[netfilter-cvslog] r6842 - in trunk/conntrack-tools: . examples/sync/nack

pablo at netfilter.org pablo at netfilter.org
Wed May 23 22:01:18 CEST 2007


Author: pablo at netfilter.org
Date: 2007-05-23 22:01:18 +0200 (Wed, 23 May 2007)
New Revision: 6842

Modified:
   trunk/conntrack-tools/INSTALL
   trunk/conntrack-tools/TODO
   trunk/conntrack-tools/examples/sync/nack/script_fault.sh
Log:
- update TODO list
- update INSTALL
- use conntrack instead of conntrackd to flush the conntrack table


Modified: trunk/conntrack-tools/INSTALL
===================================================================
--- trunk/conntrack-tools/INSTALL	2007-05-23 10:11:09 UTC (rev 6841)
+++ trunk/conntrack-tools/INSTALL	2007-05-23 20:01:18 UTC (rev 6842)
@@ -41,9 +41,9 @@
 	$ make
 	# make install
 
- Up to this point, the command line interface `conntrack' is ready for use.
- However, the userspace daemon so-called `conntrackd' requires some magic 
- speells to get it working.
+ Up to this point, the command line interface `conntrack' is ready for use,
+ see man conntrack(8). However, the userspace daemon so-called `conntrackd' 
+ requires some magic spells to get it working.
 
 3.Setting up conntrackd
 =======================
@@ -68,8 +68,8 @@
 
     There is an example file available inside the conntrackd tarball:
 
-    For node 1: conntrackd-x.x.x/examples/sync/node1/keepalived.conf
-    For node 2: conntrackd-x.x.x/examples/sync/node2/keepalived.conf
+    For node 1: conntrackd-x.x.x/examples/sync/_type_/node1/keepalived.conf
+    For node 2: conntrackd-x.x.x/examples/sync/_type_/node2/keepalived.conf
 
     These files can be used to set up a simple VRRP cluster composed of
     two machines that hold the virtual IPs 192.168.0.100 on eth0 and
@@ -94,8 +94,9 @@
 
     Where _type_ is the synchronization type selected, currently there are
     two: the persistent mode and the NACK mode. The persistent mode consumes
-    more resources than the NACK mode, however the NACK mode is still
-    experimental
+    more resources than the NACK mode but resolves synchronization issues 
+    better. On the other the NACK mode reduces resource consumption. I'll
+    provide more information on both approaches soon.
 
     Do not forget to edit the files in order to adapt them to the
     setting that you are deploying.

Modified: trunk/conntrack-tools/TODO
===================================================================
--- trunk/conntrack-tools/TODO	2007-05-23 10:11:09 UTC (rev 6841)
+++ trunk/conntrack-tools/TODO	2007-05-23 20:01:18 UTC (rev 6842)
@@ -1,18 +1,29 @@
 There are several tasks that are pending to be done, I have classified them
 by dificulty levels:
 
-Relatively easy
-===============
+= Relatively easy =
+ * add syslog support (based on Simon Lodal's patch)
+ * improve shell scripts for keepalived/heartbeat: *really* important
+ * use NACK based protocol, feedback: call pablo :-)
+ * manpage for conntrackd(8)
+ * use the floating priority feature in keepalived to avoid premature
+   take over.
 
-- test ipv6 support
-- improve shell scripts
-- test NACK based protocol
-- manpage for conntrackd
+= Requires some work =
+ * study better keepalived transitions
+ * test/fix ipv6 support
+ * have a look at open issues
+ * implement support for TCP window tracking (patches are on the table) at 
+   the moment you have to disable it:
 
-Requires some work
-==================
+  	echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal
 
-- study better keepalived transitions
-- implement support for TCP window tracking (patches are on the table)
-	- at the moment you have to disable it:
-	echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal
+= Requires kernel patches =
+ * setup master conntrack to match IPCT_RELATED
+
+= Open issues =
+ * unsupported iptables matches:
+   * connbytes: probably the persistent may support it
+   * recent: requires further study
+   * quota: private data counters
+ * connection tracking NAT helpers: sequence adjustment issues (?)

Modified: trunk/conntrack-tools/examples/sync/nack/script_fault.sh
===================================================================
--- trunk/conntrack-tools/examples/sync/nack/script_fault.sh	2007-05-23 10:11:09 UTC (rev 6841)
+++ trunk/conntrack-tools/examples/sync/nack/script_fault.sh	2007-05-23 20:01:18 UTC (rev 6842)
@@ -1,4 +1,4 @@
 #!/bin/sh
 
 /usr/sbin/conntrackd -f
-/usr/sbin/conntrackd -F
+/usr/sbin/conntrack -F




More information about the netfilter-cvslog mailing list