backport upstream patches and make service start not so offen

(cherry picked from commit 2a8dccb8461dec80764666d72d960c5be8394cef)

Fix-segfault-when-receive-netlink-message-for-static.patch

@@ -0,0 +1,33 @@
+From f46327dc6e2daab91b8f164fc0e77fcb4cb80c6a Mon Sep 17 00:00:00 2001
+From: Arthur Grosser <15238252+agrrto@users.noreply.github.com>
+Date: Fri, 27 May 2022 15:22:25 +0200
+Subject: [PATCH] Fix segfault when receive netlink message for static default
+ route added
+
+This extends acassen@069a039 where the problem was fixed for virtual
+routes.
+Conflict: NA
+Reference: https://github.com/acassen/keepalived/commit/f46327dc6e2daab91b8f164fc0e77fcb4cb80c6a
+---
+ keepalived/core/keepalived_netlink.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/keepalived/core/keepalived_netlink.c b/keepalived/core/keepalived_netlink.c
+index ea8843f..5c078d2 100644
+--- a/keepalived/core/keepalived_netlink.c
++++ b/keepalived/core/keepalived_netlink.c
+@@ -321,7 +321,10 @@ route_is_ours(struct rtmsg* rt, struct rtattr *tb[RTA_MAX + 1], vrrp_t** ret_vrr
+ 		    tos != route->tos)
+ 			continue;
+ 
+-		if (compare_addr(family, RTA_DATA(tb[RTA_DST]), route->dst))
++		if (!tb[RTA_DST])
++			memset(&default_addr, 0, sizeof(default_addr));
++
++		if (compare_addr(family, tb[RTA_DST] ? RTA_DATA(tb[RTA_DST]) : &default_addr, route->dst))
+ 			continue;
+ 
+ 		return route;
+-- 
+2.23.0
+

check-fix-further-memory-leaks-when-configuration-is.patch

@@ -0,0 +1,83 @@
+From 4b269f8131591e3067b54dc1f587592bfca10fba Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Tue, 26 Jul 2022 09:42:01 +0100
+Subject: [PATCH] check: fix further memory leaks when configuration is
+ repeated
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+Conflict: adapt path_handler because the pre patch 516032ec39169d05c613de0e8ee10845658748ff reconstructs the configuration resolution
+Reference: https://github.com/acassen/keepalived/commit/4b269f8131591e3067b54dc1f587592bfca10fba
+
+---
+ keepalived/check/check_http.c   | 9 +++++++--
+ keepalived/check/check_parser.c | 6 +-----
+ keepalived/check/check_smtp.c   | 4 +++-
+ 3 files changed, 11 insertions(+), 8 deletions(-)
+
+diff --git a/keepalived/check/check_http.c b/keepalived/check/check_http.c
+index 4b1f3f3..47a9ac1 100644
+--- a/keepalived/check/check_http.c
++++ b/keepalived/check/check_http.c
+@@ -505,7 +505,7 @@ path_handler(const vector_t *strvec)
+ 	http_checker_t *http_get_chk = CHECKER_GET();
+ 	url_t *url = list_last_entry(&http_get_chk->url, url_t, e_list);
+ 
+-	url->path = set_value(strvec);
++	set_string(&url->path, strvec, "path");
+ }
+ 
+ static void
+@@ -625,11 +625,16 @@ regex_handler(__attribute__((unused)) const vector_t *strvec)
+ 	const vector_t *strvec_qe = alloc_strvec_quoted_escaped(NULL);
+ 
+ 	if (vector_size(strvec_qe) != 2) {
+-		log_message(LOG_INFO, "regex missing or too many fields");
++		report_config_error(CONFIG_GENERAL_ERROR, "regex missing or too many fields");
+ 		free_strvec(strvec_qe);
+ 		return;
+ 	}
+ 
++	if (conf_regex_pattern) {
++		report_config_error(CONFIG_GENERAL_ERROR, "Duplicate regex specified - replacing %s with %s", conf_regex_pattern, strvec_slot(strvec, 1));
++		FREE_CONST_PTR(conf_regex_pattern);
++	}
++
+ 	conf_regex_pattern = PTR_CAST_CONST(unsigned char, set_value(strvec_qe));
+ 	free_strvec(strvec_qe);
+ }
+diff --git a/keepalived/check/check_parser.c b/keepalived/check/check_parser.c
+index ec8f779..f24215e 100644
+--- a/keepalived/check/check_parser.c
++++ b/keepalived/check/check_parser.c
+@@ -74,11 +74,7 @@ handle_ssl_file(const vector_t *strvec, const char **file_name, const char *type
+ 		return;
+ 	}
+ 
+-	if (*file_name) {
+-		report_config_error(CONFIG_GENERAL_ERROR, "SSL %s already specified - replacing", type);
+-		FREE_CONST(*file_name);
+-	}
+-	*file_name = set_value(strvec);
++	set_string(file_name, strvec, "SSL");
+ }
+ 
+ static void
+diff --git a/keepalived/check/check_smtp.c b/keepalived/check/check_smtp.c
+index 034d891..65db135 100644
+--- a/keepalived/check/check_smtp.c
++++ b/keepalived/check/check_smtp.c
+@@ -273,8 +273,10 @@ smtp_helo_name_handler(const vector_t *strvec)
+ 		return;
+ 	}
+ 
+-	if (smtp_checker->helo_name)
++	if (smtp_checker->helo_name) {
++		report_config_error(CONFIG_GENERAL_ERROR, "SMTP_CHECK helo name already specified");
+ 		FREE_CONST(smtp_checker->helo_name);
++	}
+ 
+ 	smtp_checker->helo_name = set_value(strvec);
+ }
+-- 
+2.33.0
+

check-use-last-entry-if-duplicate-definition.patch

@@ -0,0 +1,123 @@
+From 014f037b219d328d501ac90cc046efa9b84b3a32 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Mon, 25 Jul 2022 18:06:24 +0100
+Subject: [PATCH] check: use last entry if duplicate definition
+
+Commits 8a3f145 - "fix mem leaks when virtualhost and snmp_name
+are duplicate" and 86bbb2e - "fix mem leaks when virtualhost is
+duplicate" changed the behaviour of virtualhost and snmp_name
+configuration if there were duplicate definitions to use the
+first defined entry, whereas previously the last defined entry
+was used, albeit with a memory leak.
+
+This commit retains the memory leak fixes, but reverts the
+behaviour to use the last definition rather than the first.
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+Conflict: adapt the input parameter of set_string function because the pre patch 516032ec39169d05c613de0e8ee10845658748ff reconstructs the configuration resolution
+Reference: https://github.com/acassen/keepalived/commit/014f037b219d328d501ac90cc046efa9b84b3a32
+---
+ keepalived/check/check_http.c   |  4 ++--
+ keepalived/check/check_parser.c |  8 ++++----
+ lib/parser.c                    | 10 ++++++++++
+ lib/parser.h                    |  1 +
+ 4 files changed, 17 insertions(+), 6 deletions(-)
+
+diff --git a/keepalived/check/check_http.c b/keepalived/check/check_http.c
+index e5f4dfa..4b1f3f3 100644
+--- a/keepalived/check/check_http.c
++++ b/keepalived/check/check_http.c
+@@ -463,7 +463,7 @@ virtualhost_handler(const vector_t *strvec)
+ 		return;
+ 	}
+ 
+-	http_get_chk->virtualhost = set_value(strvec);
++	set_string(&http_get_chk->virtualhost, strvec, "virtualhost");
+ }
+ 
+ static void
+@@ -592,7 +592,7 @@ url_virtualhost_handler(const vector_t *strvec)
+ 		return;
+ 	}
+ 
+-	url->virtualhost = set_value(strvec);
++	set_string(&url->virtualhost, strvec, "url virtualhost");
+ }
+ 
+ static void
+diff --git a/keepalived/check/check_parser.c b/keepalived/check/check_parser.c
+index a962581..ec8f779 100644
+--- a/keepalived/check/check_parser.c
++++ b/keepalived/check/check_parser.c
+@@ -607,7 +607,7 @@ vs_virtualhost_handler(const vector_t *strvec)
+ 		return;
+ 	}
+ 
+-	vs->virtualhost = set_value(strvec);
++	set_string(&vs->virtualhost, strvec, "vs virtualhost");
+ }
+ 
+ #ifdef _WITH_SNMP_CHECKER_
+@@ -621,7 +621,7 @@ vs_snmp_name_handler(const vector_t *strvec)
+ 		return;
+ 	}
+ 
+-	vs->snmp_name = set_value(strvec);
++	set_string(&vs->snmp_name, strvec, "vs snmp_name");
+ }
+ #endif
+ 
+@@ -891,7 +891,7 @@ rs_virtualhost_handler(const vector_t *strvec)
+ 		return;
+ 	}
+ 
+-	rs->virtualhost = set_value(strvec);
++	set_string(&rs->virtualhost, strvec, "rs virtualhost");
+ }
+ 
+ #ifdef _WITH_SNMP_CHECKER_
+@@ -906,7 +906,7 @@ rs_snmp_name_handler(const vector_t *strvec)
+ 		return;
+ 	}
+ 
+-	rs->snmp_name = set_value(strvec);
++	set_string(&rs->snmp_name, strvec, "rs snmp_name");
+ }
+ #endif
+ 
+diff --git a/lib/parser.c b/lib/parser.c
+index bcabd07..68a6e49 100644
+--- a/lib/parser.c
++++ b/lib/parser.c
+@@ -804,6 +804,16 @@ read_hex_str(const char *str, uint8_t **data, uint8_t **data_mask)
+ 	return len;
+ }
+ 
++void
++set_string(const char **var, const vector_t *strvec, const char *param_name)
++{
++	if (*var) {
++		report_config_error(CONFIG_GENERAL_ERROR, "Duplicate %s - overwriting %s with %s", param_name, *var, strvec_slot(strvec, 1));
++		FREE_CONST_PTR(*var);
++	}
++	*var = set_value(strvec);
++}
++
+ void
+ set_random_seed(unsigned int seed)
+ {
+diff --git a/lib/parser.h b/lib/parser.h
+index 994eeb3..4fa0988 100644
+--- a/lib/parser.h
++++ b/lib/parser.h
+@@ -116,6 +116,7 @@ set_value_r(const vector_t *strvec)
+ #endif
+ 
+ /* Prototypes */
++extern void set_string(const char **, const vector_t *, const char *);
+ extern void report_config_error(config_err_t, const char *format, ...)
+ 	__attribute__((format (printf, 2, 3)));
+ extern void use_disk_copy_for_config(const char *);
+-- 
+2.33.0
+

keepalived-pid-check.sh

@@ -0,0 +1,54 @@
+#! /bin/bash
+
+if [ ! -f /run/keepalived.pid ] || [ ! -f /run/keepalived.pid.save ]; then
+	echo "check keepalived.pid and run/keepalived.pid.save file not exists"
+	exit 1
+fi
+
+NOW_MAIN_PID=$(/usr/bin/cat /run/keepalived.pid)
+
+if [ -f /run/checkers.pid ]; then
+	NOW_CHECKERS_PID=$(/usr/bin/cat /run/checkers.pid)
+else
+	NOW_CHECKERS_PID=0
+fi
+
+if [ -f /run/vrrp.pid ]; then
+	NOW_VRRP_PID=$(/usr/bin/cat /run/vrrp.pid)
+else
+	NOW_VRRP_PID=0
+fi
+
+count=1;
+
+while read LINE
+do
+	if [ $count = 1 ]; then
+		if [ $NOW_MAIN_PID != $LINE ]; then
+			echo "check main pid $LINE ...... [fail]"
+			exit 1
+		fi
+		echo "check main pid $LINE ...... [pass]"
+	fi
+
+        if [ $count = 2 ]; then
+                if [ $NOW_CHECKERS_PID != $LINE ]; then
+			echo "check checker pid $LINE ... [fail]"
+                        exit 1
+                fi
+		echo "check checker pid $LINE ... [pass]"
+        fi
+
+        if [ $count = 3 ]; then
+                if [ $NOW_VRRP_PID != $LINE ]; then
+			echo "check vrrp pid $LINE ...... [fail]"
+                        exit 1
+                fi
+		echo "check vrrp pid $LINE ...... [pass]"
+        fi
+
+	count=$[ $count + 1 ]
+
+done < /run/keepalived.pid.save
+
+exit 0

keepalived-start-post.sh

@@ -0,0 +1,39 @@
+#!/bin/sh
+umask 0027
+
+echo "exec started post "
+
+CheckPidFile()
+{
+	ps -ef | grep "/usr/sbin/keepalived -D --all" | while read line;
+	do
+		PID=$(echo $line | awk '{print $2}')
+		FATHER=$(echo $line | awk '{print $3}')
+		CMD=$(echo $line| awk '{print $8}')
+		if [ $CMD = "/usr/sbin/keepalived" ] && [ $FATHER = "1" ]; then
+			echo $PID > /run/keepalived.pid
+		fi
+	done
+}
+
+if [ -f /run/keepalived.pid ]; then
+	echo $(/usr/bin/cat /run/keepalived.pid) > /run/keepalived.pid.save
+else
+	CheckPidFile
+fi
+
+if [ -f /run/checkers.pid ]; then
+        echo $(/usr/bin/cat /run/checkers.pid) >> /run/keepalived.pid.save
+else
+	echo 0 >> /run/keepalived.pid.save
+
+fi
+
+if [ -f /run/vrrp.pid ]; then
+        echo $(/usr/bin/cat /run/vrrp.pid) >> /run/keepalived.pid.save
+else
+	echo 0 >> /run/keepalived.pid.save
+fi
+
+exit 0
+

keepalived-stop-post.sh

@@ -0,0 +1,19 @@
+#!/bin/sh
+if [ -f /run/checkers.pid ]; then
+	checkerpid=$(/usr/bin/cat /run/checkers.pid) 
+	/bin/kill $checkerpid
+	echo "Kill checkers-pid $checkerpid , when execute stop-post keepalived"
+fi
+
+if [ -f /run/vrrp.pid ]; then 
+	vrrppid=$(/usr/bin/cat /run/vrrp.pid)
+	/bin/kill $vrrppid
+	echo "Kill vrrp-pid $vrrppid, when execute stop-post keepalived"
+fi
+
+if [ -f /run/keepalived.pid.save ]; then
+	rm -rf /run/keepalived.pid.save
+fi
+
+echo "Excuted stop-post keepalived"
+

keepalived.service

@@ -8,8 +8,12 @@ Type=forking
 PIDFile=/run/keepalived.pid
 KillMode=process
 EnvironmentFile=-/etc/sysconfig/keepalived
+ExecStartPost=/usr/sbin/keepalived-start-post.sh
 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS
 ExecReload=/bin/kill -HUP $MAINPID
+ExecStopPost=/usr/sbin/keepalived-stop-post.sh
+StartLimitBurst=1
+StartLimitInterval=1s
 
 [Install]
 WantedBy=multi-user.target

keepalived.spec

@@ -9,15 +9,28 @@
 
 Name:		keepalived
 Version:	2.2.4
-Release:	2
+Release:	3
 Summary:	High Availability monitor built upon LVS, VRRP and service pollers
 License:	GPLv2+
 URL:		http://www.keepalived.org/
 Source0:	http://www.keepalived.org/software/keepalived-%{version}.tar.gz
 Source1: 	keepalived.service
+Source2:        keepalived-stop-post.sh
+Source3:        keepalived-start-post.sh
+Source4:        keepalived-pid-check.sh
 
 Patch0001:	CVE-2021-44225.patch
+Patch0002:	scheduler-Handle-cancelling-timer-thread-on-ready-qu.patch
+Patch0003:	vrrp-dbus-Fix-assert-on-shutdown-after-name-lost.patch
+Patch0004:	vrrp-Resolve-segfault-when-enable_snmp_vrrp-is-added.patch
+Patch0005:	Fix-segfault-when-receive-netlink-message-for-static.patch
+Patch0006:	vrrp-deley-freeing-vrrp-instances-until-all-referenc.patch
+Patch0007:	check-use-last-entry-if-duplicate-definition.patch
+Patch0008:	check-fix-further-memory-leaks-when-configuration-is.patch
 
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
 BuildRequires:	net-snmp-devel gcc systemd-units openssl-devel libnl3-devel
 BuildRequires:  ipset-devel iptables-devel libnfnetlink-devel libnftnl-devel
 BuildRequires:  file-devel libmnl-devel
@@ -61,7 +74,10 @@ rm -rf .%{_sysconfdir}/keepalived/samples/
 popd
 
 install -d -m 0755 %{buildroot}%{_unitdir}
-install -p -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/keepalived.service
+install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/keepalived.service
+install -p -D -m 0550 %{SOURCE2} %{buildroot}%{_sbindir}/keepalived-stop-post.sh
+install -p -D -m 0550 %{SOURCE3} %{buildroot}%{_sbindir}/keepalived-start-post.sh
+install -p -D -m 0550 %{SOURCE4} %{buildroot}%{_sbindir}/keepalived-pid-check.sh
 install -Dd -m 0755 %{buildroot}%{_libexecdir}/keepalived
 
 %post
@@ -82,6 +98,9 @@ install -Dd -m 0755 %{buildroot}%{_libexecdir}/keepalived
 %attr(0755,root,root) %{_sbindir}/keepalived
 %dir %{_sysconfdir}/keepalived/
 %dir %{_libexecdir}/keepalived/
+%attr(0550,root,root) %{_sbindir}/keepalived-stop-post.sh
+%attr(0550,root,root) %{_sbindir}/keepalived-start-post.sh
+%attr(0550,root,root) %{_sbindir}/keepalived-pid-check.sh
 %{_bindir}/genhash
 %{_datadir}/snmp/mibs/*
 %{_unitdir}/keepalived.service
@@ -92,6 +111,12 @@ install -Dd -m 0755 %{buildroot}%{_libexecdir}/keepalived
 %{_mandir}/man*
 
 %changelog
+* Mon Jun 12 2023 sunsuwan <sunsuwan3@huawei.com> -  2.2.4-3
+- Type:CVE
+- ID:NA 
+- SUG:NA
+- DESC:backport upstream patches and make service start not so offen
+
 * Tue Mar 29 2022 kwb0523 <kwb0523@163.com> -  2.2.4-2
 - Type:bugfix
 - ID:NA 

scheduler-Handle-cancelling-timer-thread-on-ready-qu.patch

@@ -0,0 +1,44 @@
+From 73ba6004b906b1ea022c169b25b9bdab589583e4 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Fri, 22 Oct 2021 15:16:01 +0100
+Subject: [PATCH] scheduler: Handle cancelling timer thread on ready queue
+
+The timer thread on the ready queue, if cancelled, was corrupting
+the read list_head, since it assumed it was on a red black tree.
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+Conflict: NA
+Reference: https://github.com/acassen/keepalived/commit/73ba6004b906b1ea022c169b25b9bdab589583e4
+---
+ lib/scheduler.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/lib/scheduler.c b/lib/scheduler.c
+index a588f52..ebf5ea3 100644
+--- a/lib/scheduler.c
++++ b/lib/scheduler.c
+@@ -1527,6 +1527,7 @@ thread_cancel(thread_ref_t thread_cp)
+ 		break;
+ 	case THREAD_EVENT:
+ 	case THREAD_READY:
++	case THREAD_READY_TIMER:
+ #ifdef USE_SIGNAL_THREADS
+ 	case THREAD_SIGNAL:
+ #endif
+@@ -1534,7 +1535,13 @@ thread_cancel(thread_ref_t thread_cp)
+ 	case THREAD_CHILD_TERMINATED:
+ 		list_del_init(&thread->e_list);
+ 		break;
++	case THREAD_TIMER_SHUTDOWN:
++	case THREAD_TERMINATE_START:
++	case THREAD_TERMINATE:
++		log_message(LOG_WARNING, "ERROR - thread_cancel called for THREAD_%s", thread->type == THREAD_TIMER_SHUTDOWN ? "TIMER_SHUTDOWN" : thread->type == THREAD_TERMINATE ? "TERMINATE" : "TERMINATE_START");
++		return;
+ 	default:
++		log_message(LOG_WARNING, "ERROR - thread_cancel called for unknown thread type %u", thread->type);
+ 		break;
+ 	}
+ 
+-- 
+2.23.0
+

vrrp-Resolve-segfault-when-enable_snmp_vrrp-is-added.patch

@@ -0,0 +1,146 @@
+From 24f8a1e1220e5f1fa762e60669ef1215cc15d138 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Sun, 17 Apr 2022 14:52:44 +0100
+Subject: [PATCH] vrrp: Resolve segfault when enable_snmp_vrrp is added at a
+ reload
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+Conflict: NA
+Reference: https://github.com/acassen/keepalived/commit/24f8a1e1220e5f1fa762e60669ef1215cc15d138
+---
+ keepalived/core/snmp.c         |  1 +
+ keepalived/include/vrrp_snmp.h |  3 ++-
+ keepalived/vrrp/vrrp_daemon.c  | 10 ++++++++--
+ keepalived/vrrp/vrrp_snmp.c    | 18 +++++++++---------
+ 4 files changed, 20 insertions(+), 12 deletions(-)
+
+diff --git a/keepalived/core/snmp.c b/keepalived/core/snmp.c
+index 421484e..2aae126 100644
+--- a/keepalived/core/snmp.c
++++ b/keepalived/core/snmp.c
+@@ -496,6 +496,7 @@ snmp_agent_close(bool base_mib)
+ 	if (base_mib)
+ 		snmp_unregister_mib(global_oid, OID_LENGTH(global_oid));
+ 	snmp_shutdown(global_name);
++	shutdown_agent();
+ 
+ 	snmp_running = false;
+ }
+diff --git a/keepalived/include/vrrp_snmp.h b/keepalived/include/vrrp_snmp.h
+index f75d32f..028356a 100644
+--- a/keepalived/include/vrrp_snmp.h
++++ b/keepalived/include/vrrp_snmp.h
+@@ -26,6 +26,7 @@
+ 
+ #include "config.h"
+ 
++#include "global_data.h"
+ #ifdef _WITH_SNMP_RFC_
+ #include "timer.h"
+ #endif
+@@ -74,7 +75,7 @@ extern timeval_t snmp_vrrp_start_time;
+ 
+ /* Prototypes */
+ extern void vrrp_snmp_agent_init(const char *);
+-extern void vrrp_snmp_agent_close(void);
++extern void vrrp_snmp_agent_close(const data_t *);
+ 
+ #ifdef _WITH_SNMP_VRRP_
+ extern void vrrp_snmp_instance_trap(vrrp_t *);
+diff --git a/keepalived/vrrp/vrrp_daemon.c b/keepalived/vrrp/vrrp_daemon.c
+index 036f9f2..5568a52 100644
+--- a/keepalived/vrrp/vrrp_daemon.c
++++ b/keepalived/vrrp/vrrp_daemon.c
+@@ -286,7 +286,7 @@ vrrp_terminate_phase2(int exit_status)
+ 	    global_data->enable_snmp_rfcv3 ||
+ #endif
+ 	    snmp_option)
+-		vrrp_snmp_agent_close();
++		vrrp_snmp_agent_close(global_data);
+ #endif
+ 
+ #ifdef _WITH_LVS_
+@@ -554,13 +554,19 @@ start_vrrp(data_t *prev_global_data)
+ 		     global_data->enable_snmp_rfcv3 ||
+ #endif
+ 		     snmp_option)) {
+-			if (reload)
++			if (snmp_running)
+ 				snmp_epoll_info(master);
+ 			else
+ 				vrrp_snmp_agent_init(global_data->snmp_socket);
+ #ifdef _WITH_SNMP_RFC_
+ 			snmp_vrrp_start_time = time_now;
+ #endif
++		} else {
++// We have a problem at reload if VRRP had SNMP and checker didn't, but now checker does.
++// Also race condition if changing so checker does and we dont, from other way round.
++// SOLUTION: Stop snmp before reload and start afterwards. ? A race anyway
++			if (snmp_running)
++				vrrp_snmp_agent_close(old_global_data);
+ 		}
+ #endif
+ 
+diff --git a/keepalived/vrrp/vrrp_snmp.c b/keepalived/vrrp/vrrp_snmp.c
+index fc7749b..aa4c426 100644
+--- a/keepalived/vrrp/vrrp_snmp.c
++++ b/keepalived/vrrp/vrrp_snmp.c
+@@ -4471,15 +4471,15 @@ vrrp_rfcv3_snmp_proto_err_notify(vrrp_t *vrrp)
+ #endif
+ 
+ static bool
+-vrrp_handles_global_oid(void)
++vrrp_handles_global_oid(const data_t *global_data_in_use)
+ {
+ #ifdef _WITH_SNMP_VRRP_
+-	if (global_data->enable_snmp_vrrp) {
++	if (global_data_in_use->enable_snmp_vrrp) {
+ #ifdef _WITH_LVS_
+ 		if (!running_checker())
+ 			return true;
+ #ifdef _WITH_SNMP_CHECKER_
+-		if (!global_data->enable_snmp_checker)
++		if (!global_data_in_use->enable_snmp_checker)
+ 			return true;
+ #endif
+ #else
+@@ -4498,7 +4498,7 @@ vrrp_snmp_agent_init(const char *snmp_socket_name)
+ 		return;
+ 
+ 	/* We let the check process handle the global OID if it is running and with snmp */
+-	snmp_agent_init(snmp_socket_name, vrrp_handles_global_oid());
++	snmp_agent_init(snmp_socket_name, vrrp_handles_global_oid(global_data));
+ 
+ #ifdef _WITH_SNMP_VRRP_
+ 	if (global_data->enable_snmp_vrrp)
+@@ -4524,22 +4524,22 @@ vrrp_snmp_agent_init(const char *snmp_socket_name)
+ }
+ 
+ void
+-vrrp_snmp_agent_close(void)
++vrrp_snmp_agent_close(const data_t *global_data_in_use)
+ {
+ 	if (!snmp_running)
+ 		return;
+ 
+ #ifdef _WITH_SNMP_VRRP_
+-	if (global_data->enable_snmp_vrrp)
++	if (global_data_in_use->enable_snmp_vrrp)
+ 		snmp_unregister_mib(vrrp_oid, OID_LENGTH(vrrp_oid));
+ #endif
+ #ifdef _WITH_SNMP_RFCV2_
+-	if (global_data->enable_snmp_rfcv2)
++	if (global_data_in_use->enable_snmp_rfcv2)
+ 		snmp_unregister_mib(vrrp_rfcv2_oid, OID_LENGTH(vrrp_rfcv2_oid));
+ #endif
+ #ifdef _WITH_SNMP_RFCV3_
+-	if (global_data->enable_snmp_rfcv3)
++	if (global_data_in_use->enable_snmp_rfcv3)
+ 		snmp_unregister_mib(vrrp_rfcv3_oid, OID_LENGTH(vrrp_rfcv3_oid));
+ #endif
+-	snmp_agent_close(vrrp_handles_global_oid());
++	snmp_agent_close(vrrp_handles_global_oid(global_data_in_use));
+ }
+-- 
+2.23.0
+

vrrp-dbus-Fix-assert-on-shutdown-after-name-lost.patch

@@ -0,0 +1,38 @@
+From 5721b5b7144d7e0fa71badf4fc2666a0850ea1ee Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Mon, 27 Sep 2021 16:57:54 +0100
+Subject: [PATCH] vrrp dbus: Fix assert on shutdown after name lost
+
+When DBus reports that the VRRP name has been lost on the session
+bus, keepalived calls g_hash_table_foreach_remove(). However it called
+the function again on shutdown causing an assert failure. This commit
+ensures that g_hash_table_foreach_remove() is not called on shutdown
+if it has already been called due to the name being lost.
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+Conflict: NA
+Reference: https://github.com/acassen/keepalived/commit/5721b5b7144d7e0fa71badf4fc2666a0850ea1ee
+---
+ keepalived/vrrp/vrrp_dbus.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/keepalived/vrrp/vrrp_dbus.c b/keepalived/vrrp/vrrp_dbus.c
+index c3b7c2c..0a223b4 100644
+--- a/keepalived/vrrp/vrrp_dbus.c
++++ b/keepalived/vrrp/vrrp_dbus.c
+@@ -964,8 +964,10 @@ dbus_stop(void)
+ 	if (!dbus_running)
+ 		return;
+ 
+-	g_hash_table_foreach_remove(objects, remove_object, NULL);
+-	objects = NULL;
++	if (objects) {
++		g_hash_table_foreach_remove(objects, remove_object, NULL);
++		objects = NULL;
++	}
+ 
+ 	if (global_connection != NULL) {
+ 		path = dbus_object_create_path_vrrp();
+-- 
+2.23.0
+

vrrp-deley-freeing-vrrp-instances-until-all-referenc.patch

@@ -0,0 +1,40 @@
+From 57dfaec99bafb0eb45e634c605daf52bb1cd5d0d Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Thu, 30 Jun 2022 17:14:39 +0100
+Subject: [PATCH] vrrp: deley freeing vrrp instances until all references are
+ freed
+
+Trackers etc have lists for vrrp instances that are tracking them.
+Therefore the trackers, and their references, must be freed before the
+vrrp instances are freed.
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+Conflict: NA
+Reference: https://github.com/acassen/keepalived/commit/57dfaec99bafb0eb45e634c605daf52bb1cd5d0d
+---
+ keepalived/vrrp/vrrp_data.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/keepalived/vrrp/vrrp_data.c b/keepalived/vrrp/vrrp_data.c
+index b2c6f69..c144e64 100644
+--- a/keepalived/vrrp/vrrp_data.c
++++ b/keepalived/vrrp/vrrp_data.c
+@@ -1223,7 +1223,6 @@ free_vrrp_data(vrrp_data_t * data)
+ 	free_iproute_list(&data->static_routes);
+ 	free_iprule_list(&data->static_rules);
+ 	free_static_track_groups_list(&data->static_track_groups);
+-	free_vrrp_list(&data->vrrp);
+ 	free_sync_group_list(&data->vrrp_sync_group);
+ 	free_vscript_list(&data->vrrp_script);
+ 	free_track_file_list(&data->vrrp_track_files);
+@@ -1233,6 +1232,7 @@ free_vrrp_data(vrrp_data_t * data)
+ #ifdef _WITH_BFD_
+ 	free_vrrp_tracked_bfd_list(&data->vrrp_track_bfds);
+ #endif
++	free_vrrp_list(&data->vrrp);
+ 	FREE(data);
+ }
+ 
+-- 
+2.23.0
+