From dfccb1fcc29d2c57eaf88b5d54a7b61e87afb59a Mon Sep 17 00:00:00 2001 From: Packit Service Date: Jan 27 2021 00:19:56 +0000 Subject: keepalived-2.1.5 base --- diff --git a/ChangeLog b/ChangeLog index e792c82..35eb5c9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,1776 @@ +2020-06-13 Alexandre Cassen + + This file is now deprecated and wil no longer get updated. + To have detailed informations about new Keepalived release + please refers to : + + https://www.keepalived.org/release-notes + + + +2020-01-22 Alexandre Cassen + * keepalived-2.0.20 + * Add DBus interface and config files to snap + * Install DBus files from snap onto host system. + * Fix snap install hook script. + * Set instance_name in child processes after reload + Although the parent process was reinstating the instance_name after + a reload, the child processes were not. + * Remove libxtables-dynamic from keepalived.spec.in + Commit 72c4e54 - "Add support for using iptables to block VMAC IGMP/MLD + messages" removed libxtables-dynamic option, since it was only used to + load the ip_tables/ip6_tables kernel modules, and there was already other + code to load modules. The original commit, however, omitted to update + keepalived.spec.in. + * Include firewalld documentation. + * Improving logging of error if kernel doesn't support PROC_EVENTS + OpenWRT has kernels build with PROC_EEVNS enabled, and it was outputing + an unhelpful error message. + This commit will not log the PROC_EVENTS is not built into the kernel + unless the log detail (-D) option is specified, or the configuration uses + track_process. + * Resolve file descriptor errors on reload + If a read or write thread was on the thread reaady queue when a + reload was processed, the file descriptor was not removed from the + epoll instance. + This commit ensures that file descriptors relating to threads on + the thread ready queue are removed from the epoll instance during + a reload. + * Log correct address family when interface doesn't have required address. + * Stop track_process.h including itself. + * Update package requirements for Debian. + * Add more detailed track-process debugging. + * Fix track_process with PIDs > 32767 + * Add more track_process debugging. + * Correct detection of success loading module xt_set. + The detection of success loading the module was reversed, so that + if it failed it thought it was successful, and vice versa. This + meant that if it was not successful loading the module, it would + attempt to use ipsets, and if it was successful loading the module + it would not. If the module was already loaded, then there was no + problem. + * Update info on using nft --debug. + * Add README icon for snaps. + * Fix intermittent "child lost" messages. + Issue #1364 identified that occassionaly a "child lost" message could + be logged. Although keepalived continued working as expected, the + "child lost" message indicated that something wasn't working properly. + If a vrrp track script had a timeout in the script that was the + same as the script timeout configured in keepalived, when the system + was heavily loaded it was possible for the timeout to occur, followed + by the termination before the timeout thread was run, in which case + the termination would be lost because the child thread was no longer + on the child_pid queue, but on the ready queue. + This commit leaves threads on the child_pid queue after a timeout, and + only removes it when the timeout thread is run. That means that if the + termination is received before the timeout thread is run, the thread + (now on the ready queue) can be updated to be a termination rather than + a timeout. + * Add configuration/state dumping for BFD with SIGUSR1. + The VRRP and checker processes dump their configuration/state, and + this commits and the same for the BFD process. + * Stop always going to fault state on reload if have bfd tracker. + On a reload, the state of a new bfd tracker should be set from the + state of the old matching tracker, rather than the other way around. + * Resolve some issues identified by LGTM. + * Clarify in man page when ip_family is required for virtual servers. + * Don't check _WITH_LVS_ defined in chack_data.h + If check_data.h is being included anywhere, then _WITH_LVS_ must + be defined. + * Stop checking that persistence_granularity is a solid netmask for IPv4 + ipvsadm and the kernel do not require a solid netmask, so we shouldn't + either. + * Allow persistence_granularity to be 0.0.0.0. + ipvsadm allows the netmask to be 0.0.0.0 and the kernel supports + it, so we should allow it. It is inconsistent with IPv6 which + doesn't allow a mask length of 0. + * Fix ipaddresstos when it is passed a buffer to write string to + Although ipaddresstos() was not correct, since it was never passed + a buffer, the problem never manifested itself. + * Stop segfault at reload when removing a ip rule without from address + Issue #1436 identified that removing an ip rule was causing a segfault + when keepalived reloaded. This is caused by always logging the from + address even if there wasn't one. + * Make bfd0 initialisation structure static. + * Ensure bfd thread_time_to_wakeup() doesn't return "negative" value. + If thread_time_to_wakeup() was called with thread->sands in the + past compared to time_now, the function overflowed and returned an + extremely high value, resulting in the thread not being scheduled + for another 585,000 years or so (on 64 bit systems). + This commit makes thread_time_to_wakeup() return 1 (microsecond) if + thread->sands is earlier than time_now. + * Make bfd's sand_out, sands_exp and sands_rst unsigned. + * Make timer_add_long return TIMER_DISABLED if called with TIMER_NEVER. + * Fix generation of keepalived.spec when libipset disabled. + * Fix building with --enable-debug option, but add deliberate error + Issue #1444 identified that keepalived would not build with the + --enable-debug option. This commits resolves the compilation errors + but also adds a #error statement if --enable-debug is selected, so + that the source code has to be editted to be able to build with the + option. + Since --enable-debug is not expected to work properly and is only + for debugging purposes, the #error statement will stop it being used + accidentally or being enabled in a distro's build of keepalived, for + example as Gentoo had done. Only developers/maintainers who are + prepared to edit the source code will be able to use --enable-debug. + * Make json_writer.c include "assert_debug.h" rather than + This means that the assert() code will only be enabled if the + --enable-asserts configure option is specified. + * Correct description of notify_master_rx_lower_pri in keepalived.conf(5). + * Reorganise debug configuration + --enable-debug enabled several different sets of debugging functionality. + That is now split out into: + --enable-genhash-debug + --enable-checker-debug + --enable-smtp-connect-debug + --enable-mem-err-debug + --enable-one-process-debug + All options except --enable-one-process-debug also require enabling at + runtime. This means that a debug version of keepalived cam be build with + almost all debugging built in, but different debugging can be selectively + enabled at run time, to avoid being overwhelmed with unwanted debug output. + The --enable-debug option now enables all debugging options except + --enable-genhash-debug + --enable-one-process-debug + This is essentially the debug options that can be controlled at run time. It + also sets --enable-log-file so that logging output can be written to log + files rather than syslog. + keepalived -h shows all the built-in debugging options and how to enable + them. + * Turn of checksum debugging unless enabled from command line. + * Clear previous parser errors at startup or when reloading + When keepalived starts, the parent process reads the config. If there + was an error such as a missing } or extra { the skip_block flags was + left set, so when the child processes read the configuration, they + just skipped everything. This also meant that the configuration was + not correctly parser when reloading. + All parser state variables are now reinitialised before the configuration + is read. + * Fix a checker process segfault when reloading with ha_suspend + If ha_suspend was enabled, when the checker process reloaded, it + left an old pointer to the read thread for the netlink monitoring + fd. When the process subsequently terminated, it tried cancelling + the thread using the old pointer, and would often segfault. + This also meant that after a reload, the checker process would no + longer be monitoring address changes, in other words ha_suspend + would not work. + Before a reload, both for the vrrp and the checker process, the + thread is cancelled and the pointer to the thread cleared. After + a reload the checker process now adds a new read thread, so ha_suspend + will continue working after the reload. + * Add signal to trigger thread dump when built with --enable-thread-dump. + * Update snapcraft.yaml to remove Ubuntu 14.04 and add 19.10 kernel. + * Fix building snaps for 5.3 kernel. + * snap: Fix checking for s390x. + * snap: Improving logging of kernel header version in snap build logs. + * snap: Add missing in snap logs. + * Update nopreempt documentation in keepalived.conf(5) man page + Issue #1457 suggested that the documentation for nopreempt was not + clear, so this update attempts to clarify the situation. + * Fix building with network-timestamp without checksum-debug + Commit 844e197 - "Reorganise debug configuration" had an incorrect + conditional compilation check, which this commit resolves. + * Fix VRRP priority after weighted track files leaving fault state + Issue #1460 identified that the VRRP priority was incorrect after a + weighted track file exited fault state. This commit resolves the issue. + * Correct typo in keepalived.conf(5). + * Fix DNS_CHECK when name ends with a '.'. + Issue #1462 identified that DNS_CHECK was not working with + name example.jp. + It transpired that if the name ended with a '.', the terminating + zero length was not being written to the query packet. + * Fix generation of keepalived.spec + An AM_CONDITIONAL was missing for DEBUG + * Fix vrrp dont_track_primary. + VIPs on the primary interface were causing the interface to be + tracked. keepalived now checks when adding an interface for tracking + VIPs or eVIPs that it is not the primary interface of the vrrp instance + if dont_track_primary is set. + * fix: unknown keyword 'mh-fallback' and 'mh-port'. + * Fix detecting of kill failure for MISC_CHECK scripts + github @lankstra pointed out that the check for kill failing for + misc check scripts was inverted, so this commit corrects that, and + the code now matches the similar code in vrrp_script_child_thread(). + * Update Dockerfile + 1. Update to use alpine:3.10 as the base container + 2. Include libnftnl-dev in the build to support nftables + 3. Install automake package for building keepalived + 4. Run build_setup + The reason for installing automake and running build_setup is that + if the version of automake is different from what is installed in the + container, then the links set up by automake --add-missing on the host + will not work in the container used for the build. + * Actually update docker to use alpine:3.10. + * Resolve some warnings when building with ulibc. + * Handle a newer libnftnl with an older kernel + To use NFT_LOOKUP_F_INV we need to check that both it and + NFTNL_EXPR_LOOKUP_FLAGS are defined. Previously we only checked + the latter. + * Change order of IPVS commands on quorum change to allow a sorry server + to be the same as a real server. + * Further code to hanve sorry server being same as a real server + Commit 6f03bb2 - "Change order of IPVS commands on quorum change" allowed + a sorry server to be the same as a real server. This commit now adds some + additional code to ensure that it operates without errors being reported. + * Check, report and handle a duplicate real server on a virtual server. + * Change some log_message()s to report_config_error()s in IPVS code. + * Cosmetic alignment corrections in check_data.h. + * Tidy up a Linux version comment in configure.ac. + * Remove configure check for SCHED_RR. + It has existed since at least Linux 2.4.32. + * Add README.kernel_versions to document kernel dependant features. + * Add tools/timed_reload + This script makes keepalived reload its configuration at a specified time. + If there are several keepaliveds running on different systems, then can be + scheduled to all reload at the same time, by running the script on each system. + This is useful if the old and new configurations are not compatible with each + other. + * Add option to set preferred lifetime for static and virtual IPv6 addresses. + Generally virtual ip addresses will want to be deprecated, but static + IPv6 addresses may or may not want to be deprecated. Previously the code + deprecated IPv6 addresses only if that had a /128 mask. + This commit retains the old settings as default, but now allows the + preferred_lft to be specified for each address. + +2019-10-19 Alexandre Cassen + * keepalived-2.0.19 + * Allow persistence, scheduler and flags of VS to be changed on reload + A virtual server is identified by its IP address, protocol and port, + or the firewall mark and address family, and not by the persistence + settings or scheduler and scheduler flags. When comparing virtual + servers on a reload, don't check persistence and scheduler settings + match, but update them if necessary. + * Ignore default RS settings when comparing VSs after reload + Various default settings for real servers belonging to a virtual + server can be configured against a virtual server. These settings + should be ignored when comparing virtual servers following a + reload. Any differences in real server settings will be handled + separately. + * Clarify what IPVS persistence engines are supported in man page + * Allow RS forwarding method to be changed on reload + A real server is identified by its IP address and port, and not by + the forwarding method. When comparing real servers on a reload, don't + check the forwarding method, but update it if necessary. + * Check address family when comparing fwmark VSs on reload + * Update test tcp server + * Allow more than one BFD instance with a neighbour + This commit now checks both the neighbour address and the source/local + address when finding a BFD instance. This means that more than one BFD + instance can be set up with the same neighbour, so long as a different + local address is used. + * Make PID files group and world readable + Issue #1378 identified that PID files were created without group + and work read in the file permission bits being set, due to the umask. + This was causing a problem, since a non-root user was needing to read + the PID file. + This commit now forces the file permissions of PID files to be: + owner=rw, group=r, other=r. + * Fix erroneous error message when creating IPv4 ipvlan interfaces + The code was checking for a return value != -1 to identify an error, + whereas it should have been checking for return value != 1. + * Ignore reloading signals till signal_init call + * fix bug in vrrp_json_track_ifp_dump() + * Fix handling unknown user in MISC_CHECK + If the user was unknown, it wasn't dequeuing the new checker, resulting + in a subsequent coredump. + * Fix ~SEQ handling + Commit 47b2207 - "Add const attribute where appropriate in config parser + code" broke handling of ~SEQ, due to including one extra character at the + end of the sequence variable name. + This commit corrects the length of the variable set as part of the ~SEQ + processing. + * Revert "Fix route add/delete on reload if only change via address" + This reverts commit f54c2e8294c6f2080c3ae951ba25bf40d5b8d211. + The commit did the wrong thing: the via address is not part of the + key of the route. + The problem was that if it detected it already had a route with the + same key, it replaced the route, but with the old route and not the + new one. The next commit will rectify this. + * Correct handling of replacing routes on reload + Issue #1390 identified that a route with a changed source address + wasn't being changed on reload, and identified that the problem was + related to issue #1220. + It turns out that commit f54c2e8 which resolved issue #1220 was not + the correct fix. The problem was that when reloading, if a new route + matched an old route, the old route was replaced with the OLD route + (i.e. it did nothing), rather than replacing it with the NEW route. + This commit now replaces the old route with the new route. + * Add addresses/routes/rules in that order and delete in reverse order + Routes can requires addresses to exist in order to be able to add them, + and rules determine which routes are used. + * Fix not logging error on deletion of expired route + * Make netlink_route() return bool, and add some LIST_FOREACH + * Handle changing virtual route to use new VIP on reload + During a reload, routes replacing existing routes are replaced, as + opposed to deleted and added; this avoids the route disappearing for + a short while. However, if a new route uses a VIP that didn't exist + in the old configuration then the route replacement will fail. + The code is now changed so that it attempts to replace the route, but + if that fails, it deletes the old route and later adds the new route + after the new VIPS have been added. + * Don't log EPOLLERR or EPOLLHUP - they can occur with TCP_CHECK + * Fix tcp_server getopt() handling + * Properly handle MISC_CHECK script returning exit status 0 + If a MISC_CHECK script returned an exit status >= 2, and then the + script returns 0, the weight of the real server was not updated + following the script returning 0, and the quorum also wasn't updated. + This commit makes keepalived update the weight of a real server and + the quorum following a MISC_CHECK returning a 0 exit status. + This is a change of behaviour for MISC_CHECKs whose scripts return + an exit status >= 2 subsequently followed by an exit status of 0. + However, the new behaviour is consistent with the documentation and + is also the behaviour that would be expected. Some users may need to + modify their MISC_CHECK scripts if the scripts return an exit code >= 2 + and subsequently return an exit code of 0 expecting that to mean that + the status hasn't changed. + * Correct documentation re range of values for Virtual Router ID + The valid range of values for the VRID is 1 to 255, and does not + include 0. + * Handle script timeouts when child process has terminated + Issue #1364 identified that if a track script timed out and the kill + of the process failed to to its exit status already having been reaped, + keepalived would never run the track scripts again. It transpires that + the same problem existed with MISC_CHECK scripts. + The commit now ensures that after the timeout the script will be set + to idle state, so that it can be run again. + * Clear thread_master current_event when cleanup thread_master + The current_event was left pointing to an event that had been deleted, + with the consequence that if the next epoll event matched the outdated + current_event, that outdated event could be used. + This commit clears the current_event when the thread_master is cleaned up. + * Add errno numbers to some bfd error messages, rather than just text + Although the strerror() text is helpful, it is often useful just to + know the error number. + * Enable FIFOs to receive initial fault notifications at startup + Issue #1399 identified that if a track_file caused a VRRP instance + to start in fault state, there was no notification of the fault sent + to the notify FIFOs. + This commit implements the suggestion of chenwng in issue #1399 and + moves the opening of the notify FIFOs to earlier in the init process. + * Resolve incorectly identified Coverity error + * Define VRRP and BFD initialisms + * Add support for nftables blocking IGMP/MLD packets on VMAC interfaces + Issue #882 identified that VRRP instances using VMACs sent IGMP/MLD + packets using the MAC address of the VMAC interface even when the + vrrp instance was in backup state. This meant that switches would + update what interface the VRRP MAC address was on to the backup + instance, thereby meaning that until the master instance sent another + advert, packets destined to be forwarded by the master instance would + be delivered to the backup instance and lost. + This commit adds support to use nftables to stop the packets being + send from the VMAC interface (and thereby using the 00:00:5e:00:0x:xx + MAC address), and instead the packets are sent on the parent interface. + How this is acheived depends on whether the kernel supports the dup + statement; if it does the IGMP messages are simply moved from the VMAC + interface to the parent interface otherwise the join groups are done on + both the VMAC interface and the parent interface, and nftables drops + the join messages on the VMAC interface. + This functionality might be better implemented using eBPF, but older + systems don't support that, and I still need to work out how to use + eBPF. + * Add support for using iptables to block VMAC IGMP/MLD messages + Commit b10bbfc2a added support for using nftables to block + IGMP/MLD messages being sent VMAC interfaces. This commit adds + the equivalent functionality using iptables. + * Improve checking of incompatible configure options + * Fix Travis-CI build errors + * Don't attempt to remove IGMP blocking iptables rules for IPVLANs + We don't block IGMP/MLD for IPVLANs so there are no rules to remove. + * Turn off nftables mnl debug logging + * Don't log an error when deleting nonexistant nftable at startup + Since there is no native flush command to the kernel to delete all + the rules, sets, meters etc in a table, we just delete the table, + and if the table doesn't exist an error is returned. + This commits stops the error being logged, since it isn't an error + of interest. + * Minor tidying up of setting up nftables + * Fix error when setting up nftables with eVIPs from other family + The sequence number of nftables netlink messages was getting out + of order when a VRRP instance had both IPv4 and IPv6 entries. + This is now resolved by checking for the existance of residual + tables of both families when keepalived first checks for residual + tables. + * Remove some duplicate nftables code + * Remove inhibit_on_failure from keepalived.conf(5) man page + The inhibit_on_failure keyword does not apply to checkers, and is + not implemented for them. + * Remove vi swap file erroneously included in previous commit + * Add additional logging of reasons for vrrp instances going to fault + Pull request #1353 suggested adding additional logging for reasons + for vrrp instances going to fault state at startup, and for track + file status changes. + This commit merges those changes, fixes one error, and only logs + track file status changes if the -D option (log detail) is set. + * Make skip_check_adv_addr work properly + Keepalived was checking the received advert packet length against + the expected length based on the number of VIPs configured on the + vrrp instance. This commit changes the check so that the received + packet length is checked against the number of VIPs in the VRRP + packet header, thereby ensuring that the advert packet is self + consistent. + The check for the number of addresses is now only done if + skip_check_adr_addr is not set (which matches what the RFC says). + Note: skip_check_adv_addr only skips the check of VIPs in a received + packet if the advert is received from the same master as the previous + advert. + With this commit, if skip_check_adv_addr is set, it is possible to + reload a master instance with a different number of VIPs, and then + subsequently reload the backup instance, without the backup instance + becoming master due to the mismatch of the number of VIPs. + +2019-07-26 Alexandre Cassen + * keepalived-2.0.18 + * Set NA_ROUTER flag in gratuitous NA messages appropriately. + Previously keepalived checked the IPv6 forwarding state of the interface/ + parent interface of a VRRP instance, and used that for all GNA messages. + However, if addresses are configured on different interfaces, it should + be the setting for the address's interface that is used. + * Fix memory leak with dbus_instance_name. + * Make set_value() add entry for memcheck identifying where called. + * Add configure option --enable-checksum-debug. + Issue #1175 identified that intermittently they were getting VRRPv3 + checksum errors. The maintainers of keepalived were unable to reproduce + the problem despite extensive testing, and so a special patch was produced + to check and log any checksum changes from previous adverts sent or received. + Almost two months later there has been no feedback. The patch has now been + forward ported from v2.0.12 to v2.0.17 and is included here, enabled by + --enable-checksum-debug option, so that if there are ever any checksum problems + in the future this code can be used to ascertain what is happening. + * Fix configuring LVS sync daemon in backup state. + Commit eb929f8 - "Stop LVS sync daemon on shutdown" moved shutting + down the LVS sync daemon to the wrong place, so that it was called + whenever a VRRP instance transitioned out of master state. This + commit moves the shutting down of the sync daemon to shutdown phase 1, + and it is shutdown before the VRRP instances are shut down. + * Increase open file limit for checker process if no of checkers need it. + TCP, HTTP/SSL, DNS and SMTP checkers all use a socket. If there is a + sufficiently large number of checkers, the default open file limit may + be exceeded. This commits counts the number of such checkers, and also + thr number of smtp_alerts, and if necessary increases the open file limit + to allow them all to run at once. + * Ensure MISC_CHECK processes don't get increase open file limit. + * When checking number of open files for vrrp process, allow for smtp + alerts. + * Combine checker set_max_file_limit() and set_vrrp_max_fds() common + code. + * DNS_CHECK: correct error info in dns_type_handler func. + Sometimes, users set two type values by mistake in keepalived.conf, + and the first is right and the second one is not in DNS_TYPE[]. + Then the dns_check->type is set successfully when parsing first type value + , which may be different from the default SOA. As for the second one, + the dns_type_handler func will print error info "Defaulting to SOA", + actually, currently the dns_check->type may be not equal to SOA. + Here, we will print the dns_type_name(dns_check->type) instead of "SOA". + * Simplify restoring RLIMIT_NOFILE for child processes. + * Simplify handling incorrect dns_check type. + * Add missing track_process documentation to keepalived.conf(5) man + page. + * Add weight "reverse" feature to track_bfd. + The reverse feature allows reducing the priority when the tracker is up + and reducing the priority when the tracker is down. + * Add weight "reverse" feature to track_interface. + The reverse feature allows reducing the priority when the tracker is up + and reducing the priority when the tracker is down. + * Add weight "reverse" feature to track_script. + The reverse feature allows reducing the priority when the tracker is up + and reducing the priority when the tracker is down. + * Update alloc_track_file() and alloc_group_track_file() to be + consistent. + * Allow reverse tracking with weight 0. + This allows a vrrp instance to go to fault state if an interfaces is UP, + or a track script or bfd instance is up, or a track process has achieved + quorum, and down otherwise. + * Fix reverse on track_script when configured on sync group and instance + If a track script was configured on both a vrrp instance and the sync + group that the instance was configured in, then the reverse setting + wasn't being properly carried forward. + * Add weight "reverse" feature to track_file. + The reverse feature allows reducing the priority when the tracker is up + and increasing the priority when the tracker is down. + * Make track_bfd reverse handling consistent with other trackers. + * Add track weight reverse to SNMP output. + * Add vrrp track_bfd details to SNMP output. + * Add vrrp track_process details to SNMP output. + * Disallow --enable-track-process-debug with --disable-track-process. + * Add conditional compilation around track_bfd/process SNMP code. + * Remove duplicate code for parsing vrrp and sync group trackers. + The code for parsing trackers for vrrp instances and sync groups + was to all intents and purposes identical, so this commit now uses + common code for both of them. + * sll_protocol should be set to 0x806. + Some times , send the gratuitous ARP message should set sll_protocol, + let some drivers can evaluate which protocol we use. + * Neighbor discovery set sll_protocol. + * Fix SNMP VRRPv3 IP address OIDs returned. + The OIDs returned for SNMPv3 addresses were incorrectly formatted, + including one extra subid that was the length of the IP address. + * Don't use numeric values of address lengths for VRRP SNMP v3. + * Stop returning not-accessible fields for v2 SNMP. + * Stop return not-accessible fields for v3 SNMP. + * Use common code for VRRP tracker SNMP output. + Many functions were using the same, fairly large, code block to do + the same thing. These are now standardised to use the new function + snmp_find_element(). + * make some vrrp snmp function parameters const. + * Make virtual_server_t vsgname const. + * Fix SNMP reporting of virtual server group fwmark and address + ranges. + * More SNMP fixes for virtual server group fwmark and address ranges. + * If virtual server is fwmark and rs's tunnelled, default to IPv4. + If a virtual server uses a fwmark, and all the real servers are + tunnelled, the address family could be IPv4 or IPv6. If the family + is not specified, default to IPv4 (to match behavious of ipvsadm). + * Make LIST_SIZE safe to use if list is not assigned. + * Optimisations to snmp_header_list_table(). + * Optimisations to snmp_find_element(). + * Further optimisation to snmp_find_element(). + * Add support for IPVS GUE tunnel type + This functionality was introduced in Linux 5.2. + To view the IPVS setup with ipvsadm requires ipvsadm v1.30 plus + commits 2347b504e3ce and c3c2c3c6ae12e3. + * Add support for IPVS GUE tunnel checksum option. + The kernel functionality is scheduled for Linux 5.3. + * Add support for IPVS GRE tunnels. + The kernel functionality is scheduled for Linux 5.3. + In addition to the ipvsadm patch requirements identified for GUE + tunnels, the patch at + * Add pure attribute to http_get_check_compare(). + GCC was suggesting adding the pure attribute to http_get_check_compare() + so let's do so. + * Resolve warnings from gcc 9.1.1. + * Resolve all outstanding coverity issues. + * Fix use of getrandom() in BFD rand_intv(). + * When resetting priority of child process, don't change parent's priority + Issue 1358 identified that it was the priority of the parent process, + rather than the child process, that was being reset. This commit corrects + that and resets the priority of the child process. + * Add missing bfd_instance vrrp and checker keyword documentation. + * Don't send bfd events to vrrp or checker process if no + configuration. + If there is no vrrp configuration, or no checker configuration, there + is no point sending bfd_event notifications to the relevant processes. + Actually, since the processes may not be running, sending such + notifications can cause the pipes to become full, so it is necessary, + as well as desirable, not to write events to the pipes in those + circumstances. + * Revert use of getrandom() for bfd jitter. + This can be called up to 1000 times a second per bfd instance, and + so risks emptying the entropy pool. + * Use random() rather than rand() in bfd rand_intv(). + The rest of keepalived uses random(), so this changes creates more + consistency. + * Allow bfd discriminator to be an odd number. + rand_intv(1, UINT32_MAX) was always returning an even number, since + RAND_MAX == UINT32_MAX / 2. This commit sets the lsb of the discriminator + to the lsb of the current time in seconds. + * Ensure BFD source port in range 49152..65535. + RFC5881 requires the source port for BFD packets to be in the above + range, but keepalived was allowing the port to be randomly generated + by the kernel, and hence could be outside the range. + This commit sets the permitted port range to the intersection of + [49152, 65535] and the values in /proc/sys/net/ipv4/ip_local_port_range, + unless the intersection is too small, in which case it just uses the BFD + specified values. + keepalived generates a random port number in the required range, and then + loops through the range starting from the random port number until it + finds one it can bind to. + * Resolve coverity resource leak issue 218872. + * Resolve coverity Resource leak issue 218875. + * Resolve coverity Resource leak issue 218876. + * Resolve coverity Unexpected control flow issue 218873. + * Change code to avoid coverity String length miscalculation issue 218874 + The code was correct, but as coverity points out, strlen(str + 1) is more + likely to be an error for strlen(str) + 1, so avoid the use of the former + construct. + +2019-06-25 Alexandre Cassen + * keepalived-2.0.17 + * Add support to define CPU affinity for vrrp, checker & bfd processes + Created 3 new configurations keywords to set CPU affinity of Keepalived + processes : vrrp_cpu_affinity, checker_cpu_affinity & bfd_cpu_affinity + This option can be used to force vrrp, checker and bfd processes to run + on a restricted CPU set. You can either bind processes to a single CPU + or define a set of cpu. In that last case Linux kernel will be restricted + to that cpu set during scheduling. Forcing process binding to single CPU + can increase performances on heavy loaded box. for example: + "vrrp_cpu_affinity 2" will force vrrp process to run on cpu_id 2 + "vrrp_cpu_affinity 2 3" will retrict kernel scheduling decision over + cpu_id 2 & 3. + * correct syntax error when _HAVE_VRRP_VMAC_ && no HAVE_IFLA_LINK_NETNSID. + * Stage libmnl and libnftnl4. + * Add dynamic download of kernels using scriplets Also added + Linux 5.0.0 build. + * Example build using EOL kernel from old-releases. + * Modify snapcraft.yaml to dynamically source correct kernel versions. + * dump processes CPU Affinity while dumping global conf. + Add support to dump CPU Affinity for each Keepalived processes where + CPU Affinity has been changed by configuration. + * Don't enclose /dev/tcp/127.0.0.1/22 in ' chars when running as script + RedHat identified a problem with scripts like: + vrrp_script { + script "' resolves the problem. + * Add support for use_ipvlan (use an ipvlan i/f similar to use_vmac) + Issue #1170 identified that use_vmac didn't work with systemd-networkd + since systemd-networkd was removing IP addresses created by keepalived + (and any other application). It was discovered that systemd-networkd + did not remove IP addresses from ipvlans. + This commit adds support for ipvlans, but to work around the problem, + and because it might have other uses. + Systemd commit - https://github.com/systemd/systemd/pull/12511 has added + configuration options to stop systemd-networkd removing IP addresses + added by other applications, but it is not merged yet, and it will be a + while before all the distros merge it. + * Fix building with ipvlans before IFLA_IPVLAN_FLAGS was defined. + * Default IPVLANs to bridge mode + We shouldn't change the behaviour if a kernel is upgraded, so + default to the original mode supported. + * Ensure that -lm linker library flag is always set + configure was testing whether it was necessary to add the -lm option, + but for some reason gcc adds it itself if -Os is not specified, but + does not add it if -Os is specified. Consequently if configure was + run without -Os, and make was run with -Os the link failed. + The commit ensures that -lm is always used. + * Handle checking for -Wl,-z,relro and -Wl,-z,now properly. + * Honour CFLAGS, CPPFLAGS, LDLIBS and LDFLAGS settings when configure runs. + * Propogate CFLAGS, CPPFLAGS, LDFLAGS and LDLIBS from configure to make files + Make sure any settings in CFLAGS etc at the time configure is run are added + to the Makefiles, to ensure that the make is run in the same environement + that configure is run in. + * Use CFLAGS, CPPFLAGS, LDFLAGS and LDLIBS correctly + Use the correct variable for the relevant option type, e.g. -llib + should be in LDLIBS, not LDFLAGS, and -Ddefn should be in CPPFLAGS + not CFLAGS. + * Fix non-ipvlan interfaces broken by adding ipvlans. + * Check bfd instance name length before copying. + * Add lib/container.h to avoid duplicate definition of container_of. + * Revisited code to use const declaration where appropriate. + * Add STRDUP/STRNDUP functions. + * Add FREE_CONST, FREE_CONST_ONLY and REALLOC_CONST. + * Change thread_t * to thread_ref_t except in thread handler code + Treat the thread reference as a handle, so that the only code that + manipulates thread structures is in the scheduler. + * Add STRDUPs in check_data. + * Add STRDUP in bfp parser code. + * -U flags should be included in CPPFLAGS + * Update track_process documentation. + Issue #1265 requested further clarify regarding the track_process + process specification and use of quote marks. + * Fix building on Linux 3.13 (required for building snaps) + * Ensure 4 extra parameters are set for notify scripts with no shebang. + * Streamline functions returning string matching a define. + * Make addattr8/16/32/64 and rta_addrattr8/16/32/64 inline functions + Since these functions simply call addattr_l/rta_addattr_l, making the + functions inline removes the overhead of one function call. + * Add genhash option -P to select HTTP 1.1 or 1.0 with Connection: close + Max Kellerman (max.kellermann@gmail.com) submitted pull request #1260 + to add "Connection: close" to the HTTP header sent by genhash. In order + to maintain backwards compatibility, this has been implemented as an + option '-P 1.0C'. In addition, '-P 1.1' requests that a version 1.1 + header is sent (which includes 'Connection: close'). + * Add http_protocol option for HTTP_GET and SSL_GET checkers. + To be consistent with commit 2ff56f5 - "Add genhash option -P + to select HTTP 1.1 or 1.0 with Connection: close", this commit + adds the http_protocol keyword for HTTP_GET and SSL_GET checkers. + 'http_protocol 1.0C' adds 'Connection: close' to a 1.0 header, and + 'http_protocol 1.1' sends an HTTP/1.1 header, which includes the + 'Connection: close' option. + * Tidy up the recieve message processing code loops in genhash. + * Add genhash -t timeout option. + * Simplify thread process in genhash after send HTTP request. + * support http status_code group + The origin status_code only support one specific code, now we can + support http status_code of the same class. That's to say, we can + use 1xx to represent 100-199, 2xx means 200-299 ans so on. + eg: The configure as follows: + url { + path /index.html + status_code 2xx 3xx + } + which means we consider all status_code range in [200,399] is ok. + Of course the following configure is either 200 or [300,399] is ok. + url { + path /index.html + status_code 2xx 3xx + } + * Fix compiler warnings introduced in commit c7c23a2 + Commit c7c23a2 - "support http status_code group" introduced + two compiler warnings, due to isdigit() being undeclared, and + a shadows declaration. These warnings are now resolved. + * Use standard bit testing and setting functions + Commit c7c23a2 - "support http status_code group" added additional + bit testing and setting functions, rather than using the already + defined ones in bitops.h. + This commit also resolves the assumption that longs are 64 bits, and + will allow the code to work with longs of any length. + The original commit would cause all status codes 100 to 599 to be + written when the configuration was dumped, regardless of whether + the specific codes were set. This commit now writes the status codes + in ranges. + Finally, if no status code is configured, it sets the bits for the + default status codes (200-299). + * Change how http status codes are configured + Commit c7c23a2 - "support http status_code group" allowed status codes to + be specified as 2xx, meaning 200-299. This commit changes the configuration + so that 2xx etc is no longer used, but status code ranges can be specified, + e.g. status_code 150 180-189 200-299 503 510-520 + * Update documentation for commit c7c23a2. + * Fix a memory leak and duplicate free in HTTP_GET checker. + * Fix sending SMTP alerts + Issue #1275 identified that SMTP alerts were not working. The SMTP alerts + were broken by commit 5860cf2 - "Make checker fail if ENETUNREACH returned + by connect()", since the SMTP state machine was not updated to handle the + addition value in enum connect_result. + This commit adds code to handle the additional enum, but also makes the + code less sensitive to such changes, and more likely to produce compiler + warnings/errors if appropriate updates are not done in the future. + * Fix various compilation warnings with certain configure options. + * Update location of PID file to match Filesystem Hierarchy Standard v3.0 + Issue #1277 identified that PID files should be created in /run rather + than /var/run, and that systemd logged a warning if the service file + specified PIDFile under /var/run. + This commit now makes keepalived use the appropriate directory for PID + files as determined by configued (rather than doing its own thing), and + configure now uses /run in preference to /var/run. + * Stop LVS sync daemon on shutdown + The shutdown of the sync daemon was delayed to phase 2 of the shutdown + which meant that the controlling VRRP instance could never be in the + master state. We now stop the sync daemon in phase 1, when the VRRP + instance is transitioned out of master state. + * Use -isystem rather than -I for path to kernel headers + Using -isystem rather than -I allows the dispensation for some warnings + to system headers to apply to the kernel header tree we are specifying. + This stops some warnings that would not occur with kernel headers under + /usr/include but that were being generated when -I was used (it + nevertheless has helped identify two bugs). + * Ensure check system headers for definition of NFT_TABLE_MAXNAMELEN + Prior to Linux 4.1 NFT_TABLE_MAXNAMELEN was not defined, but we must + include linux/netfilter/nf_tables.h before checking whether it is + defined or not! + * Improved configure testing for + * Add warning -Wwrite-strings and resolve new warnings. + * Add -Wdouble-promotion and resolve new warnings. + * Add -Wformat-signedness and resolve new warnings. + * Fix building on Ubuntu 16.04 with --disable-vrrp + The addition of including was needed on Ubuntu 16.04, + whereas it wasn't necessary on Fedora or Debian. + * Explicitly include where print format names are used. + * Add more -Wformat-* options and resolve new warnings. + * Add -Wframe-larger-than=5120 + The largest frame is just under 4200 bytes (which may be more than we + want anyway), but adding this warning will at least tell us if a stupidly + large frame is created in the future. + * Fix spelling of -Wmissing-field-initializers. + * Fix definition of PRI_rlim_t generated by configure on 32 bit systems. + * Rseolve warning re >=0 comparison for unsigned value. + * add min max judge + Although even if min > max, the code works well. We better to print + the error config to let the user know this. + * Ensure correct definition of MAX_ADDR_LEN is used + defines MAX_ADDR_LEN as 7, and + defines MAX_ADDR_LEN as 32. We need to ensure we have the longer one. + * update doc samples of keepalived.conf.status_code. + * Fix compiling on Alpine Linux 3.7. + * Update list of packages to install on Alpine Linux. + * Send GARP/NA message when leaving fault state if using unicast + If the master's ARP entry for a backup route has expired and we are + using a short advert interval (< 0.5 seconds), then the backup router + could timeout receiving adverts before the master sends its next + ARP/NDISC message; until it has had a reply to that it cannot send any + adverts to the backup router in question. + This commit makes a VRRP instance that is using unicast send a GARP/NA + when it transitions out of fault state, to ensure that the master (or + local router) can send adverts to us immediately. + * track_process: handle different threads having different names + prctl(PR_SET_NAME) is a per thread property, not a per process + property, so when a PROC_EVENT_COMM event is received, we need to + check that the tid == pid, so ensure that only the main (initial) + thread that COMM changes are considered for. + * Fix some log_message for specifiers in track_process.c. + * Fix for JSON characters escaping. + * Don't attempt to create a macvlan when using an ipvlan + netlink_link_add_vmac() detected an interface had been created, and + so didn't attempt to create a macvlan, but netlink_link_add_vmac() + shouldn't be called in this circumstance. + * On reload, report addresses being removed as removed, not thos remaining. + * Don't add further iptables entries on reload when using ipsets. + * Stop deleting VMAC/IPVLAN interfaces on reload when still needed. + * Fix formatting of email To: line. + * Improve efficiency of setting up SMTP headers. + * Fix segfault when we do not config vsg. + * Fix issues reported by coverty (unchecked return value, buffer overrun, + Logically dead code, uinitialized var, explicit null dereferenced, ...) + * Resolve compiler warning in list_sort(). + * genhash: make printssl a static function. + * Change strncpy() to strcpy_safe() in smtp_final(). + * Convert some snmp list loops to use LIST_FOREACH. + * Make inet_stosockaddr() return bool rather than int. + * Fix checking for VMAC/IPVLAN no longer used after reload + Pull request 1310 identified that there was a problem building + keepalived with VLANs but without ipvlans. The code that needed + changing was also incorrect so this commit resolves both issues. + * Fix false-positive send_instance_notifies calls + Issue #1311 identified that duplicate notifies were being sent on + a reload, and pull request #1312 provided a fix. Unfortunately other + intervening commits stopped the original patch applying, so this + updates the original patch. + The patch also stops duplicate logging of vrrp instance states on + reload when there has been no change. + * Set thread parameter value explicitly to 0 when add timer thread + It is possible for a function to be called either from a timer thread + or an event thread. When an event thread is added, a vlue can be passed + which will be passed to the function, but currently there is no way to + set the value for a timer thread (a function thread_add_timer_val() can + be added when needed), but in order to allow the value to be used with + an event thread, it needs to be explicitly set to something when called + via a timer thread, so just set it to 0. + * Remove VRRP_DISPATCHER definition - it was not used. + * Some minor tweaks for the format of keepalived.data. + * Make track_process, parser and dump_keywords --debug options. + * Change default to not check for EINTR if use signalfd. + * Don't send prio 0 adverts for deleted VRRP instance that wasn't master + When a VRRP instance ceases to exist following a config reload, we must + only send priority 0 adverts if the deleted instance was in master state + prior to the reload. + * Send notifies when vrrp instance deleted on reload + This commit makes notifies be send saying that the instance is in + fault state, since that is the closest we have to the instance being + deleted (the instance can't run since it is deleted which is quiet + similar to being in fault state). + * Streamline some HTTP_GET code. + * Simplify HTTP_GET epilog parameters + Parameters t and c weren't needed, since they can be determined from + the method parameter if we add REGISTER_CHECKER_FAILED. + * Set checker->has_run for HTTP_GET after failure + The behaviour we want after a failure of checking a URL at startup + is the same as if all checks had completed, so if there is a failure, + just set checker->has_run. + * Make http_get url_it point to list element rather than a counter + This makes fetching the next URL more efficient. + * When we run the initial HTTP_GET check, we don't want any retries + It isn't only the first URL that shouldn't have retries, but all of + them. This commit implements that. + * When an HTTP_GET url check fails, keep checking that URL until success + When a URL check has failed, there is no point checking other URLs until + we know the one that has failed is working again. The approach now is + that the failed URL is checked until it is Ok again, and then all the URLs + are checked before the checker is successful. This will reduce the recovery + time once the failed URL recovers. + * When starting up, don't delay between checking all the URLs + When we start up, particularly in alpha mode, we want to check the + URLs as quickly as possible, so don't delay by delay_loop between + checking each URL, but check them immediately one after the other. + * After HTTP_GET URL failure, delay max of delay_loop and delay_before_retry. + * After an HTTP_GET failure, check the URLs without any delay + This means that recovery will occur as quickly as possible. + * Some cosmetic changes to check_ssl.c. + * Add option fast_recovery for HTTP_GET. + Commits 3027e0c - "When starting up, don't delay between checking all the + URLs" and 86e02dd - "After an HTTP_GET failure, check the URLs without + any delay" removed the delay between URL checks both at startup and after + a URL check failure. This commit makes that options, and it will only do + the fast checking if fast_recovery is configured against the checker. + * Make set_value() check for missing parameter + Pull request #1308 identifed that if set_value() was called when + there wasn't a parameter on the command line, keepalived could + segfault since NULL was returned (examples were HTTP_GET with an + empty path specified, and DNS_CHECK with empty name). + This commit modifies set_value() so that keepalived will exit if + it is called with no keyword parameter is missing. Uses of + set_value() where no parameter did not cause a problem (e.g. where + the whole option was optional, such as virtual_host) now check if + the parameter is mising and report a configuration error. + * Handle vrrp tracked interfaces being down on reload + If the base interface of a vmac interface was down on reload, the + vrrt instance would not come back up after the base interface came + back up. + * Don't log error when sending priority 0 advert after interface goes down. + * Cosmetic change to address_exist(). + * Add information regarding SElinux and keepalived. + * Fix overflow status code + Under normal circumstances, status_code returns 100-599, + but if it is a constructed abnormal reply message, + it may be out of the range, resulting in the status_code + array out of bounds, and then keepalived segfault. + * Ensure HTTP status code is preceeded by a space character. + * Fix setting existing macvlan etc base interfaces at startup. + * Add further SELinux references. + * Resolve implicit declaration of function ‘strdup’ warning. + * Allow location of /run dir to be specified to configure + The commit adds configure option --with-run-dir=PATH + * Fix reloading when interfaces deleted and recreated + If have macvlans on a real interface, with vmacs configured on the + macvlans and the macvlans are deleted, the vmacs from them are removed + from the configuration, the configuration is reloaded, and this is done + for more than one macvlan, and then the configuration is reinstated + one by one with the configuration being reloaded, keepalived was + incorrectly setting some of the vrrp instances to fault state. This commit + resolves the issues. + +2019-05-03 Alexandre Cassen + * keepalived-2.0.16 + * Add log_unknown_vrids keyword. + Commit 21e6f5f added logging when a VRRP packet was received on an + interface and the VRID in the advert was not configured on that + interface. + Due to valid uses of keepalived having a VRRP instance on an + interface, but there being other, independent, VRRP instances with + different VRIDs on the same interface, this patch only enables logging + of unknown VRIDs if it is specifically configured. + * Stop segfault when reload and using -x option. + * Fix compilation error found by Travis-CI. + * Fix a couple of typos. + * Ensure check command line when needed for track process. + * Check if comm really changed when get PROC_EVENT_COMM_CHANGE. + * Fix debounce delay handling for track_process. + * Optimise add_process(). + * Remove processes no longer being monitored. + * Optimise check_process(). + * Ignore process threads for track_process. + * Allow matching of process parameters in track_process + This additional functionality was requested in issue #1190. + * Allow separate delay timers for fork and process exit in + track_process. + * Add quorum_max for track_process. + This allows track_process to go to fault state if more than a + specified number of instances of a process are running. In particular + it can go to fault state if more than one instance is running, and + also if any instance of a process is running. + * Add configuring process name. + With up to 4 processes running all named keepalived, it can be + difficult to know which is which. The commit adds the option to + allow process name to be set independantly for each process. + * Handle macvlans/macvtaps being moved into different namespace from parent + If a macvlan or macvtap interface is moved into a different namespace from + its parent, and the interface is in the namespace in which keepalived is + running, keepalived is unable to get information about, or configure, the + parent interface. In this case, treat the macvlan/macvtap interface as though + it doesn't have a parent interface. + There are a couple of consequences of this in this situation: + 1) If a vrrp instance is configured with use_vmac and its configured interface + is such a macvlan/macvtap interface, keepalived cannot ensure that the + arp_ignore and arp_filter settings are correct on the parent + 2) keepalived cannot check that there a not duplicate VRIDs being used on the + interface. + * Typo writing word error fix. + * Add vrrp instance priority change notifications on FIFOs only. + Issue #1213 requested notification of vrrp instance priority changes, + and this commit implements that with new FIFO messages: + INSTANCE "VI_0" MASTER_PRIORITY 220 + INSTANCE "VI_0" BACKUP_PRIORITY 254 + This has been implemented via notify FIFOs only, since the order of + processing of scripts is indeterminate if events happen quickly in + succession, potentially causing the last processed priority by a + script not to be the lastest priority, and using SMTP notification + would be ridiculous. + * Allow user and group ownership of FIFOs to be configured. + * Remove extraneous debugging message from process_name commit + Commit 4ad6d11 - "Add configuring process name" accidentally left + a debugging log message in the code. This commit removes it. + * Fix FREE error if tracked process has no parameters. + * Fix track processes when reloading. + * Fix route add/delete on reload if only change via address + If a virtual_iproute + src 100.100.100.100 2.2.2.2/32 via 100.100.100.2 dev eth0 + is changed to + src 100.100.100.100 2.2.2.2/32 via 100.100.100.1 dev eth0 + on a reload the route didn't get updated. The reason is that the + via address wasn't used in the comparison of routes, so keepalived + didn't detect that it had changed. + * Define TASK_COMM_LEN rather than use numbers in code. + * Fix promote_secondaries. + * Add snmpd.service to keepalived.service if SNMP enabled. + * Add issue templates for github. + * Make utils.c function parameters const where appropriate. + * Add missing info to check process dump file. + * Make ipvs_talk() error message more meaningful + The error message used to just output the IPVS command number, now + the name of the command is reported too. + * Make more use of LIST_FOREACH in ipwrapper.c. + * Change VS_ISEQ etc to be functions and correct them. + * Resolve removing virtual servers in virtual server groups after + reloading. + * Update NOTE_vrrp_vmac.txt re sysctl settings. + * Ignore base interfaces of macvlans if in a different namespace. + * Don't lose sin_addr_l and sin6_addr_l lists from interface when recreate + Issue #1232 identified that keepalived segfaulted when an interface was + recreated. This commit resolves the problem of the address lists being + lost. + * Fix commit 128bfe6 for pre v4.0 kernels + Commit 128bfe6 - "Ignore base interfaces of macvlans if in a different + namespace" added using IFLA_LINK_NETNSID to detect if the parent of an + interface was in a different namespace. Unfortunately that was only + introduced in Linux v4.0, so don't attempt to use it if it is not + defined. + For kernels older than v4.0 if a macvlan interface's parent is in + another network namespace, but the ifindex of the parent interface also + exists in the namespace in which keepalived is running, then keepalived + will believe the parent of the macvlan is the wrong interface. + * Fix commit 3207f5c - IFLA_LINK_NETNSID is not #define'd + This fixes commit 3207f5c - "Fix commit 128bfe6 for pre v4.0 kernels". + A configure test is needed to check for IFLA_LINK_NETNSID. + * Further fixes/improvements for MACVLAN parents in different + namespaces. + * allow to set zero weight for real server. + * Add comments re needing to enable protocol 112 in an AWS security + group. + * Check if base i/f of a residual macvlan is in correct namespace. + * Stop segfault if using DBus and have invalid VRRP configuration. + If a VRRP instance was removed by vrrp_complete_init() it was causing + a segfault in the DBus code. The commit moves the initialisation of + DBus until after the validity of the VRRP instances has been checked. + * Handle DBus process properly when reloading. + DBus may change from being enabled to disabled or vice versa and + the code didn't handle that. + * Close DBus pipes when stop using DBus. + * Add some more LIST_FOREACH to DBus code. + * Move a g_free() to after last use of the freed string in vrrp_dbus. + * Fix error in man page. + * Handle network namespace name properly when reloading. + * Don't call g_hash_table_remove() when using g_hash_table_foreach_remove() + g_hash_table_foreach_remove() removes each object from the hash table, + so calling g_hash_table_remove() as well made it not work properly. + * Resolve various aspects of reloading when also using DBus. + 1. Add ability for DBus to be enabled and disabled at reload + 2. Correctly handle vrrp_instance name change for matching interface/ + family/VRID. + 3. Correct handling of interface/family/VRID change for a vrrp_instance + with the same name. + * Resolve segfault when a vrrp_instance has no interface specified. + * Fix sending priority 0 adverts after reload for deleted vrrp + instances. + During a reload, vrrp_dispatcher_release() was called prior to + reloading the configuration, and it closed all the vrrp send/receive + sockets. However it isn't until after the reload that it is known which + vrrp instances no longer exist, and clear_diff_vrrp() attempted to send 0 + priority adverts for those instances. Since the sockets had already been + closed, the adverts could not be sent. Worse, the socket_t structures had + been released, but the released memory was accessed in attempting to send + the adverts. + This commit delays calling vrrp_dispatcher_release() until after the new + configuration has been reloaded, and it sends 0 priority adverts before + all the old sockets are closed. Following this new sockets are opened. + It would be possible to make the code more efficient and retain the sockets + that still need to be used, rather than closing them and opening new ones, + but that is for another commit. + * Update some comments in vrrp_snmp.c. + * Use structure initialisation to clear struct, rather than memset. + * Fix logging if receive EPOLLHUP, EPOLLERR and add for EPOLLRDHUP. + * Add support for network timestamp debugging. + * Check return code from recvfrom() before other values for + track_process. + * Use IPV6_RECVPKTINFO rather than IPV6_RECVHOPLIMIT when check + multicast. + * Ensure virtual servers are properly removed when reloading. + Pull request #1246 provided a patch to resolve the issue of virtual + servers in a virtual server group that are deleted from the virtual + server group on a reload weren't being removed from the IPVS + configuration. However, the patch didn't quite work with the current + HEAD of the master branch. + This commit incorporates that patch provided and makes the necessary + adjustments for it to work correctly. + * Cosmetic changes to IPVS code. + * Make clear the IPv6 instances use VRRP version 3. + * Delete redundant code. + * Update comments in vrrp_nftables.c. + * Update for gcc v9 + Detect if -Wchkp is no longer supported, and fix a -Wstrict-overflow + warning in write_backtrace(). + * Add additional compiler warnings available in gcc verion 9. + +2019-04-04 Alexandre Cassen + * keepalived-2.0.15 + * Fix uninitialised variable. + * Fix rpmbuild on CentOS7, and rely on auto-requires. + * Add option to flush lvs on shutdown. + Currently all known virtual servers and their real servers are + removed one at a time at shutdown. With large configurations on + a busy system, this can take some time. + Add an option just like the existing 'lvs_flush' which operates + on shutdown. Typical environments with a single keepalived instance + can take advantage of this option to achieve a faster shutdown or + restart cycle. + * Make alpha mode checkers on new real servers start down on reload. + Patch #1180 identified that new real servers with alpha mode checkers + were being added online immediately, and if the checker then failed + were being removed. This commit makes real servers that didn't exist + before the reload start in down state if they have alpha mode checkers. + * Remove duplicate config dump entry. + * Make new real servers at reload start down if have alpha mode + checkers. + * Close checker and smtp_alert sockets on reload. + Issue #1177 identified that sockets were being left open (lost) after + a reload. It transpired that these were sockets opened by TCP_CHECK, + HTTP_GET, SSL_GET, DNS_CHECK and SMTP_CHECK checkers, and by smtp_alerts + in the process of being sent. + This commit adds an extra parameter to thread_add_read() and + thread_add_write() to allow indicating that the scheduler should close + the socket when destroying threads. + * Send vrrp group backup notifies at startup. + * Make inhibit_on_failure be inherited by real server from virtual + server. + * Allow real and sorry servers to be configured with port 0 + This is to maintain backwards compatibility with keepalived prior + to commit d87f07c - "Ensure always check return from inet_stosockaddr + when parsing config". + The proper way to configure this is to omit the port, which requires + the next commit. + * Don't setup IPVS config with real and virtual servers ports + different. + If the real server is using DR or TUN, the port of the real server must + be the same as the port of the virtual server. This commit uses the + virtual server port for the real server when configuring IPVS. + * Log warnings if real server and virtual server ports don't match + This commit adds logging warnings if virtual and real server ports, + when using TUN or DR, don't match. + It also sets the real server ports to be the same as the virtual server + ports. Although listing the IPVS configuration with ipvsadm will look + different, the kernel ignored the port of a real server when using DR + or TUN, so the behaviour isn't changed, but when looking at the + configuration it now shows what is actually happening. + * Fix warning when protocol specified for virtual server with fwmark. + * Add log message that nb_get_retry is deprecated. + * Fix whitespace in configure.ac. + * Fix configure error when systemd not installed + configure was trying to execute + pkg-config --variable=systemdsystemunitdir systemd + even if systemd was not available. + This commit makes configure only execute the above if it has determined + that systemd is the correct init package to use. + * Correct references to RFC6527 (VRRPv3 SNMP RFC). + * nsure checker->has_run is always set once a checker has run. + * Fix some indentation in configure.ac. + * Update fopen_safe() to open temporary file in destination directory + rename() in fopen_safe() was failing if the file being created + was not on the same filesystem as /tmp. + * Add ${_RANDOM} configuration keyword. + It might seem strange to introduce random elements to configuration + files, but it can be useful for testing. + * Fix using ~SEQ() in multiline configuration definitions. + * Make blank lines terminate a multiline definition. + * Minor updates for lvs_flush_on_stop. + * Add option to skip deleting real servers on shutdown or reload + If a virtual server is removed, the kernel will remove its real servers, + so keepalived doesn't explicitly need to do so. + The lvs_flush_onstop option removes all LVS configuration, whereas this + new option will only remove the virtual servers managed by keepalived. + * Correct error message re checker_log_all_failures. + * Fix syntax error in configure.ac. + * Fix track_process initialisation for processes with PIDs starting 9. + * Remove debugging log message. + * Remove inappropriate function const attributes + They were causing iptables/ipsets not to be initialised. + * Stop warning: function might be candidate for attribute ‘const’ + Depending on what configure options are selected, gcc can output + the above warning for initialise_debug_options(). + This commit ensures that the warning is not produced. + * Enable strict-config-checks option in keepalived.spec RPM file. + * vrrp: relax attribute 'const' warning at iptables helpers. + * Propagate libm to KA_LIBS. + * Fix building on Alpine Linux. + Alpine (musl) doesn't have a definition of __GNU_PREREQ, so create a + dummy definition. + +2019-03-24 Alexandre Cassen + * keepalived-2.0.14 + * Add compiler warning -Wfloat-conversion and fix new warnings. + It was discovered that passing 0.000001 as a parameter specified + as uint32_t to a function did not generate any warning of type + mismatch, or loss of precision. + This commit adds -Wfloat-conversion and fixes 3 instances of new + warnings that were generated. + * For non systemd enviroment, it occurs syntax error 'fi'. + To avoid syntax error, modify keepalived.spec.in. + * When uninstall keepalived with init upstart, stop keepalived process. + * Fix type re LOG_INGO should be LOG_INFO * 6git stash --cached. + The code was actualy in a #ifdef INCLUDE_UNUSED_CODE block, and + so isn't currently compiled. + * Register missing thread function for thread debugging. + * Fix reutrn value of notify_script_compare misusing issue. + * Fix typo in keepalived.conf man page re BFD min_rx. + * Fix segfault when bfd process reloads config. + Issue #1145 reported the bdf process was segfaulting when reloading. + The bfd process was freeing and allocating a new thread_master_t + when reloading, which doesn't work. This commit changes the bfd + process to clean and reinitialise the thread_master_t. + * Fix segfault in handle_proc_ev(). + On Linux 3.10 the ack bit can be set in a connector message, and + the CPU number is set to UINT32_MAX. This commit skips acks, and + also checks that CPU number is within range of the number of CPUs + on the system. + * Fix OpenSSL init failure with OpenSSL v1.1.1. + OpenSSL v1.1.1, but not v1.1.0h or v1.1.1b failed in SSL_CTX_new() + if OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG) had previously + been called. + This commit doesn't call OPENSSL_init_crypto() if doing so causes + SSL_CTX_new() to fail. + * Remove all references to libnfnetlink. + Commit 2899da6 (Stop using linbl for mcast group membership and + setting rx buf sizes) stopped using libnfnetlink, but INSTALL and + keepalived.spec.in were not updated accordingly. + * Fix genhash re OPENSSL_init_crypto bug and improve configure.ac. + Commit fe6d6ac (Fix OpenSSL init failure with OpenSSL v1.1.1) didn't + update the identical code in genhash/ssl.c. Also, an improvement for + the test in configure.ac was suggested. + * Fix log output when real server removed. + FMT_VS() and FMT_RS() both call inet_sockaddrtotrio which uses a + static buffer to return the formatted string, but since FMT_VS(), + wheich simply calls format_vs() copies the returned string to its + own static buffer, if FMT_VS() was called before FMT_RS() then + the returned strings from both could be used. + The problem occurs when both FMT_VS() and FMT_RS() are used as + parameters to log_message() (or printf etc). It appeared to work + fine on x86_64, but was writing the same IP address for both the + real server and virtual server on ARM architectures. This is due + to the compiler evaluating parameters to the log_message() function + call in a different order on the different architectures. + This commit adds inet_sockaddrtotrio_r() which allows the output + to be in a buffer specified by the caller, and so FMT_VS() and + FMT_RS() can now be called in either order without one overwriting + a buffer used by the other. + * Streamline some string formatting with FMT_RS() and FMR_VS(). + Following commit 9fe353d (Fix log output when real server removed) + some code can be streamlined now that the order of calling FMT_VS() + and FMT_RS() does not matter. + * Replace FMT_HTTP_RS(), FMT_TCP_RS() and FMT_DNS_RS() with FMT_CHK(). + They were all simply defined to be FMT_CHK() so just replace them + with that. This made it much simpler to find all used of FMT_CHK(). + * Fix building with gcc 4.4.7 (Centos 6.5). + gcc v4.4.7 doesn't support -Wfloat-conversion, so check for it at + configure time. + * Add dumping checker config/status when receive SIGUSR1. + * Don't put alpha mode checkers into failed state at reload + If a new checker is added at a reload, unless the real server aleady + has failed checkers, then ignore the alpha mode of the checker. This + means that the real server, if up, won't be taken down and then brought + back up again almost straight away. If the real server already has + failed checkers, then setting an alpha mode checker down initially + won't take down the real server, so we can allow the alpha mode setting + to apply. + * Handle alpha mode checkers initial failure at startup better. + * Fix compile failure discovered by Travis-CI. + * Fix calling syslog when not using signalfd(). + Pull request #1149 identified that syslog is AS-Unsafe (see signal-safety + man page), and that therefore signals should be blocked when calling it. + This commit blocks signals when calling syslog()/vsyslog() when signalfd() + is not being used. + * Rationalise function attributes. + * Fix enable-optimise configure option. + * Use AS_HELP_STRING for all options in configure.ac. + * Streamline genhash -h option. + * Make genhash -v version match keepalived. + * Fix config check of virtual server quorum against weights of real + servers. + * Fix some configure tested checks for OPENSSL_init_crypto. + * Add infrastructure for adding additional compiler warnings. + * Add standard and extra compiler warnings. + * Add and resolve missing-declarations and missing-prototypes warnings + Approximately 16 additional functions are now declared static. + * Add and resolve old-style-definitions warnings + * Add and resolve redundant-decls warnings + * Add and resolve jump-misses-init warnings + * Add and resolve shadow warnings + * Add and resolve unsuffixed-float-constants warnings + * Add and resolve suggest-attribute=const warnings + * Add and resolve suggest-attribute=format warnings + * Add and resolve suggest-attribute=malloc warnings + * Add and resolve suggest-attribute=noreturn warnings + * Add and resolve suggest-attribute=pure warnings + * Add and resolve unused-macros warnings + * Add and resolve null-dereference warnings + * Add and resolve float-equal warnings + * Add and resolve stack-protector warnings + * Add and resolve strict-overflow=4 warnings + * Add and resolve pointer-arith warnings + This particularly includes adding a number of bytes to a void *. + * Add and resolve cast-qual warnings + * Resolve additional warnings identified on Centos 6.5/gcc 4.4.7 + * Remove static from zalloc() + * Fix some compiler warnings on Ubuntu Xenial, and add comments re + others. + * Rename LIST parameters to lst in list_head.h to avoid upper case. + * Fix real server checkers moving from failed to OK on reload. + * add rs judgement in migrate_checkers. + * Detect connection failure in genhash and exit rather than loop. + * Add another function pure attribute. + * Fix sending notifies for vrrp instances at startup when in sync group + Issue #1155 idenfified that notify scripts for vrrp instance transition + to backup state when keepalived started up were not being sent if + the vrrp instance was in a sync group. It was also the case that SNMP + traps, SMTP alerts and FIFO notifies were not being sent either. + This commit make keepalived send the initial notifies when the vrrp + instance is in a sync group. + * Fix building keepalived RPM on Fedora 26. + For some reason -fPIC is needed when testing for the presence of + setns(). + * Add vrrp_startup_delay configuration option. + Some systems that start keepalived at boot time need to delay the + startup of the vrrp instances, due to network interfaces taking + time to properly come up. This commit adds a global configuration + option vrrp_startup_delay that delays the vrrp instances starting + up, for the specified number of seconds. + * Handle checkers properly when reload immediately after startup. + * Streamline some of the SMTP checker code. + * Create separate checker for each host in SMTP_CHECK block + Having multiple host entries in an SMTP_CHECK block is deprecated. + This commit streamlines the SMTP_CHECK code by creating a separate + SMTP checker for each host declared in the SMTP_CHECK block, so that + apart from parsing the configuration, the code no longer handles + multiple hosts per checker. + The support for parsing configuration with multiple hosts is only + enabled if WITH_HOST_ENTRIES is defined in check_smtp.c. It is + currently enabled, but when support for multiple hosts in the + SMTP_CHECK block is finally removed, it will simply be a matter of + deleting all code in the WITH_HOST_ENTRIES conditional blocks. + * Make checker fail if ENETUNREACH returned by connect(). + The connect() call can return some immediate errors such as ENETUNREACH. + These were not being treated as a failure of the checker, since the code + used to assume that any non success return by connect() meant that the + connection was in progress. + keepalived will now treat ENETUNREACH, EHOSTUNREACH, ECONNREFUSED, + EHOSTDOWN, ENETDOWN, ECONNRESET, ECONNABORTED, ETIMEDOUT, when returned + by connect(), as meaning that the checker has failed. + * Don't set SO_LINGER with a timeout of 0 + SO_LINGER with a timeout of 0 causes a TCP connection to be reset + rather than cleanly closed. Instead of specifying a timeout of 0, + use 5 seconds, so that there is an orderly shutdown of the TCP + connection, but the close socket doesn't remain in TIMED_WAIT state + for more than a short time. + * nftables: fix build with kernel lower than 4.1. + * Remove dead code & cosmectics. + Remove code marked as UNUSED where things simply go nowhere even if + define is set. We keep for the moment UNUSED code related to debug + helpers used during coding process. + +2019-02-19 Alexandre Cassen + * keepalived-2.0.13 + * Add BFD build option to keepalived.spec rpm file + Issue #1114 identified that the keepalived.spec file was not being + generated to build BFD support even if keepalived had been configured + to support it. + * Copy tarball to rpmbuild/SOURCES when building in place + It seems that even when building in place, rpmbuild expects the + tarball to be in the rpmbuild/SOURCES directory. + * Fix configure check for __always_inline + * Handle interface MAC addresses changing + When an interface is added to a bond interface, if it is the first + interface added, the MAC address of the bond interface is changed + to the MAC address of the added interface. When subsequent interfaces + are added, their MAC addresses are changed to that of the bond + interface. + Issue #1112 identified that if a bond interface is deleted and + recreated, the gratuitous ARPs were sent with the wrong source MAC + address. + This commit now updates interface MAC addresses from the netlink + RTM_NEWLINK messages, so that the correct MAC address is always + used. + * Minor tidying up of opening gratuitous ARP socket. + * Streamline setting SOCK_NONBLOCK on vrrp sockets. + * Use netlink reported hardware address length for unsolicited NAs + ETH_ALEN is correct for Ethernet type interaces, but is not right + for Infiniband interfaces. + * Minor tidying up of opening gratuitous NA socket. + * Make gratuitous ARP/NA sockets non blocking + keepalived shouldn't block when sending gratutious ARP/NA messages. + It is better to lose the messages than for keepalived to block, so + set the sockets non blocking. + * Use netlink provided broadcast address for gratuitous ARP + If an interface has a non-standard broadcast address, we should + honour it. + * Fix building on pre 3.10 kernels re track_process + Issue #1119 reported that keepalived wouldn't build on CentOS 6. + Various PROC_EVENT_* declarations were assumed to exist, some of which + were not introduced until Linux v3.10. Most of them are not needed, but + PROC_EVENT_COMM is used by the track_process code. + This commit now checks for the existence of the PROC_EVENT_* declarations, + but since keepalived uses PROC_EVENT_COMM, track_process is not supported + prior to Linux v3.2. + * Make track_process work prior to Linux 3.2, but with limitations + Prior to Linux 3.2 the PROC_EVENT_COMM event did not exist, which + means that keepalived is unable to detect changes to process name + (/proc/PID/comm) prior to Linux 3.2. most processes do not change + their process name, and so using track_process prior to Linux 3.2 + is safe so long as the monitored processes are known not to change + their process name. + * Stop configure failing when nftables is not supported. + * Streamline socket use with linkbeat. + Previously the socket used for ioctls was opened and closed twice per + poll if using MII or ETHTOOL polling, and once per poll if using ioctl + polling. This commit opens the socket once at startup, uses that socket + for all linkbeat polls, and closes it on termination. + * Enable linkbeat polling to work with dynamic interfaces. + * Add linkbeat_interfaces configuration block + It was not possible to indicate that an interface that wasn't used + as the interface of a vrrp instance, but was used either as a track + interface, or for virtual/static ip addresses or routes should use + linkbeat. This commit adds that capability. + * Add ability to specify linkbeat type in linkbeat_interfaces block. + * Add --disable-linkbeat configure option + Does anyone use linkbeat anymore? This commit enables keepalived to + be build without the linkbeat code. + * Don't remove link local IPv6 address from VMAC that isn't keepalived's + If IFLA_INET6_ADDR_GEN_MODE isn't supported and a macvlan interface + already had a (non-default) link local addresss and the link local + address that matched the interface's MAC address was added, keepalived + was removing it as soon as it was added. This commit stop keepalived + removing the address when we shouldn't. + * Set configure init type correctly in keepalived.spec file. + * Fix handling of VMACs with multiple reloads + If a configuration is loaded that has a VRRP instance using a VMAC, + then the configuration is updated to remove that VRRP instance and + keepalived reloads its configuration, then the configuration is + updated again to reinstate the VRRP instance and the configuration + is again reloaded, keepalived thought the VMAC interface still + existed, whereas it was deleted following the first reload. + This commit ensures that keepalived properly detects whether an + interface exists following a reload. + * Remember more than one interface local address per interface + Keepalived needs a local address for each interface it sends adverts + on. If the address keepalived is using is deleted and another address + is configured on the interface, then keepalived should start using + that address. To do this, a list of configured address on each + interfaces needs to be maintained. + * Don't consider VIPs as local addresses when restart after crash + Keepalived maintains a list of addresses per interface that can be + used as source adddresses for adverts. To build the list, keepalived + reads the addresses configured on interfaces when it starts. However, + if keepalived crashed it will have left VIPs configured on interfaces, + and we don't want to use them as advert source addresses. + This commit makes keepalived compare the addresses on interfaces + to VIPs, and ignores any addresses that are VIPs. + * Fix removing left over VIPs at startup. + * Use read_timer() when parsing config where appropriate. + * Allow fractional warmup, delay_loop and delay_before_retry for checkers + To shorten the real server monitoring interval, make it possible to specify + decimal value for following items: + warmup + delay_loop + delay_before_retry + * Update connect_timeout configuration options + Based on the patch submitted by tamu.0.0.tamu@gmail.com this patch + allows setting the connect_timeout to a resolution of micro-seconds. + The patch also adds the ability to set a default value at the virtual + server and real server levels. + * Fix unused variable warning when building only with RFC compliant + SNMP. + * It enable to set zero value as mintime for delay_loop and connect_timeout. + * Add option not to check for EINTR if using signalfd() + If keepalived is using signalfd(), there are no asynchronous signal + handlers, and therefore EINTR cannot be returned. + Currently the check for EINTR is enabled by default, and configure + option --disable-eintr-debug disables the check, while + --enable-eintr-debug enables writing log entries if EINTR is returned. + Once sufficient testing has been performed, the default will be + changed not to test for EINTR if signalfd() is supported. + * Make checking for EAGAIN/EWOULDBLOCK consistent + The code in some places checked errno for EAGAIN and EWOULDBLOCK + and in other places only checked EAGAIN. On Linux EAGAIN == EWOULDBLOCK, + so the check is not necessary, but EAGAIN is not guaranteed to be the + same value as EWOULDBLOCK, so define check_EAGAIN that only checks EAGAIN + if they are the same value, but checks both if they are different. + * Ensure default connection timeout for smtp checker hosts set. + * Set default connection timeout if no smtp check host specified. + * Fix min timer value, zero to 0.000001Sec. + * Add fixing min time for vs_co_timeout_handler() and rs_co_timeout_handler(). + * Fix parameter of read_timer(), it treat Mintime and Maxtime as microseconds. + * vrrp: vrrp_dispatcher_read() performance extension + We took time with Quentin to simulate and rework this code. We introduced + 2 imbricated while loop: + (1) First one is catching recvfrom EINTR (this code trig + only on kernel older than 2.6.22 where signalfd was firstly introduced). + Newer kernel will immediately break the loop (hey guys: if you are running + older than 2.6.22 it is worth considering upgrading). + (2) Second loop will continue reading from socket until same VRID advert + has been received during the same cycle. After simulating, it appears that + during contention with a lot of VRRP instances (around 1500), this design + is needed to relax socket recvq from growing. This can be viewed as a + Poll-Mode activation during contention and fallback to regular I/O MUX + during normal operations. This loop breaks immediately and re-submit + opration to I/O MUX when there is no more to be read. + * Fix conversion from long for double in read_timer(). + * Remove variable timer of unsigned long cast in read_timer(). + When Double type variable timer is cast to long type, it's scale falls. + +2019-01-26 Alexandre Cassen + * keepalived-2.0.12 + * Documentation related. + Remove keepalived.conf.SYNOPSIS content to make a pointer to manpage. + Update README manifest to reflect actual Keepalived goal and features. + * Improve error message if process events connector not enabled in + kernel. + * Add option to disable track-process functionality + Issue #1099 reported that their kernel did not support the proc events + connector, and it would therefore be helpful to have an option to build + keepalived without the track-process functionality. + This commit adds the --disable-track-process configure option. + * Fix vrrp instances going to fault state when have virtual routes + If an interface going down caused a vrrp instance to go to fault + state, and the vrrp instance also had virtual routes, the state + of the vrrp instance would be set to backup when the deletion of + the virtual route was detected. This commit ensures that the vrrp + instance stays in fault state until the interface is brought up + again. + * Remove Red Hat Linux 9 and RH Enterprise Linux 3 from spec file. + Red Hat Linux 9 and Red Hat Enterprise Linux 3 are both based on + Linux 2.4, which is no longer supported by keepalived. The options + in the spec file for Reh Hat Linux 9 have twice caused people to + specify wrong options to configure when trying to build keepalived, + so the options are removed to i) avoid confusion and ii) they are + not longer relevant. + * Add global option vrrp_min_garp. + By default keepalived sends 5 gratuitous ARP/NA messages after + transitioning to master, and 5 more 5 seconds later. This isn't + necessary with modern switches, and so if the vrrp_min_garp option + is set, only one gratuitious ARP/NA message is sent after transition + to master, and no repeat messages are sent 4 seconds later. + * Standardise definition of _INCLUDE_UNUSED_CODE_ + * Remove out of date comment re VRRP over IPv6. + * Correct typo in keepalived.conf.5. + * Directly use structure sizes for packet header lengths. + * vrrp_state_fault_rx() is not used. + Wrap the function in conditional compilation so it is not compiled + * Convert so list loops to use LIST_FOREACH. + * Don't recalculate vrrp packet header address. + vrrp_get_header() calculates the address of the vrrp header in a + received packet, but it was being recalculated in vrrp_in_chk(). + This commit passes the already calculated address to vrrp_in_chk(). + * Ensure a received packet has an AH header if and only if AH auth. + Ensure that a received packet has an AH header if we expect AH + authentication, and doesn't have an AH header if we don't expect + AH authentication. + * Ensure all protocol headers received before return pointer to vrrp header + vrrp_get_header() returns a pointer to the vrrp header, but it now returns + NULL if insufficient data has been received to include all the (IP, + possibly AH, and VRRP) headers (this does not include the VIPs in the VRRP + packet). + This means that when a pointer to the VRRP header is returned, all fields in + all protocol headers can safely be accessed. + * Add check of received IPv6 hop count in multicast adverts + The VRRP RFC requires that IPv6 hop count MUST be checked to be 255, + just as the TTL for IPv6 must be 255. Previously that wasn't being + checked, since IPv6 raw sockets don't provide access to the IPv6 + header. + Using recvmsg() rather than recvfrom(), and setting socket option + IPV6_RECVHOPLIMIT allows keepalived to receive the hop count as + ancillary data, and that can now be checked. + * Improve reading from vrrp receive sockets. + Previously no check was made of the return value from recvfrom()/ + recvmsg(). This meant than an error could occur (e.g. EINTR), or no + data might be returned, and keepalived would still attempt to process + the receive buffer as though data had been received. + * Enhance and streamline checking of validity of received VRRP packet + This includes checking that a packet is multicast, unless unicast is + expected in which case it is checked for unicast, ensuring that if + AH authentication is used, the next header protocol is VRRP. + The sequence of some checks is revised to ensure that the fields being + checked are valid to be accessed prior to accessing them, e.g. check + that the packet is VRRP version 2 before checking the authentication. + * Stop clearing receive buffer before receiving VRRP packets. + This is no longer necessary now that the appropriate checks are + made of the return status of recvmsg(), and also that the checks + of received packet length and packet headers now do all necessary + checks. + * Add compile time checks for IPV6_RECVHOPLIMIT/IPV6_RECVPKTINFO + support. + * Update keepalived.spec.in build-requires. + The kernel package required for building keepalived is kernel-headers + not kernel-devel. Also, it is superfluous to have package kernel in + the build-requires! + * Add missing file (build.setup) to tarball. + * Fix calculating print format to rlim_t in configure.ac. + * Fix compiler warnings on 32 bit systems re HASH_UPDATE. + Removing all the casts stopped the warnings. + * Use PRI_rlim_t when printing rlim_t types. + * Use %zd/%zu for ssize_t/size_t to avoid warnings on 32 bit systems. + * Fix some space/tab formatting. + * Stop declaring some timer definitions unsigned to stop compiler + warnings. + TIMER_HZ, TIMER_CENTI_HZ, NSEC_PER_SEC were causing some compiler warnings + on some systems due to being defined with a 'U' unsigned suffix. Removing + the unsigned specifier stopped the compiler warnings. + * Fix compiler warning due to incorrect format specifier. + An int64_t should use % PRIi64 and not %ld + * Stop an uninitialized variable compiler warning. + * Fix MEM_CHECK debugging on processors without unaligned memory + access. + * Don't attempt to use unopened socket for getting ipset version. + * Tidy up an error message. + * vrrp: make vrrp_dispatcher_read() async while catching error. + During investigations we decided to update previous patch to resubmit + into I/O MUX on read error. It will make read procedure I/O MUX freindly + by removing potential sync operation potentially leading to a global + I/O MUX desync. We aggreed, the situation is really and very exceptionnal + but could happen. + * vrrp: vrrp_arp_thread split. + Split the function for maintainability purpose. + +2019-01-06 Alexandre Cassen + * keepalived-2.0.11 + * Fix segfault while shutting down when SNMP activity occurs. + Issue #1061 identified that keepalived could segfault when it + shut down. It appears that this was caused by data being received + on the file descriptors that the snmp agent requests keepalived + to monitor with epoll(). Since the read threads weren't being + processed during a shutdown, the first time an snmp fd was ready, + keepalived discarded the read thread. The second time that fd became + ready there was no thread to handle the fd, and, since the assert() + statement was not compiled in, non existant data was queued to the + thread ready queue. + This commit changes the assert() calls to continue, so that non existant + data is no longer queued to the thread ready queue. + * While shutting down, continue to handle snmp agent fds. + Since we don't shutdown the snmp connection until the very end of + the shutdown process (we need to be able to send snmp traps), we + should continue to handle the snmp fds on behalf of the snmp agent + while shutting down. + * Ensure snmp agent is in correct state when initialising/closing + Make sure the snmp agent is not already initialised before + initialising it, and make sure it has been initialised before + closing it. + * Disable asserts in bfd code by default and add --enable-asserts + Asserts were enabled by default in the bfd code, which shouldn't be + the case. + Add --enable-asserts configure option so that the asserts tests can + be enabled while debugging. + * Remove debugging log message accidently left in. + * Update receive buffers when interface is created. + The receive buffer size used by keepalived is based on the largest + MTU of any interface that keepalived uses. If dynamic interfaces + are being used and an interface is created after keepalived has + started, the MTU of the new interface may be larger than the + previous largest, so the receive buffer may need to be increased + in size. + Further, if vrrp_rx_bufs_policy is MTU, then the kernel receive + buffers on the receive socket may need to be increased. + * Handle MTU sizes being changed. + Issue #1068 identified that the MTU size wasn't being updated in + keepalived if it changed. + This commit now updates the MTU size and adjusts receive buffer + sizes accordingly. + * Fix syntax error in configure.ac. + * Fix double free when global data smtp_helo_name copied from local_name + Issue #1071 identified a double free fault. It occurred when smtp_helo_name + was not set, in which case it was set to point to the same malloc'd memory + as local_name. At termination keepalived freed both local_name and + smtp_helo_name. + If keepalived needs to use local_name for smtp_helo_name it now malloc's + additional memory to copy the string into. + * Rename TIMER_MAX to TIMER_MAXIMUM. + ulibC defines TIMER_MAX, so to avoid naming conflict rename it. + This issue was reported by Paul Gildea who also + provided the patch. + * Fix segfault when smtp alerts configured. + * First working version of nftables. + * Restructed code around how iptables/nftables are called + This commit also allows building keepalived without iptables + support, thereby allowing only nftables support. + Adding any other mechanism to handle no_accept mode, i.e. blocking + receiving and sending to/from VIPs should be added to vrrp_firewall.c, + in a similar way to how nftables/iptables are used. + * Update doc files re nftables. + * Make nftables handle dont_track_primary appropriately. + * Fix config reload with nftables. + * Set base chain priorities from configuration. + * Use iptables by default if neither iptables or nftables configured. + But if the build of keepalived does not include iptables, then use + nftables default. + * Stop dumping keywords - left turned on after debugging. + * Make umask configuration apply to created file. + * Add libmnl and libnftnl to travis file. + * Fix compilation failure when NFTNL_EXPR_LOOKUP_FLAGS not defined. + * Fix compilation failure when build with nftables but without iptables. + * Fix order of include files in configure COLLISION test. + Since Linux 4.4.11 (commit 1575c09) including linux/if.h after + net/if.h works, whereas until glibc fix their headers including + net/if.h after linux/if.h causes compiler redefinition errors. + Unfortunately the test for the collision was done the wrong way + round, as identified in issue #1079. The patch included in the + issue report corrects the order of inclusion of the header files. + What we should do is ensure that glibc header files are included + before Linux header files, so that at least if kernel headers from + 4.4.11 onwards are used, the conflict will not occur. + * Set CLOEXEC on netlink sockets. + * Correct error message for invalid route metric. + * Add track_process for vrrp to monitor if another process is running. + Configurations frequently include a track_script to check that a process + is running, often haproxy or nginx. Using any of pgrep, pkill, killall, + pidof, etc, has an overhead of reading all /proc/[1-9]*/status and/or + /proc/[1-9]*/cmdline files. In particular reading the cmdline files + has a significant overhead on a system that is swapping, since the + cmdline files provide access to part of the address space of each + process, which may need to be fetched from the swap space. + This commit reads the /proc/[1-9]*/stat and/or the /proc/[1-9]*/cmdline + files only when keepalived starts, and after that uses the process events + connector to track process creation and termination. + keepalived will ignore zombie processes, whereas pgrep etc include them. + A minimum number of instances of a process can be specified, and also a + delay so that if a process is restarted, it won't cause monitoring vrrp + instances to immediately transition to fault state but to wait the + configured time and it the monitored process starts again it + won't transition to fault state. + There are potential difficulties with the process event connector if a + large number of process events occur very rapidly, since there can be + a receive buffer overrun on the netlink socket. This code will detect + that happening, increase the receive buffer size, and reread the processes + from /proc. + * Add missing #include to track_process.c. + * Fix number of elements of fd_set read for snmp select info. + * Remove thread_event_t when EPOLL_CTL_DEL fails. + If snmpd closes a file descriptor, when keepalived attempts to + unregister the fd from epoll an error is returned. However, we still + need to remove the thread_event_t from the io_events rbtree. + * Fix connection to snmpd after it has to reconnect. + Issue #1080 identified that keepalived wasn't handling a connection + failure and reconnect to snmpd properly. The problem was created when + the change from select() to epoll() was made. + This commit makes keepalived unregister and reregister the snmp file + descriptors after snmpd reconnects. + * Fix retry count for SMTP_CHECK checker. + The checker was doing one too few retries. + * Make healthchecker failure reporting consistent + Some healthcheckers were reporting all failures, and others only when + the retries expired. This commit by default makes the checkers only + report failure when the retries expire, unless the global keyword + checker_log_all_failures or log_all_failures on the specific checker + is configured. + * After reload, reinitialise current track processes state. + * Remove unused variable in track_process.c. + * Add configure checks re --with-kernel-dir. + * Convert remaining select() to epoll_wait(). + keepalived was using select() for handling the termination of child + processes, but the main scheduling loop now uses epoll_wait(), so + convert the select() to epoll_wait() from consistency. + * Stop keepalived leaving zombie child processes. + keepalived wasn't reaping the termination of its child processes, + so this commit adds waitpid() calls once it knows the processes + have terminated. + * Fix make distclean and make distcheck. + * Also skip route not configured with down interface. + Otherwise, if keepalived has virtual_routes configured, we create + a virtual interface and bring it up and down, current code will bring + VRRP state to FAULT and never return. + * Stop vrrp process entering infinite loop when track script times out + Issue #1093 identified that the vrrp process was entering an infinite + loop after a track script timed out. This was due to a child process + thread having an RB tree for PIDs as well as for the timeout, and if + a child process timed out, the thread wasn't being removed from the + PID RB tree. This commit now ensures it is removed. + * Fix the abbreviation of Shortest Expected Delay. + * Don't free unallocated memory if not tracking processes. + * vrrp: Rewrote JSON code + Remove dependency to json-c extralib by using a simple streaming JSON writter. + Refactored code to make it simple to maintain. + * vrrp: Fix JSON handling for v{route;rule}. + * autoconf: fix nftables selection + We need to inhibit nftable compilation if compiling system has + kernel header file nf_tables.h but not libnftnl nor libmnl. + 2018-11-12 Alexandre Cassen * keepalived-2.0.10 * Fix compiling on Alpine Linux. diff --git a/INSTALL b/INSTALL index 656e9bf..a222184 100644 --- a/INSTALL +++ b/INSTALL @@ -24,17 +24,21 @@ The following build packages are needed: make autoconf automake (to build from git source tree rather than tarball) The following libraries need to be installed: - openssl-devel libnl3-devel ipset-devel iptables-devel libnfnetlink-devel + openssl-devel libnl3-devel ipset-devel +For iptables support: + libxtables-dev libip6tc-dev libip4tc-dev + or on older installations: + iptables-devel For magic file identification support: file-devel For SNMP support: net-snmp-devel For DBUS support: glib2-devel -For JSON support: - json-c-devel For PCRE support pcre2-devel +For nftables support + libnftnl-devel libmnl-devel For building the documentation, the following packages need to be installed: Fedora: python-sphinx (will pull in: python2-sphinx_rtd_theme) @@ -45,22 +49,20 @@ For building the documentation, the following packages need to be installed: Debian/Ubuntu ------------- -On Debian, install: - pkg-config -On Ubuntu, install: +For building packages: build-essential pkg-config, and to build from git repo automake autoconf The following libraries need to be installed: - iptables-dev libipset-dev libnfnetlink-dev libnl-3-dev libnl-genl-3-dev libssl-dev + iptables-dev libipset-dev libnl-3-dev libnl-genl-3-dev libssl-dev For magic file identification support: libmagic-dev For SNMP support: libsnmp-dev For DBUS support: libglib2.0-dev -For JSON support: - libjson-c-dev For PCRE support: libpcre2-dev +For nftables support + libnftnl-dev libmnl-dev For building the documentation, the following packages need to be installed: python-sphinx python-sphinx-rtd-theme @@ -70,11 +72,13 @@ For building the documentation, the following packages need to be installed: Alpine Linux ------------ The following libraries need to be installed: - iptables-dev ipset-dev libnfnetlink-dev libnl3-dev musl-dev and openssl-dev or libressl-dev + iptables-dev ipset-dev libnl3-dev musl-dev libnftnl-dev and openssl-dev or libressl-dev For magic file identification support: - TBD + file-dev For SNMP support: net-snmp-dev (requires libressl-dev and not openssl-dev) +For PCRE support + pcre2-dev For building the documentation, the following packages need to be installed: py-sphinx py3-sphinx_rtd_theme @@ -85,9 +89,9 @@ For building the documentation, the following packages need to be installed: Archlinux --------- Run the following to install the required libraries: - pacman -S ipset libnfnetlink libnl1 + pacman -S ipset libnl1 For magic file identification support: - TBD + TDB For SNMP support: pacman -S net-snmp for PCRE support: @@ -116,6 +120,7 @@ IP_VS (unless --disable-lvs is specified) IP_VS suboptions to match the real_server/virtual_server configuration NETFILTER_XTABLES - if strict_mode or no_accept. NETFILTER_XT options and IP_SET +NF_TABLES and associated components - to use nftables for strict_mode or no_accept IP_ADVANCED_ROUTER and various associated options if static/dynamic routes specified FIB_RULES if static or dynamic rules are specified @@ -218,6 +223,28 @@ the image/Dockerfile to add it before make build) may be helpful if you need to examine core files in the container. +Running in an AWS container +=========================== +The VRRP protocol is not enabled in AWS security groups. If you are using AWS, +create a rule in the AWS security group. The rule should be "Custom Protocol" +and value should be "112" (the VRRP protocol number). All ports should be opened. + + +Running with SElinux +==================== +If the system running keepalived has SElinux enabled in enforcing mode, keepalived +may have difficulty running scripts, accessing configuration files, etc, especially +if keepalived is being started by systemd. + +By default, scripts should be located in /usr/libexec/keepalived, or alternatively, +to set the necessary security context for a script, execute: +chcon -t keepalived_unconfined_script_exec_t PATH_TO_SCRIPT + +See + https://www.mankier.com/8/keepalived_selinux and + https://www.mankier.com/8/keepalived_unconfined_script_selinux +for further details of SElinux and keepalived. + Have fun with it ! diff --git a/Makefile.am b/Makefile.am index e123117..a1de7c9 100644 --- a/Makefile.am +++ b/Makefile.am @@ -19,7 +19,7 @@ endif SUBDIRS += bin_install -EXTRA_DIST = AUTHOR CONTRIBUTORS snap README.md +EXTRA_DIST = AUTHOR CONTRIBUTORS snap README.md build_setup autogen.sh doc_DATA = README @@ -31,7 +31,7 @@ README: $(srcdir)/README.md @$(edit) '$(srcdir)/$@.md' >$@ distclean-local: - @rm -f aclocal.m4 ar-lib compile depcomp install-sh missing keepalived-$(VERSION).tar.gz config.log config.status + @rm -f aclocal.m4 keepalived-$(VERSION).tar.gz config.log config.status @rm -rf autom4te.cache dist-hook: @@ -44,7 +44,8 @@ docker: # clean all files that are generated by automake/autoconf etc autoclean: @$(MAKE) distclean - @rm -f configure `find . -name Makefile.in` lib/config.h.in lib/git-commit.h + @rm -f configure `find . -name Makefile.in` lib/config.h.in lib/git-commit.h lib/stamp-h[12] + @rm -rf m4 build-aux git-clean: @$(MAKE) autoclean @@ -63,8 +64,8 @@ tarball: dist @RPM_TRUE@rpm: @RPM_TRUE@ @$(MAKE) dist +@RPM_TRUE@ @cp -p keepalived-$(VERSION).tar.gz `rpm --eval "%{_sourcedir}"` @RPM_TRUE@@RPM_BIP_TRUE@ rpmbuild -ba --build-in-place keepalived.spec -@RPM_TRUE@@RPM_BIP_FALSE@ @cp -p keepalived-$(VERSION).tar.gz `rpm --eval "%{_sourcedir}"` @RPM_TRUE@@RPM_BIP_FALSE@ rpmbuild -ba keepalived.spec debug: @@ -76,5 +77,5 @@ profile: mrproper: @echo Please use `make distclean` -DISTCHECK_CONFIGURE_FLAGS = \ +AM_DISTCHECK_CONFIGURE_FLAGS = \ --with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir) diff --git a/Makefile.in b/Makefile.in index 55ed0a3..92421bd 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.15.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2017 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -95,7 +95,8 @@ POST_UNINSTALL = : @BUILD_GENHASH_TRUE@am__append_1 = genhash subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__aclocal_m4_deps = $(top_srcdir)/m4/pkg.m4 \ + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ @@ -103,7 +104,8 @@ DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/lib/config.h +CONFIG_HEADER = $(top_builddir)/lib/config.h \ + $(top_builddir)/lib/config_warnings.h CONFIG_CLEAN_FILES = keepalived.spec CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) @@ -192,8 +194,11 @@ CTAGS = ctags CSCOPE = cscope DIST_SUBDIRS = lib keepalived doc genhash bin_install am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/keepalived.spec.in \ - COPYING ChangeLog INSTALL README TODO ar-lib compile depcomp \ - install-sh missing + $(top_srcdir)/build-aux/ar-lib $(top_srcdir)/build-aux/compile \ + $(top_srcdir)/build-aux/install-sh \ + $(top_srcdir)/build-aux/missing COPYING ChangeLog INSTALL \ + README TODO build-aux/ar-lib build-aux/compile \ + build-aux/depcomp build-aux/install-sh build-aux/missing DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) @@ -292,14 +297,15 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PID_DIR = @PID_DIR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ RANLIB = @RANLIB@ +RUN_DIR = @RUN_DIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SNMP_SERVICE = @SNMP_SERVICE@ SPHINXBUILDNAME = @SPHINXBUILDNAME@ STRIP = @STRIP@ VERSION = @VERSION@ @@ -352,10 +358,10 @@ edit = echo " EDIT $@"; \ sed -e "/^\[\!\[/d" SUBDIRS = lib keepalived doc $(am__append_1) bin_install -EXTRA_DIST = AUTHOR CONTRIBUTORS snap README.md +EXTRA_DIST = AUTHOR CONTRIBUTORS snap README.md build_setup autogen.sh doc_DATA = README MOSTLYCLEANFILES = README -DISTCHECK_CONFIGURE_FLAGS = \ +AM_DISTCHECK_CONFIGURE_FLAGS = \ --with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir) all: all-recursive @@ -592,7 +598,7 @@ distdir: $(DISTFILES) ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ || chmod -R a+r "$(distdir)" dist-gzip: distdir - tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz $(am__post_remove_distdir) dist-bzip2: distdir @@ -618,7 +624,7 @@ dist-shar: distdir @echo WARNING: "Support for shar distribution archives is" \ "deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 - shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz + shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz $(am__post_remove_distdir) dist-zip: distdir @@ -636,7 +642,7 @@ dist dist-all: distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ - GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lz*) \ @@ -646,7 +652,7 @@ distcheck: dist *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ - GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac @@ -855,7 +861,7 @@ README: $(srcdir)/README.md @$(edit) '$(srcdir)/$@.md' >$@ distclean-local: - @rm -f aclocal.m4 ar-lib compile depcomp install-sh missing keepalived-$(VERSION).tar.gz config.log config.status + @rm -f aclocal.m4 keepalived-$(VERSION).tar.gz config.log config.status @rm -rf autom4te.cache dist-hook: @@ -868,7 +874,8 @@ docker: # clean all files that are generated by automake/autoconf etc autoclean: @$(MAKE) distclean - @rm -f configure `find . -name Makefile.in` lib/config.h.in lib/git-commit.h + @rm -f configure `find . -name Makefile.in` lib/config.h.in lib/git-commit.h lib/stamp-h[12] + @rm -rf m4 build-aux git-clean: @$(MAKE) autoclean @@ -887,8 +894,8 @@ tarball: dist @RPM_TRUE@rpm: @RPM_TRUE@ @$(MAKE) dist +@RPM_TRUE@ @cp -p keepalived-$(VERSION).tar.gz `rpm --eval "%{_sourcedir}"` @RPM_TRUE@@RPM_BIP_TRUE@ rpmbuild -ba --build-in-place keepalived.spec -@RPM_TRUE@@RPM_BIP_FALSE@ @cp -p keepalived-$(VERSION).tar.gz `rpm --eval "%{_sourcedir}"` @RPM_TRUE@@RPM_BIP_FALSE@ rpmbuild -ba keepalived.spec debug: diff --git a/README.md b/README.md index 41b6d07..86eee82 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,22 @@ keepalived: Loadbalancing & High-Availability ============================================= -[![Build Status](https://travis-ci.org/acassen/keepalived.svg?branch=master)](https://travis-ci.org/acassen/keepalived) - -The main goal of the keepalived project is to add a strong & robust -keepalive facility to the Linux Virtual Server project. -It implements a multilayer TCP/IP stack checks. Keepalived implements -a framework based on three family checks : Layer3, Layer4 & Layer5. -This framework gives the daemon the ability of checking a LVS server -pool states. Keepalived can be sumarize as a LVS driving daemon. +[![Build Status](https://travis-ci.org/acassen/keepalived.svg?branch=master)](https://travis-ci.org/acassen/keepalived) [![Coverity Status](https://scan.coverity.com/projects/18496/badge.svg)](https://scan.coverity.com/projects/pqarmitage-keepalived) [![keepalived](https://snapcraft.io/keepalived/badge.svg)](https://snapcraft.io/keepalived) + +The main goal of this project is to provide simple and robust facilities +for loadbalancing and high-availability to Linux system and Linux based +infrastructures. Loadbalancing framework relies on well-known and widely +used Linux Virtual Server (IPVS) kernel module providing Layer4 loadbalancing. +Keepalived implements a set of checkers to dynamically and adaptively maintain +and manage loadbalanced server pool according their health. On the other hand +high-availability is achieved by the Virtual Router Redundancy Protocol (VRRP). +VRRP is a fundamental brick for router failover. In addition, Keepalived +implements a set of hooks to the VRRP finite state machine providing low-level +and high-speed protocol interactions. In order to offer fastest network +failure detection, Keepalived implements the Bidirectional Forwarding Detection +(BFD) protocol. VRRP state transition can take into account BFD hints to drive +fast state transition. Keepalived frameworks can be used independently or all +together to provide resilient infrastructures. Keepalived implementation is based on an I/O multiplexer to handle a strong multi-threading framework. All the events process use this I/O diff --git a/TODO b/TODO index cab84bc..790d894 100644 --- a/TODO +++ b/TODO @@ -1,3 +1,29 @@ +BUG - If have VIP on a different interface from the VRRP instance, the +interface isn't tracked and so we do nothing if the interface is deleted. + +Fix building on CentOS 6.10 + +Remove definitions that simply access structure fields, e.g. VRRP_ISUP + +Stop making structure fields such as base_ifp and configured_ifp conditional. + +In parsers, using LIST_TAIL to find object to configure doesn't work +if error in first line means not created. TAIL could be null, or previous +object. + +No SMTP alert for vrrp instance FAULT/BACKUP/MASTER following track file changes +Shutdown SMTP messages not completing before keepalived terminates (especially for +connect timeout. Causes memory leak!) + +Test LVS forwarding via VIP if no_accept set + +If interface is deleted and recreated, then index changes - does that cause OIDs to change? Is the RFC flawed? How do we deal with it? + We could have our own ifindex incremented as we create interface_t's + +Add track_route, track_address + +PKG_CONFIG_* autoconf options - see man pkg.m4 + Whatever you want ! Real servers @@ -32,7 +58,6 @@ The following are still outstanding from the ideas for what became v2.0.0: * Don't add RTNMGRP_IPV4_ADDR/IPV6_ADDR if not monitoring one of those families * May want to stop VS down at start for alpha mode RSs (except SNMP) - * Rate limit respawning if a child process dies * Have a socket to connect to for receiving notifications. A process can register for what notifications it wants to receive. * Allow variable parameters to be passed to scripts - see issue #837 diff --git a/aclocal.m4 b/aclocal.m4 index 3018c54..a6e2fa4 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.15 -*- Autoconf -*- +# generated automatically by aclocal 1.15.1 -*- Autoconf -*- -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2017 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -20,283 +20,7 @@ You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) -dnl pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- -dnl serial 11 (pkg-config-0.29.1) -dnl -dnl Copyright © 2004 Scott James Remnant . -dnl Copyright © 2012-2015 Dan Nicholson -dnl -dnl This program is free software; you can redistribute it and/or modify -dnl it under the terms of the GNU General Public License as published by -dnl the Free Software Foundation; either version 2 of the License, or -dnl (at your option) any later version. -dnl -dnl This program is distributed in the hope that it will be useful, but -dnl WITHOUT ANY WARRANTY; without even the implied warranty of -dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -dnl General Public License for more details. -dnl -dnl You should have received a copy of the GNU General Public License -dnl along with this program; if not, write to the Free Software -dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA -dnl 02111-1307, USA. -dnl -dnl As a special exception to the GNU General Public License, if you -dnl distribute this file as part of a program that contains a -dnl configuration script generated by Autoconf, you may include it under -dnl the same distribution terms that you use for the rest of that -dnl program. - -dnl PKG_PREREQ(MIN-VERSION) -dnl ----------------------- -dnl Since: 0.29 -dnl -dnl Verify that the version of the pkg-config macros are at least -dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's -dnl installed version of pkg-config, this checks the developer's version -dnl of pkg.m4 when generating configure. -dnl -dnl To ensure that this macro is defined, also add: -dnl m4_ifndef([PKG_PREREQ], -dnl [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])]) -dnl -dnl See the "Since" comment for each macro you use to see what version -dnl of the macros you require. -m4_defun([PKG_PREREQ], -[m4_define([PKG_MACROS_VERSION], [0.29.1]) -m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1, - [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])]) -])dnl PKG_PREREQ - -dnl PKG_PROG_PKG_CONFIG([MIN-VERSION]) -dnl ---------------------------------- -dnl Since: 0.16 -dnl -dnl Search for the pkg-config tool and set the PKG_CONFIG variable to -dnl first found in the path. Checks that the version of pkg-config found -dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is -dnl used since that's the first version where most current features of -dnl pkg-config existed. -AC_DEFUN([PKG_PROG_PKG_CONFIG], -[m4_pattern_forbid([^_?PKG_[A-Z_]+$]) -m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$]) -m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$]) -AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility]) -AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path]) -AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path]) - -if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then - AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) -fi -if test -n "$PKG_CONFIG"; then - _pkg_min_version=m4_default([$1], [0.9.0]) - AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) - if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then - AC_MSG_RESULT([yes]) - else - AC_MSG_RESULT([no]) - PKG_CONFIG="" - fi -fi[]dnl -])dnl PKG_PROG_PKG_CONFIG - -dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) -dnl ------------------------------------------------------------------- -dnl Since: 0.18 -dnl -dnl Check to see whether a particular set of modules exists. Similar to -dnl PKG_CHECK_MODULES(), but does not set variables or print errors. -dnl -dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) -dnl only at the first occurence in configure.ac, so if the first place -dnl it's called might be skipped (such as if it is within an "if", you -dnl have to call PKG_CHECK_EXISTS manually -AC_DEFUN([PKG_CHECK_EXISTS], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl -if test -n "$PKG_CONFIG" && \ - AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then - m4_default([$2], [:]) -m4_ifvaln([$3], [else - $3])dnl -fi]) - -dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) -dnl --------------------------------------------- -dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting -dnl pkg_failed based on the result. -m4_define([_PKG_CONFIG], -[if test -n "$$1"; then - pkg_cv_[]$1="$$1" - elif test -n "$PKG_CONFIG"; then - PKG_CHECK_EXISTS([$3], - [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes ], - [pkg_failed=yes]) - else - pkg_failed=untried -fi[]dnl -])dnl _PKG_CONFIG - -dnl _PKG_SHORT_ERRORS_SUPPORTED -dnl --------------------------- -dnl Internal check to see if pkg-config supports short errors. -AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG]) -if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then - _pkg_short_errors_supported=yes -else - _pkg_short_errors_supported=no -fi[]dnl -])dnl _PKG_SHORT_ERRORS_SUPPORTED - - -dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], -dnl [ACTION-IF-NOT-FOUND]) -dnl -------------------------------------------------------------- -dnl Since: 0.4.0 -dnl -dnl Note that if there is a possibility the first call to -dnl PKG_CHECK_MODULES might not happen, you should be sure to include an -dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac -AC_DEFUN([PKG_CHECK_MODULES], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl -AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl -AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl - -pkg_failed=no -AC_MSG_CHECKING([for $1]) - -_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) -_PKG_CONFIG([$1][_LIBS], [libs], [$2]) - -m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS -and $1[]_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details.]) - -if test $pkg_failed = yes; then - AC_MSG_RESULT([no]) - _PKG_SHORT_ERRORS_SUPPORTED - if test $_pkg_short_errors_supported = yes; then - $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1` - else - $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1` - fi - # Put the nasty error message in config.log where it belongs - echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD - - m4_default([$4], [AC_MSG_ERROR( -[Package requirements ($2) were not met: - -$$1_PKG_ERRORS - -Consider adjusting the PKG_CONFIG_PATH environment variable if you -installed software in a non-standard prefix. - -_PKG_TEXT])[]dnl - ]) -elif test $pkg_failed = untried; then - AC_MSG_RESULT([no]) - m4_default([$4], [AC_MSG_FAILURE( -[The pkg-config script could not be found or is too old. Make sure it -is in your PATH or set the PKG_CONFIG environment variable to the full -path to pkg-config. - -_PKG_TEXT - -To get pkg-config, see .])[]dnl - ]) -else - $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS - $1[]_LIBS=$pkg_cv_[]$1[]_LIBS - AC_MSG_RESULT([yes]) - $3 -fi[]dnl -])dnl PKG_CHECK_MODULES - - -dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], -dnl [ACTION-IF-NOT-FOUND]) -dnl --------------------------------------------------------------------- -dnl Since: 0.29 -dnl -dnl Checks for existence of MODULES and gathers its build flags with -dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags -dnl and VARIABLE-PREFIX_LIBS from --libs. -dnl -dnl Note that if there is a possibility the first call to -dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to -dnl include an explicit call to PKG_PROG_PKG_CONFIG in your -dnl configure.ac. -AC_DEFUN([PKG_CHECK_MODULES_STATIC], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl -_save_PKG_CONFIG=$PKG_CONFIG -PKG_CONFIG="$PKG_CONFIG --static" -PKG_CHECK_MODULES($@) -PKG_CONFIG=$_save_PKG_CONFIG[]dnl -])dnl PKG_CHECK_MODULES_STATIC - - -dnl PKG_INSTALLDIR([DIRECTORY]) -dnl ------------------------- -dnl Since: 0.27 -dnl -dnl Substitutes the variable pkgconfigdir as the location where a module -dnl should install pkg-config .pc files. By default the directory is -dnl $libdir/pkgconfig, but the default can be changed by passing -dnl DIRECTORY. The user can override through the --with-pkgconfigdir -dnl parameter. -AC_DEFUN([PKG_INSTALLDIR], -[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])]) -m4_pushdef([pkg_description], - [pkg-config installation directory @<:@]pkg_default[@:>@]) -AC_ARG_WITH([pkgconfigdir], - [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],, - [with_pkgconfigdir=]pkg_default) -AC_SUBST([pkgconfigdir], [$with_pkgconfigdir]) -m4_popdef([pkg_default]) -m4_popdef([pkg_description]) -])dnl PKG_INSTALLDIR - - -dnl PKG_NOARCH_INSTALLDIR([DIRECTORY]) -dnl -------------------------------- -dnl Since: 0.27 -dnl -dnl Substitutes the variable noarch_pkgconfigdir as the location where a -dnl module should install arch-independent pkg-config .pc files. By -dnl default the directory is $datadir/pkgconfig, but the default can be -dnl changed by passing DIRECTORY. The user can override through the -dnl --with-noarch-pkgconfigdir parameter. -AC_DEFUN([PKG_NOARCH_INSTALLDIR], -[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])]) -m4_pushdef([pkg_description], - [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@]) -AC_ARG_WITH([noarch-pkgconfigdir], - [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],, - [with_noarch_pkgconfigdir=]pkg_default) -AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir]) -m4_popdef([pkg_default]) -m4_popdef([pkg_description]) -])dnl PKG_NOARCH_INSTALLDIR - - -dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, -dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) -dnl ------------------------------------------- -dnl Since: 0.28 -dnl -dnl Retrieves the value of the pkg-config variable for the given module. -AC_DEFUN([PKG_CHECK_VAR], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl -AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl - -_PKG_CONFIG([$1], [variable="][$3]["], [$2]) -AS_VAR_COPY([$1], [pkg_cv_][$1]) - -AS_VAR_IF([$1], [""], [$5], [$4])dnl -])dnl PKG_CHECK_VAR - -# Copyright (C) 2002-2014 Free Software Foundation, Inc. +# Copyright (C) 2002-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -311,7 +35,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version='1.15' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.15], [], +m4_if([$1], [1.15.1], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -327,12 +51,12 @@ m4_define([_AM_AUTOCONF_VERSION], []) # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.15])dnl +[AM_AUTOMAKE_VERSION([1.15.1])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) -# Copyright (C) 2011-2014 Free Software Foundation, Inc. +# Copyright (C) 2011-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -394,7 +118,7 @@ AC_SUBST([AR])dnl # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -446,7 +170,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd` # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997-2014 Free Software Foundation, Inc. +# Copyright (C) 1997-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -477,7 +201,7 @@ AC_CONFIG_COMMANDS_PRE( Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -668,7 +392,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -744,7 +468,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -941,7 +665,7 @@ for _am_header in $config_headers :; do done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -962,7 +686,7 @@ if test x"${install_sh+set}" != xset; then fi AC_SUBST([install_sh])]) -# Copyright (C) 2003-2014 Free Software Foundation, Inc. +# Copyright (C) 2003-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -983,7 +707,7 @@ AC_SUBST([am__leading_dot])]) # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1033,7 +757,7 @@ rm -f confinc confmf # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997-2014 Free Software Foundation, Inc. +# Copyright (C) 1997-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1072,7 +796,7 @@ fi # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1101,7 +825,7 @@ AC_DEFUN([_AM_SET_OPTIONS], AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1148,7 +872,7 @@ AC_LANG_POP([C])]) # For backward compatibility. AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1167,7 +891,7 @@ AC_DEFUN([AM_RUN_LOG], # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1248,7 +972,7 @@ AC_CONFIG_COMMANDS_PRE( rm -f conftest.file ]) -# Copyright (C) 2009-2014 Free Software Foundation, Inc. +# Copyright (C) 2009-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1308,7 +1032,7 @@ AC_SUBST([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1336,7 +1060,7 @@ fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006-2014 Free Software Foundation, Inc. +# Copyright (C) 2006-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1355,7 +1079,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004-2014 Free Software Foundation, Inc. +# Copyright (C) 2004-2017 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1486,3 +1210,4 @@ AC_SUBST([am__tar]) AC_SUBST([am__untar]) ]) # _AM_PROG_TAR +m4_include([m4/pkg.m4]) diff --git a/autogen.sh b/autogen.sh new file mode 100755 index 0000000..4b21abf --- /dev/null +++ b/autogen.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +mkdir -p build-aux + +aclocal --install +autoheader +automake --add-missing +autoreconf diff --git a/bin_install/Makefile.in b/bin_install/Makefile.in index da804b6..1403d06 100644 --- a/bin_install/Makefile.in +++ b/bin_install/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.15.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2017 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -93,12 +93,14 @@ PRE_UNINSTALL = : POST_UNINSTALL = : subdir = bin_install ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__aclocal_m4_deps = $(top_srcdir)/m4/pkg.m4 \ + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/lib/config.h +CONFIG_HEADER = $(top_builddir)/lib/config.h \ + $(top_builddir)/lib/config_warnings.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) @@ -179,14 +181,15 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PID_DIR = @PID_DIR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ RANLIB = @RANLIB@ +RUN_DIR = @RUN_DIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SNMP_SERVICE = @SNMP_SERVICE@ SPHINXBUILDNAME = @SPHINXBUILDNAME@ STRIP = @STRIP@ VERSION = @VERSION@ diff --git a/build-aux/ar-lib b/build-aux/ar-lib new file mode 100755 index 0000000..05094d3 --- /dev/null +++ b/build-aux/ar-lib @@ -0,0 +1,270 @@ +#! /bin/sh +# Wrapper for Microsoft lib.exe + +me=ar-lib +scriptversion=2012-03-01.08; # UTC + +# Copyright (C) 2010-2017 Free Software Foundation, Inc. +# Written by Peter Rosin . +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# This file is maintained in Automake, please report +# bugs to or send patches to +# . + + +# func_error message +func_error () +{ + echo "$me: $1" 1>&2 + exit 1 +} + +file_conv= + +# func_file_conv build_file +# Convert a $build file to $host form and store it in $file +# Currently only supports Windows hosts. +func_file_conv () +{ + file=$1 + case $file in + / | /[!/]*) # absolute file, and not a UNC file + if test -z "$file_conv"; then + # lazily determine how to convert abs files + case `uname -s` in + MINGW*) + file_conv=mingw + ;; + CYGWIN*) + file_conv=cygwin + ;; + *) + file_conv=wine + ;; + esac + fi + case $file_conv in + mingw) + file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` + ;; + cygwin) + file=`cygpath -m "$file" || echo "$file"` + ;; + wine) + file=`winepath -w "$file" || echo "$file"` + ;; + esac + ;; + esac +} + +# func_at_file at_file operation archive +# Iterate over all members in AT_FILE performing OPERATION on ARCHIVE +# for each of them. +# When interpreting the content of the @FILE, do NOT use func_file_conv, +# since the user would need to supply preconverted file names to +# binutils ar, at least for MinGW. +func_at_file () +{ + operation=$2 + archive=$3 + at_file_contents=`cat "$1"` + eval set x "$at_file_contents" + shift + + for member + do + $AR -NOLOGO $operation:"$member" "$archive" || exit $? + done +} + +case $1 in + '') + func_error "no command. Try '$0 --help' for more information." + ;; + -h | --h*) + cat <. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# This file is maintained in Automake, please report +# bugs to or send patches to +# . + +nl=' +' + +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent tools from complaining about whitespace usage. +IFS=" "" $nl" + +file_conv= + +# func_file_conv build_file lazy +# Convert a $build file to $host form and store it in $file +# Currently only supports Windows hosts. If the determined conversion +# type is listed in (the comma separated) LAZY, no conversion will +# take place. +func_file_conv () +{ + file=$1 + case $file in + / | /[!/]*) # absolute file, and not a UNC file + if test -z "$file_conv"; then + # lazily determine how to convert abs files + case `uname -s` in + MINGW*) + file_conv=mingw + ;; + CYGWIN*) + file_conv=cygwin + ;; + *) + file_conv=wine + ;; + esac + fi + case $file_conv/,$2, in + *,$file_conv,*) + ;; + mingw/*) + file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` + ;; + cygwin/*) + file=`cygpath -m "$file" || echo "$file"` + ;; + wine/*) + file=`winepath -w "$file" || echo "$file"` + ;; + esac + ;; + esac +} + +# func_cl_dashL linkdir +# Make cl look for libraries in LINKDIR +func_cl_dashL () +{ + func_file_conv "$1" + if test -z "$lib_path"; then + lib_path=$file + else + lib_path="$lib_path;$file" + fi + linker_opts="$linker_opts -LIBPATH:$file" +} + +# func_cl_dashl library +# Do a library search-path lookup for cl +func_cl_dashl () +{ + lib=$1 + found=no + save_IFS=$IFS + IFS=';' + for dir in $lib_path $LIB + do + IFS=$save_IFS + if $shared && test -f "$dir/$lib.dll.lib"; then + found=yes + lib=$dir/$lib.dll.lib + break + fi + if test -f "$dir/$lib.lib"; then + found=yes + lib=$dir/$lib.lib + break + fi + if test -f "$dir/lib$lib.a"; then + found=yes + lib=$dir/lib$lib.a + break + fi + done + IFS=$save_IFS + + if test "$found" != yes; then + lib=$lib.lib + fi +} + +# func_cl_wrapper cl arg... +# Adjust compile command to suit cl +func_cl_wrapper () +{ + # Assume a capable shell + lib_path= + shared=: + linker_opts= + for arg + do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + eat=1 + case $2 in + *.o | *.[oO][bB][jJ]) + func_file_conv "$2" + set x "$@" -Fo"$file" + shift + ;; + *) + func_file_conv "$2" + set x "$@" -Fe"$file" + shift + ;; + esac + ;; + -I) + eat=1 + func_file_conv "$2" mingw + set x "$@" -I"$file" + shift + ;; + -I*) + func_file_conv "${1#-I}" mingw + set x "$@" -I"$file" + shift + ;; + -l) + eat=1 + func_cl_dashl "$2" + set x "$@" "$lib" + shift + ;; + -l*) + func_cl_dashl "${1#-l}" + set x "$@" "$lib" + shift + ;; + -L) + eat=1 + func_cl_dashL "$2" + ;; + -L*) + func_cl_dashL "${1#-L}" + ;; + -static) + shared=false + ;; + -Wl,*) + arg=${1#-Wl,} + save_ifs="$IFS"; IFS=',' + for flag in $arg; do + IFS="$save_ifs" + linker_opts="$linker_opts $flag" + done + IFS="$save_ifs" + ;; + -Xlinker) + eat=1 + linker_opts="$linker_opts $2" + ;; + -*) + set x "$@" "$1" + shift + ;; + *.cc | *.CC | *.cxx | *.CXX | *.[cC]++) + func_file_conv "$1" + set x "$@" -Tp"$file" + shift + ;; + *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO]) + func_file_conv "$1" mingw + set x "$@" "$file" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift + done + if test -n "$linker_opts"; then + linker_opts="-link$linker_opts" + fi + exec "$@" $linker_opts + exit 1 +} + +eat= + +case $1 in + '') + echo "$0: No command. Try '$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: compile [--help] [--version] PROGRAM [ARGS] + +Wrapper for compilers which do not understand '-c -o'. +Remove '-o dest.o' from ARGS, run PROGRAM with the remaining +arguments, and rename the output as expected. + +If you are trying to build a whole package this is not the +right script to run: please start by reading the file 'INSTALL'. + +Report bugs to . +EOF + exit $? + ;; + -v | --v*) + echo "compile $scriptversion" + exit $? + ;; + cl | *[/\\]cl | cl.exe | *[/\\]cl.exe ) + func_cl_wrapper "$@" # Doesn't return... + ;; +esac + +ofile= +cfile= + +for arg +do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + # So we strip '-o arg' only if arg is an object. + eat=1 + case $2 in + *.o | *.obj) + ofile=$2 + ;; + *) + set x "$@" -o "$2" + shift + ;; + esac + ;; + *.c) + cfile=$1 + set x "$@" "$1" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift +done + +if test -z "$ofile" || test -z "$cfile"; then + # If no '-o' option was seen then we might have been invoked from a + # pattern rule where we don't need one. That is ok -- this is a + # normal compilation that the losing compiler can handle. If no + # '.c' file was seen then we are probably linking. That is also + # ok. + exec "$@" +fi + +# Name of file we expect compiler to create. +cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'` + +# Create the lock directory. +# Note: use '[/\\:.-]' here to ensure that we don't use the same name +# that we are using for the .o file. Also, base the name on the expected +# object file name, since that is what matters with a parallel build. +lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d +while true; do + if mkdir "$lockdir" >/dev/null 2>&1; then + break + fi + sleep 1 +done +# FIXME: race condition here if user kills between mkdir and trap. +trap "rmdir '$lockdir'; exit 1" 1 2 15 + +# Run the compile. +"$@" +ret=$? + +if test -f "$cofile"; then + test "$cofile" = "$ofile" || mv "$cofile" "$ofile" +elif test -f "${cofile}bj"; then + test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile" +fi + +rmdir "$lockdir" +exit $ret + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff --git a/build-aux/depcomp b/build-aux/depcomp new file mode 100755 index 0000000..b39f98f --- /dev/null +++ b/build-aux/depcomp @@ -0,0 +1,791 @@ +#! /bin/sh +# depcomp - compile a program generating dependencies as side-effects + +scriptversion=2016-01-11.22; # UTC + +# Copyright (C) 1999-2017 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Originally written by Alexandre Oliva . + +case $1 in + '') + echo "$0: No command. Try '$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: depcomp [--help] [--version] PROGRAM [ARGS] + +Run PROGRAMS ARGS to compile a file, generating dependencies +as side-effects. + +Environment variables: + depmode Dependency tracking mode. + source Source file read by 'PROGRAMS ARGS'. + object Object file output by 'PROGRAMS ARGS'. + DEPDIR directory where to store dependencies. + depfile Dependency file to output. + tmpdepfile Temporary file to use when outputting dependencies. + libtool Whether libtool is used (yes/no). + +Report bugs to . +EOF + exit $? + ;; + -v | --v*) + echo "depcomp $scriptversion" + exit $? + ;; +esac + +# Get the directory component of the given path, and save it in the +# global variables '$dir'. Note that this directory component will +# be either empty or ending with a '/' character. This is deliberate. +set_dir_from () +{ + case $1 in + */*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;; + *) dir=;; + esac +} + +# Get the suffix-stripped basename of the given path, and save it the +# global variable '$base'. +set_base_from () +{ + base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'` +} + +# If no dependency file was actually created by the compiler invocation, +# we still have to create a dummy depfile, to avoid errors with the +# Makefile "include basename.Plo" scheme. +make_dummy_depfile () +{ + echo "#dummy" > "$depfile" +} + +# Factor out some common post-processing of the generated depfile. +# Requires the auxiliary global variable '$tmpdepfile' to be set. +aix_post_process_depfile () +{ + # If the compiler actually managed to produce a dependency file, + # post-process it. + if test -f "$tmpdepfile"; then + # Each line is of the form 'foo.o: dependency.h'. + # Do two passes, one to just change these to + # $object: dependency.h + # and one to simply output + # dependency.h: + # which is needed to avoid the deleted-header problem. + { sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile" + sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile" + } > "$depfile" + rm -f "$tmpdepfile" + else + make_dummy_depfile + fi +} + +# A tabulation character. +tab=' ' +# A newline character. +nl=' +' +# Character ranges might be problematic outside the C locale. +# These definitions help. +upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ +lower=abcdefghijklmnopqrstuvwxyz +digits=0123456789 +alpha=${upper}${lower} + +if test -z "$depmode" || test -z "$source" || test -z "$object"; then + echo "depcomp: Variables source, object and depmode must be set" 1>&2 + exit 1 +fi + +# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po. +depfile=${depfile-`echo "$object" | + sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`} +tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} + +rm -f "$tmpdepfile" + +# Avoid interferences from the environment. +gccflag= dashmflag= + +# Some modes work just like other modes, but use different flags. We +# parameterize here, but still list the modes in the big case below, +# to make depend.m4 easier to write. Note that we *cannot* use a case +# here, because this file can only contain one case statement. +if test "$depmode" = hp; then + # HP compiler uses -M and no extra arg. + gccflag=-M + depmode=gcc +fi + +if test "$depmode" = dashXmstdout; then + # This is just like dashmstdout with a different argument. + dashmflag=-xM + depmode=dashmstdout +fi + +cygpath_u="cygpath -u -f -" +if test "$depmode" = msvcmsys; then + # This is just like msvisualcpp but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvisualcpp +fi + +if test "$depmode" = msvc7msys; then + # This is just like msvc7 but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvc7 +fi + +if test "$depmode" = xlc; then + # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information. + gccflag=-qmakedep=gcc,-MF + depmode=gcc +fi + +case "$depmode" in +gcc3) +## gcc 3 implements dependency tracking that does exactly what +## we want. Yay! Note: for some reason libtool 1.4 doesn't like +## it if -MD -MP comes after the -MF stuff. Hmm. +## Unfortunately, FreeBSD c89 acceptance of flags depends upon +## the command line argument order; so add the flags where they +## appear in depend2.am. Note that the slowdown incurred here +## affects only configure: in makefiles, %FASTDEP% shortcuts this. + for arg + do + case $arg in + -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;; + *) set fnord "$@" "$arg" ;; + esac + shift # fnord + shift # $arg + done + "$@" + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + mv "$tmpdepfile" "$depfile" + ;; + +gcc) +## Note that this doesn't just cater to obsosete pre-3.x GCC compilers. +## but also to in-use compilers like IMB xlc/xlC and the HP C compiler. +## (see the conditional assignment to $gccflag above). +## There are various ways to get dependency output from gcc. Here's +## why we pick this rather obscure method: +## - Don't want to use -MD because we'd like the dependencies to end +## up in a subdir. Having to rename by hand is ugly. +## (We might end up doing this anyway to support other compilers.) +## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like +## -MM, not -M (despite what the docs say). Also, it might not be +## supported by the other compilers which use the 'gcc' depmode. +## - Using -M directly means running the compiler twice (even worse +## than renaming). + if test -z "$gccflag"; then + gccflag=-MD, + fi + "$@" -Wp,"$gccflag$tmpdepfile" + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + # The second -e expression handles DOS-style file names with drive + # letters. + sed -e 's/^[^:]*: / /' \ + -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" +## This next piece of magic avoids the "deleted header file" problem. +## The problem is that when a header file which appears in a .P file +## is deleted, the dependency causes make to die (because there is +## typically no way to rebuild the header). We avoid this by adding +## dummy dependencies for each header file. Too bad gcc doesn't do +## this for us directly. +## Some versions of gcc put a space before the ':'. On the theory +## that the space means something, we add a space to the output as +## well. hp depmode also adds that space, but also prefixes the VPATH +## to the object. Take care to not repeat it in the output. +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +hp) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +sgi) + if test "$libtool" = yes; then + "$@" "-Wp,-MDupdate,$tmpdepfile" + else + "$@" -MDupdate "$tmpdepfile" + fi + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + + if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files + echo "$object : \\" > "$depfile" + # Clip off the initial element (the dependent). Don't try to be + # clever and replace this with sed code, as IRIX sed won't handle + # lines with more than a fixed number of characters (4096 in + # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; + # the IRIX cc adds comments like '#:fec' to the end of the + # dependency line. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \ + | tr "$nl" ' ' >> "$depfile" + echo >> "$depfile" + # The second pass generates a dummy entry for each header file. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ + >> "$depfile" + else + make_dummy_depfile + fi + rm -f "$tmpdepfile" + ;; + +xlc) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +aix) + # The C for AIX Compiler uses -M and outputs the dependencies + # in a .u file. In older versions, this file always lives in the + # current directory. Also, the AIX compiler puts '$object:' at the + # start of each line; $object doesn't have directory information. + # Version 6 uses the directory in both cases. + set_dir_from "$object" + set_base_from "$object" + if test "$libtool" = yes; then + tmpdepfile1=$dir$base.u + tmpdepfile2=$base.u + tmpdepfile3=$dir.libs/$base.u + "$@" -Wc,-M + else + tmpdepfile1=$dir$base.u + tmpdepfile2=$dir$base.u + tmpdepfile3=$dir$base.u + "$@" -M + fi + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + do + test -f "$tmpdepfile" && break + done + aix_post_process_depfile + ;; + +tcc) + # tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26 + # FIXME: That version still under development at the moment of writing. + # Make that this statement remains true also for stable, released + # versions. + # It will wrap lines (doesn't matter whether long or short) with a + # trailing '\', as in: + # + # foo.o : \ + # foo.c \ + # foo.h \ + # + # It will put a trailing '\' even on the last line, and will use leading + # spaces rather than leading tabs (at least since its commit 0394caf7 + # "Emit spaces for -MD"). + "$@" -MD -MF "$tmpdepfile" + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + # Each non-empty line is of the form 'foo.o : \' or ' dep.h \'. + # We have to change lines of the first kind to '$object: \'. + sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile" + # And for each line of the second kind, we have to emit a 'dep.h:' + # dummy dependency, to avoid the deleted-header problem. + sed -n -e 's|^ *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile" + rm -f "$tmpdepfile" + ;; + +## The order of this option in the case statement is important, since the +## shell code in configure will try each of these formats in the order +## listed in this file. A plain '-MD' option would be understood by many +## compilers, so we must ensure this comes after the gcc and icc options. +pgcc) + # Portland's C compiler understands '-MD'. + # Will always output deps to 'file.d' where file is the root name of the + # source file under compilation, even if file resides in a subdirectory. + # The object file name does not affect the name of the '.d' file. + # pgcc 10.2 will output + # foo.o: sub/foo.c sub/foo.h + # and will wrap long lines using '\' : + # foo.o: sub/foo.c ... \ + # sub/foo.h ... \ + # ... + set_dir_from "$object" + # Use the source, not the object, to determine the base name, since + # that's sadly what pgcc will do too. + set_base_from "$source" + tmpdepfile=$base.d + + # For projects that build the same source file twice into different object + # files, the pgcc approach of using the *source* file root name can cause + # problems in parallel builds. Use a locking strategy to avoid stomping on + # the same $tmpdepfile. + lockdir=$base.d-lock + trap " + echo '$0: caught signal, cleaning up...' >&2 + rmdir '$lockdir' + exit 1 + " 1 2 13 15 + numtries=100 + i=$numtries + while test $i -gt 0; do + # mkdir is a portable test-and-set. + if mkdir "$lockdir" 2>/dev/null; then + # This process acquired the lock. + "$@" -MD + stat=$? + # Release the lock. + rmdir "$lockdir" + break + else + # If the lock is being held by a different process, wait + # until the winning process is done or we timeout. + while test -d "$lockdir" && test $i -gt 0; do + sleep 1 + i=`expr $i - 1` + done + fi + i=`expr $i - 1` + done + trap - 1 2 13 15 + if test $i -le 0; then + echo "$0: failed to acquire lock after $numtries attempts" >&2 + echo "$0: check lockdir '$lockdir'" >&2 + exit 1 + fi + + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + # Each line is of the form `foo.o: dependent.h', + # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'. + # Do two passes, one to just change these to + # `$object: dependent.h' and one to simply `dependent.h:'. + sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process this invocation + # correctly. Breaking it into two sed invocations is a workaround. + sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +hp2) + # The "hp" stanza above does not work with aCC (C++) and HP's ia64 + # compilers, which have integrated preprocessors. The correct option + # to use with these is +Maked; it writes dependencies to a file named + # 'foo.d', which lands next to the object file, wherever that + # happens to be. + # Much of this is similar to the tru64 case; see comments there. + set_dir_from "$object" + set_base_from "$object" + if test "$libtool" = yes; then + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir.libs/$base.d + "$@" -Wc,+Maked + else + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir$base.d + "$@" +Maked + fi + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" + do + test -f "$tmpdepfile" && break + done + if test -f "$tmpdepfile"; then + sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile" + # Add 'dependent.h:' lines. + sed -ne '2,${ + s/^ *// + s/ \\*$// + s/$/:/ + p + }' "$tmpdepfile" >> "$depfile" + else + make_dummy_depfile + fi + rm -f "$tmpdepfile" "$tmpdepfile2" + ;; + +tru64) + # The Tru64 compiler uses -MD to generate dependencies as a side + # effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'. + # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put + # dependencies in 'foo.d' instead, so we check for that too. + # Subdirectories are respected. + set_dir_from "$object" + set_base_from "$object" + + if test "$libtool" = yes; then + # Libtool generates 2 separate objects for the 2 libraries. These + # two compilations output dependencies in $dir.libs/$base.o.d and + # in $dir$base.o.d. We have to check for both files, because + # one of the two compilations can be disabled. We should prefer + # $dir$base.o.d over $dir.libs/$base.o.d because the latter is + # automatically cleaned when .libs/ is deleted, while ignoring + # the former would cause a distcleancheck panic. + tmpdepfile1=$dir$base.o.d # libtool 1.5 + tmpdepfile2=$dir.libs/$base.o.d # Likewise. + tmpdepfile3=$dir.libs/$base.d # Compaq CCC V6.2-504 + "$@" -Wc,-MD + else + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir$base.d + tmpdepfile3=$dir$base.d + "$@" -MD + fi + + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + do + test -f "$tmpdepfile" && break + done + # Same post-processing that is required for AIX mode. + aix_post_process_depfile + ;; + +msvc7) + if test "$libtool" = yes; then + showIncludes=-Wc,-showIncludes + else + showIncludes=-showIncludes + fi + "$@" $showIncludes > "$tmpdepfile" + stat=$? + grep -v '^Note: including file: ' "$tmpdepfile" + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + # The first sed program below extracts the file names and escapes + # backslashes for cygpath. The second sed program outputs the file + # name when reading, but also accumulates all include files in the + # hold buffer in order to output them again at the end. This only + # works with sed implementations that can handle large buffers. + sed < "$tmpdepfile" -n ' +/^Note: including file: *\(.*\)/ { + s//\1/ + s/\\/\\\\/g + p +}' | $cygpath_u | sort -u | sed -n ' +s/ /\\ /g +s/\(.*\)/'"$tab"'\1 \\/p +s/.\(.*\) \\/\1:/ +H +$ { + s/.*/'"$tab"'/ + G + p +}' >> "$depfile" + echo >> "$depfile" # make sure the fragment doesn't end with a backslash + rm -f "$tmpdepfile" + ;; + +msvc7msys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +#nosideeffect) + # This comment above is used by automake to tell side-effect + # dependency tracking mechanisms from slower ones. + +dashmstdout) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout, regardless of -o. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + # Remove '-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + test -z "$dashmflag" && dashmflag=-M + # Require at least two characters before searching for ':' + # in the target name. This is to cope with DOS-style filenames: + # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise. + "$@" $dashmflag | + sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile" + rm -f "$depfile" + cat < "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process this sed invocation + # correctly. Breaking it into two sed invocations is a workaround. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +dashXmstdout) + # This case only exists to satisfy depend.m4. It is never actually + # run, as this mode is specially recognized in the preamble. + exit 1 + ;; + +makedepend) + "$@" || exit $? + # Remove any Libtool call + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + # X makedepend + shift + cleared=no eat=no + for arg + do + case $cleared in + no) + set ""; shift + cleared=yes ;; + esac + if test $eat = yes; then + eat=no + continue + fi + case "$arg" in + -D*|-I*) + set fnord "$@" "$arg"; shift ;; + # Strip any option that makedepend may not understand. Remove + # the object too, otherwise makedepend will parse it as a source file. + -arch) + eat=yes ;; + -*|$object) + ;; + *) + set fnord "$@" "$arg"; shift ;; + esac + done + obj_suffix=`echo "$object" | sed 's/^.*\././'` + touch "$tmpdepfile" + ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" + rm -f "$depfile" + # makedepend may prepend the VPATH from the source file name to the object. + # No need to regex-escape $object, excess matching of '.' is harmless. + sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process the last invocation + # correctly. Breaking it into two sed invocations is a workaround. + sed '1,2d' "$tmpdepfile" \ + | tr ' ' "$nl" \ + | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" "$tmpdepfile".bak + ;; + +cpp) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + # Remove '-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + "$@" -E \ + | sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ + -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ + | sed '$ s: \\$::' > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + cat < "$tmpdepfile" >> "$depfile" + sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvisualcpp) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + IFS=" " + for arg + do + case "$arg" in + -o) + shift + ;; + $object) + shift + ;; + "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") + set fnord "$@" + shift + shift + ;; + *) + set fnord "$@" "$arg" + shift + shift + ;; + esac + done + "$@" -E 2>/dev/null | + sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile" + echo "$tab" >> "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvcmsys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +none) + exec "$@" + ;; + +*) + echo "Unknown depmode $depmode" 1>&2 + exit 1 + ;; +esac + +exit 0 + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC0" +# time-stamp-end: "; # UTC" +# End: diff --git a/build-aux/install-sh b/build-aux/install-sh new file mode 100755 index 0000000..59990a1 --- /dev/null +++ b/build-aux/install-sh @@ -0,0 +1,508 @@ +#!/bin/sh +# install - install a program, script, or datafile + +scriptversion=2014-09-12.12; # UTC + +# This originates from X11R5 (mit/util/scripts/install.sh), which was +# later released in X11R6 (xc/config/util/install.sh) with the +# following copyright and license. +# +# Copyright (C) 1994 X Consortium +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- +# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# +# Except as contained in this notice, the name of the X Consortium shall not +# be used in advertising or otherwise to promote the sale, use or other deal- +# ings in this Software without prior written authorization from the X Consor- +# tium. +# +# +# FSF changes to this file are in the public domain. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# 'make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. + +tab=' ' +nl=' +' +IFS=" $tab$nl" + +# Set DOITPROG to "echo" to test this script. + +doit=${DOITPROG-} +doit_exec=${doit:-exec} + +# Put in absolute file names if you don't have them in your path; +# or use environment vars. + +chgrpprog=${CHGRPPROG-chgrp} +chmodprog=${CHMODPROG-chmod} +chownprog=${CHOWNPROG-chown} +cmpprog=${CMPPROG-cmp} +cpprog=${CPPROG-cp} +mkdirprog=${MKDIRPROG-mkdir} +mvprog=${MVPROG-mv} +rmprog=${RMPROG-rm} +stripprog=${STRIPPROG-strip} + +posix_mkdir= + +# Desired mode of installed file. +mode=0755 + +chgrpcmd= +chmodcmd=$chmodprog +chowncmd= +mvcmd=$mvprog +rmcmd="$rmprog -f" +stripcmd= + +src= +dst= +dir_arg= +dst_arg= + +copy_on_change=false +is_target_a_directory=possibly + +usage="\ +Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE + or: $0 [OPTION]... SRCFILES... DIRECTORY + or: $0 [OPTION]... -t DIRECTORY SRCFILES... + or: $0 [OPTION]... -d DIRECTORIES... + +In the 1st form, copy SRCFILE to DSTFILE. +In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. +In the 4th, create DIRECTORIES. + +Options: + --help display this help and exit. + --version display version info and exit. + + -c (ignored) + -C install only if different (preserve the last data modification time) + -d create directories instead of installing files. + -g GROUP $chgrpprog installed files to GROUP. + -m MODE $chmodprog installed files to MODE. + -o USER $chownprog installed files to USER. + -s $stripprog installed files. + -t DIRECTORY install into DIRECTORY. + -T report an error if DSTFILE is a directory. + +Environment variables override the default commands: + CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG + RMPROG STRIPPROG +" + +while test $# -ne 0; do + case $1 in + -c) ;; + + -C) copy_on_change=true;; + + -d) dir_arg=true;; + + -g) chgrpcmd="$chgrpprog $2" + shift;; + + --help) echo "$usage"; exit $?;; + + -m) mode=$2 + case $mode in + *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*) + echo "$0: invalid mode: $mode" >&2 + exit 1;; + esac + shift;; + + -o) chowncmd="$chownprog $2" + shift;; + + -s) stripcmd=$stripprog;; + + -t) + is_target_a_directory=always + dst_arg=$2 + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + shift;; + + -T) is_target_a_directory=never;; + + --version) echo "$0 $scriptversion"; exit $?;; + + --) shift + break;; + + -*) echo "$0: invalid option: $1" >&2 + exit 1;; + + *) break;; + esac + shift +done + +# We allow the use of options -d and -T together, by making -d +# take the precedence; this is for compatibility with GNU install. + +if test -n "$dir_arg"; then + if test -n "$dst_arg"; then + echo "$0: target directory not allowed when installing a directory." >&2 + exit 1 + fi +fi + +if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then + # When -d is used, all remaining arguments are directories to create. + # When -t is used, the destination is already specified. + # Otherwise, the last argument is the destination. Remove it from $@. + for arg + do + if test -n "$dst_arg"; then + # $@ is not empty: it contains at least $arg. + set fnord "$@" "$dst_arg" + shift # fnord + fi + shift # arg + dst_arg=$arg + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + done +fi + +if test $# -eq 0; then + if test -z "$dir_arg"; then + echo "$0: no input file specified." >&2 + exit 1 + fi + # It's OK to call 'install-sh -d' without argument. + # This can happen when creating conditional directories. + exit 0 +fi + +if test -z "$dir_arg"; then + if test $# -gt 1 || test "$is_target_a_directory" = always; then + if test ! -d "$dst_arg"; then + echo "$0: $dst_arg: Is not a directory." >&2 + exit 1 + fi + fi +fi + +if test -z "$dir_arg"; then + do_exit='(exit $ret); exit $ret' + trap "ret=129; $do_exit" 1 + trap "ret=130; $do_exit" 2 + trap "ret=141; $do_exit" 13 + trap "ret=143; $do_exit" 15 + + # Set umask so as not to create temps with too-generous modes. + # However, 'strip' requires both read and write access to temps. + case $mode in + # Optimize common cases. + *644) cp_umask=133;; + *755) cp_umask=22;; + + *[0-7]) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw='% 200' + fi + cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; + *) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw=,u+rw + fi + cp_umask=$mode$u_plus_rw;; + esac +fi + +for src +do + # Protect names problematic for 'test' and other utilities. + case $src in + -* | [=\(\)!]) src=./$src;; + esac + + if test -n "$dir_arg"; then + dst=$src + dstdir=$dst + test -d "$dstdir" + dstdir_status=$? + else + + # Waiting for this to be detected by the "$cpprog $src $dsttmp" command + # might cause directories to be created, which would be especially bad + # if $src (and thus $dsttmp) contains '*'. + if test ! -f "$src" && test ! -d "$src"; then + echo "$0: $src does not exist." >&2 + exit 1 + fi + + if test -z "$dst_arg"; then + echo "$0: no destination specified." >&2 + exit 1 + fi + dst=$dst_arg + + # If destination is a directory, append the input filename; won't work + # if double slashes aren't ignored. + if test -d "$dst"; then + if test "$is_target_a_directory" = never; then + echo "$0: $dst_arg: Is a directory" >&2 + exit 1 + fi + dstdir=$dst + dst=$dstdir/`basename "$src"` + dstdir_status=0 + else + dstdir=`dirname "$dst"` + test -d "$dstdir" + dstdir_status=$? + fi + fi + + obsolete_mkdir_used=false + + if test $dstdir_status != 0; then + case $posix_mkdir in + '') + # Create intermediate dirs using mode 755 as modified by the umask. + # This is like FreeBSD 'install' as of 1997-10-28. + umask=`umask` + case $stripcmd.$umask in + # Optimize common cases. + *[2367][2367]) mkdir_umask=$umask;; + .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; + + *[0-7]) + mkdir_umask=`expr $umask + 22 \ + - $umask % 100 % 40 + $umask % 20 \ + - $umask % 10 % 4 + $umask % 2 + `;; + *) mkdir_umask=$umask,go-w;; + esac + + # With -d, create the new directory with the user-specified mode. + # Otherwise, rely on $mkdir_umask. + if test -n "$dir_arg"; then + mkdir_mode=-m$mode + else + mkdir_mode= + fi + + posix_mkdir=false + case $umask in + *[123567][0-7][0-7]) + # POSIX mkdir -p sets u+wx bits regardless of umask, which + # is incompatible with FreeBSD 'install' when (umask & 300) != 0. + ;; + *) + # $RANDOM is not portable (e.g. dash); use it when possible to + # lower collision chance + tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ + trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0 + + # As "mkdir -p" follows symlinks and we work in /tmp possibly; so + # create the $tmpdir first (and fail if unsuccessful) to make sure + # that nobody tries to guess the $tmpdir name. + if (umask $mkdir_umask && + $mkdirprog $mkdir_mode "$tmpdir" && + exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1 + then + if test -z "$dir_arg" || { + # Check for POSIX incompatibilities with -m. + # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or + # other-writable bit of parent directory when it shouldn't. + # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. + test_tmpdir="$tmpdir/a" + ls_ld_tmpdir=`ls -ld "$test_tmpdir"` + case $ls_ld_tmpdir in + d????-?r-*) different_mode=700;; + d????-?--*) different_mode=755;; + *) false;; + esac && + $mkdirprog -m$different_mode -p -- "$test_tmpdir" && { + ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"` + test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" + } + } + then posix_mkdir=: + fi + rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" + else + # Remove any dirs left behind by ancient mkdir implementations. + rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null + fi + trap '' 0;; + esac;; + esac + + if + $posix_mkdir && ( + umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" + ) + then : + else + + # The umask is ridiculous, or mkdir does not conform to POSIX, + # or it failed possibly due to a race condition. Create the + # directory the slow way, step by step, checking for races as we go. + + case $dstdir in + /*) prefix='/';; + [-=\(\)!]*) prefix='./';; + *) prefix='';; + esac + + oIFS=$IFS + IFS=/ + set -f + set fnord $dstdir + shift + set +f + IFS=$oIFS + + prefixes= + + for d + do + test X"$d" = X && continue + + prefix=$prefix$d + if test -d "$prefix"; then + prefixes= + else + if $posix_mkdir; then + (umask=$mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break + # Don't fail if two instances are running concurrently. + test -d "$prefix" || exit 1 + else + case $prefix in + *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; + *) qprefix=$prefix;; + esac + prefixes="$prefixes '$qprefix'" + fi + fi + prefix=$prefix/ + done + + if test -n "$prefixes"; then + # Don't fail if two instances are running concurrently. + (umask $mkdir_umask && + eval "\$doit_exec \$mkdirprog $prefixes") || + test -d "$dstdir" || exit 1 + obsolete_mkdir_used=true + fi + fi + fi + + if test -n "$dir_arg"; then + { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && + { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || + test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 + else + + # Make a couple of temp file names in the proper directory. + dsttmp=$dstdir/_inst.$$_ + rmtmp=$dstdir/_rm.$$_ + + # Trap to clean up those temp files at exit. + trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 + + # Copy the file name to the temp name. + (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && + + # and set any options; do chmod last to preserve setuid bits. + # + # If any of these fail, we abort the whole thing. If we want to + # ignore errors from any of these, just make sure not to ignore + # errors from the above "$doit $cpprog $src $dsttmp" command. + # + { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && + { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && + { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && + + # If -C, don't bother to copy if it wouldn't change the file. + if $copy_on_change && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && + set -f && + set X $old && old=:$2:$4:$5:$6 && + set X $new && new=:$2:$4:$5:$6 && + set +f && + test "$old" = "$new" && + $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 + then + rm -f "$dsttmp" + else + # Rename the file to the real destination. + $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || + + # The rename failed, perhaps because mv can't rename something else + # to itself, or perhaps because mv is so ancient that it does not + # support -f. + { + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd -f "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" + } + fi || exit 1 + + trap '' 0 + fi +done + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff --git a/build-aux/missing b/build-aux/missing new file mode 100755 index 0000000..f62bbae --- /dev/null +++ b/build-aux/missing @@ -0,0 +1,215 @@ +#! /bin/sh +# Common wrapper for a few potentially missing GNU programs. + +scriptversion=2013-10-28.13; # UTC + +# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Originally written by Fran,cois Pinard , 1996. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +if test $# -eq 0; then + echo 1>&2 "Try '$0 --help' for more information" + exit 1 +fi + +case $1 in + + --is-lightweight) + # Used by our autoconf macros to check whether the available missing + # script is modern enough. + exit 0 + ;; + + --run) + # Back-compat with the calling convention used by older automake. + shift + ;; + + -h|--h|--he|--hel|--help) + echo "\ +$0 [OPTION]... PROGRAM [ARGUMENT]... + +Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due +to PROGRAM being missing or too old. + +Options: + -h, --help display this help and exit + -v, --version output version information and exit + +Supported PROGRAM values: + aclocal autoconf autoheader autom4te automake makeinfo + bison yacc flex lex help2man + +Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and +'g' are ignored when checking the name. + +Send bug reports to ." + exit $? + ;; + + -v|--v|--ve|--ver|--vers|--versi|--versio|--version) + echo "missing $scriptversion (GNU Automake)" + exit $? + ;; + + -*) + echo 1>&2 "$0: unknown '$1' option" + echo 1>&2 "Try '$0 --help' for more information" + exit 1 + ;; + +esac + +# Run the given program, remember its exit status. +"$@"; st=$? + +# If it succeeded, we are done. +test $st -eq 0 && exit 0 + +# Also exit now if we it failed (or wasn't found), and '--version' was +# passed; such an option is passed most likely to detect whether the +# program is present and works. +case $2 in --version|--help) exit $st;; esac + +# Exit code 63 means version mismatch. This often happens when the user +# tries to use an ancient version of a tool on a file that requires a +# minimum version. +if test $st -eq 63; then + msg="probably too old" +elif test $st -eq 127; then + # Program was missing. + msg="missing on your system" +else + # Program was found and executed, but failed. Give up. + exit $st +fi + +perl_URL=http://www.perl.org/ +flex_URL=http://flex.sourceforge.net/ +gnu_software_URL=http://www.gnu.org/software + +program_details () +{ + case $1 in + aclocal|automake) + echo "The '$1' program is part of the GNU Automake package:" + echo "<$gnu_software_URL/automake>" + echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/autoconf>" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + autoconf|autom4te|autoheader) + echo "The '$1' program is part of the GNU Autoconf package:" + echo "<$gnu_software_URL/autoconf/>" + echo "It also requires GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + esac +} + +give_advice () +{ + # Normalize program name to check for. + normalized_program=`echo "$1" | sed ' + s/^gnu-//; t + s/^gnu//; t + s/^g//; t'` + + printf '%s\n' "'$1' is $msg." + + configure_deps="'configure.ac' or m4 files included by 'configure.ac'" + case $normalized_program in + autoconf*) + echo "You should only need it if you modified 'configure.ac'," + echo "or m4 files included by it." + program_details 'autoconf' + ;; + autoheader*) + echo "You should only need it if you modified 'acconfig.h' or" + echo "$configure_deps." + program_details 'autoheader' + ;; + automake*) + echo "You should only need it if you modified 'Makefile.am' or" + echo "$configure_deps." + program_details 'automake' + ;; + aclocal*) + echo "You should only need it if you modified 'acinclude.m4' or" + echo "$configure_deps." + program_details 'aclocal' + ;; + autom4te*) + echo "You might have modified some maintainer files that require" + echo "the 'autom4te' program to be rebuilt." + program_details 'autom4te' + ;; + bison*|yacc*) + echo "You should only need it if you modified a '.y' file." + echo "You may want to install the GNU Bison package:" + echo "<$gnu_software_URL/bison/>" + ;; + lex*|flex*) + echo "You should only need it if you modified a '.l' file." + echo "You may want to install the Fast Lexical Analyzer package:" + echo "<$flex_URL>" + ;; + help2man*) + echo "You should only need it if you modified a dependency" \ + "of a man page." + echo "You may want to install the GNU Help2man package:" + echo "<$gnu_software_URL/help2man/>" + ;; + makeinfo*) + echo "You should only need it if you modified a '.texi' file, or" + echo "any other file indirectly affecting the aspect of the manual." + echo "You might want to install the Texinfo package:" + echo "<$gnu_software_URL/texinfo/>" + echo "The spurious makeinfo call might also be the consequence of" + echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might" + echo "want to install GNU make:" + echo "<$gnu_software_URL/make/>" + ;; + *) + echo "You might have modified some files without having the proper" + echo "tools for further handling them. Check the 'README' file, it" + echo "often tells you about the needed prerequisites for installing" + echo "this package. You may also peek at any GNU archive site, in" + echo "case some other package contains this missing '$1' program." + ;; + esac +} + +give_advice "$1" | sed -e '1s/^/WARNING: /' \ + -e '2,$s/^/ /' >&2 + +# Propagate the correct exit status (expected to be 127 for a program +# not found, 63 for a program that failed due to version mismatch). +exit $st + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff --git a/build_setup b/build_setup new file mode 100755 index 0000000..4b21abf --- /dev/null +++ b/build_setup @@ -0,0 +1,8 @@ +#!/bin/sh + +mkdir -p build-aux + +aclocal --install +autoheader +automake --add-missing +autoreconf diff --git a/configure b/configure index d89984c..1a16427 100755 --- a/configure +++ b/configure @@ -1,8 +1,8 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for Keepalived 2.0.10. +# Generated by GNU Autoconf 2.69 for Keepalived 2.1.5. # -# Report bugs to . +# Report bugs to . # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -267,10 +267,10 @@ fi $as_echo "$0: be upgraded to zsh 4.3.4 or later." else $as_echo "$0: Please tell bug-autoconf@gnu.org and -$0: keepalived-devel@lists.sourceforge.net about your -$0: system, including any error possibly output before this -$0: message. Then install a modern shell, or manually run -$0: the script under such a shell if you do have one." +$0: keepalived-users@groups.io about your system, including +$0: any error possibly output before this message. Then +$0: install a modern shell, or manually run the script +$0: under such a shell if you do have one." fi exit 1 fi @@ -580,9 +580,9 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='Keepalived' PACKAGE_TARNAME='keepalived' -PACKAGE_VERSION='2.0.10' -PACKAGE_STRING='Keepalived 2.0.10' -PACKAGE_BUGREPORT='keepalived-devel@lists.sourceforge.net' +PACKAGE_VERSION='2.1.5' +PACKAGE_STRING='Keepalived 2.1.5' +PACKAGE_BUGREPORT='keepalived-users@groups.io' PACKAGE_URL='http://www.keepalived.org/' ac_unique_file="keepalived/core/main.c" @@ -625,6 +625,7 @@ ac_includes_default="\ ac_subst_vars='am__EXEEXT_FALSE am__EXEEXT_TRUE LTLIBOBJS +LIBOBJS INIT_SUSE_FALSE INIT_SUSE_TRUE INIT_OPENRC_FALSE @@ -645,13 +646,15 @@ HAVE_RPMBUILD HAVE_RPM PROFILE_FALSE PROFILE_TRUE -DEBUG_FALSE -DEBUG_TRUE +ASSERTS_FALSE +ASSERTS_TRUE +ONE_PROCESS_DEBUG_FALSE +ONE_PROCESS_DEBUG_TRUE BUILD_DOCS_FALSE BUILD_DOCS_TRUE HAVE_SPHINX_BUILD SPHINXBUILDNAME -PID_DIR +RUN_DIR WITH_NAMESPACES_FALSE WITH_NAMESPACES_TRUE WITH_SHA1_FALSE @@ -660,6 +663,7 @@ DBUS_CREATE_INSTANCE_FALSE DBUS_CREATE_INSTANCE_TRUE WITH_DBUS_FALSE WITH_DBUS_TRUE +SNMP_SERVICE SNMP_REPLY_V3_FOR_V2_FALSE SNMP_REPLY_V3_FOR_V2_TRUE SNMP_RFCV3_FALSE @@ -681,6 +685,8 @@ FIB_ROUTING_FALSE FIB_ROUTING_TRUE SOCK_NONBLOCK_FALSE SOCK_NONBLOCK_TRUE +CN_PROC_FALSE +CN_PROC_TRUE WITH_BFD_FALSE WITH_BFD_TRUE WITH_JSON_FALSE @@ -695,10 +701,18 @@ WITH_REGEX_FALSE WITH_REGEX_TRUE WITH_IPVS_FALSE WITH_IPVS_TRUE +FIREWALL_FALSE +FIREWALL_TRUE +NFTABLES_FALSE +NFTABLES_TRUE +LIBIPSET_DYNAMIC_FALSE +LIBIPSET_DYNAMIC_TRUE +LIBIPTC_DYNAMIC_FALSE +LIBIPTC_DYNAMIC_TRUE +IPTABLES_FALSE +IPTABLES_TRUE LIBIPSET_FALSE LIBIPSET_TRUE -LIBIPTC_FALSE -LIBIPTC_TRUE LIBNL_DYNAMIC_FALSE LIBNL_DYNAMIC_TRUE LIBNL3_FALSE @@ -708,13 +722,16 @@ LIBNL1_TRUE BUILD_GENHASH_FALSE BUILD_GENHASH_TRUE GENHASH_LIBS -LIBOBJS EGREP CPP KA_LIBS KA_LDFLAGS KA_CFLAGS KA_CPPFLAGS +WITH_STRICT_CONFIG_CHECKS_FALSE +WITH_STRICT_CONFIG_CHECKS_TRUE +DEBUG_FALSE +DEBUG_TRUE ARFLAGS ac_ct_AR AR @@ -833,24 +850,30 @@ enable_dbus enable_dbus_create_instance enable_sha1 enable_regex +enable_vmac enable_regex_timers enable_json with_init enable_vrrp_auth enable_checksum_compat enable_routes +enable_linkbeat enable_gnu_std_paths enable_dynamic_linking +enable_iptables enable_libiptc_dynamic enable_libipset_dynamic -enable_libxtables_dynamic enable_libnl_dynamic -enable_libiptc enable_libipset +enable_nftables enable_libnl +enable_track_process +with_run_dir enable_strict_config_checks enable_hardening enable_optimise +enable_warnings +enable_extra_warnings enable_mem_check enable_mem_check_log enable_timer_check @@ -866,6 +889,19 @@ enable_epoll_thread_dump enable_regex_debug enable_tsm_debug enable_vrrp_fd_debug +enable_eintr_debug +enable_track_process_debug +enable_parser_debug +enable_checksum_debug +enable_genhash_debug +enable_checker_debug +enable_smtp_connect_debug +enable_mem_err_debug +enable_script_debug +enable_one_process_debug +enable_dump_keywords +enable_network_timestamp +enable_asserts with_fixed_if_type with_default_config_file enable_profile @@ -1437,7 +1473,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Keepalived 2.0.10 to adapt to many kinds of systems. +\`configure' configures Keepalived 2.1.5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1504,7 +1540,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Keepalived 2.0.10:";; + short | recursive ) echo "Configuration of Keepalived 2.1.5:";; esac cat <<\_ACEOF @@ -1529,14 +1565,15 @@ Optional Features: --enable-snmp-rfc compile with SNMP RFC2787 (VRRPv2) and SNMP RFC6527 (VRRPv3) support --enable-snmp-rfcv2 compile with SNMP RFC2787 (VRRPv2) support - --enable-snmp-rfcv3 compile with SNMP RFC6257 (VRRPv3) support + --enable-snmp-rfcv3 compile with SNMP RFC6527 (VRRPv3) support --disable-snmp-reply-v3-for-v2 - disable RFC6257 responses for VRRPv2 instances + disable RFC6527 responses for VRRPv2 instances --enable-dbus compile with dbus support --enable-dbus-create-instance compile with dbus support for creating instances --enable-sha1 compile with SHA1 support --enable-regex build with HTTP_GET regex checking + --disable-vmac build without VMAC support --enable-regex-timers build with HTTP_GET regex timers --enable-json compile with signal to dump configuration and stats as json @@ -1545,28 +1582,34 @@ Optional Features: compile without v1.3.6 and earlier VRRPv3 unicast checksum compatibility --disable-routes compile without ip rules/routes + --disable-linkbeat build without linkbeat support --enable-gnu-std-paths use GNU standard paths for pid files etc --enable-dynamic-linking compile with/without dynamically linked - libiptc/libipset + libiptc/libipset/libnl + --disable-iptables compile without iptables support --enable-libiptc-dynamic compile with libiptc dynamically linked --disable-libipset-dynamic compile with libipset statically linked - --enable-libxtables-dynamic - compile with libxtables dynamically linked --enable-libnl-dynamic compile with libnl dynamically linked - --disable-libiptc compile without libiptc --disable-libipset compile without libipset + --disable-nftables build without nftables support --disable-libnl compile without libnl + --disable-track-process build without track-process functionality --enable-strict-config-checks build with strict configuration checking --disable-hardening do not build with security hardening - --optimise compiler optimisation level + --enable-optimise compiler optimisation level + --enable-warnings[=WARNINGS] + additional compiler warnings, disable for reduced + set + --enable-extra-warnings extra compiler warnings that will probably produce + many warnings --enable-mem-check compile with memory alloc checking --enable-mem-check-log compile with memory alloc checking writing to syslog --enable-timer-check compile with set time logging - --enable-debug compile with debugging flags + --enable-debug compile with most debugging options --enable-netlink-timers compile with netlink command timers --enable-smtp-alert-debug compile with smtp-alert debugging @@ -1576,10 +1619,31 @@ Optional Features: --enable-log-file enable logging to file (-g) --enable-dump-threads compile with thread dumping support --enable-epoll-debug compile with epoll_wait() debugging support - --enable-epoll-thread-dump compile with epoll thread dumping support + --enable-epoll-thread-dump + compile with epoll thread dumping support --enable-regex-debug compile with regex debugging support --enable-tsm-debug compile with TSM debugging support --enable-vrrp-fd-debug compile with vrrp fd debugging support + --enable-eintr-debug compile with EINTR debugging support, set to + check/not check for EINTR + --enable-track-process-debug + compile with track process debugging support, set to + log all process connector events + --enable-parser-debug compile with parser debugging support + --enable-checksum-debug compile with checksum debugging support + --enable-genhash-debug compile with genhash debugging support + --enable-checker-debug compile with checker debugging support + --enable-smtp-connect-debug + compile with smtp connect debugging support + --enable-mem-err-debug compile with MALLOC/FREE error debugging support + --enable-script-debug compile with script termination debugging support + --enable-one-process-debug + compile with all functionality running in a single + process + --enable-dump-keywords compile with keyword dumping support + --enable-network-timestamp + compile with network timestamp debugging support + --enable-asserts compile with assert() enabled --enable-profile compile with profiling flags --enable-conversion-checks compile with conversion warnings if sensible @@ -1597,11 +1661,14 @@ Optional Packages: --with-kernel-dir=DIR path to linux kernel source directory --with-init=(upstart|systemd|SYSV|SUSE|openrc) specify init type - --with-fixed-if-type=TYPE treat interface type TYPE as unchangeable + --with-run-dir=PATH_TO_RUN + specify directory where /run is located + --with-fixed-if-type=TYPE + treat interface type TYPE as unchangeable --with-default-config-file=FILE Default configuration file --with-systemdsystemunitdir=DIR - Directory for systemd service files + Directory for systemd service files] Some influential environment variables: PKG_CONFIG path to pkg-config utility @@ -1621,7 +1688,7 @@ Some influential environment variables: Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. -Report bugs to . +Report bugs to . Keepalived home page: . _ACEOF ac_status=$? @@ -1685,7 +1752,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Keepalived configure 2.0.10 +Keepalived configure 2.1.5 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1783,6 +1850,48 @@ fi } # ac_fn_c_try_link +# ac_fn_c_try_run LINENO +# ---------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes +# that executables *can* be run. +ac_fn_c_try_run () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then : + ac_retval=0 +else + $as_echo "$as_me: program exited with status $ac_status" >&5 + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=$ac_status +fi + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_run + # ac_fn_c_try_cpp LINENO # ---------------------- # Try to preprocess conftest.$ac_ext, and return whether this succeeded. @@ -1890,9 +1999,9 @@ $as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} $as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} -( $as_echo "## ----------------------------------------------------- ## -## Report this to keepalived-devel@lists.sourceforge.net ## -## ----------------------------------------------------- ##" +( $as_echo "## ----------------------------------------- ## +## Report this to keepalived-users@groups.io ## +## ----------------------------------------- ##" ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac @@ -1911,48 +2020,6 @@ fi } # ac_fn_c_check_header_mongrel -# ac_fn_c_try_run LINENO -# ---------------------- -# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes -# that executables *can* be run. -ac_fn_c_try_run () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' - { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; }; then : - ac_retval=0 -else - $as_echo "$as_me: program exited with status $ac_status" >&5 - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=$ac_status -fi - rm -rf conftest.dSYM conftest_ipa8_conftest.oo - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_run - # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists and can be compiled using the include files in @@ -2341,7 +2408,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Keepalived $as_me 2.0.10, which was +It was created by Keepalived $as_me 2.1.5, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2689,10 +2756,8 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu -am__api_version='1.15' - ac_aux_dir= -for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do +for ac_dir in build-aux "$srcdir"/build-aux; do if test -f "$ac_dir/install-sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" @@ -2708,7 +2773,7 @@ for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do fi done if test -z "$ac_aux_dir"; then - as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 + as_fn_error $? "cannot find install-sh, install.sh, or shtool in build-aux \"$srcdir\"/build-aux" "$LINENO" 5 fi # These three variables are undocumented and unsupported, @@ -2720,6 +2785,9 @@ ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + +am__api_version='1.15' + # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: @@ -3204,7 +3272,7 @@ fi # Define the identity of the package. PACKAGE='keepalived' - VERSION='2.0.10' + VERSION='2.1.5' cat >>confdefs.h <<_ACEOF @@ -3300,12 +3368,13 @@ fi -ac_config_headers="$ac_config_headers lib/config.h" +ac_config_headers="$ac_config_headers lib/config.h lib/config_warnings.h" + -ac_config_files="$ac_config_files Makefile keepalived/Makefile lib/Makefile keepalived/core/Makefile keepalived.spec genhash/Makefile keepalived/check/Makefile keepalived/vrrp/Makefile keepalived/bfd/Makefile doc/Makefile bin_install/Makefile keepalived/dbus/Makefile keepalived/etc/Makefile keepalived/etc/init/Makefile keepalived/etc/init.d/Makefile doc/man/man8/Makefile" +ac_config_files="$ac_config_files Makefile keepalived/Makefile lib/Makefile keepalived/core/Makefile keepalived.spec genhash/Makefile keepalived/check/Makefile keepalived/vrrp/Makefile keepalived/bfd/Makefile doc/Makefile bin_install/Makefile keepalived/dbus/Makefile keepalived/etc/Makefile keepalived/etc/init/Makefile keepalived/etc/init.d/Makefile keepalived/trackers/Makefile doc/man/man8/Makefile" @@ -3572,6 +3641,11 @@ if test "${enable_regex+set}" = set; then : enableval=$enable_regex; fi +# Check whether --enable-vmac was given. +if test "${enable_vmac+set}" = set; then : + enableval=$enable_vmac; +fi + # Check whether --enable-regex-timers was given. if test "${enable_regex_timers+set}" = set; then : enableval=$enable_regex_timers; @@ -3605,6 +3679,11 @@ if test "${enable_routes+set}" = set; then : enableval=$enable_routes; fi +# Check whether --enable-linkbeat was given. +if test "${enable_linkbeat+set}" = set; then : + enableval=$enable_linkbeat; +fi + # Check whether --enable-gnu-std-paths was given. if test "${enable_gnu_std_paths+set}" = set; then : enableval=$enable_gnu_std_paths; @@ -3615,6 +3694,13 @@ if test "${enable_dynamic_linking+set}" = set; then : enableval=$enable_dynamic_linking; fi +# Check whether --enable-iptables was given. +if test "${enable_iptables+set}" = set; then : + enableval=$enable_iptables; +else + IPTABLES_SILENT=Yes +fi + # Check whether --enable-libiptc-dynamic was given. if test "${enable_libiptc_dynamic+set}" = set; then : enableval=$enable_libiptc_dynamic; @@ -3625,31 +3711,41 @@ if test "${enable_libipset_dynamic+set}" = set; then : enableval=$enable_libipset_dynamic; fi -# Check whether --enable-libxtables-dynamic was given. -if test "${enable_libxtables_dynamic+set}" = set; then : - enableval=$enable_libxtables_dynamic; -fi - # Check whether --enable-libnl-dynamic was given. if test "${enable_libnl_dynamic+set}" = set; then : enableval=$enable_libnl_dynamic; fi -# Check whether --enable-libiptc was given. -if test "${enable_libiptc+set}" = set; then : - enableval=$enable_libiptc; -fi - # Check whether --enable-libipset was given. if test "${enable_libipset+set}" = set; then : enableval=$enable_libipset; fi +# Check whether --enable-nftables was given. +if test "${enable_nftables+set}" = set; then : + enableval=$enable_nftables; +else + NFTABLES_SILENT=Yes +fi + # Check whether --enable-libnl was given. if test "${enable_libnl+set}" = set; then : enableval=$enable_libnl; fi +# Check whether --enable-track-process was given. +if test "${enable_track_process+set}" = set; then : + enableval=$enable_track_process; +fi + + +# Check whether --with-run-dir was given. +if test "${with_run_dir+set}" = set; then : + withval=$with_run_dir; RUN_DIR_SPECIFIED=Y +else + RUN_DIR_SPECIFIED=N +fi + # Check whether --enable-strict-config-checks was given. if test "${enable_strict_config_checks+set}" = set; then : enableval=$enable_strict_config_checks; @@ -3667,6 +3763,18 @@ else enable_optimise=not-specified fi +# Check whether --enable-warnings was given. +if test "${enable_warnings+set}" = set; then : + enableval=$enable_warnings; +else + enable_warnings=yes +fi + +# Check whether --enable-extra-warnings was given. +if test "${enable_extra_warnings+set}" = set; then : + enableval=$enable_extra_warnings; +fi + # Check whether --enable-mem-check was given. if test "${enable_mem_check+set}" = set; then : enableval=$enable_mem_check; @@ -3742,6 +3850,71 @@ if test "${enable_vrrp_fd_debug+set}" = set; then : enableval=$enable_vrrp_fd_debug; fi +# Check whether --enable-eintr-debug was given. +if test "${enable_eintr_debug+set}" = set; then : + enableval=$enable_eintr_debug; +fi + +# Check whether --enable-track-process-debug was given. +if test "${enable_track_process_debug+set}" = set; then : + enableval=$enable_track_process_debug; +fi + +# Check whether --enable-parser-debug was given. +if test "${enable_parser_debug+set}" = set; then : + enableval=$enable_parser_debug; +fi + +# Check whether --enable-checksum-debug was given. +if test "${enable_checksum_debug+set}" = set; then : + enableval=$enable_checksum_debug; +fi + +# Check whether --enable-genhash-debug was given. +if test "${enable_genhash_debug+set}" = set; then : + enableval=$enable_genhash_debug; +fi + +# Check whether --enable-checker-debug was given. +if test "${enable_checker_debug+set}" = set; then : + enableval=$enable_checker_debug; +fi + +# Check whether --enable-smtp-connect-debug was given. +if test "${enable_smtp_connect_debug+set}" = set; then : + enableval=$enable_smtp_connect_debug; +fi + +# Check whether --enable-mem-err-debug was given. +if test "${enable_mem_err_debug+set}" = set; then : + enableval=$enable_mem_err_debug; +fi + +# Check whether --enable-script-debug was given. +if test "${enable_script_debug+set}" = set; then : + enableval=$enable_script_debug; +fi + +# Check whether --enable-one-process-debug was given. +if test "${enable_one_process_debug+set}" = set; then : + enableval=$enable_one_process_debug; +fi + +# Check whether --enable-dump-keywords was given. +if test "${enable_dump_keywords+set}" = set; then : + enableval=$enable_dump_keywords; +fi + +# Check whether --enable-network-timestamp was given. +if test "${enable_network_timestamp+set}" = set; then : + enableval=$enable_network_timestamp; +fi + +# Check whether --enable-asserts was given. +if test "${enable_asserts+set}" = set; then : + enableval=$enable_asserts; +fi + # Check whether --with-fixed-if-type was given. if test "${with_fixed_if_type+set}" = set; then : @@ -3781,17 +3954,24 @@ fi # Check whether --with-systemdsystemunitdir was given. if test "${with_systemdsystemunitdir+set}" = set; then : withval=$with_systemdsystemunitdir; -else - with_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd) fi # Set the kernel headers path if test -n "$kernel_src_path"; then - kernelinc="-I$kernel_src_path/include" + if test ! -d $kernel_src_path/include; then + as_fn_error $? "kernel source path $kernel_src_path/include does not exist" "$LINENO" 5 + fi + if test ! -d $kernel_src_path/include/linux; then + as_fn_error $? "kernel source path $kernel_src_path/include does not appear to include linux header files" "$LINENO" 5 + fi + if test -d $kernel_src_path/include/uapi/linux; then + as_fn_error $? "kernel source path $kernel_src_path appears to be an unprocessed kernel source tree" "$LINENO" 5 + fi + kernelinc="-isystem $kernel_src_path/include" elif test ! -d /usr/include/linux -a \ -d /usr/src/linux/include; then - kernelinc="-I/usr/src/linux/include" + kernelinc="-isystem /usr/src/linux/include" else kernelinc= fi @@ -5480,206 +5660,345 @@ cat >>confdefs.h <<_ACEOF _ACEOF -KA_CPPFLAGS="$kernelinc" -KA_CFLAGS="-Wall -Wunused -Wstrict-prototypes -Wextra -Winit-self -g -D_GNU_SOURCE" -KA_LDFLAGS= -KA_LIBS= +# Save the CPPFLAGS, CFLAGS, LDFLAGS and LDLIBS settings for make time +KA_CPPFLAGS="$kernelinc -D_GNU_SOURCE $CPPFLAGS" +KA_CFLAGS="-g $CFLAGS" +KA_LDFLAGS=$LDFLAGS +KA_LIBS=$LDLIBS + NEED_LIBDL=No #KA_LIBTOOLFLAGS = +# Set up the compiler warnings we want +MAX_FRAME_SIZE=5120 +WARNINGS_BASIC="all extra unused strict-prototypes" +WARNINGS_STD="absolute-value address-of-packed-member alloca alloc-zero array-bounds=2 attribute-alias bad-function-cast cast-align cast-qual chkp date-time disabled-optimization double-promotion duplicated-branches duplicated-cond float-conversion float-equal format-overflow format-security format-signedness format-truncation frame-larger-than=$MAX_FRAME_SIZE implicit-fallthrough=3 init-self inline jump-misses-init logical-op missing-declarations missing-field-initializers missing-prototypes nested-externs normalized null-dereference old-style-definition overlength-strings pointer-arith redundant-decls shadow shift-overflow=2 stack-protector strict-overflow=4 strict-prototypes stringop-overflow=2 suggest-attribute=cold suggest-attribute=const suggest-attribute=format suggest-attribute=malloc suggest-attribute=noreturn suggest-attribute=pure sync-nand trampolines undef uninitialized unknown-pragmas unsuffixed-float-constants unused-const-variable=2 unused-macros variadic-macros write-strings" +WARNINGS_EXTRA="aggregate-return cast-align= strict conversion format-nonliteral format-overflow=2 format-truncation=2 padded pedantic sign-conversion stack-usage=$MAX_FRAME_SIZE strict-overflow=5 stringop-overflow=3 stringop-overflow=4 switch-enum system-headers traditional-conversion" + # We want _GNU_SOURCE defined always -CFLAGS="$CFLAGS -D_GNU_SOURCE" +CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE" + +# fpclassify() needs -lm +KA_LIBS="$KA_LIBS -lm" # Some sanity checks on configure options if test .$enable_vrrp = .no; then : - - if test .$enable_perf = .yes; then : - as_fn_error $? "enable-perf requires vrrp" "$LINENO" 5 -fi - if test .$enable_libiptc_dynamic = .yes; then : - as_fn_error $? "enable-libiptc-dynamic requires vrrp" "$LINENO" 5 + if test .$IPTABLES_SILENT == .Yes; then : + enable_iptables=no fi - if test .$enable_libxtables_dynamic = .yes; then : - as_fn_error $? "enable-libxtables-dynamic requires vrrp" "$LINENO" 5 + if test .$NFTABLES_SILENT == .Yes; then : + enable_nftables=no fi - if test .$enable_libiptc = .no; then : - as_fn_error $? "disable-libiptc requires vrrp" "$LINENO" 5 -fi - if test .$enable_libipset = .no; then : - as_fn_error $? "disable-libipset requires vrrp" "$LINENO" 5 + + if test .$enable_perf != .; then : + as_fn_error $? "enable-perf requires vrrp" "$LINENO" 5 fi if test $with_fixed_if_type; then : as_fn_error $? "with-fixed-if-type requires vrrp" "$LINENO" 5 fi - if test .$enable_vrrp_fd_debug = .yes; then : + if test .$enable_vrrp_fd_debug != .; then : as_fn_error $? "enable-vrrp-fd-debug requires vrrp" "$LINENO" 5 fi - if test .$enable_tsm_debug = .yes; then : + if test .$enable_tsm_debug != .; then : as_fn_error $? "enable-tsm-debug requires vrrp" "$LINENO" 5 fi - if test .$enable_json = .yes; then : + if test .$enable_json != .; then : as_fn_error $? "enable-json requires vrrp" "$LINENO" 5 fi - if test .$enable_snmp_vrrp = .yes; then : + if test .$enable_snmp_vrrp != .; then : as_fn_error $? "enable-snmp-vrrp requires vrrp" "$LINENO" 5 fi - if test .$enable_snmp_keepalived = .yes; then : + if test .$enable_snmp_keepalived != .; then : as_fn_error $? "enable-snmp-keepalived requires vrrp" "$LINENO" 5 fi - if test .$enable_snmp_rfc = .yes; then : + if test .$enable_snmp_rfc != .; then : as_fn_error $? "enable-snmp-rfc requires vrrp" "$LINENO" 5 fi - if test .$enable_snmp_rfcv2 = .yes; then : + if test .$enable_snmp_rfcv2 != .; then : as_fn_error $? "enable-snmp-rfcv2 requires vrrp" "$LINENO" 5 fi - if test .$enable_snmp_rfcv3 = .yes; then : + if test .$enable_snmp_rfcv3 != .; then : as_fn_error $? "enable-snmp-rfcv3 requires vrrp" "$LINENO" 5 fi - if test .$enable_dbus = .yes; then : + if test .$enable_dbus != .; then : as_fn_error $? "enable-dbus requires vrrp" "$LINENO" 5 fi - if test .$enable_vrrp_auth = .no; then : + if test .$enable_vrrp_auth != .; then : as_fn_error $? "disable-vrrp-auth requires vrrp" "$LINENO" 5 fi - if test .$enable_checksum_compat = .no; then : + if test .$enable_checksum_compat != .; then : as_fn_error $? "disable-checksum-compat requires vrrp" "$LINENO" 5 fi - if test .$enable_routes = .no; then : + if test .$enable_routes != .; then : as_fn_error $? "disable-routes requires vrrp" "$LINENO" 5 fi - if test .$enable_bfd = yes; then : + if test .$enable_linkbeat != .; then : + as_fn_error $? "disable-linkbeat requires vrrp" "$LINENO" 5 +fi + if test .$enable_bfd != .; then : as_fn_error $? "enable-bfd requires vrrp" "$LINENO" 5 fi + if test .$enable_iptables != .no; then : + as_fn_error $? "enable-iptables requires vrrp" "$LINENO" 5 +fi + if test .$enable_nftables != .no; then : + as_fn_error $? "enable-nftables requires vrrp" "$LINENO" 5 +fi + if test .$enable_track_process != .; then : + as_fn_error $? "enable-track-process requires vrrp" "$LINENO" 5 +fi + if test .$enable_network_timestamp != .; then : + as_fn_error $? "enable-network-timestamp requires vrrp" "$LINENO" 5 +fi + if test .$enable_netlink_timers != .; then : + as_fn_error $? "enable-netlink-timers requires vrrp" "$LINENO" 5 +fi fi -if test .$enable_snmp_rfc != .yes -a .$enable_snmp_rfcv3 != yes; then : +if test .$enable_iptables = .no; then : + if test .$enable_libipset != .; then : + as_fn_error $? "disable-libipset requires vrrp and iptables" "$LINENO" 5 +fi + +fi +if test .$enable_libipset = .no; then : + if test .$enable_libipset_dynamic != .; then : + as_fn_error $? "disable-libipset-dynamic requires ipsets" "$LINENO" 5 +fi - if test .$enable_snmp_reply_v3_for_v2 = .yes; then : +fi +if test .$enable_snmp_rfc != .yes -a .$enable_snmp_rfcv3 != yes; then : + if test .$enable_snmp_reply_v3_for_v2 != .; then : as_fn_error $? "enable-snmp-reply-v3-for-v2 requires enable-snmp-rfcv3 or enable-snmp-rfc" "$LINENO" 5 fi fi if test .$enable_dbus != .yes; then : - - if test .$enable_dbus_create_instance = .yes; then : + if test .$enable_dbus_create_instance != .; then : as_fn_error $? "enable-dbus-create-instance requires enable-dbus" "$LINENO" 5 fi fi if test .$enable_lvs = .no; then : - if test .$enable_regex = .yes; then : + if test .$enable_regex != .; then : as_fn_error $? "enable-regex requires lvs" "$LINENO" 5 fi - if test .$enable_libnl_dynamic = .yes; then : - as_fn_error $? "enable-libnl-dynamic requires lvs" "$LINENO" 5 -fi - if test .$enable_libnl = .no; then : + if test .$enable_libnl != .; then : as_fn_error $? "disable-libnl requires lvs" "$LINENO" 5 fi - if test .$enable_lvs_syncd = .no; then : + if test .$enable_lvs_syncd != .; then : as_fn_error $? "disable-lvs-syncd requires lvs" "$LINENO" 5 fi - if test .$enable_lvs_64bit_stats = .no; then : + if test .$enable_lvs_64bit_stats != .; then : as_fn_error $? "disable-lvs-64bit-stats requires lvs" "$LINENO" 5 fi - if test .$enable_fwmark = .yes; then : + if test .$enable_fwmark != .; then : as_fn_error $? "enable-fwmark requires lvs" "$LINENO" 5 fi - ] + if test .$enable_checker_debug != .; then : + as_fn_error $? "enable-checker-debug requires lvs" "$LINENO" 5 +fi + +fi +if test .$enable_libnl = .no; then : + if test .$enable_libnl_dynamic != .; then : + as_fn_error $? "enable-libnl-dynamic requires lvs and libnl" "$LINENO" 5 +fi + fi if test .$enable_regex != .yes; then : - if test .$enable_regex_timers = .yes; then : + if test .$enable_regex_timers != .; then : as_fn_error $? "enable-regex-timers requires enable-regex" "$LINENO" 5 fi - if test .$enable_regex_debug = .yes; then : + if test .$enable_regex_debug != .; then : as_fn_error $? "enable-regex-debug requires enable-regex" "$LINENO" 5 fi - ] + +fi +if test .$enable_track_process = .no; then : + if test .$enable_track_process_debug != .; then : + as_fn_error $? "enable-track-process-debug incompatible with disable-track-process" "$LINENO" 5 fi -if test "$enable_conversion_checks" = yes; then - # Check if we can sensibly enable -Wconversion - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for usable -Wconversion" >&5 -$as_echo_n "checking for usable -Wconversion... " >&6; } - SAV_CFLAGS="$CFLAGS" - CFLAGS="-Wconversion -O2 -Wp,-D_FORTIFY_SOURCE=2 -Werror" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ +fi +if test .$enable_mem_check != .yes; then : + if test .$enable_mem_err_debug != .; then : + as_fn_error $? "enable-mem-err-debug requires --enable-mem-check" "$LINENO" 5 +fi - #include - #include - #include - #include - #include - #include +fi - #define VAL 255 +# --enable-debug enables most debugging if not explicitly disabled, but NOT one-process-debug or genhash-debug +if test .$enable_debug = .yes; then : - static void - fun(uint8_t val) - { - } + # If we are debugging, we want to be able to write logs to files + if test .$enable_log_file = .; then : + enable_log_file=yes +fi - int main(int argc, char**argv) - { - fd_set set; - uint8_t val = 42; - unsigned u; - bool b; - size_t size = 17; - char c[2]; - char *c_ptr = c; - struct rtattr rta; - struct rtattr *rta_p = &rta; + if test .$enable_asserts = .; then : + enable_asserts=yes +fi + if test .$enable_epoll_debug = .; then : + enable_epoll_debug=yes +fi + if test .$enable_epoll_thread_dump = .; then : + enable_epoll_thread_dump=yes +fi + if test .$enable_eintr_debug = .; then : + enable_eintr_debug=yes +fi + if test .$enable_parser_debug = .; then : + enable_parser_debug=yes +fi + if test .$enable_timer_check = .; then : + enable_timer_check=yes +fi + if test .$enable_smtp_alert_debug = .; then : + enable_smtp_alert_debug=yes +fi + if test .$enable_smtp_connect_debug = .; then : + enable_smtp_connect_debug=yes +fi + if test .$enable_dump_keywords = .; then : + enable_dump_keywords=yes +fi + if test .$enable_script_debug = .; then : + enable_script_debug=yes +fi - FD_SET(argc+1, &set); + if test .$enable_vrrp != .no; then : - fun(argc == VAL ? VAL : val); + if test .$enable_vrrp_fd_debug = .; then : + enable_vrrp_fd_debug=yes +fi + if test .$enable_tsm_debug = .; then : + enable_tsm_debug=yes +fi + if test .$enable_track_process_debug = .; then : + enable_track_process_debug=yes +fi + if test .$enable_checksum_debug = .; then : + enable_checksum_debug=yes +fi + if test .$enable_netlink_timers = .; then : + enable_netlink_timers=yes +fi + if test .$enable_network_timestamp = .; then : + enable_network_timestamp=yes +fi - // vrrp->lower_prio_no_advert = vrrp->strict_mode ? true : global_data->vrrp_lower_prio_no_advert; - u = u ? true : b; +fi - size = RTA_LENGTH(size); - c_ptr = RTA_DATA(c_ptr); - rta_p = RTA_NEXT(rta_p, size); + if test .$enable_lvs != .no; then : - val = (u < 256 ) ? u & 0xff : 0; - } + if test .$enable_checker_debug = .; then : + enable_checker_debug=yes +fi + if test .$enable_regex = .yes; then : -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : + if test .$enable_regex_timers = .; then : + enable_regex_timers=yes +fi + if test .$enable_regex_debug = .; then : + enable_regex_debug=yes +fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - KA_CFLAGS="$KA_CFLAGS -Wconversion" +fi -else +fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: -Wconversion is not sensible with this compiler. Use --enable-force-conversion-checks to override." >&5 -$as_echo "$as_me: WARNING: -Wconversion is not sensible with this compiler. Use --enable-force-conversion-checks to override." >&2;} + if test .$enable_mem_check = .yes; then : + if test .$enable_mem_err_debug = .; then : + enable_mem_err_debug=yes fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - CFLAGS="$SAV_CFLAGS" -elif test "$enable_force_conversion_checks" = yes; then - KA_CFLAGS="$KA_CFLAGS -Wconversion" + fi -if test "$enable_Werror" = yes; then - KA_CFLAGS="$KA_CFLAGS -Werror" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -Wimplicit-fallthrough" >&5 -$as_echo_n "checking for -Wimplicit-fallthrough... " >&6; } -SAV_CFLAGS="$CFLAGS" -CFLAGS="-Wimplicit-fallthrough=3" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking msghdr.msg_controllen is size_t" >&5 +$as_echo_n "checking msghdr.msg_controllen is size_t... " >&6; } +SAV_CFLAGS=$CFLAGS +CFLAGS="$CFLAGS -Werror" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + + int main(int argc, char**argv) + { + struct msghdr msgh = { .msg_controllen = 0 }; + + printf("%zu", msgh.msg_controllen); + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define PRI_MSG_CONTROLLEN \"zu\" " >>confdefs.h + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define PRI_MSG_CONTROLLEN \"u\" " >>confdefs.h + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +CFLAGS=$SAV_CFLAGS + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking diagnostic pragmas in functions" >&5 +$as_echo_n "checking diagnostic pragmas in functions... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + int main(int argc, char**argv) + { +_Pragma("GCC diagnostic warning \"-Wall\"") + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define _HAVE_FUNCTION_DIAGNOSTIC_PRAGMAS_ 1 " >>confdefs.h + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test .$enable_debug = .yes; then + DEBUG_TRUE= + DEBUG_FALSE='#' +else + DEBUG_TRUE='#' + DEBUG_FALSE= +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking diagnostic push/pop pragmas" >&5 +$as_echo_n "checking diagnostic push/pop pragmas... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main(int argc, char**argv) { +_Pragma("GCC diagnostic push") } _ACEOF @@ -5687,7 +6006,9 @@ if ac_fn_c_try_compile "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - KA_CFLAGS="$KA_CFLAGS -Wimplicit-fallthrough=3" + +$as_echo "#define _HAVE_DIAGNOSTIC_PUSH_POP_PRAGMAS_ 1 " >>confdefs.h + else @@ -5696,6 +6017,212 @@ $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test ".$enable_warnings" = .no; then : + WARNINGS_ENABLED=$WARNINGS_BASIC +else + WARNINGS_ENABLED="$WARNINGS_BASIC $WARNINGS_STD" + if test ".$enable_warnings" != .yes; then : + WARN_LIST=`echo $enable_warnings | sed -e "s/-W//g"` + WARNINGS_ENABLED="$WARNINGS_ENABLED "$WARN_LIST"" + +fi + + +fi +if test .$enable_extra_warnings = .yes; then : + WARNINGS_ENABLED="$WARNINGS_ENABLED "$WARNINGS_EXTRA"" +fi + +if test "$enable_conversion_checks" = yes; then + # Check if we can sensibly enable -Wconversion + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for usable -Wconversion" >&5 +$as_echo_n "checking for usable -Wconversion... " >&6; } + SAV_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -Wconversion -O2 -Wp,-D_FORTIFY_SOURCE=2 -Werror" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + #include + #include + #include + + #define VAL 255 + + static void + fun(uint8_t val) + { + } + + int main(int argc, char**argv) + { + fd_set set; + uint8_t val = 42; + unsigned u; + bool b; + size_t size = 17; + char c[2]; + char *c_ptr = c; + struct rtattr rta; + struct rtattr *rta_p = &rta; + + FD_SET(argc+1, &set); + + fun(argc == VAL ? VAL : val); + + // vrrp->lower_prio_no_advert = vrrp->strict_mode ? true : global_data->vrrp_lower_prio_no_advert; + u = u ? true : b; + + size = RTA_LENGTH(size); + c_ptr = RTA_DATA(c_ptr); + rta_p = RTA_NEXT(rta_p, size); + + val = (u < 256 ) ? u & 0xff : 0; + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + WARNINGS_ENABLED="$WARNINGS_ENABLED conversion" + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: -Wconversion is not sensible with this compiler. Use --enable-force-conversion-checks to override." >&5 +$as_echo "$as_me: WARNING: -Wconversion is not sensible with this compiler. Use --enable-force-conversion-checks to override." >&2;} + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS="$SAV_CFLAGS" +elif test "$enable_force_conversion_checks" = yes; then + WARNINGS_ENABLED="$WARNINGS_ENABLED conversion" +fi + +if test "$enable_Werror" = yes; then + WARNINGS_ENABLED="$WARNINGS_ENABLED error" +fi + +CONFIG_WARNINGS=lib/config_warnings.h.in + +# Save (or restore) lib/config_warnings.h.in +if test ! -f ${CONFIG_WARNINGS}.sav; then : + cp -p ${CONFIG_WARNINGS} ${CONFIG_WARNINGS}.sav +else + cp -p ${CONFIG_WARNINGS}.sav ${CONFIG_WARNINGS} +fi + +SAV_CFLAGS="$CFLAGS" +for WARN in $WARNINGS_ENABLED +do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -W$WARN" >&5 +$as_echo_n "checking for -W$WARN... " >&6; } + CFLAGS="$SAV_CFLAGS -W$WARN" + + WARN_VAR=_HAVE_WARNING_`echo $WARN | tr "a-z=-" "A-Z__"`_ + LOCAL_WARN_VAR=HAVE_WARNING_`echo $WARN | sed -e "s/=.*//" | tr "a-z-" "A-Z_"` + grep -q "^#undef $WARN_VAR$" $CONFIG_WARNINGS + if test $? -ne 0; then : + echo -e "\n/* Define to 1 if -W$WARN in use */\n#undef $WARN_VAR" >>$CONFIG_WARNINGS + +fi + + test `echo $WARN | grep "=[0-9][0-9]*$"` + if test $? -eq 0; then : + WARN_SHORT=`echo $WARN | sed -e 's/=[0-9][0-9]*$//'` + WARN_VAR_SHORT=_HAVE_WARNING_`echo $WARN_SHORT | tr "a-z=-" "A-Z__"`_ + grep -q "^#undef $WARN_VAR_SHORT$" $CONFIG_WARNINGS + if test $? -ne 0; then : + echo -e "\n/* Define to 1 if -W$WARN_SHORT in use */\n#undef $WARN_VAR_SHORT" >>$CONFIG_WARNINGS + +fi + +else + unset WARN_VAR_SHORT + +fi + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + int main(int argc, char**argv) + { + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + # gcc 9 removed -Wchkp and doesn't error if it is specified, + # but rather outputs: + # warning: switch '-Wchkp' is no longer supported + # so check for the warning. + touch conftest.err + grep -q "is no longer supported" conftest.err + if test $? -ne 0; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + eval $LOCAL_WARN_VAR=yes + KA_CFLAGS="$KA_CFLAGS -W$WARN" + cat >>confdefs.h <<_ACEOF +#define $WARN_VAR 1 +_ACEOF + + if test -z "$WARN_VAR_SHORT"; then : + +else + cat >>confdefs.h <<_ACEOF +#define $WARN_VAR_SHORT 1 +_ACEOF + + +fi + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + eval $LOCAL_WARN_VAR=no + +fi + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + eval $LOCAL_WARN_VAR=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +done +if test .$HAVE_WARNING_STRICT_OVERFLOW = .yes; then : + + # The following is not supported in gcc 5.4.0 + CFLAGS="$CFLAGS -Werror" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + _Pragma("GCC diagnostic warning \"-Wstrict-overflow=1\"") + int main(int argc, char**argv) + { + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +$as_echo "#define _HAVE_PRAGMA_WARN_STRICT_OVERFLOW_1_ 1 " >>confdefs.h + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + +fi CFLAGS="$SAV_CFLAGS" STRICT_CONFIG=No @@ -5706,6 +6233,14 @@ $as_echo "#define _STRICT_CONFIG_ 1 " >>confdefs.h STRICT_CONFIG=Yes CONFIG_OPTIONS="$CONFIG_OPTIONS STRICT_CONFIG" fi + if test $STRICT_CONFIG = Yes; then + WITH_STRICT_CONFIG_CHECKS_TRUE= + WITH_STRICT_CONFIG_CHECKS_FALSE='#' +else + WITH_STRICT_CONFIG_CHECKS_TRUE='#' + WITH_STRICT_CONFIG_CHECKS_FALSE= +fi + if test "$enable_hardening" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PIE support" >&5 @@ -5713,6 +6248,10 @@ $as_echo_n "checking for PIE support... " >&6; } SAV_CFLAGS="$CFLAGS" SAV_LDFLAGS="$LDFLAGS" CFLAGS="$CFLAGS -fPIE" + if test "${enable_profile}" = yes; then + # RHEL 7 and others have a problem with profiling with PIE + CFLAGS="$CFLAGS -pg" + fi LDFLAGS="$LDFLAGS -pie" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5782,24 +6321,23 @@ $as_echo_n "checking for -Wl,$FLAG support... " >&6; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - ( + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - WL_FLAGS="$WL_FLAGS,$FLAG" - ) + WL_FLAGS="$WL_FLAGS -Wl,$FLAG" + else - ( - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ) fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext CFLAGS=$SAV_CFLAGS + LDFLAGS=$SAV_LDFLAGS done if test -n "$WL_FLAGS"; then - KA_LDFLAGS="$KA_LDFLAGS -Wl$WL_FLAGS" + KA_LDFLAGS="$KA_LDFLAGS $WL_FLAGS" fi fi @@ -5815,7 +6353,7 @@ fi if test "$optimise_level" -eq 0; then : echo $KA_CFLAGS | $GREP -q -- "-D_FORTIFY_SOURCE=[^0]" - if test $ret -eq 0; then : + if test $? -eq 0; then : { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --disable-optimise requires --disable-hardening" >&5 $as_echo "$as_me: WARNING: --disable-optimise requires --disable-hardening" >&2;} fi @@ -5852,6 +6390,80 @@ CFLAGS=$SAV_CFLAGS # AC_SUBST(KA_LIBTOOLFLAGS) +# Check if unaligned memory access is supported (for ARM not supported prior to ARMv6 processors) +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for unaligned memory access" >&5 +$as_echo_n "checking for unaligned memory access... " >&6; } +if test "$cross_compiling" = yes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unknown" >&5 +$as_echo "unknown" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot determine if unaligned access supported. Assuming yes." >&5 +$as_echo "$as_me: WARNING: Cannot determine if unaligned access supported. Assuming yes." >&2;} + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + + #include + #include + + #if __BYTE_ORDER == __BIG_ENDIAN + #if ULONG_MAX == 0xffffffffffffffffUL + #define CHK_VAL 0x1234567890abcdefUL + #elif ULONG_MAX == 0xffffffffUL + #define CHK_VAL 0x12345678UL + #else + #define CHK_VAL 0x1234UL + #endif + #elif __BYTE_ORDER == __LITTLE_ENDIAN + #if ULONG_MAX == 0xffffffffffffffffUL + #define CHK_VAL 0xefcdab9078563412UL + #elif ULONG_MAX == 0xffffffffUL + #define CHK_VAL 0x78563412UL + #else + #define CHK_VAL 0x3412UL + #endif + #else + #error Neither big nor little endian - unsupported + #endif + +int +main () +{ + + unsigned long arr[2] = { 0, 0 }; + unsigned char *p = (unsigned char *)arr + 1; + unsigned i; + + *(unsigned long *)p = CHK_VAL; + + return !!(arr[0] == CHK_VAL || p[0] != 0x12 || p[1] != 0x34 || p[2] != 0x56); + + + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define _NO_UNALIGNED_ACCESS_ 1 " >>confdefs.h + + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + # Checks for libraries. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for clock_gettime() requires -lrt" >&5 $as_echo_n "checking for clock_gettime() requires -lrt... " >&6; } @@ -5873,31 +6485,31 @@ if ac_fn_c_try_link "$LINENO"; then : $as_echo "no" >&6; } else - SAV_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS -lrt" + SAV_LIBS="$LIBS" + LIBS="$LIBS -lrt" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main(int argc, char **argv) { - int i; - struct timespec ts; + int i; + struct timespec ts; - i = clock_gettime(CLOCK_MONOTONIC, &ts); + i = clock_gettime(CLOCK_MONOTONIC, &ts); } _ACEOF if ac_fn_c_try_link "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - KA_LIBS="$KA_LIBS -lrt" + KA_LIBS="$KA_LIBS -lrt" else as_fn_error $? "clock_gettime() not supported" "$LINENO" 5 fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext - LDFLAGS=$SAV_LDFLAGS + LIBS=$SAV_LIBS fi rm -f core conftest.err conftest.$ac_objext \ @@ -6311,6 +6923,35 @@ fi fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking linux/errqueue.h needs sys/time.h" >&5 +$as_echo_n "checking linux/errqueue.h needs sys/time.h... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + + int main(int argc, char**argv) + { + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define ERRQUEUE_NEEDS_SYS_TIME 1 " >>confdefs.h + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + for ac_header in asm/types.h linux/ethtool.h linux/icmpv6.h linux/if_ether.h linux/if_packet.h linux/ip.h linux/sockios.h linux/types.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` @@ -6878,141 +7519,13 @@ $as_echo "#define HAVE_WORKING_FORK 1" >>confdefs.h fi -for ac_header in stdlib.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default" -if test "x$ac_cv_header_stdlib_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_STDLIB_H 1 -_ACEOF - -fi - -done - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible malloc" >&5 -$as_echo_n "checking for GNU libc compatible malloc... " >&6; } -if ${ac_cv_func_malloc_0_nonnull+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "$cross_compiling" = yes; then : - ac_cv_func_malloc_0_nonnull=no -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#if defined STDC_HEADERS || defined HAVE_STDLIB_H -# include -#else -char *malloc (); -#endif - -int -main () -{ -return ! malloc (0); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - ac_cv_func_malloc_0_nonnull=yes -else - ac_cv_func_malloc_0_nonnull=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_malloc_0_nonnull" >&5 -$as_echo "$ac_cv_func_malloc_0_nonnull" >&6; } -if test $ac_cv_func_malloc_0_nonnull = yes; then : - -$as_echo "#define HAVE_MALLOC 1" >>confdefs.h - -else - $as_echo "#define HAVE_MALLOC 0" >>confdefs.h - - case " $LIBOBJS " in - *" malloc.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS malloc.$ac_objext" - ;; -esac - - -$as_echo "#define malloc rpl_malloc" >>confdefs.h - -fi - - -for ac_header in stdlib.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default" -if test "x$ac_cv_header_stdlib_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_STDLIB_H 1 -_ACEOF - -fi - -done - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible realloc" >&5 -$as_echo_n "checking for GNU libc compatible realloc... " >&6; } -if ${ac_cv_func_realloc_0_nonnull+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "$cross_compiling" = yes; then : - ac_cv_func_realloc_0_nonnull=no -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#if defined STDC_HEADERS || defined HAVE_STDLIB_H -# include -#else -char *realloc (); -#endif - -int -main () -{ -return ! realloc (0, 0); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - ac_cv_func_realloc_0_nonnull=yes -else - ac_cv_func_realloc_0_nonnull=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_realloc_0_nonnull" >&5 -$as_echo "$ac_cv_func_realloc_0_nonnull" >&6; } -if test $ac_cv_func_realloc_0_nonnull = yes; then : - -$as_echo "#define HAVE_REALLOC 1" >>confdefs.h - -else - $as_echo "#define HAVE_REALLOC 0" >>confdefs.h - - case " $LIBOBJS " in - *" realloc.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS realloc.$ac_objext" - ;; -esac - - -$as_echo "#define realloc rpl_realloc" >>confdefs.h - -fi - - -for ac_func in dup2 getcwd gettimeofday memmove memset select setenv socket strcasecmp strchr strdup strerror strpbrk strstr strtol strtoul uname +# We don't want the following two, since autoconf, if malloc(0) returns NULL, refines malloc as rpl_malloc +# and we have to provide our own rpl_malloc() and likewise rpl_realloc() functions. +# keepalived doesn't do 0 length malloc()s so it is not an issue. +# We add malloc and realloc to AC_CHECK_FUNCS instead. +#AC_FUNC_MALLOC +#AC_FUNC_REALLOC +for ac_func in dup2 getcwd gettimeofday malloc memmove memset realloc select setenv socket strcasecmp strchr strdup strerror strpbrk strstr strtol strtoul uname do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -7121,6 +7634,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext main(int argc, char **argv) { int val = test_func(3); + return val; } _ACEOF @@ -7140,6 +7654,7 @@ else main(int argc, char **argv) { int val = test_func(3); + return val; } _ACEOF @@ -7158,45 +7673,17 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS="$SAV_CFLAGS" -SAV_CFLAGS="$CFLAGS" -CFLAGS="$CFLAGS -Wformat -Werror" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #include - #include - int - main(int argc, char **argv) - { - rlim_t val = 23U; - printf("%llu", val); - } - -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - -$as_echo "#define PRI_rlim_t \"llu\"" >>confdefs.h - -else - -$as_echo "#define PRI_rlim_t \"lu\"" >>confdefs.h - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -CFLAGS="$SAV_CFLAGS" - if test "$enable_dynamic_linking"; then : if test .$enable_vrrp != .no; then : - enable_libiptc_dynamic=$enable_dynamic_linking - enable_libipset_dynamic=$enable_dynamic_linking - enable_libxtables_dynamic=$enable_dynamic_linking + enable_libiptc_dynamic=$enable_dynamic_linking + enable_libipset_dynamic=$enable_dynamic_linking fi - if test .$enable_vrrp != .no; then : + if test .$enable_lvs != .no; then : - enable_libnl_dynamic=$enable_dynamic_linking + enable_libnl_dynamic=$enable_dynamic_linking fi @@ -7461,6 +7948,7 @@ if test $NEED_SSL = yes; then KA_LIBS="$KA_LIBS $LIBS" fi GENHASH_LIBS="$GENHASH_LIBS $LIBS" +unset LIBS # Introduced in OpenSSL ver 0.9.9 LIBS=$OPENSSL_LIBS @@ -7502,37 +7990,80 @@ if test "x$ac_cv_func_SSL_CTX_set_verify_depth" = xyes; then : #define HAVE_SSL_CTX_SET_VERIFY_DEPTH 1 _ACEOF -fi -done +fi +done + + +# SSL_set0_rbio(), SSL_set0_wbio() OPENSSL_init_crypto() and TLS_method() introduced OpenSSL v1.1.0 +for ac_func in SSL_set0_rbio OPENSSL_init_crypto TLS_method +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + +# In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with +# OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b. +if test .$ac_cv_func_OPENSSL_init_crypto = .yes; then : + + if test .$ac_cv_func_TLS_method = .yes; then : + method_func=TLS_method +else + method_func=SSLv23_method +fi + if test "$cross_compiling" = yes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety." >&5 +$as_echo "$as_me: WARNING: Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety." >&2;} + openssl_init_no_load_bug=1 + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ + + const SSL_METHOD *meth; + SSL_CTX *ctx; + if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)) + return 1; -# SSL_set0_rbio(), SSL_set0_wbio() and OPENSSL_init_crypto() introduced OpenSSL v1.1.0 -for ac_func in SSL_set0_rbio OPENSSL_init_crypto -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF + /* Initialize SSL context */ + meth = $method_func(); + if (!(ctx = SSL_CTX_new(meth))) + return 1; + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + openssl_init_no_load_bug=0 +else + openssl_init_no_load_bug=1 +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi -done + if test $openssl_init_no_load_bug -eq 1; then : -# TLS_method() introduced OpenSSL v1.1.0 -for ac_func in TLS_method -do : - ac_fn_c_check_func "$LINENO" "TLS_method" "ac_cv_func_TLS_method" -if test "x$ac_cv_func_TLS_method" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_TLS_METHOD 1 -_ACEOF +$as_echo "#define HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG 1 " >>confdefs.h fi -done - +fi unset LIBS if test $BUILD_GENHASH = No; then @@ -7553,7 +8084,7 @@ fi IPV4_DEVCONF=No if test .$enable_vrrp != .no; then SAV_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="$CPP_FLAGS $kernelinc" + CPPFLAGS="$CPPFLAGS $kernelinc" IPV4_DEVCONF=Yes ac_fn_c_check_decl "$LINENO" "IPV4_DEVCONF_ARP_IGNORE" "ac_cv_have_decl_IPV4_DEVCONF_ARP_IGNORE" "#include " @@ -7656,6 +8187,40 @@ done CPPFLAGS="$SAV_CPPFLAGS" fi +IPV6_ADVANCED_API=No +ac_fn_c_check_decl "$LINENO" "IPV6_RECVHOPLIMIT" "ac_cv_have_decl_IPV6_RECVHOPLIMIT" "#include +" +if test "x$ac_cv_have_decl_IPV6_RECVHOPLIMIT" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPV6_RECVHOPLIMIT $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + IPV6_ADVANCED_API=Yes +fi +ac_fn_c_check_decl "$LINENO" "IPV6_RECVPKTINFO" "ac_cv_have_decl_IPV6_RECVPKTINFO" "#include +" +if test "x$ac_cv_have_decl_IPV6_RECVPKTINFO" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPV6_RECVPKTINFO $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + IPV6_ADVANCED_API=Yes +fi + +if test $IPV6_ADVANCED_API = Yes; then : + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPV6_ADVANCED_API" +fi + NETLINK_VER=0 IPVS_USE_NL=No if test .$enable_lvs != .no -a .${enable_libnl} != .no; then @@ -7754,17 +8319,22 @@ eval ac_res=\$$as_ac_Lib $as_echo "$ac_res" >&6; } if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : - NETLINK_VER=3 - NEED_NL3=No + NETLINK_VER=3 - if test -n "GENL"; then - KA_PKG_PFX=GENL + +$as_echo "#define _HAVE_LIBNL3_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS LIBNL3" + if test .$enable_libnl_dynamic = .yes; then + SYSTEM_OPTIONS="$SYSTEM_OPTIONS LIBNL_DYNAMIC" + if test -n ""; then + KA_PKG_PFX= else KA_PKG_PFX=KA fi ADD_NEW= eval var=\$${KA_PKG_PFX}_CPPFLAGS - for item in `$PKG_CONFIG --cflags-only-I libnl-genl-3.0`; do + for item in $($PKG_CONFIG --cflags-only-I libnl-3.0); do echo " $var " | $GREP -q " $item " if test $? -ne 0; then ADD_NEW="$ADD_NEW $item" @@ -7774,7 +8344,7 @@ if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : ADD_NEW= eval var=\$${KA_PKG_PFX}_CFLAGS - for item in `$PKG_CONFIG --cflags-only-other libnl-genl-3.0`; do + for item in $($PKG_CONFIG --cflags-only-other libnl-3.0); do echo " $var " | $GREP -q " $item " if test $? -ne 0; then ADD_NEW="$ADD_NEW $item" @@ -7783,84 +8353,44 @@ if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" - if test .remove-requires = .remove-requires; then - REQUIRES=`$PKG_CONFIG --print-requires libnl-genl-3.0` - var=`$PKG_CONFIG --libs-only-l libnl-genl-3.0` - for r in $REQUIRES; do - REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` - for l in $REQ_LIBS; do - var=`echo " $var " | sed -e "s: $l : :g"` - done - done - var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` - eval ${KA_PKG_PFX}_LIBS="\"$var\"" - var=`echo $var | sed -e "s/-l//g"` - eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" - else - ADD_NEW= - eval var=\$${KA_PKG_PFX}_LIBS - for item in `$PKG_CONFIG --libs libnl-genl-3.0`; do - echo " $var " | $GREP -q " $item " - if test $? -ne 0; then - ADD_NEW="$ADD_NEW $item" - fi - done - eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" +$as_echo "#define _LIBNL_DYNAMIC_ 1 " >>confdefs.h + + NEED_LIBDL=Yes + if test $LDD = :; then + as_fn_error $? "ldd is required for dynamic run-time linking support" "$LINENO" 5 fi - as_ac_Lib=`$as_echo "ac_cv_lib_$GENL_LIB_NAMES''_genl_connect" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for genl_connect in -l$GENL_LIB_NAMES" >&5 -$as_echo_n "checking for genl_connect in -l$GENL_LIB_NAMES... " >&6; } -if eval \${$as_ac_Lib+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-l$GENL_LIB_NAMES $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext + SAV_LIBS="$LIBS" + LIBS="$LIBS -l$NL3_LIB_NAMES" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char genl_connect (); -int -main () -{ -return genl_connect (); - ; - return 0; -} + extern void nl_socket_alloc(void); + int main(void) + { + nl_socket_alloc(); + return 0; + } + _ACEOF if ac_fn_c_try_link "$LINENO"; then : - eval "$as_ac_Lib=yes" -else - eval "$as_ac_Lib=no" + + LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep $NL3_LIB_NAMES.so | sed -e "s/^[ \t]*//"` + LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` + fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -eval ac_res=\$$as_ac_Lib - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_LIB$GENL_LIB_NAMES" | $as_tr_cpp` 1 -_ACEOF + LIBS="$SAV_LIBS" - LIBS="-l$GENL_LIB_NAMES $LIBS" -else - as_fn_error $? "libnl-3 is installed but not libnl-gen-3. Please, install libnl-gen-3/libnl-genl-3." "$LINENO" 5 -fi +cat >>confdefs.h <<_ACEOF +#define NL3_LIB_NAME "$LIB_NAME" +_ACEOF - IPVS_USE_NL=Yes - if test .$enable_libnl_dynamic = .yes; then + else if test -n ""; then KA_PKG_PFX= else @@ -7868,7 +8398,7 @@ fi fi ADD_NEW= eval var=\$${KA_PKG_PFX}_CPPFLAGS - for item in $($PKG_CONFIG --cflags-only-I libnl-genl-3.0); do + for item in `$PKG_CONFIG --cflags-only-I libnl-3.0`; do echo " $var " | $GREP -q " $item " if test $? -ne 0; then ADD_NEW="$ADD_NEW $item" @@ -7878,7 +8408,7 @@ fi ADD_NEW= eval var=\$${KA_PKG_PFX}_CFLAGS - for item in $($PKG_CONFIG --cflags-only-other libnl-genl-3.0); do + for item in `$PKG_CONFIG --cflags-only-other libnl-3.0`; do echo " $var " | $GREP -q " $item " if test $? -ne 0; then ADD_NEW="$ADD_NEW $item" @@ -7887,42 +8417,37 @@ fi eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libnl-3.0` + var=`$PKG_CONFIG --libs-only-l libnl-3.0` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" - if test $LDD = :; then - as_fn_error $? "ldd is required for dynamic run-time linking support" "$LINENO" 5 - fi - - SAV_LIBS="$LIBS" - LIBS=-l$GENL_LIB_NAMES - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - extern void genl_connect(void); - int main(void) - { - genl_connect(); - return 0; - } - -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep $GENL_LIB_NAMES.so | sed -e "s/^[ \t]*//"` - LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - LIBS="$SAV_LIBS" + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libnl-3.0`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + fi -cat >>confdefs.h <<_ACEOF -#define NL3_GENL_LIB_NAME "$LIB_NAME" -_ACEOF + fi - else - if test -n ""; then - KA_PKG_PFX= + if test -n "GENL"; then + KA_PKG_PFX=GENL else KA_PKG_PFX=KA fi @@ -7947,7 +8472,7 @@ _ACEOF eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" - if test . = .remove-requires; then + if test .remove-requires = .remove-requires; then REQUIRES=`$PKG_CONFIG --print-requires libnl-genl-3.0` var=`$PKG_CONFIG --libs-only-l libnl-genl-3.0` for r in $REQUIRES; do @@ -7974,24 +8499,65 @@ _ACEOF fi - fi - NEED_NL3=Yes + as_ac_Lib=`$as_echo "ac_cv_lib_$GENL_LIB_NAMES''_genl_connect" | $as_tr_sh` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for genl_connect in -l$GENL_LIB_NAMES" >&5 +$as_echo_n "checking for genl_connect in -l$GENL_LIB_NAMES... " >&6; } +if eval \${$as_ac_Lib+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-l$GENL_LIB_NAMES $NL3_LIBS $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char genl_connect (); +int +main () +{ +return genl_connect (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$as_ac_Lib=yes" +else + eval "$as_ac_Lib=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +eval ac_res=\$$as_ac_Lib + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_LIB$GENL_LIB_NAMES" | $as_tr_cpp` 1 +_ACEOF - if test $NEED_NL3 = Yes; then + LIBS="-l$GENL_LIB_NAMES $LIBS" -$as_echo "#define _HAVE_LIBNL3_ 1 " >>confdefs.h +else + as_fn_error $? "libnl-3 is installed but not libnl-gen-3. Please, install libnl-gen-3/libnl-genl-3." "$LINENO" 5 +fi - SYSTEM_OPTIONS="$SYSTEM_OPTIONS LIBNL3" - if test .$enable_libnl_dynamic = .yes; then - SYSTEM_OPTIONS="$SYSTEM_OPTIONS LIBNL_DYNAMIC" - if test -n ""; then + IPVS_USE_NL=Yes + if test .$enable_libnl_dynamic = .yes; then + if test -n ""; then KA_PKG_PFX= else KA_PKG_PFX=KA fi ADD_NEW= eval var=\$${KA_PKG_PFX}_CPPFLAGS - for item in $($PKG_CONFIG --cflags-only-I libnl-3.0); do + for item in $($PKG_CONFIG --cflags-only-I libnl-genl-3.0); do echo " $var " | $GREP -q " $item " if test $? -ne 0; then ADD_NEW="$ADD_NEW $item" @@ -8001,7 +8567,7 @@ $as_echo "#define _HAVE_LIBNL3_ 1 " >>confdefs.h ADD_NEW= eval var=\$${KA_PKG_PFX}_CFLAGS - for item in $($PKG_CONFIG --cflags-only-other libnl-3.0); do + for item in $($PKG_CONFIG --cflags-only-other libnl-genl-3.0); do echo " $var " | $GREP -q " $item " if test $? -ne 0; then ADD_NEW="$ADD_NEW $item" @@ -8011,30 +8577,26 @@ $as_echo "#define _HAVE_LIBNL3_ 1 " >>confdefs.h -$as_echo "#define _LIBNL_DYNAMIC_ 1 " >>confdefs.h - - NEED_LIBDL=Yes - if test $LDD = :; then as_fn_error $? "ldd is required for dynamic run-time linking support" "$LINENO" 5 fi SAV_LIBS="$LIBS" - LIBS=-l$NL3_LIB_NAMES + LIBS="$LIBS -l$GENL_LIB_NAMES" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - extern void nl_socket_alloc(void); + extern void genl_connect(void); int main(void) { - nl_socket_alloc(); + genl_connect(); return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep $NL3_LIB_NAMES.so | sed -e "s/^[ \t]*//"` + LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep $GENL_LIB_NAMES.so | sed -e "s/^[ \t]*//"` LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` fi @@ -8044,18 +8606,18 @@ rm -f core conftest.err conftest.$ac_objext \ cat >>confdefs.h <<_ACEOF -#define NL3_LIB_NAME "$LIB_NAME" +#define NL3_GENL_LIB_NAME "$LIB_NAME" _ACEOF - else - if test -n ""; then + else + if test -n ""; then KA_PKG_PFX= else KA_PKG_PFX=KA fi ADD_NEW= eval var=\$${KA_PKG_PFX}_CPPFLAGS - for item in `$PKG_CONFIG --cflags-only-I libnl-3.0`; do + for item in `$PKG_CONFIG --cflags-only-I libnl-genl-3.0`; do echo " $var " | $GREP -q " $item " if test $? -ne 0; then ADD_NEW="$ADD_NEW $item" @@ -8065,7 +8627,7 @@ _ACEOF ADD_NEW= eval var=\$${KA_PKG_PFX}_CFLAGS - for item in `$PKG_CONFIG --cflags-only-other libnl-3.0`; do + for item in `$PKG_CONFIG --cflags-only-other libnl-genl-3.0`; do echo " $var " | $GREP -q " $item " if test $? -ne 0; then ADD_NEW="$ADD_NEW $item" @@ -8075,8 +8637,8 @@ _ACEOF if test . = .remove-requires; then - REQUIRES=`$PKG_CONFIG --print-requires libnl-3.0` - var=`$PKG_CONFIG --libs-only-l libnl-3.0` + REQUIRES=`$PKG_CONFIG --print-requires libnl-genl-3.0` + var=`$PKG_CONFIG --libs-only-l libnl-genl-3.0` for r in $REQUIRES; do REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` for l in $REQ_LIBS; do @@ -8091,7 +8653,7 @@ _ACEOF else ADD_NEW= eval var=\$${KA_PKG_PFX}_LIBS - for item in `$PKG_CONFIG --libs libnl-3.0`; do + for item in `$PKG_CONFIG --libs libnl-genl-3.0`; do echo " $var " | $GREP -q " $item " if test $? -ne 0; then ADD_NEW="$ADD_NEW $item" @@ -8101,8 +8663,7 @@ _ACEOF fi - fi - fi + fi fi @@ -8191,7 +8752,7 @@ $as_echo "#define _LIBNL_DYNAMIC_ 1 " >>confdefs.h fi SAV_LIBS="$LIBS" - LIBS=-lnl + LIBS="$LIBS -lnl" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -8284,7 +8845,7 @@ fi if test $NETLINK_VER -ne 0; then SAV_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="$SAV_CPPFLAGS $NL3_CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernel_inc $NL3_CPPFLAGS" for ac_header in netlink/netlink.h do : ac_fn_c_check_header_mongrel "$LINENO" "netlink/netlink.h" "ac_cv_header_netlink_netlink_h" "$ac_includes_default" @@ -8341,6 +8902,7 @@ else LIBNL_DYNAMIC_FALSE= fi +unset LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: checking for magic_open in -lmagic" >&5 $as_echo_n "checking for magic_open in -lmagic... " >&6; } @@ -8731,19 +9293,19 @@ if ac_fn_c_try_link "$LINENO"; then : else - # No - netinet/in.h doesn't have IP_MULTICAST_ALL + # No - netinet/in.h doesn't have IP_MULTICAST_ALL # Build a program that will output the value of the kernel's IP_MULTICAST_ALL - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - #include - #include - #include - int main(int argc, char **argv) - { - printf("%d\n", IP_MULTICAST_ALL); - } + #include + #include + #include + int main(int argc, char **argv) + { + printf("%d\n", IP_MULTICAST_ALL); + } _ACEOF @@ -8769,7 +9331,9 @@ rm -f core conftest.err conftest.$ac_objext \ fi -ac_fn_c_check_decl "$LINENO" "LWTUNNEL_ENCAP_MPLS" "ac_cv_have_decl_LWTUNNEL_ENCAP_MPLS" "#include +if test $ac_cv_have_decl_RTA_ENCAP = yes; then : + + ac_fn_c_check_decl "$LINENO" "LWTUNNEL_ENCAP_MPLS" "ac_cv_have_decl_LWTUNNEL_ENCAP_MPLS" "#include " if test "x$ac_cv_have_decl_LWTUNNEL_ENCAP_MPLS" = xyes; then : ac_have_decl=1 @@ -8792,22 +9356,23 @@ cat >>confdefs.h <<_ACEOF #define HAVE_DECL_LWTUNNEL_ENCAP_ILA $ac_have_decl _ACEOF -if test ${ac_cv_have_decl_RTA_ENCAP}; then - for flag in LWTUNNEL_ENCAP_MPLS LWTUNNEL_ENCAP_ILA; do - eval decl_var=\$ac_cv_have_decl_$flag - if test ${decl_var} = yes; then - SYSTEM_OPTIONS="$SYSTEM_OPTIONS "${flag} - fi - done + for flag in LWTUNNEL_ENCAP_MPLS LWTUNNEL_ENCAP_ILA; do + eval decl_var=\$ac_cv_have_decl_$flag + if test ${decl_var} = yes; then + SYSTEM_OPTIONS="$SYSTEM_OPTIONS ${flag}" + fi + done + fi -USE_LIBIPTC=No +USE_IPTABLES=No USE_LIBIPSET=No -if test .${enable_libiptc} != .no -a .$enable_vrrp != .no; then - USE_LIBIPTC=Yes - SAV_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS $kernelinc" - for ac_header in linux/netfilter/x_tables.h xtables.h libiptc/libip6tc.h libiptc/libiptc.h libiptc/libxtc.h +if test .$enable_iptables != .no; then : + + USE_IPTABLES=Yes + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + for ac_header in linux/netfilter/x_tables.h libiptc/libip6tc.h libiptc/libiptc.h libiptc/libxtc.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" @@ -8818,17 +9383,133 @@ _ACEOF else - USE_LIBIPTC=No - break + USE_IPTABLES=No + break fi done - CPPFLAGS="$SAV_CPPFLAGS" + CPPFLAGS="$SAV_CPPFLAGS" + + if test $USE_IPTABLES = Yes; then + PKG_CONFIG_IP4TC=Yes + $PKG_CONFIG --exists libip4tc + if test $? -eq 0; then : + + if test -n "IP4TC"; then + KA_PKG_PFX=IP4TC + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I --static libip4tc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other --static libip4tc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test .remove-requires = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires --static libip4tc` + var=`$PKG_CONFIG --libs-only-l --static libip4tc` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs --static libip4tc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + if test -n "IP6TC"; then + KA_PKG_PFX=IP6TC + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I --static libip6tc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other --static libip6tc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test .remove-requires = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires --static libip6tc` + var=`$PKG_CONFIG --libs-only-l --static libip6tc` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs --static libip6tc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + IPTC_LIBS="$IP4TC_LIBS $IP6TC_LIBS" + IPTC_LIB_NAMES="$IP4TC_LIB_NAMES $IP6TC_LIB_NAMES" + +else - if test $USE_LIBIPTC = Yes; then - if test -n "IPTC"; then + PKG_CONFIG_IP4TC=No + if test -n "IPTC"; then KA_PKG_PFX=IPTC else KA_PKG_PFX=KA @@ -8854,7 +9535,7 @@ done eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" - if test . = .remove-requires; then + if test .remove-requires = .remove-requires; then REQUIRES=`$PKG_CONFIG --print-requires --static libiptc` var=`$PKG_CONFIG --libs-only-l --static libiptc` for r in $REQUIRES; do @@ -8881,16 +9562,18 @@ done fi - LIBS="$IPTC_LIBS" - SAV_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS $kernelinc" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for iptc_init in -liptc" >&5 -$as_echo_n "checking for iptc_init in -liptc... " >&6; } -if ${ac_cv_lib_iptc_iptc_init+:} false; then : + +fi + + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing iptc_init" >&5 +$as_echo_n "checking for library containing iptc_init... " >&6; } +if ${ac_cv_search_iptc_init+:} false; then : $as_echo_n "(cached) " >&6 else - ac_check_lib_save_LIBS=$LIBS -LIBS="-liptc $LIBS" + ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -8909,25 +9592,148 @@ return iptc_init (); return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_iptc_iptc_init=yes -else - ac_cv_lib_iptc_iptc_init=no +for ac_lib in '' $IPTC_LIB_NAMES; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_iptc_init=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS + conftest$ac_exeext + if ${ac_cv_search_iptc_init+:} false; then : + break +fi +done +if ${ac_cv_search_iptc_init+:} false; then : + +else + ac_cv_search_iptc_init=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_iptc_iptc_init" >&5 -$as_echo "$ac_cv_lib_iptc_iptc_init" >&6; } -if test "x$ac_cv_lib_iptc_iptc_init" = xyes; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_iptc_init" >&5 +$as_echo "$ac_cv_search_iptc_init" >&6; } +ac_res=$ac_cv_search_iptc_init +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + + if test .${enable_libiptc_dynamic} != .yes; then + if test $PKG_CONFIG_IP4TC = Yes; then : + + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I --static libip4tc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other --static libip4tc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires --static libip4tc` + var=`$PKG_CONFIG --libs-only-l --static libip4tc` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs --static libip4tc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I --static libip6tc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other --static libip6tc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires --static libip6tc` + var=`$PKG_CONFIG --libs-only-l --static libip6tc` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs --static libip6tc`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + fi -$as_echo "#define _HAVE_LIBIPTC_ 1 " >>confdefs.h - SYSTEM_OPTIONS="$SYSTEM_OPTIONS LIBIPTC" - if test .${enable_libiptc_dynamic} != .yes; then - if test -n ""; then +else + if test -n ""; then KA_PKG_PFX= else KA_PKG_PFX=KA @@ -8980,20 +9786,24 @@ $as_echo "#define _HAVE_LIBIPTC_ 1 " >>confdefs.h fi - KA_LIBS=`echo $KA_LIBS | sed -e "s/ -liptc//"` - IPTC_LIBS=`echo $IPTC_LIBS | sed -e "s/ *-L[^ ]* */ /" -e "s/ *-liptc */ /" -e "s/^ *$//"` - if test ".$IPTC_LIBS" = .; then - KA_LIBS=`echo $KA_LIBS -lip4tc -lip6tc` - fi - else - if test -n ""; then +fi + + KA_LIBS=`echo $KA_LIBS | sed -e "s/ -liptc//"` + IPTC_LIBS=`echo $IPTC_LIBS | sed -e "s/ *-L[^ ]* */ /" -e "s/ *-liptc */ /" -e "s/^ *$//"` + if test ".$IPTC_LIBS" = .; then + KA_LIBS="$KA_LIBS -lip4tc -lip6tc" + fi + else + if test $PKG_CONFIG_IP4TC = Yes; then : + + if test -n ""; then KA_PKG_PFX= else KA_PKG_PFX=KA fi ADD_NEW= eval var=\$${KA_PKG_PFX}_CPPFLAGS - for item in $($PKG_CONFIG --cflags-only-I libiptc); do + for item in $($PKG_CONFIG --cflags-only-I libip4tc); do echo " $var " | $GREP -q " $item " if test $? -ne 0; then ADD_NEW="$ADD_NEW $item" @@ -9003,7 +9813,7 @@ $as_echo "#define _HAVE_LIBIPTC_ 1 " >>confdefs.h ADD_NEW= eval var=\$${KA_PKG_PFX}_CFLAGS - for item in $($PKG_CONFIG --cflags-only-other libiptc); do + for item in $($PKG_CONFIG --cflags-only-other libip4tc); do echo " $var " | $GREP -q " $item " if test $? -ne 0; then ADD_NEW="$ADD_NEW $item" @@ -9012,96 +9822,14 @@ $as_echo "#define _HAVE_LIBIPTC_ 1 " >>confdefs.h eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" - CONFIG_OPTIONS="$CONFIG_OPTIONS LIBIPTC_DYNAMIC" - -$as_echo "#define _LIBIPTC_DYNAMIC_ 1 " >>confdefs.h - - NEED_LIBDL=Yes - - if test $LDD = :; then - as_fn_error $? "ldd is required for dynamic run-time linking support" "$LINENO" 5 - fi - - SAV_LIBS="$LIBS" - LIBS=-lip4tc - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - extern void iptc_init(void); - int main(void) - { - iptc_init(); - return 0; - } - -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep ip4tc.so | sed -e "s/^[ \t]*//"` - LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - LIBS="$SAV_LIBS" - - -cat >>confdefs.h <<_ACEOF -#define IP4TC_LIB_NAME "$LIB_NAME" -_ACEOF - - - if test $LDD = :; then - as_fn_error $? "ldd is required for dynamic run-time linking support" "$LINENO" 5 - fi - - SAV_LIBS="$LIBS" - LIBS=-lip6tc - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - extern void ip6tc_init(void); - int main(void) - { - ip6tc_init(); - return 0; - } - -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep ip6tc.so | sed -e "s/^[ \t]*//"` - LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - LIBS="$SAV_LIBS" - - -cat >>confdefs.h <<_ACEOF -#define IP6TC_LIB_NAME "$LIB_NAME" -_ACEOF - - fi - -else - USE_LIBIPTC=No -fi - - CPPFLAGS="$SAV_CPPFLAGS" - fi - - if test $USE_LIBIPTC = Yes; then - if test .$enable_libxtables_dynamic != .yes; then - if test -n ""; then + if test -n ""; then KA_PKG_PFX= else KA_PKG_PFX=KA fi ADD_NEW= eval var=\$${KA_PKG_PFX}_CPPFLAGS - for item in `$PKG_CONFIG --cflags-only-I xtables`; do + for item in $($PKG_CONFIG --cflags-only-I libip6tc); do echo " $var " | $GREP -q " $item " if test $? -ne 0; then ADD_NEW="$ADD_NEW $item" @@ -9111,7 +9839,7 @@ fi ADD_NEW= eval var=\$${KA_PKG_PFX}_CFLAGS - for item in `$PKG_CONFIG --cflags-only-other xtables`; do + for item in $($PKG_CONFIG --cflags-only-other libip6tc); do echo " $var " | $GREP -q " $item " if test $? -ne 0; then ADD_NEW="$ADD_NEW $item" @@ -9120,42 +9848,17 @@ fi eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" - if test . = .remove-requires; then - REQUIRES=`$PKG_CONFIG --print-requires xtables` - var=`$PKG_CONFIG --libs-only-l xtables` - for r in $REQUIRES; do - REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` - for l in $REQ_LIBS; do - var=`echo " $var " | sed -e "s: $l : :g"` - done - done - var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` - eval ${KA_PKG_PFX}_LIBS="\"$var\"" - - var=`echo $var | sed -e "s/-l//g"` - eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" - else - ADD_NEW= - eval var=\$${KA_PKG_PFX}_LIBS - for item in `$PKG_CONFIG --libs xtables`; do - echo " $var " | $GREP -q " $item " - if test $? -ne 0; then - ADD_NEW="$ADD_NEW $item" - fi - done - eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" - fi +else - else - if test -n ""; then + if test -n ""; then KA_PKG_PFX= else KA_PKG_PFX=KA fi ADD_NEW= eval var=\$${KA_PKG_PFX}_CPPFLAGS - for item in $($PKG_CONFIG --cflags-only-I xtables); do + for item in $($PKG_CONFIG --cflags-only-I libiptc); do echo " $var " | $GREP -q " $item " if test $? -ne 0; then ADD_NEW="$ADD_NEW $item" @@ -9165,7 +9868,7 @@ fi ADD_NEW= eval var=\$${KA_PKG_PFX}_CFLAGS - for item in $($PKG_CONFIG --cflags-only-other xtables); do + for item in $($PKG_CONFIG --cflags-only-other libiptc); do echo " $var " | $GREP -q " $item " if test $? -ne 0; then ADD_NEW="$ADD_NEW $item" @@ -9175,31 +9878,91 @@ fi -$as_echo "#define _LIBXTABLES_DYNAMIC_ 1 " >>confdefs.h +fi + CONFIG_OPTIONS="$CONFIG_OPTIONS LIBIPTC_DYNAMIC" + +$as_echo "#define _LIBIPTC_DYNAMIC_ 1 " >>confdefs.h + + NEED_LIBDL=Yes + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing ip6tc_init" >&5 +$as_echo_n "checking for library containing ip6tc_init... " >&6; } +if ${ac_cv_search_ip6tc_init+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char ip6tc_init (); +int +main () +{ +return ip6tc_init (); + ; + return 0; +} +_ACEOF +for ac_lib in '' $IPTC_LIB_NAMES; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_ip6tc_init=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_ip6tc_init+:} false; then : + break +fi +done +if ${ac_cv_search_ip6tc_init+:} false; then : + +else + ac_cv_search_ip6tc_init=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_ip6tc_init" >&5 +$as_echo "$ac_cv_search_ip6tc_init" >&6; } +ac_res=$ac_cv_search_ip6tc_init +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi - CONFIG_OPTIONS="$CONFIG_OPTIONS XTABLES_DYNAMIC" - NEED_LIBDL=Yes + IP4TC_NAME=`echo $ac_cv_search_iptc_init | sed -e "s/-l//"` + IP6TC_NAME=`echo $ac_cv_search_ip6tc_init | sed -e "s/-l//"` if test $LDD = :; then as_fn_error $? "ldd is required for dynamic run-time linking support" "$LINENO" 5 fi SAV_LIBS="$LIBS" - LIBS=-lxtables + LIBS="$LIBS -l$IP4TC_NAME" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - extern void xtables_insmod(void); + extern void iptc_init(void); int main(void) { - xtables_insmod(); + iptc_init(); return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep xtables.so | sed -e "s/^[ \t]*//"` + LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep $IP4TC_NAME.so | sed -e "s/^[ \t]*//"` LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` fi @@ -9209,17 +9972,59 @@ rm -f core conftest.err conftest.$ac_objext \ cat >>confdefs.h <<_ACEOF -#define XTABLES_LIB_NAME "$LIB_NAME" +#define IP4TC_LIB_NAME "$LIB_NAME" _ACEOF + + if test $LDD = :; then + as_fn_error $? "ldd is required for dynamic run-time linking support" "$LINENO" 5 fi - SAV_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS $kernelinc" - if test "${enable_libipset}" != no; then - $PKG_CONFIG --exists libipset - if test $? -eq 0; then - if test -n "IPSET"; then + SAV_LIBS="$LIBS" + LIBS="$LIBS -l$IP6TC_NAME" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + extern void ip6tc_init(void); + int main(void) + { + ip6tc_init(); + return 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep $IP6TC_NAME.so | sed -e "s/^[ \t]*//"` + LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$SAV_LIBS" + + +cat >>confdefs.h <<_ACEOF +#define IP6TC_LIB_NAME "$LIB_NAME" +_ACEOF + + LIBIPTC_DYNAMIC=Yes + fi + +else + USE_IPTABLES=No +fi + + CPPFLAGS="$SAV_CPPFLAGS" + fi + + if test $USE_IPTABLES = Yes; then + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + if test "${enable_libipset}" != no; then + $PKG_CONFIG --exists libipset + if test $? -eq 0; then + if test -n "IPSET"; then KA_PKG_PFX=IPSET else KA_PKG_PFX=KA @@ -9245,7 +10050,7 @@ _ACEOF eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" - if test . = .remove-requires; then + if test .remove-requires = .remove-requires; then REQUIRES=`$PKG_CONFIG --print-requires libipset` var=`$PKG_CONFIG --libs-only-l libipset` for r in $REQUIRES; do @@ -9272,19 +10077,18 @@ _ACEOF fi - else - IPSET_LIBS="-lipset" - fi - SAV_LIBS=$LIBS - LIBS="$IPTC_LIBS $IPSET_LIBS" + else + IPSET_LIBS="-lipset" + IPSET_LIB_NAMES=ipset + fi + SAV_LIBS=$LIBS - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ipset_session_init in -lipset" >&5 -$as_echo_n "checking for ipset_session_init in -lipset... " >&6; } -if ${ac_cv_lib_ipset_ipset_session_init+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing ipset_session_init" >&5 +$as_echo_n "checking for library containing ipset_session_init... " >&6; } +if ${ac_cv_search_ipset_session_init+:} false; then : $as_echo_n "(cached) " >&6 else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lipset $LIBS" + ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -9298,100 +10102,67 @@ char ipset_session_init (); int main () { -return ipset_session_init (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_ipset_ipset_session_init=yes -else - ac_cv_lib_ipset_ipset_session_init=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ipset_ipset_session_init" >&5 -$as_echo "$ac_cv_lib_ipset_ipset_session_init" >&6; } -if test "x$ac_cv_lib_ipset_ipset_session_init" = xyes; then : - - USE_LIBIPSET=Yes - for ac_header in libipset/data.h libipset/linux_ip_set.h libipset/session.h libipset/types.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -else - - USE_LIBIPSET=No - break - -fi - -done - - - if test $USE_LIBIPSET = Yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for xtables_insmod in -lxtables" >&5 -$as_echo_n "checking for xtables_insmod in -lxtables... " >&6; } -if ${ac_cv_lib_xtables_xtables_insmod+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lxtables $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char xtables_insmod (); -int -main () -{ -return xtables_insmod (); +return ipset_session_init (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_xtables_xtables_insmod=yes -else - ac_cv_lib_xtables_xtables_insmod=no +for ac_lib in '' $IPSET_LIB_NAMES; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_ipset_session_init=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS + conftest$ac_exeext + if ${ac_cv_search_ipset_session_init+:} false; then : + break fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_xtables_xtables_insmod" >&5 -$as_echo "$ac_cv_lib_xtables_xtables_insmod" >&6; } -if test "x$ac_cv_lib_xtables_xtables_insmod" = xyes; then : +done +if ${ac_cv_search_ipset_session_init+:} false; then : + +else + ac_cv_search_ipset_session_init=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_ipset_session_init" >&5 +$as_echo "$ac_cv_search_ipset_session_init" >&6; } +ac_res=$ac_cv_search_ipset_session_init +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + + USE_LIBIPSET=Yes + for ac_header in libipset/data.h libipset/linux_ip_set.h libipset/session.h libipset/types.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF -#define HAVE_LIBXTABLES 1 +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF - LIBS="-lxtables $LIBS" - else - USE_LIBIPSET=No + + USE_LIBIPSET=No + break + fi - fi +done + - if test $USE_LIBIPSET = Yes; then - EXTRA_INCLUDE= - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + if test $USE_LIBIPSET = Yes; then + EXTRA_INCLUDE= + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - #include + #include _ACEOF if ac_fn_c_try_compile "$LINENO"; then : @@ -9417,7 +10188,7 @@ if test "x$ac_cv_header_linux_netfilter_xt_set_h" = xyes; then : $as_echo "#define USE_LIBIPSET_LINUX_IP_SET_H 1 " >>confdefs.h - EXTRA_INCLUDE="#include " + EXTRA_INCLUDE="#include " else USE_LIBIPSET=No @@ -9428,16 +10199,16 @@ fi fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - fi + fi - if test $USE_LIBIPSET = Yes; then + if test $USE_LIBIPSET = Yes; then $as_echo "#define _HAVE_LIBIPSET_ 1 " >>confdefs.h - $PKG_CONFIG --exists libipset - if test $? -eq 0; then - if test .${enable_libipset_dynamic} = .no; then - if test -n ""; then + $PKG_CONFIG --exists libipset + if test $? -eq 0; then + if test .${enable_libipset_dynamic} = .no; then + if test -n ""; then KA_PKG_PFX= else KA_PKG_PFX=KA @@ -9490,8 +10261,8 @@ $as_echo "#define _HAVE_LIBIPSET_ 1 " >>confdefs.h fi - else - if test -n ""; then + else + if test -n ""; then KA_PKG_PFX= else KA_PKG_PFX=KA @@ -9517,23 +10288,24 @@ $as_echo "#define _HAVE_LIBIPSET_ 1 " >>confdefs.h eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + fi + elif test .${enable_libipset_dynamic} = .no; then + KA_LIBS="$KA_LIBS $ac_cv_search_ipset_session_init" fi - elif test .${enable_libipset_dynamic} = .no; then - KA_LIBS="$KA_LIBS -lipset" - fi - if test .${enable_libipset_dynamic} != .no; then + if test .${enable_libipset_dynamic} != .no; then $as_echo "#define _LIBIPSET_DYNAMIC_ 1 " >>confdefs.h - CONFIG_OPTIONS="$CONFIG_OPTIONS LIBIPSET_DYNAMIC" - NEED_LIBDL=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS LIBIPSET_DYNAMIC" + NEED_LIBDL=Yes + LIBIPSET_NAME=`echo $ac_cv_search_ipset_session_init | sed -e "s/-l//"` if test $LDD = :; then as_fn_error $? "ldd is required for dynamic run-time linking support" "$LINENO" 5 fi SAV_LIBS="$LIBS" - LIBS=-lipset + LIBS="$LIBS -l$LIBIPSET_NAME" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -9547,7 +10319,7 @@ $as_echo "#define _LIBIPSET_DYNAMIC_ 1 " >>confdefs.h _ACEOF if ac_fn_c_try_link "$LINENO"; then : - LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep ipset.so | sed -e "s/^[ \t]*//"` + LIB_DETAILS=`$LDD ./conftest$EXEEXT | grep $LIBIPSET_NAME.so | sed -e "s/^[ \t]*//"` LIB_NAME=`echo $LIB_DETAILS | sed -e "s/ .*//"` fi @@ -9560,13 +10332,13 @@ cat >>confdefs.h <<_ACEOF #define IPSET_LIB_NAME "$LIB_NAME" _ACEOF - else - CONFIG_OPTIONS="$CONFIG_OPTIONS LIBIPSET" - fi + else + CONFIG_OPTIONS="$CONFIG_OPTIONS LIBIPSET" + fi - ac_fn_c_check_member "$LINENO" "struct xt_set_info_match_v1" "match_set.index" "ac_cv_member_struct_xt_set_info_match_v1_match_set_index" " - $EXTRA_INCLUDE - #include + ac_fn_c_check_member "$LINENO" "struct xt_set_info_match_v1" "match_set.index" "ac_cv_member_struct_xt_set_info_match_v1_match_set_index" " + $EXTRA_INCLUDE + #include " if test "x$ac_cv_member_struct_xt_set_info_match_v1_match_set_index" = xyes; then : @@ -9575,9 +10347,9 @@ $as_echo "#define HAVE_XT_SET_INFO_MATCH_V1 1 " >>confdefs.h fi - ac_fn_c_check_member "$LINENO" "struct xt_set_info_match_v3" "match_set.index" "ac_cv_member_struct_xt_set_info_match_v3_match_set_index" " - $EXTRA_INCLUDE - #include + ac_fn_c_check_member "$LINENO" "struct xt_set_info_match_v3" "match_set.index" "ac_cv_member_struct_xt_set_info_match_v3_match_set_index" " + $EXTRA_INCLUDE + #include " if test "x$ac_cv_member_struct_xt_set_info_match_v3_match_set_index" = xyes; then : @@ -9586,9 +10358,9 @@ $as_echo "#define HAVE_XT_SET_INFO_MATCH_V3 1 " >>confdefs.h fi - ac_fn_c_check_member "$LINENO" "struct xt_set_info_match_v4" "match_set.index" "ac_cv_member_struct_xt_set_info_match_v4_match_set_index" " - $EXTRA_INCLUDE - #include + ac_fn_c_check_member "$LINENO" "struct xt_set_info_match_v4" "match_set.index" "ac_cv_member_struct_xt_set_info_match_v4_match_set_index" " + $EXTRA_INCLUDE + #include " if test "x$ac_cv_member_struct_xt_set_info_match_v4_match_set_index" = xyes; then : @@ -9598,11 +10370,11 @@ $as_echo "#define HAVE_XT_SET_INFO_MATCH_V4 1 " >>confdefs.h fi - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - #include - int main(void) { int var = IPSET_ATTR_IFACE; } + #include + int main(void) { int var = IPSET_ATTR_IFACE; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : @@ -9612,12 +10384,12 @@ $as_echo "#define HAVE_IPSET_ATTR_IFACE 1 " >>confdefs.h fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - #include - #include - int main(void) {} + #include + #include + int main(void) {} _ACEOF if ac_fn_c_try_compile "$LINENO"; then : @@ -9626,11 +10398,11 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - #include - #ifdef _UAPI_IP_SET_H - #error _UAPI_IP_SET_H defined - #endif - int main(void) {} + #include + #ifdef _UAPI_IP_SET_H + #error _UAPI_IP_SET_H defined + #endif + int main(void) {} _ACEOF if ac_fn_c_try_compile "$LINENO"; then : @@ -9646,76 +10418,392 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - fi + fi - if test $USE_LIBIPSET = Yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libipset version 7 or later" >&5 + if test $USE_LIBIPSET = Yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libipset version 7 or later" >&5 $as_echo_n "checking for libipset version 7 or later... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - #include + #include - void test_func(void) - { - ipset_session_init(NULL, NULL); - } + void test_func(void) + { + ipset_session_init(NULL, NULL); + } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } $as_echo "#define LIBIPSET_PRE_V7_COMPAT 1 " >>confdefs.h - SYSTEM_OPTIONS="$SYSTEM_OPTIONS "LIBIPSET_PRE_V7 + SYSTEM_OPTIONS="$SYSTEM_OPTIONS "LIBIPSET_PRE_V7 fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - fi + fi + +fi + + LIBS="$SAV_LIBS" + fi + + ac_fn_c_check_decl "$LINENO" "XT_EXTENSION_MAXNAMELEN" "ac_cv_have_decl_XT_EXTENSION_MAXNAMELEN" "#include +" +if test "x$ac_cv_have_decl_XT_EXTENSION_MAXNAMELEN" = xyes; then : + +else + +$as_echo "#define XT_EXTENSION_MAXNAMELEN (XT_FUNCTION_MAXNAMELEN - 1) " >>confdefs.h + +fi + + + CPPFLAGS="$SAV_CPPFLAGS" + fi + if test $USE_IPTABLES = Yes; then + +$as_echo "#define _WITH_IPTABLES_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPTABLES" + fi + +fi + if test $USE_LIBIPSET = Yes; then + LIBIPSET_TRUE= + LIBIPSET_FALSE='#' +else + LIBIPSET_TRUE='#' + LIBIPSET_FALSE= +fi + + if test $USE_IPTABLES = Yes; then + IPTABLES_TRUE= + IPTABLES_FALSE='#' +else + IPTABLES_TRUE='#' + IPTABLES_FALSE= +fi + + if test $USE_IPTABLES = Yes -a .$LIBIPTC_DYNAMIC = .Yes; then + LIBIPTC_DYNAMIC_TRUE= + LIBIPTC_DYNAMIC_FALSE='#' +else + LIBIPTC_DYNAMIC_TRUE='#' + LIBIPTC_DYNAMIC_FALSE= +fi + + if test $USE_LIBIPSET = Yes -a .${enable_libipset_dynamic} != .no; then + LIBIPSET_DYNAMIC_TRUE= + LIBIPSET_DYNAMIC_FALSE='#' +else + LIBIPSET_DYNAMIC_TRUE='#' + LIBIPSET_DYNAMIC_FALSE= +fi + +unset LIBS + +USE_NFTABLES=No +if test .${enable_nftables} != .no; then + USE_NFTABLES=Yes + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + ac_fn_c_check_decl "$LINENO" "NFTA_TABLE_MAX" "ac_cv_have_decl_NFTA_TABLE_MAX" "#include +" +if test "x$ac_cv_have_decl_NFTA_TABLE_MAX" = xyes; then : + +else + + if test .${enable_nftables} = .yes; then : + as_fn_error $? "nftables header files missing/not useable" "$LINENO" 5 +fi + USE_NFTABLES=No + +fi + + + if test $USE_NFTABLES = Yes; then + $PKG_CONFIG --exists libnftnl + if test $? -ne 0; then + USE_NFTABLES=No + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libnftnl missing" >&5 +$as_echo "$as_me: WARNING: libnftnl missing" >&2;} + fi + $PKG_CONFIG --exists libmnl + if test $? -ne 0; then + USE_NFTABLES=No + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libmnl missing" >&5 +$as_echo "$as_me: WARNING: libmnl missing" >&2;} + fi + + if test $USE_NFTABLES = Yes; then + # nft prior to version 0.8.3 does not support type ifname in sets. We can't check the version of + # nft, but we can check the version of libnftnl. nft v0.8.3 required libnftnl v1.0.9, but so did + # nft v0.8.2. So play safe, and require the next version. + LIBNFTNL_VERSION=`printf "0x%2.2x%2.2x%2.2xU" \`pkg-config --modversion libnftnl | sed -e "s/\./ /g"\`` + +cat >>confdefs.h <<_ACEOF +#define LIBNFTNL_VERSION $LIBNFTNL_VERSION +_ACEOF + + + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libnftnl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libnftnl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libnftnl` + var=`$PKG_CONFIG --libs-only-l libnftnl` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libnftnl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + if test -n ""; then + KA_PKG_PFX= + else + KA_PKG_PFX=KA + fi + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CPPFLAGS + for item in `$PKG_CONFIG --cflags-only-I libmnl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" + + ADD_NEW= + eval var=\$${KA_PKG_PFX}_CFLAGS + for item in `$PKG_CONFIG --cflags-only-other libmnl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + + + if test . = .remove-requires; then + REQUIRES=`$PKG_CONFIG --print-requires libmnl` + var=`$PKG_CONFIG --libs-only-l libmnl` + for r in $REQUIRES; do + REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` + for l in $REQ_LIBS; do + var=`echo " $var " | sed -e "s: $l : :g"` + done + done + var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` + eval ${KA_PKG_PFX}_LIBS="\"$var\"" + + var=`echo $var | sed -e "s/-l//g"` + eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" + else + ADD_NEW= + eval var=\$${KA_PKG_PFX}_LIBS + for item in `$PKG_CONFIG --libs libmnl`; do + echo " $var " | $GREP -q " $item " + if test $? -ne 0; then + ADD_NEW="$ADD_NEW $item" + fi + done + eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" + + fi + + +$as_echo "#define _WITH_NFTABLES_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS NFTABLES" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether NFTNL_EXPR_LOOKUP_FLAGS and NFT_LOOKUP_F_INV are defined" >&5 +$as_echo_n "checking whether NFTNL_EXPR_LOOKUP_FLAGS and NFT_LOOKUP_F_INV are defined... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include // libnftnl/expr.h requires this + #include + #include + int main(void) + { + int i = NFTNL_EXPR_LOOKUP_FLAGS | NFT_LOOKUP_F_INV; + return 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define HAVE_NFTNL_EXPR_LOOKUP_FLAG_INV 1 " >>confdefs.h + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + # nft dup from Linux 4.3 + ac_fn_c_check_decl "$LINENO" "NFTA_DUP_MAX" "ac_cv_have_decl_NFTA_DUP_MAX" "#include +" +if test "x$ac_cv_have_decl_NFTA_DUP_MAX" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_NFTA_DUP_MAX $ac_have_decl +_ACEOF + + + # NFT_USERDATA_MAXLEN since Linux 3.15. Check nftnl_udata_buf_alloc for libnftnl support of userdata + USE_NFT_USERDATA=Yes + ac_fn_c_check_decl "$LINENO" "NFT_USERDATA_MAXLEN" "ac_cv_have_decl_NFT_USERDATA_MAXLEN" " + #include + #include + + +" +if test "x$ac_cv_have_decl_NFT_USERDATA_MAXLEN" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_NFT_USERDATA_MAXLEN $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + USE_NFT_USERDATA=No +fi +ac_fn_c_check_decl "$LINENO" "nftnl_udata_buf_alloc" "ac_cv_have_decl_nftnl_udata_buf_alloc" " + #include + #include + + +" +if test "x$ac_cv_have_decl_nftnl_udata_buf_alloc" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi - LIBS="$SAV_LIBS" - fi +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_NFTNL_UDATA_BUF_ALLOC $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + +else + USE_NFT_USERDATA=No +fi + + + if test $USE_NFT_USERDATA = Yes; then : - ac_fn_c_check_decl "$LINENO" "XT_EXTENSION_MAXNAMELEN" "ac_cv_have_decl_XT_EXTENSION_MAXNAMELEN" "#include -" -if test "x$ac_cv_have_decl_XT_EXTENSION_MAXNAMELEN" = xyes; then : -else +$as_echo "#define HAVE_NFTNL_UDATA 1 " >>confdefs.h -$as_echo "#define XT_EXTENSION_MAXNAMELEN (XT_FUNCTION_MAXNAMELEN - 1) " >>confdefs.h + ac_fn_c_check_decl "$LINENO" "nftnl_udata_put_u32" "ac_cv_have_decl_nftnl_udata_put_u32" " + #include + #include +" +if test "x$ac_cv_have_decl_nftnl_udata_put_u32" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_NFTNL_UDATA_PUT_U32 $ac_have_decl +_ACEOF - CPPFLAGS="$SAV_CPPFLAGS" + +fi + fi fi + CPPFLAGS="$SAV_CPPFLAGS" fi - if test $USE_LIBIPTC = Yes; then - LIBIPTC_TRUE= - LIBIPTC_FALSE='#' + if test $USE_NFTABLES = Yes; then + NFTABLES_TRUE= + NFTABLES_FALSE='#' else - LIBIPTC_TRUE='#' - LIBIPTC_FALSE= + NFTABLES_TRUE='#' + NFTABLES_FALSE= fi - if test $USE_LIBIPSET = Yes; then - LIBIPSET_TRUE= - LIBIPSET_FALSE='#' +unset LIBS + +if test $USE_IPTABLES = Yes -o $USE_NFTABLES = Yes; then : + +$as_echo "#define _WITH_FIREWALL_ 1 " >>confdefs.h + +fi + if test $USE_IPTABLES = Yes -o $USE_NFTABLES = Yes; then + FIREWALL_TRUE= + FIREWALL_FALSE='#' else - LIBIPSET_TRUE='#' - LIBIPSET_FALSE= + FIREWALL_TRUE='#' + FIREWALL_FALSE= fi -unset LIBS # Including and can cause a namespace collision. # Later versions of the headers are OK if linux/if.h is included second @@ -9726,8 +10814,8 @@ CPPFLAGS="$CPPFLAGS $kernelinc" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - #include #include + #include _ACEOF if ac_fn_c_try_compile "$LINENO"; then : @@ -9748,6 +10836,37 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CPPFLAGS="$SAV_CPPFLAGS" +# This issue was resolved in Linux 4.15.7/4.16 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for linux/if_ether.h then netinet/in.h then linux/if.h namespace collision" >&5 +$as_echo_n "checking for linux/if_ether.h then netinet/in.h then linux/if.h namespace collision... " >&6; } +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define _HAVE_LINUX_IF_ETHER_H_COLLISION_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS NET_LINUX_IF_ETHER_H_COLLISION" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +CPPFLAGS="$SAV_CPPFLAGS" + # Including and causes a namespace collision # with musl libc, but the collision only occurs if linux/ip_ether.h is included # before netinet/if_ether.h. The problem is that we want to include them in that @@ -9972,7 +11091,7 @@ else fi - if test $IPVS_SYNCD_ATTRIBUTES = Yes; then + if test $IPVS_SYNCD_ATTRIBUTES = Yes; then $as_echo "#define _HAVE_IPVS_SYNCD_ATTRIBUTES_ 1 " >>confdefs.h @@ -10027,6 +11146,70 @@ $as_echo "#define _WITH_LVS_64BIT_STATS_ 1 " >>confdefs.h SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPVS_64BIT_STATS" fi fi + + ac_fn_c_check_decl "$LINENO" "IPVS_DEST_ATTR_TUN_TYPE" "ac_cv_have_decl_IPVS_DEST_ATTR_TUN_TYPE" "#include +" +if test "x$ac_cv_have_decl_IPVS_DEST_ATTR_TUN_TYPE" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IPVS_DEST_ATTR_TUN_TYPE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + + +$as_echo "#define _HAVE_IPVS_TUN_TYPE_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPVS_TUN_TYPE" + +fi + + + ac_fn_c_check_decl "$LINENO" "IP_VS_TUNNEL_ENCAP_FLAG_NOCSUM" "ac_cv_have_decl_IP_VS_TUNNEL_ENCAP_FLAG_NOCSUM" "#include +" +if test "x$ac_cv_have_decl_IP_VS_TUNNEL_ENCAP_FLAG_NOCSUM" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IP_VS_TUNNEL_ENCAP_FLAG_NOCSUM $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + + +$as_echo "#define _HAVE_IPVS_TUN_CSUM_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPVS_TUN_CSUM" + +fi + + + ac_fn_c_check_decl "$LINENO" "IP_VS_CONN_F_TUNNEL_TYPE_GRE" "ac_cv_have_decl_IP_VS_CONN_F_TUNNEL_TYPE_GRE" "#include +" +if test "x$ac_cv_have_decl_IP_VS_CONN_F_TUNNEL_TYPE_GRE" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IP_VS_CONN_F_TUNNEL_TYPE_GRE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + + +$as_echo "#define _HAVE_IPVS_TUN_GRE_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IPVS_TUN_GRE" + +fi + + CPPFLAGS="$SAV_CPPFLAGS" if test "$enable_regex" = yes; then : @@ -10041,15 +11224,15 @@ $as_echo_n "checking for pcre.h... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - #define PCRE2_CODE_UNIT_WIDTH 8 - #include + #define PCRE2_CODE_UNIT_WIDTH 8 + #include _ACEOF if ac_fn_c_try_compile "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - WITH_REGEX=Yes + WITH_REGEX=Yes if test -n ""; then KA_PKG_PFX= else @@ -10110,7 +11293,7 @@ $as_echo "#define _WITH_REGEX_CHECK_ 1 " >>confdefs.h else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } as_fn_error $? "pcre2.h is missing" "$LINENO" 5 @@ -10126,8 +11309,8 @@ $as_echo "#define _WITH_REGEX_TIMERS_ 1 " >>confdefs.h $as_echo "#define _REGEX_DEBUG_ 1 " >>confdefs.h - ENABLE_REGEX_DEBUG=Yes - CONFIG_OPTIONS="$CONFIG_OPTIONS REGEX_DEBUG" + ENABLE_REGEX_DEBUG=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS REGEX_DEBUG" fi fi @@ -10156,6 +11339,7 @@ VRRP_AUTH_SUPPORT=No MACVLAN_SUPPORT=No ENABLE_JSON=No BFD_SUPPORT=No +HAVE_CN_PROC=No if test "$enable_vrrp" != no; then VRRP_SUPPORT=Yes @@ -10173,10 +11357,12 @@ $as_echo "#define _WITH_VRRP_AUTH_ 1 " >>confdefs.h SAV_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS $kernelinc" - MACVLAN_SUPPORT=Yes - ac_fn_c_check_decl "$LINENO" "IFLA_MACVLAN_MODE" "ac_cv_have_decl_IFLA_MACVLAN_MODE" " - #include - #include + MACVLAN_SUPPORT=No + if test "${enable_vmac}" != no; then + MACVLAN_SUPPORT=Yes + ac_fn_c_check_decl "$LINENO" "IFLA_MACVLAN_MODE" "ac_cv_have_decl_IFLA_MACVLAN_MODE" " + #include + #include " if test "x$ac_cv_have_decl_IFLA_MACVLAN_MODE" = xyes; then : @@ -10192,13 +11378,13 @@ if test $ac_have_decl = 1; then : else - MACVLAN_SUPPORT=No - break + MACVLAN_SUPPORT=No + break fi ac_fn_c_check_decl "$LINENO" "MACVLAN_MODE_PRIVATE" "ac_cv_have_decl_MACVLAN_MODE_PRIVATE" " - #include - #include + #include + #include " if test "x$ac_cv_have_decl_MACVLAN_MODE_PRIVATE" = xyes; then : @@ -10214,95 +11400,73 @@ if test $ac_have_decl = 1; then : else - MACVLAN_SUPPORT=No - break + MACVLAN_SUPPORT=No + break fi + fi if test $MACVLAN_SUPPORT = Yes; then $as_echo "#define _HAVE_VRRP_VMAC_ 1 " >>confdefs.h SYSTEM_OPTIONS="$SYSTEM_OPTIONS VRRP_VMAC" - fi - CPPFLAGS="$SAV_CPPFLAGS" - if test "${enable_json}" = yes; then - JSON_HEADERS=$($PKG_CONFIG --cflags-only-I json-c) - SAV_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS $JSON_HEADERS" - for ac_header in json.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "json.h" "ac_cv_header_json_h" "$ac_includes_default" -if test "x$ac_cv_header_json_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_JSON_H 1 -_ACEOF + IPVLAN_SUPPORT=Yes + ac_fn_c_check_decl "$LINENO" "IFLA_IPVLAN_MODE" "ac_cv_have_decl_IFLA_IPVLAN_MODE" " + #include + #include +" +if test "x$ac_cv_have_decl_IFLA_IPVLAN_MODE" = xyes; then : + ac_have_decl=1 else - as_fn_error $? "unable to find json.h" "$LINENO" 5 + ac_have_decl=0 fi -done +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_IFLA_IPVLAN_MODE $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : - CPPFLAGS="$SAV_CPPFLAGS" +else -$as_echo "#define _WITH_JSON_ 1 " >>confdefs.h + IPVLAN_SUPPORT=No + break - if test -n ""; then - KA_PKG_PFX= - else - KA_PKG_PFX=KA +fi + + if test $IPVLAN_SUPPORT = Yes; then + +$as_echo "#define _HAVE_VRRP_IPVLAN_ 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS VRRP_IPVLAN" fi - ADD_NEW= - eval var=\$${KA_PKG_PFX}_CPPFLAGS - for item in `$PKG_CONFIG --cflags-only-I json-c`; do - echo " $var " | $GREP -q " $item " - if test $? -ne 0; then - ADD_NEW="$ADD_NEW $item" - fi - done - eval ${KA_PKG_PFX}_CPPFLAGS=\"\$${KA_PKG_PFX}_CPPFLAGS $ADD_NEW\" - ADD_NEW= - eval var=\$${KA_PKG_PFX}_CFLAGS - for item in `$PKG_CONFIG --cflags-only-other json-c`; do - echo " $var " | $GREP -q " $item " - if test $? -ne 0; then - ADD_NEW="$ADD_NEW $item" - fi - done - eval ${KA_PKG_PFX}_CFLAGS=\"\$${KA_PKG_PFX}_CFLAGS $ADD_NEW\" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include + int main(void) { int var = IFLA_LINK_NETNSID; } - if test . = .remove-requires; then - REQUIRES=`$PKG_CONFIG --print-requires json-c` - var=`$PKG_CONFIG --libs-only-l json-c` - for r in $REQUIRES; do - REQ_LIBS=`$PKG_CONFIG --libs-only-l $r` - for l in $REQ_LIBS; do - var=`echo " $var " | sed -e "s: $l : :g"` - done - done - var=`echo $var | sed -e "s:^ *::" -e "s: *$::"` - eval ${KA_PKG_PFX}_LIBS="\"$var\"" +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : - var=`echo $var | sed -e "s/-l//g"` - eval ${KA_PKG_PFX}_LIB_NAMES="\"$var\"" - else - ADD_NEW= - eval var=\$${KA_PKG_PFX}_LIBS - for item in `$PKG_CONFIG --libs json-c`; do - echo " $var " | $GREP -q " $item " - if test $? -ne 0; then - ADD_NEW="$ADD_NEW $item" - fi - done - eval ${KA_PKG_PFX}_LIBS=\"\$${KA_PKG_PFX}_LIBS $ADD_NEW\" - fi +$as_echo "#define HAVE_IFLA_LINK_NETNSID 1 " >>confdefs.h + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS IFLA_LINK_NETNSID" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + CPPFLAGS="$SAV_CPPFLAGS" + if test "${enable_json}" = yes; then ENABLE_JSON=Yes + +$as_echo "#define _WITH_JSON_ 1 " >>confdefs.h + CONFIG_OPTIONS="$CONFIG_OPTIONS JSON" fi @@ -10313,6 +11477,63 @@ $as_echo "#define _WITH_BFD_ 1 " >>confdefs.h CONFIG_OPTIONS="$CONFIG_OPTIONS BFD" fi + + if test .$enable_track_process != .no; then : + + SYSTEM_OPTIONS="$SYSTEM_OPTIONS CN_PROC" + HAVE_CN_PROC=Yes + +$as_echo "#define _WITH_CN_PROC_ 1 " >>confdefs.h + + ac_fn_c_check_decl "$LINENO" "PROC_EVENT_SID" "ac_cv_have_decl_PROC_EVENT_SID" "#include +" +if test "x$ac_cv_have_decl_PROC_EVENT_SID" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_PROC_EVENT_SID $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "PROC_EVENT_PTRACE" "ac_cv_have_decl_PROC_EVENT_PTRACE" "#include +" +if test "x$ac_cv_have_decl_PROC_EVENT_PTRACE" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_PROC_EVENT_PTRACE $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "PROC_EVENT_COMM" "ac_cv_have_decl_PROC_EVENT_COMM" "#include +" +if test "x$ac_cv_have_decl_PROC_EVENT_COMM" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_PROC_EVENT_COMM $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "PROC_EVENT_COREDUMP" "ac_cv_have_decl_PROC_EVENT_COREDUMP" "#include +" +if test "x$ac_cv_have_decl_PROC_EVENT_COREDUMP" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_PROC_EVENT_COREDUMP $ac_have_decl +_ACEOF + + +else + CONFIG_OPTIONS="$CONFIG_OPTIONS DISABLE_TRACK_PROCESS" +fi fi if test $VRRP_SUPPORT = Yes; then WITH_VRRP_TRUE= @@ -10354,6 +11575,14 @@ else WITH_BFD_FALSE= fi + if test $HAVE_CN_PROC = Yes; then + CN_PROC_TRUE= + CN_PROC_FALSE='#' +else + CN_PROC_TRUE='#' + CN_PROC_FALSE= +fi + if test ${IPVS_SUPPORT} = No -a ${VRRP_SUPPORT} = No; then as_fn_error $? "keepalived MUST be compiled with at least one of LVS or VRRP framework" "$LINENO" 5 @@ -10414,8 +11643,8 @@ fi # Introduced in Linux 2.6.39 -SAV_CFLAGS="$CFLAGS" -CFLAGS="$CFLAGS -D_GNU_SOURCE" +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernel_inc -D_GNU_SOURCE" ac_fn_c_check_decl "$LINENO" "O_PATH" "ac_cv_have_decl_O_PATH" "#include " if test "x$ac_cv_have_decl_O_PATH" = xyes; then : @@ -10433,7 +11662,7 @@ if test $ac_have_decl = 1; then : fi -CFLAGS="$SAV_CFLAGS" +CPPFLAGS="$SAV_CPPFLAGS" ac_fn_c_check_decl "$LINENO" "GLOB_BRACE" "ac_cv_have_decl_GLOB_BRACE" "#include " @@ -10451,6 +11680,39 @@ if test $ac_have_decl = 1; then : fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for timegm()" >&5 +$as_echo_n "checking for timegm()... " >&6; } +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$KA_CPPFLAGS $kernel_inc" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + int main(void) + { + timegm(NULL); + return 0; + } + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define HAVE_TIMEGM 1 " >>confdefs.h + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +CPPFLAGS="$SAV_CPPFLAGS" + UNICAST_CHKSUM_COMPAT_SUPPORT=No if test .$enable_checksum_compat != .no; then UNICAST_CHKSUM_COMPAT_SUPPORT=Yes @@ -10489,6 +11751,20 @@ else fi +if test .$enable_linkbeat = .no; then : + + LINKBEAT_SUPPORT=No + CONFIG_OPTIONS="$CONFIG_OPTIONS NO_LINKBEAT" + +else + + LINKBEAT_SUPPORT=Yes + +$as_echo "#define _WITH_LINKBEAT_ 1 " >>confdefs.h + + +fi + SAV_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS $kernelinc" if test ${MACVLAN_SUPPORT} = Yes; then @@ -10515,9 +11791,10 @@ fi fi CPPFLAGS="$SAV_CPPFLAGS" -SAV_CPPFLAGS="$CPPFLAGS" -CPPFLAGS="$CPPFLAGS $kernelinc" if test ${MACVLAN_SUPPORT} = Yes; then + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + # Introduced in Linux 4.3 ac_fn_c_check_decl "$LINENO" "IFLA_VRF_MAX" "ac_cv_have_decl_IFLA_VRF_MAX" " #include @@ -10541,8 +11818,8 @@ $as_echo "#define _HAVE_VRF_ 1 " >>confdefs.h fi + CPPFLAGS="$SAV_CPPFLAGS" fi -CPPFLAGS="$SAV_CPPFLAGS" SNMP_SUPPORT=No SNMP_KEEPALIVED_SUPPORT=No @@ -10667,7 +11944,11 @@ fi NETSNMP_LIBS_AGENT=`${NETSNMP_CONFIG} --netsnmp-agent-libs` NETSNMP_LIBS_EXT=`${NETSNMP_CONFIG} --external-libs` NETSNMP_LIBS="$NETSNMP_LIBS_AGENT $NETSNMP_LIBS_EXT" - NETSNMP_CFLAGS="`${NETSNMP_CONFIG} --base-cflags` -DNETSNMP_NO_INLINE" + NETSNMP_CFLAGS="`${NETSNMP_CONFIG} --base-cflags`" + NETSNMP_CPPFLAGS="-DNETSNMP_NO_INLINE" + + # net-snmp-config can add -I/usr/include, so remove it + NETSNMP_CFLAGS=`echo $NETSNMP_CFLAGS " " | sed -e "s:-I */usr/include ::"` # net-snmp-config adds compiler and linker options that were set at the time # net-snmp was built, and this can include spec files that may not exist @@ -10677,7 +11958,7 @@ fi # For further information, see https://bugzilla.redhat.com/show_bug.cgi?id=1544527 # and the other bugs referred to in it. for spec in `echo $NETSNMP_LIBS | sed -e "s? ?\n?g" | grep "^-specs="`; do - SPEC_FILE=`echo $spec | sed -e "s?^-spaces=??"` + SPEC_FILE=`echo $spec | sed -e "s?^-specs=??"` if test ! -f $SPEC_FILE; then NETSNMP_LIBS=`echo $NETSNMP_LIBS | sed -e "s? *$spec *? ?"` { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Removing $spec from NETSNMP_LIBS since spec file not installed" >&5 @@ -10685,7 +11966,7 @@ $as_echo "$as_me: WARNING: Removing $spec from NETSNMP_LIBS since spec file not fi done for spec in `echo $NETSNMP_CFLAGS | sed -e "s? ?\n?g" | grep "^-specs="`; do - SPEC_FILE=`echo $spec | sed -e "s?^-spaces=??"` + SPEC_FILE=`echo $spec | sed -e "s?^-specs=??"` if test ! -f $SPEC_FILE; then NETSNMP_CFLAGS=`echo $NETSNMP_CFLAGS | sed -e "s? *$spec *? ?"` { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Removing $spec from NETSNMP_CFLAGS since spec file not installed" >&5 @@ -10741,7 +12022,7 @@ done # check for net-snmp headers # Some ancient distributions may miss header SAV_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS $NETSNMP_CFLAGS" + CPPFLAGS="$CPPFLAGS $kernel_inc $NETSNMP_CFLAGS" for ac_header in net-snmp/agent/agent_sysORTable.h net-snmp/agent/snmp_vars.h net-snmp/agent/util_funcs.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` @@ -10764,8 +12045,19 @@ done SNMP_SUPPORT=Yes + + # NETSNMP_CFLAGS can have CPPFLAGS options, so separate them + NETSNMP_CPPFLAGS_XTRA=`echo " $NETSNMP_CFLAGS " | sed -e "s/ / /g" -e "s/ -[^IDU] *-/ -/g" -e "s/ -[^IDU] *[^-][^ ]* / /g" -e "s/ */ /g"` + NETSNMP_CFLAGS=`echo " $NETSNMP_CFLAGS " | sed -e "s/ / /g" -e "s/ -[IDU] *[^ ]* / /g" -e "s/ */ /g"` KA_CFLAGS="$KA_CFLAGS $NETSNMP_CFLAGS" + KA_CPPFLAGS="$KA_CPPFLAGS $NETSNMP_CPPFLAGS $NETSNMP_CPPFLAGS_XTRA" + + # NETSNMP_LIBS may have some LDFLAGS options, so separate them + NETSNMP_LDFLAGS_XTRA=`echo " $NETSNMP_LIBS " | sed -e "s/ / /g" -e "s/ -l *[^ ]* / /g" -e "s/ */ /g" -e "s/ -/ @-/g" | tr "@" "\n" | sed -e "s/^ *//" -e "s/ *$//" | sort -u | tr "\n" " "` + NETSNMP_LIBS=`echo " $NETSNMP_LIBS " | sed -e "s/ / /g" -e "s/ \(-l *[^ ]*\) /@\1@/g" | tr "@" "\n" | grep "^-l" | tr "\n" " " | sed -e "s/ */ /g"` + KA_LDFLAGS="$KA_LDFLAGS $NETSNMP_LDFLAGS $NETSNMP_LDFLAGS_XTRA" KA_LIBS="$KA_LIBS $NETSNMP_LIBS" + if test "$enable_snmp_rfc" = yes; then SNMP_RFCV2_SUPPORT=Yes SNMP_RFCV3_SUPPORT=Yes @@ -10794,8 +12086,12 @@ $as_echo "#define _SNMP_REPLY_V3_FOR_V2_ 1 " >>confdefs.h fi if test "$enable_snmp" = yes; then - SNMP_VRRP_SUPPORT=Yes - SNMP_CHECKER_SUPPORT=Yes + if test ${VRRP_SUPPORT} = Yes; then + SNMP_VRRP_SUPPORT=Yes + fi + if test ${IPVS_SUPPORT} = Yes; then + SNMP_CHECKER_SUPPORT=Yes + fi else if test "$enable_snmp_vrrp" = yes; then SNMP_VRRP_SUPPORT=Yes @@ -10819,7 +12115,6 @@ $as_echo "#define _SNMP_REPLY_V3_FOR_V2_ 1 " >>confdefs.h fi CPPFLAGS="$SAV_CPPFLAGS" - CPPFLAGS="$SAV_CPPFLAGS" CFLAGS="$SAV_CFLAGS" LIBS="$SAV_LIBS" fi @@ -10927,6 +12222,12 @@ else SNMP_REPLY_V3_FOR_V2_FALSE= fi +if test $SNMP_SUPPORT = Yes; then : + SNMP_SERVICE=snmpd.service +else + SNMP_SERVICE= +fi + DBUS_SUPPORT=No DBUS_CREATE_INSTANCE=No @@ -11028,7 +12329,9 @@ $as_echo "#define _WITH_DBUS_ 1 " >>confdefs.h CONFIG_OPTIONS="$CONFIG_OPTIONS DBUS" - CFLAGS="$($PKG_CONFIG --cflags gio-2.0)" + SAV_CFLAGS=$CFLAGS + CFLAGS="$($PKG_CONFIG --cflags gio-2.0)" + SAV_LIBS=$LIBS LIBS="$($PKG_CONFIG --libs gio-2.0)" if test "$cross_compiling" = yes; then : @@ -11063,8 +12366,8 @@ fi $as_echo "#define DBUS_NEED_G_TYPE_INIT 1 " >>confdefs.h fi - LIBS= - CFLAGS= + LIBS=$SAV_LIBS + CFLAGS=$SAV_CFLAGS if test "$enable_dbus_create_instance" = yes; then $as_echo "#define _WITH_DBUS_CREATE_INSTANCE_ 1 " >>confdefs.h @@ -11079,6 +12382,7 @@ else as_fn_error $? "DBUS support requested but libgio-2.0 not found." "$LINENO" 5 fi + unset LIBS fi if test $DBUS_SUPPORT = Yes; then WITH_DBUS_TRUE= @@ -11160,7 +12464,7 @@ else { ac_cv_lib_crypto_SHA1_Init=; unset ac_cv_lib_crypto_SHA1_Init;} SAV_CFLAGS=$CFLAGS - CFLAGS=-fpic + CFLAGS="$CFLAGS -fpic" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SHA1_Init in -lcrypto" >&5 $as_echo_n "checking for SHA1_Init in -lcrypto... " >&6; } if ${ac_cv_lib_crypto_SHA1_Init+:} false; then : @@ -11226,6 +12530,7 @@ else WITH_SHA1_FALSE= fi +unset LIBS SO_MARK_SUPPORT=No if test "${enable_fwmark}" != no; then @@ -11253,7 +12558,6 @@ fi fi SAV_CFLAGS="$CFLAGS" -CFLAGS="$CFLAGS -D_GNU_SOURCE" ac_fn_c_check_decl "$LINENO" "CLONE_NEWNET" "ac_cv_have_decl_CLONE_NEWNET" "#include " if test "x$ac_cv_have_decl_CLONE_NEWNET" = xyes; then : @@ -11277,6 +12581,23 @@ _ACEOF fi done +if test $ac_cv_func_setns = no; then : + + { ac_cv_func_setns=; unset ac_cv_func_setns;} + CFLAGS="$CFLAGS -fPIC" + for ac_func in setns +do : + ac_fn_c_check_func "$LINENO" "setns" "ac_cv_func_setns" +if test "x$ac_cv_func_setns" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SETNS 1 +_ACEOF + +fi +done + + +fi CFLAGS="$SAV_CFLAGS" if test $ac_cv_have_decl_CLONE_NEWNET = yes; then WITH_NAMESPACES_TRUE= @@ -11287,28 +12608,7 @@ else fi -SAV_CFLAGS="$CFLAGS" -CFLAGS="$CFLAGS -D_GNU_SOURCE" -ac_fn_c_check_decl "$LINENO" "SCHED_RR" "ac_cv_have_decl_SCHED_RR" "#include -" -if test "x$ac_cv_have_decl_SCHED_RR" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_SCHED_RR $ac_have_decl -_ACEOF -if test $ac_have_decl = 1; then : - - SCHED_RT_SUPPORT=Yes - -$as_echo "#define _HAVE_SCHED_RT_ 1 " >>confdefs.h - - SYSTEM_OPTIONS="$SYSTEM_OPTIONS SCHED_RT" - - ac_fn_c_check_decl "$LINENO" "RLIMIT_RTTIME" "ac_cv_have_decl_RLIMIT_RTTIME" "#include +ac_fn_c_check_decl "$LINENO" "RLIMIT_RTTIME" "ac_cv_have_decl_RLIMIT_RTTIME" "#include " if test "x$ac_cv_have_decl_RLIMIT_RTTIME" = xyes; then : ac_have_decl=1 @@ -11321,7 +12621,7 @@ cat >>confdefs.h <<_ACEOF _ACEOF - ac_fn_c_check_decl "$LINENO" "SCHED_RESET_ON_FORK" "ac_cv_have_decl_SCHED_RESET_ON_FORK" "#include +ac_fn_c_check_decl "$LINENO" "SCHED_RESET_ON_FORK" "ac_cv_have_decl_SCHED_RESET_ON_FORK" "#include " if test "x$ac_cv_have_decl_SCHED_RESET_ON_FORK" = xyes; then : ac_have_decl=1 @@ -11341,24 +12641,54 @@ $as_echo "#define SCHED_RESET_ON_FORK 0 " >>confdefs.h fi -else +GNU_STD_PATHS=No +if test "${enable_gnu_std_paths}" = "yes"; then - SCHED_RT_SUPPORT=No +$as_echo "#define GNU_STD_PATHS 1 " >>confdefs.h + RUN_DIR=$localstatedir +elif test $RUN_DIR_SPECIFIED = Y -a .${with_run_dir} != .no; then + RUN_DIR=`echo ${with_run_dir} | sed -e "s:/run/*$::"` # Remove a trailing /run - somewill will include it sometime +elif test -d /run; then + RUN_DIR= +else + RUN_DIR=/var fi -CFLAGS="$SAV_CFLAGS" +cat >>confdefs.h <<_ACEOF +#define RUN_DIR_ROOT "${RUN_DIR}" +_ACEOF -GNU_STD_PATHS=No -if test "${enable_gnu_std_paths}" = "yes"; then -$as_echo "#define GNU_STD_PATHS 1 " >>confdefs.h - PID_DIR=$localstatedir +SAV_CFLAGS="$CFLAGS" +CFLAGS="-Wformat -Werror=format $SAV_CPPFLAGS $KA_CPPFLAGS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + int + main(int argc, char **argv) + { + rlim_t val = 23U; + printf("%lu %d %p", val, argc, argv); + + return 0; + } + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +$as_echo "#define PRI_rlim_t \"lu\"" >>confdefs.h + else - PID_DIR=/var -fi +$as_echo "#define PRI_rlim_t \"llu\"" >>confdefs.h + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +CFLAGS="$SAV_CFLAGS" if test -z "$SPHINXBUILD"; then SPHINXBUILDNAME=sphinx-build @@ -11439,21 +12769,21 @@ $as_echo "#define _TIMER_CHECK_ 1 " >>confdefs.h CONFIG_OPTIONS="$CONFIG_OPTIONS TIMER_CHECK" fi -if test "${enable_debug}" = yes; then +if test "${enable_one_process_debug}" = yes; then -$as_echo "#define _DEBUG_ 1 " >>confdefs.h +$as_echo "#define _ONE_PROCESS_DEBUG_ 1 " >>confdefs.h - ENABLE_DEBUG=Yes - CONFIG_OPTIONS="$CONFIG_OPTIONS DEBUG" + ENABLE_ONE_PROCESS_DEBUG=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS ONE_PROCESS_DEBUG" else - ENABLE_DEBUG=No + ENABLE_ONE_PROCESS_DEBUG=No fi - if test $ENABLE_DEBUG = Yes; then - DEBUG_TRUE= - DEBUG_FALSE='#' + if test $ENABLE_ONE_PROCESS_DEBUG = Yes; then + ONE_PROCESS_DEBUG_TRUE= + ONE_PROCESS_DEBUG_FALSE='#' else - DEBUG_TRUE='#' - DEBUG_FALSE= + ONE_PROCESS_DEBUG_TRUE='#' + ONE_PROCESS_DEBUG_FALSE= fi @@ -11545,6 +12875,34 @@ else ENABLE_VRRP_FD_DEBUG=No fi +if test "${enable_network_timestamp}" = yes; then + +$as_echo "#define _NETWORK_TIMESTAMP_ 1 " >>confdefs.h + + ENABLE_NETWORK_TIMESTAMP=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS NETWORK_TIMESTAMP" +else + ENABLE_NETWORK_TIMESTAMP=No +fi + +if test "${enable_asserts}" = yes; then + +$as_echo "#define _ENABLE_ASSERT_ 1 " >>confdefs.h + + ENABLE_ASSERT=Yes + CONFIG_OPTIONS="$CONFIG_OPTIONS ASSERT" +else + ENABLE_ASSERT=No +fi + if test $ENABLE_ASSERT = Yes; then + ASSERTS_TRUE= + ASSERTS_FALSE='#' +else + ASSERTS_TRUE='#' + ASSERTS_FALSE= +fi + + if test "${with_fixed_if_type}"; then if test "${with_fixed_if_type}" = yes -o ${with_fixed_if_type} = no; then as_fn_error $? "An interface type must be specified with --with-fixed-if-type" "$LINENO" 5 @@ -11586,7 +12944,7 @@ else ENABLE_PERF=No fi -if test ${enable_log_file} = yes; then +if test "${enable_log_file}" = yes; then $as_echo "#define ENABLE_LOG_TO_FILE 1 " >>confdefs.h @@ -11594,14 +12952,135 @@ $as_echo "#define ENABLE_LOG_TO_FILE 1 " >>confdefs.h CONFIG_OPTIONS="$CONFIG_OPTIONS FILE_LOGGING" fi -if test ${ENABLE_LOG_FILE_APPEND} = Yes; then +if test "${ENABLE_LOG_FILE_APPEND}" = Yes; then $as_echo "#define ENABLE_LOG_FILE_APPEND 1 " >>confdefs.h CONFIG_OPTIONS="$CONFIG_OPTIONS LOG_FILE_APPEND" fi -if test ${NEED_LIBDL} = Yes; then +ENABLE_EINTR_DEBUG=No +if test .$enable_eintr_debug = .yes; then : + + +$as_echo "#define _EINTR_DEBUG_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS EINTR_DEBUG" + ENABLE_EINTR_DEBUG=Yes + +else + + if test .$ac_cv_func_signalfd != .yes -o .$enable_eintr_debug = .check; then : + + +$as_echo "#define CHECK_EINTR 1 " >>confdefs.h + + if test .$ac_cv_func_signalfd = .yes; then : + CONFIG_OPTIONS="$CONFIG_OPTIONS EINTR_CHECK" +fi + +fi + +fi + +ENABLE_SCRIPT_DEBUG=No +if test .$enable_script_debug = .yes; then : + + +$as_echo "#define _SCRIPT_DEBUG_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS SCRIPT_DEBUG" + ENABLE_SCRIPT_DEBUG=Yes + +fi + +ENABLE_TRACK_PROCESS_DEBUG=No +if test .$enable_track_process_debug = .yes; then : + + +$as_echo "#define _TRACK_PROCESS_DEBUG_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS TRACK_PROCESS_DEBUG" + ENABLE_TRACK_PROCESS_DEBUG=Yes + +fi + +ENABLE_PARSER_DEBUG=No +if test .$enable_parser_debug = .yes; then : + + +$as_echo "#define _PARSER_DEBUG_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS PARSER_DEBUG" + ENABLE_PARSER_DEBUG=Yes + +fi + +ENABLE_CHECKSUM_DEBUG=No +if test .$enable_checksum_debug = .yes; then : + + +$as_echo "#define _CHECKSUM_DEBUG_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS CHECKSUM_DEBUG" + ENABLE_CHECKSUM_DEBUG=Yes + +fi + +ENABLE_GENHASH_DEBUG=No +if test .$enable_genhash_debug = .yes; then : + + +$as_echo "#define _GENHASH_DEBUG_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS GENHASH_DEBUG" + ENABLE_GENHASH_DEBUG=Yes + +fi + +ENABLE_CHECKER_DEBUG=No +if test .$enable_checker_debug = .yes; then : + + +$as_echo "#define _CHECKER_DEBUG_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS CHECKER_DEBUG" + ENABLE_CHECKER_DEBUG=Yes + +fi + +ENABLE_SMTP_CONNECT_DEBUG=No +if test .$enable_smtp_connect_debug = .yes; then : + + +$as_echo "#define _SMTP_CONNECT_DEBUG_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS SMTP_CONNECT_DEBUG" + ENABLE_SMTP_CONNECT_DEBUG=Yes + +fi + +ENABLE_MEM_ERR_DEBUG=No +if test .$enable_mem_err_debug = .yes; then : + + +$as_echo "#define _MEM_ERR_DEBUG_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS MEM_ERR_DEBUG" + ENABLE_MEM_ERR_DEBUG=Yes + +fi + +if test .$enable_dump_keywords = .yes; then : + + +$as_echo "#define _DUMP_KEYWORDS_ 1 " >>confdefs.h + + CONFIG_OPTIONS="$CONFIG_OPTIONS DUMP_KEYWORDS" + +fi + +if test "${NEED_LIBDL}" = Yes; then KA_LIBS="$KA_LIBS -ldl" fi @@ -11717,44 +13196,58 @@ fi INIT_TYPE= -if test -z $init_type; then - /sbin/init --version 2>/dev/null | grep -q upstart - if test $? -eq 0; then - INIT_TYPE=upstart - else - init_path=`which systemctl 2>/dev/null` - if test \( $? -eq 0 -a -x "$init_path" \); then - systemctl | grep -q -- "-\.mount" - if test $? -eq 0; then - INIT_TYPE=systemd - fi - fi - if test \( -z "$INIT_TYPE" -a -f /etc/init.d/networking \); then - init_path=`which openrc-run 2>/dev/null` - if test \( $? -eq 0 -a -x "$init_path" \); then - head -1 /etc/init.d/networking | grep -q "^#! */.*/openrc-run$" - if test $? -eq 0; then - INIT_TYPE=openrc - fi - fi - fi - if test \( -z "$INIT_TYPE" -a -f /etc/init.d/cron -a ! -h /etc/init.d/cron \); then - INIT_TYPE=SYSV - fi - fi -else +if test -n "$init_type"; then : INIT_TYPE=$init_type +elif test -n "$with_systemdsystemunitdir"; then : + INIT_TYPE=systemd +else + + /sbin/init --version 2>/dev/null | grep -q upstart + if test $? -eq 0; then : + INIT_TYPE=upstart +else + + init_path=`which systemctl 2>/dev/null` + if test \( $? -eq 0 -a -x "$init_path" \); then : + + systemctl | grep -q -- "-\.mount" + if test $? -eq 0; then : + INIT_TYPE=systemd +fi + +fi + if test \( -z "$INIT_TYPE" -a -f /etc/init.d/networking \); then : + + init_path=`which openrc-run 2>/dev/null` + if test \( $? -eq 0 -a -x "$init_path" \); then : + + head -1 /etc/init.d/networking | grep -q "^#! */.*/openrc-run$" + if test $? -eq 0; then : + INIT_TYPE=openrc +fi + +fi + +fi + if test \( -z "$INIT_TYPE" -a -f /etc/init.d/cron -a ! -h /etc/init.d/cron \); then : + INIT_TYPE=SYSV +fi + +fi + +fi +if test \( .$INIT_TYPE = .systemd -a -z "$with_systemdsystemunitdir" \); then : + with_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd) fi if test $default_config_file; then : if test $default_config_file = yes -o $default_config_file = no; then : as_fn_error $? "A filename must be specified for default-config-file" "$LINENO" 5 - fi CONFIG_FILE=$default_config_file CONFIG_OPTIONS="$CONFIG_OPTIONS DEFAULT_CONFIG_FILE=${default_config_file}" - ] + else default_config_file="/etc/$PACKAGE/$PACKAGE.conf" fi @@ -11766,7 +13259,7 @@ _ACEOF DEFAULT_CONFIG_FILE=$default_config_file -if test -z $INIT_TYPE; then +if test -z "$INIT_TYPE"; then INIT_TYPE=undetected elif test $INIT_TYPE = systemd; then systemdsystemunitdir=$with_systemdsystemunitdir @@ -11831,6 +13324,18 @@ fi echo +# Tidy up some strings +KA_CPPFLAGS=`echo $KA_CPPFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_CFLAGS=`echo $KA_CFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LDFLAGS=`echo $KA_LDFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LIBS=`echo $KA_LIBS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` + +# Tidy up some strings +KA_CPPFLAGS=`echo $KA_CPPFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_CFLAGS=`echo $KA_CFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LDFLAGS=`echo $KA_LDFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LIBS=`echo $KA_LIBS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` + cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure @@ -11964,6 +13469,14 @@ if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then as_fn_error $? "conditional \"am__fastdepCC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${DEBUG_TRUE}" && test -z "${DEBUG_FALSE}"; then + as_fn_error $? "conditional \"DEBUG\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WITH_STRICT_CONFIG_CHECKS_TRUE}" && test -z "${WITH_STRICT_CONFIG_CHECKS_FALSE}"; then + as_fn_error $? "conditional \"WITH_STRICT_CONFIG_CHECKS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${BUILD_GENHASH_TRUE}" && test -z "${BUILD_GENHASH_FALSE}"; then as_fn_error $? "conditional \"BUILD_GENHASH\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -11980,14 +13493,30 @@ if test -z "${LIBNL_DYNAMIC_TRUE}" && test -z "${LIBNL_DYNAMIC_FALSE}"; then as_fn_error $? "conditional \"LIBNL_DYNAMIC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${LIBIPTC_TRUE}" && test -z "${LIBIPTC_FALSE}"; then - as_fn_error $? "conditional \"LIBIPTC\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi if test -z "${LIBIPSET_TRUE}" && test -z "${LIBIPSET_FALSE}"; then as_fn_error $? "conditional \"LIBIPSET\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${IPTABLES_TRUE}" && test -z "${IPTABLES_FALSE}"; then + as_fn_error $? "conditional \"IPTABLES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBIPTC_DYNAMIC_TRUE}" && test -z "${LIBIPTC_DYNAMIC_FALSE}"; then + as_fn_error $? "conditional \"LIBIPTC_DYNAMIC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBIPSET_DYNAMIC_TRUE}" && test -z "${LIBIPSET_DYNAMIC_FALSE}"; then + as_fn_error $? "conditional \"LIBIPSET_DYNAMIC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${NFTABLES_TRUE}" && test -z "${NFTABLES_FALSE}"; then + as_fn_error $? "conditional \"NFTABLES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${FIREWALL_TRUE}" && test -z "${FIREWALL_FALSE}"; then + as_fn_error $? "conditional \"FIREWALL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${WITH_IPVS_TRUE}" && test -z "${WITH_IPVS_FALSE}"; then as_fn_error $? "conditional \"WITH_IPVS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -12016,6 +13545,10 @@ if test -z "${WITH_BFD_TRUE}" && test -z "${WITH_BFD_FALSE}"; then as_fn_error $? "conditional \"WITH_BFD\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${CN_PROC_TRUE}" && test -z "${CN_PROC_FALSE}"; then + as_fn_error $? "conditional \"CN_PROC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${SOCK_NONBLOCK_TRUE}" && test -z "${SOCK_NONBLOCK_FALSE}"; then as_fn_error $? "conditional \"SOCK_NONBLOCK\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -12076,8 +13609,12 @@ if test -z "${BUILD_DOCS_TRUE}" && test -z "${BUILD_DOCS_FALSE}"; then as_fn_error $? "conditional \"BUILD_DOCS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${DEBUG_TRUE}" && test -z "${DEBUG_FALSE}"; then - as_fn_error $? "conditional \"DEBUG\" was never defined. +if test -z "${ONE_PROCESS_DEBUG_TRUE}" && test -z "${ONE_PROCESS_DEBUG_FALSE}"; then + as_fn_error $? "conditional \"ONE_PROCESS_DEBUG\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ASSERTS_TRUE}" && test -z "${ASSERTS_FALSE}"; then + as_fn_error $? "conditional \"ASSERTS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${PROFILE_TRUE}" && test -z "${PROFILE_FALSE}"; then @@ -12509,7 +14046,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Keepalived $as_me 2.0.10, which was +This file was extended by Keepalived $as_me 2.1.5, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -12569,14 +14106,14 @@ $config_headers Configuration commands: $config_commands -Report bugs to . +Report bugs to . Keepalived home page: ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Keepalived config.status 2.0.10 +Keepalived config.status 2.1.5 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -12706,6 +14243,7 @@ for ac_config_target in $ac_config_targets do case $ac_config_target in "lib/config.h") CONFIG_HEADERS="$CONFIG_HEADERS lib/config.h" ;; + "lib/config_warnings.h") CONFIG_HEADERS="$CONFIG_HEADERS lib/config_warnings.h" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "keepalived/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/Makefile" ;; "lib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/Makefile" ;; @@ -12721,6 +14259,7 @@ do "keepalived/etc/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/etc/Makefile" ;; "keepalived/etc/init/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/etc/init/Makefile" ;; "keepalived/etc/init.d/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/etc/init.d/Makefile" ;; + "keepalived/trackers/Makefile") CONFIG_FILES="$CONFIG_FILES keepalived/trackers/Makefile" ;; "doc/man/man8/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/man8/Makefile" ;; "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; @@ -13450,6 +14989,9 @@ $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi +# Restore lib/config_warnings.h.in +mv ${CONFIG_WARNINGS}.sav ${CONFIG_WARNINGS} + cat < + #include + + int main(int argc, char**argv) + { + struct msghdr msgh = { .msg_controllen = 0 }; + + printf("%zu", msgh.msg_controllen); + } + ]])], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([PRI_MSG_CONTROLLEN], [ "zu" ], [Define to zu if msghdr.msg_controllen is size_t, else u]) + ], [ - AS_IF([test .$enable_dbus_create_instance = .yes], [AC_MSG_ERROR([enable-dbus-create-instance requires enable-dbus])]) + AC_MSG_RESULT([no]) + AC_DEFINE([PRI_MSG_CONTROLLEN], [ "u" ], [Define to zu if msghdr.msg_controllen is size_t, else u]) ]) -AS_IF([test .$enable_lvs = .no], - AS_IF([test .$enable_regex = .yes], [AC_MSG_ERROR([enable-regex requires lvs])]) - AS_IF([test .$enable_libnl_dynamic = .yes], [AC_MSG_ERROR([enable-libnl-dynamic requires lvs])]) - AS_IF([test .$enable_libnl = .no], [AC_MSG_ERROR([disable-libnl requires lvs])]) - AS_IF([test .$enable_lvs_syncd = .no], [AC_MSG_ERROR([disable-lvs-syncd requires lvs])]) - AS_IF([test .$enable_lvs_64bit_stats = .no], [AC_MSG_ERROR([disable-lvs-64bit-stats requires lvs])]) - AS_IF([test .$enable_fwmark = .yes], [AC_MSG_ERROR([enable-fwmark requires lvs])]) +CFLAGS=$SAV_CFLAGS + +dnl -- Check for diagnostic pragmas in functions - GCC 4.6.0 +AC_MSG_CHECKING([diagnostic pragmas in functions]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + int main(int argc, char**argv) + { +_Pragma("GCC diagnostic warning \"-Wall\"") + } + ]])], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([_HAVE_FUNCTION_DIAGNOSTIC_PRAGMAS_], [ 1 ], [Define to 1 if can have _Pragma GCC diagnostic in functions]) + ], + [ + AC_MSG_RESULT([no]) ]) -AS_IF([test .$enable_regex != .yes], - AS_IF([test .$enable_regex_timers = .yes], [AC_MSG_ERROR([enable-regex-timers requires enable-regex])]) - AS_IF([test .$enable_regex_debug = .yes], [AC_MSG_ERROR([enable-regex-debug requires enable-regex])]) +AM_CONDITIONAL([DEBUG], [test .$enable_debug = .yes]) + +dnl -- Check for diagnostic push/pop pragmas - GCC 4.6.0 +AC_MSG_CHECKING([diagnostic push/pop pragmas]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + int main(int argc, char**argv) + { +_Pragma("GCC diagnostic push") + } + ]])], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([_HAVE_DIAGNOSTIC_PUSH_POP_PRAGMAS_], [ 1 ], [Define to 1 if can have _Pragma GCC diagnostic push/pop]) + ], + [ + AC_MSG_RESULT([no]) ]) +dnl - Set up warnings list +AS_IF([test ".$enable_warnings" = .no], + [WARNINGS_ENABLED=$WARNINGS_BASIC], + [WARNINGS_ENABLED="$WARNINGS_BASIC $WARNINGS_STD" + AS_IF([test ".$enable_warnings" != .yes], + [WARN_LIST=`echo $enable_warnings | sed -e "s/-W//g"` + add_to_var([WARNINGS_ENABLED], ["$WARN_LIST"]) + ]) + ] + ) +AS_IF([test .$enable_extra_warnings = .yes], + [add_to_var([WARNINGS_ENABLED], ["$WARNINGS_EXTRA"])]) + if test "$enable_conversion_checks" = yes; then # Check if we can sensibly enable -Wconversion AC_MSG_CHECKING([for usable -Wconversion]) SAV_CFLAGS="$CFLAGS" - CFLAGS="-Wconversion -O2 -Wp,-D_FORTIFY_SOURCE=2 -Werror" + CFLAGS="$CFLAGS -Wconversion -O2 -Wp,-D_FORTIFY_SOURCE=2 -Werror" AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ #include #include @@ -394,7 +592,7 @@ if test "$enable_conversion_checks" = yes; then ]])], [ AC_MSG_RESULT([yes]) - add_to_var([KA_CFLAGS], [-Wconversion]) + add_to_var([WARNINGS_ENABLED], [conversion]) ], [ AC_MSG_RESULT([no]) @@ -402,28 +600,91 @@ if test "$enable_conversion_checks" = yes; then ]) CFLAGS="$SAV_CFLAGS" elif test "$enable_force_conversion_checks" = yes; then - add_to_var([KA_CFLAGS], [-Wconversion]) + add_to_var([WARNINGS_ENABLED], [conversion]) fi if test "$enable_Werror" = yes; then - add_to_var([KA_CFLAGS], [-Werror]) + add_to_var([WARNINGS_ENABLED], [error]) fi -AC_MSG_CHECKING([for -Wimplicit-fallthrough]) +CONFIG_WARNINGS=lib/config_warnings.h.in + +# Save (or restore) lib/config_warnings.h.in +AS_IF([test ! -f ${CONFIG_WARNINGS}.sav], + [cp -p ${CONFIG_WARNINGS} ${CONFIG_WARNINGS}.sav], + [cp -p ${CONFIG_WARNINGS}.sav ${CONFIG_WARNINGS}]) + SAV_CFLAGS="$CFLAGS" -CFLAGS="-Wimplicit-fallthrough=3" -AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ - int main(int argc, char**argv) - { - } - ]])], - [ - AC_MSG_RESULT([yes]) - add_to_var([KA_CFLAGS], [-Wimplicit-fallthrough=3]) - ], - [ - AC_MSG_RESULT([no]) - ]) +for WARN in $WARNINGS_ENABLED +do + AC_MSG_CHECKING([for -W$WARN]) + CFLAGS="$SAV_CFLAGS -W$WARN" + + WARN_VAR=_HAVE_WARNING_`echo $WARN | tr "a-z=-" "A-Z__"`_ + LOCAL_WARN_VAR=HAVE_WARNING_`echo $WARN | sed -e "s/=.*//" | tr "a-z-" "A-Z_"` + grep -q "^#undef $WARN_VAR$" $CONFIG_WARNINGS + AS_IF([test $? -ne 0], + [echo -e "\n/* Define to 1 if -W$WARN in use */\n#undef $WARN_VAR" >>$CONFIG_WARNINGS] + ) + + test `echo $WARN | grep "=[[0-9]][[0-9]]*$"` + AS_IF([test $? -eq 0], + [ WARN_SHORT=`echo $WARN | sed -e 's/=[[0-9]][[0-9]]*$//'` + WARN_VAR_SHORT=_HAVE_WARNING_`echo $WARN_SHORT | tr "a-z=-" "A-Z__"`_ + grep -q "^#undef $WARN_VAR_SHORT$" $CONFIG_WARNINGS + AS_IF([test $? -ne 0], + [echo -e "\n/* Define to 1 if -W$WARN_SHORT in use */\n#undef $WARN_VAR_SHORT" >>$CONFIG_WARNINGS] + ) + ], + [ unset WARN_VAR_SHORT ] + ) + + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + int main(int argc, char**argv) + { + } + ]])], + [ + # gcc 9 removed -Wchkp and doesn't error if it is specified, + # but rather outputs: + # warning: switch '-Wchkp' is no longer supported + # so check for the warning. + touch conftest.err + grep -q "is no longer supported" conftest.err + AS_IF([test $? -ne 0], + [ + AC_MSG_RESULT([yes]) + eval $LOCAL_WARN_VAR=yes + add_to_var([KA_CFLAGS], [-W$WARN]) + AC_DEFINE_UNQUOTED([$WARN_VAR], [ 1 ]) + AS_IF([test -z "$WARN_VAR_SHORT"], [], + [AC_DEFINE_UNQUOTED([$WARN_VAR_SHORT], [ 1 ])] + ) + ], + [ + AC_MSG_RESULT([no]) + eval $LOCAL_WARN_VAR=no + ]) + ], + [ + AC_MSG_RESULT([no]) + eval $LOCAL_WARN_VAR=no + ]) +done +AS_IF([test .$HAVE_WARNING_STRICT_OVERFLOW = .yes], + [ + # The following is not supported in gcc 5.4.0 + CFLAGS="$CFLAGS -Werror" + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + _Pragma("GCC diagnostic warning \"-Wstrict-overflow=1\"") + int main(int argc, char**argv) + { + } + ]])], + [AC_DEFINE([_HAVE_PRAGMA_WARN_STRICT_OVERFLOW_1_], [ 1 ], [Define to 1 if _Pragma("GCC diagnostic warning \"-Wstrict-overflow=1\"") supported]) + ]) + ] + ) CFLAGS="$SAV_CFLAGS" dnl ---- [ Do we want stricter configuration checking? ] ---- @@ -433,12 +694,17 @@ if test "$enable_strict_config_checks" = yes; then STRICT_CONFIG=Yes add_config_opt([STRICT_CONFIG]) fi +AM_CONDITIONAL([WITH_STRICT_CONFIG_CHECKS], [test $STRICT_CONFIG = Yes]) if test "$enable_hardening" != no; then AC_MSG_CHECKING([for PIE support]) SAV_CFLAGS="$CFLAGS" SAV_LDFLAGS="$LDFLAGS" CFLAGS="$CFLAGS -fPIE" + if test "${enable_profile}" = yes; then + # RHEL 7 and others have a problem with profiling with PIE + CFLAGS="$CFLAGS -pg" + fi LDFLAGS="$LDFLAGS -pie" AC_LINK_IFELSE([AC_LANG_SOURCE([[ int main(int argc, char **argv) @@ -485,18 +751,17 @@ if test "$enable_hardening" != no; then int i = 0; } ]])], - ( + [ AC_MSG_RESULT([yes]) - [WL_FLAGS="$WL_FLAGS,$FLAG"] - ), - ( - [AC_MSG_RESULT([no])] - ) + WL_FLAGS="$WL_FLAGS -Wl,$FLAG" + ], + [AC_MSG_RESULT([no])] ) CFLAGS=$SAV_CFLAGS + LDFLAGS=$SAV_LDFLAGS done if test -n "$WL_FLAGS"; then - add_to_var([KA_LDFLAGS], [-Wl$WL_FLAGS]) + add_to_var([KA_LDFLAGS], [$WL_FLAGS]) fi fi @@ -506,7 +771,7 @@ AS_IF([test "$enable_optimise" = no], [optimise_level=0]) AS_IF([test "$optimise_level" -eq 0], [ echo $KA_CFLAGS | $GREP -q -- "-D_FORTIFY_SOURCE=[[^0]]" - AS_IF([test $ret -eq 0], [AC_MSG_WARN([--disable-optimise requires --disable-hardening])]) + AS_IF([test $? -eq 0], [AC_MSG_WARN([--disable-optimise requires --disable-hardening])]) ]) FLAG="-O$optimise_level" AC_MSG_CHECKING([for $FLAG support]) @@ -528,6 +793,57 @@ AC_SUBST(KA_LDFLAGS) AC_SUBST(KA_LIBS) # AC_SUBST(KA_LIBTOOLFLAGS) +# Check if unaligned memory access is supported (for ARM not supported prior to ARMv6 processors) +AC_MSG_CHECKING([for unaligned memory access]) +AC_RUN_IFELSE( + [ + AC_LANG_PROGRAM( + [[ + #include + #include + + #if __BYTE_ORDER == __BIG_ENDIAN + #if ULONG_MAX == 0xffffffffffffffffUL + #define CHK_VAL 0x1234567890abcdefUL + #elif ULONG_MAX == 0xffffffffUL + #define CHK_VAL 0x12345678UL + #else + #define CHK_VAL 0x1234UL + #endif + #elif __BYTE_ORDER == __LITTLE_ENDIAN + #if ULONG_MAX == 0xffffffffffffffffUL + #define CHK_VAL 0xefcdab9078563412UL + #elif ULONG_MAX == 0xffffffffUL + #define CHK_VAL 0x78563412UL + #else + #define CHK_VAL 0x3412UL + #endif + #else + #error Neither big nor little endian - unsupported + #endif + ]], + [[ + unsigned long arr[2] = { 0, 0 }; + unsigned char *p = (unsigned char *)arr + 1; + unsigned i; + + *(unsigned long *)p = CHK_VAL; + + return !!(arr[0] == CHK_VAL || p[0] != 0x12 || p[1] != 0x34 || p[2] != 0x56); + ]] + ) + ], + [AC_MSG_RESULT([yes])], + [ + AC_MSG_RESULT([no]) + AC_DEFINE([_NO_UNALIGNED_ACCESS_], [ 1 ], [Define to 1 if unaligned memory access not supported]) + ], + [ + AC_MSG_RESULT([unknown]) + AC_MSG_WARN([Cannot determine if unaligned access supported. Assuming yes.]) + ] + ) + # Checks for libraries. dnl clock_gettime() required -lt before glibc 2.17 AC_MSG_CHECKING([for clock_gettime() requires -lrt]) @@ -543,22 +859,22 @@ AC_LINK_IFELSE([AC_LANG_SOURCE([[ ]])], [AC_MSG_RESULT([no])], [ - SAV_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS -lrt" + SAV_LIBS="$LIBS" + LIBS="$LIBS -lrt" AC_LINK_IFELSE([AC_LANG_SOURCE([[ #include int main(int argc, char **argv) { - int i; - struct timespec ts; + int i; + struct timespec ts; - i = clock_gettime(CLOCK_MONOTONIC, &ts); + i = clock_gettime(CLOCK_MONOTONIC, &ts); } ]])], [AC_MSG_RESULT([yes])] - add_to_var([KA_LIBS], [-lrt]), + add_to_var([KA_LIBS], [-lrt]), [AC_MSG_ERROR([clock_gettime() not supported])]) - LDFLAGS=$SAV_LDFLAGS + LIBS=$SAV_LIBS ]) # Checks for header files. @@ -594,6 +910,24 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ ], [AC_MSG_ERROR([Missing/unusable kernel header file ])], [[#include ]])]) +dnl -- Does linux/errqueue.h need sys/time.h? +AC_MSG_CHECKING([linux/errqueue.h needs sys/time.h]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #include + + int main(int argc, char**argv) + { + } + ]])], + [ + AC_MSG_RESULT([no]) + ], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([ERRQUEUE_NEEDS_SYS_TIME], [ 1 ], [Define to 1 if linux/errqueue.h needs sys/time.h]) + ]) + AC_CHECK_HEADERS([asm/types.h linux/ethtool.h linux/icmpv6.h linux/if_ether.h linux/if_packet.h linux/ip.h linux/sockios.h linux/types.h], [], [AC_MSG_ERROR([Missing/unusable kernel header file <$ac_header>])]) AC_CHECK_HEADERS([linux/fib_rules.h linux/if_addr.h linux/if_link.h], @@ -618,9 +952,13 @@ AC_C_CONST # Checks for library functions. AC_FUNC_FORK -AC_FUNC_MALLOC -AC_FUNC_REALLOC -AC_CHECK_FUNCS([dup2 getcwd gettimeofday memmove memset select setenv socket strcasecmp strchr strdup strerror strpbrk strstr strtol strtoul uname]) +# We don't want the following two, since autoconf, if malloc(0) returns NULL, refines malloc as rpl_malloc +# and we have to provide our own rpl_malloc() and likewise rpl_realloc() functions. +# keepalived doesn't do 0 length malloc()s so it is not an issue. +# We add malloc and realloc to AC_CHECK_FUNCS instead. +#AC_FUNC_MALLOC +#AC_FUNC_REALLOC +AC_CHECK_FUNCS([dup2 getcwd gettimeofday malloc memmove memset realloc select setenv socket strcasecmp strchr strdup strerror strpbrk strstr strtol strtoul uname]) dnl - pipe2() since Linux 2.6.27 and glibc 2.9. AC_CHECK_FUNCS([pipe2], [add_system_opt([PIPE2])]) dnl - signalfd() since Linux 2.6.22 and glibc 2.8 @@ -661,6 +999,7 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ main(int argc, char **argv) { int val = test_func(3); + return val; } ]])], [], @@ -675,6 +1014,7 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ main(int argc, char **argv) { int val = test_func(3); + return val; } ]])], [AC_DEFINE([__always_inline], [__inline __attribute__ ((__always_inline__))], [Define __always_inline if libc does not define it])], @@ -682,36 +1022,17 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ )]) CFLAGS="$SAV_CFLAGS" -dnl - Check type of rlim_t for printf() -SAV_CFLAGS="$CFLAGS" -CFLAGS="$CFLAGS -Wformat -Werror" -AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ - #include - #include - int - main(int argc, char **argv) - { - rlim_t val = 23U; - printf("%llu", val); - } - ]])], - [AC_DEFINE([PRI_rlim_t], ["llu"], [Define printf format specifier for rlim_t])], - [AC_DEFINE([PRI_rlim_t], ["lu"], [Define printf format specifier for rlim_t])], - ) -CFLAGS="$SAV_CFLAGS" - dnl - Do we want to override dynamic/static linking? AS_IF([test "$enable_dynamic_linking"], [ AS_IF([test .$enable_vrrp != .no], [ - enable_libiptc_dynamic=$enable_dynamic_linking - enable_libipset_dynamic=$enable_dynamic_linking - enable_libxtables_dynamic=$enable_dynamic_linking + enable_libiptc_dynamic=$enable_dynamic_linking + enable_libipset_dynamic=$enable_dynamic_linking ]) - AS_IF([test .$enable_vrrp != .no], + AS_IF([test .$enable_lvs != .no], [ - enable_libnl_dynamic=$enable_dynamic_linking + enable_libnl_dynamic=$enable_dynamic_linking ]) ]) @@ -792,6 +1113,7 @@ if test $NEED_SSL = yes; then add_to_var([KA_LIBS], [$LIBS]) fi add_to_var([GENHASH_LIBS], [$LIBS]) +unset LIBS # Introduced in OpenSSL ver 0.9.9 LIBS=$OPENSSL_LIBS @@ -813,12 +1135,40 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ # SSL_CTX_set_verify_depth() introduced OpenSSL v0.9.5a AC_CHECK_FUNCS([SSL_CTX_set_verify_depth]) -# SSL_set0_rbio(), SSL_set0_wbio() and OPENSSL_init_crypto() introduced OpenSSL v1.1.0 -AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto]) - -# TLS_method() introduced OpenSSL v1.1.0 -AC_CHECK_FUNCS([TLS_method]) +# SSL_set0_rbio(), SSL_set0_wbio() OPENSSL_init_crypto() and TLS_method() introduced OpenSSL v1.1.0 +AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto TLS_method]) +# In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with +# OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b. +AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes], + [ + AS_IF([test .$ac_cv_func_TLS_method = .yes], [method_func=TLS_method], [method_func=SSLv23_method]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM( + [[#include ]], + [[ + const SSL_METHOD *meth; + SSL_CTX *ctx; + + if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)) + return 1; + + /* Initialize SSL context */ + meth = $method_func(); + if (!(ctx = SSL_CTX_new(meth))) + return 1; + return 0; + ]])], + [openssl_init_no_load_bug=0], + [openssl_init_no_load_bug=1], + [ + AC_MSG_WARN([Cannot determine if need to OPENSSL_init_crypto() problem. Assuming yes for safety.]) + openssl_init_no_load_bug=1 + ] + ) + AS_IF([test $openssl_init_no_load_bug -eq 1], + [AC_DEFINE([HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG], [ 1 ], [Define to 1 if OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG) bug)])]) + ]) unset LIBS if test $BUILD_GENHASH = No; then @@ -833,7 +1183,7 @@ IPV4_DEVCONF=No if test .$enable_vrrp != .no; then dnl ----[Check have IPV4_DEVCONF defines - since Linux 3.11]---- SAV_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="$CPP_FLAGS $kernelinc" + CPPFLAGS="$CPPFLAGS $kernelinc" IPV4_DEVCONF=Yes AC_CHECK_DECLS([ IPV4_DEVCONF_ARP_IGNORE, @@ -854,6 +1204,16 @@ if test .$enable_vrrp != .no; then CPPFLAGS="$SAV_CPPFLAGS" fi +dnl ----[ Check for IPv6 Advanced API (RFC3542) - since Linux 2.6.14 ]---- +IPV6_ADVANCED_API=No +AC_CHECK_DECLS([ + IPV6_RECVHOPLIMIT, + IPV6_RECVPKTINFO], + [IPV6_ADVANCED_API=Yes], + [], + [[#include ]]) +AS_IF([test $IPV6_ADVANCED_API = Yes], [add_system_opt([IPV6_ADVANCED_API])]) + dnl ----[ Checks for libraries ]---- NETLINK_VER=0 IPVS_USE_NL=No @@ -863,12 +1223,25 @@ if test .$enable_lvs != .no -a .${enable_libnl} != .no; then add_pkg_config([libnl-3.0], [NL3], [remove-requires]) AC_CHECK_LIB($NL3_LIB_NAMES, nl_socket_alloc, [ - NETLINK_VER=3 - NEED_NL3=No + NETLINK_VER=3 + + AC_DEFINE([_HAVE_LIBNL3_], [ 1 ], [Define to 1 if using libnl-3]) + add_system_opt([LIBNL3]) + if test .$enable_libnl_dynamic = .yes; then + add_system_opt([LIBNL_DYNAMIC]) + add_pkg_config_without_libs([libnl-3.0]) + AC_DEFINE([_LIBNL_DYNAMIC_], [ 1 ], [Define to 1 if building with libnl dynamic linking]) + NEED_LIBDL=Yes + get_lib_name([$NL3_LIB_NAMES], [nl_socket_alloc]) + AC_DEFINE_UNQUOTED([NL3_LIB_NAME], [ "$LIB_NAME" ], [Define the nl-3 library name]) + else + add_pkg_config([libnl-3.0]) + fi add_pkg_config([libnl-genl-3.0], [GENL], [remove-requires]) AC_CHECK_LIB($GENL_LIB_NAMES, genl_connect, [], - [AC_MSG_ERROR([libnl-3 is installed but not libnl-gen-3. Please, install libnl-gen-3/libnl-genl-3.])]) + [AC_MSG_ERROR([libnl-3 is installed but not libnl-gen-3. Please, install libnl-gen-3/libnl-genl-3.])], + [$NL3_LIBS]) IPVS_USE_NL=Yes if test .$enable_libnl_dynamic = .yes; then add_pkg_config_without_libs([libnl-genl-3.0]) @@ -877,22 +1250,6 @@ if test .$enable_lvs != .no -a .${enable_libnl} != .no; then else add_pkg_config([libnl-genl-3.0]) fi - NEED_NL3=Yes - - if test $NEED_NL3 = Yes; then - AC_DEFINE([_HAVE_LIBNL3_], [ 1 ], [Define to 1 if using libnl-3]) - add_system_opt([LIBNL3]) - if test .$enable_libnl_dynamic = .yes; then - add_system_opt([LIBNL_DYNAMIC]) - add_pkg_config_without_libs([libnl-3.0]) - AC_DEFINE([_LIBNL_DYNAMIC_], [ 1 ], [Define to 1 if building with libnl dynamic linking]) - NEED_LIBDL=Yes - get_lib_name([$NL3_LIB_NAMES], [nl_socket_alloc]) - AC_DEFINE_UNQUOTED([NL3_LIB_NAME], [ "$LIB_NAME" ], [Define the nl-3 library name]) - else - add_pkg_config([libnl-3.0]) - fi - fi ], []) fi @@ -920,7 +1277,7 @@ if test .$enable_lvs != .no -a .${enable_libnl} != .no; then if test $NETLINK_VER -ne 0; then SAV_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="$SAV_CPPFLAGS $NL3_CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernel_inc $NL3_CPPFLAGS" AC_CHECK_HEADERS([netlink/netlink.h], [], [AC_MSG_ERROR([netlink headers missing])]) AC_CHECK_HEADERS([netlink/genl/ctrl.h netlink/genl/genl.h], [], [AC_MSG_ERROR([netlink genl headers missing])]) CPPFLAGS="$SAV_CPPFLAGS" @@ -929,6 +1286,7 @@ fi AM_CONDITIONAL([LIBNL1], [test $NETLINK_VER -eq 1]) AM_CONDITIONAL([LIBNL3], [test $NETLINK_VER -eq 3]) AM_CONDITIONAL([LIBNL_DYNAMIC], [test .$enable_lvs != .no -a .$enable_libnl_dynamic = .yes -a $NETLINK_VER -ne 0]) +unset LIBS AC_CHECK_LIB(magic, magic_open, [ @@ -987,7 +1345,7 @@ AC_CHECK_DECLS([IP_MULTICAST_ALL], # due to conflicting definitions AC_LINK_IFELSE( [ - AC_LANG_SOURCE( + AC_LANG_SOURCE( [[ #include int main(int argc, char **argv) @@ -998,19 +1356,19 @@ AC_CHECK_DECLS([IP_MULTICAST_ALL], ], [], [ - # No - netinet/in.h doesn't have IP_MULTICAST_ALL + # No - netinet/in.h doesn't have IP_MULTICAST_ALL # Build a program that will output the value of the kernel's IP_MULTICAST_ALL - AC_LINK_IFELSE( + AC_LINK_IFELSE( [ AC_LANG_SOURCE( [[ - #include - #include - #include - int main(int argc, char **argv) - { - printf("%d\n", IP_MULTICAST_ALL); - } + #include + #include + #include + int main(int argc, char **argv) + { + printf("%d\n", IP_MULTICAST_ALL); + } ]]) ], [ @@ -1028,232 +1386,341 @@ AC_CHECK_DECLS([IP_MULTICAST_ALL], ]]) dnl -- RedHat backported ENCAP_IP and ENCAP_IP6 without MPLS and ILA -AC_CHECK_DECLS([LWTUNNEL_ENCAP_MPLS, LWTUNNEL_ENCAP_ILA], [], [], - [[#include ]]) -if test ${ac_cv_have_decl_RTA_ENCAP}; then - for flag in LWTUNNEL_ENCAP_MPLS LWTUNNEL_ENCAP_ILA; do - AS_VAR_COPY([decl_var], [ac_cv_have_decl_$flag]) - if test ${decl_var} = yes; then - add_system_opt[${flag}] - fi - done -fi +AS_IF([test $ac_cv_have_decl_RTA_ENCAP = yes], + [ + AC_CHECK_DECLS([LWTUNNEL_ENCAP_MPLS, LWTUNNEL_ENCAP_ILA], [], [], + [[#include ]]) + for flag in LWTUNNEL_ENCAP_MPLS LWTUNNEL_ENCAP_ILA; do + AS_VAR_COPY([decl_var], [ac_cv_have_decl_$flag]) + if test ${decl_var} = yes; then + add_system_opt([${flag}]) + fi + done + ]) dnl ----[Check for iptables libraries]---- -USE_LIBIPTC=No +USE_IPTABLES=No USE_LIBIPSET=No -if test .${enable_libiptc} != .no -a .$enable_vrrp != .no; then - USE_LIBIPTC=Yes - dnl -- linux/netfilter/x_tables.h since Linux 2.6.16 - SAV_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS $kernelinc" - AC_CHECK_HEADERS([linux/netfilter/x_tables.h xtables.h libiptc/libip6tc.h libiptc/libiptc.h libiptc/libxtc.h], [], - [ - USE_LIBIPTC=No - break - ]) - CPPFLAGS="$SAV_CPPFLAGS" - - if test $USE_LIBIPTC = Yes; then - add_pkg_config([--static libiptc], [IPTC]) - LIBS="$IPTC_LIBS" +AS_IF([test .$enable_iptables != .no], + [ + USE_IPTABLES=Yes + dnl -- linux/netfilter/x_tables.h since Linux 2.6.16 SAV_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS $kernelinc" - AC_CHECK_LIB(iptc, iptc_init, + AC_CHECK_HEADERS([linux/netfilter/x_tables.h libiptc/libip6tc.h libiptc/libiptc.h libiptc/libxtc.h], [], [ - AC_DEFINE([_HAVE_LIBIPTC_], [ 1 ], [Define to 1 if have iptables libraries]) - add_system_opt([LIBIPTC]) - if test .${enable_libiptc_dynamic} != .yes; then - add_pkg_config([--static libiptc]) - dnl - Older versions of libiptc produced a requirement for -liptc, but we don't need it - KA_LIBS=`echo $KA_LIBS | sed -e "s/ -liptc//"` - dnl - Even older versions of libiptc don't produce any requirement other than -liptc - IPTC_LIBS=`echo $IPTC_LIBS | sed -e "s/ *-L[[^ ]]* */ /" -e "s/ *-liptc */ /" -e "s/^ *$//"` - if test ".$IPTC_LIBS" = .; then - KA_LIBS=`echo $KA_LIBS -lip4tc -lip6tc` - fi - else - add_pkg_config_without_libs([libiptc]) - add_config_opt([LIBIPTC_DYNAMIC]) - AC_DEFINE([_LIBIPTC_DYNAMIC_], [ 1 ], [Define to 1 if building with libiptc dynamic linking]) - NEED_LIBDL=Yes - get_lib_name([ip4tc], [iptc_init]) - AC_DEFINE_UNQUOTED([IP4TC_LIB_NAME], [ "$LIB_NAME" ], [Define the ip4tc library name]) - get_lib_name([ip6tc], [ip6tc_init]) - AC_DEFINE_UNQUOTED([IP6TC_LIB_NAME], [ "$LIB_NAME" ], [Define the ip6tc library name]) - fi - ], - [USE_LIBIPTC=No]) + USE_IPTABLES=No + break + ]) CPPFLAGS="$SAV_CPPFLAGS" - fi - if test $USE_LIBIPTC = Yes; then - if test .$enable_libxtables_dynamic != .yes; then - add_pkg_config([xtables]) - else - add_pkg_config_without_libs([xtables]) - AC_DEFINE([_LIBXTABLES_DYNAMIC_], [ 1 ], [Define to 1 if building with libxtables dynamic linking]) - add_config_opt([XTABLES_DYNAMIC]) - NEED_LIBDL=Yes - get_lib_name([xtables], [xtables_insmod]) - AC_DEFINE_UNQUOTED([XTABLES_LIB_NAME], [ "$LIB_NAME" ], [Define the xtables library name]) - fi + if test $USE_IPTABLES = Yes; then + PKG_CONFIG_IP4TC=Yes + $PKG_CONFIG --exists libip4tc + AS_IF([test $? -eq 0], + [ + add_pkg_config([--static libip4tc], [IP4TC], [remove-requires]) + add_pkg_config([--static libip6tc], [IP6TC], [remove-requires]) + IPTC_LIBS="$IP4TC_LIBS $IP6TC_LIBS" + IPTC_LIB_NAMES="$IP4TC_LIB_NAMES $IP6TC_LIB_NAMES" + ], + [ + PKG_CONFIG_IP4TC=No + add_pkg_config([--static libiptc], [IPTC], [remove-requires]) + ]) - dnl ----[Check for ipset libraries]---- - SAV_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS $kernelinc" - if test "${enable_libipset}" != no; then - $PKG_CONFIG --exists libipset - if test $? -eq 0; then - add_pkg_config([libipset], [IPSET]) - else - IPSET_LIBS="-lipset" - fi - SAV_LIBS=$LIBS - LIBS="$IPTC_LIBS $IPSET_LIBS" + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" - AC_CHECK_LIB(ipset, ipset_session_init, + AC_SEARCH_LIBS(iptc_init, $IPTC_LIB_NAMES, [ - USE_LIBIPSET=Yes - AC_CHECK_HEADERS([libipset/data.h libipset/linux_ip_set.h libipset/session.h libipset/types.h], [], - [ - USE_LIBIPSET=No - break - ]) - - if test $USE_LIBIPSET = Yes; then - AC_CHECK_LIB(xtables, xtables_insmod, [], [USE_LIBIPSET=No]) + if test .${enable_libiptc_dynamic} != .yes; then + AS_IF([test $PKG_CONFIG_IP4TC = Yes], + [ + add_pkg_config([--static libip4tc]) + add_pkg_config([--static libip6tc]) + ], + [add_pkg_config([--static libiptc])]) + + dnl - Older versions of libiptc produced a requirement for -liptc, but we don't need it + KA_LIBS=`echo $KA_LIBS | sed -e "s/ -liptc//"` + dnl - Even older versions of libiptc don't produce any requirement other than -liptc + IPTC_LIBS=`echo $IPTC_LIBS | sed -e "s/ *-L[[^ ]]* */ /" -e "s/ *-liptc */ /" -e "s/^ *$//"` + if test ".$IPTC_LIBS" = .; then + KA_LIBS="$KA_LIBS -lip4tc -lip6tc" + fi + else + AS_IF([test $PKG_CONFIG_IP4TC = Yes], + [ + add_pkg_config_without_libs([libip4tc]) + add_pkg_config_without_libs([libip6tc]) + ], + [ + add_pkg_config_without_libs([libiptc]) + ]) + add_config_opt([LIBIPTC_DYNAMIC]) + AC_DEFINE([_LIBIPTC_DYNAMIC_], [ 1 ], [Define to 1 if building with libiptc dynamic linking]) + NEED_LIBDL=Yes + AC_SEARCH_LIBS(ip6tc_init, $IPTC_LIB_NAMES) + IP4TC_NAME=`echo $ac_cv_search_iptc_init | sed -e "s/-l//"` + IP6TC_NAME=`echo $ac_cv_search_ip6tc_init | sed -e "s/-l//"` + get_lib_name([$IP4TC_NAME], [iptc_init]) + AC_DEFINE_UNQUOTED([IP4TC_LIB_NAME], [ "$LIB_NAME" ], [Define the ip4tc library name]) + get_lib_name([$IP6TC_NAME], [ip6tc_init]) + AC_DEFINE_UNQUOTED([IP6TC_LIB_NAME], [ "$LIB_NAME" ], [Define the ip6tc library name]) + LIBIPTC_DYNAMIC=Yes fi + ], + [USE_IPTABLES=No]) + CPPFLAGS="$SAV_CPPFLAGS" + fi - if test $USE_LIBIPSET = Yes; then - dnl -- Need to use for prior to Linux 3.4 - EXTRA_INCLUDE= - AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ - #include - ]])], - [AC_CHECK_HEADERS([linux/netfilter/xt_set.h], [], [USE_LIBIPSET=No], [])], - [AC_CHECK_HEADER([linux/netfilter/xt_set.h], - [ - AC_DEFINE([USE_LIBIPSET_LINUX_IP_SET_H], [ 1 ], [Define to 1 if needs ]) - EXTRA_INCLUDE="#include " - ], [USE_LIBIPSET=No], - [[#include ]]) - ] - ) - fi + if test $USE_IPTABLES = Yes; then + dnl ----[Check for ipset libraries]---- + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + if test "${enable_libipset}" != no; then + $PKG_CONFIG --exists libipset + if test $? -eq 0; then + add_pkg_config([libipset], [IPSET], [remove-requires]) + else + IPSET_LIBS="-lipset" + IPSET_LIB_NAMES=ipset + fi + SAV_LIBS=$LIBS + + AC_SEARCH_LIBS(ipset_session_init, $IPSET_LIB_NAMES, + [ + USE_LIBIPSET=Yes + AC_CHECK_HEADERS([libipset/data.h libipset/linux_ip_set.h libipset/session.h libipset/types.h], [], + [ + USE_LIBIPSET=No + break + ]) + + if test $USE_LIBIPSET = Yes; then + dnl -- Need to use for prior to Linux 3.4 + EXTRA_INCLUDE= + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + ]])], + [AC_CHECK_HEADERS([linux/netfilter/xt_set.h], [], [USE_LIBIPSET=No], [])], + [AC_CHECK_HEADER([linux/netfilter/xt_set.h], + [ + AC_DEFINE([USE_LIBIPSET_LINUX_IP_SET_H], [ 1 ], [Define to 1 if needs ]) + EXTRA_INCLUDE="#include " + ], [USE_LIBIPSET=No], + [[#include ]]) + ] + ) + fi - if test $USE_LIBIPSET = Yes; then - AC_DEFINE([_HAVE_LIBIPSET_], [ 1 ], [Define to 1 if have ipset library]) - $PKG_CONFIG --exists libipset - if test $? -eq 0; then - if test .${enable_libipset_dynamic} = .no; then - add_pkg_config([libipset]) + if test $USE_LIBIPSET = Yes; then + AC_DEFINE([_HAVE_LIBIPSET_], [ 1 ], [Define to 1 if have ipset library]) + $PKG_CONFIG --exists libipset + if test $? -eq 0; then + if test .${enable_libipset_dynamic} = .no; then + add_pkg_config([libipset]) + else + add_pkg_config_without_libs([libipset]) + fi + elif test .${enable_libipset_dynamic} = .no; then + add_to_var([KA_LIBS], [$ac_cv_search_ipset_session_init]) + fi + if test .${enable_libipset_dynamic} != .no; then + AC_DEFINE([_LIBIPSET_DYNAMIC_], [ 1 ], [Define to 1 if building with libipset dynamic linking]) + add_config_opt([LIBIPSET_DYNAMIC]) + NEED_LIBDL=Yes + LIBIPSET_NAME=`echo $ac_cv_search_ipset_session_init | sed -e "s/-l//"` + get_lib_name([$LIBIPSET_NAME], [ipset_session_init]) + AC_DEFINE_UNQUOTED([IPSET_LIB_NAME], [ "$LIB_NAME" ], [Define the ipset library name]) else - add_pkg_config_without_libs([libipset]) + add_config_opt([LIBIPSET]) fi - elif test .${enable_libipset_dynamic} = .no; then - add_to_var([KA_LIBS], [-lipset]) + + dnl -- xt_set_info_match first introduced in Linux 2.6.39 (initial implementation of ipsets) + dnl -- xt_set_info_match_v1 declared since Linux 3.1 + AC_CHECK_MEMBER([struct xt_set_info_match_v1.match_set.index], [AC_DEFINE([HAVE_XT_SET_INFO_MATCH_V1], [ 1 ], [Define to 1 if have struct xt_set_info_match_v1])], [], + [ + $EXTRA_INCLUDE + #include + ]) + dnl -- xt_set_info_match_v3 declared since Linux 3.10 + AC_CHECK_MEMBER([struct xt_set_info_match_v3.match_set.index], [AC_DEFINE([HAVE_XT_SET_INFO_MATCH_V3], [ 1 ], [Define to 1 if have struct xt_set_info_match_v3])], [], + [ + $EXTRA_INCLUDE + #include + ]) + dnl -- xt_set_info_match_v4 declared since Linux 3.19 + AC_CHECK_MEMBER([struct xt_set_info_match_v4.match_set.index], [AC_DEFINE([HAVE_XT_SET_INFO_MATCH_V4], [ 1 ], [Define to 1 if have struct xt_set_info_match_v4])], [], + [ + $EXTRA_INCLUDE + #include + ]) + + dnl - ipset type iface introduced in Linux 3.1 + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + int main(void) { int var = IPSET_ATTR_IFACE; } + ]])], + [AC_DEFINE([HAVE_IPSET_ATTR_IFACE], [ 1 ], [Define to 1 if ipset supports iface type])]) + + dnl - The include guard for has the leading _UAPI remove when + dnl - the source code is processed to produce the actual header files. + dnl - Unfortunately libipset provides a copy of the kernel headers, as , + dnl - but it doesn't remove the _UAPI from the header files when installing them. + dnl - Unfortunately we need to include some libipset header files, which include the + dnl - libipset version, and also which includes the kernel version. + dnl - To get around this problem, after include one of these we need to define the header guard + dnl - for the other, to stop it being included as well. + dnl - This is reported as a bug against ipset at https://bugzilla.netfilter.org/show_bug.cgi?id=1139 + dnl - We will take the kernel version if there is an inclusion collision. + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #include + int main(void) {} + ]])], [], + [AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #ifdef _UAPI_IP_SET_H + #error _UAPI_IP_SET_H defined + #endif + int main(void) {} + ]])], + [AC_DEFINE([LIBIPSET_H_ADD_UAPI_IP_SET_H_GUARD], [1], [Define to add guard _UAPI_IP_SET_H before including ])], + [AC_DEFINE([LIBIPSET_H_ADD_IP_SET_H_GUARD], [1], [Define to add guard _IP_SET_H before including ])]) + ]) fi - if test .${enable_libipset_dynamic} != .no; then - AC_DEFINE([_LIBIPSET_DYNAMIC_], [ 1 ], [Define to 1 if building with libipset dynamic linking]) - add_config_opt([LIBIPSET_DYNAMIC]) - NEED_LIBDL=Yes - get_lib_name([ipset], [ipset_session_init]) - AC_DEFINE_UNQUOTED([IPSET_LIB_NAME], [ "$LIB_NAME" ], [Define the ipset library name]) - else - add_config_opt([LIBIPSET]) + + if test $USE_LIBIPSET = Yes; then + AC_MSG_CHECKING([for libipset version 7 or later]) + AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [[ + #include + + void test_func(void) + { + ipset_session_init(NULL, NULL); + } + ]])], + [ + AC_MSG_RESULT([yes]) + ], + [ + AC_MSG_RESULT([no]) + AC_DEFINE([LIBIPSET_PRE_V7_COMPAT], [ 1 ], [Define to 1 if libipset library version prior to v7]) + add_system_opt[LIBIPSET_PRE_V7] + ]) fi + ]) + LIBS="$SAV_LIBS" + fi - dnl -- xt_set_info_match first introduced in Linux 2.6.39 (initial implementation of ipsets) - dnl -- xt_set_info_match_v1 declared since Linux 3.1 - AC_CHECK_MEMBER([struct xt_set_info_match_v1.match_set.index], [AC_DEFINE([HAVE_XT_SET_INFO_MATCH_V1], [ 1 ], [Define to 1 if have struct xt_set_info_match_v1])], [], - [ - $EXTRA_INCLUDE - #include - ]) - dnl -- xt_set_info_match_v3 declared since Linux 3.10 - AC_CHECK_MEMBER([struct xt_set_info_match_v3.match_set.index], [AC_DEFINE([HAVE_XT_SET_INFO_MATCH_V3], [ 1 ], [Define to 1 if have struct xt_set_info_match_v3])], [], - [ - $EXTRA_INCLUDE - #include - ]) - dnl -- xt_set_info_match_v4 declared since Linux 3.19 - AC_CHECK_MEMBER([struct xt_set_info_match_v4.match_set.index], [AC_DEFINE([HAVE_XT_SET_INFO_MATCH_V4], [ 1 ], [Define to 1 if have struct xt_set_info_match_v4])], [], - [ - $EXTRA_INCLUDE - #include - ]) + dnl -- XT_EXTENSION_MAXNAMELEN not defined until Linux 2.6.35 + AC_CHECK_DECL([XT_EXTENSION_MAXNAMELEN], [], + [AC_DEFINE([XT_EXTENSION_MAXNAMELEN], [ (XT_FUNCTION_MAXNAMELEN - 1) ], [Define if doesnt define it])], + [#include ]) - dnl - ipset type iface introduced in Linux 3.1 - AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ - #include - int main(void) { int var = IPSET_ATTR_IFACE; } - ]])], - [AC_DEFINE([HAVE_IPSET_ATTR_IFACE], [ 1 ], [Define to 1 if ipset supports iface type])]) - - dnl - The include guard for has the leading _UAPI remove when - dnl - the source code is processed to produce the actual header files. - dnl - Unfortunately libipset provides a copy of the kernel headers, as , - dnl - but it doesn't remove the _UAPI from the header files when installing them. - dnl - Unfortunately we need to include some libipset header files, which include the - dnl - libipset version, and also which includes the kernel version. - dnl - To get around this problem, after include one of these we need to define the header guard - dnl - for the other, to stop it being included as well. - dnl - This is reported as a bug against ipset at https://bugzilla.netfilter.org/show_bug.cgi?id=1139 - dnl - We will take the kernel version if there is an inclusion collision. - AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ - #include - #include - int main(void) {} - ]])], [], - [AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ - #include - #ifdef _UAPI_IP_SET_H - #error _UAPI_IP_SET_H defined - #endif - int main(void) {} - ]])], - [AC_DEFINE([LIBIPSET_H_ADD_UAPI_IP_SET_H_GUARD], [1], [Define to add guard _UAPI_IP_SET_H before including ])], - [AC_DEFINE([LIBIPSET_H_ADD_IP_SET_H_GUARD], [1], [Define to add guard _IP_SET_H before including ])]) - ]) - fi + CPPFLAGS="$SAV_CPPFLAGS" + fi + if test $USE_IPTABLES = Yes; then + AC_DEFINE([_WITH_IPTABLES_], [ 1 ], [Define to 1 if want iptables support]) + add_system_opt([IPTABLES]) + fi + ]) +AM_CONDITIONAL([LIBIPSET], [test $USE_LIBIPSET = Yes]) +AM_CONDITIONAL([IPTABLES], [test $USE_IPTABLES = Yes]) +AM_CONDITIONAL([LIBIPTC_DYNAMIC], [test $USE_IPTABLES = Yes -a .$LIBIPTC_DYNAMIC = .Yes]) +AM_CONDITIONAL([LIBIPSET_DYNAMIC], [test $USE_LIBIPSET = Yes -a .${enable_libipset_dynamic} != .no]) +unset LIBS - if test $USE_LIBIPSET = Yes; then - AC_MSG_CHECKING([for libipset version 7 or later]) - AC_COMPILE_IFELSE([AC_LANG_SOURCE( - [[ - #include +dnl ----[Check for nftables libraries]---- +USE_NFTABLES=No +if test .${enable_nftables} != .no; then + USE_NFTABLES=Yes + dnl -- linux/netfilter/nf_tables.h since Linux 3.13 + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + AC_CHECK_DECL([NFTA_TABLE_MAX], [], + [ + AS_IF([test .${enable_nftables} = .yes], [AC_MSG_ERROR([nftables header files missing/not useable])]) + USE_NFTABLES=No + ], + [#include ]) - void test_func(void) - { - ipset_session_init(NULL, NULL); - } - ]])], - [ - AC_MSG_RESULT([yes]) - ], - [ - AC_MSG_RESULT([no]) - AC_DEFINE([LIBIPSET_PRE_V7_COMPAT], [ 1 ], [Define to 1 if libipset library version prior to v7]) - add_system_opt[LIBIPSET_PRE_V7] - ]) - fi - ]) - LIBS="$SAV_LIBS" + if test $USE_NFTABLES = Yes; then + $PKG_CONFIG --exists libnftnl + if test $? -ne 0; then + USE_NFTABLES=No + AC_MSG_WARN([libnftnl missing]) + fi + $PKG_CONFIG --exists libmnl + if test $? -ne 0; then + USE_NFTABLES=No + AC_MSG_WARN([libmnl missing]) fi - dnl -- XT_EXTENSION_MAXNAMELEN not defined until Linux 2.6.35 - AC_CHECK_DECL([XT_EXTENSION_MAXNAMELEN], [], - [AC_DEFINE([XT_EXTENSION_MAXNAMELEN], [ (XT_FUNCTION_MAXNAMELEN - 1) ], [Define if doesnt define it])], - [#include ]) + if test $USE_NFTABLES = Yes; then + # nft prior to version 0.8.3 does not support type ifname in sets. We can't check the version of + # nft, but we can check the version of libnftnl. nft v0.8.3 required libnftnl v1.0.9, but so did + # nft v0.8.2. So play safe, and require the next version. + LIBNFTNL_VERSION=`printf "0x%2.2x%2.2x%2.2xU" \`pkg-config --modversion libnftnl | sed -e "s/\./ /g"\`` + AC_DEFINE_UNQUOTED([LIBNFTNL_VERSION], [ $LIBNFTNL_VERSION ], [libnftnl version in hex]) + + add_pkg_config([libnftnl]) + add_pkg_config([libmnl]) + AC_DEFINE([_WITH_NFTABLES_], [ 1 ], [Define to 1 if want nftables support]) + add_config_opt([NFTABLES]) + AC_MSG_CHECKING([whether NFTNL_EXPR_LOOKUP_FLAGS and NFT_LOOKUP_F_INV are defined]) + AC_LINK_IFELSE([AC_LANG_SOURCE([[ + #include // libnftnl/expr.h requires this + #include + #include + int main(void) + { + int i = NFTNL_EXPR_LOOKUP_FLAGS | NFT_LOOKUP_F_INV; + return 0; + } + ]])], [ + AC_MSG_RESULT(yes) + AC_DEFINE([HAVE_NFTNL_EXPR_LOOKUP_FLAG_INV], [ 1 ], [Define to 1 if NFTNL_EXPR_LOOKUP_FLAGS and NFT_LOOKUP_F_INV defined]) + ],[ + AC_MSG_RESULT(no) + ]) + # nft dup from Linux 4.3 + AC_CHECK_DECLS([NFTA_DUP_MAX], [], [], + [#include ]) + + # NFT_USERDATA_MAXLEN since Linux 3.15. Check nftnl_udata_buf_alloc for libnftnl support of userdata + USE_NFT_USERDATA=Yes + AC_CHECK_DECLS([NFT_USERDATA_MAXLEN, nftnl_udata_buf_alloc], + [], [USE_NFT_USERDATA=No], + [ + #include + #include + ] + ) - CPPFLAGS="$SAV_CPPFLAGS" + AS_IF([test $USE_NFT_USERDATA = Yes], + [ + AC_DEFINE([HAVE_NFTNL_UDATA], [ 1 ], [Define to 1 if have nftnl udata support]) + AC_CHECK_DECLS([nftnl_udata_put_u32], + [], [], + [ + #include + #include + ]) + ]) + fi fi + CPPFLAGS="$SAV_CPPFLAGS" fi -AM_CONDITIONAL([LIBIPTC], [test $USE_LIBIPTC = Yes]) -AM_CONDITIONAL([LIBIPSET], [test $USE_LIBIPSET = Yes]) +AM_CONDITIONAL([NFTABLES], [test $USE_NFTABLES = Yes]) unset LIBS +AS_IF([test $USE_IPTABLES = Yes -o $USE_NFTABLES = Yes], [AC_DEFINE([_WITH_FIREWALL_], [ 1 ], [Define to 1 if using iptables or nftables])]) +AM_CONDITIONAL([FIREWALL], [test $USE_IPTABLES = Yes -o $USE_NFTABLES = Yes]) + dnl ----[Check if have linux/if.h and net/if.h namespace collision]---- # Including and can cause a namespace collision. # Later versions of the headers are OK if linux/if.h is included second @@ -1261,8 +1728,8 @@ AC_MSG_CHECKING([for linux/if.h and net/if.h namespace collision]) SAV_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS $kernelinc" AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ - #include #include + #include ]])], [ AC_MSG_RESULT([no]) @@ -1274,6 +1741,26 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ ]) CPPFLAGS="$SAV_CPPFLAGS" +dnl ----[Check if linux/if_ether.h then netinet/in.h then linux/if.h namespace collision]---- +# This issue was resolved in Linux 4.15.7/4.16 +AC_MSG_CHECKING([for linux/if_ether.h then netinet/in.h then linux/if.h namespace collision]) +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernelinc" +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #include + #include + ]])], + [ + AC_MSG_RESULT([no]) + ], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([_HAVE_LINUX_IF_ETHER_H_COLLISION_], [ 1 ], [Define to 1 if have linux/if_ether.h then netinet/in.h then linux/in.h namespace collision]) + add_system_opt([NET_LINUX_IF_ETHER_H_COLLISION]) + ]) +CPPFLAGS="$SAV_CPPFLAGS" + dnl ----[Check if have linux/if_ether.h and netinet/if_ether.h namespace collision]---- # Including and causes a namespace collision # with musl libc, but the collision only occurs if linux/ip_ether.h is included @@ -1344,7 +1831,7 @@ if test "$enable_lvs" != no; then dnl -- Since Linux 3.18 AC_CHECK_DECLS([IPVS_DEST_ATTR_ADDR_FAMILY], [add_system_opt([IPVS_DEST_ATTR_ADDR_FAMILY])], [], [#include ]) - dnl -- Since Linux ?.?.? + dnl -- Since Linux 4.3 IPVS_SYNCD_ATTRIBUTES=Yes AC_CHECK_DECLS([ IPVS_DAEMON_ATTR_SYNC_MAXLEN, @@ -1358,7 +1845,6 @@ if test "$enable_lvs" != no; then ], [[#include ]]) - dnl -- Since Linux 4.3 if test $IPVS_SYNCD_ATTRIBUTES = Yes; then AC_DEFINE([_HAVE_IPVS_SYNCD_ATTRIBUTES_], [ 1 ], [Define to 1 if have IPVS syncd attributes]) add_system_opt([IPVS_SYNCD_ATTRIBUTES]) @@ -1381,6 +1867,32 @@ if test "$enable_lvs" != no; then add_system_opt([IPVS_64BIT_STATS]) fi fi + + dnl ----[ IPVS tunnel type ]---- + dnl -- Since Linux 5.2 + AC_CHECK_DECLS([IPVS_DEST_ATTR_TUN_TYPE], + [ + AC_DEFINE([_HAVE_IPVS_TUN_TYPE_], [ 1 ], [Define to 1 if have IPVS tunnel type]) + add_system_opt([IPVS_TUN_TYPE]) + ], [], + [[#include ]]) + + dnl -- Since Linux 5.3 + AC_CHECK_DECLS([IP_VS_TUNNEL_ENCAP_FLAG_NOCSUM], + [ + AC_DEFINE([_HAVE_IPVS_TUN_CSUM_], [ 1 ], [Define to 1 if have IPVS tunnel checksum options]) + add_system_opt([IPVS_TUN_CSUM]) + ], [], + [[#include ]]) + + dnl -- Since Linux 5.3 + AC_CHECK_DECLS([IP_VS_CONN_F_TUNNEL_TYPE_GRE], + [ + AC_DEFINE([_HAVE_IPVS_TUN_GRE_], [ 1 ], [Define to 1 if have IPVS gre tunnel]) + add_system_opt([IPVS_TUN_GRE]) + ], [], + [[#include ]]) + CPPFLAGS="$SAV_CPPFLAGS" dnl ----[ Is HTTP_GET regex checking wanted? ]---- @@ -1391,28 +1903,28 @@ if test "$enable_lvs" != no; then AS_IF([test $HAVE_PCRE2 -ne 0], [AC_MSG_ERROR([cannot find pcre library])]) AC_MSG_CHECKING([for pcre.h]) AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ - #define PCRE2_CODE_UNIT_WIDTH 8 - #include - ]])], - [ + #define PCRE2_CODE_UNIT_WIDTH 8 + #include + ]])], + [ AC_MSG_RESULT([yes]) - WITH_REGEX=Yes + WITH_REGEX=Yes add_pkg_config([libpcre2-8]) - AC_DEFINE([_WITH_REGEX_CHECK_], [ 1 ], [Define to 1 to build with HTTP_GET regex checking]) + AC_DEFINE([_WITH_REGEX_CHECK_], [ 1 ], [Define to 1 to build with HTTP_GET regex checking]) add_config_opt([REGEX]) - ], - [ - AC_MSG_RESULT([no]) + ], + [ + AC_MSG_RESULT([no]) AC_MSG_ERROR([pcre2.h is missing]) - ]) + ]) if test "$enable_regex_timers" = yes; then AC_DEFINE([_WITH_REGEX_TIMERS_], [ 1 ], [Define to 1 to include regex timers]) fi if test "${enable_regex_debug}" = yes; then - AC_DEFINE([_REGEX_DEBUG_], [ 1 ], [Define to 1 to build with regex debugging support]) - ENABLE_REGEX_DEBUG=Yes - add_config_opt([REGEX_DEBUG]) + AC_DEFINE([_REGEX_DEBUG_], [ 1 ], [Define to 1 to build with regex debugging support]) + ENABLE_REGEX_DEBUG=Yes + add_config_opt([REGEX_DEBUG]) fi ]) else @@ -1427,6 +1939,7 @@ VRRP_AUTH_SUPPORT=No MACVLAN_SUPPORT=No ENABLE_JSON=No BFD_SUPPORT=No +HAVE_CN_PROC=No if test "$enable_vrrp" != no; then VRRP_SUPPORT=Yes AC_DEFINE([_WITH_VRRP_], [ 1 ], [Define to 1 if have VRRP support]) @@ -1442,34 +1955,57 @@ if test "$enable_vrrp" != no; then dnl ----[ Checks for kernel VMAC support ]---- SAV_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS $kernelinc" - MACVLAN_SUPPORT=Yes - dnl -- Since Linux 2.6.33 - AC_CHECK_DECLS([ - IFLA_MACVLAN_MODE, - MACVLAN_MODE_PRIVATE], [], - [ - MACVLAN_SUPPORT=No - break - ], [[ - #include - #include - ]]) + MACVLAN_SUPPORT=No + if test "${enable_vmac}" != no; then + MACVLAN_SUPPORT=Yes + dnl -- Since Linux 2.6.33 + AC_CHECK_DECLS([ + IFLA_MACVLAN_MODE, + MACVLAN_MODE_PRIVATE], [], + [ + MACVLAN_SUPPORT=No + break + ], [[ + #include + #include + ]]) + fi if test $MACVLAN_SUPPORT = Yes; then AC_DEFINE([_HAVE_VRRP_VMAC_], [ 1 ], [Define to 1 if have MAC VLAN support]) add_system_opt([VRRP_VMAC]) + + dnl ----[ Checks for kernel IPVLAN support ]---- + IPVLAN_SUPPORT=Yes + dnl -- Since Linux 3.19 + AC_CHECK_DECLS([IFLA_IPVLAN_MODE], [], + [ + IPVLAN_SUPPORT=No + break + ], [[ + #include + #include + ]]) + if test $IPVLAN_SUPPORT = Yes; then + AC_DEFINE([_HAVE_VRRP_IPVLAN_], [ 1 ], [Define to 1 if have IP VLAN support]) + add_system_opt([VRRP_IPVLAN]) + fi + + dnl ----[ Check for IFLA_LINK_NETNSID support ]---- since Linux v4.0 + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + int main(void) { int var = IFLA_LINK_NETNSID; } + ]])], + [ + AC_DEFINE([HAVE_IFLA_LINK_NETNSID], [ 1 ], [Define to 1 if IFLA_LINK_NETNSID supported]) + add_system_opt([IFLA_LINK_NETNSID]) + ]) fi CPPFLAGS="$SAV_CPPFLAGS" - dnl ----[ Json output or not ? ]---- + dnl ----[ JSON output or not ? ]---- if test "${enable_json}" = yes; then - JSON_HEADERS=$($PKG_CONFIG --cflags-only-I json-c) - SAV_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS $JSON_HEADERS" - AC_CHECK_HEADERS(json.h,,AC_MSG_ERROR([unable to find json.h])) - CPPFLAGS="$SAV_CPPFLAGS" - AC_DEFINE([_WITH_JSON_], [ 1 ], [Define to 1 to build with json output support]) - add_pkg_config([json-c]) ENABLE_JSON=Yes + AC_DEFINE([_WITH_JSON_], [ 1 ], [Define to 1 to build with JSON output support]) add_config_opt([JSON]) fi @@ -1479,12 +2015,27 @@ if test "$enable_vrrp" != no; then AC_DEFINE([_WITH_BFD_], [ 1 ], [Define to 1 if have BFD support]) add_config_opt([BFD]) fi + + dnl -- Check for process events connector - Linux v2.6.15 + AS_IF([test .$enable_track_process != .no], + [ + add_system_opt([CN_PROC]) + HAVE_CN_PROC=Yes + AC_DEFINE([_WITH_CN_PROC_], [ 1 ], [Define to 1 if have linux/cn_proc.h and track-process not disabled]) + dnl -- PROC_EVENT_SID since Linux v2.6.32 + dnl -- PROC_EVENT_PTRACE since Linux v3.1 + dnl -- PROC_EVENT_COMM since Linux v3.2 + dnl -- PROC_EVENT_COREDUMP since Linux v3.10 + AC_CHECK_DECLS([PROC_EVENT_SID, PROC_EVENT_PTRACE, PROC_EVENT_COMM, PROC_EVENT_COREDUMP], [], [], [[#include ]]) + ], + [add_config_opt([DISABLE_TRACK_PROCESS])]) fi AM_CONDITIONAL([WITH_VRRP], [test $VRRP_SUPPORT = Yes]) AM_CONDITIONAL([VRRP_AUTH], [test $VRRP_AUTH_SUPPORT = Yes]) AM_CONDITIONAL([VMAC], [test $MACVLAN_SUPPORT = Yes]) AM_CONDITIONAL([WITH_JSON], [test $ENABLE_JSON = Yes]) AM_CONDITIONAL([WITH_BFD], [test $BFD_SUPPORT = Yes]) +AM_CONDITIONAL([CN_PROC], [test $HAVE_CN_PROC = Yes]) if test ${IPVS_SUPPORT} = No -a ${VRRP_SUPPORT} = No; then AC_MSG_ERROR([keepalived MUST be compiled with at least one of LVS or VRRP framework]) @@ -1509,17 +2060,36 @@ AC_CHECK_DECL([IPVS_SVC_ATTR_PE_NAME], dnl ----[ Checks for O_PATH support ]---- # Introduced in Linux 2.6.39 -SAV_CFLAGS="$CFLAGS" -CFLAGS="$CFLAGS -D_GNU_SOURCE" +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS $kernel_inc -D_GNU_SOURCE" AC_CHECK_DECLS([O_PATH], [ add_system_opt([O_PATH]) ], [],[[#include ]]) -CFLAGS="$SAV_CFLAGS" +CPPFLAGS="$SAV_CPPFLAGS" dnl ----[ Check for GLOB_BRACE support ]---- AC_CHECK_DECLS([GLOB_BRACE], [add_system_opt([GLOB_BRACE])], [], [[#include ]]) +dnl ----[ Check for timegm() support ]---- +AC_MSG_CHECKING([for timegm()]) +SAV_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$KA_CPPFLAGS $kernel_inc" +AC_LINK_IFELSE([AC_LANG_SOURCE([[ + #include + int main(void) + { + timegm(NULL); + return 0; + } + ]])], [ + AC_MSG_RESULT(yes) + AC_DEFINE([HAVE_TIMEGM], [ 1 ], [Define to 1 if have timegm()]) + ],[ + AC_MSG_RESULT(no) + ]) +CPPFLAGS="$SAV_CPPFLAGS" + dnl ----[ Do we want v1.3.6 and earlier VRRPv3 unicast checksum compatibility support ]---- UNICAST_CHKSUM_COMPAT_SUPPORT=No if test .$enable_checksum_compat != .no; then @@ -1546,6 +2116,17 @@ if test .$enable_vrrp != .no -a .$enable_routes != .no; then fi AM_CONDITIONAL([FIB_ROUTING], [test $FIB_ROUTING_SUPPORT = Yes]) +dnl ----[ Check if linkbeat wanted ]---- +AS_IF([test .$enable_linkbeat = .no], + [ + LINKBEAT_SUPPORT=No + add_config_opt([NO_LINKBEAT]) + ], + [ + LINKBEAT_SUPPORT=Yes + AC_DEFINE([_WITH_LINKBEAT_], [ 1 ], [Define to 1 if have linkbeat support]) + ]) + dnl ----[ Checks for kernel IFLA_INET6_ADDR_GEN_MODE support ]---- SAV_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS $kernelinc" @@ -1561,9 +2142,10 @@ fi CPPFLAGS="$SAV_CPPFLAGS" dnl ----[ Checks for kernel IFLA_VRF_... support ]---- -SAV_CPPFLAGS="$CPPFLAGS" -CPPFLAGS="$CPPFLAGS $kernelinc" if test ${MACVLAN_SUPPORT} = Yes; then + SAV_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $kernelinc" + # Introduced in Linux 4.3 AC_CHECK_DECLS([IFLA_VRF_MAX], [ @@ -1572,8 +2154,8 @@ if test ${MACVLAN_SUPPORT} = Yes; then ], [], [[ #include ]]) + CPPFLAGS="$SAV_CPPFLAGS" fi -CPPFLAGS="$SAV_CPPFLAGS" dnl ----[ Checks for SNMP support ]---- SNMP_SUPPORT=No @@ -1601,7 +2183,11 @@ if test "$enable_snmp" = yes -o \ NETSNMP_LIBS_AGENT=`${NETSNMP_CONFIG} --netsnmp-agent-libs` NETSNMP_LIBS_EXT=`${NETSNMP_CONFIG} --external-libs` NETSNMP_LIBS="$NETSNMP_LIBS_AGENT $NETSNMP_LIBS_EXT" - NETSNMP_CFLAGS="`${NETSNMP_CONFIG} --base-cflags` -DNETSNMP_NO_INLINE" + NETSNMP_CFLAGS="`${NETSNMP_CONFIG} --base-cflags`" + NETSNMP_CPPFLAGS="-DNETSNMP_NO_INLINE" + + # net-snmp-config can add -I/usr/include, so remove it + NETSNMP_CFLAGS=`echo $NETSNMP_CFLAGS " " | sed -e "s:-I */usr/include ::"` # net-snmp-config adds compiler and linker options that were set at the time # net-snmp was built, and this can include spec files that may not exist @@ -1611,14 +2197,14 @@ if test "$enable_snmp" = yes -o \ # For further information, see https://bugzilla.redhat.com/show_bug.cgi?id=1544527 # and the other bugs referred to in it. for spec in `echo $NETSNMP_LIBS | sed -e "s? ?\n?g" | grep "^-specs="`; do - SPEC_FILE=`echo $spec | sed -e "s?^-spaces=??"` + SPEC_FILE=`echo $spec | sed -e "s?^-specs=??"` if test ! -f $SPEC_FILE; then NETSNMP_LIBS=`echo $NETSNMP_LIBS | sed -e "s? *$spec *? ?"` AC_MSG_WARN([Removing $spec from NETSNMP_LIBS since spec file not installed]) fi done for spec in `echo $NETSNMP_CFLAGS | sed -e "s? ?\n?g" | grep "^-specs="`; do - SPEC_FILE=`echo $spec | sed -e "s?^-spaces=??"` + SPEC_FILE=`echo $spec | sed -e "s?^-specs=??"` if test ! -f $SPEC_FILE; then NETSNMP_CFLAGS=`echo $NETSNMP_CFLAGS | sed -e "s? *$spec *? ?"` AC_MSG_WARN([Removing $spec from NETSNMP_CFLAGS since spec file not installed]) @@ -1649,7 +2235,7 @@ if test "$enable_snmp" = yes -o \ # check for net-snmp headers # Some ancient distributions may miss header SAV_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS $NETSNMP_CFLAGS" + CPPFLAGS="$CPPFLAGS $kernel_inc $NETSNMP_CFLAGS" AC_CHECK_HEADERS(net-snmp/agent/agent_sysORTable.h net-snmp/agent/snmp_vars.h net-snmp/agent/util_funcs.h,[], [AC_MSG_ERROR([missing net-snmp headers])],[[ #include @@ -1658,8 +2244,19 @@ if test "$enable_snmp" = yes -o \ ]]) SNMP_SUPPORT=Yes + + # NETSNMP_CFLAGS can have CPPFLAGS options, so separate them + NETSNMP_CPPFLAGS_XTRA=`echo " $NETSNMP_CFLAGS " | sed -e "s/ / /g" -e "s/ -[[^IDU]] *-/ -/g" -e "s/ -[[^IDU]] *[[^-]][[^ ]]* / /g" -e "s/ */ /g"` + NETSNMP_CFLAGS=`echo " $NETSNMP_CFLAGS " | sed -e "s/ / /g" -e "s/ -[[IDU]] *[[^ ]]* / /g" -e "s/ */ /g"` add_to_var([KA_CFLAGS], [$NETSNMP_CFLAGS]) + add_to_var([KA_CPPFLAGS], [$NETSNMP_CPPFLAGS $NETSNMP_CPPFLAGS_XTRA]) + + # NETSNMP_LIBS may have some LDFLAGS options, so separate them + NETSNMP_LDFLAGS_XTRA=`echo " $NETSNMP_LIBS " | sed -e "s/ / /g" -e "s/ -l *[[^ ]]* / /g" -e "s/ */ /g" -e "s/ -/ @-/g" | tr "@" "\n" | sed -e "s/^ *//" -e "s/ *$//" | sort -u | tr "\n" " "` + NETSNMP_LIBS=`echo " $NETSNMP_LIBS " | sed -e "s/ / /g" -e "s/ \(-l *[[^ ]]*\) /@\1@/g" | tr "@" "\n" | grep "^-l" | tr "\n" " " | sed -e "s/ */ /g"` + add_to_var([KA_LDFLAGS], [$NETSNMP_LDFLAGS $NETSNMP_LDFLAGS_XTRA]) add_to_var([KA_LIBS], [$NETSNMP_LIBS]) + if test "$enable_snmp_rfc" = yes; then SNMP_RFCV2_SUPPORT=Yes SNMP_RFCV3_SUPPORT=Yes @@ -1680,14 +2277,18 @@ if test "$enable_snmp" = yes -o \ fi if test ${SNMP_RFCV3_SUPPORT} = Yes -a \ "$enable_snmp_reply_v3_for_v2" != no; then - AC_DEFINE([_SNMP_REPLY_V3_FOR_V2_], [ 1 ], [Define to 1 to have keepalived send RFC6257 SNMP responses for VRRPv2 instances]) + AC_DEFINE([_SNMP_REPLY_V3_FOR_V2_], [ 1 ], [Define to 1 to have keepalived send RFC6527 SNMP responses for VRRPv2 instances]) SNMP_V3_FOR_V2=Yes add_config_opt([SNMP_V3_FOR_V2]) fi if test "$enable_snmp" = yes; then - SNMP_VRRP_SUPPORT=Yes - SNMP_CHECKER_SUPPORT=Yes + if test ${VRRP_SUPPORT} = Yes; then + SNMP_VRRP_SUPPORT=Yes + fi + if test ${IPVS_SUPPORT} = Yes; then + SNMP_CHECKER_SUPPORT=Yes + fi else if test "$enable_snmp_vrrp" = yes; then SNMP_VRRP_SUPPORT=Yes @@ -1711,7 +2312,6 @@ if test "$enable_snmp" = yes -o \ fi CPPFLAGS="$SAV_CPPFLAGS" - CPPFLAGS="$SAV_CPPFLAGS" CFLAGS="$SAV_CFLAGS" LIBS="$SAV_LIBS" fi @@ -1750,6 +2350,8 @@ AM_CONDITIONAL([SNMP_RFC], [test $SNMP_RFCV2_SUPPORT = Yes -o $SNMP_RFCV3_SUPPOR AM_CONDITIONAL([SNMP_RFCV2], [test $SNMP_RFCV2_SUPPORT = Yes]) AM_CONDITIONAL([SNMP_RFCV3], [test $SNMP_RFCV3_SUPPORT = Yes]) AM_CONDITIONAL([SNMP_REPLY_V3_FOR_V2], [test $SNMP_V3_FOR_V2 = Yes]) +AS_IF([test $SNMP_SUPPORT = Yes], [SNMP_SERVICE=snmpd.service], [SNMP_SERVICE=]) +AC_SUBST([SNMP_SERVICE]) dnl ----[ Check for Dbus support ]---- DBUS_SUPPORT=No @@ -1763,7 +2365,9 @@ if test "$enable_dbus" = yes; then add_config_opt([DBUS]) dnl -- g_type_init() not needed and deprecated since glib 2.36 + SAV_CFLAGS=$CFLAGS CFLAGS="$($PKG_CONFIG --cflags gio-2.0)" + SAV_LIBS=$LIBS LIBS="$($PKG_CONFIG --libs gio-2.0)" AC_RUN_IFELSE( [ @@ -1779,8 +2383,8 @@ if test "$enable_dbus" = yes; then if test $need_g_type_init -eq 1; then AC_DEFINE([DBUS_NEED_G_TYPE_INIT], [ 1 ], [Define to 1 if need to call g_type_init()]) fi - LIBS= - CFLAGS= + LIBS=$SAV_LIBS + CFLAGS=$SAV_CFLAGS if test "$enable_dbus_create_instance" = yes; then AC_DEFINE([_WITH_DBUS_CREATE_INSTANCE_], [ 1 ], [Define to 1 to have DBus create instance support]) DBUS_CREATE_INSTANCE=Yes @@ -1789,6 +2393,7 @@ if test "$enable_dbus" = yes; then fi ], [AC_MSG_ERROR([DBUS support requested but libgio-2.0 not found.])]) + unset LIBS fi AM_CONDITIONAL([WITH_DBUS], [test $DBUS_SUPPORT = Yes]) AM_CONDITIONAL([DBUS_CREATE_INSTANCE], [test $DBUS_CREATE_INSTANCE = Yes]) @@ -1802,7 +2407,7 @@ if test "${enable_sha1}" = yes; then dnl libcrypto can require -fpic AS_UNSET([ac_cv_lib_crypto_SHA1_Init]) SAV_CFLAGS=$CFLAGS - CFLAGS=-fpic + CFLAGS="$CFLAGS -fpic" AC_CHECK_LIB(crypto, SHA1_Init,,AC_MSG_ERROR([SHA1 in OpenSSL required])) CFLAGS=$SAV_CFLAGS add_to_var([KA_CFLAGS],[-fpic]) @@ -1811,8 +2416,10 @@ if test "${enable_sha1}" = yes; then AC_DEFINE([_WITH_SHA1_], [ 1 ], [Define to 1 to have SHA1 support]) fi AM_CONDITIONAL([WITH_SHA1], [test $SHA1_SUPPORT = Yes]) +unset LIBS dnl ----[ check for SO_MARK support ]---- +dnl -- Since Linux 2.6.25 SO_MARK_SUPPORT=No if test "${enable_fwmark}" != no; then AC_CHECK_DECLS([SO_MARK], @@ -1827,46 +2434,64 @@ fi dnl ---[ check for setns() ]---- dnl -- CLONE_NEWNET defined from Linux 3.0 SAV_CFLAGS="$CFLAGS" -CFLAGS="$CFLAGS -D_GNU_SOURCE" AC_CHECK_DECLS([CLONE_NEWNET], [], [], [[#include ]]) dnl -- From glibc 2.14. Otherwise use setns syscall, since Linux 2.4.x AC_CHECK_FUNCS([setns]) +dnl -- When building a RedHat RPM with hardening enabled, -pie is specified, +dnl -- and for setns this requires -fPIC +AS_IF([test $ac_cv_func_setns = no], + [ + AS_UNSET([ac_cv_func_setns]) + CFLAGS="$CFLAGS -fPIC" + AC_CHECK_FUNCS([setns]) + ]) CFLAGS="$SAV_CFLAGS" AM_CONDITIONAL([WITH_NAMESPACES], [test $ac_cv_have_decl_CLONE_NEWNET = yes]) -dnl ----[ check for realtime scheduling support ]---- -SAV_CFLAGS="$CFLAGS" -CFLAGS="$CFLAGS -D_GNU_SOURCE" -dnl -- from Linux ?.?.? -AC_CHECK_DECLS([SCHED_RR], - [ - SCHED_RT_SUPPORT=Yes - AC_DEFINE([_HAVE_SCHED_RT_], [ 1 ], [Define to 1 if have SCHED_RR]) - add_system_opt([SCHED_RT]) - - dnl -- RLIMIT_RTTIME since Linux 2.6.25 - not supported wwith musl libc - AC_CHECK_DECLS([RLIMIT_RTTIME], [], [], [[#include ]]) - - dnl -- SCHED_RESET_ON_FORK since Linux 2.6.32 - AC_CHECK_DECLS([SCHED_RESET_ON_FORK], - [add_system_opt([SCHED_RESET_ON_FORK])], - [AC_DEFINE([SCHED_RESET_ON_FORK], [ 0 ], [Dummy definition if not defined in system headers])], - [[#include ]]) - ], - [ - SCHED_RT_SUPPORT=No - ], [[#include ]]) -CFLAGS="$SAV_CFLAGS" +dnl -- RLIMIT_RTTIME since Linux 2.6.25 - not supported with musl libc +AC_CHECK_DECLS([RLIMIT_RTTIME], [], [], [[#include ]]) + +dnl -- SCHED_RESET_ON_FORK since Linux 2.6.32 +AC_CHECK_DECLS([SCHED_RESET_ON_FORK], + [add_system_opt([SCHED_RESET_ON_FORK])], + [AC_DEFINE([SCHED_RESET_ON_FORK], [ 0 ], [Dummy definition if not defined in system headers])], + [[#include ]]) dnl -- Do we want GNU standard paths (moves .pid files) GNU_STD_PATHS=No if test "${enable_gnu_std_paths}" = "yes"; then AC_DEFINE([GNU_STD_PATHS], [ 1 ], [set to enforce GNU standard paths, for .pid files etc]) - PID_DIR=$localstatedir + RUN_DIR=$localstatedir +elif test $RUN_DIR_SPECIFIED = Y -a .${with_run_dir} != .no; then + RUN_DIR=`echo ${with_run_dir} | sed -e "s:/run/*$::"` # Remove a trailing /run - somewill will include it sometime +elif test -d /run; then + RUN_DIR= else - PID_DIR=/var + RUN_DIR=/var fi -AC_SUBST([PID_DIR]) +AC_DEFINE_UNQUOTED([RUN_DIR_ROOT], [ "${RUN_DIR}" ], [Parent directory of /run]) +AC_SUBST([RUN_DIR]) + +dnl - Check type of rlim_t for printf() - this check needs to be late on +dnl - since _FILE_OFFSET_BITS (set when using netsnmp) alters sizeof(rlim_t) +SAV_CFLAGS="$CFLAGS" +CFLAGS="-Wformat -Werror=format $SAV_CPPFLAGS $KA_CPPFLAGS" +AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ + #include + #include + int + main(int argc, char **argv) + { + rlim_t val = 23U; + printf("%lu %d %p", val, argc, argv); + + return 0; + } + ]])], + [AC_DEFINE([PRI_rlim_t], ["lu"], [Define printf format specifier for rlim_t])], + [AC_DEFINE([PRI_rlim_t], ["llu"], [Define printf format specifier for rlim_t])], + ) +CFLAGS="$SAV_CFLAGS" dnl ---[ check for sphinx-build executable ]---- if test -z "$SPHINXBUILD"; then @@ -1892,7 +2517,7 @@ if test "${enable_mem_check}" = "yes"; then fi fi -dnl ----[ Memory alloc check or not ? ]---- +dnl ----[ Log calls to set_time or not ? ]---- TIMER_CHECK=No if test "${enable_timer_check}" = "yes"; then TIMER_CHECK=Yes @@ -1900,15 +2525,15 @@ if test "${enable_timer_check}" = "yes"; then add_config_opt([TIMER_CHECK]) fi -dnl ----[ Debug or not ? ]---- -if test "${enable_debug}" = yes; then - AC_DEFINE([_DEBUG_], [ 1 ], [Define to 1 to build with debugging support]) - ENABLE_DEBUG=Yes - add_config_opt([DEBUG]) +dnl ----[ Debug in one process or not ? ]---- +if test "${enable_one_process_debug}" = yes; then + AC_DEFINE([_ONE_PROCESS_DEBUG_], [ 1 ], [Define to 1 to build with debugging support]) + ENABLE_ONE_PROCESS_DEBUG=Yes + add_config_opt([ONE_PROCESS_DEBUG]) else - ENABLE_DEBUG=No + ENABLE_ONE_PROCESS_DEBUG=No fi -AM_CONDITIONAL([DEBUG], [test $ENABLE_DEBUG = Yes]) +AM_CONDITIONAL([ONE_PROCESS_DEBUG], [test $ENABLE_ONE_PROCESS_DEBUG = Yes]) dnl ----[ Netlink command timers or not ? ]---- if test "${enable_netlink_timers}" = yes; then @@ -1988,6 +2613,25 @@ else ENABLE_VRRP_FD_DEBUG=No fi +dnl ----[ network timestamp support or not ? ]---- +if test "${enable_network_timestamp}" = yes; then + AC_DEFINE([_NETWORK_TIMESTAMP_], [ 1 ], [Define to 1 to build with network timestamp support]) + ENABLE_NETWORK_TIMESTAMP=Yes + add_config_opt([NETWORK_TIMESTAMP]) +else + ENABLE_NETWORK_TIMESTAMP=No +fi + +dnl ----[ asserts enabled or not ? ]---- +if test "${enable_asserts}" = yes; then + AC_DEFINE([_ENABLE_ASSERT_], [ 1 ], [Define to 1 to enable asserts]) + ENABLE_ASSERT=Yes + add_config_opt([ASSERT]) +else + ENABLE_ASSERT=No +fi +AM_CONDITIONAL([ASSERTS], [test $ENABLE_ASSERT = Yes]) + dnl ----[ Specify interface type to be unchangeable ]---- if test "${with_fixed_if_type}"; then if test "${with_fixed_if_type}" = yes -o ${with_fixed_if_type} = no; then @@ -2019,18 +2663,114 @@ else ENABLE_PERF=No fi -if test ${enable_log_file} = yes; then +if test "${enable_log_file}" = yes; then AC_DEFINE([ENABLE_LOG_TO_FILE], [ 1 ], [Define if enabling logging to files]) ENABLE_LOG_FILE_APPEND=Yes add_config_opt([FILE_LOGGING]) fi -if test ${ENABLE_LOG_FILE_APPEND} = Yes; then +if test "${ENABLE_LOG_FILE_APPEND}" = Yes; then AC_DEFINE([ENABLE_LOG_FILE_APPEND], [ 1 ], [Define if appending to log files is allowed]) add_config_opt([LOG_FILE_APPEND]) fi -if test ${NEED_LIBDL} = Yes; then +dnl ----[ Do we need to check for EINTR, or enable EINTR debugging code]---- +ENABLE_EINTR_DEBUG=No +AS_IF([test .$enable_eintr_debug = .yes], + [ + AC_DEFINE([_EINTR_DEBUG_], [ 1 ], [Define to test for and log errno == EINTR when no asynchronous signal handlers]) + add_config_opt([EINTR_DEBUG]) + ENABLE_EINTR_DEBUG=Yes + ], + [ + dnl --- We need to check for EINTR if we are not using signalfd + AS_IF([test .$ac_cv_func_signalfd != .yes -o .$enable_eintr_debug = .check], + [ + AC_DEFINE([CHECK_EINTR], [ 1 ], [Define if need to check for EINTR errno]) + AS_IF([test .$ac_cv_func_signalfd = .yes], [add_config_opt([EINTR_CHECK])]) + ]) + ]) + +dnl ----[ Do we enable script debugging code]---- +ENABLE_SCRIPT_DEBUG=No +AS_IF([test .$enable_script_debug = .yes], + [ + AC_DEFINE([_SCRIPT_DEBUG_], [ 1 ], [Define to enable script debugging support]) + add_config_opt([SCRIPT_DEBUG]) + ENABLE_SCRIPT_DEBUG=Yes + ]) + +dnl ----[ Do we want to enable track process debugging code]---- +ENABLE_TRACK_PROCESS_DEBUG=No +AS_IF([test .$enable_track_process_debug = .yes], + [ + AC_DEFINE([_TRACK_PROCESS_DEBUG_], [ 1 ], [Define to enable logging all process connector events]) + add_config_opt([TRACK_PROCESS_DEBUG]) + ENABLE_TRACK_PROCESS_DEBUG=Yes + ]) + +dnl ----[ Do we want to enable parser debugging code]---- +ENABLE_PARSER_DEBUG=No +AS_IF([test .$enable_parser_debug = .yes], + [ + AC_DEFINE([_PARSER_DEBUG_], [ 1 ], [Define to enable parser debugging]) + add_config_opt([PARSER_DEBUG]) + ENABLE_PARSER_DEBUG=Yes + ]) + +dnl ----[ Do we want to enable checksum debugging code]---- +ENABLE_CHECKSUM_DEBUG=No +AS_IF([test .$enable_checksum_debug = .yes], + [ + AC_DEFINE([_CHECKSUM_DEBUG_], [ 1 ], [Define to enable checksum debugging]) + add_config_opt([CHECKSUM_DEBUG]) + ENABLE_CHECKSUM_DEBUG=Yes + ]) + +dnl ----[ Do we want to enable genhash debugging code]---- +ENABLE_GENHASH_DEBUG=No +AS_IF([test .$enable_genhash_debug = .yes], + [ + AC_DEFINE([_GENHASH_DEBUG_], [ 1 ], [Define to enable genhash debugging]) + add_config_opt([GENHASH_DEBUG]) + ENABLE_GENHASH_DEBUG=Yes + ]) + +dnl ----[ Do we want to enable checker debugging code]---- +ENABLE_CHECKER_DEBUG=No +AS_IF([test .$enable_checker_debug = .yes], + [ + AC_DEFINE([_CHECKER_DEBUG_], [ 1 ], [Define to enable checker debugging]) + add_config_opt([CHECKER_DEBUG]) + ENABLE_CHECKER_DEBUG=Yes + ]) + +dnl ----[ Do we want to enable SMTP connect debugging code]---- +ENABLE_SMTP_CONNECT_DEBUG=No +AS_IF([test .$enable_smtp_connect_debug = .yes], + [ + AC_DEFINE([_SMTP_CONNECT_DEBUG_], [ 1 ], [Define to enable SMTP connection debugging]) + add_config_opt([SMTP_CONNECT_DEBUG]) + ENABLE_SMTP_CONNECT_DEBUG=Yes + ]) + +dnl ----[ Do we want to enable memory alloc/free error debugging code]---- +ENABLE_MEM_ERR_DEBUG=No +AS_IF([test .$enable_mem_err_debug = .yes], + [ + AC_DEFINE([_MEM_ERR_DEBUG_], [ 1 ], [Define to enable memory alloc/free error debugging]) + add_config_opt([MEM_ERR_DEBUG]) + ENABLE_MEM_ERR_DEBUG=Yes + ]) + +dnl ----[ Do we want to enable dump keywords code]---- +AS_IF([test .$enable_dump_keywords = .yes], + [ + AC_DEFINE([_DUMP_KEYWORDS_], [ 1 ], [Define to enable keyword dumping]) + add_config_opt([DUMP_KEYWORDS]) + ]) + +if test "${NEED_LIBDL}" = Yes; then add_to_var([KA_LIBS], [-ldl]) fi @@ -2059,41 +2799,39 @@ AM_CONDITIONAL([RPM_BIP], [test $RPM_NO_BIP -eq 0]) dnl ----[ Determine system init type]---- INIT_TYPE= -if test -z $init_type; then - /sbin/init --version 2>/dev/null | grep -q upstart - if test $? -eq 0; then - INIT_TYPE=upstart - else - init_path=`which systemctl 2>/dev/null` - if test \( $? -eq 0 -a -x "$init_path" \); then - systemctl | grep -q -- "-\.mount" - if test $? -eq 0; then - INIT_TYPE=systemd - fi - fi - if test \( -z "$INIT_TYPE" -a -f /etc/init.d/networking \); then - init_path=`which openrc-run 2>/dev/null` - if test \( $? -eq 0 -a -x "$init_path" \); then - head -1 /etc/init.d/networking | grep -q "^#! */.*/openrc-run$" - if test $? -eq 0; then - INIT_TYPE=openrc - fi - fi - fi - if test \( -z "$INIT_TYPE" -a -f /etc/init.d/cron -a ! -h /etc/init.d/cron \); then - INIT_TYPE=SYSV - fi - fi -else - INIT_TYPE=$init_type -fi +AS_IF( + [test -n "$init_type"], [INIT_TYPE=$init_type], + [test -n "$with_systemdsystemunitdir"], [INIT_TYPE=systemd], + [ + /sbin/init --version 2>/dev/null | grep -q upstart + AS_IF( + [test $? -eq 0], [INIT_TYPE=upstart], + [ + init_path=`which systemctl 2>/dev/null` + AS_IF([test \( $? -eq 0 -a -x "$init_path" \)], + [ + systemctl | grep -q -- "-\.mount" + AS_IF([test $? -eq 0], [INIT_TYPE=systemd]) + ]) + AS_IF([test \( -z "$INIT_TYPE" -a -f /etc/init.d/networking \)], + [ + init_path=`which openrc-run 2>/dev/null` + AS_IF([test \( $? -eq 0 -a -x "$init_path" \)], + [ + head -1 /etc/init.d/networking | grep -q "^#! */.*/openrc-run$" + AS_IF([test $? -eq 0], [INIT_TYPE=openrc]) + ]) + ]) + AS_IF([test \( -z "$INIT_TYPE" -a -f /etc/init.d/cron -a ! -h /etc/init.d/cron \)], [INIT_TYPE=SYSV]) + ]) + ]) +AS_IF([test \( .$INIT_TYPE = .systemd -a -z "$with_systemdsystemunitdir" \)], [with_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)]) dnl ----[Default keepalived configuration file]---- AS_IF([test $default_config_file], [ AS_IF([test $default_config_file = yes -o $default_config_file = no], - AC_MSG_ERROR([A filename must be specified for default-config-file]) - ]) + [AC_MSG_ERROR([A filename must be specified for default-config-file])]) CONFIG_FILE=$default_config_file add_config_opt([DEFAULT_CONFIG_FILE=${default_config_file}]) ], @@ -2101,7 +2839,7 @@ AS_IF([test $default_config_file], AC_DEFINE_UNQUOTED([DEFAULT_CONFIG_FILE], ["$default_config_file"], [The default configuration file]) AC_SUBST([DEFAULT_CONFIG_FILE], [$default_config_file]) -if test -z $INIT_TYPE; then +if test -z "$INIT_TYPE"; then INIT_TYPE=undetected elif test $INIT_TYPE = systemd; then AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir]) @@ -2123,8 +2861,23 @@ fi dnl ----[ Process output target ]---- echo +# Tidy up some strings +KA_CPPFLAGS=`echo $KA_CPPFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_CFLAGS=`echo $KA_CFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LDFLAGS=`echo $KA_LDFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LIBS=`echo $KA_LIBS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` + +# Tidy up some strings +KA_CPPFLAGS=`echo $KA_CPPFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_CFLAGS=`echo $KA_CFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LDFLAGS=`echo $KA_LDFLAGS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` +KA_LIBS=`echo $KA_LIBS | sed -e "s/ */ /g" -e "s/^ //" -e "s/ $//"` + AC_OUTPUT +# Restore lib/config_warnings.h.in +mv ${CONFIG_WARNINGS}.sav ${CONFIG_WARNINGS} + dnl ----[ Display current configuration ]---- cat < is one of on|off|true|false|yes|no or omitted which defaults to on - -0.2. Conditional configuration and configuration id - -The config-id defaults to the first part of the node name as returned by -uname, and can be overridden with the -i or --config-id command line option. - -Any configuration line starting with (i.e. before any whitespace) '@' is a -conditional configuration line. The word immediately following (i.e. -without any space) the '@' character is compared against the config-id, -and if they don't match, the configuration line is ignored. - -Alternatively, '@^' is a negative comparison, so if the word immediately -following does NOT match the config-id, the configuration line IS included. - -The purpose of this is to allow a single configuration file to be used for -multiple systems, where the only differences are likely to be the router_id, -vrrp instance priorities, and possibly interface names. - -For example: - -global_defs -{ -@main router_id main_router -@backup router_id backup_router -} -... -vrrp_instance VRRP1 { - ... -@main unicast_src_ip 1.2.3.4 -@backup unicast_src_ip 1.2.3.5 -@backup2 unicast_src_ip 1.2.3.6 - - unicast_peer { -@^main 1.2.3.4 -@^backup 1.2.3.5 -@^backup2 1.2.3.6 - } -} - -If keepalived is invoked with -i main, or if -i is not specified and the node -name is main.SOMETHING, then the router_id will be set to main_router, -if invoked with -i backup, or the node name is backup, then backup_router, -if not invoked with -i and the node name is not main or backup, or with --i anything else, then the router_id will not be set. - -The unicast peers for main will be 1.2.3.5 and 1.2.3.6. - -0.3. Scripts - -There are three classes of scripts can be configured to be executed. - -a. Notify scripts that are run when a vrrp instance or vrrp group changes state, - or a virtual server quorum changes between up and down. - -b. vrrp tracking scripts that will cause vrrp instances to go down it they exit - a non-zero exist status, or if a weight is specified will add or subtract the - weight to/from the priority of that vrrp instance. - -c. LVS checker misc scripts that will cause a real server to be configured down - if they exit with a non-zero status. - -By default the scripts will be executed by user keepalived_script if that user -exists, or if not by root, but for each script the user/group under which it is -to be executed can be specified. - -There are significant security implications if scripts are executed with root -privileges, especially if the scripts themselves are modifiable or replaceable -by a non root user. Consequently, security checks are made at startup to ensure -that if a script is executed by root, then it cannot be modified or replaced by -a non root user. - -All scripts should be written so that they will terminate on receipt of a SIGTERM -signal. Scripts will be sent SIGTERM if their parent terminates, or it is a script -the keepalived is awaiting its exit status and it has run for too long. - -0.4 include directive - -It is possible to include further configuration files from within a configuration -file, and this can be done to any depth. - -The format of the include directive is: -include FILENAME - -FILENAME can be a fully qualified or relative pathname, and can include wildcards, -including csh style brace expressions such as "{foo/{,cat,dog},bar}" if glob() -supports them. - -After opening an included file, the current directory is set to the directory of -the file itself, so any relative paths included from a file are relative to the -directory of the including file itself. - -0.5 Parameter substitution - -Substitutable parameters can be specified. The format for defining a parameter is: -$PARAMETER=VALUE -where there must be no space before the '=' and only whitespace may preceed to '$'. -Empty values are allowed. - -Parameter names can be made up of any combination of A-Za-z0-9 and _, but cannot start -with a digit. Parameter names starting with an underscore should be considered -reserved names that keepalived will define for various pre-defined options. - -After a parameter is defined, any occurrence of $PARAMETER followed by -whitespace, or any occurrence of ${PARAMETER} (which need not be followed by -whitespace) will be replaced by VALUE. - -Replacement is recursive, so that if a parameter value itself includes a -replaceable parameter, then after the first substitution, the parameter -in the value will then be replaced; the substitution is done at replacement -time and not at definition time, so for example: - -$ADDRESS_BASE=10.2.${ADDRESS_BASE_SUB} -$ADDRESS_BASE_SUB=0 - ${ADDRESS_BASE}.100/32 -$ADDRESS_BASE_SUB=10 - ${ADDRESS_BASE}.100/32 - -will produce: - 10.2.0.100/32 - 10.2.10.100/32 - -Note in the above examples the use of both ADDRESS_BASE and ADDRESS_BASE_SUB -required braces ({}) since the parameters were not followed by whitespace -(after the first substitution which produced 10.2.${ADDRESS_BASE_SUB}.100/32 -the parameter is still not followed by whitespace). - -If a parameter is not defined, it will not be replaced at all, so for -example ${UNDEF_PARAMETER} will remain in the configuration if it is -undefined; this means that existing configuration that contains a '$' -character (for example in a script definition) will not be changed so -long as no new parameter definitions are added to the configuration. - -Parameter substitution works in conjunction with conditional configuration. -For example: -@main $PRIORITY=240 -@backup $PRIORITY=200 -... -vrrp_instance VI_0 { - priority $PRIORITY -} - -will produce: -... -vrrp_instance VI_0 { - priority 240 -} -if the config_id is main. - -$IF_MAIN=@main -$IF_MAIN priority 240 - -will produce - priority 240 -if the config_id is main and nothing if the config_id is not main, although -why anyone would want to use this rather than simply -@main priority 240 -is not known. - -Multiline definitions are also suppored, but when used there must be nothing on -the line after the parameter name. A multiline definition is specified by ending -each line except the last with a '\' character. - -Example: - -$INSTANCE= \ -vrrp_instance VI_${NUM} { \ - interface eth0.${NUM} \ - use_vmac vrrp${NUM}.1 \ - virtual_router_id 1 \ -@high priority 130 \ -@low priority 120 \ - advert_int 1 \ - virtual_ipaddress { \ - 10.0.${NUM}.254/24 \ - } \ - track_script { \ - offset_instance_${NUM} \ - } \ -} - -$NUM=0 -$INSTANCE - -$NUM=1 -$INSTANCE - -The use of multiline definitions can be nested. - -Example: - -$RS= \ - real_server 192.168.${VS_NUM}.${RS_NUM} 80 { \ - weight 1 \ - inhibit_on_failure \ - smtp_alert \ - MISC_CHECK { \ - misc_path "${_PWD}/scripts/vs.sh RS_misc.${INST}.${VS_NUM}.${RS_NUM}.0 10.0.${VS_NUM}.4:80->192.168.${VS_NUM}.${RS_NUM}:80" \ - } \ - MISC_CHECK { \ - misc_path "${_PWD}/scripts/vs.sh RS_misc.${INST}.${VS_NUM}.${RS_NUM}.1 10.0.${VS_NUM}.4:80->192.168.${VS_NUM}.${RS_NUM}:80" \ - } \ - notify_up "${_PWD}/scripts/notify.sh RS_notify.${INST}.${VS_NUM}.${RS_NUM} UP 10.0.${VS_NUM}.4:80->192.168.${VS_NUM}.${RS_NUM}:80" \ - notify_down "${_PWD}/scripts/notify.sh RS_notify.${INST}.${VS_NUM}.${RS_NUM} DOWN 10.0.${VS_NUM}.4:80->192.168.${VS_NUM}.${RS_NUM}:80" \ - } - -$VS= \ -virtual_server 10.0.${VS_NUM}.4 80 { \ - quorum 2 \ - quorum_up "${_PWD}/scripts/notify.sh VS_notify.${INST} UP 10.0.${VS_NUM}.4:80" \ - quorum_down "${_PWD}/scripts/notify.sh VS_notify.${INST} DOWN 10.0.${VS_NUM}.4:80" \ -$RS_NUM=1 \ -$RS \ -$RS_NUM=2 \ -$RS \ -$RS_NUM=3 \ -$RS \ -} - -$VS_NUM=0 -$ALPHA=alpha -$VS - -$VS_NUM=1 -$ALPHA= -$VS - -The above will create 2 virtual servers, each with 3 real servers - - -0.5.1 Pre-defined definitions - -The following pre-defined definitions are defined: -${_PWD} The directory of the current configuration file - (this can be changed if using the include directive). -${_INSTANCE} The instance name (as defined by the -i option, defaults - to hostname). - -Additional pre-defiend definitions will be added as their need is identified. -It will normally be quite straightforward to add additional pre-defiend -definitions, so if you need one, or have a good idea for one, then raise -an issue at https://github.com/acasson/keepalived/issues requesting it. - -0.6 Sequence blocks - -A line starting ~SEQ(var, start, step, end) will cause the remainder of the -line to be processed multiple times, with the variable $var set initially to -start, and then $var will be incremented by step repeatedly, terminating when -it is greater than end. step may be omitted, in which case it defaults to 1 or --1, depending on whether end is greater or less than start. Start may also be -omitted, in which case it defaults to 1 if end > 0 or -1 if end < 0. - -For example: - ~SEQ(SUBNET, 0, 3) ip_address 10.0.$SUBNET.1 -would produce: - ip_address 10.0.0.1 - ip_address 10.0.1.1 - ip_address 10.0.2.1 - ip_address 10.0.3.1 - -There can be multiple ~SEQ elements on a line, so - $VI4= \ - vrrp_track_file offset_instance_4.${IF}.${NUM}.${ID} { \ - file "${_PWD}/679/track_files/4.${IF}.${NUM}.${ID}" \ - weight -100 \ - } \ - \ - vrrp_instance vrrp4.${IF}.${NUM}.${ID} { \ - interface bond${IF}.${NUM} \ - use_vmac vrrp4.${IF}.${NUM}.${ID} \ - virtual_router_id ${ID} \ - priority 130 \ - virtual_ipaddress { \ - 10.${IF}.${NUM}.${ID}/24 \ - } \ - \ - track_file { \ - offset_instance_4.${IF}.${NUM}.${ID} \ - } \ - } - - ~SEQ(IF,0,7) ~SEQ(NUM,0,31) ~SEQ(ID,1,254) $VI4 - -will produce 65024 vrrp instances with names from vrrp4.0.0.1 through to -vrrp4.7.31.254. - -0.7 Quoted strings - -Quoted strings are specified between " characters; more specifically a string -will only end after a quoted string if there is whitespace afterwards. For -example, -"abcd" efg h jkl "mnop" -will be the single string "abcd efg h jkl mnop", i.e. the embedded " characters -are removed. - -Quoted strings can also have escaped characters, like the shell. \a, \b, \E, \f, -\n, \r, \t, \v, \nnn and \xXX (where nnn is up to 3 octal digits, and XX is any -sequence of hex digits) and \cC (which produces the control version of -character C) are all supported. \C for any other character C is just -treated as an escaped version of character C, so \\ is a \ character, and -\" will be a " character, but it won't start or terminate a quoted string. - -For specifying scripts with parameters, unquoted spaces will separate the -parameters. If it is required for a parameter to contain a space, it should -be enclosed in single quotes ('). - -0.8 Configuration file syntax parser - -Traditionally the configuration file parser has not been one of the strengths of -keepalived. yukki maintains a project on github that is a keepalived syntax -checker that may be of use. It can be downloaded from https://github.com/yuuki/gokc - -1. Globals configurations - -This block is divided in 5 sub-blocks : - - * Global definitions - * Static track groups - * Static addresses - * Static rules - * Static routes - - 1.1. Global definitions - - The configuration block looks like : - -global_defs { # Block identification - notification_email { # Email address to send alerts to - # Standard email address - - ... - } - notification_email_from # Email From dealing with SMTP proto - # defaults to keepalived@ - smtp_server
| [] - # SMTP server IP address or domain name - # with optional port number (defaults to 25) - smtp_helo_name # name to use in HELO messages - # defaults to local host name - smtp_connect_timeout # Number of seconds timeout connect - # remote SMTP server - smtp_alert # Sets default state for all smtp_alerts - smtp_alert_vrrp # Sets default state for vrrp smtp_alerts - smtp_alert_checker # Sets default state for checker smtp_alerts - no_email_faults # Don't send smtp alerts for fault conditions - router_id # String identifying router - vrrp_garp_interval # Sets the default interval between Gratuitous ARP - # (in seconds, resolution microseconds) - vrrp_gna_interval # Sets the default interval between unsolicited NA - # (in seconds, resolution microseconds) - vrrp_mcast_group4 # optional, default 224.0.0.18 - vrrp_mcast_group6 # optional, default ff02::12 - vrrp_skip_check_adv_addr # Checking all the addresses in a received VRRP advert can be time consuming. - # Setting this flag means the check won't be carried out if the advert is - # from the same master router as the previous advert received. - # Default: Don't skip. - default_interface # sets the default interface for static addresses, default eth0 - lvs_sync_daemon [id ] [maxlen ] [port ] [ttl ] [group ] - # Binding interface, vrrp instance and optional - # syncid (0 to 255) for lvs syncd - # maxlen (1..65507) maximum packet length - # port (1..65535) UDP port number to use - # ttl (1..255) - # group - multicast group address (IPv4 or IPv6) - # NOTE: maxlen, port, ttl and group are only available on Linux 4.3 or later. - lvs_timeouts [tcp TO] [tcpfin TO] [udp [TO] # LVS session timeouts - lvs_flush # flush any existing LVS configuration at startup - vrrp_garp_master_delay # delay in seconds for second set of gratuitous ARP - # messages after MASTER state transition, default 5. - # 0 means no second set. - vrrp_garp_master_repeat # how many gratuitous ARP messages after MASTER - # state transition should be sent, default 5 - vrrp_garp_lower_prio_delay # delay for second set of gratuitous ARPs after lower - # priority advert received when MASTER - vrrp_garp_lower_prio_repeat # number of gratuitous ARP messages to send at a time - # after lower priority advert received when MASTER - vrrp_garp_master_refresh # Periodic delay in seconds sending - # gratuitous ARP while in MASTER state - # Default: 0 (no refreshing) - vrrp_garp_master_refresh_repeat # how many gratuitous ARP messages should be sent - # at each periodic repeat - # Default: one (per period) - vrrp_lower_prio_no_advert [] # If a lower priority advert is received, just discard - # it and don't send another advert. This causes adherence - # to the RFCs. - vrrp_higher_prio_send_advert [] # If we are master and receive a higher priority - # advert, send an advert (which will be lower priority - # than the other master), before we transition to - # backup. This means that if the other master has - # garp_lower_priority_repeat set, it will resend garp - # messages. This is to get around the problem of their - # having been two simultaneous masters, and the last GARP - # messages seen were from us. - vrrp_version # Default VRRP version (default 2) - vrrp_iptables [keepalived_in [keepalived_out]] # default INPUT - # Specifies the iptables chains to add entries to - # If no table names are specied, no entries are added - vrrp_ipsets ipset4 [ipset6 [ipset_if6]] # Set the ipset set names to use. If no names are specified, - # ipsets will not be used. The default ipset4 name is 'keepalived'. - # If ipset6 is not specified, '6' as appended to the ipset4 name. - # If ipset_if6 is not specified, any trailing '6' from ipset6 - # is removed and '_if6' appended - vrrp_check_unicast_src # Check source address of a unicast packet is a - # unicast peer - vrrp_strict # Enforce strict VRRP protocol compliance. This will prohibit: - # 0 VIPs - # unicast peers - # IPv6 addresses in VRRP version 2 - # Sets: - # vrrp_lower_priority_dont_send_advert - # - # The following 4 options can be used if vrrp or checker processes - # are timing out. This can be seen by a backup vrrp instance becoming - # master even when the master is still running, due to the master or - # backup systems being busy, they are not processing the vrrp packets. - vrrp_priority # Set the vrrp child process priority (negative values increase priority) - checker_priority # Set the checker child process priority - bfd_priority # Set the BFD child process priority - vrrp_no_swap # Set the vrrp child process non swappable - checker_no_swap # Set the checker child process non swappable - bfd_no_swap # Set the BFD child process non swappable - vrrp_rt_priority # Set the vrrp child process to use real-time scheduling at the specified priority - checker_rt_priority # Set the checker child process to use real-time scheduling at the specified priority - bfd_rt_priority # Set the BFD child process to use real-time scheduling at the specified priority - vrrp_rlimit_rtime # Set the limit on CPU time between blocking system calls, in microseconds (default 10000) - checker_rlimit_rtime # as above - bfd_rlimit_rtime # as above - # - # If keepalived has been build with SNMP support, - # the following keywords are available - # Note: keepalived, checker and rfc support can be - # individually enabled/disabled - snmp_socket :
[:] # specify socket to use for connecting to SNMP master agent (default unix:/var/agentx/master) - # (see source module keepalived/vrrp/vrrp_snmp.c for more details) - enable_snmp_vrrp # enable SNMP handling of vrrp element of KEEPALIVED MIB - enable_snmp_checker # enable SNMP handling of checker element of KEEPALIVED MIB - enable_snmp_rfc # enable SNMP handling of RFC2787 and RFC6527 VRRP MIBs - enable_snmp_rfcv2 # enable SNMP handling of RFC2787 VRRPv2 MIB - enable_snmp_rfcv3 # enable SNMP handling of RFC6527 VRRPv3 MIB - enable_traps # enable SNMP trap generation - # - enable_dbus # enable the DBus interface - dbus_service_name SERVICE_NAME # Name of DBus service (default org.keepalived.Vrrp1) - # Useful if you want to run multiple keepalived processes with DBus enabled - # - script_user USERNAME [GROUPNAME] # Specify the default username/groupname to run scripts under - # If groupname is not specified, the group of the user is used. - # If this option is not specified, the user defaults to keepalived_script - # if that user exists, otherwise root. - enable_script_security # Don't run scripts configured to be run as root if any part of the path - # is writable by a non-root user. - notify_fifo FIFO_NAME # FIFO to write notify events to - # See vrrp_notify_fifo and lvs_notify_fifo for format of output - # For further details, see the description under vrrp_sync_group see - # doc/samples/sample_notify_fifo.sh for sample usage. - notify_fifo_script STRING|QUOTED_STRING [username [groupname]] - # script to be run by keepalived to process notify events - # The FIFO name will be passed to the script as the last parameter - vrrp_notify_fifo FIFO_NAME # FIFO to write vrrp notify events to (must be different from other FIFO names) - # The string written will be a line of the form: INSTANCE "VI_1" MASTER 100 - # and will be terminated with a new line character. - # For further details of the output, see the description under vrrp_sync_group - # and doc/samples/sample_notify_fifo.sh for sample usage. - vrrp_notify_fifo_script STRING|QUOTED_STRING [username [groupname]] - # script to be run by keepalived to process vrrp notify events - # The FIFO name will be passed to the script as the last parameter - lvs_notify_fifo FIFO_NAME # FIFO to write notify healthchecker events to (must be different from other FIFO names) - # The string written will be a line of the form: - # VS [192.168.201.15]:tcp:80 {UP|DOWN} - # RS [1.2.3.4]:tcp:80 [192.168.201.15]:tcp:80 {UP|DOWN} - # and will be terminated with a new line character. - lvs_notify_fifo_script STRING|QUOTED_STRING [username [groupname]] - # script to be run by keepalived to process healthchecher notify events - # The FIFO name will be passed to the script as the last parameter - dynamic_interfaces [allow_if_changes] # Allow configuration to include interfaces that don't exist at startup. - # This allows keepalived to work with interfaces that may be deleted - # and restored and also allows virtual and static routes and rules on - # VMAC interfaces. - # allow_if_changes allows an interface to be deleted and recreated with a - # different type or underlying interface, eg changing from vlan to macvlan - # or changing a macvlan from eth1 to eth2. This is predominantly used for - # reporting duplicate VRID errors at startup if allow_if_changes is not set. - - # The following options are only needed for large configurations, where either - # keepalived creates a large number of interface, or the system has a large - # number of interface. These options only need using if - # "Netlink: Receive buffer overrun" messages are seen in the system logs. - # If the buffer size needed exceeds the value in /proc/sys/net/core/rmem_max - # the corresponding force option will need to be set. - vrrp_netlink_cmd_rcv_bufs BYTES # Set netlink receive buffer size. This is useful for - vrrp_netlink_cmd_rcv_bufs_force # very large configurations where a large number of interfaces exist, and - vrrp_netlink_monitor_rcv_bufs BYTES # the initial read of the interfaces on the system causes a netlink buffer - vrrp_netlink_monitor_rcv_bufs_force # overrun. - lvs_netlink_cmd_rcv_bufs BYTES # The vrrp netlink command and monitor socket and the checker command - lvs_netlink_cmd_rcv_bufs_force # and monitor socket buffer sizes can be independently set. - lvs_netlink_monitor_rcv_bufs BYTES # The force flag means to use SO_RCVBUFFORCE, so that the buffer size can - lvs_netlink_monitor_rcv_bufs_force # exceed /proc/sys/net/core/rmem_max. - - # When a socket is opened, the kernel configures the max rx buffer size for - # the socket to /proc/sys/net/core/rmem_default. On some systems this can be - # very large, and even generally this can be much larger than necessary. - # This isn't a problem so long as keepalived is reading all queued data from - # it's sockets, but if rmem_default was set sufficiently large, and if for - # some reason keepalived stopped reading, it could consume all system memory. - # The vrrp_rx_bufs_policy allows configuring of the rx bufs size when the - # sockets are opened. If the policy is MTU, the rx buf size is configured - # to the total of interface's MTU * vrrp_rx_bufs_multiplier for each vrrp - # instance using the socket. Likewise, if the policy is ADVERT, then it is - # the total of each vrrp instances advert packet size * multiplier. - # If policy is set to a number, the rx buf size is configured to that number. - vrrp_rx_bufs_policy [MTU|ADVERT|NUMBER] # default is to use system default - vrrp_rx_bufs_multiplier NUMBER # default 3 - - rs_init_notifies # Send notifies at startup for real servers that are starting up - no_checker_emails # Don't send an email every time a real server checker changes state; - # only send email when a real server is added or removed - umask [NUMBER|BITS] # The umask to use for creating files. The number can be specified in hex, octal - # or decimal. BITS are I{R|W|X}{USR|GRP|OTH}, e.g. IRGRP, separated by '|'s. - # The default umask is IWGRP | IWOTH. This option cannot override the - # command-line option. -} - -net_namespace NAME # Set the network namespace to run in - # The directory /var/run/keepalived will be created as an unshared mount point, - # for example for pid files. - # syslog entries will have _NAME appended to the ident. - # Note: the namespace cannot be changed on a configuration reload -namespace_with_ipsets # ipsets wasn't network namespace aware until Linux 3.13, and so if running with - # an earlier version of the kernel, by default use of ipsets is disabled if using - # a namespace and vrrp_ipsets isn't specified. - # This options overrides the default and allows ipsets to be used - # with a namespace on kernels prior to 3.13. - -instance NAME # If multiple instances of keepalived are run in the same namespace, this will - # create pid files with NAME as part of the file names, in /var/run/keepalived. - # Note: the instance name cannot be changed on a configuration reload - -use_pid_dir # Create pid files in /var/run/keepalived - -linkbeat_use_polling # Use media link failure detection polling fashion - -child_wait_time SECS # Time for main process to allow for child processes to exit on termination - # in seconds (default 5). This can be needed for very large configurations. - - 1.2. Static track groups - - Static track groups are used to allow vrrp instances to track static addresses, - routes and rules. If a static address/route/rule specifies a track group, then - if the address/route/rule is deleted, the vrrp instance will transition to backup, - or to fault state if the address/route/rule cannot be re-added. - - The syntax for a track group is: - - track_group GROUP1 { - group { - VI_1 - VI_2 - } - } - - 1.3. Static addresses - - The configuration block looks like : - -static_ipaddress { # block identification - # If no dev element is specified, it defaults to the default_interface (default eth0) - # The track_group specification refers to a named track_group which lists the vrrp instances which - # will track the address, i.e. if the address is deleted and cannot be restored the vrrp instances - # will transition to fault state. - # no_track means that the address will not be reinstated if it is deleted - # Note: the broadcast address may be specified as '-' or '+' to clear or set the host - # bits of the address. - [/] [brd ] [dev ] [scope ] [label