From eaae45fa65fdb559b5442dfe2da05a808c5c57ba Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org" Date: Wed, 23 May 2007 20:01:18 +0000 Subject: - update TODO list - update INSTALL - use conntrack instead of conntrackd to flush the conntrack table --- INSTALL | 15 ++++++++------- TODO | 35 +++++++++++++++++++++++------------ examples/sync/nack/script_fault.sh | 2 +- 3 files changed, 32 insertions(+), 20 deletions(-) diff --git a/INSTALL b/INSTALL index 1a80dd0..e4b1d58 100644 --- a/INSTALL +++ b/INSTALL @@ -41,9 +41,9 @@ Copyright (C) 2005-2007 Pablo Neira Ayuso $ make # make install - Up to this point, the command line interface `conntrack' is ready for use. - However, the userspace daemon so-called `conntrackd' requires some magic - speells to get it working. + Up to this point, the command line interface `conntrack' is ready for use, + see man conntrack(8). However, the userspace daemon so-called `conntrackd' + requires some magic spells to get it working. 3.Setting up conntrackd ======================= @@ -68,8 +68,8 @@ Copyright (C) 2005-2007 Pablo Neira Ayuso There is an example file available inside the conntrackd tarball: - For node 1: conntrackd-x.x.x/examples/sync/node1/keepalived.conf - For node 2: conntrackd-x.x.x/examples/sync/node2/keepalived.conf + For node 1: conntrackd-x.x.x/examples/sync/_type_/node1/keepalived.conf + For node 2: conntrackd-x.x.x/examples/sync/_type_/node2/keepalived.conf These files can be used to set up a simple VRRP cluster composed of two machines that hold the virtual IPs 192.168.0.100 on eth0 and @@ -94,8 +94,9 @@ Copyright (C) 2005-2007 Pablo Neira Ayuso Where _type_ is the synchronization type selected, currently there are two: the persistent mode and the NACK mode. The persistent mode consumes - more resources than the NACK mode, however the NACK mode is still - experimental + more resources than the NACK mode but resolves synchronization issues + better. On the other the NACK mode reduces resource consumption. I'll + provide more information on both approaches soon. Do not forget to edit the files in order to adapt them to the setting that you are deploying. diff --git a/TODO b/TODO index 130b1f8..482b677 100644 --- a/TODO +++ b/TODO @@ -1,18 +1,29 @@ There are several tasks that are pending to be done, I have classified them by dificulty levels: -Relatively easy -=============== += Relatively easy = + * add syslog support (based on Simon Lodal's patch) + * improve shell scripts for keepalived/heartbeat: *really* important + * use NACK based protocol, feedback: call pablo :-) + * manpage for conntrackd(8) + * use the floating priority feature in keepalived to avoid premature + take over. -- test ipv6 support -- improve shell scripts -- test NACK based protocol -- manpage for conntrackd += Requires some work = + * study better keepalived transitions + * test/fix ipv6 support + * have a look at open issues + * implement support for TCP window tracking (patches are on the table) at + the moment you have to disable it: -Requires some work -================== + echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal -- study better keepalived transitions -- implement support for TCP window tracking (patches are on the table) - - at the moment you have to disable it: - echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal += Requires kernel patches = + * setup master conntrack to match IPCT_RELATED + += Open issues = + * unsupported iptables matches: + * connbytes: probably the persistent may support it + * recent: requires further study + * quota: private data counters + * connection tracking NAT helpers: sequence adjustment issues (?) diff --git a/examples/sync/nack/script_fault.sh b/examples/sync/nack/script_fault.sh index 68f1534..aec4af9 100755 --- a/examples/sync/nack/script_fault.sh +++ b/examples/sync/nack/script_fault.sh @@ -1,4 +1,4 @@ #!/bin/sh /usr/sbin/conntrackd -f -/usr/sbin/conntrackd -F +/usr/sbin/conntrack -F -- cgit v1.2.3