• Home
  • History
  • Annotate
  • Line#
  • Navigate
  • Raw
  • Download
  • only in /netgear-R7000-V1.0.7.12_1.2.5/ap/gpl/conntrack-tools/conntrack-tools-1.4.0/doc/sync/
1#!/bin/sh
2#
3# (C) 2006-2011 by Pablo Neira Ayuso <pablo@netfilter.org>
4#
5# This program is free software; you can redistribute it and/or modify
6# it under the terms of the GNU General Public License as published by
7# the Free Software Foundation; either version 2 of the License, or
8# (at your option) any later version.
9#
10# Description:
11#
12# This is the script for primary-backup setups for keepalived
13# (http://www.keepalived.org). You may adapt it to make it work with other
14# high-availability managers.
15#
16# Do not forget to include the required modifications to your keepalived.conf
17# file to invoke this script during keepalived's state transitions.
18#
19# Contributions to improve this script are welcome :).
20#
21
22CONNTRACKD_BIN=/usr/sbin/conntrackd
23CONNTRACKD_LOCK=/var/lock/conntrack.lock
24CONNTRACKD_CONFIG=/etc/conntrackd/conntrackd.conf
25
26case "$1" in
27  primary)
28    #
29    # commit the external cache into the kernel table
30    #
31    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -c
32    if [ $? -eq 1 ]
33    then
34        logger "ERROR: failed to invoke conntrackd -c"
35    fi
36
37    #
38    # flush the internal and the external caches
39    #
40    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -f
41    if [ $? -eq 1 ]
42    then
43    	logger "ERROR: failed to invoke conntrackd -f"
44    fi
45
46    #
47    # resynchronize my internal cache to the kernel table
48    #
49    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -R
50    if [ $? -eq 1 ]
51    then
52    	logger "ERROR: failed to invoke conntrackd -R"
53    fi
54
55    #
56    # send a bulk update to backups 
57    #
58    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -B
59    if [ $? -eq 1 ]
60    then
61        logger "ERROR: failed to invoke conntrackd -B"
62    fi
63    ;;
64  backup)
65    #
66    # is conntrackd running? request some statistics to check it
67    #
68    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -s
69    if [ $? -eq 1 ]
70    then
71        #
72	# something's wrong, do we have a lock file?
73	#
74    	if [ -f $CONNTRACKD_LOCK ]
75	then
76	    logger "WARNING: conntrackd was not cleanly stopped."
77	    logger "If you suspect that it has crashed:"
78	    logger "1) Enable coredumps"
79	    logger "2) Try to reproduce the problem"
80	    logger "3) Post the coredump to netfilter-devel@vger.kernel.org"
81	    rm -f $CONNTRACKD_LOCK
82	fi
83	$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -d
84	if [ $? -eq 1 ]
85	then
86	    logger "ERROR: cannot launch conntrackd"
87	    exit 1
88	fi
89    fi
90    #
91    # shorten kernel conntrack timers to remove the zombie entries.
92    #
93    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t
94    if [ $? -eq 1 ]
95    then
96    	logger "ERROR: failed to invoke conntrackd -t"
97    fi
98
99    #
100    # request resynchronization with master firewall replica (if any)
101    # Note: this does nothing in the alarm approach.
102    #
103    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -n
104    if [ $? -eq 1 ]
105    then
106    	logger "ERROR: failed to invoke conntrackd -n"
107    fi
108    ;;
109  fault)
110    #
111    # shorten kernel conntrack timers to remove the zombie entries.
112    #
113    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t
114    if [ $? -eq 1 ]
115    then
116    	logger "ERROR: failed to invoke conntrackd -t"
117    fi
118    ;;
119  *)
120    logger "ERROR: unknown state transition"
121    echo "Usage: primary-backup.sh {primary|backup|fault}"
122    exit 1
123    ;;
124esac
125
126exit 0
127