scheduling scheme. Reviewed the checkers and VRRP framework to support long timer. @@ -1404,7 +7610,7 @@ log level selection for main daemon. A new command line argument has been created : --log-facility -S 0-7 Set syslog facility to - LOG_LOCAL[0-7]. (default=LOG_DAEMON) + LOG_LOCAL[0-7]. (default=LOG_DAEMON) * Extended the HTTP checker to support non blocking read while processing stream. NONBLOCK flags is set before read operation to catch EAGAIN error. @@ -1479,14 +7685,14 @@ * keepalived-1.1.1 released. * VRRP : Fixed an issue while reloading configuration. Fixed a dereferencing pointer. - * Fixed misc checker to perform server state according to + * Fixed misc checker to perform server state according to checker result !!! 2003-07-22 Alexandre Cassen * keepalived-1.1.0 released. * The release focus is : "High Performance" - * Name cleanup for the healthchecking directory. use check - instead of healthcheck to be in conformance with watchdog and + * Name cleanup for the healthchecking directory. use check + instead of healthcheck to be in conformance with watchdog and global software architecture. * updated the SYNOPSIS file for documenting the table arg inside virtual/static_routes declaration. You can set routes refering @@ -1499,7 +7705,7 @@ * VRRP : Added support to a global shared buffer for incoming advert handling. A new buffer is no longer allocated each time processing incoming advert, instead a shared room is used. - * VRRP : Added support to pre-allocated shared buffer for + * VRRP : Added support to pre-allocated shared buffer for outgoing adverts. Each vrrp instance use a 'one time' allocated buffer instead of a 'all time' one. * VRRP : Extended the socket pool design to support shared fd @@ -1513,12 +7719,12 @@ "static_ipaddress". look at doc/samples/keepalived.conf.static_ipaddress. IP addresses specified into this block will be added during - daemon bootstrap and removed during daemon shutdown. - Differential conf parsing is enabled for this block, - removing/adding static_ipaddress can be done on the fly + daemon bootstrap and removed during daemon shutdown. + Differential conf parsing is enabled for this block, + removing/adding static_ipaddress can be done on the fly sending SIGHUP signal to daemon. * VRRP : Extended track_interface to support multiple interface - tracking. For those familiar with Nokia monitored circuit, + tracking. For those familiar with Nokia monitored circuit, this extention provide the same functionality. look at doc/samples/keepalived.conf.track_interface. * VRRP : The VRRP instance lookup framework has been extended @@ -1543,30 +7749,30 @@ perf, differents VRID on all instance must be used. The design can be sumed by : - VRID hash table : + VRID hash table : - +---+---+---+---+---+---+.........+-----+ - | 1 | 2 | 3 | 4 | 5 | 6 |.........| 255 | - +---+---+---+---+---+---+.........+-----+ - | | - +---+ +---+ - |fd3| |fd1| - +---+ +---+ - | - +---+ - |fd5| - +---+ + +---+---+---+---+---+---+.........+-----+ + | 1 | 2 | 3 | 4 | 5 | 6 |.........| 255 | + +---+---+---+---+---+---+.........+-----+ + | | + +---+ +---+ + |fd3| |fd1| + +---+ +---+ + | + +---+ + |fd5| + +---+ This hash table is filled during configuration parsing and VRRP instances are not duplicated but dynamically pointed to optimize memory. - * VRRP : The VRRP synchronization group lookup has been + * VRRP : The VRRP synchronization group lookup has been extended. During bootstrap a VRRP instance index is built upon - sync_group instance name. This extension speed up - synchronization since while synchronizing it perfoms the - instance index instead of lookup by instance_name. The - previous synchornization code has been rewritten to use this - 'list visiting' design for FAULT/BACKUP/MASTER states + sync_group instance name. This extension speed up + synchronization since while synchronizing it perfoms the + instance index instead of lookup by instance_name. The + previous synchornization code has been rewritten to use this + 'list visiting' design for FAULT/BACKUP/MASTER states synchronization. * VRRP : Optimized the vrrp_timer_vrid_timeout(...) to speed up vrid lookup over timeouted fd using a one pass lookup. @@ -1617,9 +7823,9 @@ selection via daemon command line. Created two new cmdline options : --wdog-vrrp -R Define VRRP watchdog polling - delay. (default=5s) - --wdog-check -H Define checkers watchdog - polling delay. (default=5s) + delay. (default=5s) + --wdog-check -H Define checkers watchdog + polling delay. (default=5s) * Extended SMTP code to support bigger buffer while processing remote mta messages. * Erik Barker, extended initscript @@ -1745,7 +7951,7 @@ Creative Internet Techniques, Please visit sponsor homepage, open minded people here ! * Fixed some Makefile and autoconf code dependence issues. - * Move keepalived.conf.SYNOPSIS and samples into "doc" directory. + * Move keepalived.conf.SYNOPSIS and samples into "doc" directory. * Enhanced HTTP|SSL check to support large url. Get buffer request is now 2KBytes. * Removed \n in healthchecker smtp_alert call. This cause some troubles @@ -2180,7 +8386,7 @@ VRRP packet lenght are limited to a 20 VIPs, if you want more VRRP VIPs add them to the "virtual_ipaddress_excluded" configuration block. * VRRP : Added more logging facility when setting/removings VIPs & E-VIPs. - * VRRP : Created a new FSM state called become_master in charge of + * VRRP : Created a new FSM state called become_master in charge of VIPs/E-VIPs/notifications handling. The goto_master state is now a state where the instance send an advert to force a new MASTER election setting the instance into a transition mode. If election success its finaly @@ -2287,7 +8493,7 @@ MII transceiver status register thread poller. Monitoring Basic Mode Status Register (BMSR) of the MII status words. Waiting for kernel NIC drivers hackers to support this functionnality through netlink - (=> Like a IFF_RUNNING update broadcast). + (=> Like a IFF_RUNNING update broadcast). * VRRP : Linked the state machine to the global interface structure. NIC failure/events are handled. * VRRP : Review the whole state machine code to be more realistic. The @@ -2322,7 +8528,7 @@ the socket, multicast advert can be sent but not received ? really strange don t know why probably an IGMP resubmit ?. So multicast group is left during failover (media trouble, - IFF_DOWN or !IFF_RUNNING). In fallback, we register a new + IFF_DOWN or !IFF_RUNNING). In fallback, we register a new membership and synchronize all the packet dispatcher fds. * VRRP : Fixed a checksum trouble using password authentication. * VRRP : Added support to the LVS sync daemon. This permit @@ -2404,20 +8610,20 @@ * Rewrite the whole VRRP previous code. * VRRP : Created a hierarchic scheduling framework. Handle VRRP instances multiplexing on the same I/O fd. - VRRP I/O events are handled by our global scheduling + VRRP I/O events are handled by our global scheduling framework. Then the global sheduling framework call a VRRP I/O instance dispatcher to manage VRRP instances. * VRRP : Created a temporary socket pool to handle register - our VRRP thread instances. + our VRRP thread instances. We create & allocate a socket pool here. The soft design can be sum up by the following sketch : - + fd1 fd2 fd3 fd4 fdi fdi+1 -----\__/--------\__/---........---\__/--- | ETH0 | | ETH1 | | ETHn | +------+ +------+ +------+ - - Here we have n physical NIC. Each NIC own a maximum of 2 fds. + + Here we have n physical NIC. Each NIC own a maximum of 2 fds. (one for VRRP the other for IPSEC_AH). All our VRRP instances are multiplexed through this fds. So our design can handle 2*n multiplexing points. @@ -2432,7 +8638,7 @@ Handle VRRP states & transition states. * VRRP : Created a VRRP synchronization instance circuit. This functionnality gave you the ability to monitor VRRP instance - each other. This mean that if 2 VRRP instances are monitoring + each other. This mean that if 2 VRRP instances are monitoring themself and if one of this instance change state, the other follow the same state. ex.: With 2 VRRP instances (VI_1 & VI_2) if VI_1 become backup then VI_2 become backup too. (symetricly @@ -2457,12 +8663,12 @@ Thanks goes to Gianni D'Aprile for pointing it to me. 2001-11-04 Alexandre Cassen - * keepalived-0.3.8 released. - * Added support to native IPTABLE LVS CODE - => using NAT on 2.4 kernel ipchains kernel support - has been removed. - * Added support to Direct Routing & Tunneling. - * Review the keepalived.init script to be much more generic. + * keepalived-0.3.8 released. + * Added support to native IPTABLE LVS CODE + => using NAT on 2.4 kernel ipchains kernel support + has been removed. + * Added support to Direct Routing & Tunneling. + * Review the keepalived.init script to be much more generic. 2001-09-14 Alexandre Cassen * keepalived-0.4.1 released. @@ -2492,50 +8698,50 @@ 2001-07-15 Alexandre Cassen * keepalived-0.3.5 released. - * Rewrite the whole signal handling, registering a terminating - thread on signal. - * Move logsystem to syslog using facility LOG_INFO & LOG_DEBUG. - * Added a daemonization function imported from zebra. - * Rewrite the pidfile handling, check if daemon is running, if not - remove eventual stalled pidfile and create new pidfile. - * Added a strong scheduling framework based on an I/O multiplexer - to handle asynchronous process. This code is imported from zebra - and have been enhanced for keepalived purposes. - - Thread types are : - . timeouted read on fd. - . timeouted write on fd. - . timer. - . event. - . terminate event. - - => The zebra framework have been enhanced to add support for timeouted - read/write fds. - - => With this framework keepalived use a Boss/Worker thread model design, - fetching ready thread from a master threading queues. - - * Rewrite the configuration file reader to add flexibility on extending. - The dynamic data structure has been rewritten to use apropriate types. - Right now parsing framework is ready for easy new checker structures - integration. - * Rewrite the smtp connector. The implementation take advantage of the - I/O multiplexer. All read/write operations from/to the remote smtp server - are done asynchronously. The implementation is rfc 821 compliant (multiple - receiver are handled by a multiple RCPT TO command as specified in rfc821.3.1). - * Rewrite the IPFW & IPVS wrappers. - * Added support for NAT mask on IP MASQ rules (keyword nat_mask in configuration - file). Added support for sorry server facility, so when all the server from a - VS server pool are removed, a sorry server is automaticaly added to the VS pool - (typically this is used when you have a spare server online). - * Rewrite the previous checkers. Checkers are now based on a hierarchic layer - stack framework. The protocol implemented for the moment is TCP. All layer 5 - checkers are using layer4.c primitives with the same design : - - . a checker connector thread (creating the socket) registering the connection - checker thread. - . a connection checker thread testing connection states (error, in_progress, - timeout, success). When connection success upper level thread are registered - to handle checks. - * Delay loop is now checkers specifics since we can use a multithreaded framework. - * Update the PDF documentation file. + * Rewrite the whole signal handling, registering a terminating + thread on signal. + * Move logsystem to syslog using facility LOG_INFO & LOG_DEBUG. + * Added a daemonization function imported from zebra. + * Rewrite the pidfile handling, check if daemon is running, if not + remove eventual stalled pidfile and create new pidfile. + * Added a strong scheduling framework based on an I/O multiplexer + to handle asynchronous process. This code is imported from zebra + and have been enhanced for keepalived purposes. + + Thread types are : + . timeouted read on fd. + . timeouted write on fd. + . timer. + . event. + . terminate event. + + => The zebra framework have been enhanced to add support for timeouted + read/write fds. + + => With this framework keepalived use a Boss/Worker thread model design, + fetching ready thread from a master threading queues. + + * Rewrite the configuration file reader to add flexibility on extending. + The dynamic data structure has been rewritten to use apropriate types. + Right now parsing framework is ready for easy new checker structures + integration. + * Rewrite the smtp connector. The implementation take advantage of the + I/O multiplexer. All read/write operations from/to the remote smtp server + are done asynchronously. The implementation is rfc 821 compliant (multiple + receiver are handled by a multiple RCPT TO command as specified in rfc821.3.1). + * Rewrite the IPFW & IPVS wrappers. + * Added support for NAT mask on IP MASQ rules (keyword nat_mask in configuration + file). Added support for sorry server facility, so when all the server from a + VS server pool are removed, a sorry server is automaticaly added to the VS pool + (typically this is used when you have a spare server online). + * Rewrite the previous checkers. Checkers are now based on a hierarchic layer + stack framework. The protocol implemented for the moment is TCP. All layer 5 + checkers are using layer4.c primitives with the same design : + + . a checker connector thread (creating the socket) registering the connection + checker thread. + . a connection checker thread testing connection states (error, in_progress, + timeout, success). When connection success upper level thread are registered + to handle checks. + * Delay loop is now checkers specifics since we can use a multithreaded framework. + * Update the PDF documentation file. diff --git a/tools/keepalived/Dockerfile b/tools/keepalived/Dockerfile new file mode 100644 index 000000000..fde4be1f2 --- /dev/null +++ b/tools/keepalived/Dockerfile @@ -0,0 +1,54 @@ +FROM alpine:3.5 +MAINTAINER Bertrand Gouny + +# add keepalived sources to /tmp/keepalived-sources +ADD . /tmp/keepalived-sources + +# Add keepalived default script user to make sure their IDs get assigned consistently, +# regardless of whatever dependencies get added +RUN addgroup -S keepalived_script && adduser -D -S -G keepalived_script keepalived_script + +# 1. install required libraries and tools +# 2. compile and install keepalived +# 3. remove keepalived sources and unnecessary libraries and tools +RUN apk --no-cache add \ + gcc \ + ipset \ + ipset-dev \ + iptables \ + iptables-dev \ + libnfnetlink \ + libnfnetlink-dev \ + libnl3 \ + libnl3-dev \ + make \ + musl-dev \ + openssl \ + openssl-dev \ + autoconf \ + + && cd /tmp/keepalived-sources \ + && ./configure --disable-dynamic-linking \ + && make && make install \ + && cd - \ + + && rm -rf /tmp/keepalived-sources \ + && apk --no-cache del \ + gcc \ + ipset-dev \ + iptables-dev \ + libnfnetlink-dev \ + libnl3-dev \ + make \ + musl-dev \ + openssl-dev \ + autoconf + +ADD docker/keepalived.conf /usr/local/etc/keepalived/keepalived.conf + +# set keepalived as image entrypoint with --dont-fork and --log-console (to make it docker friendly) +# define /usr/local/etc/keepalived/keepalived.conf as the configuration file to use +ENTRYPOINT ["/usr/local/sbin/keepalived","--dont-fork","--log-console", "-f","/usr/local/etc/keepalived/keepalived.conf"] + +# example command to customise keepalived daemon: +# CMD ["--log-detail","--dump-conf"] diff --git a/tools/keepalived/INSTALL b/tools/keepalived/INSTALL index 5b2d25ecb..e140ed371 100644 --- a/tools/keepalived/INSTALL +++ b/tools/keepalived/INSTALL @@ -1,56 +1,251 @@ -Kernel needing +Kernel needs ============== Compile a kernel with the following options : Kernel/User netlink socket - Network firewalls (for Kernel 2.2) LinuxVirtualServer - Keepalived support all LVS code : including IPVS code for kernel 2.2 - and kernel 2.4 + Keepalived supports all LVS code. -Libraries dependency +Library dependencies ==================== In order to compile Keepalived needs the following libraries : * OpenSSL, - * popt + +Linux flavours +============== + +RedHat based systems (RedHat Enterprise/CentOS/Fedora) +------------------------------------------------------ +The following build packages are needed: + make + autoconf automake (to build from git source tree rather than tarball) +The following libraries need to be installed: + openssl-devel libnl3-devel ipset-devel iptables-devel +For magic file identification support: + file-devel +For SNMP support: + net-snmp-devel +For DBUS support: + glib2-devel +For JSON support: + json-c-devel +For PCRE support + pcre2-devel +For nftables support + libnftnl-devel libmnl-devel + +For building the documentation, the following packages need to be installed: + Fedora: python-sphinx (will pull in: python2-sphinx_rtd_theme) + CentOS-and-friends: python-sphinx epel-release python-sphinx_rtd_theme + For latex or pdf files, the following are also needed: + Fedora: latexmk python-sphinx-latex + CentOS-and-friends: latexmk texlive texlive-titlesec texlive-framed texlive-threeparttable texlive-wrapfig texlive-multirow + +Debian/Ubuntu +------------- +For building packages: + build-essential pkg-config, and to build from git repo automake autoconf +The following libraries need to be installed: + iptables-dev libipset-dev libnl-3-dev libnl-genl-3-dev libssl-dev +For magic file identification support: + libmagic-dev +For SNMP support: + libsnmp-dev +For DBUS support: + libglib2.0-dev +For JSON support: + libjson-c-dev +For PCRE support: + libpcre2-dev +For nftables support + libnftnl-dev libmnl-dev + +For building the documentation, the following packages need to be installed: + python-sphinx python-sphinx-rtd-theme + For latex or pdf files, the following are also needed: + texlive-latex-base texlive-generic-extra texlive-latex-recommended texlive-fonts-recommended texlive-latex-extra + +Alpine Linux +------------ +The following libraries need to be installed: + iptables-dev ipset-dev libnl3-dev musl-dev libnftnl-dev and openssl-dev or libressl-dev +For magic file identification support: + file-dev +For SNMP support: + net-snmp-dev (requires libressl-dev and not openssl-dev) +For PCRE support + pcre2-dev + +For building the documentation, the following packages need to be installed: + py-sphinx py3-sphinx_rtd_theme + For latex or pdf files, you'll need texlive or similar, which is not yet + available as a distro package. + + +Archlinux +--------- +Run the following to install the required libraries: + pacman -S ipset libnl1 +For magic file identification support: + TDB +For SNMP support: + pacman -S net-snmp +for PCRE support: + pcre-2 (may be installed by default) + +For building the documentation, the following packages need to be installed: + python-sphinx python-sphinx_rtd_theme + For latex or pdf files, the following are also needed: + texlive-core texlive-bin texlive-latexextra + +Kernel configuration requirements +--------------------------------- +The following list is probably incomplete, and will be updated as other +options become known. + +BPF +EPOLL +SIGNALFD +TIMERFD +SYSCTL +PROC_FS +INET +IP_MULTICAST +IPV6 +IP_VS (unless --disable-lvs is specified) + IP_VS suboptions to match the real_server/virtual_server configuration +NETFILTER_XTABLES - if strict_mode or no_accept. + NETFILTER_XT options and IP_SET +NF_TABLES and associated components - to use nftables for strict_mode or no_accept +IP_ADVANCED_ROUTER and various associated options if static/dynamic routes specified +FIB_RULES if static or dynamic rules are specified + +Installing from a git repo +========================== +To install from a git repo, execute: + 1. Ensure you have autoconf and automake installed + 2. git clone http://github.com/acassen/keepalived + 3. cd keepalived + 4. ./build_setup # generate the autoconf and automake environment + 5. Follow the instructions below for Installation, omitting the first two steps. Installation ============ - 1. uncompress the tarball + 1. tar -xf TARFILE 2. cd into the directory 3. './configure' 4. 'make' 5. 'make install'. This will install keepalived on your system, binaries and configuration file : * keepalived : The keepalived daemon program. - * genhash : The MD5 url digest generator. You need it to + * genhash : The MD5 url digest generator. You need it to configure HTTP GET check and SSL GET check in order to compute MD5SUM digest etalon. * /etc/keepalived/keepalived.conf - 6. link keepalived.init into your runlevel directory. On redhat systems : + 6. link keepalived.init into your runlevel directory. On Red Hat systems : ln -s /etc/rc.d/init.d/keepalived.init /etc/rc.d/rc3.d/S99keepalived - By default configure script use /usr/local as base directory. You can change - this value to your own by passing --prefix value to configure script + By default the configure script uses /usr/local as base directory. You can + change this value to your own by passing it the --prefix value. eg: './configure --prefix=/usr/' +Building RPM files +================== + + If building from tarball: + 1a. tar -xf TARFILE + 1b. cd into the directory + + If building from git clone: + 1. ./build_setup + + For tarball and git + 2. ./configure + 3. make rpm + + The .rpm files will be created in directory `rpm --eval "%{_rpmdir}"`/ARCH + +Modifying source code +===================== + +If you modify the source code, especially configure.ac or any Makefile.am +file, you will need to regenerate the build files. Keepalived uses automake +and so you will need to have automake and autoconf installed. + Configuration ============= - Just take a look to the /etc/keepalived/keepalived.conf file installed. - It will give you all the informations needed. If you want more informations - considering keepalived, please refer to the keepalived homepage into the - documentation section. + Just take a look at the /etc/keepalived/keepalived.conf file installed. + It will give you all the information needed. Alternativley, run + 'man keepalived.conf' or look at doc/keepalived.conf.SYNOPSIS. + If you want more information about keepalived, please refer to the + keepalived homepage into the documentation section. http://www.keepalived.org +Creating a docker container +=========================== +There is a very useful github project maintained by osixia for building a +docker container with keepalived. + +To use, run the following: +git clone https://github.com/osixia/docker-keepalived.git +cd docker-keepalived +make build +docker run --name keepalived --cap-add=NET_ADMIN --net=host \ + --env KEEPALIVED_INTERFACE=eth0 -d osixia/keepalived:1.3.5 \ + # or whatever version of keepalived you have + +To update the keepalived source code, put a new tarball in the image +directory (the Dockerfile may need updating with a new version). + +Useful docker commands are: +docker logs keepalvied 2>&1 | lessa # view system logs of container +docker exec it keepalived bash # execute shell in container +docker rm -f keepalived # Remove the container + +keepalived is unable to load the ip_tables, ip6_tables, xt_set and ip_vs +modules from within the container, so ensure they are already loaded in +the host system. + +To generate a core file in the root filesystem of the container, +/proc/sys/kernel/core_pattern needs to be updated in the host system, +and not from the container (or in other words the -M option to keepalived +does not work within a container. Installing gdb in the container (edit +the image/Dockerfile to add it before make build) may be helpful if you +need to examine core files in the container. + + +Running in an AWS container +=========================== +The VRRP protocol is not enabled in AWS security groups. If you are using AWS, +create a rule in the AWS security group. The rule should be "Custom Protocol" +and value should be "112" (the VRRP protocol number). All ports should be opened. + + +Running with SElinux +==================== +If the system running keepalived has SElinux enabled in enforcing mode, keepalived +may have difficulty running scripts, accessing configuration files, etc, especially +if keepalived is being started by systemd. + +By default, scripts should be located in /usr/libexec/keepalived, or alternatively, +to set the necessary security context for a script, execute: +chcon -t keepalived_unconfined_script_exec_t PATH_TO_SCRIPT + +See + https://www.mankier.com/8/keepalived_selinux and + https://www.mankier.com/8/keepalived_unconfined_script_selinux +for further details of SElinux and keepalived. + + Have fun with it ! Alexandre, diff --git a/tools/keepalived/Makefile.am b/tools/keepalived/Makefile.am new file mode 100644 index 000000000..2b44bb356 --- /dev/null +++ b/tools/keepalived/Makefile.am @@ -0,0 +1,80 @@ +# Makefile.am +# +# Keepalived OpenSource project. +# +# Copyright (C) 2001-2017 Alexandre Cassen, + +export DEBUG_CFLAGS +export DEBUG_CPPFLAGS +export DEBUG_LDFLAGS + +edit = echo " EDIT $@"; \ + sed -e "/^\[\!\[/d" + +SUBDIRS = lib keepalived doc + +if BUILD_GENHASH + SUBDIRS += genhash +endif + +SUBDIRS += bin_install + +EXTRA_DIST = AUTHOR CONTRIBUTORS snap README.md build_setup + +doc_DATA = README + +MOSTLYCLEANFILES = README + +MAINTAINERCLEANFILES = @MAINTAINERCLEANFILES@ + +README: $(srcdir)/README.md + @$(edit) '$(srcdir)/$@.md' >$@ + +distclean-local: + @rm -f aclocal.m4 ar-lib compile depcomp install-sh missing keepalived-$(VERSION).tar.gz config.log config.status + @rm -rf autom4te.cache + +dist-hook: + @rm -f $(distdir)/README + +.PHONY: docker +docker: + docker build -t keepalived . + +# clean all files that are generated by automake/autoconf etc +autoclean: + @$(MAKE) distclean + @rm -f configure `find . -name Makefile.in` lib/config.h.in lib/git-commit.h + +git-clean: + @$(MAKE) autoclean + +clean-local: clean-local-snap + +# clean files that are generated by snapcraft +.PHONY: clean-local-snap +clean-local-snap: + -rm -rf parts/ prime/ stage/ keepalived_*.snap + +# Added targets to maintain compatibility with keepalived releases 1.2.22 and earlier +.PHONY: tarball rpm debug profile mrproper + +tarball: dist + +@RPM_TRUE@rpm: +@RPM_TRUE@ @$(MAKE) dist +@RPM_TRUE@ @cp -p keepalived-$(VERSION).tar.gz `rpm --eval "%{_sourcedir}"` +@RPM_TRUE@@RPM_BIP_TRUE@ rpmbuild -ba --build-in-place keepalived.spec +@RPM_TRUE@@RPM_BIP_FALSE@ rpmbuild -ba keepalived.spec + +debug: + @$(MAKE) DEBUG_LDFLAGS=-ggdb + +profile: + @$(MAKE) DEBUG_CFLAGS=-pg + +mrproper: + @echo Please use `make distclean` + +AM_DISTCHECK_CONFIGURE_FLAGS = \ + --with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir) diff --git a/tools/keepalived/Makefile.in b/tools/keepalived/Makefile.in index 749bf9141..1240c6292 100644 --- a/tools/keepalived/Makefile.in +++ b/tools/keepalived/Makefile.in @@ -1,62 +1,887 @@ -# Makefile +# Makefile.in generated by automake 1.13.4 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# Makefile.am # # Keepalived OpenSource project. # -# Copyright (C) 2001-2012 Alexandre Cassen, +# Copyright (C) 2001-2017 Alexandre Cassen, + +VPATH = @srcdir@ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +@BUILD_GENHASH_TRUE@am__append_1 = genhash +subdir = . +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ + $(top_srcdir)/configure $(am__configure_deps) \ + $(srcdir)/keepalived.spec.in COPYING ChangeLog INSTALL README \ + TODO ar-lib depcomp install-sh missing +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ + configure.lineno config.status.lineno +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/lib/config.h \ + $(top_builddir)/lib/config_warnings.h +CONFIG_CLEAN_FILES = keepalived.spec +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(docdir)" +DATA = $(doc_DATA) +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ + cscope distdir dist dist-all distcheck +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +CSCOPE = cscope +DIST_SUBDIRS = lib keepalived doc genhash bin_install +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +distdir = $(PACKAGE)-$(VERSION) +top_distdir = $(distdir) +am__remove_distdir = \ + if test -d "$(distdir)"; then \ + find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ + && rm -rf "$(distdir)" \ + || { sleep 5 && rm -rf "$(distdir)"; }; \ + else :; fi +am__post_remove_distdir = $(am__remove_distdir) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +DIST_ARCHIVES = $(distdir).tar.gz +GZIP_ENV = --best +DIST_TARGETS = dist-gzip +distuninstallcheck_listfiles = find . -type f -print +am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ + | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' +distcleancheck_listfiles = find . -type f -print +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ARFLAGS = @ARFLAGS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFAULT_CONFIG_FILE = @DEFAULT_CONFIG_FILE@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +GENHASH_LIBS = @GENHASH_LIBS@ +GREP = @GREP@ +HAVE_RPM = @HAVE_RPM@ +HAVE_RPMBUILD = @HAVE_RPMBUILD@ +HAVE_SPHINX_BUILD = @HAVE_SPHINX_BUILD@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +KA_CFLAGS = @KA_CFLAGS@ +KA_CPPFLAGS = @KA_CPPFLAGS@ +KA_LDFLAGS = @KA_LDFLAGS@ +KA_LIBS = @KA_LIBS@ +LDD = @LDD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAINTAINERCLEANFILES = @MAINTAINERCLEANFILES@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NETSNMP_CONFIG = @NETSNMP_CONFIG@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PID_DIR = @PID_DIR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SNMP_SERVICE = @SNMP_SERVICE@ +SPHINXBUILDNAME = @SPHINXBUILDNAME@ +STRIP = @STRIP@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build_alias = @build_alias@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host_alias = @host_alias@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +edit = echo " EDIT $@"; \ + sed -e "/^\[\!\[/d" + +SUBDIRS = lib keepalived doc $(am__append_1) bin_install +EXTRA_DIST = AUTHOR CONTRIBUTORS snap README.md build_setup +doc_DATA = README +MOSTLYCLEANFILES = README +AM_DISTCHECK_CONFIGURE_FLAGS = \ + --with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir) + +all: all-recursive + +.SUFFIXES: +am--refresh: Makefile + @: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \ + $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + echo ' $(SHELL) ./config.status'; \ + $(SHELL) ./config.status;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + $(SHELL) ./config.status --recheck + +$(top_srcdir)/configure: $(am__configure_deps) + $(am__cd) $(srcdir) && $(AUTOCONF) +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) +$(am__aclocal_m4_deps): +keepalived.spec: $(top_builddir)/config.status $(srcdir)/keepalived.spec.in + cd $(top_builddir) && $(SHELL) ./config.status $@ +install-docDATA: $(doc_DATA) + @$(NORMAL_INSTALL) + @list='$(doc_DATA)'; test -n "$(docdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(docdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(docdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(docdir)" || exit $$?; \ + done + +uninstall-docDATA: + @$(NORMAL_UNINSTALL) + @list='$(doc_DATA)'; test -n "$(docdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(docdir)'; $(am__uninstall_files_from_dir) + +# This directory's subdirectories are mostly independent; you can cd +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-recursive +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-recursive + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscope: cscope.files + test ! -s cscope.files \ + || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS) +clean-cscope: + -rm -f cscope.files +cscope.files: clean-cscope cscopelist +cscopelist: cscopelist-recursive + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + -rm -f cscope.out cscope.in.out cscope.po.out cscope.files + +distdir: $(DISTFILES) + $(am__remove_distdir) + test -d "$(distdir)" || mkdir "$(distdir)" + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-hook + -test -n "$(am__skip_mode_fix)" \ + || find "$(distdir)" -type d ! -perm -755 \ + -exec chmod u+rwx,go+rx {} \; -o \ + ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ + || chmod -R a+r "$(distdir)" +dist-gzip: distdir + tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + $(am__post_remove_distdir) + +dist-bzip2: distdir + tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 + $(am__post_remove_distdir) + +dist-lzip: distdir + tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz + $(am__post_remove_distdir) + +dist-xz: distdir + tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz + $(am__post_remove_distdir) + +dist-tarZ: distdir + tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z + $(am__post_remove_distdir) + +dist-shar: distdir + shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz + $(am__post_remove_distdir) + +dist-zip: distdir + -rm -f $(distdir).zip + zip -rq $(distdir).zip $(distdir) + $(am__post_remove_distdir) + +dist dist-all: + $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:' + $(am__post_remove_distdir) + +# This target untars the dist file and tries a VPATH configuration. Then +# it guarantees that the distribution is self-contained by making another +# tarfile. +distcheck: dist + case '$(DIST_ARCHIVES)' in \ + *.tar.gz*) \ + GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ + *.tar.bz2*) \ + bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ + *.tar.lz*) \ + lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ + *.tar.xz*) \ + xz -dc $(distdir).tar.xz | $(am__untar) ;;\ + *.tar.Z*) \ + uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ + *.shar.gz*) \ + GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ + *.zip*) \ + unzip $(distdir).zip ;;\ + esac + chmod -R a-w $(distdir) + chmod u+w $(distdir) + mkdir $(distdir)/_build $(distdir)/_inst + chmod a-w $(distdir) + test -d $(distdir)/_build || exit 0; \ + dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ + && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ + && am__cwd=`pwd` \ + && $(am__cd) $(distdir)/_build \ + && ../configure --srcdir=.. --prefix="$$dc_install_base" \ + $(AM_DISTCHECK_CONFIGURE_FLAGS) \ + $(DISTCHECK_CONFIGURE_FLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) dvi \ + && $(MAKE) $(AM_MAKEFLAGS) check \ + && $(MAKE) $(AM_MAKEFLAGS) install \ + && $(MAKE) $(AM_MAKEFLAGS) installcheck \ + && $(MAKE) $(AM_MAKEFLAGS) uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ + distuninstallcheck \ + && chmod -R a-w "$$dc_install_base" \ + && ({ \ + (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ + distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ + } || { rm -rf "$$dc_destdir"; exit 1; }) \ + && rm -rf "$$dc_destdir" \ + && $(MAKE) $(AM_MAKEFLAGS) dist \ + && rm -rf $(DIST_ARCHIVES) \ + && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ + && cd "$$am__cwd" \ + || exit 1 + $(am__post_remove_distdir) + @(echo "$(distdir) archives ready for distribution: "; \ + list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ + sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' +distuninstallcheck: + @test -n '$(distuninstallcheck_dir)' || { \ + echo 'ERROR: trying to run $@ with an empty' \ + '$$(distuninstallcheck_dir)' >&2; \ + exit 1; \ + }; \ + $(am__cd) '$(distuninstallcheck_dir)' || { \ + echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \ + exit 1; \ + }; \ + test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \ + || { echo "ERROR: files left after uninstall:" ; \ + if test -n "$(DESTDIR)"; then \ + echo " (check DESTDIR support)"; \ + fi ; \ + $(distuninstallcheck_listfiles) ; \ + exit 1; } >&2 +distcleancheck: distclean + @if test '$(srcdir)' = . ; then \ + echo "ERROR: distcleancheck can only run from a VPATH build" ; \ + exit 1 ; \ + fi + @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ + || { echo "ERROR: files left in build directory after distclean:" ; \ + $(distcleancheck_listfiles) ; \ + exit 1; } >&2 +check-am: all-am +check: check-recursive +all-am: Makefile $(DATA) +installdirs: installdirs-recursive +installdirs-am: + for dir in "$(DESTDIR)$(docdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + -test -z "$(MOSTLYCLEANFILES)" || rm -f $(MOSTLYCLEANFILES) + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." + -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) +clean: clean-recursive + +clean-am: clean-generic clean-local mostlyclean-am + +distclean: distclean-recursive + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-local \ + distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: -TARFILES = AUTHOR bin ChangeLog configure configure.in CONTRIBUTORS COPYING \ - doc genhash INSTALL install-sh keepalived keepalived.spec.in lib Makefile.in \ - README TODO VERSION +info: info-recursive -TARBALL = keepalived-@VERSION@.tar.gz +info-am: -all: - $(MAKE) -C lib || exit 1; - $(MAKE) -C keepalived - $(MAKE) -C genhash - @echo "" - @echo "Make complete" +install-data-am: install-docDATA + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -rf $(top_srcdir)/autom4te.cache + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: uninstall-docDATA + +.MAKE: $(am__recursive_targets) install-am install-strip + +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ + am--refresh check check-am clean clean-cscope clean-generic \ + clean-local cscope cscopelist-am ctags ctags-am dist dist-all \ + dist-bzip2 dist-gzip dist-hook dist-lzip dist-shar dist-tarZ \ + dist-xz dist-zip distcheck distclean distclean-generic \ + distclean-local distclean-tags distcleancheck distdir \ + distuninstallcheck dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am \ + install-docDATA install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ + pdf-am ps ps-am tags tags-am uninstall uninstall-am \ + uninstall-docDATA + + +export DEBUG_CFLAGS +export DEBUG_CPPFLAGS +export DEBUG_LDFLAGS + +README: $(srcdir)/README.md + @$(edit) '$(srcdir)/$@.md' >$@ + +distclean-local: + @rm -f aclocal.m4 ar-lib compile depcomp install-sh missing keepalived-$(VERSION).tar.gz config.log config.status + @rm -rf autom4te.cache + +dist-hook: + @rm -f $(distdir)/README + +.PHONY: docker +docker: + docker build -t keepalived . + +# clean all files that are generated by automake/autoconf etc +autoclean: + @$(MAKE) distclean + @rm -f configure `find . -name Makefile.in` lib/config.h.in lib/git-commit.h + +git-clean: + @$(MAKE) autoclean + +clean-local: clean-local-snap + +# clean files that are generated by snapcraft +.PHONY: clean-local-snap +clean-local-snap: + -rm -rf parts/ prime/ stage/ keepalived_*.snap + +# Added targets to maintain compatibility with keepalived releases 1.2.22 and earlier +.PHONY: tarball rpm debug profile mrproper + +tarball: dist + +@RPM_TRUE@rpm: +@RPM_TRUE@ @$(MAKE) dist +@RPM_TRUE@ @cp -p keepalived-$(VERSION).tar.gz `rpm --eval "%{_sourcedir}"` +@RPM_TRUE@@RPM_BIP_TRUE@ rpmbuild -ba --build-in-place keepalived.spec +@RPM_TRUE@@RPM_BIP_FALSE@ rpmbuild -ba keepalived.spec debug: - $(MAKE) -C lib || exit 1; - $(MAKE) -C keepalived debug - @echo "" - @echo "Make complete" + @$(MAKE) DEBUG_LDFLAGS=-ggdb profile: - $(MAKE) -C lib || exit 1; - $(MAKE) -C keepalived profile - @echo "" - @echo "Make complete" - -clean: - $(MAKE) -C lib clean - $(MAKE) -C keepalived clean - $(MAKE) -C genhash clean - -distclean: - $(MAKE) -C lib distclean - $(MAKE) -C keepalived distclean - $(MAKE) -C genhash distclean - rm -f Makefile - rm -f keepalived.spec - -mrproper: distclean - rm -f config.* - -uninstall: - $(MAKE) -C keepalived uninstall - $(MAKE) -C genhash uninstall - -install: - $(MAKE) -C keepalived install - $(MAKE) -C genhash install - -tarball: mrproper - mkdir keepalived-@VERSION@ - cp -a $(TARFILES) keepalived-@VERSION@ - tar --exclude .git -czf $(TARBALL) keepalived-@VERSION@ - rm -rf keepalived-@VERSION@ - -rpm: - rpmbuild -ba keepalived.spec + @$(MAKE) DEBUG_CFLAGS=-pg + +mrproper: + @echo Please use `make distclean` + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/tools/keepalived/README b/tools/keepalived/README deleted file mode 100644 index 153816e86..000000000 --- a/tools/keepalived/README +++ /dev/null @@ -1,25 +0,0 @@ -The main goal of the keepalived project is to add a strong & robust -keepalive facility to the Linux Virtual Server project. -It implements a multilayer TCP/IP stack checks. Keepalived implements -a framework based on three family checks : Layer3, Layer4 & Layer5. -This framework gives the daemon the ability of checking a LVS server -pool states. Keepalived can be sumarize as a LVS driving daemon. - -Keepalived implementation is based on an I/O multiplexer to handle a -strong multi-threading framework. All the events process use this I/O -multiplexer. - -Keepalived is free software, Copyright (C) Alexandre Cassen. -See the file COPYING for copying conditions. - - -OPENSSL TOOLKIT LICENCE EXCEPTION - -In addition, as the copyright holder of Keepalived, -I, Alexandre Cassen, , -grant the following special exception: - - I, Alexandre Cassen, , explicitly allow - the compilation and distribution of the Keepalived software with - the OpenSSL Toolkit. - diff --git a/tools/keepalived/README.md b/tools/keepalived/README.md new file mode 100644 index 000000000..49ea1b12b --- /dev/null +++ b/tools/keepalived/README.md @@ -0,0 +1,42 @@ +keepalived: Loadbalancing & High-Availability +============================================= + +[![Build Status](https://travis-ci.org/acassen/keepalived.svg?branch=master)](https://travis-ci.org/acassen/keepalived) [![keepalived](https://snapcraft.io/keepalived/badge.svg)](https://snapcraft.io/keepalived) + +The main goal of this project is to provide simple and robust facilities +for loadbalancing and high-availability to Linux system and Linux based +infrastructures. Loadbalancing framework relies on well-known and widely +used Linux Virtual Server (IPVS) kernel module providing Layer4 loadbalancing. +Keepalived implements a set of checkers to dynamically and adaptively maintain +and manage loadbalanced server pool according their health. On the other hand +high-availability is achieved by the Virtual Router Redundancy Protocol (VRRP). +VRRP is a fundamental brick for router failover. In addition, Keepalived +implements a set of hooks to the VRRP finite state machine providing low-level +and high-speed protocol interactions. In order to offer fastest network +failure detection, Keepalived implements the Bidirectional Forwarding Detection +(BFD) protocol. VRRP state transition can take into account BFD hints to drive +fast state transition. Keepalived frameworks can be used independently or all +together to provide resilient infrastructures. + +Keepalived implementation is based on an I/O multiplexer to handle a +strong multi-threading framework. All the events process use this I/O +multiplexer. + +To build keepalived from the git source tree, you will need to have +autoconf, automake and various libraries installed. See the INSTALL +file for details of what needs to be installed and what needs to be +executed before building keepalived. + +Keepalived is free software, Copyright (C) Alexandre Cassen. +See the file COPYING for copying conditions. + +OPENSSL TOOLKIT LICENCE EXCEPTION + +In addition, as the copyright holder of Keepalived, +I, Alexandre Cassen, , +grant the following special exception: + + I, Alexandre Cassen, , explicitly allow + the compilation and distribution of the Keepalived software with + the OpenSSL Toolkit. + diff --git a/tools/keepalived/TODO b/tools/keepalived/TODO index 52801f45a..cab84bcf5 100644 --- a/tools/keepalived/TODO +++ b/tools/keepalived/TODO @@ -1 +1,154 @@ Whatever you want ! + +Real servers +Add quorum_weight, defaults to weight. May want to set different between quorum and IPVS weight + +Rationalise use of timer_now()/gettimeofday()/set_time_now() + + +virtual route: +1. How do we handle + virtual_routes { + 192.168.210.0/24 via 10.1.0.1 + } + if there is no route to 10.1.0.1? If we go to fault state if it cannot + be installed when attempt to transition to master, how do we know to transiton + out of fault state. + + +IPVS +1. Can we have an IPv4 fwmark and specify tunnel to IPv6, and vice versa etc. + What does ipvsadm do? +2. Sort out IP_VS_SO vs LVS_CMD... +3. Make sure log/email messages contain relevant info re VS -> RS. See FMT_CHK + +The following are still outstanding from the ideas for what became v2.0.0: + + * Sort out termination in vrrp and checker - stop_vrrp/check, and phase2 + are inconsistent between vrrp and checker. What about bfd? + * A route with multiple nexthops will only be deleted if all interfaces + are down. Each nexthop needs to record the interface, and only remove + once all down + * Don't add RTNMGRP_IPV4_ADDR/IPV6_ADDR if not monitoring one of those + families + * May want to stop VS down at start for alpha mode RSs (except SNMP) + * Rate limit respawning if a child process dies + * Have a socket to connect to for receiving notifications. A process + can register for what notifications it wants to receive. + * Allow variable parameters to be passed to scripts - see issue #837 + * Make tarball include git version if not a tag + * If an address owner recovers from fault, transition directly to + master + * If configuration_state=MASTER && !OWNER, transition to master after + 1 * advert_int + skew. Sort out all initialisation around states + * Split vrrp_snmp.c into vrrp_snmp_keepalived.c vrrp_snmp_rfcv2.c and + vrrp_snmp_rfcv3.c + * Only send correct type of trap, and respond to correct SNMP version, + controlled by config, defaults to type of instance. Flags snmp_v2 and + snmp_v3 to force other, or both. + * Ensure unicast peers groups check source address of received advert + so that the same VRID can be used between different peer groups on the + same interface. + * Add process checking: + Add track_process for vrrp instances + Add PROCESS_CHECK for checkers + - Find PID and remember it. If PID has gone, try and find new pid + Look at how pidof/killall find processes + * Allow dynamic definitions, e.g. $_VI_NAME + Also $*_INSTANCE net_namspace $_INSTANCE + so $* means only do if $_INSTANCE not blank. */ + * ng-scheduler + + +Other issues awaiting resolution: + +ipvs_group_range_cmd() appears nonsense, and inet_stor returning a uint8_t +doesn't work for IPv6. The virtual_service_entry_t thing needs range to be +uint32_t. Why would mask be 0xffffffff for IPv6? + +ip_vs_daemon_kern vs /usr/include/linux/ip_vs.h ip_vs_daemon_user + +vrrp_timer_fd should return 0 if an fd's timer is in the past? + +Make vrrp->send_buffer a single buffer for all + +Check timers passto to thread_... functions are reasonable, and stacktrace if not. + +In function socket_state, should thread_add_write use timer_long() or -timer_long() + +vrrp_timer_fd() - see comment + +In thread functions with a timer, ensure not > LONG_MAX (or even some lower value); + +Change tcp_socket_state etc to socket_state etc + +Add noreturn function attribute on stop_vrrp/check + +bin/genhash -s 2001:470:69dd:35::188 --port 80 -u /Harriet/ # works, but +bin/genhash -s 2001:470:69dd:35::188 --port 80 -u /Harriet/ # -S doesn't + # but -S is OK with IPv4 address + +in ipvswrapper.c, get rid of static srule etc and make them procedure local and pass as parameters + +Stop passing base_ifp to netlink3_set_interface_parameters() etc + +ipsecah issues +============== +1. sync and vmac ignore counter + +2. Start up just after master dies, but have lowest priority so become master with counter == 1 + +3. cycle won't happen + +4. In vrrp_backup, don't check auth type matches + +5. ? if cycle becomes set, we must become backup. How do we get out of state? + +epoll +===== +Use timerfd (see timerfd_create(2)) for microsecond timing with epoll, and do not bother with its timeout. +If not available, then simply use the epoll timer. + +Optimise calls to timer_now() and see set_time_now() +==================================================== +After select completes, get time. Before calculating next +select expire time, get time again. +To test time processing, save time after select and log time taken +before next select. Also initialise timer at startup. + +Add api +======= + +Add pipe for updates +==================== +track_script like for absolute or relative priority + +Upstream issues +=============== + +1. Kernel. Socket receive buffers growing to fill memory + See issue #839. If the following setting are in place: +net.core.rmem_default = 37748736 +net.core.rmem_max = 37748736 + and vrrp_tx_bufs_policy NO_SEND_RX is configured, then + all system memory can be consumed. Why is it not limited + to 37748736 bytes? + +2. Kernel. Corruption when netlink sends status of large number + of links - see issues #392/#803. + When using default socket receive buffer size, and have 500 + vmac interfaces configured on a physical interface and the + physical interface is downed, lots of netlink messages are + received, and we get an ENOBUFS. However, after that we then + see a repeat of some of the earlier messages, so it looks like + a circular buffer corruption. Running ip -ts monitor link addr route + we see precisely the same problem at exactly the same message, + although which message it is varies each time. + +3. net-snmp. Display-hint only works on indices. + See issue #866. + # snmpwalk -v2c -c public localhost KEEPALIVED-MIB::virtualServerAddress + KEEPALIVED-MIB::virtualServerAddress.1 = STRING: " +0," + The address is attempted to be output as text, rather than using + the display hint diff --git a/tools/keepalived/VERSION b/tools/keepalived/VERSION deleted file mode 100644 index 0b1f1edf1..000000000 --- a/tools/keepalived/VERSION +++ /dev/null @@ -1 +0,0 @@ -1.2.13 diff --git a/tools/keepalived/bin_install/Makefile.am b/tools/keepalived/bin_install/Makefile.am new file mode 100644 index 000000000..73924de0e --- /dev/null +++ b/tools/keepalived/bin_install/Makefile.am @@ -0,0 +1,36 @@ +# Makefile.am +# +# Keepalived OpenSource project. +# +# Copyright (C) 2001-2016 Alexandre Cassen, + +.PHONY: all debug profile + +all debug profile: $(top_builddir)/bin/keepalived $(top_builddir)/bin/genhash + +$(top_builddir)/bin/keepalived: $(top_builddir)/keepalived/keepalived + @$(MKDIR_P) $(top_builddir)/bin + @(if test -f $(top_builddir)/keepalived/keepalived; then \ + if test -z "$(DEBUG_LDFLAGS)$(DEBUG_CFLAGS)$(DEBUG_CPPFLAGS)"; then \ + @STRIP@ -o $(top_builddir)/bin/keepalived $(top_builddir)/keepalived/keepalived; \ + else \ + cp -p $(top_builddir)/keepalived/keepalived $(top_builddir)/bin; \ + fi; \ + else \ + rm -f $(top_builddir)/bin/keepalived; \ + fi) + +$(top_builddir)/bin/genhash: $(top_builddir)/genhash/genhash + @$(MKDIR_P) $(top_builddir)/bin + @(if test -f $(top_builddir)/genhash/genhash; then \ + if test -z "$(DEBUG_LDFLAGS)$(DEBUG_CFLAGS)$(DEBUG_CPPFLAGS)"; then \ + @STRIP@ -o $(top_builddir)/bin/genhash $(top_builddir)/genhash/genhash; \ + else \ + cp -p $(top_builddir)/genhash/genhash $(top_builddir)/bin; \ + fi; \ + else \ + rm -f $(top_builddir)/bin/genhash; \ + fi) + +clean-local: + rm -f $(top_builddir)/bin/keepalived $(top_builddir)/bin/genhash diff --git a/tools/keepalived/build_setup b/tools/keepalived/build_setup new file mode 100755 index 000000000..c3610d4e5 --- /dev/null +++ b/tools/keepalived/build_setup @@ -0,0 +1,6 @@ +#!/bin/sh + +aclocal +autoheader +automake --add-missing +autoreconf diff --git a/tools/keepalived/config.json b/tools/keepalived/config.json new file mode 100644 index 000000000..a8ae7746e --- /dev/null +++ b/tools/keepalived/config.json @@ -0,0 +1,4919 @@ +{ + "clusterId":"791", + "vipports":[ + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.180:80:100,192.168.34.225:80:100,192.168.54.21:80:100,192.168.26.59:80:100,192.168.17.189:80:100,192.168.5.185:80:100,192.168.14.14:80:100,192.168.38.64:80:100,192.168.26.163:80:100,192.168.45.240:80:100,192.168.45.60:80:100,192.168.37.104:80:100,192.168.17.71:80:100,192.168.21.52:80:100,192.168.37.17:80:100,192.168.9.172:80:100,192.168.14.238:80:100,192.168.38.138:80:100,192.168.53.106:80:100,192.168.15.192:80:100,192.168.26.36:80:100,192.168.46.90:80:100,192.168.31.190:80:100,192.168.31.7:80:100,192.168.26.215:80:100,192.168.15.103:80:100,192.168.49.215:80:100,192.168.15.108:80:100,192.168.33.101:80:100,192.168.5.155:80:100,192.168.10.1:80:100,192.168.29.210:80:100,192.168.51.176:80:100,192.168.51.251:80:100,192.168.23.200:80:100,192.168.33.192:80:100,192.168.1.170:80:100,192.168.50.91:80:100,192.168.47.100:80:100,192.168.11.142:80:100,192.168.25.157:80:100,192.168.46.52:80:100,192.168.30.154:80:100,192.168.6.82:80:100,192.168.47.80:80:100,192.168.54.151:80:100,192.168.19.171:80:100,192.168.18.92:80:100,192.168.3.93:80:100,192.168.59.219:80:100,192.168.25.6:80:100,192.168.26.19:80:100,192.168.53.136:80:100,192.168.22.29:80:100,192.168.15.143:80:100,192.168.46.75:80:100,192.168.21.208:80:100,192.168.35.80:80:100,192.168.57.58:80:100,192.168.26.212:80:100,192.168.14.95:80:100,192.168.47.3:80:100,192.168.31.102:80:100,192.168.47.155:80:100,192.168.58.13:80:100,192.168.1.171:80:100,192.168.31.213:80:100,192.168.29.60:80:100,192.168.37.139:80:100,192.168.13.206:80:100,192.168.29.117:80:100,192.168.26.75:80:100,192.168.25.229:80:100,192.168.5.29:80:100,192.168.38.191:80:100,192.168.58.12:80:100,192.168.3.49:80:100,192.168.53.99:80:100,192.168.25.133:80:100,192.168.50.238:80:100,192.168.7.126:80:100,192.168.43.248:80:100,192.168.15.233:80:100,192.168.55.105:80:100,192.168.43.195:80:100,192.168.42.135:80:100,192.168.38.66:80:100", + "vip":"111.13.235.69" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.15:80:100,192.168.1.142:80:100,192.168.59.105:80:100", + "vip":"192.168.102.169" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.168:80:100,192.168.37.246:80:100", + "vip":"192.168.101.63" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.100:80:100,192.168.57.126:80:100,192.168.19.145:80:100,192.168.58.154:80:100", + "vip":"192.168.102.88" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.59:80:100,192.168.58.241:80:100", + "vip":"111.13.235.132" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.248:80:100,192.168.26.71:80:100,192.168.46.103:80:100,192.168.33.50:80:100", + "vip":"192.168.101.61" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.37:80:100,192.168.49.41:80:100,192.168.33.34:80:100,192.168.18.13:80:100,192.168.23.161:80:100,192.168.43.121:80:100,192.168.49.19:80:100,192.168.13.177:80:100,192.168.18.81:80:100,192.168.2.55:80:100,192.168.37.207:80:100,192.168.14.39:80:100,192.168.15.216:80:100,192.168.6.54:80:100,192.168.17.41:80:100,192.168.1.70:80:100,192.168.31.103:80:100,192.168.11.55:80:100,192.168.25.233:80:100,192.168.3.194:80:100,192.168.34.147:80:100,192.168.3.78:80:100,192.168.43.173:80:100,192.168.47.247:80:100,192.168.54.233:80:100,192.168.1.253:80:100,192.168.38.71:80:100,192.168.3.61:80:100,192.168.22.183:80:100,192.168.7.190:80:100,192.168.10.130:80:100,192.168.45.110:80:100,192.168.34.241:80:100,192.168.57.237:80:100,192.168.10.152:80:100,192.168.1.21:80:100,192.168.37.183:80:100,192.168.6.43:80:100,192.168.59.198:80:100,192.168.6.165:80:100,192.168.35.212:80:100,192.168.58.57:80:100,192.168.47.8:80:100,192.168.47.112:80:100,192.168.10.217:80:100,192.168.59.219:80:100,192.168.15.162:80:100,192.168.19.202:80:100,192.168.2.72:80:100,192.168.17.98:80:100,192.168.11.122:80:100,192.168.6.239:80:100,192.168.9.69:80:100,192.168.59.142:80:100,192.168.25.1:80:100,192.168.13.2:80:100,192.168.33.193:80:100,192.168.54.159:80:100,192.168.55.75:80:100,192.168.3.228:80:100,192.168.34.178:80:100,192.168.58.201:80:100,192.168.42.15:80:100,192.168.22.123:80:100,192.168.35.191:80:100,192.168.11.156:80:100,192.168.11.247:80:100,192.168.38.79:80:100,192.168.59.201:80:100,192.168.22.201:80:100,192.168.49.115:80:100,192.168.9.7:80:100,192.168.10.142:80:100,192.168.6.111:80:100,192.168.43.235:80:100,192.168.17.78:80:100,192.168.2.25:80:100,192.168.45.84:80:100,192.168.53.82:80:100,192.168.59.134:80:100,192.168.46.79:80:100,192.168.5.232:80:100,192.168.5.78:80:100,192.168.53.59:80:100,192.168.17.177:80:100,192.168.3.38:80:100,192.168.19.160:80:100,192.168.49.125:80:100,192.168.18.126:80:100,192.168.41.202:80:100,192.168.33.77:80:100,192.168.17.111:80:100,192.168.30.163:80:100,192.168.13.170:80:100,192.168.5.205:80:100,192.168.39.159:80:100,192.168.30.81:80:100,192.168.11.245:80:100,192.168.6.105:80:100,192.168.11.213:80:100,192.168.21.128:80:100,192.168.14.3:80:100,192.168.1.157:80:100,192.168.31.29:80:100,192.168.11.116:80:100,192.168.54.106:80:100,192.168.38.38:80:100,192.168.57.221:80:100,192.168.35.148:80:100,192.168.10.242:80:100,192.168.43.231:80:100,192.168.31.151:80:100,192.168.58.69:80:100,192.168.55.168:80:100,192.168.27.92:80:100,192.168.17.221:80:100,192.168.47.11:80:100,192.168.5.164:80:100,192.168.18.1:80:100,192.168.42.196:80:100,192.168.3.19:80:100,192.168.30.34:80:100,192.168.6.46:80:100,192.168.42.121:80:100,192.168.51.167:80:100,192.168.42.99:80:100,192.168.11.133:80:100,192.168.54.113:80:100,192.168.17.3:80:100,192.168.57.110:80:100,192.168.42.207:80:100,192.168.37.14:80:100,192.168.57.155:80:100,192.168.49.123:80:100,192.168.23.208:80:100,192.168.6.244:80:100,192.168.19.110:80:100,192.168.47.3:80:100,192.168.23.109:80:100,192.168.23.194:80:100,192.168.29.73:80:100,192.168.7.150:80:100,192.168.27.27:80:100,192.168.29.236:80:100,192.168.49.100:80:100,192.168.14.199:80:100,192.168.34.72:80:100,192.168.7.129:80:100,192.168.7.254:80:100,192.168.39.21:80:100,192.168.22.48:80:100,192.168.47.121:80:100,192.168.1.249:80:100,192.168.37.228:80:100,192.168.37.55:80:100,192.168.3.210:80:100,192.168.57.247:80:100,192.168.27.122:80:100,192.168.11.201:80:100,192.168.42.50:80:100,192.168.55.36:80:100,192.168.41.98:80:100,192.168.37.179:80:100,192.168.46.63:80:100,192.168.55.197:80:100,192.168.22.21:80:100,192.168.25.145:80:100,192.168.2.110:80:100,192.168.51.127:80:100,192.168.43.234:80:100,192.168.54.23:80:100,192.168.18.93:80:100,192.168.18.180:80:100,192.168.14.125:80:100,192.168.33.237:80:100,192.168.54.88:80:100,192.168.54.246:80:100,192.168.51.155:80:100,192.168.37.194:80:100,192.168.39.19:80:100,192.168.54.154:80:100,192.168.57.211:80:100,192.168.30.238:80:100,192.168.10.199:80:100,192.168.15.76:80:100,192.168.13.179:80:100,192.168.17.125:80:100,192.168.39.101:80:100,192.168.6.141:80:100,192.168.35.220:80:100,192.168.45.174:80:100", + "vip":"192.168.101.7" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.176:80:100,192.168.45.176:80:100,192.168.22.165:80:100,192.168.21.204:80:100", + "vip":"111.13.235.154" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.3:80:100,192.168.59.94:80:100,192.168.50.61:80:100,192.168.58.69:80:100,192.168.53.130:80:100,192.168.39.244:80:100,192.168.55.68:80:100,192.168.53.59:80:100,192.168.42.227:80:100,192.168.26.205:80:100,192.168.38.165:80:100", + "vip":"192.168.101.167" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.224:80:100", + "vip":"111.13.235.244" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.237:80:100,192.168.7.46:80:100,192.168.17.203:80:100,192.168.30.48:80:100,192.168.1.210:80:100,192.168.14.45:80:100,192.168.41.162:80:100,192.168.45.239:80:100,192.168.37.23:80:100,192.168.1.221:80:100,192.168.58.26:80:100,192.168.9.78:80:100,192.168.46.249:80:100,192.168.30.186:80:100,192.168.57.70:80:100,192.168.14.236:80:100,192.168.3.226:80:100,192.168.35.131:80:100", + "vip":"192.168.101.122" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.7.173:80:100,192.168.17.25:80:100,192.168.35.130:80:100,192.168.22.130:80:100,192.168.30.103:80:100,192.168.42.89:80:100,192.168.15.59:80:100,192.168.19.100:80:100", + "vip":"192.168.102.135" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.77:80:100,192.168.30.251:80:100", + "vip":"192.168.102.28" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.134:80:100,192.168.35.168:80:100,192.168.14.122:80:100,192.168.21.224:80:100", + "vip":"192.168.101.139" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.189:80:100,192.168.39.238:80:100,192.168.43.25:80:100,192.168.50.69:80:100", + "vip":"192.168.102.62" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.53:80:100,192.168.55.236:80:100", + "vip":"192.168.101.80" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.29:80:100,192.168.6.112:80:100,192.168.6.55:80:100,192.168.57.148:80:100,192.168.14.41:80:100,192.168.6.51:80:100,192.168.47.8:80:100,192.168.10.193:80:100,192.168.47.25:80:100,192.168.59.127:80:100,192.168.42.84:80:100,192.168.19.219:80:100,192.168.13.134:80:100,192.168.55.81:80:100,192.168.14.175:80:100,192.168.50.20:80:100,192.168.37.175:80:100", + "vip":"192.168.102.214" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.61:80:100,192.168.11.140:80:100", + "vip":"111.13.235.85" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.237:80:100,192.168.31.132:80:100,192.168.42.231:80:100,192.168.9.219:80:100,192.168.33.38:80:100,192.168.35.189:80:100", + "vip":"192.168.101.244" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.240:80:100,192.168.1.237:80:100,192.168.53.87:80:100,192.168.53.51:80:100,192.168.1.23:80:100,192.168.33.46:80:100,192.168.33.39:80:100", + "vip":"111.13.235.103" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.196:80:100,192.168.53.184:80:100,192.168.57.200:80:100,192.168.43.26:80:100,192.168.33.144:80:100,192.168.18.177:80:100,192.168.33.114:80:100,192.168.59.117:80:100,192.168.35.106:80:100,192.168.23.141:80:100,192.168.18.212:80:100,192.168.14.244:80:100,192.168.17.103:80:100,192.168.25.150:80:100,192.168.34.130:80:100,192.168.26.155:80:100,192.168.46.179:80:100,192.168.21.59:80:100,192.168.58.117:80:100,192.168.33.240:80:100,192.168.35.207:80:100,192.168.46.106:80:100,192.168.22.20:80:100,192.168.7.3:80:100,192.168.47.91:80:100,192.168.58.124:80:100,192.168.25.124:80:100,192.168.25.139:80:100,192.168.38.83:80:100,192.168.54.54:80:100,192.168.54.19:80:100,192.168.47.107:80:100,192.168.3.110:80:100,192.168.57.36:80:100,192.168.42.19:80:100,192.168.45.110:80:100,192.168.49.227:80:100,192.168.54.89:80:100,192.168.5.2:80:100,192.168.46.44:80:100,192.168.38.17:80:100,192.168.27.202:80:100,192.168.30.77:80:100,192.168.29.176:80:100,192.168.30.4:80:100,192.168.39.153:80:100,192.168.13.79:80:100,192.168.29.118:80:100,192.168.21.146:80:100,192.168.35.151:80:100,192.168.11.77:80:100,192.168.59.123:80:100,192.168.13.148:80:100,192.168.15.58:80:100,192.168.21.48:80:100,192.168.31.180:80:100,192.168.18.173:80:100,192.168.43.44:80:100,192.168.42.45:80:100,192.168.39.41:80:100,192.168.19.209:80:100,192.168.58.207:80:100,192.168.55.209:80:100,192.168.50.178:80:100,192.168.11.101:80:100,192.168.42.152:80:100,192.168.19.223:80:100,192.168.27.207:80:100,192.168.1.104:80:100,192.168.29.30:80:100,192.168.13.202:80:100,192.168.37.123:80:100,192.168.6.72:80:100,192.168.3.7:80:100,192.168.30.249:80:100,192.168.57.153:80:100,192.168.57.81:80:100,192.168.55.191:80:100,192.168.23.248:80:100,192.168.17.204:80:100,192.168.58.30:80:100,192.168.34.215:80:100,192.168.22.237:80:100,192.168.10.201:80:100,192.168.11.103:80:100,192.168.9.170:80:100,192.168.42.156:80:100,192.168.59.168:80:100,192.168.42.198:80:100,192.168.5.198:80:100,192.168.45.175:80:100,192.168.31.223:80:100,192.168.3.164:80:100,192.168.5.28:80:100,192.168.10.42:80:100,192.168.54.227:80:100,192.168.45.199:80:100,192.168.45.42:80:100,192.168.33.149:80:100,192.168.55.222:80:100,192.168.6.101:80:100,192.168.35.183:80:100,192.168.15.177:80:100,192.168.13.170:80:100,192.168.43.105:80:100,192.168.45.63:80:100,192.168.11.65:80:100,192.168.43.199:80:100,192.168.11.245:80:100,192.168.35.13:80:100,192.168.23.111:80:100,192.168.55.233:80:100,192.168.43.227:80:100,192.168.17.124:80:100,192.168.15.71:80:100,192.168.18.53:80:100,192.168.58.235:80:100,192.168.2.35:80:100,192.168.42.140:80:100,192.168.1.229:80:100,192.168.39.115:80:100,192.168.3.62:80:100,192.168.41.37:80:100,192.168.34.87:80:100,192.168.2.251:80:100,192.168.34.75:80:100,192.168.17.130:80:100,192.168.39.105:80:100,192.168.58.189:80:100,192.168.29.188:80:100,192.168.13.130:80:100,192.168.3.97:80:100,192.168.57.82:80:100,192.168.37.1:80:100,192.168.19.40:80:100,192.168.2.197:80:100,192.168.7.94:80:100,192.168.11.112:80:100,192.168.26.139:80:100,192.168.21.25:80:100,192.168.50.207:80:100,192.168.14.106:80:100,192.168.29.166:80:100,192.168.9.152:80:100,192.168.22.147:80:100,192.168.29.242:80:100,192.168.43.249:80:100,192.168.5.64:80:100,192.168.50.232:80:100,192.168.6.60:80:100,192.168.11.246:80:100,192.168.6.42:80:100,192.168.51.136:80:100,192.168.47.137:80:100,192.168.1.173:80:100,192.168.50.7:80:100,192.168.42.161:80:100,192.168.54.95:80:100,192.168.33.169:80:100,192.168.9.23:80:100,192.168.11.62:80:100,192.168.26.4:80:100,192.168.11.235:80:100,192.168.18.233:80:100,192.168.2.218:80:100,192.168.15.210:80:100,192.168.33.6:80:100,192.168.34.13:80:100,192.168.50.44:80:100,192.168.11.76:80:100,192.168.43.202:80:100,192.168.34.249:80:100,192.168.49.5:80:100,192.168.1.184:80:100,192.168.25.99:80:100,192.168.51.19:80:100,192.168.51.221:80:100,192.168.41.36:80:100,192.168.33.227:80:100,192.168.54.146:80:100,192.168.10.116:80:100,192.168.55.127:80:100,192.168.11.215:80:100,192.168.13.215:80:100,192.168.53.205:80:100,192.168.46.228:80:100,192.168.11.86:80:100,192.168.19.158:80:100,192.168.3.139:80:100,192.168.22.188:80:100,192.168.35.245:80:100,192.168.38.117:80:100,192.168.22.33:80:100,192.168.13.29:80:100,192.168.11.38:80:100,192.168.25.215:80:100,192.168.7.177:80:100", + "vip":"192.168.101.82" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.117:80:100,192.168.50.71:80:100,192.168.11.140:80:100,192.168.6.65:80:100,192.168.33.64:80:100,192.168.5.159:80:100,192.168.5.246:80:100,192.168.43.244:80:100,192.168.30.234:80:100,192.168.9.191:80:100,192.168.2.6:80:100,192.168.35.208:80:100,192.168.7.87:80:100,192.168.18.147:80:100,192.168.21.185:80:100,192.168.23.194:80:100,192.168.34.225:80:100,192.168.50.115:80:100", + "vip":"192.168.102.5" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.147:80:100,192.168.30.195:80:100,192.168.17.189:80:100,192.168.31.19:80:100,192.168.21.157:80:100,192.168.26.186:80:100,192.168.23.210:80:100", + "vip":"192.168.102.166" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.196:80:100,192.168.6.5:80:100,192.168.15.121:80:100,192.168.58.164:80:100,192.168.5.162:80:100,192.168.23.242:80:100,192.168.38.113:80:100,192.168.59.25:80:100,192.168.41.20:80:100,192.168.1.151:80:100,192.168.5.187:80:100,192.168.19.84:80:100,192.168.3.105:80:100,192.168.29.89:80:100,192.168.11.243:80:100,192.168.10.193:80:100,192.168.42.176:80:100,192.168.43.170:80:100,192.168.42.129:80:100,192.168.55.11:80:100,192.168.54.53:80:100,192.168.29.132:80:100,192.168.23.221:80:100,192.168.3.96:80:100,192.168.3.29:80:100,192.168.51.78:80:100,192.168.42.233:80:100,192.168.35.41:80:100,192.168.41.40:80:100,192.168.7.10:80:100,192.168.27.11:80:100,192.168.6.211:80:100,192.168.31.143:80:100,192.168.34.207:80:100,192.168.45.235:80:100,192.168.11.114:80:100,192.168.53.158:80:100,192.168.19.159:80:100,192.168.46.101:80:100,192.168.58.122:80:100,192.168.15.177:80:100,192.168.33.253:80:100,192.168.46.212:80:100,192.168.21.242:80:100,192.168.50.227:80:100,192.168.18.197:80:100,192.168.9.126:80:100,192.168.19.61:80:100,192.168.49.231:80:100,192.168.55.219:80:100,192.168.39.247:80:100", + "vip":"192.168.102.33" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.65:80:100,192.168.11.20:80:100,192.168.55.241:80:100", + "vip":"192.168.102.92" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.109:80:100,192.168.14.226:80:100,192.168.42.115:80:100", + "vip":"192.168.101.191" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.132:80:100,192.168.55.248:80:100,192.168.46.105:80:100,192.168.18.124:80:100,192.168.7.69:80:100,192.168.9.30:80:100,192.168.34.181:80:100,192.168.25.35:80:100,192.168.45.239:80:100,192.168.29.73:80:100,192.168.57.81:80:100,192.168.31.119:80:100,192.168.57.248:80:100,192.168.14.183:80:100,192.168.45.6:80:100", + "vip":"192.168.102.170" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.1:80:100,192.168.41.135:80:100,192.168.21.206:80:100,192.168.58.5:80:100,192.168.50.143:80:100,192.168.10.157:80:100,192.168.49.243:80:100,192.168.53.173:80:100,192.168.22.153:80:100,192.168.54.17:80:100,192.168.59.237:80:100,192.168.50.66:80:100,192.168.27.151:80:100,192.168.46.65:80:100,192.168.54.139:80:100,192.168.37.172:80:100,192.168.31.115:80:100,192.168.18.78:80:100,192.168.26.96:80:100,192.168.14.27:80:100,192.168.55.73:80:100,192.168.7.150:80:100,192.168.51.101:80:100,192.168.14.226:80:100,192.168.6.6:80:100,192.168.13.92:80:100,192.168.43.167:80:100,192.168.3.214:80:100,192.168.6.92:80:100,192.168.47.27:80:100,192.168.38.57:80:100,192.168.57.117:80:100,192.168.2.20:80:100,192.168.37.111:80:100,192.168.5.76:80:100,192.168.13.52:80:100,192.168.37.72:80:100,192.168.14.10:80:100,192.168.15.58:80:100,192.168.49.198:80:100,192.168.23.87:80:100,192.168.29.177:80:100,192.168.54.188:80:100,192.168.47.206:80:100,192.168.38.224:80:100,192.168.11.23:80:100,192.168.15.123:80:100,192.168.17.238:80:100,192.168.10.52:80:100,192.168.9.60:80:100,192.168.15.27:80:100,192.168.27.207:80:100,192.168.57.51:80:100,192.168.57.141:80:100,192.168.42.236:80:100,192.168.42.17:80:100,192.168.22.71:80:100,192.168.30.93:80:100,192.168.18.150:80:100,192.168.29.29:80:100,192.168.18.239:80:100,192.168.7.136:80:100,192.168.53.5:80:100,192.168.29.190:80:100,192.168.15.31:80:100,192.168.29.38:80:100,192.168.57.204:80:100,192.168.29.84:80:100,192.168.13.8:80:100,192.168.39.5:80:100,192.168.18.75:80:100,192.168.19.3:80:100,192.168.50.247:80:100,192.168.54.103:80:100,192.168.5.156:80:100,192.168.10.198:80:100,192.168.7.66:80:100,192.168.21.167:80:100,192.168.39.170:80:100,192.168.3.53:80:100,192.168.9.198:80:100,192.168.7.193:80:100,192.168.19.128:80:100,192.168.49.171:80:100,192.168.54.148:80:100,192.168.17.60:80:100,192.168.17.217:80:100,192.168.6.5:80:100,192.168.19.174:80:100,192.168.18.124:80:100,192.168.43.228:80:100,192.168.23.26:80:100,192.168.51.163:80:100,192.168.25.118:80:100,192.168.10.123:80:100,192.168.51.212:80:100,192.168.25.142:80:100,192.168.43.77:80:100,192.168.49.247:80:100,192.168.19.210:80:100,192.168.11.3:80:100,192.168.33.81:80:100,192.168.23.54:80:100,192.168.50.62:80:100,192.168.18.242:80:100,192.168.59.101:80:100,192.168.38.15:80:100,192.168.41.226:80:100,192.168.6.181:80:100,192.168.15.20:80:100,192.168.55.107:80:100,192.168.38.63:80:100,192.168.25.49:80:100,192.168.25.192:80:100,192.168.2.99:80:100,192.168.9.204:80:100,192.168.25.85:80:100,192.168.22.219:80:100,192.168.10.28:80:100,192.168.45.64:80:100,192.168.58.25:80:100,192.168.31.43:80:100,192.168.51.154:80:100,192.168.26.212:80:100,192.168.58.56:80:100,192.168.14.83:80:100,192.168.25.11:80:100,192.168.6.244:80:100,192.168.14.167:80:100,192.168.46.20:80:100,192.168.59.179:80:100,192.168.49.237:80:100,192.168.15.18:80:100,192.168.42.41:80:100,192.168.35.159:80:100,192.168.26.21:80:100,192.168.29.97:80:100,192.168.38.190:80:100,192.168.38.84:80:100,192.168.6.53:80:100,192.168.26.119:80:100,192.168.9.72:80:100,192.168.59.196:80:100,192.168.38.76:80:100,192.168.1.179:80:100,192.168.33.45:80:100,192.168.41.93:80:100,192.168.39.40:80:100,192.168.41.3:80:100,192.168.27.146:80:100,192.168.19.172:80:100,192.168.7.225:80:100,192.168.31.137:80:100,192.168.55.27:80:100,192.168.11.20:80:100,192.168.6.223:80:100,192.168.35.238:80:100,192.168.19.170:80:100,192.168.6.115:80:100,192.168.57.20:80:100,192.168.9.124:80:100,192.168.39.179:80:100,192.168.7.54:80:100,192.168.58.7:80:100,192.168.29.39:80:100,192.168.59.102:80:100,192.168.31.228:80:100,192.168.3.144:80:100,192.168.39.25:80:100,192.168.37.122:80:100,192.168.53.67:80:100,192.168.22.131:80:100,192.168.5.252:80:100", + "vip":"192.168.102.233" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.161:80:100,192.168.26.195:80:100", + "vip":"192.168.101.18" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.240:80:100,192.168.27.197:80:100,192.168.6.18:80:100,192.168.54.20:80:100,192.168.45.187:80:100,192.168.13.74:80:100,192.168.46.23:80:100,192.168.9.188:80:100", + "vip":"192.168.101.42" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.235:80:100,192.168.39.231:80:100,192.168.33.188:80:100,192.168.9.90:80:100,192.168.18.248:80:100,192.168.3.132:80:100,192.168.31.34:80:100,192.168.34.96:80:100,192.168.49.112:80:100,192.168.27.242:80:100,192.168.27.185:80:100,192.168.42.221:80:100,192.168.59.42:80:100,192.168.38.90:80:100,192.168.50.65:80:100,192.168.29.67:80:100,192.168.18.168:80:100,192.168.41.69:80:100,192.168.35.137:80:100,192.168.47.147:80:100,192.168.10.237:80:100,192.168.15.38:80:100,192.168.23.191:80:100,192.168.37.141:80:100,192.168.18.194:80:100,192.168.18.21:80:100,192.168.7.222:80:100,192.168.46.78:80:100,192.168.9.97:80:100,192.168.58.40:80:100,192.168.17.2:80:100,192.168.46.156:80:100,192.168.6.202:80:100,192.168.7.37:80:100,192.168.13.22:80:100,192.168.18.250:80:100,192.168.19.214:80:100,192.168.39.13:80:100,192.168.41.43:80:100,192.168.5.90:80:100,192.168.47.132:80:100,192.168.13.236:80:100,192.168.38.19:80:100,192.168.6.235:80:100,192.168.58.122:80:100,192.168.42.204:80:100,192.168.42.94:80:100,192.168.30.84:80:100,192.168.13.93:80:100,192.168.27.62:80:100,192.168.45.73:80:100,192.168.34.84:80:100,192.168.33.22:80:100,192.168.46.198:80:100,192.168.59.88:80:100,192.168.58.188:80:100,192.168.46.132:80:100,192.168.41.226:80:100,192.168.11.10:80:100,192.168.55.51:80:100,192.168.58.22:80:100,192.168.10.179:80:100,192.168.51.182:80:100,192.168.51.129:80:100,192.168.57.156:80:100,192.168.53.33:80:100,192.168.58.25:80:100,192.168.59.146:80:100,192.168.11.217:80:100,192.168.1.166:80:100,192.168.58.197:80:100,192.168.46.57:80:100,192.168.50.218:80:100,192.168.29.163:80:100,192.168.26.33:80:100,192.168.5.103:80:100,192.168.6.216:80:100,192.168.38.155:80:100,192.168.57.18:80:100,192.168.21.73:80:100,192.168.5.62:80:100,192.168.22.72:80:100,192.168.43.246:80:100,192.168.25.163:80:100,192.168.25.58:80:100,192.168.15.100:80:100", + "vip":"111.13.235.187" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.150:80:100,192.168.46.139:80:100,192.168.37.91:80:100,192.168.25.158:80:100", + "vip":"192.168.101.5" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.156:80:100,192.168.35.136:80:100,192.168.57.127:80:100,192.168.22.11:80:100,192.168.27.75:80:100,192.168.22.222:80:100,192.168.1.144:80:100,192.168.3.166:80:100", + "vip":"111.13.235.174" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.236:80:100,192.168.7.36:80:100,192.168.19.20:80:100,192.168.51.225:80:100", + "vip":"192.168.102.110" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.77:80:100", + "vip":"111.13.235.141" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.117:80:100,192.168.26.227:80:100,192.168.51.168:80:100,192.168.39.218:80:100,192.168.22.103:80:100,192.168.10.129:80:100,192.168.45.157:80:100,192.168.26.113:80:100,192.168.39.62:80:100,192.168.50.217:80:100,192.168.14.177:80:100,192.168.39.197:80:100,192.168.49.45:80:100,192.168.57.72:80:100,192.168.49.61:80:100,192.168.9.202:80:100,192.168.46.104:80:100", + "vip":"192.168.101.150" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.253:80:100", + "vip":"192.168.101.199" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.234:80:100,192.168.30.157:80:100,192.168.18.163:80:100,192.168.49.199:80:100,192.168.54.146:80:100,192.168.45.67:80:100", + "vip":"111.13.235.130" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.192:80:100,192.168.46.92:80:100,192.168.18.168:80:100", + "vip":"192.168.102.94" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.117:80:100,192.168.31.163:80:100", + "vip":"192.168.102.54" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.119:80:100,192.168.30.151:80:100,192.168.18.18:80:100,192.168.49.80:80:100,192.168.3.54:80:100,192.168.10.54:80:100", + "vip":"192.168.102.251" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.188:80:100,192.168.55.1:80:100,192.168.37.7:80:100,192.168.22.56:80:100,192.168.34.202:80:100,192.168.19.177:80:100,192.168.14.111:80:100,192.168.43.9:80:100,192.168.7.120:80:100,192.168.29.116:80:100,192.168.59.1:80:100,192.168.1.139:80:100", + "vip":"111.13.235.220" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.212:80:100", + "vip":"111.13.235.114" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.91:80:100", + "vip":"192.168.102.137" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.26.221:80:100,192.168.33.108:80:100,192.168.46.229:80:100,192.168.39.244:80:100,192.168.47.241:80:100,192.168.1.226:80:100,192.168.10.55:80:100", + "vip":"111.13.235.241" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.54:80:100,192.168.25.135:80:100", + "vip":"111.13.235.89" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.141:80:100", + "vip":"111.13.235.135" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.207:80:100,192.168.29.84:80:100,192.168.49.46:80:100,192.168.23.140:80:100,192.168.47.209:80:100,192.168.53.140:80:100,192.168.50.22:80:100,192.168.31.238:80:100,192.168.42.100:80:100", + "vip":"192.168.102.109" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.178:80:100", + "vip":"192.168.102.60" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.223:80:100", + "vip":"111.13.235.225" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.79:80:100,192.168.29.96:80:100,192.168.11.147:80:100", + "vip":"192.168.102.189" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.215:80:100,192.168.23.161:80:100,192.168.41.57:80:100,192.168.34.17:80:100,192.168.31.146:80:100,192.168.38.252:80:100,192.168.43.219:80:100,192.168.54.204:80:100,192.168.55.5:80:100,192.168.7.3:80:100,192.168.19.242:80:100,192.168.10.12:80:100,192.168.57.119:80:100,192.168.35.145:80:100,192.168.55.249:80:100,192.168.27.36:80:100,192.168.25.79:80:100,192.168.30.239:80:100,192.168.58.226:80:100,192.168.34.26:80:100,192.168.47.176:80:100,192.168.38.43:80:100,192.168.54.15:80:100,192.168.51.47:80:100,192.168.55.26:80:100,192.168.35.48:80:100,192.168.6.219:80:100,192.168.3.174:80:100,192.168.14.5:80:100,192.168.50.222:80:100,192.168.39.118:80:100,192.168.55.111:80:100,192.168.9.12:80:100,192.168.19.53:80:100,192.168.58.81:80:100,192.168.10.75:80:100,192.168.29.83:80:100,192.168.37.82:80:100,192.168.1.29:80:100,192.168.1.247:80:100,192.168.29.116:80:100,192.168.47.216:80:100,192.168.10.247:80:100,192.168.50.43:80:100,192.168.5.215:80:100,192.168.31.117:80:100,192.168.15.121:80:100,192.168.6.208:80:100,192.168.33.179:80:100,192.168.39.57:80:100,192.168.27.229:80:100,192.168.57.76:80:100,192.168.3.20:80:100,192.168.51.22:80:100,192.168.6.70:80:100,192.168.55.70:80:100,192.168.55.213:80:100,192.168.11.116:80:100,192.168.41.159:80:100,192.168.22.217:80:100,192.168.25.243:80:100,192.168.10.236:80:100,192.168.45.164:80:100,192.168.42.122:80:100,192.168.51.156:80:100,192.168.9.30:80:100,192.168.58.176:80:100,192.168.46.114:80:100,192.168.23.181:80:100,192.168.19.140:80:100,192.168.6.1:80:100,192.168.9.164:80:100,192.168.9.207:80:100,192.168.23.92:80:100,192.168.45.80:80:100,192.168.1.232:80:100,192.168.54.184:80:100,192.168.37.154:80:100,192.168.55.175:80:100,192.168.23.216:80:100,192.168.33.169:80:100,192.168.54.237:80:100,192.168.59.27:80:100,192.168.53.101:80:100,192.168.27.239:80:100,192.168.37.99:80:100,192.168.59.162:80:100,192.168.3.149:80:100,192.168.58.254:80:100,192.168.25.235:80:100,192.168.50.193:80:100,192.168.1.63:80:100,192.168.38.209:80:100,192.168.39.40:80:100,192.168.45.55:80:100,192.168.50.87:80:100,192.168.5.65:80:100,192.168.35.47:80:100,192.168.22.53:80:100,192.168.43.201:80:100,192.168.17.35:80:100,192.168.3.71:80:100,192.168.14.24:80:100,192.168.51.209:80:100,192.168.41.165:80:100,192.168.7.103:80:100", + "vip":"192.168.101.255" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.165:80:100", + "vip":"111.13.235.116" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.55:80:100", + "vip":"111.13.235.101" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.66:80:100", + "vip":"192.168.101.241" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.33:80:100,192.168.9.1:80:100,192.168.7.161:80:100,192.168.19.118:80:100,192.168.45.83:80:100,192.168.26.121:80:100,192.168.2.115:80:100,192.168.42.13:80:100,192.168.7.233:80:100,192.168.35.219:80:100,192.168.38.48:80:100,192.168.53.250:80:100,192.168.1.66:80:100,192.168.6.124:80:100,192.168.42.179:80:100,192.168.33.230:80:100,192.168.53.91:80:100,192.168.42.228:80:100,192.168.50.56:80:100,192.168.55.106:80:100,192.168.21.66:80:100,192.168.43.146:80:100,192.168.21.190:80:100,192.168.25.66:80:100,192.168.43.14:80:100,192.168.39.10:80:100,192.168.55.53:80:100,192.168.34.142:80:100,192.168.58.227:80:100,192.168.22.212:80:100,192.168.33.132:80:100,192.168.53.162:80:100,192.168.1.4:80:100,192.168.51.137:80:100,192.168.50.181:80:100,192.168.33.219:80:100,192.168.41.29:80:100,192.168.26.115:80:100,192.168.58.12:80:100,192.168.45.1:80:100,192.168.57.229:80:100,192.168.31.220:80:100,192.168.11.84:80:100,192.168.9.44:80:100,192.168.10.1:80:100,192.168.1.224:80:100,192.168.45.84:80:100,192.168.33.36:80:100,192.168.31.157:80:100,192.168.49.103:80:100,192.168.7.82:80:100,192.168.43.67:80:100,192.168.21.107:80:100,192.168.38.77:80:100,192.168.27.170:80:100,192.168.35.181:80:100,192.168.42.79:80:100,192.168.19.77:80:100,192.168.14.142:80:100,192.168.13.104:80:100,192.168.25.135:80:100,192.168.42.143:80:100,192.168.38.177:80:100,192.168.30.15:80:100,192.168.35.155:80:100,192.168.42.85:80:100,192.168.34.25:80:100,192.168.3.67:80:100,192.168.47.114:80:100,192.168.26.85:80:100,192.168.23.129:80:100,192.168.13.116:80:100,192.168.46.95:80:100,192.168.13.187:80:100,192.168.53.243:80:100,192.168.7.192:80:100,192.168.57.139:80:100,192.168.29.217:80:100,192.168.53.106:80:100,192.168.30.133:80:100,192.168.11.8:80:100,192.168.19.188:80:100,192.168.3.173:80:100,192.168.55.132:80:100,192.168.19.71:80:100", + "vip":"192.168.101.87" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.135:80:100,192.168.3.46:80:100,192.168.3.83:80:100", + "vip":"111.13.235.74" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.199:80:100,192.168.34.211:80:100,192.168.34.194:80:100", + "vip":"192.168.102.15" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.182:80:100,192.168.27.248:80:100,192.168.55.104:80:100,192.168.38.123:80:100,192.168.50.47:80:100", + "vip":"192.168.101.147" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.221:80:100,192.168.50.177:80:100,192.168.5.168:80:100", + "vip":"192.168.101.173" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.110:80:100,192.168.46.88:80:100,192.168.14.69:80:100,192.168.57.137:80:100", + "vip":"192.168.101.67" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.167:80:100,192.168.34.218:80:100,192.168.21.149:80:100,192.168.31.73:80:100,192.168.9.161:80:100,192.168.35.78:80:100,192.168.38.125:80:100,192.168.53.26:80:100,192.168.11.116:80:100,192.168.47.147:80:100,192.168.14.254:80:100,192.168.43.196:80:100,192.168.57.25:80:100,192.168.38.45:80:100,192.168.17.104:80:100,192.168.57.217:80:100,192.168.3.53:80:100,192.168.58.175:80:100,192.168.59.158:80:100,192.168.42.93:80:100,192.168.22.200:80:100,192.168.45.119:80:100,192.168.35.197:80:100,192.168.51.209:80:100,192.168.19.135:80:100,192.168.6.37:80:100,192.168.46.32:80:100,192.168.17.44:80:100,192.168.49.24:80:100,192.168.34.251:80:100,192.168.46.65:80:100,192.168.41.49:80:100,192.168.30.210:80:100,192.168.45.232:80:100,192.168.33.142:80:100,192.168.25.197:80:100,192.168.50.98:80:100,192.168.33.141:80:100,192.168.14.9:80:100,192.168.15.231:80:100,192.168.37.209:80:100,192.168.21.219:80:100,192.168.58.203:80:100,192.168.34.130:80:100,192.168.59.52:80:100,192.168.5.209:80:100,192.168.13.208:80:100,192.168.46.182:80:100,192.168.47.25:80:100,192.168.42.177:80:100,192.168.59.218:80:100,192.168.2.241:80:100,192.168.33.11:80:100,192.168.13.106:80:100,192.168.15.60:80:100,192.168.5.156:80:100,192.168.21.167:80:100,192.168.22.98:80:100,192.168.19.234:80:100,192.168.57.92:80:100,192.168.2.29:80:100,192.168.2.122:80:100,192.168.5.100:80:100,192.168.5.190:80:100,192.168.9.193:80:100,192.168.13.192:80:100,192.168.14.2:80:100,192.168.54.96:80:100,192.168.42.103:80:100,192.168.11.20:80:100,192.168.41.155:80:100,192.168.7.111:80:100,192.168.30.8:80:100,192.168.47.242:80:100,192.168.38.138:80:100,192.168.11.254:80:100,192.168.33.20:80:100,192.168.9.175:80:100,192.168.31.42:80:100", + "vip":"111.13.235.173" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.166:80:100,192.168.33.32:80:100", + "vip":"192.168.102.22" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.191:80:100", + "vip":"192.168.102.184" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.3:80:100,192.168.3.142:80:100,192.168.45.215:80:100,192.168.38.180:80:100,192.168.30.94:80:100,192.168.45.57:80:100,192.168.21.167:80:100,192.168.41.40:80:100,192.168.47.33:80:100,192.168.19.15:80:100,192.168.33.139:80:100,192.168.26.252:80:100,192.168.53.146:80:100,192.168.37.63:80:100,192.168.39.35:80:100", + "vip":"192.168.101.30" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.227:80:100,192.168.43.44:80:100", + "vip":"192.168.101.111" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.139:80:100,192.168.59.153:80:100,192.168.49.32:80:100,192.168.22.65:80:100,192.168.58.154:80:100,192.168.17.70:80:100,192.168.55.214:80:100,192.168.9.152:80:100,192.168.51.32:80:100,192.168.9.115:80:100,192.168.33.189:80:100,192.168.50.70:80:100,192.168.34.118:80:100", + "vip":"192.168.101.50" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.197:80:100,192.168.29.164:80:100,192.168.13.23:80:100,192.168.21.167:80:100", + "vip":"192.168.102.47" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.69:80:100,192.168.23.204:80:100,192.168.38.128:80:100,192.168.10.147:80:100,192.168.29.90:80:100,192.168.3.41:80:100,192.168.59.8:80:100,192.168.2.160:80:100,192.168.51.29:80:100", + "vip":"192.168.102.145" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.160:80:100,192.168.38.53:80:100,192.168.57.7:80:100,192.168.27.204:80:100,192.168.33.144:80:100,192.168.51.170:80:100,192.168.3.24:80:100,192.168.30.70:80:100,192.168.27.32:80:100,192.168.39.48:80:100,192.168.27.221:80:100,192.168.41.26:80:100,192.168.39.254:80:100,192.168.18.62:80:100,192.168.37.45:80:100,192.168.13.57:80:100,192.168.9.200:80:100,192.168.55.16:80:100,192.168.54.1:80:100,192.168.59.135:80:100,192.168.58.14:80:100,192.168.41.97:80:100,192.168.9.192:80:100,192.168.19.219:80:100,192.168.55.100:80:100,192.168.10.12:80:100,192.168.31.151:80:100,192.168.55.189:80:100,192.168.34.131:80:100,192.168.59.254:80:100,192.168.29.209:80:100,192.168.21.134:80:100,192.168.25.218:80:100,192.168.39.248:80:100,192.168.11.242:80:100,192.168.33.176:80:100,192.168.43.54:80:100,192.168.17.187:80:100,192.168.41.4:80:100,192.168.3.67:80:100,192.168.38.134:80:100,192.168.58.228:80:100,192.168.55.161:80:100,192.168.22.87:80:100,192.168.29.72:80:100,192.168.45.20:80:100,192.168.10.170:80:100,192.168.15.252:80:100,192.168.5.189:80:100,192.168.14.99:80:100,192.168.55.132:80:100,192.168.1.115:80:100,192.168.21.84:80:100,192.168.14.80:80:100,192.168.59.106:80:100,192.168.5.162:80:100,192.168.29.109:80:100,192.168.1.3:80:100,192.168.46.180:80:100,192.168.27.101:80:100,192.168.5.187:80:100,192.168.26.187:80:100,192.168.11.184:80:100,192.168.42.96:80:100,192.168.49.90:80:100,192.168.14.86:80:100,192.168.6.182:80:100,192.168.54.161:80:100,192.168.3.79:80:100,192.168.45.90:80:100,192.168.55.193:80:100,192.168.43.27:80:100,192.168.14.6:80:100,192.168.25.211:80:100,192.168.55.65:80:100,192.168.43.74:80:100,192.168.21.36:80:100,192.168.54.70:80:100,192.168.22.94:80:100,192.168.43.182:80:100,192.168.39.156:80:100,192.168.11.191:80:100,192.168.35.241:80:100,192.168.27.166:80:100,192.168.19.162:80:100,192.168.27.167:80:100,192.168.34.152:80:100,192.168.22.55:80:100,192.168.34.5:80:100,192.168.47.171:80:100,192.168.14.41:80:100,192.168.39.51:80:100,192.168.7.101:80:100,192.168.5.138:80:100,192.168.17.123:80:100,192.168.7.11:80:100,192.168.57.162:80:100,192.168.39.237:80:100,192.168.38.189:80:100,192.168.45.199:80:100,192.168.5.86:80:100,192.168.29.95:80:100,192.168.14.118:80:100,192.168.47.245:80:100,192.168.26.97:80:100,192.168.49.199:80:100,192.168.59.208:80:100,192.168.55.164:80:100,192.168.39.97:80:100,192.168.59.174:80:100,192.168.10.149:80:100,192.168.58.218:80:100,192.168.42.70:80:100,192.168.10.191:80:100,192.168.58.91:80:100,192.168.38.112:80:100,192.168.55.135:80:100,192.168.21.90:80:100,192.168.38.126:80:100,192.168.6.174:80:100,192.168.5.220:80:100,192.168.29.196:80:100,192.168.27.55:80:100,192.168.54.232:80:100,192.168.6.53:80:100,192.168.30.2:80:100,192.168.43.164:80:100,192.168.30.19:80:100,192.168.27.90:80:100,192.168.2.254:80:100,192.168.49.114:80:100,192.168.17.18:80:100,192.168.5.85:80:100,192.168.55.166:80:100,192.168.49.186:80:100,192.168.37.68:80:100,192.168.51.159:80:100,192.168.1.52:80:100,192.168.1.179:80:100,192.168.3.229:80:100,192.168.11.180:80:100,192.168.27.80:80:100,192.168.42.59:80:100,192.168.29.14:80:100,192.168.45.212:80:100,192.168.46.239:80:100,192.168.41.23:80:100,192.168.46.83:80:100,192.168.39.131:80:100,192.168.58.143:80:100,192.168.53.242:80:100,192.168.13.197:80:100,192.168.25.13:80:100,192.168.58.18:80:100,192.168.47.162:80:100,192.168.55.99:80:100,192.168.14.66:80:100,192.168.1.39:80:100,192.168.30.31:80:100,192.168.25.125:80:100,192.168.55.117:80:100,192.168.6.238:80:100,192.168.22.33:80:100,192.168.49.60:80:100,192.168.37.119:80:100,192.168.42.78:80:100,192.168.26.208:80:100", + "vip":"192.168.101.141" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.195:80:100,192.168.51.151:80:100,192.168.2.85:80:100,192.168.37.121:80:100,192.168.37.156:80:100,192.168.39.18:80:100,192.168.57.43:80:100,192.168.17.252:80:100,192.168.11.41:80:100,192.168.46.19:80:100,192.168.57.126:80:100,192.168.59.44:80:100,192.168.25.229:80:100,192.168.10.137:80:100,192.168.50.129:80:100,192.168.15.44:80:100,192.168.30.185:80:100,192.168.38.1:80:100,192.168.43.76:80:100,192.168.41.168:80:100,192.168.29.96:80:100,192.168.26.156:80:100,192.168.37.197:80:100,192.168.21.132:80:100,192.168.14.253:80:100,192.168.3.84:80:100,192.168.21.148:80:100,192.168.14.246:80:100,192.168.41.19:80:100,192.168.33.155:80:100,192.168.10.114:80:100,192.168.41.127:80:100,192.168.49.207:80:100", + "vip":"192.168.101.130" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.161:80:100,192.168.9.21:80:100", + "vip":"192.168.102.253" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.56:80:100,192.168.15.62:80:100,192.168.13.60:80:100,192.168.53.100:80:100,192.168.21.157:80:100,192.168.57.18:80:100,192.168.22.91:80:100", + "vip":"192.168.101.142" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.241:80:100", + "vip":"192.168.102.77" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.189:80:100,192.168.57.129:80:100,192.168.58.48:80:100,192.168.39.218:80:100,192.168.39.91:80:100,192.168.15.140:80:100,192.168.42.57:80:100", + "vip":"111.13.235.80" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.252:80:100,192.168.21.240:80:100,192.168.42.244:80:100", + "vip":"192.168.102.198" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.148:80:100,192.168.5.108:80:100,192.168.41.179:80:100,192.168.29.127:80:100,192.168.1.212:80:100", + "vip":"111.13.235.133" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.252:80:100,192.168.26.241:80:100,192.168.53.48:80:100,192.168.11.240:80:100,192.168.22.33:80:100,192.168.59.218:80:100,192.168.7.3:80:100,192.168.50.180:80:100", + "vip":"192.168.102.7" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.86:80:100,192.168.26.121:80:100,192.168.5.14:80:100,192.168.58.247:80:100,192.168.18.9:80:100,192.168.13.94:80:100,192.168.59.90:80:100,192.168.55.220:80:100", + "vip":"192.168.102.249" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.57:80:100,192.168.3.161:80:100,192.168.42.131:80:100,192.168.59.122:80:100,192.168.43.28:80:100,192.168.58.66:80:100,192.168.9.222:80:100,192.168.59.207:80:100,192.168.21.54:80:100", + "vip":"192.168.101.243" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.189:80:100,192.168.55.215:80:100,192.168.22.87:80:100,192.168.47.121:80:100,192.168.30.169:80:100,192.168.2.128:80:100,192.168.46.122:80:100", + "vip":"192.168.102.35" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.81:80:100,192.168.30.33:80:100", + "vip":"111.13.235.204" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.23:80:100", + "vip":"192.168.102.164" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.63:80:100,192.168.9.157:80:100,192.168.27.171:80:100", + "vip":"111.13.235.213" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.218:80:100,192.168.55.61:80:100,192.168.27.8:80:100,192.168.42.10:80:100,192.168.9.151:80:100,192.168.1.90:80:100,192.168.39.225:80:100,192.168.9.163:80:100,192.168.23.83:80:100,192.168.21.133:80:100,192.168.17.184:80:100,192.168.11.4:80:100,192.168.23.88:80:100,192.168.23.152:80:100,192.168.33.53:80:100,192.168.18.146:80:100,192.168.1.11:80:100,192.168.22.141:80:100,192.168.21.54:80:100", + "vip":"192.168.102.247" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.8:80:100,192.168.29.6:80:100,192.168.5.170:80:100,192.168.31.197:80:100,192.168.18.63:80:100,192.168.15.57:80:100,192.168.49.31:80:100,192.168.27.233:80:100,192.168.50.82:80:100,192.168.29.188:80:100,192.168.2.188:80:100,192.168.26.22:80:100,192.168.54.141:80:100", + "vip":"192.168.102.9" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.250:80:100,192.168.21.250:80:100,192.168.7.189:80:100,192.168.43.58:80:100", + "vip":"192.168.102.213" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.220:80:100,192.168.47.146:80:100,192.168.50.195:80:100", + "vip":"192.168.102.12" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.57.135:80:100,192.168.14.223:80:100,192.168.31.2:80:100,192.168.59.205:80:100", + "vip":"192.168.102.129" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.22:80:100,192.168.11.69:80:100,192.168.5.230:80:100,192.168.21.51:80:100,192.168.14.109:80:100", + "vip":"111.13.235.211" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.146:80:100,192.168.37.46:80:100", + "vip":"192.168.102.236" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.110:80:100,192.168.1.188:80:100,192.168.42.252:80:100,192.168.58.190:80:100,192.168.41.157:80:100,192.168.45.245:80:100,192.168.21.145:80:100", + "vip":"192.168.102.209" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.1:80:100", + "vip":"192.168.102.40" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.54:80:100,192.168.33.136:80:100,192.168.17.225:80:100,192.168.59.169:80:100,192.168.41.41:80:100,192.168.35.69:80:100,192.168.9.53:80:100,192.168.2.191:80:100,192.168.50.34:80:100,192.168.7.130:80:100,192.168.46.183:80:100,192.168.30.21:80:100,192.168.35.168:80:100", + "vip":"192.168.101.65" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.5:80:100,192.168.2.142:80:100,192.168.45.30:80:100,192.168.25.26:80:100,192.168.25.70:80:100,192.168.13.243:80:100,192.168.17.103:80:100,192.168.1.66:80:100,192.168.14.183:80:100,192.168.13.109:80:100,192.168.58.32:80:100,192.168.10.202:80:100,192.168.50.166:80:100,192.168.38.11:80:100,192.168.10.40:80:100,192.168.39.144:80:100,192.168.35.134:80:100,192.168.27.242:80:100,192.168.45.238:80:100,192.168.35.17:80:100,192.168.11.232:80:100,192.168.58.71:80:100,192.168.7.150:80:100,192.168.7.128:80:100,192.168.21.140:80:100,192.168.19.145:80:100,192.168.46.196:80:100,192.168.53.172:80:100,192.168.25.137:80:100,192.168.49.174:80:100,192.168.38.122:80:100,192.168.27.43:80:100,192.168.51.92:80:100,192.168.50.202:80:100,192.168.1.32:80:100,192.168.43.108:80:100,192.168.22.32:80:100,192.168.11.200:80:100,192.168.49.148:80:100,192.168.59.154:80:100,192.168.5.60:80:100", + "vip":"192.168.102.10" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.253:80:100,192.168.46.161:80:100,192.168.18.177:80:100,192.168.25.171:80:100,192.168.2.23:80:100", + "vip":"192.168.101.194" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.125:80:100,192.168.19.46:80:100,192.168.13.81:80:100,192.168.47.116:80:100", + "vip":"192.168.102.99" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.252:80:100,192.168.33.74:80:100,192.168.6.54:80:100,192.168.43.24:80:100", + "vip":"192.168.101.19" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.136:80:100,192.168.57.123:80:100,192.168.57.154:80:100,192.168.5.175:80:100,192.168.25.225:80:100,192.168.10.155:80:100", + "vip":"192.168.102.226" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.153:80:100,192.168.29.120:80:100,192.168.7.149:80:100,192.168.59.251:80:100,192.168.54.223:80:100,192.168.50.32:80:100,192.168.2.55:80:100,192.168.7.100:80:100,192.168.21.159:80:100,192.168.19.175:80:100,192.168.31.125:80:100,192.168.25.47:80:100,192.168.37.10:80:100,192.168.6.134:80:100,192.168.47.28:80:100,192.168.26.173:80:100,192.168.9.188:80:100,192.168.46.31:80:100,192.168.55.89:80:100,192.168.59.163:80:100,192.168.23.178:80:100,192.168.59.18:80:100,192.168.22.101:80:100,192.168.15.80:80:100,192.168.58.93:80:100,192.168.13.154:80:100,192.168.23.131:80:100,192.168.37.203:80:100,192.168.55.196:80:100,192.168.9.50:80:100,192.168.58.130:80:100,192.168.31.136:80:100,192.168.39.44:80:100,192.168.35.212:80:100,192.168.15.12:80:100,192.168.13.122:80:100,192.168.3.161:80:100,192.168.53.86:80:100,192.168.41.175:80:100,192.168.31.59:80:100,192.168.31.219:80:100,192.168.42.214:80:100,192.168.1.167:80:100,192.168.7.26:80:100,192.168.31.189:80:100,192.168.19.153:80:100,192.168.15.7:80:100,192.168.15.29:80:100,192.168.14.61:80:100,192.168.25.109:80:100,192.168.1.247:80:100,192.168.19.90:80:100,192.168.22.10:80:100,192.168.49.213:80:100,192.168.13.126:80:100,192.168.29.53:80:100,192.168.57.88:80:100,192.168.45.122:80:100,192.168.49.87:80:100,192.168.38.124:80:100,192.168.47.75:80:100,192.168.15.37:80:100,192.168.59.227:80:100,192.168.2.14:80:100,192.168.10.137:80:100,192.168.33.167:80:100,192.168.25.184:80:100,192.168.17.196:80:100,192.168.13.254:80:100,192.168.25.212:80:100,192.168.57.55:80:100,192.168.49.44:80:100,192.168.58.134:80:100,192.168.7.237:80:100,192.168.10.197:80:100,192.168.5.234:80:100,192.168.33.13:80:100,192.168.2.22:80:100,192.168.13.184:80:100,192.168.37.29:80:100,192.168.31.95:80:100,192.168.33.250:80:100,192.168.22.159:80:100,192.168.38.237:80:100,192.168.6.214:80:100,192.168.49.153:80:100,192.168.35.168:80:100,192.168.5.76:80:100,192.168.33.86:80:100,192.168.49.74:80:100,192.168.59.12:80:100,192.168.3.172:80:100,192.168.31.172:80:100,192.168.3.71:80:100,192.168.23.137:80:100,192.168.18.202:80:100", + "vip":"192.168.102.105" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.60:80:100,192.168.6.132:80:100,192.168.38.248:80:100,192.168.41.18:80:100,192.168.10.231:80:100,192.168.45.253:80:100,192.168.41.212:80:100,192.168.38.25:80:100,192.168.14.101:80:100", + "vip":"192.168.102.42" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.137:80:100,192.168.49.241:80:100,192.168.9.55:80:100,192.168.15.57:80:100,192.168.22.231:80:100,192.168.39.209:80:100,192.168.26.184:80:100", + "vip":"192.168.101.113" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.171:80:100,192.168.49.36:80:100", + "vip":"192.168.102.59" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.222:80:100,192.168.33.123:80:100,192.168.51.36:80:100,192.168.23.184:80:100,192.168.3.224:80:100,192.168.21.119:80:100,192.168.55.16:80:100,192.168.17.251:80:100,192.168.53.120:80:100", + "vip":"192.168.101.135" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.44:80:100,192.168.42.60:80:100,192.168.30.63:80:100", + "vip":"111.13.235.120" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.51:80:100,192.168.55.21:80:100,192.168.39.78:80:100,192.168.13.137:80:100,192.168.21.114:80:100,192.168.15.214:80:100,192.168.1.123:80:100,192.168.47.99:80:100,192.168.37.249:80:100,192.168.25.173:80:100,192.168.38.208:80:100", + "vip":"111.13.235.223" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.251:80:100,192.168.17.23:80:100,192.168.25.19:80:100", + "vip":"192.168.102.96" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.224:80:100,192.168.51.111:80:100,192.168.5.191:80:100", + "vip":"111.13.235.104" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.138:80:100,192.168.47.187:80:100,192.168.10.230:80:100,192.168.45.181:80:100,192.168.14.3:80:100,192.168.42.122:80:100,192.168.45.41:80:100,192.168.50.217:80:100,192.168.39.177:80:100,192.168.50.149:80:100,192.168.23.19:80:100,192.168.39.86:80:100,192.168.19.219:80:100,192.168.7.112:80:100,192.168.9.33:80:100", + "vip":"111.13.235.218" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.7.228:80:100,192.168.35.209:80:100", + "vip":"192.168.101.81" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.3:80:100,192.168.19.238:80:100,192.168.37.90:80:100,192.168.10.64:80:100,192.168.49.138:80:100,192.168.30.110:80:100,192.168.43.7:80:100,192.168.30.111:80:100", + "vip":"111.13.235.248" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.82:80:100,192.168.15.38:80:100,192.168.39.81:80:100,192.168.18.45:80:100,192.168.42.180:80:100,192.168.21.188:80:100,192.168.23.157:80:100,192.168.14.215:80:100,192.168.18.151:80:100,192.168.59.43:80:100,192.168.5.15:80:100,192.168.18.147:80:100,192.168.14.156:80:100,192.168.51.9:80:100,192.168.18.149:80:100,192.168.22.65:80:100,192.168.14.15:80:100,192.168.43.186:80:100,192.168.57.179:80:100,192.168.50.79:80:100,192.168.25.109:80:100,192.168.43.77:80:100,192.168.21.61:80:100,192.168.22.13:80:100,192.168.19.145:80:100,192.168.34.239:80:100,192.168.54.33:80:100,192.168.39.144:80:100,192.168.25.3:80:100,192.168.14.133:80:100,192.168.17.234:80:100,192.168.15.202:80:100,192.168.15.53:80:100,192.168.41.33:80:100,192.168.1.77:80:100,192.168.53.147:80:100,192.168.35.205:80:100,192.168.3.144:80:100,192.168.23.9:80:100,192.168.33.132:80:100,192.168.53.156:80:100,192.168.1.128:80:100,192.168.38.183:80:100,192.168.19.30:80:100,192.168.33.201:80:100", + "vip":"192.168.102.156" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.210:80:100,192.168.11.63:80:100,192.168.42.73:80:100,192.168.19.20:80:100", + "vip":"192.168.101.202" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.208:80:100,192.168.19.69:80:100,192.168.3.180:80:100", + "vip":"111.13.235.206" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.26.226:80:100,192.168.6.165:80:100,192.168.54.214:80:100", + "vip":"192.168.102.187" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.196:80:100,192.168.10.147:80:100,192.168.26.215:80:100,192.168.23.109:80:100,192.168.41.207:80:100,192.168.6.74:80:100,192.168.57.3:80:100", + "vip":"192.168.101.53" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.51:80:100,192.168.51.56:80:100,192.168.14.201:80:100,192.168.25.4:80:100", + "vip":"111.13.235.71" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.188:80:100,192.168.54.142:80:100,192.168.47.196:80:100,192.168.9.69:80:100,192.168.43.59:80:100,192.168.43.243:80:100,192.168.55.116:80:100,192.168.3.88:80:100,192.168.25.14:80:100,192.168.14.152:80:100,192.168.19.95:80:100,192.168.55.61:80:100,192.168.26.8:80:100,192.168.17.236:80:100,192.168.11.112:80:100,192.168.41.17:80:100,192.168.30.108:80:100,192.168.21.72:80:100,192.168.37.178:80:100,192.168.14.57:80:100,192.168.50.148:80:100,192.168.43.179:80:100,192.168.2.186:80:100,192.168.50.83:80:100,192.168.54.124:80:100", + "vip":"111.13.235.102" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.224:80:100,192.168.17.29:80:100,192.168.33.87:80:100,192.168.37.162:80:100", + "vip":"111.13.235.216" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.53:80:100,192.168.23.8:80:100,192.168.17.110:80:100,192.168.50.68:80:100,192.168.49.132:80:100,192.168.22.153:80:100,192.168.31.166:80:100,192.168.14.4:80:100,192.168.13.250:80:100,192.168.29.24:80:100,192.168.30.3:80:100,192.168.50.165:80:100,192.168.5.55:80:100,192.168.50.44:80:100,192.168.47.232:80:100,192.168.2.28:80:100,192.168.9.95:80:100,192.168.54.77:80:100,192.168.59.245:80:100,192.168.46.85:80:100,192.168.5.144:80:100,192.168.38.89:80:100,192.168.49.177:80:100,192.168.45.70:80:100,192.168.31.199:80:100,192.168.21.36:80:100,192.168.13.234:80:100,192.168.17.47:80:100,192.168.31.181:80:100,192.168.34.129:80:100,192.168.6.60:80:100,192.168.43.21:80:100,192.168.26.57:80:100,192.168.45.3:80:100,192.168.29.144:80:100,192.168.41.132:80:100,192.168.59.218:80:100,192.168.51.178:80:100,192.168.47.136:80:100,192.168.9.81:80:100,192.168.33.201:80:100", + "vip":"192.168.101.207" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.126:80:100,192.168.21.23:80:100,192.168.22.25:80:100,192.168.25.197:80:100,192.168.57.233:80:100,192.168.47.23:80:100,192.168.5.36:80:100,192.168.46.186:80:100", + "vip":"192.168.101.105" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.128:80:100,192.168.1.111:80:100,192.168.14.64:80:100,192.168.59.57:80:100,192.168.5.59:80:100,192.168.14.175:80:100,192.168.9.248:80:100", + "vip":"192.168.102.36" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.169:80:100,192.168.45.123:80:100,192.168.15.12:80:100,192.168.18.213:80:100,192.168.22.234:80:100", + "vip":"192.168.101.79" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.82:80:100,192.168.42.34:80:100,192.168.11.218:80:100,192.168.58.77:80:100,192.168.38.192:80:100,192.168.27.62:80:100,192.168.27.254:80:100,192.168.22.117:80:100,192.168.6.233:80:100,192.168.45.17:80:100,192.168.54.228:80:100,192.168.25.126:80:100,192.168.34.94:80:100,192.168.11.67:80:100,192.168.5.133:80:100,192.168.58.37:80:100,192.168.51.146:80:100,192.168.18.27:80:100,192.168.15.49:80:100,192.168.25.4:80:100,192.168.29.145:80:100,192.168.35.79:80:100,192.168.34.211:80:100,192.168.59.161:80:100,192.168.1.65:80:100,192.168.10.190:80:100,192.168.29.42:80:100,192.168.38.228:80:100,192.168.9.202:80:100,192.168.6.121:80:100,192.168.41.100:80:100,192.168.22.47:80:100,192.168.47.115:80:100,192.168.7.236:80:100,192.168.57.14:80:100,192.168.1.162:80:100,192.168.35.167:80:100,192.168.29.254:80:100,192.168.45.110:80:100,192.168.27.111:80:100,192.168.17.243:80:100,192.168.38.176:80:100,192.168.3.82:80:100,192.168.50.102:80:100,192.168.46.250:80:100,192.168.57.94:80:100,192.168.10.248:80:100,192.168.35.227:80:100,192.168.38.241:80:100,192.168.35.117:80:100,192.168.13.9:80:100,192.168.9.235:80:100,192.168.1.172:80:100,192.168.6.178:80:100,192.168.6.241:80:100,192.168.33.152:80:100,192.168.29.81:80:100,192.168.54.156:80:100", + "vip":"192.168.101.138" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.212:80:100", + "vip":"111.13.235.214" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.111:80:100", + "vip":"192.168.101.24" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.235:80:100,192.168.47.80:80:100,192.168.6.3:80:100,192.168.47.96:80:100,192.168.59.215:80:100,192.168.33.243:80:100", + "vip":"192.168.101.35" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.57.232:80:100,192.168.54.159:80:100,192.168.54.115:80:100,192.168.55.254:80:100", + "vip":"192.168.102.234" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.159:80:100,192.168.55.109:80:100,192.168.7.11:80:100,192.168.14.20:80:100,192.168.14.102:80:100,192.168.46.241:80:100,192.168.49.92:80:100,192.168.21.99:80:100,192.168.22.152:80:100,192.168.14.242:80:100,192.168.22.27:80:100,192.168.37.190:80:100,192.168.10.187:80:100,192.168.27.212:80:100,192.168.9.48:80:100,192.168.29.26:80:100,192.168.15.227:80:100,192.168.26.220:80:100,192.168.18.42:80:100,192.168.39.137:80:100,192.168.54.99:80:100,192.168.55.90:80:100,192.168.13.72:80:100,192.168.41.247:80:100,192.168.6.61:80:100,192.168.38.242:80:100,192.168.41.248:80:100,192.168.50.36:80:100,192.168.53.84:80:100,192.168.34.38:80:100,192.168.17.94:80:100,192.168.35.33:80:100,192.168.53.98:80:100,192.168.46.64:80:100,192.168.54.42:80:100,192.168.27.99:80:100,192.168.18.2:80:100,192.168.26.17:80:100,192.168.57.198:80:100", + "vip":"192.168.102.30" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.109:80:100,192.168.13.244:80:100", + "vip":"192.168.101.200" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.37:80:100,192.168.30.123:80:100,192.168.47.94:80:100,192.168.38.35:80:100,192.168.15.42:80:100,192.168.42.210:80:100,192.168.26.177:80:100,192.168.59.10:80:100,192.168.1.34:80:100,192.168.39.249:80:100,192.168.31.150:80:100,192.168.27.99:80:100,192.168.58.51:80:100,192.168.47.136:80:100,192.168.9.215:80:100,192.168.54.99:80:100,192.168.59.80:80:100", + "vip":"192.168.102.178" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.93:80:100,192.168.47.205:80:100,192.168.21.73:80:100", + "vip":"192.168.101.48" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.208:80:100,192.168.55.187:80:100,192.168.39.176:80:100,192.168.51.206:80:100", + "vip":"192.168.102.1" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.177:80:100,192.168.13.215:80:100,192.168.26.74:80:100", + "vip":"111.13.235.82" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.53:80:100,192.168.41.35:80:100,192.168.6.120:80:100,192.168.13.161:80:100,192.168.6.162:80:100", + "vip":"192.168.101.71" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.68:80:100,192.168.33.246:80:100,192.168.14.9:80:100,192.168.5.180:80:100,192.168.41.137:80:100,192.168.57.165:80:100,192.168.1.87:80:100,192.168.17.206:80:100,192.168.35.144:80:100,192.168.7.12:80:100,192.168.13.243:80:100,192.168.26.223:80:100,192.168.30.143:80:100,192.168.50.33:80:100,192.168.43.173:80:100,192.168.58.16:80:100,192.168.39.137:80:100,192.168.25.235:80:100,192.168.1.83:80:100,192.168.59.18:80:100,192.168.9.139:80:100,192.168.47.36:80:100,192.168.41.246:80:100,192.168.37.193:80:100,192.168.14.46:80:100,192.168.43.146:80:100,192.168.58.93:80:100,192.168.7.79:80:100,192.168.54.62:80:100,192.168.58.242:80:100,192.168.57.22:80:100,192.168.9.216:80:100,192.168.17.25:80:100,192.168.41.119:80:100,192.168.42.32:80:100,192.168.26.252:80:100,192.168.10.47:80:100,192.168.21.18:80:100,192.168.38.249:80:100,192.168.30.202:80:100,192.168.27.1:80:100,192.168.15.98:80:100,192.168.54.205:80:100,192.168.50.105:80:100,192.168.57.114:80:100,192.168.54.87:80:100,192.168.47.139:80:100,192.168.14.216:80:100,192.168.38.135:80:100,192.168.13.63:80:100,192.168.1.236:80:100,192.168.22.15:80:100,192.168.15.61:80:100,192.168.14.147:80:100,192.168.49.137:80:100,192.168.1.95:80:100,192.168.58.177:80:100,192.168.17.24:80:100,192.168.26.132:80:100,192.168.50.141:80:100,192.168.1.230:80:100,192.168.59.175:80:100,192.168.49.56:80:100,192.168.46.219:80:100,192.168.43.160:80:100,192.168.34.90:80:100,192.168.10.126:80:100,192.168.18.235:80:100,192.168.59.41:80:100,192.168.18.114:80:100,192.168.3.72:80:100,192.168.34.246:80:100,192.168.2.141:80:100,192.168.55.169:80:100,192.168.11.27:80:100,192.168.15.111:80:100,192.168.19.82:80:100,192.168.35.229:80:100,192.168.33.234:80:100,192.168.19.92:80:100,192.168.23.132:80:100,192.168.10.179:80:100,192.168.21.53:80:100,192.168.31.199:80:100,192.168.50.207:80:100,192.168.59.202:80:100,192.168.26.9:80:100,192.168.1.132:80:100,192.168.13.56:80:100,192.168.39.79:80:100,192.168.10.156:80:100,192.168.34.120:80:100,192.168.47.137:80:100,192.168.23.63:80:100,192.168.59.143:80:100,192.168.42.150:80:100,192.168.37.185:80:100,192.168.58.164:80:100,192.168.39.37:80:100,192.168.37.198:80:100,192.168.5.85:80:100,192.168.11.62:80:100,192.168.45.165:80:100,192.168.3.241:80:100,192.168.38.143:80:100,192.168.57.5:80:100,192.168.26.75:80:100,192.168.11.243:80:100,192.168.41.29:80:100,192.168.38.212:80:100,192.168.9.166:80:100,192.168.37.36:80:100,192.168.30.241:80:100,192.168.59.72:80:100,192.168.6.185:80:100,192.168.3.120:80:100,192.168.11.215:80:100,192.168.57.191:80:100,192.168.14.125:80:100,192.168.58.45:80:100,192.168.18.122:80:100,192.168.11.86:80:100,192.168.46.208:80:100,192.168.55.228:80:100,192.168.7.40:80:100,192.168.13.82:80:100,192.168.38.14:80:100,192.168.53.67:80:100,192.168.30.150:80:100,192.168.11.160:80:100,192.168.18.6:80:100,192.168.34.226:80:100", + "vip":"111.13.235.160" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.76:80:100,192.168.6.216:80:100", + "vip":"111.13.235.221" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.26.232:80:100,192.168.1.20:80:100,192.168.50.60:80:100,192.168.2.198:80:100,192.168.39.80:80:100,192.168.35.205:80:100", + "vip":"192.168.101.158" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.158:80:100,192.168.55.64:80:100,192.168.43.168:80:100,192.168.39.43:80:100,192.168.27.220:80:100,192.168.42.153:80:100,192.168.34.186:80:100,192.168.10.78:80:100", + "vip":"111.13.235.87" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.203:80:100,192.168.33.188:80:100,192.168.6.189:80:100,192.168.35.113:80:100,192.168.34.162:80:100,192.168.54.59:80:100,192.168.15.47:80:100,192.168.17.164:80:100,192.168.43.236:80:100,192.168.39.254:80:100,192.168.10.204:80:100,192.168.6.54:80:100,192.168.34.199:80:100,192.168.30.189:80:100,192.168.10.167:80:100,192.168.54.71:80:100,192.168.19.34:80:100,192.168.15.137:80:100,192.168.46.152:80:100,192.168.50.204:80:100,192.168.39.161:80:100,192.168.22.46:80:100,192.168.29.21:80:100,192.168.21.237:80:100,192.168.37.102:80:100,192.168.30.108:80:100,192.168.39.55:80:100,192.168.9.103:80:100,192.168.54.82:80:100,192.168.26.210:80:100,192.168.21.168:80:100,192.168.31.230:80:100,192.168.3.94:80:100,192.168.47.160:80:100,192.168.11.77:80:100,192.168.14.112:80:100,192.168.23.201:80:100,192.168.39.138:80:100,192.168.53.106:80:100,192.168.33.27:80:100,192.168.2.155:80:100,192.168.38.249:80:100,192.168.23.217:80:100,192.168.10.217:80:100,192.168.35.78:80:100,192.168.53.222:80:100,192.168.3.134:80:100,192.168.19.225:80:100,192.168.27.159:80:100,192.168.2.71:80:100,192.168.55.128:80:100,192.168.17.74:80:100,192.168.54.98:80:100,192.168.3.24:80:100,192.168.54.21:80:100,192.168.13.174:80:100,192.168.57.196:80:100,192.168.29.132:80:100,192.168.53.233:80:100,192.168.14.50:80:100,192.168.1.247:80:100,192.168.25.230:80:100,192.168.9.57:80:100,192.168.6.111:80:100,192.168.11.166:80:100,192.168.11.32:80:100,192.168.33.192:80:100,192.168.47.134:80:100,192.168.9.190:80:100,192.168.23.174:80:100,192.168.54.108:80:100,192.168.6.198:80:100,192.168.29.53:80:100,192.168.50.247:80:100,192.168.57.192:80:100,192.168.34.18:80:100,192.168.51.239:80:100,192.168.1.182:80:100,192.168.34.92:80:100,192.168.53.188:80:100,192.168.34.49:80:100,192.168.38.5:80:100,192.168.58.190:80:100,192.168.1.130:80:100,192.168.33.152:80:100,192.168.23.99:80:100,192.168.46.109:80:100,192.168.53.252:80:100,192.168.25.208:80:100,192.168.46.151:80:100,192.168.46.206:80:100,192.168.9.145:80:100,192.168.14.110:80:100,192.168.29.194:80:100,192.168.35.5:80:100,192.168.31.203:80:100,192.168.10.236:80:100,192.168.55.95:80:100,192.168.39.36:80:100,192.168.26.117:80:100,192.168.46.93:80:100,192.168.54.85:80:100,192.168.54.103:80:100,192.168.1.134:80:100,192.168.31.81:80:100,192.168.13.214:80:100,192.168.19.243:80:100,192.168.51.182:80:100,192.168.22.64:80:100,192.168.47.175:80:100,192.168.23.10:80:100,192.168.41.126:80:100,192.168.46.39:80:100,192.168.18.59:80:100,192.168.43.107:80:100,192.168.51.107:80:100,192.168.46.64:80:100,192.168.11.61:80:100,192.168.34.198:80:100,192.168.21.173:80:100,192.168.21.172:80:100,192.168.57.210:80:100,192.168.27.235:80:100,192.168.51.45:80:100,192.168.7.132:80:100,192.168.34.65:80:100,192.168.53.186:80:100,192.168.31.213:80:100,192.168.22.117:80:100,192.168.37.180:80:100,192.168.19.109:80:100,192.168.19.169:80:100,192.168.13.115:80:100,192.168.11.201:80:100,192.168.59.39:80:100,192.168.45.31:80:100,192.168.45.170:80:100,192.168.17.1:80:100,192.168.53.85:80:100,192.168.35.252:80:100,192.168.43.202:80:100,192.168.38.212:80:100,192.168.26.122:80:100,192.168.23.78:80:100,192.168.23.35:80:100,192.168.15.195:80:100,192.168.31.23:80:100,192.168.1.55:80:100,192.168.55.79:80:100,192.168.25.50:80:100,192.168.6.7:80:100,192.168.13.137:80:100,192.168.35.171:80:100,192.168.39.233:80:100,192.168.57.96:80:100,192.168.7.211:80:100,192.168.42.227:80:100,192.168.5.192:80:100,192.168.50.22:80:100", + "vip":"111.13.235.228" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.108:80:100,192.168.29.211:80:100", + "vip":"192.168.101.83" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.200:80:100", + "vip":"111.13.235.73" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.225:80:100,192.168.27.47:80:100", + "vip":"111.13.235.226" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.236:80:100,192.168.46.47:80:100,192.168.5.177:80:100,192.168.1.79:80:100,192.168.47.187:80:100", + "vip":"192.168.102.191" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.32:80:100,192.168.25.127:80:100", + "vip":"192.168.101.99" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.239:80:100,192.168.42.168:80:100,192.168.50.50:80:100,192.168.27.64:80:100,192.168.3.149:80:100,192.168.25.155:80:100,192.168.7.73:80:100,192.168.27.8:80:100,192.168.11.190:80:100", + "vip":"192.168.102.27" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.225:80:100,192.168.15.108:80:100,192.168.47.191:80:100,192.168.39.99:80:100", + "vip":"192.168.101.169" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.147:80:100,192.168.51.218:80:100,192.168.10.48:80:100", + "vip":"192.168.102.126" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.160:80:100,192.168.49.248:80:100,192.168.5.225:80:100,192.168.45.184:80:100,192.168.46.253:80:100,192.168.2.111:80:100,192.168.7.119:80:100,192.168.6.119:80:100,192.168.46.86:80:100", + "vip":"192.168.101.181" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.70:80:100", + "vip":"192.168.102.44" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.5:80:100,192.168.29.165:80:100,192.168.26.33:80:100", + "vip":"192.168.101.97" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.100:80:100", + "vip":"192.168.101.217" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.239:80:100,192.168.1.44:80:100,192.168.11.8:80:100,192.168.7.144:80:100", + "vip":"111.13.235.238" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.130:80:100,192.168.30.19:80:100", + "vip":"192.168.101.54" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.212:80:100,192.168.25.235:80:100,192.168.41.8:80:100,192.168.37.170:80:100,192.168.18.26:80:100,192.168.49.38:80:100,192.168.38.93:80:100,192.168.47.94:80:100,192.168.13.69:80:100,192.168.10.98:80:100,192.168.29.93:80:100,192.168.39.150:80:100,192.168.35.19:80:100,192.168.31.180:80:100,192.168.3.153:80:100", + "vip":"192.168.101.133" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.181:80:100,192.168.45.134:80:100", + "vip":"192.168.102.190" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.138:80:100,192.168.15.19:80:100,192.168.2.142:80:100,192.168.27.27:80:100", + "vip":"192.168.101.10" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.173:80:100,192.168.55.17:80:100,192.168.23.217:80:100,192.168.43.16:80:100", + "vip":"111.13.235.185" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.125:80:100,192.168.46.149:80:100,192.168.49.58:80:100,192.168.14.215:80:100,192.168.51.249:80:100,192.168.9.196:80:100,192.168.26.102:80:100", + "vip":"192.168.102.91" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.155:80:100", + "vip":"111.13.235.125" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.209:80:100,192.168.59.111:80:100,192.168.37.203:80:100,192.168.35.57:80:100,192.168.30.117:80:100,192.168.45.194:80:100,192.168.47.81:80:100,192.168.43.22:80:100,192.168.42.124:80:100", + "vip":"192.168.101.72" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.182:80:100,192.168.45.16:80:100,192.168.49.234:80:100,192.168.50.21:80:100", + "vip":"192.168.102.210" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.213:80:100,192.168.9.223:80:100,192.168.9.95:80:100,192.168.1.78:80:100,192.168.13.164:80:100,192.168.29.47:80:100,192.168.3.130:80:100", + "vip":"192.168.101.206" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.251:80:100,192.168.6.184:80:100,192.168.43.97:80:100,192.168.31.112:80:100", + "vip":"192.168.102.100" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.113:80:100,192.168.25.240:80:100,192.168.58.8:80:100", + "vip":"192.168.102.19" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.105:80:100,192.168.7.224:80:100,192.168.23.225:80:100,192.168.53.86:80:100", + "vip":"192.168.102.117" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.65:80:100,192.168.17.140:80:100,192.168.38.52:80:100,192.168.21.27:80:100", + "vip":"192.168.102.144" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.252:80:100,192.168.43.116:80:100,192.168.25.163:80:100,192.168.31.37:80:100", + "vip":"192.168.101.58" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.232:80:100,192.168.14.79:80:100,192.168.1.203:80:100,192.168.11.125:80:100,192.168.35.3:80:100,192.168.9.15:80:100,192.168.29.239:80:100,192.168.15.226:80:100,192.168.59.127:80:100,192.168.50.24:80:100,192.168.13.231:80:100,192.168.49.45:80:100", + "vip":"192.168.101.254" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.152:80:100,192.168.59.218:80:100,192.168.35.215:80:100,192.168.3.213:80:100", + "vip":"192.168.102.153" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.9:80:100,192.168.50.84:80:100,192.168.27.75:80:100", + "vip":"111.13.235.81" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.34:80:100,192.168.51.98:80:100,192.168.9.222:80:100,192.168.2.4:80:100", + "vip":"111.13.235.176" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.239:80:100,192.168.2.86:80:100,192.168.13.92:80:100,192.168.49.244:80:100", + "vip":"192.168.101.174" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.130:80:100,192.168.34.246:80:100", + "vip":"192.168.101.68" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.176:80:100", + "vip":"192.168.102.216" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.47:80:100,192.168.9.134:80:100,192.168.2.57:80:100,192.168.23.103:80:100,192.168.31.202:80:100,192.168.45.25:80:100,192.168.9.89:80:100,192.168.47.129:80:100,192.168.7.33:80:100,192.168.37.32:80:100,192.168.39.143:80:100,192.168.25.177:80:100,192.168.21.23:80:100,192.168.14.16:80:100,192.168.45.114:80:100,192.168.30.227:80:100,192.168.46.75:80:100,192.168.17.178:80:100,192.168.2.42:80:100,192.168.43.147:80:100,192.168.33.36:80:100,192.168.14.24:80:100,192.168.50.213:80:100,192.168.25.127:80:100", + "vip":"192.168.101.201" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.253:80:100,192.168.35.132:80:100,192.168.1.81:80:100", + "vip":"192.168.102.217" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.57.120:80:100", + "vip":"192.168.101.196" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.5:80:100,192.168.13.180:80:100,192.168.57.114:80:100,192.168.17.138:80:100", + "vip":"192.168.102.231" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.9:80:100,192.168.15.104:80:100,192.168.43.132:80:100,192.168.54.83:80:100,192.168.34.9:80:100,192.168.14.128:80:100", + "vip":"111.13.235.212" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.188:80:100,192.168.18.51:80:100,192.168.35.110:80:100,192.168.33.142:80:100,192.168.11.13:80:100", + "vip":"192.168.101.37" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.152:80:100", + "vip":"192.168.101.186" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.26.34:80:100,192.168.41.70:80:100", + "vip":"192.168.102.32" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.143:80:100,192.168.58.51:80:100,192.168.26.231:80:100,192.168.49.15:80:100", + "vip":"192.168.101.226" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.104:80:100,192.168.29.90:80:100", + "vip":"111.13.235.246" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.156:80:100,192.168.49.183:80:100,192.168.21.187:80:100,192.168.30.22:80:100,192.168.26.70:80:100,192.168.59.126:80:100,192.168.7.181:80:100,192.168.51.165:80:100,192.168.38.234:80:100", + "vip":"192.168.101.109" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.86:80:100,192.168.25.60:80:100,192.168.9.79:80:100,192.168.59.230:80:100", + "vip":"192.168.101.184" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.6:80:100,192.168.46.210:80:100", + "vip":"192.168.102.89" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.104:80:100,192.168.21.107:80:100", + "vip":"192.168.101.73" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.173:80:100,192.168.23.103:80:100,192.168.42.82:80:100,192.168.31.11:80:100", + "vip":"192.168.101.128" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.223:80:100,192.168.9.172:80:100", + "vip":"192.168.102.237" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.191:80:100", + "vip":"111.13.235.153" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.73:80:100,192.168.22.204:80:100,192.168.9.79:80:100,192.168.2.191:80:100,192.168.31.24:80:100,192.168.26.152:80:100,192.168.29.13:80:100", + "vip":"192.168.102.123" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.55:80:100", + "vip":"192.168.102.46" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.204:80:100,192.168.50.7:80:100,192.168.57.203:80:100", + "vip":"111.13.235.243" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.194:80:100,192.168.38.83:80:100,192.168.23.185:80:100,192.168.37.29:80:100", + "vip":"192.168.101.131" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.80:80:100,192.168.1.254:80:100,192.168.54.2:80:100,192.168.7.124:80:100,192.168.1.202:80:100,192.168.23.156:80:100,192.168.39.107:80:100,192.168.57.40:80:100,192.168.22.109:80:100,192.168.26.69:80:100,192.168.3.22:80:100,192.168.45.75:80:100,192.168.42.234:80:100,192.168.46.174:80:100,192.168.34.70:80:100,192.168.17.50:80:100,192.168.3.58:80:100,192.168.38.110:80:100", + "vip":"192.168.102.121" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.96:80:100,192.168.2.217:80:100,192.168.6.135:80:100,192.168.15.164:80:100,192.168.55.178:80:100,192.168.27.172:80:100,192.168.34.31:80:100", + "vip":"111.13.235.127" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.182:80:100,192.168.37.121:80:100,192.168.50.72:80:100,192.168.43.49:80:100", + "vip":"111.13.235.100" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.55:80:100,192.168.42.58:80:100,192.168.35.158:80:100,192.168.26.180:80:100", + "vip":"192.168.102.93" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.157:80:100", + "vip":"192.168.102.248" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.182:80:100,192.168.46.108:80:100,192.168.42.203:80:100", + "vip":"192.168.102.6" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.157:80:100,192.168.43.16:80:100,192.168.13.38:80:100,192.168.34.125:80:100", + "vip":"111.13.235.76" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.85:80:100", + "vip":"111.13.235.109" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.163:80:100,192.168.42.5:80:100,192.168.46.148:80:100", + "vip":"192.168.101.154" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.33:80:100,192.168.10.118:80:100,192.168.13.128:80:100,192.168.46.152:80:100,192.168.29.88:80:100", + "vip":"111.13.235.175" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.1:80:100,192.168.18.192:80:100,192.168.34.47:80:100,192.168.57.195:80:100,192.168.10.167:80:100,192.168.2.217:80:100,192.168.3.194:80:100,192.168.31.167:80:100,192.168.58.16:80:100,192.168.10.90:80:100,192.168.31.217:80:100,192.168.53.32:80:100,192.168.13.154:80:100,192.168.29.144:80:100,192.168.47.16:80:100,192.168.39.168:80:100,192.168.17.146:80:100,192.168.9.168:80:100,192.168.42.52:80:100,192.168.49.3:80:100,192.168.18.163:80:100,192.168.25.65:80:100,192.168.18.215:80:100,192.168.30.107:80:100,192.168.42.174:80:100,192.168.38.204:80:100,192.168.33.7:80:100,192.168.51.138:80:100,192.168.59.125:80:100,192.168.14.181:80:100,192.168.33.73:80:100,192.168.6.130:80:100,192.168.18.233:80:100,192.168.47.70:80:100,192.168.11.43:80:100,192.168.11.225:80:100,192.168.37.216:80:100,192.168.5.158:80:100,192.168.41.25:80:100,192.168.23.239:80:100,192.168.7.43:80:100,192.168.2.141:80:100,192.168.58.36:80:100,192.168.11.6:80:100,192.168.35.163:80:100,192.168.39.237:80:100,192.168.39.204:80:100,192.168.17.34:80:100,192.168.14.47:80:100,192.168.26.212:80:100,192.168.29.217:80:100,192.168.13.234:80:100,192.168.29.199:80:100,192.168.31.199:80:100,192.168.15.132:80:100,192.168.17.3:80:100,192.168.17.212:80:100,192.168.29.244:80:100,192.168.33.123:80:100,192.168.23.206:80:100,192.168.14.57:80:100,192.168.50.224:80:100,192.168.17.171:80:100,192.168.25.6:80:100,192.168.1.50:80:100,192.168.7.150:80:100,192.168.15.18:80:100,192.168.26.116:80:100,192.168.59.27:80:100,192.168.38.151:80:100,192.168.57.247:80:100,192.168.11.102:80:100,192.168.1.208:80:100,192.168.27.37:80:100,192.168.29.24:80:100,192.168.29.28:80:100,192.168.25.57:80:100,192.168.29.21:80:100,192.168.51.221:80:100,192.168.31.25:80:100,192.168.2.190:80:100,192.168.15.244:80:100,192.168.15.105:80:100,192.168.1.116:80:100,192.168.54.14:80:100,192.168.25.223:80:100,192.168.5.252:80:100,192.168.9.107:80:100,192.168.14.164:80:100", + "vip":"111.13.235.224" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.241:80:100,192.168.39.201:80:100,192.168.18.17:80:100,192.168.17.11:80:100,192.168.30.156:80:100,192.168.57.241:80:100,192.168.47.4:80:100,192.168.23.157:80:100,192.168.30.200:80:100,192.168.47.121:80:100,192.168.15.21:80:100,192.168.41.115:80:100,192.168.9.215:80:100,192.168.55.129:80:100,192.168.46.180:80:100,192.168.27.122:80:100,192.168.34.214:80:100,192.168.22.210:80:100,192.168.47.72:80:100,192.168.29.58:80:100,192.168.29.234:80:100,192.168.50.78:80:100,192.168.39.36:80:100,192.168.3.28:80:100,192.168.50.40:80:100,192.168.27.204:80:100,192.168.38.215:80:100,192.168.10.111:80:100,192.168.43.217:80:100,192.168.23.23:80:100,192.168.19.199:80:100,192.168.33.126:80:100,192.168.1.64:80:100,192.168.47.125:80:100,192.168.51.14:80:100,192.168.38.121:80:100,192.168.11.70:80:100,192.168.11.234:80:100,192.168.47.71:80:100,192.168.10.112:80:100,192.168.50.204:80:100,192.168.41.240:80:100,192.168.45.132:80:100,192.168.33.204:80:100,192.168.54.79:80:100,192.168.17.31:80:100,192.168.3.156:80:100,192.168.9.95:80:100,192.168.18.239:80:100,192.168.10.216:80:100,192.168.19.62:80:100,192.168.46.147:80:100,192.168.53.56:80:100,192.168.33.26:80:100,192.168.3.70:80:100,192.168.33.57:80:100,192.168.47.2:80:100,192.168.33.213:80:100,192.168.35.137:80:100,192.168.31.139:80:100,192.168.10.152:80:100,192.168.41.160:80:100,192.168.35.238:80:100,192.168.54.5:80:100,192.168.35.20:80:100,192.168.53.6:80:100,192.168.45.237:80:100,192.168.49.248:80:100,192.168.29.103:80:100,192.168.10.115:80:100,192.168.45.45:80:100,192.168.57.41:80:100,192.168.59.28:80:100,192.168.59.112:80:100,192.168.55.60:80:100,192.168.13.104:80:100,192.168.7.169:80:100,192.168.3.218:80:100", + "vip":"192.168.101.203" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.216:80:100,192.168.33.142:80:100,192.168.47.223:80:100,192.168.7.47:80:100,192.168.51.176:80:100", + "vip":"111.13.235.70" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.50:80:100,192.168.39.187:80:100,192.168.33.39:80:100,192.168.41.175:80:100,192.168.15.101:80:100,192.168.37.246:80:100,192.168.3.193:80:100,192.168.19.149:80:100,192.168.57.103:80:100", + "vip":"111.13.235.210" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.247:80:100,192.168.29.88:80:100,192.168.19.118:80:100", + "vip":"192.168.101.177" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.121:80:100", + "vip":"192.168.102.78" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.221:80:100,192.168.2.40:80:100,192.168.14.7:80:100,192.168.47.89:80:100,192.168.31.25:80:100,192.168.58.51:80:100", + "vip":"111.13.235.139" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.7.68:80:100,192.168.35.254:80:100", + "vip":"111.13.235.177" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.215:80:100,192.168.50.202:80:100", + "vip":"192.168.101.238" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.119:80:100,192.168.35.186:80:100,192.168.39.201:80:100,192.168.51.187:80:100", + "vip":"111.13.235.155" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.122:80:100,192.168.21.13:80:100,192.168.26.43:80:100,192.168.6.75:80:100,192.168.13.75:80:100,192.168.53.103:80:100,192.168.34.116:80:100,192.168.17.74:80:100,192.168.53.164:80:100,192.168.58.139:80:100,192.168.58.195:80:100,192.168.3.97:80:100,192.168.10.188:80:100,192.168.35.35:80:100,192.168.38.72:80:100,192.168.1.27:80:100,192.168.26.97:80:100,192.168.25.202:80:100,192.168.18.130:80:100,192.168.11.30:80:100,192.168.27.166:80:100,192.168.10.133:80:100,192.168.11.209:80:100,192.168.29.240:80:100,192.168.11.213:80:100,192.168.23.147:80:100", + "vip":"192.168.102.158" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.108:80:100,192.168.18.181:80:100,192.168.9.149:80:100,192.168.9.41:80:100", + "vip":"111.13.235.131" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.213:80:100,192.168.57.46:80:100", + "vip":"192.168.102.67" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.219:80:100,192.168.43.185:80:100", + "vip":"192.168.102.102" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.175:80:100,192.168.41.145:80:100,192.168.54.199:80:100", + "vip":"111.13.235.235" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.239:80:100,192.168.50.61:80:100,192.168.57.222:80:100,192.168.27.25:80:100,192.168.49.121:80:100,192.168.37.27:80:100,192.168.53.37:80:100,192.168.11.102:80:100,192.168.27.20:80:100,192.168.13.115:80:100,192.168.17.190:80:100,192.168.15.245:80:100,192.168.49.230:80:100,192.168.31.254:80:100,192.168.59.207:80:100,192.168.53.249:80:100,192.168.33.234:80:100,192.168.37.97:80:100,192.168.45.82:80:100,192.168.1.59:80:100,192.168.43.184:80:100,192.168.53.117:80:100,192.168.58.26:80:100,192.168.18.237:80:100,192.168.18.162:80:100,192.168.14.125:80:100,192.168.43.101:80:100,192.168.54.64:80:100,192.168.35.227:80:100,192.168.41.79:80:100,192.168.26.85:80:100,192.168.10.124:80:100,192.168.43.148:80:100,192.168.27.147:80:100", + "vip":"192.168.102.115" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.190:80:100,192.168.7.51:80:100,192.168.7.166:80:100,192.168.49.94:80:100,192.168.50.237:80:100,192.168.17.194:80:100,192.168.5.195:80:100,192.168.23.251:80:100,192.168.29.60:80:100,192.168.21.117:80:100", + "vip":"111.13.235.161" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.176:80:100,192.168.9.149:80:100,192.168.10.84:80:100,192.168.30.198:80:100", + "vip":"192.168.102.146" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.229:80:100,192.168.54.226:80:100", + "vip":"192.168.101.55" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.109:80:100,192.168.25.167:80:100,192.168.46.31:80:100", + "vip":"192.168.102.151" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.145:80:100,192.168.49.218:80:100,192.168.55.166:80:100,192.168.38.127:80:100", + "vip":"111.13.235.128" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.96:80:100,192.168.30.125:80:100,192.168.43.185:80:100,192.168.35.117:80:100,192.168.17.223:80:100,192.168.57.21:80:100,192.168.45.170:80:100,192.168.9.137:80:100,192.168.27.106:80:100,192.168.14.137:80:100,192.168.33.225:80:100", + "vip":"111.13.235.237" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.148:80:100,192.168.34.172:80:100,192.168.42.202:80:100,192.168.43.167:80:100,192.168.3.113:80:100", + "vip":"192.168.102.154" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.193:80:100,192.168.13.153:80:100,192.168.3.35:80:100,192.168.58.108:80:100,192.168.51.14:80:100,192.168.37.229:80:100,192.168.3.12:80:100,192.168.19.151:80:100", + "vip":"111.13.235.136" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.247:80:100,192.168.49.86:80:100,192.168.58.83:80:100", + "vip":"192.168.102.254" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.185:80:100,192.168.35.52:80:100", + "vip":"192.168.102.124" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.142:80:100,192.168.9.79:80:100", + "vip":"111.13.235.79" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.3:80:100,192.168.9.200:80:100,192.168.14.252:80:100,192.168.58.62:80:100", + "vip":"192.168.101.153" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.132:80:100,192.168.58.126:80:100,192.168.15.98:80:100,192.168.19.30:80:100,192.168.10.66:80:100", + "vip":"192.168.101.11" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.126:80:100,192.168.7.108:80:100,192.168.14.89:80:100,192.168.30.188:80:100,192.168.33.147:80:100,192.168.34.212:80:100,192.168.2.147:80:100", + "vip":"111.13.235.245" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.108:80:100,192.168.11.121:80:100,192.168.6.163:80:100", + "vip":"192.168.102.188" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.192:80:100,192.168.43.41:80:100,192.168.41.131:80:100,192.168.49.235:80:100", + "vip":"192.168.102.202" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.253:80:100,192.168.38.108:80:100,192.168.39.11:80:100,192.168.39.25:80:100,192.168.19.7:80:100,192.168.6.252:80:100", + "vip":"192.168.102.127" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.159:80:100,192.168.38.44:80:100,192.168.59.185:80:100,192.168.34.29:80:100", + "vip":"111.13.235.122" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.26:80:100,192.168.19.148:80:100,192.168.22.221:80:100,192.168.25.228:80:100", + "vip":"192.168.102.243" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.108:80:100,192.168.17.153:80:100,192.168.37.44:80:100", + "vip":"192.168.102.112" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.152:80:100", + "vip":"192.168.102.95" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.174:80:100,192.168.19.138:80:100,192.168.13.96:80:100", + "vip":"192.168.101.121" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.177:80:100", + "vip":"192.168.101.110" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.29:80:100,192.168.46.211:80:100,192.168.27.187:80:100,192.168.27.26:80:100,192.168.41.210:80:100,192.168.31.127:80:100,192.168.49.8:80:100,192.168.9.101:80:100,192.168.42.9:80:100,192.168.15.241:80:100,192.168.45.102:80:100,192.168.54.111:80:100,192.168.1.184:80:100,192.168.29.234:80:100,192.168.22.35:80:100,192.168.25.15:80:100,192.168.53.116:80:100,192.168.55.99:80:100,192.168.18.75:80:100,192.168.1.67:80:100,192.168.25.93:80:100,192.168.15.229:80:100,192.168.13.233:80:100,192.168.21.215:80:100,192.168.37.222:80:100,192.168.11.19:80:100,192.168.29.81:80:100", + "vip":"111.13.235.83" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.148:80:100,192.168.30.108:80:100,192.168.53.242:80:100,192.168.7.62:80:100", + "vip":"192.168.101.228" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.57:80:100,192.168.46.137:80:100,192.168.13.55:80:100,192.168.1.42:80:100,192.168.38.200:80:100,192.168.59.73:80:100", + "vip":"192.168.102.65" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.155:80:100", + "vip":"192.168.101.249" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.66:80:100,192.168.57.133:80:100,192.168.55.220:80:100,192.168.18.215:80:100", + "vip":"192.168.101.189" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.186:80:100,192.168.14.88:80:100,192.168.9.227:80:100", + "vip":"111.13.235.124" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.53:80:100,192.168.37.200:80:100", + "vip":"111.13.235.230" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.82:80:100", + "vip":"192.168.102.241" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.54:80:100,192.168.53.245:80:100,192.168.10.217:80:100,192.168.6.178:80:100", + "vip":"192.168.102.29" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.25:80:100", + "vip":"192.168.101.123" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.51:80:100", + "vip":"192.168.102.14" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.12:80:100,192.168.27.113:80:100,192.168.10.249:80:100,192.168.54.50:80:100,192.168.3.143:80:100,192.168.21.21:80:100,192.168.34.225:80:100,192.168.10.175:80:100,192.168.1.45:80:100,192.168.42.159:80:100,192.168.58.52:80:100,192.168.21.44:80:100,192.168.27.68:80:100,192.168.21.160:80:100,192.168.41.94:80:100,192.168.33.108:80:100,192.168.54.30:80:100,192.168.53.250:80:100,192.168.58.144:80:100,192.168.3.2:80:100,192.168.35.247:80:100,192.168.10.35:80:100,192.168.54.171:80:100,192.168.33.42:80:100,192.168.50.39:80:100,192.168.29.92:80:100,192.168.50.78:80:100,192.168.50.198:80:100,192.168.39.246:80:100,192.168.5.72:80:100,192.168.53.53:80:100,192.168.37.148:80:100,192.168.39.41:80:100,192.168.27.91:80:100,192.168.27.243:80:100,192.168.23.192:80:100,192.168.42.103:80:100,192.168.50.130:80:100,192.168.47.42:80:100,192.168.23.25:80:100,192.168.33.97:80:100,192.168.18.163:80:100,192.168.49.230:80:100,192.168.38.240:80:100,192.168.43.112:80:100,192.168.5.236:80:100,192.168.21.89:80:100,192.168.54.188:80:100,192.168.5.66:80:100,192.168.5.174:80:100,192.168.49.24:80:100,192.168.2.132:80:100,192.168.33.179:80:100,192.168.57.202:80:100,192.168.3.216:80:100,192.168.33.183:80:100,192.168.23.99:80:100,192.168.9.229:80:100,192.168.39.146:80:100,192.168.31.130:80:100,192.168.47.14:80:100,192.168.10.40:80:100,192.168.5.31:80:100,192.168.23.170:80:100,192.168.9.38:80:100,192.168.42.61:80:100,192.168.49.13:80:100,192.168.54.212:80:100,192.168.31.199:80:100,192.168.50.207:80:100,192.168.31.251:80:100,192.168.57.19:80:100,192.168.27.116:80:100,192.168.9.240:80:100,192.168.55.208:80:100,192.168.30.181:80:100,192.168.47.137:80:100,192.168.21.138:80:100,192.168.19.71:80:100,192.168.42.41:80:100,192.168.30.19:80:100,192.168.18.211:80:100,192.168.43.118:80:100,192.168.30.175:80:100,192.168.25.236:80:100,192.168.5.180:80:100,192.168.50.193:80:100,192.168.42.183:80:100,192.168.46.79:80:100,192.168.39.40:80:100,192.168.50.149:80:100,192.168.13.127:80:100,192.168.22.96:80:100,192.168.35.31:80:100,192.168.19.101:80:100,192.168.29.185:80:100,192.168.22.58:80:100,192.168.53.205:80:100,192.168.3.253:80:100,192.168.49.100:80:100,192.168.7.111:80:100,192.168.2.12:80:100", + "vip":"192.168.102.143" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.55:80:100", + "vip":"192.168.102.255" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.99:80:100", + "vip":"111.13.235.232" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.153:80:100,192.168.11.191:80:100,192.168.27.154:80:100,192.168.27.21:80:100,192.168.54.31:80:100,192.168.25.14:80:100,192.168.45.26:80:100,192.168.7.98:80:100,192.168.14.54:80:100,192.168.41.163:80:100,192.168.3.111:80:100,192.168.25.238:80:100,192.168.43.127:80:100,192.168.35.240:80:100,192.168.22.181:80:100,192.168.43.152:80:100,192.168.13.194:80:100,192.168.31.141:80:100,192.168.10.134:80:100", + "vip":"111.13.235.229" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.41:80:100,192.168.26.25:80:100,192.168.53.45:80:100,192.168.1.249:80:100,192.168.45.141:80:100,192.168.25.39:80:100,192.168.11.138:80:100,192.168.27.60:80:100,192.168.38.129:80:100,192.168.2.218:80:100,192.168.42.48:80:100,192.168.53.159:80:100,192.168.22.121:80:100,192.168.54.178:80:100,192.168.3.186:80:100,192.168.5.12:80:100,192.168.27.206:80:100,192.168.34.249:80:100,192.168.23.218:80:100,192.168.26.78:80:100,192.168.42.184:80:100,192.168.34.25:80:100,192.168.21.237:80:100,192.168.58.23:80:100,192.168.43.181:80:100,192.168.38.110:80:100,192.168.58.76:80:100,192.168.30.168:80:100,192.168.59.216:80:100,192.168.23.143:80:100,192.168.17.93:80:100,192.168.59.195:80:100,192.168.57.3:80:100", + "vip":"192.168.102.152" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.24:80:100,192.168.49.2:80:100,192.168.58.110:80:100", + "vip":"192.168.102.235" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.203:80:100,192.168.37.121:80:100,192.168.10.181:80:100,192.168.21.162:80:100,192.168.27.244:80:100,192.168.22.42:80:100,192.168.42.205:80:100,192.168.13.182:80:100", + "vip":"192.168.101.211" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.176:80:100,192.168.55.59:80:100", + "vip":"192.168.101.62" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.173:80:100", + "vip":"111.13.235.190" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.126:80:100,192.168.11.135:80:100,192.168.1.199:80:100,192.168.38.236:80:100", + "vip":"192.168.101.98" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.150:80:100,192.168.55.135:80:100,192.168.27.235:80:100", + "vip":"192.168.101.180" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.228:80:100,192.168.59.39:80:100", + "vip":"192.168.101.6" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.167:80:100,192.168.13.148:80:100,192.168.55.117:80:100", + "vip":"192.168.102.49" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.23:80:100,192.168.31.110:80:100,192.168.3.136:80:100,192.168.43.71:80:100,192.168.42.168:80:100,192.168.42.124:80:100,192.168.58.213:80:100,192.168.1.48:80:100,192.168.49.108:80:100,192.168.25.18:80:100,192.168.1.161:80:100,192.168.30.55:80:100,192.168.3.203:80:100,192.168.14.141:80:100,192.168.9.35:80:100,192.168.15.57:80:100", + "vip":"192.168.102.63" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.124:80:100,192.168.9.64:80:100,192.168.35.216:80:100,192.168.50.58:80:100", + "vip":"111.13.235.192" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.84:80:100,192.168.25.38:80:100,192.168.53.227:80:100", + "vip":"192.168.101.216" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.112:80:100,192.168.55.192:80:100,192.168.14.143:80:100,192.168.18.191:80:100", + "vip":"111.13.235.247" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.139:80:100", + "vip":"192.168.102.239" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.169:80:100,192.168.35.228:80:100", + "vip":"192.168.101.172" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.57.14:80:100,192.168.1.75:80:100,192.168.26.63:80:100", + "vip":"192.168.102.125" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.152:80:100,192.168.3.10:80:100,192.168.35.103:80:100,192.168.25.206:80:100,192.168.3.143:80:100,192.168.57.172:80:100,192.168.46.225:80:100,192.168.35.144:80:100,192.168.22.173:80:100,192.168.31.110:80:100,192.168.11.14:80:100,192.168.39.248:80:100,192.168.37.229:80:100,192.168.47.65:80:100,192.168.49.211:80:100,192.168.14.25:80:100,192.168.33.215:80:100,192.168.10.90:80:100,192.168.19.145:80:100,192.168.19.206:80:100,192.168.29.238:80:100,192.168.2.127:80:100,192.168.14.148:80:100,192.168.51.150:80:100,192.168.3.84:80:100,192.168.25.161:80:100,192.168.17.187:80:100,192.168.37.183:80:100,192.168.7.162:80:100,192.168.38.134:80:100,192.168.50.198:80:100,192.168.46.18:80:100,192.168.37.74:80:100,192.168.34.247:80:100,192.168.35.168:80:100,192.168.5.187:80:100,192.168.5.69:80:100,192.168.15.32:80:100,192.168.51.36:80:100,192.168.58.148:80:100,192.168.51.251:80:100,192.168.39.58:80:100,192.168.35.166:80:100,192.168.7.76:80:100,192.168.14.129:80:100,192.168.42.84:80:100,192.168.54.191:80:100,192.168.1.13:80:100,192.168.2.161:80:100,192.168.53.174:80:100,192.168.45.76:80:100,192.168.47.243:80:100,192.168.37.202:80:100,192.168.34.208:80:100,192.168.10.222:80:100,192.168.17.145:80:100,192.168.46.19:80:100,192.168.42.251:80:100,192.168.18.154:80:100,192.168.38.222:80:100,192.168.30.125:80:100,192.168.29.18:80:100,192.168.30.186:80:100,192.168.57.124:80:100,192.168.9.241:80:100,192.168.59.34:80:100,192.168.3.109:80:100,192.168.27.212:80:100,192.168.27.15:80:100,192.168.5.124:80:100,192.168.18.86:80:100,192.168.23.100:80:100,192.168.7.16:80:100,192.168.27.87:80:100,192.168.13.56:80:100,192.168.38.166:80:100,192.168.54.225:80:100,192.168.7.137:80:100,192.168.6.205:80:100,192.168.50.100:80:100,192.168.1.238:80:100,192.168.37.174:80:100,192.168.59.78:80:100,192.168.51.68:80:100,192.168.29.60:80:100,192.168.57.164:80:100,192.168.3.105:80:100,192.168.29.89:80:100,192.168.42.203:80:100,192.168.50.60:80:100,192.168.19.84:80:100,192.168.3.30:80:100,192.168.43.186:80:100,192.168.34.1:80:100,192.168.39.56:80:100,192.168.23.112:80:100,192.168.35.199:80:100,192.168.13.61:80:100,192.168.5.171:80:100,192.168.15.195:80:100,192.168.33.221:80:100,192.168.31.143:80:100,192.168.37.140:80:100,192.168.7.134:80:100,192.168.25.117:80:100,192.168.22.183:80:100,192.168.9.199:80:100,192.168.13.229:80:100,192.168.17.27:80:100,192.168.51.74:80:100,192.168.39.82:80:100,192.168.6.13:80:100,192.168.30.118:80:100", + "vip":"111.13.235.179" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.176:80:100,192.168.51.116:80:100,192.168.22.123:80:100,192.168.25.220:80:100", + "vip":"111.13.235.199" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.203:80:100,192.168.14.22:80:100,192.168.42.222:80:100,192.168.39.34:80:100", + "vip":"192.168.101.4" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.239:80:100,192.168.46.57:80:100,192.168.13.109:80:100", + "vip":"111.13.235.172" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.224:80:100,192.168.46.93:80:100,192.168.41.205:80:100,192.168.7.183:80:100,192.168.26.175:80:100,192.168.14.111:80:100,192.168.13.49:80:100,192.168.27.156:80:100", + "vip":"192.168.101.22" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.115:80:100,192.168.41.101:80:100,192.168.18.53:80:100", + "vip":"192.168.101.101" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.206:80:100,192.168.38.184:80:100,192.168.49.180:80:100,192.168.22.100:80:100", + "vip":"192.168.101.17" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.71:80:100", + "vip":"111.13.235.99" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.249:80:100,192.168.5.244:80:100,192.168.53.71:80:100,192.168.27.45:80:100,192.168.2.191:80:100,192.168.46.14:80:100", + "vip":"192.168.101.115" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.54:80:100", + "vip":"192.168.102.244" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.100:80:100,192.168.42.233:80:100,192.168.17.170:80:100,192.168.2.5:80:100", + "vip":"111.13.235.240" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.250:80:100,192.168.17.78:80:100,192.168.19.111:80:100,192.168.58.30:80:100,192.168.22.63:80:100,192.168.29.162:80:100", + "vip":"111.13.235.72" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.1:80:100", + "vip":"192.168.101.175" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.238:80:100,192.168.5.91:80:100,192.168.55.192:80:100,192.168.46.187:80:100,192.168.11.42:80:100,192.168.23.167:80:100,192.168.33.233:80:100,192.168.21.230:80:100,192.168.42.218:80:100,192.168.21.229:80:100,192.168.33.120:80:100,192.168.23.73:80:100,192.168.26.218:80:100,192.168.21.45:80:100,192.168.9.167:80:100,192.168.59.128:80:100,192.168.2.233:80:100,192.168.10.84:80:100,192.168.45.190:80:100", + "vip":"192.168.101.14" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.74:80:100,192.168.39.192:80:100,192.168.30.40:80:100,192.168.31.147:80:100,192.168.18.92:80:100,192.168.9.63:80:100,192.168.49.232:80:100,192.168.26.190:80:100,192.168.42.9:80:100,192.168.49.135:80:100,192.168.2.250:80:100,192.168.34.227:80:100,192.168.54.53:80:100,192.168.37.248:80:100,192.168.57.166:80:100,192.168.43.15:80:100,192.168.30.239:80:100,192.168.27.17:80:100,192.168.35.196:80:100,192.168.18.142:80:100,192.168.55.84:80:100,192.168.27.43:80:100,192.168.47.167:80:100,192.168.47.151:80:100,192.168.49.97:80:100,192.168.46.20:80:100,192.168.2.86:80:100,192.168.5.189:80:100,192.168.53.9:80:100,192.168.29.51:80:100", + "vip":"111.13.235.68" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.127:80:100,192.168.54.112:80:100", + "vip":"192.168.101.155" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.22:80:100,192.168.22.139:80:100,192.168.47.136:80:100,192.168.39.105:80:100,192.168.37.89:80:100,192.168.43.45:80:100,192.168.33.117:80:100", + "vip":"192.168.101.161" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.51:80:100,192.168.21.198:80:100,192.168.50.133:80:100", + "vip":"111.13.235.157" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.135:80:100,192.168.2.238:80:100,192.168.47.211:80:100,192.168.39.108:80:100,192.168.15.8:80:100,192.168.35.82:80:100,192.168.49.158:80:100,192.168.59.152:80:100,192.168.31.24:80:100,192.168.15.220:80:100,192.168.53.109:80:100,192.168.30.224:80:100,192.168.21.41:80:100,192.168.3.204:80:100,192.168.27.213:80:100,192.168.18.103:80:100", + "vip":"192.168.101.60" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.112:80:100,192.168.26.11:80:100,192.168.55.186:80:100,192.168.2.241:80:100,192.168.51.33:80:100", + "vip":"192.168.101.209" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.160:80:100", + "vip":"192.168.101.74" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.218:80:100,192.168.15.65:80:100,192.168.53.110:80:100,192.168.11.25:80:100", + "vip":"192.168.102.139" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.252:80:100,192.168.10.201:80:100,192.168.50.107:80:100,192.168.18.240:80:100,192.168.3.165:80:100,192.168.37.100:80:100", + "vip":"192.168.102.97" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.196:80:100,192.168.31.215:80:100,192.168.30.132:80:100,192.168.55.244:80:100,192.168.6.107:80:100,192.168.23.26:80:100,192.168.15.27:80:100,192.168.11.102:80:100,192.168.50.56:80:100,192.168.59.237:80:100,192.168.59.33:80:100,192.168.9.64:80:100,192.168.3.228:80:100,192.168.21.46:80:100,192.168.14.240:80:100,192.168.51.137:80:100,192.168.35.21:80:100,192.168.5.203:80:100,192.168.53.165:80:100,192.168.47.89:80:100,192.168.41.106:80:100,192.168.45.86:80:100,192.168.10.178:80:100,192.168.43.131:80:100,192.168.51.193:80:100,192.168.49.161:80:100,192.168.29.230:80:100,192.168.35.245:80:100,192.168.39.182:80:100,192.168.54.184:80:100,192.168.19.165:80:100,192.168.34.42:80:100", + "vip":"111.13.235.197" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.151:80:100,192.168.37.155:80:100,192.168.1.81:80:100,192.168.37.46:80:100,192.168.31.227:80:100", + "vip":"192.168.102.55" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.113:80:100,192.168.13.212:80:100,192.168.45.242:80:100,192.168.22.186:80:100", + "vip":"192.168.102.175" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.19:80:100", + "vip":"192.168.102.204" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.82:80:100,192.168.25.228:80:100,192.168.17.21:80:100,192.168.33.233:80:100,192.168.13.225:80:100,192.168.33.181:80:100,192.168.31.219:80:100,192.168.43.72:80:100,192.168.21.38:80:100,192.168.39.2:80:100", + "vip":"192.168.101.36" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.57.13:80:100,192.168.25.137:80:100,192.168.15.65:80:100,192.168.6.143:80:100,192.168.7.80:80:100,192.168.30.37:80:100,192.168.47.145:80:100", + "vip":"192.168.101.117" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.1:80:100,192.168.30.243:80:100,192.168.2.179:80:100,192.168.22.120:80:100", + "vip":"192.168.102.108" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.141:80:100,192.168.51.99:80:100,192.168.55.142:80:100,192.168.1.245:80:100", + "vip":"111.13.235.137" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.11:80:100,192.168.25.132:80:100,192.168.50.31:80:100,192.168.26.79:80:100,192.168.49.105:80:100,192.168.6.133:80:100,192.168.17.178:80:100,192.168.5.162:80:100,192.168.9.233:80:100,192.168.11.198:80:100,192.168.35.250:80:100,192.168.33.4:80:100,192.168.53.230:80:100,192.168.9.110:80:100,192.168.17.233:80:100", + "vip":"192.168.101.93" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.30:80:100,192.168.30.141:80:100,192.168.6.9:80:100", + "vip":"192.168.102.18" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.4:80:100,192.168.3.206:80:100,192.168.41.174:80:100", + "vip":"192.168.101.240" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.165:80:100,192.168.3.127:80:100,192.168.53.252:80:100,192.168.18.184:80:100,192.168.35.100:80:100,192.168.2.44:80:100,192.168.23.4:80:100,192.168.25.126:80:100,192.168.41.82:80:100", + "vip":"192.168.102.159" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.92:80:100,192.168.19.83:80:100,192.168.34.95:80:100", + "vip":"111.13.235.96" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.211:80:100", + "vip":"111.13.235.108" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.231:80:100,192.168.46.224:80:100,192.168.6.26:80:100,192.168.19.1:80:100,192.168.37.233:80:100,192.168.33.108:80:100,192.168.33.233:80:100,192.168.46.1:80:100,192.168.33.114:80:100,192.168.33.121:80:100,192.168.19.223:80:100,192.168.29.107:80:100,192.168.6.124:80:100,192.168.38.213:80:100,192.168.27.128:80:100,192.168.59.142:80:100,192.168.27.108:80:100,192.168.53.240:80:100,192.168.13.75:80:100,192.168.21.251:80:100,192.168.26.84:80:100,192.168.54.69:80:100,192.168.50.110:80:100,192.168.34.184:80:100,192.168.26.94:80:100,192.168.26.117:80:100,192.168.30.68:80:100,192.168.3.26:80:100,192.168.2.167:80:100,192.168.57.160:80:100,192.168.22.150:80:100,192.168.23.197:80:100,192.168.34.75:80:100,192.168.5.38:80:100,192.168.43.143:80:100,192.168.57.82:80:100,192.168.14.168:80:100,192.168.19.151:80:100,192.168.58.252:80:100,192.168.15.179:80:100,192.168.5.125:80:100,192.168.6.45:80:100,192.168.43.177:80:100,192.168.30.127:80:100,192.168.57.166:80:100,192.168.45.114:80:100,192.168.59.54:80:100,192.168.7.247:80:100,192.168.53.83:80:100,192.168.25.67:80:100,192.168.3.61:80:100,192.168.33.1:80:100,192.168.5.58:80:100,192.168.17.196:80:100,192.168.58.65:80:100,192.168.59.34:80:100,192.168.37.154:80:100,192.168.22.112:80:100,192.168.31.184:80:100,192.168.27.33:80:100,192.168.50.233:80:100,192.168.25.36:80:100,192.168.47.187:80:100,192.168.57.11:80:100,192.168.57.88:80:100,192.168.53.40:80:100,192.168.27.201:80:100,192.168.18.162:80:100,192.168.23.63:80:100,192.168.29.73:80:100,192.168.53.126:80:100,192.168.57.189:80:100,192.168.42.78:80:100,192.168.47.37:80:100,192.168.46.213:80:100,192.168.22.137:80:100,192.168.47.106:80:100", + "vip":"192.168.101.39" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.30:80:100", + "vip":"192.168.101.86" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.72:80:100", + "vip":"192.168.101.31" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.237:80:100,192.168.54.27:80:100,192.168.45.209:80:100,192.168.29.205:80:100,192.168.14.144:80:100,192.168.34.65:80:100,192.168.23.189:80:100,192.168.19.151:80:100", + "vip":"192.168.101.91" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.254:80:100,192.168.53.181:80:100,192.168.46.20:80:100,192.168.50.157:80:100,192.168.17.145:80:100,192.168.19.223:80:100,192.168.54.117:80:100,192.168.3.8:80:100", + "vip":"192.168.101.242" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.196:80:100", + "vip":"192.168.101.157" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.246:80:100,192.168.47.206:80:100,192.168.6.19:80:100,192.168.49.235:80:100", + "vip":"192.168.101.85" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.23:80:100,192.168.41.42:80:100", + "vip":"192.168.101.182" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.57:80:100,192.168.51.104:80:100,192.168.6.169:80:100,192.168.7.229:80:100", + "vip":"111.13.235.78" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.140:80:100,192.168.41.131:80:100", + "vip":"192.168.102.119" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.142:80:100", + "vip":"111.13.235.156" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.143:80:100,192.168.55.222:80:100,192.168.34.148:80:100,192.168.17.191:80:100", + "vip":"192.168.102.224" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.74:80:100,192.168.31.21:80:100", + "vip":"111.13.235.126" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.239:80:100", + "vip":"111.13.235.170" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.132:80:100,192.168.7.221:80:100", + "vip":"192.168.101.20" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.164:80:100,192.168.10.205:80:100", + "vip":"192.168.101.15" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.137:80:100", + "vip":"192.168.101.143" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.167:80:100,192.168.41.77:80:100,192.168.15.70:80:100,192.168.17.5:80:100", + "vip":"192.168.102.114" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.196:80:100,192.168.46.186:80:100,192.168.25.39:80:100,192.168.51.186:80:100,192.168.29.57:80:100,192.168.46.222:80:100,192.168.47.101:80:100,192.168.45.205:80:100,192.168.45.139:80:100,192.168.15.163:80:100,192.168.14.155:80:100,192.168.58.225:80:100,192.168.53.88:80:100,192.168.35.173:80:100,192.168.33.171:80:100,192.168.14.184:80:100,192.168.19.89:80:100,192.168.21.78:80:100,192.168.39.7:80:100,192.168.9.20:80:100,192.168.6.94:80:100,192.168.17.158:80:100,192.168.49.145:80:100,192.168.23.151:80:100,192.168.43.240:80:100,192.168.51.208:80:100,192.168.53.109:80:100,192.168.38.136:80:100,192.168.47.54:80:100", + "vip":"111.13.235.242" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.244:80:100,192.168.31.236:80:100,192.168.25.140:80:100,192.168.29.254:80:100,192.168.23.181:80:100,192.168.57.95:80:100", + "vip":"192.168.102.242" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.92:80:100,192.168.53.17:80:100,192.168.38.107:80:100", + "vip":"111.13.235.195" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.138:80:100,192.168.38.139:80:100,192.168.7.184:80:100", + "vip":"192.168.102.150" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.6:80:100,192.168.54.254:80:100", + "vip":"192.168.101.8" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.103:80:100,192.168.23.215:80:100,192.168.50.142:80:100,192.168.26.209:80:100,192.168.23.73:80:100,192.168.6.243:80:100,192.168.23.130:80:100", + "vip":"192.168.102.17" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.118:80:100,192.168.38.98:80:100", + "vip":"111.13.235.107" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.77:80:100,192.168.54.177:80:100,192.168.47.228:80:100,192.168.39.191:80:100", + "vip":"192.168.101.229" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.254:80:100,192.168.18.57:80:100,192.168.43.90:80:100,192.168.57.222:80:100,192.168.42.206:80:100,192.168.46.225:80:100,192.168.55.16:80:100,192.168.43.48:80:100,192.168.58.117:80:100,192.168.25.31:80:100,192.168.17.151:80:100,192.168.13.228:80:100,192.168.58.65:80:100,192.168.57.36:80:100,192.168.11.44:80:100,192.168.13.9:80:100,192.168.15.119:80:100,192.168.45.157:80:100,192.168.42.31:80:100,192.168.9.69:80:100,192.168.31.94:80:100,192.168.15.152:80:100,192.168.2.151:80:100,192.168.15.219:80:100,192.168.14.72:80:100,192.168.9.144:80:100,192.168.13.151:80:100,192.168.17.39:80:100,192.168.7.247:80:100,192.168.3.245:80:100,192.168.57.111:80:100,192.168.49.64:80:100,192.168.10.251:80:100,192.168.22.254:80:100,192.168.17.154:80:100,192.168.53.174:80:100,192.168.47.54:80:100,192.168.11.80:80:100,192.168.19.177:80:100,192.168.30.89:80:100,192.168.14.110:80:100,192.168.26.253:80:100,192.168.59.114:80:100,192.168.10.145:80:100,192.168.27.230:80:100,192.168.17.221:80:100,192.168.13.133:80:100,192.168.35.189:80:100,192.168.31.51:80:100,192.168.41.40:80:100,192.168.27.170:80:100,192.168.10.28:80:100,192.168.29.244:80:100,192.168.51.66:80:100,192.168.42.109:80:100,192.168.58.41:80:100,192.168.59.250:80:100,192.168.6.205:80:100,192.168.1.173:80:100,192.168.31.21:80:100,192.168.57.139:80:100,192.168.14.26:80:100,192.168.14.225:80:100,192.168.18.27:80:100,192.168.13.142:80:100,192.168.23.76:80:100,192.168.53.12:80:100,192.168.14.123:80:100,192.168.42.211:80:100,192.168.6.34:80:100,192.168.34.157:80:100,192.168.57.241:80:100,192.168.59.215:80:100,192.168.17.252:80:100,192.168.41.241:80:100,192.168.33.184:80:100,192.168.55.185:80:100,192.168.35.197:80:100,192.168.39.251:80:100,192.168.21.213:80:100,192.168.6.45:80:100,192.168.55.199:80:100,192.168.35.215:80:100,192.168.11.78:80:100,192.168.59.57:80:100,192.168.43.179:80:100,192.168.19.61:80:100,192.168.18.202:80:100", + "vip":"111.13.235.252" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.125:80:100,192.168.49.64:80:100,192.168.22.58:80:100", + "vip":"192.168.102.199" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.240:80:100,192.168.21.51:80:100,192.168.42.210:80:100,192.168.59.174:80:100,192.168.15.71:80:100,192.168.18.3:80:100,192.168.58.115:80:100,192.168.17.42:80:100,192.168.46.186:80:100,192.168.53.23:80:100,192.168.33.214:80:100,192.168.13.15:80:100,192.168.17.156:80:100", + "vip":"111.13.235.236" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.114:80:100,192.168.41.210:80:100", + "vip":"192.168.102.185" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.18:80:100", + "vip":"192.168.101.220" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.7:80:100,192.168.7.15:80:100,192.168.17.127:80:100,192.168.46.113:80:100", + "vip":"111.13.235.105" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.52:80:100,192.168.45.135:80:100", + "vip":"192.168.101.78" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.240:80:100,192.168.49.178:80:100,192.168.9.173:80:100,192.168.11.125:80:100,192.168.23.145:80:100,192.168.2.43:80:100,192.168.37.109:80:100,192.168.25.173:80:100", + "vip":"192.168.101.252" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.104:80:100,192.168.19.62:80:100,192.168.37.122:80:100", + "vip":"192.168.102.3" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.77:80:100,192.168.15.134:80:100,192.168.45.12:80:100", + "vip":"192.168.101.94" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.152:80:100,192.168.17.151:80:100,192.168.29.100:80:100,192.168.41.79:80:100,192.168.3.234:80:100,192.168.42.152:80:100,192.168.6.178:80:100,192.168.30.128:80:100,192.168.53.214:80:100,192.168.49.209:80:100,192.168.45.2:80:100,192.168.51.144:80:100,192.168.29.47:80:100,192.168.22.222:80:100,192.168.6.22:80:100,192.168.33.236:80:100,192.168.33.183:80:100,192.168.1.67:80:100", + "vip":"192.168.102.205" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.21:80:100,192.168.37.138:80:100,192.168.31.156:80:100,192.168.27.230:80:100,192.168.2.186:80:100,192.168.54.213:80:100,192.168.14.110:80:100,192.168.14.93:80:100", + "vip":"192.168.101.231" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.238:80:100,192.168.6.246:80:100,192.168.6.175:80:100,192.168.2.237:80:100", + "vip":"192.168.102.41" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.217:80:100,192.168.34.10:80:100,192.168.9.142:80:100", + "vip":"192.168.102.128" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.239:80:100,192.168.3.107:80:100,192.168.37.7:80:100,192.168.2.49:80:100,192.168.19.38:80:100,192.168.3.179:80:100,192.168.25.180:80:100,192.168.7.24:80:100,192.168.19.171:80:100,192.168.34.35:80:100,192.168.2.170:80:100,192.168.54.41:80:100,192.168.21.195:80:100,192.168.22.175:80:100,192.168.46.10:80:100,192.168.23.127:80:100,192.168.39.174:80:100,192.168.59.135:80:100,192.168.45.21:80:100,192.168.30.38:80:100,192.168.15.4:80:100,192.168.30.45:80:100,192.168.26.98:80:100,192.168.38.105:80:100,192.168.6.146:80:100,192.168.25.27:80:100,192.168.49.63:80:100,192.168.5.14:80:100,192.168.47.37:80:100,192.168.51.192:80:100,192.168.49.188:80:100,192.168.10.158:80:100,192.168.46.237:80:100,192.168.18.68:80:100,192.168.37.20:80:100,192.168.33.197:80:100,192.168.14.223:80:100,192.168.15.7:80:100,192.168.27.142:80:100,192.168.2.89:80:100,192.168.47.252:80:100,192.168.22.142:80:100,192.168.49.97:80:100,192.168.33.126:80:100,192.168.26.67:80:100", + "vip":"192.168.102.98" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.213:80:100,192.168.3.126:80:100,192.168.15.199:80:100", + "vip":"192.168.101.164" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.161:80:100,192.168.11.47:80:100,192.168.26.245:80:100,192.168.19.176:80:100,192.168.35.209:80:100,192.168.38.247:80:100,192.168.35.214:80:100,192.168.59.246:80:100,192.168.10.38:80:100,192.168.5.205:80:100,192.168.27.104:80:100", + "vip":"192.168.101.70" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.111:80:100,192.168.54.227:80:100,192.168.43.50:80:100", + "vip":"192.168.102.207" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.197:80:100,192.168.37.44:80:100", + "vip":"192.168.101.27" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.137:80:100,192.168.51.133:80:100", + "vip":"192.168.102.177" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.83:80:100,192.168.58.78:80:100,192.168.1.192:80:100,192.168.47.197:80:100,192.168.38.157:80:100,192.168.47.150:80:100,192.168.25.215:80:100,192.168.46.118:80:100", + "vip":"192.168.101.148" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.7.113:80:100,192.168.35.169:80:100,192.168.34.131:80:100", + "vip":"111.13.235.142" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.170:80:100,192.168.7.88:80:100", + "vip":"192.168.102.45" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.81:80:100,192.168.2.145:80:100,192.168.55.54:80:100,192.168.29.115:80:100,192.168.46.140:80:100", + "vip":"192.168.101.102" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.122:80:100,192.168.9.211:80:100,192.168.33.226:80:100,192.168.21.22:80:100,192.168.43.18:80:100,192.168.25.143:80:100,192.168.47.238:80:100,192.168.7.100:80:100", + "vip":"192.168.101.25" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.65:80:100,192.168.38.112:80:100,192.168.19.30:80:100,192.168.5.31:80:100,192.168.57.77:80:100,192.168.23.6:80:100,192.168.22.99:80:100", + "vip":"192.168.102.72" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.182:80:100,192.168.53.196:80:100,192.168.47.231:80:100,192.168.6.17:80:100,192.168.45.178:80:100,192.168.9.86:80:100,192.168.2.213:80:100,192.168.13.157:80:100,192.168.58.60:80:100,192.168.26.53:80:100,192.168.45.89:80:100,192.168.31.157:80:100,192.168.19.62:80:100,192.168.15.153:80:100", + "vip":"192.168.102.172" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.85:80:100,192.168.39.194:80:100,192.168.2.11:80:100,192.168.49.73:80:100", + "vip":"192.168.101.134" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.250:80:100,192.168.14.27:80:100,192.168.50.18:80:100", + "vip":"192.168.101.188" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.126:80:100,192.168.1.209:80:100", + "vip":"192.168.101.76" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.95:80:100,192.168.22.159:80:100,192.168.45.206:80:100,192.168.46.147:80:100,192.168.54.159:80:100,192.168.57.9:80:100", + "vip":"111.13.235.239" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.206:80:100,192.168.39.190:80:100,192.168.2.205:80:100", + "vip":"192.168.102.218" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.26.176:80:100,192.168.21.168:80:100,192.168.19.9:80:100,192.168.31.190:80:100,192.168.29.16:80:100,192.168.42.79:80:100,192.168.57.3:80:100", + "vip":"192.168.102.240" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.130:80:100,192.168.1.24:80:100,192.168.9.184:80:100,192.168.1.146:80:100,192.168.37.64:80:100,192.168.3.165:80:100,192.168.46.166:80:100,192.168.27.120:80:100,192.168.29.41:80:100,192.168.26.130:80:100,192.168.29.14:80:100,192.168.59.209:80:100,192.168.1.2:80:100,192.168.58.106:80:100,192.168.33.210:80:100,192.168.27.123:80:100", + "vip":"111.13.235.208" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.116:80:100", + "vip":"111.13.235.84" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.166:80:100,192.168.21.5:80:100", + "vip":"111.13.235.93" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.77:80:100,192.168.41.56:80:100,192.168.57.189:80:100", + "vip":"192.168.101.179" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.201:80:100,192.168.45.229:80:100,192.168.29.141:80:100,192.168.27.229:80:100", + "vip":"192.168.101.235" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.180:80:100,192.168.6.144:80:100,192.168.41.49:80:100,192.168.33.25:80:100", + "vip":"192.168.101.250" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.11:80:100,192.168.53.75:80:100,192.168.46.169:80:100,192.168.35.193:80:100", + "vip":"192.168.102.26" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.222:80:100,192.168.26.116:80:100", + "vip":"111.13.235.217" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.44:80:100,192.168.57.200:80:100,192.168.31.79:80:100,192.168.38.108:80:100,192.168.23.8:80:100,192.168.38.115:80:100,192.168.51.120:80:100,192.168.7.68:80:100,192.168.33.87:80:100,192.168.35.100:80:100,192.168.14.71:80:100,192.168.9.58:80:100,192.168.43.236:80:100,192.168.42.51:80:100,192.168.37.48:80:100,192.168.42.62:80:100,192.168.53.34:80:100,192.168.25.148:80:100,192.168.6.231:80:100,192.168.2.60:80:100,192.168.17.193:80:100,192.168.2.52:80:100,192.168.57.124:80:100,192.168.5.200:80:100,192.168.19.248:80:100,192.168.29.178:80:100,192.168.23.138:80:100,192.168.19.41:80:100,192.168.55.249:80:100,192.168.34.185:80:100,192.168.43.133:80:100,192.168.23.136:80:100,192.168.42.111:80:100,192.168.6.10:80:100,192.168.17.71:80:100,192.168.15.222:80:100,192.168.10.225:80:100,192.168.15.64:80:100,192.168.19.159:80:100,192.168.34.197:80:100,192.168.11.250:80:100,192.168.22.18:80:100,192.168.30.37:80:100,192.168.18.24:80:100,192.168.38.206:80:100,192.168.10.211:80:100,192.168.17.148:80:100,192.168.34.238:80:100,192.168.53.95:80:100,192.168.33.231:80:100,192.168.11.45:80:100,192.168.14.166:80:100,192.168.29.141:80:100,192.168.45.99:80:100,192.168.38.56:80:100,192.168.13.205:80:100,192.168.22.50:80:100,192.168.7.243:80:100,192.168.33.85:80:100,192.168.13.223:80:100,192.168.22.187:80:100,192.168.18.79:80:100,192.168.10.75:80:100,192.168.42.31:80:100,192.168.43.221:80:100,192.168.5.31:80:100,192.168.57.152:80:100,192.168.58.15:80:100,192.168.41.108:80:100,192.168.31.94:80:100,192.168.50.8:80:100,192.168.33.210:80:100,192.168.34.160:80:100,192.168.27.34:80:100,192.168.42.9:80:100,192.168.46.78:80:100,192.168.59.225:80:100,192.168.26.191:80:100,192.168.15.182:80:100,192.168.9.243:80:100,192.168.21.71:80:100,192.168.33.33:80:100,192.168.41.28:80:100,192.168.29.38:80:100,192.168.45.178:80:100,192.168.13.208:80:100,192.168.13.129:80:100,192.168.47.134:80:100,192.168.43.9:80:100,192.168.59.64:80:100,192.168.46.22:80:100,192.168.51.15:80:100,192.168.10.112:80:100,192.168.15.13:80:100,192.168.33.149:80:100,192.168.55.222:80:100,192.168.3.53:80:100,192.168.31.41:80:100,192.168.41.99:80:100,192.168.37.31:80:100,192.168.49.162:80:100,192.168.50.113:80:100,192.168.2.173:80:100,192.168.18.87:80:100,192.168.3.20:80:100,192.168.46.229:80:100,192.168.31.254:80:100,192.168.17.7:80:100,192.168.7.212:80:100,192.168.6.106:80:100,192.168.17.160:80:100,192.168.59.212:80:100,192.168.7.29:80:100,192.168.58.202:80:100,192.168.46.227:80:100,192.168.1.46:80:100,192.168.50.226:80:100,192.168.26.5:80:100,192.168.59.15:80:100,192.168.51.148:80:100,192.168.26.62:80:100,192.168.50.242:80:100,192.168.35.36:80:100,192.168.47.245:80:100,192.168.49.30:80:100,192.168.11.249:80:100,192.168.17.251:80:100,192.168.29.65:80:100,192.168.11.106:80:100,192.168.46.9:80:100,192.168.37.185:80:100,192.168.21.183:80:100,192.168.31.220:80:100,192.168.15.2:80:100,192.168.18.103:80:100,192.168.51.13:80:100,192.168.17.129:80:100,192.168.34.25:80:100,192.168.38.242:80:100,192.168.47.5:80:100,192.168.13.11:80:100,192.168.33.180:80:100,192.168.37.226:80:100,192.168.3.124:80:100,192.168.35.190:80:100,192.168.30.96:80:100,192.168.29.99:80:100,192.168.55.58:80:100,192.168.13.111:80:100,192.168.42.161:80:100,192.168.14.182:80:100,192.168.21.68:80:100,192.168.6.74:80:100,192.168.59.132:80:100,192.168.13.7:80:100,192.168.39.217:80:100,192.168.39.124:80:100,192.168.21.144:80:100,192.168.58.240:80:100,192.168.21.166:80:100,192.168.3.114:80:100,192.168.53.186:80:100,192.168.42.234:80:100,192.168.17.42:80:100,192.168.33.236:80:100,192.168.43.217:80:100,192.168.50.5:80:100,192.168.58.125:80:100,192.168.7.75:80:100,192.168.3.83:80:100,192.168.21.155:80:100,192.168.43.136:80:100,192.168.1.186:80:100,192.168.39.188:80:100,192.168.17.70:80:100,192.168.58.46:80:100,192.168.18.128:80:100,192.168.15.45:80:100,192.168.41.68:80:100,192.168.15.17:80:100,192.168.43.233:80:100,192.168.42.125:80:100,192.168.45.132:80:100,192.168.17.76:80:100,192.168.22.176:80:100,192.168.17.104:80:100,192.168.33.57:80:100,192.168.29.167:80:100,192.168.50.243:80:100,192.168.38.61:80:100,192.168.14.249:80:100,192.168.35.186:80:100,192.168.31.228:80:100,192.168.29.67:80:100,192.168.13.180:80:100,192.168.33.41:80:100", + "vip":"192.168.101.132" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.196:80:100,192.168.53.193:80:100,192.168.47.97:80:100,192.168.47.233:80:100,192.168.9.179:80:100,192.168.15.29:80:100,192.168.53.143:80:100,192.168.15.142:80:100,192.168.13.111:80:100,192.168.59.242:80:100,192.168.14.61:80:100,192.168.49.92:80:100,192.168.2.223:80:100,192.168.46.203:80:100,192.168.35.168:80:100", + "vip":"192.168.101.32" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.253:80:100,192.168.19.37:80:100,192.168.1.192:80:100,192.168.10.138:80:100,192.168.23.110:80:100,192.168.19.216:80:100,192.168.29.177:80:100", + "vip":"111.13.235.148" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.130:80:100,192.168.14.249:80:100,192.168.53.238:80:100,192.168.30.146:80:100,192.168.9.78:80:100,192.168.1.252:80:100,192.168.23.5:80:100,192.168.9.211:80:100,192.168.6.24:80:100,192.168.5.162:80:100,192.168.46.158:80:100,192.168.59.105:80:100,192.168.25.212:80:100,192.168.18.100:80:100,192.168.42.200:80:100,192.168.50.250:80:100,192.168.57.228:80:100,192.168.33.48:80:100", + "vip":"192.168.102.200" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.226:80:100,192.168.22.219:80:100,192.168.2.18:80:100", + "vip":"192.168.102.197" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.124:80:100,192.168.33.13:80:100,192.168.43.158:80:100,192.168.14.56:80:100,192.168.21.207:80:100,192.168.47.165:80:100,192.168.11.75:80:100,192.168.6.103:80:100,192.168.49.207:80:100", + "vip":"192.168.102.43" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.23:80:100,192.168.50.35:80:100,192.168.53.82:80:100,192.168.22.240:80:100", + "vip":"192.168.102.221" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.76:80:100,192.168.2.40:80:100,192.168.51.116:80:100", + "vip":"111.13.235.159" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.161:80:100,192.168.49.62:80:100,192.168.22.89:80:100,192.168.35.91:80:100,192.168.39.138:80:100,192.168.34.244:80:100,192.168.2.135:80:100,192.168.33.87:80:100,192.168.10.144:80:100,192.168.15.120:80:100,192.168.3.194:80:100,192.168.45.222:80:100,192.168.54.253:80:100,192.168.29.198:80:100", + "vip":"192.168.102.75" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.26.74:80:100", + "vip":"111.13.235.193" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.58:80:100,192.168.58.222:80:100,192.168.7.32:80:100,192.168.2.8:80:100", + "vip":"192.168.101.218" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.239:80:100,192.168.46.249:80:100,192.168.23.104:80:100,192.168.23.170:80:100,192.168.45.185:80:100,192.168.38.170:80:100,192.168.7.103:80:100", + "vip":"192.168.101.187" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.41:80:100,192.168.59.215:80:100,192.168.54.176:80:100,192.168.38.24:80:100,192.168.29.83:80:100,192.168.23.162:80:100,192.168.11.12:80:100,192.168.42.116:80:100,192.168.14.214:80:100,192.168.22.90:80:100,192.168.47.96:80:100,192.168.3.231:80:100,192.168.25.156:80:100,192.168.5.5:80:100,192.168.14.250:80:100,192.168.59.168:80:100,192.168.27.71:80:100,192.168.31.251:80:100,192.168.55.179:80:100,192.168.2.51:80:100,192.168.33.57:80:100,192.168.35.253:80:100,192.168.29.39:80:100,192.168.7.66:80:100,192.168.59.37:80:100,192.168.33.42:80:100,192.168.23.145:80:100,192.168.46.98:80:100,192.168.43.52:80:100,192.168.14.191:80:100,192.168.13.231:80:100,192.168.51.160:80:100,192.168.2.53:80:100", + "vip":"192.168.102.206" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.235:80:100", + "vip":"192.168.102.86" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.9:80:100,192.168.50.73:80:100,192.168.10.147:80:100,192.168.26.148:80:100", + "vip":"192.168.102.186" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.6:80:100,192.168.18.190:80:100,192.168.2.20:80:100,192.168.55.90:80:100,192.168.42.10:80:100,192.168.50.109:80:100,192.168.15.130:80:100,192.168.13.136:80:100,192.168.9.1:80:100,192.168.7.167:80:100,192.168.37.72:80:100,192.168.14.184:80:100,192.168.1.160:80:100,192.168.19.98:80:100,192.168.22.90:80:100,192.168.43.62:80:100,192.168.38.212:80:100", + "vip":"192.168.102.116" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.95:80:100,192.168.55.28:80:100,192.168.33.187:80:100", + "vip":"111.13.235.151" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.212:80:100,192.168.37.223:80:100,192.168.42.166:80:100,192.168.50.63:80:100", + "vip":"192.168.101.100" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.8:80:100,192.168.27.101:80:100,192.168.45.92:80:100,192.168.45.136:80:100,192.168.27.133:80:100,192.168.31.156:80:100,192.168.25.99:80:100,192.168.15.231:80:100", + "vip":"192.168.101.224" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.98:80:100,192.168.15.71:80:100,192.168.58.115:80:100", + "vip":"192.168.102.174" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.19:80:100", + "vip":"111.13.235.115" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.15:80:100,192.168.25.48:80:100,192.168.15.243:80:100,192.168.54.57:80:100,192.168.43.116:80:100,192.168.54.188:80:100,192.168.59.149:80:100,192.168.26.81:80:100,192.168.13.230:80:100,192.168.19.12:80:100,192.168.23.201:80:100,192.168.54.2:80:100", + "vip":"192.168.101.92" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.232:80:100,192.168.25.241:80:100,192.168.34.204:80:100,192.168.51.237:80:100,192.168.30.246:80:100,192.168.2.68:80:100,192.168.3.134:80:100", + "vip":"111.13.235.171" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.245:80:100,192.168.43.131:80:100,192.168.42.221:80:100,192.168.17.58:80:100,192.168.46.32:80:100,192.168.6.21:80:100,192.168.33.6:80:100,192.168.15.26:80:100,192.168.55.130:80:100,192.168.53.203:80:100,192.168.31.192:80:100,192.168.34.235:80:100,192.168.43.183:80:100,192.168.17.156:80:100,192.168.3.48:80:100", + "vip":"111.13.235.215" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.24:80:100,192.168.49.194:80:100,192.168.53.161:80:100,192.168.51.108:80:100,192.168.17.27:80:100,192.168.13.169:80:100,192.168.5.193:80:100,192.168.1.115:80:100", + "vip":"192.168.102.232" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.127:80:100,192.168.47.29:80:100,192.168.54.179:80:100,192.168.50.80:80:100", + "vip":"192.168.101.230" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.139:80:100,192.168.18.206:80:100,192.168.55.223:80:100,192.168.41.216:80:100,192.168.38.19:80:100,192.168.54.53:80:100,192.168.23.198:80:100,192.168.50.220:80:100", + "vip":"192.168.102.24" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.1:80:100,192.168.30.214:80:100", + "vip":"192.168.102.180" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.147:80:100,192.168.38.133:80:100,192.168.1.87:80:100,192.168.55.77:80:100,192.168.41.10:80:100,192.168.27.42:80:100,192.168.7.57:80:100,192.168.1.176:80:100,192.168.31.14:80:100,192.168.49.155:80:100,192.168.29.147:80:100,192.168.13.104:80:100", + "vip":"192.168.101.52" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.87:80:100,192.168.30.235:80:100,192.168.39.83:80:100", + "vip":"111.13.235.207" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.111:80:100", + "vip":"192.168.101.214" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.1:80:100,192.168.15.169:80:100,192.168.38.161:80:100,192.168.29.188:80:100,192.168.15.58:80:100,192.168.11.173:80:100,192.168.37.21:80:100,192.168.9.245:80:100", + "vip":"111.13.235.234" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.209:80:100,192.168.15.201:80:100,192.168.46.232:80:100,192.168.25.133:80:100,192.168.35.213:80:100,192.168.27.163:80:100,192.168.1.249:80:100,192.168.37.152:80:100", + "vip":"192.168.101.44" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.41:80:100,192.168.37.177:80:100,192.168.9.59:80:100,192.168.43.86:80:100,192.168.50.171:80:100,192.168.13.174:80:100,192.168.13.68:80:100,192.168.54.180:80:100,192.168.10.196:80:100,192.168.21.247:80:100,192.168.25.79:80:100,192.168.19.12:80:100,192.168.54.199:80:100,192.168.18.142:80:100,192.168.15.202:80:100,192.168.19.228:80:100,192.168.49.68:80:100,192.168.17.63:80:100,192.168.43.108:80:100,192.168.33.106:80:100,192.168.23.201:80:100,192.168.1.99:80:100", + "vip":"192.168.101.127" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.85:80:100,192.168.18.107:80:100,192.168.2.35:80:100,192.168.39.77:80:100,192.168.1.204:80:100", + "vip":"111.13.235.150" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.126:80:100,192.168.2.246:80:100,192.168.19.120:80:100,192.168.45.40:80:100,192.168.34.198:80:100,192.168.54.222:80:100,192.168.21.221:80:100,192.168.47.51:80:100,192.168.15.126:80:100,192.168.35.207:80:100,192.168.51.150:80:100,192.168.37.221:80:100", + "vip":"192.168.102.230" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.93:80:100,192.168.1.201:80:100", + "vip":"192.168.102.39" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.218:80:100,192.168.51.29:80:100,192.168.2.212:80:100", + "vip":"111.13.235.147" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.122:80:100,192.168.54.183:80:100,192.168.19.167:80:100,192.168.53.94:80:100,192.168.39.3:80:100,192.168.21.150:80:100,192.168.31.124:80:100,192.168.58.166:80:100", + "vip":"192.168.102.223" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.191:80:100,192.168.26.45:80:100,192.168.2.31:80:100", + "vip":"192.168.101.129" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.231:80:100,192.168.26.86:80:100,192.168.33.166:80:100,192.168.15.10:80:100,192.168.59.79:80:100,192.168.29.136:80:100", + "vip":"192.168.102.23" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.100:80:100,192.168.57.30:80:100", + "vip":"111.13.235.98" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.159:80:100,192.168.9.168:80:100,192.168.53.15:80:100,192.168.47.174:80:100", + "vip":"192.168.102.90" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.193:80:100,192.168.45.211:80:100,192.168.18.209:80:100,192.168.30.45:80:100,192.168.50.194:80:100", + "vip":"192.168.102.250" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.1:80:100,192.168.5.72:80:100,192.168.25.202:80:100,192.168.38.209:80:100,192.168.50.120:80:100,192.168.26.64:80:100,192.168.27.150:80:100,192.168.27.5:80:100,192.168.46.137:80:100,192.168.50.53:80:100,192.168.53.117:80:100,192.168.47.237:80:100,192.168.10.235:80:100,192.168.21.179:80:100,192.168.55.151:80:100,192.168.7.158:80:100,192.168.18.100:80:100,192.168.25.215:80:100,192.168.46.122:80:100", + "vip":"192.168.102.83" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.119:80:100,192.168.33.251:80:100,192.168.19.209:80:100,192.168.51.235:80:100,192.168.18.2:80:100,192.168.27.20:80:100,192.168.39.211:80:100,192.168.59.186:80:100,192.168.41.107:80:100,192.168.22.136:80:100,192.168.51.65:80:100,192.168.37.151:80:100,192.168.14.151:80:100,192.168.2.49:80:100,192.168.59.217:80:100,192.168.22.36:80:100,192.168.6.30:80:100,192.168.54.102:80:100,192.168.38.43:80:100,192.168.35.39:80:100,192.168.57.92:80:100,192.168.37.241:80:100,192.168.51.25:80:100,192.168.5.142:80:100,192.168.42.14:80:100,192.168.46.191:80:100", + "vip":"111.13.235.169" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.168:80:100,192.168.3.67:80:100,192.168.17.236:80:100,192.168.39.163:80:100,192.168.42.215:80:100,192.168.31.104:80:100,192.168.18.186:80:100,192.168.9.99:80:100,192.168.17.116:80:100", + "vip":"111.13.235.86" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.239:80:100,192.168.53.218:80:100,192.168.22.254:80:100,192.168.3.3:80:100,192.168.49.52:80:100", + "vip":"111.13.235.91" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.139:80:100,192.168.15.87:80:100", + "vip":"192.168.101.223" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.218:80:100,192.168.21.122:80:100,192.168.18.125:80:100,192.168.49.157:80:100,192.168.13.243:80:100,192.168.31.15:80:100,192.168.49.72:80:100", + "vip":"111.13.235.75" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.55:80:100,192.168.43.158:80:100,192.168.55.141:80:100,192.168.10.69:80:100,192.168.57.214:80:100,192.168.1.170:80:100,192.168.50.25:80:100,192.168.1.80:80:100,192.168.34.15:80:100", + "vip":"192.168.101.28" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.7:80:100,192.168.10.189:80:100,192.168.22.29:80:100,192.168.35.73:80:100,192.168.35.54:80:100,192.168.22.63:80:100,192.168.31.99:80:100", + "vip":"192.168.101.9" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.254:80:100,192.168.7.6:80:100,192.168.41.19:80:100,192.168.57.194:80:100,192.168.27.186:80:100", + "vip":"111.13.235.94" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.253:80:100,192.168.37.196:80:100,192.168.35.12:80:100,192.168.50.14:80:100,192.168.14.145:80:100,192.168.59.47:80:100,192.168.30.53:80:100,192.168.50.30:80:100,192.168.54.59:80:100,192.168.41.166:80:100,192.168.2.81:80:100,192.168.3.50:80:100,192.168.31.24:80:100,192.168.22.153:80:100,192.168.31.34:80:100,192.168.18.195:80:100,192.168.59.135:80:100,192.168.30.177:80:100,192.168.9.218:80:100,192.168.1.240:80:100,192.168.27.198:80:100,192.168.10.49:80:100,192.168.27.29:80:100,192.168.2.160:80:100,192.168.27.22:80:100,192.168.42.136:80:100,192.168.51.78:80:100,192.168.21.140:80:100,192.168.23.72:80:100,192.168.10.164:80:100,192.168.38.238:80:100,192.168.58.239:80:100,192.168.46.163:80:100,192.168.27.106:80:100,192.168.14.224:80:100,192.168.49.182:80:100,192.168.29.100:80:100,192.168.42.43:80:100,192.168.27.234:80:100,192.168.43.194:80:100,192.168.5.105:80:100,192.168.55.196:80:100,192.168.29.42:80:100,192.168.33.118:80:100,192.168.45.138:80:100,192.168.5.151:80:100,192.168.53.203:80:100,192.168.37.124:80:100,192.168.11.178:80:100,192.168.2.34:80:100,192.168.43.215:80:100,192.168.41.189:80:100,192.168.39.199:80:100,192.168.11.23:80:100,192.168.45.103:80:100,192.168.43.240:80:100,192.168.5.143:80:100,192.168.54.235:80:100,192.168.46.172:80:100,192.168.37.48:80:100,192.168.30.146:80:100,192.168.45.215:80:100,192.168.33.150:80:100,192.168.18.125:80:100,192.168.19.187:80:100,192.168.53.13:80:100,192.168.49.27:80:100,192.168.15.44:80:100,192.168.37.219:80:100,192.168.37.227:80:100,192.168.37.242:80:100,192.168.26.22:80:100,192.168.23.160:80:100,192.168.7.247:80:100,192.168.53.204:80:100,192.168.27.217:80:100,192.168.14.250:80:100,192.168.49.38:80:100,192.168.30.171:80:100,192.168.53.59:80:100,192.168.54.108:80:100,192.168.34.122:80:100,192.168.10.158:80:100,192.168.38.51:80:100,192.168.7.99:80:100,192.168.23.2:80:100,192.168.54.42:80:100,192.168.35.111:80:100,192.168.2.176:80:100,192.168.5.205:80:100,192.168.43.144:80:100,192.168.29.104:80:100,192.168.38.116:80:100,192.168.33.194:80:100,192.168.3.187:80:100,192.168.22.167:80:100,192.168.45.147:80:100,192.168.7.83:80:100,192.168.17.124:80:100,192.168.53.154:80:100,192.168.7.223:80:100,192.168.21.128:80:100,192.168.2.139:80:100,192.168.50.191:80:100,192.168.30.52:80:100,192.168.39.80:80:100,192.168.37.77:80:100,192.168.42.30:80:100,192.168.31.130:80:100,192.168.51.48:80:100,192.168.47.163:80:100,192.168.10.85:80:100,192.168.14.75:80:100,192.168.38.22:80:100,192.168.14.23:80:100,192.168.46.198:80:100,192.168.3.104:80:100,192.168.14.2:80:100,192.168.34.79:80:100,192.168.14.118:80:100,192.168.37.28:80:100,192.168.31.81:80:100,192.168.39.238:80:100,192.168.23.212:80:100,192.168.22.192:80:100,192.168.51.123:80:100,192.168.15.87:80:100,192.168.57.180:80:100,192.168.10.13:80:100,192.168.21.233:80:100,192.168.26.157:80:100,192.168.58.98:80:100,192.168.41.162:80:100,192.168.3.225:80:100,192.168.58.42:80:100,192.168.43.95:80:100,192.168.33.84:80:100,192.168.7.16:80:100,192.168.42.133:80:100,192.168.13.155:80:100,192.168.17.117:80:100,192.168.34.242:80:100,192.168.47.22:80:100,192.168.3.3:80:100,192.168.10.60:80:100,192.168.9.196:80:100,192.168.59.11:80:100,192.168.57.193:80:100,192.168.55.203:80:100,192.168.25.102:80:100,192.168.19.52:80:100,192.168.26.116:80:100,192.168.55.248:80:100,192.168.18.2:80:100,192.168.35.208:80:100,192.168.26.23:80:100,192.168.46.11:80:100,192.168.45.126:80:100,192.168.47.116:80:100,192.168.15.142:80:100,192.168.21.6:80:100,192.168.42.233:80:100,192.168.55.81:80:100,192.168.15.227:80:100,192.168.10.33:80:100,192.168.54.137:80:100,192.168.3.111:80:100,192.168.17.157:80:100,192.168.57.134:80:100,192.168.53.99:80:100,192.168.53.52:80:100,192.168.11.174:80:100,192.168.23.108:80:100,192.168.39.36:80:100,192.168.33.140:80:100,192.168.55.218:80:100,192.168.42.155:80:100,192.168.59.75:80:100,192.168.19.178:80:100,192.168.42.24:80:100,192.168.7.177:80:100,192.168.42.115:80:100,192.168.17.125:80:100,192.168.45.87:80:100", + "vip":"192.168.102.25" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.249:80:100,192.168.22.210:80:100,192.168.58.134:80:100,192.168.51.45:80:100,192.168.33.155:80:100,192.168.15.11:80:100,192.168.31.209:80:100,192.168.38.79:80:100,192.168.14.46:80:100", + "vip":"192.168.101.90" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.65:80:100,192.168.39.63:80:100,192.168.25.190:80:100", + "vip":"111.13.235.77" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.57.107:80:100,192.168.41.105:80:100,192.168.29.156:80:100,192.168.53.29:80:100,192.168.11.47:80:100,192.168.51.126:80:100,192.168.7.2:80:100,192.168.49.83:80:100,192.168.15.53:80:100,192.168.19.167:80:100,192.168.31.116:80:100,192.168.18.78:80:100,192.168.37.89:80:100", + "vip":"192.168.101.170" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.34:80:100,192.168.34.194:80:100", + "vip":"192.168.101.118" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.38:80:100,192.168.53.247:80:100", + "vip":"192.168.102.52" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.19:80:100,192.168.21.108:80:100,192.168.18.199:80:100", + "vip":"192.168.101.75" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.185:80:100", + "vip":"192.168.101.185" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.172:80:100,192.168.51.243:80:100", + "vip":"192.168.102.103" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.127:80:100,192.168.15.42:80:100,192.168.46.211:80:100,192.168.21.139:80:100,192.168.45.77:80:100,192.168.23.239:80:100,192.168.31.146:80:100,192.168.7.242:80:100,192.168.7.59:80:100,192.168.10.93:80:100,192.168.29.222:80:100,192.168.5.185:80:100,192.168.43.219:80:100,192.168.1.2:80:100,192.168.37.78:80:100,192.168.15.115:80:100,192.168.3.146:80:100,192.168.45.240:80:100,192.168.2.130:80:100,192.168.31.217:80:100,192.168.31.152:80:100,192.168.57.234:80:100,192.168.35.207:80:100,192.168.17.156:80:100,192.168.46.49:80:100,192.168.37.97:80:100,192.168.45.192:80:100,192.168.41.245:80:100,192.168.49.248:80:100,192.168.13.198:80:100,192.168.19.231:80:100,192.168.54.174:80:100,192.168.2.155:80:100,192.168.55.209:80:100,192.168.31.10:80:100,192.168.47.139:80:100,192.168.59.62:80:100,192.168.33.208:80:100,192.168.6.73:80:100,192.168.21.7:80:100,192.168.58.201:80:100,192.168.35.230:80:100,192.168.3.102:80:100,192.168.27.100:80:100,192.168.29.180:80:100,192.168.35.166:80:100,192.168.7.5:80:100,192.168.1.7:80:100,192.168.31.149:80:100,192.168.37.66:80:100,192.168.41.35:80:100,192.168.15.197:80:100,192.168.47.148:80:100,192.168.10.213:80:100,192.168.10.229:80:100,192.168.35.183:80:100,192.168.6.108:80:100,192.168.15.204:80:100,192.168.47.74:80:100,192.168.26.179:80:100,192.168.18.218:80:100,192.168.37.42:80:100,192.168.38.179:80:100,192.168.39.105:80:100,192.168.14.47:80:100,192.168.26.212:80:100,192.168.30.245:80:100,192.168.41.100:80:100,192.168.49.10:80:100,192.168.19.131:80:100,192.168.30.209:80:100,192.168.7.88:80:100,192.168.54.201:80:100,192.168.7.157:80:100,192.168.26.211:80:100,192.168.59.2:80:100,192.168.11.147:80:100,192.168.43.33:80:100,192.168.35.75:80:100,192.168.34.89:80:100,192.168.30.142:80:100,192.168.34.198:80:100,192.168.18.134:80:100,192.168.53.183:80:100,192.168.5.234:80:100,192.168.13.36:80:100,192.168.50.31:80:100,192.168.10.192:80:100,192.168.45.167:80:100,192.168.2.115:80:100,192.168.43.142:80:100,192.168.31.95:80:100,192.168.50.250:80:100,192.168.57.140:80:100,192.168.15.128:80:100,192.168.14.212:80:100,192.168.29.89:80:100,192.168.41.68:80:100,192.168.19.229:80:100,192.168.11.20:80:100,192.168.39.73:80:100,192.168.42.53:80:100,192.168.35.199:80:100,192.168.26.54:80:100,192.168.46.102:80:100,192.168.22.127:80:100,192.168.47.59:80:100,192.168.59.75:80:100,192.168.49.206:80:100,192.168.54.210:80:100,192.168.53.156:80:100,192.168.26.49:80:100,192.168.57.19:80:100", + "vip":"192.168.102.71" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.140:80:100,192.168.23.173:80:100,192.168.9.167:80:100,192.168.59.48:80:100", + "vip":"192.168.102.84" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.222:80:100,192.168.2.135:80:100,192.168.25.177:80:100,192.168.49.75:80:100", + "vip":"192.168.101.21" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.228:80:100,192.168.18.2:80:100,192.168.59.179:80:100", + "vip":"111.13.235.158" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.199:80:100", + "vip":"111.13.235.178" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.68:80:100,192.168.34.228:80:100,192.168.42.40:80:100,192.168.18.68:80:100,192.168.7.162:80:100,192.168.27.164:80:100,192.168.18.207:80:100,192.168.10.187:80:100,192.168.18.148:80:100,192.168.59.99:80:100,192.168.30.165:80:100,192.168.35.103:80:100,192.168.47.160:80:100,192.168.31.59:80:100,192.168.59.146:80:100,192.168.15.19:80:100,192.168.58.224:80:100", + "vip":"192.168.102.181" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.147:80:100,192.168.13.104:80:100,192.168.11.39:80:100,192.168.10.192:80:100", + "vip":"192.168.102.79" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.60:80:100,192.168.38.254:80:100", + "vip":"192.168.101.137" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.82:80:100", + "vip":"192.168.102.133" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.60:80:100,192.168.21.111:80:100,192.168.21.87:80:100,192.168.34.24:80:100,192.168.41.184:80:100,192.168.33.56:80:100,192.168.5.196:80:100,192.168.6.97:80:100,192.168.33.86:80:100,192.168.14.179:80:100,192.168.55.187:80:100,192.168.42.19:80:100,192.168.31.182:80:100,192.168.59.92:80:100,192.168.35.7:80:100,192.168.38.7:80:100", + "vip":"192.168.102.203" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.199:80:100,192.168.57.203:80:100,192.168.15.54:80:100,192.168.6.136:80:100", + "vip":"192.168.102.113" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.199:80:100,192.168.14.55:80:100,192.168.5.231:80:100,192.168.29.5:80:100", + "vip":"192.168.102.162" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.100:80:100", + "vip":"192.168.102.157" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.217:80:100,192.168.39.126:80:100", + "vip":"192.168.101.221" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.81:80:100,192.168.23.243:80:100,192.168.37.52:80:100,192.168.27.221:80:100", + "vip":"192.168.102.238" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.10:80:100,192.168.15.103:80:100", + "vip":"111.13.235.92" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.215:80:100,192.168.45.103:80:100,192.168.9.40:80:100,192.168.15.108:80:100,192.168.33.39:80:100,192.168.11.79:80:100,192.168.18.50:80:100", + "vip":"192.168.101.163" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.137:80:100,192.168.58.63:80:100,192.168.21.174:80:100,192.168.1.185:80:100,192.168.3.222:80:100,192.168.5.118:80:100", + "vip":"192.168.101.212" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.175:80:100,192.168.17.189:80:100,192.168.43.130:80:100,192.168.2.61:80:100", + "vip":"192.168.101.46" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.172:80:100,192.168.5.91:80:100,192.168.10.200:80:100,192.168.58.207:80:100,192.168.26.167:80:100,192.168.33.106:80:100,192.168.46.65:80:100,192.168.19.53:80:100,192.168.9.17:80:100,192.168.29.55:80:100,192.168.5.16:80:100,192.168.37.214:80:100,192.168.18.96:80:100", + "vip":"192.168.101.33" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.66:80:100", + "vip":"192.168.101.12" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.235:80:100,192.168.43.208:80:100,192.168.58.131:80:100,192.168.29.107:80:100,192.168.18.9:80:100,192.168.57.84:80:100,192.168.39.113:80:100,192.168.9.63:80:100,192.168.14.185:80:100,192.168.9.2:80:100,192.168.58.36:80:100,192.168.38.237:80:100,192.168.7.32:80:100,192.168.58.52:80:100,192.168.3.79:80:100,192.168.18.60:80:100,192.168.19.56:80:100,192.168.25.49:80:100,192.168.59.109:80:100,192.168.59.112:80:100,192.168.2.14:80:100,192.168.22.195:80:100,192.168.25.200:80:100,192.168.30.122:80:100,192.168.35.129:80:100,192.168.49.204:80:100,192.168.35.52:80:100,192.168.53.169:80:100,192.168.38.153:80:100,192.168.13.194:80:100,192.168.42.249:80:100,192.168.29.177:80:100", + "vip":"111.13.235.145" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.100:80:100,192.168.29.117:80:100,192.168.54.191:80:100,192.168.34.199:80:100,192.168.29.55:80:100,192.168.33.66:80:100,192.168.53.10:80:100", + "vip":"192.168.102.21" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.236:80:100", + "vip":"192.168.101.239" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.100:80:100,192.168.30.49:80:100,192.168.30.246:80:100,192.168.58.71:80:100,192.168.57.241:80:100,192.168.51.87:80:100,192.168.18.7:80:100,192.168.10.209:80:100,192.168.10.127:80:100,192.168.47.72:80:100,192.168.29.181:80:100,192.168.46.249:80:100,192.168.2.165:80:100,192.168.43.84:80:100,192.168.3.7:80:100,192.168.31.87:80:100,192.168.59.41:80:100,192.168.15.23:80:100,192.168.19.147:80:100,192.168.6.86:80:100,192.168.34.253:80:100,192.168.13.97:80:100,192.168.22.112:80:100,192.168.7.215:80:100,192.168.6.28:80:100,192.168.25.181:80:100,192.168.45.54:80:100,192.168.41.53:80:100,192.168.43.210:80:100,192.168.47.57:80:100,192.168.21.200:80:100,192.168.15.26:80:100,192.168.13.148:80:100,192.168.39.125:80:100,192.168.17.82:80:100,192.168.41.31:80:100,192.168.25.42:80:100,192.168.1.79:80:100,192.168.13.38:80:100,192.168.33.5:80:100,192.168.57.29:80:100,192.168.9.66:80:100,192.168.39.79:80:100,192.168.5.143:80:100,192.168.13.116:80:100,192.168.34.214:80:100,192.168.38.190:80:100,192.168.54.177:80:100,192.168.1.9:80:100,192.168.46.56:80:100,192.168.41.58:80:100,192.168.43.86:80:100,192.168.33.116:80:100,192.168.26.39:80:100,192.168.5.73:80:100,192.168.3.140:80:100,192.168.58.231:80:100,192.168.10.1:80:100,192.168.3.79:80:100,192.168.50.89:80:100,192.168.43.177:80:100,192.168.5.210:80:100,192.168.25.211:80:100,192.168.50.187:80:100,192.168.26.196:80:100,192.168.33.211:80:100,192.168.1.170:80:100,192.168.26.222:80:100,192.168.31.91:80:100,192.168.50.70:80:100,192.168.42.49:80:100,192.168.42.139:80:100,192.168.53.90:80:100,192.168.17.134:80:100,192.168.19.9:80:100,192.168.47.146:80:100,192.168.10.36:80:100,192.168.3.187:80:100,192.168.21.192:80:100,192.168.7.186:80:100,192.168.30.94:80:100,192.168.59.174:80:100,192.168.43.120:80:100,192.168.15.71:80:100,192.168.42.195:80:100,192.168.13.85:80:100,192.168.10.8:80:100,192.168.18.17:80:100,192.168.50.235:80:100,192.168.35.5:80:100,192.168.25.103:80:100,192.168.9.225:80:100,192.168.53.142:80:100,192.168.38.123:80:100,192.168.13.17:80:100,192.168.31.252:80:100,192.168.5.165:80:100,192.168.29.217:80:100,192.168.58.197:80:100,192.168.46.144:80:100,192.168.46.208:80:100,192.168.27.250:80:100,192.168.26.120:80:100,192.168.13.254:80:100,192.168.42.62:80:100,192.168.6.236:80:100,192.168.54.129:80:100,192.168.34.129:80:100,192.168.19.96:80:100,192.168.27.218:80:100,192.168.42.133:80:100,192.168.3.201:80:100,192.168.13.30:80:100,192.168.22.128:80:100,192.168.55.58:80:100,192.168.33.126:80:100,192.168.47.92:80:100,192.168.23.216:80:100,192.168.53.189:80:100,192.168.38.198:80:100,192.168.29.85:80:100,192.168.9.217:80:100,192.168.35.25:80:100,192.168.14.17:80:100,192.168.6.193:80:100,192.168.43.96:80:100,192.168.47.76:80:100,192.168.10.51:80:100,192.168.38.143:80:100,192.168.43.122:80:100,192.168.23.214:80:100,192.168.43.47:80:100,192.168.37.210:80:100,192.168.3.186:80:100,192.168.13.175:80:100,192.168.5.29:80:100,192.168.59.192:80:100,192.168.7.109:80:100,192.168.46.233:80:100,192.168.51.54:80:100,192.168.43.79:80:100,192.168.57.226:80:100,192.168.3.162:80:100,192.168.41.162:80:100,192.168.43.166:80:100,192.168.37.77:80:100,192.168.50.233:80:100,192.168.11.78:80:100,192.168.31.139:80:100,192.168.54.182:80:100,192.168.25.194:80:100,192.168.27.184:80:100,192.168.15.105:80:100,192.168.46.226:80:100,192.168.25.163:80:100,192.168.29.135:80:100,192.168.57.57:80:100,192.168.41.165:80:100,192.168.21.236:80:100,192.168.57.189:80:100,192.168.27.213:80:100,192.168.13.33:80:100", + "vip":"192.168.102.66" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.157:80:100,192.168.47.130:80:100,192.168.31.63:80:100,192.168.21.167:80:100,192.168.19.124:80:100,192.168.47.111:80:100,192.168.3.157:80:100,192.168.39.21:80:100,192.168.25.142:80:100,192.168.33.175:80:100,192.168.22.83:80:100,192.168.22.247:80:100,192.168.18.168:80:100,192.168.39.68:80:100,192.168.31.111:80:100,192.168.5.129:80:100,192.168.51.34:80:100,192.168.13.109:80:100,192.168.58.32:80:100", + "vip":"111.13.235.255" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.136:80:100,192.168.46.173:80:100,192.168.10.243:80:100,192.168.55.137:80:100,192.168.15.55:80:100,192.168.42.136:80:100,192.168.34.17:80:100,192.168.6.207:80:100,192.168.46.4:80:100,192.168.57.156:80:100,192.168.38.232:80:100,192.168.10.81:80:100,192.168.58.63:80:100,192.168.9.218:80:100,192.168.47.142:80:100,192.168.46.14:80:100,192.168.13.89:80:100,192.168.57.94:80:100,192.168.31.145:80:100,192.168.43.133:80:100,192.168.26.175:80:100,192.168.2.130:80:100,192.168.33.26:80:100,192.168.27.157:80:100,192.168.6.92:80:100,192.168.23.183:80:100,192.168.49.88:80:100,192.168.33.176:80:100,192.168.5.120:80:100,192.168.27.234:80:100,192.168.57.22:80:100,192.168.22.132:80:100,192.168.34.3:80:100,192.168.19.107:80:100,192.168.50.57:80:100,192.168.42.185:80:100,192.168.6.126:80:100,192.168.13.99:80:100,192.168.53.222:80:100,192.168.3.65:80:100,192.168.22.143:80:100,192.168.19.4:80:100,192.168.49.149:80:100,192.168.42.134:80:100,192.168.41.105:80:100,192.168.27.103:80:100,192.168.21.30:80:100,192.168.11.227:80:100,192.168.10.245:80:100,192.168.41.49:80:100,192.168.14.147:80:100,192.168.41.154:80:100,192.168.41.104:80:100,192.168.43.177:80:100,192.168.55.141:80:100,192.168.29.180:80:100,192.168.13.157:80:100,192.168.27.162:80:100,192.168.5.66:80:100,192.168.41.8:80:100,192.168.54.68:80:100,192.168.45.229:80:100,192.168.43.55:80:100,192.168.14.83:80:100,192.168.27.199:80:100,192.168.37.231:80:100,192.168.2.6:80:100,192.168.5.106:80:100,192.168.37.133:80:100,192.168.53.7:80:100,192.168.6.251:80:100,192.168.49.40:80:100,192.168.26.6:80:100,192.168.55.139:80:100,192.168.25.249:80:100,192.168.18.9:80:100,192.168.27.144:80:100,192.168.54.41:80:100,192.168.49.179:80:100,192.168.53.15:80:100,192.168.35.163:80:100,192.168.23.170:80:100,192.168.9.48:80:100,192.168.38.15:80:100,192.168.5.165:80:100,192.168.59.74:80:100,192.168.7.164:80:100,192.168.27.28:80:100,192.168.51.182:80:100,192.168.18.120:80:100,192.168.39.84:80:100,192.168.15.228:80:100,192.168.34.210:80:100,192.168.13.130:80:100,192.168.31.43:80:100,192.168.22.225:80:100,192.168.2.182:80:100,192.168.26.9:80:100,192.168.10.80:80:100,192.168.26.158:80:100,192.168.51.43:80:100,192.168.23.9:80:100,192.168.3.101:80:100,192.168.53.12:80:100,192.168.2.63:80:100,192.168.13.184:80:100,192.168.25.7:80:100,192.168.50.250:80:100,192.168.47.195:80:100,192.168.35.108:80:100,192.168.55.226:80:100,192.168.58.163:80:100,192.168.15.242:80:100,192.168.29.5:80:100,192.168.37.226:80:100,192.168.9.128:80:100,192.168.22.42:80:100,192.168.5.169:80:100,192.168.25.252:80:100,192.168.23.16:80:100,192.168.29.82:80:100,192.168.55.199:80:100,192.168.45.82:80:100,192.168.39.155:80:100,192.168.45.235:80:100,192.168.50.63:80:100,192.168.11.165:80:100,192.168.31.216:80:100,192.168.17.214:80:100,192.168.10.124:80:100,192.168.30.120:80:100,192.168.6.29:80:100,192.168.50.22:80:100,192.168.22.248:80:100,192.168.31.237:80:100", + "vip":"192.168.101.171" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.26.118:80:100,192.168.43.183:80:100", + "vip":"111.13.235.121" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.148:80:100,192.168.21.125:80:100,192.168.13.157:80:100,192.168.51.202:80:100,192.168.22.103:80:100,192.168.34.10:80:100,192.168.51.167:80:100,192.168.13.113:80:100,192.168.39.155:80:100,192.168.34.170:80:100,192.168.49.6:80:100,192.168.26.70:80:100,192.168.21.36:80:100,192.168.17.180:80:100,192.168.11.103:80:100,192.168.6.188:80:100,192.168.55.7:80:100,192.168.25.41:80:100", + "vip":"192.168.102.120" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.78:80:100,192.168.2.101:80:100,192.168.47.151:80:100", + "vip":"192.168.102.57" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.135:80:100,192.168.9.157:80:100,192.168.57.36:80:100,192.168.33.11:80:100", + "vip":"192.168.102.81" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.229:80:100,192.168.50.176:80:100,192.168.49.166:80:100,192.168.30.88:80:100,192.168.42.3:80:100", + "vip":"192.168.102.252" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.90:80:100,192.168.5.105:80:100,192.168.57.151:80:100,192.168.45.189:80:100,192.168.38.154:80:100,192.168.22.76:80:100,192.168.47.110:80:100,192.168.5.143:80:100,192.168.54.3:80:100", + "vip":"192.168.102.220" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.94:80:100,192.168.25.32:80:100,192.168.15.178:80:100,192.168.5.166:80:100,192.168.29.24:80:100,192.168.29.70:80:100,192.168.23.40:80:100,192.168.2.231:80:100,192.168.37.129:80:100,192.168.14.175:80:100,192.168.3.111:80:100,192.168.35.96:80:100,192.168.1.226:80:100,192.168.49.151:80:100,192.168.7.93:80:100", + "vip":"111.13.235.140" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.40:80:100,192.168.5.225:80:100,192.168.37.250:80:100,192.168.19.128:80:100", + "vip":"192.168.102.134" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.26:80:100,192.168.22.225:80:100", + "vip":"192.168.102.73" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.26:80:100,192.168.37.228:80:100,192.168.23.206:80:100,192.168.49.50:80:100", + "vip":"111.13.235.250" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.38:80:100,192.168.47.128:80:100", + "vip":"192.168.101.246" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.217:80:100,192.168.35.163:80:100", + "vip":"111.13.235.123" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.62:80:100,192.168.47.49:80:100,192.168.34.37:80:100", + "vip":"111.13.235.112" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.245:80:100", + "vip":"192.168.102.20" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.94:80:100", + "vip":"192.168.101.248" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.247:80:100,192.168.25.152:80:100,192.168.33.229:80:100,192.168.21.240:80:100,192.168.47.240:80:100", + "vip":"192.168.102.122" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.212:80:100,192.168.47.84:80:100,192.168.38.34:80:100,192.168.59.204:80:100,192.168.41.150:80:100,192.168.43.20:80:100,192.168.33.142:80:100,192.168.14.33:80:100,192.168.19.156:80:100,192.168.37.8:80:100,192.168.59.9:80:100,192.168.57.190:80:100,192.168.49.19:80:100,192.168.38.158:80:100,192.168.15.92:80:100,192.168.54.87:80:100,192.168.53.239:80:100,192.168.13.135:80:100,192.168.43.75:80:100,192.168.37.62:80:100,192.168.31.126:80:100,192.168.45.65:80:100,192.168.54.73:80:100,192.168.54.45:80:100,192.168.17.109:80:100,192.168.47.86:80:100,192.168.53.89:80:100,192.168.45.109:80:100,192.168.41.230:80:100,192.168.5.191:80:100,192.168.18.119:80:100,192.168.41.107:80:100,192.168.26.204:80:100,192.168.55.95:80:100,192.168.2.124:80:100,192.168.27.46:80:100,192.168.9.8:80:100,192.168.33.101:80:100,192.168.29.225:80:100,192.168.25.23:80:100,192.168.26.38:80:100,192.168.39.58:80:100,192.168.31.162:80:100,192.168.30.50:80:100,192.168.7.174:80:100,192.168.14.70:80:100,192.168.7.94:80:100,192.168.15.97:80:100,192.168.21.162:80:100,192.168.54.4:80:100,192.168.41.171:80:100,192.168.7.156:80:100,192.168.57.44:80:100,192.168.42.74:80:100,192.168.51.164:80:100,192.168.46.22:80:100,192.168.7.35:80:100,192.168.2.184:80:100,192.168.43.202:80:100,192.168.46.77:80:100,192.168.49.161:80:100,192.168.13.144:80:100,192.168.13.192:80:100,192.168.3.58:80:100,192.168.51.245:80:100,192.168.2.110:80:100,192.168.13.187:80:100,192.168.29.151:80:100,192.168.29.229:80:100,192.168.21.207:80:100,192.168.45.206:80:100,192.168.29.236:80:100,192.168.13.104:80:100,192.168.17.89:80:100,192.168.33.31:80:100", + "vip":"192.168.102.192" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.216:80:100,192.168.2.161:80:100,192.168.21.147:80:100,192.168.33.221:80:100,192.168.6.145:80:100,192.168.18.23:80:100,192.168.1.215:80:100,192.168.46.250:80:100", + "vip":"192.168.101.41" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.124:80:100,192.168.37.236:80:100,192.168.41.101:80:100,192.168.7.65:80:100,192.168.54.127:80:100", + "vip":"192.168.101.166" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.201:80:100,192.168.31.62:80:100,192.168.29.128:80:100,192.168.43.34:80:100", + "vip":"192.168.102.131" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.25:80:100,192.168.1.112:80:100,192.168.11.48:80:100,192.168.34.58:80:100,192.168.37.109:80:100,192.168.2.245:80:100,192.168.29.131:80:100,192.168.45.75:80:100,192.168.57.125:80:100", + "vip":"192.168.102.179" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.245:80:100,192.168.19.60:80:100,192.168.2.72:80:100", + "vip":"192.168.101.124" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.123:80:100,192.168.6.204:80:100,192.168.59.110:80:100,192.168.58.30:80:100,192.168.29.147:80:100", + "vip":"192.168.101.43" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.31:80:100,192.168.17.201:80:100", + "vip":"192.168.101.210" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.22:80:100,192.168.19.30:80:100,192.168.49.189:80:100,192.168.41.211:80:100", + "vip":"192.168.101.152" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.17:80:100,192.168.1.127:80:100,192.168.27.126:80:100,192.168.59.253:80:100,192.168.5.59:80:100", + "vip":"192.168.101.145" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.58:80:100,192.168.27.110:80:100,192.168.22.50:80:100,192.168.47.226:80:100,192.168.26.162:80:100,192.168.11.135:80:100,192.168.46.108:80:100,192.168.2.228:80:100,192.168.59.130:80:100,192.168.41.110:80:100,192.168.25.73:80:100,192.168.17.45:80:100,192.168.13.182:80:100,192.168.33.168:80:100,192.168.43.50:80:100", + "vip":"192.168.101.160" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.190:80:100,192.168.18.233:80:100", + "vip":"192.168.101.151" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.214:80:100,192.168.27.216:80:100,192.168.33.60:80:100,192.168.31.138:80:100", + "vip":"192.168.101.219" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.19:80:100,192.168.26.33:80:100,192.168.26.171:80:100,192.168.7.129:80:100,192.168.27.85:80:100,192.168.13.200:80:100,192.168.11.71:80:100,192.168.55.25:80:100,192.168.53.15:80:100", + "vip":"192.168.101.23" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.90:80:100,192.168.9.126:80:100,192.168.34.56:80:100,192.168.50.167:80:100", + "vip":"192.168.102.229" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.5:80:100,192.168.1.87:80:100,192.168.15.20:80:100,192.168.49.252:80:100,192.168.53.13:80:100,192.168.38.8:80:100,192.168.13.171:80:100,192.168.54.224:80:100", + "vip":"111.13.235.146" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.150:80:100,192.168.49.24:80:100", + "vip":"111.13.235.231" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.229:80:100", + "vip":"192.168.102.111" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.175:80:100,192.168.11.184:80:100,192.168.11.18:80:100", + "vip":"111.13.235.200" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.171:80:100,192.168.29.97:80:100", + "vip":"192.168.102.160" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.195:80:100,192.168.11.234:80:100,192.168.1.239:80:100,192.168.43.185:80:100", + "vip":"111.13.235.168" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.97:80:100,192.168.41.204:80:100,192.168.6.109:80:100,192.168.10.125:80:100,192.168.6.239:80:100,192.168.2.224:80:100,192.168.2.233:80:100,192.168.1.138:80:100,192.168.17.60:80:100", + "vip":"192.168.102.155" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.219:80:100,192.168.3.97:80:100,192.168.43.3:80:100,192.168.55.113:80:100", + "vip":"111.13.235.162" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.112:80:100,192.168.59.153:80:100,192.168.41.164:80:100,192.168.35.57:80:100,192.168.27.190:80:100,192.168.2.222:80:100", + "vip":"192.168.102.16" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.163:80:100,192.168.6.167:80:100,192.168.22.13:80:100,192.168.57.123:80:100,192.168.55.75:80:100,192.168.38.71:80:100,192.168.31.172:80:100", + "vip":"192.168.102.212" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.11:80:100,192.168.42.155:80:100,192.168.2.6:80:100,192.168.1.196:80:100", + "vip":"192.168.101.3" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.37:80:100,192.168.1.114:80:100,192.168.31.77:80:100,192.168.59.68:80:100,192.168.27.232:80:100,192.168.3.25:80:100,192.168.43.134:80:100,192.168.35.149:80:100", + "vip":"111.13.235.202" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.222:80:100", + "vip":"192.168.101.156" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.125:80:100,192.168.25.159:80:100,192.168.17.242:80:100", + "vip":"192.168.101.88" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.34:80:100,192.168.50.101:80:100,192.168.47.249:80:100,192.168.34.250:80:100,192.168.21.32:80:100,192.168.51.196:80:100,192.168.31.156:80:100,192.168.19.42:80:100,192.168.45.15:80:100,192.168.25.68:80:100,192.168.54.31:80:100,192.168.2.59:80:100,192.168.37.107:80:100,192.168.26.127:80:100,192.168.25.233:80:100,192.168.34.27:80:100,192.168.46.122:80:100,192.168.23.252:80:100,192.168.41.130:80:100,192.168.35.41:80:100,192.168.37.131:80:100,192.168.58.18:80:100,192.168.37.31:80:100,192.168.9.105:80:100,192.168.53.15:80:100,192.168.18.217:80:100,192.168.18.43:80:100,192.168.54.125:80:100,192.168.9.240:80:100,192.168.59.216:80:100,192.168.34.70:80:100,192.168.10.133:80:100,192.168.33.117:80:100,192.168.3.81:80:100", + "vip":"192.168.101.190" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.164:80:100,192.168.18.213:80:100,192.168.2.63:80:100,192.168.55.178:80:100,192.168.38.192:80:100,192.168.5.10:80:100,192.168.35.139:80:100,192.168.7.29:80:100,192.168.14.218:80:100,192.168.38.107:80:100,192.168.19.19:80:100,192.168.23.205:80:100,192.168.55.145:80:100,192.168.53.20:80:100,192.168.19.109:80:100,192.168.30.36:80:100,192.168.13.2:80:100,192.168.27.38:80:100,192.168.53.180:80:100,192.168.46.129:80:100,192.168.7.242:80:100,192.168.37.133:80:100,192.168.17.163:80:100,192.168.2.251:80:100,192.168.58.117:80:100,192.168.26.245:80:100,192.168.22.239:80:100,192.168.10.120:80:100,192.168.7.9:80:100,192.168.9.85:80:100,192.168.39.166:80:100,192.168.11.141:80:100,192.168.57.153:80:100,192.168.58.82:80:100,192.168.50.204:80:100,192.168.3.231:80:100,192.168.35.213:80:100,192.168.7.164:80:100,192.168.2.197:80:100,192.168.26.88:80:100,192.168.7.107:80:100,192.168.58.253:80:100,192.168.30.93:80:100,192.168.51.130:80:100,192.168.39.9:80:100,192.168.51.12:80:100,192.168.47.89:80:100,192.168.19.90:80:100,192.168.33.7:80:100,192.168.30.75:80:100,192.168.27.21:80:100,192.168.29.166:80:100,192.168.18.78:80:100,192.168.54.161:80:100,192.168.7.81:80:100,192.168.3.169:80:100,192.168.23.136:80:100,192.168.11.131:80:100,192.168.23.234:80:100,192.168.34.129:80:100,192.168.25.66:80:100,192.168.3.136:80:100,192.168.37.157:80:100,192.168.31.61:80:100,192.168.45.189:80:100,192.168.1.48:80:100,192.168.53.156:80:100,192.168.49.78:80:100,192.168.15.246:80:100,192.168.19.59:80:100,192.168.45.143:80:100,192.168.1.154:80:100,192.168.46.18:80:100,192.168.13.46:80:100", + "vip":"192.168.102.219" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.172:80:100", + "vip":"192.168.101.26" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.163:80:100,192.168.30.215:80:100,192.168.41.217:80:100,192.168.46.112:80:100,192.168.22.177:80:100,192.168.15.153:80:100", + "vip":"192.168.102.138" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.4:80:100,192.168.45.167:80:100,192.168.6.205:80:100", + "vip":"192.168.101.126" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.92:80:100,192.168.30.36:80:100,192.168.5.89:80:100,192.168.25.125:80:100,192.168.46.31:80:100,192.168.14.30:80:100,192.168.58.42:80:100,192.168.7.161:80:100,192.168.54.161:80:100,192.168.58.129:80:100,192.168.10.57:80:100,192.168.29.152:80:100,192.168.41.156:80:100,192.168.54.129:80:100,192.168.6.170:80:100", + "vip":"192.168.101.51" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.169:80:100,192.168.7.23:80:100,192.168.35.13:80:100", + "vip":"192.168.101.140" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.185:80:100,192.168.3.69:80:100,192.168.2.234:80:100,192.168.6.32:80:100", + "vip":"192.168.101.108" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.38:80:100,192.168.30.151:80:100,192.168.7.25:80:100,192.168.19.156:80:100,192.168.29.45:80:100,192.168.41.30:80:100", + "vip":"192.168.101.59" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.26.21:80:100,192.168.21.154:80:100,192.168.58.138:80:100", + "vip":"192.168.102.130" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.231:80:100,192.168.49.45:80:100,192.168.54.33:80:100,192.168.26.126:80:100,192.168.18.107:80:100", + "vip":"111.13.235.117" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.11:80:100,192.168.43.167:80:100,192.168.17.76:80:100,192.168.2.234:80:100,192.168.14.44:80:100,192.168.33.197:80:100,192.168.23.38:80:100,192.168.55.82:80:100,192.168.57.218:80:100,192.168.34.251:80:100,192.168.53.109:80:100,192.168.31.245:80:100,192.168.33.67:80:100,192.168.3.39:80:100,192.168.31.158:80:100,192.168.42.138:80:100,192.168.39.81:80:100,192.168.6.192:80:100,192.168.5.103:80:100,192.168.34.109:80:100,192.168.10.127:80:100", + "vip":"111.13.235.163" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.198:80:100,192.168.25.61:80:100,192.168.41.179:80:100,192.168.22.199:80:100", + "vip":"192.168.102.167" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.5:80:100,192.168.18.115:80:100,192.168.39.221:80:100,192.168.54.59:80:100,192.168.34.171:80:100,192.168.47.20:80:100,192.168.10.127:80:100,192.168.35.66:80:100,192.168.59.69:80:100,192.168.9.158:80:100,192.168.7.150:80:100,192.168.45.65:80:100,192.168.43.156:80:100,192.168.7.61:80:100,192.168.34.26:80:100,192.168.43.92:80:100,192.168.11.53:80:100,192.168.9.136:80:100,192.168.11.30:80:100,192.168.11.193:80:100,192.168.26.29:80:100,192.168.58.205:80:100,192.168.33.162:80:100,192.168.11.101:80:100,192.168.18.92:80:100,192.168.54.131:80:100,192.168.59.166:80:100,192.168.5.69:80:100,192.168.14.86:80:100,192.168.26.245:80:100,192.168.54.143:80:100,192.168.41.138:80:100,192.168.25.13:80:100,192.168.27.100:80:100,192.168.47.43:80:100,192.168.6.184:80:100,192.168.17.230:80:100,192.168.42.198:80:100,192.168.5.171:80:100,192.168.50.161:80:100,192.168.38.65:80:100,192.168.43.191:80:100,192.168.54.209:80:100,192.168.43.123:80:100,192.168.51.28:80:100,192.168.33.194:80:100,192.168.23.124:80:100,192.168.31.148:80:100,192.168.27.30:80:100,192.168.21.26:80:100,192.168.59.19:80:100,192.168.9.74:80:100,192.168.41.1:80:100,192.168.50.245:80:100,192.168.59.174:80:100,192.168.35.55:80:100,192.168.30.219:80:100,192.168.22.75:80:100,192.168.43.4:80:100,192.168.5.123:80:100,192.168.51.167:80:100,192.168.29.120:80:100,192.168.5.4:80:100,192.168.23.233:80:100,192.168.57.58:80:100,192.168.7.245:80:100,192.168.47.53:80:100,192.168.10.215:80:100,192.168.17.120:80:100,192.168.46.64:80:100,192.168.15.122:80:100,192.168.25.72:80:100,192.168.14.225:80:100,192.168.47.82:80:100,192.168.5.214:80:100,192.168.27.239:80:100,192.168.14.215:80:100,192.168.34.157:80:100,192.168.23.43:80:100,192.168.18.32:80:100,192.168.17.163:80:100,192.168.10.224:80:100,192.168.46.155:80:100,192.168.33.204:80:100,192.168.37.41:80:100,192.168.23.49:80:100,192.168.21.107:80:100,192.168.43.79:80:100,192.168.29.218:80:100,192.168.25.146:80:100,192.168.45.206:80:100,192.168.34.188:80:100,192.168.19.25:80:100,192.168.30.70:80:100,192.168.3.81:80:100,192.168.25.16:80:100", + "vip":"192.168.102.82" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.133:80:100,192.168.2.244:80:100", + "vip":"192.168.101.114" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.103:80:100,192.168.7.190:80:100,192.168.49.197:80:100", + "vip":"192.168.101.103" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.64:80:100,192.168.59.17:80:100", + "vip":"111.13.235.90" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.185:80:100", + "vip":"192.168.101.237" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.126:80:100,192.168.7.77:80:100,192.168.10.253:80:100,192.168.10.73:80:100,192.168.30.153:80:100,192.168.10.209:80:100,192.168.51.139:80:100,192.168.21.60:80:100,192.168.17.189:80:100,192.168.1.221:80:100,192.168.54.214:80:100,192.168.7.25:80:100,192.168.54.71:80:100,192.168.27.174:80:100,192.168.17.4:80:100,192.168.47.71:80:100,192.168.58.29:80:100,192.168.21.239:80:100,192.168.3.85:80:100,192.168.33.173:80:100,192.168.18.189:80:100,192.168.50.252:80:100,192.168.54.240:80:100,192.168.30.101:80:100,192.168.5.25:80:100,192.168.35.51:80:100,192.168.10.116:80:100,192.168.55.195:80:100,192.168.10.28:80:100,192.168.27.203:80:100,192.168.7.140:80:100,192.168.51.150:80:100,192.168.43.107:80:100,192.168.51.154:80:100,192.168.21.46:80:100,192.168.19.98:80:100,192.168.21.16:80:100,192.168.51.8:80:100,192.168.38.153:80:100,192.168.14.92:80:100,192.168.7.143:80:100,192.168.55.238:80:100", + "vip":"111.13.235.233" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.96:80:100,192.168.2.1:80:100,192.168.49.66:80:100", + "vip":"192.168.102.165" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.211:80:100,192.168.17.41:80:100,192.168.17.189:80:100,192.168.23.34:80:100,192.168.17.119:80:100,192.168.38.65:80:100", + "vip":"192.168.101.56" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.158:80:100,192.168.46.52:80:100,192.168.7.225:80:100,192.168.15.187:80:100,192.168.37.108:80:100", + "vip":"111.13.235.66" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.120:80:100", + "vip":"111.13.235.111" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.6:80:100,192.168.19.246:80:100,192.168.54.1:80:100", + "vip":"192.168.102.245" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.213:80:100,192.168.1.57:80:100,192.168.1.124:80:100,192.168.27.254:80:100,192.168.11.109:80:100,192.168.3.134:80:100,192.168.15.222:80:100,192.168.27.235:80:100", + "vip":"111.13.235.205" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.205:80:100,192.168.49.29:80:100,192.168.35.241:80:100,192.168.18.226:80:100,192.168.2.87:80:100,192.168.21.207:80:100,192.168.51.68:80:100,192.168.3.50:80:100,192.168.37.229:80:100,192.168.57.165:80:100", + "vip":"192.168.101.29" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.68:80:100,192.168.10.226:80:100,192.168.47.217:80:100", + "vip":"192.168.101.232" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.15:80:100,192.168.21.111:80:100,192.168.51.215:80:100", + "vip":"111.13.235.110" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.112:80:100,192.168.7.149:80:100,192.168.46.140:80:100,192.168.22.199:80:100,192.168.55.146:80:100,192.168.41.153:80:100,192.168.43.73:80:100,192.168.19.155:80:100,192.168.50.84:80:100,192.168.37.207:80:100,192.168.47.117:80:100,192.168.58.107:80:100,192.168.54.45:80:100,192.168.22.173:80:100,192.168.50.239:80:100,192.168.54.1:80:100,192.168.30.9:80:100,192.168.57.100:80:100,192.168.15.224:80:100,192.168.26.223:80:100,192.168.46.106:80:100,192.168.58.168:80:100,192.168.19.219:80:100,192.168.53.135:80:100,192.168.37.88:80:100,192.168.14.101:80:100,192.168.21.42:80:100,192.168.15.173:80:100,192.168.34.91:80:100,192.168.31.77:80:100,192.168.35.235:80:100,192.168.1.251:80:100,192.168.33.26:80:100,192.168.41.69:80:100,192.168.5.191:80:100,192.168.43.63:80:100,192.168.34.83:80:100,192.168.29.2:80:100,192.168.47.112:80:100,192.168.29.118:80:100,192.168.47.57:80:100,192.168.22.87:80:100,192.168.57.63:80:100,192.168.30.105:80:100,192.168.10.37:80:100,192.168.26.215:80:100,192.168.59.192:80:100,192.168.1.232:80:100,192.168.26.171:80:100,192.168.30.68:80:100,192.168.11.188:80:100,192.168.7.133:80:100,192.168.29.76:80:100,192.168.26.204:80:100,192.168.5.113:80:100,192.168.50.19:80:100,192.168.18.215:80:100,192.168.34.195:80:100,192.168.43.87:80:100,192.168.1.10:80:100,192.168.59.223:80:100,192.168.31.205:80:100,192.168.57.204:80:100,192.168.34.10:80:100,192.168.35.87:80:100,192.168.35.192:80:100,192.168.50.4:80:100,192.168.11.171:80:100,192.168.19.165:80:100,192.168.53.92:80:100,192.168.25.107:80:100,192.168.46.184:80:100,192.168.43.232:80:100,192.168.23.189:80:100,192.168.43.97:80:100,192.168.2.6:80:100,192.168.31.198:80:100,192.168.11.137:80:100,192.168.49.160:80:100,192.168.43.72:80:100,192.168.19.8:80:100,192.168.31.117:80:100,192.168.19.168:80:100,192.168.33.35:80:100,192.168.14.38:80:100,192.168.26.170:80:100,192.168.38.71:80:100,192.168.9.40:80:100,192.168.30.205:80:100,192.168.42.146:80:100,192.168.58.132:80:100,192.168.42.140:80:100,192.168.27.211:80:100,192.168.29.249:80:100,192.168.11.75:80:100,192.168.41.177:80:100,192.168.29.223:80:100,192.168.11.27:80:100,192.168.46.58:80:100,192.168.39.97:80:100,192.168.26.44:80:100,192.168.7.46:80:100,192.168.54.49:80:100,192.168.43.161:80:100,192.168.11.135:80:100,192.168.59.34:80:100,192.168.41.173:80:100,192.168.46.195:80:100,192.168.49.72:80:100,192.168.13.96:80:100,192.168.37.76:80:100,192.168.34.37:80:100,192.168.18.38:80:100,192.168.42.47:80:100,192.168.29.99:80:100,192.168.41.79:80:100,192.168.49.168:80:100,192.168.50.156:80:100,192.168.46.174:80:100,192.168.15.126:80:100,192.168.35.40:80:100,192.168.58.137:80:100,192.168.42.237:80:100,192.168.29.133:80:100,192.168.50.31:80:100,192.168.15.117:80:100,192.168.30.78:80:100,192.168.14.254:80:100,192.168.26.119:80:100,192.168.22.184:80:100,192.168.3.207:80:100,192.168.29.34:80:100,192.168.19.207:80:100,192.168.22.93:80:100,192.168.1.85:80:100,192.168.58.230:80:100,192.168.31.33:80:100,192.168.50.90:80:100,192.168.49.208:80:100,192.168.9.166:80:100,192.168.55.125:80:100,192.168.17.161:80:100,192.168.33.49:80:100,192.168.11.48:80:100,192.168.23.2:80:100,192.168.10.116:80:100,192.168.57.38:80:100,192.168.31.134:80:100,192.168.54.69:80:100,192.168.41.59:80:100,192.168.3.71:80:100,192.168.41.160:80:100,192.168.6.77:80:100,192.168.34.98:80:100,192.168.18.207:80:100,192.168.1.225:80:100,192.168.7.52:80:100,192.168.25.129:80:100,192.168.13.29:80:100,192.168.18.162:80:100,192.168.39.186:80:100,192.168.22.111:80:100", + "vip":"192.168.101.116" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.123:80:100,192.168.19.226:80:100,192.168.7.203:80:100", + "vip":"192.168.102.8" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.83:80:100,192.168.50.199:80:100,192.168.31.115:80:100,192.168.6.209:80:100,192.168.47.101:80:100,192.168.29.148:80:100,192.168.5.88:80:100,192.168.58.2:80:100", + "vip":"192.168.102.246" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.7.176:80:100,192.168.58.61:80:100,192.168.26.187:80:100,192.168.15.226:80:100,192.168.35.7:80:100,192.168.38.198:80:100", + "vip":"111.13.235.249" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.28:80:100,192.168.2.82:80:100", + "vip":"192.168.102.13" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.244:80:100,192.168.17.215:80:100,192.168.2.156:80:100", + "vip":"192.168.101.1" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.26:80:100,192.168.14.57:80:100,192.168.7.18:80:100,192.168.51.31:80:100,192.168.35.85:80:100,192.168.14.122:80:100,192.168.17.133:80:100,192.168.37.172:80:100,192.168.34.198:80:100,192.168.55.186:80:100,192.168.38.234:80:100,192.168.15.72:80:100,192.168.15.87:80:100", + "vip":"192.168.102.208" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.245:80:100,192.168.39.176:80:100,192.168.31.2:80:100", + "vip":"192.168.101.106" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.68:80:100,192.168.9.40:80:100,192.168.41.70:80:100", + "vip":"192.168.102.222" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.186:80:100,192.168.18.12:80:100,192.168.2.153:80:100", + "vip":"111.13.235.194" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.21:80:100", + "vip":"192.168.102.69" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.127:80:100,192.168.17.225:80:100,192.168.39.119:80:100,192.168.15.54:80:100,192.168.49.124:80:100,192.168.57.220:80:100,192.168.11.196:80:100,192.168.31.176:80:100,192.168.18.152:80:100", + "vip":"111.13.235.183" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.248:80:100", + "vip":"192.168.101.34" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.155:80:100,192.168.11.30:80:100,192.168.21.171:80:100,192.168.18.188:80:100,192.168.37.212:80:100,192.168.35.41:80:100", + "vip":"192.168.101.215" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.181:80:100,192.168.53.117:80:100,192.168.17.141:80:100", + "vip":"192.168.102.183" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.45.191:80:100,192.168.47.153:80:100", + "vip":"192.168.101.245" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.252:80:100,192.168.21.157:80:100,192.168.55.84:80:100,192.168.34.114:80:100,192.168.47.197:80:100,192.168.59.209:80:100,192.168.49.86:80:100,192.168.27.186:80:100,192.168.22.38:80:100,192.168.5.183:80:100,192.168.59.163:80:100,192.168.45.34:80:100,192.168.7.189:80:100,192.168.38.13:80:100,192.168.59.175:80:100,192.168.37.17:80:100,192.168.53.179:80:100,192.168.27.2:80:100,192.168.49.117:80:100,192.168.25.230:80:100,192.168.54.40:80:100,192.168.9.11:80:100,192.168.27.141:80:100,192.168.9.153:80:100,192.168.33.50:80:100,192.168.35.174:80:100,192.168.29.63:80:100,192.168.1.216:80:100,192.168.14.111:80:100,192.168.58.126:80:100,192.168.29.152:80:100,192.168.34.69:80:100,192.168.49.9:80:100,192.168.30.206:80:100,192.168.23.57:80:100,192.168.25.4:80:100,192.168.7.57:80:100,192.168.3.27:80:100,192.168.57.50:80:100,192.168.14.151:80:100,192.168.29.116:80:100,192.168.47.97:80:100,192.168.50.29:80:100,192.168.30.107:80:100,192.168.23.200:80:100,192.168.9.126:80:100,192.168.10.166:80:100,192.168.58.100:80:100,192.168.38.207:80:100,192.168.27.12:80:100,192.168.17.54:80:100,192.168.5.84:80:100,192.168.37.165:80:100,192.168.27.147:80:100,192.168.46.191:80:100,192.168.18.139:80:100,192.168.22.165:80:100,192.168.1.103:80:100,192.168.41.180:80:100,192.168.15.85:80:100,192.168.59.10:80:100,192.168.11.110:80:100,192.168.22.88:80:100,192.168.53.105:80:100,192.168.53.117:80:100,192.168.50.207:80:100,192.168.26.55:80:100,192.168.6.11:80:100,192.168.35.193:80:100,192.168.21.150:80:100,192.168.50.209:80:100,192.168.57.28:80:100,192.168.6.86:80:100,192.168.13.192:80:100,192.168.14.167:80:100,192.168.18.214:80:100,192.168.17.93:80:100,192.168.58.152:80:100,192.168.21.68:80:100,192.168.59.133:80:100,192.168.47.82:80:100,192.168.39.124:80:100,192.168.50.73:80:100,192.168.43.208:80:100,192.168.1.171:80:100,192.168.49.223:80:100,192.168.9.120:80:100,192.168.57.5:80:100,192.168.21.152:80:100,192.168.21.6:80:100,192.168.41.3:80:100,192.168.37.131:80:100,192.168.51.130:80:100,192.168.26.34:80:100,192.168.50.42:80:100,192.168.45.40:80:100,192.168.57.37:80:100,192.168.59.137:80:100,192.168.21.170:80:100,192.168.46.101:80:100,192.168.1.210:80:100,192.168.51.25:80:100,192.168.6.2:80:100,192.168.57.170:80:100", + "vip":"111.13.235.181" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.16:80:100", + "vip":"111.13.235.254" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.229:80:100,192.168.22.85:80:100", + "vip":"192.168.101.165" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.244:80:100,192.168.58.150:80:100,192.168.3.27:80:100,192.168.43.219:80:100,192.168.41.227:80:100,192.168.41.233:80:100,192.168.54.117:80:100,192.168.19.77:80:100,192.168.37.3:80:100,192.168.51.105:80:100", + "vip":"192.168.102.149" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.134:80:100,192.168.39.223:80:100,192.168.6.150:80:100,192.168.29.243:80:100,192.168.3.21:80:100,192.168.17.2:80:100,192.168.51.180:80:100,192.168.54.1:80:100,192.168.34.199:80:100,192.168.7.59:80:100,192.168.17.30:80:100,192.168.17.218:80:100,192.168.46.217:80:100,192.168.51.6:80:100,192.168.10.190:80:100,192.168.26.159:80:100,192.168.46.142:80:100,192.168.43.29:80:100,192.168.27.17:80:100,192.168.49.144:80:100,192.168.13.9:80:100,192.168.17.182:80:100,192.168.27.249:80:100,192.168.51.220:80:100,192.168.11.119:80:100,192.168.45.186:80:100,192.168.59.17:80:100,192.168.38.166:80:100,192.168.10.209:80:100,192.168.31.189:80:100,192.168.30.81:80:100,192.168.31.169:80:100,192.168.59.158:80:100,192.168.50.223:80:100,192.168.51.177:80:100,192.168.42.52:80:100,192.168.45.52:80:100,192.168.21.89:80:100,192.168.3.203:80:100,192.168.11.82:80:100,192.168.39.156:80:100,192.168.45.229:80:100,192.168.37.157:80:100,192.168.3.216:80:100,192.168.15.120:80:100,192.168.58.105:80:100,192.168.34.176:80:100,192.168.54.120:80:100,192.168.10.68:80:100,192.168.57.33:80:100,192.168.25.118:80:100,192.168.45.194:80:100,192.168.7.123:80:100,192.168.19.180:80:100,192.168.58.181:80:100,192.168.49.71:80:100,192.168.49.113:80:100,192.168.47.7:80:100,192.168.53.35:80:100,192.168.30.184:80:100,192.168.17.242:80:100,192.168.53.151:80:100,192.168.13.12:80:100,192.168.1.243:80:100,192.168.5.182:80:100,192.168.17.110:80:100,192.168.54.18:80:100,192.168.38.112:80:100,192.168.29.120:80:100,192.168.7.35:80:100,192.168.38.210:80:100,192.168.5.71:80:100,192.168.46.127:80:100,192.168.53.130:80:100,192.168.46.139:80:100,192.168.54.95:80:100,192.168.38.198:80:100,192.168.34.238:80:100,192.168.26.26:80:100,192.168.30.35:80:100,192.168.35.64:80:100,192.168.18.74:80:100,192.168.26.192:80:100,192.168.33.236:80:100,192.168.34.202:80:100,192.168.21.251:80:100,192.168.59.39:80:100,192.168.39.145:80:100,192.168.27.174:80:100,192.168.25.57:80:100,192.168.21.66:80:100,192.168.34.32:80:100,192.168.34.128:80:100,192.168.3.253:80:100,192.168.15.130:80:100,192.168.53.75:80:100,192.168.2.64:80:100,192.168.43.213:80:100,192.168.51.89:80:100,192.168.3.238:80:100", + "vip":"192.168.102.132" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.174:80:100,192.168.11.101:80:100,192.168.50.122:80:100", + "vip":"192.168.101.233" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.100:80:100,192.168.6.60:80:100,192.168.9.34:80:100", + "vip":"111.13.235.165" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.57:80:100,192.168.54.200:80:100", + "vip":"192.168.102.215" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.55:80:100,192.168.51.173:80:100", + "vip":"111.13.235.129" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.81:80:100,192.168.31.3:80:100", + "vip":"111.13.235.64" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.154:80:100,192.168.9.231:80:100,192.168.21.59:80:100,192.168.59.70:80:100", + "vip":"111.13.235.118" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.62:80:100", + "vip":"111.13.235.253" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.38.72:80:100,192.168.55.225:80:100,192.168.9.203:80:100,192.168.27.184:80:100,192.168.27.89:80:100,192.168.26.71:80:100,192.168.55.107:80:100,192.168.46.79:80:100,192.168.26.150:80:100,192.168.35.30:80:100,192.168.47.11:80:100,192.168.51.55:80:100,192.168.39.81:80:100,192.168.11.65:80:100,192.168.45.65:80:100", + "vip":"192.168.102.182" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.98:80:100,192.168.17.11:80:100", + "vip":"192.168.102.34" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.63:80:100,192.168.27.147:80:100", + "vip":"192.168.101.183" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.11:80:100", + "vip":"192.168.101.162" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.131:80:100", + "vip":"192.168.102.107" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.98:80:100,192.168.31.88:80:100,192.168.1.105:80:100,192.168.45.80:80:100,192.168.37.249:80:100,192.168.50.23:80:100,192.168.3.50:80:100,192.168.41.123:80:100", + "vip":"192.168.101.192" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.209:80:100,192.168.10.111:80:100,192.168.35.31:80:100,192.168.34.120:80:100,192.168.35.99:80:100,192.168.38.116:80:100,192.168.59.122:80:100,192.168.19.205:80:100", + "vip":"192.168.101.84" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.162:80:100,192.168.14.180:80:100,192.168.5.76:80:100,192.168.46.160:80:100,192.168.35.93:80:100", + "vip":"111.13.235.188" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.196:80:100,192.168.26.151:80:100", + "vip":"192.168.101.146" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.27:80:100,192.168.6.159:80:100,192.168.5.241:80:100", + "vip":"111.13.235.144" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.213:80:100", + "vip":"192.168.101.77" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.4:80:100,192.168.51.83:80:100,192.168.53.245:80:100,192.168.35.103:80:100,192.168.7.71:80:100,192.168.13.188:80:100,192.168.19.83:80:100,192.168.49.173:80:100,192.168.5.139:80:100,192.168.49.33:80:100,192.168.7.84:80:100,192.168.54.126:80:100,192.168.29.51:80:100,192.168.25.59:80:100,192.168.37.112:80:100,192.168.54.252:80:100,192.168.39.159:80:100,192.168.30.54:80:100,192.168.17.95:80:100,192.168.43.231:80:100,192.168.17.202:80:100,192.168.25.181:80:100,192.168.22.168:80:100,192.168.50.120:80:100,192.168.17.36:80:100,192.168.9.238:80:100,192.168.42.195:80:100,192.168.31.142:80:100,192.168.41.120:80:100,192.168.51.205:80:100,192.168.39.1:80:100,192.168.39.204:80:100,192.168.10.49:80:100,192.168.57.153:80:100,192.168.49.86:80:100,192.168.10.32:80:100,192.168.7.14:80:100,192.168.29.221:80:100,192.168.17.77:80:100,192.168.33.224:80:100,192.168.11.186:80:100,192.168.31.16:80:100,192.168.35.84:80:100,192.168.31.31:80:100,192.168.15.175:80:100,192.168.45.200:80:100,192.168.41.77:80:100,192.168.57.164:80:100,192.168.30.23:80:100,192.168.49.109:80:100,192.168.22.207:80:100,192.168.2.7:80:100,192.168.17.133:80:100,192.168.14.170:80:100,192.168.49.24:80:100,192.168.13.107:80:100,192.168.10.215:80:100,192.168.7.18:80:100,192.168.17.194:80:100,192.168.2.125:80:100,192.168.58.34:80:100,192.168.39.232:80:100,192.168.58.182:80:100,192.168.9.73:80:100,192.168.9.71:80:100,192.168.50.251:80:100,192.168.7.15:80:100,192.168.59.132:80:100,192.168.15.218:80:100,192.168.14.203:80:100,192.168.7.177:80:100", + "vip":"111.13.235.186" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.96:80:100,192.168.38.139:80:100,192.168.9.160:80:100,192.168.21.53:80:100", + "vip":"192.168.102.104" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.74:80:100", + "vip":"111.13.235.209" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.213:80:100,192.168.59.198:80:100,192.168.57.18:80:100,192.168.34.240:80:100", + "vip":"111.13.235.184" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.187:80:100,192.168.17.27:80:100", + "vip":"192.168.101.247" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.239:80:100,192.168.5.155:80:100,192.168.18.214:80:100,192.168.31.129:80:100,192.168.26.122:80:100,192.168.13.134:80:100,192.168.47.76:80:100,192.168.14.186:80:100,192.168.27.70:80:100,192.168.47.159:80:100,192.168.10.127:80:100", + "vip":"192.168.102.140" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.205:80:100,192.168.25.167:80:100", + "vip":"192.168.102.228" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.194:80:100", + "vip":"192.168.101.149" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.65:80:100", + "vip":"111.13.235.222" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.130:80:100,192.168.2.1:80:100,192.168.21.206:80:100,192.168.15.42:80:100,192.168.58.47:80:100,192.168.21.157:80:100,192.168.43.63:80:100,192.168.26.193:80:100,192.168.26.206:80:100,192.168.2.171:80:100,192.168.53.103:80:100,192.168.43.48:80:100,192.168.54.92:80:100,192.168.17.53:80:100,192.168.50.33:80:100,192.168.18.213:80:100,192.168.7.87:80:100,192.168.10.121:80:100,192.168.38.216:80:100,192.168.11.24:80:100,192.168.25.31:80:100,192.168.42.250:80:100,192.168.14.143:80:100,192.168.5.168:80:100,192.168.21.19:80:100,192.168.9.138:80:100,192.168.23.243:80:100,192.168.22.132:80:100,192.168.47.136:80:100,192.168.13.52:80:100,192.168.15.19:80:100,192.168.15.153:80:100,192.168.53.8:80:100,192.168.43.183:80:100,192.168.23.241:80:100,192.168.46.175:80:100,192.168.6.56:80:100,192.168.10.148:80:100,192.168.45.59:80:100,192.168.30.187:80:100,192.168.18.171:80:100,192.168.55.123:80:100,192.168.1.3:80:100,192.168.5.137:80:100,192.168.33.228:80:100,192.168.34.178:80:100,192.168.29.167:80:100,192.168.27.212:80:100,192.168.34.237:80:100,192.168.18.52:80:100,192.168.57.196:80:100,192.168.5.229:80:100,192.168.45.106:80:100,192.168.37.145:80:100,192.168.21.175:80:100,192.168.5.213:80:100,192.168.41.84:80:100,192.168.31.184:80:100,192.168.53.15:80:100,192.168.10.4:80:100,192.168.29.50:80:100,192.168.1.70:80:100,192.168.49.64:80:100,192.168.9.198:80:100,192.168.31.198:80:100,192.168.57.137:80:100,192.168.41.106:80:100,192.168.21.13:80:100,192.168.10.68:80:100,192.168.1.149:80:100,192.168.17.229:80:100,192.168.43.39:80:100,192.168.50.20:80:100,192.168.54.253:80:100,192.168.55.144:80:100,192.168.29.57:80:100,192.168.47.11:80:100,192.168.1.102:80:100,192.168.49.193:80:100,192.168.39.76:80:100,192.168.30.209:80:100,192.168.18.244:80:100,192.168.15.52:80:100,192.168.3.139:80:100,192.168.47.246:80:100,192.168.42.253:80:100,192.168.15.203:80:100,192.168.19.96:80:100,192.168.19.199:80:100,192.168.37.64:80:100,192.168.27.227:80:100,192.168.42.209:80:100,192.168.54.220:80:100,192.168.33.75:80:100,192.168.39.244:80:100,192.168.41.32:80:100,192.168.13.1:80:100,192.168.43.122:80:100,192.168.2.33:80:100,192.168.46.214:80:100,192.168.33.64:80:100,192.168.25.140:80:100,192.168.19.213:80:100,192.168.2.219:80:100,192.168.6.107:80:100,192.168.13.42:80:100,192.168.3.183:80:100,192.168.37.137:80:100,192.168.29.71:80:100,192.168.37.85:80:100,192.168.6.112:80:100,192.168.49.58:80:100,192.168.9.47:80:100,192.168.30.150:80:100", + "vip":"192.168.102.195" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.74:80:100,192.168.59.244:80:100,192.168.3.66:80:100", + "vip":"192.168.101.104" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.242:80:100,192.168.45.145:80:100,192.168.37.136:80:100,192.168.25.118:80:100,192.168.15.177:80:100,192.168.47.244:80:100,192.168.51.119:80:100,192.168.11.235:80:100,192.168.29.46:80:100", + "vip":"192.168.101.234" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.123:80:100,192.168.39.26:80:100,192.168.57.157:80:100,192.168.58.148:80:100,192.168.1.43:80:100,192.168.7.47:80:100,192.168.13.219:80:100,192.168.46.122:80:100", + "vip":"111.13.235.201" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.7.191:80:100,192.168.17.146:80:100,192.168.57.116:80:100,192.168.18.141:80:100", + "vip":"192.168.101.195" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.62:80:100", + "vip":"192.168.101.47" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.142:80:100,192.168.38.26:80:100,192.168.43.157:80:100", + "vip":"192.168.101.253" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.74:80:100,192.168.51.80:80:100,192.168.41.234:80:100,192.168.34.61:80:100,192.168.5.23:80:100,192.168.27.97:80:100,192.168.26.25:80:100,192.168.5.221:80:100,192.168.22.41:80:100,192.168.22.234:80:100,192.168.57.76:80:100,192.168.6.239:80:100,192.168.29.159:80:100,192.168.46.40:80:100,192.168.18.250:80:100,192.168.21.165:80:100,192.168.57.242:80:100,192.168.51.15:80:100,192.168.21.83:80:100", + "vip":"192.168.102.50" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.190:80:100,192.168.21.136:80:100,192.168.11.137:80:100", + "vip":"192.168.101.222" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.188:80:100,192.168.29.145:80:100,192.168.29.235:80:100,192.168.17.114:80:100,192.168.30.14:80:100,192.168.17.73:80:100", + "vip":"192.168.101.197" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.135:80:100,192.168.14.239:80:100,192.168.45.28:80:100", + "vip":"192.168.102.31" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.112:80:100,192.168.57.158:80:100,192.168.38.251:80:100", + "vip":"192.168.102.168" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.196:80:100", + "vip":"192.168.101.95" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.114:80:100", + "vip":"192.168.101.89" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.47:80:100,192.168.29.14:80:100,192.168.31.134:80:100", + "vip":"192.168.101.251" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.18.224:80:100", + "vip":"192.168.101.144" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.39:80:100", + "vip":"192.168.101.96" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.222:80:100,192.168.53.11:80:100,192.168.15.103:80:100,192.168.22.173:80:100,192.168.13.209:80:100,192.168.38.113:80:100,192.168.9.158:80:100,192.168.27.242:80:100,192.168.42.200:80:100,192.168.57.124:80:100,192.168.41.152:80:100,192.168.29.178:80:100,192.168.19.36:80:100,192.168.17.151:80:100,192.168.2.209:80:100,192.168.58.26:80:100,192.168.42.218:80:100,192.168.58.102:80:100,192.168.1.119:80:100,192.168.45.203:80:100,192.168.21.19:80:100,192.168.54.40:80:100,192.168.45.5:80:100,192.168.58.49:80:100,192.168.47.51:80:100,192.168.46.248:80:100,192.168.17.219:80:100,192.168.31.16:80:100,192.168.54.131:80:100,192.168.22.44:80:100,192.168.55.96:80:100,192.168.23.77:80:100,192.168.21.30:80:100,192.168.54.92:80:100,192.168.39.117:80:100,192.168.58.142:80:100,192.168.54.181:80:100,192.168.41.52:80:100,192.168.59.4:80:100,192.168.35.87:80:100,192.168.18.63:80:100,192.168.53.15:80:100,192.168.27.121:80:100,192.168.39.93:80:100,192.168.35.13:80:100,192.168.1.73:80:100,192.168.33.95:80:100,192.168.5.112:80:100,192.168.57.128:80:100,192.168.33.240:80:100,192.168.14.53:80:100,192.168.53.119:80:100,192.168.7.166:80:100,192.168.10.137:80:100,192.168.38.171:80:100,192.168.30.125:80:100,192.168.14.36:80:100,192.168.10.215:80:100,192.168.53.130:80:100,192.168.38.79:80:100,192.168.5.27:80:100,192.168.15.126:80:100,192.168.47.38:80:100,192.168.41.112:80:100,192.168.50.203:80:100,192.168.26.192:80:100,192.168.10.51:80:100,192.168.6.31:80:100,192.168.50.185:80:100,192.168.43.207:80:100,192.168.46.222:80:100,192.168.39.150:80:100,192.168.30.4:80:100,192.168.6.48:80:100,192.168.51.13:80:100,192.168.27.143:80:100,192.168.45.72:80:100,192.168.58.160:80:100,192.168.58.213:80:100,192.168.50.101:80:100,192.168.18.180:80:100,192.168.55.244:80:100,192.168.30.206:80:100,192.168.53.178:80:100,192.168.23.98:80:100,192.168.5.163:80:100,192.168.9.221:80:100,192.168.23.24:80:100,192.168.2.246:80:100,192.168.27.216:80:100,192.168.3.111:80:100", + "vip":"111.13.235.149" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.147:80:100,192.168.59.200:80:100,192.168.34.67:80:100,192.168.21.71:80:100", + "vip":"111.13.235.138" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.161:80:100", + "vip":"192.168.101.208" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.54:80:100,192.168.19.9:80:100,192.168.13.82:80:100,192.168.14.179:80:100,192.168.58.83:80:100,192.168.9.36:80:100", + "vip":"192.168.102.201" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.160:80:100,192.168.2.40:80:100,192.168.47.180:80:100,192.168.49.73:80:100", + "vip":"111.13.235.113" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.15.173:80:100,192.168.27.144:80:100,192.168.26.109:80:100", + "vip":"111.13.235.167" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.39:80:100", + "vip":"111.13.235.196" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.24:80:100,192.168.58.236:80:100,192.168.41.47:80:100,192.168.10.127:80:100", + "vip":"192.168.101.136" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.140:80:100,192.168.6.21:80:100,192.168.26.200:80:100,192.168.2.138:80:100", + "vip":"192.168.102.161" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.184:80:100", + "vip":"111.13.235.189" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.110:80:100,192.168.59.205:80:100,192.168.25.26:80:100,192.168.3.27:80:100,192.168.57.105:80:100,192.168.54.168:80:100", + "vip":"111.13.235.251" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.23.27:80:100,192.168.55.38:80:100,192.168.14.83:80:100,192.168.26.173:80:100,192.168.9.84:80:100,192.168.42.90:80:100,192.168.14.237:80:100,192.168.29.162:80:100,192.168.41.145:80:100", + "vip":"192.168.102.118" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.26.172:80:100", + "vip":"192.168.101.69" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.114:80:100", + "vip":"192.168.101.236" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.33:80:100", + "vip":"111.13.235.227" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.10.221:80:100,192.168.25.238:80:100", + "vip":"111.13.235.67" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.46.105:80:100", + "vip":"192.168.101.178" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.172:80:100,192.168.51.131:80:100,192.168.51.35:80:100", + "vip":"111.13.235.152" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.43:80:100", + "vip":"111.13.235.203" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.126:80:100,192.168.41.5:80:100,192.168.57.70:80:100,192.168.27.57:80:100,192.168.2.44:80:100", + "vip":"192.168.102.196" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.69:80:100,192.168.25.17:80:100,192.168.53.172:80:100,192.168.25.228:80:100,192.168.6.104:80:100,192.168.11.94:80:100,192.168.37.202:80:100,192.168.26.51:80:100,192.168.5.198:80:100,192.168.38.105:80:100,192.168.37.213:80:100,192.168.29.167:80:100", + "vip":"192.168.101.45" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.7.172:80:100,192.168.49.223:80:100", + "vip":"192.168.101.227" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.120:80:100,192.168.2.53:80:100", + "vip":"192.168.101.120" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.139:80:100,192.168.26.223:80:100,192.168.15.220:80:100,192.168.39.151:80:100,192.168.29.157:80:100,192.168.3.146:80:100,192.168.46.117:80:100", + "vip":"192.168.102.74" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.39.208:80:100,192.168.47.119:80:100,192.168.50.26:80:100,192.168.25.241:80:100", + "vip":"192.168.101.159" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.118:80:100,192.168.13.21:80:100,192.168.25.57:80:100,192.168.55.84:80:100,192.168.47.64:80:100,192.168.31.35:80:100,192.168.53.105:80:100,192.168.15.250:80:100,192.168.29.33:80:100,192.168.34.98:80:100,192.168.22.29:80:100,192.168.42.87:80:100,192.168.7.127:80:100,192.168.13.92:80:100,192.168.38.222:80:100,192.168.55.130:80:100,192.168.18.109:80:100,192.168.9.4:80:100,192.168.45.131:80:100,192.168.30.190:80:100", + "vip":"192.168.102.106" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.38:80:100,192.168.41.229:80:100,192.168.47.16:80:100,192.168.21.132:80:100,192.168.19.24:80:100,192.168.43.115:80:100,192.168.54.196:80:100,192.168.10.214:80:100,192.168.1.92:80:100,192.168.21.201:80:100,192.168.1.246:80:100,192.168.47.76:80:100,192.168.11.141:80:100,192.168.26.75:80:100,192.168.1.206:80:100,192.168.51.198:80:100,192.168.22.138:80:100,192.168.15.234:80:100", + "vip":"111.13.235.182" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.7.165:80:100,192.168.31.151:80:100,192.168.6.158:80:100", + "vip":"192.168.102.173" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.82:80:100,192.168.34.28:80:100,192.168.47.178:80:100,192.168.39.65:80:100,192.168.3.25:80:100,192.168.38.122:80:100,192.168.43.20:80:100,192.168.39.166:80:100,192.168.53.235:80:100,192.168.13.243:80:100,192.168.21.56:80:100,192.168.54.249:80:100,192.168.17.227:80:100,192.168.46.186:80:100,192.168.43.216:80:100,192.168.19.62:80:100,192.168.6.243:80:100,192.168.47.144:80:100,192.168.57.132:80:100,192.168.30.50:80:100,192.168.9.218:80:100,192.168.18.123:80:100,192.168.27.151:80:100,192.168.47.74:80:100,192.168.58.201:80:100,192.168.27.60:80:100,192.168.17.4:80:100,192.168.1.28:80:100,192.168.17.143:80:100,192.168.27.240:80:100,192.168.7.164:80:100,192.168.53.143:80:100,192.168.13.77:80:100,192.168.25.139:80:100,192.168.11.85:80:100,192.168.13.61:80:100,192.168.29.95:80:100,192.168.15.54:80:100,192.168.18.22:80:100,192.168.41.194:80:100,192.168.27.6:80:100,192.168.58.6:80:100,192.168.1.144:80:100,192.168.42.169:80:100,192.168.41.136:80:100,192.168.37.183:80:100,192.168.29.33:80:100,192.168.38.207:80:100,192.168.59.193:80:100,192.168.42.226:80:100,192.168.5.223:80:100,192.168.21.193:80:100,192.168.19.61:80:100,192.168.23.87:80:100,192.168.25.223:80:100,192.168.51.234:80:100", + "vip":"192.168.102.171" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.34.142:80:100,192.168.53.206:80:100", + "vip":"192.168.102.142" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.1:80:100,192.168.5.8:80:100,192.168.1.250:80:100,192.168.11.2:80:100,192.168.23.112:80:100,192.168.53.102:80:100,192.168.7.41:80:100,192.168.25.105:80:100,192.168.13.91:80:100,192.168.18.218:80:100,192.168.6.188:80:100,192.168.17.247:80:100,192.168.21.61:80:100", + "vip":"192.168.101.49" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.148:80:100,192.168.11.168:80:100,192.168.51.190:80:100", + "vip":"192.168.101.16" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.95:80:100,192.168.46.112:80:100,192.168.41.10:80:100,192.168.57.147:80:100,192.168.51.77:80:100,192.168.6.174:80:100,192.168.17.227:80:100,192.168.27.33:80:100,192.168.59.80:80:100", + "vip":"192.168.101.107" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.7.173:80:100,192.168.31.233:80:100,192.168.21.102:80:100,192.168.3.203:80:100,192.168.45.171:80:100,192.168.19.35:80:100,192.168.19.141:80:100,192.168.50.96:80:100,192.168.35.208:80:100,192.168.14.137:80:100,192.168.1.222:80:100,192.168.27.58:80:100,192.168.3.89:80:100,192.168.37.63:80:100,192.168.1.241:80:100,192.168.43.140:80:100,192.168.23.149:80:100,192.168.15.101:80:100,192.168.30.109:80:100,192.168.51.210:80:100,192.168.47.81:80:100,192.168.13.252:80:100,192.168.47.164:80:100,192.168.22.49:80:100,192.168.46.220:80:100,192.168.13.204:80:100,192.168.26.120:80:100,192.168.1.55:80:100,192.168.21.78:80:100,192.168.58.110:80:100,192.168.39.61:80:100,192.168.25.107:80:100,192.168.25.224:80:100,192.168.26.179:80:100,192.168.10.86:80:100,192.168.18.84:80:100,192.168.26.230:80:100,192.168.25.144:80:100,192.168.22.15:80:100,192.168.17.138:80:100,192.168.33.189:80:100,192.168.34.161:80:100,192.168.57.170:80:100", + "vip":"192.168.102.61" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.27:80:100,192.168.30.238:80:100,192.168.54.84:80:100,192.168.23.192:80:100", + "vip":"192.168.102.147" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.184:80:100,192.168.14.105:80:100,192.168.35.101:80:100,192.168.37.191:80:100", + "vip":"192.168.102.2" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.49.230:80:100,192.168.26.37:80:100,192.168.51.166:80:100,192.168.6.123:80:100,192.168.41.212:80:100,192.168.18.85:80:100,192.168.49.247:80:100,192.168.18.88:80:100", + "vip":"111.13.235.95" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.29.44:80:100,192.168.49.73:80:100", + "vip":"192.168.102.85" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.59:80:100,192.168.49.176:80:100,192.168.34.179:80:100,192.168.1.101:80:100,192.168.26.231:80:100,192.168.3.172:80:100,192.168.46.165:80:100", + "vip":"192.168.102.176" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.231:80:100,192.168.41.54:80:100,192.168.41.218:80:100,192.168.50.94:80:100,192.168.6.223:80:100,192.168.38.233:80:100,192.168.22.18:80:100,192.168.42.211:80:100,192.168.15.209:80:100,192.168.21.119:80:100,192.168.2.141:80:100,192.168.43.152:80:100,192.168.25.77:80:100,192.168.45.6:80:100,192.168.7.222:80:100,192.168.11.131:80:100", + "vip":"111.13.235.97" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.6:80:100,192.168.57.96:80:100,192.168.23.113:80:100,192.168.50.154:80:100", + "vip":"111.13.235.119" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.11.2:80:100", + "vip":"192.168.101.38" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.43.97:80:100", + "vip":"192.168.101.225" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.193:80:100,192.168.9.185:80:100,192.168.21.252:80:100,192.168.45.163:80:100,192.168.2.26:80:100,192.168.19.72:80:100,192.168.51.250:80:100", + "vip":"192.168.102.53" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.8:80:100,192.168.49.177:80:100,192.168.39.138:80:100,192.168.34.46:80:100", + "vip":"192.168.101.119" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.117:80:100,192.168.19.9:80:100", + "vip":"192.168.101.198" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.221:80:100,192.168.21.82:80:100,192.168.50.185:80:100,192.168.54.59:80:100,192.168.57.205:80:100,192.168.25.96:80:100,192.168.10.31:80:100,192.168.53.173:80:100,192.168.5.111:80:100,192.168.23.85:80:100,192.168.27.164:80:100,192.168.43.229:80:100,192.168.49.194:80:100,192.168.2.217:80:100,192.168.18.213:80:100,192.168.5.129:80:100,192.168.14.25:80:100,192.168.30.167:80:100,192.168.54.86:80:100,192.168.54.247:80:100,192.168.21.94:80:100,192.168.51.133:80:100,192.168.18.66:80:100,192.168.25.118:80:100,192.168.45.124:80:100,192.168.23.201:80:100,192.168.53.203:80:100,192.168.5.160:80:100,192.168.43.188:80:100,192.168.50.94:80:100,192.168.43.183:80:100,192.168.38.56:80:100,192.168.15.38:80:100,192.168.38.34:80:100,192.168.21.250:80:100,192.168.1.120:80:100,192.168.14.102:80:100,192.168.19.223:80:100,192.168.54.217:80:100,192.168.31.219:80:100,192.168.10.254:80:100,192.168.50.84:80:100,192.168.59.241:80:100,192.168.53.20:80:100,192.168.33.226:80:100,192.168.25.217:80:100,192.168.34.165:80:100,192.168.21.184:80:100,192.168.42.143:80:100,192.168.15.167:80:100,192.168.57.30:80:100,192.168.6.158:80:100,192.168.58.142:80:100,192.168.25.253:80:100,192.168.45.178:80:100,192.168.30.95:80:100,192.168.25.132:80:100,192.168.41.21:80:100,192.168.34.166:80:100,192.168.11.171:80:100,192.168.45.199:80:100,192.168.9.133:80:100,192.168.37.157:80:100,192.168.11.15:80:100,192.168.6.108:80:100,192.168.46.174:80:100,192.168.37.231:80:100,192.168.59.214:80:100,192.168.38.201:80:100,192.168.47.243:80:100,192.168.2.250:80:100,192.168.18.114:80:100,192.168.30.108:80:100,192.168.13.17:80:100,192.168.15.37:80:100,192.168.54.253:80:100,192.168.25.43:80:100,192.168.19.214:80:100,192.168.37.190:80:100,192.168.17.193:80:100,192.168.11.87:80:100,192.168.26.177:80:100,192.168.51.60:80:100,192.168.51.203:80:100,192.168.25.6:80:100,192.168.6.59:80:100,192.168.57.67:80:100,192.168.34.204:80:100,192.168.50.49:80:100,192.168.57.231:80:100,192.168.21.25:80:100,192.168.1.39:80:100,192.168.14.106:80:100,192.168.27.248:80:100,192.168.37.89:80:100,192.168.27.244:80:100,192.168.50.11:80:100,192.168.26.105:80:100,192.168.37.149:80:100,192.168.34.82:80:100,192.168.21.56:80:100,192.168.35.163:80:100,192.168.34.78:80:100,192.168.1.244:80:100,192.168.14.180:80:100,192.168.25.70:80:100,192.168.22.105:80:100,192.168.51.68:80:100,192.168.22.149:80:100,192.168.30.131:80:100,192.168.3.26:80:100,192.168.33.20:80:100,192.168.2.88:80:100,192.168.2.49:80:100,192.168.33.224:80:100,192.168.58.213:80:100,192.168.10.62:80:100,192.168.42.27:80:100,192.168.30.91:80:100,192.168.13.215:80:100,192.168.26.188:80:100,192.168.43.93:80:100,192.168.34.103:80:100,192.168.31.253:80:100,192.168.7.155:80:100,192.168.13.237:80:100,192.168.21.112:80:100,192.168.46.226:80:100,192.168.31.37:80:100,192.168.7.52:80:100,192.168.25.78:80:100,192.168.5.239:80:100,192.168.9.81:80:100,192.168.45.87:80:100,192.168.14.164:80:100", + "vip":"192.168.102.211" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.85:80:100", + "vip":"192.168.102.194" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.147:80:100,192.168.1.213:80:100,192.168.30.98:80:100", + "vip":"192.168.102.101" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.13.84:80:100,192.168.59.215:80:100", + "vip":"192.168.102.68" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.9.44:80:100,192.168.42.101:80:100,192.168.58.81:80:100,192.168.5.1:80:100,192.168.19.105:80:100,192.168.33.128:80:100,192.168.35.174:80:100,192.168.11.71:80:100,192.168.29.115:80:100,192.168.9.60:80:100,192.168.39.18:80:100,192.168.17.80:80:100,192.168.1.149:80:100,192.168.10.241:80:100,192.168.45.103:80:100,192.168.27.122:80:100,192.168.57.160:80:100,192.168.34.224:80:100,192.168.47.251:80:100,192.168.21.113:80:100,192.168.29.129:80:100,192.168.18.55:80:100,192.168.15.8:80:100,192.168.39.106:80:100,192.168.42.124:80:100,192.168.42.194:80:100,192.168.26.69:80:100,192.168.1.151:80:100,192.168.18.20:80:100,192.168.57.34:80:100,192.168.15.57:80:100,192.168.29.182:80:100,192.168.34.216:80:100,192.168.9.92:80:100,192.168.55.114:80:100,192.168.3.8:80:100,192.168.59.6:80:100,192.168.59.72:80:100,192.168.33.175:80:100,192.168.23.188:80:100,192.168.27.217:80:100,192.168.31.20:80:100,192.168.45.108:80:100,192.168.25.38:80:100,192.168.38.95:80:100,192.168.47.37:80:100,192.168.3.109:80:100,192.168.31.178:80:100,192.168.3.214:80:100,192.168.6.78:80:100,192.168.11.147:80:100,192.168.53.205:80:100,192.168.21.55:80:100,192.168.34.200:80:100,192.168.59.102:80:100,192.168.18.185:80:100,192.168.53.98:80:100,192.168.7.155:80:100,192.168.29.122:80:100,192.168.49.58:80:100,192.168.42.103:80:100,192.168.34.107:80:100,192.168.31.239:80:100,192.168.55.86:80:100,192.168.30.197:80:100,192.168.38.96:80:100,192.168.9.16:80:100,192.168.9.221:80:100,192.168.53.25:80:100,192.168.50.10:80:100,192.168.41.35:80:100,192.168.51.103:80:100,192.168.42.36:80:100,192.168.38.30:80:100", + "vip":"192.168.102.38" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.19.168:80:100,192.168.31.163:80:100,192.168.45.215:80:100,192.168.51.195:80:100,192.168.31.22:80:100,192.168.1.155:80:100,192.168.17.118:80:100,192.168.6.225:80:100,192.168.22.62:80:100", + "vip":"192.168.101.125" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.51.170:80:100,192.168.55.195:80:100", + "vip":"192.168.102.76" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.225:80:100,192.168.45.72:80:100,192.168.39.237:80:100", + "vip":"192.168.102.70" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.58.226:80:100,192.168.43.182:80:100,192.168.1.161:80:100", + "vip":"192.168.102.80" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.231:80:100,192.168.33.229:80:100,192.168.58.182:80:100,192.168.11.62:80:100,192.168.55.11:80:100,192.168.25.59:80:100,192.168.11.172:80:100,192.168.7.20:80:100", + "vip":"111.13.235.88" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.234:80:100,192.168.53.229:80:100,192.168.41.190:80:100,192.168.49.66:80:100,192.168.5.242:80:100,192.168.42.15:80:100,192.168.46.33:80:100,192.168.37.62:80:100", + "vip":"192.168.102.148" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.229:80:100,192.168.51.28:80:100,192.168.34.153:80:100,192.168.23.136:80:100", + "vip":"192.168.102.11" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.33.93:80:100,192.168.5.232:80:100", + "vip":"111.13.235.180" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.146:80:100,192.168.15.123:80:100,192.168.6.71:80:100,192.168.15.207:80:100,192.168.37.223:80:100,192.168.35.147:80:100,192.168.57.193:80:100", + "vip":"111.13.235.191" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.17.116:80:100,192.168.58.93:80:100", + "vip":"192.168.102.37" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.166:80:100,192.168.17.109:80:100,192.168.57.233:80:100,192.168.49.236:80:100,192.168.50.120:80:100,192.168.18.21:80:100,192.168.17.239:80:100,192.168.34.42:80:100,192.168.50.42:80:100,192.168.59.161:80:100,192.168.13.5:80:100,192.168.21.151:80:100,192.168.18.216:80:100", + "vip":"192.168.102.163" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.22.109:80:100,192.168.6.91:80:100,192.168.3.128:80:100,192.168.22.144:80:100", + "vip":"192.168.102.64" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.122:80:100,192.168.39.173:80:100,192.168.53.165:80:100,192.168.9.17:80:100,192.168.58.88:80:100,192.168.46.213:80:100,192.168.6.225:80:100", + "vip":"192.168.102.141" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.65:80:100,192.168.15.147:80:100,192.168.9.230:80:100,192.168.58.147:80:100,192.168.33.139:80:100,192.168.29.13:80:100,192.168.59.184:80:100,192.168.15.221:80:100,192.168.14.187:80:100,192.168.15.80:80:100,192.168.55.6:80:100,192.168.25.187:80:100,192.168.45.28:80:100,192.168.15.165:80:100,192.168.55.171:80:100,192.168.3.174:80:100,192.168.21.146:80:100,192.168.26.7:80:100,192.168.19.107:80:100,192.168.50.6:80:100,192.168.6.165:80:100,192.168.39.201:80:100,192.168.21.250:80:100,192.168.57.218:80:100,192.168.7.122:80:100,192.168.43.148:80:100,192.168.58.126:80:100,192.168.7.207:80:100,192.168.47.159:80:100,192.168.31.169:80:100,192.168.46.134:80:100,192.168.39.117:80:100,192.168.1.107:80:100,192.168.7.73:80:100,192.168.5.203:80:100,192.168.19.71:80:100,192.168.50.141:80:100,192.168.51.138:80:100,192.168.25.18:80:100,192.168.25.17:80:100,192.168.17.55:80:100,192.168.47.15:80:100,192.168.43.161:80:100,192.168.33.138:80:100,192.168.33.249:80:100,192.168.46.168:80:100,192.168.14.245:80:100,192.168.6.52:80:100,192.168.58.105:80:100,192.168.46.109:80:100,192.168.18.177:80:100,192.168.13.72:80:100,192.168.58.131:80:100,192.168.7.115:80:100,192.168.2.90:80:100,192.168.19.131:80:100,192.168.26.18:80:100,192.168.41.218:80:100,192.168.30.157:80:100,192.168.6.135:80:100,192.168.7.188:80:100,192.168.1.78:80:100,192.168.5.41:80:100,192.168.13.192:80:100,192.168.1.203:80:100,192.168.45.44:80:100,192.168.51.214:80:100,192.168.19.196:80:100,192.168.13.36:80:100,192.168.58.138:80:100,192.168.29.97:80:100,192.168.21.80:80:100,192.168.51.159:80:100,192.168.51.98:80:100,192.168.15.125:80:100,192.168.57.31:80:100,192.168.37.179:80:100,192.168.25.229:80:100,192.168.5.200:80:100,192.168.23.33:80:100,192.168.37.131:80:100,192.168.7.34:80:100,192.168.38.89:80:100,192.168.21.242:80:100,192.168.26.16:80:100,192.168.50.145:80:100,192.168.59.252:80:100,192.168.53.38:80:100,192.168.7.106:80:100,192.168.49.91:80:100", + "vip":"111.13.235.106" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.42.207:80:100,192.168.46.148:80:100", + "vip":"111.13.235.164" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.50.8:80:100,192.168.55.104:80:100,192.168.18.179:80:100,192.168.45.136:80:100,192.168.7.95:80:100,192.168.46.170:80:100,192.168.33.26:80:100,192.168.26.172:80:100,192.168.54.168:80:100", + "vip":"192.168.101.66" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.54.61:80:100,192.168.37.233:80:100,192.168.46.90:80:100,192.168.11.116:80:100,192.168.25.236:80:100,192.168.33.66:80:100,192.168.55.80:80:100,192.168.43.59:80:100,192.168.51.55:80:100,192.168.54.253:80:100,192.168.47.251:80:100,192.168.6.54:80:100,192.168.23.155:80:100,192.168.6.16:80:100,192.168.25.130:80:100,192.168.9.38:80:100,192.168.41.46:80:100,192.168.18.127:80:100,192.168.46.163:80:100,192.168.51.219:80:100,192.168.6.121:80:100,192.168.41.72:80:100,192.168.45.35:80:100,192.168.3.250:80:100,192.168.10.30:80:100,192.168.15.54:80:100,192.168.53.77:80:100,192.168.15.239:80:100,192.168.9.21:80:100,192.168.57.237:80:100,192.168.13.118:80:100,192.168.23.36:80:100,192.168.7.21:80:100,192.168.47.132:80:100,192.168.14.204:80:100,192.168.9.15:80:100,192.168.39.246:80:100,192.168.49.207:80:100", + "vip":"192.168.101.193" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.3.92:80:100,192.168.29.173:80:100,192.168.38.88:80:100,192.168.11.87:80:100,192.168.5.25:80:100,192.168.57.76:80:100,192.168.6.205:80:100,192.168.54.108:80:100,192.168.59.118:80:100,192.168.27.82:80:100,192.168.42.163:80:100", + "vip":"192.168.101.176" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.101:80:100", + "vip":"192.168.101.2" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.1:80:100,192.168.30.114:80:100,192.168.26.231:80:100,192.168.47.46:80:100,192.168.59.110:80:100,192.168.54.130:80:100,192.168.29.229:80:100,192.168.41.42:80:100,192.168.38.74:80:100,192.168.11.232:80:100,192.168.43.156:80:100,192.168.42.149:80:100,192.168.37.104:80:100,192.168.50.16:80:100,192.168.30.148:80:100,192.168.18.140:80:100,192.168.10.115:80:100,192.168.6.254:80:100,192.168.19.105:80:100,192.168.15.162:80:100,192.168.42.52:80:100,192.168.33.150:80:100,192.168.30.3:80:100,192.168.3.140:80:100,192.168.10.111:80:100,192.168.49.120:80:100,192.168.25.23:80:100,192.168.58.252:80:100,192.168.39.58:80:100,192.168.13.145:80:100,192.168.54.188:80:100,192.168.30.59:80:100,192.168.25.2:80:100,192.168.17.61:80:100,192.168.9.80:80:100,192.168.21.231:80:100,192.168.23.189:80:100,192.168.30.41:80:100,192.168.2.161:80:100,192.168.59.176:80:100,192.168.2.173:80:100,192.168.30.90:80:100,192.168.2.208:80:100,192.168.59.113:80:100,192.168.30.240:80:100,192.168.57.128:80:100,192.168.41.159:80:100,192.168.39.113:80:100,192.168.14.53:80:100,192.168.2.242:80:100,192.168.26.117:80:100,192.168.13.242:80:100,192.168.1.241:80:100,192.168.33.74:80:100,192.168.29.26:80:100,192.168.26.13:80:100,192.168.23.252:80:100,192.168.45.218:80:100,192.168.5.242:80:100,192.168.31.210:80:100,192.168.13.210:80:100,192.168.45.48:80:100,192.168.1.176:80:100,192.168.29.73:80:100,192.168.49.45:80:100,192.168.59.235:80:100,192.168.35.208:80:100,192.168.22.117:80:100,192.168.58.115:80:100,192.168.41.144:80:100,192.168.55.36:80:100,192.168.13.187:80:100,192.168.30.24:80:100,192.168.58.73:80:100,192.168.33.20:80:100,192.168.14.1:80:100,192.168.43.202:80:100,192.168.42.188:80:100,192.168.55.110:80:100,192.168.27.78:80:100,192.168.46.220:80:100,192.168.34.81:80:100,192.168.47.52:80:100,192.168.59.131:80:100,192.168.10.162:80:100,192.168.19.20:80:100,192.168.3.222:80:100,192.168.17.27:80:100,192.168.6.152:80:100,192.168.18.143:80:100", + "vip":"192.168.102.225" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.148:80:100,192.168.46.5:80:100,192.168.27.245:80:100,192.168.29.45:80:100,192.168.17.218:80:100,192.168.31.62:80:100", + "vip":"192.168.101.64" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.2.152:80:100,192.168.19.20:80:100,192.168.25.134:80:100", + "vip":"192.168.101.205" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.152:80:100,192.168.23.136:80:100,192.168.41.168:80:100,192.168.9.227:80:100", + "vip":"192.168.102.51" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.36:80:100,192.168.46.101:80:100,192.168.29.89:80:100,192.168.3.191:80:100,192.168.26.137:80:100", + "vip":"192.168.102.193" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.25.214:80:100,192.168.7.131:80:100,192.168.33.216:80:100,192.168.34.228:80:100,192.168.25.47:80:100,192.168.49.119:80:100,192.168.43.140:80:100,192.168.2.124:80:100,192.168.27.68:80:100,192.168.18.58:80:100,192.168.14.101:80:100,192.168.43.190:80:100,192.168.30.20:80:100,192.168.17.56:80:100,192.168.49.253:80:100,192.168.23.53:80:100,192.168.45.66:80:100,192.168.6.110:80:100,192.168.58.196:80:100,192.168.34.241:80:100,192.168.15.74:80:100,192.168.55.246:80:100,192.168.38.206:80:100,192.168.50.176:80:100,192.168.21.119:80:100,192.168.26.220:80:100,192.168.45.20:80:100,192.168.57.63:80:100,192.168.23.154:80:100,192.168.55.14:80:100,192.168.47.206:80:100,192.168.27.91:80:100,192.168.45.157:80:100,192.168.23.222:80:100,192.168.55.128:80:100,192.168.41.164:80:100,192.168.45.149:80:100,192.168.51.50:80:100,192.168.14.135:80:100,192.168.18.129:80:100,192.168.14.195:80:100,192.168.19.14:80:100,192.168.59.79:80:100,192.168.31.224:80:100,192.168.23.118:80:100,192.168.13.57:80:100,192.168.2.102:80:100,192.168.11.241:80:100,192.168.7.5:80:100,192.168.7.176:80:100,192.168.10.42:80:100,192.168.19.212:80:100,192.168.19.166:80:100,192.168.57.92:80:100,192.168.22.110:80:100,192.168.10.172:80:100,192.168.41.132:80:100,192.168.22.224:80:100,192.168.35.19:80:100,192.168.41.1:80:100,192.168.25.208:80:100,192.168.14.32:80:100,192.168.23.167:80:100,192.168.5.195:80:100,192.168.17.205:80:100,192.168.50.38:80:100,192.168.45.222:80:100,192.168.15.43:80:100,192.168.2.92:80:100,192.168.23.250:80:100,192.168.9.212:80:100,192.168.17.221:80:100,192.168.6.12:80:100,192.168.57.76:80:100,192.168.57.179:80:100,192.168.55.248:80:100,192.168.42.200:80:100,192.168.42.99:80:100,192.168.1.39:80:100,192.168.13.44:80:100,192.168.49.236:80:100,192.168.46.195:80:100,192.168.42.109:80:100,192.168.11.147:80:100,192.168.9.164:80:100,192.168.21.114:80:100,192.168.41.155:80:100,192.168.34.67:80:100,192.168.34.104:80:100,192.168.27.235:80:100,192.168.1.33:80:100,192.168.50.164:80:100,192.168.34.111:80:100,192.168.31.195:80:100,192.168.15.73:80:100,192.168.39.202:80:100,192.168.35.10:80:100,192.168.1.97:80:100,192.168.59.153:80:100,192.168.2.136:80:100,192.168.3.141:80:100,192.168.46.155:80:100,192.168.47.133:80:100,192.168.9.91:80:100,192.168.34.7:80:100,192.168.46.231:80:100,192.168.10.43:80:100,192.168.9.135:80:100,192.168.13.252:80:100,192.168.49.5:80:100,192.168.21.247:80:100,192.168.7.236:80:100,192.168.46.233:80:100,192.168.31.23:80:100,192.168.59.131:80:100,192.168.19.16:80:100,192.168.15.111:80:100,192.168.18.122:80:100,192.168.31.39:80:100,192.168.29.127:80:100,192.168.19.203:80:100,192.168.14.134:80:100,192.168.19.91:80:100", + "vip":"192.168.101.213" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.68:80:100,192.168.37.33:80:100,192.168.45.227:80:100,192.168.19.107:80:100,192.168.50.183:80:100,192.168.38.59:80:100,192.168.7.50:80:100,192.168.10.205:80:100", + "vip":"192.168.102.4" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.56:80:100,192.168.29.156:80:100,192.168.7.109:80:100,192.168.33.23:80:100,192.168.2.210:80:100,192.168.7.147:80:100,192.168.9.191:80:100,192.168.1.235:80:100,192.168.18.182:80:100,192.168.29.51:80:100,192.168.29.66:80:100", + "vip":"111.13.235.134" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.1.199:80:100,192.168.54.191:80:100", + "vip":"192.168.101.40" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.53.114:80:100,192.168.26.58:80:100,192.168.19.99:80:100,192.168.37.54:80:100,192.168.47.202:80:100,192.168.38.78:80:100,192.168.14.166:80:100,192.168.47.63:80:100,192.168.7.184:80:100", + "vip":"192.168.102.58" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.27.100:80:100,192.168.25.82:80:100,192.168.1.214:80:100,192.168.31.233:80:100,192.168.47.244:80:100,192.168.27.87:80:100,192.168.55.232:80:100,192.168.25.70:80:100,192.168.42.15:80:100,192.168.59.223:80:100,192.168.50.211:80:100,192.168.2.44:80:100,192.168.51.75:80:100,192.168.43.225:80:100,192.168.41.20:80:100,192.168.37.140:80:100,192.168.25.223:80:100,192.168.51.26:80:100", + "vip":"192.168.101.57" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.84:80:100,192.168.39.65:80:100,192.168.59.213:80:100,192.168.49.19:80:100,192.168.35.106:80:100,192.168.22.129:80:100,192.168.19.55:80:100,192.168.6.102:80:100,192.168.21.139:80:100,192.168.34.47:80:100,192.168.31.110:80:100,192.168.21.222:80:100,192.168.57.15:80:100,192.168.47.41:80:100,192.168.25.233:80:100,192.168.58.29:80:100,192.168.1.185:80:100,192.168.46.142:80:100,192.168.19.240:80:100,192.168.43.53:80:100,192.168.30.239:80:100,192.168.58.226:80:100,192.168.11.18:80:100,192.168.2.174:80:100,192.168.5.148:80:100,192.168.11.143:80:100,192.168.41.53:80:100,192.168.38.134:80:100,192.168.39.44:80:100,192.168.27.141:80:100,192.168.38.182:80:100,192.168.27.134:80:100,192.168.22.92:80:100,192.168.53.236:80:100,192.168.54.177:80:100,192.168.17.169:80:100,192.168.19.235:80:100,192.168.19.88:80:100,192.168.59.127:80:100,192.168.58.252:80:100,192.168.3.1:80:100,192.168.57.105:80:100,192.168.42.156:80:100,192.168.51.33:80:100,192.168.23.200:80:100,192.168.37.206:80:100,192.168.53.92:80:100,192.168.14.58:80:100,192.168.59.56:80:100,192.168.21.116:80:100,192.168.46.238:80:100,192.168.43.227:80:100,192.168.11.253:80:100,192.168.55.213:80:100,192.168.21.67:80:100,192.168.27.50:80:100,192.168.54.75:80:100,192.168.51.240:80:100,192.168.14.118:80:100,192.168.46.170:80:100,192.168.6.51:80:100,192.168.39.204:80:100,192.168.22.106:80:100,192.168.45.19:80:100,192.168.30.157:80:100,192.168.58.91:80:100,192.168.38.114:80:100,192.168.23.10:80:100,192.168.2.75:80:100,192.168.35.229:80:100,192.168.35.190:80:100,192.168.17.233:80:100,192.168.13.249:80:100,192.168.10.60:80:100,192.168.47.155:80:100,192.168.3.155:80:100,192.168.42.36:80:100,192.168.25.102:80:100,192.168.51.144:80:100,192.168.13.158:80:100,192.168.22.17:80:100,192.168.42.211:80:100,192.168.9.251:80:100,192.168.33.236:80:100,192.168.33.250:80:100,192.168.11.201:80:100,192.168.7.240:80:100,192.168.19.211:80:100,192.168.10.41:80:100,192.168.23.108:80:100,192.168.9.222:80:100,192.168.18.122:80:100,192.168.39.6:80:100,192.168.1.188:80:100,192.168.19.183:80:100,192.168.58.150:80:100,192.168.45.117:80:100,192.168.7.211:80:100,192.168.14.164:80:100", + "vip":"192.168.101.112" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.6.129:80:100,192.168.6.187:80:100,192.168.3.16:80:100,192.168.39.179:80:100,192.168.54.149:80:100", + "vip":"111.13.235.143" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.55.3:80:100", + "vip":"192.168.102.227" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.41.62:80:100,192.168.35.27:80:100,192.168.26.91:80:100,192.168.47.238:80:100", + "vip":"192.168.101.13" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.31.145:80:100,192.168.19.135:80:100,192.168.11.64:80:100,192.168.11.22:80:100,192.168.50.132:80:100,192.168.23.114:80:100,192.168.30.242:80:100,192.168.55.128:80:100,192.168.59.208:80:100,192.168.49.186:80:100,192.168.41.233:80:100,192.168.25.155:80:100,192.168.17.139:80:100,192.168.10.38:80:100,192.168.53.170:80:100,192.168.54.165:80:100,192.168.42.188:80:100", + "vip":"192.168.102.56" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.5.22:80:100,192.168.9.220:80:100,192.168.53.47:80:100,192.168.55.158:80:100", + "vip":"111.13.235.65" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.47.50:80:100,192.168.15.55:80:100,192.168.26.167:80:100,192.168.9.14:80:100,192.168.18.216:80:100,192.168.18.224:80:100,192.168.49.241:80:100,192.168.2.165:80:100,192.168.47.133:80:100,192.168.38.81:80:100,192.168.10.49:80:100,192.168.43.6:80:100,192.168.22.207:80:100,192.168.26.2:80:100,192.168.17.76:80:100,192.168.54.114:80:100,192.168.50.195:80:100,192.168.25.133:80:100,192.168.51.113:80:100,192.168.31.69:80:100,192.168.59.3:80:100,192.168.46.88:80:100,192.168.35.226:80:100,192.168.6.98:80:100,192.168.21.58:80:100,192.168.15.164:80:100,192.168.53.38:80:100,192.168.17.95:80:100,192.168.14.42:80:100,192.168.47.112:80:100,192.168.57.115:80:100,192.168.15.220:80:100,192.168.35.3:80:100,192.168.15.80:80:100,192.168.39.200:80:100,192.168.18.169:80:100,192.168.49.1:80:100", + "vip":"192.168.102.87" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.37.138:80:100,192.168.50.245:80:100,192.168.39.11:80:100,192.168.10.95:80:100,192.168.39.225:80:100,192.168.14.79:80:100,192.168.43.21:80:100,192.168.53.100:80:100,192.168.9.234:80:100,192.168.54.89:80:100,192.168.49.172:80:100,192.168.2.44:80:100,192.168.26.168:80:100", + "vip":"111.13.235.219" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.55:80:100", + "vip":"111.13.235.198" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.35.3:80:100,192.168.23.238:80:100,192.168.57.253:80:100", + "vip":"192.168.102.48" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.30.249:80:100,192.168.54.154:80:100,192.168.21.17:80:100,192.168.35.10:80:100,192.168.53.138:80:100", + "vip":"192.168.101.168" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.14.129:80:100,192.168.57.22:80:100,192.168.14.196:80:100,192.168.10.128:80:100,192.168.55.75:80:100,192.168.2.35:80:100,192.168.41.70:80:100,192.168.55.160:80:100,192.168.42.25:80:100,192.168.21.203:80:100,192.168.51.95:80:100,192.168.21.1:80:100,192.168.22.131:80:100,192.168.41.203:80:100,192.168.30.118:80:100,192.168.31.203:80:100,192.168.46.225:80:100", + "vip":"192.168.102.136" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.59.208:80:100,192.168.58.20:80:100,192.168.3.98:80:100,192.168.25.242:80:100", + "vip":"111.13.235.166" + }, + { + "ipType":"IPV4", + "port":"80", + "protocol":"TCP", + "rips":"192.168.21.82:80:100,192.168.18.234:80:100,192.168.19.148:80:100,192.168.55.145:80:100,192.168.15.42:80:100,192.168.22.37:80:100,192.168.59.47:80:100,192.168.5.159:80:100,192.168.25.209:80:100,192.168.37.215:80:100,192.168.6.81:80:100,192.168.19.26:80:100,192.168.34.126:80:100,192.168.43.198:80:100,192.168.29.40:80:100,192.168.9.149:80:100,192.168.46.225:80:100,192.168.31.146:80:100,192.168.38.252:80:100,192.168.51.103:80:100,192.168.47.28:80:100,192.168.21.12:80:100,192.168.25.249:80:100,192.168.22.234:80:100,192.168.54.204:80:100,192.168.9.2:80:100,192.168.33.239:80:100,192.168.10.134:80:100,192.168.41.94:80:100,192.168.11.99:80:100,192.168.33.196:80:100,192.168.10.55:80:100,192.168.38.121:80:100,192.168.38.238:80:100,192.168.21.79:80:100,192.168.11.181:80:100,192.168.49.48:80:100,192.168.10.78:80:100,192.168.45.28:80:100,192.168.59.156:80:100,192.168.38.221:80:100,192.168.18.251:80:100,192.168.17.94:80:100,192.168.37.183:80:100,192.168.37.181:80:100,192.168.54.100:80:100,192.168.58.44:80:100,192.168.45.20:80:100,192.168.29.136:80:100,192.168.18.252:80:100,192.168.30.182:80:100,192.168.7.11:80:100,192.168.54.36:80:100,192.168.59.219:80:100,192.168.42.197:80:100,192.168.5.178:80:100,192.168.47.196:80:100,192.168.22.44:80:100,192.168.14.167:80:100,192.168.19.80:80:100,192.168.37.123:80:100,192.168.14.150:80:100,192.168.5.68:80:100,192.168.18.210:80:100,192.168.55.227:80:100,192.168.35.105:80:100,192.168.18.129:80:100,192.168.25.65:80:100,192.168.45.133:80:100,192.168.34.31:80:100,192.168.45.90:80:100,192.168.17.107:80:100,192.168.14.169:80:100,192.168.47.90:80:100,192.168.11.191:80:100,192.168.46.184:80:100,192.168.49.64:80:100,192.168.13.142:80:100,192.168.25.157:80:100,192.168.30.71:80:100,192.168.53.169:80:100,192.168.54.231:80:100,192.168.53.162:80:100,192.168.10.212:80:100,192.168.27.151:80:100,192.168.57.112:80:100,192.168.33.91:80:100,192.168.2.85:80:100,192.168.14.74:80:100,192.168.39.192:80:100,192.168.2.35:80:100,192.168.7.123:80:100,192.168.17.229:80:100,192.168.10.203:80:100,192.168.59.243:80:100,192.168.54.41:80:100,192.168.47.227:80:100,192.168.14.12:80:100,192.168.22.75:80:100,192.168.43.80:80:100,192.168.15.1:80:100,192.168.58.69:80:100,192.168.55.206:80:100,192.168.23.250:80:100,192.168.45.67:80:100,192.168.41.67:80:100,192.168.53.187:80:100,192.168.59.60:80:100,192.168.35.229:80:100,192.168.5.165:80:100,192.168.33.76:80:100,192.168.50.167:80:100,192.168.10.173:80:100,192.168.18.228:80:100,192.168.41.40:80:100,192.168.46.103:80:100,192.168.1.100:80:100,192.168.6.137:80:100,192.168.29.171:80:100,192.168.38.50:80:100,192.168.26.211:80:100,192.168.7.153:80:100,192.168.27.15:80:100,192.168.42.221:80:100,192.168.17.152:80:100,192.168.50.133:80:100,192.168.23.249:80:100,192.168.58.208:80:100,192.168.9.80:80:100,192.168.25.179:80:100,192.168.58.246:80:100,192.168.6.114:80:100,192.168.17.52:80:100,192.168.29.85:80:100,192.168.35.225:80:100,192.168.49.116:80:100,192.168.30.78:80:100,192.168.6.32:80:100,192.168.53.129:80:100,192.168.5.22:80:100,192.168.35.108:80:100,192.168.21.29:80:100,192.168.26.183:80:100,192.168.22.243:80:100,192.168.7.225:80:100,192.168.9.108:80:100,192.168.37.131:80:100,192.168.51.70:80:100,192.168.9.202:80:100,192.168.59.217:80:100,192.168.14.202:80:100,192.168.38.175:80:100,192.168.41.59:80:100,192.168.1.140:80:100,192.168.54.182:80:100,192.168.18.14:80:100,192.168.3.153:80:100,192.168.6.238:80:100,192.168.55.131:80:100,192.168.39.101:80:100,192.168.34.23:80:100,192.168.31.138:80:100", + "vip":"192.168.101.204" + } + ] +} diff --git a/tools/keepalived/configure b/tools/keepalived/configure index dcb9f06fa..d0ff7d95e 100755 --- a/tools/keepalived/configure +++ b/tools/keepalived/configure @@ -1,6 +1,8 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69. +# Generated by GNU Autoconf 2.69 for Keepalived 2.0.19. +# +# Report bugs to . # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -264,10 +266,11 @@ fi $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" $as_echo "$0: be upgraded to zsh 4.3.4 or later." else - $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, -$0: including any error possibly output before this -$0: message. Then install a modern shell, or manually run -$0: the script under such a shell if you do have one." + $as_echo "$0: Please tell bug-autoconf@gnu.org and +$0: keepalived-users@groups.io about your system, including +$0: any error possibly output before this message. Then +$0: install a modern shell, or manually run the script +$0: under such a shell if you do have one." fi exit 1 fi @@ -575,12 +578,12 @@ MFLAGS= MAKEFLAGS= # Identity of this package. -PACKAGE_NAME= -PACKAGE_TARNAME= -PACKAGE_VERSION= -PACKAGE_STRING= -PACKAGE_BUGREPORT= -PACKAGE_URL= +PACKAGE_NAME='Keepalived' +PACKAGE_TARNAME='keepalived' +PACKAGE_VERSION='2.0.19' +PACKAGE_STRING='Keepalived 2.0.19' +PACKAGE_BUGREPORT='keepalived-users@groups.io' +PACKAGE_URL='http://www.keepalived.org/' ac_unique_file="keepalived/core/main.c" # Factoring default headers for most tests. @@ -619,28 +622,138 @@ ac_includes_default="\ # include #endif" -ac_subst_vars='LTLIBOBJS -LIBOBJS -VRRP_SUPPORT -USE_NL -IPVS_SUPPORT -VERSION_DATE -VERSION -DFLAGS -SO_MARK_SUPPORT -SHA1_SUPPORT -SNMP_SUPPORT +ac_subst_vars='am__EXEEXT_FALSE +am__EXEEXT_TRUE +LTLIBOBJS +INIT_SUSE_FALSE +INIT_SUSE_TRUE +INIT_OPENRC_FALSE +INIT_OPENRC_TRUE +INIT_SYSV_FALSE +INIT_SYSV_TRUE +INIT_SYSTEMD_FALSE +INIT_SYSTEMD_TRUE +INIT_UPSTART_FALSE +INIT_UPSTART_TRUE +systemdsystemunitdir +DEFAULT_CONFIG_FILE +RPM_BIP_FALSE +RPM_BIP_TRUE +RPM_FALSE +RPM_TRUE +HAVE_RPMBUILD +HAVE_RPM +PROFILE_FALSE +PROFILE_TRUE +ASSERTS_FALSE +ASSERTS_TRUE +DEBUG_FALSE +DEBUG_TRUE +BUILD_DOCS_FALSE +BUILD_DOCS_TRUE +HAVE_SPHINX_BUILD +SPHINXBUILDNAME +PID_DIR +WITH_NAMESPACES_FALSE +WITH_NAMESPACES_TRUE +WITH_SHA1_FALSE +WITH_SHA1_TRUE +DBUS_CREATE_INSTANCE_FALSE +DBUS_CREATE_INSTANCE_TRUE +WITH_DBUS_FALSE +WITH_DBUS_TRUE +SNMP_SERVICE +SNMP_REPLY_V3_FOR_V2_FALSE +SNMP_REPLY_V3_FOR_V2_TRUE +SNMP_RFCV3_FALSE +SNMP_RFCV3_TRUE +SNMP_RFCV2_FALSE +SNMP_RFCV2_TRUE +SNMP_RFC_FALSE +SNMP_RFC_TRUE +SNMP_CHECKER_FALSE +SNMP_CHECKER_TRUE +SNMP_VRRP_FALSE +SNMP_VRRP_TRUE +SNMP_KEEPALIVED_FALSE +SNMP_KEEPALIVED_TRUE +SNMP_FALSE +SNMP_TRUE NETSNMP_CONFIG -VRRP_VMAC -IPVS_SYNCD -KERN +FIB_ROUTING_FALSE +FIB_ROUTING_TRUE +SOCK_NONBLOCK_FALSE +SOCK_NONBLOCK_TRUE +CN_PROC_FALSE +CN_PROC_TRUE +WITH_BFD_FALSE +WITH_BFD_TRUE +WITH_JSON_FALSE +WITH_JSON_TRUE +VMAC_FALSE +VMAC_TRUE +VRRP_AUTH_FALSE +VRRP_AUTH_TRUE +WITH_VRRP_FALSE +WITH_VRRP_TRUE +WITH_REGEX_FALSE +WITH_REGEX_TRUE +WITH_IPVS_FALSE +WITH_IPVS_TRUE +FIREWALL_FALSE +FIREWALL_TRUE +NFTABLES_FALSE +NFTABLES_TRUE +REQUIRE_IPTABLES_LIBS_FALSE +REQUIRE_IPTABLES_LIBS_TRUE +LIBIPSET_DYNAMIC_FALSE +LIBIPSET_DYNAMIC_TRUE +LIBIPTC_DYNAMIC_FALSE +LIBIPTC_DYNAMIC_TRUE +IPTABLES_CMD_FALSE +IPTABLES_CMD_TRUE +IPTABLES_FALSE +IPTABLES_TRUE +LIBIPSET_FALSE +LIBIPSET_TRUE +LIBIPTC_FALSE +LIBIPTC_TRUE +LIBNL_DYNAMIC_FALSE +LIBNL_DYNAMIC_TRUE +LIBNL3_FALSE +LIBNL3_TRUE +LIBNL1_FALSE +LIBNL1_TRUE +BUILD_GENHASH_FALSE +BUILD_GENHASH_TRUE +GENHASH_LIBS +LIBOBJS EGREP -GREP CPP -STRIP -INSTALL_DATA -INSTALL_SCRIPT -INSTALL_PROGRAM +KA_LIBS +KA_LDFLAGS +KA_CFLAGS +KA_CPPFLAGS +WITH_STRICT_CONFIG_CHECKS_FALSE +WITH_STRICT_CONFIG_CHECKS_TRUE +ARFLAGS +ac_ct_AR +AR +LDD +SED +LN_S +GREP +RANLIB +am__fastdepCC_FALSE +am__fastdepCC_TRUE +CCDEPMODE +am__nodep +AMDEPBACKSLASH +AMDEP_FALSE +AMDEP_TRUE +am__quote +am__include +DEPDIR OBJEXT EXEEXT ac_ct_CC @@ -648,6 +761,37 @@ CPPFLAGS LDFLAGS CFLAGS CC +PKG_CONFIG_LIBDIR +PKG_CONFIG_PATH +PKG_CONFIG +MAINTAINERCLEANFILES +AM_BACKSLASH +AM_DEFAULT_VERBOSITY +AM_DEFAULT_V +AM_V +am__untar +am__tar +AMTAR +am__leading_dot +SET_MAKE +AWK +mkdir_p +MKDIR_P +INSTALL_STRIP_PROGRAM +STRIP +install_sh +MAKEINFO +AUTOHEADER +AUTOMAKE +AUTOCONF +ACLOCAL +VERSION +PACKAGE +CYGPATH_W +am__isrc +INSTALL_DATA +INSTALL_SCRIPT +INSTALL_PROGRAM target_alias host_alias build_alias @@ -689,20 +833,87 @@ SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking +enable_silent_rules enable_lvs_syncd enable_lvs +enable_lvs_64bit_stats enable_vrrp +enable_bfd with_kernel_dir -with_kernel_version enable_fwmark enable_snmp +enable_snmp_vrrp +enable_snmp_keepalived +enable_snmp_checker +enable_snmp_rfc +enable_snmp_rfcv2 +enable_snmp_rfcv3 +enable_snmp_reply_v3_for_v2 +enable_dbus +enable_dbus_create_instance enable_sha1 +enable_regex +enable_regex_timers +enable_json +with_init +enable_vrrp_auth +enable_checksum_compat +enable_routes +enable_linkbeat +enable_gnu_std_paths +enable_dynamic_linking +enable_iptables +enable_libiptc_dynamic +enable_libipset_dynamic +enable_libnl_dynamic +enable_libiptc +enable_libipset +enable_nftables +enable_libnl +enable_track_process +with_run_dir +enable_strict_config_checks +enable_hardening +enable_optimise +enable_warnings +enable_extra_warnings +enable_mem_check +enable_mem_check_log +enable_timer_check enable_debug +enable_netlink_timers +enable_smtp_alert_debug +enable_stacktrace +enable_perf +enable_log_file +enable_dump_threads +enable_epoll_debug +enable_epoll_thread_dump +enable_regex_debug +enable_tsm_debug +enable_vrrp_fd_debug +enable_eintr_debug +enable_track_process_debug +enable_parser_debug +enable_checksum_debug +enable_dump_keywords +enable_network_timestamp +enable_asserts +with_fixed_if_type +with_default_config_file enable_profile +enable_conversion_checks +enable_force_conversion_checks +enable_Werror +with_systemdsystemunitdir +enable_dependency_tracking ' ac_precious_vars='build_alias host_alias target_alias +PKG_CONFIG +PKG_CONFIG_PATH +PKG_CONFIG_LIBDIR CC CFLAGS LDFLAGS @@ -749,7 +960,7 @@ sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' includedir='${prefix}/include' oldincludedir='/usr/include' -docdir='${datarootdir}/doc/${PACKAGE}' +docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' infodir='${datarootdir}/info' htmldir='${docdir}' dvidir='${docdir}' @@ -1249,7 +1460,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures this package to adapt to many kinds of systems. +\`configure' configures Keepalived 2.0.19 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1297,7 +1508,7 @@ Fine tuning of the installation directories: --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] - --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE] + --docdir=DIR documentation root [DATAROOTDIR/doc/keepalived] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] @@ -1305,33 +1516,143 @@ Fine tuning of the installation directories: _ACEOF cat <<\_ACEOF + +Program names: + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM run sed PROGRAM on installed program names _ACEOF fi if test -n "$ac_init_help"; then - + case $ac_init_help in + short | recursive ) echo "Configuration of Keepalived 2.0.19:";; + esac cat <<\_ACEOF Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --enable-silent-rules less verbose build output (undo: "make V=1") + --disable-silent-rules verbose build output (undo: "make V=0") --disable-lvs-syncd do not use LVS synchronization daemon --disable-lvs do not use the LVS framework + --disable-lvs-64bit-stats + do not use the LVS 64-bit stats --disable-vrrp do not use the VRRP framework + --enable-bfd use the BFD framework --disable-fwmark compile without SO_MARK support --enable-snmp compile with SNMP support + --enable-snmp-vrrp compile with SNMP vrrp support + --enable-snmp-keepalived + obsolete - use --enable-snmp-vrrp + --enable-snmp-checker compile with SNMP checker support + --enable-snmp-rfc compile with SNMP RFC2787 (VRRPv2) and SNMP RFC6527 + (VRRPv3) support + --enable-snmp-rfcv2 compile with SNMP RFC2787 (VRRPv2) support + --enable-snmp-rfcv3 compile with SNMP RFC6527 (VRRPv3) support + --disable-snmp-reply-v3-for-v2 + disable RFC6527 responses for VRRPv2 instances + --enable-dbus compile with dbus support + --enable-dbus-create-instance + compile with dbus support for creating instances --enable-sha1 compile with SHA1 support + --enable-regex build with HTTP_GET regex checking + --enable-regex-timers build with HTTP_GET regex timers + --enable-json compile with signal to dump configuration and stats + as json + --disable-vrrp-auth compile without VRRP authentication + --disable-checksum-compat + compile without v1.3.6 and earlier VRRPv3 unicast + checksum compatibility + --disable-routes compile without ip rules/routes + --disable-linkbeat build without linkbeat support + --enable-gnu-std-paths use GNU standard paths for pid files etc + --enable-dynamic-linking + compile with/without dynamically linked + libiptc/libipset/libnl + --disable-iptables compile without iptables support + --enable-libiptc-dynamic + compile with libiptc dynamically linked + --disable-libipset-dynamic + compile with libipset statically linked + --enable-libnl-dynamic compile with libnl dynamically linked + --disable-libiptc compile without libiptc + --disable-libipset compile without libipset + --disable-nftables build without nftables support + --disable-libnl compile without libnl + --disable-track-process build without track-process functionality + --enable-strict-config-checks + build with strict configuration checking + --disable-hardening do not build with security hardening + --enable-optimise compiler optimisation level + --enable-warnings[=WARNINGS] + additional compiler warnings, disable for reduced + set + --enable-extra-warnings extra compiler warnings that will probably produce + many warnings + --enable-mem-check compile with memory alloc checking + --enable-mem-check-log compile with memory alloc checking writing to syslog + --enable-timer-check compile with set time logging --enable-debug compile with debugging flags + --enable-netlink-timers compile with netlink command timers + --enable-smtp-alert-debug + compile with smtp-alert debugging + --enable-stacktrace compile with stacktrace support + --enable-perf compile with perf performance data recording support + for vrrp process + --enable-log-file enable logging to file (-g) + --enable-dump-threads compile with thread dumping support + --enable-epoll-debug compile with epoll_wait() debugging support + --enable-epoll-thread-dump + compile with epoll thread dumping support + --enable-regex-debug compile with regex debugging support + --enable-tsm-debug compile with TSM debugging support + --enable-vrrp-fd-debug compile with vrrp fd debugging support + --enable-eintr-debug compile with EINTR debugging support, set to + check/nocheck to check/not check for EINTR + --enable-track-process-debug + compile with track process debugging support, set to + log all process connector events + --enable-parser-debug compile with parser debugging support + --enable-checksum-debug compile with checksum debugging support + --enable-dump-keywords compile with keyword dumping support + --enable-network-timestamp + compile with network timestamp debugging support + --enable-asserts compile with assert() enabled --enable-profile compile with profiling flags + --enable-conversion-checks + compile with conversion warnings if sensible + --enable-force-conversion-checks + compile with conversion warnings + --enable-Werror compile with warnings being errors + --enable-dependency-tracking + do not reject slow dependency extractors + --disable-dependency-tracking + speeds up one-time build Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-kernel-dir=DIR path to linux kernel source directory - --with-kernel-version=VER forced value for linux kernel version (VER=2.4|2.6) + --with-init=(upstart|systemd|SYSV|SUSE|openrc) + specify init type + --with-run-dir=PATH_TO_RUN + specify directory where /run is located + --with-fixed-if-type=TYPE + treat interface type TYPE as unchangeable + --with-default-config-file=FILE + Default configuration file + --with-systemdsystemunitdir=DIR + Directory for systemd service files] Some influential environment variables: + PKG_CONFIG path to pkg-config utility + PKG_CONFIG_PATH + directories to add to pkg-config's search path + PKG_CONFIG_LIBDIR + path overriding pkg-config's built-in search path CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a @@ -1344,7 +1665,8 @@ Some influential environment variables: Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. -Report bugs to the package provider. +Report bugs to . +Keepalived home page: . _ACEOF ac_status=$? fi @@ -1407,7 +1729,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -configure +Keepalived configure 2.0.19 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1459,20 +1781,21 @@ fi } # ac_fn_c_try_compile -# ac_fn_c_try_cpp LINENO -# ---------------------- -# Try to preprocess conftest.$ac_ext, and return whether this succeeded. -ac_fn_c_try_cpp () +# ac_fn_c_try_link LINENO +# ----------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_link () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { { ac_try="$ac_cpp conftest.$ac_ext" + rm -f conftest.$ac_objext conftest$ac_exeext + if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + (eval "$ac_link") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 @@ -1480,21 +1803,29 @@ $as_echo "$ac_try_echo"; } >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } > conftest.i && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + test -x conftest$ac_exeext }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_retval=1 + ac_retval=1 fi + # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information + # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would + # interfere with the next link command; also delete a directory that is + # left behind by Apple's compiler. We do this before executing the actions. + rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval -} # ac_fn_c_try_cpp +} # ac_fn_c_try_link # ac_fn_c_try_run LINENO # ---------------------- @@ -1538,6 +1869,43 @@ fi } # ac_fn_c_try_run +# ac_fn_c_try_cpp LINENO +# ---------------------- +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_cpp + # ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists, giving a warning if it cannot be compiled using @@ -1608,6 +1976,10 @@ $as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} $as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} +( $as_echo "## ----------------------------------------- ## +## Report this to keepalived-users@groups.io ## +## ----------------------------------------- ##" + ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 @@ -1656,42 +2028,50 @@ $as_echo "$ac_res" >&6; } } # ac_fn_c_check_header_compile -# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES -# --------------------------------------------- -# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR -# accordingly. -ac_fn_c_check_decl () +# ac_fn_c_check_type LINENO TYPE VAR INCLUDES +# ------------------------------------------- +# Tests whether TYPE exists after having included INCLUDES, setting cache +# variable VAR accordingly. +ac_fn_c_check_type () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - as_decl_name=`echo $2|sed 's/ *(.*//'` - as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 -$as_echo_n "checking whether $as_decl_name is declared... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else + eval "$3=no" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { -#ifndef $as_decl_name -#ifdef __cplusplus - (void) $as_decl_use; -#else - (void) $as_decl_name; -#endif -#endif - +if (sizeof ($2)) + return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - eval "$3=yes" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +if (sizeof (($2))) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + else - eval "$3=no" + eval "$3=yes" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi @@ -1700,75 +2080,36 @@ eval ac_res=\$$3 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno -} # ac_fn_c_check_decl - -# ac_fn_c_try_link LINENO -# ----------------------- -# Try to link conftest.$ac_ext, and return whether this succeeded. -ac_fn_c_try_link () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - rm -f conftest.$ac_objext conftest$ac_exeext - if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - grep -v '^ *+' conftest.err >conftest.er1 - cat conftest.er1 >&5 - mv -f conftest.er1 conftest.err - fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - test -x conftest$ac_exeext - }; then : - ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=1 -fi - # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information - # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would - # interfere with the next link command; also delete a directory that is - # left behind by Apple's compiler. We do this before executing the actions. - rm -rf conftest.dSYM conftest_ipa8_conftest.oo - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_link +} # ac_fn_c_check_type -# ac_fn_c_check_type LINENO TYPE VAR INCLUDES -# ------------------------------------------- -# Tests whether TYPE exists after having included INCLUDES, setting cache -# variable VAR accordingly. -ac_fn_c_check_type () +# ac_fn_c_find_intX_t LINENO BITS VAR +# ----------------------------------- +# Finds a signed integer type with width BITS, setting cache variable VAR +# accordingly. +ac_fn_c_find_intX_t () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for int$2_t" >&5 +$as_echo_n "checking for int$2_t... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=no" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + # Order is important - never check a type that is potentially smaller + # than half of the expected target width. + for ac_type in int$2_t 'int' 'long int' \ + 'long long int' 'short int' 'signed char'; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -$4 +$ac_includes_default + enum { N = $2 / 2 - 1 }; int main () { -if (sizeof ($2)) - return 0; +static int test_array [1 - 2 * !(0 < ($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 1))]; +test_array [0] = 0; +return test_array [0]; + ; return 0; } @@ -1776,12 +2117,16 @@ _ACEOF if ac_fn_c_try_compile "$LINENO"; then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -$4 +$ac_includes_default + enum { N = $2 / 2 - 1 }; int main () { -if (sizeof (($2))) - return 0; +static int test_array [1 - 2 * !(($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 1) + < ($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 2))]; +test_array [0] = 0; +return test_array [0]; + ; return 0; } @@ -1789,18 +2134,83 @@ _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else - eval "$3=yes" + case $ac_type in #( + int$2_t) : + eval "$3=yes" ;; #( + *) : + eval "$3=\$ac_type" ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if eval test \"x\$"$3"\" = x"no"; then : + +else + break +fi + done fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno -} # ac_fn_c_check_type +} # ac_fn_c_find_intX_t + +# ac_fn_c_find_uintX_t LINENO BITS VAR +# ------------------------------------ +# Finds an unsigned integer type with width BITS, setting cache variable VAR +# accordingly. +ac_fn_c_find_uintX_t () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uint$2_t" >&5 +$as_echo_n "checking for uint$2_t... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=no" + # Order is important - never check a type that is potentially smaller + # than half of the expected target width. + for ac_type in uint$2_t 'unsigned int' 'unsigned long int' \ + 'unsigned long long int' 'unsigned short int' 'unsigned char'; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +static int test_array [1 - 2 * !((($ac_type) -1 >> ($2 / 2 - 1)) >> ($2 / 2 - 1) == 3)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + case $ac_type in #( + uint$2_t) : + eval "$3=yes" ;; #( + *) : + eval "$3=\$ac_type" ;; +esac +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if eval test \"x\$"$3"\" = x"no"; then : + +else + break +fi + done +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_find_uintX_t # ac_fn_c_check_func LINENO FUNC VAR # ---------------------------------- @@ -1868,23 +2278,126 @@ $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_func -cat >config.log <<_ACEOF -This file contains any messages produced by compilers while -running configure, to aid debugging if configure makes a mistake. -It was created by $as_me, which was -generated by GNU Autoconf 2.69. Invocation command line was - - $ $0 $@ - -_ACEOF -exec 5>>config.log +# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES +# --------------------------------------------- +# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR +# accordingly. +ac_fn_c_check_decl () { -cat <<_ASUNAME -## --------- ## -## Platform. ## -## --------- ## - + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + as_decl_name=`echo $2|sed 's/ *(.*//'` + as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 +$as_echo_n "checking whether $as_decl_name is declared... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +#ifndef $as_decl_name +#ifdef __cplusplus + (void) $as_decl_use; +#else + (void) $as_decl_name; +#endif +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_decl + +# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES +# ---------------------------------------------------- +# Tries to find if the field MEMBER exists in type AGGR, after including +# INCLUDES, setting cache variable VAR accordingly. +ac_fn_c_check_member () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 +$as_echo_n "checking for $2.$3... " >&6; } +if eval \${$4+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$5 +int +main () +{ +static $2 ac_aggr; +if (ac_aggr.$3) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$4=yes" +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$5 +int +main () +{ +static $2 ac_aggr; +if (sizeof ac_aggr.$3) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$4=yes" +else + eval "$4=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$4 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_member +cat >config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by Keepalived $as_me 2.0.19, which was +generated by GNU Autoconf 2.69. Invocation command line was + + $ $0 $@ + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` @@ -2220,25 +2733,251 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu -VERSION=`cat VERSION` -VERSION_DATE=`date +%m/%d,20%y` -OUTPUT_TARGET="Makefile genhash/Makefile keepalived/core/Makefile lib/config.h keepalived.spec" +am__api_version='1.13' -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. -set dummy ${ac_tool_prefix}gcc; ac_word=$2 +ac_aux_dir= +for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f "$ac_dir/install.sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f "$ac_dir/shtool"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 +fi + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. +ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. +ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +# Reject install programs that cannot install multiple files. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 +$as_echo_n "checking for a BSD-compatible install... " >&6; } +if test -z "$INSTALL"; then +if ${ac_cv_path_install+:} false; then : + $as_echo_n "(cached) " >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in #(( + ./ | .// | /[cC]/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then + if test $ac_prog = install && + grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + rm -rf conftest.one conftest.two conftest.dir + echo one > conftest.one + echo two > conftest.two + mkdir conftest.dir + if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && + test -s conftest.one && test -s conftest.two && + test -s conftest.dir/conftest.one && + test -s conftest.dir/conftest.two + then + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + fi + done + done + ;; +esac + + done +IFS=$as_save_IFS + +rm -rf conftest.one conftest.two conftest.dir + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. Don't cache a + # value for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + INSTALL=$ac_install_sh + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 +$as_echo "$INSTALL" >&6; } + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 +$as_echo_n "checking whether build environment is sane... " >&6; } +# Reject unsafe characters in $srcdir or the absolute working directory +# name. Accept space and tab only in the latter. +am_lf=' +' +case `pwd` in + *[\\\"\#\$\&\'\`$am_lf]*) + as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;; +esac +case $srcdir in + *[\\\"\#\$\&\'\`$am_lf\ \ ]*) + as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;; +esac + +# Do 'set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + am_has_slept=no + for am_try in 1 2; do + echo "timestamp, slept: $am_has_slept" > conftest.file + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$*" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + if test "$*" != "X $srcdir/configure conftest.file" \ + && test "$*" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + as_fn_error $? "ls -t appears to fail. Make sure there is not a broken + alias in your environment" "$LINENO" 5 + fi + if test "$2" = conftest.file || test $am_try -eq 2; then + break + fi + # Just in case. + sleep 1 + am_has_slept=yes + done + test "$2" = conftest.file + ) +then + # Ok. + : +else + as_fn_error $? "newly created file is older than distributed files! +Check your system clock" "$LINENO" 5 +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +# If we didn't sleep, we still need to ensure time stamps of config.status and +# generated files are strictly newer. +am_sleep_pid= +if grep 'slept: no' conftest.file >/dev/null 2>&1; then + ( sleep 1 ) & + am_sleep_pid=$! +fi + +rm -f conftest.file + +test "$program_prefix" != NONE && + program_transform_name="s&^&$program_prefix&;$program_transform_name" +# Use a double $ so make ignores it. +test "$program_suffix" != NONE && + program_transform_name="s&\$&$program_suffix&;$program_transform_name" +# Double any \ or $. +# By default was `s,x,x', remove it if useless. +ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' +program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` + +# expand $ac_aux_dir to an absolute path +am_aux_dir=`cd $ac_aux_dir && pwd` + +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi +# Use eval to expand $SHELL +if eval "$MISSING --is-lightweight"; then + am_missing_run="$MISSING " +else + am_missing_run= + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 +$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} +fi + +if test x"${install_sh}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; + *) + install_sh="\${SHELL} $am_aux_dir/install-sh" + esac +fi + +# Installed binaries are usually stripped using 'strip' when the user +# run "make install-strip". However 'strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the 'STRIP' environment variable to overrule this program. +if test "$cross_compiling" != no; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : +if ${ac_cv_prog_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH @@ -2247,7 +2986,7 @@ do test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="${ac_tool_prefix}gcc" + ac_cv_prog_STRIP="${ac_tool_prefix}strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi @@ -2257,10 +2996,10 @@ IFS=$as_save_IFS fi fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } @@ -2268,17 +3007,17 @@ fi fi -if test -z "$ac_cv_prog_CC"; then - ac_ct_CC=$CC - # Extract the first word of "gcc", so it can be a program name with args. -set dummy gcc; ac_word=$2 +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : +if ${ac_cv_prog_ac_ct_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH @@ -2287,7 +3026,7 @@ do test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_CC="gcc" + ac_cv_prog_ac_ct_STRIP="strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi @@ -2297,17 +3036,17 @@ IFS=$as_save_IFS fi fi -ac_ct_CC=$ac_cv_prog_ac_ct_CC -if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi - if test "x$ac_ct_CC" = x; then - CC="" + if test "x$ac_ct_STRIP" = x; then + STRIP=":" else case $cross_compiling:$ac_tool_warned in yes:) @@ -2315,65 +3054,69 @@ yes:) $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac - CC=$ac_ct_CC + STRIP=$ac_ct_STRIP fi else - CC="$ac_cv_prog_CC" + STRIP="$ac_cv_prog_STRIP" fi -if test -z "$CC"; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. -set dummy ${ac_tool_prefix}cc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : +fi +INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 +$as_echo_n "checking for a thread-safe mkdir -p... " >&6; } +if test -z "$MKDIR_P"; then + if ${ac_cv_path_mkdir+:} false; then : $as_echo_n "(cached) " >&6 else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="${ac_tool_prefix}cc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done + for ac_prog in mkdir gmkdir; do + for ac_exec_ext in '' $ac_executable_extensions; do + as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue + case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( + 'mkdir (GNU coreutils) '* | \ + 'mkdir (coreutils) '* | \ + 'mkdir (fileutils) '4.1*) + ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext + break 3;; + esac + done + done done IFS=$as_save_IFS fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - + test -d ./--version && rmdir ./--version + if test "${ac_cv_path_mkdir+set}" = set; then + MKDIR_P="$ac_cv_path_mkdir -p" + else + # As a last resort, use the slow shell script. Don't cache a + # value for MKDIR_P within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + MKDIR_P="$ac_install_sh -d" fi fi -if test -z "$CC"; then - # Extract the first word of "cc", so it can be a program name with args. -set dummy cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 +$as_echo "$MKDIR_P" >&6; } + +for ac_prog in gawk mawk nawk awk +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : +if ${ac_cv_prog_AWK+:} false; then : $as_echo_n "(cached) " >&6 else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. + if test -n "$AWK"; then + ac_cv_prog_AWK="$AWK" # Let the user override the test. else - ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -2381,11 +3124,7 @@ do test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then - ac_prog_rejected=yes - continue - fi - ac_cv_prog_CC="cc" + ac_cv_prog_AWK="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi @@ -2393,53 +3132,260 @@ done done IFS=$as_save_IFS -if test $ac_prog_rejected = yes; then - # We found a bogon in the path, so make sure we never use it. - set dummy $ac_cv_prog_CC - shift - if test $# != 0; then - # We chose a different compiler from the bogus one. - # However, it has the same basename, so the bogon will be chosen - # first if we set CC to just the basename; use the full file name. - shift - ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" - fi fi fi +AWK=$ac_cv_prog_AWK +if test -n "$AWK"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 +$as_echo "$AWK" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } + + + test -n "$AWK" && break +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } +set x ${MAKE-make} +ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` +if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat >conftest.make <<\_ACEOF +SHELL = /bin/sh +all: + @echo '@@@%%%=$(MAKE)=@@@%%%' +_ACEOF +# GNU make sometimes prints "make[1]: Entering ...", which would confuse us. +case `${MAKE-make} -f conftest.make 2>/dev/null` in + *@@@%%%=?*=@@@%%%*) + eval ac_cv_prog_make_${ac_make}_set=yes;; + *) + eval ac_cv_prog_make_${ac_make}_set=no;; +esac +rm -f conftest.make +fi +if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + SET_MAKE= else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } + SET_MAKE="MAKE=${MAKE-make}" fi +rm -rf .tst 2>/dev/null +mkdir .tst 2>/dev/null +if test -d .tst; then + am__leading_dot=. +else + am__leading_dot=_ +fi +rmdir .tst 2>/dev/null +# Check whether --enable-silent-rules was given. +if test "${enable_silent_rules+set}" = set; then : + enableval=$enable_silent_rules; fi -if test -z "$CC"; then - if test -n "$ac_tool_prefix"; then - for ac_prog in cl.exe - do - # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. -set dummy $ac_tool_prefix$ac_prog; ac_word=$2 + +case $enable_silent_rules in # ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; + *) AM_DEFAULT_VERBOSITY=1;; +esac +am_make=${MAKE-make} +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 +$as_echo_n "checking whether $am_make supports nested variables... " >&6; } +if ${am_cv_make_support_nested_variables+:} false; then : + $as_echo_n "(cached) " >&6 +else + if $as_echo 'TRUE=$(BAR$(V)) +BAR0=false +BAR1=true +V=1 +am__doit: + @$(TRUE) +.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then + am_cv_make_support_nested_variables=yes +else + am_cv_make_support_nested_variables=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 +$as_echo "$am_cv_make_support_nested_variables" >&6; } +if test $am_cv_make_support_nested_variables = yes; then + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +AM_BACKSLASH='\' + +if test "`cd $srcdir && pwd`" != "`pwd`"; then + # Use -I$(srcdir) only when $(srcdir) != ., so that make's output + # is not polluted with repeated "-I." + am__isrc=' -I$(srcdir)' + # test to see if srcdir already configured + if test -f $srcdir/config.status; then + as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 + fi +fi + +# test whether we have cygpath +if test -z "$CYGPATH_W"; then + if (cygpath --version) >/dev/null 2>/dev/null; then + CYGPATH_W='cygpath -w' + else + CYGPATH_W=echo + fi +fi + + +# Define the identity of the package. + PACKAGE='keepalived' + VERSION='2.0.19' + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE "$PACKAGE" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define VERSION "$VERSION" +_ACEOF + +# Some tools Automake needs. + +ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"} + + +AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} + + +AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"} + + +AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} + + +MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} + +# For better backward compatibility. To be removed once Automake 1.9.x +# dies out for good. For more background, see: +# +# +mkdir_p='$(MKDIR_P)' + +# We need awk for the "check" target. The system "awk" is bad on +# some platforms. +# Always define AMTAR for backward compatibility. Yes, it's still used +# in the wild :-( We should find a proper way to deprecate it ... +AMTAR='$${TAR-tar}' + + +# We'll loop over all known methods to create a tar archive until one works. +_am_tools='gnutar pax cpio none' + +am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -' + + + + + + + + + +ac_config_headers="$ac_config_headers lib/config.h lib/config_warnings.h" + + + + + +ac_config_files="$ac_config_files Makefile keepalived/Makefile lib/Makefile keepalived/core/Makefile keepalived.spec genhash/Makefile keepalived/check/Makefile keepalived/vrrp/Makefile keepalived/bfd/Makefile doc/Makefile bin_install/Makefile keepalived/dbus/Makefile keepalived/etc/Makefile keepalived/etc/init/Makefile keepalived/etc/init.d/Makefile doc/man/man8/Makefile" + + + +MAINTAINERCLEANFILES="*~ *.orig *.rej core core.*" + +CONFIG_OPTIONS= +SYSTEM_OPTIONS= + +# Check whether --enable-silent-rules was given. +if test "${enable_silent_rules+set}" = set; then : + enableval=$enable_silent_rules; +fi + +case $enable_silent_rules in # ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; + *) AM_DEFAULT_VERBOSITY=0;; +esac +am_make=${MAKE-make} +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 +$as_echo_n "checking whether $am_make supports nested variables... " >&6; } +if ${am_cv_make_support_nested_variables+:} false; then : + $as_echo_n "(cached) " >&6 +else + if $as_echo 'TRUE=$(BAR$(V)) +BAR0=false +BAR1=true +V=1 +am__doit: + @$(TRUE) +.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then + am_cv_make_support_nested_variables=yes +else + am_cv_make_support_nested_variables=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 +$as_echo "$am_cv_make_support_nested_variables" >&6; } +if test $am_cv_make_support_nested_variables = yes; then + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +AM_BACKSLASH='\' + + + + + + + + + +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : +if ${ac_cv_path_PKG_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi @@ -2447,43 +3393,42 @@ done done IFS=$as_save_IFS + ;; +esac fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } +PKG_CONFIG=$ac_cv_path_PKG_CONFIG +if test -n "$PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 +$as_echo "$PKG_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi - test -n "$CC" && break - done fi -if test -z "$CC"; then - ac_ct_CC=$CC - for ac_prog in cl.exe -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 +if test -z "$ac_cv_path_PKG_CONFIG"; then + ac_pt_PKG_CONFIG=$PKG_CONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : +if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + case $ac_pt_PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_CC="$ac_prog" + ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi @@ -2491,23 +3436,20 @@ done done IFS=$as_save_IFS + ;; +esac fi -fi -ac_ct_CC=$ac_cv_prog_ac_ct_CC -if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } +ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG +if test -n "$ac_pt_PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 +$as_echo "$ac_pt_PKG_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi - - test -n "$ac_ct_CC" && break -done - - if test "x$ac_ct_CC" = x; then - CC="" + if test "x$ac_pt_PKG_CONFIG" = x; then + PKG_CONFIG="" else case $cross_compiling:$ac_tool_warned in yes:) @@ -2515,1261 +3457,8148 @@ yes:) $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac - CC=$ac_ct_CC + PKG_CONFIG=$ac_pt_PKG_CONFIG fi +else + PKG_CONFIG="$ac_cv_path_PKG_CONFIG" fi fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=0.9.0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 +$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + PKG_CONFIG="" + fi +fi +# Check whether --enable-lvs-syncd was given. +if test "${enable_lvs_syncd+set}" = set; then : + enableval=$enable_lvs_syncd; +fi -test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "no acceptable C compiler found in \$PATH -See \`config.log' for more details" "$LINENO" 5; } - -# Provide some information about the compiler. -$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 -set X $ac_compile -ac_compiler=$2 -for ac_option in --version -v -V -qversion; do - { { ac_try="$ac_compiler $ac_option >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_compiler $ac_option >&5") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - sed '10a\ -... rest of stderr output deleted ... - 10q' conftest.err >conftest.er1 - cat conftest.er1 >&5 +# Check whether --enable-lvs was given. +if test "${enable_lvs+set}" = set; then : + enableval=$enable_lvs; +fi + +# Check whether --enable-lvs-64bit-stats was given. +if test "${enable_lvs_64bit_stats+set}" = set; then : + enableval=$enable_lvs_64bit_stats; +fi + +# Check whether --enable-vrrp was given. +if test "${enable_vrrp+set}" = set; then : + enableval=$enable_vrrp; +fi + +# Check whether --enable-bfd was given. +if test "${enable_bfd+set}" = set; then : + enableval=$enable_bfd; +fi + + +# Check whether --with-kernel-dir was given. +if test "${with_kernel_dir+set}" = set; then : + withval=$with_kernel_dir; kernel_src_path="$withval" + else kernel_src_path="" +fi + +# Check whether --enable-fwmark was given. +if test "${enable_fwmark+set}" = set; then : + enableval=$enable_fwmark; +fi + +# Check whether --enable-snmp was given. +if test "${enable_snmp+set}" = set; then : + enableval=$enable_snmp; +fi + +# Check whether --enable-snmp-vrrp was given. +if test "${enable_snmp_vrrp+set}" = set; then : + enableval=$enable_snmp_vrrp; +fi + +# Check whether --enable-snmp-keepalived was given. +if test "${enable_snmp_keepalived+set}" = set; then : + enableval=$enable_snmp_keepalived; +fi + +# Check whether --enable-snmp-checker was given. +if test "${enable_snmp_checker+set}" = set; then : + enableval=$enable_snmp_checker; +fi + +# Check whether --enable-snmp-rfc was given. +if test "${enable_snmp_rfc+set}" = set; then : + enableval=$enable_snmp_rfc; +fi + +# Check whether --enable-snmp-rfcv2 was given. +if test "${enable_snmp_rfcv2+set}" = set; then : + enableval=$enable_snmp_rfcv2; +fi + +# Check whether --enable-snmp-rfcv3 was given. +if test "${enable_snmp_rfcv3+set}" = set; then : + enableval=$enable_snmp_rfcv3; +fi + +# Check whether --enable-snmp-reply-v3-for-v2 was given. +if test "${enable_snmp_reply_v3_for_v2+set}" = set; then : + enableval=$enable_snmp_reply_v3_for_v2; +fi + +# Check whether --enable-dbus was given. +if test "${enable_dbus+set}" = set; then : + enableval=$enable_dbus; +fi + +# Check whether --enable-dbus-create-instance was given. +if test "${enable_dbus_create_instance+set}" = set; then : + enableval=$enable_dbus_create_instance; +fi + +# Check whether --enable-sha1 was given. +if test "${enable_sha1+set}" = set; then : + enableval=$enable_sha1; +fi + +# Check whether --enable-regex was given. +if test "${enable_regex+set}" = set; then : + enableval=$enable_regex; +fi + +# Check whether --enable-regex-timers was given. +if test "${enable_regex_timers+set}" = set; then : + enableval=$enable_regex_timers; +fi + +# Check whether --enable-json was given. +if test "${enable_json+set}" = set; then : + enableval=$enable_json; +fi + + +# Check whether --with-init was given. +if test "${with_init+set}" = set; then : + withval=$with_init; init_type="$withval" +else + init_type="" +fi + +# Check whether --enable-vrrp-auth was given. +if test "${enable_vrrp_auth+set}" = set; then : + enableval=$enable_vrrp_auth; +fi + +# Check whether --enable-checksum_compat was given. +if test "${enable_checksum_compat+set}" = set; then : + enableval=$enable_checksum_compat; +fi + +# Check whether --enable-routes was given. +if test "${enable_routes+set}" = set; then : + enableval=$enable_routes; +fi + +# Check whether --enable-linkbeat was given. +if test "${enable_linkbeat+set}" = set; then : + enableval=$enable_linkbeat; +fi + +# Check whether --enable-gnu-std-paths was given. +if test "${enable_gnu_std_paths+set}" = set; then : + enableval=$enable_gnu_std_paths; +fi + +# Check whether --enable-dynamic-linking was given. +if test "${enable_dynamic_linking+set}" = set; then : + enableval=$enable_dynamic_linking; +fi + +# Check whether --enable-iptables was given. +if test "${enable_iptables+set}" = set; then : + enableval=$enable_iptables; +else + IPTABLES_SILENT=Yes +fi + +# Check whether --enable-libiptc-dynamic was given. +if test "${enable_libiptc_dynamic+set}" = set; then : + enableval=$enable_libiptc_dynamic; +fi + +# Check whether --enable-libipset-dynamic was given. +if test "${enable_libipset_dynamic+set}" = set; then : + enableval=$enable_libipset_dynamic; +fi + +# Check whether --enable-libnl-dynamic was given. +if test "${enable_libnl_dynamic+set}" = set; then : + enableval=$enable_libnl_dynamic; +fi + +# Check whether --enable-libiptc was given. +if test "${enable_libiptc+set}" = set; then : + enableval=$enable_libiptc; +fi + +# Check whether --enable-libipset was given. +if test "${enable_libipset+set}" = set; then : + enableval=$enable_libipset; +fi + +# Check whether --enable-nftables was given. +if test "${enable_nftables+set}" = set; then : + enableval=$enable_nftables; +else + NFTABLES_SILENT=Yes +fi + +# Check whether --enable-libnl was given. +if test "${enable_libnl+set}" = set; then : + enableval=$enable_libnl; +fi + +# Check whether --enable-track-process was given. +if test "${enable_track_process+set}" = set; then : + enableval=$enable_track_process; +fi + + +# Check whether --with-run-dir was given. +if test "${with_run_dir+set}" = set; then : + withval=$with_run_dir; RUN_DIR_SPECIFIED=Y +else + RUN_DIR_SPECIFIED=N +fi + +# Check whether --enable-strict-config-checks was given. +if test "${enable_strict_config_checks+set}" = set; then : + enableval=$enable_strict_config_checks; +fi + +# Check whether --enable-hardening was given. +if test "${enable_hardening+set}" = set; then : + enableval=$enable_hardening; +fi + +# Check whether --enable-optimise was given. +if test "${enable_optimise+set}" = set; then : + enableval=$enable_optimise; +else + enable_optimise=not-specified +fi + +# Check whether --enable-warnings was given. +if test "${enable_warnings+set}" = set; then : + enableval=$enable_warnings; +else + enable_warnings=yes +fi + +# Check whether --enable-extra-warnings was given. +if test "${enable_extra_warnings+set}" = set; then : + enableval=$enable_extra_warnings; +fi + +# Check whether --enable-mem-check was given. +if test "${enable_mem_check+set}" = set; then : + enableval=$enable_mem_check; +fi + +# Check whether --enable-mem-check-log was given. +if test "${enable_mem_check_log+set}" = set; then : + enableval=$enable_mem_check_log; +fi + +# Check whether --enable-timer-check was given. +if test "${enable_timer_check+set}" = set; then : + enableval=$enable_timer_check; +fi + +# Check whether --enable-debug was given. +if test "${enable_debug+set}" = set; then : + enableval=$enable_debug; +fi + +# Check whether --enable-netlink-timers was given. +if test "${enable_netlink_timers+set}" = set; then : + enableval=$enable_netlink_timers; +fi + +# Check whether --enable-smtp-alert-debug was given. +if test "${enable_smtp_alert_debug+set}" = set; then : + enableval=$enable_smtp_alert_debug; +fi + +# Check whether --enable-stacktrace was given. +if test "${enable_stacktrace+set}" = set; then : + enableval=$enable_stacktrace; +fi + +# Check whether --enable-perf was given. +if test "${enable_perf+set}" = set; then : + enableval=$enable_perf; +fi + +# Check whether --enable-log-file was given. +if test "${enable_log_file+set}" = set; then : + enableval=$enable_log_file; +fi + +# Check whether --enable-dump-threads was given. +if test "${enable_dump_threads+set}" = set; then : + enableval=$enable_dump_threads; +fi + +# Check whether --enable-epoll-debug was given. +if test "${enable_epoll_debug+set}" = set; then : + enableval=$enable_epoll_debug; +fi + +# Check whether --enable-epoll-thread-dump was given. +if test "${enable_epoll_thread_dump+set}" = set; then : + enableval=$enable_epoll_thread_dump; +fi + +# Check whether --enable-regex-debug was given. +if test "${enable_regex_debug+set}" = set; then : + enableval=$enable_regex_debug; +fi + +# Check whether --enable-tsm-debug was given. +if test "${enable_tsm_debug+set}" = set; then : + enableval=$enable_tsm_debug; +fi + +# Check whether --enable-vrrp-fd-debug was given. +if test "${enable_vrrp_fd_debug+set}" = set; then : + enableval=$enable_vrrp_fd_debug; +fi + +# Check whether --enable-eintr-debug was given. +if test "${enable_eintr_debug+set}" = set; then : + enableval=$enable_eintr_debug; +fi + +# Check whether --enable-track-process-debug was given. +if test "${enable_track_process_debug+set}" = set; then : + enableval=$enable_track_process_debug; +fi + +# Check whether --enable-parser-debug was given. +if test "${enable_parser_debug+set}" = set; then : + enableval=$enable_parser_debug; +fi + +# Check whether --enable-checksum-debug was given. +if test "${enable_checksum_debug+set}" = set; then : + enableval=$enable_checksum_debug; +fi + +# Check whether --enable-dump-keywords was given. +if test "${enable_dump_keywords+set}" = set; then : + enableval=$enable_dump_keywords; +fi + +# Check whether --enable-network-timestamp was given. +if test "${enable_network_timestamp+set}" = set; then : + enableval=$enable_network_timestamp; +fi + +# Check whether --enable-asserts was given. +if test "${enable_asserts+set}" = set; then : + enableval=$enable_asserts; +fi + + +# Check whether --with-fixed-if-type was given. +if test "${with_fixed_if_type+set}" = set; then : + withval=$with_fixed_if_type; +fi + + +# Check whether --with-default-config-file was given. +if test "${with_default_config_file+set}" = set; then : + withval=$with_default_config_file; default_config_file="$withval" +else + default_config_file="" +fi + +# Check whether --enable-profile was given. +if test "${enable_profile+set}" = set; then : + enableval=$enable_profile; +fi + +# Check whether --enable-conversion-checks was given. +if test "${enable_conversion_checks+set}" = set; then : + enableval=$enable_conversion_checks; +fi + +# Check whether --enable-force-conversion-checks was given. +if test "${enable_force_conversion_checks+set}" = set; then : + enableval=$enable_force_conversion_checks; +fi + +# Check whether --enable-Werror was given. +if test "${enable_Werror+set}" = set; then : + enableval=$enable_Werror; +fi + + + +# Check whether --with-systemdsystemunitdir was given. +if test "${with_systemdsystemunitdir+set}" = set; then : + withval=$with_systemdsystemunitdir; +fi + + +# Set the kernel headers path +if test -n "$kernel_src_path"; then + if test ! -d $kernel_src_path/include; then + as_fn_error $? "kernel source path $kernel_src_path/include does not exist" "$LINENO" 5 + fi + if test ! -d $kernel_src_path/include/linux; then + as_fn_error $? "kernel source path $kernel_src_path/include does not appear to include linux header files" "$LINENO" 5 + fi + if test -d $kernel_src_path/include/uapi/linux; then + as_fn_error $? "kernel source path $kernel_src_path appears to be an unprocessed kernel source tree" "$LINENO" 5 + fi + kernelinc="-isystem $kernel_src_path/include" +elif test ! -d /usr/include/linux -a \ + -d /usr/src/linux/include; then + kernelinc="-isystem /usr/src/linux/include" +else + kernelinc= +fi + +CPPFLAGS="$kernelinc $CPPFLAGS" + +# Checks for programs. +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 fi - rm -f conftest.er1 conftest.err - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5; } + +# Provide some information about the compiler. +$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion; do + { { ac_try="$ac_compiler $ac_option >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 +$as_echo_n "checking whether the C compiler works... " >&6; } +ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` + +# The possible output files: +ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" + +ac_rmfiles= +for ac_file in $ac_files +do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + * ) ac_rmfiles="$ac_rmfiles $ac_file";; + esac +done +rm -f $ac_rmfiles + +if { { ac_try="$ac_link_default" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link_default") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. +# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' +# in a Makefile. We should not override ac_cv_exeext if it was cached, +# so that the user can short-circuit this test for compilers unknown to +# Autoconf. +for ac_file in $ac_files '' +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; + then :; else + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + fi + # We set ac_cv_exeext here because the later test for it is not + # safe: cross compilers may not add the suffix if given an `-o' + # argument, so we may need to know it at that point already. + # Even if this section looks crufty: it has the advantage of + # actually working. + break;; + * ) + break;; + esac +done +test "$ac_cv_exeext" = no && ac_cv_exeext= + +else + ac_file='' +fi +if test -z "$ac_file"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +$as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "C compiler cannot create executables +See \`config.log' for more details" "$LINENO" 5; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 +$as_echo_n "checking for C compiler default output file name... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 +$as_echo "$ac_file" >&6; } +ac_exeext=$ac_cv_exeext + +rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 +$as_echo_n "checking for suffix of executables... " >&6; } +if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + break;; + * ) break;; + esac +done +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest conftest$ac_cv_exeext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 +$as_echo "$ac_cv_exeext" >&6; } + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +FILE *f = fopen ("conftest.out", "w"); + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +ac_clean_files="$ac_clean_files conftest.out" +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 +$as_echo_n "checking whether we are cross compiling... " >&6; } +if test "$cross_compiling" != yes; then + { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if { ac_try='./conftest$ac_cv_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details" "$LINENO" 5; } + fi + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 +$as_echo "$cross_compiling" >&6; } + +rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 +$as_echo_n "checking for suffix of object files... " >&6; } +if ${ac_cv_objext+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + for ac_file in conftest.o conftest.obj conftest.*; do + test -f "$ac_file" || continue; + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of object files: cannot compile +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 +$as_echo "$ac_cv_objext" >&6; } +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if ${ac_cv_c_compiler_gnu+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_compiler_gnu=yes +else + ac_compiler_gnu=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if ${ac_cv_prog_cc_g+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +else + CFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if ${ac_cv_prog_cc_c89+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +struct stat; +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_c89=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +esac +if test "x$ac_cv_prog_cc_c89" != xno; then : + +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +DEPDIR="${am__leading_dot}deps" + +ac_config_commands="$ac_config_commands depfiles" + + +am_make=${MAKE-make} +cat > confinc << 'END' +am__doit: + @echo this is the am__doit target +.PHONY: am__doit +END +# If we don't find an include directive, just comment out the code. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5 +$as_echo_n "checking for style of include used by $am_make... " >&6; } +am__include="#" +am__quote= +_am_result=none +# First try GNU make style include. +echo "include confinc" > confmf +# Ignore all kinds of additional output from 'make'. +case `$am_make -s -f confmf 2> /dev/null` in #( +*the\ am__doit\ target*) + am__include=include + am__quote= + _am_result=GNU + ;; +esac +# Now try BSD make style include. +if test "$am__include" = "#"; then + echo '.include "confinc"' > confmf + case `$am_make -s -f confmf 2> /dev/null` in #( + *the\ am__doit\ target*) + am__include=.include + am__quote="\"" + _am_result=BSD + ;; + esac +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5 +$as_echo "$_am_result" >&6; } +rm -f confinc confmf + +# Check whether --enable-dependency-tracking was given. +if test "${enable_dependency_tracking+set}" = set; then : + enableval=$enable_dependency_tracking; +fi + +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' + am__nodep='_no' +fi + if test "x$enable_dependency_tracking" != xno; then + AMDEP_TRUE= + AMDEP_FALSE='#' +else + AMDEP_TRUE='#' + AMDEP_FALSE= +fi + + + +depcc="$CC" am_compiler_list= + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 +$as_echo_n "checking dependency style of $depcc... " >&6; } +if ${am_cv_CC_dependencies_compiler_type+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named 'D' -- because '-MD' means "put the output + # in D". + rm -rf conftest.dir + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_CC_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` + fi + am__universal=false + case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with + # Solaris 10 /bin/sh. + echo '/* dummy */' > sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with '-c' and '-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle '-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs. + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # After this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested. + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvc7 | msvc7msys | msvisualcpp | msvcmsys) + # This compiler won't grok '-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_CC_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_CC_dependencies_compiler_type=none +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 +$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } +CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type + + if + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then + am__fastdepCC_TRUE= + am__fastdepCC_FALSE='#' +else + am__fastdepCC_TRUE='#' + am__fastdepCC_FALSE= +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } +set x ${MAKE-make} +ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` +if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat >conftest.make <<\_ACEOF +SHELL = /bin/sh +all: + @echo '@@@%%%=$(MAKE)=@@@%%%' +_ACEOF +# GNU make sometimes prints "make[1]: Entering ...", which would confuse us. +case `${MAKE-make} -f conftest.make 2>/dev/null` in + *@@@%%%=?*=@@@%%%*) + eval ac_cv_prog_make_${ac_make}_set=yes;; + *) + eval ac_cv_prog_make_${ac_make}_set=no;; +esac +rm -f conftest.make +fi +if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + SET_MAKE= +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + SET_MAKE="MAKE=${MAKE-make}" +fi + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. +set dummy ${ac_tool_prefix}ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +RANLIB=$ac_cv_prog_RANLIB +if test -n "$RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 +$as_echo "$RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_RANLIB"; then + ac_ct_RANLIB=$RANLIB + # Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_RANLIB"; then + ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_RANLIB="ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB +if test -n "$ac_ct_RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 +$as_echo "$ac_ct_RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_RANLIB" = x; then + RANLIB=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + RANLIB=$ac_ct_RANLIB + fi +else + RANLIB="$ac_cv_prog_RANLIB" +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +$as_echo_n "checking for grep that handles long lines and -e... " >&6; } +if ${ac_cv_path_GREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in grep ggrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_GREP" || continue +# Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_GREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_GREP"; then + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_GREP=$GREP +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +$as_echo "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 +$as_echo_n "checking whether ln -s works... " >&6; } +LN_S=$as_ln_s +if test "$LN_S" = "ln -s"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 +$as_echo "no, using $LN_S" >&6; } +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 +$as_echo_n "checking for a sed that does not truncate output... " >&6; } +if ${ac_cv_path_SED+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for ac_i in 1 2 3 4 5 6 7; do + ac_script="$ac_script$as_nl$ac_script" + done + echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed + { ac_script=; unset ac_script;} + if test -z "$SED"; then + ac_path_SED_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_SED" || continue +# Check for GNU ac_path_SED and select it if it is found. + # Check for GNU $ac_path_SED +case `"$ac_path_SED" --version 2>&1` in +*GNU*) + ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo '' >> "conftest.nl" + "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_SED_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_SED="$ac_path_SED" + ac_path_SED_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_SED_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_SED"; then + as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 + fi +else + ac_cv_path_SED=$SED +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 +$as_echo "$ac_cv_path_SED" >&6; } + SED="$ac_cv_path_SED" + rm -f conftest.sed + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_STRIP="strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_STRIP" = x; then + STRIP="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ldd", so it can be a program name with args. +set dummy ${ac_tool_prefix}ldd; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_LDD+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$LDD"; then + ac_cv_prog_LDD="$LDD" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_LDD="${ac_tool_prefix}ldd" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +LDD=$ac_cv_prog_LDD +if test -n "$LDD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LDD" >&5 +$as_echo "$LDD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_LDD"; then + ac_ct_LDD=$LDD + # Extract the first word of "ldd", so it can be a program name with args. +set dummy ldd; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_LDD+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_LDD"; then + ac_cv_prog_ac_ct_LDD="$ac_ct_LDD" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_LDD="ldd" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_LDD=$ac_cv_prog_ac_ct_LDD +if test -n "$ac_ct_LDD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LDD" >&5 +$as_echo "$ac_ct_LDD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_LDD" = x; then + LDD="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + LDD=$ac_ct_LDD + fi +else + LDD="$ac_cv_prog_LDD" +fi + + + +if test -n "$ac_tool_prefix"; then + for ac_prog in ar lib "link -lib" + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AR"; then + ac_cv_prog_AR="$AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_AR="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AR=$ac_cv_prog_AR +if test -n "$AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 +$as_echo "$AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AR" && break + done +fi +if test -z "$AR"; then + ac_ct_AR=$AR + for ac_prog in ar lib "link -lib" +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_AR"; then + ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_AR="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_AR=$ac_cv_prog_ac_ct_AR +if test -n "$ac_ct_AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 +$as_echo "$ac_ct_AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_AR" && break +done + + if test "x$ac_ct_AR" = x; then + AR="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + AR=$ac_ct_AR + fi +fi + +: ${AR=ar} + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the archiver ($AR) interface" >&5 +$as_echo_n "checking the archiver ($AR) interface... " >&6; } +if ${am_cv_ar_interface+:} false; then : + $as_echo_n "(cached) " >&6 +else + am_cv_ar_interface=ar + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int some_variable = 0; +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + am_ar_try='$AR cru libconftest.a conftest.$ac_objext >&5' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5 + (eval $am_ar_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test "$ac_status" -eq 0; then + am_cv_ar_interface=ar + else + am_ar_try='$AR -NOLOGO -OUT:conftest.lib conftest.$ac_objext >&5' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5 + (eval $am_ar_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test "$ac_status" -eq 0; then + am_cv_ar_interface=lib + else + am_cv_ar_interface=unknown + fi + fi + rm -f conftest.lib libconftest.a + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_ar_interface" >&5 +$as_echo "$am_cv_ar_interface" >&6; } + +case $am_cv_ar_interface in +ar) + ;; +lib) + # Microsoft lib, so override with the ar-lib wrapper script. + # FIXME: It is wrong to rewrite AR. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__AR in this case, + # and then we could set am__AR="$am_aux_dir/ar-lib \$(AR)" or something + # similar. + AR="$am_aux_dir/ar-lib $AR" + ;; +unknown) + as_fn_error $? "could not determine $AR interface" "$LINENO" 5 + ;; +esac + +ARFLAGS=cr + + +# Default settings +ENABLE_LOG_FILE_APPEND=No + +# AC_PROG_LIBTOOL + +# +# save the configure arguments +# +args=`echo $ac_configure_args | $SED -e "s/'//g"` + +cat >>confdefs.h <<_ACEOF +#define KEEPALIVED_CONFIGURE_OPTIONS "$args" +_ACEOF + + +# Save the CPPFLAGS, CFLAGS, LDFLAGS and LDLIBS settings for make time +KA_CPPFLAGS="$kernelinc -D_GNU_SOURCE $CPPFLAGS" +KA_CFLAGS="-g $CFLAGS" +KA_LDFLAGS=$LDFLAGS +KA_LIBS=$LDLIBS + +NEED_LIBDL=No +#KA_LIBTOOLFLAGS = + +# Set up the compiler warnings we want +MAX_FRAME_SIZE=5120 +WARNINGS_BASIC="all extra unused strict-prototypes" +WARNINGS_STD="absolute-value address-of-packed-member alloca alloc-zero array-bounds=2 attribute-alias bad-function-cast cast-align cast-qual chkp date-time disabled-optimization double-promotion duplicated-branches duplicated-cond float-conversion float-equal format-overflow format-security format-signedness format-truncation frame-larger-than=$MAX_FRAME_SIZE implicit-fallthrough=3 init-self inline jump-misses-init logical-op missing-declarations missing-field-initializers missing-prototypes nested-externs normalized null-dereference old-style-definition overlength-strings pointer-arith redundant-decls shadow shift-overflow=2 stack-protector strict-overflow=4 strict-prototypes stringop-overflow=2 suggest-attribute=cold suggest-attribute=const suggest-attribute=format suggest-attribute=malloc suggest-attribute=noreturn suggest-attribute=pure sync-nand trampolines undef uninitialized unknown-pragmas unsuffixed-float-constants unused-const-variable=2 unused-macros variadic-macros write-strings" +WARNINGS_EXTRA="aggregate-return cast-align= strict conversion format-nonliteral format-overflow=2 format-truncation=2 padded pedantic sign-conversion stack-usage=$MAX_FRAME_SIZE strict-overflow=5 stringop-overflow=3 stringop-overflow=4 switch-enum system-headers traditional-conversion" + +# We want _GNU_SOURCE defined always +CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE" + +# fpclassify() needs -lm +KA_LIBS="$KA_LIBS -lm" + +# Some sanity checks on configure options +if test .$enable_vrrp = .no; then : + if test .$IPTABLES_SILENT == .Yes; then : + enable_iptables=no +fi + if test .$NFTABLES_SILENT == .Yes; then : + enable_nftables=no +fi + + if test .$enable_perf != .; then : + as_fn_error $? "enable-perf requires vrrp" "$LINENO" 5 +fi + if test $with_fixed_if_type; then : + as_fn_error $? "with-fixed-if-type requires vrrp" "$LINENO" 5 +fi + if test .$enable_vrrp_fd_debug != .; then : + as_fn_error $? "enable-vrrp-fd-debug requires vrrp" "$LINENO" 5 +fi + if test .$enable_tsm_debug != .; then : + as_fn_error $? "enable-tsm-debug requires vrrp" "$LINENO" 5 +fi + if test .$enable_json != .; then : + as_fn_error $? "enable-json requires vrrp" "$LINENO" 5 +fi + if test .$enable_snmp_vrrp != .; then : + as_fn_error $? "enable-snmp-vrrp requires vrrp" "$LINENO" 5 +fi + if test .$enable_snmp_keepalived != .; then : + as_fn_error $? "enable-snmp-keepalived requires vrrp" "$LINENO" 5 +fi + if test .$enable_snmp_rfc != .; then : + as_fn_error $? "enable-snmp-rfc requires vrrp" "$LINENO" 5 +fi + if test .$enable_snmp_rfcv2 != .; then : + as_fn_error $? "enable-snmp-rfcv2 requires vrrp" "$LINENO" 5 +fi + if test .$enable_snmp_rfcv3 != .; then : + as_fn_error $? "enable-snmp-rfcv3 requires vrrp" "$LINENO" 5 +fi + if test .$enable_dbus != .; then : + as_fn_error $? "enable-dbus requires vrrp" "$LINENO" 5 +fi + if test .$enable_vrrp_auth != .; then : + as_fn_error $? "disable-vrrp-auth requires vrrp" "$LINENO" 5 +fi + if test .$enable_checksum_compat != .; then : + as_fn_error $? "disable-checksum-compat requires vrrp" "$LINENO" 5 +fi + if test .$enable_routes != .; then : + as_fn_error $? "disable-routes requires vrrp" "$LINENO" 5 +fi + if test .$enable_linkbeat != .; then : + as_fn_error $? "disable-linkbeat requires vrrp" "$LINENO" 5 +fi + if test .$enable_bfd != .; then : + as_fn_error $? "enable-bfd requires vrrp" "$LINENO" 5 +fi + if test .$enable_iptables != .no; then : + as_fn_error $? "enable-iptables requires vrrp" "$LINENO" 5 +fi + if test .$enable_nftables != .no; then : + as_fn_error $? "enable-nftables requires vrrp" "$LINENO" 5 +fi + if test .$enable_track_process != .; then : + as_fn_error $? "enable-track-process requires vrrp" "$LINENO" 5 +fi + if test .$enable_network_timestamp != .; then : + as_fn_error $? "enable-network_timestamp requires vrrp" "$LINENO" 5 +fi + +fi +if test .$enable_iptables = .no; then : + if test .$enable_libiptc != .; then : + as_fn_error $? "disable-libiptc requires vrrp and iptables" "$LINENO" 5 +fi + if test .$enable_libipset != .; then : + as_fn_error $? "disable-libipset requires vrrp and iptables" "$LINENO" 5 +fi + +fi +if test .$enable_libiptc = .no; then : + if test .$enable_libiptc_dynamic != .; then : + as_fn_error $? "enable-libiptc-dynamic requires vrrp and libiptc" "$LINENO" 5 +fi + if test .$enable_libipset != .; then : + as_fn_error $? "disable-libipset requires libiptc" "$LINENO" 5 +fi + if test .$enable_libipset_dynamic != .; then : + as_fn_error $? "disable-libipset-dynamic requires libiptc" "$LINENO" 5 +fi + +fi +if test .$enable_libipset = .no; then : + if test .$enable_libipset_dynamic != .; then : + as_fn_error $? "disable-libipset-dynamic requires ipsets" "$LINENO" 5 +fi + +fi +if test .$enable_snmp_rfc != .yes -a .$enable_snmp_rfcv3 != yes; then : + if test .$enable_snmp_reply_v3_for_v2 != .; then : + as_fn_error $? "enable-snmp-reply-v3-for-v2 requires enable-snmp-rfcv3 or enable-snmp-rfc" "$LINENO" 5 +fi + +fi +if test .$enable_dbus != .yes; then : + if test .$enable_dbus_create_instance != .; then : + as_fn_error $? "enable-dbus-create-instance requires enable-dbus" "$LINENO" 5 +fi + +fi +if test .$enable_lvs = .no; then : + if test .$enable_regex != .; then : + as_fn_error $? "enable-regex requires lvs" "$LINENO" 5 +fi + if test .$enable_libnl != .; then : + as_fn_error $? "disable-libnl requires lvs" "$LINENO" 5 +fi + if test .$enable_lvs_syncd != .; then : + as_fn_error $? "disable-lvs-syncd requires lvs" "$LINENO" 5 +fi + if test .$enable_lvs_64bit_stats != .; then : + as_fn_error $? "disable-lvs-64bit-stats requires lvs" "$LINENO" 5 +fi + if test .$enable_fwmark != .; then : + as_fn_error $? "enable-fwmark requires lvs" "$LINENO" 5 +fi + +fi +if test .$enable_lvs = .no; then : + if test .$enable_libnl_dynamic != .; then : + as_fn_error $? "enable-libnl-dynamic requires lvs and libnl" "$LINENO" 5 +fi + +fi +if test .$enable_regex != .yes; then : + if test .$enable_regex_timers != .; then : + as_fn_error $? "enable-regex-timers requires enable-regex" "$LINENO" 5 +fi + if test .$enable_regex_debug != .; then : + as_fn_error $? "enable-regex-debug requires enable-regex" "$LINENO" 5 +fi + +fi +if test .$enable_track_process = .no; then : + if test .$enable_track_process_debug != .; then : + as_fn_error $? "enable-track-process-debug incompatible with disable-track-process" "$LINENO" 5 +fi + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking diagnostic pragmas in functions" >&5 +$as_echo_n "checking diagnostic pragmas in functions... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + int main(int argc, char**argv) + { +_Pragma("GCC diagnostic warning \"-Wall\"") + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define _HAVE_FUNCTION_DIAGNOSTIC_PRAGMAS_ 1 " >>confdefs.h + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking diagnostic push/pop pragmas" >&5 +$as_echo_n "checking diagnostic push/pop pragmas... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + int main(int argc, char**argv) + { +_Pragma("GCC diagnostic push") + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define _HAVE_DIAGNOSTIC_PUSH_POP_PRAGMAS_ 1 " >>confdefs.h + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test ".$enable_warnings" = .no; then : + WARNINGS_ENABLED=$WARNINGS_BASIC +else + if test ".$enable_warnings" != .yes; then : + WARN_LIST=`echo $enable_warnings | sed -e "s/-W//g"` + WARNINGS_ENABLED="$WARNINGS_ENABLED "$WARN_LIST"" + +fi + + +fi +if test .$enable_extra_warnings = .yes; then : + WARNINGS_ENABLED="$WARNINGS_ENABLED "$WARNINGS_EXTRA"" +fi + +if test "$enable_conversion_checks" = yes; then + # Check if we can sensibly enable -Wconversion + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for usable -Wconversion" >&5 +$as_echo_n "checking for usable -Wconversion... " >&6; } + SAV_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -Wconversion -O2 -Wp,-D_FORTIFY_SOURCE=2 -Werror" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + #include + #include + #include + + #define VAL 255 + + static void + fun(uint8_t val) + { + } + + int main(int argc, char**argv) + { + fd_set set; + uint8_t val = 42; + unsigned u; + bool b; + size_t size = 17; + char c[2]; + char *c_ptr = c; + struct rtattr rta; + struct rtattr *rta_p = &rta; + + FD_SET(argc+1, &set); + + fun(argc == VAL ? VAL : val); + + // vrrp->lower_prio_no_advert = vrrp->strict_mode ? true : global_data->vrrp_lower_prio_no_advert; + u = u ? true : b; + + size = RTA_LENGTH(size); + c_ptr = RTA_DATA(c_ptr); + rta_p = RTA_NEXT(rta_p, size); + + val = (u < 256 ) ? u & 0xff : 0; + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + WARNINGS_ENABLED="$WARNINGS_ENABLED conversion" + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: -Wconversion is not sensible with this compiler. Use --enable-force-conversion-checks to override." >&5 +$as_echo "$as_me: WARNING: -Wconversion is not sensible with this compiler. Use --enable-force-conversion-checks to override." >&2;} + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS="$SAV_CFLAGS" +elif test "$enable_force_conversion_checks" = yes; then + WARNINGS_ENABLED="$WARNINGS_ENABLED conversion" +fi + +if test "$enable_Werror" = yes; then + WARNINGS_ENABLED="$WARNINGS_ENABLED error" +fi + +CONFIG_WARNINGS=lib/config_warnings.h.in + +# Save (or restore) lib/config_warnings.h.in +if test ! -f ${CONFIG_WARNINGS}.sav; then : + cp -p ${CONFIG_WARNINGS} ${CONFIG_WARNINGS}.sav +else + cp -p ${CONFIG_WARNINGS}.sav ${CONFIG_WARNINGS} +fi + +SAV_CFLAGS="$CFLAGS" +for WARN in $WARNINGS_ENABLED +do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -W$WARN" >&5 +$as_echo_n "checking for -W$WARN... " >&6; } + CFLAGS="$SAV_CFLAGS -W$WARN" + + WARN_VAR=_HAVE_WARNING_`echo $WARN | tr "a-z=-" "A-Z__"`_ + LOCAL_WARN_VAR=HAVE_WARNING_`echo $WARN | sed -e "s/=.*//" | tr "a-z-" "A-Z_"` + grep -q "^#undef $WARN_VAR$" $CONFIG_WARNINGS + if test $? -ne 0; then : + echo -e "\n/* Define to 1 if -W$WARN in use */\n#undef $WARN_VAR" >>$CONFIG_WARNINGS + +fi + + test `echo $WARN | grep "=[0-9][0-9]*$"` + if test $? -eq 0; then : + WARN_SHORT=`echo $WARN | sed -e 's/=[0-9][0-9]*$//'` + WARN_VAR_SHORT=_HAVE_WARNING_`echo $WARN_SHORT | tr "a-z=-" "A-Z__"`_ + grep -q "^#undef $WARN_VAR_SHORT$" $CONFIG_WARNINGS + if test $? -ne 0; then : + echo -e "\n/* Define to 1 if -W$WARN_SHORT in use */\n#undef $WARN_VAR_SHORT" >>$CONFIG_WARNINGS + +fi + +else + unset WARN_VAR_SHORT + +fi + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + int main(int argc, char**argv) + { + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + # gcc 9 removed -Wchkp and doesn't error if it is specified, + # but rather outputs: + # warning: switch '-Wchkp' is no longer supported + # so check for the warning. + touch conftest.err + grep -q "is no longer supported" conftest.err + if test $? -ne 0; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + eval $LOCAL_WARN_VAR=yes + KA_CFLAGS="$KA_CFLAGS -W$WARN" + cat >>confdefs.h <<_ACEOF +#define $WARN_VAR 1 +_ACEOF + + if test -z "$WARN_VAR_SHORT"; then : + +else + cat >>confdefs.h <<_ACEOF +#define $WARN_VAR_SHORT 1 +_ACEOF + + +fi + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + eval $LOCAL_WARN_VAR=no + +fi + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + eval $LOCAL_WARN_VAR=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +done +if test .$HAVE_WARNING_STRICT_OVERFLOW = .yes; then : + + # The following is not supported in gcc 5.4.0 + CFLAGS="$CFLAGS -Werror" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + _Pragma("GCC diagnostic warning \"-Wstrict-overflow=1\"") + int main(int argc, char**argv) + { + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +$as_echo "#define _HAVE_PRAGMA_WARN_STRICT_OVERFLOW_1_ 1 " >>confdefs.h + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + +fi +CFLAGS="$SAV_CFLAGS" + +STRICT_CONFIG=No +if test "$enable_strict_config_checks" = yes; then + +$as_echo "#define _STRICT_CONFIG_ 1 " >>confdefs.h + + STRICT_CONFIG=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS STRICT_CONFIG" +fi + if test $STRICT_CONFIG = Yes; then + WITH_STRICT_CONFIG_CHECKS_TRUE= + WITH_STRICT_CONFIG_CHECKS_FALSE='#' +else + WITH_STRICT_CONFIG_CHECKS_TRUE='#' + WITH_STRICT_CONFIG_CHECKS_FALSE= +fi + + +if test "$enable_hardening" != no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PIE support" >&5 +$as_echo_n "checking for PIE support... " >&6; } + SAV_CFLAGS="$CFLAGS" + SAV_LDFLAGS="$LDFLAGS" + CFLAGS="$CFLAGS -fPIE" + LDFLAGS="$LDFLAGS -pie" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + int main(int argc, char **argv) + { + int i = 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + KA_CFLAGS="$KA_CFLAGS -fPIE" + KA_LDFLAGS="$KA_LDFLAGS -pie" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CFLAGS=$SAV_CFLAGS + LDFLAGS=$SAV_LDFLAGS + + for FLAG in \ + "-Wformat -Werror=format-security" \ + "-Wp,-D_FORTIFY_SOURCE=2" \ + "-fexceptions" \ + "-fstack-protector-strong" \ + "--param=ssp-buffer-size=4" \ + "-grecord-gcc-switches" + do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $FLAG support" >&5 +$as_echo_n "checking for $FLAG support... " >&6; } + CFLAGS="$CFLAGS $FLAG" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + KA_CFLAGS="$KA_CFLAGS $FLAG" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$SAV_CFLAGS + done + + WL_FLAGS= + for FLAG in \ + "-z,relro" \ + "-z,now" + do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -Wl,$FLAG support" >&5 +$as_echo_n "checking for -Wl,$FLAG support... " >&6; } + LDFLAGS="$LDFLAGS -Wl,$FLAG" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + int main(int argc, char **argv) + { + int i = 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + WL_FLAGS="$WL_FLAGS -Wl,$FLAG" + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CFLAGS=$SAV_CFLAGS + LDFLAGS=$SAV_LDFLAGS + done + if test -n "$WL_FLAGS"; then + KA_LDFLAGS="$KA_LDFLAGS $WL_FLAGS" + fi +fi + +# enable-optimise +if test "$enable_optimise" = yes -o "$enable_optimise" = not-specified; then : + optimise_level=2 +else + optimise_level=$enable_optimise +fi +if test "$enable_optimise" = no; then : + optimise_level=0 +fi +if test "$optimise_level" -eq 0; then : + + echo $KA_CFLAGS | $GREP -q -- "-D_FORTIFY_SOURCE=[^0]" + if test $? -eq 0; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --disable-optimise requires --disable-hardening" >&5 +$as_echo "$as_me: WARNING: --disable-optimise requires --disable-hardening" >&2;} +fi + +fi +FLAG="-O$optimise_level" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $FLAG support" >&5 +$as_echo_n "checking for $FLAG support... " >&6; } +SAV_CFLAGS=$CFLAGS +CFLAGS="$CFLAGS $FLAG" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + KA_CFLAGS="$KA_CFLAGS $FLAG" +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + if test "$enable_optimise" != not-specified; then : + as_fn_error $? "Invalid optimisation level specified" "$LINENO" 5 +fi + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +CFLAGS=$SAV_CFLAGS + + + + + +# AC_SUBST(KA_LIBTOOLFLAGS) + +# Check if unaligned memory access is supported (for ARM not supported prior to ARMv6 processors) +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for unaligned memory access" >&5 +$as_echo_n "checking for unaligned memory access... " >&6; } +if test "$cross_compiling" = yes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unknown" >&5 +$as_echo "unknown" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot determine if unaligned access supported. Assuming yes." >&5 +$as_echo "$as_me: WARNING: Cannot determine if unaligned access supported. Assuming yes." >&2;} + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + + #include + #include + + #if __BYTE_ORDER == __BIG_ENDIAN + #if ULONG_MAX == 0xffffffffffffffffUL + #define CHK_VAL 0x1234567890abcdefUL + #elif ULONG_MAX == 0xffffffffUL + #define CHK_VAL 0x12345678UL + #else + #define CHK_VAL 0x1234UL + #endif + #elif __BYTE_ORDER == __LITTLE_ENDIAN + #if ULONG_MAX == 0xffffffffffffffffUL + #define CHK_VAL 0xefcdab9078563412UL + #elif ULONG_MAX == 0xffffffffUL + #define CHK_VAL 0x78563412UL + #else + #define CHK_VAL 0x3412UL + #endif + #else + #error Neither big nor little endian - unsupported + #endif + +int +main () +{ + + unsigned long arr[2] = { 0, 0 }; + unsigned char *p = (unsigned char *)arr + 1; + unsigned i; + + *(unsigned long *)p = CHK_VAL; + + return !!(arr[0] == CHK_VAL || p[0] != 0x12 || p[1] != 0x34 || p[2] != 0x56); + + + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define _NO_UNALIGNED_ACCESS_ 1 " >>confdefs.h + + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +# Checks for libraries. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for clock_gettime() requires -lrt" >&5 +$as_echo_n "checking for clock_gettime() requires -lrt... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + int main(int argc, char **argv) + { + int i; + struct timespec ts; + + i = clock_gettime(CLOCK_MONOTONIC, &ts); + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +else + + SAV_LIBS="$LIBS" + LIBS="$LIBS -lrt" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + int main(int argc, char **argv) + { + int i; + struct timespec ts; + + i = clock_gettime(CLOCK_MONOTONIC, &ts); + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + KA_LIBS="$KA_LIBS -lrt" +else + as_fn_error $? "clock_gettime() not supported" "$LINENO" 5 +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS=$SAV_LIBS + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +# Checks for header files. +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +$as_echo_n "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if ${ac_cv_prog_CPP+:} false; then : + $as_echo_n "(cached) " >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 +$as_echo "$CPP" >&6; } +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +$as_echo_n "checking for egrep... " >&6; } +if ${ac_cv_path_EGREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + if test -z "$EGREP"; then + ac_path_EGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in egrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP" || continue +# Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP"; then + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_EGREP=$EGREP +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +$as_echo "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if ${ac_cv_header_stdc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + +else + ac_cv_header_stdc=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +$as_echo "#define STDC_HEADERS 1" >>confdefs.h + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_header in arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stdint.h stdlib.h string.h sys/ioctl.h sys/param.h sys/prctl.h sys/socket.h sys/time.h syslog.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +else + as_fn_error $? "Missing/unusable system header file <$ac_header>" "$LINENO" 5 +fi + +done + + +# check for kernel headers +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +NETLINK_EXTRA_INCLUDE= +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + ac_fn_c_check_header_compile "$LINENO" "linux/netlink.h" "ac_cv_header_linux_netlink_h" "#include +" +if test "x$ac_cv_header_linux_netlink_h" = xyes; then : + + +$as_echo "#define NETLINK_H_NEEDS_SYS_SOCKET_H 1 " >>confdefs.h + + NETLINK_EXTRA_INCLUDE="#include " + +else + as_fn_error $? "Missing/unusable kernel header file " "$LINENO" 5 +fi + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +RTNETLINK_EXTRA_INCLUDE= +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + ac_fn_c_check_header_compile "$LINENO" "linux/rtnetlink.h" "ac_cv_header_linux_rtnetlink_h" "#include +" +if test "x$ac_cv_header_linux_rtnetlink_h" = xyes; then : + + +$as_echo "#define RTNETLINK_H_NEEDS_SYS_SOCKET_H 1 " >>confdefs.h + + RTNETLINK_EXTRA_INCLUDE="#include " + +else + as_fn_error $? "Missing/unusable kernel header file " "$LINENO" 5 +fi + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +for ac_header in asm/types.h linux/ethtool.h linux/icmpv6.h linux/if_ether.h linux/if_packet.h linux/ip.h linux/sockios.h linux/types.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +else + as_fn_error $? "Missing/unusable kernel header file <$ac_header>" "$LINENO" 5 +fi + +done + +for ac_header in linux/fib_rules.h linux/if_addr.h linux/if_link.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$NETLINK_EXTRA_INCLUDE +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +else + as_fn_error $? "Missing/unusable kernel header file <$ac_header>" "$LINENO" 5 +fi + +done + +for ac_header in linux/if_arp.h +do : + ac_fn_c_check_header_compile "$LINENO" "linux/if_arp.h" "ac_cv_header_linux_if_arp_h" "#include +" +if test "x$ac_cv_header_linux_if_arp_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LINUX_IF_ARP_H 1 +_ACEOF + +else + as_fn_error $? "Missing/unusable <$ac_header>" "$LINENO" 5 +fi + +done + +CPPFLAGS="$SAV_CPPFLAGS" + +# Checks for typedefs, structures, and compiler characteristics. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdbool.h that conforms to C99" >&5 +$as_echo_n "checking for stdbool.h that conforms to C99... " >&6; } +if ${ac_cv_header_stdbool_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #ifndef bool + "error: bool is not defined" + #endif + #ifndef false + "error: false is not defined" + #endif + #if false + "error: false is not 0" + #endif + #ifndef true + "error: true is not defined" + #endif + #if true != 1 + "error: true is not 1" + #endif + #ifndef __bool_true_false_are_defined + "error: __bool_true_false_are_defined is not defined" + #endif + + struct s { _Bool s: 1; _Bool t; } s; + + char a[true == 1 ? 1 : -1]; + char b[false == 0 ? 1 : -1]; + char c[__bool_true_false_are_defined == 1 ? 1 : -1]; + char d[(bool) 0.5 == true ? 1 : -1]; + /* See body of main program for 'e'. */ + char f[(_Bool) 0.0 == false ? 1 : -1]; + char g[true]; + char h[sizeof (_Bool)]; + char i[sizeof s.t]; + enum { j = false, k = true, l = false * true, m = true * 256 }; + /* The following fails for + HP aC++/ANSI C B3910B A.05.55 [Dec 04 2003]. */ + _Bool n[m]; + char o[sizeof n == m * sizeof n[0] ? 1 : -1]; + char p[-1 - (_Bool) 0 < 0 && -1 - (bool) 0 < 0 ? 1 : -1]; + /* Catch a bug in an HP-UX C compiler. See + http://gcc.gnu.org/ml/gcc-patches/2003-12/msg02303.html + http://lists.gnu.org/archive/html/bug-coreutils/2005-11/msg00161.html + */ + _Bool q = true; + _Bool *pq = &q; + +int +main () +{ + + bool e = &s; + *pq |= q; + *pq |= ! q; + /* Refer to every declared value, to avoid compiler optimizations. */ + return (!a + !b + !c + !d + !e + !f + !g + !h + !i + !!j + !k + !!l + + !m + !n + !o + !p + !q + !pq); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdbool_h=yes +else + ac_cv_header_stdbool_h=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdbool_h" >&5 +$as_echo "$ac_cv_header_stdbool_h" >&6; } + ac_fn_c_check_type "$LINENO" "_Bool" "ac_cv_type__Bool" "$ac_includes_default" +if test "x$ac_cv_type__Bool" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE__BOOL 1 +_ACEOF + + +fi + + +if test $ac_cv_header_stdbool_h = yes; then + +$as_echo "#define HAVE_STDBOOL_H 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 +$as_echo_n "checking for inline... " >&6; } +if ${ac_cv_c_inline+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_c_inline=no +for ac_kw in inline __inline__ __inline; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifndef __cplusplus +typedef int foo_t; +static $ac_kw foo_t static_foo () {return 0; } +$ac_kw foo_t foo () {return 0; } +#endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_inline=$ac_kw +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + test "$ac_cv_c_inline" != no && break +done + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 +$as_echo "$ac_cv_c_inline" >&6; } + +case $ac_cv_c_inline in + inline | yes) ;; + *) + case $ac_cv_c_inline in + no) ac_val=;; + *) ac_val=$ac_cv_c_inline;; + esac + cat >>confdefs.h <<_ACEOF +#ifndef __cplusplus +#define inline $ac_val +#endif +_ACEOF + ;; +esac + +ac_fn_c_find_intX_t "$LINENO" "64" "ac_cv_c_int64_t" +case $ac_cv_c_int64_t in #( + no|yes) ;; #( + *) + +cat >>confdefs.h <<_ACEOF +#define int64_t $ac_cv_c_int64_t +_ACEOF +;; +esac + +ac_fn_c_check_type "$LINENO" "pid_t" "ac_cv_type_pid_t" "$ac_includes_default" +if test "x$ac_cv_type_pid_t" = xyes; then : + +else + +cat >>confdefs.h <<_ACEOF +#define pid_t int +_ACEOF + +fi + +ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" +if test "x$ac_cv_type_size_t" = xyes; then : + +else + +cat >>confdefs.h <<_ACEOF +#define size_t unsigned int +_ACEOF + +fi + +ac_fn_c_find_uintX_t "$LINENO" "16" "ac_cv_c_uint16_t" +case $ac_cv_c_uint16_t in #( + no|yes) ;; #( + *) + + +cat >>confdefs.h <<_ACEOF +#define uint16_t $ac_cv_c_uint16_t +_ACEOF +;; + esac + +ac_fn_c_find_uintX_t "$LINENO" "32" "ac_cv_c_uint32_t" +case $ac_cv_c_uint32_t in #( + no|yes) ;; #( + *) + +$as_echo "#define _UINT32_T 1" >>confdefs.h + + +cat >>confdefs.h <<_ACEOF +#define uint32_t $ac_cv_c_uint32_t +_ACEOF +;; + esac + +ac_fn_c_find_uintX_t "$LINENO" "64" "ac_cv_c_uint64_t" +case $ac_cv_c_uint64_t in #( + no|yes) ;; #( + *) + +$as_echo "#define _UINT64_T 1" >>confdefs.h + + +cat >>confdefs.h <<_ACEOF +#define uint64_t $ac_cv_c_uint64_t +_ACEOF +;; + esac + +ac_fn_c_find_uintX_t "$LINENO" "8" "ac_cv_c_uint8_t" +case $ac_cv_c_uint8_t in #( + no|yes) ;; #( + *) + +$as_echo "#define _UINT8_T 1" >>confdefs.h + + +cat >>confdefs.h <<_ACEOF +#define uint8_t $ac_cv_c_uint8_t +_ACEOF +;; + esac + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 +$as_echo_n "checking for an ANSI C-conforming const... " >&6; } +if ${ac_cv_c_const+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + +#ifndef __cplusplus + /* Ultrix mips cc rejects this sort of thing. */ + typedef int charset[2]; + const charset cs = { 0, 0 }; + /* SunOS 4.1.1 cc rejects this. */ + char const *const *pcpcc; + char **ppc; + /* NEC SVR4.0.2 mips cc rejects this. */ + struct point {int x, y;}; + static struct point const zero = {0,0}; + /* AIX XL C 1.02.0.0 rejects this. + It does not let you subtract one const X* pointer from another in + an arm of an if-expression whose if-part is not a constant + expression */ + const char *g = "string"; + pcpcc = &g + (g ? g-g : 0); + /* HPUX 7.0 cc rejects these. */ + ++pcpcc; + ppc = (char**) pcpcc; + pcpcc = (char const *const *) ppc; + { /* SCO 3.2v4 cc rejects this sort of thing. */ + char tx; + char *t = &tx; + char const *s = 0 ? (char *) 0 : (char const *) 0; + + *t++ = 0; + if (s) return 0; + } + { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ + int x[] = {25, 17}; + const int *foo = &x[0]; + ++foo; + } + { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ + typedef const int *iptr; + iptr p = 0; + ++p; + } + { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying + "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ + struct s { int j; const int *ap[3]; } bx; + struct s *b = &bx; b->j = 5; + } + { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ + const int foo = 10; + if (!foo) return 0; + } + return !cs[0] && !zero.x; +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_const=yes +else + ac_cv_c_const=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 +$as_echo "$ac_cv_c_const" >&6; } +if test $ac_cv_c_const = no; then + +$as_echo "#define const /**/" >>confdefs.h + +fi + + +# Checks for library functions. +for ac_header in vfork.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "vfork.h" "ac_cv_header_vfork_h" "$ac_includes_default" +if test "x$ac_cv_header_vfork_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_VFORK_H 1 +_ACEOF + +fi + +done + +for ac_func in fork vfork +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +if test "x$ac_cv_func_fork" = xyes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working fork" >&5 +$as_echo_n "checking for working fork... " >&6; } +if ${ac_cv_func_fork_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + ac_cv_func_fork_works=cross +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ + + /* By Ruediger Kuhlmann. */ + return fork () < 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_func_fork_works=yes +else + ac_cv_func_fork_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_fork_works" >&5 +$as_echo "$ac_cv_func_fork_works" >&6; } + +else + ac_cv_func_fork_works=$ac_cv_func_fork +fi +if test "x$ac_cv_func_fork_works" = xcross; then + case $host in + *-*-amigaos* | *-*-msdosdjgpp*) + # Override, as these systems have only a dummy fork() stub + ac_cv_func_fork_works=no + ;; + *) + ac_cv_func_fork_works=yes + ;; + esac + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&5 +$as_echo "$as_me: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&2;} +fi +ac_cv_func_vfork_works=$ac_cv_func_vfork +if test "x$ac_cv_func_vfork" = xyes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working vfork" >&5 +$as_echo_n "checking for working vfork... " >&6; } +if ${ac_cv_func_vfork_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + ac_cv_func_vfork_works=cross +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Thanks to Paul Eggert for this test. */ +$ac_includes_default +#include +#ifdef HAVE_VFORK_H +# include +#endif +/* On some sparc systems, changes by the child to local and incoming + argument registers are propagated back to the parent. The compiler + is told about this with #include , but some compilers + (e.g. gcc -O) don't grok . Test for this by using a + static variable whose address is put into a register that is + clobbered by the vfork. */ +static void +#ifdef __cplusplus +sparc_address_test (int arg) +# else +sparc_address_test (arg) int arg; +#endif +{ + static pid_t child; + if (!child) { + child = vfork (); + if (child < 0) { + perror ("vfork"); + _exit(2); + } + if (!child) { + arg = getpid(); + write(-1, "", 0); + _exit (arg); + } + } +} + +int +main () +{ + pid_t parent = getpid (); + pid_t child; + + sparc_address_test (0); + + child = vfork (); + + if (child == 0) { + /* Here is another test for sparc vfork register problems. This + test uses lots of local variables, at least as many local + variables as main has allocated so far including compiler + temporaries. 4 locals are enough for gcc 1.40.3 on a Solaris + 4.1.3 sparc, but we use 8 to be safe. A buggy compiler should + reuse the register of parent for one of the local variables, + since it will think that parent can't possibly be used any more + in this routine. Assigning to the local variable will thus + munge parent in the parent process. */ + pid_t + p = getpid(), p1 = getpid(), p2 = getpid(), p3 = getpid(), + p4 = getpid(), p5 = getpid(), p6 = getpid(), p7 = getpid(); + /* Convince the compiler that p..p7 are live; otherwise, it might + use the same hardware register for all 8 local variables. */ + if (p != p1 || p != p2 || p != p3 || p != p4 + || p != p5 || p != p6 || p != p7) + _exit(1); + + /* On some systems (e.g. IRIX 3.3), vfork doesn't separate parent + from child file descriptors. If the child closes a descriptor + before it execs or exits, this munges the parent's descriptor + as well. Test for this by closing stdout in the child. */ + _exit(close(fileno(stdout)) != 0); + } else { + int status; + struct stat st; + + while (wait(&status) != child) + ; + return ( + /* Was there some problem with vforking? */ + child < 0 + + /* Did the child fail? (This shouldn't happen.) */ + || status + + /* Did the vfork/compiler bug occur? */ + || parent != getpid() + + /* Did the file descriptor bug occur? */ + || fstat(fileno(stdout), &st) != 0 + ); + } +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_func_vfork_works=yes +else + ac_cv_func_vfork_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vfork_works" >&5 +$as_echo "$ac_cv_func_vfork_works" >&6; } + +fi; +if test "x$ac_cv_func_fork_works" = xcross; then + ac_cv_func_vfork_works=$ac_cv_func_vfork + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&5 +$as_echo "$as_me: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&2;} +fi + +if test "x$ac_cv_func_vfork_works" = xyes; then + +$as_echo "#define HAVE_WORKING_VFORK 1" >>confdefs.h + +else + +$as_echo "#define vfork fork" >>confdefs.h + +fi +if test "x$ac_cv_func_fork_works" = xyes; then + +$as_echo "#define HAVE_WORKING_FORK 1" >>confdefs.h + +fi + +for ac_header in stdlib.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default" +if test "x$ac_cv_header_stdlib_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STDLIB_H 1 +_ACEOF + +fi + +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible malloc" >&5 +$as_echo_n "checking for GNU libc compatible malloc... " >&6; } +if ${ac_cv_func_malloc_0_nonnull+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + ac_cv_func_malloc_0_nonnull=no +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined STDC_HEADERS || defined HAVE_STDLIB_H +# include +#else +char *malloc (); +#endif + +int +main () +{ +return ! malloc (0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_func_malloc_0_nonnull=yes +else + ac_cv_func_malloc_0_nonnull=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_malloc_0_nonnull" >&5 +$as_echo "$ac_cv_func_malloc_0_nonnull" >&6; } +if test $ac_cv_func_malloc_0_nonnull = yes; then : + +$as_echo "#define HAVE_MALLOC 1" >>confdefs.h + +else + $as_echo "#define HAVE_MALLOC 0" >>confdefs.h + + case " $LIBOBJS " in + *" malloc.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS malloc.$ac_objext" + ;; +esac + + +$as_echo "#define malloc rpl_malloc" >>confdefs.h + +fi + + +for ac_header in stdlib.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default" +if test "x$ac_cv_header_stdlib_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STDLIB_H 1 +_ACEOF + +fi + +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible realloc" >&5 +$as_echo_n "checking for GNU libc compatible realloc... " >&6; } +if ${ac_cv_func_realloc_0_nonnull+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + ac_cv_func_realloc_0_nonnull=no +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined STDC_HEADERS || defined HAVE_STDLIB_H +# include +#else +char *realloc (); +#endif + +int +main () +{ +return ! realloc (0, 0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_func_realloc_0_nonnull=yes +else + ac_cv_func_realloc_0_nonnull=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_realloc_0_nonnull" >&5 +$as_echo "$ac_cv_func_realloc_0_nonnull" >&6; } +if test $ac_cv_func_realloc_0_nonnull = yes; then : + +$as_echo "#define HAVE_REALLOC 1" >>confdefs.h + +else + $as_echo "#define HAVE_REALLOC 0" >>confdefs.h + + case " $LIBOBJS " in + *" realloc.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS realloc.$ac_objext" + ;; +esac + + +$as_echo "#define realloc rpl_realloc" >>confdefs.h + +fi + + +for ac_func in dup2 getcwd gettimeofday memmove memset select setenv socket strcasecmp strchr strdup strerror strpbrk strstr strtol strtoul uname +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +for ac_func in pipe2 +do : + ac_fn_c_check_func "$LINENO" "pipe2" "ac_cv_func_pipe2" +if test "x$ac_cv_func_pipe2" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_PIPE2 1 +_ACEOF + SYSTEM_OPTIONS="$SYSTEM_OPTIONS PIPE2" +fi +done + +for ac_func in signalfd +do : + ac_fn_c_check_func "$LINENO" "signalfd" "ac_cv_func_signalfd" +if test "x$ac_cv_func_signalfd" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SIGNALFD 1 +_ACEOF + SYSTEM_OPTIONS="$SYSTEM_OPTIONS SIGNALFD" +fi +done + +for ac_func in inotify_init1 +do : + ac_fn_c_check_func "$LINENO" "inotify_init1" "ac_cv_func_inotify_init1" +if test "x$ac_cv_func_inotify_init1" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_INOTIFY_INIT1 1 +_ACEOF + SYSTEM_OPTIONS="$SYSTEM_OPTIONS INOTIFY_INIT1" +fi +done + +for ac_func in vsyslog +do : + ac_fn_c_check_func "$LINENO" "vsyslog" "ac_cv_func_vsyslog" +if test "x$ac_cv_func_vsyslog" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_VSYSLOG 1 +_ACEOF + SYSTEM_OPTIONS="$SYSTEM_OPTIONS VSYSLOG" +fi +done + +for ac_func in epoll_create1 +do : + ac_fn_c_check_func "$LINENO" "epoll_create1" "ac_cv_func_epoll_create1" +if test "x$ac_cv_func_epoll_create1" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_EPOLL_CREATE1 1 +_ACEOF + SYSTEM_OPTIONS="$SYSTEM_OPTIONS EPOLL_CREATE1" +fi +done + + +# glibc uses unsigned int as 3rd parameter to __assert_fail(), musl uses int. +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + + void __assert_fail(const char * a, const char *b, unsigned int l, const char *c) + { + exit(a[0] + b[0] + c[0] + l == 0); + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + LINE_type="unsigned int" +else + LINE_type="int" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +cat >>confdefs.h <<_ACEOF +#define LINE_type $LINE_type +_ACEOF + + +SAV_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -Wattributes -Werror" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + static __always_inline int + test_func(int val) + { + return val; + } + + int + main(int argc, char **argv) + { + int val = test_func(3); + return val; + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + static __inline __attribute__ ((__always_inline__)) int + test_func(int val) + { + return val; + } + + int + main(int argc, char **argv) + { + int val = test_func(3); + return val; + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +$as_echo "#define __always_inline __inline __attribute__ ((__always_inline__))" >>confdefs.h + +else + +$as_echo "#define __always_inline inline" >>confdefs.h + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +CFLAGS="$SAV_CFLAGS" + +if test "$enable_dynamic_linking"; then : + + if test .$enable_vrrp != .no; then : + + enable_libiptc_dynamic=$enable_dynamic_linking + enable_libipset_dynamic=$enable_dynamic_linking + +fi + if test .$enable_lvs != .no; then : + + enable_libnl_dynamic=$enable_dynamic_linking + +fi + +fi + +# check for missing definition - added in glibc 2.8 +ac_fn_c_check_decl "$LINENO" "ETHERTYPE_IPV6" "ac_cv_have_decl_ETHERTYPE_IPV6" "#include +" +if test "x$ac_cv_have_decl_ETHERTYPE_IPV6" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_ETHERTYPE_IPV6 $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + + +$as_echo "#define ETHERTYPE_IPV6 0x86dd" >>confdefs.h + + +fi + + +BUILD_GENHASH=Yes +# check for openssl headers +NEED_MD5=no +NEED_SSL=no +if test "$enable_vrrp" != no -a \ + "$enable_vrrp_auth" != no; then + NEED_MD5=yes +fi +if test "$enable_lvs" != no; then + NEED_MD5=yes + NEED_SSL=yes +fi +for ac_header in openssl/ssl.h openssl/err.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +else + + if test $NEED_SSL = yes; then + as_fn_error $? " + !!! OpenSSL is not properly installed on your system. !!! + !!! Can not include OpenSSL headers files. !!!" "$LINENO" 5 + fi + BUILD_GENHASH=No + NEED_SSL=no + break + +fi + +done + +for ac_header in openssl/md5.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "openssl/md5.h" "ac_cv_header_openssl_md5_h" "$ac_includes_default" +if test "x$ac_cv_header_openssl_md5_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_OPENSSL_MD5_H 1 +_ACEOF + +else + + if test $NEED_MD5 = yes; then + as_fn_error $? " + !!! OpenSSL is not properly installed on your system. !!! + !!! Can not include OpenSSL MD5 headers files. !!!" "$LINENO" 5 + fi + BUILD_GENHASH=No + NEED_MD5=no + break + +fi + +done + +unset LIBS + +$PKG_CONFIG --exists openssl +if test $? -eq 0; then + if test -n "OPENSSL"; then + KA_PKG_PFX=OPENSSL + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I openssl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other openssl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires openssl` + var=`$PKG_CONFIG --libs-only-l openssl` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs openssl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + +else + OPENSSL_LIBS="-lssl -lcrypto" +fi + +EXTRA_LIBS=`echo $OPENSSL_LIBS | sed -e "s/-lcrypto//"` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for MD5_Init in -lcrypto" >&5 +$as_echo_n "checking for MD5_Init in -lcrypto... " >&6; } +if ${ac_cv_lib_crypto_MD5_Init+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcrypto $EXTRA_LIBS $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char MD5_Init (); +int +main () +{ +return MD5_Init (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_crypto_MD5_Init=yes +else + ac_cv_lib_crypto_MD5_Init=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_MD5_Init" >&5 +$as_echo "$ac_cv_lib_crypto_MD5_Init" >&6; } +if test "x$ac_cv_lib_crypto_MD5_Init" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBCRYPTO 1 +_ACEOF + + LIBS="-lcrypto $LIBS" + +else + + if test $NEED_MD5 = yes; then + as_fn_error $? "OpenSSL MD5 libraries are required" "$LINENO" 5 + fi + BUILD_GENHASH=No + +fi + +if test $NEED_MD5 = yes; then + KA_LIBS="$KA_LIBS $LIBS" +fi +GENHASH_LIBS="$GENHASH_LIBS $LIBS" +unset LIBS + +EXTRA_LIBS=`echo $OPENSSL_LIBS | sed -e "s/-lssl//"` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_new in -lssl" >&5 +$as_echo_n "checking for SSL_CTX_new in -lssl... " >&6; } +if ${ac_cv_lib_ssl_SSL_CTX_new+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lssl $EXTRA_LIBS $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char SSL_CTX_new (); +int +main () +{ +return SSL_CTX_new (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_ssl_SSL_CTX_new=yes +else + ac_cv_lib_ssl_SSL_CTX_new=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_CTX_new" >&5 +$as_echo "$ac_cv_lib_ssl_SSL_CTX_new" >&6; } +if test "x$ac_cv_lib_ssl_SSL_CTX_new" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBSSL 1 +_ACEOF + + LIBS="-lssl $LIBS" + +else + + if test $NEED_SSL = yes; then + as_fn_error $? "OpenSSL libraries are required" "$LINENO" 5 + fi + BUILD_GENHASH=No + +fi + +if test $NEED_SSL = yes; then + KA_LIBS="$KA_LIBS $LIBS" +fi +GENHASH_LIBS="$GENHASH_LIBS $LIBS" +unset LIBS + +# Introduced in OpenSSL ver 0.9.9 +LIBS=$OPENSSL_LIBS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking SSL_set_tlsext_host_name() - may be a definition" >&5 +$as_echo_n "checking SSL_set_tlsext_host_name() - may be a definition... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + int main(void) + { + request_t req; + SSL_set_tlsext_host_name(req.ssl, "SSL"); + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define _HAVE_SSL_SET_TLSEXT_HOST_NAME_ 1 " >>confdefs.h + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +# SSL_CTX_set_verify_depth() introduced OpenSSL v0.9.5a +for ac_func in SSL_CTX_set_verify_depth +do : + ac_fn_c_check_func "$LINENO" "SSL_CTX_set_verify_depth" "ac_cv_func_SSL_CTX_set_verify_depth" +if test "x$ac_cv_func_SSL_CTX_set_verify_depth" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SSL_CTX_SET_VERIFY_DEPTH 1 +_ACEOF + +fi +done + + +# SSL_set0_rbio(), SSL_set0_wbio() OPENSSL_init_crypto() and TLS_method() introduced OpenSSL v1.1.0 +for ac_func in SSL_set0_rbio OPENSSL_init_crypto TLS_method +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + +# In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with +# OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b. +if test .$ac_cv_func_OPENSSL_init_crypto = .yes; then : + + if test .$ac_cv_func_TLS_method = .yes; then : + method_func=TLS_method +else + method_func=SSLv23_method +fi + if test "$cross_compiling" = yes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety." >&5 +$as_echo "$as_me: WARNING: Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety." >&2;} + openssl_init_no_load_bug=1 + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ + + const SSL_METHOD *meth; + SSL_CTX *ctx; + + if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)) + return 1; + + /* Initialize SSL context */ + meth = $method_func(); + if (!(ctx = SSL_CTX_new(meth))) + return 1; + return 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + openssl_init_no_load_bug=0 +else + openssl_init_no_load_bug=1 +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + if test $openssl_init_no_load_bug -eq 1; then : + +$as_echo "#define HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG 1 " >>confdefs.h + +fi + +fi +unset LIBS + +if test $BUILD_GENHASH = No; then + { $as_echo "$as_me:${as_lineno-$LINENO}: Unable to build genhash due to missing openssl headers/libraries" >&5 +$as_echo "$as_me: Unable to build genhash due to missing openssl headers/libraries" >&6;} + GENHASH_LIBS= +fi + + if test $BUILD_GENHASH = Yes; then + BUILD_GENHASH_TRUE= + BUILD_GENHASH_FALSE='#' +else + BUILD_GENHASH_TRUE='#' + BUILD_GENHASH_FALSE= +fi + + +IPV4_DEVCONF=No +if test .$enable_vrrp != .no; then + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPP_FLAGS $kernelinc" + IPV4_DEVCONF=Yes + ac_fn_c_check_decl "$LINENO" "IPV4_DEVCONF_ARP_IGNORE" "ac_cv_have_decl_IPV4_DEVCONF_ARP_IGNORE" "#include +" +if test "x$ac_cv_have_decl_IPV4_DEVCONF_ARP_IGNORE" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPV4_DEVCONF_ARP_IGNORE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + + IPV4_DEVCONF=No + break + +fi +ac_fn_c_check_decl "$LINENO" "IPV4_DEVCONF_ACCEPT_LOCAL" "ac_cv_have_decl_IPV4_DEVCONF_ACCEPT_LOCAL" "#include +" +if test "x$ac_cv_have_decl_IPV4_DEVCONF_ACCEPT_LOCAL" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPV4_DEVCONF_ACCEPT_LOCAL $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + + IPV4_DEVCONF=No + break + +fi +ac_fn_c_check_decl "$LINENO" "IPV4_DEVCONF_RP_FILTER" "ac_cv_have_decl_IPV4_DEVCONF_RP_FILTER" "#include +" +if test "x$ac_cv_have_decl_IPV4_DEVCONF_RP_FILTER" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPV4_DEVCONF_RP_FILTER $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + + IPV4_DEVCONF=No + break + +fi +ac_fn_c_check_decl "$LINENO" "IPV4_DEVCONF_ARPFILTER" "ac_cv_have_decl_IPV4_DEVCONF_ARPFILTER" "#include +" +if test "x$ac_cv_have_decl_IPV4_DEVCONF_ARPFILTER" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPV4_DEVCONF_ARPFILTER $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + + IPV4_DEVCONF=No + break + +fi + + if test $IPV4_DEVCONF = Yes; then + +$as_echo "#define _HAVE_IPV4_DEVCONF_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPV4_DEVCONF" + fi + for ac_header in linux/rtnetlink.h +do : + ac_fn_c_check_header_compile "$LINENO" "linux/rtnetlink.h" "ac_cv_header_linux_rtnetlink_h" "$RTNETLINK_EXTRA_INCLUDE +" +if test "x$ac_cv_header_linux_rtnetlink_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LINUX_RTNETLINK_H 1 +_ACEOF + +else + as_fn_error $? "Unusable linux/rtnetlink.h" "$LINENO" 5 +fi + +done + + CPPFLAGS="$SAV_CPPFLAGS" +fi + +IPV6_ADVANCED_API=No +ac_fn_c_check_decl "$LINENO" "IPV6_RECVHOPLIMIT" "ac_cv_have_decl_IPV6_RECVHOPLIMIT" "#include +" +if test "x$ac_cv_have_decl_IPV6_RECVHOPLIMIT" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPV6_RECVHOPLIMIT $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + IPV6_ADVANCED_API=Yes +fi +ac_fn_c_check_decl "$LINENO" "IPV6_RECVPKTINFO" "ac_cv_have_decl_IPV6_RECVPKTINFO" "#include +" +if test "x$ac_cv_have_decl_IPV6_RECVPKTINFO" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPV6_RECVPKTINFO $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + IPV6_ADVANCED_API=Yes +fi + +if test $IPV6_ADVANCED_API = Yes; then : + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPV6_ADVANCED_API" +fi + +NETLINK_VER=0 +IPVS_USE_NL=No +if test .$enable_lvs != .no -a .${enable_libnl} != .no; then + $PKG_CONFIG --exists libnl-3.0 + if test $? -eq 0; then + if test -n "NL3"; then + KA_PKG_PFX=NL3 + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libnl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libnl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test .remove-requires = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libnl-3.0` + var=`$PKG_CONFIG --libs-only-l libnl-3.0` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libnl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + as_ac_Lib=`$as_echo "ac_cv_lib_$NL3_LIB_NAMES''_nl_socket_alloc" | $as_tr_sh` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_socket_alloc in -l$NL3_LIB_NAMES" >&5 +$as_echo_n "checking for nl_socket_alloc in -l$NL3_LIB_NAMES... " >&6; } +if eval \${$as_ac_Lib+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-l$NL3_LIB_NAMES $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char nl_socket_alloc (); +int +main () +{ +return nl_socket_alloc (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$as_ac_Lib=yes" +else + eval "$as_ac_Lib=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +eval ac_res=\$$as_ac_Lib + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : + + NETLINK_VER=3 + NEED_NL3=No + + if test -n "GENL"; then + KA_PKG_PFX=GENL + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libnl-genl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libnl-genl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test .remove-requires = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libnl-genl-3.0` + var=`$PKG_CONFIG --libs-only-l libnl-genl-3.0` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libnl-genl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + as_ac_Lib=`$as_echo "ac_cv_lib_$GENL_LIB_NAMES''_genl_connect" | $as_tr_sh` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for genl_connect in -l$GENL_LIB_NAMES" >&5 +$as_echo_n "checking for genl_connect in -l$GENL_LIB_NAMES... " >&6; } +if eval \${$as_ac_Lib+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-l$GENL_LIB_NAMES $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char genl_connect (); +int +main () +{ +return genl_connect (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$as_ac_Lib=yes" +else + eval "$as_ac_Lib=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +eval ac_res=\$$as_ac_Lib + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_LIB$GENL_LIB_NAMES" | $as_tr_cpp` 1 +_ACEOF + + LIBS="-l$GENL_LIB_NAMES $LIBS" + +else + as_fn_error $? "libnl-3 is installed but not libnl-gen-3. Please, install libnl-gen-3/libnl-genl-3." "$LINENO" 5 +fi + + IPVS_USE_NL=Yes + if test .$enable_libnl_dynamic = .yes; then + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in $($PKG_CONFIG --cflags-only-I libnl-genl-3.0); do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in $($PKG_CONFIG --cflags-only-other libnl-genl-3.0); do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + + if test $LDD = :; then + as_fn_error $? "ldd is required for dynamic run-time linking support" "$LINENO" 5 + fi + + SAV_LIBS="$LIBS" + LIBS="$LIBS -l$GENL_LIB_NAMES" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + extern void genl_connect(void); + int main(void) + { + genl_connect(); + return 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep $GENL_LIB_NAMES.so | sed -e "s/^[ \t]*//"` + LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$SAV_LIBS" + + +cat >>confdefs.h <<_ACEOF +#define NL3_GENL_LIB_NAME "$LIB_NAME" +_ACEOF + + else + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libnl-genl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libnl-genl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libnl-genl-3.0` + var=`$PKG_CONFIG --libs-only-l libnl-genl-3.0` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libnl-genl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + fi + NEED_NL3=Yes + + if test $NEED_NL3 = Yes; then + +$as_echo "#define _HAVE_LIBNL3_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS LIBNL3" + if test .$enable_libnl_dynamic = .yes; then + SYSTEM_OPTIONS="$SYSTEM_OPTIONS LIBNL_DYNAMIC" + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in $($PKG_CONFIG --cflags-only-I libnl-3.0); do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in $($PKG_CONFIG --cflags-only-other libnl-3.0); do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + +$as_echo "#define _LIBNL_DYNAMIC_ 1 " >>confdefs.h + + NEED_LIBDL=Yes + + if test $LDD = :; then + as_fn_error $? "ldd is required for dynamic run-time linking support" "$LINENO" 5 + fi + + SAV_LIBS="$LIBS" + LIBS="$LIBS -l$NL3_LIB_NAMES" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + extern void nl_socket_alloc(void); + int main(void) + { + nl_socket_alloc(); + return 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep $NL3_LIB_NAMES.so | sed -e "s/^[ \t]*//"` + LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$SAV_LIBS" + + +cat >>confdefs.h <<_ACEOF +#define NL3_LIB_NAME "$LIB_NAME" +_ACEOF + + else + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libnl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libnl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libnl-3.0` + var=`$PKG_CONFIG --libs-only-l libnl-3.0` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libnl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + fi + fi + +fi + + fi + + if test $NETLINK_VER -eq 0; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_socket_modify_cb in -lnl" >&5 +$as_echo_n "checking for nl_socket_modify_cb in -lnl... " >&6; } +if ${ac_cv_lib_nl_nl_socket_modify_cb+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lnl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char nl_socket_modify_cb (); +int +main () +{ +return nl_socket_modify_cb (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_nl_nl_socket_modify_cb=yes +else + ac_cv_lib_nl_nl_socket_modify_cb=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_nl_socket_modify_cb" >&5 +$as_echo "$ac_cv_lib_nl_nl_socket_modify_cb" >&6; } +if test "x$ac_cv_lib_nl_nl_socket_modify_cb" = xyes; then : + + IPVS_USE_NL=Yes + NETLINK_VER=1 + +$as_echo "#define _HAVE_LIBNL1_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS LIBNL1" + if test .$enable_libnl_dynamic = .yes; then + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in $($PKG_CONFIG --cflags-only-I libnl-1); do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in $($PKG_CONFIG --cflags-only-other libnl-1); do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + CONFIG_OPTIONS="$CONFIG_OPTIONS LIBNL_DYNAMIC" + +$as_echo "#define _LIBNL_DYNAMIC_ 1 " >>confdefs.h + + NEED_LIBDL=Yes + + if test $LDD = :; then + as_fn_error $? "ldd is required for dynamic run-time linking support" "$LINENO" 5 + fi + + SAV_LIBS="$LIBS" + LIBS="$LIBS -lnl" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + extern void nl_socket_modify_cb(void); + int main(void) + { + nl_socket_modify_cb(); + return 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep nl.so | sed -e "s/^[ \t]*//"` + LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$SAV_LIBS" + + +cat >>confdefs.h <<_ACEOF +#define NL_LIB_NAME "$LIB_NAME" +_ACEOF + + else + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libnl-1`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libnl-1`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libnl-1` + var=`$PKG_CONFIG --libs-only-l libnl-1` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libnl-1`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + fi + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: keepalived will be built without libnl support." >&5 +$as_echo "$as_me: WARNING: keepalived will be built without libnl support." >&2;} + +fi + + fi + + if test $NETLINK_VER -ne 0; then + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$SAV_CPPFLAGS $NL3_CPPFLAGS" + for ac_header in netlink/netlink.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "netlink/netlink.h" "ac_cv_header_netlink_netlink_h" "$ac_includes_default" +if test "x$ac_cv_header_netlink_netlink_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NETLINK_NETLINK_H 1 +_ACEOF + +else + as_fn_error $? "netlink headers missing" "$LINENO" 5 +fi + +done + + for ac_header in netlink/genl/ctrl.h netlink/genl/genl.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +else + as_fn_error $? "netlink genl headers missing" "$LINENO" 5 +fi + +done + + CPPFLAGS="$SAV_CPPFLAGS" + fi +fi + if test $NETLINK_VER -eq 1; then + LIBNL1_TRUE= + LIBNL1_FALSE='#' +else + LIBNL1_TRUE='#' + LIBNL1_FALSE= +fi + + if test $NETLINK_VER -eq 3; then + LIBNL3_TRUE= + LIBNL3_FALSE='#' +else + LIBNL3_TRUE='#' + LIBNL3_FALSE= +fi + + if test .$enable_lvs != .no -a .$enable_libnl_dynamic = .yes -a $NETLINK_VER -ne 0; then + LIBNL_DYNAMIC_TRUE= + LIBNL_DYNAMIC_FALSE='#' +else + LIBNL_DYNAMIC_TRUE='#' + LIBNL_DYNAMIC_FALSE= +fi + +unset LIBS + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for magic_open in -lmagic" >&5 +$as_echo_n "checking for magic_open in -lmagic... " >&6; } +if ${ac_cv_lib_magic_magic_open+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lmagic $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char magic_open (); +int +main () +{ +return magic_open (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_magic_magic_open=yes +else + ac_cv_lib_magic_magic_open=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_magic_magic_open" >&5 +$as_echo "$ac_cv_lib_magic_magic_open" >&6; } +if test "x$ac_cv_lib_magic_magic_open" = xyes; then : + + +$as_echo "#define _HAVE_LIBMAGIC_ 1 " >>confdefs.h + + KA_LIBS="$KA_LIBS -lmagic" + +fi + +unset LIBS + +ac_fn_c_check_decl "$LINENO" "RTA_ENCAP" "ac_cv_have_decl_RTA_ENCAP" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_RTA_ENCAP" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RTA_ENCAP $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "RTA_EXPIRES" "ac_cv_have_decl_RTA_EXPIRES" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_RTA_EXPIRES" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RTA_EXPIRES $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "RTA_NEWDST" "ac_cv_have_decl_RTA_NEWDST" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_RTA_NEWDST" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RTA_NEWDST $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "RTA_PREF" "ac_cv_have_decl_RTA_PREF" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_RTA_PREF" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RTA_PREF $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "FRA_SUPPRESS_PREFIXLEN" "ac_cv_have_decl_FRA_SUPPRESS_PREFIXLEN" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_FRA_SUPPRESS_PREFIXLEN" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FRA_SUPPRESS_PREFIXLEN $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "FRA_SUPPRESS_IFGROUP" "ac_cv_have_decl_FRA_SUPPRESS_IFGROUP" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_FRA_SUPPRESS_IFGROUP" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FRA_SUPPRESS_IFGROUP $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "FRA_TUN_ID" "ac_cv_have_decl_FRA_TUN_ID" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_FRA_TUN_ID" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FRA_TUN_ID $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "RTAX_CC_ALGO" "ac_cv_have_decl_RTAX_CC_ALGO" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_RTAX_CC_ALGO" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RTAX_CC_ALGO $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "RTAX_QUICKACK" "ac_cv_have_decl_RTAX_QUICKACK" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_RTAX_QUICKACK" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RTAX_QUICKACK $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "RTEXT_FILTER_SKIP_STATS" "ac_cv_have_decl_RTEXT_FILTER_SKIP_STATS" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_RTEXT_FILTER_SKIP_STATS" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RTEXT_FILTER_SKIP_STATS $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "FRA_L3MDEV" "ac_cv_have_decl_FRA_L3MDEV" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_FRA_L3MDEV" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FRA_L3MDEV $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "FRA_UID_RANGE" "ac_cv_have_decl_FRA_UID_RANGE" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_FRA_UID_RANGE" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FRA_UID_RANGE $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "RTAX_FASTOPEN_NO_COOKIE" "ac_cv_have_decl_RTAX_FASTOPEN_NO_COOKIE" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_RTAX_FASTOPEN_NO_COOKIE" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RTAX_FASTOPEN_NO_COOKIE $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "RTA_VIA" "ac_cv_have_decl_RTA_VIA" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_RTA_VIA" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RTA_VIA $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "FRA_OIFNAME" "ac_cv_have_decl_FRA_OIFNAME" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_FRA_OIFNAME" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FRA_OIFNAME $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "FRA_PROTOCOL" "ac_cv_have_decl_FRA_PROTOCOL" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_FRA_PROTOCOL" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FRA_PROTOCOL $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "FRA_IP_PROTO" "ac_cv_have_decl_FRA_IP_PROTO" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_FRA_IP_PROTO" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FRA_IP_PROTO $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "FRA_SPORT_RANGE" "ac_cv_have_decl_FRA_SPORT_RANGE" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_FRA_SPORT_RANGE" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FRA_SPORT_RANGE $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "FRA_DPORT_RANGE" "ac_cv_have_decl_FRA_DPORT_RANGE" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_FRA_DPORT_RANGE" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FRA_DPORT_RANGE $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "RTA_TTL_PROPAGATE" "ac_cv_have_decl_RTA_TTL_PROPAGATE" "$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include +" +if test "x$ac_cv_have_decl_RTA_TTL_PROPAGATE" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RTA_TTL_PROPAGATE $ac_have_decl +_ACEOF + +for flag in RTA_ENCAP RTA_EXPIRES RTA_NEWDST RTA_PREF FRA_SUPPRESS_PREFIXLEN FRA_SUPPRESS_IFGROUP FRA_TUN_ID RTAX_CC_ALGO RTAX_QUICKACK RTEXT_FILTER_SKIP_STATS FRA_L3MDEV FRA_UID_RANGE RTAX_FASTOPEN_NO_COOKIE RTA_VIA FRA_OIFNAME FRA_PROTOCOL FRA_IP_PROTO FRA_SPORT_RANGE FRA_DPORT_RANGE RTA_TTL_PROPAGATE; do + eval decl_var=\$ac_cv_have_decl_$flag + if test ${decl_var} = yes; then + SYSTEM_OPTIONS="$SYSTEM_OPTIONS "${flag} + fi +done + +ac_fn_c_check_decl "$LINENO" "IFA_FLAGS" "ac_cv_have_decl_IFA_FLAGS" "#include +" +if test "x$ac_cv_have_decl_IFA_FLAGS" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IFA_FLAGS $ac_have_decl +_ACEOF + +for flag in IFA_FLAGS; do + eval decl_var=\$ac_cv_have_decl_$flag + if test ${decl_var} = yes; then + SYSTEM_OPTIONS="$SYSTEM_OPTIONS "${flag} + fi +done + +ac_fn_c_check_decl "$LINENO" "IP_MULTICAST_ALL" "ac_cv_have_decl_IP_MULTICAST_ALL" " + #include + #include + +" +if test "x$ac_cv_have_decl_IP_MULTICAST_ALL" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IP_MULTICAST_ALL $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS "IP_MULTICAST_ALL + # Check if definition is in netinet/in.h, since we can't include linux/in.h + # due to conflicting definitions + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + + #include + int main(int argc, char **argv) + { + int i = IP_MULTICAST_ALL; + } + + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +else + + # No - netinet/in.h doesn't have IP_MULTICAST_ALL + # Build a program that will output the value of the kernel's IP_MULTICAST_ALL + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + + #include + #include + #include + int main(int argc, char **argv) + { + printf("%d\n", IP_MULTICAST_ALL); + } + + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + # Create local definition of IP_MULTICAST_ALL + IMA=$(./conftest$EXEEXT) + +cat >>confdefs.h <<_ACEOF +#define IP_MULTICAST_ALL $IMA +_ACEOF + + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi + + +if test $ac_cv_have_decl_RTA_ENCAP = yes; then : + + ac_fn_c_check_decl "$LINENO" "LWTUNNEL_ENCAP_MPLS" "ac_cv_have_decl_LWTUNNEL_ENCAP_MPLS" "#include +" +if test "x$ac_cv_have_decl_LWTUNNEL_ENCAP_MPLS" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_LWTUNNEL_ENCAP_MPLS $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "LWTUNNEL_ENCAP_ILA" "ac_cv_have_decl_LWTUNNEL_ENCAP_ILA" "#include +" +if test "x$ac_cv_have_decl_LWTUNNEL_ENCAP_ILA" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_LWTUNNEL_ENCAP_ILA $ac_have_decl +_ACEOF + + for flag in LWTUNNEL_ENCAP_MPLS LWTUNNEL_ENCAP_ILA; do + eval decl_var=\$ac_cv_have_decl_$flag + if test ${decl_var} = yes; then + SYSTEM_OPTIONS="$SYSTEM_OPTIONS ${flag}" + fi + done + +fi + +USE_IPTABLES=No +USE_LIBIPTC=No +USE_LIBIPSET=No +if test .$enable_iptables != .no; then : + + USE_IPTABLES=Yes + +$as_echo "#define _WITH_IPTABLES_ 1 " >>confdefs.h + + if test .${enable_libiptc} = .no; then + CONFIG_OPTIONS="$CONFIG_OPTIONS IPTABLES_CMD" + else + USE_LIBIPTC=Yes + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + for ac_header in linux/netfilter/x_tables.h libiptc/libip6tc.h libiptc/libiptc.h libiptc/libxtc.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +else + + USE_LIBIPTC=No + break + +fi + +done + + CPPFLAGS="$SAV_CPPFLAGS" + + if test $USE_LIBIPTC = Yes; then + if test -n "IPTC"; then + KA_PKG_PFX=IPTC + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I --static libiptc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other --static libiptc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires --static libiptc` + var=`$PKG_CONFIG --libs-only-l --static libiptc` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs --static libiptc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + LIBS="$IPTC_LIBS" + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for iptc_init in -liptc" >&5 +$as_echo_n "checking for iptc_init in -liptc... " >&6; } +if ${ac_cv_lib_iptc_iptc_init+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-liptc $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char iptc_init (); +int +main () +{ +return iptc_init (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_iptc_iptc_init=yes +else + ac_cv_lib_iptc_iptc_init=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_iptc_iptc_init" >&5 +$as_echo "$ac_cv_lib_iptc_iptc_init" >&6; } +if test "x$ac_cv_lib_iptc_iptc_init" = xyes; then : + + +$as_echo "#define _HAVE_LIBIPTC_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS LIBIPTC" + if test .${enable_libiptc_dynamic} != .yes; then + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I --static libiptc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other --static libiptc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires --static libiptc` + var=`$PKG_CONFIG --libs-only-l --static libiptc` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs --static libiptc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + CONFIG_OPTIONS="$CONFIG_OPTIONS LIBIPTC" + KA_LIBS=`echo $KA_LIBS | sed -e "s/ -liptc//"` + IPTC_LIBS=`echo $IPTC_LIBS | sed -e "s/ *-L[^ ]* */ /" -e "s/ *-liptc */ /" -e "s/^ *$//"` + if test ".$IPTC_LIBS" = .; then + KA_LIBS=`echo $KA_LIBS -lip4tc -lip6tc` + fi + else + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in $($PKG_CONFIG --cflags-only-I libiptc); do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in $($PKG_CONFIG --cflags-only-other libiptc); do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + CONFIG_OPTIONS="$CONFIG_OPTIONS LIBIPTC_DYNAMIC" + +$as_echo "#define _LIBIPTC_DYNAMIC_ 1 " >>confdefs.h + + NEED_LIBDL=Yes + + if test $LDD = :; then + as_fn_error $? "ldd is required for dynamic run-time linking support" "$LINENO" 5 + fi + + SAV_LIBS="$LIBS" + LIBS="$LIBS -lip4tc" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + extern void iptc_init(void); + int main(void) + { + iptc_init(); + return 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep ip4tc.so | sed -e "s/^[ \t]*//"` + LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$SAV_LIBS" + + +cat >>confdefs.h <<_ACEOF +#define IP4TC_LIB_NAME "$LIB_NAME" +_ACEOF + + + if test $LDD = :; then + as_fn_error $? "ldd is required for dynamic run-time linking support" "$LINENO" 5 + fi + + SAV_LIBS="$LIBS" + LIBS="$LIBS -lip6tc" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + extern void ip6tc_init(void); + int main(void) + { + ip6tc_init(); + return 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep ip6tc.so | sed -e "s/^[ \t]*//"` + LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$SAV_LIBS" + + +cat >>confdefs.h <<_ACEOF +#define IP6TC_LIB_NAME "$LIB_NAME" +_ACEOF + + LIBIPTC_DYNAMIC=Yes + fi + +else + USE_LIBIPTC=No +fi + + CPPFLAGS="$SAV_CPPFLAGS" + fi + + if test $USE_LIBIPTC = Yes; then + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + if test "${enable_libipset}" != no; then + $PKG_CONFIG --exists libipset + if test $? -eq 0; then + if test -n "IPSET"; then + KA_PKG_PFX=IPSET + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libipset`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libipset`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libipset` + var=`$PKG_CONFIG --libs-only-l libipset` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libipset`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + else + IPSET_LIBS="-lipset" + fi + SAV_LIBS=$LIBS + LIBS="$IPTC_LIBS $IPSET_LIBS" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ipset_session_init in -lipset" >&5 +$as_echo_n "checking for ipset_session_init in -lipset... " >&6; } +if ${ac_cv_lib_ipset_ipset_session_init+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lipset $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char ipset_session_init (); +int +main () +{ +return ipset_session_init (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_ipset_ipset_session_init=yes +else + ac_cv_lib_ipset_ipset_session_init=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ipset_ipset_session_init" >&5 +$as_echo "$ac_cv_lib_ipset_ipset_session_init" >&6; } +if test "x$ac_cv_lib_ipset_ipset_session_init" = xyes; then : + + USE_LIBIPSET=Yes + for ac_header in libipset/data.h libipset/linux_ip_set.h libipset/session.h libipset/types.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +else + + USE_LIBIPSET=No + break + +fi + +done + + + if test $USE_LIBIPSET = Yes; then + EXTRA_INCLUDE= + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + for ac_header in linux/netfilter/xt_set.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "linux/netfilter/xt_set.h" "ac_cv_header_linux_netfilter_xt_set_h" "$ac_includes_default" +if test "x$ac_cv_header_linux_netfilter_xt_set_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LINUX_NETFILTER_XT_SET_H 1 +_ACEOF + +else + USE_LIBIPSET=No +fi + +done + +else + ac_fn_c_check_header_compile "$LINENO" "linux/netfilter/xt_set.h" "ac_cv_header_linux_netfilter_xt_set_h" "#include +" +if test "x$ac_cv_header_linux_netfilter_xt_set_h" = xyes; then : + + +$as_echo "#define USE_LIBIPSET_LINUX_IP_SET_H 1 " >>confdefs.h + + EXTRA_INCLUDE="#include " + +else + USE_LIBIPSET=No +fi + + + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + + if test $USE_LIBIPSET = Yes; then + +$as_echo "#define _HAVE_LIBIPSET_ 1 " >>confdefs.h + + $PKG_CONFIG --exists libipset + if test $? -eq 0; then + if test .${enable_libipset_dynamic} = .no; then + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libipset`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libipset`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libipset` + var=`$PKG_CONFIG --libs-only-l libipset` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libipset`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + else + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in $($PKG_CONFIG --cflags-only-I libipset); do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in $($PKG_CONFIG --cflags-only-other libipset); do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + fi + elif test .${enable_libipset_dynamic} = .no; then + KA_LIBS="$KA_LIBS -lipset" + fi + if test .${enable_libipset_dynamic} != .no; then + +$as_echo "#define _LIBIPSET_DYNAMIC_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS LIBIPSET_DYNAMIC" + NEED_LIBDL=Yes + + if test $LDD = :; then + as_fn_error $? "ldd is required for dynamic run-time linking support" "$LINENO" 5 + fi + + SAV_LIBS="$LIBS" + LIBS="$LIBS -lipset" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + extern void ipset_session_init(void); + int main(void) + { + ipset_session_init(); + return 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep ipset.so | sed -e "s/^[ \t]*//"` + LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$SAV_LIBS" + + +cat >>confdefs.h <<_ACEOF +#define IPSET_LIB_NAME "$LIB_NAME" +_ACEOF + + else + CONFIG_OPTIONS="$CONFIG_OPTIONS LIBIPSET" + fi + + ac_fn_c_check_member "$LINENO" "struct xt_set_info_match_v1" "match_set.index" "ac_cv_member_struct_xt_set_info_match_v1_match_set_index" " + $EXTRA_INCLUDE + #include + +" +if test "x$ac_cv_member_struct_xt_set_info_match_v1_match_set_index" = xyes; then : + +$as_echo "#define HAVE_XT_SET_INFO_MATCH_V1 1 " >>confdefs.h + +fi + + ac_fn_c_check_member "$LINENO" "struct xt_set_info_match_v3" "match_set.index" "ac_cv_member_struct_xt_set_info_match_v3_match_set_index" " + $EXTRA_INCLUDE + #include + +" +if test "x$ac_cv_member_struct_xt_set_info_match_v3_match_set_index" = xyes; then : + +$as_echo "#define HAVE_XT_SET_INFO_MATCH_V3 1 " >>confdefs.h + +fi + + ac_fn_c_check_member "$LINENO" "struct xt_set_info_match_v4" "match_set.index" "ac_cv_member_struct_xt_set_info_match_v4_match_set_index" " + $EXTRA_INCLUDE + #include + +" +if test "x$ac_cv_member_struct_xt_set_info_match_v4_match_set_index" = xyes; then : + +$as_echo "#define HAVE_XT_SET_INFO_MATCH_V4 1 " >>confdefs.h + +fi + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + int main(void) { int var = IPSET_ATTR_IFACE; } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +$as_echo "#define HAVE_IPSET_ATTR_IFACE 1 " >>confdefs.h + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + int main(void) {} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #ifdef _UAPI_IP_SET_H + #error _UAPI_IP_SET_H defined + #endif + int main(void) {} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : -cat confdefs.h - <<_ACEOF >conftest.$ac_ext +$as_echo "#define LIBIPSET_H_ADD_UAPI_IP_SET_H_GUARD 1" >>confdefs.h + +else + +$as_echo "#define LIBIPSET_H_ADD_IP_SET_H_GUARD 1" >>confdefs.h + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + + if test $USE_LIBIPSET = Yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libipset version 7 or later" >&5 +$as_echo_n "checking for libipset version 7 or later... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -int -main () -{ + #include + + void test_func(void) + { + ipset_session_init(NULL, NULL); + } - ; - return 0; -} _ACEOF -ac_clean_files_save=$ac_clean_files -ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" -# Try to create an executable without -o first, disregard a.out. -# It will help us diagnose broken compilers, and finding out an intuition -# of exeext. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 -$as_echo_n "checking whether the C compiler works... " >&6; } -ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` +if ac_fn_c_try_compile "$LINENO"; then : -# The possible output files: -ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } -ac_rmfiles= -for ac_file in $ac_files -do - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; - * ) ac_rmfiles="$ac_rmfiles $ac_file";; - esac -done -rm -f $ac_rmfiles +else -if { { ac_try="$ac_link_default" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link_default") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : - # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. -# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' -# in a Makefile. We should not override ac_cv_exeext if it was cached, -# so that the user can short-circuit this test for compilers unknown to -# Autoconf. -for ac_file in $ac_files '' -do - test -f "$ac_file" || continue - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) - ;; - [ab].out ) - # We found the default executable, but exeext='' is most - # certainly right. - break;; - *.* ) - if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; - then :; else - ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define LIBIPSET_PRE_V7_COMPAT 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS "LIBIPSET_PRE_V7 + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + +fi + + LIBS="$SAV_LIBS" fi - # We set ac_cv_exeext here because the later test for it is not - # safe: cross compilers may not add the suffix if given an `-o' - # argument, so we may need to know it at that point already. - # Even if this section looks crufty: it has the advantage of - # actually working. - break;; - * ) - break;; - esac -done -test "$ac_cv_exeext" = no && ac_cv_exeext= + + ac_fn_c_check_decl "$LINENO" "XT_EXTENSION_MAXNAMELEN" "ac_cv_have_decl_XT_EXTENSION_MAXNAMELEN" "#include +" +if test "x$ac_cv_have_decl_XT_EXTENSION_MAXNAMELEN" = xyes; then : else - ac_file='' + +$as_echo "#define XT_EXTENSION_MAXNAMELEN (XT_FUNCTION_MAXNAMELEN - 1) " >>confdefs.h + fi -if test -z "$ac_file"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -$as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 -{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error 77 "C compiler cannot create executables -See \`config.log' for more details" "$LINENO" 5; } + + CPPFLAGS="$SAV_CPPFLAGS" + fi + fi + if test $USE_LIBIPTC = No -o .$LIBIPTC_DYNAMIC = .Yes; then : + +$as_echo "#define _USE_IPTABLES_CMD_ 1 " >>confdefs.h + +fi + +fi + if test $USE_LIBIPTC = Yes; then + LIBIPTC_TRUE= + LIBIPTC_FALSE='#' else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + LIBIPTC_TRUE='#' + LIBIPTC_FALSE= +fi + + if test $USE_LIBIPSET = Yes; then + LIBIPSET_TRUE= + LIBIPSET_FALSE='#' +else + LIBIPSET_TRUE='#' + LIBIPSET_FALSE= +fi + + if test $USE_IPTABLES = Yes; then + IPTABLES_TRUE= + IPTABLES_FALSE='#' +else + IPTABLES_TRUE='#' + IPTABLES_FALSE= +fi + + if test $USE_IPTABLES = Yes -a \( $USE_LIBIPTC = No -o .$LIBIPTC_DYNAMIC = .Yes \); then + IPTABLES_CMD_TRUE= + IPTABLES_CMD_FALSE='#' +else + IPTABLES_CMD_TRUE='#' + IPTABLES_CMD_FALSE= +fi + + if test $USE_LIBIPTC = Yes -a .$LIBIPTC_DYNAMIC = .Yes; then + LIBIPTC_DYNAMIC_TRUE= + LIBIPTC_DYNAMIC_FALSE='#' +else + LIBIPTC_DYNAMIC_TRUE='#' + LIBIPTC_DYNAMIC_FALSE= +fi + + if test $USE_LIBIPSET = Yes -a .${enable_libipset_dynamic} != .no; then + LIBIPSET_DYNAMIC_TRUE= + LIBIPSET_DYNAMIC_FALSE='#' +else + LIBIPSET_DYNAMIC_TRUE='#' + LIBIPSET_DYNAMIC_FALSE= +fi + + if test $USE_IPTABLES = Yes -a $USE_LIBIPTC = Yes -a .$LIBIPTC_DYNAMIC = .Yes; then + REQUIRE_IPTABLES_LIBS_TRUE= + REQUIRE_IPTABLES_LIBS_FALSE='#' +else + REQUIRE_IPTABLES_LIBS_TRUE='#' + REQUIRE_IPTABLES_LIBS_FALSE= +fi + +unset LIBS + +USE_NFTABLES=No +if test .${enable_nftables} != .no; then + USE_NFTABLES=Yes + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + ac_fn_c_check_decl "$LINENO" "NFTA_TABLE_MAX" "ac_cv_have_decl_NFTA_TABLE_MAX" "#include +" +if test "x$ac_cv_have_decl_NFTA_TABLE_MAX" = xyes; then : + +else + + if test .${enable_nftables} = .yes; then : + as_fn_error $? "nftables header files missing/not useable" "$LINENO" 5 +fi + USE_NFTABLES=No + +fi + + + if test $USE_NFTABLES = Yes; then + $PKG_CONFIG --exists libnftnl + if test $? -ne 0; then + USE_NFTABLES=No + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libnftnl missing" >&5 +$as_echo "$as_me: WARNING: libnftnl missing" >&2;} + fi + $PKG_CONFIG --exists libmnl + if test $? -ne 0; then + USE_NFTABLES=No + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libmnl missing" >&5 +$as_echo "$as_me: WARNING: libmnl missing" >&2;} + fi + + if test $USE_NFTABLES = Yes; then + # nft prior to version 0.8.3 does not support type ifname in sets. We can't check the version of + # nft, but we can check the version of libnftnl. nft v0.8.3 required libnftnl v1.0.9, but so did + # nft v0.8.2. So play safe, and require the next version. + #LIBNFTNL_VERSION=`printf "0x%2.2x%2.2x%2.2xU" \`pkg-config --modversion libnftnl | sed -e "s/\./ /g"\`` + #AC_DEFINE_UNQUOTED([LIBNFTNL_VERSION], [ $LIBNFTNL_VERSION ], [libnftnl version in hex]) + + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libnftnl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libnftnl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libnftnl` + var=`$PKG_CONFIG --libs-only-l libnftnl` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libnftnl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libmnl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libmnl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libmnl` + var=`$PKG_CONFIG --libs-only-l libmnl` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libmnl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + +$as_echo "#define _WITH_NFTABLES_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS NFTABLES" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether NFTNL_EXPR_LOOKUP_FLAGS is defined" >&5 +$as_echo_n "checking whether NFTNL_EXPR_LOOKUP_FLAGS is defined... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + int main(void) + { + int i = NFTNL_EXPR_LOOKUP_FLAGS; + return 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } + +$as_echo "#define HAVE_NFTNL_EXPR_LOOKUP_FLAGS 1 " >>confdefs.h + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + # nft dup from Linux 4.3 + ac_fn_c_check_decl "$LINENO" "NFTA_DUP_MAX" "ac_cv_have_decl_NFTA_DUP_MAX" "#include +" +if test "x$ac_cv_have_decl_NFTA_DUP_MAX" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_NFTA_DUP_MAX $ac_have_decl +_ACEOF + + + for ac_header in libnftnl/udata.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "libnftnl/udata.h" "ac_cv_header_libnftnl_udata_h" "$ac_includes_default" +if test "x$ac_cv_header_libnftnl_udata_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBNFTNL_UDATA_H 1 +_ACEOF + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nftnl_udata_put_u32" >&5 +$as_echo_n "checking for nftnl_udata_put_u32... " >&6; } + SAV_LIBS="$LIBS" + LIBS="$LIBS `$PKG_CONFIG --libs libnftnl`" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + int main(void) + { + nftnl_udata_put_u32(NULL, 0, 0); + return 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define HAVE_NFTNL_UDATA_PUT_U32 1 " >>confdefs.h + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$SAV_LIBS" + fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 -$as_echo_n "checking for C compiler default output file name... " >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 -$as_echo "$ac_file" >&6; } -ac_exeext=$ac_cv_exeext -rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out -ac_clean_files=$ac_clean_files_save -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 -$as_echo_n "checking for suffix of executables... " >&6; } -if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : - # If both `conftest.exe' and `conftest' are `present' (well, observable) -# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will -# work properly (i.e., refer to `conftest.exe'), while it won't with -# `rm'. -for ac_file in conftest.exe conftest conftest.*; do - test -f "$ac_file" || continue - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; - *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` - break;; - * ) break;; - esac done + + fi + fi + CPPFLAGS="$SAV_CPPFLAGS" +fi + if test $USE_NFTABLES = Yes; then + NFTABLES_TRUE= + NFTABLES_FALSE='#' else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details" "$LINENO" 5; } + NFTABLES_TRUE='#' + NFTABLES_FALSE= fi -rm -f conftest conftest$ac_cv_exeext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 -$as_echo "$ac_cv_exeext" >&6; } -rm -f conftest.$ac_ext -EXEEXT=$ac_cv_exeext -ac_exeext=$EXEEXT +unset LIBS + +if test $USE_IPTABLES = Yes -o $USE_NFTABLES = Yes; then : + +$as_echo "#define _WITH_FIREWALL_ 1 " >>confdefs.h + +fi + if test $USE_IPTABLES = Yes -o $USE_NFTABLES = Yes; then + FIREWALL_TRUE= + FIREWALL_FALSE='#' +else + FIREWALL_TRUE='#' + FIREWALL_FALSE= +fi + + +# Including and can cause a namespace collision. +# Later versions of the headers are OK if linux/if.h is included second +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for linux/if.h and net/if.h namespace collision" >&5 +$as_echo_n "checking for linux/if.h and net/if.h namespace collision... " >&6; } +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include -int -main () -{ -FILE *f = fopen ("conftest.out", "w"); - return ferror (f) || fclose (f) != 0; - ; - return 0; -} + #include + #include + _ACEOF -ac_clean_files="$ac_clean_files conftest.out" -# Check that the compiler produces executables we can run. If not, either -# the compiler is broken, or we cross compile. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 -$as_echo_n "checking whether we are cross compiling... " >&6; } -if test "$cross_compiling" != yes; then - { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - if { ac_try='./conftest$ac_cv_exeext' - { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; }; then - cross_compiling=no - else - if test "$cross_compiling" = maybe; then - cross_compiling=yes - else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot run C compiled programs. -If you meant to cross compile, use \`--host'. -See \`config.log' for more details" "$LINENO" 5; } - fi - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 -$as_echo "$cross_compiling" >&6; } +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } -rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out -ac_clean_files=$ac_clean_files_save -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 -$as_echo_n "checking for suffix of object files... " >&6; } -if ${ac_cv_objext+:} false; then : - $as_echo_n "(cached) " >&6 else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define _HAVE_NET_LINUX_IF_H_COLLISION_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS NET_LINUX_IF_H_COLLISION" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +CPPFLAGS="$SAV_CPPFLAGS" + +# Including and causes a namespace collision +# with musl libc, but the collision only occurs if linux/ip_ether.h is included +# before netinet/if_ether.h. The problem is that we want to include them in that +# order. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for linux/if_ether.h then netinet/if_ether.h namespace collision" >&5 +$as_echo_n "checking for linux/if_ether.h then netinet/if_ether.h namespace collision... " >&6; } +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -int -main () -{ + #include + #include - ; - return 0; -} _ACEOF -rm -f conftest.o conftest.obj -if { { ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_compile") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : - for ac_file in conftest.o conftest.obj conftest.*; do - test -f "$ac_file" || continue; - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; - *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` - break;; - esac -done +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 -{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot compute suffix of object files: cannot compile -See \`config.log' for more details" "$LINENO" 5; } -fi -rm -f conftest.$ac_cv_objext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define _HAVE_NETINET_LINUX_IF_ETHER_H_COLLISION_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS NETINET_LINUX_IF_ETHER_H_COLLISION" + fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 -$as_echo "$ac_cv_objext" >&6; } -OBJEXT=$ac_cv_objext -ac_objext=$OBJEXT -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 -$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } -if ${ac_cv_c_compiler_gnu+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +CPPFLAGS="$SAV_CPPFLAGS" + +# Linux 4.5 to 4.5.4 has indirectly including +# and which causes a namespace collision. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libiptc/libiptc.h linux/if.h and net/if.h namespace collision" >&5 +$as_echo_n "checking for libiptc/libiptc.h linux/if.h and net/if.h namespace collision... " >&6; } +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -int -main () -{ -#ifndef __GNUC__ - choke me -#endif + #include - ; - return 0; -} _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_compiler_gnu=yes + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + else - ac_compiler_gnu=no + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define _HAVE_LIBIPTC_LINUX_NET_IF_H_COLLISION_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS LIBIPTC_LINUX_NET_IF_H_COLLISION" + fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -ac_cv_c_compiler_gnu=$ac_compiler_gnu +CPPFLAGS="$SAV_CPPFLAGS" + +IPVS_SYNCD_ATTRIBUTES=No +IPVS_64BIT_STATS=No +WITH_REGEX=No +ENABLE_REGEX_DEBUG=No +if test "$enable_lvs" != no; then + IPVS_SUPPORT=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS LVS" + +$as_echo "#define _WITH_LVS_ 1 " >>confdefs.h + + + for ac_header in linux/ip_vs.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "linux/ip_vs.h" "ac_cv_header_linux_ip_vs_h" "$ac_includes_default" +if test "x$ac_cv_header_linux_ip_vs_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LINUX_IP_VS_H 1 +_ACEOF + ac_fn_c_check_decl "$LINENO" "IP_VS_SVC_F_ONEPACKET" "ac_cv_have_decl_IP_VS_SVC_F_ONEPACKET" "#include +" +if test "x$ac_cv_have_decl_IP_VS_SVC_F_ONEPACKET" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 -$as_echo "$ac_cv_c_compiler_gnu" >&6; } -if test $ac_compiler_gnu = yes; then - GCC=yes + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IP_VS_SVC_F_ONEPACKET $ac_have_decl +_ACEOF + + +fi + +done + + + if test $IPVS_USE_NL = Yes; then + +$as_echo "#define LIBIPVS_USE_NL 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS LIBIPVS_NETLINK" + fi + + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + + ac_fn_c_check_decl "$LINENO" "IPVS_DEST_ATTR_ADDR_FAMILY" "ac_cv_have_decl_IPVS_DEST_ATTR_ADDR_FAMILY" "#include +" +if test "x$ac_cv_have_decl_IPVS_DEST_ATTR_ADDR_FAMILY" = xyes; then : + ac_have_decl=1 else - GCC= + ac_have_decl=0 fi -ac_test_CFLAGS=${CFLAGS+set} -ac_save_CFLAGS=$CFLAGS -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 -$as_echo_n "checking whether $CC accepts -g... " >&6; } -if ${ac_cv_prog_cc_g+:} false; then : - $as_echo_n "(cached) " >&6 + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPVS_DEST_ATTR_ADDR_FAMILY $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPVS_DEST_ATTR_ADDR_FAMILY" +fi + + + IPVS_SYNCD_ATTRIBUTES=Yes + ac_fn_c_check_decl "$LINENO" "IPVS_DAEMON_ATTR_SYNC_MAXLEN" "ac_cv_have_decl_IPVS_DAEMON_ATTR_SYNC_MAXLEN" "#include +" +if test "x$ac_cv_have_decl_IPVS_DAEMON_ATTR_SYNC_MAXLEN" = xyes; then : + ac_have_decl=1 else - ac_save_c_werror_flag=$ac_c_werror_flag - ac_c_werror_flag=yes - ac_cv_prog_cc_g=no - CFLAGS="-g" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + ac_have_decl=0 +fi -int -main () -{ +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPVS_DAEMON_ATTR_SYNC_MAXLEN $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : - ; - return 0; -} +else + + IPVS_SYNCD_ATTRIBUTES=No + break + +fi +ac_fn_c_check_decl "$LINENO" "IPVS_DAEMON_ATTR_MCAST_GROUP" "ac_cv_have_decl_IPVS_DAEMON_ATTR_MCAST_GROUP" "#include +" +if test "x$ac_cv_have_decl_IPVS_DAEMON_ATTR_MCAST_GROUP" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPVS_DAEMON_ATTR_MCAST_GROUP $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + + IPVS_SYNCD_ATTRIBUTES=No + break + +fi +ac_fn_c_check_decl "$LINENO" "IPVS_DAEMON_ATTR_MCAST_GROUP6" "ac_cv_have_decl_IPVS_DAEMON_ATTR_MCAST_GROUP6" "#include +" +if test "x$ac_cv_have_decl_IPVS_DAEMON_ATTR_MCAST_GROUP6" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPVS_DAEMON_ATTR_MCAST_GROUP6 $ac_have_decl _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_g=yes +if test $ac_have_decl = 1; then : + else - CFLAGS="" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -int -main () -{ + IPVS_SYNCD_ATTRIBUTES=No + break - ; - return 0; -} +fi +ac_fn_c_check_decl "$LINENO" "IPVS_DAEMON_ATTR_MCAST_PORT" "ac_cv_have_decl_IPVS_DAEMON_ATTR_MCAST_PORT" "#include +" +if test "x$ac_cv_have_decl_IPVS_DAEMON_ATTR_MCAST_PORT" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPVS_DAEMON_ATTR_MCAST_PORT $ac_have_decl _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if test $ac_have_decl = 1; then : else - ac_c_werror_flag=$ac_save_c_werror_flag - CFLAGS="-g" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -int -main () -{ + IPVS_SYNCD_ATTRIBUTES=No + break - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_g=yes -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_fn_c_check_decl "$LINENO" "IPVS_DAEMON_ATTR_MCAST_TTL" "ac_cv_have_decl_IPVS_DAEMON_ATTR_MCAST_TTL" "#include +" +if test "x$ac_cv_have_decl_IPVS_DAEMON_ATTR_MCAST_TTL" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_c_werror_flag=$ac_save_c_werror_flag + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPVS_DAEMON_ATTR_MCAST_TTL $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + + IPVS_SYNCD_ATTRIBUTES=No + break + fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 -$as_echo "$ac_cv_prog_cc_g" >&6; } -if test "$ac_test_CFLAGS" = set; then - CFLAGS=$ac_save_CFLAGS -elif test $ac_cv_prog_cc_g = yes; then - if test "$GCC" = yes; then - CFLAGS="-g -O2" - else - CFLAGS="-g" + + + if test $IPVS_SYNCD_ATTRIBUTES = Yes; then + +$as_echo "#define _HAVE_IPVS_SYNCD_ATTRIBUTES_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPVS_SYNCD_ATTRIBUTES" fi + + if test "$enable_lvs_64bit_stats" != "no"; then + IPVS_64BIT_STATS=Yes + ac_fn_c_check_decl "$LINENO" "IPVS_SVC_ATTR_STATS64" "ac_cv_have_decl_IPVS_SVC_ATTR_STATS64" "#include +" +if test "x$ac_cv_have_decl_IPVS_SVC_ATTR_STATS64" = xyes; then : + ac_have_decl=1 else - if test "$GCC" = yes; then - CFLAGS="-O2" - else - CFLAGS= - fi + ac_have_decl=0 fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 -$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } -if ${ac_cv_prog_cc_c89+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_prog_cc_c89=no -ac_save_CC=$CC -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -struct stat; -/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ -struct buf { int x; }; -FILE * (*rcsopen) (struct buf *, struct stat *, int); -static char *e (p, i) - char **p; - int i; -{ - return p[i]; -} -static char *f (char * (*g) (char **, int), char **p, ...) -{ - char *s; - va_list v; - va_start (v,p); - s = g (p, va_arg (v,int)); - va_end (v); - return s; -} -/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has - function prototypes and stuff, but not '\xHH' hex character constants. - These don't provoke an error unfortunately, instead are silently treated - as 'x'. The following induces an error, until -std is added to get - proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an - array size at least. It's necessary to write '\x00'==0 to get something - that's true only with -std. */ -int osf4_cc_array ['\x00' == 0 ? 1 : -1]; +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPVS_SVC_ATTR_STATS64 $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : -/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters - inside strings and character constants. */ -#define FOO(x) 'x' -int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; +else -int test (int i, double x); -struct s1 {int (*f) (int a);}; -struct s2 {int (*f) (double a);}; -int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); -int argc; -char **argv; -int -main () -{ -return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; - ; - return 0; -} -_ACEOF -for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ - -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" -do - CC="$ac_save_CC $ac_arg" - if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_c89=$ac_arg -fi -rm -f core conftest.err conftest.$ac_objext - test "x$ac_cv_prog_cc_c89" != "xno" && break -done -rm -f conftest.$ac_ext -CC=$ac_save_CC + IPVS_64BIT_STATS=No + break fi -# AC_CACHE_VAL -case "x$ac_cv_prog_cc_c89" in - x) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 -$as_echo "none needed" >&6; } ;; - xno) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 -$as_echo "unsupported" >&6; } ;; - *) - CC="$CC $ac_cv_prog_cc_c89" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 -$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; -esac -if test "x$ac_cv_prog_cc_c89" != xno; then : - +ac_fn_c_check_decl "$LINENO" "IPVS_DEST_ATTR_STATS64" "ac_cv_have_decl_IPVS_DEST_ATTR_STATS64" "#include +" +if test "x$ac_cv_have_decl_IPVS_DEST_ATTR_STATS64" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPVS_DEST_ATTR_STATS64 $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + + IPVS_64BIT_STATS=No + break -ac_aux_dir= -for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do - if test -f "$ac_dir/install-sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install-sh -c" - break - elif test -f "$ac_dir/install.sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install.sh -c" - break - elif test -f "$ac_dir/shtool"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/shtool install -c" - break - fi -done -if test -z "$ac_aux_dir"; then - as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 fi -# These three variables are undocumented and unsupported, -# and are intended to be withdrawn in a future Autoconf release. -# They can cause serious problems if a builder's source tree is in a directory -# whose full name contains unusual characters. -ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. -ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. -ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + if test $IPVS_64BIT_STATS = Yes; then +$as_echo "#define _WITH_LVS_64BIT_STATS_ 1 " >>confdefs.h -# Find a good install program. We prefer a C program (faster), -# so one script is as good as another. But avoid the broken or -# incompatible versions: -# SysV /etc/install, /usr/sbin/install -# SunOS /usr/etc/install -# IRIX /sbin/install -# AIX /bin/install -# AmigaOS /C/install, which installs bootblocks on floppy discs -# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag -# AFS /usr/afsws/bin/install, which mishandles nonexistent args -# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" -# OS/2's system install, which has a completely different semantic -# ./install, which can be erroneously created by make from ./install.sh. -# Reject install programs that cannot install multiple files. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 -$as_echo_n "checking for a BSD-compatible install... " >&6; } -if test -z "$INSTALL"; then -if ${ac_cv_path_install+:} false; then : - $as_echo_n "(cached) " >&6 + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPVS_64BIT_STATS" + fi + fi + + ac_fn_c_check_decl "$LINENO" "IPVS_DEST_ATTR_TUN_TYPE" "ac_cv_have_decl_IPVS_DEST_ATTR_TUN_TYPE" "#include +" +if test "x$ac_cv_have_decl_IPVS_DEST_ATTR_TUN_TYPE" = xyes; then : + ac_have_decl=1 else - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - # Account for people who put trailing slashes in PATH elements. -case $as_dir/ in #(( - ./ | .// | /[cC]/* | \ - /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ - ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ - /usr/ucb/* ) ;; - *) - # OSF1 and SCO ODT 3.0 have their own names for install. - # Don't use installbsd from OSF since it installs stuff as root - # by default. - for ac_prog in ginstall scoinst install; do - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then - if test $ac_prog = install && - grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then - # AIX install. It has an incompatible calling convention. - : - elif test $ac_prog = install && - grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then - # program-specific install script used by HP pwplus--don't use. - : - else - rm -rf conftest.one conftest.two conftest.dir - echo one > conftest.one - echo two > conftest.two - mkdir conftest.dir - if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && - test -s conftest.one && test -s conftest.two && - test -s conftest.dir/conftest.one && - test -s conftest.dir/conftest.two - then - ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" - break 3 - fi - fi - fi + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPVS_DEST_ATTR_TUN_TYPE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + + +$as_echo "#define _HAVE_IPVS_TUN_TYPE_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPVS_TUN_TYPE" + +fi + + + ac_fn_c_check_decl "$LINENO" "IP_VS_TUNNEL_ENCAP_FLAG_NOCSUM" "ac_cv_have_decl_IP_VS_TUNNEL_ENCAP_FLAG_NOCSUM" "#include +" +if test "x$ac_cv_have_decl_IP_VS_TUNNEL_ENCAP_FLAG_NOCSUM" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IP_VS_TUNNEL_ENCAP_FLAG_NOCSUM $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + + +$as_echo "#define _HAVE_IPVS_TUN_CSUM_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPVS_TUN_CSUM" + +fi + + + ac_fn_c_check_decl "$LINENO" "IP_VS_CONN_F_TUNNEL_TYPE_GRE" "ac_cv_have_decl_IP_VS_CONN_F_TUNNEL_TYPE_GRE" "#include +" +if test "x$ac_cv_have_decl_IP_VS_CONN_F_TUNNEL_TYPE_GRE" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IP_VS_CONN_F_TUNNEL_TYPE_GRE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + + +$as_echo "#define _HAVE_IPVS_TUN_GRE_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPVS_TUN_GRE" + +fi + + + CPPFLAGS="$SAV_CPPFLAGS" + + if test "$enable_regex" = yes; then : + + $PKG_CONFIG --exists libpcre2-8 + HAVE_PCRE2=$? + if test $HAVE_PCRE2 -ne 0; then : + as_fn_error $? "cannot find pcre library" "$LINENO" 5 +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcre.h" >&5 +$as_echo_n "checking for pcre.h... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #define PCRE2_CODE_UNIT_WIDTH 8 + #include + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + WITH_REGEX=Yes + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libpcre2-8`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libpcre2-8`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libpcre2-8` + var=`$PKG_CONFIG --libs-only-l libpcre2-8` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libpcre2-8`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi done - ;; -esac + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" - done -IFS=$as_save_IFS + fi -rm -rf conftest.one conftest.two conftest.dir + +$as_echo "#define _WITH_REGEX_CHECK_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS REGEX" + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "pcre2.h is missing" "$LINENO" 5 fi - if test "${ac_cv_path_install+set}" = set; then - INSTALL=$ac_cv_path_install - else - # As a last resort, use the slow shell script. Don't cache a - # value for INSTALL within a source directory, because that will - # break other packages using the cache if that directory is - # removed, or if the value is a relative name. - INSTALL=$ac_install_sh - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 -$as_echo "$INSTALL" >&6; } +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test "$enable_regex_timers" = yes; then -# Use test -z because SunOS4 sh mishandles braces in ${var-val}. -# It thinks the first close brace ends the variable substitution. -test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' +$as_echo "#define _WITH_REGEX_TIMERS_ 1 " >>confdefs.h -test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + fi -test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + if test "${enable_regex_debug}" = yes; then -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. -set dummy ${ac_tool_prefix}strip; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_STRIP+:} false; then : - $as_echo_n "(cached) " >&6 +$as_echo "#define _REGEX_DEBUG_ 1 " >>confdefs.h + + ENABLE_REGEX_DEBUG=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS REGEX_DEBUG" + fi + +fi else - if test -n "$STRIP"; then - ac_cv_prog_STRIP="$STRIP" # Let the user override the test. + IPVS_SUPPORT=No +fi + if test $IPVS_SUPPORT = Yes; then + WITH_IPVS_TRUE= + WITH_IPVS_FALSE='#' else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_STRIP="${ac_tool_prefix}strip" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 + WITH_IPVS_TRUE='#' + WITH_IPVS_FALSE= +fi + + if test $WITH_REGEX = Yes; then + WITH_REGEX_TRUE= + WITH_REGEX_FALSE='#' +else + WITH_REGEX_TRUE='#' + WITH_REGEX_FALSE= +fi + + +VRRP_SUPPORT=No +VRRP_AUTH_SUPPORT=No +MACVLAN_SUPPORT=No +ENABLE_JSON=No +BFD_SUPPORT=No +HAVE_CN_PROC=No +if test "$enable_vrrp" != no; then + VRRP_SUPPORT=Yes + +$as_echo "#define _WITH_VRRP_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS VRRP" + + if test "${enable_vrrp_auth}" != no; then + VRRP_AUTH_SUPPORT=Yes + +$as_echo "#define _WITH_VRRP_AUTH_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS VRRP_AUTH" fi -done - done -IFS=$as_save_IFS + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + MACVLAN_SUPPORT=Yes + ac_fn_c_check_decl "$LINENO" "IFLA_MACVLAN_MODE" "ac_cv_have_decl_IFLA_MACVLAN_MODE" " + #include + #include + +" +if test "x$ac_cv_have_decl_IFLA_MACVLAN_MODE" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IFLA_MACVLAN_MODE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + + MACVLAN_SUPPORT=No + break + fi -STRIP=$ac_cv_prog_STRIP -if test -n "$STRIP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 -$as_echo "$STRIP" >&6; } +ac_fn_c_check_decl "$LINENO" "MACVLAN_MODE_PRIVATE" "ac_cv_have_decl_MACVLAN_MODE_PRIVATE" " + #include + #include + +" +if test "x$ac_cv_have_decl_MACVLAN_MODE_PRIVATE" = xyes; then : + ac_have_decl=1 else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + ac_have_decl=0 fi +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_MACVLAN_MODE_PRIVATE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + + MACVLAN_SUPPORT=No + break fi -if test -z "$ac_cv_prog_STRIP"; then - ac_ct_STRIP=$STRIP - # Extract the first word of "strip", so it can be a program name with args. -set dummy strip; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_STRIP+:} false; then : - $as_echo_n "(cached) " >&6 + + if test $MACVLAN_SUPPORT = Yes; then + +$as_echo "#define _HAVE_VRRP_VMAC_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS VRRP_VMAC" + fi + CPPFLAGS="$SAV_CPPFLAGS" + + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + IPVLAN_SUPPORT=Yes + ac_fn_c_check_decl "$LINENO" "IFLA_IPVLAN_MODE" "ac_cv_have_decl_IFLA_IPVLAN_MODE" " + #include + #include + +" +if test "x$ac_cv_have_decl_IFLA_IPVLAN_MODE" = xyes; then : + ac_have_decl=1 else - if test -n "$ac_ct_STRIP"; then - ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IFLA_IPVLAN_MODE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_STRIP="strip" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 + + IPVLAN_SUPPORT=No + break + +fi + + if test $IPVLAN_SUPPORT = Yes; then + +$as_echo "#define _HAVE_VRRP_IPVLAN_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS VRRP_IPVLAN" fi -done - done -IFS=$as_save_IFS + CPPFLAGS="$SAV_CPPFLAGS" + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + int main(void) { int var = IFLA_LINK_NETNSID; } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + +$as_echo "#define HAVE_IFLA_LINK_NETNSID 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IFLA_LINK_NETNSID" fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + if test "${enable_json}" = yes; then + ENABLE_JSON=Yes + +$as_echo "#define _WITH_JSON_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS JSON" + fi + + if test "${enable_bfd}" = yes; then + BFD_SUPPORT=Yes + +$as_echo "#define _WITH_BFD_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS BFD" + fi + + if test .$enable_track_process != .no; then : + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS CN_PROC" + HAVE_CN_PROC=Yes + +$as_echo "#define _WITH_CN_PROC_ 1 " >>confdefs.h + + ac_fn_c_check_decl "$LINENO" "PROC_EVENT_SID" "ac_cv_have_decl_PROC_EVENT_SID" "#include +" +if test "x$ac_cv_have_decl_PROC_EVENT_SID" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi -ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP -if test -n "$ac_ct_STRIP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 -$as_echo "$ac_ct_STRIP" >&6; } + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_PROC_EVENT_SID $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "PROC_EVENT_PTRACE" "ac_cv_have_decl_PROC_EVENT_PTRACE" "#include +" +if test "x$ac_cv_have_decl_PROC_EVENT_PTRACE" = xyes; then : + ac_have_decl=1 else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + ac_have_decl=0 fi - if test "x$ac_ct_STRIP" = x; then - STRIP="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - STRIP=$ac_ct_STRIP - fi +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_PROC_EVENT_PTRACE $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "PROC_EVENT_COMM" "ac_cv_have_decl_PROC_EVENT_COMM" "#include +" +if test "x$ac_cv_have_decl_PROC_EVENT_COMM" = xyes; then : + ac_have_decl=1 else - STRIP="$ac_cv_prog_STRIP" + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_PROC_EVENT_COMM $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "PROC_EVENT_COREDUMP" "ac_cv_have_decl_PROC_EVENT_COREDUMP" "#include +" +if test "x$ac_cv_have_decl_PROC_EVENT_COREDUMP" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_PROC_EVENT_COREDUMP $ac_have_decl +_ACEOF + + +else + CONFIG_OPTIONS="$CONFIG_OPTIONS DISABLE_TRACK_PROCESS" +fi +fi + if test $VRRP_SUPPORT = Yes; then + WITH_VRRP_TRUE= + WITH_VRRP_FALSE='#' +else + WITH_VRRP_TRUE='#' + WITH_VRRP_FALSE= +fi -# Check whether --enable-lvs-syncd was given. -if test "${enable_lvs_syncd+set}" = set; then : - enableval=$enable_lvs_syncd; + if test $VRRP_AUTH_SUPPORT = Yes; then + VRRP_AUTH_TRUE= + VRRP_AUTH_FALSE='#' +else + VRRP_AUTH_TRUE='#' + VRRP_AUTH_FALSE= fi -# Check whether --enable-lvs was given. -if test "${enable_lvs+set}" = set; then : - enableval=$enable_lvs; + if test $MACVLAN_SUPPORT = Yes; then + VMAC_TRUE= + VMAC_FALSE='#' +else + VMAC_TRUE='#' + VMAC_FALSE= fi -# Check whether --enable-vrrp was given. -if test "${enable_vrrp+set}" = set; then : - enableval=$enable_vrrp; + if test $ENABLE_JSON = Yes; then + WITH_JSON_TRUE= + WITH_JSON_FALSE='#' +else + WITH_JSON_TRUE='#' + WITH_JSON_FALSE= fi + if test $BFD_SUPPORT = Yes; then + WITH_BFD_TRUE= + WITH_BFD_FALSE='#' +else + WITH_BFD_TRUE='#' + WITH_BFD_FALSE= +fi -# Check whether --with-kernel-dir was given. -if test "${with_kernel_dir+set}" = set; then : - withval=$with_kernel_dir; kernelinc="$withval/include" kernelpath="$withval" + if test $HAVE_CN_PROC = Yes; then + CN_PROC_TRUE= + CN_PROC_FALSE='#' else - kernelinc="/usr/src/linux/include" kernelpath="/usr/src/linux" + CN_PROC_TRUE='#' + CN_PROC_FALSE= fi -# Check whether --with-kernel-version was given. -if test "${with_kernel_version+set}" = set; then : - withval=$with_kernel_version; kernelversion="$withval" -else - kernelversion="" +if test ${IPVS_SUPPORT} = No -a ${VRRP_SUPPORT} = No; then + as_fn_error $? "keepalived MUST be compiled with at least one of LVS or VRRP framework" "$LINENO" 5 fi -# Check whether --enable-fwmark was given. -if test "${enable_fwmark+set}" = set; then : - enableval=$enable_fwmark; +# Introduced in Linux 2.6.27 and glibc 2.9 +ac_fn_c_check_decl "$LINENO" "SOCK_NONBLOCK" "ac_cv_have_decl_SOCK_NONBLOCK" "#include +" +if test "x$ac_cv_have_decl_SOCK_NONBLOCK" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi -# Check whether --enable-snmp was given. -if test "${enable_snmp+set}" = set; then : - enableval=$enable_snmp; +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SOCK_NONBLOCK $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + SYSTEM_OPTIONS="$SYSTEM_OPTIONS SOCK_NONBLOCK" fi -# Check whether --enable-sha1 was given. -if test "${enable_sha1+set}" = set; then : - enableval=$enable_sha1; + if test $ac_cv_have_decl_SOCK_NONBLOCK = yes; then + SOCK_NONBLOCK_TRUE= + SOCK_NONBLOCK_FALSE='#' +else + SOCK_NONBLOCK_TRUE='#' + SOCK_NONBLOCK_FALSE= fi -# Check whether --enable-debug was given. -if test "${enable_debug+set}" = set; then : - enableval=$enable_debug; + +# Introduced in Linux 2.6.27 and glibc 2.9 +ac_fn_c_check_decl "$LINENO" "SOCK_CLOEXEC" "ac_cv_have_decl_SOCK_CLOEXEC" "#include +" +if test "x$ac_cv_have_decl_SOCK_CLOEXEC" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi -# Check whether --enable-profile was given. -if test "${enable_profile+set}" = set; then : - enableval=$enable_profile; +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SOCK_CLOEXEC $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + SYSTEM_OPTIONS="$SYSTEM_OPTIONS SOCK_CLOEXEC" fi +# Introduced in Linux 2.6.37 +ac_fn_c_check_decl "$LINENO" "IPVS_SVC_ATTR_PE_NAME" "ac_cv_have_decl_IPVS_SVC_ATTR_PE_NAME" "#include +" +if test "x$ac_cv_have_decl_IPVS_SVC_ATTR_PE_NAME" = xyes; then : + + +$as_echo "#define _HAVE_PE_NAME_ 1 " >>confdefs.h + -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 -$as_echo_n "checking how to run the C preprocessor... " >&6; } -# On Suns, sometimes $CPP names a directory. -if test -n "$CPP" && test -d "$CPP"; then - CPP= fi -if test -z "$CPP"; then - if ${ac_cv_prog_CPP+:} false; then : - $as_echo_n "(cached) " >&6 + + +# Introduced in Linux 2.6.39 +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE" +ac_fn_c_check_decl "$LINENO" "O_PATH" "ac_cv_have_decl_O_PATH" "#include +" +if test "x$ac_cv_have_decl_O_PATH" = xyes; then : + ac_have_decl=1 else - # Double quotes because CPP needs to be expanded - for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" - do - ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif - Syntax error + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_O_PATH $ac_have_decl _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : +if test $ac_have_decl = 1; then : + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS O_PATH" + +fi + +CPPFLAGS="$SAV_CPPFLAGS" +ac_fn_c_check_decl "$LINENO" "GLOB_BRACE" "ac_cv_have_decl_GLOB_BRACE" "#include +" +if test "x$ac_cv_have_decl_GLOB_BRACE" = xyes; then : + ac_have_decl=1 else - # Broken: fails on valid input. -continue + ac_have_decl=0 fi -rm -f conftest.err conftest.i conftest.$ac_ext - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_GLOB_BRACE $ac_have_decl _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - # Broken: success on invalid input. -continue -else - # Passes both tests. -ac_preproc_ok=: -break +if test $ac_have_decl = 1; then : + SYSTEM_OPTIONS="$SYSTEM_OPTIONS GLOB_BRACE" fi -rm -f conftest.err conftest.i conftest.$ac_ext -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok; then : - break + +UNICAST_CHKSUM_COMPAT_SUPPORT=No +if test .$enable_checksum_compat != .no; then + UNICAST_CHKSUM_COMPAT_SUPPORT=Yes + +$as_echo "#define _WITH_UNICAST_CHKSUM_COMPAT_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS OLD_CHKSUM_COMPAT" fi - done - ac_cv_prog_CPP=$CPP +FIB_ROUTING_SUPPORT=No +if test .$enable_vrrp != .no -a .$enable_routes != .no; then + # Introduced in Linux 2.6.19 + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + ac_fn_c_check_decl "$LINENO" "FRA_SRC" "ac_cv_have_decl_FRA_SRC" "#include + #include +" +if test "x$ac_cv_have_decl_FRA_SRC" = xyes; then : + + FIB_ROUTING_SUPPORT=Yes + +$as_echo "#define _HAVE_FIB_ROUTING_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS FIB_ROUTING" fi - CPP=$ac_cv_prog_CPP + + CPPFLAGS="$SAV_CPPFLAGS" +fi + if test $FIB_ROUTING_SUPPORT = Yes; then + FIB_ROUTING_TRUE= + FIB_ROUTING_FALSE='#' else - ac_cv_prog_CPP=$CPP + FIB_ROUTING_TRUE='#' + FIB_ROUTING_FALSE= fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 -$as_echo "$CPP" >&6; } -ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif - Syntax error -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : + + +if test .$enable_linkbeat = .no; then : + + LINKBEAT_SUPPORT=No + CONFIG_OPTIONS="$CONFIG_OPTIONS NO_LINKBEAT" else - # Broken: fails on valid input. -continue + + LINKBEAT_SUPPORT=Yes + +$as_echo "#define _WITH_LINKBEAT_ 1 " >>confdefs.h + + fi -rm -f conftest.err conftest.i conftest.$ac_ext - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - # Broken: success on invalid input. -continue +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +if test ${MACVLAN_SUPPORT} = Yes; then + # Introduced in Linux 3.17 + ac_fn_c_check_decl "$LINENO" "IFLA_INET6_ADDR_GEN_MODE" "ac_cv_have_decl_IFLA_INET6_ADDR_GEN_MODE" " + #include + +" +if test "x$ac_cv_have_decl_IFLA_INET6_ADDR_GEN_MODE" = xyes; then : + ac_have_decl=1 else - # Passes both tests. -ac_preproc_ok=: -break + ac_have_decl=0 fi -rm -f conftest.err conftest.i conftest.$ac_ext -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok; then : +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IFLA_INET6_ADDR_GEN_MODE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS INET6_ADDR_GEN_MODE" + +fi + +fi +CPPFLAGS="$SAV_CPPFLAGS" + +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +if test ${MACVLAN_SUPPORT} = Yes; then + # Introduced in Linux 4.3 + ac_fn_c_check_decl "$LINENO" "IFLA_VRF_MAX" "ac_cv_have_decl_IFLA_VRF_MAX" " + #include +" +if test "x$ac_cv_have_decl_IFLA_VRF_MAX" = xyes; then : + ac_have_decl=1 else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details" "$LINENO" 5; } + ac_have_decl=0 fi -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IFLA_VRF_MAX $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + SYSTEM_OPTIONS="$SYSTEM_OPTIONS VRF" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 -$as_echo_n "checking for grep that handles long lines and -e... " >&6; } -if ${ac_cv_path_GREP+:} false; then : +$as_echo "#define _HAVE_VRF_ 1 " >>confdefs.h + + +fi + +fi +CPPFLAGS="$SAV_CPPFLAGS" + +SNMP_SUPPORT=No +SNMP_KEEPALIVED_SUPPORT=No +SNMP_VRRP_SUPPORT=No +SNMP_RFC_SUPPORT=No +SNMP_RFCV2_SUPPORT=No +SNMP_RFCV3_SUPPORT=No +SNMP_CHECKER_SUPPORT=No +SNMP_V3_FOR_V2=No +if test "$enable_snmp_keepalived" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --enable-snmp-keepalived is obsolete. Use --enable-snmp-vrrp." >&5 +$as_echo "$as_me: WARNING: --enable-snmp-keepalived is obsolete. Use --enable-snmp-vrrp." >&2;} + enable_snmp_vrrp=$enable_snmp_keepalived +fi +if test "$enable_snmp" = yes -o \ + "$enable_snmp_vrrp" = yes -o \ + "$enable_snmp_checker" = yes -o \ + "$enable_snmp_rfc" = yes -o \ + "$enable_snmp_rfcv2" = yes -o \ + "$enable_snmp_rfcv3" = yes; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}net-snmp-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}net-snmp-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_NETSNMP_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else - if test -z "$GREP"; then - ac_path_GREP_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in grep ggrep; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_GREP" || continue -# Check for GNU ac_path_GREP and select it if it is found. - # Check for GNU $ac_path_GREP -case `"$ac_path_GREP" --version 2>&1` in -*GNU*) - ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; -*) - ac_count=0 - $as_echo_n 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - $as_echo 'GREP' >> "conftest.nl" - "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_GREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_GREP="$ac_path_GREP" - ac_path_GREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_GREP_found && break 3 - done - done + case $NETSNMP_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_NETSNMP_CONFIG="$NETSNMP_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_NETSNMP_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done done IFS=$as_save_IFS - if test -z "$ac_cv_path_GREP"; then - as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi -else - ac_cv_path_GREP=$GREP -fi + ;; +esac +fi +NETSNMP_CONFIG=$ac_cv_path_NETSNMP_CONFIG +if test -n "$NETSNMP_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NETSNMP_CONFIG" >&5 +$as_echo "$NETSNMP_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 -$as_echo "$ac_cv_path_GREP" >&6; } - GREP="$ac_cv_path_GREP" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 -$as_echo_n "checking for egrep... " >&6; } -if ${ac_cv_path_EGREP+:} false; then : +fi +if test -z "$ac_cv_path_NETSNMP_CONFIG"; then + ac_pt_NETSNMP_CONFIG=$NETSNMP_CONFIG + # Extract the first word of "net-snmp-config", so it can be a program name with args. +set dummy net-snmp-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ac_pt_NETSNMP_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else - if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 - then ac_cv_path_EGREP="$GREP -E" - else - if test -z "$EGREP"; then - ac_path_EGREP_found=false - # Loop through the user's path and test for each of PROGNAME-LIST + case $ac_pt_NETSNMP_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_NETSNMP_CONFIG="$ac_pt_NETSNMP_CONFIG" # Let the user override the test with a path. + ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_EGREP" || continue -# Check for GNU ac_path_EGREP and select it if it is found. - # Check for GNU $ac_path_EGREP -case `"$ac_path_EGREP" --version 2>&1` in -*GNU*) - ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; -*) - ac_count=0 - $as_echo_n 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - $as_echo 'EGREP' >> "conftest.nl" - "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_EGREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_EGREP="$ac_path_EGREP" - ac_path_EGREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_EGREP_found && break 3 - done - done + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_NETSNMP_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done done IFS=$as_save_IFS - if test -z "$ac_cv_path_EGREP"; then - as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi + + ;; +esac +fi +ac_pt_NETSNMP_CONFIG=$ac_cv_path_ac_pt_NETSNMP_CONFIG +if test -n "$ac_pt_NETSNMP_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_NETSNMP_CONFIG" >&5 +$as_echo "$ac_pt_NETSNMP_CONFIG" >&6; } else - ac_cv_path_EGREP=$EGREP + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi - fi + if test "x$ac_pt_NETSNMP_CONFIG" = x; then + NETSNMP_CONFIG="no" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + NETSNMP_CONFIG=$ac_pt_NETSNMP_CONFIG + fi +else + NETSNMP_CONFIG="$ac_cv_path_NETSNMP_CONFIG" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 -$as_echo "$ac_cv_path_EGREP" >&6; } - EGREP="$ac_cv_path_EGREP" + if test "$NETSNMP_CONFIG" = no; then + as_fn_error $? "*** unable to find net-snmp-config" "$LINENO" 5 + fi + NETSNMP_LIBS_AGENT=`${NETSNMP_CONFIG} --netsnmp-agent-libs` + NETSNMP_LIBS_EXT=`${NETSNMP_CONFIG} --external-libs` + NETSNMP_LIBS="$NETSNMP_LIBS_AGENT $NETSNMP_LIBS_EXT" + NETSNMP_CFLAGS="`${NETSNMP_CONFIG} --base-cflags`" + NETSNMP_CPPFLAGS="-DNETSNMP_NO_INLINE" + + # net-snmp-config adds compiler and linker options that were set at the time + # net-snmp was built, and this can include spec files that may not exist + # on the system building keepalived. We need to check if any spec files + # are specified, and if they do not exist on this system, then remove them + # from NETSNMP_LIBS or NETSNMP_CFLAGS. + # For further information, see https://bugzilla.redhat.com/show_bug.cgi?id=1544527 + # and the other bugs referred to in it. + for spec in `echo $NETSNMP_LIBS | sed -e "s? ?\n?g" | grep "^-specs="`; do + SPEC_FILE=`echo $spec | sed -e "s?^-spaces=??"` + if test ! -f $SPEC_FILE; then + NETSNMP_LIBS=`echo $NETSNMP_LIBS | sed -e "s? *$spec *? ?"` + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Removing $spec from NETSNMP_LIBS since spec file not installed" >&5 +$as_echo "$as_me: WARNING: Removing $spec from NETSNMP_LIBS since spec file not installed" >&2;} + fi + done + for spec in `echo $NETSNMP_CFLAGS | sed -e "s? ?\n?g" | grep "^-specs="`; do + SPEC_FILE=`echo $spec | sed -e "s?^-spaces=??"` + if test ! -f $SPEC_FILE; then + NETSNMP_CFLAGS=`echo $NETSNMP_CFLAGS | sed -e "s? *$spec *? ?"` + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Removing $spec from NETSNMP_CFLAGS since spec file not installed" >&5 +$as_echo "$as_me: WARNING: Removing $spec from NETSNMP_CFLAGS since spec file not installed" >&2;} + fi + done -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 -$as_echo_n "checking for ANSI C header files... " >&6; } -if ${ac_cv_header_stdc+:} false; then : - $as_echo_n "(cached) " >&6 -else + SAV_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS ${NETSNMP_CFLAGS}" + SAV_LIBS="$LIBS" + LIBS="$LIBS ${NETSNMP_LIBS}" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler supports flag \"${NETSNMP_CFLAGS} ${NETSNMP_LIBS}\" from Net-SNMP" >&5 +$as_echo_n "checking whether C compiler supports flag \"${NETSNMP_CFLAGS} ${NETSNMP_LIBS}\" from Net-SNMP... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include -#include -#include -#include -int -main () -{ + int main(void) + { + return 0; + } - ; - return 0; -} _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_stdc=yes +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else - ac_cv_header_stdc=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "*** incorrect CFLAGS from net-snmp-config" "$LINENO" 5 +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + # Do we have subagent support? + for ac_func in netsnmp_enable_subagent +do : + ac_fn_c_check_func "$LINENO" "netsnmp_enable_subagent" "ac_cv_func_netsnmp_enable_subagent" +if test "x$ac_cv_func_netsnmp_enable_subagent" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NETSNMP_ENABLE_SUBAGENT 1 _ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "memchr" >/dev/null 2>&1; then : else - ac_cv_header_stdc=no + as_fn_error $? "*** no subagent support in net-snmp" "$LINENO" 5 fi -rm -f conftest* +done -fi -if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include + # check for net-snmp headers + # Some ancient distributions may miss header + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $NETSNMP_CFLAGS" + for ac_header in net-snmp/agent/agent_sysORTable.h net-snmp/agent/snmp_vars.h net-snmp/agent/util_funcs.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" " + #include + #include + #include +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "free" >/dev/null 2>&1; then : else - ac_cv_header_stdc=no + as_fn_error $? "missing net-snmp headers" "$LINENO" 5 fi -rm -f conftest* -fi +done -if test $ac_cv_header_stdc = yes; then - # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. - if test "$cross_compiling" = yes; then : - : -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#if ((' ' & 0x0FF) == 0x020) -# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) -#else -# define ISLOWER(c) \ - (('a' <= (c) && (c) <= 'i') \ - || ('j' <= (c) && (c) <= 'r') \ - || ('s' <= (c) && (c) <= 'z')) -# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) -#endif -#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) -int -main () -{ - int i; - for (i = 0; i < 256; i++) - if (XOR (islower (i), ISLOWER (i)) - || toupper (i) != TOUPPER (i)) - return 2; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : + SNMP_SUPPORT=Yes -else - ac_cv_header_stdc=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi + # NETSNMP_CFLAGS can have CPPFLAGS options, so separate them + NETSNMP_CPPFLAGS_XTRA=`echo " $NETSNMP_CFLAGS " | sed -e "s/ / /g" -e "s/ -[^IDU] *-/ -/g" -e "s/ -[^IDU] *[^-][^ ]* / /g" -e "s/ */ /g"` + NETSNMP_CFLAGS=`echo " $NETSNMP_CFLAGS " | sed -e "s/ / /g" -e "s/ -[IDU] *[^ ]* / /g" -e "s/ */ /g"` + KA_CFLAGS="$KA_CFLAGS $NETSNMP_CFLAGS" + KA_CPPFLAGS="$KA_CPPFLAGS $NETSNMP_CPPFLAGS $NETSNMP_CPPFLAGS_XTRA" + + # NETSNMP_LIBS may have some LDFLAGS options, so separate them + NETSNMP_LDFLAGS_XTRA=`echo " $NETSNMP_LIBS " | sed -e "s/ / /g" -e "s/ -l *[^ ]* / /g" -e "s/ */ /g" -e "s/ -/ @-/g" | tr "@" "\n" | sed -e "s/^ *//" -e "s/ *$//" | sort -u | tr "\n" " "` + NETSNMP_LIBS=`echo " $NETSNMP_LIBS " | sed -e "s/ / /g" -e "s/ \(-l *[^ ]*\) /@\1@/g" | tr "@" "\n" | grep "^-l" | tr "\n" " " | sed -e "s/ */ /g"` + KA_LDFLAGS="$KA_LDFLAGS $NETSNMP_LDFLAGS $NETSNMP_LDFLAGS_XTRA" + KA_LIBS="$KA_LIBS $NETSNMP_LIBS" + + if test "$enable_snmp_rfc" = yes; then + SNMP_RFCV2_SUPPORT=Yes + SNMP_RFCV3_SUPPORT=Yes + else + if test "$enable_snmp_rfcv2" = yes; then + SNMP_RFCV2_SUPPORT=Yes + fi + if test "$enable_snmp_rfcv3" = yes; then + SNMP_RFCV3_SUPPORT=Yes + fi + fi + if test ${SNMP_RFCV2_SUPPORT} = Yes -o \ + ${SNMP_RFCV3_SUPPORT} = Yes; then + if test ${VRRP_SUPPORT} != Yes; then + as_fn_error $? "RFC SNMP support requires VRRP" "$LINENO" 5 + fi + SNMP_RFC_SUPPORT=Yes + fi + if test ${SNMP_RFCV3_SUPPORT} = Yes -a \ + "$enable_snmp_reply_v3_for_v2" != no; then + +$as_echo "#define _SNMP_REPLY_V3_FOR_V2_ 1 " >>confdefs.h + + SNMP_V3_FOR_V2=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS SNMP_V3_FOR_V2" + fi + + if test "$enable_snmp" = yes; then + if test ${VRRP_SUPPORT} = Yes; then + SNMP_VRRP_SUPPORT=Yes + fi + if test ${IPVS_SUPPORT} = Yes; then + SNMP_CHECKER_SUPPORT=Yes + fi + else + if test "$enable_snmp_vrrp" = yes; then + SNMP_VRRP_SUPPORT=Yes + fi + if test "$enable_snmp_checker" = yes; then + SNMP_CHECKER_SUPPORT=Yes + fi + fi + if test ${VRRP_SUPPORT} != Yes -a \ + ${SNMP_VRRP_SUPPORT} = Yes; then + as_fn_error $? "VRRP SNMP support requires VRRP" "$LINENO" 5 + fi + if test ${IPVS_SUPPORT} = No -a \ + ${SNMP_CHECKER_SUPPORT} = Yes; then + as_fn_error $? "CHECKER SNMP support requires checker" "$LINENO" 5 + fi + + if test ${SNMP_VRRP_SUPPORT} = Yes -o \ + ${SNMP_CHECKER_SUPPORT} = Yes; then + SNMP_KEEPALIVED_SUPPORT=Yes + fi + CPPFLAGS="$SAV_CPPFLAGS" + CFLAGS="$SAV_CFLAGS" + LIBS="$SAV_LIBS" fi + +if test $SNMP_SUPPORT = Yes; then + +$as_echo "#define _WITH_SNMP_ 1 " >>confdefs.h + fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 -$as_echo "$ac_cv_header_stdc" >&6; } -if test $ac_cv_header_stdc = yes; then +if test $SNMP_KEEPALIVED_SUPPORT = Yes; then -$as_echo "#define STDC_HEADERS 1" >>confdefs.h +$as_echo "#define _WITH_SNMP_KEEPALIVED_ 1 " >>confdefs.h fi +if test $SNMP_VRRP_SUPPORT = Yes; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sys/wait.h that is POSIX.1 compatible" >&5 -$as_echo_n "checking for sys/wait.h that is POSIX.1 compatible... " >&6; } -if ${ac_cv_header_sys_wait_h+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#ifndef WEXITSTATUS -# define WEXITSTATUS(stat_val) ((unsigned int) (stat_val) >> 8) -#endif -#ifndef WIFEXITED -# define WIFEXITED(stat_val) (((stat_val) & 255) == 0) -#endif +$as_echo "#define _WITH_SNMP_VRRP_ 1 " >>confdefs.h -int -main () -{ - int s; - wait (&s); - s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_sys_wait_h=yes -else - ac_cv_header_sys_wait_h=no + CONFIG_OPTIONS="$CONFIG_OPTIONS SNMP_VRRP" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +if test $SNMP_CHECKER_SUPPORT = Yes; then + +$as_echo "#define _WITH_SNMP_CHECKER_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS SNMP_CHECKER" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_sys_wait_h" >&5 -$as_echo "$ac_cv_header_sys_wait_h" >&6; } -if test $ac_cv_header_sys_wait_h = yes; then +if test $SNMP_RFC_SUPPORT = Yes; then -$as_echo "#define HAVE_SYS_WAIT_H 1" >>confdefs.h +$as_echo "#define _WITH_SNMP_RFC_ 1 " >>confdefs.h fi +if test $SNMP_RFCV2_SUPPORT = Yes; then -# On IRIX 5.3, sys/types and inttypes.h are conflicting. -for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ - inttypes.h stdint.h unistd.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default -" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF +$as_echo "#define _WITH_SNMP_RFCV2_ 1 " >>confdefs.h + CONFIG_OPTIONS="$CONFIG_OPTIONS SNMP_RFCV2" fi +if test $SNMP_RFCV3_SUPPORT = Yes; then -done +$as_echo "#define _WITH_SNMP_RFCV3_ 1 " >>confdefs.h + CONFIG_OPTIONS="$CONFIG_OPTIONS SNMP_RFCV3" +fi + if test $SNMP_SUPPORT = Yes; then + SNMP_TRUE= + SNMP_FALSE='#' +else + SNMP_TRUE='#' + SNMP_FALSE= +fi -for ac_header in fcntl.h syslog.h unistd.h sys/ioctl.h sys/time.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF + if test $SNMP_KEEPALIVED_SUPPORT = Yes; then + SNMP_KEEPALIVED_TRUE= + SNMP_KEEPALIVED_FALSE='#' +else + SNMP_KEEPALIVED_TRUE='#' + SNMP_KEEPALIVED_FALSE= +fi + if test $SNMP_VRRP_SUPPORT = Yes -o $SNMP_RFC_SUPPORT = Yes; then + SNMP_VRRP_TRUE= + SNMP_VRRP_FALSE='#' +else + SNMP_VRRP_TRUE='#' + SNMP_VRRP_FALSE= fi -done + if test $SNMP_CHECKER_SUPPORT = Yes; then + SNMP_CHECKER_TRUE= + SNMP_CHECKER_FALSE='#' +else + SNMP_CHECKER_TRUE='#' + SNMP_CHECKER_FALSE= +fi -for ac_header in openssl/ssl.h openssl/md5.h openssl/err.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF + if test $SNMP_RFCV2_SUPPORT = Yes -o $SNMP_RFCV3_SUPPORT = Yes; then + SNMP_RFC_TRUE= + SNMP_RFC_FALSE='#' +else + SNMP_RFC_TRUE='#' + SNMP_RFC_FALSE= +fi + if test $SNMP_RFCV2_SUPPORT = Yes; then + SNMP_RFCV2_TRUE= + SNMP_RFCV2_FALSE='#' else - as_fn_error $? " - !!! OpenSSL is not properly installed on your system. !!! - !!! Can not include OpenSSL headers files. !!!" "$LINENO" 5 + SNMP_RFCV2_TRUE='#' + SNMP_RFCV2_FALSE= fi -done + if test $SNMP_RFCV3_SUPPORT = Yes; then + SNMP_RFCV3_TRUE= + SNMP_RFCV3_FALSE='#' +else + SNMP_RFCV3_TRUE='#' + SNMP_RFCV3_FALSE= +fi -ac_fn_c_check_decl "$LINENO" "ETHERTYPE_IPV6" "ac_cv_have_decl_ETHERTYPE_IPV6" "#include -" -if test "x$ac_cv_have_decl_ETHERTYPE_IPV6" = xyes; then : + if test $SNMP_V3_FOR_V2 = Yes; then + SNMP_REPLY_V3_FOR_V2_TRUE= + SNMP_REPLY_V3_FOR_V2_FALSE='#' +else + SNMP_REPLY_V3_FOR_V2_TRUE='#' + SNMP_REPLY_V3_FOR_V2_FALSE= +fi +if test $SNMP_SUPPORT = Yes; then : + SNMP_SERVICE=snmpd.service else - CFLAGS="$CFLAGS -DETHERTYPE_IPV6=0x86dd" + SNMP_SERVICE= fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5 -$as_echo_n "checking for crypt in -lcrypt... " >&6; } -if ${ac_cv_lib_crypt_crypt+:} false; then : +DBUS_SUPPORT=No +DBUS_CREATE_INSTANCE=No +if test "$enable_dbus" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for g_bus_own_name in -lgio-2.0" >&5 +$as_echo_n "checking for g_bus_own_name in -lgio-2.0... " >&6; } +if ${ac_cv_lib_gio_2_0_g_bus_own_name+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-lcrypt $LIBS" +LIBS="-lgio-2.0 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -3779,139 +11608,182 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext #ifdef __cplusplus extern "C" #endif -char crypt (); +char g_bus_own_name (); int main () { -return crypt (); +return g_bus_own_name (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_crypt_crypt=yes + ac_cv_lib_gio_2_0_g_bus_own_name=yes else - ac_cv_lib_crypt_crypt=no + ac_cv_lib_gio_2_0_g_bus_own_name=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5 -$as_echo "$ac_cv_lib_crypt_crypt" >&6; } -if test "x$ac_cv_lib_crypt_crypt" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBCRYPT 1 -_ACEOF +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gio_2_0_g_bus_own_name" >&5 +$as_echo "$ac_cv_lib_gio_2_0_g_bus_own_name" >&6; } +if test "x$ac_cv_lib_gio_2_0_g_bus_own_name" = xyes; then : + + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I gio-2.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other gio-2.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" - LIBS="-lcrypt $LIBS" -else - as_fn_error $? "crypt() function is required" "$LINENO" 5 -fi + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires gio-2.0` + var=`$PKG_CONFIG --libs-only-l gio-2.0` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs gio-2.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + DBUS_SUPPORT=Yes + +$as_echo "#define _WITH_DBUS_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS DBUS" + + SAV_CFLAGS=$CFLAGS + CFLAGS="$($PKG_CONFIG --cflags gio-2.0)" + SAV_LIBS=$LIBS + LIBS="$($PKG_CONFIG --libs gio-2.0)" + if test "$cross_compiling" = yes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot determine if need to call g_type_init(). Assuming yes for safety." >&5 +$as_echo "$as_me: WARNING: Cannot determine if need to call g_type_init(). Assuming yes for safety." >&2;} + need_g_type_init=1 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for MD5_Init in -lcrypto" >&5 -$as_echo_n "checking for MD5_Init in -lcrypto... " >&6; } -if ${ac_cv_lib_crypto_MD5_Init+:} false; then : - $as_echo_n "(cached) " >&6 else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcrypto $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char MD5_Init (); + #include int main () { -return MD5_Init (); +return !g_thread_functions_for_glib_use.mutex_lock; ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_crypto_MD5_Init=yes +if ac_fn_c_try_run "$LINENO"; then : + need_g_type_init=0 else - ac_cv_lib_crypto_MD5_Init=no + need_g_type_init=1 fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_MD5_Init" >&5 -$as_echo "$ac_cv_lib_crypto_MD5_Init" >&6; } -if test "x$ac_cv_lib_crypto_MD5_Init" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBCRYPTO 1 -_ACEOF - LIBS="-lcrypto $LIBS" + if test $need_g_type_init -eq 1; then + +$as_echo "#define DBUS_NEED_G_TYPE_INIT 1 " >>confdefs.h + + fi + LIBS=$SAV_LIBS + CFLAGS=$SAV_CFLAGS + if test "$enable_dbus_create_instance" = yes; then + +$as_echo "#define _WITH_DBUS_CREATE_INSTANCE_ 1 " >>confdefs.h + + DBUS_CREATE_INSTANCE=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS DBUS_CREATE_INSTANCE" + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: DBus create instance functionality is dangerous - why do you want it?" >&5 +$as_echo "$as_me: WARNING: DBus create instance functionality is dangerous - why do you want it?" >&2;} + fi else - as_fn_error $? "OpenSSL libraries are required" "$LINENO" 5 + as_fn_error $? "DBUS support requested but libgio-2.0 not found." "$LINENO" 5 fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_new in -lssl" >&5 -$as_echo_n "checking for SSL_CTX_new in -lssl... " >&6; } -if ${ac_cv_lib_ssl_SSL_CTX_new+:} false; then : - $as_echo_n "(cached) " >&6 + unset LIBS +fi + if test $DBUS_SUPPORT = Yes; then + WITH_DBUS_TRUE= + WITH_DBUS_FALSE='#' else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lssl $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + WITH_DBUS_TRUE='#' + WITH_DBUS_FALSE= +fi -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char SSL_CTX_new (); -int -main () -{ -return SSL_CTX_new (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_ssl_SSL_CTX_new=yes + if test $DBUS_CREATE_INSTANCE = Yes; then + DBUS_CREATE_INSTANCE_TRUE= + DBUS_CREATE_INSTANCE_FALSE='#' else - ac_cv_lib_ssl_SSL_CTX_new=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS + DBUS_CREATE_INSTANCE_TRUE='#' + DBUS_CREATE_INSTANCE_FALSE= fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_CTX_new" >&5 -$as_echo "$ac_cv_lib_ssl_SSL_CTX_new" >&6; } -if test "x$ac_cv_lib_ssl_SSL_CTX_new" = xyes; then : + + +SHA1_SUPPORT=No +if test "${enable_sha1}" = yes; then + for ac_header in openssl/sha.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "openssl/sha.h" "ac_cv_header_openssl_sha_h" "$ac_includes_default" +if test "x$ac_cv_header_openssl_sha_h" = xyes; then : cat >>confdefs.h <<_ACEOF -#define HAVE_LIBSSL 1 +#define HAVE_OPENSSL_SHA_H 1 _ACEOF - LIBS="-lssl $LIBS" - else - as_fn_error $? "OpenSSL libraries are required" "$LINENO" 5 + as_fn_error $? "unable to find openssl/sha.h" "$LINENO" 5 fi +done -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_socket_alloc in -lnl-3" >&5 -$as_echo_n "checking for nl_socket_alloc in -lnl-3... " >&6; } -if ${ac_cv_lib_nl_3_nl_socket_alloc+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SHA1_Init in -lcrypto" >&5 +$as_echo_n "checking for SHA1_Init in -lcrypto... " >&6; } +if ${ac_cv_lib_crypto_SHA1_Init+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-lnl-3 $LIBS" +LIBS="-lcrypto $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -3921,35 +11793,45 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext #ifdef __cplusplus extern "C" #endif -char nl_socket_alloc (); +char SHA1_Init (); int main () { -return nl_socket_alloc (); +return SHA1_Init (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_nl_3_nl_socket_alloc=yes + ac_cv_lib_crypto_SHA1_Init=yes else - ac_cv_lib_nl_3_nl_socket_alloc=no + ac_cv_lib_crypto_SHA1_Init=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_3_nl_socket_alloc" >&5 -$as_echo "$ac_cv_lib_nl_3_nl_socket_alloc" >&6; } -if test "x$ac_cv_lib_nl_3_nl_socket_alloc" = xyes; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_SHA1_Init" >&5 +$as_echo "$ac_cv_lib_crypto_SHA1_Init" >&6; } +if test "x$ac_cv_lib_crypto_SHA1_Init" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBCRYPTO 1 +_ACEOF + + LIBS="-lcrypto $LIBS" + +else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for genl_connect in -lnl-genl-3" >&5 -$as_echo_n "checking for genl_connect in -lnl-genl-3... " >&6; } -if ${ac_cv_lib_nl_genl_3_genl_connect+:} false; then : + { ac_cv_lib_crypto_SHA1_Init=; unset ac_cv_lib_crypto_SHA1_Init;} + SAV_CFLAGS=$CFLAGS + CFLAGS="$CFLAGS -fpic" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SHA1_Init in -lcrypto" >&5 +$as_echo_n "checking for SHA1_Init in -lcrypto... " >&6; } +if ${ac_cv_lib_crypto_SHA1_Init+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-lnl-genl-3 $LIBS" +LIBS="-lcrypto $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -3959,293 +11841,265 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext #ifdef __cplusplus extern "C" #endif -char genl_connect (); +char SHA1_Init (); int main () { -return genl_connect (); +return SHA1_Init (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_nl_genl_3_genl_connect=yes + ac_cv_lib_crypto_SHA1_Init=yes else - ac_cv_lib_nl_genl_3_genl_connect=no + ac_cv_lib_crypto_SHA1_Init=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_genl_3_genl_connect" >&5 -$as_echo "$ac_cv_lib_nl_genl_3_genl_connect" >&6; } -if test "x$ac_cv_lib_nl_genl_3_genl_connect" = xyes; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_SHA1_Init" >&5 +$as_echo "$ac_cv_lib_crypto_SHA1_Init" >&6; } +if test "x$ac_cv_lib_crypto_SHA1_Init" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBCRYPTO 1 +_ACEOF - USE_NL="LIBIPVS_USE_NL" - CFLAGS="$CFLAGS $(pkg-config --cflags libnl-genl-3.0)" - LIBS="$LIBS $(pkg-config --libs libnl-genl-3.0)" + LIBS="-lcrypto $LIBS" else + as_fn_error $? "SHA1 in OpenSSL required" "$LINENO" 5 +fi - as_fn_error $? "libnl-3 is installed but not libnl-gen-3. Please, install libnl-gen-3." "$LINENO" 5 + CFLAGS=$SAV_CFLAGS + KA_CFLAGS="$KA_CFLAGS -fpic" fi + SHA1_SUPPORT=Yes -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_socket_modify_cb in -lnl" >&5 -$as_echo_n "checking for nl_socket_modify_cb in -lnl... " >&6; } -if ${ac_cv_lib_nl_nl_socket_modify_cb+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lnl $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ +$as_echo "#define _WITH_SHA1_ 1 " >>confdefs.h -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char nl_socket_modify_cb (); -int -main () -{ -return nl_socket_modify_cb (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_nl_nl_socket_modify_cb=yes -else - ac_cv_lib_nl_nl_socket_modify_cb=no fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS + if test $SHA1_SUPPORT = Yes; then + WITH_SHA1_TRUE= + WITH_SHA1_FALSE='#' +else + WITH_SHA1_TRUE='#' + WITH_SHA1_FALSE= fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_nl_socket_modify_cb" >&5 -$as_echo "$ac_cv_lib_nl_nl_socket_modify_cb" >&6; } -if test "x$ac_cv_lib_nl_nl_socket_modify_cb" = xyes; then : - USE_NL="LIBIPVS_USE_NL" - CFLAGS="$CFLAGS -DFALLBACK_LIBNL1" - LIBS="$LIBS $(pkg-config --libs libnl-1)" +unset LIBS +SO_MARK_SUPPORT=No +if test "${enable_fwmark}" != no; then + ac_fn_c_check_decl "$LINENO" "SO_MARK" "ac_cv_have_decl_SO_MARK" "#include +" +if test "x$ac_cv_have_decl_SO_MARK" = xyes; then : + ac_have_decl=1 else + ac_have_decl=0 +fi - USE_NL="LIBIPVS_DONTUSE_NL" - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: keepalived will be built without libnl support." >&5 -$as_echo "$as_me: WARNING: keepalived will be built without libnl support." >&2;} +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SO_MARK $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : -fi + SO_MARK_SUPPORT=Yes +$as_echo "#define _WITH_SO_MARK_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS SO_MARK" fi +fi -CPPFLAGS="$CPPFLAGS -I$kernelinc" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for kernel version" >&5 -$as_echo_n "checking for kernel version... " >&6; } -if test "$cross_compiling" = yes; then : +SAV_CFLAGS="$CFLAGS" +ac_fn_c_check_decl "$LINENO" "CLONE_NEWNET" "ac_cv_have_decl_CLONE_NEWNET" "#include +" +if test "x$ac_cv_have_decl_CLONE_NEWNET" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_CLONE_NEWNET $ac_have_decl +_ACEOF - LINUX_MAJOR="0" - LINUX_MINOR="0" - LINUX_PATCH="0" +for ac_func in setns +do : + ac_fn_c_check_func "$LINENO" "setns" "ac_cv_func_setns" +if test "x$ac_cv_func_setns" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SETNS 1 +_ACEOF -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ +fi +done - #include - #include - #include - #if !defined(UTS_RELEASE) && !defined(LINUX_VERSION_CODE) - #include - #endif - int main (void) { - FILE *fp = fopen ("linuxinfo", "w"); - if (!fp) return 1; - #if defined(UTS_RELEASE) - fprintf (fp, "%s\n", UTS_RELEASE); - #elif defined(LINUX_VERSION_CODE) - fprintf (fp, "%d.%d.%d\n", LINUX_VERSION_CODE >> 16, (LINUX_VERSION_CODE >> 8) & 0xFF, LINUX_VERSION_CODE & 0xFF); - #else - fprintf (fp, "0.0.0\n"); /* Let's fail gently */ - #endif - fclose (fp); - return 0; - } +if test $ac_cv_func_setns = no; then : + { ac_cv_func_setns=; unset ac_cv_func_setns;} + CFLAGS="$CFLAGS -fPIC" + for ac_func in setns +do : + ac_fn_c_check_func "$LINENO" "setns" "ac_cv_func_setns" +if test "x$ac_cv_func_setns" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SETNS 1 _ACEOF -if ac_fn_c_try_run "$LINENO"; then : - LINUX_MAJOR=`cat linuxinfo | cut -d'.' -f1` - LINUX_MINOR=`cat linuxinfo | cut -d'.' -f2` - LINUX_PATCH=`cat linuxinfo | cut -d'.' -f3` +fi +done + +fi +CFLAGS="$SAV_CFLAGS" + if test $ac_cv_have_decl_CLONE_NEWNET = yes; then + WITH_NAMESPACES_TRUE= + WITH_NAMESPACES_FALSE='#' else + WITH_NAMESPACES_TRUE='#' + WITH_NAMESPACES_FALSE= +fi - LINUX_MAJOR="0" - LINUX_MINOR="0" - LINUX_PATCH="0" -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext +ac_fn_c_check_decl "$LINENO" "SCHED_RR" "ac_cv_have_decl_SCHED_RR" "#include +" +if test "x$ac_cv_have_decl_SCHED_RR" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi - rm -f linuxinfo +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SCHED_RR $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : - if test "$kernelversion" = "2.4"; then - KERN="_KRNL_2_4_" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.4" >&5 -$as_echo "2.4" >&6; } - elif test "$kernelversion" = "2.6"; then - KERN="_KRNL_2_6_" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: 2.6" >&5 -$as_echo "2.6" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LINUX_MAJOR.$LINUX_MINOR.$LINUX_PATCH" >&5 -$as_echo "$LINUX_MAJOR.$LINUX_MINOR.$LINUX_PATCH" >&6; } - if test "$LINUX_MAJOR" = "2" && test "$LINUX_MINOR" = "6"; then - KERN="_KRNL_2_6_" - elif test "$LINUX_MAJOR" = "2" && test "$LINUX_MINOR" = "4"; then - KERN="_KRNL_2_4_" - else - KERN="_KRNL_2_6_" - fi - if test "$LINUX_MAJOR" = "0" -a "$LINUX_MINOR" = "0" -a "$LINUX_PATCH" = "0"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot determine Linux Kernel version." >&5 -$as_echo "$as_me: WARNING: Cannot determine Linux Kernel version." >&2;} - fi - fi + SCHED_RT_SUPPORT=Yes +$as_echo "#define _HAVE_SCHED_RT_ 1 " >>confdefs.h + SYSTEM_OPTIONS="$SYSTEM_OPTIONS SCHED_RT" -IPVS_SUPPORT="_WITHOUT_LVS_" -if test "$enable_lvs" != "no"; then - if test "$KERN" = "_KRNL_2_6_"; then - IPVS_SUPPORT="_WITH_LVS_" - else - ac_fn_c_check_header_mongrel "$LINENO" "net/ip_vs.h" "ac_cv_header_net_ip_vs_h" "$ac_includes_default" -if test "x$ac_cv_header_net_ip_vs_h" = xyes; then : - IPVS_SUPPORT="_WITH_LVS_" + ac_fn_c_check_decl "$LINENO" "RLIMIT_RTTIME" "ac_cv_have_decl_RLIMIT_RTTIME" "#include +" +if test "x$ac_cv_have_decl_RLIMIT_RTTIME" = xyes; then : + ac_have_decl=1 else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_RLIMIT_RTTIME $ac_have_decl +_ACEOF - IPVS_SUPPORT="_WITHOUT_LVS_" - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: keepalived will be built without LVS support." >&5 -$as_echo "$as_me: WARNING: keepalived will be built without LVS support." >&2;} + ac_fn_c_check_decl "$LINENO" "SCHED_RESET_ON_FORK" "ac_cv_have_decl_SCHED_RESET_ON_FORK" "#include +" +if test "x$ac_cv_have_decl_SCHED_RESET_ON_FORK" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SCHED_RESET_ON_FORK $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + SYSTEM_OPTIONS="$SYSTEM_OPTIONS SCHED_RESET_ON_FORK" +else - fi -fi +$as_echo "#define SCHED_RESET_ON_FORK 0 " >>confdefs.h -if test "$IPVS_SUPPORT" = "_WITHOUT_LVS_" -a "$enable_vrrp" = "no"; then - as_fn_error $? "keepalived MUST be compiled at least with LVS or VRRP framework" "$LINENO" 5 fi -IPVS_SYNCD="_WITHOUT_IPVS_SYNCD_" -if test "$IPVS_SUPPORT" = "_WITH_LVS_"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for IPVS syncd support" >&5 -$as_echo_n "checking for IPVS syncd support... " >&6; } - if test "$KERN" = "_KRNL_2_6_"; then - IPVS_SYNCD="_HAVE_IPVS_SYNCD_" - elif test "_KRNL_2_4_"; then - IPVS_SYNCD="_HAVE_IPVS_SYNCD_" - else - IPVS_SYNCD="_WITHOUT_IPVS_SYNCD_" - fi - if test "${IPVS_SUPPORT}" = "_WITHOUT_LVS_" -o "$enable_lvs_syncd" = "no"; then - IPVS_SYNCD="_WITHOUT_IPVS_SYNCD_" - fi +else + + SCHED_RT_SUPPORT=No - if test "$IPVS_SYNCD" = "_HAVE_IPVS_SYNCD_"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi fi +GNU_STD_PATHS=No +if test "${enable_gnu_std_paths}" = "yes"; then -VRRP_SUPPORT="_WITHOUT_VRRP_" -if test "$enable_vrrp" != "no"; then - VRRP_SUPPORT="_WITH_VRRP_" +$as_echo "#define GNU_STD_PATHS 1 " >>confdefs.h + + PID_DIR=$localstatedir +elif test $RUN_DIR_SPECIFIED = Y -a .${with_run_dir} != .no; then + PID_DIR=`echo ${with_run_dir} | sed -e "s:/run$::"` # Remove a trailing /run - somewill will include it sometime +elif test -d /run; then + PID_DIR= +else + PID_DIR=/var fi -CPPFLAGS="$CPPFLAGS -I$kernelinc" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for kernel macvlan support" >&5 -$as_echo_n "checking for kernel macvlan support... " >&6; } +cat >>confdefs.h <<_ACEOF +#define PID_DIR_ROOT "${PID_DIR}" +_ACEOF + + + +SAV_CFLAGS="$CFLAGS" +CFLAGS="-Wformat -Werror=format $SAV_CPPFLAGS $KA_CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - #include - #include - int macvlan; - -int -main () -{ + #include + #include + int + main(int argc, char **argv) + { + rlim_t val = 23U; + printf("%lu %d %p", val, argc, argv); - macvlan = IFLA_MACVLAN_MODE; - macvlan = MACVLAN_MODE_PRIVATE; + return 0; + } - ; - return 0; -} _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - MACVLAN_SUPPORT=yes +$as_echo "#define PRI_rlim_t \"lu\"" >>confdefs.h -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext; +else - if test "$MACVLAN_SUPPORT" = "yes"; then - VRRP_VMAC="_HAVE_VRRP_VMAC_" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - else - VRRP_VMAC="_WITHOUT_VRRP_VMAC_" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi +$as_echo "#define PRI_rlim_t \"llu\"" >>confdefs.h +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +CFLAGS="$SAV_CFLAGS" +if test -z "$SPHINXBUILD"; then + SPHINXBUILDNAME=sphinx-build +else + SPHINXBUILDNAME=${SPHINXBUILD} +fi -SNMP_SUPPORT="_WITHOUT_SNMP_" -if test "$enable_snmp" = "yes"; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}net-snmp-config", so it can be a program name with args. -set dummy ${ac_tool_prefix}net-snmp-config; ac_word=$2 +# Extract the first word of "$SPHINXBUILDNAME", so it can be a program name with args. +set dummy $SPHINXBUILDNAME; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_NETSNMP_CONFIG+:} false; then : +if ${ac_cv_prog_HAVE_SPHINX_BUILD+:} false; then : $as_echo_n "(cached) " >&6 else - case $NETSNMP_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_NETSNMP_CONFIG="$NETSNMP_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + if test -n "$HAVE_SPHINX_BUILD"; then + ac_cv_prog_HAVE_SPHINX_BUILD="$HAVE_SPHINX_BUILD" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_NETSNMP_CONFIG="$as_dir/$ac_word$ac_exec_ext" + ac_cv_prog_HAVE_SPHINX_BUILD="Yes" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi @@ -4253,532 +12107,557 @@ done done IFS=$as_save_IFS - ;; -esac + test -z "$ac_cv_prog_HAVE_SPHINX_BUILD" && ac_cv_prog_HAVE_SPHINX_BUILD="No" fi -NETSNMP_CONFIG=$ac_cv_path_NETSNMP_CONFIG -if test -n "$NETSNMP_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NETSNMP_CONFIG" >&5 -$as_echo "$NETSNMP_CONFIG" >&6; } +fi +HAVE_SPHINX_BUILD=$ac_cv_prog_HAVE_SPHINX_BUILD +if test -n "$HAVE_SPHINX_BUILD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $HAVE_SPHINX_BUILD" >&5 +$as_echo "$HAVE_SPHINX_BUILD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi -fi -if test -z "$ac_cv_path_NETSNMP_CONFIG"; then - ac_pt_NETSNMP_CONFIG=$NETSNMP_CONFIG - # Extract the first word of "net-snmp-config", so it can be a program name with args. -set dummy net-snmp-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_ac_pt_NETSNMP_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 + if test $HAVE_SPHINX_BUILD = Yes; then + BUILD_DOCS_TRUE= + BUILD_DOCS_FALSE='#' else - case $ac_pt_NETSNMP_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_ac_pt_NETSNMP_CONFIG="$ac_pt_NETSNMP_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_ac_pt_NETSNMP_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 + BUILD_DOCS_TRUE='#' + BUILD_DOCS_FALSE= +fi + + +MEM_CHECK=No +MEM_CHECK_LOG=No +if test "${enable_mem_check}" = "yes"; then + MEM_CHECK=Yes + +$as_echo "#define _MEM_CHECK_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS MEM_CHECK" + if test "${enable_mem_check_log}" = "yes"; then + MEM_CHECK_LOG=Yes + +$as_echo "#define _MEM_CHECK_LOG_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS MEM_CHECK_LOG" fi -done - done -IFS=$as_save_IFS +fi - ;; -esac +TIMER_CHECK=No +if test "${enable_timer_check}" = "yes"; then + TIMER_CHECK=Yes + +$as_echo "#define _TIMER_CHECK_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS TIMER_CHECK" fi -ac_pt_NETSNMP_CONFIG=$ac_cv_path_ac_pt_NETSNMP_CONFIG -if test -n "$ac_pt_NETSNMP_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_NETSNMP_CONFIG" >&5 -$as_echo "$ac_pt_NETSNMP_CONFIG" >&6; } + +if test "${enable_debug}" = yes; then + +$as_echo "#define _DEBUG_ 1 " >>confdefs.h + + ENABLE_DEBUG=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS DEBUG" else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + ENABLE_DEBUG=No +fi + if test $ENABLE_DEBUG = Yes; then + DEBUG_TRUE= + DEBUG_FALSE='#' +else + DEBUG_TRUE='#' + DEBUG_FALSE= fi - if test "x$ac_pt_NETSNMP_CONFIG" = x; then - NETSNMP_CONFIG="no" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - NETSNMP_CONFIG=$ac_pt_NETSNMP_CONFIG - fi + +if test "${enable_netlink_timers}" = yes; then + +$as_echo "#define _NETLINK_TIMERS_ 1 " >>confdefs.h + + ENABLE_NETLINK_TIMERS=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS NETLINK_TIMERS" else - NETSNMP_CONFIG="$ac_cv_path_NETSNMP_CONFIG" + ENABLE_NETLINK_TIMERS=No fi - if test x"$NETSNMP_CONFIG" = x"no"; then - as_fn_error $? "unable to find net-snmp-config" "$LINENO" 5 - fi - NETSNMP_LIBS=`${NETSNMP_CONFIG} --agent-libs` - #NETSNMP_CFLAGS="`${NETSNMP_CONFIG} --base-cflags`" - #CFLAGS="${NETSNMP_CFLAGS} $CFLAGS" - LIBS="${NETSNMP_LIBS} $LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler supports flag \"${NETSNMP_LIBS}\" from Net-SNMP" >&5 -$as_echo_n "checking whether C compiler supports flag \"${NETSNMP_LIBS}\" from Net-SNMP... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ +if test "${enable_smtp_alert_debug}" = yes; then -int main(void); +$as_echo "#define _SMTP_ALERT_DEBUG_ 1 " >>confdefs.h -int -main () -{ + ENABLE_SMTP_ALERT_DEBUG=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS SMTP_ALERT_DEBUG" + ENABLE_LOG_FILE_APPEND=Yes +else + ENABLE_SMTP_ALERT_DEBUG=No +fi -{ - return 0; -} +if test "${enable_stacktrace}" = yes; then - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } +$as_echo "#define _WITH_STACKTRACE_ 1 " >>confdefs.h + + ENABLE_STACKTRACE=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS STACKTRACE" + KA_LDFLAGS="$KA_LDFLAGS -rdynamic" else + ENABLE_STACKTRACE=No +fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - as_fn_error $? "incorrect CFLAGS from net-snmp-config" "$LINENO" 5 +if test "${enable_dump_threads}" = yes; then + +$as_echo "#define _WITH_DUMP_THREADS_ 1 " >>confdefs.h + + ENABLE_DUMP_THREADS=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS DUMP_THREADS" +else + ENABLE_DUMP_THREADS=No fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - # Do we have a usable header? - for ac_header in net-snmp/agent/util_funcs.h -do : - ac_fn_c_check_header_compile "$LINENO" "net-snmp/agent/util_funcs.h" "ac_cv_header_net_snmp_agent_util_funcs_h" " -#include -#include -#include -#include -#include +if test "${enable_epoll_debug}" = yes; then -" -if test "x$ac_cv_header_net_snmp_agent_util_funcs_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_NET_SNMP_AGENT_UTIL_FUNCS_H 1 -_ACEOF +$as_echo "#define _EPOLL_DEBUG_ 1 " >>confdefs.h + + ENABLE_EPOLL_DEBUG=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS EPOLL_DEBUG" +else + ENABLE_EPOLL_DEBUG=No +fi + +if test "${enable_epoll_thread_dump}" = yes; then + +$as_echo "#define _EPOLL_THREAD_DUMP_ 1 " >>confdefs.h + ENABLE_EPOLL_THREAD_DUMP=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS EPOLL_THREAD_DUMP" +else + ENABLE_EPOLL_THREAD_DUMP=No fi -done +if test $ENABLE_EPOLL_THREAD_DUMP = Yes -o $ENABLE_DUMP_THREADS = Yes -o $ENABLE_EPOLL_DEBUG = Yes; then + +$as_echo "#define THREAD_DUMP 1 " >>confdefs.h + +fi + +if test "${enable_tsm_debug}" = yes; then + +$as_echo "#define _TSM_DEBUG_ 1 " >>confdefs.h + + ENABLE_TSM_DEBUG=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS TSM_DEBUG" +else + ENABLE_TSM_DEBUG=No +fi + +if test "${enable_vrrp_fd_debug}" = yes; then + +$as_echo "#define _VRRP_FD_DEBUG_ 1 " >>confdefs.h + + ENABLE_VRRP_FD_DEBUG=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS VRRP_FD_DEBUG" +else + ENABLE_VRRP_FD_DEBUG=No +fi + +if test "${enable_network_timestamp}" = yes; then + +$as_echo "#define _NETWORK_TIMESTAMP_ 1 " >>confdefs.h + + ENABLE_NETWORK_TIMESTAMP=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS NETWORK_TIMESTAMP" +else + ENABLE_NETWORK_TIMESTAMP=No +fi + +if test "${enable_asserts}" = yes; then + +$as_echo "#define _ENABLE_ASSERT_ 1 " >>confdefs.h + + ENABLE_ASSERT=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS ASSERT" +else + ENABLE_ASSERT=No +fi + if test $ENABLE_ASSERT = Yes; then + ASSERTS_TRUE= + ASSERTS_FALSE='#' +else + ASSERTS_TRUE='#' + ASSERTS_FALSE= +fi + + +if test "${with_fixed_if_type}"; then + if test "${with_fixed_if_type}" = yes -o ${with_fixed_if_type} = no; then + as_fn_error $? "An interface type must be specified with --with-fixed-if-type" "$LINENO" 5 + fi + +cat >>confdefs.h <<_ACEOF +#define _FIXED_IF_TYPE_ "${with_fixed_if_type}" +_ACEOF + + FIXED_IF_TYPE=${with_fixed_if_type} + CONFIG_OPTIONS="$CONFIG_OPTIONS FIXED_IF_TYPE=${with_fixed_if_type}" +else + FIXED_IF_TYPE= +fi - SNMP_SUPPORT="_WITH_SNMP_" +WITH_PROFILING=No +if test "${enable_profile}" = yes; then + WITH_PROFILING=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS PROFILING" + KA_CFLAGS="$KA_CFLAGS -pg" +fi + if test $WITH_PROFILING = Yes; then + PROFILE_TRUE= + PROFILE_FALSE='#' +else + PROFILE_TRUE='#' + PROFILE_FALSE= fi +if test "${enable_perf}" = yes; then -SHA1_SUPPORT="_WITHOUT_SHA1_" -if test "${enable_sha1}" = "yes"; then - CFLAGS="$CFLAGS -DFEAT_SHA1" - for ac_header in openssl/sha.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "openssl/sha.h" "ac_cv_header_openssl_sha_h" "$ac_includes_default" -if test "x$ac_cv_header_openssl_sha_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_OPENSSL_SHA_H 1 -_ACEOF +$as_echo "#define _WITH_PERF_ 1 " >>confdefs.h + ENABLE_PERF=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS PERF" + KA_CFLAGS="$KA_CFLAGS -pg" else - as_fn_error $? "unable to find openssl/sha.h" "$LINENO" 5 + ENABLE_PERF=No fi -done +if test "${enable_log_file}" = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SHA1_Init in -lcrypto" >&5 -$as_echo_n "checking for SHA1_Init in -lcrypto... " >&6; } -if ${ac_cv_lib_crypto_SHA1_Init+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcrypto $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ +$as_echo "#define ENABLE_LOG_TO_FILE 1 " >>confdefs.h -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char SHA1_Init (); -int -main () -{ -return SHA1_Init (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_crypto_SHA1_Init=yes -else - ac_cv_lib_crypto_SHA1_Init=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS + ENABLE_LOG_FILE_APPEND=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS FILE_LOGGING" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_SHA1_Init" >&5 -$as_echo "$ac_cv_lib_crypto_SHA1_Init" >&6; } -if test "x$ac_cv_lib_crypto_SHA1_Init" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBCRYPTO 1 -_ACEOF - LIBS="-lcrypto $LIBS" +if test ${ENABLE_LOG_FILE_APPEND} = Yes; then -else - as_fn_error $? "SHA1 in OpenSSL required" "$LINENO" 5 -fi +$as_echo "#define ENABLE_LOG_FILE_APPEND 1 " >>confdefs.h - SHA1_SUPPORT="_WITH_SHA1_" + CONFIG_OPTIONS="$CONFIG_OPTIONS LOG_FILE_APPEND" fi +if test .$enable_eintr_debug = .yes; then : -if test "${enable_fwmark}" = "no"; then - SO_MARK_SUPPORT="_WITHOUT_SO_MARK_" -else - ac_fn_c_check_decl "$LINENO" "SO_MARK" "ac_cv_have_decl_SO_MARK" "#include +$as_echo "#define DEBUG_EINTR 1 " >>confdefs.h -" -if test "x$ac_cv_have_decl_SO_MARK" = xyes; then : + CONFIG_OPTIONS="$CONFIG_OPTIONS EINTR_DEBUG" else - as_fn_error $? "No SO_MARK declaration in headers" "$LINENO" 5 + + if test .$ac_cv_func_signalfd != .yes -o .$enable_eintr_debug = .check; then : + + +$as_echo "#define CHECK_EINTR 1 " >>confdefs.h + + if test .$ac_cv_func_signalfd = .yes; then : + CONFIG_OPTIONS="$CONFIG_OPTIONS EINTR_CHECK" fi - SO_MARK_SUPPORT="_WITH_SO_MARK_" fi +fi +if test .$enable_track_process_debug = .yes; then : -if test "${enable_debug}" = "yes"; then - DFLAGS="-D_DEBUG_" +$as_echo "#define _TRACK_PROCESS_DEBUG_ 1 " >>confdefs.h -fi + CONFIG_OPTIONS="$CONFIG_OPTIONS TRACK_PROCESS_DEBUG" -if test "${enable_profile}" = "yes"; then - CFLAGS="$CFLAGS -pg" fi +if test .$enable_parser_debug = .yes; then : +$as_echo "#define _PARSER_DEBUG_ 1 " >>confdefs.h + CONFIG_OPTIONS="$CONFIG_OPTIONS PARSER_DEBUG" +fi +if test .$enable_checksum_debug = .yes; then : -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 -$as_echo_n "checking for an ANSI C-conforming const... " >&6; } -if ${ac_cv_c_const+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -#ifndef __cplusplus - /* Ultrix mips cc rejects this sort of thing. */ - typedef int charset[2]; - const charset cs = { 0, 0 }; - /* SunOS 4.1.1 cc rejects this. */ - char const *const *pcpcc; - char **ppc; - /* NEC SVR4.0.2 mips cc rejects this. */ - struct point {int x, y;}; - static struct point const zero = {0,0}; - /* AIX XL C 1.02.0.0 rejects this. - It does not let you subtract one const X* pointer from another in - an arm of an if-expression whose if-part is not a constant - expression */ - const char *g = "string"; - pcpcc = &g + (g ? g-g : 0); - /* HPUX 7.0 cc rejects these. */ - ++pcpcc; - ppc = (char**) pcpcc; - pcpcc = (char const *const *) ppc; - { /* SCO 3.2v4 cc rejects this sort of thing. */ - char tx; - char *t = &tx; - char const *s = 0 ? (char *) 0 : (char const *) 0; +$as_echo "#define CHECKSUM_DIAGNOSTICS 1 " >>confdefs.h - *t++ = 0; - if (s) return 0; - } - { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ - int x[] = {25, 17}; - const int *foo = &x[0]; - ++foo; - } - { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ - typedef const int *iptr; - iptr p = 0; - ++p; - } - { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying - "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ - struct s { int j; const int *ap[3]; } bx; - struct s *b = &bx; b->j = 5; - } - { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ - const int foo = 10; - if (!foo) return 0; - } - return !cs[0] && !zero.x; -#endif + CONFIG_OPTIONS="$CONFIG_OPTIONS CHECKSUM_DEBUG" - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_c_const=yes -else - ac_cv_c_const=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 -$as_echo "$ac_cv_c_const" >&6; } -if test $ac_cv_c_const = no; then -$as_echo "#define const /**/" >>confdefs.h +if test .$enable_dump_keywords = .yes; then : + + +$as_echo "#define _DUMP_KEYWORDS_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS DUMP_KEYWORDS" fi -ac_fn_c_check_type "$LINENO" "pid_t" "ac_cv_type_pid_t" "$ac_includes_default" -if test "x$ac_cv_type_pid_t" = xyes; then : +if test ${NEED_LIBDL} = Yes; then + KA_LIBS="$KA_LIBS -ldl" +fi -else +echo " $KA_LIBS" | grep -qE -- " -l?pthread " +if test $? -eq 0 ;then -cat >>confdefs.h <<_ACEOF -#define pid_t int -_ACEOF +$as_echo "#define _WITH_PTHREADS_ 1 " >>confdefs.h fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5 -$as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; } -if ${ac_cv_header_time+:} false; then : +RPM_NO_BIP=1 +# Extract the first word of "rpm", so it can be a program name with args. +set dummy rpm; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_HAVE_RPM+:} false; then : $as_echo_n "(cached) " >&6 else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#include + if test -n "$HAVE_RPM"; then + ac_cv_prog_HAVE_RPM="$HAVE_RPM" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_HAVE_RPM="Yes" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS -int -main () -{ -if ((struct tm *) 0) -return 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_time=yes + test -z "$ac_cv_prog_HAVE_RPM" && ac_cv_prog_HAVE_RPM="No" +fi +fi +HAVE_RPM=$ac_cv_prog_HAVE_RPM +if test -n "$HAVE_RPM"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $HAVE_RPM" >&5 +$as_echo "$HAVE_RPM" >&6; } else - ac_cv_header_time=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + +if test $HAVE_RPM = Yes; then + # Extract the first word of "rpmbuild", so it can be a program name with args. +set dummy rpmbuild; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_HAVE_RPMBUILD+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$HAVE_RPMBUILD"; then + ac_cv_prog_HAVE_RPMBUILD="$HAVE_RPMBUILD" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_HAVE_RPMBUILD="Yes" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_prog_HAVE_RPMBUILD" && ac_cv_prog_HAVE_RPMBUILD="No" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5 -$as_echo "$ac_cv_header_time" >&6; } -if test $ac_cv_header_time = yes; then +fi +HAVE_RPMBUILD=$ac_cv_prog_HAVE_RPMBUILD +if test -n "$HAVE_RPMBUILD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $HAVE_RPMBUILD" >&5 +$as_echo "$HAVE_RPMBUILD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + -$as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h + RPM_SRC_DIR=`rpm --eval "%{_sourcedir}"` + if ! test -d $RPM_SRC_DIR; then + HAVE_RPMBUILD=No + fi + if test $HAVE_RPMBUILD = Yes; then + rpmbuild --help | grep -q -- --build-in-place + RPM_NO_BIP=$? + fi +fi + if test $HAVE_RPM = Yes; then + RPM_TRUE= + RPM_FALSE='#' +else + RPM_TRUE='#' + RPM_FALSE= +fi + if test $RPM_NO_BIP -eq 0; then + RPM_BIP_TRUE= + RPM_BIP_FALSE='#' +else + RPM_BIP_TRUE='#' + RPM_BIP_FALSE= fi -if test $ac_cv_c_compiler_gnu = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC needs -traditional" >&5 -$as_echo_n "checking whether $CC needs -traditional... " >&6; } -if ${ac_cv_prog_gcc_traditional+:} false; then : - $as_echo_n "(cached) " >&6 +INIT_TYPE= +if test -n "$init_type"; then : + INIT_TYPE=$init_type +elif test -n "$with_systemdsystemunitdir"; then : + INIT_TYPE=systemd else - ac_pattern="Autoconf.*'x'" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -Autoconf TIOCGETP -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "$ac_pattern" >/dev/null 2>&1; then : - ac_cv_prog_gcc_traditional=yes + + /sbin/init --version 2>/dev/null | grep -q upstart + if test $? -eq 0; then : + INIT_TYPE=upstart else - ac_cv_prog_gcc_traditional=no + + init_path=`which systemctl 2>/dev/null` + if test \( $? -eq 0 -a -x "$init_path" \); then : + + systemctl | grep -q -- "-\.mount" + if test $? -eq 0; then : + INIT_TYPE=systemd fi -rm -f conftest* +fi + if test \( -z "$INIT_TYPE" -a -f /etc/init.d/networking \); then : - if test $ac_cv_prog_gcc_traditional = no; then - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -Autoconf TCGETA -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "$ac_pattern" >/dev/null 2>&1; then : - ac_cv_prog_gcc_traditional=yes + init_path=`which openrc-run 2>/dev/null` + if test \( $? -eq 0 -a -x "$init_path" \); then : + + head -1 /etc/init.d/networking | grep -q "^#! */.*/openrc-run$" + if test $? -eq 0; then : + INIT_TYPE=openrc fi -rm -f conftest* - fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_gcc_traditional" >&5 -$as_echo "$ac_cv_prog_gcc_traditional" >&6; } - if test $ac_cv_prog_gcc_traditional = yes; then - CC="$CC -traditional" - fi + +fi + if test \( -z "$INIT_TYPE" -a -f /etc/init.d/cron -a ! -h /etc/init.d/cron \); then : + INIT_TYPE=SYSV fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working memcmp" >&5 -$as_echo_n "checking for working memcmp... " >&6; } -if ${ac_cv_func_memcmp_working+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "$cross_compiling" = yes; then : - ac_cv_func_memcmp_working=no -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$ac_includes_default -int -main () -{ +fi - /* Some versions of memcmp are not 8-bit clean. */ - char c0 = '\100', c1 = '\200', c2 = '\201'; - if (memcmp(&c0, &c2, 1) >= 0 || memcmp(&c1, &c2, 1) >= 0) - return 1; +fi +if test \( .$INIT_TYPE = .systemd -a -z "$with_systemdsystemunitdir" \); then : + with_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd) +fi - /* The Next x86 OpenStep bug shows up only when comparing 16 bytes - or more and with at least one buffer not starting on a 4-byte boundary. - William Lewis provided this test program. */ - { - char foo[21]; - char bar[21]; - int i; - for (i = 0; i < 4; i++) - { - char *a = foo + i; - char *b = bar + i; - strcpy (a, "--------01111111"); - strcpy (b, "--------10000000"); - if (memcmp (a, b, 16) >= 0) - return 1; - } - return 0; - } +if test $default_config_file; then : + + if test $default_config_file = yes -o $default_config_file = no; then : + as_fn_error $? "A filename must be specified for default-config-file" "$LINENO" 5 +fi + CONFIG_FILE=$default_config_file + CONFIG_OPTIONS="$CONFIG_OPTIONS DEFAULT_CONFIG_FILE=${default_config_file}" - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - ac_cv_func_memcmp_working=yes else - ac_cv_func_memcmp_working=no + default_config_file="/etc/$PACKAGE/$PACKAGE.conf" fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_CONFIG_FILE "$default_config_file" +_ACEOF + +DEFAULT_CONFIG_FILE=$default_config_file + + +if test -z "$INIT_TYPE"; then + INIT_TYPE=undetected +elif test $INIT_TYPE = systemd; then + systemdsystemunitdir=$with_systemdsystemunitdir + fi + if test $INIT_TYPE = upstart; then + INIT_UPSTART_TRUE= + INIT_UPSTART_FALSE='#' +else + INIT_UPSTART_TRUE='#' + INIT_UPSTART_FALSE= fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_memcmp_working" >&5 -$as_echo "$ac_cv_func_memcmp_working" >&6; } -test $ac_cv_func_memcmp_working = no && case " $LIBOBJS " in - *" memcmp.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS memcmp.$ac_objext" - ;; -esac + if test $INIT_TYPE = systemd; then + INIT_SYSTEMD_TRUE= + INIT_SYSTEMD_FALSE='#' +else + INIT_SYSTEMD_TRUE='#' + INIT_SYSTEMD_FALSE= +fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5 -$as_echo_n "checking return type of signal handlers... " >&6; } -if ${ac_cv_type_signal+:} false; then : - $as_echo_n "(cached) " >&6 + if test $INIT_TYPE = SYSV; then + INIT_SYSV_TRUE= + INIT_SYSV_FALSE='#' else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include + INIT_SYSV_TRUE='#' + INIT_SYSV_FALSE= +fi -int -main () -{ -return *(signal (0, 0)) (0) == 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_type_signal=int + if test $INIT_TYPE = openrc; then + INIT_OPENRC_TRUE= + INIT_OPENRC_FALSE='#' else - ac_cv_type_signal=void + INIT_OPENRC_TRUE='#' + INIT_OPENRC_FALSE= fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + if test $INIT_TYPE = SUSE; then + INIT_SUSE_TRUE= + INIT_SUSE_FALSE='#' +else + INIT_SUSE_TRUE='#' + INIT_SUSE_FALSE= fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_signal" >&5 -$as_echo "$ac_cv_type_signal" >&6; } + + cat >>confdefs.h <<_ACEOF -#define RETSIGTYPE $ac_cv_type_signal +#define CONFIGURATION_OPTIONS "$CONFIG_OPTIONS" _ACEOF -for ac_func in gettimeofday select socket strerror strtol uname -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +cat >>confdefs.h <<_ACEOF +#define SYSTEM_OPTIONS "$SYSTEM_OPTIONS" _ACEOF + +if test $NETLINK_VER -eq 0; then + NETLINK_VER=None fi -done +echo -OUTPUT_TARGET="$OUTPUT_TARGET keepalived/Makefile lib/Makefile" -if test "${VRRP_SUPPORT}" = "_WITH_VRRP_"; then - OUTPUT_TARGET="$OUTPUT_TARGET keepalived/vrrp/Makefile" -fi -if test "$IPVS_SUPPORT" = "_WITH_LVS_"; then - OUTPUT_TARGET="$OUTPUT_TARGET keepalived/check/Makefile" - if test "$KERN" = "_KRNL_2_6_"; then - OUTPUT_TARGET="$OUTPUT_TARGET keepalived/libipvs-2.6/Makefile" - elif test "$KERN" = "_KRNL_2_4_"; then - OUTPUT_TARGET="$OUTPUT_TARGET keepalived/libipvs-2.4/Makefile" - fi -fi -ac_config_files="$ac_config_files $OUTPUT_TARGET" +# Tidy up some strings +KA_CPPFLAGS=`echo $KA_CPPFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_CFLAGS=`echo $KA_CFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LDFLAGS=`echo $KA_LDFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LIBS=`echo $KA_LIBS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` + +# Tidy up some strings +KA_CPPFLAGS=`echo $KA_CPPFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_CFLAGS=`echo $KA_CFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LDFLAGS=`echo $KA_LDFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LIBS=`echo $KA_LIBS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -4870,43 +12749,7 @@ test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' -# Transform confdefs.h into DEFS. -# Protect against shell expansion while executing Makefile rules. -# Protect against Makefile macro expansion. -# -# If the first sed substitution is executed (which looks for macros that -# take arguments), then branch to the quote section. Otherwise, -# look for a macro that doesn't take arguments. -ac_script=' -:mline -/\\$/{ - N - s,\\\n,, - b mline -} -t clear -:clear -s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g -t quote -s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g -t quote -b any -:quote -s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g -s/\[/\\&/g -s/\]/\\&/g -s/\$/$$/g -H -:any -${ - g - s/^\n// - s/\n/ /g - p -} -' -DEFS=`sed -n "$ac_script" confdefs.h` - +DEFS=-DHAVE_CONFIG_H ac_libobjs= ac_ltlibobjs= @@ -4925,6 +12768,218 @@ LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5 +$as_echo_n "checking that generated files are newer than configure... " >&6; } + if test -n "$am_sleep_pid"; then + # Hide warnings about reused PIDs. + wait $am_sleep_pid 2>/dev/null + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5 +$as_echo "done" >&6; } + if test -n "$EXEEXT"; then + am__EXEEXT_TRUE= + am__EXEEXT_FALSE='#' +else + am__EXEEXT_TRUE='#' + am__EXEEXT_FALSE= +fi + +if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then + as_fn_error $? "conditional \"AMDEP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then + as_fn_error $? "conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_STRICT_CONFIG_CHECKS_TRUE}" && test -z "${WITH_STRICT_CONFIG_CHECKS_FALSE}"; then + as_fn_error $? "conditional \"WITH_STRICT_CONFIG_CHECKS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${BUILD_GENHASH_TRUE}" && test -z "${BUILD_GENHASH_FALSE}"; then + as_fn_error $? "conditional \"BUILD_GENHASH\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBNL1_TRUE}" && test -z "${LIBNL1_FALSE}"; then + as_fn_error $? "conditional \"LIBNL1\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBNL3_TRUE}" && test -z "${LIBNL3_FALSE}"; then + as_fn_error $? "conditional \"LIBNL3\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBNL_DYNAMIC_TRUE}" && test -z "${LIBNL_DYNAMIC_FALSE}"; then + as_fn_error $? "conditional \"LIBNL_DYNAMIC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBIPTC_TRUE}" && test -z "${LIBIPTC_FALSE}"; then + as_fn_error $? "conditional \"LIBIPTC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBIPSET_TRUE}" && test -z "${LIBIPSET_FALSE}"; then + as_fn_error $? "conditional \"LIBIPSET\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${IPTABLES_TRUE}" && test -z "${IPTABLES_FALSE}"; then + as_fn_error $? "conditional \"IPTABLES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${IPTABLES_CMD_TRUE}" && test -z "${IPTABLES_CMD_FALSE}"; then + as_fn_error $? "conditional \"IPTABLES_CMD\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBIPTC_DYNAMIC_TRUE}" && test -z "${LIBIPTC_DYNAMIC_FALSE}"; then + as_fn_error $? "conditional \"LIBIPTC_DYNAMIC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBIPSET_DYNAMIC_TRUE}" && test -z "${LIBIPSET_DYNAMIC_FALSE}"; then + as_fn_error $? "conditional \"LIBIPSET_DYNAMIC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${REQUIRE_IPTABLES_LIBS_TRUE}" && test -z "${REQUIRE_IPTABLES_LIBS_FALSE}"; then + as_fn_error $? "conditional \"REQUIRE_IPTABLES_LIBS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${NFTABLES_TRUE}" && test -z "${NFTABLES_FALSE}"; then + as_fn_error $? "conditional \"NFTABLES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${FIREWALL_TRUE}" && test -z "${FIREWALL_FALSE}"; then + as_fn_error $? "conditional \"FIREWALL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_IPVS_TRUE}" && test -z "${WITH_IPVS_FALSE}"; then + as_fn_error $? "conditional \"WITH_IPVS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_REGEX_TRUE}" && test -z "${WITH_REGEX_FALSE}"; then + as_fn_error $? "conditional \"WITH_REGEX\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_VRRP_TRUE}" && test -z "${WITH_VRRP_FALSE}"; then + as_fn_error $? "conditional \"WITH_VRRP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${VRRP_AUTH_TRUE}" && test -z "${VRRP_AUTH_FALSE}"; then + as_fn_error $? "conditional \"VRRP_AUTH\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${VMAC_TRUE}" && test -z "${VMAC_FALSE}"; then + as_fn_error $? "conditional \"VMAC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_JSON_TRUE}" && test -z "${WITH_JSON_FALSE}"; then + as_fn_error $? "conditional \"WITH_JSON\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_BFD_TRUE}" && test -z "${WITH_BFD_FALSE}"; then + as_fn_error $? "conditional \"WITH_BFD\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${CN_PROC_TRUE}" && test -z "${CN_PROC_FALSE}"; then + as_fn_error $? "conditional \"CN_PROC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${SOCK_NONBLOCK_TRUE}" && test -z "${SOCK_NONBLOCK_FALSE}"; then + as_fn_error $? "conditional \"SOCK_NONBLOCK\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${FIB_ROUTING_TRUE}" && test -z "${FIB_ROUTING_FALSE}"; then + as_fn_error $? "conditional \"FIB_ROUTING\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${SNMP_TRUE}" && test -z "${SNMP_FALSE}"; then + as_fn_error $? "conditional \"SNMP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${SNMP_KEEPALIVED_TRUE}" && test -z "${SNMP_KEEPALIVED_FALSE}"; then + as_fn_error $? "conditional \"SNMP_KEEPALIVED\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${SNMP_VRRP_TRUE}" && test -z "${SNMP_VRRP_FALSE}"; then + as_fn_error $? "conditional \"SNMP_VRRP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${SNMP_CHECKER_TRUE}" && test -z "${SNMP_CHECKER_FALSE}"; then + as_fn_error $? "conditional \"SNMP_CHECKER\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${SNMP_RFC_TRUE}" && test -z "${SNMP_RFC_FALSE}"; then + as_fn_error $? "conditional \"SNMP_RFC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${SNMP_RFCV2_TRUE}" && test -z "${SNMP_RFCV2_FALSE}"; then + as_fn_error $? "conditional \"SNMP_RFCV2\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${SNMP_RFCV3_TRUE}" && test -z "${SNMP_RFCV3_FALSE}"; then + as_fn_error $? "conditional \"SNMP_RFCV3\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${SNMP_REPLY_V3_FOR_V2_TRUE}" && test -z "${SNMP_REPLY_V3_FOR_V2_FALSE}"; then + as_fn_error $? "conditional \"SNMP_REPLY_V3_FOR_V2\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_DBUS_TRUE}" && test -z "${WITH_DBUS_FALSE}"; then + as_fn_error $? "conditional \"WITH_DBUS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${DBUS_CREATE_INSTANCE_TRUE}" && test -z "${DBUS_CREATE_INSTANCE_FALSE}"; then + as_fn_error $? "conditional \"DBUS_CREATE_INSTANCE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_SHA1_TRUE}" && test -z "${WITH_SHA1_FALSE}"; then + as_fn_error $? "conditional \"WITH_SHA1\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_NAMESPACES_TRUE}" && test -z "${WITH_NAMESPACES_FALSE}"; then + as_fn_error $? "conditional \"WITH_NAMESPACES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${BUILD_DOCS_TRUE}" && test -z "${BUILD_DOCS_FALSE}"; then + as_fn_error $? "conditional \"BUILD_DOCS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${DEBUG_TRUE}" && test -z "${DEBUG_FALSE}"; then + as_fn_error $? "conditional \"DEBUG\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ASSERTS_TRUE}" && test -z "${ASSERTS_FALSE}"; then + as_fn_error $? "conditional \"ASSERTS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${PROFILE_TRUE}" && test -z "${PROFILE_FALSE}"; then + as_fn_error $? "conditional \"PROFILE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${RPM_TRUE}" && test -z "${RPM_FALSE}"; then + as_fn_error $? "conditional \"RPM\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${RPM_BIP_TRUE}" && test -z "${RPM_BIP_FALSE}"; then + as_fn_error $? "conditional \"RPM_BIP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${INIT_UPSTART_TRUE}" && test -z "${INIT_UPSTART_FALSE}"; then + as_fn_error $? "conditional \"INIT_UPSTART\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${INIT_SYSTEMD_TRUE}" && test -z "${INIT_SYSTEMD_FALSE}"; then + as_fn_error $? "conditional \"INIT_SYSTEMD\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${INIT_SYSV_TRUE}" && test -z "${INIT_SYSV_FALSE}"; then + as_fn_error $? "conditional \"INIT_SYSV\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${INIT_OPENRC_TRUE}" && test -z "${INIT_OPENRC_FALSE}"; then + as_fn_error $? "conditional \"INIT_OPENRC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${INIT_SUSE_TRUE}" && test -z "${INIT_SUSE_FALSE}"; then + as_fn_error $? "conditional \"INIT_SUSE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 @@ -5322,7 +13377,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by $as_me, which was +This file was extended by Keepalived $as_me 2.0.19, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -5340,11 +13395,16 @@ case $ac_config_files in *" "*) set x $ac_config_files; shift; ac_config_files=$*;; esac +case $ac_config_headers in *" +"*) set x $ac_config_headers; shift; ac_config_headers=$*;; +esac cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # Files that config.status was made for. config_files="$ac_config_files" +config_headers="$ac_config_headers" +config_commands="$ac_config_commands" _ACEOF @@ -5365,17 +13425,26 @@ Usage: $0 [OPTION]... [TAG]... --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE Configuration files: $config_files -Report bugs to the package provider." +Configuration headers: +$config_headers + +Configuration commands: +$config_commands + +Report bugs to . +Keepalived home page: ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -config.status +Keepalived config.status 2.0.19 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -5386,6 +13455,8 @@ gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' INSTALL='$INSTALL' +MKDIR_P='$MKDIR_P' +AWK='$AWK' test -n "\$AWK" || AWK=awk _ACEOF @@ -5430,7 +13501,18 @@ do esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; - --he | --h | --help | --hel | -h ) + --header | --heade | --head | --hea ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append CONFIG_HEADERS " '$ac_optarg'" + ac_need_defaults=false;; + --he | --h) + # Conflict between --help and --header + as_fn_error $? "ambiguous option: \`$1' +Try \`$0 --help' for more information.";; + --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) @@ -5478,6 +13560,11 @@ _ASBOX _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# +# INIT-COMMANDS +# +AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" + _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 @@ -5486,7 +13573,25 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 for ac_config_target in $ac_config_targets do case $ac_config_target in - "$OUTPUT_TARGET") CONFIG_FILES="$CONFIG_FILES $OUTPUT_TARGET" ;; + "lib/config.h") CONFIG_HEADERS="$CONFIG_HEADERS lib/config.h" ;; + "lib/config_warnings.h") CONFIG_HEADERS="$CONFIG_HEADERS lib/config_warnings.h" ;; + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "keepalived/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/Makefile" ;; + "lib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/Makefile" ;; + "keepalived/core/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/core/Makefile" ;; + "keepalived.spec") CONFIG_FILES="$CONFIG_FILES keepalived.spec" ;; + "genhash/Makefile") CONFIG_FILES="$CONFIG_FILES genhash/Makefile" ;; + "keepalived/check/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/check/Makefile" ;; + "keepalived/vrrp/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/vrrp/Makefile" ;; + "keepalived/bfd/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/bfd/Makefile" ;; + "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; + "bin_install/Makefile") CONFIG_FILES="$CONFIG_FILES bin_install/Makefile" ;; + "keepalived/dbus/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/dbus/Makefile" ;; + "keepalived/etc/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/etc/Makefile" ;; + "keepalived/etc/init/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/etc/init/Makefile" ;; + "keepalived/etc/init.d/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/etc/init.d/Makefile" ;; + "doc/man/man8/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/man8/Makefile" ;; + "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac @@ -5499,6 +13604,8 @@ done # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers + test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands fi # Have a temporary directory for convenience. Make it in the build tree @@ -5686,8 +13793,116 @@ fi cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 fi # test -n "$CONFIG_FILES" +# Set up the scripts for CONFIG_HEADERS section. +# No need to generate them if there are no CONFIG_HEADERS. +# This happens for instance with `./config.status Makefile'. +if test -n "$CONFIG_HEADERS"; then +cat >"$ac_tmp/defines.awk" <<\_ACAWK || +BEGIN { +_ACEOF + +# Transform confdefs.h into an awk script `defines.awk', embedded as +# here-document in config.status, that substitutes the proper values into +# config.h.in to produce config.h. + +# Create a delimiter string that does not exist in confdefs.h, to ease +# handling of long lines. +ac_delim='%!_!# ' +for ac_last_try in false false :; do + ac_tt=`sed -n "/$ac_delim/p" confdefs.h` + if test -z "$ac_tt"; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done + +# For the awk script, D is an array of macro values keyed by name, +# likewise P contains macro parameters if any. Preserve backslash +# newline sequences. -eval set X " :F $CONFIG_FILES " +ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* +sed -n ' +s/.\{148\}/&'"$ac_delim"'/g +t rset +:rset +s/^[ ]*#[ ]*define[ ][ ]*/ / +t def +d +:def +s/\\$// +t bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3"/p +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p +d +:bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3\\\\\\n"\\/p +t cont +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p +t cont +d +:cont +n +s/.\{148\}/&'"$ac_delim"'/g +t clear +:clear +s/\\$// +t bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/"/p +d +:bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p +b cont +' >$CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + for (key in D) D_is_set[key] = 1 + FS = "" +} +/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { + line = \$ 0 + split(line, arg, " ") + if (arg[1] == "#") { + defundef = arg[2] + mac1 = arg[3] + } else { + defundef = substr(arg[1], 2) + mac1 = arg[2] + } + split(mac1, mac2, "(") #) + macro = mac2[1] + prefix = substr(line, 1, index(line, defundef) - 1) + if (D_is_set[macro]) { + # Preserve the white space surrounding the "#". + print prefix "define", macro P[macro] D[macro] + next + } else { + # Replace #undef with comments. This is necessary, for example, + # in the case of _POSIX_SOURCE, which is predefined and required + # on some systems where configure will not decide to define it. + if (defundef == "undef") { + print "/*", prefix defundef, macro, "*/" + next + } + } +} +{ print } +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 +fi # test -n "$CONFIG_HEADERS" + + +eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" shift for ac_tag do @@ -5825,6 +14040,11 @@ ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; esac + ac_MKDIR_P=$MKDIR_P + case $MKDIR_P in + [\\/$]* | ?:[\\/]* ) ;; + */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; + esac _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 @@ -5879,6 +14099,7 @@ s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t s&@INSTALL@&$ac_INSTALL&;t t +s&@MKDIR_P@&$ac_MKDIR_P&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ @@ -5900,11 +14121,167 @@ which seems to be undefined. Please make sure it is defined" >&2;} esac \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; + :H) + # + # CONFIG_HEADER + # + if test x"$ac_file" != x-; then + { + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" + } >"$ac_tmp/config.h" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then + { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 +$as_echo "$as_me: $ac_file is unchanged" >&6;} + else + rm -f "$ac_file" + mv "$ac_tmp/config.h" "$ac_file" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + fi + else + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ + || as_fn_error $? "could not create -" "$LINENO" 5 + fi +# Compute "$ac_file"'s index in $config_headers. +_am_arg="$ac_file" +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $_am_arg | $_am_arg:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" || +$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$_am_arg" : 'X\(//\)[^/]' \| \ + X"$_am_arg" : 'X\(//\)$' \| \ + X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$_am_arg" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'`/stamp-h$_am_stamp_count + ;; + :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 +$as_echo "$as_me: executing $ac_file commands" >&6;} + ;; + esac + case $ac_file$ac_mode in + "depfiles":C) test x"$AMDEP_TRUE" != x"" || { + # Older Autoconf quotes --file arguments for eval, but not when files + # are listed without --file. Let's play safe and only enable the eval + # if we detect the quoting. + case $CONFIG_FILES in + *\'*) eval set x "$CONFIG_FILES" ;; + *) set x $CONFIG_FILES ;; esac + shift + for mf + do + # Strip MF so we end up with the name of the file. + mf=`echo "$mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile or not. + # We used to match only the files named 'Makefile.in', but + # some people rename them; so instead we look at the file content. + # Grep'ing the first line is not enough: some people post-process + # each Makefile.in and add a new line on top of each file to say so. + # Grep'ing the whole file is not good either: AIX grep has a line + # limit of 2048, but all sed's we know have understand at least 4000. + if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then + dirpart=`$as_dirname -- "$mf" || +$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$mf" : 'X\(//\)[^/]' \| \ + X"$mf" : 'X\(//\)$' \| \ + X"$mf" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$mf" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + else + continue + fi + # Extract the definition of DEPDIR, am__include, and am__quote + # from the Makefile without running 'make'. + DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` + test -z "$DEPDIR" && continue + am__include=`sed -n 's/^am__include = //p' < "$mf"` + test -z "$am__include" && continue + am__quote=`sed -n 's/^am__quote = //p' < "$mf"` + # Find all dependency output files, they are included files with + # $(DEPDIR) in their names. We invoke sed twice because it is the + # simplest approach to changing $(DEPDIR) to its actual value in the + # expansion. + for file in `sed -n " + s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do + # Make sure the directory exists. + test -f "$dirpart/$file" && continue + fdir=`$as_dirname -- "$file" || +$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$file" : 'X\(//\)[^/]' \| \ + X"$file" : 'X\(//\)$' \| \ + X"$file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir=$dirpart/$fdir; as_fn_mkdir_p + # echo "creating $dirpart/$file" + echo '# dummy' > "$dirpart/$file" + done + done +} + ;; + esac done # for ac_tag @@ -5942,6 +14319,8 @@ $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi +# Restore lib/config_warnings.h.in +mv ${CONFIG_WARNINGS}.sav ${CONFIG_WARNINGS} cat < + +AC_DEFUN([add_to_var], [$1="$$1 $2"]) +AC_DEFUN([add_to_var_ind], [eval $1=\"\$$1 $2\"]) dnl " + +AC_DEFUN([add_to_var_ind_unique], + ADD_NEW= + [ eval var=\$$1 + for item in $2; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + add_to_var([ADD_NEW], [$item]) + fi + done + add_to_var_ind([$1], [$ADD_NEW]) + ]) + +AC_DEFUN([add_pkg_config], + [ if test -n "$2"; then + KA_PKG_PFX=$2 + else + KA_PKG_PFX=KA + fi + add_to_var_ind_unique([${KA_PKG_PFX}_CPPFLAGS], [`$PKG_CONFIG --cflags-only-I $1`]) + add_to_var_ind_unique([${KA_PKG_PFX}_CFLAGS], [`$PKG_CONFIG --cflags-only-other $1`]) + + if test .$3 = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires $1` + var=`$PKG_CONFIG --libs-only-l $1` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + add_to_var_ind_unique([${KA_PKG_PFX}_LIBS], [`$PKG_CONFIG --libs $1`]) + fi + ]) + +AC_DEFUN([add_pkg_config_without_libs], + [ if test -n "$2"; then + KA_PKG_PFX=$2 + else + KA_PKG_PFX=KA + fi + add_to_var_ind_unique([${KA_PKG_PFX}_CPPFLAGS], [$($PKG_CONFIG --cflags-only-I $1)]) + add_to_var_ind_unique([${KA_PKG_PFX}_CFLAGS], [$($PKG_CONFIG --cflags-only-other $1)]) + ]) + +AC_DEFUN([add_config_opt], [add_to_var([CONFIG_OPTIONS], [$1])]) + +AC_DEFUN([add_system_opt], [add_to_var([SYSTEM_OPTIONS], [$1])]) + +AC_DEFUN([get_lib_name], + [ + if test $LDD = :; then + AC_MSG_ERROR([ldd is required for dynamic run-time linking support]) + fi + + SAV_LIBS="$LIBS" + LIBS="$LIBS -l$1" + AC_LINK_IFELSE([AC_LANG_SOURCE([[ + extern void $2(void); + int main(void) + { + $2(); + return 0; + } + ]])], [ + LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep $1.so | sed -e "s/^[[ \t]]*//"` + LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` + ],[ + ]) + LIBS="$SAV_LIBS" + ]) + +# AS_VAR_COPY was introduced in autoconf 2.63b. +# Remove the following definition once require autoconf >= 2.64. +m4_ifndef([AS_VAR_COPY], +[m4_define([AS_VAR_COPY], +[AS_LITERAL_IF([$1[]$2], [$1=$$2], [eval $1=\$$2])])]) + +dnl ----[ Process this file with autoconf to produce a configure script ]---- +AC_PREREQ([2.63]) +AC_INIT([Keepalived], [2.0.19], [keepalived-users@groups.io], [], [http://www.keepalived.org/]) +AM_INIT_AUTOMAKE([-Wall -Werror -Woverride foreign]) + +AC_CONFIG_SRCDIR([keepalived/core/main.c]) + +AC_CONFIG_HEADERS([lib/config.h lib/config_warnings.h]) + +AH_TOP( + [ +#ifndef _CONFIG_H +#define _CONFIG_H + ]) +AH_BOTTOM( + [ +#include "config_warnings.h" + +#ifndef _GNU_SOURCE +#define _GNU_SOURCE +#endif + +#endif]) + +AC_CONFIG_FILES([Makefile keepalived/Makefile lib/Makefile keepalived/core/Makefile keepalived.spec \ + genhash/Makefile keepalived/check/Makefile keepalived/vrrp/Makefile \ + keepalived/bfd/Makefile doc/Makefile bin_install/Makefile keepalived/dbus/Makefile \ + keepalived/etc/Makefile keepalived/etc/init/Makefile keepalived/etc/init.d/Makefile \ + doc/man/man8/Makefile]) + + +MAINTAINERCLEANFILES="*~ *.orig *.rej core core.*" +AC_SUBST(MAINTAINERCLEANFILES) +CONFIG_OPTIONS= +SYSTEM_OPTIONS= + +AM_SILENT_RULES([yes]) + +PKG_PROG_PKG_CONFIG + +dnl ----[ Keepalived specific configure options ]---- +AC_ARG_ENABLE(lvs-syncd, + [AS_HELP_STRING([--disable-lvs-syncd], [do not use LVS synchronization daemon])]) +AC_ARG_ENABLE(lvs, + [AS_HELP_STRING([--disable-lvs], [do not use the LVS framework])]) +AC_ARG_ENABLE(lvs-64bit-stats, + [AS_HELP_STRING([--disable-lvs-64bit-stats], [do not use the LVS 64-bit stats])]) +AC_ARG_ENABLE(vrrp, + [AS_HELP_STRING([--disable-vrrp], [do not use the VRRP framework])]) +AC_ARG_ENABLE(bfd, + [AS_HELP_STRING([--enable-bfd], [use the BFD framework])]) +AC_ARG_WITH(kernel-dir, + [AS_HELP_STRING([--with-kernel-dir=DIR], [path to linux kernel source directory])], + [AS_HELP_STRING([kernel_src_path="$withval"],], [[kernel_src_path=""])]) +AC_ARG_ENABLE(fwmark, + [AS_HELP_STRING([--disable-fwmark], [compile without SO_MARK support])]) +AC_ARG_ENABLE(snmp, + [AS_HELP_STRING([--enable-snmp], [compile with SNMP support])]) +AC_ARG_ENABLE(snmp-vrrp, + [AS_HELP_STRING([--enable-snmp-vrrp], [compile with SNMP vrrp support])]) +AC_ARG_ENABLE(snmp-keepalived, + [AS_HELP_STRING([--enable-snmp-keepalived], [obsolete - use --enable-snmp-vrrp])]) +AC_ARG_ENABLE(snmp-checker, + [AS_HELP_STRING([--enable-snmp-checker], [compile with SNMP checker support])]) +AC_ARG_ENABLE(snmp-rfc, + [AS_HELP_STRING([--enable-snmp-rfc], [compile with SNMP RFC2787 (VRRPv2) and SNMP RFC6527 (VRRPv3) support])]) +AC_ARG_ENABLE(snmp-rfcv2, + [AS_HELP_STRING([--enable-snmp-rfcv2], [compile with SNMP RFC2787 (VRRPv2) support])]) +AC_ARG_ENABLE(snmp-rfcv3, + [AS_HELP_STRING([--enable-snmp-rfcv3], [compile with SNMP RFC6527 (VRRPv3) support])]) +AC_ARG_ENABLE(snmp-reply-v3-for-v2, + [AS_HELP_STRING([--disable-snmp-reply-v3-for-v2], [disable RFC6527 responses for VRRPv2 instances])]) +AC_ARG_ENABLE(dbus, + [AS_HELP_STRING([--enable-dbus], [compile with dbus support])]) +AC_ARG_ENABLE(dbus-create-instance, + [AS_HELP_STRING([--enable-dbus-create-instance], [compile with dbus support for creating instances])]) +AC_ARG_ENABLE(sha1, + [AS_HELP_STRING([--enable-sha1], [compile with SHA1 support])]) +AC_ARG_ENABLE(regex, + [AS_HELP_STRING([--enable-regex], [build with HTTP_GET regex checking])]) +AC_ARG_ENABLE(regex-timers, + [AS_HELP_STRING([--enable-regex-timers], [build with HTTP_GET regex timers])]) +AC_ARG_ENABLE(json, + [AS_HELP_STRING([--enable-json], [compile with signal to dump configuration and stats as json])]) +AC_ARG_WITH(init, + [AS_HELP_STRING([--with-init=(upstart|systemd|SYSV|SUSE|openrc)], [specify init type])], + [init_type="$withval"], [init_type=""]) +AC_ARG_ENABLE(vrrp-auth, + [AS_HELP_STRING([--disable-vrrp-auth], [compile without VRRP authentication])]) +AC_ARG_ENABLE(checksum_compat, + [AS_HELP_STRING([--disable-checksum-compat], [compile without v1.3.6 and earlier VRRPv3 unicast checksum compatibility])]) +AC_ARG_ENABLE(routes, + [AS_HELP_STRING([--disable-routes], [compile without ip rules/routes])]) +AC_ARG_ENABLE(linkbeat, + [AS_HELP_STRING([--disable-linkbeat], [build without linkbeat support])]) +AC_ARG_ENABLE(gnu-std-paths, + [AS_HELP_STRING([--enable-gnu-std-paths], [use GNU standard paths for pid files etc])]) +AC_ARG_ENABLE(dynamic-linking, + [AS_HELP_STRING([--enable-dynamic-linking], [compile with/without dynamically linked libiptc/libipset/libnl])]) +AC_ARG_ENABLE(iptables, + [AS_HELP_STRING([--disable-iptables], [compile without iptables support])], + [], [IPTABLES_SILENT=Yes]) +AC_ARG_ENABLE(libiptc-dynamic, + [AS_HELP_STRING([--enable-libiptc-dynamic], [compile with libiptc dynamically linked])]) +AC_ARG_ENABLE(libipset-dynamic, + [AS_HELP_STRING([--disable-libipset-dynamic], [compile with libipset statically linked])]) +AC_ARG_ENABLE(libnl-dynamic, + [AS_HELP_STRING([--enable-libnl-dynamic], [compile with libnl dynamically linked])]) +AC_ARG_ENABLE(libiptc, + [AS_HELP_STRING([--disable-libiptc], [compile without libiptc])]) +AC_ARG_ENABLE(libipset, + [AS_HELP_STRING([--disable-libipset], [compile without libipset])]) +AC_ARG_ENABLE(nftables, + [AS_HELP_STRING([--disable-nftables], [build without nftables support])], + [], [NFTABLES_SILENT=Yes]) +AC_ARG_ENABLE(libnl, + [AS_HELP_STRING([--disable-libnl], [compile without libnl])]) +AC_ARG_ENABLE(track-process, + [AS_HELP_STRING([--disable-track-process], [build without track-process functionality])]) +AC_ARG_WITH(run-dir, + [AS_HELP_STRING([--with-run-dir=PATH_TO_RUN], [specify directory where /run is located])], + [RUN_DIR_SPECIFIED=Y], [RUN_DIR_SPECIFIED=N]) +AC_ARG_ENABLE(strict-config-checks, + [AS_HELP_STRING([--enable-strict-config-checks], [build with strict configuration checking])]) +AC_ARG_ENABLE(hardening, + [AS_HELP_STRING([--disable-hardening], [do not build with security hardening])]) +AC_ARG_ENABLE(optimise, + [AS_HELP_STRING([--enable-optimise], [compiler optimisation level])], [], [enable_optimise=not-specified]) +AC_ARG_ENABLE(warnings, + [AS_HELP_STRING([--enable-warnings[[=WARNINGS]]], [additional compiler warnings, disable for reduced set])], [], [enable_warnings=yes]) +AC_ARG_ENABLE(extra-warnings, + [AS_HELP_STRING([--enable-extra-warnings], [extra compiler warnings that will probably produce many warnings])]) +AC_ARG_ENABLE(mem-check, + [AS_HELP_STRING([--enable-mem-check], [compile with memory alloc checking])]) +AC_ARG_ENABLE(mem-check-log, + [AS_HELP_STRING([--enable-mem-check-log], [compile with memory alloc checking writing to syslog])]) +AC_ARG_ENABLE(timer-check, + [AS_HELP_STRING([--enable-timer-check], [compile with set time logging])]) +AC_ARG_ENABLE(debug, + [AS_HELP_STRING([--enable-debug], [compile with debugging flags])]) +AC_ARG_ENABLE(netlink-timers, + [AS_HELP_STRING([--enable-netlink-timers], [compile with netlink command timers])]) +AC_ARG_ENABLE(smtp-alert-debug, + [AS_HELP_STRING([--enable-smtp-alert-debug], [compile with smtp-alert debugging])]) +AC_ARG_ENABLE(stacktrace, + [AS_HELP_STRING([--enable-stacktrace], [compile with stacktrace support])]) +AC_ARG_ENABLE(perf, + [AS_HELP_STRING([--enable-perf], [compile with perf performance data recording support for vrrp process])]) +AC_ARG_ENABLE(log-file, + [AS_HELP_STRING([--enable-log-file], [enable logging to file (-g)])]) +AC_ARG_ENABLE(dump-threads, + [AS_HELP_STRING([--enable-dump-threads], [compile with thread dumping support])]) +AC_ARG_ENABLE(epoll-debug, + [AS_HELP_STRING([--enable-epoll-debug], [compile with epoll_wait() debugging support])]) +AC_ARG_ENABLE(epoll-thread-dump, + [AS_HELP_STRING([--enable-epoll-thread-dump], [compile with epoll thread dumping support])]) +AC_ARG_ENABLE(regex-debug, + [AS_HELP_STRING([--enable-regex-debug], [compile with regex debugging support])]) +AC_ARG_ENABLE(tsm-debug, + [AS_HELP_STRING([--enable-tsm-debug], [compile with TSM debugging support])]) +AC_ARG_ENABLE(vrrp-fd-debug, + [AS_HELP_STRING([--enable-vrrp-fd-debug], [compile with vrrp fd debugging support])]) +AC_ARG_ENABLE(eintr-debug, + [AS_HELP_STRING([--enable-eintr-debug], [compile with EINTR debugging support, set to check/nocheck to check/not check for EINTR])]) +AC_ARG_ENABLE(track-process-debug, + [AS_HELP_STRING([--enable-track-process-debug], [compile with track process debugging support, set to log all process connector events])]) +AC_ARG_ENABLE(parser-debug, + [AS_HELP_STRING([--enable-parser-debug], [compile with parser debugging support])]) +AC_ARG_ENABLE(checksum-debug, + [AS_HELP_STRING([--enable-checksum-debug], [compile with checksum debugging support])]) +AC_ARG_ENABLE(dump-keywords, + [AS_HELP_STRING([--enable-dump-keywords], [compile with keyword dumping support])]) +AC_ARG_ENABLE(network-timestamp, + [AS_HELP_STRING([--enable-network-timestamp], [compile with network timestamp debugging support])]) +AC_ARG_ENABLE(asserts, + [AS_HELP_STRING([--enable-asserts], [compile with assert() enabled])]) +AC_ARG_WITH(fixed-if-type, + [AS_HELP_STRING([--with-fixed-if-type=TYPE], [treat interface type TYPE as unchangeable])]) +AC_ARG_WITH(default-config-file, + AS_HELP_STRING([--with-default-config-file=FILE], [Default configuration file]), + [default_config_file="$withval"], [default_config_file=""]) +AC_ARG_ENABLE(profile, + [AS_HELP_STRING([--enable-profile], [compile with profiling flags])]) +AC_ARG_ENABLE(conversion-checks, + [AS_HELP_STRING([--enable-conversion-checks], [compile with conversion warnings if sensible])]) +AC_ARG_ENABLE(force-conversion-checks, + [AS_HELP_STRING([--enable-force-conversion-checks], [compile with conversion warnings])]) +AC_ARG_ENABLE(Werror, + [AS_HELP_STRING([--enable-Werror], [compile with warnings being errors])]) + +AC_ARG_WITH([systemdsystemunitdir], + AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files])]) + +# Set the kernel headers path +if test -n "$kernel_src_path"; then + if test ! -d $kernel_src_path/include; then + AC_MSG_ERROR([kernel source path $kernel_src_path/include does not exist]) + fi + if test ! -d $kernel_src_path/include/linux; then + AC_MSG_ERROR([kernel source path $kernel_src_path/include does not appear to include linux header files]) + fi + if test -d $kernel_src_path/include/uapi/linux; then + AC_MSG_ERROR([kernel source path $kernel_src_path appears to be an unprocessed kernel source tree]) + fi + kernelinc="-isystem $kernel_src_path/include" +elif test ! -d /usr/include/linux -a \ + -d /usr/src/linux/include; then + kernelinc="-isystem /usr/src/linux/include" +else + kernelinc= +fi + +CPPFLAGS="$kernelinc $CPPFLAGS" + +# Checks for programs. +AC_PROG_CC +AC_PROG_MAKE_SET +AC_PROG_INSTALL +AC_PROG_RANLIB +AC_PROG_GREP +AC_PROG_LN_S +AC_PROG_SED +AC_CHECK_TOOL(STRIP,strip) +AC_CHECK_TOOL(LDD,ldd) + +m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) +ARFLAGS=cr +AC_SUBST(ARFLAGS) + +# Default settings +ENABLE_LOG_FILE_APPEND=No + +# AC_PROG_LIBTOOL + +# +# save the configure arguments +# +args=`echo $ac_configure_args | $SED -e "s/'//g"` +AC_DEFINE_UNQUOTED(KEEPALIVED_CONFIGURE_OPTIONS,"$args", [configure options specified]) + +# Save the CPPFLAGS, CFLAGS, LDFLAGS and LDLIBS settings for make time +KA_CPPFLAGS="$kernelinc -D_GNU_SOURCE $CPPFLAGS" +KA_CFLAGS="-g $CFLAGS" +KA_LDFLAGS=$LDFLAGS +KA_LIBS=$LDLIBS + +NEED_LIBDL=No +#KA_LIBTOOLFLAGS = + +# Set up the compiler warnings we want +dnl -- Unused warnings - traditional +MAX_FRAME_SIZE=5120 +WARNINGS_BASIC="all extra unused strict-prototypes" +WARNINGS_STD="absolute-value address-of-packed-member alloca alloc-zero array-bounds=2 attribute-alias bad-function-cast cast-align cast-qual chkp date-time disabled-optimization double-promotion duplicated-branches duplicated-cond float-conversion float-equal format-overflow format-security format-signedness format-truncation frame-larger-than=$MAX_FRAME_SIZE implicit-fallthrough=3 init-self inline jump-misses-init logical-op missing-declarations missing-field-initializers missing-prototypes nested-externs normalized null-dereference old-style-definition overlength-strings pointer-arith redundant-decls shadow shift-overflow=2 stack-protector strict-overflow=4 strict-prototypes stringop-overflow=2 suggest-attribute=cold suggest-attribute=const suggest-attribute=format suggest-attribute=malloc suggest-attribute=noreturn suggest-attribute=pure sync-nand trampolines undef uninitialized unknown-pragmas unsuffixed-float-constants unused-const-variable=2 unused-macros variadic-macros write-strings" +WARNINGS_EXTRA="aggregate-return cast-align= strict conversion format-nonliteral format-overflow=2 format-truncation=2 padded pedantic sign-conversion stack-usage=$MAX_FRAME_SIZE strict-overflow=5 stringop-overflow=3 stringop-overflow=4 switch-enum system-headers traditional-conversion" + +# We want _GNU_SOURCE defined always +add_to_var([CPPFLAGS], [-D_GNU_SOURCE]) + +# fpclassify() needs -lm +add_to_var([KA_LIBS], [-lm]) + +# Some sanity checks on configure options +AS_IF([test .$enable_vrrp = .no], + AS_IF([test .$IPTABLES_SILENT == .Yes], [enable_iptables=no]) + AS_IF([test .$NFTABLES_SILENT == .Yes], [enable_nftables=no]) + + AS_IF([test .$enable_perf != .], [AC_MSG_ERROR([enable-perf requires vrrp])]) + AS_IF([test $with_fixed_if_type], [AC_MSG_ERROR([with-fixed-if-type requires vrrp])]) + AS_IF([test .$enable_vrrp_fd_debug != .], [AC_MSG_ERROR([enable-vrrp-fd-debug requires vrrp])]) + AS_IF([test .$enable_tsm_debug != .], [AC_MSG_ERROR([enable-tsm-debug requires vrrp])]) + AS_IF([test .$enable_json != .], [AC_MSG_ERROR([enable-json requires vrrp])]) + AS_IF([test .$enable_snmp_vrrp != .], [AC_MSG_ERROR([enable-snmp-vrrp requires vrrp])]) + AS_IF([test .$enable_snmp_keepalived != .], [AC_MSG_ERROR([enable-snmp-keepalived requires vrrp])]) + AS_IF([test .$enable_snmp_rfc != .], [AC_MSG_ERROR([enable-snmp-rfc requires vrrp])]) + AS_IF([test .$enable_snmp_rfcv2 != .], [AC_MSG_ERROR([enable-snmp-rfcv2 requires vrrp])]) + AS_IF([test .$enable_snmp_rfcv3 != .], [AC_MSG_ERROR([enable-snmp-rfcv3 requires vrrp])]) + AS_IF([test .$enable_dbus != .], [AC_MSG_ERROR([enable-dbus requires vrrp])]) + AS_IF([test .$enable_vrrp_auth != .], [AC_MSG_ERROR([disable-vrrp-auth requires vrrp])]) + AS_IF([test .$enable_checksum_compat != .], [AC_MSG_ERROR([disable-checksum-compat requires vrrp])]) + AS_IF([test .$enable_routes != .], [AC_MSG_ERROR([disable-routes requires vrrp])]) + AS_IF([test .$enable_linkbeat != .], [AC_MSG_ERROR([disable-linkbeat requires vrrp])]) + AS_IF([test .$enable_bfd != .], [AC_MSG_ERROR([enable-bfd requires vrrp])]) + AS_IF([test .$enable_iptables != .no], [AC_MSG_ERROR([enable-iptables requires vrrp])]) + AS_IF([test .$enable_nftables != .no], [AC_MSG_ERROR([enable-nftables requires vrrp])]) + AS_IF([test .$enable_track_process != .], [AC_MSG_ERROR([enable-track-process requires vrrp])]) + AS_IF([test .$enable_network_timestamp != .], [AC_MSG_ERROR([enable-network_timestamp requires vrrp])]) + ) +AS_IF([test .$enable_iptables = .no], + AS_IF([test .$enable_libiptc != .], [AC_MSG_ERROR([disable-libiptc requires vrrp and iptables])]) + AS_IF([test .$enable_libipset != .], [AC_MSG_ERROR([disable-libipset requires vrrp and iptables])]) + ) +AS_IF([test .$enable_libiptc = .no], + AS_IF([test .$enable_libiptc_dynamic != .], [AC_MSG_ERROR([enable-libiptc-dynamic requires vrrp and libiptc])]) + AS_IF([test .$enable_libipset != .], [AC_MSG_ERROR([disable-libipset requires libiptc])]) + AS_IF([test .$enable_libipset_dynamic != .], [AC_MSG_ERROR([disable-libipset-dynamic requires libiptc])]) + ) +AS_IF([test .$enable_libipset = .no], + AS_IF([test .$enable_libipset_dynamic != .], [AC_MSG_ERROR([disable-libipset-dynamic requires ipsets])]) + ) +AS_IF([test .$enable_snmp_rfc != .yes -a .$enable_snmp_rfcv3 != yes], + AS_IF([test .$enable_snmp_reply_v3_for_v2 != .], [AC_MSG_ERROR([enable-snmp-reply-v3-for-v2 requires enable-snmp-rfcv3 or enable-snmp-rfc])]) + ) +AS_IF([test .$enable_dbus != .yes], + AS_IF([test .$enable_dbus_create_instance != .], [AC_MSG_ERROR([enable-dbus-create-instance requires enable-dbus])]) + ) +AS_IF([test .$enable_lvs = .no], + AS_IF([test .$enable_regex != .], [AC_MSG_ERROR([enable-regex requires lvs])]) + AS_IF([test .$enable_libnl != .], [AC_MSG_ERROR([disable-libnl requires lvs])]) + AS_IF([test .$enable_lvs_syncd != .], [AC_MSG_ERROR([disable-lvs-syncd requires lvs])]) + AS_IF([test .$enable_lvs_64bit_stats != .], [AC_MSG_ERROR([disable-lvs-64bit-stats requires lvs])]) + AS_IF([test .$enable_fwmark != .], [AC_MSG_ERROR([enable-fwmark requires lvs])]) + ) +AS_IF([test .$enable_lvs = .no], + AS_IF([test .$enable_libnl_dynamic != .], [AC_MSG_ERROR([enable-libnl-dynamic requires lvs and libnl])]) + ) +AS_IF([test .$enable_regex != .yes], + AS_IF([test .$enable_regex_timers != .], [AC_MSG_ERROR([enable-regex-timers requires enable-regex])]) + AS_IF([test .$enable_regex_debug != .], [AC_MSG_ERROR([enable-regex-debug requires enable-regex])]) + ) +AS_IF([test .$enable_track_process = .no], + AS_IF([test .$enable_track_process_debug != .], [AC_MSG_ERROR([enable-track-process-debug incompatible with disable-track-process])]) + ) + +dnl -- Check for diagnostic pragmas in functions - GCC 4.6.0 +AC_MSG_CHECKING([diagnostic pragmas in functions]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + int main(int argc, char**argv) + { +_Pragma("GCC diagnostic warning \"-Wall\"") + } + ]])], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([_HAVE_FUNCTION_DIAGNOSTIC_PRAGMAS_], [ 1 ], [Define to 1 if can have _Pragma GCC diagnostic in functions]) + ], + [ + AC_MSG_RESULT([no]) + ]) + +dnl -- Check for diagnostic push/pop pragmas - GCC 4.6.0 +AC_MSG_CHECKING([diagnostic push/pop pragmas]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + int main(int argc, char**argv) + { +_Pragma("GCC diagnostic push") + } + ]])], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([_HAVE_DIAGNOSTIC_PUSH_POP_PRAGMAS_], [ 1 ], [Define to 1 if can have _Pragma GCC diagnostic push/pop]) + ], + [ + AC_MSG_RESULT([no]) + ]) + +dnl - Set up warnings list +AS_IF([test ".$enable_warnings" = .no], + [WARNINGS_ENABLED=$WARNINGS_BASIC], + [AS_IF([test ".$enable_warnings" != .yes], + [WARN_LIST=`echo $enable_warnings | sed -e "s/-W//g"` + add_to_var([WARNINGS_ENABLED], ["$WARN_LIST"]) + ]) + ] + ) +AS_IF([test .$enable_extra_warnings = .yes], + [add_to_var([WARNINGS_ENABLED], ["$WARNINGS_EXTRA"])]) + +if test "$enable_conversion_checks" = yes; then + # Check if we can sensibly enable -Wconversion + AC_MSG_CHECKING([for usable -Wconversion]) + SAV_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -Wconversion -O2 -Wp,-D_FORTIFY_SOURCE=2 -Werror" + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #include + #include + #include + #include + #include + + #define VAL 255 + + static void + fun(uint8_t val) + { + } + + int main(int argc, char**argv) + { + fd_set set; + uint8_t val = 42; + unsigned u; + bool b; + size_t size = 17; + char c[2]; + char *c_ptr = c; + struct rtattr rta; + struct rtattr *rta_p = &rta; + + FD_SET(argc+1, &set); + + fun(argc == VAL ? VAL : val); + + // vrrp->lower_prio_no_advert = vrrp->strict_mode ? true : global_data->vrrp_lower_prio_no_advert; + u = u ? true : b; + + size = RTA_LENGTH(size); + c_ptr = RTA_DATA(c_ptr); + rta_p = RTA_NEXT(rta_p, size); + + val = (u < 256 ) ? u & 0xff : 0; + } + ]])], + [ + AC_MSG_RESULT([yes]) + add_to_var([WARNINGS_ENABLED], [conversion]) + ], + [ + AC_MSG_RESULT([no]) + AC_MSG_WARN([-Wconversion is not sensible with this compiler. Use --enable-force-conversion-checks to override.]) + ]) + CFLAGS="$SAV_CFLAGS" +elif test "$enable_force_conversion_checks" = yes; then + add_to_var([WARNINGS_ENABLED], [conversion]) +fi + +if test "$enable_Werror" = yes; then + add_to_var([WARNINGS_ENABLED], [error]) +fi + +CONFIG_WARNINGS=lib/config_warnings.h.in + +# Save (or restore) lib/config_warnings.h.in +AS_IF([test ! -f ${CONFIG_WARNINGS}.sav], + [cp -p ${CONFIG_WARNINGS} ${CONFIG_WARNINGS}.sav], + [cp -p ${CONFIG_WARNINGS}.sav ${CONFIG_WARNINGS}]) + +SAV_CFLAGS="$CFLAGS" +for WARN in $WARNINGS_ENABLED +do + AC_MSG_CHECKING([for -W$WARN]) + CFLAGS="$SAV_CFLAGS -W$WARN" + + WARN_VAR=_HAVE_WARNING_`echo $WARN | tr "a-z=-" "A-Z__"`_ + LOCAL_WARN_VAR=HAVE_WARNING_`echo $WARN | sed -e "s/=.*//" | tr "a-z-" "A-Z_"` + grep -q "^#undef $WARN_VAR$" $CONFIG_WARNINGS + AS_IF([test $? -ne 0], + [echo -e "\n/* Define to 1 if -W$WARN in use */\n#undef $WARN_VAR" >>$CONFIG_WARNINGS] + ) + + test `echo $WARN | grep "=[[0-9]][[0-9]]*$"` + AS_IF([test $? -eq 0], + [ WARN_SHORT=`echo $WARN | sed -e 's/=[[0-9]][[0-9]]*$//'` + WARN_VAR_SHORT=_HAVE_WARNING_`echo $WARN_SHORT | tr "a-z=-" "A-Z__"`_ + grep -q "^#undef $WARN_VAR_SHORT$" $CONFIG_WARNINGS + AS_IF([test $? -ne 0], + [echo -e "\n/* Define to 1 if -W$WARN_SHORT in use */\n#undef $WARN_VAR_SHORT" >>$CONFIG_WARNINGS] + ) + ], + [ unset WARN_VAR_SHORT ] + ) + + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + int main(int argc, char**argv) + { + } + ]])], + [ + # gcc 9 removed -Wchkp and doesn't error if it is specified, + # but rather outputs: + # warning: switch '-Wchkp' is no longer supported + # so check for the warning. + touch conftest.err + grep -q "is no longer supported" conftest.err + AS_IF([test $? -ne 0], + [ + AC_MSG_RESULT([yes]) + eval $LOCAL_WARN_VAR=yes + add_to_var([KA_CFLAGS], [-W$WARN]) + AC_DEFINE_UNQUOTED([$WARN_VAR], [ 1 ]) + AS_IF([test -z "$WARN_VAR_SHORT"], [], + [AC_DEFINE_UNQUOTED([$WARN_VAR_SHORT], [ 1 ])] + ) + ], + [ + AC_MSG_RESULT([no]) + eval $LOCAL_WARN_VAR=no + ]) + ], + [ + AC_MSG_RESULT([no]) + eval $LOCAL_WARN_VAR=no + ]) +done +AS_IF([test .$HAVE_WARNING_STRICT_OVERFLOW = .yes], + [ + # The following is not supported in gcc 5.4.0 + CFLAGS="$CFLAGS -Werror" + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + _Pragma("GCC diagnostic warning \"-Wstrict-overflow=1\"") + int main(int argc, char**argv) + { + } + ]])], + [AC_DEFINE([_HAVE_PRAGMA_WARN_STRICT_OVERFLOW_1_], [ 1 ], [Define to 1 if _Pragma("GCC diagnostic warning \"-Wstrict-overflow=1\"") supported]) + ]) + ] + ) +CFLAGS="$SAV_CFLAGS" + +dnl ---- [ Do we want stricter configuration checking? ] ---- +STRICT_CONFIG=No +if test "$enable_strict_config_checks" = yes; then + AC_DEFINE([_STRICT_CONFIG_], [ 1 ], [Define to 1 if want stricter configuration checking]) + STRICT_CONFIG=Yes + add_config_opt([STRICT_CONFIG]) +fi +AM_CONDITIONAL([WITH_STRICT_CONFIG_CHECKS], [test $STRICT_CONFIG = Yes]) + +if test "$enable_hardening" != no; then + AC_MSG_CHECKING([for PIE support]) + SAV_CFLAGS="$CFLAGS" + SAV_LDFLAGS="$LDFLAGS" + CFLAGS="$CFLAGS -fPIE" + LDFLAGS="$LDFLAGS -pie" + AC_LINK_IFELSE([AC_LANG_SOURCE([[ + int main(int argc, char **argv) + { + int i = 0; + } + ]])], + AC_MSG_RESULT([yes]) + add_to_var([KA_CFLAGS], [-fPIE]) + add_to_var([KA_LDFLAGS], [-pie]), + AC_MSG_RESULT([no])) + CFLAGS=$SAV_CFLAGS + LDFLAGS=$SAV_LDFLAGS + + for FLAG in \ + "-Wformat -Werror=format-security" \ + "-Wp,-D_FORTIFY_SOURCE=2" \ + "-fexceptions" \ + "-fstack-protector-strong" \ + "--param=ssp-buffer-size=4" \ + "-grecord-gcc-switches" + do + AC_MSG_CHECKING([for $FLAG support]) + CFLAGS="$CFLAGS $FLAG" + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE([[ ]])], + [AC_MSG_RESULT([yes])] + add_to_var([KA_CFLAGS], [$FLAG]), + [AC_MSG_RESULT([no])]) + CFLAGS=$SAV_CFLAGS + done + + WL_FLAGS= + for FLAG in \ + "-z,relro" \ + "-z,now" + do + AC_MSG_CHECKING([for -Wl,$FLAG support]) + LDFLAGS="$LDFLAGS -Wl,$FLAG" + AC_LINK_IFELSE( + [AC_LANG_SOURCE([[ + int main(int argc, char **argv) + { + int i = 0; + } + ]])], + [ + AC_MSG_RESULT([yes]) + WL_FLAGS="$WL_FLAGS -Wl,$FLAG" + ], + [AC_MSG_RESULT([no])] + ) + CFLAGS=$SAV_CFLAGS + LDFLAGS=$SAV_LDFLAGS + done + if test -n "$WL_FLAGS"; then + add_to_var([KA_LDFLAGS], [$WL_FLAGS]) + fi +fi + +# enable-optimise +AS_IF([test "$enable_optimise" = yes -o "$enable_optimise" = not-specified], [optimise_level=2], [optimise_level=$enable_optimise]) +AS_IF([test "$enable_optimise" = no], [optimise_level=0]) +AS_IF([test "$optimise_level" -eq 0], + [ + echo $KA_CFLAGS | $GREP -q -- "-D_FORTIFY_SOURCE=[[^0]]" + AS_IF([test $? -eq 0], [AC_MSG_WARN([--disable-optimise requires --disable-hardening])]) + ]) +FLAG="-O$optimise_level" +AC_MSG_CHECKING([for $FLAG support]) +SAV_CFLAGS=$CFLAGS +CFLAGS="$CFLAGS $FLAG" +AC_COMPILE_IFELSE( + [AC_LANG_SOURCE([[ ]])], + [AC_MSG_RESULT([yes])] + add_to_var([KA_CFLAGS], [$FLAG]), + [ + AC_MSG_RESULT([no]) + AS_IF([test "$enable_optimise" != not-specified], [AC_MSG_ERROR([Invalid optimisation level specified])]) + ]) +CFLAGS=$SAV_CFLAGS + +AC_SUBST(KA_CPPFLAGS) +AC_SUBST(KA_CFLAGS) +AC_SUBST(KA_LDFLAGS) +AC_SUBST(KA_LIBS) +# AC_SUBST(KA_LIBTOOLFLAGS) + +# Check if unaligned memory access is supported (for ARM not supported prior to ARMv6 processors) +AC_MSG_CHECKING([for unaligned memory access]) +AC_RUN_IFELSE( + [ + AC_LANG_PROGRAM( + [[ + #include + #include + + #if __BYTE_ORDER == __BIG_ENDIAN + #if ULONG_MAX == 0xffffffffffffffffUL + #define CHK_VAL 0x1234567890abcdefUL + #elif ULONG_MAX == 0xffffffffUL + #define CHK_VAL 0x12345678UL + #else + #define CHK_VAL 0x1234UL + #endif + #elif __BYTE_ORDER == __LITTLE_ENDIAN + #if ULONG_MAX == 0xffffffffffffffffUL + #define CHK_VAL 0xefcdab9078563412UL + #elif ULONG_MAX == 0xffffffffUL + #define CHK_VAL 0x78563412UL + #else + #define CHK_VAL 0x3412UL + #endif + #else + #error Neither big nor little endian - unsupported + #endif + ]], + [[ + unsigned long arr[2] = { 0, 0 }; + unsigned char *p = (unsigned char *)arr + 1; + unsigned i; + + *(unsigned long *)p = CHK_VAL; + + return !!(arr[0] == CHK_VAL || p[0] != 0x12 || p[1] != 0x34 || p[2] != 0x56); + ]] + ) + ], + [AC_MSG_RESULT([yes])], + [ + AC_MSG_RESULT([no]) + AC_DEFINE([_NO_UNALIGNED_ACCESS_], [ 1 ], [Define to 1 if unaligned memory access not supported]) + ], + [ + AC_MSG_RESULT([unknown]) + AC_MSG_WARN([Cannot determine if unaligned access supported. Assuming yes.]) + ] + ) + +# Checks for libraries. +dnl clock_gettime() required -lt before glibc 2.17 +AC_MSG_CHECKING([for clock_gettime() requires -lrt]) +AC_LINK_IFELSE([AC_LANG_SOURCE([[ + #include + int main(int argc, char **argv) + { + int i; + struct timespec ts; + + i = clock_gettime(CLOCK_MONOTONIC, &ts); + } + ]])], + [AC_MSG_RESULT([no])], + [ + SAV_LIBS="$LIBS" + LIBS="$LIBS -lrt" + AC_LINK_IFELSE([AC_LANG_SOURCE([[ + #include + int main(int argc, char **argv) + { + int i; + struct timespec ts; + + i = clock_gettime(CLOCK_MONOTONIC, &ts); + } + ]])], + [AC_MSG_RESULT([yes])] + add_to_var([KA_LIBS], [-lrt]), + [AC_MSG_ERROR([clock_gettime() not supported])]) + LIBS=$SAV_LIBS + ]) + +# Checks for header files. +AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stdint.h stdlib.h string.h sys/ioctl.h sys/param.h sys/prctl.h sys/socket.h sys/time.h syslog.h unistd.h], + [], [AC_MSG_ERROR([Missing/unusable system header file <$ac_header>])]) + +# check for kernel headers +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +dnl -- needed until Linux 3.1 +dnl -- using AC_CHECK_HEADER causes a horrible error message for the user +NETLINK_EXTRA_INCLUDE= +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + ]])], [], + [AC_CHECK_HEADER([linux/netlink.h], + [ + AC_DEFINE([NETLINK_H_NEEDS_SYS_SOCKET_H], [ 1 ], [Define to 1 if needs ]) + NETLINK_EXTRA_INCLUDE="#include " + ], [AC_MSG_ERROR([Missing/unusable kernel header file ])], + [[#include ]])]) + +dnl -- needed until ? Linux 3.1 +dnl -- using AC_CHECK_HEADER causes a horrible error message for the user +RTNETLINK_EXTRA_INCLUDE= +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + ]])], [], + [AC_CHECK_HEADER([linux/rtnetlink.h], + [ + AC_DEFINE([RTNETLINK_H_NEEDS_SYS_SOCKET_H], [ 1 ], [Define to 1 if needs ]) + RTNETLINK_EXTRA_INCLUDE="#include " + ], [AC_MSG_ERROR([Missing/unusable kernel header file ])], + [[#include ]])]) + +AC_CHECK_HEADERS([asm/types.h linux/ethtool.h linux/icmpv6.h linux/if_ether.h linux/if_packet.h linux/ip.h linux/sockios.h linux/types.h], + [], [AC_MSG_ERROR([Missing/unusable kernel header file <$ac_header>])]) +AC_CHECK_HEADERS([linux/fib_rules.h linux/if_addr.h linux/if_link.h], + [], [AC_MSG_ERROR([Missing/unusable kernel header file <$ac_header>])], + [[$NETLINK_EXTRA_INCLUDE]]) +AC_CHECK_HEADERS([linux/if_arp.h], + [], [AC_MSG_ERROR([Missing/unusable <$ac_header>])], + [[#include ]]) +CPPFLAGS="$SAV_CPPFLAGS" + +# Checks for typedefs, structures, and compiler characteristics. +AC_HEADER_STDBOOL +AC_C_INLINE +AC_TYPE_INT64_T +AC_TYPE_PID_T +AC_TYPE_SIZE_T +AC_TYPE_UINT16_T +AC_TYPE_UINT32_T +AC_TYPE_UINT64_T +AC_TYPE_UINT8_T +AC_C_CONST + +# Checks for library functions. +AC_FUNC_FORK +AC_FUNC_MALLOC +AC_FUNC_REALLOC +AC_CHECK_FUNCS([dup2 getcwd gettimeofday memmove memset select setenv socket strcasecmp strchr strdup strerror strpbrk strstr strtol strtoul uname]) +dnl - pipe2() since Linux 2.6.27 and glibc 2.9. +AC_CHECK_FUNCS([pipe2], [add_system_opt([PIPE2])]) +dnl - signalfd() since Linux 2.6.22 and glibc 2.8 +AC_CHECK_FUNCS([signalfd], [add_system_opt([SIGNALFD])]) +dnl - inotify_init1() since Linux 2.6.27 +AC_CHECK_FUNCS([inotify_init1], [add_system_opt([INOTIFY_INIT1])]) +dnl - vsyslog() Not defined by Posix, but available in glibc and musl +AC_CHECK_FUNCS([vsyslog], [add_system_opt([VSYSLOG])]) +dnl - epoll_create1() since Linux 2.6.27 and glibc 2.9 +AC_CHECK_FUNCS([epoll_create1], [add_system_opt([EPOLL_CREATE1])]) + +# glibc uses unsigned int as 3rd parameter to __assert_fail(), musl uses int. +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #include + + void __assert_fail(const char * a, const char *b, unsigned int l, const char *c) + { + exit(a[0] + b[0] + c[0] + l == 0); + } + ]])], + [LINE_type="unsigned int"], [LINE_type="int"]) +AC_DEFINE_UNQUOTED([LINE_type], [ $LINE_type ], [The type of parameter __line passed to __assert_fail()]) + +dnl Check if libc supports __always_inline +dnl See glibc sys/cdefs.h definition of __always_inline and comment +SAV_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -Wattributes -Werror" +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + static __always_inline int + test_func(int val) + { + return val; + } + + int + main(int argc, char **argv) + { + int val = test_func(3); + return val; + } + ]])], + [], + [AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + static __inline __attribute__ ((__always_inline__)) int + test_func(int val) + { + return val; + } + + int + main(int argc, char **argv) + { + int val = test_func(3); + return val; + } + ]])], + [AC_DEFINE([__always_inline], [__inline __attribute__ ((__always_inline__))], [Define __always_inline if libc does not define it])], + [AC_DEFINE([__always_inline], [inline], [Define __always_inline if libc does not define it])] + )]) +CFLAGS="$SAV_CFLAGS" + +dnl - Do we want to override dynamic/static linking? +AS_IF([test "$enable_dynamic_linking"], + [ + AS_IF([test .$enable_vrrp != .no], + [ + enable_libiptc_dynamic=$enable_dynamic_linking + enable_libipset_dynamic=$enable_dynamic_linking + ]) + AS_IF([test .$enable_lvs != .no], + [ + enable_libnl_dynamic=$enable_dynamic_linking + ]) + ]) + +# check for missing definition - added in glibc 2.8 +AC_CHECK_DECLS([ETHERTYPE_IPV6], [], + [ + AC_DEFINE([ETHERTYPE_IPV6], [0x86dd], [Defined here if not found in .]) + ], + [[#include ]]) + +BUILD_GENHASH=Yes +dnl ----[ Checks for openssl ]---- +# check for openssl headers +NEED_MD5=no +NEED_SSL=no +if test "$enable_vrrp" != no -a \ + "$enable_vrrp_auth" != no; then + NEED_MD5=yes +fi +if test "$enable_lvs" != no; then + NEED_MD5=yes + NEED_SSL=yes +fi +AC_CHECK_HEADERS([openssl/ssl.h openssl/err.h], [], + [ + if test $NEED_SSL = yes; then + AC_MSG_ERROR([ + !!! OpenSSL is not properly installed on your system. !!! + !!! Can not include OpenSSL headers files. !!!]) + fi + BUILD_GENHASH=No + NEED_SSL=no + break + ]) +AC_CHECK_HEADERS([openssl/md5.h], [], + [ + if test $NEED_MD5 = yes; then + AC_MSG_ERROR([ + !!! OpenSSL is not properly installed on your system. !!! + !!! Can not include OpenSSL MD5 headers files. !!!]) + fi + BUILD_GENHASH=No + NEED_MD5=no + break + ]) +unset LIBS + +$PKG_CONFIG --exists openssl +if test $? -eq 0; then + add_pkg_config([openssl], [OPENSSL]) +else + OPENSSL_LIBS="-lssl -lcrypto" +fi + +EXTRA_LIBS=`echo $OPENSSL_LIBS | sed -e "s/-lcrypto//"` +AC_CHECK_LIB(crypto, MD5_Init, [], + [ + if test $NEED_MD5 = yes; then + AC_MSG_ERROR([OpenSSL MD5 libraries are required]) + fi + BUILD_GENHASH=No + ], [$EXTRA_LIBS]) +if test $NEED_MD5 = yes; then + add_to_var([KA_LIBS], [$LIBS]) +fi +add_to_var([GENHASH_LIBS], [$LIBS]) +unset LIBS + +EXTRA_LIBS=`echo $OPENSSL_LIBS | sed -e "s/-lssl//"` +AC_CHECK_LIB(ssl, SSL_CTX_new, [], + [ + if test $NEED_SSL = yes; then + AC_MSG_ERROR([OpenSSL libraries are required]) + fi + BUILD_GENHASH=No + ], [$EXTRA_LIBS]) +if test $NEED_SSL = yes; then + add_to_var([KA_LIBS], [$LIBS]) +fi +add_to_var([GENHASH_LIBS], [$LIBS]) +unset LIBS + +# Introduced in OpenSSL ver 0.9.9 +LIBS=$OPENSSL_LIBS +AC_MSG_CHECKING([SSL_set_tlsext_host_name() - may be a definition]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + int main(void) + { + request_t req; + SSL_set_tlsext_host_name(req.ssl, "SSL"); + } + ]])], [ + AC_MSG_RESULT([no]) + ], [ + AC_MSG_RESULT([yes]) + AC_DEFINE([_HAVE_SSL_SET_TLSEXT_HOST_NAME_], [ 1 ], [Define to 1 if have SSL_set_tlsext_host_name()]) +]) + +# SSL_CTX_set_verify_depth() introduced OpenSSL v0.9.5a +AC_CHECK_FUNCS([SSL_CTX_set_verify_depth]) + +# SSL_set0_rbio(), SSL_set0_wbio() OPENSSL_init_crypto() and TLS_method() introduced OpenSSL v1.1.0 +AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto TLS_method]) + +# In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with +# OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b. +AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes], + [ + AS_IF([test .$ac_cv_func_TLS_method = .yes], [method_func=TLS_method], [method_func=SSLv23_method]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM( + [[#include ]], + [[ + const SSL_METHOD *meth; + SSL_CTX *ctx; + + if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)) + return 1; + + /* Initialize SSL context */ + meth = $method_func(); + if (!(ctx = SSL_CTX_new(meth))) + return 1; + return 0; + ]])], + [openssl_init_no_load_bug=0], + [openssl_init_no_load_bug=1], + [ + AC_MSG_WARN([Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety.]) + openssl_init_no_load_bug=1 + ] + ) + AS_IF([test $openssl_init_no_load_bug -eq 1], + [AC_DEFINE([HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG], [ 1 ], [Define to 1 if OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG) bug)])]) + ]) +unset LIBS + +if test $BUILD_GENHASH = No; then + AC_MSG_NOTICE([Unable to build genhash due to missing openssl headers/libraries]) + GENHASH_LIBS= +fi +AC_SUBST([GENHASH_LIBS]) +AM_CONDITIONAL([BUILD_GENHASH], [test $BUILD_GENHASH = Yes]) + +dnl ----[ Check for IPv4 devconf netlink support ]---- +IPV4_DEVCONF=No +if test .$enable_vrrp != .no; then + dnl ----[Check have IPV4_DEVCONF defines - since Linux 3.11]---- + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPP_FLAGS $kernelinc" + IPV4_DEVCONF=Yes + AC_CHECK_DECLS([ + IPV4_DEVCONF_ARP_IGNORE, + IPV4_DEVCONF_ACCEPT_LOCAL, + IPV4_DEVCONF_RP_FILTER, + IPV4_DEVCONF_ARPFILTER], + [], + [ + IPV4_DEVCONF=No + break + ], + [[#include ]]) + if test $IPV4_DEVCONF = Yes; then + AC_DEFINE([_HAVE_IPV4_DEVCONF_], [ 1 ], [Define to 1 if have IPv4 netlink device configuration]) + add_system_opt([IPV4_DEVCONF]) + fi + AC_CHECK_HEADERS([linux/rtnetlink.h], [], [AC_MSG_ERROR([Unusable linux/rtnetlink.h])], [$RTNETLINK_EXTRA_INCLUDE]) + CPPFLAGS="$SAV_CPPFLAGS" +fi + +dnl ----[ Check for IPv6 Advanced API (RFC3542) - since Linux 2.6.14 ]---- +IPV6_ADVANCED_API=No +AC_CHECK_DECLS([ + IPV6_RECVHOPLIMIT, + IPV6_RECVPKTINFO], + [IPV6_ADVANCED_API=Yes], + [], + [[#include ]]) +AS_IF([test $IPV6_ADVANCED_API = Yes], [add_system_opt([IPV6_ADVANCED_API])]) + +dnl ----[ Checks for libraries ]---- +NETLINK_VER=0 +IPVS_USE_NL=No +if test .$enable_lvs != .no -a .${enable_libnl} != .no; then + $PKG_CONFIG --exists libnl-3.0 + if test $? -eq 0; then + add_pkg_config([libnl-3.0], [NL3], [remove-requires]) + AC_CHECK_LIB($NL3_LIB_NAMES, nl_socket_alloc, + [ + NETLINK_VER=3 + NEED_NL3=No + + add_pkg_config([libnl-genl-3.0], [GENL], [remove-requires]) + AC_CHECK_LIB($GENL_LIB_NAMES, genl_connect, [], + [AC_MSG_ERROR([libnl-3 is installed but not libnl-gen-3. Please, install libnl-gen-3/libnl-genl-3.])]) + IPVS_USE_NL=Yes + if test .$enable_libnl_dynamic = .yes; then + add_pkg_config_without_libs([libnl-genl-3.0]) + get_lib_name([$GENL_LIB_NAMES], [genl_connect]) + AC_DEFINE_UNQUOTED([NL3_GENL_LIB_NAME], [ "$LIB_NAME" ], [Define the nl-genl-3.0 library name]) + else + add_pkg_config([libnl-genl-3.0]) + fi + NEED_NL3=Yes + + if test $NEED_NL3 = Yes; then + AC_DEFINE([_HAVE_LIBNL3_], [ 1 ], [Define to 1 if using libnl-3]) + add_system_opt([LIBNL3]) + if test .$enable_libnl_dynamic = .yes; then + add_system_opt([LIBNL_DYNAMIC]) + add_pkg_config_without_libs([libnl-3.0]) + AC_DEFINE([_LIBNL_DYNAMIC_], [ 1 ], [Define to 1 if building with libnl dynamic linking]) + NEED_LIBDL=Yes + get_lib_name([$NL3_LIB_NAMES], [nl_socket_alloc]) + AC_DEFINE_UNQUOTED([NL3_LIB_NAME], [ "$LIB_NAME" ], [Define the nl-3 library name]) + else + add_pkg_config([libnl-3.0]) + fi + fi + ], []) + fi + + if test $NETLINK_VER -eq 0; then + AC_CHECK_LIB(nl, nl_socket_modify_cb, + [ + IPVS_USE_NL=Yes + NETLINK_VER=1 + AC_DEFINE([_HAVE_LIBNL1_], [ 1 ], [Define to 1 if using libnl-1]) + add_system_opt([LIBNL1]) + if test .$enable_libnl_dynamic = .yes; then + add_pkg_config_without_libs([libnl-1]) + add_config_opt([LIBNL_DYNAMIC]) + AC_DEFINE([_LIBNL_DYNAMIC_], [ 1 ], [Define to 1 if building with libnl dynamic linking]) + NEED_LIBDL=Yes + get_lib_name([nl], [nl_socket_modify_cb]) + AC_DEFINE_UNQUOTED([NL_LIB_NAME], [ "$LIB_NAME" ], [Define the nl library name]) + else + add_pkg_config([libnl-1]) + fi + ], + [AC_MSG_WARN([keepalived will be built without libnl support.]) + ]) + fi + + if test $NETLINK_VER -ne 0; then + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$SAV_CPPFLAGS $NL3_CPPFLAGS" + AC_CHECK_HEADERS([netlink/netlink.h], [], [AC_MSG_ERROR([netlink headers missing])]) + AC_CHECK_HEADERS([netlink/genl/ctrl.h netlink/genl/genl.h], [], [AC_MSG_ERROR([netlink genl headers missing])]) + CPPFLAGS="$SAV_CPPFLAGS" + fi +fi +AM_CONDITIONAL([LIBNL1], [test $NETLINK_VER -eq 1]) +AM_CONDITIONAL([LIBNL3], [test $NETLINK_VER -eq 3]) +AM_CONDITIONAL([LIBNL_DYNAMIC], [test .$enable_lvs != .no -a .$enable_libnl_dynamic = .yes -a $NETLINK_VER -ne 0]) +unset LIBS + +AC_CHECK_LIB(magic, magic_open, + [ + AC_DEFINE([_HAVE_LIBMAGIC_], [ 1 ], [Define to 1 if have magic library]) + add_to_var([KA_LIBS], [-lmagic]) + ]) +unset LIBS + +dnl -- Check for the following variables introduced at various times into Linux +dnl --FRA_OIFNAME dnl -- Linux 2.6.33 +dnl --RTAX_QUICKACK dnl -- Linux 3.11 +dnl --FRA_SUPPRESS_PREFIXLEN dnl -- Linux 3.12 +dnl --FRA_SUPPRESS_IFGROUP dnl -- Linux 3.12 +dnl --RTAX_CC_ALGO dnl -- Linux 4.0 +dnl --RTA_VIA dnl -- Linux 4.1 +dnl --RTA_NEWDST dnl -- Linux 4.1 +dnl --RTA_PREF dnl -- Linux 4.1 +dnl --FRA_TUN_ID dnl -- Linux 4.3 +dnl --RTA_ENCAP dnl -- Linux 4.3 +dnl --RTEXT_FILTER_SKIP_STATS dnl -- Linux 4.4 +dnl --RTA_EXPIRES dnl -- Linux 4.5 +dnl --FRA_L3MDEV dnl -- Linux 4.8 +dnl --FRA_UID_RANGE dnl -- Linux 4.10 +dnl --RTAX_FASTOPEN_NO_COOKIE dnl -- Linux 4.15 +dnl --FRA_PROTOCOL dnl -- Linux 4.17 +dnl --FRA_IP_PROTO dnl -- Linux 4.17 +dnl --FRA_SPORT_RANGE dnl -- Linux 4.17 +dnl --FRA_DPORT_RANGE dnl -- Linux 4.17 +dnl --RTA_TTL_PROPAGATE dnl -- Linux 4.12 +AC_CHECK_DECLS([RTA_ENCAP, RTA_EXPIRES, RTA_NEWDST, RTA_PREF, FRA_SUPPRESS_PREFIXLEN, FRA_SUPPRESS_IFGROUP, FRA_TUN_ID, RTAX_CC_ALGO, RTAX_QUICKACK, RTEXT_FILTER_SKIP_STATS, FRA_L3MDEV, FRA_UID_RANGE, RTAX_FASTOPEN_NO_COOKIE, RTA_VIA, FRA_OIFNAME, FRA_PROTOCOL, FRA_IP_PROTO, FRA_SPORT_RANGE, FRA_DPORT_RANGE, RTA_TTL_PROPAGATE], [], [], + [[$RTNETLINK_EXTRA_INCLUDES + #include + #include + #include ]]) +for flag in RTA_ENCAP RTA_EXPIRES RTA_NEWDST RTA_PREF FRA_SUPPRESS_PREFIXLEN FRA_SUPPRESS_IFGROUP FRA_TUN_ID RTAX_CC_ALGO RTAX_QUICKACK RTEXT_FILTER_SKIP_STATS FRA_L3MDEV FRA_UID_RANGE RTAX_FASTOPEN_NO_COOKIE RTA_VIA FRA_OIFNAME FRA_PROTOCOL FRA_IP_PROTO FRA_SPORT_RANGE FRA_DPORT_RANGE RTA_TTL_PROPAGATE; do + AS_VAR_COPY([decl_var], [ac_cv_have_decl_$flag]) + if test ${decl_var} = yes; then + add_system_opt[${flag}] + fi +done + +dnl - Introduced in Linux 3.14 +AC_CHECK_DECLS([IFA_FLAGS], [], [], [[#include ]]) +for flag in IFA_FLAGS; do + AS_VAR_COPY([decl_var], [ac_cv_have_decl_$flag]) + if test ${decl_var} = yes; then + add_system_opt[${flag}] + fi +done + +dnl - Introduced in Linux 2.6.31, but not until glibc 2.17 +AC_CHECK_DECLS([IP_MULTICAST_ALL], + [ + add_system_opt[IP_MULTICAST_ALL] + # Check if definition is in netinet/in.h, since we can't include linux/in.h + # due to conflicting definitions + AC_LINK_IFELSE( + [ + AC_LANG_SOURCE( + [[ + #include + int main(int argc, char **argv) + { + int i = IP_MULTICAST_ALL; + } + ]]) + ], + [], + [ + # No - netinet/in.h doesn't have IP_MULTICAST_ALL + # Build a program that will output the value of the kernel's IP_MULTICAST_ALL + AC_LINK_IFELSE( + [ + AC_LANG_SOURCE( + [[ + #include + #include + #include + int main(int argc, char **argv) + { + printf("%d\n", IP_MULTICAST_ALL); + } + ]]) + ], + [ + # Create local definition of IP_MULTICAST_ALL + IMA=$(./conftest$EXEEXT) + AC_DEFINE_UNQUOTED([IP_MULTICAST_ALL], [ $IMA ], [Defined to value in if not in ]) + ]) + ] + ) + ], + [], + [[ + #include + #include + ]]) + +dnl -- RedHat backported ENCAP_IP and ENCAP_IP6 without MPLS and ILA +AS_IF([test $ac_cv_have_decl_RTA_ENCAP = yes], + [ + AC_CHECK_DECLS([LWTUNNEL_ENCAP_MPLS, LWTUNNEL_ENCAP_ILA], [], [], + [[#include ]]) + for flag in LWTUNNEL_ENCAP_MPLS LWTUNNEL_ENCAP_ILA; do + AS_VAR_COPY([decl_var], [ac_cv_have_decl_$flag]) + if test ${decl_var} = yes; then + add_system_opt([${flag}]) + fi + done + ]) + +dnl ----[Check for iptables libraries]---- +USE_IPTABLES=No +USE_LIBIPTC=No +USE_LIBIPSET=No +AS_IF([test .$enable_iptables != .no], + [ + USE_IPTABLES=Yes + AC_DEFINE([_WITH_IPTABLES_], [ 1 ], [Define to 1 if want iptables support]) + if test .${enable_libiptc} = .no; then + add_config_opt([IPTABLES_CMD]) + else + USE_LIBIPTC=Yes + dnl -- linux/netfilter/x_tables.h since Linux 2.6.16 + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + AC_CHECK_HEADERS([linux/netfilter/x_tables.h libiptc/libip6tc.h libiptc/libiptc.h libiptc/libxtc.h], [], + [ + USE_LIBIPTC=No + break + ]) + CPPFLAGS="$SAV_CPPFLAGS" + + if test $USE_LIBIPTC = Yes; then + add_pkg_config([--static libiptc], [IPTC]) + LIBS="$IPTC_LIBS" + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + AC_CHECK_LIB(iptc, iptc_init, + [ + AC_DEFINE([_HAVE_LIBIPTC_], [ 1 ], [Define to 1 if have iptables libraries]) + add_system_opt([LIBIPTC]) + if test .${enable_libiptc_dynamic} != .yes; then + add_pkg_config([--static libiptc]) + add_config_opt([LIBIPTC]) + dnl - Older versions of libiptc produced a requirement for -liptc, but we don't need it + KA_LIBS=`echo $KA_LIBS | sed -e "s/ -liptc//"` + dnl - Even older versions of libiptc don't produce any requirement other than -liptc + IPTC_LIBS=`echo $IPTC_LIBS | sed -e "s/ *-L[[^ ]]* */ /" -e "s/ *-liptc */ /" -e "s/^ *$//"` + if test ".$IPTC_LIBS" = .; then + KA_LIBS=`echo $KA_LIBS -lip4tc -lip6tc` + fi + else + add_pkg_config_without_libs([libiptc]) + add_config_opt([LIBIPTC_DYNAMIC]) + AC_DEFINE([_LIBIPTC_DYNAMIC_], [ 1 ], [Define to 1 if building with libiptc dynamic linking]) + NEED_LIBDL=Yes + get_lib_name([ip4tc], [iptc_init]) + AC_DEFINE_UNQUOTED([IP4TC_LIB_NAME], [ "$LIB_NAME" ], [Define the ip4tc library name]) + get_lib_name([ip6tc], [ip6tc_init]) + AC_DEFINE_UNQUOTED([IP6TC_LIB_NAME], [ "$LIB_NAME" ], [Define the ip6tc library name]) + LIBIPTC_DYNAMIC=Yes + fi + ], + [USE_LIBIPTC=No]) + CPPFLAGS="$SAV_CPPFLAGS" + fi + + if test $USE_LIBIPTC = Yes; then + dnl ----[Check for ipset libraries]---- + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + if test "${enable_libipset}" != no; then + $PKG_CONFIG --exists libipset + if test $? -eq 0; then + add_pkg_config([libipset], [IPSET]) + else + IPSET_LIBS="-lipset" + fi + SAV_LIBS=$LIBS + LIBS="$IPTC_LIBS $IPSET_LIBS" + + AC_CHECK_LIB(ipset, ipset_session_init, + [ + USE_LIBIPSET=Yes + AC_CHECK_HEADERS([libipset/data.h libipset/linux_ip_set.h libipset/session.h libipset/types.h], [], + [ + USE_LIBIPSET=No + break + ]) + + if test $USE_LIBIPSET = Yes; then + dnl -- Need to use for prior to Linux 3.4 + EXTRA_INCLUDE= + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + ]])], + [AC_CHECK_HEADERS([linux/netfilter/xt_set.h], [], [USE_LIBIPSET=No], [])], + [AC_CHECK_HEADER([linux/netfilter/xt_set.h], + [ + AC_DEFINE([USE_LIBIPSET_LINUX_IP_SET_H], [ 1 ], [Define to 1 if needs ]) + EXTRA_INCLUDE="#include " + ], [USE_LIBIPSET=No], + [[#include ]]) + ] + ) + fi + + if test $USE_LIBIPSET = Yes; then + AC_DEFINE([_HAVE_LIBIPSET_], [ 1 ], [Define to 1 if have ipset library]) + $PKG_CONFIG --exists libipset + if test $? -eq 0; then + if test .${enable_libipset_dynamic} = .no; then + add_pkg_config([libipset]) + else + add_pkg_config_without_libs([libipset]) + fi + elif test .${enable_libipset_dynamic} = .no; then + add_to_var([KA_LIBS], [-lipset]) + fi + if test .${enable_libipset_dynamic} != .no; then + AC_DEFINE([_LIBIPSET_DYNAMIC_], [ 1 ], [Define to 1 if building with libipset dynamic linking]) + add_config_opt([LIBIPSET_DYNAMIC]) + NEED_LIBDL=Yes + get_lib_name([ipset], [ipset_session_init]) + AC_DEFINE_UNQUOTED([IPSET_LIB_NAME], [ "$LIB_NAME" ], [Define the ipset library name]) + else + add_config_opt([LIBIPSET]) + fi + + dnl -- xt_set_info_match first introduced in Linux 2.6.39 (initial implementation of ipsets) + dnl -- xt_set_info_match_v1 declared since Linux 3.1 + AC_CHECK_MEMBER([struct xt_set_info_match_v1.match_set.index], [AC_DEFINE([HAVE_XT_SET_INFO_MATCH_V1], [ 1 ], [Define to 1 if have struct xt_set_info_match_v1])], [], + [ + $EXTRA_INCLUDE + #include + ]) + dnl -- xt_set_info_match_v3 declared since Linux 3.10 + AC_CHECK_MEMBER([struct xt_set_info_match_v3.match_set.index], [AC_DEFINE([HAVE_XT_SET_INFO_MATCH_V3], [ 1 ], [Define to 1 if have struct xt_set_info_match_v3])], [], + [ + $EXTRA_INCLUDE + #include + ]) + dnl -- xt_set_info_match_v4 declared since Linux 3.19 + AC_CHECK_MEMBER([struct xt_set_info_match_v4.match_set.index], [AC_DEFINE([HAVE_XT_SET_INFO_MATCH_V4], [ 1 ], [Define to 1 if have struct xt_set_info_match_v4])], [], + [ + $EXTRA_INCLUDE + #include + ]) + + dnl - ipset type iface introduced in Linux 3.1 + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + int main(void) { int var = IPSET_ATTR_IFACE; } + ]])], + [AC_DEFINE([HAVE_IPSET_ATTR_IFACE], [ 1 ], [Define to 1 if ipset supports iface type])]) + + dnl - The include guard for has the leading _UAPI remove when + dnl - the source code is processed to produce the actual header files. + dnl - Unfortunately libipset provides a copy of the kernel headers, as , + dnl - but it doesn't remove the _UAPI from the header files when installing them. + dnl - Unfortunately we need to include some libipset header files, which include the + dnl - libipset version, and also which includes the kernel version. + dnl - To get around this problem, after include one of these we need to define the header guard + dnl - for the other, to stop it being included as well. + dnl - This is reported as a bug against ipset at https://bugzilla.netfilter.org/show_bug.cgi?id=1139 + dnl - We will take the kernel version if there is an inclusion collision. + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #include + int main(void) {} + ]])], [], + [AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #ifdef _UAPI_IP_SET_H + #error _UAPI_IP_SET_H defined + #endif + int main(void) {} + ]])], + [AC_DEFINE([LIBIPSET_H_ADD_UAPI_IP_SET_H_GUARD], [1], [Define to add guard _UAPI_IP_SET_H before including ])], + [AC_DEFINE([LIBIPSET_H_ADD_IP_SET_H_GUARD], [1], [Define to add guard _IP_SET_H before including ])]) + ]) + fi + + if test $USE_LIBIPSET = Yes; then + AC_MSG_CHECKING([for libipset version 7 or later]) + AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [[ + #include + + void test_func(void) + { + ipset_session_init(NULL, NULL); + } + ]])], + [ + AC_MSG_RESULT([yes]) + ], + [ + AC_MSG_RESULT([no]) + AC_DEFINE([LIBIPSET_PRE_V7_COMPAT], [ 1 ], [Define to 1 if libipset library version prior to v7]) + add_system_opt[LIBIPSET_PRE_V7] + ]) + fi + ]) + LIBS="$SAV_LIBS" + fi + + dnl -- XT_EXTENSION_MAXNAMELEN not defined until Linux 2.6.35 + AC_CHECK_DECL([XT_EXTENSION_MAXNAMELEN], [], + [AC_DEFINE([XT_EXTENSION_MAXNAMELEN], [ (XT_FUNCTION_MAXNAMELEN - 1) ], [Define if doesnt define it])], + [#include ]) + + CPPFLAGS="$SAV_CPPFLAGS" + fi + fi + AS_IF([test $USE_LIBIPTC = No -o .$LIBIPTC_DYNAMIC = .Yes], + [AC_DEFINE([_USE_IPTABLES_CMD_], [ 1 ], [Define to 1 if using iptables command enabled])]) + ]) +AM_CONDITIONAL([LIBIPTC], [test $USE_LIBIPTC = Yes]) +AM_CONDITIONAL([LIBIPSET], [test $USE_LIBIPSET = Yes]) +AM_CONDITIONAL([IPTABLES], [test $USE_IPTABLES = Yes]) +AM_CONDITIONAL([IPTABLES_CMD], [test $USE_IPTABLES = Yes -a \( $USE_LIBIPTC = No -o .$LIBIPTC_DYNAMIC = .Yes \)]) +AM_CONDITIONAL([LIBIPTC_DYNAMIC], [test $USE_LIBIPTC = Yes -a .$LIBIPTC_DYNAMIC = .Yes]) +AM_CONDITIONAL([LIBIPSET_DYNAMIC], [test $USE_LIBIPSET = Yes -a .${enable_libipset_dynamic} != .no]) +AM_CONDITIONAL([REQUIRE_IPTABLES_LIBS], [test $USE_IPTABLES = Yes -a $USE_LIBIPTC = Yes -a .$LIBIPTC_DYNAMIC = .Yes]) +unset LIBS + +dnl ----[Check for nftables libraries]---- +USE_NFTABLES=No +if test .${enable_nftables} != .no; then + USE_NFTABLES=Yes + dnl -- linux/netfilter/nf_tables.h since Linux 3.13 + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + AC_CHECK_DECL([NFTA_TABLE_MAX], [], + [ + AS_IF([test .${enable_nftables} = .yes], [AC_MSG_ERROR([nftables header files missing/not useable])]) + USE_NFTABLES=No + ], + [#include ]) + + if test $USE_NFTABLES = Yes; then + $PKG_CONFIG --exists libnftnl + if test $? -ne 0; then + USE_NFTABLES=No + AC_MSG_WARN([libnftnl missing]) + fi + $PKG_CONFIG --exists libmnl + if test $? -ne 0; then + USE_NFTABLES=No + AC_MSG_WARN([libmnl missing]) + fi + + if test $USE_NFTABLES = Yes; then + # nft prior to version 0.8.3 does not support type ifname in sets. We can't check the version of + # nft, but we can check the version of libnftnl. nft v0.8.3 required libnftnl v1.0.9, but so did + # nft v0.8.2. So play safe, and require the next version. + #LIBNFTNL_VERSION=`printf "0x%2.2x%2.2x%2.2xU" \`pkg-config --modversion libnftnl | sed -e "s/\./ /g"\`` + #AC_DEFINE_UNQUOTED([LIBNFTNL_VERSION], [ $LIBNFTNL_VERSION ], [libnftnl version in hex]) + + add_pkg_config([libnftnl]) + add_pkg_config([libmnl]) + AC_DEFINE([_WITH_NFTABLES_], [ 1 ], [Define to 1 if want nftables support]) + add_config_opt([NFTABLES]) + AC_MSG_CHECKING([whether NFTNL_EXPR_LOOKUP_FLAGS is defined]) + AC_LINK_IFELSE([AC_LANG_SOURCE([[ + #include + int main(void) + { + int i = NFTNL_EXPR_LOOKUP_FLAGS; + return 0; + } + ]])], [ + AC_MSG_RESULT(yes) + AC_DEFINE([HAVE_NFTNL_EXPR_LOOKUP_FLAGS], [ 1 ], [Define to 1 if NFTNL_EXPR_LOOKUP_FLAGS defined]) + ],[ + AC_MSG_RESULT(no) + ]) + # nft dup from Linux 4.3 + AC_CHECK_DECLS([NFTA_DUP_MAX], [], [], + [#include ]) + + AC_CHECK_HEADERS([libnftnl/udata.h], + [ + AC_MSG_CHECKING([for nftnl_udata_put_u32]) + SAV_LIBS="$LIBS" + LIBS="$LIBS `$PKG_CONFIG --libs libnftnl`" + AC_LINK_IFELSE([AC_LANG_SOURCE([[ + #include + int main(void) + { + nftnl_udata_put_u32(NULL, 0, 0); + return 0; + } + ]])], [ + AC_MSG_RESULT(yes) + AC_DEFINE([HAVE_NFTNL_UDATA_PUT_U32], [ 1 ], [Define to 1 if nftnl_udata_put_u32 declared]) + ],[ + AC_MSG_RESULT(no) + ]) + LIBS="$SAV_LIBS" + ]) + fi + fi + CPPFLAGS="$SAV_CPPFLAGS" +fi +AM_CONDITIONAL([NFTABLES], [test $USE_NFTABLES = Yes]) +unset LIBS + +AS_IF([test $USE_IPTABLES = Yes -o $USE_NFTABLES = Yes], [AC_DEFINE([_WITH_FIREWALL_], [ 1 ], [Define to 1 if using iptables or nftables])]) +AM_CONDITIONAL([FIREWALL], [test $USE_IPTABLES = Yes -o $USE_NFTABLES = Yes]) + +dnl ----[Check if have linux/if.h and net/if.h namespace collision]---- +# Including and can cause a namespace collision. +# Later versions of the headers are OK if linux/if.h is included second +AC_MSG_CHECKING([for linux/if.h and net/if.h namespace collision]) +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #include + ]])], + [ + AC_MSG_RESULT([no]) + ], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([_HAVE_NET_LINUX_IF_H_COLLISION_], [ 1 ], [Define to 1 if have linux/if.h followed by net/if.h namespace collision]) + add_system_opt([NET_LINUX_IF_H_COLLISION]) + ]) +CPPFLAGS="$SAV_CPPFLAGS" + +dnl ----[Check if have linux/if_ether.h and netinet/if_ether.h namespace collision]---- +# Including and causes a namespace collision +# with musl libc, but the collision only occurs if linux/ip_ether.h is included +# before netinet/if_ether.h. The problem is that we want to include them in that +# order. +AC_MSG_CHECKING([for linux/if_ether.h then netinet/if_ether.h namespace collision]) +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #include + ]])], + [ + AC_MSG_RESULT([no]) + ], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([_HAVE_NETINET_LINUX_IF_ETHER_H_COLLISION_], [ 1 ], [Define to 1 if have linux/if_ether.h then netinet/if_ether.h namespace collision]) + add_system_opt([NETINET_LINUX_IF_ETHER_H_COLLISION]) + ]) +CPPFLAGS="$SAV_CPPFLAGS" + +# Linux 4.5 to 4.5.4 has indirectly including +# and which causes a namespace collision. +AC_MSG_CHECKING([for libiptc/libiptc.h linux/if.h and net/if.h namespace collision]) +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + ]])], + [ + AC_MSG_RESULT([no]) + ], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([_HAVE_LIBIPTC_LINUX_NET_IF_H_COLLISION_], [ 1 ], [Define to 1 if have libiptc/libiptc.h linux/if.h and net/if.h namespace collision]) + add_system_opt([LIBIPTC_LINUX_NET_IF_H_COLLISION]) + ]) +CPPFLAGS="$SAV_CPPFLAGS" + +dnl ----[ Checks for LVS, VRRP and BFD support ]---- +IPVS_SYNCD_ATTRIBUTES=No +IPVS_64BIT_STATS=No +WITH_REGEX=No +ENABLE_REGEX_DEBUG=No +if test "$enable_lvs" != no; then + IPVS_SUPPORT=Yes + add_config_opt([LVS]) + AC_DEFINE([_WITH_LVS_], [ 1 ], [Define to 1 if have IPVS support]) + + dnl -- exists from Linux 2.6.27; prior to that is used + AC_CHECK_HEADERS([linux/ip_vs.h], + [ + dnl -- From Linux 2.6.35 (but CentOS has it in 2.6.32) + AC_CHECK_DECLS([IP_VS_SVC_F_ONEPACKET], [], [], + [[#include ]]) + ]) + + if test $IPVS_USE_NL = Yes; then + AC_DEFINE([LIBIPVS_USE_NL], [ 1 ], [Define to 1 if libipvs can use netlink]) + add_system_opt([LIBIPVS_NETLINK]) + fi + + dnl ----[ IPVS syncd options ]--- + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + + dnl -- Since Linux 3.18 + AC_CHECK_DECLS([IPVS_DEST_ATTR_ADDR_FAMILY], [add_system_opt([IPVS_DEST_ATTR_ADDR_FAMILY])], [], [#include ]) + + dnl -- Since Linux ?.?.? + IPVS_SYNCD_ATTRIBUTES=Yes + AC_CHECK_DECLS([ + IPVS_DAEMON_ATTR_SYNC_MAXLEN, + IPVS_DAEMON_ATTR_MCAST_GROUP, + IPVS_DAEMON_ATTR_MCAST_GROUP6, + IPVS_DAEMON_ATTR_MCAST_PORT, + IPVS_DAEMON_ATTR_MCAST_TTL], [], + [ + IPVS_SYNCD_ATTRIBUTES=No + break + ], + [[#include ]]) + + dnl -- Since Linux 4.3 + if test $IPVS_SYNCD_ATTRIBUTES = Yes; then + AC_DEFINE([_HAVE_IPVS_SYNCD_ATTRIBUTES_], [ 1 ], [Define to 1 if have IPVS syncd attributes]) + add_system_opt([IPVS_SYNCD_ATTRIBUTES]) + fi + + dnl ----[ IPVS 64-bit stats ]---- + dnl -- Since Linux 4.1 + if test "$enable_lvs_64bit_stats" != "no"; then + IPVS_64BIT_STATS=Yes + AC_CHECK_DECLS([ + IPVS_SVC_ATTR_STATS64, + IPVS_DEST_ATTR_STATS64], [], + [ + IPVS_64BIT_STATS=No + break + ], + [[#include ]]) + if test $IPVS_64BIT_STATS = Yes; then + AC_DEFINE([_WITH_LVS_64BIT_STATS_], [ 1 ], [Define to 1 if have IPVS 64 bit stats]) + add_system_opt([IPVS_64BIT_STATS]) + fi + fi + + dnl ----[ IPVS tunnel type ]---- + dnl -- Since Linux 5.2 + AC_CHECK_DECLS([IPVS_DEST_ATTR_TUN_TYPE], + [ + AC_DEFINE([_HAVE_IPVS_TUN_TYPE_], [ 1 ], [Define to 1 if have IPVS tunnel type]) + add_system_opt([IPVS_TUN_TYPE]) + ], [], + [[#include ]]) + + dnl -- Since Linux 5.3 + AC_CHECK_DECLS([IP_VS_TUNNEL_ENCAP_FLAG_NOCSUM], + [ + AC_DEFINE([_HAVE_IPVS_TUN_CSUM_], [ 1 ], [Define to 1 if have IPVS tunnel checksum options]) + add_system_opt([IPVS_TUN_CSUM]) + ], [], + [[#include ]]) + + dnl -- Since Linux 5.3 + AC_CHECK_DECLS([IP_VS_CONN_F_TUNNEL_TYPE_GRE], + [ + AC_DEFINE([_HAVE_IPVS_TUN_GRE_], [ 1 ], [Define to 1 if have IPVS gre tunnel]) + add_system_opt([IPVS_TUN_GRE]) + ], [], + [[#include ]]) + + CPPFLAGS="$SAV_CPPFLAGS" + + dnl ----[ Is HTTP_GET regex checking wanted? ]---- + AS_IF([test "$enable_regex" = yes], + [ + $PKG_CONFIG --exists libpcre2-8 + HAVE_PCRE2=$? + AS_IF([test $HAVE_PCRE2 -ne 0], [AC_MSG_ERROR([cannot find pcre library])]) + AC_MSG_CHECKING([for pcre.h]) + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #define PCRE2_CODE_UNIT_WIDTH 8 + #include + ]])], + [ + AC_MSG_RESULT([yes]) + WITH_REGEX=Yes + add_pkg_config([libpcre2-8]) + AC_DEFINE([_WITH_REGEX_CHECK_], [ 1 ], [Define to 1 to build with HTTP_GET regex checking]) + add_config_opt([REGEX]) + ], + [ + AC_MSG_RESULT([no]) + AC_MSG_ERROR([pcre2.h is missing]) + ]) + if test "$enable_regex_timers" = yes; then + AC_DEFINE([_WITH_REGEX_TIMERS_], [ 1 ], [Define to 1 to include regex timers]) + fi + + if test "${enable_regex_debug}" = yes; then + AC_DEFINE([_REGEX_DEBUG_], [ 1 ], [Define to 1 to build with regex debugging support]) + ENABLE_REGEX_DEBUG=Yes + add_config_opt([REGEX_DEBUG]) + fi + ]) +else + IPVS_SUPPORT=No +fi +AM_CONDITIONAL([WITH_IPVS], [test $IPVS_SUPPORT = Yes]) +AM_CONDITIONAL([WITH_REGEX], [test $WITH_REGEX = Yes]) + +dnl ----[ Checks for kernel netlink support ]---- +VRRP_SUPPORT=No +VRRP_AUTH_SUPPORT=No +MACVLAN_SUPPORT=No +ENABLE_JSON=No +BFD_SUPPORT=No +HAVE_CN_PROC=No +if test "$enable_vrrp" != no; then + VRRP_SUPPORT=Yes + AC_DEFINE([_WITH_VRRP_], [ 1 ], [Define to 1 if have VRRP support]) + add_config_opt([VRRP]) + + dnl ----[ check for VRRP authentication support ]---- + if test "${enable_vrrp_auth}" != no; then + VRRP_AUTH_SUPPORT=Yes + AC_DEFINE([_WITH_VRRP_AUTH_], [ 1 ], [Define to 1 if want ARRP authentication support]) + add_config_opt([VRRP_AUTH]) + fi + + dnl ----[ Checks for kernel VMAC support ]---- + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + MACVLAN_SUPPORT=Yes + dnl -- Since Linux 2.6.33 + AC_CHECK_DECLS([ + IFLA_MACVLAN_MODE, + MACVLAN_MODE_PRIVATE], [], + [ + MACVLAN_SUPPORT=No + break + ], [[ + #include + #include + ]]) + if test $MACVLAN_SUPPORT = Yes; then + AC_DEFINE([_HAVE_VRRP_VMAC_], [ 1 ], [Define to 1 if have MAC VLAN support]) + add_system_opt([VRRP_VMAC]) + fi + CPPFLAGS="$SAV_CPPFLAGS" + + dnl ----[ Checks for kernel IPVLAN support ]---- + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + IPVLAN_SUPPORT=Yes + dnl -- Since Linux 3.19 + AC_CHECK_DECLS([ + IFLA_IPVLAN_MODE], [], + [ + IPVLAN_SUPPORT=No + break + ], [[ + #include + #include + ]]) + if test $IPVLAN_SUPPORT = Yes; then + AC_DEFINE([_HAVE_VRRP_IPVLAN_], [ 1 ], [Define to 1 if have IP VLAN support]) + add_system_opt([VRRP_IPVLAN]) + fi + CPPFLAGS="$SAV_CPPFLAGS" + + dnl ----[ Check for IFLA_LINK_NETNSID support ]---- since Linux v4.0 + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + int main(void) { int var = IFLA_LINK_NETNSID; } + ]])], + [ + AC_DEFINE([HAVE_IFLA_LINK_NETNSID], [ 1 ], [Define to 1 if IFLA_LINK_NETNSID supported]) + add_system_opt([IFLA_LINK_NETNSID]) + ]) + + dnl ----[ JSON output or not ? ]---- + if test "${enable_json}" = yes; then + ENABLE_JSON=Yes + AC_DEFINE([_WITH_JSON_], [ 1 ], [Define to 1 to build with JSON output support]) + add_config_opt([JSON]) + fi + + dnl ----[ BFD support ? ]---- + if test "${enable_bfd}" = yes; then + BFD_SUPPORT=Yes + AC_DEFINE([_WITH_BFD_], [ 1 ], [Define to 1 if have BFD support]) + add_config_opt([BFD]) + fi + + dnl -- Check for process events connector - Linux v2.6.15 + AS_IF([test .$enable_track_process != .no], + [ + add_system_opt([CN_PROC]) + HAVE_CN_PROC=Yes + AC_DEFINE([_WITH_CN_PROC_], [ 1 ], [Define to 1 if have linux/cn_proc.h and track-process not disabled]) + dnl -- PROC_EVENT_SID since Linux v2.6.32 + dnl -- PROC_EVENT_PTRACE since Linux v3.1 + dnl -- PROC_EVENT_COMM since Linux v3.2 + dnl -- PROC_EVENT_COREDUMP since Linux v3.10 + AC_CHECK_DECLS([PROC_EVENT_SID, PROC_EVENT_PTRACE, PROC_EVENT_COMM, PROC_EVENT_COREDUMP], [], [], [[#include ]]) + ], + [add_config_opt([DISABLE_TRACK_PROCESS])]) +fi +AM_CONDITIONAL([WITH_VRRP], [test $VRRP_SUPPORT = Yes]) +AM_CONDITIONAL([VRRP_AUTH], [test $VRRP_AUTH_SUPPORT = Yes]) +AM_CONDITIONAL([VMAC], [test $MACVLAN_SUPPORT = Yes]) +AM_CONDITIONAL([WITH_JSON], [test $ENABLE_JSON = Yes]) +AM_CONDITIONAL([WITH_BFD], [test $BFD_SUPPORT = Yes]) +AM_CONDITIONAL([CN_PROC], [test $HAVE_CN_PROC = Yes]) + +if test ${IPVS_SUPPORT} = No -a ${VRRP_SUPPORT} = No; then + AC_MSG_ERROR([keepalived MUST be compiled with at least one of LVS or VRRP framework]) +fi + +dnl ----[ Checks for glibc SOCK_NONBLOCK support ]---- +# Introduced in Linux 2.6.27 and glibc 2.9 +AC_CHECK_DECLS([SOCK_NONBLOCK], [add_system_opt([SOCK_NONBLOCK])], [],[[#include ]]) +AM_CONDITIONAL([SOCK_NONBLOCK], [test $ac_cv_have_decl_SOCK_NONBLOCK = yes]) + +dnl ----[ Checks for glibc SOCK_CLOEXEC support ]---- +# Introduced in Linux 2.6.27 and glibc 2.9 +AC_CHECK_DECLS([SOCK_CLOEXEC], [add_system_opt([SOCK_CLOEXEC])], [],[[#include ]]) + +dnl ----[ Checks for pe support ]---- +# Introduced in Linux 2.6.37 +AC_CHECK_DECL([IPVS_SVC_ATTR_PE_NAME], + [ + AC_DEFINE([_HAVE_PE_NAME_], [ 1 ], [Define to 1 if have pe selection support]) + ], + [], [[#include ]]) + +dnl ----[ Checks for O_PATH support ]---- +# Introduced in Linux 2.6.39 +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE" +AC_CHECK_DECLS([O_PATH], + [ + add_system_opt([O_PATH]) + ], [],[[#include ]]) +CPPFLAGS="$SAV_CPPFLAGS" + +dnl ----[ Check for GLOB_BRACE support ]---- +AC_CHECK_DECLS([GLOB_BRACE], [add_system_opt([GLOB_BRACE])], [], [[#include ]]) + +dnl ----[ Do we want v1.3.6 and earlier VRRPv3 unicast checksum compatibility support ]---- +UNICAST_CHKSUM_COMPAT_SUPPORT=No +if test .$enable_checksum_compat != .no; then + UNICAST_CHKSUM_COMPAT_SUPPORT=Yes + AC_DEFINE([_WITH_UNICAST_CHKSUM_COMPAT_], [ 1 ], [Define to 1 to enable v1.3.6 and earlier VRRPv3 unicast checksum compatibility]) + add_config_opt([OLD_CHKSUM_COMPAT]) +fi + +dnl ----[ Checks for FIB routing support ]---- +FIB_ROUTING_SUPPORT=No +if test .$enable_vrrp != .no -a .$enable_routes != .no; then + # Introduced in Linux 2.6.19 + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + AC_CHECK_DECL([FRA_SRC], + [ + FIB_ROUTING_SUPPORT=Yes + AC_DEFINE([_HAVE_FIB_ROUTING_], [ 1 ], [Define to 1 if have FIB routing support]) + add_config_opt([FIB_ROUTING]) + ], [], + [[#include + #include ]]) + CPPFLAGS="$SAV_CPPFLAGS" +fi +AM_CONDITIONAL([FIB_ROUTING], [test $FIB_ROUTING_SUPPORT = Yes]) + +dnl ----[ Check if linkbeat wanted ]---- +AS_IF([test .$enable_linkbeat = .no], + [ + LINKBEAT_SUPPORT=No + add_config_opt([NO_LINKBEAT]) + ], + [ + LINKBEAT_SUPPORT=Yes + AC_DEFINE([_WITH_LINKBEAT_], [ 1 ], [Define to 1 if have linkbeat support]) + ]) + +dnl ----[ Checks for kernel IFLA_INET6_ADDR_GEN_MODE support ]---- +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +if test ${MACVLAN_SUPPORT} = Yes; then + # Introduced in Linux 3.17 + AC_CHECK_DECLS([IFLA_INET6_ADDR_GEN_MODE], + [ + add_system_opt([INET6_ADDR_GEN_MODE]) + ], [], [[ + #include + ]]) +fi +CPPFLAGS="$SAV_CPPFLAGS" + +dnl ----[ Checks for kernel IFLA_VRF_... support ]---- +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +if test ${MACVLAN_SUPPORT} = Yes; then + # Introduced in Linux 4.3 + AC_CHECK_DECLS([IFLA_VRF_MAX], + [ + add_system_opt([VRF]) + AC_DEFINE([_HAVE_VRF_], [ 1 ], [Define to 1 if have kernel VRF support]) + ], [], [[ + #include + ]]) +fi +CPPFLAGS="$SAV_CPPFLAGS" + +dnl ----[ Checks for SNMP support ]---- +SNMP_SUPPORT=No +SNMP_KEEPALIVED_SUPPORT=No +SNMP_VRRP_SUPPORT=No +SNMP_RFC_SUPPORT=No +SNMP_RFCV2_SUPPORT=No +SNMP_RFCV3_SUPPORT=No +SNMP_CHECKER_SUPPORT=No +SNMP_V3_FOR_V2=No +if test "$enable_snmp_keepalived" = yes; then + AC_MSG_WARN([--enable-snmp-keepalived is obsolete. Use --enable-snmp-vrrp.]) + enable_snmp_vrrp=$enable_snmp_keepalived +fi +if test "$enable_snmp" = yes -o \ + "$enable_snmp_vrrp" = yes -o \ + "$enable_snmp_checker" = yes -o \ + "$enable_snmp_rfc" = yes -o \ + "$enable_snmp_rfcv2" = yes -o \ + "$enable_snmp_rfcv3" = yes; then + AC_PATH_TOOL([NETSNMP_CONFIG], [net-snmp-config], [no]) + if test "$NETSNMP_CONFIG" = no; then + AC_MSG_ERROR([*** unable to find net-snmp-config]) + fi + NETSNMP_LIBS_AGENT=`${NETSNMP_CONFIG} --netsnmp-agent-libs` + NETSNMP_LIBS_EXT=`${NETSNMP_CONFIG} --external-libs` + NETSNMP_LIBS="$NETSNMP_LIBS_AGENT $NETSNMP_LIBS_EXT" + NETSNMP_CFLAGS="`${NETSNMP_CONFIG} --base-cflags`" + NETSNMP_CPPFLAGS="-DNETSNMP_NO_INLINE" + + # net-snmp-config adds compiler and linker options that were set at the time + # net-snmp was built, and this can include spec files that may not exist + # on the system building keepalived. We need to check if any spec files + # are specified, and if they do not exist on this system, then remove them + # from NETSNMP_LIBS or NETSNMP_CFLAGS. + # For further information, see https://bugzilla.redhat.com/show_bug.cgi?id=1544527 + # and the other bugs referred to in it. + for spec in `echo $NETSNMP_LIBS | sed -e "s? ?\n?g" | grep "^-specs="`; do + SPEC_FILE=`echo $spec | sed -e "s?^-spaces=??"` + if test ! -f $SPEC_FILE; then + NETSNMP_LIBS=`echo $NETSNMP_LIBS | sed -e "s? *$spec *? ?"` + AC_MSG_WARN([Removing $spec from NETSNMP_LIBS since spec file not installed]) + fi + done + for spec in `echo $NETSNMP_CFLAGS | sed -e "s? ?\n?g" | grep "^-specs="`; do + SPEC_FILE=`echo $spec | sed -e "s?^-spaces=??"` + if test ! -f $SPEC_FILE; then + NETSNMP_CFLAGS=`echo $NETSNMP_CFLAGS | sed -e "s? *$spec *? ?"` + AC_MSG_WARN([Removing $spec from NETSNMP_CFLAGS since spec file not installed]) + fi + done + + SAV_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS ${NETSNMP_CFLAGS}" + SAV_LIBS="$LIBS" + LIBS="$LIBS ${NETSNMP_LIBS}" + AC_MSG_CHECKING([whether C compiler supports flag "${NETSNMP_CFLAGS} ${NETSNMP_LIBS}" from Net-SNMP]) + AC_LINK_IFELSE([AC_LANG_SOURCE([[ + int main(void) + { + return 0; + } + ]])], [ + AC_MSG_RESULT(yes) + ],[ + AC_MSG_RESULT(no) + AC_MSG_ERROR([*** incorrect CFLAGS from net-snmp-config]) + ]) + + # Do we have subagent support? + AC_CHECK_FUNCS([netsnmp_enable_subagent], [], + [AC_MSG_ERROR([*** no subagent support in net-snmp])]) + + # check for net-snmp headers + # Some ancient distributions may miss header + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $NETSNMP_CFLAGS" + AC_CHECK_HEADERS(net-snmp/agent/agent_sysORTable.h net-snmp/agent/snmp_vars.h net-snmp/agent/util_funcs.h,[], + [AC_MSG_ERROR([missing net-snmp headers])],[[ + #include + #include + #include + ]]) + + SNMP_SUPPORT=Yes + + # NETSNMP_CFLAGS can have CPPFLAGS options, so separate them + NETSNMP_CPPFLAGS_XTRA=`echo " $NETSNMP_CFLAGS " | sed -e "s/ / /g" -e "s/ -[[^IDU]] *-/ -/g" -e "s/ -[[^IDU]] *[[^-]][[^ ]]* / /g" -e "s/ */ /g"` + NETSNMP_CFLAGS=`echo " $NETSNMP_CFLAGS " | sed -e "s/ / /g" -e "s/ -[[IDU]] *[[^ ]]* / /g" -e "s/ */ /g"` + add_to_var([KA_CFLAGS], [$NETSNMP_CFLAGS]) + add_to_var([KA_CPPFLAGS], [$NETSNMP_CPPFLAGS $NETSNMP_CPPFLAGS_XTRA]) + + # NETSNMP_LIBS may have some LDFLAGS options, so separate them + NETSNMP_LDFLAGS_XTRA=`echo " $NETSNMP_LIBS " | sed -e "s/ / /g" -e "s/ -l *[[^ ]]* / /g" -e "s/ */ /g" -e "s/ -/ @-/g" | tr "@" "\n" | sed -e "s/^ *//" -e "s/ *$//" | sort -u | tr "\n" " "` + NETSNMP_LIBS=`echo " $NETSNMP_LIBS " | sed -e "s/ / /g" -e "s/ \(-l *[[^ ]]*\) /@\1@/g" | tr "@" "\n" | grep "^-l" | tr "\n" " " | sed -e "s/ */ /g"` + add_to_var([KA_LDFLAGS], [$NETSNMP_LDFLAGS $NETSNMP_LDFLAGS_XTRA]) + add_to_var([KA_LIBS], [$NETSNMP_LIBS]) + + if test "$enable_snmp_rfc" = yes; then + SNMP_RFCV2_SUPPORT=Yes + SNMP_RFCV3_SUPPORT=Yes + else + if test "$enable_snmp_rfcv2" = yes; then + SNMP_RFCV2_SUPPORT=Yes + fi + if test "$enable_snmp_rfcv3" = yes; then + SNMP_RFCV3_SUPPORT=Yes + fi + fi + if test ${SNMP_RFCV2_SUPPORT} = Yes -o \ + ${SNMP_RFCV3_SUPPORT} = Yes; then + if test ${VRRP_SUPPORT} != Yes; then + AC_MSG_ERROR([RFC SNMP support requires VRRP]) + fi + SNMP_RFC_SUPPORT=Yes + fi + if test ${SNMP_RFCV3_SUPPORT} = Yes -a \ + "$enable_snmp_reply_v3_for_v2" != no; then + AC_DEFINE([_SNMP_REPLY_V3_FOR_V2_], [ 1 ], [Define to 1 to have keepalived send RFC6527 SNMP responses for VRRPv2 instances]) + SNMP_V3_FOR_V2=Yes + add_config_opt([SNMP_V3_FOR_V2]) + fi + + if test "$enable_snmp" = yes; then + if test ${VRRP_SUPPORT} = Yes; then + SNMP_VRRP_SUPPORT=Yes + fi + if test ${IPVS_SUPPORT} = Yes; then + SNMP_CHECKER_SUPPORT=Yes + fi + else + if test "$enable_snmp_vrrp" = yes; then + SNMP_VRRP_SUPPORT=Yes + fi + if test "$enable_snmp_checker" = yes; then + SNMP_CHECKER_SUPPORT=Yes + fi + fi + if test ${VRRP_SUPPORT} != Yes -a \ + ${SNMP_VRRP_SUPPORT} = Yes; then + AC_MSG_ERROR([VRRP SNMP support requires VRRP]) + fi + if test ${IPVS_SUPPORT} = No -a \ + ${SNMP_CHECKER_SUPPORT} = Yes; then + AC_MSG_ERROR([CHECKER SNMP support requires checker]) + fi + + if test ${SNMP_VRRP_SUPPORT} = Yes -o \ + ${SNMP_CHECKER_SUPPORT} = Yes; then + SNMP_KEEPALIVED_SUPPORT=Yes + fi + + CPPFLAGS="$SAV_CPPFLAGS" + CFLAGS="$SAV_CFLAGS" + LIBS="$SAV_LIBS" +fi + +dnl ----[What SNMP support is required]---- +if test $SNMP_SUPPORT = Yes; then + AC_DEFINE([_WITH_SNMP_], [ 1 ], [Define to 1 to have SNMP support]) +fi +if test $SNMP_KEEPALIVED_SUPPORT = Yes; then + AC_DEFINE([_WITH_SNMP_KEEPALIVED_], [ 1 ], [Define to 1 to have keepalived SNMP support]) +fi +if test $SNMP_VRRP_SUPPORT = Yes; then + AC_DEFINE([_WITH_SNMP_VRRP_], [ 1 ], [Define to 1 to have keepalived SNMP VRRP support]) + add_config_opt([SNMP_VRRP]) +fi +if test $SNMP_CHECKER_SUPPORT = Yes; then + AC_DEFINE([_WITH_SNMP_CHECKER_], [ 1 ], [Define to 1 to have keepalived SNMP checker support]) + add_config_opt([SNMP_CHECKER]) +fi +if test $SNMP_RFC_SUPPORT = Yes; then + AC_DEFINE([_WITH_SNMP_RFC_], [ 1 ], [Define to 1 to have RFC SNMP support]) +fi +if test $SNMP_RFCV2_SUPPORT = Yes; then + AC_DEFINE([_WITH_SNMP_RFCV2_], [ 1 ], [Define to 1 to have RFCv2 SNMP support]) + add_config_opt([SNMP_RFCV2]) +fi +if test $SNMP_RFCV3_SUPPORT = Yes; then + AC_DEFINE([_WITH_SNMP_RFCV3_], [ 1 ], [Define to 1 to have RFCv3 SNMP support]) + add_config_opt([SNMP_RFCV3]) +fi +AM_CONDITIONAL([SNMP], [test $SNMP_SUPPORT = Yes]) +AM_CONDITIONAL([SNMP_KEEPALIVED], [test $SNMP_KEEPALIVED_SUPPORT = Yes]) +AM_CONDITIONAL([SNMP_VRRP], [test $SNMP_VRRP_SUPPORT = Yes -o $SNMP_RFC_SUPPORT = Yes]) +AM_CONDITIONAL([SNMP_CHECKER], [test $SNMP_CHECKER_SUPPORT = Yes]) +AM_CONDITIONAL([SNMP_RFC], [test $SNMP_RFCV2_SUPPORT = Yes -o $SNMP_RFCV3_SUPPORT = Yes]) +AM_CONDITIONAL([SNMP_RFCV2], [test $SNMP_RFCV2_SUPPORT = Yes]) +AM_CONDITIONAL([SNMP_RFCV3], [test $SNMP_RFCV3_SUPPORT = Yes]) +AM_CONDITIONAL([SNMP_REPLY_V3_FOR_V2], [test $SNMP_V3_FOR_V2 = Yes]) +AS_IF([test $SNMP_SUPPORT = Yes], [SNMP_SERVICE=snmpd.service], [SNMP_SERVICE=]) +AC_SUBST([SNMP_SERVICE]) + +dnl ----[ Check for Dbus support ]---- +DBUS_SUPPORT=No +DBUS_CREATE_INSTANCE=No +if test "$enable_dbus" = yes; then + AC_CHECK_LIB(gio-2.0, g_bus_own_name, + [ + add_pkg_config([gio-2.0]) + DBUS_SUPPORT=Yes + AC_DEFINE([_WITH_DBUS_], [ 1 ], [Define to 1 to have DBUS support]) + add_config_opt([DBUS]) + + dnl -- g_type_init() not needed and deprecated since glib 2.36 + SAV_CFLAGS=$CFLAGS + CFLAGS="$($PKG_CONFIG --cflags gio-2.0)" + SAV_LIBS=$LIBS + LIBS="$($PKG_CONFIG --libs gio-2.0)" + AC_RUN_IFELSE( + [ + AC_LANG_PROGRAM( + [[#include ]], + [[return !g_thread_functions_for_glib_use.mutex_lock;]])], + [need_g_type_init=0], + [need_g_type_init=1], + [ + AC_MSG_WARN([Cannot determine if need to call g_type_init(). Assuming yes for safety.]) + need_g_type_init=1 + ]) + if test $need_g_type_init -eq 1; then + AC_DEFINE([DBUS_NEED_G_TYPE_INIT], [ 1 ], [Define to 1 if need to call g_type_init()]) + fi + LIBS=$SAV_LIBS + CFLAGS=$SAV_CFLAGS + if test "$enable_dbus_create_instance" = yes; then + AC_DEFINE([_WITH_DBUS_CREATE_INSTANCE_], [ 1 ], [Define to 1 to have DBus create instance support]) + DBUS_CREATE_INSTANCE=Yes + add_config_opt([DBUS_CREATE_INSTANCE]) + AC_MSG_WARN([DBus create instance functionality is dangerous - why do you want it?]) + fi + ], + [AC_MSG_ERROR([DBUS support requested but libgio-2.0 not found.])]) + unset LIBS +fi +AM_CONDITIONAL([WITH_DBUS], [test $DBUS_SUPPORT = Yes]) +AM_CONDITIONAL([DBUS_CREATE_INSTANCE], [test $DBUS_CREATE_INSTANCE = Yes]) + +dnl ----[ SHA1 or not ? ]---- +SHA1_SUPPORT=No +if test "${enable_sha1}" = yes; then + AC_CHECK_HEADERS(openssl/sha.h,,AC_MSG_ERROR([unable to find openssl/sha.h])) + AC_CHECK_LIB(crypto, SHA1_Init,, + [ + dnl libcrypto can require -fpic + AS_UNSET([ac_cv_lib_crypto_SHA1_Init]) + SAV_CFLAGS=$CFLAGS + CFLAGS="$CFLAGS -fpic" + AC_CHECK_LIB(crypto, SHA1_Init,,AC_MSG_ERROR([SHA1 in OpenSSL required])) + CFLAGS=$SAV_CFLAGS + add_to_var([KA_CFLAGS],[-fpic]) + ]) + SHA1_SUPPORT=Yes + AC_DEFINE([_WITH_SHA1_], [ 1 ], [Define to 1 to have SHA1 support]) +fi +AM_CONDITIONAL([WITH_SHA1], [test $SHA1_SUPPORT = Yes]) +unset LIBS + +dnl ----[ check for SO_MARK support ]---- +dnl -- Since Linux 2.6.25 +SO_MARK_SUPPORT=No +if test "${enable_fwmark}" != no; then + AC_CHECK_DECLS([SO_MARK], + [ + SO_MARK_SUPPORT=Yes + AC_DEFINE([_WITH_SO_MARK_], [ 1 ], [Define to 1 if have SO_MARK]) + add_system_opt([SO_MARK]) + ], [], + [[#include ]]) +fi + +dnl ---[ check for setns() ]---- +dnl -- CLONE_NEWNET defined from Linux 3.0 +SAV_CFLAGS="$CFLAGS" +AC_CHECK_DECLS([CLONE_NEWNET], [], [], [[#include ]]) +dnl -- From glibc 2.14. Otherwise use setns syscall, since Linux 2.4.x +AC_CHECK_FUNCS([setns]) +dnl -- When building a RedHat RPM with hardening enabled, -pie is specified, +dnl -- and for setns this requires -fPIC +AS_IF([test $ac_cv_func_setns = no], + [ + AS_UNSET([ac_cv_func_setns]) + CFLAGS="$CFLAGS -fPIC" + AC_CHECK_FUNCS([setns]) + ]) +CFLAGS="$SAV_CFLAGS" +AM_CONDITIONAL([WITH_NAMESPACES], [test $ac_cv_have_decl_CLONE_NEWNET = yes]) + +dnl ----[ check for realtime scheduling support ]---- +dnl -- from Linux ?.?.? +AC_CHECK_DECLS([SCHED_RR], + [ + SCHED_RT_SUPPORT=Yes + AC_DEFINE([_HAVE_SCHED_RT_], [ 1 ], [Define to 1 if have SCHED_RR]) + add_system_opt([SCHED_RT]) + + dnl -- RLIMIT_RTTIME since Linux 2.6.25 - not supported wwith musl libc + AC_CHECK_DECLS([RLIMIT_RTTIME], [], [], [[#include ]]) + + dnl -- SCHED_RESET_ON_FORK since Linux 2.6.32 + AC_CHECK_DECLS([SCHED_RESET_ON_FORK], + [add_system_opt([SCHED_RESET_ON_FORK])], + [AC_DEFINE([SCHED_RESET_ON_FORK], [ 0 ], [Dummy definition if not defined in system headers])], + [[#include ]]) + ], + [ + SCHED_RT_SUPPORT=No + ], [[#include ]]) + +dnl -- Do we want GNU standard paths (moves .pid files) +GNU_STD_PATHS=No +if test "${enable_gnu_std_paths}" = "yes"; then + AC_DEFINE([GNU_STD_PATHS], [ 1 ], [set to enforce GNU standard paths, for .pid files etc]) + PID_DIR=$localstatedir +elif test $RUN_DIR_SPECIFIED = Y -a .${with_run_dir} != .no; then + PID_DIR=`echo ${with_run_dir} | sed -e "s:/run$::"` # Remove a trailing /run - somewill will include it sometime +elif test -d /run; then + PID_DIR= +else + PID_DIR=/var +fi +AC_DEFINE_UNQUOTED([PID_DIR_ROOT], [ "${PID_DIR}" ], [Parent directory of /run]) +AC_SUBST([PID_DIR]) + +dnl - Check type of rlim_t for printf() - this check needs to be late on +dnl - since _FILE_OFFSET_BITS (set when using netsnmp) alters sizeof(rlim_t) +SAV_CFLAGS="$CFLAGS" +CFLAGS="-Wformat -Werror=format $SAV_CPPFLAGS $KA_CPPFLAGS" +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #include + int + main(int argc, char **argv) + { + rlim_t val = 23U; + printf("%lu %d %p", val, argc, argv); + + return 0; + } + ]])], + [AC_DEFINE([PRI_rlim_t], ["lu"], [Define printf format specifier for rlim_t])], + [AC_DEFINE([PRI_rlim_t], ["llu"], [Define printf format specifier for rlim_t])], + ) +CFLAGS="$SAV_CFLAGS" + +dnl ---[ check for sphinx-build executable ]---- +if test -z "$SPHINXBUILD"; then + SPHINXBUILDNAME=sphinx-build +else + SPHINXBUILDNAME=${SPHINXBUILD} +fi +AC_SUBST(SPHINXBUILDNAME) +AC_CHECK_PROG([HAVE_SPHINX_BUILD], [$SPHINXBUILDNAME], [Yes], [No]) +AM_CONDITIONAL([BUILD_DOCS], [test $HAVE_SPHINX_BUILD = Yes]) + +dnl ----[ Memory alloc check or not ? ]---- +MEM_CHECK=No +MEM_CHECK_LOG=No +if test "${enable_mem_check}" = "yes"; then + MEM_CHECK=Yes + AC_DEFINE([_MEM_CHECK_], [ 1 ], [Define to 1 to build with malloc/free checks]) + add_config_opt([MEM_CHECK]) + if test "${enable_mem_check_log}" = "yes"; then + MEM_CHECK_LOG=Yes + AC_DEFINE([_MEM_CHECK_LOG_], [ 1 ], [Define to 1 to log malloc/free checks to syslog]) + add_config_opt([MEM_CHECK_LOG]) + fi +fi + +dnl ----[ Memory alloc check or not ? ]---- +TIMER_CHECK=No +if test "${enable_timer_check}" = "yes"; then + TIMER_CHECK=Yes + AC_DEFINE([_TIMER_CHECK_], [ 1 ], [Define to 1 to build with set time logging]) + add_config_opt([TIMER_CHECK]) +fi + +dnl ----[ Debug or not ? ]---- +if test "${enable_debug}" = yes; then + AC_DEFINE([_DEBUG_], [ 1 ], [Define to 1 to build with debugging support]) + ENABLE_DEBUG=Yes + add_config_opt([DEBUG]) +else + ENABLE_DEBUG=No +fi +AM_CONDITIONAL([DEBUG], [test $ENABLE_DEBUG = Yes]) + +dnl ----[ Netlink command timers or not ? ]---- +if test "${enable_netlink_timers}" = yes; then + AC_DEFINE([_NETLINK_TIMERS_], [ 1 ], [Define to 1 to build with netlink command timers support]) + ENABLE_NETLINK_TIMERS=Yes + add_config_opt([NETLINK_TIMERS]) +else + ENABLE_NETLINK_TIMERS=No +fi + +dnl ----[ smtp-alert debugging or not ? ]---- +if test "${enable_smtp_alert_debug}" = yes; then + AC_DEFINE([_SMTP_ALERT_DEBUG_], [ 1 ], [Define to 1 to build with smtp-alert debugging support]) + ENABLE_SMTP_ALERT_DEBUG=Yes + add_config_opt([SMTP_ALERT_DEBUG]) + ENABLE_LOG_FILE_APPEND=Yes +else + ENABLE_SMTP_ALERT_DEBUG=No +fi + +dnl ----[ Stacktrace support or not ? ]---- +if test "${enable_stacktrace}" = yes; then + AC_DEFINE([_WITH_STACKTRACE_], [ 1 ], [Define to 1 to build with stacktrace support]) + ENABLE_STACKTRACE=Yes + add_config_opt([STACKTRACE]) + add_to_var([KA_LDFLAGS], [-rdynamic]) +else + ENABLE_STACKTRACE=No +fi + +dnl ----[ Thread dumping support or not ? ]---- +if test "${enable_dump_threads}" = yes; then + AC_DEFINE([_WITH_DUMP_THREADS_], [ 1 ], [Define to 1 to build with thread dumping support]) + ENABLE_DUMP_THREADS=Yes + add_config_opt([DUMP_THREADS]) +else + ENABLE_DUMP_THREADS=No +fi + +dnl ----[ epoll() debugging support or not ? ]---- +if test "${enable_epoll_debug}" = yes; then + AC_DEFINE([_EPOLL_DEBUG_], [ 1 ], [Define to 1 to build with epoll_wait() debugging support]) + ENABLE_EPOLL_DEBUG=Yes + add_config_opt([EPOLL_DEBUG]) +else + ENABLE_EPOLL_DEBUG=No +fi + +dnl ----[ epoll() thread dumping support or not ? ]---- +if test "${enable_epoll_thread_dump}" = yes; then + AC_DEFINE([_EPOLL_THREAD_DUMP_], [ 1 ], [Define to 1 to build with epoll thread dumping support]) + ENABLE_EPOLL_THREAD_DUMP=Yes + add_config_opt([EPOLL_THREAD_DUMP]) +else + ENABLE_EPOLL_THREAD_DUMP=No +fi + +if test $ENABLE_EPOLL_THREAD_DUMP = Yes -o $ENABLE_DUMP_THREADS = Yes -o $ENABLE_EPOLL_DEBUG = Yes; then + AC_DEFINE([THREAD_DUMP], [ 1 ], [Define to 1 to build with thread dumping support]) +fi + +dnl ----[ TSM debugging support or not ? ]---- +if test "${enable_tsm_debug}" = yes; then + AC_DEFINE([_TSM_DEBUG_], [ 1 ], [Define to 1 to build with TSM debugging support]) + ENABLE_TSM_DEBUG=Yes + add_config_opt([TSM_DEBUG]) +else + ENABLE_TSM_DEBUG=No +fi + +dnl ----[ VRRP FD debugging support or not ? ]---- +if test "${enable_vrrp_fd_debug}" = yes; then + AC_DEFINE([_VRRP_FD_DEBUG_], [ 1 ], [Define to 1 to build with vrrp fd debugging support]) + ENABLE_VRRP_FD_DEBUG=Yes + add_config_opt([VRRP_FD_DEBUG]) +else + ENABLE_VRRP_FD_DEBUG=No +fi + +dnl ----[ network timestamp support or not ? ]---- +if test "${enable_network_timestamp}" = yes; then + AC_DEFINE([_NETWORK_TIMESTAMP_], [ 1 ], [Define to 1 to build with network timestamp support]) + ENABLE_NETWORK_TIMESTAMP=Yes + add_config_opt([NETWORK_TIMESTAMP]) +else + ENABLE_NETWORK_TIMESTAMP=No +fi + +dnl ----[ asserts enabled or not ? ]---- +if test "${enable_asserts}" = yes; then + AC_DEFINE([_ENABLE_ASSERT_], [ 1 ], [Define to 1 to enable asserts]) + ENABLE_ASSERT=Yes + add_config_opt([ASSERT]) +else + ENABLE_ASSERT=No +fi +AM_CONDITIONAL([ASSERTS], [test $ENABLE_ASSERT = Yes]) + +dnl ----[ Specify interface type to be unchangeable ]---- +if test "${with_fixed_if_type}"; then + if test "${with_fixed_if_type}" = yes -o ${with_fixed_if_type} = no; then + AC_MSG_ERROR([An interface type must be specified with --with-fixed-if-type]) + fi + AC_DEFINE_UNQUOTED([_FIXED_IF_TYPE_], [ "${with_fixed_if_type}" ], [Consider ${with_fixed_if_type} interfaces to be unchangeable]) + FIXED_IF_TYPE=${with_fixed_if_type} + add_config_opt([FIXED_IF_TYPE=${with_fixed_if_type}]) +else + FIXED_IF_TYPE= +fi + +dnl ----[ Profiling or not ? ]---- +WITH_PROFILING=No +if test "${enable_profile}" = yes; then + WITH_PROFILING=Yes + add_config_opt([PROFILING]) + add_to_var([KA_CFLAGS], [-pg]) +fi +AM_CONDITIONAL([PROFILE], [test $WITH_PROFILING = Yes]) + +dnl ----[ perf support or not? keepalived provides runtime options ]---- +if test "${enable_perf}" = yes; then + AC_DEFINE([_WITH_PERF_], [ 1 ], [Define to 1 to build with perf support]) + ENABLE_PERF=Yes + add_config_opt([PERF]) + add_to_var([KA_CFLAGS], [-pg]) +else + ENABLE_PERF=No +fi + +if test "${enable_log_file}" = yes; then + AC_DEFINE([ENABLE_LOG_TO_FILE], [ 1 ], [Define if enabling logging to files]) + ENABLE_LOG_FILE_APPEND=Yes + add_config_opt([FILE_LOGGING]) +fi + +if test ${ENABLE_LOG_FILE_APPEND} = Yes; then + AC_DEFINE([ENABLE_LOG_FILE_APPEND], [ 1 ], [Define if appending to log files is allowed]) + add_config_opt([LOG_FILE_APPEND]) +fi + +dnl ----[ Do we need to check for EINTR, or enable EINTR debugging code]---- +AS_IF([test .$enable_eintr_debug = .yes], + [ + AC_DEFINE([DEBUG_EINTR], [ 1 ], [Define to test for and log errno == EINTR when no asynchronous signal handlers]) + add_config_opt([EINTR_DEBUG]) + ], + [ + dnl --- We need to check for EINTR if we are not using signalfd + AS_IF([test .$ac_cv_func_signalfd != .yes -o .$enable_eintr_debug = .check], + [ + AC_DEFINE([CHECK_EINTR], [ 1 ], [Define if need to check for EINTR errno]) + AS_IF([test .$ac_cv_func_signalfd = .yes], [add_config_opt([EINTR_CHECK])]) + ]) + ]) + +dnl ----[ Do we want to enable track process debugging code]---- +AS_IF([test .$enable_track_process_debug = .yes], + [ + AC_DEFINE([_TRACK_PROCESS_DEBUG_], [ 1 ], [Define to enable logging all process connector events]) + add_config_opt([TRACK_PROCESS_DEBUG]) + ]) + +dnl ----[ Do we want to enable parser debugging code]---- +AS_IF([test .$enable_parser_debug = .yes], + [ + AC_DEFINE([_PARSER_DEBUG_], [ 1 ], [Define to enable parser debugging]) + add_config_opt([PARSER_DEBUG]) + ]) + +dnl ----[ Do we want to enable checksum debugging code]---- +AS_IF([test .$enable_checksum_debug = .yes], + [ + AC_DEFINE([CHECKSUM_DIAGNOSTICS], [ 1 ], [Define to enable checksum debugging]) + add_config_opt([CHECKSUM_DEBUG]) + ]) + +dnl ----[ Do we want to enable dump keywords code]---- +AS_IF([test .$enable_dump_keywords = .yes], + [ + AC_DEFINE([_DUMP_KEYWORDS_], [ 1 ], [Define to enable keyword dumping]) + add_config_opt([DUMP_KEYWORDS]) + ]) + +if test ${NEED_LIBDL} = Yes; then + add_to_var([KA_LIBS], [-ldl]) +fi + +dnl ----[ Determine if we are using pthreads ]---- +echo " $KA_LIBS" | grep -qE -- " -l?pthread " +if test $? -eq 0 ;then + AC_DEFINE([_WITH_PTHREADS_], [ 1 ], [Define to 1 if using pthreads]) +fi + +dnl ----[ Check if rpmbuild supports --build-in-place ]---- +RPM_NO_BIP=1 +AC_CHECK_PROG([HAVE_RPM], [rpm], [Yes], [No]) +if test $HAVE_RPM = Yes; then + AC_CHECK_PROG([HAVE_RPMBUILD], [rpmbuild], [Yes], [No]) + RPM_SRC_DIR=`rpm --eval "%{_sourcedir}"` + if ! test -d $RPM_SRC_DIR; then + HAVE_RPMBUILD=No + fi + if test $HAVE_RPMBUILD = Yes; then + rpmbuild --help | grep -q -- --build-in-place + RPM_NO_BIP=$? + fi +fi +AM_CONDITIONAL([RPM], [test $HAVE_RPM = Yes]) +AM_CONDITIONAL([RPM_BIP], [test $RPM_NO_BIP -eq 0]) + +dnl ----[ Determine system init type]---- +INIT_TYPE= +AS_IF( + [test -n "$init_type"], [INIT_TYPE=$init_type], + [test -n "$with_systemdsystemunitdir"], [INIT_TYPE=systemd], + [ + /sbin/init --version 2>/dev/null | grep -q upstart + AS_IF( + [test $? -eq 0], [INIT_TYPE=upstart], + [ + init_path=`which systemctl 2>/dev/null` + AS_IF([test \( $? -eq 0 -a -x "$init_path" \)], + [ + systemctl | grep -q -- "-\.mount" + AS_IF([test $? -eq 0], [INIT_TYPE=systemd]) + ]) + AS_IF([test \( -z "$INIT_TYPE" -a -f /etc/init.d/networking \)], + [ + init_path=`which openrc-run 2>/dev/null` + AS_IF([test \( $? -eq 0 -a -x "$init_path" \)], + [ + head -1 /etc/init.d/networking | grep -q "^#! */.*/openrc-run$" + AS_IF([test $? -eq 0], [INIT_TYPE=openrc]) + ]) + ]) + AS_IF([test \( -z "$INIT_TYPE" -a -f /etc/init.d/cron -a ! -h /etc/init.d/cron \)], [INIT_TYPE=SYSV]) + ]) + ]) +AS_IF([test \( .$INIT_TYPE = .systemd -a -z "$with_systemdsystemunitdir" \)], [with_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)]) + +dnl ----[Default keepalived configuration file]---- +AS_IF([test $default_config_file], + [ + AS_IF([test $default_config_file = yes -o $default_config_file = no], + [AC_MSG_ERROR([A filename must be specified for default-config-file])]) + CONFIG_FILE=$default_config_file + add_config_opt([DEFAULT_CONFIG_FILE=${default_config_file}]) + ], + [default_config_file="/etc/$PACKAGE/$PACKAGE.conf"]) +AC_DEFINE_UNQUOTED([DEFAULT_CONFIG_FILE], ["$default_config_file"], [The default configuration file]) +AC_SUBST([DEFAULT_CONFIG_FILE], [$default_config_file]) + +if test -z "$INIT_TYPE"; then + INIT_TYPE=undetected +elif test $INIT_TYPE = systemd; then + AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir]) +fi + +AM_CONDITIONAL([INIT_UPSTART], [test $INIT_TYPE = upstart]) +AM_CONDITIONAL([INIT_SYSTEMD], [test $INIT_TYPE = systemd]) +AM_CONDITIONAL([INIT_SYSV], [test $INIT_TYPE = SYSV]) +AM_CONDITIONAL([INIT_OPENRC], [test $INIT_TYPE = openrc]) +AM_CONDITIONAL([INIT_SUSE], [test $INIT_TYPE = SUSE]) + +AC_DEFINE_UNQUOTED([CONFIGURATION_OPTIONS], ["$CONFIG_OPTIONS"], [The configuration options from which the package is built]) +AC_DEFINE_UNQUOTED([SYSTEM_OPTIONS], ["$SYSTEM_OPTIONS"], [The system options from which the package is built]) + +if test $NETLINK_VER -eq 0; then + NETLINK_VER=None +fi + +dnl ----[ Process output target ]---- +echo + +# Tidy up some strings +KA_CPPFLAGS=`echo $KA_CPPFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_CFLAGS=`echo $KA_CFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LDFLAGS=`echo $KA_LDFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LIBS=`echo $KA_LIBS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` + +# Tidy up some strings +KA_CPPFLAGS=`echo $KA_CPPFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_CFLAGS=`echo $KA_CFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LDFLAGS=`echo $KA_LDFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LIBS=`echo $KA_LIBS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` + +AC_OUTPUT + +# Restore lib/config_warnings.h.in +mv ${CONFIG_WARNINGS}.sav ${CONFIG_WARNINGS} + +dnl ----[ Display current configuration ]---- +cat < - -dnl ----[ Process this file with autoconf to produce a configure script ]---- -AC_INIT(keepalived/core/main.c) -VERSION=`cat VERSION` -VERSION_DATE=`date +%m/%d,20%y` -OUTPUT_TARGET="Makefile genhash/Makefile keepalived/core/Makefile lib/config.h keepalived.spec" - -dnl ----[ Checks for programs ]---- -AC_PROG_CC -AC_PROG_INSTALL -AC_CHECK_TOOL(STRIP,strip) - -dnl ----[ Keepalived specific configure options ]---- -AC_ARG_ENABLE(lvs-syncd, - [ --disable-lvs-syncd do not use LVS synchronization daemon]) -AC_ARG_ENABLE(lvs, - [ --disable-lvs do not use the LVS framework]) -AC_ARG_ENABLE(vrrp, - [ --disable-vrrp do not use the VRRP framework]) -AC_ARG_WITH(kernel-dir, - [ --with-kernel-dir=DIR path to linux kernel source directory], - [kernelinc="$withval/include" kernelpath="$withval"], - [kernelinc="/usr/src/linux/include" kernelpath="/usr/src/linux"]) -AC_ARG_WITH(kernel-version, - [ --with-kernel-version=VER forced value for linux kernel version (VER=2.4|2.6)], - [kernelversion="$withval"], [kernelversion=""]) -AC_ARG_ENABLE(fwmark, - [ --disable-fwmark compile without SO_MARK support]) -AC_ARG_ENABLE(snmp, - [ --enable-snmp compile with SNMP support]) -AC_ARG_ENABLE(sha1, - [ --enable-sha1 compile with SHA1 support]) -AC_ARG_ENABLE(debug, - [ --enable-debug compile with debugging flags]) -AC_ARG_ENABLE(profile, - [ --enable-profile compile with profiling flags]) - -dnl ----[ Checks for header files ]---- -AC_HEADER_STDC -AC_HEADER_SYS_WAIT -AC_CHECK_HEADERS(fcntl.h syslog.h unistd.h sys/ioctl.h sys/time.h) -dnl [do we really need this ?] AC_CHECK_HEADERS(linux/netlink.h linux/rtnetlink.h) -AC_CHECK_HEADERS(openssl/ssl.h openssl/md5.h openssl/err.h,,AC_MSG_ERROR([ - !!! OpenSSL is not properly installed on your system. !!! - !!! Can not include OpenSSL headers files. !!!])) -AC_CHECK_DECL([ETHERTYPE_IPV6],[],[CFLAGS="$CFLAGS -DETHERTYPE_IPV6=0x86dd"], - [[@%:@include ]]) - -dnl ----[ Checks for libraries ]---- -AC_CHECK_LIB(crypt, crypt,,AC_MSG_ERROR([crypt() function is required])) -AC_CHECK_LIB(crypto, MD5_Init,,AC_MSG_ERROR([OpenSSL libraries are required])) -AC_CHECK_LIB(ssl, SSL_CTX_new,,AC_MSG_ERROR([OpenSSL libraries are required])) - -AC_CHECK_LIB(nl-3, nl_socket_alloc, - [ - AC_CHECK_LIB(nl-genl-3, genl_connect, - [ - USE_NL="LIBIPVS_USE_NL" - CFLAGS="$CFLAGS $(pkg-config --cflags libnl-genl-3.0)" - LIBS="$LIBS $(pkg-config --libs libnl-genl-3.0)" - ], - [ - AC_MSG_ERROR([libnl-3 is installed but not libnl-gen-3. Please, install libnl-gen-3.]) - ]) - ], - [ - AC_CHECK_LIB(nl, nl_socket_modify_cb, - [ - USE_NL="LIBIPVS_USE_NL" - CFLAGS="$CFLAGS -DFALLBACK_LIBNL1" - LIBS="$LIBS $(pkg-config --libs libnl-1)" - ], - [ - USE_NL="LIBIPVS_DONTUSE_NL" - AC_MSG_WARN([keepalived will be built without libnl support.]) - ]) - ]) - -dnl ----[ Kernel version check ]---- -CPPFLAGS="$CPPFLAGS -I$kernelinc" -AC_MSG_CHECKING([for kernel version]) -AC_TRY_RUN([ - #include - #include - #include - #if !defined(UTS_RELEASE) && !defined(LINUX_VERSION_CODE) - #include - #endif - int main (void) { - FILE *fp = fopen ("linuxinfo", "w"); - if (!fp) return 1; - #if defined(UTS_RELEASE) - fprintf (fp, "%s\n", UTS_RELEASE); - #elif defined(LINUX_VERSION_CODE) - fprintf (fp, "%d.%d.%d\n", LINUX_VERSION_CODE >> 16, (LINUX_VERSION_CODE >> 8) & 0xFF, LINUX_VERSION_CODE & 0xFF); - #else - fprintf (fp, "0.0.0\n"); /* Let's fail gently */ - #endif - fclose (fp); - return 0; - } - ], [ - LINUX_MAJOR=`cat linuxinfo | cut -d'.' -f1` - LINUX_MINOR=`cat linuxinfo | cut -d'.' -f2` - LINUX_PATCH=`cat linuxinfo | cut -d'.' -f3` - ], [ - LINUX_MAJOR="0" - LINUX_MINOR="0" - LINUX_PATCH="0" - ], [ - LINUX_MAJOR="0" - LINUX_MINOR="0" - LINUX_PATCH="0" - ]) - rm -f linuxinfo - - if test "$kernelversion" = "2.4"; then - KERN="_KRNL_2_4_" - AC_MSG_RESULT([2.4]) - elif test "$kernelversion" = "2.6"; then - KERN="_KRNL_2_6_" - AC_MSG_RESULT([2.6]) - else - AC_MSG_RESULT([$LINUX_MAJOR.$LINUX_MINOR.$LINUX_PATCH]) - if test "$LINUX_MAJOR" = "2" && test "$LINUX_MINOR" = "6"; then - KERN="_KRNL_2_6_" - elif test "$LINUX_MAJOR" = "2" && test "$LINUX_MINOR" = "4"; then - KERN="_KRNL_2_4_" - else - KERN="_KRNL_2_6_" - fi - if test "$LINUX_MAJOR" = "0" -a "$LINUX_MINOR" = "0" -a "$LINUX_PATCH" = "0"; then - AC_MSG_WARN([Cannot determine Linux Kernel version.]) - fi - fi - -AC_SUBST(KERN) - -dnl ----[ Checks for LVS and VRRP support ]---- -IPVS_SUPPORT="_WITHOUT_LVS_" -if test "$enable_lvs" != "no"; then - if test "$KERN" = "_KRNL_2_6_"; then - IPVS_SUPPORT="_WITH_LVS_" - else - AC_CHECK_HEADER([net/ip_vs.h], - [IPVS_SUPPORT="_WITH_LVS_"], - [ - IPVS_SUPPORT="_WITHOUT_LVS_" - AC_MSG_WARN([keepalived will be built without LVS support.]) - ]) - fi -fi - -if test "$IPVS_SUPPORT" = "_WITHOUT_LVS_" -a "$enable_vrrp" = "no"; then - AC_MSG_ERROR([keepalived MUST be compiled at least with LVS or VRRP framework]) -fi - -dnl ----[ IPVS syncd support probe ]--- -IPVS_SYNCD="_WITHOUT_IPVS_SYNCD_" -if test "$IPVS_SUPPORT" = "_WITH_LVS_"; then - AC_MSG_CHECKING([for IPVS syncd support]) - if test "$KERN" = "_KRNL_2_6_"; then - IPVS_SYNCD="_HAVE_IPVS_SYNCD_" - elif test "_KRNL_2_4_"; then - IPVS_SYNCD="_HAVE_IPVS_SYNCD_" - else - IPVS_SYNCD="_WITHOUT_IPVS_SYNCD_" - fi - - if test "${IPVS_SUPPORT}" = "_WITHOUT_LVS_" -o "$enable_lvs_syncd" = "no"; then - IPVS_SYNCD="_WITHOUT_IPVS_SYNCD_" - fi - - if test "$IPVS_SYNCD" = "_HAVE_IPVS_SYNCD_"; then - AC_MSG_RESULT([yes]) - else - AC_MSG_RESULT([no]) - fi -fi - -AC_SUBST(IPVS_SYNCD) - -dnl ----[ Checks for kernel netlink support ]---- -VRRP_SUPPORT="_WITHOUT_VRRP_" -if test "$enable_vrrp" != "no"; then - VRRP_SUPPORT="_WITH_VRRP_" -fi - -dnl ----[ Checks for kernel VMAC support ]---- -CPPFLAGS="$CPPFLAGS -I$kernelinc" -AC_MSG_CHECKING([for kernel macvlan support]) -AC_TRY_COMPILE([ - #include - #include - int macvlan; - ], [ - macvlan = IFLA_MACVLAN_MODE; - macvlan = MACVLAN_MODE_PRIVATE; - ], [ - MACVLAN_SUPPORT=yes - ], []); - - if test "$MACVLAN_SUPPORT" = "yes"; then - VRRP_VMAC="_HAVE_VRRP_VMAC_" - AC_MSG_RESULT([yes]) - else - VRRP_VMAC="_WITHOUT_VRRP_VMAC_" - AC_MSG_RESULT([no]) - fi - -AC_SUBST(VRRP_VMAC) - -dnl ----[ Checks for SNMP support ]---- -SNMP_SUPPORT="_WITHOUT_SNMP_" -if test "$enable_snmp" = "yes"; then - AC_PATH_TOOL([NETSNMP_CONFIG], [net-snmp-config], [no]) - if test x"$NETSNMP_CONFIG" = x"no"; then - AC_MSG_ERROR([unable to find net-snmp-config]) - fi - NETSNMP_LIBS=`${NETSNMP_CONFIG} --agent-libs` - #NETSNMP_CFLAGS="`${NETSNMP_CONFIG} --base-cflags`" - #CFLAGS="${NETSNMP_CFLAGS} $CFLAGS" - LIBS="${NETSNMP_LIBS} $LIBS" - AC_MSG_CHECKING([whether C compiler supports flag "${NETSNMP_LIBS}" from Net-SNMP]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([ -int main(void); -], -[ -{ - return 0; -} -])],[AC_MSG_RESULT(yes)],[ - AC_MSG_RESULT(no) - AC_MSG_ERROR([incorrect CFLAGS from net-snmp-config])]) - - # Do we have a usable header? - AC_CHECK_HEADERS([net-snmp/agent/util_funcs.h],,,[ -@%:@include -@%:@include -@%:@include -@%:@include -@%:@include - ]) - SNMP_SUPPORT="_WITH_SNMP_" -fi - -AC_SUBST(SNMP_SUPPORT) - -dnl ----[ SHA1 or not ? ]---- -SHA1_SUPPORT="_WITHOUT_SHA1_" -if test "${enable_sha1}" = "yes"; then - CFLAGS="$CFLAGS -DFEAT_SHA1" - AC_CHECK_HEADERS(openssl/sha.h,,AC_MSG_ERROR([unable to find openssl/sha.h])) - AC_CHECK_LIB(crypto, SHA1_Init,,AC_MSG_ERROR([SHA1 in OpenSSL required])) - SHA1_SUPPORT="_WITH_SHA1_" -fi - -AC_SUBST(SHA1_SUPPORT) - -dnl ----[ check for SO_MARK support ]---- -if test "${enable_fwmark}" = "no"; then - SO_MARK_SUPPORT="_WITHOUT_SO_MARK_" -else - AC_CHECK_DECL(SO_MARK,,AC_MSG_ERROR([No SO_MARK declaration in headers]), - #include - ) - SO_MARK_SUPPORT="_WITH_SO_MARK_" -fi - -AC_SUBST(SO_MARK_SUPPORT) - - -dnl ----[ Debug or not ? ]---- -if test "${enable_debug}" = "yes"; then - DFLAGS="-D_DEBUG_" - AC_SUBST(DFLAGS) -fi - -dnl ----[ Profiling or not ? ]---- -if test "${enable_profile}" = "yes"; then - CFLAGS="$CFLAGS -pg" -fi - -AC_SUBST(VERSION) -AC_SUBST(VERSION_DATE) -AC_SUBST(IPVS_SUPPORT) -AC_SUBST(USE_NL) -AC_SUBST(VRRP_SUPPORT) - -dnl ----[ Checks for typedefs, structures, and compiler characteristics ]---- -AC_C_CONST -AC_TYPE_PID_T -AC_HEADER_TIME - -dnl ----[ Checks for library functions ]---- -AC_PROG_GCC_TRADITIONAL -AC_FUNC_MEMCMP -AC_TYPE_SIGNAL -AC_CHECK_FUNCS(gettimeofday select socket strerror strtol uname) - -dnl ----[ Process output target ]---- -OUTPUT_TARGET="$OUTPUT_TARGET keepalived/Makefile lib/Makefile" -if test "${VRRP_SUPPORT}" = "_WITH_VRRP_"; then - OUTPUT_TARGET="$OUTPUT_TARGET keepalived/vrrp/Makefile" -fi -if test "$IPVS_SUPPORT" = "_WITH_LVS_"; then - OUTPUT_TARGET="$OUTPUT_TARGET keepalived/check/Makefile" - if test "$KERN" = "_KRNL_2_6_"; then - OUTPUT_TARGET="$OUTPUT_TARGET keepalived/libipvs-2.6/Makefile" - elif test "$KERN" = "_KRNL_2_4_"; then - OUTPUT_TARGET="$OUTPUT_TARGET keepalived/libipvs-2.4/Makefile" - fi -fi -AC_OUTPUT($OUTPUT_TARGET) - - -dnl ----[ Display current configuration ]---- -cat <= 4.3." + ::= { lvsSyncDaemon 5 } + +lvsSyncDaemonPort OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "LVS sync daemon UDP port, 0 means default setting. + Only available on Linux >= 4.3." + ::= { lvsSyncDaemon 6 } + +lvsSyncDaemonTTL OBJECT-TYPE + SYNTAX Integer32 (0..255) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "LVS sync daemon packet TTL, 0 means default setting. + Only available on Linux >= 4.3." + ::= { lvsSyncDaemon 7 } + +lvsSyncDaemonMcastGroupAddrType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "LVS sync daemon multicast group address type. + Only available on Linux >= 4.3." + ::= { lvsSyncDaemon 8 } + +lvsSyncDaemonMcastGroupAddrValue OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "LVS sync daemon multicast group IP address. + Only available on Linux >= 4.3." + ::= { lvsSyncDaemon 9 } + +lvsTimeouts OBJECT IDENTIFIER ::= { check 7 } + +lvsTimeoutTcp OBJECT-TYPE + SYNTAX Integer32 (1..2678400) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "LVS TCP timeout" + ::= { lvsTimeouts 1 } + +lvsTimeoutTcpFin OBJECT-TYPE + SYNTAX Integer32 (1..2678400) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "LVS TCP FIN timeout" + ::= { lvsTimeouts 2 } + +lvsTimeoutUdp OBJECT-TYPE + SYNTAX Integer32 (1..2678400) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "LVS UDP timeout" + ::= { lvsTimeouts 3 } + +-- Traps + +checkTrap OBJECT IDENTIFIER ::= { check 5 } +checkTraps OBJECT IDENTIFIER ::= { checkTrap 0 } -- Reverse-mappable +checkTrapControl OBJECT IDENTIFIER ::= { checkTrap 1 } + +realServerStateChange NOTIFICATION-TYPE + OBJECTS { + realServerAddrType, + realServerAddress, + realServerPort, + realServerStatus, + virtualServerType, + virtualServerProtocol, + virtualServerRealServersUp, + virtualServerRealServersTotal, + routerId + } + STATUS current + DESCRIPTION + "This trap signifies that the state of a real server has + changed. Additional varbinds will be added depending on the + value of virtualServerType: virtualServerNameOfGroup, + virtualServerFwMark, virtualServerAddrType, + virtualServerAddress, virtualServerPort." + ::= { checkTraps 1 } + +virtualServerQuorumStateChange NOTIFICATION-TYPE + OBJECTS { + virtualServerType, + virtualServerProtocol, + virtualServerQuorumStatus, + virtualServerQuorum, + virtualServerRealServersUp, + virtualServerRealServersTotal, + routerId + } + STATUS current + DESCRIPTION + "This trap signifies that the quorum of a virtual server has + changed. Additional varbinds will be added depending on the + value of virtualServerType: virtualServerNameOfGroup, + virtualServerFwMark, virtualServerAddrType, + virtualServerAddress, virtualServerPort." + ::= { checkTraps 2 } + +-- ---------------------------------------------------------------------- +-- Conformance +-- ---------------------------------------------------------------------- + +compliances OBJECT IDENTIFIER ::= { conformance 1 } +groups OBJECT IDENTIFIER ::= { conformance 2 } + +globalCompliances MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "Compliance statement for global data" + MODULE -- this module + MANDATORY-GROUPS { + globalGroup + } + ::= { compliances 1 } + +vrrpCompliances MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The VRRP compliance statement" + MODULE -- this module + MANDATORY-GROUPS { + vrrpScriptGroup, + vrrpSyncGroup, + vrrpInstanceGroup, + vrrpTrapsGroup, + vrrpFileGroup, + vrrpBfdGroup, + vrrpProcessGroup + } + ::= { compliances 2 } + +checkCompliances MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The check compliance statement" + MODULE -- this module + MANDATORY-GROUPS { + virtualServerGroupGroup, + virtualServerGroup, + realServerGroup, + checkTrapsGroup, + lvsSyncDaemonGroup, + lvsTimeoutsGroup + } + ::= { compliances 3 } + +vrrpLvsSyncGroupCompliances MODULE-COMPLIANCE + STATUS deprecated + DESCRIPTION + "The compliance statement for LVS sync group associated + with a VRRP instance. This is deprecated in favour of + lvsSyncDaemonGroup." + MODULE -- this module + MANDATORY-GROUPS { + vrrpLvsSyncGroup + } + ::= { compliances 4 } + +globalGroup OBJECT-GROUP + OBJECTS { + version, + routerId, + smtpServerAddressType, + smtpServerAddress, + smtpServerTimeout, + emailFrom, + emailAddress, + smtpServerPort, + smtpEmailFaults, + smtpEmailSmtpAlert, + smtpEmailSmtpAlertVrrp, + smtpEmailSmtpAlertChecker, + trapEnable, + linkBeat, + lvsFlush, + ipvs64BitStats, + netNamespace, + dbus, + dynamicInterfaces, + lvsFlushOnStop + } + STATUS current + DESCRIPTION + "Conformance group for global data." + ::= { groups 1 } + +vrrpGroups OBJECT IDENTIFIER ::= { groups 2 } + +vrrpSyncGroup OBJECT-GROUP + OBJECTS { + vrrpSyncGroupName, + vrrpSyncGroupState, + vrrpSyncGroupSmtpAlert, + vrrpSyncGroupNotifyExec, + vrrpSyncGroupScriptMaster, + vrrpSyncGroupScriptBackup, + vrrpSyncGroupScriptFault, + vrrpSyncGroupScript, + vrrpSyncGroupTrackingWeight, + vrrpSyncGroupScriptStop, + vrrpSyncGroupMemberName, + vrrpSyncTrackedInterfaceName, + vrrpSyncTrackedInterfaceWeight, + vrrpSyncTrackedInterfaceWgtRev, + vrrpSyncTrackedScriptName, + vrrpSyncTrackedScriptWeight, + vrrpSyncTrackedScriptWgtRev, + vrrpSyncTrackedFileName, + vrrpSyncTrackedFileWeight, + vrrpSyncTrackedFileWgtRev, + vrrpSyncTrackedBfdName, + vrrpSyncTrackedBfdWeight, + vrrpSyncTrackedBfdWgtRev, + vrrpSyncTrackedProcessName, + vrrpSyncTrackedProcessWeight, + vrrpSyncTrackedProcessWgtRev + } + STATUS current + DESCRIPTION + "Conformance group for synchronisation groups." + ::= { vrrpGroups 1 } + +vrrpInstanceGroup OBJECT-GROUP + OBJECTS { + vrrpInstanceName, + vrrpInstanceVirtualRouterId, + vrrpInstanceState, + vrrpInstanceInitialState, + vrrpInstanceWantedState, + vrrpInstanceBasePriority, + vrrpInstanceEffectivePriority, + vrrpInstanceVipsStatus, + vrrpInstancePrimaryInterface, + vrrpInstanceTrackPrimaryIf, + vrrpInstanceAdvertisementsInt, + vrrpInstancePreempt, + vrrpInstancePreemptDelay, + vrrpInstanceAuthType, + vrrpInstanceSyncGroup, + vrrpInstanceGarpDelay, + vrrpInstanceSmtpAlert, + vrrpInstanceNotifyExec, + vrrpInstanceScriptMaster, + vrrpInstanceScriptBackup, + vrrpInstanceScriptFault, + vrrpInstanceScriptStop, + vrrpInstanceScript, + vrrpInstanceAccept, + vrrpInstancePromoteSecondaries, + vrrpInstanceUseLinkbeat, + vrrpInstanceVrrpVersion, + vrrpInstanceScriptMstrRxLowerPri, + vrrpTrackedInterfaceName, + vrrpTrackedInterfaceWeight, + vrrpTrackedInterfaceWgtRev, + vrrpTrackedScriptName, + vrrpTrackedScriptWeight, + vrrpTrackedScriptWgtRev, + vrrpTrackedFileName, + vrrpTrackedFileWeight, + vrrpTrackedFileWgtRev, + vrrpTrackedBfdName, + vrrpTrackedBfdWeight, + vrrpTrackedBfdWgtRev, + vrrpTrackedProcessName, + vrrpTrackedProcessWeight, + vrrpTrackedProcessWgtRev, + vrrpAddressType, + vrrpAddressValue, + vrrpAddressBroadcast, + vrrpAddressMask, + vrrpAddressScope, + vrrpAddressIfIndex, + vrrpAddressIfName, + vrrpAddressIfAlias, + vrrpAddressStatus, + vrrpAddressAdvertising, + vrrpAddressPeer, + vrrpRouteAddressType, + vrrpRouteDestination, + vrrpRouteDestinationMask, + vrrpRouteGateway, + vrrpRouteSecondaryGateway, + vrrpRouteSource, + vrrpRouteMetric, + vrrpRouteScope, + vrrpRouteType, + vrrpRouteIfIndex, + vrrpRouteIfName, + vrrpRouteRoutingTable, + vrrpRouteStatus, + vrrpRouteFromAddress, + vrrpRouteFromAddressMask, + vrrpRouteTos, + vrrpRouteProtocol, + vrrpRouteECN, + vrrpRouteQuickAck, + vrrpRouteExpires, + vrrpRouteMTU, + vrrpRouteMTULock, + vrrpRouteHopLimit, + vrrpRouteAdvmss, + vrrpRouteAdvmssLock, + vrrpRouteRTT, + vrrpRouteRTTLock, + vrrpRouteRTTvar, + vrrpRouteRTTvarLock, + vrrpRouteReordering, + vrrpRouteReorderingLock, + vrrpRouteWindow, + vrrpRouteCwnd, + vrrpRouteCwndLock, + vrrpRouteSSthresh, + vrrpRouteSSthreshLock, + vrrpRouteRTOMin, + vrrpRouteRTOMinLock, + vrrpRouteInitCwnd, + vrrpRouteInitRwnd, + vrrpRouteCongCtl, + vrrpRoutePref, + vrrpRouteRealmDst, + vrrpRouteRealmSrc, + vrrpRouteEncapType, + vrrpRouteEncapMplsLabels, + vrrpRouteEncapId, + vrrpRouteEncapDstAddress, + vrrpRouteEncapSrcAddress, + vrrpRouteEncapTOS, + vrrpRouteEncapTTL, + vrrpRouteEncapFlags, + vrrpRouteEncapIlaLocator, + vrrpRouteFastOpenNoCookie, + vrrpRouteNextHopAddressType, + vrrpRouteNextHopAddress, + vrrpRouteNextHopIfIndex, + vrrpRouteNextHopIfName, + vrrpRouteNextHopWeight, + vrrpRouteNextHopOnlink, + vrrpRouteNextHopRealmDst, + vrrpRouteNextHopRealmSrc, + vrrpRouteNextHopEncapMplsLabels, + vrrpRouteNextHopEncapId, + vrrpRouteNextHopEncapDstAddress, + vrrpRouteNextHopEncapSrcAddress, + vrrpRouteNextHopEncapTOS, + vrrpRouteNextHopEncapTTL, + vrrpRouteNextHopEncapFlags, + vrrpRouteNextHopEncapIlaLocator, + vrrpRuleRoutingTable, + vrrpRuleStatus, + vrrpRuleInvert, + vrrpRuleDestinationAddressType, + vrrpRuleDestinationAddress, + vrrpRuleDestinationAddressMask, + vrrpRuleSourceAddressType, + vrrpRuleSourceAddress, + vrrpRuleSourceAddressMask, + vrrpRuleTos, + vrrpRuleFwmark, + vrrpRuleFwmask, + vrrpRuleRealmDst, + vrrpRuleRealmSrc, + vrrpRuleInInterface, + vrrpRuleOutInterface, + vrrpRuleTarget, + vrrpRuleAction, + vrrpRuleTableNo, + vrrpRulePreference, + vrrpRuleSuppressPrefixLen, + vrrpRuleSuppressGroup, + vrrpRuleTunnelIdHigh, + vrrpRuleTunnelIdLow, + vrrpRuleUidRangeStart, + vrrpRuleUidRangeEnd, + vrrpRuleL3mdev, + vrrpRuleProtocol, + vrrpRuleIPProto, + vrrpRuleSrcPortStart, + vrrpRuleSrcPortEnd, + vrrpRuleDstPortStart, + vrrpRuleDstPortEnd + } + STATUS current + DESCRIPTION + "Conformance group for VRRP instances." + ::= { vrrpGroups 2 } + +vrrpScriptGroup OBJECT-GROUP + OBJECTS { + vrrpScriptName, + vrrpScriptCommand, + vrrpScriptInterval, + vrrpScriptWeight, + vrrpScriptResult, + vrrpScriptRise, + vrrpScriptFall, + vrrpScriptWgtRev + } + STATUS current + DESCRIPTION + "Conformance group for VRRP scripts." + ::= { vrrpGroups 3 } + +vrrpTrapsGroup NOTIFICATION-GROUP + NOTIFICATIONS { + vrrpSyncGroupStateChange, + vrrpInstanceStateChange + } + STATUS current + DESCRIPTION + "Conformance group for VRRP traps." + ::= { vrrpGroups 4 } + +vrrpLvsSyncGroup OBJECT-GROUP + OBJECTS { + vrrpInstanceLvsSyncDaemon, + vrrpInstanceLvsSyncInterface + } + STATUS deprecated + DESCRIPTION + "The deprecated LVS sync daemon configuration + objects associated with a VRRP instance." + ::= { vrrpGroups 5 } + +vrrpObsoleteInstanceGroup OBJECT-GROUP + OBJECTS { + vrrpRuleDirection, + vrrpRuleAddressType, + vrrpRuleAddress, + vrrpRuleAddressMask } + STATUS obsolete + DESCRIPTION + "Obsolete group for VRRP instances." + ::= { vrrpGroups 6 } + +vrrpFileGroup OBJECT-GROUP + OBJECTS { + vrrpFileName, + vrrpFilePath, + vrrpFileResult, + vrrpFileWeight, + vrrpFileWgtRev + } + STATUS current + DESCRIPTION + "Conformance group for VRRP track files." + ::= { vrrpGroups 7 } + +vrrpBfdGroup OBJECT-GROUP + OBJECTS { + vrrpBfdName, + vrrpBfdResult, + vrrpBfdWeight, + vrrpBfdWgtRev + } + STATUS current + DESCRIPTION + "Conformance group for VRRP track BFDs." + ::= { vrrpGroups 8 } + +vrrpProcessGroup OBJECT-GROUP + OBJECTS { + vrrpProcessName, + vrrpProcessPath, + vrrpProcessParams, + vrrpProcessParamMatch, + vrrpProcessWeight, + vrrpProcessWgtRev, + vrrpProcessQuorum, + vrrpProcessQuorumMax, + vrrpProcessForkDelay, + vrrpProcessTerminateDelay, + vrrpProcessFullCommand, + vrrpProcessCurProc, + vrrpProcessResult + } + STATUS current + DESCRIPTION + "Conformance group for VRRP track processes." + ::= { vrrpGroups 9 } + +checkGroups OBJECT IDENTIFIER ::= { groups 3 } + +virtualServerGroupGroup OBJECT-GROUP + OBJECTS { + virtualServerGroupName, + virtualServerGroupMemberType, + virtualServerGroupMemberFwMark, + virtualServerGroupMemberAddrType, + virtualServerGroupMemberAddress, + virtualServerGroupMemberAddr1, + virtualServerGroupMemberAddr2, + virtualServerGroupMemberPort + } + STATUS current + DESCRIPTION + "Conformance group for virtual server groups." + ::= { checkGroups 1 } + +virtualServerGroup OBJECT-GROUP + OBJECTS { + virtualServerType, + virtualServerNameOfGroup, + virtualServerFwMark, + virtualServerAddrType, + virtualServerAddress, + virtualServerPort, + virtualServerProtocol, + virtualServerLoadBalancingAlgo, + virtualServerLoadBalancingKind, + virtualServerStatus, + virtualServerVirtualHost, + virtualServerPersist, + virtualServerPersistTimeout, + virtualServerPersistGranularity, + virtualServerDelayLoop, + virtualServerHaSuspend, + virtualServerAlpha, + virtualServerOmega, + virtualServerRealServersTotal, + virtualServerRealServersUp, + virtualServerQuorum, + virtualServerQuorumStatus, + virtualServerQuorumUp, + virtualServerQuorumDown, + virtualServerHysteresis, + virtualServerStatsConns, + virtualServerStatsInPkts, + virtualServerStatsOutPkts, + virtualServerStatsInBytes, + virtualServerStatsOutBytes, + virtualServerRateCps, + virtualServerRateInPPS, + virtualServerRateOutPPS, + virtualServerRateInBPS, + virtualServerRateOutBPS, + virtualServerOPS, + virtualServerStatsConns64, + virtualServerStatsInPkts64, + virtualServerStatsOutPkts64, + virtualServerRateCpsLow, + virtualServerRateCpsHigh, + virtualServerRateInPPSLow, + virtualServerRateInPPSHigh, + virtualServerRateOutPPSLow, + virtualServerRateOutPPSHigh, + virtualServerRateInBPSLow, + virtualServerRateInBPSHigh, + virtualServerRateOutBPSLow, + virtualServerRateOutBPSHigh, + virtualServerPersistGranularity6, + virtualServerHashed, + virtualServerSHFallback, + virtualServerSHPort, + virtualServerSched3, + virtualServerActionWhenDown, + virtualServerRetry, + virtualServerDelayBeforeRetry, + virtualServerWarmup, + virtualServerWeight, + virtualServerSmtpAlert, + virtualServerMHFallback, + virtualServerMHPort, + virtualServerDelayLoopUsec, + virtualServerDelayBeforeRetrUsec, + virtualServerWarmupUsec, + virtualServerConnTimeoutUsec, + virtualServerTunnelType, + virtualServerTunnelPort, + virtualServerTunnelCsum + } + STATUS current + DESCRIPTION + "Conformance group for virtual servers." + ::= { checkGroups 2 } + +realServerGroup OBJECT-GROUP + OBJECTS { + realServerType, + realServerAddrType, + realServerAddress, + realServerPort, + realServerStatus, + realServerWeight, + realServerUpperConnectionLimit, + realServerLowerConnectionLimit, + realServerActionWhenDown, + realServerNotifyUp, + realServerNotifyDown, + realServerFailedChecks, + realServerStatsConns, + realServerStatsActiveConns, + realServerStatsInactiveConns, + realServerStatsPersistentConns, + realServerStatsInPkts, + realServerStatsOutPkts, + realServerStatsInBytes, + realServerStatsOutBytes, + realServerRateCps, + realServerRateInPPS, + realServerRateOutPPS, + realServerRateInBPS, + realServerRateOutBPS, + realServerStatsConns64, + realServerStatsInPkts64, + realServerStatsOutPkts64, + realServerRateCpsLow, + realServerRateCpsHigh, + realServerRateInPPSLow, + realServerRateInPPSHigh, + realServerRateOutPPSLow, + realServerRateOutPPSHigh, + realServerRateInBPSLow, + realServerRateInBPSHigh, + realServerRateOutBPSLow, + realServerRateOutBPSHigh, + realServerForwardingMethod, + realServerVirtualHost, + realServerAlpha, + realServerRetry, + realServerDelayBeforeRetry, + realServerWarmup, + realServerDelayLoop, + realServerSmtpAlert, + realServerDelayBeforeRetryUsec, + realServerWarmupUsec, + realServerDelayLoopUsec, + realServerConnTimeoutUsec, + realServerTunnelType, + realServerTunnelPort, + realServerTunnelCsum + } + STATUS current + DESCRIPTION + "Conformance group for real servers." + ::= { checkGroups 3 } + +checkTrapsGroup NOTIFICATION-GROUP + NOTIFICATIONS { + realServerStateChange, + virtualServerQuorumStateChange + } + STATUS current + DESCRIPTION + "Conformance group for check traps." + ::= { checkGroups 4 } + +lvsSyncDaemonGroup OBJECT-GROUP + OBJECTS { + lvsSyncDaemonEnabled, + lvsSyncDaemonInterface, + lvsSyncDaemonVrrpInstance, + lvsSyncDaemonSyncId, + lvsSyncDaemonMaxLen, + lvsSyncDaemonPort, + lvsSyncDaemonTTL, + lvsSyncDaemonMcastGroupAddrType, + lvsSyncDaemonMcastGroupAddrValue + } + STATUS current + DESCRIPTION + "Conformance group for LVS sync daemon." + ::= { checkGroups 5 } + +lvsTimeoutsGroup OBJECT-GROUP + OBJECTS { + lvsTimeoutTcp, + lvsTimeoutTcpFin, + lvsTimeoutUdp + } + STATUS current + DESCRIPTION + "Conformance group for LVS timeouts." + ::= { checkGroups 6 } + +END diff --git a/tools/keepalived/doc/Makefile.am b/tools/keepalived/doc/Makefile.am new file mode 100644 index 000000000..7a888375e --- /dev/null +++ b/tools/keepalived/doc/Makefile.am @@ -0,0 +1,220 @@ +# Makefile.am +# +# Keepalived OpenSource project. + +SUBDIRS = man/man8 + +if BUILD_GENHASH +dist_man1_MANS = man/man1/genhash.1 +endif +dist_man5_MANS = man/man5/keepalived.conf.5 + +EXTRA_DIST = source samples keepalived.conf.SYNOPSIS NOTE_vrrp_vmac.txt KEEPALIVED-MIB.txt VRRP-MIB.txt VRRPv3-MIB.txt + +sampledir = $(sysconfdir)/@PACKAGE@/samples +sample_DATA = $(srcdir)/samples/* + +mibsdir = $(datarootdir)/snmp/mibs +mibs_DATA = +if SNMP_KEEPALIVED +mibs_DATA += KEEPALIVED-MIB.txt +endif +if SNMP_RFCV2 +mibs_DATA += VRRP-MIB.txt +endif +if SNMP_RFCV3 +mibs_DATA += VRRPv3-MIB.txt +endif + +dist-hook: + rm -rf `find $(distdir)/doc -type d -name ".git*"` + +if !BUILD_DOCS + +.PHONY: all help + +all: + @true + +help: + @echo "To build the documentation, make sure you have Sphinx installed, then" + @echo "run configure with the SPHINXBUILD environment variable pointing to" + @echo "the path of the 'sphinx-build' executable. Alternatively you can add" + @echo "the directory with the executable to your PATH. If you don't have" + @echo "Sphinx installed, either try installing package python-sphinx or" + @echo "equivalent, or grab it from http://sphinx-doc.org/." +endif + +if BUILD_DOCS + +# You can set these variables from the command line. +SPHINXOPTS = +SPHINXBUILD = @SPHINXBUILDNAME@ +PAPER = a4 +BUILDDIR = build + + +# Internal variables. +PAPEROPT = -D latex_paper_size=$(PAPER) +ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT) $(SPHINXOPTS) source +# the i18n builder cannot share the environment and doctrees with the others +I18NSPHINXOPTS = $(PAPEROPT) $(SPHINXOPTS) source + +.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext + +default: man + +help: + @echo "Please use \`make ' where is one of" + @echo " html to make standalone HTML files" + @echo " singlehtml to make a single large HTML file" + @echo " pickle to make pickle files" + @echo " json to make JSON files" + @echo " htmlhelp to make HTML files and a HTML help project" + @echo " qthelp to make HTML files and a qthelp project" + @echo " devhelp to make HTML files and a Devhelp project" + @echo " epub to make an epub" + @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" + @echo " latexpdf to make LaTeX files and run them through pdflatex" + @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" + @echo " text to make text files" + @echo " man to make manual pages" + @echo " texinfo to make Texinfo files" + @echo " info to make Texinfo files and run them through makeinfo" + @echo " gettext to make PO message catalogs" + @echo " changes to make an overview of all changed/added/deprecated items" + @echo " xml to make Docutils-native XML files" + @echo " pseudoxml to make pseudoxml-XML files for display purposes" + @echo " linkcheck to check all external links for integrity" + @echo " doctest to run all doctests embedded in the documentation (if enabled)" + +clean: + rm -rf $(BUILDDIR) + +html: + $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." + +dirhtml: + $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." + +singlehtml: + $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml + @echo + @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." + +pickle: + $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle + @echo + @echo "Build finished; now you can process the pickle files." + +json: + $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json + @echo + @echo "Build finished; now you can process the JSON files." + +htmlhelp: + $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp + @echo + @echo "Build finished; now you can run HTML Help Workshop with the" \ + ".hhp project file in $(BUILDDIR)/htmlhelp." + +qthelp: + $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp + @echo + @echo "Build finished; now you can run "qcollectiongenerator" with the" \ + ".qhcp project file in $(BUILDDIR)/qthelp, like this:" + @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/Keepalived.qhcp" + @echo "To view the help file:" + @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/Keepalived.qhc" + +devhelp: + $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp + @echo + @echo "Build finished." + @echo "To view the help file:" + @echo "# mkdir -p $$HOME/.local/share/devhelp/Keepalived" + @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/Keepalived" + @echo "# devhelp" + +epub: + $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub + @echo + @echo "Build finished. The epub file is in $(BUILDDIR)/epub." + +latex: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo + @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." + @echo "Run \`make' in that directory to run these through (pdf)latex" \ + "(use \`make latexpdf' here to do that automatically)." + +latexpdf: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through pdflatex..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +latexpdfja: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through platex and dvipdfmx..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +text: + $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text + @echo + @echo "Build finished. The text files are in $(BUILDDIR)/text." + +man: + $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man + @echo + @echo "Build finished. The manual pages are in $(BUILDDIR)/man." + +texinfo: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo + @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." + @echo "Run \`make' in that directory to run these through makeinfo" \ + "(use \`make info' here to do that automatically)." + +info: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo "Running Texinfo files through makeinfo..." + make -C $(BUILDDIR)/texinfo info + @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." + +gettext: + $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale + @echo + @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." + +changes: + $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes + @echo + @echo "The overview file is in $(BUILDDIR)/changes." + +linkcheck: + $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck + @echo + @echo "Link check complete; look for any errors in the above output " \ + "or in $(BUILDDIR)/linkcheck/output.txt." + +doctest: + $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest + @echo "Testing of doctests in the sources finished, look at the " \ + "results in $(BUILDDIR)/doctest/output.txt." + +xml: + $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml + @echo + @echo "Build finished. The XML files are in $(BUILDDIR)/xml." + +pseudoxml: + $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml + @echo + @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." +endif diff --git a/tools/keepalived/doc/NOTE_vrrp_vmac.txt b/tools/keepalived/doc/NOTE_vrrp_vmac.txt index 35a5fe8ba..52e29fda4 100644 --- a/tools/keepalived/doc/NOTE_vrrp_vmac.txt +++ b/tools/keepalived/doc/NOTE_vrrp_vmac.txt @@ -4,6 +4,8 @@ Alexandre Cassen July 11th 2012 + latest update + April 20th 2019 To reduce takeover impact, some networking environment would require using VRRP with VMAC address. To reach that goal Keepalived VRRP framework implements @@ -15,7 +17,7 @@ driver to defines thoses interfaces. It is then mandatory to use kernel compiled with macvlan support. In addition we can mention that VRRP VMAC will work only with kernel including -the following patch : +the following patch (include in Linux from v3.2): http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=729e72a10930ef765c11a5a35031ba47f18221c4 @@ -27,30 +29,26 @@ Alternatively, you can specify 'vmac_xmit_base' which will cause the VRRP messages to be transmitted and received on the underlying interface whilst ARP will happen from the the VMAC interface. -You may also need to tweak your physical interfaces to play around with well -known ARP issues. If you have issues, try the following configurations : +keepalived now sets the necessary interface configuration options, but if the +settings in net.ipv4.conf.all are non-standard, then these may override the +specific settings for the interface. Source file keepalived/vrrp/vrrp_if_config.c +documents what interface parameters are set for both the VMAC interface and its +parent interface. Kernel source file doc/Documentation/networking/ip-sysctl.txt +documents how the conf.all settings can override the specific settings for +individual interfaces. If using MACVLAN interfaces is not working as you expect, +check the interface settings, include the conf.all settings and compare it with +the documentation. -1) Global configuration +VMAC interface - net.ipv4.conf.all.arp_ignore = 1 - net.ipv4.conf.all.arp_announce = 1 - net.ipv4.conf.all.arp_filter = 0 - -2) Physical interface configuration - -For the physical ethernet interface running VRRP instance use: - -net.ipv4.conf.eth0.arp_filter = 1 - -3) VMAC interface - -consider the following VRRP configuration : +consider the following VRRP configuration : vrrp_instance instance1 { state BACKUP interface eth0 virtual_router_id 250 use_vmac + vmac_xmit_base # Transmit VRRP adverts over physical interface priority 150 advert_int 1 virtual_ipaddress { @@ -63,11 +61,9 @@ named 'vrrp.250' (default internal paradigm is vrrp.{virtual_router_id}, you can override this naming by giving an argument to 'use_vmac' keyword, eg: use_vmac vrrp250). -you then need to configure interface with : -net.ipv4.conf.vrrp.250.arp_filter = 0 -net.ipv4.conf.vrrp.250.accept_local = 1 (this is needed for the address owner case) - -you can create notify_master script to automate this configuration step for you : +If you need to change interface configuration settings, you can create notify_master +script to automate this configuration step for you. You may also need to use a +notify_backup script to set interface settings to apply before becoming master. vrrp_instance instance1 { state BACKUP diff --git a/tools/keepalived/doc/README.sphinx b/tools/keepalived/doc/README.sphinx new file mode 100644 index 000000000..05ca42320 --- /dev/null +++ b/tools/keepalived/doc/README.sphinx @@ -0,0 +1,11 @@ +# To build the documentation with sphinx, the following packages were required +# to be installed on Fedora 24: + +dnf install python-sphinx \ # this which will pull in python-sphinx_rtd_theme + texlive-cm texlive-ec texlive-times texlive-helvetic texlive-courier \ + texlive-cmap texlive-fancyhdr texlive-fancybox texlive-titlesec texlive-framed texlive-threeparttable texlive-babel-english \ + texlive-mdwtools texlive-wrapfig texlive-parskip texlive-upquote texlive-capt-of texlive-multirow texlive-eqparbox texlive-dvips + +On Fedora 25, the following are also required: + texlive-mfware-bin texlive-gsftopk-bin + diff --git a/tools/keepalived/doc/VRRP-MIB.txt b/tools/keepalived/doc/VRRP-MIB.txt new file mode 100644 index 000000000..81a2f74ec --- /dev/null +++ b/tools/keepalived/doc/VRRP-MIB.txt @@ -0,0 +1,792 @@ +VRRP-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + NOTIFICATION-TYPE, Counter32, + Integer32, IpAddress, mib-2 FROM SNMPv2-SMI + + TEXTUAL-CONVENTION, RowStatus, + MacAddress, TruthValue, TimeStamp FROM SNMPv2-TC + + MODULE-COMPLIANCE, OBJECT-GROUP, + NOTIFICATION-GROUP FROM SNMPv2-CONF + ifIndex FROM IF-MIB; + + + vrrpMIB MODULE-IDENTITY + LAST-UPDATED "200003030000Z" + ORGANIZATION "IETF VRRP Working Group" + CONTACT-INFO + "Brian R. Jewell + Postal: Copper Mountain Networks, Inc. + 2470 Embarcadero Way + Palo Alto, California 94303 + Tel: +1 650 687 3367 + E-Mail: bjewell@coppermountain.com" + + DESCRIPTION + "This MIB describes objects used for managing Virtual Router + Redundancy Protocol (VRRP) routers." + REVISION "200003030000Z" -- 03 Mar 2000 + DESCRIPTION "Initial version as published in RFC 2787." + ::= { mib-2 68 } + +-- ******************************************************************* +-- Textual Conventions +-- ******************************************************************* + + VrId ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "A number which, along with an interface index (ifIndex), + serves to uniquely identify a virtual router on a given VRRP + router. A set of one or more associated addresses is assigned + to a VRID." + SYNTAX Integer32 (1..255) + +-- ******************************************************************* +-- VRRP MIB Groups +-- ******************************************************************* + + vrrpOperations OBJECT IDENTIFIER ::= { vrrpMIB 1 } + vrrpStatistics OBJECT IDENTIFIER ::= { vrrpMIB 2 } + vrrpConformance OBJECT IDENTIFIER ::= { vrrpMIB 3 } + + +-- ******************************************************************* +-- Start of MIB objects +-- ******************************************************************* + + vrrpNodeVersion OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This value identifies the particular version of the VRRP + supported by this node." + ::= { vrrpOperations 1 } + + vrrpNotificationCntl OBJECT-TYPE + SYNTAX INTEGER { + enabled (1), + disabled (2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Indicates whether the VRRP-enabled router will generate + SNMP traps for events defined in this MIB. 'Enabled' + results in SNMP traps; 'disabled', no traps are sent." + DEFVAL { enabled } + ::= { vrrpOperations 2 } + +-- ******************************************************************* +-- VRRP Operations Table +-- ******************************************************************* + + vrrpOperTable OBJECT-TYPE + SYNTAX SEQUENCE OF VrrpOperEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Operations table for a VRRP router which consists of a + sequence (i.e., one or more conceptual rows) of + 'vrrpOperEntry' items." + ::= { vrrpOperations 3 } + + vrrpOperEntry OBJECT-TYPE + SYNTAX VrrpOperEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the vrrpOperTable containing the operational + characteristics of a virtual router. On a VRRP router, + a given virtual router is identified by a combination + of the IF index and VRID. + + Rows in the table cannot be modified unless the value + of `vrrpOperAdminState' is `disabled' and the + `vrrpOperState' has transitioned to `initialize'." + + INDEX { ifIndex, vrrpOperVrId } + ::= { vrrpOperTable 1 } + + VrrpOperEntry ::= + SEQUENCE { + vrrpOperVrId + VrId, + vrrpOperVirtualMacAddr + MacAddress, + vrrpOperState + INTEGER, + vrrpOperAdminState + INTEGER, + vrrpOperPriority + Integer32, + vrrpOperIpAddrCount + Integer32, + vrrpOperMasterIpAddr + IpAddress, + vrrpOperPrimaryIpAddr + IpAddress, + vrrpOperAuthType + INTEGER, + vrrpOperAuthKey + OCTET STRING, + vrrpOperAdvertisementInterval + Integer32, + vrrpOperPreemptMode + TruthValue, + vrrpOperVirtualRouterUpTime + TimeStamp, + vrrpOperProtocol + INTEGER, + vrrpOperRowStatus + RowStatus + } + + vrrpOperVrId OBJECT-TYPE + SYNTAX VrId + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This object contains the Virtual Router Identifier (VRID)." + ::= { vrrpOperEntry 1 } + + vrrpOperVirtualMacAddr OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The virtual MAC address of the virtual router. Although this + object can be derived from the 'vrrpOperVrId' object, it is + defined so that it is easily obtainable by a management + application and can be included in VRRP-related SNMP traps." + ::= { vrrpOperEntry 2 } + + vrrpOperState OBJECT-TYPE + SYNTAX INTEGER { + initialize(1), + backup(2), + master(3) + } + MAX-ACCESS read-only + STATUS current + + DESCRIPTION + "The current state of the virtual router. This object has + three defined values: + + - `initialize', which indicates that all the + virtual router is waiting for a startup event. + + - `backup', which indicates the virtual router is + monitoring the availability of the master router. + + - `master', which indicates that the virtual router + is forwarding packets for IP addresses that are + associated with this router. + + Setting the `vrrpOperAdminState' object (below) initiates + transitions in the value of this object." + ::= { vrrpOperEntry 3 } + + vrrpOperAdminState OBJECT-TYPE + SYNTAX INTEGER { + up(1), + down(2) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object will enable/disable the virtual router + function. Setting the value to `up', will transition + the state of the virtual router from `initialize' to `backup' + or `master', depending on the value of `vrrpOperPriority'. + Setting the value to `down', will transition the + router from `master' or `backup' to `initialize'. State + transitions may not be immediate; they sometimes depend on + other factors, such as the interface (IF) state. + + The `vrrpOperAdminState' object must be set to `down' prior + to modifying the other read-create objects in the conceptual + row. The value of the `vrrpOperRowStatus' object (below) + must be `active', signifying that the conceptual row + is valid (i.e., the objects are correctly set), + in order for this object to be set to `up'." + DEFVAL { down } + ::= { vrrpOperEntry 4 } + + vrrpOperPriority OBJECT-TYPE + SYNTAX Integer32 (0..255) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object specifies the priority to be used for the + virtual router master election process. Higher values imply + higher priority. + + A priority of '0', although not settable, is sent by + the master router to indicate that this router has ceased + to participate in VRRP and a backup virtual router should + transition to become a new master. + + A priority of 255 is used for the router that owns the + associated IP address(es)." + DEFVAL { 100 } + ::= { vrrpOperEntry 5 } + + vrrpOperIpAddrCount OBJECT-TYPE + SYNTAX Integer32 (0..255) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP addresses that are associated with this + virtual router. This number is equal to the number of rows + in the vrrpAssoIpAddrTable that correspond to a given IF + index/VRID pair." + ::= { vrrpOperEntry 6 } + + vrrpOperMasterIpAddr OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The master router's real (primary) IP address. This is + the IP address listed as the source in VRRP advertisement + last received by this virtual router." + ::= { vrrpOperEntry 7 } + + vrrpOperPrimaryIpAddr OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "In the case where there is more than one IP address for + a given `ifIndex', this object is used to specify the IP + address that will become the `vrrpOperMasterIpAddr', should + the virtual router transition from backup to master. If + this object is set to 0.0.0.0, the IP address which is + numerically lowest will be selected." + DEFVAL { '00000000'H } -- 0.0.0.0 + ::= { vrrpOperEntry 8 } + + vrrpOperAuthType OBJECT-TYPE + SYNTAX INTEGER { + noAuthentication(1), -- VRRP protocol exchanges are not + -- authenticated. + simpleTextPassword(2), -- Exchanges are authenticated by a + -- clear text password. + ipAuthenticationHeader(3) -- Exchanges are authenticated using + -- the IP authentication header. + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Authentication type used for VRRP protocol exchanges between + virtual routers. This value of this object is the same for a + given ifIndex. + + New enumerations to this list can only be added via a new + RFC on the standards track." + DEFVAL { noAuthentication } + ::= { vrrpOperEntry 9 } + + vrrpOperAuthKey OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (0..16)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The Authentication Key. This object is set according to + the value of the 'vrrpOperAuthType' object + ('simpleTextPassword' or 'ipAuthenticationHeader'). If the + length of the value is less than 16 octets, the agent will + left adjust and zero fill to 16 octets. The value of this + object is the same for a given ifIndex. + + When read, vrrpOperAuthKey always returns an Octet String + of length zero." + ::= { vrrpOperEntry 10 } + + vrrpOperAdvertisementInterval OBJECT-TYPE + SYNTAX Integer32 (1..255) + UNITS "seconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The time interval, in seconds, between sending + advertisement messages. Only the master router sends + VRRP advertisements." + DEFVAL { 1 } + ::= { vrrpOperEntry 11 } + + vrrpOperPreemptMode OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Controls whether a higher priority virtual router will + preempt a lower priority master." + DEFVAL { true } + ::= { vrrpOperEntry 12 } + + vrrpOperVirtualRouterUpTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This is the value of the `sysUpTime' object when this + virtual router (i.e., the `vrrpOperState') transitioned + out of `initialized'." + ::= { vrrpOperEntry 13 } + + vrrpOperProtocol OBJECT-TYPE + SYNTAX INTEGER { + ip (1), + bridge (2), + decnet (3), + other (4) + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The particular protocol being controlled by this Virtual + Router. + + New enumerations to this list can only be added via a new + RFC on the standards track." + DEFVAL { ip } + ::= { vrrpOperEntry 14 } + + vrrpOperRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The row status variable, used in accordance to installation + and removal conventions for conceptual rows. The rowstatus of + a currently active row in the vrrpOperTable is constrained + by the operational state of the corresponding virtual router. + When `vrrpOperRowStatus' is set to active(1), no other + objects in the conceptual row, with the exception of + `vrrpOperAdminState', can be modified. Prior to setting the + `vrrpOperRowStatus' object from `active' to a different value, + the `vrrpOperAdminState' object must be set to `down' and the + `vrrpOperState' object be transitioned to `initialize'. + + To create a row in this table, a manager sets this object + to either createAndGo(4) or createAndWait(5). Until instances + of all corresponding columns are appropriately configured, + the value of the corresponding instance of the `vrrpOperRowStatus' + column will be read as notReady(3). + In particular, a newly created row cannot be made active(1) + until (minimally) the corresponding instance of + `vrrpOperVrId' has been set and there is at least one active + row in the `vrrpAssoIpAddrTable' defining an associated + IP address for the virtual router." + ::= { vrrpOperEntry 15 } + + +-- ******************************************************************* +-- VRRP Associated IP Address Table +-- ******************************************************************* + + vrrpAssoIpAddrTable OBJECT-TYPE + SYNTAX SEQUENCE OF VrrpAssoIpAddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table of addresses associated with this virtual router." + ::= { vrrpOperations 4 } + + vrrpAssoIpAddrEntry OBJECT-TYPE + SYNTAX VrrpAssoIpAddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the table contains an IP address that is + associated with a virtual router. The number of rows for + a given ifIndex and VrId will equal the number of IP + addresses associated (e.g., backed up) by the virtual + router (equivalent to 'vrrpOperIpAddrCount'). + + Rows in the table cannot be modified unless the value + of `vrrpOperAdminState' is `disabled' and the + `vrrpOperState' has transitioned to `initialize'." + + INDEX { ifIndex, vrrpOperVrId, vrrpAssoIpAddr } + ::= { vrrpAssoIpAddrTable 1 } + + VrrpAssoIpAddrEntry ::= + SEQUENCE { + vrrpAssoIpAddr + IpAddress, + vrrpAssoIpAddrRowStatus + RowStatus + } + + vrrpAssoIpAddr OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The assigned IP addresses that a virtual router is + responsible for backing up." + ::= { vrrpAssoIpAddrEntry 1 } + + vrrpAssoIpAddrRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The row status variable, used according to installation + and removal conventions for conceptual rows. Setting this + object to active(1) or createAndGo(4) results in the + addition of an associated address for a virtual router. + Destroying the entry or setting it to notInService(2) + removes the associated address from the virtual router. + The use of other values is implementation-dependent." + ::= { vrrpAssoIpAddrEntry 2 } + + +-- ******************************************************************* +-- VRRP Router Statistics +-- ******************************************************************* + + vrrpRouterChecksumErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received with an invalid + VRRP checksum value." + ::= { vrrpStatistics 1 } + + vrrpRouterVersionErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received with an unknown + or unsupported version number." + ::= { vrrpStatistics 2 } + + vrrpRouterVrIdErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received with an invalid + VRID for this virtual router." + ::= { vrrpStatistics 3 } + +-- ******************************************************************* +-- VRRP Router Statistics Table +-- ******************************************************************* + + vrrpRouterStatsTable OBJECT-TYPE + SYNTAX SEQUENCE OF VrrpRouterStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table of virtual router statistics." + ::= { vrrpStatistics 4 } + + vrrpRouterStatsEntry OBJECT-TYPE + SYNTAX VrrpRouterStatsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the table, containing statistics information + about a given virtual router." + AUGMENTS { vrrpOperEntry } + ::= { vrrpRouterStatsTable 1 } + + VrrpRouterStatsEntry ::= + SEQUENCE { + vrrpStatsBecomeMaster + Counter32, + vrrpStatsAdvertiseRcvd + Counter32, + vrrpStatsAdvertiseIntervalErrors + Counter32, + vrrpStatsAuthFailures + Counter32, + vrrpStatsIpTtlErrors + Counter32, + vrrpStatsPriorityZeroPktsRcvd + Counter32, + vrrpStatsPriorityZeroPktsSent + Counter32, + vrrpStatsInvalidTypePktsRcvd + Counter32, + vrrpStatsAddressListErrors + Counter32, + vrrpStatsInvalidAuthType + Counter32, + vrrpStatsAuthTypeMismatch + Counter32, + vrrpStatsPacketLengthErrors + Counter32 + } + + vrrpStatsBecomeMaster OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of times that this virtual router's state + has transitioned to MASTER." + ::= { vrrpRouterStatsEntry 1 } + + vrrpStatsAdvertiseRcvd OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP advertisements received by this + virtual router." + ::= { vrrpRouterStatsEntry 2 } + + vrrpStatsAdvertiseIntervalErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP advertisement packets received + for which the advertisement interval is different than the + one configured for the local virtual router." + ::= { vrrpRouterStatsEntry 3 } + + vrrpStatsAuthFailures OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received that do not pass + the authentication check." + ::= { vrrpRouterStatsEntry 4 } + + vrrpStatsIpTtlErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received by the virtual + router with IP TTL (Time-To-Live) not equal to 255." + ::= { vrrpRouterStatsEntry 5 } + + vrrpStatsPriorityZeroPktsRcvd OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received by the virtual + router with a priority of '0'." + ::= { vrrpRouterStatsEntry 6 } + + vrrpStatsPriorityZeroPktsSent OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets sent by the virtual router + with a priority of '0'." + ::= { vrrpRouterStatsEntry 7 } + + vrrpStatsInvalidTypePktsRcvd OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of VRRP packets received by the virtual router + with an invalid value in the 'type' field." + ::= { vrrpRouterStatsEntry 8 } + + vrrpStatsAddressListErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received for which the address + list does not match the locally configured list for the + virtual router." + ::= { vrrpRouterStatsEntry 9 } + + vrrpStatsInvalidAuthType OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received with an unknown + authentication type." + ::= { vrrpRouterStatsEntry 10 } + + vrrpStatsAuthTypeMismatch OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received with 'Auth Type' not + equal to the locally configured authentication method + (`vrrpOperAuthType')." + ::= { vrrpRouterStatsEntry 11 } + + vrrpStatsPacketLengthErrors OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received with a packet length + less than the length of the VRRP header." + ::= { vrrpRouterStatsEntry 12 } + +-- ******************************************************************* +-- Trap Definitions +-- ******************************************************************* + + vrrpNotifications OBJECT IDENTIFIER ::= { vrrpMIB 0 } + + vrrpTrapPacketSrc OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "The IP address of an inbound VRRP packet. Used by + vrrpTrapAuthFailure trap." + ::= { vrrpOperations 5 } + + vrrpTrapAuthErrorType OBJECT-TYPE + SYNTAX INTEGER { + invalidAuthType (1), + authTypeMismatch (2), + authFailure (3) + } + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Potential types of configuration conflicts. + Used by vrrpAuthFailure trap." + ::= { vrrpOperations 6 } + + vrrpTrapNewMaster NOTIFICATION-TYPE + OBJECTS { vrrpOperMasterIpAddr + } + STATUS current + DESCRIPTION + "The newMaster trap indicates that the sending agent + has transitioned to 'Master' state." + ::= { vrrpNotifications 1 } + + vrrpTrapAuthFailure NOTIFICATION-TYPE + OBJECTS { vrrpTrapPacketSrc, + vrrpTrapAuthErrorType + } + STATUS current + DESCRIPTION + "A vrrpAuthFailure trap signifies that a packet has + been received from a router whose authentication key + or authentication type conflicts with this router's + authentication key or authentication type. Implementation + of this trap is optional." + ::= { vrrpNotifications 2 } + + +-- ******************************************************************* +-- Conformance Information +-- ******************************************************************* + + vrrpMIBCompliances OBJECT IDENTIFIER ::= { vrrpConformance 1 } + vrrpMIBGroups OBJECT IDENTIFIER ::= { vrrpConformance 2 } + +-- ................................................................... +-- Compliance Statements +-- ................................................................... + + vrrpMIBCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The core compliance statement for all VRRP implementations." + MODULE -- this module + MANDATORY-GROUPS { + vrrpOperGroup, + vrrpStatsGroup + } + OBJECT vrrpOperPriority + WRITE-SYNTAX Integer32 (1..255) + DESCRIPTION "SETable values are from 1 to 255." + ::= { vrrpMIBCompliances 1 } + +-- ................................................................... +-- Conformance Groups +-- ................................................................... + + vrrpOperGroup OBJECT-GROUP + OBJECTS { + vrrpNodeVersion, + vrrpNotificationCntl, + vrrpOperVirtualMacAddr, + vrrpOperState, + vrrpOperAdminState, + vrrpOperPriority, + vrrpOperIpAddrCount, + vrrpOperMasterIpAddr, + vrrpOperPrimaryIpAddr, + vrrpOperAuthType, + vrrpOperAuthKey, + vrrpOperAdvertisementInterval, + vrrpOperPreemptMode, + vrrpOperVirtualRouterUpTime, + vrrpOperProtocol, + vrrpOperRowStatus, + vrrpAssoIpAddrRowStatus + } + STATUS current + DESCRIPTION + "Conformance group for VRRP operations." + ::= { vrrpMIBGroups 1 } + + vrrpStatsGroup OBJECT-GROUP + OBJECTS { + vrrpRouterChecksumErrors, + vrrpRouterVersionErrors, + vrrpRouterVrIdErrors, + vrrpStatsBecomeMaster, + vrrpStatsAdvertiseRcvd, + vrrpStatsAdvertiseIntervalErrors, + vrrpStatsAuthFailures, + vrrpStatsIpTtlErrors, + vrrpStatsPriorityZeroPktsRcvd, + vrrpStatsPriorityZeroPktsSent, + vrrpStatsInvalidTypePktsRcvd, + vrrpStatsAddressListErrors, + vrrpStatsInvalidAuthType, + vrrpStatsAuthTypeMismatch, + vrrpStatsPacketLengthErrors + } + STATUS current + DESCRIPTION + "Conformance group for VRRP statistics." + ::= { vrrpMIBGroups 2 } + + vrrpTrapGroup OBJECT-GROUP + OBJECTS { + vrrpTrapPacketSrc, + vrrpTrapAuthErrorType + } + STATUS current + DESCRIPTION + "Conformance group for objects contained in VRRP notifications." + ::= { vrrpMIBGroups 3 } + + vrrpNotificationGroup NOTIFICATION-GROUP + NOTIFICATIONS { + vrrpTrapNewMaster, + vrrpTrapAuthFailure + } + STATUS current + DESCRIPTION + "The VRRP MIB Notification Group." + ::= { vrrpMIBGroups 4 } + +END diff --git a/tools/keepalived/doc/VRRPv3-MIB.txt b/tools/keepalived/doc/VRRPv3-MIB.txt new file mode 100644 index 000000000..5b935f822 --- /dev/null +++ b/tools/keepalived/doc/VRRPv3-MIB.txt @@ -0,0 +1,955 @@ +VRRPV3-MIB DEFINITIONS ::= BEGIN + + IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + NOTIFICATION-TYPE, Counter32, + Integer32, mib-2, Unsigned32, + Counter64, TimeTicks + FROM SNMPv2-SMI -- RFC2578 + + TEXTUAL-CONVENTION, RowStatus, + MacAddress, TruthValue, TimeStamp, + TimeInterval + FROM SNMPv2-TC -- RFC2579 + + MODULE-COMPLIANCE, OBJECT-GROUP, + NOTIFICATION-GROUP + FROM SNMPv2-CONF -- RFC2580 + + ifIndex + FROM IF-MIB -- RFC2863 + + InetAddressType, InetAddress + FROM INET-ADDRESS-MIB; -- RFC4001 + + vrrpv3MIB MODULE-IDENTITY + LAST-UPDATED "201708140000Z" -- Aug 14, 2017 + ORGANIZATION "IETF VRRP Working Group" + CONTACT-INFO + "WG E-Mail: vrrp@ietf.org + + Editor: Kalyan Tata + Nokia + 313 Fairchild Dr, + Mountain View, CA 94043 + Tata_kalyan@yahoo.com" + + DESCRIPTION + "This MIB describes objects used for managing Virtual + Router Redundancy Protocol version 3 (VRRPv3). + + Copyright (c) 2012 IETF Trust and the persons + identified as authors of the code. All rights + reserved. + + Redistribution and use in source and binary forms, + with or without modification, is permitted pursuant + to, and subject to the license terms contained in, + the Simplified BSD License set forth in Section + 4.c of the IETF Trust's Legal Provisions Relating + to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of the MIB module is part of RFC 6527. + Please see the RFC for full legal notices." + + REVISION "201708140000Z" -- Aug 14, 2017 + DESCRIPTION "Apply RFC 6527 errata id 4168 and 5086." + + REVISION "201202130000Z" -- Feb 13, 2012 + DESCRIPTION "Initial version as published in RFC 6527." + + ::= { mib-2 207 } + +-- Textual Conventions + + Vrrpv3VrIdTC ::= TEXTUAL-CONVENTION + DISPLAY-HINT "d" + STATUS current + DESCRIPTION + "The value of the Virtual Router Identifier noted as + (VRID) in RFC 5798. This, along with interface index + (ifIndex) and IP version, serves to uniquely identify + a virtual router on a given VRRP router." + REFERENCE "RFC 5798 (Sections 3 and 5.2.3)" + SYNTAX Integer32 (1..255) + +-- VRRPv3 MIB Groups + + vrrpv3Notifications OBJECT IDENTIFIER ::= { vrrpv3MIB 0 } + vrrpv3Objects OBJECT IDENTIFIER ::= { vrrpv3MIB 1 } + vrrpv3Conformance OBJECT IDENTIFIER ::= { vrrpv3MIB 2 } + +-- VRRPv3 MIB Objects + + vrrpv3Operations OBJECT IDENTIFIER ::= { vrrpv3Objects 1 } + vrrpv3Statistics OBJECT IDENTIFIER ::= { vrrpv3Objects 2 } + +-- VRRPv3 Operations Table + + vrrpv3OperationsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Vrrpv3OperationsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Unified Operations table for a VRRP router that + consists of a sequence (i.e., one or more conceptual + rows) of 'vrrpv3OperationsEntry' items each of which + describe the operational characteristics of a virtual + router." + + ::= { vrrpv3Operations 1 } + + vrrpv3OperationsEntry OBJECT-TYPE + SYNTAX Vrrpv3OperationsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the vrrpv3OperationsTable containing the + operational characteristics of a virtual router. + On a VRRP router, a given virtual router is + identified by a combination of ifIndex, VRID, and + the IP version. ifIndex represents an interface of + the router. + + A row must be created with vrrpv3OperationsStatus + set to initialize(1) and cannot transition to + backup(2) or master(3) until + vrrpv3OperationsRowStatus is transitioned to + active(1). + + The information in this table is persistent and when + written the entity SHOULD save the change to non- + volatile storage." + + INDEX { ifIndex, vrrpv3OperationsVrId, + vrrpv3OperationsInetAddrType + } + ::= { vrrpv3OperationsTable 1 } + + Vrrpv3OperationsEntry ::= + + SEQUENCE { + vrrpv3OperationsVrId + Vrrpv3VrIdTC, + vrrpv3OperationsInetAddrType + InetAddressType, + vrrpv3OperationsMasterIpAddr + InetAddress, + vrrpv3OperationsPrimaryIpAddr + InetAddress, + vrrpv3OperationsVirtualMacAddr + MacAddress, + vrrpv3OperationsStatus + INTEGER, + vrrpv3OperationsPriority + Unsigned32, + vrrpv3OperationsAddrCount + Integer32, + vrrpv3OperationsAdvInterval + TimeInterval, + vrrpv3OperationsPreemptMode + TruthValue, + vrrpv3OperationsAcceptMode + TruthValue, + vrrpv3OperationsUpTime + TimeTicks, + vrrpv3OperationsRowStatus + RowStatus + } + vrrpv3OperationsVrId OBJECT-TYPE + SYNTAX Vrrpv3VrIdTC + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This object contains the Virtual Router Identifier + (VRID)." + REFERENCE "RFC 4001" + ::= { vrrpv3OperationsEntry 1 } + + vrrpv3OperationsInetAddrType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IP address type of Vrrpv3OperationsEntry and + Vrrpv3AssociatedIpAddrEntry. This value determines + the type for vrrpv3OperationsMasterIpAddr, + vrrpv3OperationsPrimaryIpAddr, and + vrrpv3AssociatedIpAddrAddress. + + ipv4(1) and ipv6(2) are the only two values supported + in this MIB module." + REFERENCE "RFC 4001" + ::= { vrrpv3OperationsEntry 2 } + + vrrpv3OperationsMasterIpAddr OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The master router's real IP address. The master router + would set this address to vrrpv3OperationsPrimaryIpAddr + while transitioning to master state. For backup + routers, this is the IP address listed as the source in + the VRRP advertisement last received by this virtual + router." + REFERENCE "RFC 5798" + ::= { vrrpv3OperationsEntry 3 } + + vrrpv3OperationsPrimaryIpAddr OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "In the case where there is more than one IP + Address (associated IP addresses) for a given + 'ifIndex', this object is used to specify the IP + address that will become the + vrrpv3OperationsMasterIpAddr', should the virtual + router transition from backup state to master." + ::= { vrrpv3OperationsEntry 4 } + + vrrpv3OperationsVirtualMacAddr OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The virtual MAC address of the virtual router. + Although this object can be derived from the + 'vrrpv3OperationsVrId' object, it is defined so that it + is easily obtainable by a management application and + can be included in VRRP-related SNMP notifications." + ::= { vrrpv3OperationsEntry 5 } + + vrrpv3OperationsStatus OBJECT-TYPE + SYNTAX INTEGER { + initialize(1), + backup(2), + master(3) + } + MAX-ACCESS read-only + STATUS current + + DESCRIPTION + "The current state of the virtual router. This object + has three defined values: + + - 'initialize', which indicates that the + virtual router is waiting for a startup event. + + - 'backup', which indicates that the virtual router is + monitoring the availability of the master router. + + - 'master', which indicates that the virtual router + is forwarding packets for IP addresses that are + associated with this router." + REFERENCE "RFC 5798" + ::= { vrrpv3OperationsEntry 6 } + + vrrpv3OperationsPriority OBJECT-TYPE + SYNTAX Unsigned32 (0..255) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "This object specifies the priority to be used for the + virtual router master election process; higher values + imply higher priority. + + A priority of '0', although not settable, is sent by + the master router to indicate that this router has + ceased to participate in VRRP, and a backup virtual + router should transition to become a new master. + + A priority of 255 is used for the router that owns the + associated IP address(es) for VRRP over IPv4 and hence + is not settable. + + Setting the values of this object to 0 or 255 should be + rejected by the agents implementing this MIB module. + For example, an SNMP agent would return 'badValue(3)' + when a user tries to set the values 0 or 255 for this + object." + + REFERENCE "RFC 5798, Section 6.1" + DEFVAL { 100 } + ::= { vrrpv3OperationsEntry 7 } + + vrrpv3OperationsAddrCount OBJECT-TYPE + SYNTAX Integer32 (0..255) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IP addresses that are associated with + this virtual router. This number is equal to the + number of rows in the vrrpv3AssociatedAddrTable that + correspond to a given ifIndex/VRID/IP version." + REFERENCE "RFC 5798, Section 6.1" + ::= { vrrpv3OperationsEntry 8 } + + vrrpv3OperationsAdvInterval OBJECT-TYPE + SYNTAX TimeInterval (1..4095) + UNITS "centiseconds" + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The time interval, in centiseconds, between sending + advertisement messages. Only the master router sends + VRRP advertisements." + REFERENCE "RFC 5798, Section 6.1" + DEFVAL { 100} + ::= { vrrpv3OperationsEntry 9 } + + vrrpv3OperationsPreemptMode OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Controls whether a higher priority virtual router will + preempt a lower priority master." + REFERENCE "RFC 5798, Section 6.1" + DEFVAL { true } + ::= { vrrpv3OperationsEntry 10 } + + vrrpv3OperationsAcceptMode OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Controls whether a virtual router in master state + will accept packets addressed to the address owner's + address as its own if it is not the address + owner. Default is false(2)." + DEFVAL { false } + ::= { vrrpv3OperationsEntry 11 } + + vrrpv3OperationsUpTime OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This value represents the amount of time, in + TimeTicks (hundredth of a second), since this virtual + router (i.e., the 'vrrpv3OperationsStatus') + transitioned out of 'initialize'." + REFERENCE "RFC 5798, Section 6.1" + ::= { vrrpv3OperationsEntry 12 } + + vrrpv3OperationsRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The RowStatus variable should be used in accordance to + installation and removal conventions for conceptual + rows. + + To create a row in this table, a manager sets this + object to either createAndGo(4) or createAndWait(5). + Until instances of all corresponding columns are + appropriately configured, the value of the + corresponding instance of the + 'vrrpv3OperationsRowStatus' column will be read as + notReady(3). + In particular, a newly created row cannot be made + active(1) until (minimally) the corresponding instance + of vrrpv3OperationsInetAddrType, vrrpv3OperationsVrId, + and vrrpv3OperationsPrimaryIpAddr has been set, and + there is at least one active row in the + 'vrrpv3AssociatedIpAddrTable' defining an associated + IP address. + + notInService(2) should be used to administratively + bring the row down. + + A typical order of operation to add a row is: + 1. Create a row in vrrpv3OperationsTable with + createAndWait(5). + 2. Create one or more corresponding rows in + vrrpv3AssociatedIpAddrTable. + 3. Populate the vrrpv3OperationsEntry. + 4. Set vrrpv3OperationsRowStatus to active(1). + + A typical order of operation to delete an entry is: + 1. Set vrrpv3OperationsRowStatus to notInService(2). + 2. Set the corresponding rows in + vrrpv3AssociatedIpAddrTable to destroy(6) to delete + the entry. + 3. Set vrrpv3OperationsRowStatus to destroy(6) to + delete the entry." + ::= { vrrpv3OperationsEntry 13 } + +-- VRRP Associated Address Table + + vrrpv3AssociatedIpAddrTable OBJECT-TYPE + SYNTAX SEQUENCE OF Vrrpv3AssociatedIpAddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table of addresses associated with each virtual + router." + ::= { vrrpv3Operations 2 } + + vrrpv3AssociatedIpAddrEntry OBJECT-TYPE + SYNTAX Vrrpv3AssociatedIpAddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the table contains an IP address that is + associated with a virtual router. The number of rows + for a given IP version, VrID, and ifIndex will equal + the number of IP addresses associated (e.g., backed up) + by the virtual router (equivalent to + 'vrrpv3OperationsIpAddrCount'). + + Rows in the table cannot be modified unless the value + of 'vrrpv3OperationsStatus' for the corresponding entry + in the vrrpv3OperationsTable has transitioned to + initialize(1). + + The information in this table is persistent and when + written the entity SHOULD save the change to non- + volatile storage." + + INDEX { ifIndex, vrrpv3OperationsVrId, + vrrpv3OperationsInetAddrType, + vrrpv3AssociatedIpAddrAddress } + + ::= { vrrpv3AssociatedIpAddrTable 1 } + + Vrrpv3AssociatedIpAddrEntry ::= + SEQUENCE { + vrrpv3AssociatedIpAddrAddress + + InetAddress, + vrrpv3AssociatedIpAddrRowStatus + RowStatus + } + + vrrpv3AssociatedIpAddrAddress OBJECT-TYPE + SYNTAX InetAddress (SIZE (0|4|16)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The assigned IP addresses that a virtual router is + responsible for backing up. + + The IP address type is determined by the value of + vrrpv3OperationsInetAddrType in the index of this + row." + REFERENCE "RFC 5798" + ::= { vrrpv3AssociatedIpAddrEntry 1 } + + vrrpv3AssociatedIpAddrRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The row status variable, used according to + installation and removal conventions for conceptual + rows. To create a row in this table, a manager sets + this object to either createAndGo(4) or + createAndWait(5). Setting this object to active(1) + results in the addition of an associated address for a + virtual router. Setting this object to notInService(2) + results in administratively bringing down the row. + + Destroying the entry or setting it to destroy(6) + removes the associated address from the virtual router. + The use of other values is implementation-dependent. + + Implementations should not allow deletion of the last + row corresponding to an active row in + vrrpv3OperationsTable. + + Refer to the description of vrrpv3OperationsRowStatus + for typical row creation and deletion scenarios." + ::= { vrrpv3AssociatedIpAddrEntry 2 } + +-- VRRP Router Statistics + + vrrpv3RouterChecksumErrors OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received with an + invalid VRRP checksum value. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3GlobalStatisticsDiscontinuityTime." + + REFERENCE "RFC 5798, Section 5.2.8" + ::= { vrrpv3Statistics 1 } + + vrrpv3RouterVersionErrors OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received with an + unknown or unsupported version number. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3GlobalStatisticsDiscontinuityTime." + + REFERENCE "RFC 5798, Section 5.2.1" + ::= { vrrpv3Statistics 2 } + + vrrpv3RouterVrIdErrors OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received with a + VRID that is not valid for any virtual router on this + router. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3GlobalStatisticsDiscontinuityTime." + + REFERENCE "RFC 5798, Section 5.2.3" + ::= { vrrpv3Statistics 3 } + + vrrpv3GlobalStatisticsDiscontinuityTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime on the most recent occasion at + which one of vrrpv3RouterChecksumErrors, + vrrpv3RouterVersionErrors, and vrrpv3RouterVrIdErrors + suffered a discontinuity. + + If no such discontinuities have occurred since the last + re-initialization of the local management subsystem, + then this object contains a zero value." + + ::= { vrrpv3Statistics 4 } + +-- VRRP Router Statistics Table + + vrrpv3StatisticsTable OBJECT-TYPE + SYNTAX SEQUENCE OF Vrrpv3StatisticsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table of virtual router statistics." + ::= { vrrpv3Statistics 5 } + + vrrpv3StatisticsEntry OBJECT-TYPE + SYNTAX Vrrpv3StatisticsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry in the table containing statistics + information about a given virtual router." + AUGMENTS { vrrpv3OperationsEntry } + ::= { vrrpv3StatisticsTable 1 } + + Vrrpv3StatisticsEntry ::= + SEQUENCE { + vrrpv3StatisticsMasterTransitions + Counter32, + vrrpv3StatisticsNewMasterReason + INTEGER, + vrrpv3StatisticsRcvdAdvertisements + Counter64, + vrrpv3StatisticsAdvIntervalErrors + Counter64, + vrrpv3StatisticsIpTtlErrors + Counter64, + vrrpv3StatisticsProtoErrReason + INTEGER, + vrrpv3StatisticsRcvdPriZeroPackets + Counter64, + vrrpv3StatisticsSentPriZeroPackets + Counter64, + vrrpv3StatisticsRcvdInvalidTypePackets + Counter64, + vrrpv3StatisticsAddressListErrors + Counter64, + vrrpv3StatisticsPacketLengthErrors + Counter64, + vrrpv3StatisticsRowDiscontinuityTime + TimeStamp, + vrrpv3StatisticsRefreshRate + Unsigned32 + } + + vrrpv3StatisticsMasterTransitions OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of times that this virtual router's + state has transitioned to master state. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3StatisticsRowDiscontinuityTime." + ::= { vrrpv3StatisticsEntry 1 } + + vrrpv3StatisticsNewMasterReason OBJECT-TYPE + SYNTAX INTEGER { + notMaster (0), + priority (1), + preempted (2), + masterNoResponse (3) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This indicates the reason for the virtual router to + transition to master state. If the virtual router + never transitioned to master state, the value of this + object is notMaster(0). Otherwise, this indicates the + reason this virtual router transitioned to master + state the last time. Used by vrrpv3NewMaster + notification." + ::= { vrrpv3StatisticsEntry 2 } + + vrrpv3StatisticsRcvdAdvertisements OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP advertisements received by + this virtual router. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3StatisticsRowDiscontinuityTime." + + ::= { vrrpv3StatisticsEntry 3 } + + vrrpv3StatisticsAdvIntervalErrors OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP advertisement packets + received for which the advertisement interval is + different from the vrrpv3OperationsAdvInterval + configured on this virtual router. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3StatisticsRowDiscontinuityTime." + + ::= { vrrpv3StatisticsEntry 4 } + + vrrpv3StatisticsIpTtlErrors OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received by the + virtual router with IPv4 TTL (for VRRP over IPv4) or + IPv6 Hop Limit (for VRRP over IPv6) not equal to 255. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3StatisticsRowDiscontinuityTime." + REFERENCE "RFC 5798, Section 5.1.1.3" + ::= { vrrpv3StatisticsEntry 5 } + + vrrpv3StatisticsProtoErrReason OBJECT-TYPE + SYNTAX INTEGER { + noError (0), + ipTtlError (1), + versionError (2), + checksumError (3), + vrIdError(4) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This indicates the reason for the last protocol + error. This SHOULD be set to noError(0) when no + protocol errors are encountered. Used by + vrrpv3ProtoError notification." + ::= { vrrpv3StatisticsEntry 6 } + + vrrpv3StatisticsRcvdPriZeroPackets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets received by the + virtual router with a priority of '0'. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3StatisticsRowDiscontinuityTime." + REFERENCE "RFC 5798, Section 5.2.4" + ::= { vrrpv3StatisticsEntry 7 } + + vrrpv3StatisticsSentPriZeroPackets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of VRRP packets sent by the virtual + router with a priority of '0'. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3StatisticsRowDiscontinuityTime." + REFERENCE "RFC 5798, Section 5.2.4" + ::= { vrrpv3StatisticsEntry 8 } + + vrrpv3StatisticsRcvdInvalidTypePackets OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of VRRP packets received by the virtual + router with an invalid value in the 'type' field. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3StatisticsRowDiscontinuityTime." + ::= { vrrpv3StatisticsEntry 9 } + + vrrpv3StatisticsAddressListErrors OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received for which the + address list does not match the locally configured + list for the virtual router. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3StatisticsRowDiscontinuityTime." + ::= { vrrpv3StatisticsEntry 10 } + + vrrpv3StatisticsPacketLengthErrors OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of packets received with a packet + length less than the length of the VRRP header. + + Discontinuities in the value of this counter can occur + at re-initialization of the management system, and at + other times as indicated by the value of + vrrpv3StatisticsRowDiscontinuityTime." + ::= { vrrpv3StatisticsEntry 11 } + + vrrpv3StatisticsRowDiscontinuityTime OBJECT-TYPE + SYNTAX TimeStamp + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of sysUpTime on the most recent occasion at + which any one or more of this entry's counters + suffered a discontinuity. + + If no such discontinuities have occurred since the last + re-initialization of the local management subsystem, + then this object contains a zero value." + ::= { vrrpv3StatisticsEntry 12 } + + vrrpv3StatisticsRefreshRate OBJECT-TYPE + SYNTAX Unsigned32 + UNITS "milliseconds" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The minimum reasonable polling interval for this entry. + This object provides an indication of the minimum + amount of time required to update the counters in this + entry." + ::= { vrrpv3StatisticsEntry 13 } + +-- Notification Definitions +-- Notifications may be controlled using SNMP-NOTIFICATION-MIB + + vrrpv3NewMaster NOTIFICATION-TYPE + OBJECTS { + vrrpv3OperationsMasterIpAddr, + vrrpv3StatisticsNewMasterReason + } + STATUS current + DESCRIPTION + "The newMaster notification indicates that the sending + agent has transitioned to master state." + ::= { vrrpv3Notifications 1 } + + vrrpv3ProtoError NOTIFICATION-TYPE + OBJECTS { + vrrpv3StatisticsProtoErrReason + } + STATUS current + DESCRIPTION + "The notification indicates that the sending agent has + encountered the protocol error indicated by + vrrpv3StatisticsProtoErrReason." + ::= { vrrpv3Notifications 2 } + +-- Conformance Information + + vrrpv3Compliances OBJECT IDENTIFIER ::= { vrrpv3Conformance 1 } + vrrpv3Groups OBJECT IDENTIFIER ::= { vrrpv3Conformance 2 } + +-- Compliance Statements + + vrrpv3FullCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement" + MODULE -- this module + MANDATORY-GROUPS { + vrrpv3OperationsGroup, + vrrpv3StatisticsGroup, + vrrpv3InfoGroup, + vrrpv3NotificationsGroup + } + OBJECT vrrpv3OperationsPriority + WRITE-SYNTAX Unsigned32 (1..254) + DESCRIPTION "Setable values are from 1 to 254." + ::= { vrrpv3Compliances 1 } + + vrrpv3ReadOnlyCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "When this MIB module is implemented without support + for read-create (i.e., in read-only mode), then such + an implementation can claim read-only compliance. + Such a device can then be monitored, but cannot be + configured with this MIB." + + MODULE -- this module + MANDATORY-GROUPS { + vrrpv3OperationsGroup, + vrrpv3StatisticsGroup, + vrrpv3StatisticsDiscontinuityGroup, + vrrpv3InfoGroup, + vrrpv3NotificationsGroup + } + + OBJECT vrrpv3OperationsPriority + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vrrpv3OperationsPrimaryIpAddr + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + OBJECT vrrpv3OperationsAdvInterval + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vrrpv3OperationsPreemptMode + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vrrpv3OperationsAcceptMode + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vrrpv3OperationsRowStatus + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vrrpv3AssociatedIpAddrRowStatus + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + ::= { vrrpv3Compliances 2 } + +-- Conformance Groups + + vrrpv3OperationsGroup OBJECT-GROUP + OBJECTS { + vrrpv3OperationsVirtualMacAddr, + vrrpv3OperationsStatus, + vrrpv3OperationsPriority, + vrrpv3OperationsMasterIpAddr, + vrrpv3OperationsAdvInterval, + vrrpv3OperationsPreemptMode, + vrrpv3OperationsAcceptMode, + vrrpv3OperationsUpTime, + vrrpv3OperationsRowStatus, + vrrpv3OperationsAddrCount, + vrrpv3OperationsPrimaryIpAddr, + vrrpv3AssociatedIpAddrRowStatus + } + STATUS current + DESCRIPTION + "Conformance group for VRRPv3 operations." + ::= { vrrpv3Groups 1 } + + vrrpv3StatisticsGroup OBJECT-GROUP + OBJECTS { + vrrpv3RouterChecksumErrors, + vrrpv3RouterVersionErrors, + vrrpv3RouterVrIdErrors, + vrrpv3StatisticsMasterTransitions, + vrrpv3StatisticsNewMasterReason, + vrrpv3StatisticsRcvdAdvertisements, + vrrpv3StatisticsAdvIntervalErrors, + vrrpv3StatisticsRcvdPriZeroPackets, + vrrpv3StatisticsSentPriZeroPackets, + vrrpv3StatisticsRcvdInvalidTypePackets, + vrrpv3StatisticsIpTtlErrors, + vrrpv3StatisticsProtoErrReason, + vrrpv3StatisticsAddressListErrors, + vrrpv3StatisticsPacketLengthErrors, + vrrpv3StatisticsRowDiscontinuityTime, + vrrpv3StatisticsRefreshRate + } + STATUS current + DESCRIPTION + "Conformance group for VRRPv3 statistics." + ::= { vrrpv3Groups 2 } + + vrrpv3StatisticsDiscontinuityGroup OBJECT-GROUP + OBJECTS { + vrrpv3GlobalStatisticsDiscontinuityTime + } + STATUS current + DESCRIPTION + "Objects providing information about counter + discontinuities." + ::= { vrrpv3Groups 3 } + + vrrpv3InfoGroup OBJECT-GROUP + OBJECTS { + vrrpv3StatisticsProtoErrReason, + vrrpv3StatisticsNewMasterReason + } + STATUS current + DESCRIPTION + "Conformance group for objects contained in VRRPv3 + notifications." + ::= { vrrpv3Groups 4 } + + vrrpv3NotificationsGroup NOTIFICATION-GROUP + NOTIFICATIONS { + vrrpv3NewMaster, + vrrpv3ProtoError + } + STATUS current + DESCRIPTION + "The VRRP MIB Notification Group." + ::= { vrrpv3Groups 5 } + +END diff --git a/tools/keepalived/doc/keepalived.conf.SYNOPSIS b/tools/keepalived/doc/keepalived.conf.SYNOPSIS index b8a09eecd..1ae228b7c 100644 --- a/tools/keepalived/doc/keepalived.conf.SYNOPSIS +++ b/tools/keepalived/doc/keepalived.conf.SYNOPSIS @@ -1,439 +1,5 @@ -This file describe all the Keepalived available keywords. The keepalived.conf -file is compounded by three configurations parts : - - * Globals configurations - * VRRP configuration - * LVS configuration - -0. Comment string - -There is 2 valid comment valid string : # or ! If you want to add comment -in you configuration file use this char. - -1. Globals configurations - -This block is divided in 2 sub-block : - - * Global definitions - * Static routes - - 1.1. Global definitions - - The configuration block looks like : - -global_defs { # Block identification - notification_email { # Email to send alertes to - # Standard email address - - ... - } - notification_email_from # Email From dealing with SMTP proto - smtp_server # SMTP server IP address - smtp_connect_timeout # Number of seconds timeout connect - # remote SMTP server - router_id # String identifying router - vrrp_mcast_group4 # optional, default 224.0.0.18 - vrrp_mcast_group6 # optional, default ff02::12 -} - -linkbeat_use_polling # Use media link failure detection polling fashion - - 1.2. Static addresses - - The configuration block looks like : - -static_ipaddress { # block identification - / brd dev scope - / brd dev scope - ... -} - -SCOPE can take the following values : - * site - * link - * host - * nowhere - * global - - 1.3. Static routes - - The configuration block looks like : - -static_routes { # block identification - src [to] / via|gw dev scope table # to is optional - src [to] / via|gw dev scope table # to is optional - src [to] / via|gw or dev scope table # will use multipath route - blackhole [/] - ... -} - -SCOPE can take the following values : - * site - * link - * host - * nowhere - * global - -2. VRRP configuration - -This block is divided in 3 sub-block : - - * VRRP scripts - * VRRP synchronization group - * VRRP instance - - 2.1. VRRP scripts - - The configuration block looks like : - -vrrp_script { # VRRP script declaration - script # script to run periodically - interval # run the script this every seconds - weight # adjust priority by this weight - fall # required number of failures for KO switch - rise # required number of successes for OK switch -} - -The script will be executed periodically, every seconds. Its exit -code will be recorded for all VRRP instances which will want to monitor it. -Note that the script will only be executed if at least one VRRP instance -monitors it with a non-zero weight. Thus, any number of scripts may be -declared without taking the system down. - -If unspecified, the weight equals 2, which means that a success will add +2 -to the priority of all VRRP instances which monitor it. On the opposite, a -negative weight will be subtracted from the initial priority in case of -failure. - - 2.2. VRRP synchronization group - - The configuration block looks like : - -vrrp_sync_group { # VRRP sync group declaration - group { # group of instance to sync together - # a - # set - ... # of VRRP_Instance string - } - notify_master | # Script to run during MASTER transit - notify_backup | # Script to run during BACKUP transit - notify_fault | # Script to run during FAULT transit - notify | # Script to run during ANY state transit (1) - smtp_alert # Send email notif during state transit -} - -(1) The "notify" script is called AFTER the corresponding notify_* script has - been called, and is given exactly 4 arguments (the whole string is interpreted - as a litteral filename so don't add parameters!): - - $1 = A string indicating whether it's a "GROUP" or an "INSTANCE" - $2 = The name of said group or instance - $3 = The state it's transitioning to ("MASTER", "BACKUP" or "FAULT") - $4 = The priority value - - $1 and $3 are ALWAYS sent in uppercase, and the possible strings sent are the - same ones listed above ("GROUP"/"INSTANCE", "MASTER"/"BACKUP"/"FAULT"). - -Important: for a SYNC group to run reliably, it is vital that all instances in - the group are MASTER or that they are all either BACKUP or FAULT. A - situation with half instances having higher priority on machine A - half others with higher priority on machine B will lead to constant - re-elections. For this reason, when instances are grouped, their - tracking weights are automatically set to zero, in order to avoid - inconsistent priorities across instances. - - 2.3. VRRP instance - - The configuration block looks like : - -vrrp_instance { # VRRP instance declaration - use_vmac # Use VRRP Virtual MAC - vmac_xmit_base # Send/Recv VRRP messages from base - # interface instead of VMAC interface - native_ipv6 # Force instance to use IPv6 - # when using mixed IPv4&IPv6 conf - state MASTER|BACKUP # Start-up default state - interface # Binding interface - track_interface { # Interfaces state we monitor - - - weight - ... - } - track_script { # Scripts state we monitor - - weight - ... - } - dont_track_primary # (default unset) ignore VRRP interface faults. - # useful for cross-connect VRRP config. - mcast_src_ip # src_ip to use into the VRRP packets - unicast_src_ip # src_ip to use into the VRRP packets (alias to mcast_src_ip) - unicast_peer { # Do not use multicast, instead send VRRP - # adverts to following list of ip address - ... # in unicast design fashion - } - lvs_sync_daemon_interface # Binding interface for lvs syncd - garp_master_delay # delay for gratuitous ARP after MASTER - # state transition - garp_master_refresh # Periodic delay in seconds sending - # gratuitous ARP while in MASTER state - virtual_router_id # VRRP VRID - priority # VRRP PRIO - advert_int # VRRP Advert interval (use default) - authentication { # Authentication block - auth_type PASS|AH # Simple Passwd or IPSEC AH - auth_pass # Password string (up to 8 characters) - } - virtual_ipaddress { # VRRP IP addres block - / brd dev scope label