ChangeLog

2018-08-23 Alexandre Cassen <acassen@gmail.com>
	* keepalived-2.0.7
	* Fix buffer overflow in extract_status_code().
	  Issue #960 identified that the buffer allocated for copying the
	  HTTP status code could overflow if the http response was corrupted.
	  This commit changes the way the status code is read, avoids copying
	  data, and also ensures that the status code is three digits long,
	  is non-negative and occurs on the first line of the response.
	* Some fixes for config-test.
	* Change ka_config_error() to report_config_error().
	* Read interface addresses when doing config-test.
	* Update documentation re garp_lower_prio_repeat.
	* Add comment re tracking routes with nexthops doesn't work.
	* Fix handling of default_interface
	  Issue #963 identified that default_interface wasn't being set
	  correctly. The problem was that the configuration was read by the
	  parent process, but the parent process doesn't know about the
	  system interfaces.
	  Fix commit makes the vrrp process set the default interface when
	  it starts.
	* Fix a segfault in checker process on reload
	  Issue #955 identified a segfault when keepalived reloads. This
	  was caused by attempting to set the receive buffer size on a
	  netlink socket that was not open. It now only attempts to set
	  buffer sizes on the netlink sockets that are open.
	* Use report_config_error() in check_parser.c.
	* Don't run a sublevel close handler on a skipped configuration block
	  If a configuration block was skipped due to an error, the configuration
	  read won't be valid and may not even exist, so make sure the sublevel
	  end handler isn't run.
	  An example is if a virtual_server block is skipped, then the sublevel
	  end handler would have run against the previous (if any) virtual_server,
	  and if there hadn't been a previous virtual_server block it could
	  segfault.
	* Tidy up use of inet_stosockaddr.
	* Add more error checking to read_timer() and its uses.
	* Add validation of lvs_sched.
	* Use report_config_error() in checker parsers
	  Thwese should have been included in commit ead70947 -
	  "Update config-test".
	* Add stronger validation of numeric fields
	  Issue #955 identified that invalid parameters in advert_int, delay_loop,
	  lb_algo/lvs_sched, lb_kind/lvs_method, quorum, ip_family, virtual_server
	  and real_server ports, weights and connect_timeout were not being reported.
	  This commit will now report any errors in those fields, and a number of
	  other fields.
	* Improve parsing of virtual_router_id.
	* Allow virtual server ports not to be specified
	  If the service is persistent, a "wild-card" port can be used.
	* Prepend WARNING to read_int/unsigned/double messages if not rejecting
	  read_int()/read_unsigned()/read_double() can output log messages if
	  the syntax is invalid but the configuration is being accepted, e.g.
	  parsing 12zyx will return 12 if _STRICT_CONFIG_ is not defined. In
	  this case we want to indicate that the entry is not valid, but we
	  are still processing it, so prepend the error message with WARNING.
	* Improve parsing of virtual server group address ranges
	  An address range of 10.9.8.7-10.9.8.15 was parsed as 10.9.8.7-10
	  and no error was reported, although someone might have expected
	  that this would mean 10.9.8.7-15.
	  keepalived will now report a configuration warning, and if
	  keepalived is configured with --enable-strict-config-checks the
	  configuration will be rejected.
	* Restore original string in inet_stosockaddr()
	  If there was a '-' or a '/' after the address, the string was modified
	  to terminate at that point. This commit now restores the original string.
	* Allow keepalived to run with --config-test when live instance running.
	* Report errors for invalid smtp_server.
	* Remove inet_stom() - it was not used
	  inet_stom used atoi which is unsafe. Since the function was not used,
	  it has been simply removed.
	* Rename read_(int|unsigned|double) read_(int|unsigned|double)_strvec
	  Want to be able to have equivalent functions just being passed a string,
	  so rename the functions using strvec to be explicit about that.
	* Fix config dump for vrrp_garp_lower_prio_delay.
	* Fix config dump of vrrp garp_refresh.
	* Make config dump write fraction part of vrrp preempt delay.
	* Simplify config dump of garp/gna_interval.
	* dd config dump for VRRP/checker/BFD realtime_priority/limit.
	* Ensure structure fully initialised for sched_setscheduler.
	* Make set_process_dont_swap() and set_process_priority() static functions.
	* Minimise time when keepalived runs with realtime priority
	  keepalived shouldn't use realtime priority when it is loading or
	  reloading configurations, so delay setting realtime priorities, and
	  revert to stardard scheduling when terminating or reloading.
	* Report user/system CPU time used when exit with detailed logging.
	* Make default rlimit_rtime 10000 microseconds
	  The previous default of 1000 microseconds was insufficient
	* Stop using atoi for readong configuration weight.
	* Make read_unsigned, read_int, read_double for parsing strings
	  These functions are analogous to read_unsigned_strvec, read_int_strvec
	  and read_double_strvec, but take strings as the parameter rather than
	  a strvec.
	* Stop using atoi for parsing mask of ip addresses.
	* Stop using atoi for reading VRID in Dbus code.
	* Stop using atoi for reading vrrp debug level, and add to conf dump.
	* Stop using atoi for parsing garp_refresh.
	* Stop using atoi for parsing preempt_delay.
	* Stop using atoi for parsing garp_lower_prio_repeat.
	* Stop using atoi for parsing vrrp script rise.
	* Stop using atoi for parsing vrrp script fall.
	* Stop using atoi for parsing garp_interval/gna_interval
	* Stop using atoi for parsing smtp status code
	* Stop using atoi for parsing realtime scheduling priority
	* Stop using atoi for parsing process priorities
	* Stop using atoi for parsing global garp/gna_interval
	* top using atoi for parsing genhash port number
	* Stop using atoi for parsing tcp_server port number
	* Stop using atoi for parsing command line log facility.
	* update documentation to show range of bfd weights
	* Ensure read_unsigned() detects negative numbers.
	* Stop using atoi to parse HTTP_GET status code.
	* Stop using atoi to parse checker port numbers.
	* Use read_unsigned() for domain/inet_stosockaddr port.
	* Make read_unsigned_strvec() recognise minus sign after spaces
	  It is possible have a word read from the configuration start with
	  spaces it is is enclosed in quotes, which are then removed, but
	  the leading spaces aren't removed.
	* Make get_u8()/get_u16()/get_u32() use read_unsigned().
	* Make get_u64() properly detect -ve numbers.
	* Make get_time_rtt() properly detect -ve numbers.
	* Make get_addr64() handle whitespace properly and disallow '-' signs
	  Skip leading whitespace, don't allow embedded whitespace, and don't
	  allow minus signs.
	* Make get_addr64() and parse_mpls_address handle whitespace
	* Change more log_message() to report_config_error() in vrrp_iproute.c.
	* Improve use of strtoul() in rttables.c.
	* Implement get_u64() in same way as get_u8() etc.
	* Fix print format specifier in read_unsigned_base
	* Correct error message for garp_master_refresh
	* Remove \n from error message.
	* Allow round trip time to be UINT32_MAX
	* Change mix_rx to min_rx for bfd_instance in documentation.
	* Make bfd_parser use read_unsigned_strvec() etc rather than strtoul().
	* Fix config dump for BFD instance timers.
	* Fix handling of ip rule ipproto option.
	* Add read_unsigned_base_strvec() to allow number base to be specified
	  This requires renaming static functions read_int_int() etc to
	  read_int_base() etc.
	* Minimise and improve use of strtoul() etc in parsing ip rules.
	* Use read_int_strvec() for vrrp_version.
	* Use read_int_strvec() instead of strtol() in vrrp_parser.c.
	* Use read_int_strvec() instead of strtol() etc in check_parser.c.
	* Use read_int_strvec() instead of strtol() etc in check_data.c.
	* Improve strtoul handling for '--log_facility' command line option.
	* Add documentation for lvs_timeouts config option.
	* Allow vrrp garp_delay to be 0 in accordance with documentation.
	* Use read_int_strvec() instead of strtol() etc in global_parser.c.
	* Corret end of line detection in genhash.
	* Improve genhash command line parsing use of strtoul.
	* Replace CHECKER_VALUE_INT with read_unsigned_strvec due to use of strtoul.
	* Remove CHECKER_VALUE_UINT definition since no longer used.
	* Add conditional compilation around variable not always used.
	* Only read interfaces in VRRP process.
	* Enable --config-test to work with BFD configuration.
	* Only add garp_delay_t's to interfaces used by VRRP instances
	  There is no point allocating a garp_delay_t to an interface that
	  isn't used by a VRRP instance, so this commit make keepalived only
	  allocate garp_delay_t scructures to the used interfaces.
	  In addition, when the configuration is dumped, list the interfaces
	  relevant to each garp_delay_t.
	* Add logging command line options if keepalived segfaults.
	* Don't free tcp checker data field on exit, since not used.
	* Report configuration file line numbers when errors
	  Following the recent series of commits for better validation of
	  the configuration, and the move to reporting all configuration
	  errors through report_config_error(), it is now feasible to report
	  the configuration file line number on when the error occurs.
	* Rationalise error messages when reading configuration
	  Now that configuration file line numbers are reported, the error
	  messages can be simplified since the context doesn't need to be
	  given in the detail as before.
	* Return NULL rather than false as a pointer in parser.c
	* Fix an infinite loop when parsing certain parameter substitutions
	  If a multiline definition had text after the '=' sign, keepalived
	  would loop.
	* Fix a multiline parameter substitution having a replacement on 1st line
	  If a multiline parameter definition had a replaceable parameter or a
	  definition on the first non-blank line, it wasn't being handled. This commit
	  ensures that replaceable parameters/definitions on the first line are
	  handled correctly.
	* Add logging command line options when keepalived starts.
	* Change some log_message() to report_config_error() in vrrp_sync.c.
	* Improve handling of select() returning an error
	  If select returned an error, the code was processing the returned
	  timeout and fds as though they were valid. This commits logs an
	  error the first time, sleeps for 1 second if it is a programming
	  error, and then sets up the select call again.
	* Remove DBG() statement left over in previous commit.
	* improve doc spelling.
	* Add mh scheduler for LVS
	  This is similar to the sh scheduler. Options are the same but we
	  duplicate everything. An alternative would have been to reuse the
	  names for the sh scheduler.
	  The mh scheduler is supported starting from Linux 4.18. It's a
	  consistent hash scheduler.
	* manpage update and re-visited.
	  keepalived.conf.5 be considered as THE exhaustive source of information
	  in order to configure Keepalived. This documenation is supported and
	  maintained by Keepalived Core-Team.
	* Fix errors in KEEPALIVED-MIB.txt
	  Commit 181858d - "Add mh scheduler for LVS" introduced a couple
	  of formatting errors, and didn't update the revision date.
	* Some SNMP library handling improvements.
	* Stop bfd -- vrrp pipe read timing out
	  There is no need for a timeout on reading the pipe, so set the
	  timeout to TIMER_NEVER.
	* manpage updates
	  Update manpage to make html convertion easy. This manpage is now
	  sitting in documentation tab of Keepalived website.
	* Update libnl_link.c
	  SegFault when launch with dynamic LIBNL because of loading symbol
	  from wrong library.
	* Fix building rpm package and instructions
	  Issue #977 identified that the instructions in the INSTALL file
	  were incorrect.
	* Adds regex pattern matching for HTTP_GET and SSL_GET.
	* Remove pcre build tests from Travis-CI
	  Travis-CI environments are too old to support libpcre2, so we have
	  to remove it.
	* Fix #980: coredump on start when logfile cannot be accessed.
	* Don't loop forever if configuration has unknown replaceable parameter.

2018-07-23 Quentin Armitage <quentin@armitage.org.uk>
	* keepalived-2.0.6
	* Fix genhash digest calculation. The bracketting in HASH_UPDATE was wrong.
	* Bring keepalived(8) man page up to date.
	* Fix segfault when IPVS_DEST_ATTR_ADDR_FAMILY not defined.
	  Issue #938 identified a segfault on the checker process when using
	  CentOS/RHEL 6. It turned out that conditional compilation check
	  for IPVS_DEST_ATTR_ADDR_FAMILY was not being handled correctly.
	* Don't create a link-local address for vmac when vmac_xmit_base is set
	  Since commit 18ec95add483 ("Make vmac_xmit_base work for IPv6
	  instances") VRRP advertisements are sent from the base interface and not
	  from the vmac interface when vmac_xmit_base is set.
	  Therefore, there is no need to configure a link-local address on the
	  vmac interface. This also means that we don't need to regenerate a
	  link-local address for the vmac if the link-local address was removed
	  from the base interface, or inherit a link-local address in case one was
	  configured on the base interface.
	* Fix setting i/f params on a bridge underlying i/f of a VMAC
	  Issue #944 identified that when the underlying interface of a VMAC
	  interface was a bridge, keepalived was failing to set arp_ignore and
	  arp_filter in the underlying bridge interface. The problem appears to
	  lie in the libnl3 library. The description of the problem given in the
	  issue report was:
	    Problem is that ifi_family is set to AF_BRIDGE, whereas it should be set
	    to AF_UNSPEC. The kernel function that handles RTM_SETLINK messages for
	  AF_BRIDGE doesn't know how to process the IFLA_AF_SPEC attribute.
	  This commit stops using libnl3 for setting/clearing arp_ignore and
	  arp_filter, and directly constructs the netlink messages in keepalived.
	* Use RTM_NEWLINK rather than RTM_SETLINK for setting i/f options
	  libnl3 uses RTM_NEWLINK rather than RTM_SETLINK for setting
	  interface options when ifi_family is AF_UNSPEC, so update commit
	  9b2b2c9 - "Fix setting i/f params on a bridge underlying i/f of
	  a VMAC" to do likewise.
	* Fix creating VMACs on 2.6.32 and earlier kernels
	  RTM_NEWLINK didn't support specifying interface by name until
	  Linux 2.6.33, and if using an earlier kernel, the netlink call
	  failed. This meant that the VMAC was not enabled.
	* Fix setting arp_ignore and arp_filter on bridge interfaces.
	* Add diagnostic message if vrrp script time out and kill fails.
	* Fix compile errors and warnings when building with --enable-debug.
	* Don't do md5 check unless configured.
	* In http_handle_response() combine fetched_url and url
	  fetched_url and url always pointed to the same url, so only use
	  one variable.
	* Store and handle HTTP_GET digest in binary form
	  Configured digests were being stored in character string form, and
	  the calculated digests were converted to strings. This commit now
	  handles digests as fixed length binary data, and validates the
	  configured digests to make sure they are valid hex strings with
	  the correct length.
	* Add support for quote and escape handling of notify and other scripts.
	  Notify and other scripts need to be able to be configured with embedded
	  spaces, quotes and special characters for the command and the parameters.
	  This commit adds that ability.
	* When checking script file path, only replace name part if same file.
	  Some executables are in the filesystem as symbolic links, and alter
	  their functionality based on the file part of the name. This was being
	  incorrectly handled by keepalived, which now checks whether a file exists
	  using the original name, and it it does whether it is the same file.
	* Remove cmd_str from notify_script_t
	  The cmd_str string (sort of) duplicated what was in the args array
	  of a notify_script_t, but was not always accurate. With the removal
	  of cmd_str, whenever it needs to be output, the string is now
	  generated from the args array, so accurately reflects what is
	  actually executed.
	* Add quoting and escaping for script configuration, and other minor changes.
	* Use vsyslog() if available instead of syslog().
	* Report virtual server as well as real server when config dump checker.
	* Only report IP_MULTICAST_ALL unset for IPv4 sockets
	  Commit 6fb5980 - "Stop receive message queues not being read on send
	  sockets" added a warning if data was received on vrrp send sockets, since
	  setting IP_MULTICAST_ALL should stop packets being received, but older
	  kernels still queued packets.
	  It has now been discovered the IP_MULTICAST_ALL (of course) only applies
	  to IPv4 and so the warning only makes sense for IPv4 sockets.
	  I haven't been able to find a way to stop IPv6 multicast packets being
	  received on the send socket. It appears that if any socket adds an IPv6
	  multicast group on an interface, then any raw socket using that interface
	  will recieve all enabled multicast packets, and the receive socket has to
	  add the multicast group.
	* Properly stop packets being queued on vrrp send sockets
	  Commit 6fb5980 - "Stop receive message queues not being read on
	  send sockets" did stop messages building up on the receive queue
	  of vrrp send sockets, but it wasn't an ideal solution, and it also
	  made the assumption that the problem was only occurring due to
	  multicast packets not being filtered when IP_MULTICAST_ALL was set,
	  which appears not to work properly between at least Linux 3.6.11 and
	  3.16. In fact the problem also occurred when using IPv4 unicast and
	  IPv6 in any form, and so has been a long term issue in keepalived.
	  The original solution was to listen on the send socket and discard any
	  packets that were received. This commit takes a completely different
	  solution (many thanks to Simon Kirby for the suggestion) and sets a
	  BPF filter on send sockets that filter out all received packets on the
	  sockets.
	  This commit effectively reverts commit 6fb5980, and the subsequent
	  commits 88c698d8 - "Cancel read thread on send sockets when closing",
	  f981b55d - "Only allow vrrp_rx_bufs_policy NO_SEND_RX if have
	  IP_MULTICAST_ALL", 7ff7ea1f - "Another fix to listening on send socket",
	  and 77d947f7 - "Only report IP_MULTICAST_ALL unset for IPv4 sockets"
	  and partially reverts 4297f0a - "Add options to set vrrp socket receive
	  buffer sizes".
	  This commit removes the configuration option NO_SEND_RX from
	  vrrp_tx_bufs_policy introduced in commit 4297f0a since it is now
	  no longer relevant, because no packets are queued to the send socket.
	* Add newlines to the keepalived.stats output for better readability.
	* Add notify_master_rx_lower_pri script option and FIFO output.
	  If a lower priority router has transitioned to master, there has presumably
	  been an intermittent communications break between the master and backup. It
	  appears that servers in an Amazon AWS environment can experience this.
	  The problem then occurs if a notify_master script is executed on the backup
	  that has just transitioned to master and the script executes something like
	  a `aws ec2 assign-private-ip-addresses` command, thereby removing the address
	  from the 'proper' master. Executing notify_master_rx_lower_pri notification
	  allows the 'proper' master to recover the secondary addresses.
	* Fix malloc'd memory length in open_log_file().

2018-06-29 Quentin Armitage <quentin@armitage.org.uk>
	* keepalived-2.0.5
	* Update config-test option so keepalived exits with status 1 on failure.
	* Fix config write of virtual server group ip addresses.
	* Document default and default6 for virtual/static route destinations.
	* Cancel read thread on send sockets when closing.
	  Commit 4297f0a - "Add options to set vrrp socket receive buffer sizes"
	  added reading on vrrp send sockets to stop receive queues building up
	  on some 3.x kernels. The commit didn't cancel the read thread on the
	  send sockets when the socket was closed, causing several thousand
	  log writes. This commit cancels the read thread.
	* Exit with status 1 if config check fails, and fix terminating when
	  reading send sockets.
	* Stop segfaulting when receive a packet (fixing commit 97aec76).
	  Commit 97aec76 - "Update config-test option so keepalived exits
	  with status 1 on failure" had a test for __test_bit(CONFIG_TEST_BIT)
	  the wrong way round. This commit fixes that.
	* Don't assume rpm is available.
	* Only allow vrrp_rx_bufs_policy NO_SEND_RX if have IP_MULTICAST_ALL.
	* Improve setting up virtual/real servers with virtual server groups.
	  When setting up virtual servers defined by virtual server groups,
	  keepalived was getting confused between fwmarks and ip addresses.
	  This still needs further work, but the setting up of virtual/real
	  servers now works.
	* Fix setting up and deletion of virtual servers with groups
	  Virtual server entries in virtual server groups can be used
	  by multiple virtual_server entries. This commit ensures that
	  virtual servers are not deleted until the last virtual_server
	  instance using the virtual server is removed.
	* Allocate vrrp send buffer during vrrp_complete_instance()
	  Issue #926 identified a segfault. The vrrp send buffer was not being
	  allocated early enough, and was being accessed before being allocated
	  if the checksum algorithm needed updating.
	* Fix vrrp v3 with unicast and IPv4.
	  The checksum calculations were happening in the wrong way, with the
	  wrong data. This commit sorts all that out.
	* Don't set effective priority to 254 when specify dont_track_primary.
	* Make csum_incremental_update16/32 inline.
	* Add --enable-optimise=LEVEL configure option.
	* Remove debug message left in configure.ac from adding --enable-optimise.
	* Fix compiling on CentOS 6.
	  Issue #932 identified that keepalived would not compile on CentOS 6.
	  The problem is that kernel header file linux/rtnetlink.h needs
	  sys/socket.h to be included before linux/rtnetlink.h when using old
	  (e.g. 2.6) kernel headers.
	* Another fix to listening on send socket.
	  Commit 4297f0a - "Add options to set vrrp socket receive buffer sizes"
	  added reading on vrrp send sockets to stop receive queues building up
	  on some 3.x kernels. The commit didn't save the new thread in
	  sock->thread_out when it was added for reading in vrrp_write_fd_read_thread.
	  It now does so.

2018-06-17 Quentin Armitage <quentin@armitage.org.uk>
	* keepalived-2.0.4
	* Make vmac_xmit_base work for IPv6 instances.
	  Issue #917 identified that for IPv6 even when vmac_xmit_base was
	  configured, the adverts were being sent from the vmac interface.
	  This commit makes the packets be sent from the underlying interface
	  when vmac_xmit_base is configured.
	* Handle vmac_xmit_base when interfaces are recreated.
	* Add -t config-test option.
	  Issue #389 has received increasing support to add a configuration
	  validation option. This commit adds the -t/--commit-test option
	  to report any detected configururation errors and exit.
	  Errors are logged to the system log by default, but use of the -g
	  and -G options can make the errors be logged to files.

2018-06-15 Quentin Armitage <quentin@armitage.org.uk>
	* keepalived-2.0.3
	* Fix building with --disables-routes configure option.
	* Fix some compiler warnings on Travis-CI.
	* Fix setting vrrp effective priority on reload.
	* Add tracking of static addresses, routes and rules
	  By default a static address, route or rule will now be reinstated
	  if it is deleted, unless the no_track option is specified.
	  In addition, if a track_group is specified for an address/route/rule
	  then if the address/route/rule cannot be reinstated (e.g. if the
	  specified interface is down or has been deleted), then the vrrp
	  instances specified in the track group will transition to fault state
	  until the interface comes back up.
	  This commit completes the monitoring and reinstatement of addresses
	  routes and rules and means that keepalived should now fully support
	  hot-swap devices.
	* Log when restoring static addresses, routes or rules.
	* Allow static addresses/routes/rules to be configured on VMACs.
	  When VMACs were using an interface name generated by keepalived,
	  if static address/routes/rules had beeon configured on a VMAC
	  interface name, then a different name would be generated for
	  the vrrp instance. This commit now allows the same name to be used.
	* Fix configure when pkg-config --libs returns -L entries.
	* Add log message for advert receive timeout when using log detail (-D).
	* Stop receive message queues not being read on send sockets.
	  We shouldn't receive anything on vrrp send sockets since IP_MULTICAST_ALL is
	  cleared, and no multicast groups are subscribed to on the socket. However,
	  Debian Jessie with a 3.16.0 kernel, CentOS 7 with a 3.10.0 kernel,
	  and Fedora 16 with a 3.6.11 kernel all exhibit the problem of multicast
	  packets being queued on the send socket. Whether this was a kernel problem
	  that has been subsequently resolved, or a system default configuration
	  problem isn't yet known.
	  The workaround to the problem is to read on the send sockets, and to discard
	  any received data.
	  If anyone can provide more information about this issue it would be
	  very helpful.
	* Ensure sorry server/virtual server same address family unless tunnelled.
	  A real server and a virtual server can only be of the same address family
	  if the forwarding method is tunnelled, and also must have a kernel that
	  supports IPVS_DEST_ATTR_ADDR_FAMILY.
	* Add options to set vrrp socket receive buffer sizes.
	  Some systems have very large settings for net.core.rmem_default
	  allowing very large receive queues to build if the sockets aren't
	  read. keepalived doesn't need large buffers for receive queues,
	  so this commit allows options for setting the maximum buffer sizes
	  to be much smaller. It also adds the option of setting the receive
	  buffer size on the vrrp send sockets to be as small as possible,
	  since we shouldn't be receiving anything on those.
	  Following commit 6fb5980 - "Stop receive message queues not being
	  read on send sockets", this commit also adds the option not to
	  read the send sockets, which can be used where it is known that the
	  kernel will not queue unwanted multicasts to the send socket.
	* Consider eVIPs when determining if need GARP/NDISC send buffers.
	* Fix sending IPv6 unicast vrrp adverts.

2018-06-06 Quentin Armitage <quentin@armitage.org.uk>
	* keepalived-2.0.2
	* Only compile code in rttables.c that is needed by the
	  configuration.
	* Set default preferences for ip rules if not specified.
	  Since different vrrp instances can become master in different
	  orders, if preferences (priorities) are not specified for
	  ip rules, the order in which they are specified will be
	  indeterminate. In order to give some consistency, keepalived
	  will not allocate a default preference to each rule, and will
	  also warn that this is probably not going to work as intended.
	  The solution is to specify a preference for each rule.
	* Require preference if an ip rule specifies goto.
	  Since preferences are now auto-generated if not specified, a
	  rule with a goto must now specify a preference.
	* Add tracking of virtual rules.
	  If a virtual rule is deleted, the vrrp instance will transition
	  to backup. When it becomes master again the rule will be re-added.
	* Fix compilation failure found by Travis-CI.
	* In configure.ac check if SHA1_Init() needs -fpic.
	* Fix make rpm when rpmbuild doesn't support --build-in-place.
	* Update INSTALL file to describe how to build rpm files.
	* Fix instructions for building rpm packages.

2018-06-04 Quentin Armitage <quentin@armitage.org.uk>
	* keepalived-2.0.1
	* Remove '\n' characters from log_message() text.
	* Allow IPv6 ip rules to be specified using fwmarks.
	* Fix configure generation of keepalived.spec file.
	* Stop rebuilding scheduler.o every make.
	* Remove ' characters from configure args in keepalived -v output.
	* Remove duplicate reporting of network namespace in config dumps
	* Add ${_INSTANCE} config parameter.
	* Remove debugging log message.
	* Recalculate max_fd used for select if it should reduce.
	* Add tracking of virtual routes.
	  If a virtual route is deleted, by default to vrrp instance will
	  now transition to backup mode, and if it transitions to master
	  again the route will be re-added. If an interface on which a
	  route is configured is down, then the instance will go to fault
	  state, since the route cannot be added.
	  This commit also adds a no-track option for routes, which means
	  that deletion of the route will not cause the vrrp instance to
	  transition to backup.
	* Handle interface down at startup with tracked route configured on it
	  If a virtual route which is tracked is configured on an interface that
	  is down at startup, then the vrrp instance needs to start in fault
	  state.
	* Rename netlink_reflect_filter() to netlink_link_filter()
	  The function only handles RTM_NEWLINK/RTM_DELLINK messages and there
	  are other functions to handle other message types.
	* Fix compilation warning.
	* Make recreating deleted VMACs work.
	* Fix Travis-CI compilation failure and warning.
	* Stop duplicate definition and duplicate include in vrrp_iproute.c.
	* Add new ip rule options for Linux 4.17
	  FRA_PROTOCOL, FRA_IP_PROTO, FRA_SPORT_RANGE and FRA_DPORT_RANGE have
	  been added in Linux 4.17.

2018-05-26 Quentin Armitage <quentin@armitage.org.uk>
	* keepalived-2.0.0
	* Beta branch merge into master branch ! 2years of dev here !
	* Transition to master as soon as decision is made to do so
	    Previously keepalived waited one further advert interval before
	    transitioning.
	    This meant that previously if a master went down and sent priority
	    0 message, there was one extra advert interval before the highest
	    priority backup configured the VIP addresses.
	    Now if vrrp instances have high priorities (i.e. close to 255),
	    then the transition to master and configuration of addresses will
	    now occur in a small multiple of advert_interval/256.
	* Process interface state changes immediately.
	    Previously keepalived waited for advert timer expiry. The problem
	    was that if an interface went down and came back up before the
	    next timer expiry, and addresses, routes and VMACs that we had
	    configured on that interface would be removed, but we wouldn't
	    know about it.
	* Add support for hot-swappable NICs
	    This also handles interfaces being deleted and restored.
	* Add vrrp_track_file option.
	    This allows track_scripts, which are run on a frequent scheduled
	    basis, to be replaced with a vrrp_track_file, which contains a
	    number as a text string which is used in the same way as the exit
	    status from a track script. The track_files are only read if they
	    are changed, so external events can update a track file, rather
	    than their status needing to be detected by polling by track
	    scripts.
	* Add notify fifos.
	    Rather than sending notifications via notify scripts it is now
	    possible to send notify messages via fifos. Not only does this
	    mean that the overhead of executing script for each notification
	    is removed, but it also guarantees the delivery of notifications
	    in the correct order, whereas if the notification is via scripts,
	    there is no guarantee that the scripts will execute in the desired
	    order if two or more notifications are sent in quick succession.
	    There can be a global fifo to process all notifies, and also
	    separate fifos for vrrp and checkers. It is possible to specify a
	    script for keepalived to execute to process the messages on the
	    fifo(s).
	* Stop logging address addition/deletions if addresses not ours
	    The -a option can be used to override this behaviour and log all
	    address changes.
	* Transition to fault state if source address for adverts is deleted
	   from interface
	* Transition to backup state if a VIP or eVIP is removed
	    When we next transition to master the addresses will be restored.
	    If nopreempt is not set, that will be almost immediately.
	* Make address owner (priority 255) transition to master immediately
	* Don't process a received advert if the authentication fails
	* Ignore invalid received adverts totally
	    Previously the master down timer was being updated, which meant
	    that a backup could be stuck in backup state even if the only
	    received adverts were invalid.
	* Don't reset timer before sending next advert if receive a lower
	  priority advert.
	    This was stopping a higher priority backup instance to stay in
	    backup state.
	* Log if receive invalid authentication header
	* Ignore lower priority adverts when backup (to comply with RFCs)
	    This also means that the master down timer wasn't reset, which
	    was causing a delay to becoming master
	* Fix first advert interval of vrrp instances in a sync group.
	* Stop two vrrp instances with preempt delay and equal priorities
	  flip-flopping between master and backup state
	* Make sync group members transition state at same time
	    When first instance makes transition (i.e. when the trigger event
	    occurs) rather than wait for next timer expiry
	* Process vrrp track script returning a new status code immediately
	    For all instances (and their sync group members), rather than
	    waiting for the next timer expiry on each instance, the instance
	    will transition update it's state immediately.
	* On reload, make track scripts inherit the state from before reload
	    This stops vrrp instances transitioning to down and coming back up
	    once the script has run.
	* Correct the use of adver_int and master_adver_int
	* Ensure when leaving fault state that a vrrp instance transitions
	  to backup unless it has priority 255
	* Remove quick_sync functionality since no longer needed.
	* Improved code efficiency:
	  * Finding vrrp instance after read timeout
	  * When getting interface information for a new vmac, only request
	     information for that i/f.
	  * Directly update effective priority of vrrp instances when scripts
	     return new status rather than scheduling a thread to do it
	  * Don't run a read timeout on vrrp instance in fault state
	  * Don't run a track script if no vrrp instance is tracking it
	  * Stop checking interface status after every timer expiry since
	     processing interface state changes is now done synchronously
	  * The timeout for the select call had a maximum timeout of 1 second,
	     it now times out only when something needs to happen
	  * The timeout on netlink reads was 500 seconds and this has been
	     extended to 1 day.
	  * Streamline signal handling between main process and child process
	     by using signalfd if available, rather than using a pipe
	  * Minimise searching for an interface struct based on its index by
	     using pointers to the interface structures
	  * Stop opening and closing vrrp scripts before running them. We can
	     detect they are missing from the return of the exec call.
	  * Allow threads that don't need a timeout to never timeout
	  * Calculate the maximum fd number when calling select() rather than
	     specifying the maximum of 1024.
	  * Ignore netlink NEWLINK messages that are only wireless state
	     changes.
	  * Don't check whether timers have expired after select() returns if
	     its timeout didn't expire.
	  * Termination of child processes (scripts) were being handled twice
	  * Don't generate the IP header checksum since the kernel will always
	     generate it.
	  * Maintain pointers to tracking scripts to save seaching a list to
	     find the relevant script.
	  * Vrrp instances to have pointer to interface structure to avoid
	      having to search based in index
	* Fix the checksum calculation for VRRPv3 unicast peers.
	* Don't regenerate the full advert packet each time an advert is sent
	    Keepalived now simply updates the necessary fields and calculates
	    the change needed to the checksum.
	* Detect a vmac interface going down, and make the vrrp instance
	  transition to fault state.
	    Previously the instance would only go down if the underlying
	    interface went down.
	* Stop weighted track scripts updating priority of sync group members
	* Make vrrp instances go straight to fault state at startup if a
	  relevant interface is down
	    Previously an instance would start in up state and transition to
	    fault at next timer expiry
	* Ensure that a sync group starts in backup state unless all members
	  are address owners
	* Restore master down timer after leaving fault state
	* Use execve() to execute scripts rather than system().
	    This saves a fork and an extra process, and also allows the
	    parameters to be parsed once only at startup, rather than each
	    time the script is invoked.
	* Don't treat a failure to execute a script as a failure of the script
	* Ensure all scripts receive TERM signal when keepalived terminates
	* If keepalived is running with an elevated priority, stop running
	  scripts with that elevated priority.
	* Enable an unweighted tracking script make a vrrp instance which is
	  an address owner transition to fault state
	* Delay bringing vrrp instances up at startup until after the first
	  completion of the tracking scripts
	    This stops an instance coming up an then being brought back down
	    again after the script completes with a failure.
	* Reduce number of error messages if a script is not executable
	* Add linkbeat option per vrrp instance
	* Fix timer addition on 32-bit systems
	* Ignore netlink messages for interfaces using linkbeat polling
	* If priority of vrrp instance changes when in backup due to a vrrp
	  script, reschedule the read timeout
	* If re-using a VMAC after a reload, ensure it is correctly configured
	* Don't send priority 0 adverts when transition to fault state unless
	  were in master mode
	* Identify routes added by keepalived as belonging to keepalived
	* Enable vrrp instances to be put into fault state if their routes are
	  removed
	* Add track scripts, track files and track_if to sync groups and
	  deprecate global_tracking
	    (use sync_group_tracking_weight instead, but only if necessary).
	* Improve AH authentication sequence number handling, and (re)enable
	  sequence number checking for VMACs and sync groups
	* Remove autoconf/automake generated files from git repo.
	    Script build_setup will create the necessary build environment.
	* Improve and standardise notifications
	* Fix not sending RS and VS notifies if omega set
	* Add no_checker_emails to not send emails every time a checker
	    changes state, but only if a real server changes state
	* Monitor VIP/eVIP deletion and transition to backup if a VIP/eVIP
	    is removed unloes it is configured with the no-track option.

2018-05-26 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.4.5 released.
	* Update snapcraft.yaml for 1.4.x+git
	* Fix generation of git-commit.h with git commit number.
	* Set virtual server address family correctly.
	* Set virtual server address family correctly when using tunnelled
	  real servers.
	* Fix handling of virtual servers with no real servers at config time.
	* Add warning if virtual and real servers are different address families.
	  Although normally the virtual server and real servers must have the
	  same address family, if a real server is tunnelled, the address families
	  can be different. However, the kernel didn't support that until 3.18,
	  so add a check that the address families are the same if different
	  address families are not supported by the kernel.
	* Send correct status in Dbus VrrpStatusChange notification.
	  When an instance transitioned from BACKUP to FAULT, the Dbus
	  status change message reported the old status (BACKUP) rather than
	  the new status (FAULT). This commit attempts to resolved that.

2018-05-08 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.4.4 released.
	* doc: ipvs schedulers update
	* Fix a couple of typos in configure.ac.
	* Fix namespace collision with musl if_ether.h.
	* Check if return value from read_value_block() is null before using.
	* Fix reporting real server stats via SNMP.
	* Make checker process handle RTM_NEWLINK messages with -a option
	  Even though the checker process doesn't subscribe to RTNLGRP_LINK
	  messages, it appears that older kernels (certainly 2.6.32) can
	  send RTM_NEWLINK (but not RTM_DELLINK) messages. This occurs
	  when the link is set to up state.
	  Only the VRRP process is interested in link messages, and so the
	  checker process doesn't do the necessary initialisation to be able
	  to handle RTM_NEWLINK messages.
	  This commit makes the checker process simply discard RTM_NEWLINK
	  and RTM_DELLINK messages, rather than assuming that if it receives
	  an RTM_NEWLINK message it must be the VRRP process.
	  This problem was reported in issue #848 since the checker process
	  was segfaulting when a new interface was added when the -a command
	  line option was specified.
	* Fix handling RTM_NEWLINK when building without VRRP code.
	* Fix building on Fedora 28.
	  net-snmp-config output can include compiler and linker flags that
	  refer to spec files that were used to build net-snmp but may not
	  exist on the system building keepalived. That would cause the build
	  done by configure to test for net-snmp support to fail; in particular
	  on a Fedora 28 system that doesn't have the redhat-rpm-config package
	  installed.
	  This commit checks that any spec files in the compiler and linker
	  flags returned by net-snmp-config exist on the system building
	  keepalived, and if not it removes the reference(s) to the spec file(s).

2018-04-09 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.4.3 released.
	* vrrp: setting '0' as default value for ifa_flags to make gcc happy.
	* Add additional libraries when testing for presence of SSL_CTX_new().
	  It appears that some systems need -lcrypto when linking with -lssl.
	* Sanitise checking of libnl3 in configure.ac.
	* Report and handle missing '}'s in config files.
	* Add missing '\n' in keepalived.data output.
	* Stop backup taking over as master while master reloads.
	  If a reload was initiated just before an advert, and since it took
	  one advert interval after a reload before an advert was sent, if the
	  reload itself took more than one advert interval, the backup could
	  time out and take over as master.
	  This commit makes keepalived send adverts for all instances that are
	  master immediately before a reload, and also sends adverts immediately
	  after a reload, thereby trippling the time available for the reload
	  to complete.
	* Add route option fastopen_no_cookie and rule option l3mdev.
	* Fix errors in KEEPALIVED-MIB.txt.
	* Simplify setting on IN6_ADDR_GEN_MODE.
	* Cosmetic changes to keepalived(8) man page.
	* Don't set ipvs sync daemon to master state before becoming master
	  If a vrrp instance which was the one specified for the ipvs sync
	  daemon was configured with initial state master, the sync daemon
	  was being set to master mode before the vrrp instance transitioned
	  to master mode. This caused an error message when the vrrp instance
	  transitioned to master and attempted to make the sync daemon go from
	  backup to master mode.
	  This commit stops setting the sync daemon to master mode at initialisation
	  time, and it is set to master mode when the vrrp instance transitions
	  to master.
	* Fix freeing vector which has not had any entries allocated.
	* Add additional mem-check disgnostics
	  vector_alloc, vectot_alloc_slot, vector_free and alloc_strvec all
	  call MALLOC/FREE but the functions written in the mem_check log
	  are vector_alloc etc, not the functions that call them.
	  This commit adds logging of the originating calling function.
	* Fix memory leak in parser.c.
	* Improve alignment of new mem-check logging.
	* Disable all checkers on a virtual server when ha_suspend set.
	  Only the first checker was being disabled; this commit now disables
	  all of them.
	  Also, make the decision to disable a checker when starting/reloading
	  when scheduling the checker, so that the existance of the required
	  address can be checked.
	* Stop genhash segfaulting when built with --enable-mem-check.
	* Fix memory allocation problems in genhash.
	* Properly fix memory allocation problems in genhash.
	* Fix persistence_granularity IPv4 netmask validation.
	  The logic test from inet_aton() appears to be inverted.
	* Fix segfault when checker configuration is missing expected parameter
	  Issue #806 mentioned as an aside that "nb_get_retry" without a parameter
	  was sigfaulting. Commit be7ae80 - "Stop segfaulting when configuration
	  keyword is missing its parameter" missed the "hidden" uses of vector_slot()
	  (i.e. those used via definitions in header files).
	  This commit now updates those uses of vector_slot() to use strvec_slot()
	  instead.
	* Fix compiling on Linux 2.x kernels.
	  There were missing checks for HAVE_DECL_CLONE_NEWNET causing
	  references to an undeclared variable if CLONE_NEWNET wasn't defined.
	* Improve parsing of kernel release.
	  The kernel EXTRAVERSION can start with any character (although
	  starting with a digit would be daft), so relax the check for it
	  starting with a '-'. Kernels using both '+' and '.' being the
	  first character of EXTRAVERSION have been reported.
	* Improve grammer.
	* add support for SNI in SSL_GET check.
	  this adds a `enable_sni` parameter to SSL_GET, making sure the check
	  passes the virtualhost in the SNI extension during SSL handshake.
	* Optimise setting host name for SSL_GET requests with SNI.
	* Allow SNI to be used with SSL_GET with OpenSSL v1.0.0 and LibreSSL.
	* Use configure to check for SSL_set_tlsext_host_name()
	  Rather than checking for a specific version of the OpenSSL library
	  (and it would also need checking the version of the LibreSSL library)
	  let configure check for the presence of SSL_set_tlsext_host_name().
	  Also omit all code related to SNI of SSL_set_tlsext_host_name() is
	  not available.
	* Use configure to determine available OpenSSL functionality
	  Rather than using version numbers of the OpenSSL library to determine
	  what functions are available, let configure determine whether the
	  functions are supported.
	  The also means that the same tests work for LibreSSL.
	* Add support for gratuitous ARPs for IP over Infiniband.
	* Use system header definition instead of local definition IF_HWADDR_MAX
	  linux/netdevice.h has definition MAX_ADDR_LEN, which is 32, whereas
	  IF_HWADDR_MAX was locally defined to be 20.
	  Unfortunately we end up with more system header file juggling to ensure
	  we don't have duplicate definitions.
	* Fix vrrp_script and check_misc scripts of type </dev/tcp/127.0.0.1/80.
	* Add the first pre-defined config definition (${_PWD})
	  ${_PWD} in a configuration file will be replaced with the full
	  path name of the directory that keepalived is reading the current
	  configuration file from.
	* Open and run the notify fifo and script if no other fifo
	  Due to the way the code was structured the notify_fifo for both
	  checker and vrrp messages wasn't run if neither the vrrp or checker
	  fifo wasn't configured.
	  Also, if all three fifos were configured, the general fifo script
	  was executed by both the vrrp and checker process, causing problems.
	* Add support for Infiniband interfaces when dumping configuration.
	* Tidy up layout in vrrp_arp.c.
	* Add configure check for support of position independant executables (PIE).
	* Add check for -pie support, and fix writing to keepalived.data.

2018-02-25 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.4.2 released.
	* Make genhash exit with exit code 1 on error.
	  Issue #766 identified that genhash always exits with exit code 1
	  even if an error has occurred.
	* Rationalise printing of http header in genhash.
	* Use http header Content-Length field in HTTP_CHECK/SSL_CHECK.
	  If a Content-Length is supplied in the http header, use that as a
	  limit to the data length (as wget does). If the length of data
	  received does not match the Content-Length log a warning.
	* Optimise parameter passing to fprintf in genhash.
	* Don't declare mark variable if don't have MARK socket option.
	* Fix sync groups with only one member.
	  Commit c88744a0 allowed sync groups with only 1 member again, but
	  didn't stop removing the sync group if there was only 1 member.
	  This commit now doesn't remove sync groups with only one member.
	* Make track scripts work with --enable-debug config option.
	* Add warning if --enable-debug configure option is used.
	* Allow more flexibility of layout of { and } in config files.
	  keepalived was a bit fussy about where '{'s and '}'s (braces) could
	  be placed in terms of after the keyword, or on a line on their own.
	  It certainly was not possible to have multiple braces on one line.
	  This commit now provides complete flexibility of where braces are, so
	  long as they occur in the correct order.
	* Make alloc_value_block() report block type if there is an error.
	* Simplify alloc_value_block() by using libc string functions.
	* Add dumping of garp delay config when using -d option.
	* Fix fractions of seconds for garp group garp_interval.
	* Make read_value_block() use alloc_value_block().
	  This removes quite a bit of duplication of functionality, and
	  ensures the configuration parsing will be more consistent.
	* Fix build with Linux kernel headers v4.15.
	  Linux kernel version 4.15 changed the libc/kernel headers suppression
	  logic in a way that introduces collisions.
	* Add missing command line options to keepalived(8) man page.
	* Fix --dont-release-vrrp.
	  On github, ushuz reported that commit 62e8455 - "Don't delete vmac
	  interfaces before dropping multicast membership" broke --dont-release-vrrp.
	  This commit restores the correct functionality.
	* Define _GNU_SOURCE for all compilation units.
	  Rather than defining _GNU_SOURCE when needed, let configure add
	  it to the flags passed to the C compiler, so that it is defined
	  for all compilation units. This ensures consistence.
	* Fix new warnings procuded by gcc 8.
	* Fix dumping empty lists.
	  Add a check in dump_list() for an empty list, and don't attempt
	  to dump it if it is empty.
	* Resolve conversion-check compiler warnings.
	* Add missing content to installing_keepalived.rst documentation.
	  Issue #778 identified that there was text missing at the end of
	  the document, and that is now added.
	* Fix systemd service to start after network-online.target.
	  This fix was merged downstream by RedHat in response to
	  RHBZ #1413320.
	* Update INSTALL file to describe packages needed for building
	  documentation.
	* INSTALL: note linux distro package that provides 'sphinx_rtd_theme'
	* Clear /proc/sys/net/ipv6/conf/IF/disable_ipv6 when create VMACs.
	  An issue was identified where keepalived was reporting permission
	  denied when attempting to add an IPv6 address to a VMAC interface.
	  It turned out that this was because
	  /proc/sys/net/ipv6/conf/default/disable_ipv6
	  was set to 1, causing IPv6 to be disables on all interfaces that
	  keepalived created.
	  This commit clears disable_ipv6 on any VMAC interfaces that
	  keepalived creates if the vrrp instance is using IPv6.
	
2018-01-27 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.4.1 released.
	* Improve and fix use of getopt_long().
	  We musn't use a long option val of 1, since getopt_long() can return
	  that value.
	  getopt_long() also returns longindex == 0 when there is no matching
	  long option, and there needs to be careful checking if there is an
	  error to work out whether a long or short option was used, which is
	  needed for meaningful error messages.
	* Write assert() messages to syslog.
	  assert()s are nasty things, but at least let's get the benefit of
	  them, and write the messages to syslog, rather than losing them down
	  stderr.
	* Enable sorry server at startup if quorum down due to alpha mode
	  If alpha mode is configured on sufficient checkers so that a
	  virtual server doesn't have a quorum, we need to add the sorry
	  server at startup, otherwise it won't be added until a quorum has
	  been achieved and subsequently lost again. In the case where some
	  of the checkers remain in the down state at startup, this would have
	  meant that the sorry server never got added.
	* For virtual servers, ensure quorum <= number of real servers
	  If the quorum were gigher than the number of real servers, the
	  quorum for the real server to come up could never be achieved, so
	  if the quorum is greater than the number of real servers, reduce it
	  to the number of real servers.
	* Fix some SNMP keepalived checker integer types and default values.
	  Some virtual server and real server values were being sent to SNMP
	  with a signed type whereas the value is unsigned, so set the type
	  field correctly.
	  Some virtual server and real server values that apply to checkers
	  are set to nonsense default values in order to determine if a
	  value has been specified. Handle these values when reporting them
	  to SNMP replying with 0 rather than a nonsense value.
	* Fix some MALLOC/FREE issues with notify FIFOs.
	*  Add instance_name/config_id to alert emails' subjects if configured.
	  If multiple instances of keepalived are running, either different
	  instance_names and/or config_ids, it is useful to know which
	  keepalived instance the email relates to.
	* Ensure that email body string isn't unterminated.
	  Using strncpy() needs to ensure that there is a nul termination byte,
	  so this commits adds always writing a nul byte to the end of the buffer.
	* Remove duplicate fault notification.
	* Fix problem with scripts found via PATH with a '/' in parameters.
	  Recent discussions on issue #101 led to discovering that if an
	  executable without a fully qualified name was specified as a script
	  and there was a '/' character in the parameters, then the path
	  resolution would not work.
	* Send SNMP traps when go from backup to fault due to sync group.
	  Commit 020a9ab added executing notify_fault for vrrp instances
	  transitioning from backup to fault state due to another instance
	  in the sync group going to fault state. This commit adds sending
	  SNMP traps in the same circumstance.
	* Revert "Add instance_name/config_id to alert emails' subjects if
	  configured". This should be handled by setting router_id
	* Add config option to send smtp-alerts to file rather than send emails
	  This is useful for debugging purposes.
	* Add additional entry to Travis-CI build matrix.
	* Fix segfault if no sorry server configured for a virtual server.
	  Issue #751 identified a segfault in vs_end_handler(), and it
	  transpires that the forwarding method of the sorry server was being
	  checked without first testing that a sorry server had been configured.
	* Improve the log message when a master receives higher priority advert.
	  The log message reported in issue #754
	  "VRRP_Instance(VI_1) Received advert with higher priority 253, ours 253"
	  is somewhat misleading since 253 == 253.
	  This commit improves the log message in this case be reporting that
	  the sender's IP address is higher and the priority is equal. It also
	  states the it was a master receiving the advert.
	* First stage of making --enable-debug work
	  Issue #582 identified that compiling with --enable-debug produced
	  an executable that didn't work.
	  This commit largely makes that option work, but there needs to be
	  more work to make signals work.
	* Generalise handling of signals.
	* Don't assume json header files are in /usr/include/json-c
	  Use pkg-config to find the location of the json header files
	  when testing for the presence of the header files in configure.
	* Add file updated by configure.ac change.
	* Log more helpful message when healthchecker activated or suspended
	  Include the realserver in the log message
	* Fix building with musl libc.
	* fix spelling mistakes about keyword promote_secondaries in man page.

2017-12-29 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.4.0 released.
	* Add Linux build and runtime versions to -v output.
	* Log kernel version and build kernel version to log at startup.
	* Fix compiling with --enable-debug.
	* Don't sleep for 1 send when exiting vrrp process if no vrrp instances.
	* Streamline and rationalise use of child_finder function.
	  The child_finder function is simplified, and also stop using the
	  parent process' child_finder function in the checker process.
	* Don't request bug report if script terminates due to seg fault.
	  The report_child_status() function would log a message requesting a
	  bug report if a check_misc script or a vrrp_track script exited due
	  to a seg fault.
	*  Handle vrrp track and check_misc scripts being killed by signal.
	*  Rationalise reporting of child process exit status.
	  report_child_status() is now only called in the main keepalived
	  program. The reporting of the exit status of vrrp track scripts
	  and MISC_CHECK scripts is now handled in the specific code for
	  those scripts. This means that non 0 exit statuses aren't
	  repeatedly reported for vrrp track scripts.
	* eally fix reporting of child process exit status.
	* Log a helpful message i using mem-check and too many allocs.
	  keepalived simply being terminated by SIGABRT with no diagnostic
	  message was unhelpful.
	* Rename child_finder() to child_finder_name() etc
	  The function only finds the name of the child process, and not
	  the thread for the child process, so rename the function accordingly.
	* Add log to file and no syslog options.
	  With large configurations the syslog can get flooded and drop output.
	  This commit adds options to not log to syslog, and also to log all
	  output to files.
	* Add option to only flush log files before forking.
	* Don't poll netlink for all interfaces each time add a VMAC.
	  We can poll for the individual interface details which significantly
	  reduces what we have to process.
	* Print interface details in keepalived.data output.
	* Be consistent with type of size parameter for mlists.
	* Fix sign conversion warnings.
	* Add high performace child finder code.
	  The code to find the relevant thread to execute afer a child process
	  (either a vrrp track script or a misc_check healthchecker) was doing
	  a linear search for the matching pid, which if there are a large number
	  of child processes running could become time consuming.
	  The code now will enable high performance child finding, based on using
	  mlists hashed by the pid, if there are 32 or more vrrp track scripts or
	  misc check healthcheckers. The size of the mlist is based on the number
	  of scripts, with a limit of 256.
	* Improve high performance child termination timeout code.
	* Fix high performance child finder cleanup code.
	* Preserve filename in script path name resolution.
	  Some executables change their behaviour depending on the name by
	  which they are invoked (e.g. /usr/sbin/pidof when it is a link to
	  /usr/sbin/killall5). Using realpath() changes the file name part
	  if it is a symbolic link. This commit resolves all symbolic links
	  to directories, but leaves the file name part unaltered. It then
	  checks the security of both the path to the link and the path to
	  the real file.
	* Handle scripts names that are symbolic links properly.
	* Use fstatat() rather than stat() for checking script security.
	  If we use fstatat() we can discover if a file is a symbolic
	  link and treat it accordingly.
	* Fix building with kernels older than v4.4.
	* Fix building with --disable-lipiptc and --enable-dynamic-linking.
	* Fix building with --without-vrrp configure option.
	* Resolve unused return value warning.
	* Fix some RFC SNMP issues.
	* Attempt to fix mock builds.
	* Fix parsing of broadcast + and broadcast -
	* check_http.c: http_get_check_compare crash fixed in case of absense
	  of digest.
	* Add -pie linker option.
	  Since -fPIE is specified for the compiler, -pie should be specified
	  for the linker.
	* check_http.c: http_get_check_compare crash fixed in case of absense o.
	* Fix use S_PATH and fchdir().
	  S_PATH wasn't defined until Linux 2.6.39 and fchdir() doesn't work
	  with S_PATH until Linux 3.5 (according to open(2) man page).
	* Fix building with Linux versions between 2.6.39 and 3.3
	  Linux 2.6.39 introduced ipsets, but the kernel had some omissions
	  from linux/netfilter/ipset/ip_set.h header file, so the libipset
	  provided version needed to be used.
	  Note: RedHat backported ipsets to at least 2.6.32, so the problem
	  applied to earlier versions of RedHat Linux and Centos.
	* Fix segfault when parsing invalid real server.
	  If the first real server ip address doesn't match the address
	  family of the virtual server, then we need to skip parsing the
	  rest of the real_server block.
	* Make when vs_end_handler is executed
	  Commit 1ba7180b ('ipvs: new service option "ip_family"') added a
	  sublevel_end_handler vs_end_handler, but this was being executed
	  at the end of each real_server rather than after the virtual_server.
	  This commit adds a new parser function install_root_end_handler(),
	  and vs_end_handler is now installed using that function so that it
	  is executed at the end of the virtual_server rather than after each
	  real_server.
	* Allow tunnelled rs address family not to match vs family.
	  The address family of a tunnelled real server does not have to
	  match the address family of its virtual server, so we need to
	  delay any setting of the vs address family from an rs address
	  until the end of the real_server block, so that we know whether
	  the forwarding method is tunnelling or not. Likewise the check
	  of the sorry server has to be delayed until the end of the
	  virtual server configuration (the tunnelling method may be
	  specified after the address of the real/sorry server).
	  The address family of a virtual server is only not determined
	  by the virtual server configuration itself if the virtual server
	  is defined by a fwmark and all of the real/sorry servers are
	  tunnelled. In this case the address family cannot properly be
	  determined from the address family of any tunnelled real servers.
	  However, to maintain backward compatibility with configurations
	  used prior to this commit, the address family of the virtual
	  server will be taken from the address family of the (tunnelled)
	  real/sorry servers if they are all the same; if they are not all
	  the same it will default to IPv4 (this is not incompatible since
	  previously mixed IPv4 and IPv6 real/sorry servers were not allowed,
	  even if tunnelled).
	* Remove bogus warning for fwmark virtual servers.
	  "Warning: Virtual server FWM 83: protocol specified for fwmark
	  - protocol will be ignored" should not be given if no protocol has
	  been specified.
	* Fix removing left-over addresses if keepalived aborts.
	* Fix use of init_state after a reload.
	  Issue #627 identified that vrrp->init_state was being incorrectly
	  used in vrrp_fault(), since it is modified at a reload.
	  Instead of using init_state, we now use the configured priority
	  of the vrrp instance, so if the vrrp instance is the address owner
	  (priority 255) it will transition to master after leaving to fault
	  state, otherwise it transitions to backup.
	* Remove init_state from vrrp structure
	  init_state is no longer used, so remove it from the vrrp structure.
	  Since it has been included in keepalived SNMP, it is preserved
	  solely for reporting in SNMP requests.
	* Change conditional compilation _WITH_SNMP_KEEPALIVED_ to
	  _WITH_SNMP_VRRP_
	  The functionality that the conditional compilation enabled was snmp
	  vrrp functionality, so make the name more relevant.
	* Update error message in configure.ac.
	* Add more configure options to Travis build matrix.
	* Install additional libraries in Travis environment for new options.
	* Fix some problem found by Travis-ci.
	* Fix configure --disable-checksum-compat option.
	* Remove DOS file formatting from .travis.yml.
	* Add more configuration option to Travis builds and some build fixes.
	* Tidy up some code alignment.
	* Update openssl use to stop using deprecated functions
	  openssl from version 1.1 deprecated certain functions that keepalived
	  was using. This commit ceases using those functions if the version
	  of openssl is >= 1.1.
	* Fix some issues identified by valgrind.
	  Some file descriptors weren't being closed at exit, and also one
	  or two mallocs weren't being freed.
	* Set pointer to NULL after FREE_PTR() unless exiting.
	* Allow sync groups with only 1 member, but issue a warning.
	* Fix building with LibreSSL version of OpenSSL.
	  Unfortunately LibreSSL updates OPENSSL_VERSION_NUMBER, and its value
	  is higher that OpenSSL's latest version. When checking the version
	  number we need to check that we are not using LibreSSL (by checking
	  whether LIBRESSL_VERSION_NUMBER is defined).
	  LibreSSL also hasn't implemented the new functions that OpenSSL has
	  provided to replace functions that are deprecated or it is recommended
	  should not be used, and so if using LibreSSL the old functions need
	  to be used.
	* Update genhash to stop using deprecated functions openssl functions.
	* Remove last few Subversion source file version Id strings.
	  Some of the genhash source code still had Subversion Id strings,
	  and these are now removed.
	* Add copyright update script.
	* Copyright update.
	* Remove outdated Version comment.
	* Fix update copyright script.
	* Include Makefile.in files in copyright update.
	* Add replaceable parameters in configuration files.
	* Fix some MALLOC/FREE issues with config parameters.
	* Add multiline configuration definitions.
	* Remove debugging messages left in lib/parser.c.
	* Fix a FREE error.
	* Fix keepalived.conf(5) man page.
	* Fix type in keepalived.conf(5) man page.
	* Suppress error message when removing leftover addresses at startup.

2017-10-21 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.3.9 released.
	* Stop segfault if SSL context cannot be initialised.
	* Don't leave point to SSL data after freeing it.
	* Fix memory leak if duplicate SSL context values specified.
	* Don't initialise an SSL context if it isn't being used.
	* Checksum compatibility should refer to v1.3.6.
	* Update keepalived.spec.in for differences between Fedora and CentOS.
	* change hash to something more even and hash size accordingly.
	* also update size of hash in free_list.

2017-10-15 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.3.8 released.
	* parser: do not exit when glob() doesn't match any files.
	* Use nodename as default id for conditional configuration.
	  If the node name returned by uname() is host123.abc.de, then
	  lines in the configuration file matching @host123 will match the
	  conditional configuration test. This means that it is no longer
	  necessary to specify the -i command line option if the conditional
	  configuration string used in the configuration is the node name.
	* Option --i/--config-id parameter is not optional.
	  Since the config-id defaults to the hostname, there is no point
	  in allowing --config-id to be used without a parameter, just to mean
	  use the hostname.
	* Use NULL instead of 0 for pointers in get_longopts struct.
	* Some minor tidying up of the new JSON output code.
	  1. Use SIGRTMIN+2 rather than (_SIGRTMIN + 4)
	  2. Don't include JSON code if not building with VRRP
	  3. Some code alignment fixes
	  4. Some conditional compilation additions
	* Add --signum command line option to report signal numbers.
	  Since keepalived is starting to use real time signals, and those
	  signal numbers are not fixes, this commit introduces a way to
	  ask keepalived to report those signal numbers.
	* Stop command line option -i segfaulting.
	* Fix config include files when file has no directory par.
	  When an include file name has no directory part, there is no
	  directory to change to, so don't try to do so.
	* Use getcwd() malloc functionality if available.
	* Add support for csh brace globs in config file names.
	* Update documentation for config file include directive.
	* Use fchdir() when changing direcories while reading include files.
	  The getcwd(3) man page recommends using open()/fchdir() rather than
	  getcwd()/chdir() since fchdir() is guarantee to return to the previous
	  directory even if directories have been renamed in between the first
	  chdir and the second. It also suggests that it is faster, and saves
	  mallocs or allocation of arrays on the stack of size PATH_MAX.
	* Use alloc_value_block() for vrrp_vip_handler().
	* Fix whitespace error introduced in commit 9458c9b9.
	* Reinforce that '@' conditional config character must be 1st on line.
	  The '@' conditional configuration character must be the very first
	  on a configuration, meaning that there cannot even by whitespace
	  before the '@' character.
	* Check whether GLOB_BRACE is supported (it is not part of POSIX.2).
	* When building a docker image, it appears that autoheader is required.
	* Fix IPVS virtual server setup with persistence.
	* Remove a merge conflict .rej file accidentally added to git.
	  This commit also updates the .gitconfig file to ensure that .rej
	  files will not be added in the future.
	* config synopsis - cleanup line endings and comment alignment.
	* conf examples - clean eol whitespace.
	* conf examples - clean triple line breaks.
	* add pair of config options used in misc_check.
	* clean surprise tab character.
	* many whitespace fixes; some missing docu added to synopsis.
	* config docs - apply code review markups.
	* Trivial updates to latest format cleaning patches.
	* Allow conditional configuration to work with include statements.
	* Allow '@' conditional configuration to be preceeded by whitespace.

2017-10-01 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.3.7 released.
	* Allow broadcast address to be specified as '-' or '+'
	  When configuring an ip address with a broadcast address, allow the
	  use of - and + (like ip(8)) to clear or set the host specfic bits of
	  the address, i.e.
	  10.6.23.254/16 broadcast + result in a broadcast address of 10.6.255.255
	  10.6.23.254/16 broadcast - results in a broadcast address of 10.6.0.0
	* Change some code layout and macro/variable names
	* Print unicast peer addresses in /tmp/keepalived.data
	* Add negative conditional configuration.
	  A configuration line starting @main will only be included if
	  keepalived is started with option -i main.
	  This commit adds configuration option @^main, meaning that the
	  remainder of the configuration line will only be included if
	  -i main was NOT specified.
	* Fix calculation of checksum for VRRPv3 IPv4 unicast peers.
	  Alternate unicast peers were being sent adverts with the checksum
	  set to 0. The reason for this was that the checksum field was not
	  being set to 0 before the checksum calculation, hence causing the
	  calculated checksum to be 0 for the second, fourth, sixth etc
	  unicast peer.
	* Generate README from README.md.
	* Only declare (and use) auth variables if compiling with authentication.
	  authtype_mismatch and auth_failure are only used if authentication is
	  enabled.
	* The vrrp_t vmac flag should be a bool.
	* Add include guard for vrrp_print.h.
	* Log some additional vrrp variables.
	* Make checksum change backwards compatible.
	  This commits adds the ability of keepalived to revert to using the old
	  checksum calculation if it sees an advert that has an old checksum. This
	  means that if an old and a new version of keepalived are working
	  together, once the new version has seen an advert from an old version,
	  it will drop back to using the old style checksum, and so the two
	  keepalived instances will work together.
	  There is a slight problem with this, though. If the old version starts
	  when a new version is master, if will report bad checksums. This should
	  be fine, since keepalived should discard the adverts, time out and send
	  an advert which would make the new keepalived revert to old checksums.
	  Unfortunately, keepalived does not completely ignore bad adverts, since
	  it resets its master down timer, even for bad adverts, and so it never
	  times out. However, in this scenario, there will still remain one master
	  and all the other keepalived instances will be in backup state, and so
	  VRRP functionality is preserved.
	  As identified in commit bcf2936 until commit 67275d2 keepalived did not
	  work with VRRPv3 and more than one other unicast peer, so for migration
	  we only need to consider two unicast peers. To upgrade, first upgrade
	  the keepalived instance that is in backup mode. This will see old
	  checksums when it starts, and so start using old checksums. The other
	  keepalived instance can then be upgraded and it will also see old
	  checksums when it starts up. In order to switch to using new checksums,
	  temporarily add the following line in the configuration of each vrrp
	  instance that is in master state:
	  old_unicast_checksum never
	  and then reload the keepalived instance by sending it SIGHUP. After the
	  master has restarted, restart the backup with a SIGHUP, and they will
	  then be using new checksums. The temporary old_unicast_checksum never
	  lines can now be removed from the configuration.
	* Add checker bind_if keyword.
	  If a checker binds to a link local IPv6 address, the interface has
	  to be specified.
	* Make DBus service name configurable.
	* Make --config-id option default to hostname.
	  This is the equivalent of specifying --config-id `hostname -s`, and
	  makes it more straightforward to deploy the same configuration to
	  multiple hosts.
	* Issue warning if more than 1 dynamic misc_checker per real server.
	  If different scripts return different exit statuses, the priority
	  of the real server will keep changing. The solution is to combine
	  the functionality into 1 script.
	* Improve DBus error handling.
	  . Always clear errors to avoid leaks
	  . Check for errors when emitting signals
	  . Check for errors when registering objects
	* Stop test tcp_server leaving zombie processes.
	* Fix persistence_granularity handling
	  1. vs->addr.ss_family should never be used to check address family of
	     vs since there may not be an address is using fwmark.
	  2. If using fwmark, the address family may not be known when parsing
	     persistence_granularity
	  3. Set address family from format of persistence_granularity if not
	     already set
	  4. Ensure entire string is a number and is between 1 and 128 for IPv6
	  5. Ensure netmask specified for IPv4 is solid
	* Ensure always check return from inet_stosockaddr when parsing config.
	* Add lthreshold and uthreshold to keepalived.SYNOPSIS.
	* Merge virtual server group addresses and ranges into one list.
	  A single address can be treated as a range with only 1 address, so
	  this reduces the number of lists that need to be processed when
	  handling a virtual server group.
	  A number of corrections were also made re hton/ntoh(s|l).
	* Remove redundant setting of real server weight.
	* Don't use vs->addr.ss_family for address family of virtual server.
	  A virtual server won't use vs->addr if it is defined by a fwmark or
	  it is uses a firtual server group. vs->af is the correct field to use.
	* Make ipvs_update_stats() little/big endian aware.
	* Simplify ipvs_update_stats().
	  Don't run a state machine to collect all the stats, simple iterate
	  through the entries.
	* Move fetching ipvs stats into ipvs_update_vs_stats().
	* Remove some #defines in ipvs_update_stats().
	* Streamline setup for changing ipvs configuration.
	* Fix updating resolved notify script path names with parameters.
	* Add silent option to test/tcp_server.
	* Document default checker connect ip/port.
	* Remove duplicate setting up of file name.
	* Validate HTTP_GET and SSL_GET checkers.
	  Unsure that urls have a path specified, and that the checkers have
	  at least one url specified.
	* Fix memory leak if SMTP_CHECK helo_name specified.
	* Fix dumping of SMTP_CHECK host list.
	* Don't allocate and copy default SMTP_CHECK helo name unless needed.
	* Tidy up dumping SMTP checkers.
	* Remove smtp_host_t typedef.
	  If is passed to functions that take a conn_opts_t parameter, so
	  we need to explicitly use the correct type.
	* Simplify handling of host{} block in SMTP_CHECK.
	  This also allows specifying connect_ip, connect_port as well as
	  unsing host blocks.
	* Add DNS_CHECK RRSIG and DNSKEY query types.
	* Fix documentation re MISC_CHECK.
	* Detect if no misc_path specified for MISC_CHECK.
	  If no path was specified, keepalived was segfaulting.
	* Add some more error messages to socket_bind_connect().
	* Checker connections aren't always TCP.
	* Report if checker bind_if is missing
	  If a link local IPv6 address is specified for a checker to
	  connect to, then a bind interface must also be specified,
	  otherwise the connect() call fails.
	* If a real server has inhibit_on_failure, configure it at start up
	  If a real server had inhibit_on_failure set, but it also had an
	  alpha mode checker, then the real server should be installed at
	  startup with weight 0 to be consistent with what would happen if
	  the checker had been successful but then failed.
	* Improve handling of virtual server groups.
	  If multiple virtual servers use the same virtual server group, and
	  the virtual servers have different protocols, or the virtual server
	  groups are defined using only fwmarks and the virtual servers have
	  different address families, then multiple versions of the entries
	  in the virtual server groups will need to be created as IPVS
	  virtual servers.
	  This patch handles the creation and removal of the necessary different
	  virtual servers for the virtual server groups.
	* Add virtual server protocol types SCTP and none for SNMP.
	* Handle virtual server with no protocol specified
	  This is valid if fwmarks are being used.
	* Warn if a protocol is set on a virtual server using firewall marks.
	* Don't check !LIST_ISEMPTY(vs->rs) after config is validated
	  In validate_check_config() any virtual server without any real
	  servers is removed, so there is no need to check subsequently.
	* Don't allow virtual server groups without any addresses for fwmarks.
	* Fix and optimise handling of promote_secondaries.
	  The promote_secondaries flag was being cleared by the first vrrp
	  instance that stopped using an interface, rather than by the last
	  instance.
	* Fix the setting of mcast address for checksum compatibility
	  It was using INADDR_VRRP_GROUP rather than vrrp_mcast_group4.

2017-09-15 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.3.6 released.
	* Ensure locations of pid files is consistent
	  Issue #563 identified that the generated keepalived.service has the
	  wrong location for the pid file. On investigating this it was discovered
	  that keepalived isn't following the GNU coding standards for location of
	  pid files; however, we can't now move the default location of pid files.
	  This commit ensures that the keepalived.service file's location for pid
	  files is consistent with where keepalived is placing them, but also adds
	  a configure option --enable-gnu-std-paths, which means that keepalived
	  will use ${localstatedir} for the location of pid files, while the default
	  remains /var/run
	* Stop logging that preferred_lft has been set to 0.
	  Some users are interpreting the message as a warning, and hence are
	  unnecessarily avoiding using a /128 netmask for IPv6 addresses. The
	  message doesn't really tell us anything useful, so remove it.
	* Handle not being able to load ip_tables or ip6_tables modules.
	  When running in a docker container it isn't possible to load kernel
	  modules, so we need to cleanly handle a failure to load the modules.
	* Don't segfault if unable to load ip_vs module.
	  In a docker container it isn't possible to load a kernel module. The
	  check code was detecting that it couldn't load the module, but the
	  checker process, when cleaning up prior to exiting, was assuming that
	  certain pointers had been initialised which hadn't been when an error
	  was detected so early in the initialisation.
	  This commit adds testing for uninitialised pointers during the exit
	  sequence.
	* Fix releasing malloc'd memory for saved core pattern.
	* Fix memory leak when adding iptables entries.
	* Handle missing virtual server configuration.
	  keepalived was segfaulting if a virtual server had no real servers
	  configured. There were also issues of checkers running even if there
	  was missing essential configuration from a virtual server which meant
	  it could be set up. The problems were a virtual server group specified
	  but it didn't exist, a virtual server group with no configuration, and
	  a virtual server address family not match the address family of a virtual
	  server group.
	* Don't attempt to remove ipsets if ipset handling not initialised.
	* Delay initialising IPVS until affter processing configuration.
	  If IPVS isn't configured, there is not point in loading the ip_vs
	  module.
	* Fix conditional compilation tests for _HAVE_LIBNL3_
	* Make dynamic flag bool.
	* Don't report exit status of misc_check scripts.
	  The result of a change in status from a misc_check script is reported
	  by the code anyway, so to log any non-zero exit code is superfluous and
	  annoying.
	* Work around conflict between kernel and libipset header files.
	  ipset copies linux/netfilter/ipset/ip_set.h (and other) header
	  files, producing local copies that are installed as
	  libipset/linux_ip_set.h etc as part of the libipset development
	  package. Unfortunately although the kernel changes the include
	  guards when processing its source code, ipset does not, and so
	  the duplicated header files have different include guards.
	  This patch detects if the include guards don't match, and if so
	  if linux/netfilter/ipset/ip_set.h is included, it defines the
	  include guard used by libipset/linux_ip_set.h before the latter is
	  indirectly included.
	* add Dockerfile.
	* Fix detecting default script uid/gid.
	* Stop segfault when keepalived can't load ip_vs module.
	* Add some additional docker support files and add make target docker.
	  The configuration file installed by make install isn't ideal to run
	  keepalived with, so add a simple keepalived.conf that will be
	  installed into the container.
	  Add make target docker, to build the docker image.
	  Add docker/README to give some information about building and using
	  containers (this is mainly so that I don't forget how to the details).
	* Remove a line of debugging code.
	* Don't complain about keepalived_script user if not needed.
	  keepalived logged a warning every time if the keepalived_script user
	  didn't exist. We only need that warning if there is a script that uses
	  the default user, and an alternative defult user isn't specified.
	* Fix relative script path names with embedded spaces.
	  The space wasn't being restored after resolving the path name.
	* Fix memory leak if notify scripts specified multiple times.
	* Remove some residual debugging messages.
	* Fix memory leak if quorum up/down scripts specified multiple times.
	* Use realpath() to canonicalize script names.
	* Fix missing PARAMETER_UNSET, which caused the global value of
	  vrrp_higher_prio_send_advert not to be used for each VRRP instance.
	* Remove unused variable introduced in commit 1c5bfa29.
	* Fix using virtual server groups following commit 5ca36cb.
	* Set address port to be sequence number for virtual server group.
	  The format_vs() function uses the virtual server address port as
	  the sequence number of the virtual server instance using the virtual
	  server group, so we need to set it up.
	* Warn if real server has no checkers when alpha mode.
	  If a virtual server is configured with alpha mode, and a real server
	  has no checkers, the real server will never be able to be activated,
	  so generate an appropriate warning.
	* Only delete virtual server once if using a virtual server group.
	  If multiple virtual servers are using a virtual server group, the
	  virtual servers are defined by the virtual server group, and so they
	  should only be deleted for the first virtual server using the group.
	  There is still an issue that the configuration of all virtual servers
	  using the virtual server group needs to be consistent.
	* Add further checks for LVS configuration.
	* Document additional scheduling algorithms for IPVS.
	* Change virtual_server_t loadbalancing_kind to forwarding_method.
	  The variable name loadbalancing_kind didn't represent the meaning of
	  the parameter, so change it to forwarding_method.
	* Add fo and ovf scheduling types to SNMP.
	* Only check one packet scheduling if supported.
	* Add lvs_method per real server.
	  The lvs_method should be settable for each real server within a
	  virtual server. This commit maintains existing default behaviour
	  by using the lvs_method set against the virtual server as the default
	  for the real servers, but adds the option to configure the lvs_method
	  individually for each real server.
	* Fix type in printing config of scripts.
	* Convert some spaces to tabs.
	* logger: output timestamps to console logs.
	* Optimise handling of config_id in parser.
	* Fix some typos.
	* prog_type variable doesn't make sense when building a DEBUG version.
	  The DEBUG version runs everything in a single process, and to the
	  prog_type variable is meaningless in this case. This commit excludes
	  the prog_type variable by conditional compilation when building a
	  DEBUG version.
	* Add home, -nodad, mngtmpaddr, noprefixroute, and autojoin address flags.
	* Update documentation for commit cc67476.
	* Add notify FIFO.
	  pull requests #568 and #587 and issue #584 have all identified that if
	  notify scripts are run in close succession, then order if processing of
	  those scripts is indeterminate, and this is causing systems that are
	  monitoring the state of vrrp instances to have the wrong state.
	  There have been various suggestions about how this should be resolved,
	  principally along the lines that the notify scripts should be run
	  synchronously, i.e. a notify script should not be run until the previous
	  notify script completed. While this would work, it adds some overhead to
	  keepalived, which currently does not monitor the exit status of notify
	  scripts.
	  There is a further issue with notify scripts that if a large number of
	  events occur in rapid succession (e.g. due to an interface flapping), this
	  can cause a large number of child processes to be created very rapidly.
	  This commit adds an alternative method for external processes receiving
	  notification of events. Instead of forking a script for each event, keepalived
	  will write to a named pipe. An external process can then read the pipe to
	  receive notification of events, and process them appropriately. This is
	  guaranteed to deliver events in the correct order. It also has the benefit
	  that there isn't the overhead of forking a child process for each event.
	* If can't get local host name, set default router_id to "[unknown]".
	  Issue #588 reported that keepalived was segfaulting when generating
	  an SNMP trap in strlen(global_data->router_id), which presumable is
	  due to global_data->router_id being NULL. As a precaution set
	  router_id to "[unknown]" if get_local_name() fails".
	* Implement SNMP reporting smtpServerPort.
	  Commit 128cd24 added functionality for specifying smtp server port
	  and commit bcb09b8a added smtpServerPort to the keepalived MIB, but
	  no code was added to report the port. This commit adds that functionality.
	* Don't use PATH when executing FIFO script.
	  The path has already been resolved as part of checking the script
	  security, so there is no need to search the path.
	* Log error if unable to execute FIFO notify script.
	* Pass FIFO name to notify_fifo_script as parameter.
	* Add FIFO notify for LVS notifies.
	  To match the FIFO notifies for VRRP, this commit adds FIFO notifies
	  for LVS. There are now three FIFOs available, a global one that
	  will send output for VRRP and LVS, one for VRRP only and one for
	  LVS only.
	* Fix conditional compilation for --enable-debug
	  Commit 7947247 attempted to sort out making keepalived work with
	  --enable-debug, but unfortunately it used the wrong conditional
	  compilation variable (DEBUG instead of _DEBUG_). This commit
	  corrects the conditional compilation tests.
	* Include protocol in virtual and real server output.
	* Stop segfaulting if no script given for a vrrp_script.
	* Fix a _DEBUG_ conditional compilation test.
	* Fix incorrect expression in clear_services().
	* Fix use htons() instead of ntohs().
	* Fix bad file descriptor error at reload with no virtual servers.
	* Delete disabled inhibit servers at reload.
	* Add logging to remove sorry server at reload.
	* Fix bad file descriptor error at reload with no virtual servers.
	* Delete disabled inhibit servers at reload.
	* Fix thread_cancel() for timed out threads.
	* build: add basic .travis.yml file
	* README.md: rename from README.
	* build: add build status tag in readme file
	  All that's needed now, is for user `acassen` to
	  go to `https://travis-ci.org/` login with the Github
	  account, import repos from Github, and enable build
	  for keepalived [a checkbox/button].
	* Set sorry_server's fowarding_method.
	* Further fix for thread_cancel() for child timeout threads.
	  Commit ade3d699 fixed removing read and write timeout threads
	  from the ready queue when they are cancelled. This commits adds
	  removing child timeout threads from the ready queue too.
	* Fix warnings from ignoring seteuid/setegid return results.
	* Fix dynamic linking with early versions of libnl3 without nla_get_s32.
	* Updated autoconf files due to autoconf upgrade.
	* Fix compiling with namespace collisions in net/if.h and linux.if.h.
	* Update travis configuration.
	  This commit includes the installation of development library
	  packages, updated kernel header files, using trusty for the builds,
	  and adding more build options.
	* Reinstate distributing (renamed) README.md file.
	* More updates for updated automake/autoconf.
	* Fix new warnings produced by gcc 7.
	*  Migrate failed checkers at reload (provisional implementation).
	* Implement comparison of checkers.
	  genhash: libraries to link with should be put in LDADD, not LDFLAGS.
	* configure.ac: fixed build on older systems, namely CentOS 6.
	  Provide AS_VAR_COPY if missing and downgrade autoconf dep to 2.63.
	* Fix worng migrate of checker-id.
	* Set active if new failed_checkers is empty.
	* Fix typo in interface details printing.
	* Enable vmacs to work when sysctl net.ipv4.conf.all.rp_filter > 0.
	  A number of distros now set net.ipv4.conf.all.rp_filter = 1 by default.
	  This means that when a vrrp instance is in the master state, it cannot
	  receive adverts sent by a higher priority master, and hence we end up
	  with 2 masters.
	  I tried an alternative of receiving on the base interface, but no packets
	  that have the same source MAC address as an interface on the system
	  (i.e. the vmac interface) get delivered to the socket.
	  For distros such as Fedora, RHEL, CentOS, ArchLinux, all.rp_filter = 1
	  due to systemd commit
	  https://github.com/systemd/systemd/commit/1836bf9e1d70240c8079e4db4312309f4f1f91fd
	  The reason given for the commit is to work around a boot-time race condition
	  where interfaces created before default.rp_filter is set do not get the
	  updated default.rp_filter setting, and so the all.rp_filter setting is used
	  to override the individual interface settings. This doesn't seem the right
	  solution to the problem, since it prevents any interface running with
	  rp_filter = 0, and that is what we need for vmacs. I have filed an issue
	  report for systemd at https://github.com/systemd/systemd/issues/6282, but
	  in the mean time we need to work around the issue. Ubuntu sets all.rp_filter=1
	  in /etc/sysctl.d/10-network-security.conf provided by the procps package.
	  Debian doesn't set all.rp_filter.
	  The only solution I have found, and I am not entirely happy with this since
	  it has effects beyond keepalived and affects the system as a whole, is to set
	  all.rp_filter = 0. In order to seek not to change the operation of the system,
	  if default.rp_filter < all.rp_filter, default.rp_filter is set to all.rp_filter,
	  thereby ensuring that any new interfaces created will take the original value
	  of all.rp_filter. It then iterates through all existing interfaces, and
	  {interface}.rp_filter is set to the value of all.rp_filter if
	  {interface}.rp_filter < all.rp_filter. all.rp_filter is then set to 0.
	  This means that all interfaces should behave in the same way as before, since
	  the behaviour of rp_filter is defined by the maximum of
	  {interface,all}.rp_filter, but we are not able to operate the vmac interfaces
	  with rp_filter = 0. When keepalived exists, it restores the original settings
	  of rp_filter if they are the same as what we set them to.
	* Only restore rp_filter on interfaces if same as we set them to.
	  If rp_filter has been altered since we set it, then do not restore
	  it to the original value.
	* Update files for build fix commits.
	  Commits 2cccc97 and a932cf2 provided fixes for building on CentOS6.
	  This commit updates genhash/Makefile.in in line with
	  genhash/Makefile.am and adds a comment to autoconf.ac regarding
	  when autoconf introduced support of AS_VAR_COPY.
	* Fix build error at when _HAVE_IPV4_DEVCONF_ was undefined.
	* Remove unnecessary parameter compare.
	* Resolve compiler warning introduced by commit 8361b11.
	* Remove debugging log messages added in commits 99fe626 and 6ec26e0.
	* Fix compiler warning and remove unwanted log messages.
	* Make a couple of checker variables non global.
	* Correct comparison for checker compare in migrate_failed_checkers.
	  Commit 2ff6b3f changed the sense of the comparisons of checkers,
	  but didn't make the corresponding change to checking the result.
	* Fix keepalived.doc(5) man page.
	* Add virtualhost config for real servers.
	  Different real servers may want different virtualhost config
	  settings. The real server virtualhost setting overrides the
	  virtual server virtualhost setting.
	* Allow virtualhost to be specified per checker and per url.
	* Fix compiling with SNMP enabled.
	* Fix compiler warnings when use configure --enable-conversion-checks.
	* Fix an unintentional case fall-through.
	  gcc 7 identified two case statement fall-throughs. One was intentional,
	  but the other was a bug. The latter is now fixed, a comment is added
	  for the former so the warning isn't generated.
	* Fix commit cc67476 to allow flags for static and virtual ip addresses.
	* Fix handling of more recent ip address flags.
	  Recent ip address flags have exceeded 8 bits, and so the IFA_FLAGS
	  attribute needs to be used, rather than the ifa_flags field.
	* Fix typo in help.

2017-03-19 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.3.5 released.
	* Ensure nopreempt is not set if address owner.
	* Remove hardcoded paths from init files.
	* Add configure option to override system init type.
	* Fix some configure tests for init type.
	* Add support for ip rules uidrange option.
	  This option was added in Linux 4.10.
	* Resolve compiler warning on 32 bit systems.
	  There were two warnings in lib/timer.c for signed vs. unsigned
	  comparisons on 32 bit systems.
	* Add missing documentation for ip rule uidrange.
	* Include snapcraft.yaml tar file.
	* Remove extraneous EXTRA_DIST directory.
	* Add library requirements for ArchLinux.
	* Allow tracking and misc_check scripts time to terminate after
	  timeout. If a script exceeds the timeout, it is sent a SIGTERM,
	  and then if it still doesn't terminate, it is sent a SIGKILL.
	  The problem was that the script was only allowed 2 microseconds
	  to terminate, whereas it should have been 2 seconds.
	* Fix script paths when converted to absolute path names.
	  If a tracking or misc_check script is not specified by a fully
	  qualified path name, but rather it is resolved via PATH, the updated
	  patch name wasn't being saved for tracking or misc_check scripts.
	* Remove yet more hardcoded paths.
	* Make git ignore keepalived.service file.
	* Streamline signal handling initialisation.
	* Report track script name if it times out.
	  keepalived was simply reporting that pid nnnn had timed out, which
	  didn't give any indication of what script it was that had timed out.
	  This patch now means that the script name will be logged rather than
	  the pid.
	* Fix conditional configuration for config read via alloc_value_block().
	  The code for handling conditional configuration was in the wrong function.
	  This commit move it to read_line() so all configuration is read in the
	  context of @system_id conditional lines.
	* Fix compiling with --disable-vrrp.
	  When building without vrrp, the checker process still needs to
	  know about IP address creationg and deletion in order to allow the
	  ha_suspend configuration option to work.
	* The checker process never needs to monitor interfaces.
	* Move vrrp_ipvs_needed() to vrrp_daemon.c.
	* Remove some unnecessary includes of check_data.h.
	* Make ha_suspend work when building without vrrp.
	  Support of ha_suspend was only enabled when keepalived was built
	  with vrrp support. There may be other processes that are adding and
	  deleting ip addresses, so support of ha_suspend should be enabled when
	  building without vrrp support.
	  Also, the vrrp process doesn't need to call the update_checker_activity()
	  function when addresses are added or deleted.
	* Don't use netlink address monitoring if not using ha_suspend.
	* Make --release-vips (-X) option work.
	  'X' was not included in the optstring for getopt_long(), and so
	  --release-vips option was not recognised.
	  Further, only enable VRRP and checker specific options if compiled
	  with that functionality.
	* Only report added/deleted addresses if relevant to keepalived.
	  Logs could get full of messages reporting address addition/deletion
	  that were of no relevance to keepalived. By default, keepalived will
	  now only report address additions/deletions with the -D option if
	  the address is relevant to keepalived.
	  The -a option is added to log all address additions/deletions.
	* Remove all #ifdef _WITH_LVS_ from checker code.
	  If building the checker code, _WITH_LVS_ is always defined (_WITH_LVS_
	  means build the checker code), so there is no point testing if it is
	  defined in any of the checker code.
	* Only include vrrp header files when building with vrrp and also for
	  check. Make sure vrrp header files are only included if building with
	  vrrp (i.e. without --disable-vrrp), and likewise only include check
	  header files if compiling with LVS support (i.e. without --disable-lvs).
	* Add test/tcp_server.c for testing TCP_CHECK.
	* Make -a option work without ha_suspend.
	* Fix integer types. The correct, standard integer types are uint8_t and
	  uint16_t, not u_int8_t nor u_int16_t (the latter being kernel types).
	  glibc and uClibc may define the kernel-compatible types, but musl (which
	  is standards-compliant) does not.
	* Fix warning when compiling without libnl.
	* Add including <stdint.h> where those types are used.
	* Add option to not use dlopen() for libipset, but link at link time.
	* Remove superfluous (duplicated) block of code.
	* Add option for dynamic (run-time) linking to libip[46]tc.
	* Fix dynamic linking of libiptc without ipsets.
	* Check iptables/ip6tables commands available before using them.
	* Fix some conversion check compiler warnings.
	* Make configure option --disable-routes do something.
	* Don't link to libdl if not needed.
	* Fix compilation with --disable-vrrp.
	* Don't link to libraries not required by configuration.
	* Remove all authentication code if --disable-vrrp-auth specified.
	* Remove FALLBACK_LIBNL1 and use existing _HAVE_LIBNL1_ instead.
	  There was no point in a separate FALLBACK_LIBNL1 since it and
	  _HAVE_LIBNL1_ always had the same value.
	* Add udp functionality to tcp_server test program.
	* Fix check_conditional_tests script.
	* Add option for dynamic (run-time) linking to libxtables.
	* First stage of run-time linking to libnl-3.
	* Dynamic/static linking options of libnl/libnl-3, libip[46]tc and
	  libipset. libnl/libnl-3, libip[46]tc and libipset can all be dynamically
	  linked at run-time, and if they are not available, keepalvied will use
	  the alternative code which is used when the libraries cannot be linked
	  a build time.
	  This means that a single executable keepalived can be created that will
	  use the libraries if they are installed on the target system, but will
	  fall back to the alternatives if the libraries are not available.
	  This is useful for build environments such as Buildroot which will not
	  force optional dependencies (see pull request #540), since now keepalived
	  can be built so as not to force the optional dependencies, but to make
	  use of them if they are installed.
	* Fix building without libnl/libnl-3.
	* Don't allow adver_int to be rounded down to 0.
	* Fix creation of iptables entries on more recent kernels.
	  On a 4.9.13 kernel iptables entries were being created with
	  return-nomatch ! update-counters ! update-subcounters, as shown by
	  the iptables command.
	  Although it is not understood why these options are being added, it
	  transpires that the problem occurs when using version one of the
	  xt_info_set_match, but doesn't occur when using version 4 of the
	  structure.
	  This patch ensures that the latest version of the structure that is
	  supported by the kernel is always used.
	* Fix updating /proc/sys/kernel/core_pattern.
	  Reset file offset to beginning of file between reading the file and
	  writing new contents.
	* Fix printing of smtp_server port.
	* Handle failure if fail dynamically to get address of a libipset function.
	* Be defensive in case fail to get addres of a libipset function dynamically.
	* Fix evaluation of library names for run-time linking.
	* Show failed ipset dl function.
	* Provide explicit DL error messages and fix autobuilt snap version.
	* Fix formatting of email message for CHECK_SMTP failures.
	  The format string passed to smtp_final() can contain format specifiers
	  so a further pass through printf is required.
	* Add printf format attribute to vlog_message().
	* Add higher_prio_send_advert vrrp config option.
	  There is a problem if two vrrp instances, due to becoming isolated,
	  both become master, since they will both have sent GARP messages.
	  Setting higher_prio_send_advert and garp_lower_priority_repeat means
	  that if a master receives a higher priority advert, it will send its
	  own lower priority advert before it transitions to backup. The higher
	  priority master, on receiving a lower priority advert, will then send
	  GARP messages, and so the ARP caches will then be correctly updated.
	  Using the higher_prio_send_advert option may be considered not to
	  conform to the VRRP protocol (725) to (765) in state description of
	  RFC5798, however, since which of the two masters advertises first
	  after they can both see each other again is random, there is a 50%
	  chance that the lower priority instance will send an advert before the
	  higher priority instance, so to all external observers it will appear
	  that this is the case, or at least that the adverts overlapped.
	* Fix higher_prio_send_advert in lower priority master.
	* Load the ip_tables module if using iptables.
	  We cannot guarantee that the ip_tables modules has been loaded, so
	  we load it ourself if using libiptc.
	* Fix (cosmetic) conditional compilation test.
	* Fix building with --enable-libxtables-dynamic --disable-libiptc.
	* Enable compilation with namespaces if SYS_setns is not defined.
	* Fix compiling with struct xt_set_info_match_v0.
	* Check to libnfnetlink.h and netlink.h with libnl v1 too.
	* Workaround missing libraries from pkg-config --libs libiptc.
	  Old version of libiptc don't report requirements on libip4tc and
	  libip6tc, so check if the output from pkg-config is only -L.* -liptc
	  and if so add -lip4tc -lip6tc.

2017-02-18 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.3.4 released.
	* Fix generation of lib/git-commit.h when building a tagged commit.
	* Define GIT_DATE and GIT_YEAR when generating default git-commit.h
	  This issue was caused by commit 5287f03 which didn't define GIT_DATE
	  and GIT_YEAR in all circumstances.

2017-02-14 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.3.3 released.
	* Fix unitialised use of misck_checker in script timeout.
	* Fix detection of no netlink being installed.
	* Fix conditional compilation for LIBIPVS without netlink.
	* Terminate child processes if parent dies.
	  If the parent keepalived process is killed, the child processes will
	  be orphaned and can cause problem when attempting to restart
	  keepalived. This patch makes use of prctl with PR_SET_PDEATHSIG such
	  that all child processes will receive SIGTERM if the parent process
	  dies.
	* Ensure syslog and mem_check_log open before using them.
	  A segfault was occuring when --enable-mem-check-log option was
	  selected, due to attempting to write to the log file before it had
	  been opened. It was also evident that there could be attempts to
	  write to syslog before that had been opened too.
	* Fix building on Centos 7/RHEL 7 re lightweight tunnel encapsulation.
	  RedHat have partially backported lightweight tunnel encapsulation
	  into their kernel, but not included MPLS or ILA. We need to have
	  conditional compilation for LWTUNNEL_ENCAP_MPLS and LWTUNNEL_ENCAP_ILA
	  rather than just checking for RTA_ENCAP.
	* Update documentation for tracking scripts weight 0.
	  weight default is 0, which means tat a failure implies a FAULT state.
	* Reinstate code checking module ip_vs loaded.
	  Commit d900df2 removed a bit to much code that looked as though it
	  wasn't doing anything, with the result that the check of whether the
	  ip_vs module was loaded didn't occur.
	  This commit reinstates the code for checking, and if necessary loading,
	  the ip_vs module, but also sanitises the code slightly.
	* Fix some more compiler warnings.
	* Fix a typo in a help message in configure.ac.
	* sorry_server: keep sorry_server on reload.
	* sorry_server: set it up on start or reload if quorum is down.
	  on start: in alpha mode.
	  on reload: if changed, or no previous sorry_server.
	* Added doc for priority 4th parameter to notify script.
	* ipwrapper.c: make functions void if return value not used or constant.
	  Several functions in check/ipwrapper.c were always returnung the same
	  value, and the code calling the functions then checked and returned an
	  error if the return value was not the value always returned. Also, for
	  some functions returning a value the return value was never checked in
	  the calling function.
	  Making the functions void, and removing the if (...) makes the code easier
	  to read, and potentially slightly more efficient.
	* Add snapcraft.yaml for CI build publication.
	* Fix missing documentation for 4th parameter of notify action.
	* Make builds reproducable, and copyright date reflect latest commit.
	  Pull request #503 provided an update to facilitate reproducable builds,
	  and also ensure that the copyright date doesn't postdate the last source
	  code modification. Unfortunately the commits required manual updates to
	  change the copyright year, thereby creating maintainability issues. The
	  commit also allowed fake build dates to be specified.
	  This commit takes an alternative approach, and takes the dates used for
	  the copyright message and the version date from the date of the last git
	  commit.
	  If the code is build from within a git tree, this is straightforward. On
	  the other hand, the code may be build from  tarball, so we ensure that
	  the lib/git-commit.h file is updated when the tarball is built, and
	  included in the tarball.
	* Add option to force building without libnl/libnl-3.
	  This option is really only for test purposes to build keepalived
	  without libnl even though libnl is installed.
	* Log errors if configure IPVS with IPv6 if not using libnl.
	  The socket interface for configurating IPVS does not support IPv6,
	  so rather than leaving the user with the error message
	  "Operation not supported with specified address family"
	  give a meaningful message in the log.
	  At configure time, a warning will also be generated stating that
	  IPVS will not support IPv6.
	* Ensure IPVS address families match.
	  Don't allow a mixture of IPv4 and IPv6 addresses in a virtual server
	  group, or within a virtual server.
	* When dumping an IPVS IPv6 address range, use hex.
	* Log if virtual_server_group doesn't exists, or address family mismatch.
	  If a virtual server is configured to use a virtual server group but that
	  virtual server group doesn't exist, then log an error.
	  Also, if the address family of the virtual server group and virtual server
	  don't match, log an error as well.
	  We really ought to be removing the virtual server from the configuration,
	  but I haven't worked out how to do that yet.
	* Don't flag changes to automake/conf generated files as source changes.
	  The output of keepalived -v adds a '+' if there are uncommitted changes to
	  the source code. However, we aren't interested in changes to the autoconf
	  or automake generated files, since these aren't really "source" files, and
	  are only included in the git repo to allow building on systems without
	  autoconf/automake. Further, the differences may simply be due to different
	  versions of autotools being used.
	* Minor formatting updates to Sphinx documentation.
	* Enable configure to work with ash.
	* Handle sysconf() returning -1 for _SC_GETPW_R_SIZE_MAX.
	* Report ignoring virtual server if group specified doesn't exist.
	  It's too difficult to remove the virtual server from the configuration,
	  but the error will be reported in the log, and so the sysadmin should
	  resolve the configuration.
	* Updated snapcraft.yaml location.
	* Move snapcraft and reflect master version.
	* Add libipset3 to snap stage packages.
	* Allow for keepalived to be a command in /snap/bin/ as well as a daemon.
	* Add 'source-type: git' to avoid dirty commit versions.
	* Update gitignore for clean snap commit versions.
	* Resolve not adding '+' to git version in snapcraft builds.
	  This is a temporary workaround to the problem of snapcraft deleting
	  the snap/snapcraft.yaml file from its clone of the git repo (see
	  https://bugs.launchpad.net/snapcraft/+bug/1662388 for details).
	* Add cleaning of snapcraft generated directories/files.
	* Add support for Alpine Linux.
	  This commit adds detection and support of the OpenRC init system.
	* Add details of what libraries are needed for various Linux distros.
	* Force recreating automake/autoconf files when building with rpm.
	  If an autoconf/automake source file is patched as part of the rpmbuild
	  process, then some of the autoconf/automake generated files may be
	  regenerated, and this can cause a mismatch if the versions of autoconf/
	  automake on the system building the rpm don't match the versions
	  that were used to generate the files that have been committed to git.
	  This patch changes the keepalived.spec file to always run autoreconf -f -i
	  to ensure the generated autoconf/automake files are aligned to the right
	  version.

2016-11-26 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.3.2 released.
	* Correctly handle return code from system() call.
	  If we want to check for an exit status, WIFEXITED(ret) must be
	  checked first.
	* Fix compilation where SNMP enabled.
	* Fix a couple of SNMP errors.
	  The length of KEEPALIVED-MIB::version was being returned a sizeof(char *)
	  rather than strlen(char *).
	  VRRPv3 vrrpv3GlobalStatisticsDiscontinuityTime was being completely
	  mishandled.
	* Add additional files needed to build from git without autoconf.
	* Don't save and restore current directory twice with config includes.
	* Don't recognise an executable file as a configuration file.
	* Allow maximum path names for configuration files.
	* Don't check for include file after reaching EOF.
	* Fix a segfault if terminating at startup do to interface not found.
	* notify: log error while performing set{gid,uid}.
	  Log error message while setting goup and user before system call.
	  Maybe we should avoid system call on error if {gid,uid} are used, would
	  be more secure.
	* Don't execute a script if setuid or setgid fails.
	  This was suggested in the comment of commit 849615d and is clearly
	  the right (secure) thing to do.
	* If a script doesn't have a '/' in the name, search PATH for it.
	  This also handles spaces in script specifications where they are
	  parameters.
	* Don't allow accept when strict mode set if not address owner.
	  This commit changes keepalived from just issuing a warning to also
	  disable accept mode when strict mode is set.
	  Patch submitted by levin1.
	* Added init_fail setting to assume failed state for vrrp_script during
	  startup of keepalived.
	* When checking script security check set uid/gid bits too.
	  Although the setuid/gid bits are ignored for scripts, they are
	  not ignored for binary executables, and there is no point in having
	  the bits set for scripts. So we play safe, and simply check those
	  bits, and don't attempt to ascertain if it is a script or not.
	* Disable scripts that aren't executable.
	  system() on a non-executable script will fail, so we may as well
	  just not try executing such a script.
	* Exit if can't read configuration file.
	  If we have no configuration, we have nothing to run, so exit.
	* Don't chdir("/") if not forking.
	  In keepalived_main() there is a comment that the working directory
	  is / unless keepalived is run in non-forked mode, in which case it
	  remains the current working directory when keepalived was run.
	  Unfortunately start_vrrp_child() and start_check_child() were
	  executing chdir("/") regardless of whether they had been forked or not.
	  Since the parent process does chdir("/") if it is appropriate, the
	  children will inherit that, so they don't need to chdir() at all.
	* Only set umask(0) in parent process.
	  The children inherit it from the parent, so no need to set it in
	  the vrrp or checker child processes.
	* Further changes for script init state failed.
	* notify: use _GNU_SOURCE.
	  Just to make compiler happy about inconsitent declaration of mempcpy
	  and strchrnul. Just cosmetics here.

2016-11-21 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.3.1 released.
	* Ensure lists aren't empty when checking script security.
	* Correctly check security of scripts with parameters, and check
	  checker notify/quorum scripts
	* Check security of real/virtual server notify scripts.
	* Handle space in filenames appropriately when checking script security.
	  The generic notify scripts can have spaces in their filenames, all other
	  scripts spaced delineate parameters.

2016-11-20 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.3.0 released.
	* Add DBus functionality to VRRP.
	  Add new pthread off VRRP to expose DBUs service org.keepalived.Vrrp1
	  through a GMainLoop.
	  Create a general /org/keepalived/Vrrp1/Vrrp DBus
	  object and a /org/keepalived/Vrrp1/Instance/#interface#/#group# object for
	  each VRRP instance.
	  Interface org.keepalived.Vrrp1.Vrrp implements methods PrintData,
	  PrintStats and signal VrrpStopped.
	  Interface com.keepalived.Vrrp1.Instance implements method SendGarp
	  (sends a single Gratuitous ARP from the given Instance),
	  signal VrrpStatusChange, and properties Name and State (retrievable
	  through calls to org.freedesktop.DBus.Properties.Get)
	  Interface files are located at location /usr/share/dbus-1/interfaces/
	  A policy file, which determines who has access to the service, is
	  located at /etc/dbus-1/system.d/
	* Resolve DBus working after a reload
	  thread_destroy_list() was closing file descriptors of read and write
	  threads, but we wanted the DBus pipes to remain open. It transpires that
	  closing the fds in thread_destroy_list() is unnecessary, since they are
	  closed elsewhere anyway, so stop closing the fds in thread_destroy_list().
	* Add stronger compiler warnings (-Wextra).
	  The following bugs were discovered:
	  check_smnp_realserver_weight()
		comparison if unsigned value < 0
	  alloc_ipaddress()
	    comparison of unsigned == -1 and not checking
	    return status of find_rttables_scope() correctly
	  read_line()
	    accessing element buf[18446744073709551615]
	    ie. buf[2^64-1], which is the same as buf[-1].
	  The following improvements to the code were made:
	  Many unused function parameters
	  either removed or marked unused
	  Many signed vs. unsigned comparisons
	  In most cases variables change to be unsigned
	  Lengths being stored in signed variables
	* Rationalise checking of libnl-3.
	* Bring generation of rpmbuild keepalived.spec file up to date
	  The keepalived.spec file is now created to match the options passed
	  to configure. It also detects if the system init process is systemd,
	  upstart or the traditional SYSV init system.
	* Add more BuildRequires to keepalived.spec.in.
	* Further improvements to keepalived.spec.in for systemd systems
	* Change some configure.ac variable names due to using PKG_PROG_PKG_CONFIG
	* Fix configure.ac to make RedHat hardened rpm builds work
	  CFLAGS, CPPFLAGS and LIBS variables were not being preserved by
	  configure.ac, and this caused needed CFLAGS to be lost when
	  configure was run, resulting in a build failure.
	  This commit ensures the flags are all preserved.
	* Allow for automake macro AM_PROG_AR not existing.
	* Add support for UDP socket to layer4 library.
	* Add DNS checker.
	* Update documentation for DNS health checker.
	* Fix compile check for PE selection support.
	* Add file missing from add-dns-checker commit.
	* Update commits for correctly checking for IPVS_SVC_ATTR_PE_NAME.
	  The upadted configure and lib/config.h.in weren't included in the commits,
	  and to be consistent the comment on what Linux version introduced the feature
	  is in configure.ac if the test exists in configure.ac
	* Fix conditional compilation test for FRA_OIFNAME.
	* Fix compilation test for IFLA_INET6_ADDR_GEN_MODE.
	* Fix compilation test for IPVS_DEST_ATTR_ADDR_FAMILY.
	* Fix compilation test for IPVS_DEST_ATTR_STATS64 and IPVS_SVC_ATTR_STATS64.
	* Fix compilation test for RTA_VIA.
	* Fix compilation test for CLONE_NEWNET for DBus.
	* Fix issue of overwriting the original disposition of signals.
	* Improve forced termination of script execution process and its offspring.
	* Improve propagate important signal for the script process groups.
	* Use argument instead of static variable.
	* Fix bug around the process group.
	* Use SIGTERM instead of SIGHUP.
	* Stop linking with -lipset.
	  libipset (if used) is dynamically linked at runtime, and so keepalived
	  shouldn't be linked with -lipset.
	  Linking with -lipset was erroneously added when converting the build
	  system to use automake.
	* Report diagnostic message if dlopen() fails.
	* Fix loading of ipset library when development library not installed.
	* Don't use ipsets with namespaces on Linux < 3.13 by default.
	  On Linux prior to version 3.13, ipsets were not network namespace
	  aware, so by default the use if ipsets is disabled if keepalived
	  is running in a network namespace. Configuration keyword
	  'namespace_with_ipsets' enables ipset use with a network namespace
	  on these older kernels.
	* Fix reporting of script exit status.
	* Update documentation and fix compiler warning re ipset with Linux < 3.13
	* Make report_child_status() check for vrrp and checker child processes
	  report_child_status() checks for exit status KEEPALIVED_EXIT_FATAL
	  and KEEPALIVED_EXIT_CONFIG, but these are only relevant for the vrrp
	  and checker child processes, and not for track scripts etc. This commit
	  adds a check that the terminating process is the vrrp or checker process
	  before checking those exit statuses.
	* Add no_accept mode for VRRPv2 and standardise VRRPv3 with it
	  RFC3768, for VRRPv2, specifies that packets addressed to the VIPs
	  should not be accepted, unless the router is the address owner.
	  This commit implements not accepting the packets when running VRRPv2,
	  but only if no_accept is specified, or running in strict mode. The reason
	  for not making no_accept the default (which would confirm to the RFCs) is
	  that if running IPVS, or any other service on top of the VIPs, we need to
	  be able to accept the packets, and requiring everyone to specify accept
	  in that case would not be reasonable.
	  Prior to this commit, VRRPv3 was blocking packets sent to VIPs (and eVIPS),
	  unless the vrrp instance was the address owner, or accept mode was set. This
	  commit changes the default behaviour for VRRPv3 to make it consistent with
	  VRRPv2 (i.e. either strict mode or no_accept needs to be specified to be
	  conformant with RFC5978).
	* Tidy up logged messages if ipset initialisation fails.
	* Streamline MII polling.
	  We only need to read 2 MII registers, and not 32 as was previously being
	  done.
	  This commit also uses the <linux/mii.h> header file for field and
	  register definitions.
	* Simplify bitops.h code.
	* Resolve warnings generated with compiler option -Dconversion.
	  Most of the warnings were resolved by changing the data types of some
	  variables. Others required casting, particularly where kernel interfaces
	  are involved.
	  There were a few instances discovered that were errors, for example comparing
	  an unsigned int against -1, and assigning a 16 bit value to a uint8_t.
	  This commit also adds configure options --enable-conversion-checks and
	  --enable-force-conversion-checks, the former adds compiler option -Dconversion
	  unless the compiler is an old version that throws up false warnings. Option
	  --enable-force-conversion-checks adds -Dconversion even if the compiler throws
	  up known false warnings.
	* Fix some minor errors/typos in doc/keepalived.conf.SYNOPSIS.
	* Fix keyword error in sample configuration.
	* Fix typo in genhash error message.
	* Fix address ranges for virtual server groups
	  The handling of address ranges was only written for IPv4 addresses, and
	  only worked on little endian systems.
	  This commit enables IPv6 address ranges to work, and also should now
	  work on big endian systems (but I don't have access to a big endian system
	  to test it). Validation is added to ensure that the end of the range is after
	  the start of the range, and that the value of the range end does not exceed
	  255 (for IPv4) of ffff (for IPv6).
	  There is also some optimisation of the code, so that netmask is not set (since
	  it isn't used by the kernel), and the port is set once only, before the loop
	  through the addresses.
	* Add --enable-Werror configure option.
	* Add promote_secondaries keyword for vrrp_instance block.
	  If two IPv4 VIP addresses are in the same CIDR, and the primary
	  address is removed, then by default any other address in the same CIDR is
	  also removed. To stop this happening, the promote_secondaries flag
	  needs to be set on the interface.
	  Commit e5526cf added setting the promote_secondaries option on
	  VMAC interfaces, and stated that adding the option for non-VMAC
	  interfaces would be added later. This commit now adds a
	  promote_secondaries configuration option in order to set the flag
	  on the interface.
	* Add reporting of promote_secondaries configuration setting.
	* Add conditional configuration feature
	  It is usually the case that the configurations for keepalived for
	  systems operating together are virtually identical, and only differ
	  in vrrp instance priorities, router id, and unicast addresses if
	  those are being used.
	  It is a nuisance to have to edit one file for each server to make
	  identical changes, so this commit adds the facility for conditional
	  configuration entries.
	  Any line starting with the '@' character is a conditional line.
	  Immediately following the '@' character is a config id. The line is
	  only included in the configuration if the config id matches the
	  argument passed to keepalived with the -i option on the command line.
	  For example, consider the following configuration snippet:
	  global_defs
	  {
	    @main       router_id main_router
	    @backup router_id backup_router
	  }
	  If keepalived is started with -i main, then the router id will be
	  main_router, if started with -i backup, then backup_router. If
	  keepalived is started without the -i option, or -i anything else,
	  then the above snippet will not configure any router id.
	* Fix building with --disable-vrrp.
	* Stop segfaulting when configuration keyword is missing its parameter
	  There are many places where during configuration parsing the code
	  assumes that if a keyword is specified that requires a parameter, then
	  the parameter exists. If the parameter doesn't exist, then the code
	  indexes past the end of the vector, and at best segfaults, and at worst
	  may carry on, parsing random data.
	  This commit adds strvec_slot() which checks for the presence of the
	  parameter, and if configured will call a function that can handle the
	  error. Currently this logs that the parameter is missing, with as much
	  helpful information as it can provide, and then terminates.
	* Use FMT_STR_VSLOT where appropriate.
	* Use TIMER_HZ where appropriate.
	* Fix comment and error message re http write timeout.
	* More verbose logging on (effective) priorities pt. 2.
	* Change configure option --enable-snmp-keepalived to --enable-snmp-vrrp
	  The option was enabling snmp for vrrp, not all of keepalived (the
	  --enable-snmp option does that), so this commit renames it to reflect
	  what it is actually doing.
	  The --enable-snmp-keepalived option is retained but marked as obsolete.
	* Use AS_HELP_STRING autoconf macro.
	* Fix process increase
	* Add forcing termination of children of scripts if script times out
	  Commits fe9638b..cebfbf5 resolved problems around forced termination
	  of scripts if they didn't terminate within the proscribed time. During
	  the development of the patches, it was identified that after a script
	  had been terminated by SIGTERM, any child processes created by the
	  script also need to be kill.
	  This commit adds the forced termination of any such children.
	* Correctly handle existing VMACs on reload.
	  Anthony Dempsey in issue #449 identified that
	  keepalived attempts to recreate existing VMAC interfaces on a reload,
	  and that the subsequent failure causes keepalived not to use the VMAC.
	  This then identified further issues such as the check for an existing
	  VMAC in netlink_link_add_vmac() didn't also check the interface a
	  VMAC was on, and that the checks for conflicts of VMAC interface names
	  with existing interfaces weren't sufficient.
	  This patch builds on the patch provided by Anthony Dempsey to also
	  resolve the additional issues identified.
	* Fix check of matching VRRP instances on reload.
	  On a reload, clear_diff_vrrp() removes vrrp instances that are no
	  longer in the configuration. The check, however, was based on vrrp
	  instance name, which might have changed. The check is now based on
	  VRID, address family and interface, since it is this triplet that
	  uniquely defines a vrrp instance.
	* Fix clearing addresses no longer used after a reload.
	  The address comparison was including ifa_index, but that wasn't being
	  set up until after clear_diff_vrrp() was called.
	* Don't zero the mem_allocated count during reload.
	  We want to know if there is a leak during reload, so don't zero the
	  counter.
	* Ensure iptables/sets entries and ip routes/rules not lost on reload.
	  There were several places in the code that were causing existing
	  iptables/ipsets entries to be lost on reload, and also new entries
	  for additional ip addresses were deleted after being added. In
	  addition, ip rules/routes for existing entries were being removed.
	* Ensure GARPs/GNAs are sent after reload if VIP/eVIP addresses added.
	  Although there have been versions of keepalived when GARPs/GNAs were
	  sent after a reload, this was due to a bug in determining if the VRRP
	  instance had existed before. Resolving that bug (commit aaea8a4),
	  caused keepalived to stop sending GARPs after a reload. This commit
	  now specifically adds code to send GARPs on a VRRP instance for all
	  addresses on that instance. It would be better if GARPs were sent only
	  for the added addresses, and that may be resolved in a future commit.
	* Use correct interface for iptables/ipset entries when not accept mode
	  If an interface was specified for a VIP/eVIP, the iptables/ipset block
	  if not in accept mode for link local IPV6 addresses was specifying the
	  interface the vrrp instance was on rather than the interface the address
	  was added to.
	  This commit now makes the iptables/ipset entry specify the interface that
	  the address has been added to.
	* Resolve "Netlink: error: message truncated" messages.
	  On systems with a page size larger than 4096 keepalived may report:
	  "Netlink: error: message truncated" messages
	  This error was reported on a ppc64le in an OpenStack/Nutron environment.
	  Ppc64le is using a 64k pages size. I found that keepalived's netlink recvmsg
	  buffer was too small causing messages to be truncated. The size of the read
	  buffer for the netlink socket should be based on page size however, it should
	  not exceed 8192. See the comment in the patch.
	  I tested the fix by creating 100 veth interfaces and verifying the errors
	  did not return.
	* Use ipsets with namespaces on Linux < 3.13 if ipset names configured.
	  The problem with using ipsets with namespaces on Linux < 3.13 is that
	  ipsets were not namespace aware, and so all ipset entries added are
	  global to the system, including all network namespaces. This causes
	  problems if the default ipset names are used, but if set names have
	  been specified, it is reasonable that they have been set to be
	  different for each namespace, and hence there will be no clashes.
	  The documentation is also updated for vrrp_ipsets keyword.
	* Don't write MEM_CHECK data to log when forked script child terminates.
	  The mem check log file was being filled with extraneous termination
	  information every time a forked child terminated. When a child is forked
	  it now sets a flag to stop the termination dump.
	* Fix illegal syntax in configure script
	  Indirect expansion (`${!foo}`) is a bashism, it's not POSIX-sh
	  compatible and is not supported by common shells except Bash and ZSH!
	  Configure script should be portable, hence strictly POSIX compliant.
	  Moreover it has shebang /bin/sh.
	* Make running scripts more secure
	  Previously, keepalived ran all scripts as root. This is potentially
	  dangerous if a non-root user can modify the script, or has write
	  access to any part of the path to the script.
	  This commit does the following:
	  1) Adds configuration options to specify the user/group under which to
	     run each script
	  2) Adds an option to set the default script user/group. If this is not
	     set it will default to user keepalived_script if that user exists,
	     otherwise it will default to root, as before.
	  3) If a script is to be executed with root privilege, report if it is
	     writeable in any way by a non-root user.
	  4) Add an option enable_script_security so that any scripts failing
	  3) above won't be executed.
	  5) Report if any scripts are not executable by the relevant user.
	* Fix some lead tab/space issues.
	* Fix segfault when terminating with no notify script configured.
	* Fix compiler warning generated with --enable-conversion-checks.
	* Don't segfault if modules ip_tables or ip6_tables not loaded
	  If either of the modules is not loaded, then don't use ip(6)tables for
	  that address family. We could load the module, but there would be no
	  entries pointing to the chains that we use, and so there is no point
	  adding entries to chains that won't be traversed.
	* Resolve some type mismatch warnings on 32 bit systems.
	* Fix checking security of misc_check scripts.

2016-09-11 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.24 released.
	* Declare and use default value for garp_refresh.
	* Update documentation for default setting of snmp_server.
	* Ensure old VIPs removed after reload.
	* Add internet network control support for IPv6.
	* Log startup and "already running" messages to console with --log-console.
	* Remove VIPs on reload if no longer in configuration.
	* Add internet network control support for IPv6.
	* Add more lvs syncd options, and various minor fixes.
	* Don't attempt to set packet priority for wrong IP protocol.
	  if_setsockopt_priority() was setting SO_PRIORITY socket option regardless
	  of whether the socket was IPv4 or IPv6. Although the setsockopt() call doesn't
	  fail for IPv6, it doesn't do anything.
	  Commit fc7ea83 added setting IPV6_TCLASS, again for both IPv4 and IPv6, but
	  the setsockopt() call fails on an IPv4 socket.
	  This commit makes keepalived only set the appropriate socket option, depending
	  on whether it is an IPv4 or IPv6 socket.
	  The commit also changes from using the SO_PRIORITY option for IPv4 to using the
	  more specific IP_TOS option.
	* Avoid compiler warning of duplicate definition.
	* Add function attributes to malloc functions.
	* KEEPALIVED-MIB vrrpRuleIndex should be unsigned.
	* Allow all ip rule/route options for rules and routes.
	  This commit adds support for all ip rule/route supported options for
	  rules and routes (and also tunnel-id rule option not yet supported
	  by ip rule).
	* Make ip rules/routes a configuration option.
	* Add all ip rules/routes options, and minor fixes.
	* Corrections for rule suppress_ifgroup.
	* Stop respawning children repeatedly after permanent error.
	  Keepalived was respawning very rapidly after a permanent error, which
	  was not useful.
	  This commit allows the detection of certain errors and if one occurs
	  keepalived won't respawn the child processes, but will terminate with
	  an error message.
	* Remove all remaining vestiges of Linux 2.4 (and earlier) support.
	  There was code remaining for supporting ip_vs for Linux 2.4, but
	  the remainder of the keepalived code requires Linux >= 2.6.
	* Make some libipvs functions static.
	* Move ipvs source and include files into check/include directories.
	* Don't duplicate kernel definitions for IPVS code.
	* Remove unused code from libipvs.c.
	* Remove ip_vs_nl_policy.c, contents now in libipvs.c.
	* Add ipvs 64 bit stats.
	* Remove linux 2.4 code, add 64bit ipvs snmp stats, and some minor fixes.
	* Fix compiling without SNMP checker support.
	  The patchset removing support for Linux 2.4 introduced a problem
	  compiling libipvs.c when SNMP checker support wasn't enabled.
	* Remove those annoying "unknown keyword" messages.
	  A slight reworking of the parsing code manages to get rid of those
	  annoying "unknown keyword" messages which we all know are't true.
	* Remove IP_VS_TEMPLATE_TIMEOUT. It was removed from ipvsadm in
	  version 1.0.4.
	* Remove check for MSG_TRUNC being defined.
	  It has been defined since glibc 2.2.
	* Remove conditionals based on libc5. libc5 predated glibc 2.0.
	* Remove conditional compilation checks for defines in Linux 2.6.
	  ETHTOOOL_GLINK, RTAX_FEATURES, RTAX_INITRWND, SIOCETHTOOL and SIOCGMIIPHY
	  are all defined in Linux 2.6, so no longer need to be wrapped in
	  conditional compilation checks.
	* Sort out checks for O_CLOEXEC.
	* Remove check for SA_RESTART. It existed pre Linux 2.6.
	* Change reporting of default snmp socket.
	* More updates for removing pre-Linux 2.6 code, and stop "unknown keyword"
	  messages.
	* Fix adding iptables entries on Linux 4.6.3 onwards.
	  ip[46]tables_add_rules() were allocating space for an additional
	  struct xt_entry_match. kernel commit 13631bfc6041 added validation
	  that all offsets and sizes are sane, and the extra
	  struct entry_match failed that test.
	* Fix adding iptables entries on Linux 4.6.3 onwards.
	* Fix size parameter for keepalived_malloc/realloc.
	  lib/memory.h specified the size parameter to keepalived_malloc/realloc
	  as size_t, whereas lib/memory.c specified unsigned long.
	  The inconsistency was complained about by the compiler on 32-bit systems.
	  Fix memory.c to make the parameter a size_t.
	  Change lib/memory.c and lib/memory.h to use type size_t for size
	  variables.
	  Use printf format specified %zu for size parameters.
	* Fix building without LVS or without VRRP.
	* Convert build system to automake.
	  The INSTALL file gives instructions for setting up the build system
	  using automake etc.
	  For those without automake (and autoconf), just running configure
	  works as before.
	* Convert build system to automake.
	* Add network namespace support.
	  This allows multiple instances of keepalived to be run on a single
	  system. The instances can communicate with each other as though they
	  are running in separate systems, but they are also isolated from
	  each other for all other purposes.
	  See keepalived/core/namespaces.c for some example configurations and
	  use cases.
	* Use atexit() for reporting malloc/free checks on termination.
	* Add + and git commit in -v output if uncommited changes.
	* Add network namespace support.
	* Remove some superfluous conditional compilation tests.
	* Poll for reflection netlink messages after adding each interface.
	  If a large number of interfaces are added, the kernel reflection
	  netlink socket can run out of buffers. This commit adds a poll of
	  the kernel netlink reflection channel after adding each interface,
	  thereby ensuring that a large queue of messages isn't built up.
	* Stop Netlink: Received message overrun (No buffer space available) messages.
	* Fix debug build since automake conversion.
	* Fix configuration testing for ipset support prior to Linux 3.4.
	* Add polling of netlink messages when entering master state.
	  If a large number of vrrp instances enter master state simultaneously
	  the netlink socket can run out of buffers, since the netlink socket
	  isn't read sufficiently frequently. Adding a poll of the netlink socket
	  after the VIPs/eVIPs are added ensures that the netlink messages are read
	  when the become available.
	* Add some missing '\n's when printing the vrrp configuration.
	* Fix generating git-commit.h.
	* Ensure xmit_base not set with strict mode.
	* Fix detection of code changes not commited to git in git-commit.h.
	* Change true/false variables in global_data to bools.
	* Fix timer_cmp handling large differences between the two times.
	  In a struct timeval, tv_sec is a time_t which is a long. Assigning
	  a.tv_sec - b.tv_sec to an int caused it to overflow if the time
	  differences were large.
	* Add a TIMER_NEVER value.
	  This allows a thread to specify that it never wants to be woken on a
	  timed basis.
	* Add global default_interface keyword.
	  default_interfaces sets the default interface to use for static
	  ipaddresses. If the system does not have an eth0, or one wants to
	  use a different interface for several static ipaddresses, this makes
	  the configuration simpler. It also has the potential to reduces
	  changes required if transferring the configuration to another system.
	* Fix skew time for VRRPv3 with low priority and long advert interval.
	  With a low priority and a long advert interval, the calculation of the
	  skew time was overflowing a uint32_t. For example, with a priority of
	  1 and an advertisment interval of 10 seconds, the skew time was being
	  calculated as 4288 seconds, rather than 9.96 seconds. This had the
	  impact that the backup instance would take over an hour to transition
	  to master.
	* Don't set master_adver_int from an invalid packet.
	* Make timeout_persistence a uint32 rather than a string.
	* Fix some configuration tests and compiling on old Linux version.
	* Improve persistence handling.
	  Properly support persistence_granularity for IPv6.
	  Set persistence_timeout default if granularity specified.
	  Only support persistence engine if supported by the kernel.
	  This commit also changes variables timeout_persistence and
	  granularity_persistence to persistence_timeout and
	  granularity_timeout.
	* Simplify a bit of indentation.
	* Add (commented out) code for writing stack backtrace to a file.
	* Free syslog_ident string after logging the free.
	  When writing mem check entries to the log, the syslog_ident needs to be
	  freed after the log has been written to.
	* Allow FREE_PTR mem check to log the proper function.
	  Having FREE_PTR as a function meant that whenever any memory was freed by
	  FREE_PTR() the function that was logged as freeing it was FREE_PTR itself.
	  Changing FREE_PTR() to be a #define means that the calling function name
	  is logged.
	* Fix tests of HAVE_DECL_CLONE_NEWNET.
	* Fix a conditional compilation test re namespaces and rename a variable.
	* Fix when some FREE() calls are made.
	* Only parse net_namespace in parent process.
	* Add VRRP/LVS conditional compilation around PID files.
	* Improve removing zombie PID files.
	* Add more VRRP/LVS conditional compilation.
	* Don't check if instance is a rotuer every time an NA is sent.
	  keepalived was calling sysctl to check if the interface was configured as
	  router before sending each gratuitous Neighbour Discovery advertisement. This
	  patch now checks if the interface is routing when the instance transitions to
	  master, and uses that for all the NA messages.
	* Improve mem check initialisation.
	* Add support for running multiple instances of keepalived.
	  Using network namespaces allows multiple instances of keepalived to run
	  concurrently, in different namespaces, without any collision of the pid
	  files.
	  This patch adds the concept of a keepalived instance name, which is then
	  use in the pidfile name, so that multiple instances of keepalived can run
	  in the same namespace without pid file name collisions.
	* Add option to write pid files to /var/run/keepalived.
	  When using namespaces or instances, pid files are written to /var/run/keepalived.
	  The commit adds an option for the standard pid files to use that directory.
	* Add keywords instance and use_pid_dir, plus sundry fixes/improvements.
	* Add configure option to enable stacktrace support.
	* Fix adding and deleting iptables rules for addresses.
	  When keepalived was built not using ipsets, the adding and deleting
	  of rules for addresses was including an extra xt_entry_match struct
	  that meant that the rules could only be deleted by ithe iptables
	  command by entry number and not be specifying the parameters.
	* Fix compiling without libiptc (iptables) support.
	* Don't log error message when trying to remove leftover iptables config.
	  At startup keepalived attempts to remove any iptables configuration that
	  may have been left over from a previous run. Of course the entries won't
	  normally be there, so don't report an error if they are not found.
	* Fix iptables entries for accept mode, other iptables fixes, and make
	  write_stacktrace a configure option.
	* Add script to setup interfaces in a network namespace.
	  The scripts mirrors the running network interfaces that are needed
	  for a given keepalived configuration into a network namespace
	  (default test), so that keepalived can be run in that namespace in
	  order to test the configuration.
	* Correct comments re location of network namespace pid files.
	* Add -s option for overriding net_namespace configuration option.
	* Change test/netns-test.sh -c option to -f to match keepalived.
	* Make netns-test.sh report interfaces that don't exist.
	* Remove leftover debug message.
	* Fix address comparison for equal priority adverts.
	* Streamline the specification of libraries to the linker.
	  Most of the dynamic libraries and static libraries were being specified
	  twice. This commit removes the duplication of all of the dynamic libraries
	  and only duplicates core/libcore.a of the static libraries.
	* Fix automake files for building on Ubuntu 14.04 LTS.
	* Enable building with Net-SNMP on Ubuntu.
	* Stop compiler warning on Ubuntu.
	* Fix compilation with libipset on Debian wheezy.
	* Fix various build problems on Ubuntu 14.04 and Debian.

2016-07-11 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.23 released.
	* Make malloc/free diagnostics a separate configure option.
	  The commit adds the configure --enable-mem-check option which
	  allows the MALLOC/FREE diagnostics to be enabled without
	  the --enable-debug option. This means that the mem-check
	  diagnostics can be used when running keepalived in it's normal mode
	  with forking children for vrrp and checkers.
	  The mem-check diagnostics are written to
	  /tmp/Keepalived_{,vrrp,healthcheckers}_mem.PID.log
	  The --mem-check-log configure option enables command line option
	  -L which also writes zalloc/free details to the syslog.
	* Fix compilation error on 32-bit systems with mem-check enabled.
	* Replace one zalloc() and one free() call with MALLOC() and FREE().
	  This ensures that the mem-check diagnostics cover all mallocs/frees.
	*  Fix report of malloc'd memory not being freed.
	* Streamline read_line().
	* Resolve a segfault when reloading with vmacs.
	  The vrrp_t entries on the vrrp_data list have pointers to an
	  interface_t for each vrrp instance. When reloading, the
	  interface_t items where freed, but a pointer to the old list
	  of vrrp_t items is held in old_vrrp_data. After the new
	  configuration is processed, clear_diff_vrrp() is called. clear_diff_vrrp()
	  uses the interface_t pointers from the old vrrp_t entries, but the
	  memory pointed to by the interface_t pointers has already been freed,
	  and probably reallocated for a different use.
	  This commit delays freeing the old interface_t items until after
	  clear_diff_vrrp() has completed, so the interface_t pointers remain valid.
	* Check valid interface pointer before calling reset_interface_parameters().
	  Before resetting the settings on the base interface of a vmac, check that
	  the interface_t pointer is valid.
	* Fix new --mem-check-log option.
	* Don't write parent's memory logging into children's log file.
	  When running with mem-check output to files, the buffer from the
	  parent process was also being written into the children's log
	  files. The commit sets the CLOEXEC flag on the log files, and
	  also sets the log files to be line buffered.
	* Fix segfault or infinite loop in thread_child_handler() after reloading.
	  When the checker and vrrp child processes start up, memory for a
	  thread_master_t is malloc'd and saved in master. Subsequently,
	  launch_scheduler() is called, and that sets the parameter to be passed
	  to the SIGCHLD handler - thread_child_handler() to the value of master,
	  pointing to a thread_master_t.
	  If keepalived is signalled to reload, the child processes free all
	  malloc'd memory, and a new thread_master_t is malloc'd and saved in
	  master. If this is not the same address as the previous thread_master_t,
	  then the value being passed to the SIGCHLD handler is a pointer to the
	  old thread_master_t, whereas everything else is using the new thread_master_t.
	  If the memory used for the old thread_master_t is then returned in a subsequent
	  malloc() call, a subsequent SIGCHLD will invoke thread_child_handler() with
	  a pointer to memory that has now been overwritten for some other purpose, hence
	  causing either a segfault or an infinite loop.
	  A further consequence is that new child processes will be added to the new
	  thread_master_t, but when thread_child_hander() is called after a child
	  terminates, it won't find the child since it is still looking at the old
	  thread_master_t.
	  This commit modifies the behaviour of a reload by not releasing the old
	  thread_master_t and then malloc'ing a new one, but rather it just reinitialises
	  the original thread_master_t and continues using it.
	* Remove base_iface from struct _vrrp_ - it wasn't used.
	* Add configuration option to flush LVS configuration.
	  This commit adds a global configuration option lvs_flush to flush
	  the LVS configuration, and if not set, the configuration won't be
	  flushed.
	* Add back real server when return from failure with HTTP_CHECK.
	  If status_code wasn't specified for a url entry in the configuration
	  then a real server would never be returned to service following a
	  failure.
	  The commit makes keepalived return a real server to service if no
	  status_code is specified if the HTTP status code returned from the
	  service is a success code (i.e. 2xx).
	* Avoid duplication of keyword installation in check_http.c.
	* Fix adding new static ip addresses after reload.
	  Commit f23ab52, when stopping duplicate static ip routes and rules
	  being added after a reload also stopped new static ip addresses being
	  added. The commit reinstates adding new static ip addresses.
	* Fix adding static iprule/routes after a reload.
	* Stop segfault when configure a route with no destination address.
	* Fix unused global vrrp_garp_master_refresh.
	* fix healthchecker reload when some healthchecks are failed.

2016-06-14 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.22 released.
	* vrrp: Fix build without VRRP VMAC.
	* Fix compilation with RFC SNMP without Keepalived SNMP.
	* vrrp: Update master_adver_int when receive higher priority advert
	  when master.
	  If VRRPv3 is being used, and a higher priority advert is received when
	  in master mode, the master_adver_int needs to be updated when transitioning
	  backup mode. If this isn't done, and our advert interval is less than a third
	  of the new masters, we will time out and re-enter master mode, send an advert
	  to which the other master will resond with a higher priority advert, causing
	  us to go back into backup mode, until our timer expires again, and this will
	  continue indefinitely.
	* vrrp: Don't send advert after receiving higher priority advert.
	  If a master receives a higher priority advert, there is no need
	  to send another advert, since the sender of the higher priority
	  advert is already a master. Further, any other instance in backup
	  mode will process our subsequent advert, and then consider the
	  wrong system to be master, until it receives another advert from
	  the real master.
	  With VRRPv3, if the other master has an advert interval more than
	  three times our advert interval, backup routers will be using our
	  advert interval after we've sent our subsequent advert, and will
	  then timeout before the new master sends another advert, prompting
	  (one of) the backup routers to become a master, which will prompt
	  the higher priority master to send an advert, the ex-backup router
	  will then send another advert and we could end up in an endless cycle.
	* vrrp: Fix receiving advert from address owner when in fault state.
	* vrrp: When transitioning from fault state, log state change.
	* vrrp: Fix preempt delay when transitioning from fault state.
	  There were two ways of leaving fault state, either by receiving a packet
	  on the instance, or by a netlink message indication that the interface is
	  up again. In neither case was preempt_delay considered in the code.
	  This commit changes the way vrrp->preempt_time is used. preempt_time is now
	  only used once a higher priority advert is received, rather than being updated
	  every time a lower priority advert is received. vrrp->preempt_time is now also
	  set when transitioning out of fault state. vrrp->preempt_time.tv_sec == 0 now
	  indicates the timer is not running.
	* vrrp: Detect and report duplicate address owners.
	  If more than one system is configured as an address owner (priority
	  == 255), this would be a configuration error, and could cause
	  unexpected behaviour. This commit ensures that the problem is
	  reported, and sets the local instance not to be the addess owner,
	  as a temporary workaround for the problem.
	* vrrp: Fix maximum number of VIPs allowe.
	* ipvs: Fix IPVS with IPv6 addresses.
	* ipvs: Don't overwrite errno by another syscall before checking errno.
	* ipvs: ipvswrapper.c: fix comparison.
	* Enable compilation with development net-snmp headers.
	* vrrp: Fix IPv4 vIP removal when addr matches pre-existing interface addr.
	  For IPv4 vIPs keepalived adds a /32 to the underlying interface. If
	  this address matches an address already configured, e.g. a /24, when
	  this vIP is eventually removed due to a configuration change or
	  keepalived shutdown, the original address matching the vIP, outside
	  of keepalived's control, is removed instead. This behaviour is
	  incorrect. The /32 added by keepalived should be the address being
	  removed. Keepalived should not be touching any addresses it does not
	  create.
	* vrrp: Check for errors when opening VRRP data and stats files.
	  This fixes crashes when running keepalived under SELinux enforcing mode,
	  which does not allow keepalived proccess to write to /tmp by default.
	* vrrp: Don't assume IPADDRESS_DEL == 0 and IPADDRESS_ADD != 0.
	* vrrp: Fix compilation failure.
	* vrrp: Fix transition to backup when receive equal priority advert from
	  higher address.
	  When a vrrp instance in master mode received an advert from another master
	  that had equal priority, it wasn't comparing the addresses to determine
	  whether it should treat the advert as higher priority, and hence the
	  instance should fall back into backup state.
	  When checking whether the advert is from a lower priority master, it now
	  checks if the priorities are equal and then compares the addresses.
	* vrrp: Optimise address comparision when receive advert in master mode.
	* Optimise inet_inaddr_cmp.


2016-05-26 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.21 released.
	* Install VRRP-MIB when applicable.
	  It appears that the condition in Makefile.in for installing VRRP-MIB
	  was using a non-existent macro, SNMP_RFC2_SUPPORT. This patch removes
	  two conditions from Makefile.in that use undefined macros and adds a
	  condition to install VRRP-MIB when SNMP_RFCV2_SUPPORT is set
	  appropriately.
	* Check virtual route has an interface before returning ifindex to SNMP
	* Force git-commit.h to be updated when needed
	* INSTALL: Keepalived doesn't need popt anymore
	* INSTALL: support for 2.2 kernels is long gone.
	* INSTALL: fix a few typos
	* keepalived.conf(5) some minor improvements
	* man keepalived(8): some minor improvements
	* Add printing of smtp server port when printing global config
	* timeout_epilog: mark argument const.
	* parser: mark some function arguments as const.
	* terminate argv with NULL.
	  man execvp says: "The array of pointers must be terminated by a null
	  pointer."
	* ipvswrapper.c: fix comparison.
	* mark pidfile strings as const.
	* utils.c: mark some arguments a const.
	  I left inet_stosockaddr alone for now, since it modifies the string.
	  We should fix that, since we pass in strings which might be const and in
	  readonly memory.
	* netlink_scope_n2a: mark return type as const.
	* vector->allocated is unsigned.
	* notify_script_exec: mark a few arguments as const.
	* vscript_print: mark string as const.
	* vector->allocted is unsigned.
	* dump_vscript: mark str as const.
	* Updated range for virtual_router_id and priority.
	* Stop segfaulting with mixed IPv4/IPv6 configuration
	  After reporting that an ip address was of the wrong family, when
	  the invalid address was removed from the configuration, keepalived
	  was segfaulting, which was due to the wrong address being passed to
	  free_list_element().
	* Updated range for virtual_router_id and priority in
	  doc/keepalived.conf.SYNOPSIS
	* Allow '-' characters in smtp_server hostname.
	* Allow smtp_server domain names with '-' characters to be parsed
	  correctly.
	* Report and exit if configuration file(s) not found/readable.
	  The configuration file is treated as a pattern, and processed
	  using glob(). If there is no matching file, then it wasn't reading
	  any file, and keepalived was running with no configuration.
	  This patch adds a specific check that there is at least one matching
	  file, and also checks that all the configuration files are readable,
	  otherwise it reports an error and terminates.
	* Fix building with Linux < 3.4 when ipset development libraries
	  installed.
	  Prior to Linux 3.4 the ipset header files could not be included in
	  userspace. This patch adds checking that the ipset headers files can
	  be included, otherwise it disables using ipsets.
	* configure: fix macvlan detection with musl libc.
	* Fix compiling without macvlan support.
	* Bind read sockets to particular interface.
	  Otherwise, since we use RAW sockets, we will receive IPPROTO_VRRP
	  packets that come in on any interface.
	* vrrp: read_to() -> read_timeout(). Make function name less confusing.
	* vrrp: open_vrrp_socket() -> open_vrrp_read_socket().
	  An equivalent open_vrrp_send_socket() exists, therefore make
	  the read version follow the same naming convention.
	* vrrp: fix uninitialized input parameter to setsockopt().
	* Make most functions in vrrp_print.c static.
	* Enable compilation on Linux 4.5.x.
	  Including <libiptc/libiptc.h> causes a compilation failure on Linux 4.5
	  due to both <net/if.h> and <linux/if.h> being included, and they have
	  a namespace collision.
	  As a workaround, this commit defines _LINUX_IF_H before including
	  <libiptc/libiptc.h>, to stop <linux/if.h> being included. Ugly, yes,
	  but without editting kernel header files I can't see any other way
	  of resolving the problem.
	* Fix segmentation fault when no VIPs configured.
	  When checking the VIPs in a received packet, it wasn't correctly
	  handling the situation when there were no VIPs configured on the
	  VRRP instance.
	* Improve checking of existance and readability of config files.
	  There was no check of the return value from glob() in read_conf_file()
	  and check_conf_file(), so that if there were no matching files, they
	  attempted to use the uninitialised globbuf, with globbuf.gl_pathc taking
	  a random value. A further check has been added that the files returned
	  are regular files.
	  Finally, if no config file name is specified check_conf_file() is now
	  passed the default config file name rather than null.
	* vrrp: update struct msghdr.
	  The vrrp netlink code assumes an order for the members of struct msghdr.
	  This breaks recvmsg and sendmsg with musl libc on mips64. Fix this by
	  using designated initializers instead.
	* Initialise structures by field names.
	* Detection of priority == 0 seems to be shaded.
	* More verbose logging on (effective) priorities.
	* Log changes to effective priority made via SNMP.
	* vrrp: use proper interface index while handling routes.
	  It appears current code has a small typos while handling routes trying
	  to access route->oif where it should be route->index.
	* vrrp: make vrrp_set_effective_priority() accessible from snmp code.
	  just include proper file in order to avoid compilation error.
	* monotonic_gettimeofday: make static.
	* Disable unused extract_content_length function.
	* utils: disable more unused functions.
	* utils: make inet_sockaddrtos2 static.
	* signal: remove unused functions.
	* Disable unused signal_ending() consistently with other unused code.
	* parser: make a bunch of stuff static.
	* scheduler: make a bunch of stuff static.
	* scheduler: disable unused thread_cancel_event().
	* vector: disable unused functions.
	* vector: make 2 functions static.
	* list: disable unused function.
	* genhash: make some functions static.
	* Remove unused variable.
	* core: make a few functions static.
	* checkers: make some functions static.
	* vrrp_arp: make some global variables file-scope.
	* vrrp_ndisk.c: make 2 global variables file-scope.
	* vrrp: make some functions and globals static.
	* In get_modprobe(), close file descriptor if MALLOC fails.
	  The sequencing of the code wasn't quite right, and so if the MALLOC
	  had failed, the file descriptor would be left open.
	* Fix compilation without SOCK_CLOEXEC and SOCK_NONBLOCK.
	  SOCK_CLOEXEC and SOCK_NONBLOCK weren't introduced until
	  Linux 2.6.23, so for earlier kernels explicitly call fcntl().
	* Don't include FIB rule/route support if kernel doesn't support it.
	* Enable genhash to build without SOCK_CLOEXEC.
	* Ignore O_CLOEXEC if not defined when opening and immediately closing file.
	* Allow building without --disable-fwmark if SO_MARK not defined.
	  configure complained "No SO_MARK declaration in headers" if that
	  was the case, but --disable-fwmark was not specified. The commit
	  stops the error message, and just defines _WITHOUT_SO_MARK_ if
	  SO_MARK is not defined.
	* Update documentation for debug option.
	* Add options -m and -M for producing core dumps.
	  Many systems won't produce core dumps by default. The -m option
	  sets the hard and soft RLIMIT_CORE values to unlimited, thereby
	  allowing core dumps to be produced.
	  Some systems set /proc/sys/kernel/core_pattern so that a core file
	  is not produced, but the core image is passed to another process.
	  The -M option overrides this so that a core file is produced, and
	  it restores the previous setting on termination of the parent process,
	  unless it was the parent process that abnormally terminated.
	* Add option to specify port of smtp_-server.
	* Add comment re when linux/if.h and net/if.h issue resolved upstream.
	* Enable building with SNMP with FIB routing support.
	* Exclude extraneous code when building with --disable-lvs.
	* Update description of location of core files.
	* Add support for throttling gratuitous ARPs and NAs.
	  The commit supersedes pull request #111, and extends its functionality
	  to also allow throttling of gratuitous NA messages (IPv6), and allows
	  specifying the delay parameters per interface, since interfaces from
	  the host may be connected to different switches, which require
	  different throttling rates.
	* Add snmpServerPort to Keepalived MIB.
	* Add printing of smtp server port when printing global config.
	* Add aggregation of interfaces for throttling ARPs/NAs.
	  This commit adds support for aggregating interfaces together, so
	  that if multiple interfaces are connected to the same physical switch
	  and the switch is limited as a whole on the rate of gratuitous ARPs/
	  unsolicited NAs it can process, the interfaces can be grouped together
	  so that the limit specified is applied across them as a whole.
	* In free_interface_queue, don't check LIST_ISEMPTY before freeing.
	* Clear pointer freed by free_list().
	* Make FREE_PTR() clear the pointer after freeing the memory.
	* Make FREE() clear pointer after memory released.
	  Since a pointer to allocated memory mustn't be used after the memory is
	  freed, it is safer to clear the pointer. It also means that if the pointer
	  is subsequently used, it shoud segfault immediately rather than potentially
	  trampling over random memory, which might be very difficult to debug.
	* vrrp: Improve validation of advert_int.

2016-04-02 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.20 released.
	* better VERSION handling
	* ipvs: tcp check supports retry.
	  New tcp check config option "retry" sets the check retry counter.
	  If tcp check fails on an alive server, keepalived will perform
	  another checks until n_retry counter reaches zero, or until the check
	  succeeds. The delay between retry checks is configured by the
	  "delay_before_retry" config option. The default value is 1 retry after 1 second.
	  This is the same feature that already exists in HTTP checker
	  (config option "nb_get_retry").
	* check_http: retry logic is refined.
	  Retry on every error, including timeout and connection
	  error, but only when RS is up.
	  This is needed to reduce rs flaps: we shut the server down
	  only after nb_get_retry failed checks.
	  Also, do not wait for delay_loop after a successfull check to
	  bring the server UP.
	* ipvs: respect the error code of the ipvs_talk.
	  Previously, if the IPVS reflector was unable to perform
	  its task, it reported error through syslog and ignored it.
	  This behavior leads to inconsistancies with quorum-handler:
	  it is called with UP even if no RS were added into the IPVS.
	  This could take place, for example, when there is a limit of
	  opened filehandles and keepalived was unable to open netlink
	  socket (it is opened on every call to the ipvs_talk).
	  Now the check is not marked as OK unless IPVS reflector reports
	  OK. Following successfull check will try to add an RS again.
	  The special case errors "ENOENT on remove" and "EEXIST on add"
	  are treated with OK result code.
	* ipvs: remove unused resulting error code.
	  These functions are turned from int into void:
	  ipvs_group_sync_entry, ipvs_group_remove_entry, ipvs_syncd_cmd.
	* check_http: reduce cpu usage.
	  do MD5 calculation only when configured to do so.
	* timer: reduce cpu usage.
	  timer_cmp is called too often and eats much of cpu cycles. Make
	  the comparison more effective. Increase code re-using in
	  monotonic_gettimeofday(). Use timer_reset_lazy() where possible
	  to omit the excess memset() call.
	* scheduler: reduce CPU usage.
	  Since threads are sorted by t->sands, we could break the cycle
	  when not expired thread found.
	* ipvs: rs weight changes properly on reload.
	  Do not remove and re-add a real_server when reloading config
	  if its weight has changed. Just edit the existing ipvs rs entry.
	* ipvs: new service option "ip_family".
	  This option explicitly specifies the address family of a
	  fwmark IPVS service entry. Previously it was determined by
	  the AF of the first real server. This logic is kept as a fallback
	  when the "ip_family" option is missing.
	  Also, now it is possible to create two different services
	  for v4 and v6 with the same fwmark number.
	* make 'smtp_server' config to support domain name.
	* use getaddrinfo() instread of gethostbyname().
	* make 'smtp_server' config to support domain name.
	* Added vrrp 'timeout' to synopsis.
	* Cleaned/fixed up KEEPALIVED-MIB, it now passes smilint
	* Fixed vrrp_snmp_route() - it was returning the address of the pointer
	  instead of the IP address / network address for dst, gw, gw2, and src
	* SNMP fixes/cleanup.
	* Added support for static and virtual ip rules for use with policy
	  based routing
	* Add info to set a default gateway into man and sample.
	* vrrp: Fix socket setup code for IPv4 multicast.
	  if_setsockopt_mcast_if was only doing anything for IPv6 interfaces.
	  Make it work also for IPv4 interfaces, and then don't need to
	  call if_setsockopt_bindtodevice for multicast.
	  Is it still necessary to call it for unicast?
	* vrrp: Set (and restore) interface parameters.
	  In order to receive and send multicasts on the correct interfaces
	  various parameters need to be set via the /proc/sys/net/ipv4/conf
	  interface. This patch sets them as needed, and restores any
	  changes on the underlying interface on exit.
	  If a user currently sets any parameters by scripts, that will
	  override these changes and still work, but this change in general
	  will make it unnecessary to change any parameters with scripts.
	* vrrp: Leave VRRP multicast group by ifindex.
	  Since we know the interface index, use that instead of the address
	  since it is more efficient. Also, in the unlikely event that the
	  interface doesn't have an address, then this avoids a problem.
	* vrrp: Don't delete vmac interfaces before dropping multicast membership.
	  Further to commit afea07bd94384c8ac8125e8cdbfd18bc4a46b14e, the
	  dropping multicast memberships were failing, since the vmac
	  interfaces had already been deleted. This patch keeps the vmac
	  interfaces until after the IP_DROP_MEMBERSHIP ioctls. Separating
	  the sending of the VRRP priority 0 messages from the shutdown
	  of the vrrp instances is necessary since vrrp_dispatcher_release
	  closes the sockets that are needed for sending the messages.
	* vrrp: Don't open vrrp_send_socket if address family is wrong.
	  open_vrrp_send_socket was opening a socket, and then checking that
	  the address family was valid. Checking that the address family is
	  valid at the beginning of the function streamlines the code.
	* vrrp: Stop m'cast packets being queued (and not received) on send socket.
	  If there are other vrrp instances on the same network, their
	  multicast packets are queued to our vrrp send socket, but since we
	  don't receive on that socket, the messages just get queued in the
	  kernel (run netstat -anp | grep keepalived to see the queued
	  packets increasing).
	  This patch clears the IP_MULTICAST_ALL option, to stop these
	  packets being queued.
	* vrrp: Fix typos in log messages.
	* vrrp: Fix RFC reference.
	* vrrp: Fix vrrp parser error message.
	* vrrp: Add interface index to vrrp dump data.
	* vrrp: Don't specify source address in IP_ADD_MEMBERSHIP ioctl.
	  If ifindex is specified, any source address given is ignored.
	* vrrp: If fail to remove vmac i/f, don't report success after fail message.
	* Help vim's formatting to work in configure.in.
	  The single "'" in a comment confuses vim, and the screen formatting
	  gets confused. Adding a second "'" in a C comment sorts vim out.
	* vrrp: Don't explicitly drop IGMP membership before interface deletion.
	  The kernel will send IGMP leave group messages when an interface
	  is deleted, so there is no need for us to do so. Experimentation
	  has shown that explicity doing IGMP_DROP_MEMBERSHIP doesn't make
	  it any more likely the IGMP leave group messages will be sent.
	  Adding the 1 second sleep significantly increases the likelihood
	  of the IGMP messages being sent, but is doesn't guarantee it.
	  Extending the sleep time doesn't improve the chances.
	* Fix compiler warnings.
	* vrrp: Add info to set a default gateway into man and sample.
	* vrrp: Don't report error on interface creation/deletion.
	  netlink_reflect_filter was returning an error if it didn't already
	  know about an interface that has just been created. If we don't
	  know about the interface, simply ignore it. Likewise on interface
	  deletion, if we don't know about the interface, ignore it.
	* vrrp: Ensure the first interface's parameters are set when using libnl3.
	  Patch 60217b63242bee37b1c97a04644be6eb5e18b4c4 sets the interface
	  parameters for each interface, but when using libnl3 there was a
	  conflict with libnl, causing the parameters not to be set for the
	  first interface. This patch makes vrrp_netlink.c use libnl3 if it
	  is available, to avoid the conflict.
	* vrrp: Fix interface parameter setting with libnl3 and error message on
	  interface creation/deletion
	* vrrp: Allow gratuitious ARP parameters to be configured globally.
	  It is likely that the gratuitions ARP parameters will want to be
	  the same for all interfaces, so allow the defaults to be set
	  globally. Also allow vrrp_garp_delay to be set to 0 to indicate not to
	  send further garp messages after a delay (to emulate how the
	  kernel sends gratuitous ARPs).
	* ipvs: Remove nat_mask configuration parameter.
	  nat_mask was only valid with 2.2 kernel, and the implementation of
	  it was removed in patch d51194f... but some of the configuration
	  code remained. This patch removes all remaining code relating to
	  nat_mask.
	* Update man pages. keepalived.conf.5 is updated to include all
	  configuration parameters, and keepalived.8 is updated to document the
	  signals that can be used with keepalived.
	* Remove remaining 2.2 kernel code.
	* vrrp: Allow specification of default VRRP version to use.
	  Rather than have to specify using VRRP version 3 on each VRRP
	  instance, allow global configuration to set the default version.
	* vrrp: Remove use of deprecated nl_join_groups().
	  The use of nl_join_groups was introduced in commit 84cf733.. in
	  order to resolve quickly a problem introduced in an earlier patch.
	  This patch follows the approach adopted by libnl3, which uses a
	  list of groups, rather than a bitmap which is limited to 32 groups.
	* Documentation updates, removal of redundant code, global config.
	* vrrp: set router flag in neighbour advertisements.
	  This is necessary in order to prevent the IPv6 stack on a node that
	  receives the unsolicited and overriding neighbour advertisement for the
	  VIP (that gets sent automatically when Keepalived transitions to MASTER
	  state) from immediately removing the VIP from its list of default
	  routers. See https://bugs.launchpad.net/bugs/1520517 for an example of
	  the problems this can cause.
	  Note that the approach in this patch simply unconditionally sets the
	  router flag. That is better than having it unconditionally unset (VRRP
	  stands for Virtual *Router* Redundancy Protocol, after all), but it
	  might not be appropriate whenever VRRP is used to fail over addresses
	  that are used for other tasks than being routers. Thus it might be
	  better to read in the interface's "forwarding" sysctl and set the router
	  flag accordingly, or making the value of the router flag configurable in
	  keepalived.conf.
	* vrrp: Dynamic addition of interfaces from netlink msg.
	  When a tracked interface is deleted then recreated with the same config
	  VRRP groups tracking this interface will remain down. This is due to
	  tracking of stale information.
	  This patch listens for netlink messages for the creation of interfaces
	  and does one of two things.
	  i) If the interface doesn't exist in the vrrp interface list a new
	  interface structure is created and the information from the message is
	  used to fill the structure. This new interface is then added to the
	  interface queue.
	  ii) If the interface already exists in the queue we zero it and then
	  use the information in the message to fill the structure.
	* branch to fix empty RS list issue.
	* a fix for services with no RS.
	* check: segfault when there is no real server for a virtual server.
	* vrrp: Stop memory leak rename function for convention.
	  Renamed netlink_populate_intf_struct to netlink_if_link_populate to fit
	  with file naming scheme.
	  It was possible that a created ifp structure would not be cleaned up if
	  netlink_if_link_populate returned a -1, fixed this so the structure is
	  FREEd.
	* Make parent process handle and propagate USR1/2 signals.
	  In order to be able to automate writing configuration and/or stats
	  the signals USR1 and USR2 need to be able to be sent to the parent
	  process since its pid can be read from /var/run/keepalived.pid.
	  The parent then needs to propagate these signals to a vrrp child.
	* Ignore all signals except those explicitly wanted.
	  In order to harden keepalived against a user accidentally sending
	  a wrong signal to keepalived, set all signals other than those we
	  want actioned to be ignored.
	* Remove potential race condition when setting signal handlers.
	  There was the potential for signal_run_callback to be invoked
	  after calling sigaction for a signal, prior to the internal signal
	  handler signal_SIG***_handler and signal_SIG***_v variables being
	  set up. To remove the race condition, when setting a signal handler
	  block the signal until the internal handlers have been fully set up.
	* Make signal_ignore mean ignore.
	  signal_ignore was setting a signal handler for the signal, but
	  then itaking no action when the signal was received. This is now
	  changed so the signal is actually set to be ignored.
	* Streamline signal handling code.
	  There was some duplication of the code for signal handling, and
	  this slight restructuring avoids the duplication and makes it
	  simpler.
	* vrrp: Invoke notify scripts with the default signal disposition.
	  It is reasonable for notify scripts to expect to be invoked with
	  the standard signal disposition, so when first setting up signal
	  dispositions, remember the original state so it can be restored
	  before the notify scripts are exec'd.
	* Return address of previous signal handler according to SA_SIGINFO.
	  The man page for sigaction(2) states that SA_SIGINFO is only
	  meaningful when establishing a signal handler. This appears not
	  to be the case, since the flag will be set in the oldact structure
	  on return from sigaction if the previous signal handler was
	  established using the SA_SIGINFO flag.
	* Invoke all scripts with the default signal disposition.
	  Just as the change for notify scripts, it should apply to other
	  scripts as well.
	* vrrp: Don't wait on script process being killed after timeout.
	  The child_timout_thread functions send a SIGKILL to a child
	  process that has timed out and didn't die quickly enough
	  after sending a SIGTERM. They then wait on the process dying.
	  The main problem is that if the waitpid is successful here, then
	  waitpid in thread_child_handler will never be successful for the
	  same pid, and so the entry on the child list will never be removed
	  and the parent thread will not be marked as ready.
	  There is also a theoretical possibility that the child process is
	  unkillable, and so the waitpid would hang forever.
	* Set thread conditions before adding to list.
	  It seems safer to set the status and type of a thread before
	  adding it to the ready list.
	* Remove some code duplication re running scripts.
	  misc_check_thread and vrrp_script_thread were virtually identical
	  so move duplicate code into new function system_call_script in
	  notify.c.
	* Fix formating of man page.
	* Set standard signal disposition before invoking ip(6)tables.
	  Call signal_handler_notify before running iptables/ip6tables.
	  Since it is now called for more than notify scripts, rename
	  signal_handler_notify to signal_handler_script
	* Move common code for opening fd 0/1/2 into a function.
	  The code for setting fd 0/1/2 to /dev/null before running a script
	  was in several places. All the common code is moved into a function
	  and the function called from the relevant places.
	  It is only necessary to reopen fd 0/1/2 if keepalived is running
	  with the --dont-fork option, since without that option the fds are
	  already open on /dev/null.
	* Optimise closure of fds before invoking scripts.
	  Every time before a script was invoked, closeall() was called,
	  which would spin through 1024 file descriptors closing them, even
	  though the vast majority were not open, resulting in 1024 system
	  calls. To avoid that, open all sockets and file descriptors
	  (except fd 0/1/2) with the CLOEXEC flag set, so that the fds will
	  be closed by the kernel when the script is exec'd.
	* Simplify some IPv4/IPv6 code.
	  Code blocks were (unnecessarily) repeated in functions which
	  handled both IPv4 and IPv6 situations.
	* Fix reloading and invoking notify scripts.
	* Update vrrp_scheduler.c.
	* Converted pdf user guide to RST with Sphinx.
	* Added check for libnfnetlink header during the configure step.
	* In free_list_elements invoke the free function if it exists.
	* Use of LIST_ISEMPTY to check list exists causes memory leak.
	* Stop parse_ipaddress FREEing via pointer passed to it.
	  parse_ipaddress FREE'd new following an error, but new could be an
	  address passed to the function, and therefore might not be MALLOC'd
	  memory.  This commit makes the caller of parse_ipaddress free the
	  memory if there is an error and the calling function MALLOC'd the
	  memory.
	* vrrp: Add vrrp_iptables global configuration option.
	  The iptables/ip6tables entries were always added at the end of the
	  INPUT chain, but for many configurations this is too late in the
	  processing. This patch allows the chain name to which rules are
	  added to be specified, and also allows the option of specifying
	  no rules are to be added.
	  If a chain name is specifed, it is necessary for that chain to
	  already exist in the iptables and/or ip6tables config, and for
	  that chain to be called from an appropriate point in the
	  ip(6)tables configuration.
	* vrrp: Add option to block outbound traffic from VIPs.
	  Unwanted traffic to VIPs is discarded by ip(6)tables. This adds
	  an option to also block outgoing traffic from VIPs.
	* vrrp: Add iptables blocks for E-VIPs just like VIPs.
	* vrrp: Allow unicast IPv6 Neighbour Solicits to be received.
	  An ip6tables rule is added to allow IPv6 NAs to be received, but
	  we also need to be able to receive NSs to respond to neighbours
	  attempting to verify our reachability.
	* vrrp: Use correct MAC address for IPv6 VRRP packets.
	  The IPv6 VRRP packets were using the MAC address of the underlying
	  interface, rather than the MAC address of the vmac. This commit sets
	  the correct MAC address for IPv6, and also adds the link-local address
	  of the underlying interface to the vmac interface, so that VRRP
	  packets can be sent from the vmac interface, thereby using the VRRP
	  MAC address.
	* vrrp: Disable IPv6 on IPv4 VRRP VMAC interfaces.
	  If IPv6 is not disabled on VMAC interfaces, an IPv6 link local
	  address is generated based on the virtual MAC address. This is not
	  only contrary to RFC 5798 para 7.4, but also causes duplicate
	  address detection failure. The address also just isn't needed!
	* vrrp: Fix setting nlmsg_len for netlink messages.
	  For netlink messages, nlmsg_len must always be set to an aligned
	  length. Prior to this commit, nlmsg_len was only being aligned when
	  a subsequent attribute was added to the list. This was fine if the
	  length of the last attribute added was an aligned length (which had
	  always the case), but didn't work if the last attribute added didn't
	  have an aligned length.
	  This patch is needed in preparation for adding an attribute which
	  doesn't have an aligned length.
	* vrrp: Stop having an IPv6 link-local address added based on VMAC mac
	  address.
	  IPv6 link-local addresses that were based on the virtual MAC address of
	  the VMAC interface were being added. RFC5798 para 7.4 states that this
	  is not permitted. It also causes duplicate address detection failure,
	  since each instance of the virtual router was configuring the same
	  IPv6 address on the same subnet.
	  This commit stops the offending link-local address being addied (or removes
	  it if it can't stop it being added), and since VRRP advertisements must
	  be sent with the virtual MAC address, but a link-local address for the
	  interface, if a link-local address from the underlying interface exists,
	  it is added to the VMAC interface, otherwise the MAC address of the
	  underlying interface is used to generate a link-local address, which is
	  then added.
	  It wasn't until Linux 3.17 that the IFLA_INET6_ADDR_GEN_MODE netlink
	  message was added, via which one can stop a link-local address being
	  automatically configured. Therefore, if IFLA_INET6_ADDR_GEN_MODE is not
	  supported, the only way to ensure that the problematic link-local
	  address is not added is to remove it after the interface is brought up.
	  This is not ideal, since there is a small window when the "illegal",
	  and possibly duplicate, link-local address exists, but I haven't
	  found any other way of doing it for pre 3.17 kernels.
	* vrrp: Stop sending unnecessary attributes in netlink messages.
	  When an IPv6 virtual address was deleted, it was being reported
	  in the log file that preferred lifetime was being set to 0, which
	  is only relevant when the address is being added. This commit stops
	  adding the IFA_CACHEINFO attribute when deleting addresses, and
	  also stops adding other unnecessary attributes.
	* vrrp: Allocate an IPv6 link local address to VMAC if none on real
	  interface.
	  The physical interface than a VMAC is configured on may not have an
	  IPv6 link local address, but we can construct one for the VMAC using
	  the MAC interface of the underlying interface.
	* vrrp: Remove code allowing mixed IPv4/IPv6 addresses.
	  If addresses of both types were configured, the receiving end would
	  reject the packet since the count of addresses received would have been
	  wrong since only addresses of one family can be sent, see vrrp_in_chk:
	  if (hd->naddr != LIST_SIZE(vrrp->vip))
	  Since we don't want to send the addresses of the wrong family, add them
	  to the virtual_ipaddress_excluded block rather than the virtual_ipaddress
	  block.
	* vrrp: Only set router flag in Neighbour Advertisements if forwarding.
	* vrrp: Enforce maximum number of vips per virtual router.
	  If there were more than one virtual_address blocks in a
	  virtual_router block, one could add as many virtual addresses as
	  one wanted, since it didn't check the number already read.
	* vrrp: Don't ignore excess virtual_address entries.
	  If there are too many virtual_address entries, add them to the
	  excluded block, but still give a warning message.
	* vrrp: Verify VRRP configuration after all configuration read.
	  There was a lot of duplicated checking in vrrp_parser.c to ensure that
	  configured parameters were consistent, and also a requirement to configure
	  certain parameters before others. This checking was incomplete, and also
	  becoming more and more complex as more configuration options were added.
	  This commit delays a large part of the checking until after all the
	  configuration has been read. This removes the need for options to be
	  specified in a certain order and also for checking in multiple places
	  whether certain combinations are valid.
	  As a consequence of the delay in checking the configuration, the creation
	  of the VMAC interfaces is delayed until after the checking.
	* vrrp: Accept is only valid for VRRPv3
	* vrrp: Verify priority and init_state consistent.
	* vrrp: Verify password specified for authentication.
	* vrrp: Verify have an ip address for interface.
	* vrrp: xmit_base is only valid on a VMAC.
	* vrrp: Ensure at least one VIP is configured on a VRRP instance.
	  This commit requires at least one VIP to be configured on a
	  vrrp_instance.  Although the code looked as though it was designed to
	  allow 0 VIPs, not only was that a protocol violation, but also keepalived
	  rejected any VRRPv3 packets received without any VIPs, and also any VRRPv2
	  with IPv6  due to the check in vrrp_in_chk() in vrrp.c.
	* vrrp: Generate unique default VMAC interface names.
	  Since the virtual router ID can be duplicated both between IPv4 and IPv6,
	  and also between different interfaces, the approach of setting a default
	  interface name as vrrp.VRID could produce duplicate names.
	  This commit now attempts to use vrrp.VRID, but if that already exists,
	  then it will try vrrpN.VRID, where N starts from 1 and increases until an
	  unused name is found (for IPv6 it tries vrrp6.VRID before vrrp1.VRID).
	* vrrp: Ensure necessary uniqueness of VRIDs.
	  VRIDs must be unique for a given address family and interface.
	  This commit ensures that there is no duplication of VRID/address family
	  on any interface.
	* vrrp: Don't assign VIPs/eVIPs to the default interface.
	  alloc_ipaddress was always setting the interface to DLFT_INT (eth0) if no
	  dev DEVNAME was specified to a VIP/eVIP/static address. This is fine for a
	  static address, but doesn't make sense for a VIP or eVIP, since they should
	  be assigned to the vrrp_instance interface, unless explicitly configured
	  otherwise.
	  In fact, it probably doesn't make sense to specify dev DEVNAME for a
	  VIP/eVIP, since the addresses must be assigned to the vrrp_instance
	  interface.
	* If a configuration error occurs between {}, skip to end.
	  If a configuration error occurred in a block, the parser could get confused.
	  This commit makes the parser ignore ignore all further entries until the end
	  of the block.
	* Don't allow specification of default as an address where inappropriate.
	  The function parse_ipaddress would allow default or default6 to be
	  specified for any address it parsed, but it doesn't makes sense in a
	  lot of cases, so add a parameter to indicate if default is valid.
	* Improve checking of configured advertisement timer.
	* vrrp: Make sure that a VRRP instance has a name and is unique.
	  It was possible to specify a vrrp_instance without a name. It was also
	  possible to specify the same vrrp instance name twice.
	* Extra validation for reading ip addresses.
	* vrrp: Ensure a sync group has a name and hasn't already been specified.
	* vrrp: VRRP authentication is dependent on VRRPv2 not IPv4.
	  The check for whether authentication is not dependant on IPv4, but rather
	  VRRPv2. This check will be conducted following reading the whole configuration.
	* vrrp: Log error if unknown authentication type.
	* Check for, and handle, '{' at beginning of a block.
	  There was no check for a '{' at the beginning of a configuration block.
	  This commit is the start of that check, allowing it either at the end
	  of the line with the keyword, or on a line of its own.
	  Also, in respect of group and notification_email, for all other configuration
	  items, the '{' could follow on a line of its own, but for configuration
	  items using read_value_block the '{' on a line following the keyword
	  was read as a configuration entry.
	* Check for, and report, unknown keywords.
	  A misspelt keyword would have been silently ignored, potentially causing
	  the user difficulty in understanding why his configuration wasn't working.
	* If an address fails to parse, ensure don't return an apparent address.
	  When reading an address, the address family was set early on, and a
	  subsequent failure to parse the address left the address family configured,
	  thereby making it appear that a valid address had been read. Simply set the
	  address family to AF_UNSPEC on a failure.
	* Ensure an address option has a value.
	  There was no check that the parameter was present after a keyword, so for
	  example : 1.2.3.4 dev
	  would not have generated an error message, and alloc_ipaddress would have
	  attempted to read a word after dev, which would either cause a dore dump
	  or possibly return a parameter from a previous configuration line.
	  This type of checking probably needs to be added elsewhere too.
	* Add validation of address scope.
	* vrrp: Don't allow group block more than once in a sync group.
	  If a second group is configured, the first group is lost, and its
	  malloc'd memory is also lost.
	* vrrp: Make sure sync groups have at least two members.
	  If a sync group was configured with no group {} statement, or if
	  the group statement had no entries, then keepalived would core dump.
	  This commit rejects groups with 0 members, and also with 1 member,
	  since it isn't a group. It also checks that a virtual_instance isn't
	  configured in more than one sync group, and also that the group
	  members specified exist.
	* The address must be the first record in an address configuration item.
	  When an address is configured, it must be the first entry on the line.
	  This allows options specified afterwards to know the address family,
	  and also when reporting errors to include the address.
	* vrrp: Log error if IPv6 and first address is not link local.
	  RFC5798 section 5.2.9 requires that if the protocol is IPv6, then
	  the first address must be the link local address of the virtual
	  router.
	* vrrp: Ensure that the full VRRP packet has been received in the buffer.
	  Although afer receiving a VRRP packet, it checked that the length
	  specified in the IP header was long enough to contain all the VRRP data,
	  it didn't check that the data actually received was sufficiently long,
	  so this check is added.
	* vrrp: Stop VIPs in same CIDR being deleted, but only when using vmac
	  so far.
	  If an interface has more than one IP address in the same CIDR, when
	  the "primary" address is deleted, all the secondary addresses are
	  also deleted, unless /proc/sys/net/ipv4/conf/IFACE/promote_secondaries
	  is 1. This commit sets the promote_secondaries flag on vmacs.
	* vrrp:  Make from and to for VRRP iprules use a define.
	  "From" and "To" were being stored as words rather than converted to
	  defined value. This made storage requirements larger and processing
	  them more time consuming.
	* Don't report configuration bytes used if not _DEBUG_.
	  If _DEBUG_ is not defined, malloc was increasing the count of memory
	  allocated when called, but free wasn't reducing the count, and so the
	  figure reported was meaningless.
	  This commit completely disables the memory allocated counting and
	  reporting if _DEBUG_ is not defined.
	* vrrp: Use defines for address scopes.
	  Rather than hard coded values for address scopes, use RT_SCOPE_*
	* Force order of multiplication and division to avoid underflow.
	* Clear list pointer after freeing list.
	* Fix handling of active in vectors. active wasn't being consistently
	  updated or reported for vectors.
	* Make functions always returning 0 void.
	  Three functions in utils.c always returned 0, and the calling
	  functions weren't checking the return code, since it was pointless,
	  so the functions have been changed to be of type void.
	* Use struct in_addr rather than uint32_t for IPv4 address.
	* vrrp: Disable all VMAC configuration code if don't have VMACs.
	* Allow multiple spaces in quoted strings.
	  The handling of quoted strings saved each word separated between
	  tokens of '"'. This meant reconstructing a quoted string lost multiple
	  spaces and was hard work.
	  Quoted strings are now saved as the whole quoted string, without the
	  quotes, so retrieval is much simpler. This also allows further keywords
	  to follow the quoted string, if desired.
	* vrrp: Remove string length dependencies in vrrp_print.
	* vrrp: Stop using deprecated bcopy.
	* vrrp: Add vrrp_instance name to some log messages.
	* Optimise returning from list_element() when end of list reached.
	* Make free_melement a static function.
	* Use INET6_ADDRSTRLEN rather than hardcoded length.
	* Don't format log message if not going to log it.
	* vrrp: Add option to reduce vrrp advert address checking.
	  By default, every received VRRP advertisement checks the advertised
	  addresses are the same as the configured addresses, which is o(n^2).
	  This change adds the option to check the first packet received from
	  a master, but not to check the VIP list in subsequent adverts from
	  the same master.
	* vrrp: Ensure vrrp_buffer large enough for largest possible received
	  packet.
	  The allocated receive buffer had size VRRP_PACKET_TEMP_LEN, which
	  suggests that it wasn't intended as the final solution.
	  Instead of using a fixed buffer size, the maximum MTU across all the
	  interfaces is calculated, and the size of the vrrp_buffer allocated
	  is the maximum MTU size. This guarantees that any VRRP packet received
	  will fit in the buffer.
	* vrrp: Improved received VRRP packet checking.
	  First check the protocol headers have been received, then before
	  checking the overall length of the received data, check the data in
	  the protocol headers, since this will allow more meaningful errors
	  to be reported. For example if there was a mismatch between VRRP
	  versions with IPv4, a length error was being reported, rather than
	  the version mismatch.
	  All the error messages in VRRP packet checking now include VRRP
	  instance name, to help tracking down where the error lies.
	* vrrp: Remove fixed limit number of VIPs in a VRRP advert.
	  There was an arbirtary limit of VRRP_MAX_VIP (20) VIPs for sending
	  a VRRP advert. Now that the vrrp_buffer is sized to be able to
	  receive any packet up to the largest MTU size, we can dynamically
	  allow as many VIPs as will fit in a packet (which varies depending
	  on IPv4 or IPv6).
	  There is also an overhead checking the received addresses in an
	  advert against the VIPs configure on the instance, but this can now
	  be mitigated by setting skip_chk_adv_addr on the VRRP instance.
	* vrrp: Fix printing of vrrp tracking scripts.
	* vrrp: Print Last transition time in human readable form.
	* Disable assert statements unless _DEBUG_ is defined.
	* Streamline free_list_element
	* Remove duplication of code between free_list and free_list_elements.
	* vrrp: Add vrrp strict mode, enforcing VRRP compliance.
	  The commit doesn't yet implement strict mode, but it will block
	  0 VIPs, unicast peers, IPV6 in VRRPv2.
	* vrrp: Add some strict tests.
	  In strict mode, the following are enforced:
	    IPv6 required VRRPv3
	    There must be at least one VIP per VR instance
	    No unicast peers
	    Must be address owner to start in MASTER mode
	* vrrp: Don't allow AH authentication with IPv6 and VRRPv2.
	  Of course, the RFCs don't allow IPv6 in VRRPv2, but it is an
	  extension supported by keepalived.
	* vrrp: Some minor ipsecah updates.
	* vrrp: Clearly identify that VRRP has subblocks of VRRP scripts.
	  The keepalived.conf.5 man page wasn't explicit that there are VRRP script
	  subblocks as part of the VRRP configuration, and this is now explicit.
	* Trivial edits to man page keepalived.conf(5).
	* man page remove static_rules configuration from vrrp_instance.
	  keepalived.conf.5 man page had an entry for static_rules within the
	  vrrp_instance blocks, and this is clearly wrong.
	* vrrp: Fix typo in error message when sending VRRP advert.
	* vrrp: Add option not to include vrrp authentication code.
	  RFC3768 updated VRRPv2 to remove authentication in 2004. This commit
	  adds a configure time option to exclude authentication code.
	* vrrp: When adding ip(6)tables entries, only specify i/f for link_local
	  addresses.
	  Packets to/from global address could arrive or be sent on any interface,
	  so don't specify the interface for blocking the packets. For link local
	  addresses, the block must relate to the specific interface.
	* vrrp: Add ability to use libiptc rather than invoking ip(6)tables.
	  Invoking ip(6)tables has a high overhead, since the process has to be
	  forked and exec'd, and then it has to read the whole ip(6)tables
	  filter chain before it makes a single update and commits it back.
	  Using libiptc avoids the overhead of multiple forks/execs, and also
	  means that multiple entries can be added/deleted to/from the ip(6)tables
	  configuration in a single update.
	* vrrp: Add option to use ipsets instead of iptables to block addresses.
	  Instead of having lists of addresses in iptables, it is much more
	  efficient to use ipsets to handle those addresses, since that is
	  what it is designed for.
	* Use /proc/sys/kernel/modprobe to find modprobe.
	* Reinstate SIGCHLD before forking to exec modprobe for ip_vs.
	  The fork of modprobe to load ip_vs would have reported a failure
	  even though it would have succeeded.
	* Reinstate SIGCHLD before forking to exec modprobe for ip_vs.
	  The fork of modprobe to load ip_vs would have reported a failure
	  even though it would have succeeded.
	* Fix forking/execing re closing signal pipe.
	  When calling scripts, we don't want to give them access to the signal
	  pipe used between the parent process and the vrrp process.
	* vrrp: Fix compile error when net/if.h and netlink/route/link.h conflict.
	  Some versions of libnl3 netlink/route/link.h conflict with some
	  versions of kernel header file net/if.h. This commit has a
	  workaround for when there is a conflict.
	* vrrp: Fix compile failure with old kernels and libnl3.
	  Issue #215 identified a compile error with pre 3.13 kernels when
	  libnl3 was installed. This commit adds a test for that situation
	  and avoids using rtnl_link_inet_[sg]et_conf.
	  I haven't been able to test this on a re 3.13 kernel, but I have
	  simulated the scenario and it compiles as expected.
	* vrrp: Fix compilation when ipsets not installed.
	* vrrp: Fix build breakage when not using libiptc.
	* vrrp: Fix VRRP respawning when no VIPs specified.
	  Commit b46dec58fa failed to check the the VIP list existed before
	  checking how many entries were in the list.
	  This commit also defaults the address family to IPv4 if no VIPs are
	  specified.
	* vrrp: Make dependency on libnfnetlink/libnfnetlink.h conditional.
	* Streamline handling of daemon mode flags.
	* Improve handling of not being able to read a pid file.
	  If a pid file was opened, but for some reason a pid could not
	  successfully be read, the pid used to check if a process was
	  running was random.
	* Remove unused pid filename definitions.
	* Change outstanding debug flag tests to use bitops helpers.
	* Allow for different sizes of long ints in bitops.
	* vrrp: Ensure conversions of vrrp->adver_int etc don't overflow.
	* Use bitops with daemon_mode.
	* vrrp: Fix ip_rule direction for SNMP.
	  Commit 2da11f99 introduced defines for ip_rule directions rather
	  than using strings, but the commit omitted to update the snmp code
	  when processing the directions.
	* add a line about the 'include' keyword in keepalived.conf(5).
	* fix HTTP_GET config dump. The config dumper routine
	  dump_http_get_check was always printing the last configured checker's
	  connection info.
	* dump_conn_opts: prototype change.
	  pass the conn_opts_t pointer as a void* parameter to make the
	  function prototype a valid dump callbac This makes smtp_dump_host()
	  function needless, it is removed.
	* fix build issues on older systems.
	  Try to avoid the build error on systems which lack of
	  O_CLOEXEC and IP_MULTICAST_ALL defines (such as Ubuntu lucid and
	  Debian squeeze).
	* Fix compilation with --disable-vrrp-auth
	* vrrp: Remove state VRRP_STATE_LEAVE_MASTER since it isn't used.
	* vrrp: Fix VRRPv2 authentication issues.
	* Don't redefine _GNU_SOURCE.
	* vrrp: Exclude function vrrp_ah_sync when --disable_vrrp_auth.
	* Fix some conditional compilation errors.
	* Streamline getopt_long options.
	* Remove '\n's from log messages.
	* Ensure standard configure generated defines are used.
	  The defines used in the compiles in the various subdirectories were
	  specified in each Makefile.in which could lead to inconsistencies.
	  This commit defines APP_DEFS in configure.in, which is then used
	  in each Makefile.in.
	* Dump keywords to file rather than stdout.
	* Add copyright message and build options to version output.
	  This commit also ensures that the end year of the copyright date
	  range is the current year when keepalived was built.
	* Stop erroneously logging error message for unknown keywords.
	  When vrrp_parser parsed the configuration file, it didn't know
	  about the checker keywords, and vice versa, and so reported errors.
	  This commits makes the other keywords known but marked as inactive.
	* vrrp: Fix SNMP trap NewMaster.
	  The trap must only be triggered for IPv4, since RFC2787 doesn't
	  understand IPv6. Also, RFC2787 only supports VRRPv2 instances,
	  so don't raise the trap for VRRPv3 instances.
	  The IP address returned must be the actual IPv4 address, and not
	  the ip_address_t that holds the address.
	* vrrp: Use underlying interface for ifindex in NewMaster traps for vmacs.
	  If the VMAC ifindex is returned, then there is no indication that
	  multiple VRRP instances are operating on the same physical interface,
	  so return the ifindex of the underlying interface. This will also
	  mean that the same ifindex should be maintained between different
	  invocations of keepalived.
	* vrrp: Move SNMP private defines into vrrp_snmp.c/check_snmp.c.
	  The defines for the net-snmp "magic" were in the header files
	  which were included by other modules. The defines are private to
	  the c source file, so move the defines into them, to avoid polution
	  compilation units which included vrrp_snmp.h/check_snmp.h.
	*  Use definition for 1.3.6.1.2.1.
	* vrrp: Start SNMP after reading configuration.
	  If SNMP is started before the configuration is read, a meaningless
	  response will be returned to net-snmp, so don't start the snmp agent
	  until after all the config has been read.
	* vrrp: Fix setting SNMPv2-MIB::sysORID entries in ORTable.
	  The length of the OID passed to register_sysORTable was wrong.
	* vrrp: Allow SNMP agent to unregister cleanly with more than one MIB.
	  Separate snmp_unregister_mib() out from snmp_agent_close() to allow
	  multiple MIBs to be unregistered before the snmp agent is closed.
	* vrrp: Don't register the global_oid with SNMP twice.
	  If SNMP is enabled, both the checker process and the vrrp process
	  were registering the global_oid. This commit makes the checker
	  process register it if it is running, otherwise the vrrp
	  thread registers it.
	* vrrp: Add read-only support for RFC2787 SNMP (VRRPv2).
	* vrrp: Allow any combination of keepalived and RFC SNMP support.
	* Allow enabling snmp via config file.
	* ipvs: sctp ad persistent engine support.
	* Fix building with --disable-lvs
	* Stop autoconf complaining.
	* vrrp: Use defined value for maximum VRRP priority.
	* vrrp: Simplify scheduler code vrrp_leave_fault().
	  Two pairs of code blocks were repeated, and each pair could be
	  reduced to occuring only once if the conditions were merged.
	* vrrp: If VRRP priority is 255 and not nopreempt, configure like state
	  MASTER.
	* vrrp: Ensure number of VIPs doesn't exceed 255 per instance.
	* vrrp: Don't check second time if IFLA_IFNAME is NULL.
	* Dump interface details with rest of config.
	* vrrp: When becoming master, block addresses before adding them.
	  If not accept mode, entries are added to iptables/ipsets to block
	  traffic to the VIPs/eVIPS. These entries should be added BEFORE the
	  addresses themselves are added, to ensure there isn't a (small)
	  window when we might reply from the added addresses.
	* vrrp: Document virtual_rules.
	* Fix memory leak re some uses of ipaddresstos().
	* Fix parsing ipset names.
	* vrrp: Improve and fix finding vmacs left over from previous invocation.
	  When netlink reports a new or existing interface, we can extract
	  information that allows us to determine if the interface is a macvlan,
	  and the type (e.g. private). We can then save that in the interface_t
	  structure, setting the vlan flag, and base ifindex.
	  When working out the interface name to use for VMAC instances, we can
	  then check the interfaces which are macvlans to see if any of them
	  match the vrrp instance in terms of mac address, underlying interface
	  and inet address family, and if so we can then reuse the macvlan interface.
	  Commit 9ae463e7f broke the finding of existing interfaces where the
	  configuration didn't specify the VMAC interface name, and simply created
	  a new interface. This commits now resolves that.
	  There is still an issue that if an interface was in MASTER mode when
	  keepalived terminated, when keepalived restarts it leaves the VIPs and
	  eVIPS on the interfaces, meaning that keepalived cannot receive VRRP
	  packets on the interface from the VRRP instance that has taken over, and
	  it also means that there are duplicate IP addresses on the network.
	  Another commit will resolve this issue.
	* vrrp: Remove ip addresses left over from previous failure.
	  If keepalived terminates unexpectedly, for any instances for which
	  it was master, it leaves ip addresses configured on the interfaces.
	  When keepalived restarts, if it starts in backup mode, the addresses
	  must be removed. In addition, any iptables/ipsets entries added for
	  !accept_mode must also be removed, in order to avoid multiple entries
	  being created in iptables.
	  This commit removes any addresses and iptables/ipsets configuration
	  for any interfaces that exist when iptables starts up. If keepalived
	  shut down cleanly, that will only be for non-vmac interfaces, but if
	  it terminated unexpectedly, it can also be for any left-over vmacs.
	* Sort out extraneous space and tab characters.
	  The commit removes spaces followed by tabs, trailing spaces and tabs,
	  and replaces occurrences of 8 spaces within tabs, except where the
	  spaces and or tabs occur within strings.
	  This has the benefit that if blocks of code are copied, git does not
	  complain when running git am on a file produced by git format-patch.
	* vrrp: Simplify RFC SNMP code.
	  The code was checking VRRP version unnecessarily, and also had code
	  to return an index element which is not necessary.
	* vrrp: Don't send traps for SNMP MIBS which are not enabled.
	* vrrp: Don't register SNMP global OID if not handling it.
	  If neither the checker nor the vrrp components of KEEPALIVED-MIB
	  are enabled, don't register the global OID.
	* Parameters passed to traps don't need to be static.
	* Fix --without-lvs and --without-vrrp configure options.
	* Ensure general MIB is enabled if --disable-lvs configured
	* Avoid compiler warning re function definition to prototype.
	* Add RFC6527 SNMP (VRRPv3).
	  This commit adds read-only and notifiction support for SNMP for VRRPv3
	  in accordance with RFC6527.
	* vrrp: Fix MAC address for IPv4 VMACs created after IPv6 VMACs.
	* vrrp: Allow routes and rules to use tables >= 256
	* Don't recompile libipvs-2.6/*.c every build.
	* vrrp: Remove left over ip rules and routes at startup.
	* vrrp: Ensure ip routes added before rules, and vice versa.
	  If ip rules are added before routes, then it is possible for a
	  packet to be routed while the routing table is only partially
	  complete. Adding the rule after the routes ensures that the routing
	  table won't be processed until it is completely set up.
	  Likewise, when removing rules and routes, remove the rules first.
	* vrrp: Add missing reason message for rejected VRRP packet.
	  Issue #255 show a log identifying bogus VRRP received, but there
	  was no reason shown for the rejection. The only instance I can find
	  for this is if vrr->family is neither AF_INET or AF_INET6, which I
	  think must be a bug in the code parsing and setting up VRRP instances.
	  This commit just adds a log message to be explicit about why the packet
	  is rejected, and also reports the value of vrrp->family.
	* Reduce number of calls to getaddrinfo() reducing DNS lookups.
	* Report if vrrp or checker process abnormally terminates.
	* Add option to increase child process priorities and make non swappable.
	* Make vrrp_daemon.c and check_daemon.c use header file for externs.
	* Add reporting ops mode, and minor tidying up of virtual_server config.
	* vrrp: Don't overwrite real interface MAC address with VMAC MAC address.
	  When a VMAC was being created, the MAC address of the VMAC was
	  being copied to the MAC address of the underlying interface in the
	  interface_t structure.
	  The netlink reflector sets up the MAC address of the new VMAC
	  interface, so there is no need to copy a MAC address at all.
	* vrrp: Stop keepalived_vrrp terminating with SIGSEGV if lvs_syncd_if set.
	  ipvs_stop() was being called before shutdown_vrrp_instances(), and
	  so if lvs_syncd_if had been specified on a vrrp instance, keepalived
	  would subsequently terminate with a SIGSEGV in free_interface_queue().
	* Make lvs_sync_daemon global config rather than vrrp specific.
	* Stop lvs sync daemons on restart in case of prior abnormal termination.
	* Remove any residual ipvs configuration on restart.
	* vrrp: Optimise clear_diff_vrrp_*() functions.
	* Check MALLOC returned non NULL before copying to the location.
	* Allxoow specifying syncid for lvs syncd.
	* vrrp: Send second set of GARP messages afer receiving lower prio advert.
	  When a VRRP instance transitions to master state, if garp_master_delay
	  is non-zero, a second set of garp_master_repeat messages is sent after
	  garp_master_delay seconds (unless 0). However, if a lower priority advert
	  is received, keepalived didn't send a second set. This commit sends a
	  second set if a second set would have been sent after transition to master.
	* vrrp: Allow setting of graduitius ARP parameters for lower prio adv
	  separately.
	* Don't log a "keepalived stopped" message if keepalived already running.
	* vrrp: Add support for iprule and iproute table names.
	* Resolve MALLOC/FREE issues to iprule/iproute table names.
	* Make keepalived_malloc return void* to match malloc.
	* When reporting MALLOC/FREE status on exit, report max MALLOC'd memory.
	* Make libipvs use MALLOC/FREE.
	* Don't restore original signal state when reloading checker config.
	* Ensure signals USR1 and USR2 are set to ignore in checker process.
	* vrrp: Only free list of iprule table names if list assigned.
	* vrrp: Fix strict mode of vrrp instance overriding global vrrp_strict.
	* Attempt to fix build breakage introduced in commit 85f81dd.
	* Fix parsing of scope for ip addresses.
	* Free global ssl context on reload.
	* Free request_t buffer and ssl data on reload.
	* vrrp: Restore sync-state after reload.
	  Currently the sync state is rebuilt from the member states after
	  config reload. This changes now reloads the previous sync state
	  after reload, and then pushes this back to the group members. If a
	  new group member is added during the reload, then the new group
	  will accept the sync group state. If a group member is removed
	  during a reload, then a special case will be executed to force
	  the sync-group state to BACKUP. This is required so that an
	  alternative backup peer for the removed group is given an
	  opportunity to take over the gateway.

2015-07-07 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.19 released.
	* vrrp: fix checksum computation in vrrp v2 for socket family AF_INET
	  One of difference between VRRPv2 and VRRPv3 is the way checksum is
	  computed. In VRRPv2 no accumulation is specified in RFC while in VRRPv3
	  it uses regular accumulator with upper pseudo header. This fix restore
	  compliant VRRPv2 for AF_INET vrrp instance. Since IPv6 socket are using
	  IPV6_CHECKSUM option this means that checksum for VRRPv6 instance runing
	  in native_ipv6 mode are broken. But since this is a end to end sanity
	  check and both side are operating the same way this OK, no "compliant
	  with VRRPv3 RFC", but anyway using native IPv6 on VRRPv2 is not really
	  compliant too ;)
	* Some cosmetics at Makefile stuff.

2015-06-30 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.18 released.
	* some cosmetics changes (in memory and parser).
	* remove dead/not used code.
	* revert notify script brought by last release.
	* revert VRRP preemption speed up extension.
	* vrrp: ix vrrp removes incorrect IPv4 address when VIPs
	  are removed.
	* vrrp: Re-enable VRRPv2 checksum on inbound pkts.

2015-05-31 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.17 released.
	* zalloc use xalloc for consistency.
	* memory: fix wrong size calculation in zfree.
	* Fix keepalived snmp configuration.
	* Change comments to match kernel style.
	* smtp: Fix wrong algorithm in RCPT-TO building.
	* vrrp: ICMPv6 : modify the way we copy the src address into the IPv6
	  header, in order to not overwrite the header' and the 'hop limit' fields
	* vrrp: sync status flag (up/down) for _all_ VMAC interfaces.
	  When using VMAC and running multiple instances on the same interface,
	  only one of the VMAC interfaces will get its status flag synched.
	  This commit will update the status flag for _all_ VMAC interfaces attached
	  to a base interface.
	* ipvs: fix segfault crash when parsing SMTP_CHECK config
	* ipvs: SMTP_CHECK now respects configured RS port. Before that it always
	  used the default port 25.
	* ipvs: config parser: handler for the end of block. new function
	  install_sublevel_end_handler(handler).
	* ipvs: new log function vlog_message taking varg_list. log_message now
	  uses format gcc attribute, not the macro wrapper.
	* ipvs: bug: check_smtp was logging "#30" instead of RS address do not do
	  nested va_start/va_end calls in smtp_final.
	* ipvs: clarify snmp_check config syntax. Now host{} section is optional,
	  and all the standard connection options are available in the SNMP_CHECK{}
	  level, too. If one or many host section persist, those base-level options
	  are used to specify default values that can be overriden in a host section.
	* vrrp: Use literal constants for bit flags Use literal constants for bit
	  flags of the "debug" global variable Change from using numeric constants
	  to literal constants for the bit flags of the "debug" global variable.
	* vrrp: Backup obtains VIP resulting in a duplicate IP. VRRP backup obtains
	  VIP resulting in a duplicate IP situation. When a priority change to the
	  configuration of a Master router drops its priority to below that of a
	  backup router, the VIP is not released on the Master router leading to
	  a duplicate IP situation.
	* vrrp: Make preempt_delay work more than once.
	* vrrp: Changes needed to support AH auth in VMAC mode. Note according to
	  the RFC this is not a requirement, but we think that our customers will
	  expect it to work. The RFC actually discourages its use because it adds
	  little to no additional security.  We are still able to interoperate in
	  RFC mode by not enabling authentication.
	* vrrp: Check VRRP header in the IP auth header is correct. In the middle
	  of vrrp_in_chk, the existing VRRP packet parsing code does
	  "return vrrp_in_chk_ipsecah(vrrp, buffer);" if the VRRP version is two,
	  and the authentication type is IP sec authentication, to check whether
	  or not the IP sec authentication header is valid.  However the "instant"
	  returns means that is the IP sec authentication header is valid, then
	  the remaining parts of the VRRP packet (VRRP version, VRRP checksum,
	  VRID, number of VIPs, advertise-interval) are not parsed or validated.
	* vrrp: Add support for SNMP trap: vrrpTrapNewMaster.
	* vrrp: Add skeleton code for VRRP-MIB.
	* vrrp: Check existing VIF and recreate if VMACs are wrong. Although under
	  normal circumstances we will cleanup VIF interfaces when shutdown, there
	  are various scenarios were this is not the case. To make the code more
	  robust, keepalived now performs a check for matching VIF interfaces at
	  restart, and if the configuration of the VIF matches the current
	  keepalived configuration it will reuse the VIF. However, should the
	  configuration be different, keepalived will remove the existing
	  interface, and then recreate a new VIF interface with the appropriate
	  configuration. This fix resolves the continuous crash scenario that can
	  occur when keepalived fails to configure the VIF because one already
	  exists. It prevents keepalived from reusing a previous VIF interface
	  which does not completely match it configuration criteria.`
	* vrrp: fix snmp code (cosmetic)
	* vrrp: Fix the keepalived mib and agentx warnings. During Keepalived
	  startup, about twenty "duplicate registration" and a couple of "Failed
	  to connect to the agentx master agent" warning messages were issued.
	  Pairs of the "Failed to connect" warning messages were logged every two
	  minutes. The "duplicate registration" warnings happened because VRRP
	  called snmp_agent_init twice, once for the keepalived-vrrp MIB, and once
	  for the rfc2787-vrrp MIB, however each call to snmp_agent_init also
	  tried to register the keepalived-global MIB (which holds data like
	  Keepalived version number, SMTP server details, and a "from" email
	  address).  It was the second attempt to register this keepalived-global
	  MIB that generated the "duplicate registration" warning. The registration
	  of the keepalived-global MIB is now only done once under the control of
	  a static variable.   init_agent is also called just once under the control
	  of the same static variable to prevent it logging a warning message. The
	  "Failed to connect" warnings occur because Keepalived does not know how
	  to connect to the SNMP AgentX master server.  By default the Agent X
	  master server is listening for MIB registrations on a local TCP socket
	  with a port number of 705.
	* vrrp: Fix VRRP preemption taking too long. VRRP preemption may not work
	  correctly due to group expiry timers being incorrectly manipulated while
	  running down the MDT. Also, preemption can be disrupted if the VRRP group
	  receives an advertisement while running down it's timer.
	* vrrp: Initial Implementation of VRRP statistics.
	  . Add VRRP counters, This is needed by the VRRP-MIB, and will provide
	    better insight into the operation of VRRP for users.
	  . Add SIGUSR1 and SIGUSR2 handlers
	    - SIGUSR1 allows users to dump current state of VRRP instacnes to
	      /tmp/keepalived.data
	    - SIGUSR2 allows users to dump VRRP counters to /tmp/keepalived.stats
	* vrrp: Copy old VRRP stats on reload.
	* vrrp: Seperate printing functions from vrrp_daemon.c. Seperate state
	  printing code from vrrp_daemon.c so that the code is better organized.
	* vrrp: Track master router priority in VRRP.
	* vrrp: Added 'Master priority' output to show vrrp detail.
	* vrrp: Enhance keepalived vrrp to configure mltp-scripts. Currently,
	  keepalived vrrp only allows to configure single notification script.
	  This is a limitation ans should be extended so that keepalived vrrp can
	  notify multiple scripts about vrrp state changes.
	* vrrp: Don't display ipsec ah password in log files. When authentication
	  type is selected as ipsec ah, password should not be displayed in the
	  log files.
	* vrrp: Fix notify upon reload. When a notify script is configured after
	  Keepalived has been started, if other notify scripts are already
	  configured, these scripts get reinvoked even if the state has not
	  changed. This occurs when in backup state. When in master state, no
	  notifications are sent out at all if a new notify script is configured.
	  For the backup case, this problem occurs when the daemon is reloaded.
	  This causes vrrp to leave the state it's currently in, go to the init
	  state and from there, go back to backup. However, this transition
	  causes the notify scripts to be invoked, causing a redundant
	  notification to be sent. For the master case, there is no call to
	  notify_instance_exec(), hence why no notifications are seen at all.
	  The solution is to add a new field to the vrrp struct that stores the
	  notify scripts that were configured before reload. A new function has
	  been added to take advantage of this new field. Instead of calling
	  notify_instance_exec() when we are in the init state, we now call
	  notify_instance_exec_init(). This is a proxy function that modifies
	  the 'script' member of a vrrp structure to point to a new list
	  containing only scripts that have not previously been configured,
	  thereby preventing the sending of notifications that have already been
	  sent. This new list is created by utilising the new vrrp struct field.
	  Inside this new function, notify_instance_exec() is called using the
	  modified VRRP instance. When this call returns, the member is reset
	  back to its original value.
	* vrrp: Keepalived extension to support VRRP version 3. Updated vrrp_header
	  and _vrrp_t struct to support version 3 params. Support to build vrrp_v3
	  packet.
	* vrrp: Keepalived extension to support VRRP version 3 (2).
	* vrrp: Keepalived extension to support VRRP version 3 (3). Timer changes
	  to support centi-sec.
	* vrrp: Keepalived extension to support accept mode for v3.
	* vrrp: Fix up limitations of keepalived VRRPv3. The current Keepalived is
	  supporting IPv6 but it is not fully functional and it is not as per
	  RFC5798.  Following are the issues identified and changes done:
	    - IPv6 address population.
	    - Correction of Checksum in case of IPv6.
	    - Getting source address from received advertisements.
	    - Populating source address in sent VRRP advertisements.
	* vrrp: Improve display output for VRRPv3.
	    - Changed data-type of mcast_saddr to sockaddr_storage to support IPv6
	      also.
	    - Added new parameters version, accept, weight updated advertisement
	      interval for operational command show output.
	* vrrp: MIB enhancements for accept-mode.
	* vrrp: Fix mismatched advertisement interval. In VRRP version 3, all
	  BACKUP routers must set their advertisement intervals to match the current
	  MASTER's. Although not explicitly stated in RCF5798, when the MASTER falls
	  over or forfeits its MASTER status, the new MASTER should not continue to
	  use the old MASTER's advertisement interval value and should instead use
	  its locally configured value. To achieve this, a new field has been added
	  to the VRRP structure that stores the most recent advertisement interval
	  of the current MASTER. We track changes to the current MASTER's interval
	  and update this new variable accordingly. The value is only updated when
	  we are in BACKUP state and reconfiguring the local advertisement interval
	  has no effect on it.
	* vrrp: snmp: don't hardcode AgentX socket location. The default location
	  should be `/var/agentx/master` (as per RFC2741 and this is also the
	  default for NetSNMP, including on Debian-based distributions). This
	  default location is set at configure-time for NetSNMP and subagent will
	  use it automatically (it is also available through `net-snmp-config.h`).
	  A useful feature would be to have a flag to change that if the user
	  change this settings in the master agent. This commit just reverts this
	  change to let SNMP subsystem work as expected for most users.
	* vrrp: snmp: restore use of net-snmp-config to build SNMP support. With
	  a lazy linker, `libnetsnmpmibs` may require some additional libraries
	  to be linked (like `libsensors`). Therefore, only rely on
	  `net-snmp-config` to get the appropriate flags.
	  Also add some additional tests:
	    - check that we can build a simple executable (NetSNMP can be quite
	      broken and in this case, the error during compilation is not crystal
	      clear, checking that in configure is more informative)
	    - check if we subagent support is compiled in (This is optional and
	      again, the error is not crystal clear during compilation).
	    - check that net-snmp/agent/util_funcs.h is present (Due to a flaw in
	      NetSNMP build process, this header was not installed for quite a long
	      time, notably on RHEL derivatives; code to handle its absence was
	      already present in Keepalived).
	* vrrp: snmp: don't enable SNMP support automatically.
	  Most users won't use it and it would fail if NetSNMP is not installed,
	  unless a user add `--disable-snmp` to configure command line.
	* build: move custom include directives (`-I`) first. Some libraries,
	  notably NetSNMP, may pollute CFLAGS by adding stuff like
	  `-I/usr/lib/x86_64-linux-gnu/perl/5.20/CORE` in CFLAGS. Instead of
	  trying to not use CFLAGS from NetSNMP at all (some of those bits are
	  important as they influence some NetSNMP headers), we ensure that the
	  bogus include flags are after our own include flags.
	* global: Set global data default values after parsing config file.
	  This patch will defer setting the global data default values until
	  after the config file has been parsed. This will potentially avoid two
	  calls to getaddrinfo. For example, if the router_id and/or email_from
	  parameters are set in the config file, there is no need to call
	  getaddrinfo twice in order to set a default value. Instead, this patch
	  will check to see if they values are unset after parsing the config
	  file. Note that email_from and smtp_connection_to are only set to a
	  default value if they are unitialized and smtp_server is specified.
	* doc: add -x/--snmp flag to keepalived manual page.
	* snmp: add -A/--snmp-agent-socket to specify AgentX socket.

2015-03-31 Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.16 released.
	* Properly close netlink channel to avoid fd leak.
	* Use getaddrinfo instead of gethostbyname to workaround
	  glibc gethostbyname function buffer overflow.
	* ipvs: log http timeout only when server goes down
	  All other calls to log_message() when a check fails are
	  performed when a server changes its state.
	  The http timeout log message is the only exception.
	* ipvs: properly fix bug when Q < H.
	  The commit a77c2c7 has not fixed the issue.
	  Log messages became accurate, but unsigned comparison
	  was still in use.
	* ipvs: HUP processing refactored.
	  copy_srv_states is removed: we can copy states with
	  existing clear_diff_*functions, as long as
	  clear_diff_services is called before the init_services.
	  vs_exist, rs_exist: remove side-effects from these functions.
	  Now they do only search and return pointers.
	  get_rs_list removed: the new rs list is now passed to
	  clear_diff_rs.
	  init_service_vs: quorum_state assignment is not needed
	  here. It is already assigned either by vs constructor, or
	  by alpha handler, or by clear_diff_services.
	* ipvs: refactoring link vsg structure to vs.
	  this adds a pointer to virtual_server_group_t into
	  the virtual_server_t structure and fills these pointers
	  after config load.
	  This change will allow to access vsg items of a vs easily,
	  without iterating and name compare.
	* ipvs: refactoring use links to vs->vsg links.
	  ipvs_cmd: removed vs_group list parameter. Link to vsg
	  is obtained via vs->vsg. These functions are also modified
	  in the same way: ipvs_group_cmd, clear_service_rs,
	  clear_service_vs, clear_diff_rs.
	  clear_diff_vsg: new_vs is passed as a param, vsg pointers
	  are retrieved w/o iterating.
	* ipvs: fix problems with config reload.
	  The commit 7bf6fc contained a bad trying to fix the issue
	  when an alive RS does not appear in a new VSG entry on reload.
	  It has not fixed the original issue and added a new one:
	  vs_groups lose quorum on config reload.
	  This commit fixes the issue properly, and also the case when
	  RS in VSG is in inhibit mode.
	  The reloaded flag is added to the virtual_server_group_entry_t.
	  ipvs_group_sync_entry: add alive destinations to the newly
	  created vsge.  It is aware of inhibit-on-failure destinations.
	  sync_service_vsg: calls the former for each created vsg entry
	  vsge_exist: changed just as other *_exist routines.
	* genhash: add support of fwmark in genhash
	* genhash: terminate thread if connect_error
	* Fixed filenames and paths so that make uninstall removes
	  initscript and man pages. Changed perms for keepalived.sysconfig
	  from 755 to 644
	* Fix a typo in dump_global-data().
	* vrrp: revert previous buggy preempt extension.
	* smtp: fix infinite loop when the smtp server unexpectedly
	  closes the connection.

2014-12-21  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.15 released.
	* vrrp: Use ancillary data on sending path for IPv6
	  mcast_src_ip. Well, previous code used bind() to specify
	  IPv6 src address. Ancillary data is a much more cleaner
	  and efficient way...
	* ipvs: Fix format of long int in log_message call.
	* ipvs: fix building with fwmark disabled.
	* vrrp: Pointer dereference before NULL check.
	* STR(SMTP_PORT) returns "SMTP_PORT", not "25".

2014-12-16  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.14 released.
	* The "Date:" mail header is now localtime.
	* bugfix: fwmark field was formatted as signed int
	* dump_conn_opts: fwmark was not displayed.
	* log_message: emit -Wformat= compiler warnings.
	  There could be (and actually are) situations when the format
	  string and the arguments list passed to the log_message() are
	  inconsistent or mistyped. The compiler did not show any warnings
	  because the vsnprintf was called indirectly.
	* Further unification of IP endpoints logging.
	  This change tries to keep usage of the standard "[%s]:%d" format
	  string to a minimum. Instead, use inet_sockaddrtopair wherever
	  possible.
	* Add SNMP subsystem option to man page.
	  The keepalived(8) man page did not mention the -x option to
	  enable the SNMP subsystem. This patch adds the -x (and --smmp)
	  options to the keepalived(8) man page, as described in the
	  keepalived help message.
	* vrrp: fix gratuitous ARP refresh timer handling.
	  Previous code was using an 'int' to store parsed timer value.
	  This value was then expanded to TIMER_HZ which can lead to a
	  wrapping issue if requested timer is longer than local machine
	  'int' representation. This patch reworked the code to use
	  timeval_t instead and perfrom regular timeval operations.
	* vrrp: Fix a memory leak while dropping incoming IPSEC-AH
	  authenticated advert. Digest was allocated in previous code
	  without freeing it on HMAC-MD5 missmatch.
	* vrrp: Extend IPSEC-AH auth to support unicast.
	  If you plane to use IPSEC-AH auth in unicast mode (which THE best
	  idea), then IP header TTL MUST be zeroed since it is mutable field
	  on transit.
	* vrrp: Update VRRP VMAC doc.
	  Add vmac_xmit_base in configuration example and force rp_filter=0
	  on macvlan interface.
	* vrrp: make gratuitous ARP repeat count configurable.
	  . garp_master_repeat : Gratuitous ARP count sent on the wire
				 after MASTER state transition.
	  . garp_master_refresh_repeat : Gratuitous ARP count sent on the
					 wire when garp_refresh_timer fir
	* vrrp: fix preempt and state BACKUP when prio 255.
	  This makes it so that keepalived will respect various settings that
	  should prevent it from assuming the MASTER role for a vrrp_instance
	  unconditionally and immediately, even if the priority of the
	  vrrp_instance in question is set to 255 (VRRP_PRIO_OWNER). These
	  settings include:
	  ---- conf ----
	  state BACKUP
	  preempt_delay <N>
	  nopreempt
	* vrrp: in backup state notify when vrrp is not up and move to FAULT
	  state.
	* ipvs: failed RS was flapping on config reload.
	  The RS disabled by health-checker was turned on w/o health-checking
	  by SIGHUP handler in the init_service_rs() subroutine.
	  This did not happen with alpha mode set.
	* libipvs: allow IPv4 RS in IPv6 VS and vice versa.
	  This change syncronizes local copy of libipvs with the upstream
	  (kernel/ipvsadm/ipvsadm.git) to the date. IPVS in Linux 3.18 will
	  include the feature of mixing of tunneled RS families in single VS.
	  The compatibility with older kernel versions is kept.
	* libipvs: minor bugfix with retreiving dest af.
	  This change needs to be sent to the ipvsadm upstream, too.
	  This clarifies the previous commit, so there is no need to mention
	  it in the changelog.
	* vrrp: check if interface is known when using use_vmac.
	  vrrp->ifp is NULL when use_vmac keyword is defined before the
	  interface keyword. This would result in a segfault
	* vrrp: simplify macvlan creation.
	  Create the macvlan interface in one netlink command rather than
	  three (creation of the macvlan in netlink_link_add_vmac function,
	  set of the mac address in the netlink_link_setlladdr function, set
	  macvlan mode in the netlink_link_setmode function).
	  This simplification:
	  1. avoids potential issues if the firt netlink command passes butcw
	      not the next ones
	  2. reduces number of netlink messages (light optimization)
	* ipvs: bugfix quorum state was flapping when Q < H.
	  When a service had quorum < hysteresis, the lower threshold of RS
	  weights was calculated incorrecly. Unsigned arythmetics was used, so
	  errors like this appeared in log: Keepalived_healthcheckers[2535]:
	  Lost quorum 1-2=18446744073709551615 > 10 for VS
	  The up -> down quorum state transition was happening every time when
	  alive RS set was changed. This bug was in place since
	  keepalived-1.2.9
	* vrrp: add support to IPv6 mcast src address specification.
	  For some reason (well... which one ?), previous code didnt support
	  specification of multicast source address in IPv6 mode. If you are
	  using 'native_ipv6' and want to specify IPv6 mcast source ip address
	  then you can use 'mcast_src_ip' keyword with IPv6 address.
	* vrrp: Add support to IPv6 src_address discrimination in master
	  rx state.
	  Previous code didnt support IPv6 address discrimination while in
	  MASTER state receiving same prio advert. This patch extend previous
	  code to support IP address comparison agnostic.
	* vrrp: IPv6 mcast src_addr handling and VMAC fix.
	  Properly bind socket for v6 use-case when mcasr_src_ip is in use or
	  when VMAC is used. This patch fix VRRP VMAC in native_ipv6 mode,
	  previous code just use the vmac interface link-local IP Address as
	  src_ip leading to a corner case (to keep polite).
	* vrrp: in IPv6 scope_id is mandatory to bind link-local address.
	  In IPv6 use-case, source IP address is set binding sokect to
	  socaddr_in6. Linux Kernel requires interface to bind link-local
	  address.
	* vrrp: fix nopreempt mode in master_rx.
	  While receiving lower prio advert, preempt election according to
	  nopreempt keyword. By default preempt is on as requested by RFC.
	* exit on malloc failure.
	* genhash: code cleanup.

2014-05-13  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.13 released.
	* vrrp : Use the standard unsigned int types. This fixes
	  building with musl libc, which does not expose the internal
	  __uint* defines. (Natanael Copa)
	* check : Fix template issue in IPv6 host header.
	  (Jan Hugo Prins)
	* ipvs : ipvs_syncd_cmd uses memset() to zero the daemonrule
	  buffer before populating it and sending it up. daemonrule is
	  malloc()ed by ipvs_start(). ipvs_start() can bail early if it
	  can't communicate with ipvs. Neither place which call
	  ipvs_start() check the return value, allowing them to walk
	  straight into a NULL pointer deref. (jsgh)
	* check : Without inhibit_on_failure on a real_server, when the
	  server is marked down existing TCP connections to it are simply
	  blackholed. Hence inhibit_on_failure: by setting the weight to
	  zero no new connections are sent to that server, but because the
	  server isn't completely removed from the table existing
	  connections are allowed to continue. The same problem exists
	  with sorry_server. When a real_server comes back up the
	  sorry_server is removed from the pool and existing connections
	  are blackholed. Instead of continued service, which may usually
	  be a fast response indicating overload, the client must engage
	  in a lengthy wait for the connection to time out. It would be
	  better in many cases to allow the sorry_server connections to
	  complete naturally. Luckily the code is structured well enough
	  that all is required to get this behaviour is to set the inhibit
	  member of the sorry_server structure, which is mostly just a
	  change to the config file parser. (jsgh)
	* check : unify logging of RS and VS. This fixes the bug of
	  displaying a FWM service as [x.x.x.x]:0, where x.x.x.x is the
	  first RS of that service. (Alexey Andriyanov)
	* check : unify connection options among checkers.
	  All the remote checkers (TCP, HTTP/SSL, SMTP) now have the
	  same set of connection options:
	    . connect_ip (new to TCP, HTTP)
	    . connect_port
	    . bindto
	    . bind_port (new)
	    . connect_timeout (new to SMTP)
	  All of them are optional with reasonable defaults. The patch
	  is designed for simplicity in adding a new option. Since the
	  connect_ip could be inequal to the RS address and, worse, the
	  same for all RSes, the endpoint is now logged as [RS]:rport,
	  not the [connect_ip]:connect_port. (Alexey Andriyanov)
	* check : fwmark connection option. (Alexey Andriyanov)
	* check : make SO_MARK a compile-time option.
	  (Alexey Andriyanov)
	* check : documentation for generic connection opts.
	  (Alexey Andriyanov)
	* check : random delay before doing the first check.
	  every RS check is registered with a random delay between 0
	  and vs->delay_loop seconds. It helps avoiding multiple
	  simultaneous checks to the same RS server.  (Alexey Andriyanov)
	* vrrp : Fix sync of interface status flag when using VMAC
	  interface. There is a chance that the VMAC interface status
	  flags (up/down) could be different from the base interface flags.
	  This patch will only change the VMAC interface status flags when
	  the base interface is changed. (Jonas Johansson)
	* vrrp : Let only base interface change the VMAC interface status
	  flags. The interface status flags for a VMAC interface shall
	  only be changed by the base interface, never by reading the
	  actual VMAC interface flags. (Jonas Johansson)
	* vrrp : Fix initial interface status flag value for VMAC
	  interface. In commit a05a503, "vrrp: Fix sync of interface
	  status flag when using VMAC interface", no inital value for the
	  VMAC interface status flag was set. Due to that the VMAC interface
	  flags shall follow the base interface, the base interface status
	  flags value shall be copied to the VMAC interface status flags
	  after the VMAC interface has been created. (Jonas Johansson)
	* vrrp : Proper restore of VMAC interface properties on SIGHUP.
	  On SIGHUP the VMAC flag and base ifindex for a VMAC interface was
	  lost. (Jonas Johansson)
	* vrrp : Revert "Honor preempt_delay setting on startup.".
	  This commit resulted in two individual bugs:

	  1) A keepalived instance coming on-line would not transition to
	     MASTER state until the preempt_delay duration had passed, even
	     though there was no already existing VRRP speaker in MASTER
	     state on the link. In other words, it changed the semantics of
	     preempt_delay from a delay that only took place before
	     *preemption* of another VRRP speaker, to a delay that
	     unconditionally took place after Keepalived came online. The
	     keepalived.conf manual page has always documented the former
	     meaning, which is also IMHO the only one that you would
	     intuitively expect.

	  2) The preempt_delay was applied when a Keepalived process was
	     reloading its configuration following the recipt of SIGHUP.
	     If the Keepalived instance was in MASTER state before the
	     reload, it would cease transmitting VRRP hellos for the
	     duration of preempt_delay, but *not* actually remove the
	     virtual addresses from the network interfaces. This in turn
	     resulted in any backup VRRP speakers on the links transition
	     to the MASTER state while preempt_delay was still in effect
	     on the original MASTER that was reloaded, thus creating a
	     service-impacting split-brain scenario where the virtual
	     addresses are present and active on multiple VRRP speakers
	     simultaneously.

	  (Tore Anderson)
	* vrrp : fix ip_address comparison. Extend IP_ISEQ() macro to
	  take care of NULL addresses. This issue end on SEGV while
	  using virtual_route. thanks to Tore Anderson for reporting.
	* vrrp : fix double close issue (DROP_MEMBERSHIP & netlink
	  channel). This is a old pending 'bug', not arming at all
	  but just frustrating to see again and again this log message :

	  "cant do IP_DROP_MEMBERSHIP errno=Bad file descriptor (9)"

	  What the hell ! it was due to a double close during reload &
	  stop procedure. VRRP fd are stored in a socket pool and use
	  the I/O MUX to handle VRRP traffic. While reloading or stopping
	  the daemon the I/O MUX was released first and secondly socket
	  pool.  The issue spotted here, in thread_destroy_master() all
	  pending thread are canceled and read/write fds related are
	  close(). Well OK a close on a mcast socket perform kernel side
	  the DROP_MEMBERSHIP when needed, but it is much more clean to
	  perform proper operations userspace ! This patch sequencely
	  cancel pending thread, release socket pool and finally
	  destroy master thread. Same 'issue' appear in netlink channel.

2014-02-08  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.12 released.
	* lib: Fix reallocation issue introduced in last merge.

2014-01-28  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.11 released.
	* ipvs: make nlerr2syserr libnl dependent. nlerr2syserr()
	  is only used when libnl is present... simply reflect this in
	  libipvs.
	* Fix libnl/libnl-3 logic in configure script.
	  This patch causes the configure script to prefer libnl-3 over
	  libnl(1). The configure script will first check for libnl-3 and
	  libnl-genl-3. If both are found, use them. If not, check for
	  libnl(1). This is useful when building on systems that have both
	  libnl-3 and libnl(1) installed. It also fixes some redundant
	  libraries in LIBS.
	* libipvs: libnl-3 include fix.
	* lib: extend command lib string parser.
	  Extend cmd_make_strvec to support quoted string as a single slot
	  and commented string at the end of parsed string.
	* lib: cosmetics at command.c.
	  Extend command framework to support logger and remove some dead
	  code. some cosmetics too.
	* lib: extend vty to support logger.
	* autoconf: better libnl3 detection.
	* Fix memory allocation in parser. The set_value function was
	  incorrectly using sizeof (char *) when allocation and reallocating
	  memory.
	* Fix memory allocation for MD5 digest.
	  The vrrp_in_chk_ipsecah and vrrp_build_ipsecah functions were
	  incorrectly using sizeof (unsigned char *) when allocating memory
	  for the MD5 digest.
	* Fix memory leak in vty_read_config. If vty_use_backup_config
	  returns NULL, free any memory that has been allocated before
	  returning.
	* Fix memory leak in check_include. The check_include function
	  should always free the allocated strvec.
	* Check content length before allocating memory.
	  Since extract_content_length should return 0 if CONTENT_LENGTH is
	  not found in the buffer, this check should be done before
	  allocating memory. This avoids unnecessary malloc/free calls and
	  fixes a potential memory leak.
	* Free memory if realloc fails in vty_out. If realloc returns NULL,
	  free the original memory before returning.
	* Remove redundant close from vty_use_backup_config. The sav file
	  descriptor is closed after read, so there is no need to close it
	  again is chmod operation fails.
	* Remove unnecessary netlink rtattr structures.
	  Both netlink_link_setmode and netlink_link_add_vmac have rtattr
	  structures that are no needed. The addattr_l function will handle
	  adding the rtattr to the message. Also, this patch removes
	  incorrect void pointer arithmetic when setting rta_len.
	* vrrp: dont try to leave mcast group in unicast mode.
	* vrrp: Release and refresh properly fd hash index.
	  Rehashing into the same loop as releasing is not really the best
	  idea... Reworked a little previous patch to properly release hash
	  entries related to the same instance and then hash it back on new
	  fd.
	* vrrp: use configuration mcast group for leave message.
	* vrrp: dont try to load ip_vs module when not needed.

2014-01-02  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.10 released.
	* Jonas Johansson removed unused option character in getopt
	  optstring.
	* vrrp: disable TTL sanity check for unicast use-case.
	  In order to protect against any packet injection, VRRP provides
	  sanity check over IP header TTL. This TTL MUST be equal to
	  255 and means both sender and receiver are attached on the same
	  ethernet segment. Now with unicast extension this protection MUST
	  be disabled since VRRP adverts will mostly traverse different
	  network segments.
	  !!! WARNING !!! When using VRRP in unicast use-case in order to
	  protect against any packet injection the best practice is to use
	  IPSEC-AH auth method otherwise you are exposed to potential
	  attackers !
	* Christian Albrecht fixed minor typo in man page
	* Pim van den Berg work on libipvs-2.6 to sync with libipvs from
	  ipvsadm 1.27
	* Pim van den Berg work add support to libnk >= 3. This address
	  following considerations :
	  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688164
	  http://article.gmane.org/gmane.linux.keepalived.devel/3522
	* Pim van den Berg extended libipvs adding nlerr2syserr function
	  to translate libnl 3 errors to sys errors. In libnl 3 the return
	  codes have changed. nlerr2syserr translates the libnl 3 errors to
	  sys errors.
	* ipvs: if libnl-3 is installed then check for libnl-gen-3. It is
	  mandatory to use generic netlink facilities in new libipvs. This
	  test is just here to ensure every needed libs are installed !
	* Frank Baalbergen (I suppose github frankbb is you ?) fix
	  http checker. literal ipv6 addresses should be enclosed by
	  brackets.
	* vrrp: Frank Baalbergen add check on IFA_F_NODAD support.
	* vrrp: fix unicast handling address selection. SjonHortensius
	  reported issue while testing unicast_peer. It wouldn't work
	  without adding the native_ipv6 flag. Removed this dependency !
	  since it not correlated with VRRP protocol version used.
	* vrrp: extend ip parser to support default and default6.
	  When you are using virtual_routes you may want to use default
	  or default6 while configuring routes. Extended parser
	  accordingly !
	* vrrp: take care of label while comparing IP addresses.
	  Label was not taken into account while comparing 2 IP
	  addresses, this can lead to a non deletion while stopping
	  daemon and some configuration changes have been done while
	  deamon running. This issue was reported by Stepan Rogov.
	* vrrp: fix/extend gratuitous ARP handling.
	  multiple people reported issues where MASTER didnt recover
	  properly after outage due to no gratuitous ARP sent. VRRP
	  is a protocol designed to be used between node plugged on
	  the same layer2 in order to guarantee link failure is directly
	  linked to a protocol FSM handling (FAULT transition). With
	  current virtualization env quite every think can be virtualized
	  from host (VM) to network (vswitch). In some cases those
	  virtualized env offer a virtualized layer2 on which VRRP is
	  plugged and sometime forwarding or routing over this virtual
	  path can be broken.
	  I extended gratuitous ARP handling in 2 ways :
	  1) When a MASTER receive a higher prio advert it sends a last
	     advert before transiting to BACKUP state. The immediate
	     effect at remote MASTER side is to sollicite a gratuitous
	     ARP broadcast.
	  2) Add an optional support to periodic gratuitous ARP sending
	     while in MASTER state. By default it is disabled but one
	     can activate this feature by configuring keyword
	     "garp_master_refresh" in seconds in vrrp_instance block
	     (refer to keepalived.conf.SYNOPSIS).
	* Frank Baalbergen fixed genhash. genhash can throw a
	  segmentation fault when not providing an argument
	* Frank Baalbergen extended genhash code to support IPv6
	* Frank Baalbergen extended genhash code to make url default
	  value /, same as curl/wget
	* Frank Baalbergen extended genhash code to only use default
	  url when url is empty
	* vrrp: Create configuration alias for unicast_src_ip keyword.
	  Add a new keyword more generic to specify VRRP packet source
	  IP address. This new keyword is "unicast_src_ip" and have
	  exactly the same scope as "mcast_src_ip".
	* vrrp: unicast_peer addresses and VRRP instance MUST be of
	  the same family. VRRP low-level framework create socket
	  pool based on VRRP instance family. If you are using
	  unicast_peer, it is mandatory to use addresses of same family
	  as VRRP instance. You cant mix IPv4 and IPv6 addresses inside
	  same unicast_peer block.  If you need to make it that way, you
	  MUST create a VRRP instance per family, eg: one with native_ipv6
	  for v6 unicast_peer and another for v4 unicast_peer.
	* vrrp: extended unicast code to support IPv6 unicast_src_ip.
	  Add support to unicast IPv6 address for
	  {unicast,mcast}_src_ip keyword. vrrp instance saddr is now a
	  sockaddr_storage and src IPv6 address is set using cmsg ancillary
	  data pktinfo. TSource IP address selection is now generic and
	  can be IPv4 or IPv6.
	* vrrp: fix vrrp socket sync while leaving FAULT state.
	  Well, this is a very, VERY old bug here. while leaving FAULT
	  state VRRP framework refresh instance socket fd_in & fd_out
	  and synchronize all VRRP instance bound to the same socket.
	  The patch refresh socket, it also refresh fd hashing ! which
	  better for later fault handling :)
	* vrrp: Frank Baalbergen fix log-facility handling. log-facility
	  should be a required_argument
	* vrrp: Support xmit VRRP packets from base VMAC interface.
	  Here is a merge of patch from Oliver Smith. Thanks for your
	  job and idea in here Oliver. Comments from Olivier :

	  This provides a new option to use in conjunction with the VMAC
	  functionality which will result in VRRP advertisements being
	  sent and received over the underlying interface (and therefore
	  having the source MAC of that interface rather than the VMAC
	  device).

	  With this new functionality enabled, VRRP messages will not
	  affect the switch MAC address table since the non-unique VMAC
	  address is now used only for sending a gratuitous ARP, thereby
	  ensuring that in conditions of VRRP message loss, a probing
	  partner will not inadvertently take over traffic.

	  This also resolves issues where VRRP messages are not
	  successfully being seen on the VMAC interface as with the
	  new option, the underlying interface is also used to listen out
	  for VRRP messages.
	* getopt: Make some arguments required
	* vrrp: Frank Baalbergen add default case in getopt_long.
	  when starting keepalived with an option without an argument
	  that requires an argument keepalived should not be started.
	* vrrp: VMAC code cleanup and extensions.
	  Remastered VMAC code. Interface base_ifindex is set by default
	  to interface ifindex during netlink probe. VMAC interface
	  base_ifindex is now set during VMAC allocation uppon success
	  interface creation. Detect if virtual_router_id is declared
	  after use_mvac keyword is invoked. Add some more log while
	  setting up and removing VMAC interface.
	* vrrp: IPv4 & IPv6 multicast group tweaking.
	  Meno Abels extended vrrp framework to support customized
	  multicast addresses. The address could be set for ipv4 and
	  ipv6 in the global_defs config section using the keywords
	  vrrp_mcast_group4 and vrrp_mcast_group6.

	  There are some stupid switches which does a special processing
	  to 224.0.0.0/8 multicast packets which causes packets drop from
	  queue overflows in environments which creates 100 and more
	  multicast control plane packets a second.

2013-11-10  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.9 released.
	* Alexey Andriyanov fixed inaccuracy in VS_ISEQ macro.
	* Alexey Andriyanov fixed hysteresis which could be >= quorum now.
	* Alexey Andriyanov extended checker framework so that status_code
	  and digest can be set together.
	* Alexey Andriyanov extended/fixed checker framework for better
	  SIGHUP support.
	* Jonas Johansson fixed VRRP sync group by sending prio 0 when
	  entering FAULT state. This fix will send prio 0 (VRRP_PRIO_STOP)
	  when the VRRP router transists from MASTER to FAULT state. This
	  will make a sync group leave the MASTER state more quickly by
	  notifying the backup router(s) instead of having them to wait
	  for time out.
	* Jonas Johansson extended VRRP VMAC interface flags (up/down
	  status) to follow base interface. When using a VMAC interface,
	  this fix will reflect the base interface flags, i.e. up/down
	  status, to the VMAC interface. This is useful when using sync
	  groups (in combination with VMAC) and a link for one of the
	  members in the MASTER sync group goes down. Before this fix,
	  this member will not detect the link fault, due to that the
	  VMAC interface always is UP regardless of the actual status of
	  the base interface, and the sync group will continue to be
	  MASTER as if nothing has happend. This fix will however reflect
	  the status of the base interface onto the VMAC interface, so if
	  the link goes down the member will transit to FAULT state, which
	  will make the sync group transit to BACKUP state.
	* Jonas Johansson fixed VRRP wrong interface flags corner case.
	  If a link event arrives between the initial scanning for
	  interfaces and configuration file parsing, the VRRP instance
	  will enter an unrecoverable state. This fix will update the
	  interface flags even when the interface exists, not only for
	  the inital scan.  Note that when all is up and running the link
	  events will be properly handled by netlink, so this fix only
	  fixes the special case when a link changes state during
	  initalization/configuration.
	* Jonas Johansson fixed VRRP to honor preempt_delay setting on
	  startup. If the preempt_delay is set we cannot yet transition
	  to master state. We must await the timeout of our preempt_delay.
	  The preemption delay is used when starting up, or rebooting, a
	  node which needs time to sort out its routing table (e.g., BGP
	  or OSPF) before it can assume the master role.
	* Jonas Johansson extended VRRP code for faster sync group
	  transition.
	* Jonas Johansson replaced popt with getopt. In a embedded
	  environment you might not want to have to add yet another
	  library dependency. This commit refactors parse_cmdline() to
	  use getopt_long() instead och popt.
	* EyckWigo proposed to increase defaut socket buf size to handle
	  env with lot of IP addresses, Default is now set to 64K on netlink
	  socket.
	* Guðmundur Bjarni Ólafsson fixed VRRP unicast code to allow
	  packet to be routed !
	* Guðmundur Bjarni Ólafsson fixed VRRP checksum before computation.
	  When running in unicast mode with multiple peers, the checksum
	  was being calculated into itself for consequent peers, causing
	  incorrect checksums.
	* Extended VRRP framework tweaking IPv6 VIP install by disabling
	  DAD algo and setting deprecated.
	  Lot of discussions have been made around those 2 topics. First
	  idea and initial patch where provided by Leo Baltus. This patch
	  fix the use case where VRRP VIPv6 are used in conjonction of IPVS
	  healthchecking. If deprecated flag is not set (which is the default
	  linux behaviour), then VRRP VIP can be used as source address of
	  healthcheking packet. Since this VIP address is also present, in
	  most use-cases, on realserver directly so return packets never reach
	  the healthchecker and hence no realserver was injected in IPVS table.
	  At the same time, I decided to merge Tore Anderson  suggestion of
	  disabling Duplicate Address Detection algorithm. Tore's arguments
	  are nice ! Thanks Tore : Using the nodad flag has the following
	  benefits:
	  1) The address becomes immediately usable after they're configured.
	  2) In the case of a temporary layer-2 / split-brain problem we can
	     avoid that the active VIP transitions into the dadfailed phase
	     and stays there forever - leaving us without service. HA/VRRP
	     setups have their own "DAD"-like functionality, so it's not
	     really needed from the IPv6 stack.

	  Acknowledgements to Mark Schouten and Frank Baalbergen for pushing
	  me by testing this features !

2013-09-05  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.8 released.
	* Vincent Bernat fixed issue while pinging master agent.
	  The agent needs to be initialized to be able to change the
	  AgentX ping interval.
	* Revisited the whole code to use posix declaration style.
	* fixed some typos
	* Created CLI core framework.
	* Ryan O'Hara added option to prevent respawn of child process.
	  This patch adds a command-line option (--dont-respawn, -R) that
	  will prevent the child processes from respawning. When this
	  option is specified, if either the checker or vrrp child
	  processes exit the parent process will raise the SIGTERM signal
	  and exit.
	* Ryan O'Hara removed duplicate command-line option code.
	  patch removes unnecessary code to process command-line
	  options. All options can be processed with a single while loop
	  that calls poptGetNextOpt. This patch also adds code to check
	  for errors while processing options. Note that errors encountered
	  while processing command-line options are fatal.
	* Ryan O'Hara add support to usage generation by popt.
	  This patch uses the popt library to describe the command-line
	  options and print usage to stderr. This provides a more clear,
	  concise usage statement.
	* Ryan O'Hara and I updated keepalived man page.
	* Aleksei Ilin add flexible HTTP checker behaviour for HTTP GET
	  request's port settings. VirtualServer's port being specified
	  in HTTP GET request only if `VirtualHost` option is not defined,
	  otherwise used `VirtualHost` option itself.
	* Ryan O'Hara fixed pointer arithmetic for VRRP packet.
	  When using IPSEC AH authentication, the pointer arithmetic used
	  to get the location of the VRRP packet is incorrect. The address
	  of the IPSEC header must be cast as (char *) in order to get
	  correct address of the VRRP packet. Without this patch,
	  vrrp_in_chk() will fail to verify incoming VRRP packets when
	  IPSEC AH is enabled.
	* Ryan O'Hara fixed issue while loading SSL certificate.
	  This patch fixes a problem where keepalived will attempt to
	  load an SSL keyfile as a certificate, resulting in failure to
	  initialize SSL context.
	* Ryan O'Hara refreshed GPLv2 license with last FSF file.
	* junpei-yoshino fixed configure.in. Library crypt is needed.
	* Boon Ang fixed comparison of primary IP addresses.
	  If a router in the master state receives an advertisement
	  with priority equal to the local priority, it must also
	  compare the primary IP addresses (RFC 3768, section 6.4.3).
	  The code to handle this was comparing two IP addresses with
	  different byte-ordering, resulting in multiple routers in
	  the master state. This patches resolves the problem by
	  coverting the local primary IP address to network byte order
	  for the comparison.
	* Henrique Mecking fixed memory leak in libipvs
	* Robert James Hernandez fixed RETVAL by setting RETVAL for
	  status instead keeping RETVAL set to default of 0
	* Robert James Hernandez fixed RETVAL by setting RETVAL for
	  catch all and so that it exits like all other matches in
	  the case
	* Jan Pokorný fixed genhash to ensure CLRF{2} HTML body
	  separator won't slip.
	* Jan Pokorný extended genhash. Generalize the hash algoi
	  parts, add SHA1.
	  This patch adds support for hash algo suite extension
	  with SHA1 being a first one to be available together with
	  a default MD5.  The remaining change on the health-checker
	  subsystem side is to make analogous modifications and to teach
	  it to recognize the intended hash algorithm based on the length
	  of the digest (provided that extra care is taken that no two
	  algorithms will ever alias in this regard).  Also the test
	  script for genhash was extended to conditionally use SHA1.
	* Jan Pokorný cleaned up genhash code.
	  Access to the hash-specific context was simplified as I've
	  now checked some C guarantees regarding union/it's members
	  initial address vs. aligning so now extra inlined accessor
	  function is needed.  This simplified the code a bit.
	  Also now the hash-specific object is directly pointed to by
	  SOCK object instead of carrying just the index to the table of
	  hashes and doing the respective access via a global again and
	  again.  Next, I've concentrated some hash-related declarations
	  to the new hash.h file.  This was mostly motivated by a need to
	  break the circular include dependency that have arisen. As a
	  consequence, part of the recent clutter I brought in was removed
	  again. Most of FEAT_SHA1 conditional compilation is here.
	  Previously separated table in main carrying the hash IDs to be
	  printed in the help screen was merged into the table carrying all
	  the other necessary information about the particular hashes.
	* vrrp: Remi Gacogne fixed invalid use of sizeof.
	* Pasi Kärkkäinen Add To header for SMTP alerts.
	* vrrp: Robert Sander add IPv6 support for virtual_routes and
	  static_routes.
	* Erik de Groot add support to LVS One-Packet Scheduling
	  (known as OPS). Typically RADIUS traffic comes from a limited
	  amount of clients and thus you have a very limited range of IP
	  tuples in action which will never expire. Issue with Keepalived
	  without this patch is that, although it correctly re-assigns
	  traffic when a real server dies, it will never re-assign traffic
	  back to the real server when it is restored. This is because
	  LVS creates virtual connections, for each IP tuple, that will
	  never time out as the clients keep sending traffic to the server.
	  With this patch is is possible to enable OPS for UDP virtual
	  servers which means LVS does not create virtual connections and
	  takes a new loadbalancing decision for each UDP packet. The
	  result is that a restored server now gets RADIUS traffic as
	  soon as LVS has taken it it back into the server pool.
	* Willy Tarreau and Ryan O'Hara add the ability to use VRRP over
	  unicast. Unicast IP addresses may be specified for each VRRP
	  instance with the 'unicast_peer' configuration keyword. When
	  a VRRP instance has one or more unicast IP address defined,
	  VRRP advertisements will be sent to each of those addresses.
	  Unicast IP addresses may be either IPv4 or IPv6.
	  If you are planing to use this option, ensure every ip
	  addresses present in unicast_peer configuration block do not
	  belong to the same router/box. Otherwise it will generate
	  duplicate packet at reception point.

2012-08-29  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.7 released.
	* vrrp: fix issue in while using vrrp_script.
	  Previous patch introduced by Ryan O'Hara about removing
	  shadow declaration was kind of too much hunting.
	  Removing element e in this block simply create inconsitency
	  in upper list walk. So resurected element declaration with e2.
	* snmp: Mikhail Gaydamaka extended MIB and both vrrp and check
	  frameworkds to support routerId to var bind.
	* snmp: Mikhail Gaydamaka fixed oid for vrrpSyncGroupStateChange
	  var bind.
	* some cosmetics again and again.

2012-08-20  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.6 released.
	* Rename global config data variable 'global_data'.
	  From Ryan O'Hara :
	  This patch renames the global configuration data
	  variable from 'data' to 'global_data'. Three reasons for
	  renaming this varibale:
	  - Fixes shadow declaration of 'data' in several locations.
	  - Is more consistent with other global data variables
	    (ie. vrrp_data, check_data).
	  - Functions like free_global_data and dump_global_data were
	    ignoring conf_data_t argument and using global variable
	    instead.
	* Ryan O'Hara: Fix shadow declaration of 'vrrp_data' variable.
	* Ryan O'Hara: Fix shadow declaration of 'check_data' variable.
	* Ryan O'Hara: Remove shadow declaration of 'element e' in
	  vrrp_init_state.
	* check: Avoid the use of kernel defines in libipvs userland
	  prototypes.
	* vrrp: Correctly handle macvlan interface when config file is
	  re-loaded. From Bob Gilligan :
	  Testing with the 1.2.0 branch, bring keepalived up with a
	  vrrp_instance that is configured with use_vmac.  Then delete
	  that vrrp_instance from the config file.  Then tell keepalived
	  to re-read its config file with SIGHUP.  The vrrp_instance will
	  be stopped, but the macvlan interface will remain.  The obvious
	  fix would be to add code to call netlink_link_del_vmac() in
	  clear_diff_vrrp().  There's one problem with that: the code
	  needs the ifindex of the macvlan interface to delete it, but
	  that resides in the interface structure that was freed earlier
	  in the reload process.  My fix is to add a field to the
	  vrrp_rt struct to remember the macvlan ifindex.  This patch
	  addresses this problem plus two others that can occur in
	  reloading the config file:  1) If the vrrp_instance
	  configuration is kept, but the use_vmac entry is removed, the
	  macvlan interface will not be deleted; 2) If a vrrp_instance
	  with use_vmac is left unchanged, the code will attempt to
	  re-create the macvlan interface, but this will fail and the
	  program will end up not using the macvlan interface.
	* vrrp: VRRP should notify other routers before it does any
	  action that effects traffic flow. From John Southworth:
	  Move the shutdown_vrrp_instances code to before the deletion
	  of sock_pool. Move sending priority 0 adverts to before address
	  removal occurs
	* vrrp: From John Southworth: Stop timers before shutting down
	  vrrp instances. This is to avoid a possible condition where
	  a priority 0 advertisement is sent and before the master
	  thread is killed another advertisement can be generated and sent.
	* vrrp: Change when socket fd's are freed.
	  From John Southworth:
	  Priority 0 advertisements were not being sent as desired on
	  config reload. This was causing long delays on manually failed
	  over instances. The socket pool was being freed too early, as a
	  result the file descriptor for the socket was no longer valid at
	  the time the priority 0 advertisment was attempted.
	* vrrp: Added a separate timeout parameter for vrrp_script checks
	  From Jonathan Harden:
	  I've added a timeout parameter to the vrrp check scripts which
	  allow you to have the check timeout different to the interval.
	  When no timeout has been specified the interval is used (which
	  mimics the current behaviour).  To explain the reasoning: We
	  wanted to have check scripts time out faster than our check
	  interval. Doing the check we need to perform is a little load
	  intensive and so we don't want to perform it every few seconds.
	  With this patch we set an interval of 60 seconds but a timeout
	  of 5 seconds (if the check takes more than a few seconds then
	  the service is not working correctly).
	* Extended vector lib for futur work
	* some cosmetics.

2012-08-13  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.5 released.
	* Merge SNMP support from Vincent Bernat.
	* SNMP is not compiled nor activated by default.
	* Updated autoconf script
	* Created Keepalived MIB
	* Integration of NetSNMP into main scheduling loop
	* vrrp: Most internal data can be queried with SNMP.
	* check: Most internal values can be queried using SNMP.
	  The main exception is the ability to query checkers
	  which is not present.
	* check: SNMP support for IPVS stats. IPVS stats are
	  exported with SNMP. A cache is used to avoid to query
	  the kernel too much.
	* Created core framework for SNMP trap
	* vrrp: SNMP traps are sent when instance state changes
	  and when sync group state changes
	* check: SNMP traprs are sent when real server state changes
	  and when virtual server quorum state changes
	* vrrp: add support to write/update operations from SNMP.
	  Write/update support is available for changing the base priority
	  and for changing instance preemption.
	* check: add support to write/update operations from SNMP.
	  Write support is available for changing the weight of a real
	  server.
	* workaround for AgentX ping blocking Keepalived. When establishing
	  AgentX session with the master agent, we setup low timeout and
	  retries values. If the master agent is blocked, we will wait for
	  less than 1 second for them and therefore, there will be no
	  disruption for VRRP.
	* Copyright update
	* some cosmetics.

2012-07-27  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.4 released.
	* Please look at git repo for credits.
	* remove CR from manpage
	* check: fix pid display in syslog messages
	* vrrp: better documentation of the limitation on password
	  length
	* cosmetics to be pleasant with GCC4
	* Update autoconf script to properly detect VRRP VMAC
	  support
	* security: Fix exploitable issue in sighandler !
	* Add datarootdir to Makefile.in files.
	* Fix logging to console.
	* Remove newlines from log_message calls.

2012-07-13  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.3 released.
	* Please look at git repo for credits.
	* VRRP : allow group to use priority with 'global_tracking'
	  group keyword
	* VRRP : Adjust TOS values. The TOS value used by other
	  vendors is ip precedence 6, so change that. Use socket
	  priority option to force packets into band 0 of pfifo_fast.
	* VRRP : Fix sync-group thrashing.The sync group implementation
	  was not very robust. If one synced instance lost communication
	  without going to fault state then all synced intances would
	  transition to master. Following this all instances would
	  transition back to backup because they heard higher priority
	  advertisements. This thrashing would continue indefinitely.
	  To fix this the sync-group code was made to prefer backup state.
	  That is, the sync-groups don't sync to master state unless
	  every instance wants to be master.
	* VRRP : Fix dst lladdr in IPv6 Unsollicited NA.
	* VRRP : fix pid display in syslog messages.
	* Fix configure script to correctly identify kernel version.
	* check : handle unspecified sockaddr_storage when comparing
	* VRRP : ensure VRRP script interval and GARP delay is not 0.
	* check: ensure non 0 default values for timeouts.
	* VRRP : Fix priority not changing on reload.
	* check : Fix IPv4 address comparison routine.
	* Don't use bind() with AF_UNSPEC.
	* check : enable the use of fwmark with IPv6 virtual servers.
	* Fix modprobe arguments.
	* Fix double ntohs() in SMTP checker.
	* Pretty-print IP:port as [%s]:%d.
	* check : keep retry in case of early TCP failures in checks.
	* when specifying an IPv6 range, range is hexadecimal value.
	* Only define kernel types for ip_vs.h header to avoid problems
	  when loading other headers.
	* When respawning VRRP or check process, use LOG_ALERT.
	* Do not set reload flag in the main process.
	* Set correct rights on PID file.
	* fix 'gratuitous' typos.
	* ipvs: don't include linux/types.h or asm/types.h.
	* configure: check for nl_socket_modify_cb for libnl.
	* configure: don't check for IPVS support with kernel 2.6.x.
	* VRRP : On shutdown, release sockets later to be able to send
	  shutdown packet.
	* fix documentation on linkbeat_use_polling keyword.
	* Fix a typo for healthchecker.
	* fix syslog message if bogous vrrp packet (wrong auth type)
	  received.
	* manpage update.

2011-01-09  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.2 released.
	* IPv6 : extended autoconf script to support libnl detection.
		 IPv6 IPVS kernel subsystem is reachable through
		 generic netlink configuration interface.
	* IPv6 : Enhanced libipvs-2.6 to support generic netlink
		 configuration interface. If generic netlink is
		 available with kernel then it will be the
		 prefered path to configure IPVS.
	* IPv6 : Enhanced the whole checker API to use
		 sockaddr_storage.
	* IPv6 : Enhanced the whole core framework to use
		 sockaddr_storage.
	* IPv6 : Enhanced all checkers to use sockaddr_storage.
	* fixed a long time pending issue in all checkers. If
	  first connection attempt to remote peer was failing
	  no more check was performed to service... Up on error
	  connecting remote peer simply register a new timer for
	  next check. This is specially needed in IPv6 context
	  where a unreachable host can be reached at delayed time.
	* code clean-up: revisited the code to use more POSIX
	  compliant declaration. thread typedef to use thread_t
	  instead. revisisted checker framework to use POSIX typdef
	  declaration.

2010-12-08  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.2.1 released.
	* Vincent Bernat <bernat <at> luffy.cx>:
	  VRRP: Fix incorrect computation for packet size
	* Vincent Bernat <bernat <at> luffy.cx>:
	  VRRP: handle passwords up to 8 characters
	* Vincent Bernat <bernat <at> luffy.cx>:
	  When updating weight, check quorum state.
	  MISC check can update the weight of a real server. This
	  can lead to a change in quorum state.
	  We factor out quorum handling from perform_svr_state()
	  into a new function update_quorum_state() that will check if
	  the quorum state changed and if yes, update sorry server status,
	  exec quorum commands and add back or remove alive real servers
	  (with existing function perform_quorum_state()).
	  This patch is mostly cut'n'paste and adding a call to
	  update_quorum_state() in update_svr_wgt(). We also make
	  perform_svr_state() and update_quorum_state() almost symmetric.
	* Vincent Bernat <bernat <at> luffy.cx>:
	  Fix an infinite loop in master transition with sync groups.
	  This patch is from Arjan Filius. See:
	  http://marc.info/?l=keepalived-devel&m=128212278218825&w=2
	  When transitioning to master state, keepalived might try to
	  force transition to master state of other VRRP instances into
	  the same group before their transition is complete. This leads
	  to an infinite loop with huge VRRP trafic.
	* Vincent Bernat <bernat <at> luffy.cx>:
	  VRRP : Use VRRP_PRIO_DFL instead of 100 for default priority.
	* Vincent Bernat <bernat <at> luffy.cx>:
	  Use netpacket/packet.h instead of linux/if_packet.h to get
	  sockaddr_ll.
	  linux/if_packet.h pulls linux/types.h that should not be used
	  by a userland program since types defined here can conflict
	  with stdint.h. We use netpacket/packet.h which is a GNU LibC
	  header.
	* Vincent Bernat <bernat <at> luffy.cx>:
	  Keep current weight on reload when initial weight is not
	  altered.
	  Weight can be changed by MISC_CHECK when using dynamic option.
	  In case of reload, the change is lost until the script runs
	  again. We record the initial weight in a separate variable and
	  use it to check if a real server has changed instead of using
	  the actual weight.
	* Vincent Bernat <bernat <at> luffy.cx>:
	  VRRP : disabled scripts and initially good scripts should be
	  considered as OK.
	  When a script is not weighted, its failure will lead to a
	  failure of the associated VRRP instance. However, disabled
	  script and scripts that are initially good (after a reload)
	  should be considered as successful and not make the instance
	  fail.  Moreover, a disabled script should not be used when
	  computing script weights.
	* Vincent Bernat <bernat <at> luffy.cx>:
	  VRRP : more informative message when disabling a script due
	  to use of weights.
	  When using a weight for a tracked script, the script is
	  disabled.  However, the warning message said that the weight
	  was ignored. We change the message to tell that the script is
	  ignored. Moreover, we don't change its weight since it can be
	  used in another instance, not in a SYNC group.
	* Vincent Bernat <bernat <at> luffy.cx>:
	  check : include missing virtual server group name in a log
	  message
	* Vincent Bernat <bernat <at> luffy.cx>:
	  configure: add a check for ETHERTYPE_IPV6.
	  ETHERTYPE_IPV6 defined in net/ethernet.h is pretty recent.
	  If absent, we hard-code the value into CFLAGS. This patch
	  requires regeneration of configure.
	* Vincent Bernat <bernat <at> luffy.cx>:
	  check : update server weight in IPVS only if server is alive
	  and in the pool.
	  With inhibit_on_failure, a server can be in the pool and not
	  alive. We don't want to set the weight of an inhibited server
	  or a server in a virtual server whose qorum is not met yet.
	* Vincent Bernat <bernat <at> luffy.cx>:
	  check: really add back inhibited server when quorum is gained
	  A previous change contained an erroneous check to add back
	  alive servers when quorum state was gained. This check was
	  incompatible with inhibit_on_failure. When servers were added
	  back in the pool, the weight was not updated accordingly.
	* Vincent Bernat <bernat <at> luffy.cx>:
	  check : update server weight despite quorum when no sorry
	  server.
	  In absence of a sorry server, the logic is to not use quorum
	  except to run commands when quorum is gained or lost. This
	  means that if a MISC check modifies the weight of a server
	  and there is no sorry server, we do not consider quorum.

2010-05-31  Alexandre Cassen  <acassen@linux-vs.org>
	* Branch 1.2.0 created. This branch will host all new
	  developments on Keepalived. New code will be added
	  in here only.
	* VRRP : Add support to IPv6 protocol. The global framework
	  has been extended to support this branch new family !
	* VRRP : Implement IPv6 Neighbour Discovery protocol (NDISC).
	  In IPv6 gratuitous ARP doesnt exist since ARP is IPv4 only.
	  NDISC can provide the same feature by sending so called
	  Unsolicited Neighbour Advertisement. A node can send such a
	  protocol datagram in order to (unreliable) propagate new
	  information quickly (rfc4861.4.4). NDISC build an ICMPv6
	  message with taget link-layer address option, this option is
	  set icmp6_override flag to indicate that advertisement should
	  override an existing cache entry and update the cached
	  link-layer.
	* VRRP : Extend ip address framework to be IPv4 and IPv6
	  independant. An ip address, as defined in framework, is
	  now {IPv4,broadcast} or {IPv6}. Use struct ifaddrmsg to
	  store and prepare netlink related operation. This clean-
	  -up the code.
	* VRRP : Extend parser to support IPv6 declarations. IPv6
	  and IPv4 addresses can be configured inside the same
	  configuration block (eg: virtual_ipaddress or
	  virtual_ipaddress_excluded). An instance can run IPv4 and
	  IPv6 addresses at a time, this can be useful in dual-stack
	  env (since this will become certainly the most common use
	  case in the next years).
	* VRRP : Extend netlink framwork to support IPv6 addresses
	  interactions (reflection/addition/deletion).
	* VRRP : Extend finite state machine support IPv4 & IPv6
	  at a time.
	* VRRP : Extend protocol helpers to support IPv6 multicast
	  related. AF_INET6 SOCK_RAW tweaking it done through
	  socket API instead of PF_PACKET header building... This
	  makes code cleaner.
	* VRRP : Set default VRRP instance protocol to be IPv4.
	  you can use configuration keyword "native_ipv6" inside
	  vrrp_instance configuration block to specify that you
	  want to use IPv6 for VRRP multicasting protocol instead.
	* VRRP : Extend socket option related helpers to support
	  IPv6 specifics.
	* VRRP : Extend protocol scheduler and dispatcher to
	  support IPv6.
	* VRRP : Extend socket pool to keep track of socket
	  family.
	* VRRP : Cleanup protocol offset pointer by removing
	  duplication code...
	* VRRP : some code clean-up...

2010-05-06  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.20 released.
	* Vincent Bernat <bernat <at> luffy.cx> extended ip/route
	  framework to be able to add route or ip address if they
	  already exist.
	* Vincent Bernat <bernat <at> luffy.cx> fixed broadcast
	  address display.
	* Vincent Bernat <bernat <at> luffy.cx> extended genhash to
	  display an error when giving an incorrect IP address.
	* Vincent Bernat <bernat <at> luffy.cx>: When parsing
	  "blackhole" route, also parse IP mask.
	* Vincent Bernat <bernat <at> luffy.cx>:
	  On reload, destroy signal pipes before recreating them.
	* Vincent Bernat <bernat <at> luffy.cx>:
	  Fix SMTP checker adding himself repeatedly in the list of
	  failed checkers.
	* Vincent Bernat <bernat <at> luffy.cx>:
	  Handle non-existant default interface in VIP definition.
	* Vincent Bernat <bernat <at> luffy.cx>:
	  Remove alive real servers when quorum is lost.
	* Vincent Bernat <bernat <at> luffy.cx>:
	  Fix a segfault when a virtual_server is empty.
	* Vincent Bernat <bernat <at> luffy.cx>:
	  Add real servers to new member of a virtual server group
	  on reload.
	* Vincent Bernat <bernat <at> luffy.cx>:
	  Keep previous effective VRRP priority on reload.
	* Vincent Bernat <bernat <at> luffy.cx>:
	  Fix VRRP script not running any more after reload.
	* Vincent Bernat <bernat <at> luffy.cx>:
	  On reload, keep status for all VRRP scripts.
	* Removed IPVS Kernel 2.2 support

2009-10-01  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.19 released.
	* Cosmetics changes.
	* Vincent Bernat <bernat <at> luffy.cx> fix a segfault
	  when there is no real server for a virtual server.
	* Vincent Bernat <bernat <at> luffy.cx>, Willy Tarreau
	  and I finally fixed SIGCHLD handling upon reload.
	* Vincent Bernat <bernat <at> luffy.cx> fix VS_ISEQ macro.
	* VRRP : Kimitoshi Takahashi <ktaka <at> clustcom.com>
	  fixed nopreempt from FAULT state. The owner of higher
	  priority in FAULT state shouldn't preempt current MASTER
	  when it's recovering, if the nopreempt option is set.

2009-09-24  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.18 released.
	* Fixed compilation warnings
	* Updated autoconf kernel version detection. Created a new
	  configuration option to force kernel versioni selection.
	  This option can be useful for crosscompilation:
	  --with-kernel-version={2.2|2.4|2.6}
	* Updated media link failure detection strategy. Kernel
	  linkwatch has been around for long time so set it as
	  default strategy. Alternatively you can choose to use
	  MII BSMR polling strategy by adding new keyword
	  'linkbeat_use_polling' in your configuration file.
	* Vincent Bernat <bernat <at> luffy.cx> fixed ip_vs.h includes.
	* Removed vrrp_running and check_running test since it is
	  already performed by keepalived_running.
	* Properly handle father pidfile handling.
	* fixed reload handler to properly print out PID.
	* Willy and I fixed a signal handling issue while reloading
	  daemon. A dereferencing master thread issue leading to a
	  segfault, so that reload was seen as a restart because it
	  was respawned by keepalived father process.
	* Willy fixed a missing UNSET_RELOAD declaration leading to
	  a potential infinite loop while performing reload.
	* Vincent Bernat <bernat <at> luffy.cx> fixed initial value
	  of quorum state on startup and reload. Fixed sorry server
	  removal to consider quorum state.
	* VRRP : Add missing notify calls while entering FAULT state.
	* VRRP : Willy added support to delayed script check launch
	  (up and down). It defines "rise" and "fall" keywords. "fall"
	  defines the required number of failures to switch in KO mode,
	  "rise" defines the number of sucesses to switch in OK mode.
	* VRRP : Fixed an IP_DROP_MEMBERSHIP issue while performing
	  reload. vrrp socket pool is released at first.

2009-03-05  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.17 released.
	* Fixed low-level scheduler timer computation to take care to
	  monothonic computation. Select returns if timer is null!
	* VRRP : Fixed vrrp script initialization to use event thread
	  instead of timer thread so that script no longer need to
	  wait until first polling timer fired.
	* VRRP : Willy and I fixed MII media link failure detection
	  to test SIOCGMIIREG call before fetching BMSR.
	* VRRP : Resurected VRRP_STATE_GOTO_FAULT. This state is
	  really needed to speed-up convergence and prevent against
	  any issue while using vrrp_sync_group.

2009-02-15  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.16 released.
	* Code clean-up.
	* Stefan Rompf, <stefan@loplof.de> extended scheduler to
	  synchronize signal handling by sending the signal number through
	  a self pipe, making signals select()able. Child reaping has been
	  moved to a simple signal synchronous signal handler. Signal
	  shutdown handling has been centralized.
	* Denis Ovsienko, <pilot@etcnet.org> extended healthchecker
	  framework to support alpha/omega design. It provides virtual
	  service control in a more fine-graned maner. You may have a
	  look to the SYNOPSIS file to have full picture on configation.
	  It addresses the following issues :
	  - A virtual service is considered up even with an empty RS pool.
	  - There is no reliable mean to avoid service regression, when
	    the server pool becomes too small.
	  - There is no mean to escalate any of the above fault/recovery
	    events.
	  - Real servers are assumed alive initially. This leads to
	    unnecessary state flap on keepalived start.
	  - notify_down isn't executed for working real servers on
	    keepalived shutdown.
	  - There is no reliable mean to handle keepalived stop to move
	    the virtual service over another load balancer.
	* Stephan Mayr, <Mayr.Stefan@swm.de> fixed default value for
	  checker loop... a missing TIMER_HZ.
	* Merge keepalived.init.suse.
	* Robin Garner, <robin.garner@scu.edu.au> added support to
	  --log-console facility.
	* Tobias Klausmann, <klausman@schwarzvogel.de> fixed an openfile
	  leak while performing reload.
	* Leo Baltus, <Leo.Baltus@omroep.nl> extended pidfile handling
	  to allow keepalived to start using configurated pidfile.
	* VRRP : Siim Poder, <siim@p6drad-teel.net> fixed IPSEC AH auth
	  to skip IPv4 id field of zero. If zeroed kernel will fill it
	  and lead to an unwanted protocol re-election.
	* VRRP : Siim Poder, <siim@p6drad-teel.net> fixed reloading issue.
	  New ip addresses are added (from configuration). State is kept
	  instead of starting from whatever is in configuration file.
	  If prios are changed in such a way, state change can occur after
	  reload.
	* VRRP : Vincent Bernat, <bernat@luffy.cx> extended virtual_route
	  to support virtual "black hole" route as well as multihop route.
	* VRRP : Stig Thormodsrud, <stig@vyatta.com> fixed a crash while
	  using virtual_router_id set to 255.
	* VRRP: Jon DeVree, <jadevree@arbor.net> fixed arp handling to
	  to initialize the target hardware address, using 0xff as found
	  in arping. Let scripts work without dealing with weight, if the
	  script fails, VRRP fails.
	* VRRP : Pierre-Yves Ritschard, <pierre-yves@spootnik.org> removed
	  the GOTO_FAULT state from FSM.
	* VRRP : Willy Tarreau, <w@1wt.eu> fixed link detection handling
	  to support right ioctl values for recent kernel ! It can lead
	  to issue while running instance on a bonding interface.
	* VRRP : Willy Tarreau, <w@1wt.eu> extended scheduler to catch
	  time drift. It implements an internal monotonic clock. It
	  maintains an offset between sysclock and monotonic clock, if
	  computed time if anterior to monotonic time then just update
	  offset. If time computed if fare away into the future then
	  limit delay and recompute offset.
	* VRRP : Willy Tarreau, <w@1wt.eu> fixed autoconf issues.

2007-09-15  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.15 released.
	* Matthias Saou, <matthias at rpmforge.net> fixed genhash
	  Makefile for man page installation.
	* Casey Zacek, <keepalived at bogleg.org> provided a patch
	  to check_http to remove buffer minimization while processing
	  stream. It appears some webserver cause healthchecker crash.
	* Chris Marchesi, <chris.marchesi at canadawebhosting.com> provided
	  a patch for better handling of SSL handshake errors.
	* Shinji Tanaka, <stanaka at hatena.ne.jp> fixed parser "include"
	  directive to support declaration inside configuration directives,
	  like including file inside vrrp_instance declaration.
	* Andreas Kotes, <count at flatline.de> fixed HTTP healthchecker
	  while handling MD5SUM result. It appears checker never removed
	  realserver on MD5SUM mismatch !!! whats that crap.
	* VRRP : Willy Tarreau, <w at 1wt.eu> fixed a missing notifications
	  upon transition from fault to backup.
	* VRRP : Add support to route metric in virtual_routes definition.

2007-09-13  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.14 released.
	* Shinji Tanaka, <stanaka at hatena.ne.jp> extended parsing
	  framework to support "include" directives. For more
	  informations and documentation please refer to Shinji
	  website :
	    http://misccs.dyndns.org/index.php?keepalived%20include%20patch
	* Tobias Klausmann, <klausman at schwarzvogel.de> add error loggin
	  while parsing configuration file.
	* Merged patches from rpmforge.net on Makefile and redhat specfile.
	* Create a goodies directory to store nice scripts received from
	  users. Add Steve Milton (milton AT isomedia.com) arpreset script
	  to delete a single ARP entry from a CISCO router.
	* VRRP : David Woodhouse, <dwmw2 at redhat.com> fixed vrrp_arp
	  includes.
	* VRRP : Pierre-Yves Ritschard, <pyr at spootnik.org> fixed negative
	  weights in script.
	* VRRP : Michael Smith, <msmith at cbnco.com> extended
	  virtual_ipaddress setting to support Old-style Linux interface
	  aliases like eth0:1.
	* VRRP : Ward Wouts, <ward.wouts at gmail.com> add support to
	  vrrp_script logging.

2006-10-11  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.13 released.
	* VRRP : Added a new notify script to be launch during vrrp
	  instances shutdown. This new notify hook is configured
	  using notify_stop keyword inside vrrp_instance block.
	* VRRP : Willy Tarreau <w at 1wt.eu> fixed an errno issue in
	  thread_fetch(), errno is lost during set_time_now(). This
	  patch saves it across the call to set_time_now() in order
	  to get the valid error.
	* VRRP : Willy Tarreau <w at 1wt.eu> extended timer framework
	  to save errno in timer_now() and set_time_now() just in
	  case other functions do not expect these functions to modify
	  it. This is a safer approach than the initial patch to
	  thread_fetch(), while still compatible.
	* VRRP : Willy Tarreau <w at 1wt.eu> fixed an FSM silent issue.
	  By default, the VRRP daemon stops sending during new MASTER
	  elections. This causes 3 to 4 seconds of silence depending on
	  the local priority, and sometimes causes flapping when the
	  differences in priorities are very low, due to the kernel timer's
	  resolution : sometimes, the old master receives a first
	  advertisement, enters backup, waits 3 seconds, sees nothing and
	  finally becomes master again, which forces a new reelection on
	  the other one.
	* VRRP : Willy Tarreau <w at 1wt.eu> extended VRRP framework to
	  support floating priority. Replace the priority in each
	  vrrp_instance with a base priority and an effective priority,
	  to prepare the support for floating priorities. The configuration
	  sets the base_priority, and all comparisons use the new
	  effective_priority value. This one is computed in the
	  vrrp_update_priority() thread by adding an offset to base_priority,
	  based on the result of various checks.
	* VRRP : Willy Tarreau <w at 1wt.eu> extended notify script to add
	  the priority in "$4" when calling a notify script. This is
	  important in labs and datacenters when systems can display the
	  priority on a front LCD, because it allows workers to carefully
	  operate without causing unexpected reelections.
	* VRRP : Willy Tarreau <w at 1wt.eu> extended interface tracking
	  framework to let interface tracking change the priority by adding
	  a "weight" parameter. If the weight is positive, it will be added
	  to the priority when the interface is UP. If the weight is negative,
	  it will be subtracted from the priority when the interface is down.
	  If the weight is zero (default), a down interface will switch the
	  instance to the FAULT state.
	* VRRP : Willy Tarreau <w at 1wt.eu> added a new "vrrp_script" section
	  to monitor local processes or do any type of local processing to
	  decide whether the machine is in good enough health to be elected
	  as master. A same script will be run once for all instances which
	  monitor it. If no instance use it, it will not be run, so that it's
	  safe to declare a lot of useful scripts. A weight is associated to
	  the script result. If the weight is positive, it will be added to
	  the priority when the result is OK (exit 0). If the weight is
	  negative, it will be subtracted from the priority when the result
	  is KO (exit != 0). If the weight is zero, the script will not be
	  monitored. The default value is 2.
	* VRRP : Willy Tarreau <w at 1wt.eu> extended vrrp scheduler so that
	  when a VRRP is part of a SYNC group, it must not use floating
	  priorities, otherwise this may lead to infinite re-election after
	  every advertisement because some VRRPs will announce higher prios
	  than the peer, while others will announce lower prios. The solution
	  is to set all weights to 0 to enable standard interface tracking,
	  and to disable the update prio thread if VRRP SYNC is enabled on a
	  VRRP.
	* VRRP : Willy Tarreau <w at 1wt.eu> added some documentation and
	  examples for the brand new VRRP tracking mechanisms.
	* VRRP : Ranko Zivojnovic, <ranko at spidernet.net> fixed vrrp
	  scheduler to execute notify* scripts in transition from the
	  failed state to the backup state.
	* Nick Couchman, <nick.couchman at seakr.com>, added support for
	  real server upper and lower thresholds.  This allows you to set
	  a minimum and maximum number of connections to each real server
	  using the "uthreshold" (maximum) and "lthreshold" (minimum)
	  options in the real_server section of the configuration file.
	* Chris Caputo, <ccaputo at alt.net> extended autoconf script
	  to support recent move of UTS_RELEASE from linux/version.h to
	  linux/utsrelease.h.
	* Chris Caputo, <ccaputo at alt.net> extended ipvswrapper 2.4
	  code to support misc_dynamic weight.

2006-03-09  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.12 released.
	* VRRP : Christophe Varoqui, <Christophe.Varoqui@free.fr> extended
	  VRRP framework to use virtual_router_id as syncid in LVS mcast
	  datagram while using LVS syncd in VRRP instance.
	* Kevin Lindsay, <kevinl@netnation.com> and Christophe Varoqui,
	  <Christophe.Varoqui@free.fr> fixed SSL checker to properly
	  use openssl when dealing with asynchronous stream handling.
	  Kevin fixed asynchronous handling during connection stage
	  while Christophe fixed stream handling after connection stage.
	* Kjetil Torgrim Homme, <kjetilho@ifi.uio.no> extended keepalived
	  spec file to cleanly compile on RedHat enterprise 3 and 4.
	* Heinz Knutzen, <Heinz.Knutzen@dataport.de> fixed SMTP checker
	  to overwrite default_host while parsing configuration file.
	  A SMTP_CHECK without a "host" section should use the ip of the
	  current real server as default.

2005-03-01  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.11 released.
	* Asier Llano Palacios, <a.llano@usyscom.com> extended
	  autoconf script to support cross-compilation.
	* Kevin Lindsay, <kevinl@netnation.com> and I fixed a
	  missing bitwise negation while removing signal from
	  global signal mask. Set this operation before handler
	  is called. This assume that bitwise negation is an
	  atomic code generated from compiler. Since gcc 3.3
	  this is true.
	* VRRP : extended ipaddress and iproutes code to return
	  if vip or vroutes is referencing an unknown interface.

2005-02-15  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.10 released.
	* VRRP : While restoring interface, release iproutes
	  before ipaddresses. Routing daemons needs that order
	  for netlink reflection channel.
	* VRRP : Bin Guo, <bguo@bluesocket.com> fixed a memory
	  leak while calling script_open.
	* Kevin Lindsay, <kevinl@netnation.com> fixed some buffer
	  overruns, NULL pointer and dangling pointer references.
	* Kevin Lindsay, <kevinl@netnation.com> redisigned signal
	  handling. When a signal occurs, a global signal_mask is
	  modified. In the main loop there is a checked to see if
	  the signal_mask has any pending signals. The appropriate
	  signal handler is then run at this time. This is to prevent
	  races when modifying linked lists.
	* Kevin Lindsay, <kevinl@netnation.com> fixed shadowed
	  declarations.
	* Christophe Varoqui, <Christophe.Varoqui@free.fr> and I
	  Extended libipvs-2.6 to support syncd zombies handling.
	  Since ip_vs_sync.c kernel code no longer handle waitpid()
	  we fork a child before any ipvs syncd operation in order
	  to workaround zombies generation.
	* John Ferlito, <johnf@inodes.org> and I Fixed a scheduling
	  race condition while working with low timers.
	* Updated check_http and check_ssl to use non-blocking
	  socket.
	* Fixed some race conditions while reloading configuration.
	  Prevent against list gardening if list is empty !
	* Fixed recursive configuration parsing function to be clean
	  with stack. Only one recursion level.
	* Some cosmetics cleanup in Makefiles.

2005-02-07  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.9 released.
	* VRRP : Chris Caputo, <ccaputo@alt.net> updated keepalived manpage
	  for nopreempt and preempt_delay.
	* VRRP : Fixed an issue while releasing vrrp socket pool... Just
	  release pool one time !
	* VRRP : Fixed netlink framework to properly save netlink socket flags
	  while setting blocking flags.
	* VRRP : Fixed a regression introduced with previous release while
	  hashing vrrp fd bucket into fd hash index.
	* Patrick Boutilier, <boutilpj@ednet.ns.ca> fixed an issue in the
	  extract_html function. Read the full html header.
	* Chris Caputo, <ccaputo@alt.net> and I fixed compilation issue
	  while using --enable-debug configuration option.
	* Extended both VRRP and Healthchecker framework to support
	  debugging flags.
	* Removed the watchdog framework. Since scheduling framework
	  support child, we register a child thread for both process
	  VRRP & Healthcheck. When child die or stop prematuraly this
	  launch scheduling callback previously registered. Watchdog
	  is now handled by signaling.
	  (credit goes to Kevin Lindsay, <kevinl@netnation.com> for nice
	  idea).
	* Some cosmetics cleanup.

2005-01-25  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.8 released.
	* VRRP : Chris Caputo, <ccaputo@alt.net> added "dont_track_primary"
	  vrrp_instance keyword which tells keepalived to ignore VRRP
	  interface faults. Can be useful on setup where two routers
	  are connected directly to each other on the interface used
	  for VRRP.  Without this feature the link down caused
	  by one router crashing would also inspire the other router to lose
	  (or not gain) MASTER state, since it was also tracking link status.
	* VRRP : Chris Caputo, <ccaputo@alt.net> added "nopreempt" which
	  overrides the VRRP RFC preemption default. This replaces the
	  "preempt" keyword which was not fully implemented. "preempt" is
	  kept around for backward compatibility but is deprecated.
	* VRRP : Chris Caputo, <ccaputo@alt.net> added "preempt_delay" which
	  allows one to specify number of seconds after startup until VRRP
	  preemption.  (range 0 to 1,000 seconds) this is useful because
	  sometimes when a machine recovers it takes a while for it to become
	  usable, such as when it is a router and BGP sessions need to come
	  back up.
	* Chris Caputo, <ccaputo@alt.net> made it so there is a useful "Date:"
	  in SMTP alert emails.
	* VRRP : Chris Caputo, <ccaputo@alt.net>. In debug output log
	  gratuitous ARPs with actual IP addresses being ARPed.
	* VRRP : Chris Caputo, <ccaputo@alt.net>. If started with
	  "--dont-release-vrrp" then try to remove addresses even if we didn't
	  add them during the current run, when it makes sense to do so.
	* VRRP : Chris Caputo, <ccaputo@alt.net> added a missing
	  free_vrrp_buffer() during VRRP stop.
	* VRRP : Kees Bos, <k.bos@zx.nl> fixed VRRP sanity check to perform
	  checksum computation over incoming packet and not local router
	  instance memory representation => Better to log 'invalid vip
	  count' instead of 'Invalid vrrp checksum' when the number of
	  configured vips differ in the master and backup server :)
	* VRRP : Release socket pool during daemon stop and reload
	* VRRP : Refresh socket pool during reload
	* VRRP : Extended netlink framework to support blocking
	  operation. During initialization, set blocking netlink channel
	  to wait responses from kernel while parsing result. Kernel netlink
	  reflection are still handled using non-blocking.
	* Jeremy Rumpf, <rumpf.6@osu.edu> added SMTP checker. It take
	  a special care of smtp server return code.
	* Merged genhash man page
	* Chris Caputo, <ccaputo@alt.net> added "misc_dynamic" to a
	  MISC_CHECK which makes it so a script can adjust the weight of
	  a real server.
	* Fixed some assertion issue in memory framework.
	* Use router_id instead of lvs_id in the global_def configuration
	  block (lvs_id kept for backward compatibility).
	* Ronald Wahl <rwa@peppercon.com>, fixed declarations to be only
	  in includes files.
	* Ronald Wahl <rwa@peppercon.com>, moved the definition of variables
	  to C files
	* Ronald Wahl <rwa@peppercon.com> and I fixed scanning for header/body
	  separator in HTTP protocol
	* Ronald Wahl <rwa@peppercon.com> replaced memcpy by memmove where source
	  & destination may overlap
	* Extended checker API to only register checkers when checker callback
	  is defined.
	* Jacob Rief, <jacob.rief@tiscover.com> fixed openlog to take care
	  of configured log facility.
	* Move in_csum to util file.
	* Extended libraries to support some new facilities (list and vector).
	* Extended scheduler I/O to use timer decalred on the stack.
	* Some cosmetics changes.

2004-04-05  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.7 released.
	* Jacob Rief, <jacob.rief@tiscover.com> added target tarball into
	  root Makefile to facilitate packaging (rpm & tarball).
	* Jacob Rief, <jacob.rief@tiscover.com> and I unified version
	  handling. Now only the root file VERSION is used by configure
	  to add VERSION_STRING via config.h.in. Added VERSION_DATE
	  included into the VERSION_STRING that reflect the building
	  date into the version banner.
	* Andres Salomon, <dilinger@voxel.net> wrote the genhash manpage.
	* VRRP : Added ipvs_start() and ipvs_stop() calls during vrrp child
	  start and stop stage.
	* Added some assertion test in memory framework to not allocate
	  bucket if no more place. This option is only used if compiled
	  with debug flags.
	* Some cosmetics patch in Makefiles and autoconf script.

2004-02-23  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.6 released.
	* VRRP : Fixed scheduling timer update. Global scheduling timer is
	  updated before each thread registering and after scheduling I/O MUX.
	  Since is needed to take care of scheduling jitter introduced by
	  overhead (VRRP is using low low timer so more sensitive to overhead).
	  Thanks to Nathan Neulinger, <nneul@umr.edu> for his quick feedback
	  debugging time.
	* VRRP : Nathan Neulinger, <nneul@umr.edu> updated vrrp dropping
	  strategy to not reply to incoming bogus adverts. Since this can
	  introduce flooding loop, bogus adverts are now simply silently
	  dropped.
	* VRRP : Fixed a linkbeat issue while polling NIC flags.
	* Updated autoconf and Makefile to support 2.6 kernel IPVS code. For
	  code readability, created 2 differents libipvs for 2.4 and 2.6 kernel
	  . Fixed autoconf generated warning.
	* Extended ipvswrapper to support shared buffer user rule. This
	  increase performances by limiting memory allocation. OTOH, created
	  two new ipvs helpers ipvs_start & ipvs_stop to initialize ipvs
	  subsystem.
	* Andres Salomon, <dilinger@voxel.net> made some cosmetics update
	  in Makefiles to support $(DESTDIR) and $(BIN)/$(EXEC) path split.

2004-01-25  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.5 released.
	* Joseph Mack, <mack.joseph@epa.gov> wrote keeplived manpages
	  in doc/man/man5/keepalived.conf.5 and doc/man/man8/keepalived.8.
	* VRRP : Tsuji Akira, <tsuji@centurysys.co.jp> fixed a length
	  issue while testing password field for auth_pass method.
	* VRRP : Willy Tarreau, <willy@w.ods.org> fixed a quick loop
	  in the watchdog timer thread.
	* VRRP : Willy Tarreau, <willy@w.ods.org> extended scheduler
	  to support stable scheduling time. There is now, only one
	  time source updated before and after scheduling event. This
	  solve sliding timer observed on some env, also known as
	  periodically flapping issue (sometime a VRRP election is
	  forced).
	* VRRP : Willy Tarreau, <willy@w.ods.org> updated the default
	  media link failure detection strategy to perform a ioctl
	  ifflags even if NIC driver are supporting MII or ETHTOOL.
	  Some buggy drivers need this. Anyway the linkwatch patch
	  still the best solution to support efficient and scalable
	  media link failure detection.
	* Some cosmetics clean-up, removed some dead files, updated
	  autoconf and Makefile prototypes to support dependencies
	  libs like kerberos for RedHat/Fedora distro. To compile
	  keepalived properly on redhat 9 box, for example, run :
	  export CPPFLAGS="-I/usr/kerberos/include" && ./configure
	  Renamed keywords lb_kind to lvs_method and ld_algo to
	  lvs_sched. For compatibility reasons, old keywords are still
	  available.

2003-12-29  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.4 released.
	* Refresh autoconf script to use autoconf 2.5.
	* Extended the autoconf script to support linkwatch kernel
	  detection.
	* To work-around the SMP forking bug, added support to two
	  new daemon starting options :
	  --vrrp	       -P    Only run with VRRP subsystem.
	  --check	       -C    Only run with Health-checker
				     subsystem.
	  Those options extend daemon design to support VRRP &
	  heathchecking subsystem selection. You can now run
	  two Keepalived daemon one invoqued with --vrrp and
	  the other with --check. That way we workaround the
	  forking issue by running one daemon per subsystem.
	* Tiddy cleanup in the daemon code.
	* VRRP : Extended the link media failure detection to support
	  asynchronous NIC MII polling. The design use now, one
	  dedicated polling thread per NIC. This reduce scheduling
	  jitter by this way.
	* VRRP : Added support to kernel linkwatch subsystem. This
	  patch that you will find a copy on the Keepalived website
	  for the kernel 2.4 branch, provides kernel netlink broadcast
	  events drived by NIC link media state event. That way
	  we move from a polling design to an event design. Link
	  events are received throught a kernel netlink broadcast
	  socket in the userspace land. So, NIC media link failure
	  detection is now provided by kernel netlink reflection.
	  You can read the paper attached with the patch for
	  indepth explanations.
	* VRRP : fixed timer computation to prevent against negative
	  value.

2003-09-29  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.3 released.
	* Stephan von Krawczynski, <skraw@ithnet.com> extended ip
	  address framework to support broadcast address selection.
	* Extended the scheduling framework to support plain 'long'
	  timer. Visited the layer4 framework to support this new
	  scheduling scheme. Reviewed the checkers and VRRP framework
	  to support long timer.
	* VRRP : Removed the timer micro adjust call. Its use is
	  obsolete with the new scheduling 'long' timer support.
	* Jacob Rief, <Jacob.Rief@tiscover.com> and I added support
	  log level selection for main daemon. A new command line
	  argument has been created :
	  --log-facility  -S  0-7 Set syslog facility to
			      LOG_LOCAL[0-7]. (default=LOG_DAEMON)
	* Extended the HTTP checker to support non blocking read
	  while processing stream. NONBLOCK flags is set before
	  read operation to catch EAGAIN error.
	* VRRP : Diego Rivera, <lrivera@racsa.co.cr> and I fixed a
	  notify issue while building notify exec string.
	* VRRP : Diego Rivera, <lrivera@racsa.co.cr> and I extended
	  FSM to support BACKUP state notifiers and smtp_alert call
	  during VRRP initialization.
	* Jan Vanhercke, <jan.vanhercke@c-cure.be> and I extended
	  scheduling timer computation to support micro-sec second
	  overlap. Extended the whole scheduling framework to support
	  this scheduling scheme while computing thread timers.
	* Fixed scheduling framework to support child thread timers
	  while computing global scheduling timer.

2003-09-07  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.2 released.
	* Dominik Vogt, <dominik.vogt@gmx.de> and I extended checker
	  framework to support multiple checkers per realserver.
	  Each checker own a uniq id, each realserver own a list
	  of checkers id. Realserver is considered down if one of the
	  checkers fails.
	* Dominik Vogt, <dominik.vogt@gmx.de> extended list library to
	  support free_list_element.
	* Dominik Vogt, <dominik.vogt@gmx.de> and I extended ipwrapper
	  to support multiple checkers test. Created a checker state
	  updater helper function to perform realserver state according
	  to checker state.
	* Dominik Vogt, <dominik.vogt@gmx.de> extended all checkers
	  code to support multiple checker design (to not perform
	  server state according a single checkers test).
	* Tobias Klausmann, <klausman@schwarzvogel.de> and I extended
	  layer4 framework to support socket binding to a specific
	  ip address before calling connect(). Extended the TCP, HTTP
	  and SSL checker to support binding selection, creating
	  a new checker keyword named "bindto".
	  look at doc/keepalived.conf.SYNOPSIS for more informations.
	* VRRP : Extended the ethtool code to be selected only if
	  ETHTOOL_GLINK is available. This is useful for s/390 zSeries
	  users :) since zSerie 2.4 kernel doesn't support ethtool
	  extension.
	* VRRP : Gatis Peisenieks, <gatis@mt.lv> fixed IPSEC-AH
	  code to exclude ip header id filed while computing AH digest.
	  Fixed AH sequence number to be set in network byte order.
	* VRRP : Fixed a bug in the static_ipaddress block that caused
	  a noisy crashing startup.
	* VRRP : Kjetil Torgrim Homme, <kjetilho@ifi.uio.no> and I
	  fixed a daemon crash while reloading configuration due to a
	  vrrp_buffer not freed.
	* VRRP : Review the watchdog calling location. watchdog listener
	  is reinitialized during a daemon reload.
	* VRRP : Diego Rivera, <lrivera@racsa.co.cr> extended notify
	  framework to support simple notify script call. Created a new
	  keyword "notify", for both vrrp_instance and vrrp_sync_group.
	  If configured, this notify script is called after FSM state
	  transition notify scripts.
	  look at doc/keepalived.conf.SYNOPSIS for more informations.
	* Review the checker watchdog calling location like VRRP.
	* Fixed code selection to exclude VRRP dependencies if code is
	  configured without VRRP framework.
	* Extended memory lib free function to reset memory location to
	  NULL.
	* Diego Rivera, <lrivera@racsa.co.cr> extended global parser
	  to support default handlers for lvs_id, smtp_server,
	  smtp_connection_timeout and email_from. default values are :
	   o lvs_id : box local name
	   o smtp_server : localhost
	   o email_from : uid@box_local_name
	   o smtp_connection_timeout : 30s

2003-07-24  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.1 released.
	* VRRP : Fixed an issue while reloading configuration. Fixed
	  a dereferencing pointer.
	* Fixed misc checker to perform server state according to
	  checker result !!!

2003-07-22  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.1.0 released.
	* The release focus is : "High Performance"
	* Name cleanup for the healthchecking directory. use check
	  instead of healthcheck to be in conformance with watchdog and
	  global software architecture.
	* updated the SYNOPSIS file for documenting the table arg inside
	  virtual/static_routes declaration. You can set routes refering
	  to a specific TABLE-ID.
	* Added a dummy debug var in the genhash declaration code to
	  support compilation when compilation is done with debug flag.
	* Added a set flag inside the real_server declaration correctly
	  relfect the IPVS topology when inhibit_on_failure is used.
	* fixed a daemon.h include depandency on signal.h
	* VRRP : Added support to a global shared buffer for incoming
	  advert handling. A new buffer is no longer allocated each time
	  processing incoming advert, instead a shared room is used.
	* VRRP : Added support to pre-allocated shared buffer for
	  outgoing adverts. Each vrrp instance use a 'one time'
	  allocated buffer instead of a 'all time' one.
	* VRRP : Extended the socket pool design to support shared fd
	  for the outbound channel. Now, socket pool create a sending
	  socket and affect the fd returned to vrrp instances. This
	  forces instances to use a shared socket instead of creating
	  new socket for each outgoing adverts. The error detection
	  is based on the incoming socket, so that outgoing socket is
	  not created as long as incoming socket can not be created.
	* Added support to netlink ipaddress as global keyword
	  "static_ipaddress".
	  look at doc/samples/keepalived.conf.static_ipaddress.
	  IP addresses specified into this block will be added during
	  daemon bootstrap and removed during daemon shutdown.
	  Differential conf parsing is enabled for this block,
	  removing/adding static_ipaddress can be done on the fly
	  sending SIGHUP signal to daemon.
	* VRRP : Extended track_interface to support multiple interface
	  tracking. For those familiar with Nokia monitored circuit,
	  this extention provide the same functionality.
	  look at doc/samples/keepalived.conf.track_interface.
	* VRRP : The VRRP instance lookup framework has been extended
	  to use a o(1) scheduling design. Rewrote the whole instance
	  lookup to use o(1) lookup instead of previous o(n^2). When
	  receiving incoming adverts vrrp_scheduler performs a lookup
	  over the VRID received to get local instance representation.
	  Since the internal instance representation is an non-sorted
	  linked list, then we run a lookup at o(n^2) complexity that
	  introduce lantency and scheduling jitter side effect when
	  runing large number of instances. To avoid this limitation
	  a static hash table of 255 buckets were created. Since
	  lookup is performed over VRID and since VRID is 8bit fixed,
	  then the hashkey will be VRID. In order to extend code the
	  hashkey is based on incoming fd too. Internally, a NIC is
	  represented by a 2 fds : sending socket and receiving socket.
	  Those fds are NIC specific so we are using them as a hash
	  table lookup collision resolver. With this design we can now
	  use the same VRID on different NICs. The collision design
	  is a linked list so lookup is o(n^2) but due to low number
	  of entries we can consider o(1) speed. But to reach best
	  perf, differents VRID on all instance must be used. The
	  design can be sumed by :

	  VRID hash table :

	     +---+---+---+---+---+---+.........+-----+
	     | 1 | 2 | 3 | 4 | 5 | 6 |.........| 255 |
	     +---+---+---+---+---+---+.........+-----+
		   |       |
		 +---+   +---+
		 |fd3|   |fd1|
		 +---+   +---+
			   |
			 +---+
			 |fd5|
			 +---+

	  This hash table is filled during configuration parsing and
	  VRRP instances are not duplicated but dynamically pointed
	  to optimize memory.
	* VRRP : The VRRP synchronization group lookup has been
	  extended. During bootstrap a VRRP instance index is built upon
	  sync_group instance name. This extension speed up
	  synchronization since while synchronizing it perfoms the
	  instance index instead of lookup by instance_name. The
	  previous synchornization code has been rewritten to use this
	  'list visiting' design for FAULT/BACKUP/MASTER states
	  synchronization.
	* VRRP : Optimized the vrrp_timer_vrid_timeout(...) to speed
	  up vrid lookup over timeouted fd using a one pass lookup.
	* Bradley Baetz, <bradley.baetz@optusnet.com.au> extended
	  the scheduler framework to support child process handling.
	  Adding support to new thread child facility for handling
	  child processes, and modifying the scheduling select
	  loop & signal handling to catch SIGCHLD, and call the
	  appropriate process.
	* Bradley Baetz, <bradley.baetz@optusnet.com.au> fixed
	  the misc_check healthchecker using new thread child
	  scheduling facility. Introduced a new keyword
	  "misc_timeout" to kill processes which take too long
	  time (default is delay_loop). SIGKILL is send to processes
	  if they take too long time to shutdown.
	* Bradley Baetz, <bradley.baetz@optusnet.com.au> extended
	  daemon framework to block SIGCHLD to only receive it
	  whn its unblocked in the scheduling loop.
	* Extended healthchecker delay_loop to support long
	  delay (ie: >1000s).
	* VRRP : Added support to a shared kernel netlink command
	  channel for setting ip address and routes.
	* Extended the genhash code to support verbose output
	  selection. command arg '-v' will generate a very verbose
	  output.
	* VRRP : Extended the logging code to select verbose log
	  output or not. This selection is done by passing the
	  '-D' option to command line while starting daemon.
	  By default the output is silent.
	* VRRP : Extended the gratuitous ARP framework to support
	  shared buffer and shared socket. This increase performances
	  for instances owning a bunch of VIP.
	* VRRP : Extended the scheduling timer computation to support
	  timer auto-recalibrating. While computing next instance
	  timer, the scheduler will substract the time taken by
	  previous advert handling. This provide software overhead
	  adaptation. The recalibration is performed over usec timer
	  to not pertube global scheduler.
	* VRRP : Fixed a gratuitous ARP issue. Extended the
	  ipaddress framework to point directly to interface
	  reflected by netlink channel instead of storing device
	  index. Extended the gratuitous ARP code to use new
	  ipaddress structure and for sending garp over device
	  ipaddess belong to. Needed if you run an instance on
	  one device interface and set VRRP VIP on different
	  interface.
	* Extended watchdog framework to support polling delay
	  selection via daemon command line. Created two new
	  cmdline options :
	       --wdog-vrrp  -R  Define VRRP watchdog polling
				delay. (default=5s)
	       --wdog-check -H  Define checkers watchdog
				polling delay. (default=5s)
	* Extended SMTP code to support bigger buffer while
	  processing remote mta messages.
	* Erik Barker, <erikb@netnation.com> extended initscript
	  to support native redhat init functions.
	* Extended the autoconf scripts and Makefile(s) to support
	  code profiling. New configure option : --enable-profile
	* list library has been extended to support multi-sized list &
	  specific element deletion. Extended to return when list is
	  empty. This reduce duplicated code to test is list is empty
	  while processing.
	* VRRP : Extended VRRP scheduler to support fd hash
	  table design. Speed up instance lookup while
	  computing instance sands. This offer o(1) design
	  if we consider limited number of instances per
	  device.
	* VRRP : Extended vrrp new socket creation to replace
	  refreshed instance fd into fd hash table index.
	* VRRP : Extended vrrp framework to support
	  blank virtual_ipaddress block, can be usefull
	  if someone want to use just the VRRP advert
	  as hello monitoring channel.
	* Some code cleaning.

2003-05-12  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.0.3 released.
	* This release has been sponsorized by :
	  Tiscover AG, <www.tiscover.com>
	  Please visit sponsor homepage. I would just like to thanks their IT
	  team for interresting design discussions and testing time, especially
	  Jacob Rief.
	* This release consist of a major daemon re-design to increase security
	  and availability of Keepalived. The daemon has been splitted into 3
	  distinct process. The global design is based on a minimalistic
	  parent process responsible for monitoring its forked children process.
	  Then 2 children process, one responsible for VRRP framework and the
	  other for healthchecking. Each children process has its own scheduling
	  I/O multiplexer, that way VRRP scheduling jitter is optimized since
	  VRRP scheduling must be more sensible than healthcheckers. On the other
	  hand this splitted design minimalize for healthchecking the usage of
	  foreign librairies and minimalize its own action down to and idle
	  mainloop in order to avoid malfunctions caused by itself. The parent
	  process monitoring framework has been called watchdog, the design is :
	  each children process open an accept unix domain socket, then while
	  daemon bootstrap, parent process connect to those unix domain socket
	  and send periodic (5s) hello packets to children. If parent cannot send
	  hello packet to remote connected unix domain socket it simply restart
	  children process. This watchdog design offer 2 benefit, first of all
	  hello packets sent from parent process to remote connected children
	  is done throught I/O multiplexer scheduler that way it can detect
	  deadloop in the children scheduling framework. The second benefit
	  is brought by the uses of sysV signal to detect dead children.
	  When running you will see in process list :
	    PID
	    111  keepalived	<-- parent process monitoring child activity
	    112   \_ keepalived	<-- VRRP children
	    113   \_ keepalived <-- Healthchecking children

	* Parent : Created a global data and global keyword parser structure.
	* Healthcheck framework : Defined check_conf_data to handle related
	  checker data structures. Created specific checker framework parser.
	* VRRP framework : Defined vrrp_conf_data to handle related vrrp
	  data structures. Created specific vrrp framework parser.
	* Each child process has its own syslog facility. VRRP use LOG_LOCAL1
	  and Healthchecker LOG_LOCAL2. To split log you can so configure your
	  syslog to log both facilities in a different logfile.
	* Modularized the configuration parser to limit code duplication.
	* Created modularized software watchdog.
	* Extended the recursive stream parser to use sublevel detection while
	  stream processing. Used to skip end-of-block handling if still at
	  keyword root level to prevent against end parsing if unknown block
	  is parsed.
	* Extended pidfile framework to be more generic.
	* Extended memory framework to log specific child data.
	* Fixed a virtual_server_group issue while healthchecker bringing back
	  real_servers. Modularized virtual_server_group API.
	* Fixed a virtual_server_group issue will reloading configuration.
	  Remove vsgname test from the VS_ISEQ macro. strcmp(...) comparing
	  null pointer... this must have been done in libc :)
	* ipwrapper : set alive flag after ipvs_cmd(...) has been performed.
	* VRRP : Extended the netlink framework to support SCOPE selection for
	  both ipaddress and routes fonctionnalities. SCOPE available are
	  site, link, host, nowhere & global. Default value is set to global.
	  look at doc/keepalived.conf.SYNOPSIS for more informations.
	* Renamed doc/samples/keepalived.conf.routes to
	  doc/samples/keepalived.conf.vrrp.routes.
	* Updated Makefile include dependencies.

2003-04-14  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.0.2 released.
	* This release has been sponsorized by :
	  edNET, <www.ednet.co.uk>
	  Please visit sponsor homepage and thanks to them for supporting
	  keepalived project.
	* Added support to virtual_server_group so that a virtual_server
	  can be either an IP:PORT, a fwmark or group. A group is a set
	  of virtual_server IP:PORT, IP range and fwmark. So, now a
	  real_server can be part of multiple virtual_server without launching
	  multiple time the same healthchecker that finaly flood real_server.
	  This extension is useful for big ISP/ASP configuration using many
	  virtual_server.
	  look at doc/samples/keepalived.conf.virtual_server_group.
	* Extended differential configuration parser to support diff
	  virtual_server_group entries keeping current entry state as
	  persistent (weight, conn, ...) big work here...
	* Added support to IP range declaration for virtual_server_group.
	  The IP range has the notation XXX.YYY.ZZZ.WWW-VVV. This will
	  set IPVS virtual_server from WWW to VVV monotonaly incremented by
	  one.
	  look at doc/samples/keepalived.conf.virtual_server_group.
	* Dominik Vogt, <dominik.vogt@gmx.de> enhanced SIGCHLD handler to
	  reap all zombie child processes.
	* Created a generic allocation value block with callback handler for
	  block parsing. This remove duplicated code in parser.
	* VRRP : Jan Holmberg, <jan@artech.net> extended the virtual_routes
	  and static_routes to support source route selection (netlink
	  RTA_PREFSRC).
	  look at doc/samples/keepalived.conf.routes.
	* Some cosmetics patches to reduce code duplication.

003-03-17  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.0.1 released.
	* This release has been sponsorized by :
	  Creative Internet Techniques, <www.httpd.net>
	  Please visit sponsor homepage, open minded people here !
	* Fixed some Makefile and autoconf code dependence issues.
	* Move keepalived.conf.SYNOPSIS and samples into "doc" directory.
	* Enhanced HTTP|SSL check to support large url. Get buffer request is
	  now 2KBytes.
	* Removed \n in healthchecker smtp_alert call. This cause some troubles
	  with MTA like qmail. Thanks go to John Koyle, <jkoyle@rfpdepot.com>.
	* Added support to netlink route as global keyword "static_routes".
	  look at doc/samples/keepalived.conf.routes. Routes specified into
	  this block will be added during daemon bootstrap and removed during
	  daemon shutdown. Differential conf parsing is enabled for this block,
	  removing/adding static_route can be done on the fly sending SIGHUP
	  signal to daemon.
	* VRRP : Added support to "virtual_routes". This is the same as
	  virtual_address. Those routes are set when VRRP instance enter
	  MASTER state and removed otherwise. Differential conf parsing is
	  enabled for this block. This concept extend VRRP and bring
	  dynamic routing as a "route takeover" concept.
	* VRRP : Rewrote the VRRP vip handling to use template lib list
	  structure. VIP and E-VIP are no longer a simple array reallocated.
	  List library is used to limite code duplication.
	* VRRP : Extended virtual_ipaddres and virtual_ipaddress_excluded
	  block to support "dev" specification. So that a VIP can be set to
	  a specific interface instead of default runing VRRP instance
	  interface.
	* VRRP : Added support to "track_interface". Interesting for use with
	  vlan interface. The concept here is to drive VRRP FSM according
	  do both "interface" and "track_interface" state. If tracked interface
	  is down or instance interface is down then VRRP instance transit to
	  FAULT state. For use with vlan, add track to interface vlan belong
	  to. Look at doc/sample/keepalived.conf.track_interface for sample.
	  doc/keepalived.conf.SYNOPSIS for configuration details.
	* VRRP : Extended FSM FAULT state to keep in fault if track_interface
	  still fault.
	* VRRP : Extended sync group design to test if group is unary or not.
	* Some code cleaning and cosmetics enhancements.

2003-01-06  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-1.0.0 released.
	* After fixed all bugs users reported during 2 months, I am glad to
	  announce the first STABLE production ready Keepalived release.
	* Rename keepalived.init to keepalived RedHat startup script. Fixed
	  some issues to be RedHat release generic. Thanks go to
	  Jeroen Simonetti <jeroens@q-go.com> & Jason Gilbert <jason@doozer.com>
	* Jason Gilbert, <jason@doozer.com> cleaned keepalived.spec.
	* Added support to "ha_suspend" for healthcheckers. This option, if set,
	  inform Keepalived to active/suspend checkers according to netlink
	  IP address information reflection. If one IP is removed and this is
	  a virtual_server VIP then the healthcheckers corresponding will be
	  desactivated. (and reciprocity).
	* Added support to "notify_up" & "notify_down" for realserver config.
	  These options specify a script to be run according to healthchecker
	  activity. If healthchecking fails then "notify_down" script is
	  launched (and reciprocity for healthcheck succeed). This can be
	  usefull for global monitoring system, to send alert to Unicenter TNG
	  or HPOV.
	* Set default realserver weight to 1. So, realserver will be active
	  if no weight is specified into the configuration file.
	* Review the layer4.c/tcp_socket_state to return connection in progress
	  only if SOL_SOCKET/SO_ERROR return EINPROGRESS. Thanks go to
	  Mark Weaver, <mark@npsl.co.uk>
	* Reviewed the global SIGCHLD handler to not suspend execution of the
	  calling process if status is not immediately available for one of the
	  child processes. This remove zombies by reaping.
	* Extended the parser.c/set_value() code to accept encapsulated quoted
	  string.
	* Review SMTP DBG() message to LOG_INFO message for more verbose
	  error handling.
	* Review the check_tcp.c/check_http.c logging messages to be more
	  detailed.
	* Review the check_tcp.c/check_http.c retry facility to fixes some
	  stalled issues.
	* VRRP : Added support to sync_group smtp notification in addition to
	  the per instances approach.
	* VRRP : Fixed some IPSEC-AH seq_num synchronizations issues. Force
	  seq_num sync if vrrp instance is linked to a group.
	* VRRP : In BACKUP state, force a new MASTER election is received adv.
	  has a lower priority as locale instance.
	* VRRP : vrrp.c/vrrp_state_master_rx(), sync IPSEC-AH seq_num counter
	  (decrement) if receiving higher prio advert in MASTER state.
	* VRRP : Reviewed the TSM to be fully filled. Extended speed-up
	  synchronization handling MASTER sync if group is not already synced.
	* VRRP : Leaving fault state, force MASTER transition is received adv
	  priority is lower than locale.
	* VRRP : Extended the parser to not be borred with sync_group
	  declaration position in the conf file. vrrp_sync_group can be
	  declared before or after vrrp_instance. Done by adding a reverse
	  instance lookup during parsing.
	* VRRP : sync_master_election cleanup.
	* Some cosmetics patches.
	* Created the keepalived/samples/keepalived.conf.SYNOPSIS to describe
	  all keywords available.

2002-11-20  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.7.6 released.
	* Created a common library for code modularization. This lib will
	  be used by all Keepalived components (genhash + Keepalived) to
	  reduce repeated and duplicated code.
	* Rewrote the genhash utility using the common lib. The design is
	  similar to Keepalived core design.
	* Reviewed the autoconf and Makefiles for new code architecture.
	* Created a html utility lib for HTTP headers manipulations.
	* Extended the CHECK_HTTP and CHECK_SSL checkers to support remote
	  webserver HTTP header status_code. HTTP status_code is parsed
	  according to rfc2616.6.1. The keyword created for the new feature is
	  "status_code" inside and "url" declaration. "status_code" feature
	  can be mixed with "digest" feature. See the samples directory
	  keepalived/samples/keepalived.conf.status_code for example.
	* Review the CHECK_HTTP and CHECK_SSL MD5SUM code to use a common
	  stream handling function.
	* Matthijs van der Klip, <Matthijs.van.der.Klip@tech.omroep.nl> and I
	  fixed a bug into the HTTP/SSL code that close the socket fd even
	  if remote webserver has not been connected. As a result of fact,
	  next socket created were imediatly closed. As a side effect, this
	  altered the SMTP notification when remote webserver checked fall. No
	  SMTP notification were sent if webserver were detected DOWN. Thanks
	  to Matthijs for time debugging and investigation.
	* VRRP : Rewrote the previous Gratuitous ARP facility. Created a lib
	  (vrrp_arp.c) dealing with PF_PACKET-SOCK_RAW-ETH_P_RARP and
	  sockaddr_ll.
	* VRRP : Some cosmetics patch for messages logging.
	* VRRP : Fixed an issue during VRRP packet building, appending VRRP
	  VIPs to the VRRP packet in the network order form.
	* VRRP : Reviewed the previous VRRP packet building process to not
	  create the ARP header. Removec the previous hacky
	  PF_PACKET-SOCK_PACKET-0x300 to use AF_INET-SOCK_RAW-PROTO to leave
	  kernel appending ARP header since code doesn t currently support
	  VRRP VMAC.
	* VRRP : Rewrote the previous vrrp_send_pkt() function to deal with
	  sendmsg(). optimization lazzyness :)
	* VRRP : Extended the interfaces library to support common utility
	  functions (if_setsockopt_hdrincl, if_setsockopt_bindtodevice, ...)
	* VRRP : Finally extend the code to support VRRP IPSEC-AH authentication
	  method. Created a IPSEC-AH seq_number syncrhonization mecanism during
	  VRRP MASTER/BACKUP elections.
	* VRRP : Extended the VRRP TSM to speed up instances syncrhonization
	  during FAULT->BACKUP & FAULT->MASTER state transition.
	* Some cosmetics patches. This release is proposed as a 1.0.0 STABLE
	  release candidate.

2002-09-17  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.7.1 released.
	* Fixed a MISC_CHECK issue when registering next timer checker. Must
	  register a new timer thread before forking process. This imply for
	  the user the extra script call must not execute in more than
	  checker->vs->delay_loop.
	* Extented the ipfwwrapper (for LVS kernel 2.2) to not set ipchains
	  rules if nat_mask is not specified in the configuration file.
	* VRRP : Added support to delayed gratuitous ARP send. When one instance
	  enter to MASTER state a timer thread is registered. The default delay
	  is 5secs. This delay is configurable per vrrp instance and handle the
	  'garp_master_delay' keyword. This delay refer to the delay after
	  MASTER state transition we want to launch gratuitous ARP.
	* VRRP : Force health checker enable flag if VRRP framework is not
	  selected.
	* VRRP : Review the gratuitous ARP helper function to only send
	  gratuitous ARP if VRRP VIPs are set.
	* VRRP : Review the FSM to eliminate stalled flapping loop. The state
	  transition diagram implemented is :
	                           +---------------+
	          +----------------|               |----------------+
	          |                |     Fault     |                |
	          |  +------------>|               |<------------+  |
	          |  |             +---------------+             |  |
	          |  |                     |                     |  |
	          |  |                     V                     |  |
	          |  |             +---------------+             |  |
	          |  |  +--------->|               |<---------+  |  |
	          |  |  |          |  Initialize   |          |  |  |
	          |  |  |  +-------|               |-------+  |  |  |
	          |  |  |  |       +---------------+       |  |  |  |
	          |  |  |  |                               |  |  |  |
	          V  |  |  V                               V  |  |  V
	       +---------------+                       +---------------+
	       |               |---------------------->|               |
	       |    Master     |                       |    Backup     |
	       |               |<----------------------|               |
	       +---------------+                       +---------------+

	  The state DUMMY_MASTER state has been removed since it is a fake.
	* VRRP : In order to handle all possible state transition, a Transition
	  State Matrix design (TSM) has been added. This matrix defines
	  transition state handlers for VRRP sync group extension. The TSM
	  implemented is (cf: vrrp_scheduler.c for more informations) :
	   \ E |  B  |  M  |  F  |
	   S \ |     |     |     |
	 ------+-----+-----+-----+     Legend:
	   B   |  x     1     2  |       B: VRRP BACKUP state
	 ------+                 |       M: VRRP MASTER state
	   M   |  3     x     4  |       F: VRRP FAULT state
	 ------+                 |       S: VRRP start state (before transition)
	   F   |  5     6     x  |       E: VRRP end state (after transition)
	 ------+-----------------+       [1..6]: Handler functions.
	* VRRP : Set ms_down_timer to 3 * advert_int + TIMER_SKEW when leaving
	  MASTER state.
	* VRRP : In MASTER state, when incoming advert match or FAULT state is
	  requested then force leaving MASTER state transition. (review the
	  previous election approach).
	* VRRP : Optimized the leave FAULT state transition. Directly coded into
	  the FSM for speed up recovery or code readability.
	* VRRP : Extended smtp notifier for BACKUP state. Review the MASTER state
	  notification to only notify when VIPs are set.
	* some cosmetics patches.
	* Adam Fletcher, <adamf@rovia.com> created the 'Keepalived+LVS NAT HOWTO'

2002-08-05  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.6.10 released.
	* Fixed a faked flag during VRRP VIP set. Updated the IP address set flag to reflect
	  netlink return code.
	* Fixed an autoconf issue during selection of VRRP framework.

2002-07-31  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.6.9 released.
	* Fixe some code dependence selection during compilation. If autoconf netlink
	  probe fails then unset VRRP code.
	* Cleanup daemon lib. Added some logging info for the daemon processing, removed
	  some repeated code part.
	* Added 2 new daemon arguments :
	    --dont-release-vrrp : Dont remove VRRP VIPs on daemon stop
	    --dont-release-ipvs : Dont remove IPVS topology on daemon stop
	* Review the global scheduling process to clear FD queues on master thread
	  destroy.
	* Fixed a forking issue in the MISC_CHECK.
	* Review IPVS wrapper functions to use allocated IPVS rules instead of static
	  referencing pointer.
	* Fixed the IPVS wrapper to delete IPVS entries according to their 'alive' state.
	* Added IPVS support to alive flag for VS entries.
	* Rewrote the previous main.c to support configuration reload on the fly. Extented
	  signal handling to register a conf reload_thread on SIGHUP. The software design
	  used here is a dynamic differential conf file reloading framework. This design
	  offer key decision to add/remove new/old entries to/from low-level framework:
	  IPVS topology and netlink IP addresses entries. This design reduce to the max
	  the global service interruption since only negative diff entries are removed.
	  For VRRP config reload on the fly, if you plan to add/remove many VIPs consider
	  VIP declaration into the virtual_ipaddress_excluded since they are not present
	  into VRRP adverts.
	* Review the keepalived.init script to support restart and reload arguments.
	* Fixed some typo issues.

2002-07-16  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.6.8 released.
	* Alex Kramarov, <alex@incredimail.com> & Remi Nivet, <Remi.Nivet@atosorigin.com>
	  reported an assertion error during smtp notification process. The assertion
	  caused a bad file descriptor registration during in_progress connection
	  handling. Fixed registering an event thread calling upper level SMTP
	  protocol in_progress connection handler. So the SMTP stream handlers use
	  global I/O multiplexer on connection success.
	* Benoit Gaussen, <ben@trez42.net> and I added support to "inhibit" feature.
	  Added a new keyword called "inhibit_on_failure" for real_server declaration.
	  If specified the real_server will not be removed from the IPVS topology if
	  real_server fail according to checker result. Instead of removing the entry
	  from IPVS topology, the corresponding real_server weight will be set to 0.
	  When real_server will be back, then weight will be set back to original value.
	  See sample directory for example.
	* Added support to IP_MASQ_CMD_SET_DEST for 2.2 krnl and IP_VS_SO_SET_EDITDEST
	  for 2.4 IPVS code to provide support to "inhibit" feature.
	* Review Makefile.in to exit on compilation error.
	* Extended autconf script to check for kernel netlink support.

2002-07-12  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.6.7 released.
	* Rewrote the previous SMTP notification framework. New code use a strong
	  multi-threaded FSM design.
	* Moved the SMTP get_local_name() into utils.c
	* IPVS : updated the code to support IPVS_SVC_PERSISTENT_TIMEOUT. Introduced
	  into the new libipvs coming with ipvs-1.0.4.
	* VRRP : Extended the mcast membership subscription to handle more robust
	  mcast subscription errors. Removed the previous ugly stalling sleeping
	  call retry for membership subscription. Membership subscriptions are now
	  multi-threaded to not degrade global scheduling timer.
	* VRRP : Remi Nivet, <Remi.Nivet@atosorigin.com> pointed out a buffer
	  overflow during the sending advert interface binding process.
	* Some more cosmetics patches.

2002-07-05  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.6.6 released.
	* added indentation style .indent.pro
	* Review the previous source tree. Splitted the code into functional subdirs.
	  Added multi-level automake scripts. The source tree looks like :
		.
		|-- bin
		|-- genhash
		|-- keepalived
		|   |-- core
		|   |-- etc
		|   |   |-- init.d
		|   |   `-- keepalived
		|   |-- healthcheck
		|   |-- include
		|   |-- libipfwc
		|   |-- libipvs
		|   |-- samples
		|   `-- vrrp
		`-- lib
	* Refine autoconf/automake scripts. Added automake support to libipvs and
	  libipfwc. Added code selection compilation for libipvs and libipfwc.
	* Review Makefile(s) to use more convenient facilities like distclean, ...
	* Review the Makefile(s) code dependencies.
	* Added support to modprobe_ipvs if the ip_vs.o module is not loaded.
	  If modprobe fails then IPVS is assumed unavailable.
	* Refine the IPVS wrapper to be more tolerant. When a VS or RS is already
	  configured don t stop the daemon. The daemon is stopped only on critical
	  IPVS errors.
	* VRRP : Review the bootstrap sequence to start daemon even if one of the
	  instance want to run on an interface administratively shut. Added extension
	  to FSM to force transition to FAULT state during bootstrap if the interface
	  is shut.
	* Updated the TODO file.
	* Some cosmetics patches.

2002-07-01  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.6.5 released.
	* Fixed a NULL pointer exception while releasing IPVS entries.
	* Review the Makefile.in to fixe some conventional issue. Fixed a libipvs
	  dependance code selection.
	* Christophe Varoqui, <Christophe.Varoqui@free.fr> created the rpm spec file.
	* Roberto Nibali, <ratz@linux-vs.org> helped during OLS with code cleanup.
	  Review the whole code coding style to use more conventional indentation. The
	  one used into LVS and Kernel code. Coding style provided by the following
	  command :
	    find . -name "*.[chS]" -exec indent -kr -i8 -ts8 -sob -l80 -ss -bs -psl \
	    {} \; && find . -name "*~" -exec rm  {} \;
	* Roberto Nibali and I review the DEBUG logging facility adding global DBG()
	  func declaration.
	* Roberto Nibali fixed two potential buffer overflow (strcpy).
	* Richard  L. Allbery, <rla@prideindustries.com> pointed out a fwmark issue.
	  Healthcheckers is enabled if virtual service is a fwmark.
	* Some cosmetics patches.

2002-06-25  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.6.4 released.
	* Rewrote the previous ip address utilities functions. Review the string
	  to ulong convertion function to support CIDR filtering and more simple
	  handling ("without all hexadecimal and shorthand"), pickted from Paul
	  Vixie code.
	* VRRP : extended the notify framework to support scripts inside a
	  vrrp_sync_group. view the sample/keepalived.conf.vrrp.sync file.
	* VRRP : Review the previous vrrp_sync_group block. New declaration
	  is : view the sample/keepalived.conf.vrrp.sync file.
	* VRRP : fixed a FSM sync_group side effect in FAULT state.
	* Fixed a Kernel 2.2 code selection issue (ETHTOOL).
	* Added support to wensong libipvs.
	* Fixed a sorry_server cleanup side effect.
	* Alex Kramarov, <alex@incredimail.com> fine the keepalived.init script
	  to be compatible with redhat chkconfig.

2002-06-18  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.6.3 released.
	* VRRP : Christian Motelet, <cmotelet@canal-plus.com> pointed out a
	  flapping issue when runing vrrp_sync_group on multiple NICs. This have
	  been fixed adding leave FAULT state transition on both FSM state (read
	  & read_to). The group leave fault state if all NIC of each VRRP Instance
	  are functional.
	* Fixed some issue in the autoconf/automake scripts.

2002-06-16  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.6.2 released.
	* Andres Salomon, <dilinger@voxel.net> enhanced the autoconf/automake
	  scripts to be more generic and to facilitate cross compilation. Including
	  more efficient IPVS code detection, Kernel version, install script
	  location, ...
	* Johannes Erdfelt, <johannes@erdfelt.com> fixed a genhash get request
	  length calculation issue.
	* Johannes Erdfelt, <johannes@erdfelt.com> fixed a wrong printed IP address
	  issue due to a static pivot buffer called multiple times for a single
	  syslog call.
	* Johannes Erdfelt, <johannes@erdfelt.com> enhanced SMTP notification
	  framework to use more compliant SMTP protocol handling. Enhanced both
	  sending and receiving functions. A nice response code buffer handling
	  calculating remote SMTP server retcode.
	* Johannes Erdfelt, <johannes@erdfelt.com> fixed a NULL pointer exception
	  into the 2.2 ipvswrapper code.
	* Aneesh Kumar, <aneesh.kumar@digital.com> fixed a compilation issue for
	  CI-LINUX checker compilation.
	* Jan Du Caju, <jan@kulnet.kuleuven.ac.be> fixed a compilation dependence
	  selection into the VRRP framework when compiling without LVS support.
	  This disable checkers activity update when compiled without LVS support.
	* fixed a dereferencing pointer into the parser.
	* move the dump configuration to printout conf after daemon initialization.
	* VRRP : Added support to start on complete init. VRRP framework and thus
	  keepalived will start if VRRP instances are properly configured.

2002-06-13  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.6.1 released.
	* Aneesh Kumar, <aneesh.kumar@digital.com> and I added support to
	  Cluster Infrastructure checkers. Providing HA-LVS for their cluster
	  project (http://ci-linux.sourceforge.net/). The new checker added
	  provide a derivation to the internal CI healthcheck mechanism.
	* Enhanced the Kernel netlink reflector to drive global healthcheckers
	  activity. The policy implemented here is : If healthchecker is performing
	  test on a service that belong to a VIP not owned by the director, then
	  the healthchecker is suspended. This suspend/active state is particulary
	  usefull if runing VRRP for HA => That way the backup LVS will not charge
	  the realserver pool since LVS VIP is owned by master LVS.
	* Cosmetics patches into the vector lib.
	* VRRP : Rewrote the previous VRRP synchronization instance policy.
	  Created a new config block called "vrrp_sync_group" that define VRRP
	  instances synchronization dependences. That way we replace the previous
	  "by-pair" sync approach by this "by-group" approach. This can be useefull
	  for firewall HA with many NICs. Created a dedicated framework to speed up
	  takeover synchronization.
	* VRRP : Added support to CIDR notation for VRRP VIPs definitions
	  => VRRP VIPs definition like a.b.c.d/e. By default "e" value is set to 32.
	* VRRP : Added support to multicast source IP address selection
	  => "mcast_src_ip" keyword. Can be usefull for strongly filtered env.
	  The mcast group subscription is done using the NIC default IP after this
	  mcast_src_ip is used if specified.
	* VRRP : Enhanced the link media failure detection. Added support to the
	  new kernel SIOCETHTOOL probing for ETHTOOL_GLINK command. New drivers
	  use this ETHTOOL interface to report link failure activity. During
	  bootstrap a probe is done to determine the proper polling method to
	  use for link media failure detection. The policy used is : probe for
	  SIOCGMIIREG if not supported then try SIOCETHTOOL GLINK probe, otherwise
	  use a ioctl SIOCGIFFLAGS polling function mirroring kernel NIC flags to
	  localy reflected representation.
	* Ramon Kagan, <rkagan@YorkU.CA> and I updated the UserGuide.pdf.

2002-05-30  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.5.9 released.
	* Added support to realserver_group. The work is not yet finished since
	  it introduces new compilation design currently not supported. So please
	  do not use yet.
	* VRRP : Review the script notification. Moved to a script per VRRP
	  instance state => Created new keywords notify_backup|master|fault
	  to run a specific script during backup|master|fault state transition.
	* VRRP : Added support to quoted strings for notify_backup|master|fault.
	  Can now launch script passing arguments.
	  See sample directory for examples.
	* VRRP : Added a protocol extension called "virtual_ipaddress_excluded".
	  This configuration block is similar to "virtual_ipaddress" block =>
	  those VIPs (called E-VIPs) are set throught netlink kernel channel and
	  gratuitous arp are sent over each E-VIP. The only difference is that
	  they are not added into VRRP packet adverts. This can be usefull for
	  big env where you want to run many VRRP VIPs (200 for example).
	  VRRP packet lenght are limited to a 20 VIPs, if you want more VRRP VIPs
	  add them to the "virtual_ipaddress_excluded" configuration block.
	* VRRP : Added more logging facility when setting/removings VIPs & E-VIPs.
	* VRRP : Created a new FSM state called become_master in charge of
	  VIPs/E-VIPs/notifications handling. The goto_master state is now a state
	  where the instance send an advert to force a new MASTER election setting
	  the instance into a transition mode. If election success its finaly
	  transit to become_master state to own VIPs/E-VIPs and launch scripts.
	* VRRP : Force a new MASTER election when receiving a lower prio advert.
	* VRRP : Review the vrrp_scheduler.c to use more conventional FSM design.
	  This reduce and beautifull the code.
	* VRRP : Fixed a very noisy flapping issue observed on heavy loaded env.
	  Simulating big traffic on a backbone figure out this flapping issue.
	  Added support to a TIMER_MICRO_ADJUST to prevent against timer degradation.
	  This can be view as a DOS protection policy. VRRP MASTER timers are adjusted
	  if they are too degradated, due to heavy loaded networking env introducing
	  latency receiving/sending VRRP protocol adverts.
	  Thanks goes to Paul, <xerox@foonet.net> for pointing it out and providing
	  access to its Internet routing backbone.

2002-05-21  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.5.8 released.
	* Added an OpenSSL Licence exception to grant Keepalived compilation
	  with OpenSSL Toolkit.
	  Thanks to Andres Salomon, <dilinger@voxel.net> for suggesting.
	* Added connection port selection for Healthcheckers (TCP_CHECK,
	  HTTP|SSL_GET). Can be usefull for Healthcheck in fwmark LVS topology
	  for grouping service.
	  Thanks to Richard  L. Allbery, <rla@prideindustries.com> for suggection.
	  See samples directory for examples.
	* Fixed some IPVS exclusion code when running --disable-lvs.
	* Added support to VirtualHost selection when using HTTP|SSL_GET.
	  See samples directory for examples.
	* Added VirtualHost selection into the genhash utility.
	* Fixed some IPVS sync daemon initializations issues.
	* Cometics patches in IPVS wrapper framework.
	* Added support to quoted string. This can be usefull if you are using
	  MISC_CHECK and you want to pass arguments to called script. See samples.
	* Prepare work on real_server_group in order to group some realserver
	  declaration.
	* VRRP : Fixed a password length exception causing an unwanted dropping
	  issue.
	* VRRP : Enhanced the MASTER state to send gratuitous arp if receiving
	  a remote lower prio advert => This fix a remote stalled ARP cache.
	  Thanks to Simon Kirby, <sim@netnation.com> for discussing this case.

2002-05-02  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.5.7 released.
	* Review autoconf/automake scripts to be more generic on system and code
	  selection. Added primitives (configure) :
	    --disable-lvs-syncd : Do not use IPVS sync daemon
	    --disable-lvs       : Do not use IPVS framework
	    --disable-vrrp      : Do not use VRRP framework
	    --enable-debug      : Compile with debugging flags
	* Fixed a SSL stream handling bug.
	  Thanks to Andres Salomon, <dilinger@voxel.net> for pointing the issue.
	* Added a global memory counter to track global memory used.
	* Fixed configuration parser. read_line. Remove static allocated
	  temporary read buffer. Only handle stream if line has been spitted into
	  vector.
	* Limit maximum number of VIPs per VRRP Instance to 20. (for fragmentation,
	  overhead, and others reasons).
	* Added IPVS wrapper support to persistence granularity.
	  Thanks to Mike Zimmerman, <tarmon@spamcop.net> for the suggestion.
	* Review smtp notifier to handle VRRP MASTER state transition alert.
	  Thanks to Paul, <xerox@foonet.net> for the suggestion.
	* Review the UserGuide.pdf to fixe some english issues :)
	  Thanks to Jacques Thomas, <jacktom@noos.fr> for reviewing.

2002-04-13  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.5.6 released.
	* VRRP : Review in "GOTO_MASTER_STATE" the IP address handling.
	  send protocol adverts before registering IP address to the interface.
	* VRRP : Review the "LEAVE_MASTER_STATE" to only handle state transition
	  if wanted states are BACKUP or FAULT.
	* VRRP : Review the BACKUP state to force new protocol election if
	  receiving a lower priority advert.
	* VRRP : Fixed a BACKUP to MASTER state transition only if interface is
	  reported UP.
	* VRRP : Fake the "ipvs_syncd_cmd" function if running LVS using a Kernel
	  2.2.

2002-04-10  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.5.5 released.
	* Fixed a gratuitous ARP porting bug.
	* VRRP : Review the data structure to be more generic
	  and clean with the rest of the code.
	* VRRP : Remove the interface flags (NIC) ioctl functions
	* VRRP : Created an interface (NIC) library giving access
	  to common interface helpers functions.
	* VRRP : Created an interface lookup function creating a global
	  interface structure during daemon bootstrap. Consist of a netlink
	  RTM_GETLINK & RTM_GETADDR lookup, so we can work with a userspace
	  interface representation.
	* VRRP : Create a netlink kernel reflection framework updating
	  dynamically our interface structure according to kernel
	  netlink broadcast. This design is highly inspired from zebra.
	  => Reflection mean : wait for netlink kernel broadcast, if received,
	  wakeup netlink filter to update our userspace representation.
	  Prefer this design instead of a delayed netlink poller. That way
	  we reduce global overhead.
	* VRRP : VRRP need to detect failure from many places.
	  If netlink can notify for many troubles like mainly
	  IFF_UP|DOWN & IFF_RUNNING, those flags are kernel drivers dependent.
	  To reduce takeover time and performance we need to have informations like
	  : Does the media link is present ?. The fact is that most of the new NICs
	  own embended hardware chip providing such informations. So created a
	  MII transceiver status register thread poller. Monitoring Basic Mode
	  Status Register (BMSR) of the MII status words. Waiting for kernel
	  NIC drivers hackers to support this functionnality through netlink
	  (=> Like a IFF_RUNNING update broadcast).
	* VRRP : Linked the state machine to the global interface structure.
	  NIC failure/events are handled.
	* VRRP : Review the whole state machine code to be more realistic. The
	  State transition diagram described into the RFC2338 is an obtimist
	  view. The VRRP state transition diagram implemented here is :

                              +---------------+
                   +--------->|               |<-------------+
                   |          |  Initialize   |              |
                   |   +------|               |----------+   |
                   |   |      +---------------+          |   |
                   |   V                                 V   |
           +---------------+                       +---------------+
           |               |---------------------->|               |
           |    Master     |                       |    Backup     |
           |               |<----------------------|               |
           +---------------+                       +---------------+
            ^   |     |                                   |    ^
            |   |     |       +---------------+           |    |
            |   |     +------>|  Dummy Master |           |    |
            |   |             +---------------+           |    |
            |   |                     |                   |    |
            |   |                     V                   |    |
            |   |             +---------------+           |    |
            |   +------------>|               |<----------+    |
            |                 |     Fault     |                |
            +-----------------|               |----------------+
                              +---------------+

	* VRRP : Robust multicast handling. Something really strange
	  is : after a NIC failure (in fallback mode) without closing
	  the socket, multicast advert can be sent but not received ?
	  really strange don t know why probably an IGMP resubmit ?.
	  So multicast group is left during failover (media trouble,
	  IFF_DOWN or !IFF_RUNNING). In fallback, we register a new
	  membership and synchronize all the packet dispatcher fds.
	* VRRP : Fixed a checksum trouble using password authentication.
	* VRRP : Added support to the LVS sync daemon. This permit
	  LVS sync daemon to be state drived by a specific VRRP instance.
	* Review the autoconf/automake to be more generic.
	* Some cosmetics patches.

2002-02-25  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.5.3 released.
	* Added autoconf / automake generic scripts.
	* Rewrite the configuration file stream parser.
	  Using a generic keywords tree. Each keyword refer a specific
	  stream handler. The main stream processor is a multilevel
	  recursive function getting file stream and backtracking the
	  keyword tree. Kind of global compiler structure using event driven
	  stream processing.
	* Re-design the global data structure to be much more generic and
	  to dissociate LVS configuration related to checkers related. Remove
	  static char lenght to use dynamic length strings.
	* Created a global timer framework.
	* Created a global vector template, used in cofiguration file
	  parsing (both stream process & keywords tree generation).
	* Created a global list template, used in most of the code.
	* Review the global scheduler to remove repeated code.
	* Created a global checkers API. The design and goal here is to
	  facilitate new checkers creation by localizing specific checker
	  code into a single file without any other global framework
	  integration.
	* Patched a SSL stream handling race condition finding end of stream.
	* Jan Holmberg, review MISC checker to use forked process to not degrade
	  global scheduler timer.
	* Revisited the whole code to use new templates structures.
	* Fixed a url lentgh bug into the genhash utility.
	* Fabrice Bucher, <fabrice.bucher@urbanet.ch> fixed a timeout_persistence
	  bug in the IPVS wrapper code.
	* Bradley McLean, <bradlist@bradm.net> added support to '0' port number
	  service in VS manipulation. Useful for balancing all services (host rather
	  than service).
	* Matthijs van der Klip, <matthijs.van.der.klip@nos.nl> enhanced smtp
	  framework to use SMTP header and email enclosed with angle brackets.

2001-12-20  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.4.9a released.
	* Jan and I patched a memory pointer problems in vrrp_scheduler.c
	  Thanks to Negrea Mihai, <mike@umft.ro> for reporting.
	* Jan Holmberg, patched a memory reallocation pointer
	  exception in memory management framework.
	* Jan Holmberg, patched a vrrp vip set/remove retry.
	* Some cosmetics/logging patches.
	* Created Keepalived UserGuide.

2001-12-10  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.4.9 released.
	* Jan Holmberg, <jan@artech.net> added a memory managment framework.
	  In debug mode it is used as a memory leak buster. We can so use it
	  to debug quickly memory leaks (buffer overrun, allocation errors, ...).
	* Jan Holmberg and I added support to SSL. Checker SSL_GET. Can be used
	  with autogenerated cert or with specific cafile, certfile, keyfile.
	* Use the OpenSSL, <www.openssl.org> library for MD5 & SSL functions.
	* Jan Holmberg and I Rewrote the HTTP_GET code to use full asynchronous
	  stream handling. The code use a common part for HTTP/SSL stream handling.
	  Review the MD5 digest buffer computation, update MD5 over received buffer.
	* Patched some memory leaks in smtp handling.
	* Jan Holmbarg added support to LVS FWMARK.
	* Added command line option for keepalived. Used the libpopt library.
	  -h, -v, -n, -d, -l, -f.
	* Jan Holmberg and I added debugging facility on keepalived console.
	* Added a BOOTSTRAP_DELAY of 1sec when registering checkers during
	  daemon bootstrap.
	* VRRP : Jan Holmberg added possibility to run an extra script when
	  VRRP Instance become or leave MASTER STATE (=> using a forked process).
	* Review/fine the whole code to apply cosmetics patch.
	* Rewrote the genhash utility.
	* Started checkers API specs.
	* doc doc doc...

2001-11-20  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.4.8 released.
	* Rewrite the whole VRRP previous code.
	* VRRP : Created a hierarchic scheduling framework.
	  Handle VRRP instances multiplexing on the same I/O fd.
	  VRRP I/O events are handled by our global scheduling
	  framework. Then the global sheduling framework call a VRRP
	  I/O instance dispatcher to manage VRRP instances.
	* VRRP : Created a temporary socket pool to handle register
		 our VRRP thread instances.
	  We create & allocate a socket pool here. The soft design
	  can be sum up by the following sketch :

	         fd1  fd2    fd3  fd4          fdi  fdi+1
	      -----\__/--------\__/---........---\__/---
	         | ETH0 |    | ETH1 |          | ETHn |
	         +------+    +------+          +------+

	  Here we have n physical NIC. Each NIC own a maximum of 2 fds.
	  (one for VRRP the other for IPSEC_AH). All our VRRP instances
	  are multiplexed through this fds. So our design can handle 2*n
	  multiplexing points.
	* VRRP : Review the multicast socket creating. We bind the socket
	  to a specific NIC. inbound & outbound traffic are bound to the
	  NIC.
	  => why IP_ADD_MEMBERSHIP & IP_MULTICAST_IF doesnt set
	     sk->bound_dev_if themself ??? !!!
	     Needed for filter multicasted advert per interface.
	  => For inbound binding we use SO_BINDTODEVICE kernel option.
	* VRRP : Created a read dispatcher thread to deal with our sockpool.
	  Handle VRRP states & transition states.
	* VRRP : Created a VRRP synchronization instance circuit. This
	  functionnality gave you the ability to monitor VRRP instance
	  each other. This mean that if 2 VRRP instances are monitoring
	  themself and if one of this instance change state, the other
	  follow the same state. ex.: With 2 VRRP instances (VI_1 & VI_2)
	  if VI_1 become backup then VI_2 become backup too. (symetricly
	  with master VRRP state).
	* VRRP : Rewrite the netlink interface to use non blocking socket.
	* VRRP : Rewrite the ipaddress handling to use the new netlink
	  interface.
	* VRRP : Remove the VRPP VMAC handling since linux kernel only
	  permit to use one MAC address on a specific NIC. We use gratuitous
	  arp when setting up VRRP VIP, to uptade remote host arp caches.
	  => In certain case this can cause a TCP session renegociation
	     which can cause a permature session end.
	  => To be fully compliant with the VRRP RFC, need to patch the
	     kernel to gave it the possibility to deal with more than one
	     MAC address at a time. Give me clue on it please ! to same me
	     a little time :)
	* Starting VRRP documentation.
	* Patch a pidfile handling bug when forking the keepalived daemon.
	  Thanks goes to Gianni D'Aprile for pointing it to me.
	* Patch a timer race condition into the scheduling framework.
	  This bug caused tcpcheck to respawn quickly...
	  Thanks goes to Gianni D'Aprile for pointing it to me.

2001-11-04  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.3.8 released.
	* Added support to native IPTABLE LVS CODE
	  => using NAT on 2.4 kernel ipchains kernel support
	     has been removed.
	* Added support to Direct Routing & Tunneling.
	* Review the keepalived.init script to be much more generic.

2001-09-14  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.4.1 released.
	* Added support to LVS kernel 2.4 code

2001-08-23  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.4.0 released.
	* Patch a race condition into the scheduler timer computation.
	* Patch a race condition into the tcp checker thread. Only
	  register next timer thread if tcp connection is not in progress.
	* Patch a race condition into the http checker thread. Handle
	  empty buffer returned from remote http server.
	* Patch a race condition into the dumping configuration process.
	  A simple dereferencing pointer value...oops...
	* Eric Jarman, <ehj38230@cmsu2.cmsu.edu> added MISC CHECKER.
	  It Perform a system call to run an extra system or script.
	  => security auditing needed for system call,
	  buffer overflow over script path must be handled.

	* Added VRRP support using our scheduling I/O multiplexer.
	  VRRP implementation support to IPSEC-AH using HMAC-96bits digest
	  with anti-replay. rfc2402 & rfc2104.
	* Added routing table fetcher. We ignore route when it is a
	  cloned route from other router, learn by an ICMP redirect
	  or set by kernel. Only UNICAST route are stored.
	* Added dropping packet support.

2001-07-15  Alexandre Cassen  <acassen@linux-vs.org>
	* keepalived-0.3.5 released.
	* Rewrite the whole signal handling, registering a terminating
	  thread on signal.
	* Move logsystem to syslog using facility LOG_INFO & LOG_DEBUG.
	* Added a daemonization function imported from zebra.
	* Rewrite the pidfile handling, check if daemon is running, if not
	  remove eventual stalled pidfile and create new pidfile.
	* Added a strong scheduling framework based on an I/O multiplexer
	  to handle asynchronous process. This code is imported from zebra
	  and have been enhanced for keepalived purposes.

	  Thread types are :
	  . timeouted read on fd.
	  . timeouted write on fd.
	  . timer.
	  . event.
	  . terminate event.

	  => The zebra framework have been enhanced to add support for timeouted
	     read/write fds.

	  => With this framework keepalived use a Boss/Worker thread model design,
	     fetching ready thread from a master threading queues.

	* Rewrite the configuration file reader to add flexibility on extending.
	  The dynamic data structure has been rewritten to use apropriate types.
	  Right now parsing framework is ready for easy new checker structures
	  integration.
	* Rewrite the smtp connector. The implementation take advantage of the
	  I/O multiplexer. All read/write operations from/to the remote smtp server
	  are done asynchronously. The implementation is rfc 821 compliant (multiple
	  receiver are handled by a multiple RCPT TO command as specified in rfc821.3.1).
	* Rewrite the IPFW & IPVS wrappers.
	* Added support for NAT mask on IP MASQ rules (keyword nat_mask in configuration
	  file). Added support for sorry server facility, so when all the server from a
	  VS server pool are removed, a sorry server is automaticaly added to the VS pool
	  (typically this is used when you have a spare server online).
	* Rewrite the previous checkers. Checkers are now based on a hierarchic layer
	  stack framework. The protocol implemented for the moment is TCP. All layer 5
	  checkers are using layer4.c primitives with the same design :

	  . a checker connector thread (creating the socket) registering the connection
	    checker thread.
	  . a connection checker thread testing connection states (error, in_progress,
	    timeout, success). When connection success upper level thread are registered
	    to handle checks.
	* Delay loop is now checkers specifics since we can use a multithreaded framework.
	* Update the PDF documentation file.