summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--INSTALL15
-rw-r--r--TODO35
-rwxr-xr-xexamples/sync/nack/script_fault.sh2
3 files changed, 32 insertions, 20 deletions
diff --git a/INSTALL b/INSTALL
index 1a80dd0..e4b1d58 100644
--- a/INSTALL
+++ b/INSTALL
@@ -41,9 +41,9 @@ Copyright (C) 2005-2007 Pablo Neira Ayuso <pablo netfilter org>
$ make
# make install
- Up to this point, the command line interface `conntrack' is ready for use.
- However, the userspace daemon so-called `conntrackd' requires some magic
- speells to get it working.
+ Up to this point, the command line interface `conntrack' is ready for use,
+ see man conntrack(8). However, the userspace daemon so-called `conntrackd'
+ requires some magic spells to get it working.
3.Setting up conntrackd
=======================
@@ -68,8 +68,8 @@ Copyright (C) 2005-2007 Pablo Neira Ayuso <pablo netfilter org>
There is an example file available inside the conntrackd tarball:
- For node 1: conntrackd-x.x.x/examples/sync/node1/keepalived.conf
- For node 2: conntrackd-x.x.x/examples/sync/node2/keepalived.conf
+ For node 1: conntrackd-x.x.x/examples/sync/_type_/node1/keepalived.conf
+ For node 2: conntrackd-x.x.x/examples/sync/_type_/node2/keepalived.conf
These files can be used to set up a simple VRRP cluster composed of
two machines that hold the virtual IPs 192.168.0.100 on eth0 and
@@ -94,8 +94,9 @@ Copyright (C) 2005-2007 Pablo Neira Ayuso <pablo netfilter org>
Where _type_ is the synchronization type selected, currently there are
two: the persistent mode and the NACK mode. The persistent mode consumes
- more resources than the NACK mode, however the NACK mode is still
- experimental
+ more resources than the NACK mode but resolves synchronization issues
+ better. On the other the NACK mode reduces resource consumption. I'll
+ provide more information on both approaches soon.
Do not forget to edit the files in order to adapt them to the
setting that you are deploying.
diff --git a/TODO b/TODO
index 130b1f8..482b677 100644
--- a/TODO
+++ b/TODO
@@ -1,18 +1,29 @@
There are several tasks that are pending to be done, I have classified them
by dificulty levels:
-Relatively easy
-===============
+= Relatively easy =
+ * add syslog support (based on Simon Lodal's patch)
+ * improve shell scripts for keepalived/heartbeat: *really* important
+ * use NACK based protocol, feedback: call pablo :-)
+ * manpage for conntrackd(8)
+ * use the floating priority feature in keepalived to avoid premature
+ take over.
-- test ipv6 support
-- improve shell scripts
-- test NACK based protocol
-- manpage for conntrackd
+= Requires some work =
+ * study better keepalived transitions
+ * test/fix ipv6 support
+ * have a look at open issues
+ * implement support for TCP window tracking (patches are on the table) at
+ the moment you have to disable it:
-Requires some work
-==================
+ echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal
-- study better keepalived transitions
-- implement support for TCP window tracking (patches are on the table)
- - at the moment you have to disable it:
- echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal
+= Requires kernel patches =
+ * setup master conntrack to match IPCT_RELATED
+
+= Open issues =
+ * unsupported iptables matches:
+ * connbytes: probably the persistent may support it
+ * recent: requires further study
+ * quota: private data counters
+ * connection tracking NAT helpers: sequence adjustment issues (?)
diff --git a/examples/sync/nack/script_fault.sh b/examples/sync/nack/script_fault.sh
index 68f1534..aec4af9 100755
--- a/examples/sync/nack/script_fault.sh
+++ b/examples/sync/nack/script_fault.sh
@@ -1,4 +1,4 @@
#!/bin/sh
/usr/sbin/conntrackd -f
-/usr/sbin/conntrackd -F
+/usr/sbin/conntrack -F