Project

General

Profile

ipsecmon-jc.diff

James Cornman, 12/13/2016 07:51 AM

View differences:

ipsecmon-jc.sh 2016-12-13 08:50:19.000000000 -0500
6 6
buferr=0
7 7

  
8 8
bounceall() {
9
/usr/local/etc/rc.d/bgpd.sh stop
10
sleep 1
11
$ipsecpath stop
12
sleep 1
13
$ipsecpath start
14
sleep 3
15
/usr/local/etc/rc.d/bgpd.sh start
9
        echo "Restarting"
10
        echo "Restarting" | logger
11
        /usr/local/etc/rc.d/bgpd.sh stop
12
        sleep 1
13
        $ipsecpath stop
14
        sleep 1
15
        $ipsecpath start
16
        sleep 3
17
        /usr/local/etc/rc.d/bgpd.sh start
16 18
}
17 19

  
18 20
ipsecpath=/usr/local/sbin/ipsec
19 21

  
20
echo "=== started at `date` ==="
22
echo "=== ipsecmon started at `date` ==="
23
echo "=== ipsecmon started at `date` ===" | logger
21 24

  
22
for con in `$ipsecpath status | grep "\[" | sed 's/\[.*//g' | sort | uniq` ; do 
23
echo $con
24
estab=0
25
p2=0
26

  
27
$ipsecpath status $con | grep ESTAB >/dev/null 2>&1 && estab=1
28
$ipsecpath status $con | grep INSTALLED >/dev/null 2>&1 && p2=1
29

  
30
[ $estab -eq 1 ] && { 
31
	echo $con p1 up
32
	estabcount=$(( $estabcount + 1 ))
33
	[ $p2 -eq 0 ] && {
34
	 	echo $con p2 down, restarting
35
                echo stopping $con...
36
		$ipsecpath down $con >/dev/null 2>&1
37
		sleep 1
38
                echo starting $con...
39
		$ipsecpath up $con | grep error | grep "buffer space" >/dev/null 2>&1  && { echo "PF_KEY buffer error while starting $con"; buferr=$(( $buferr + 1 )); }
40
	}
41

  
42
}
43
[ $estab -eq 0 ] && { echo $con p1 down; }
44
[ $p2 -eq 1 ] && { echo $con p2 up; p2count=$(( $p2count + 1 )); }
45
totalcount=$(( $totalcount + 1 ))
25
for con in `$ipsecpath status | grep "\[" | sed 's/\[.*//g' | sort | uniq` ;
26
do 
27
        echo $con
28
        estab=0
29
        p2=0
30

  
31
        $ipsecpath status $con | grep ESTAB >/dev/null 2>&1 && estab=1
32
        $ipsecpath status $con | grep INSTALLED >/dev/null 2>&1 && p2=1
33

  
34
        [ $estab -eq 1 ] && { 
35
                echo $con p1 up
36
#               echo $con p1 up | logger   ## This is too chatty
37
                estabcount=$(( $estabcount + 1 ))
38
                
39
                [ $p2 -eq 0 ] && {
40
                        echo $con p2 down, restarting
41
                        echo $con p2 down, restarting | logger
42
                        echo stopping $con...
43
                        echo stopping $con... | logger
44
                        $ipsecpath down $con >/dev/null 2>&1
45
                        sleep 1
46
                        echo starting $con...
47
                        echo starting $con... | logger
48
                        $ipsecpath up $con | grep error | grep "buffer space" >/dev/null 2>&1  && { echo "PF_KEY buffer error while starting $con"; buferr=$(( $buferr + 1 )); }
49
                }
50

  
51
        }
52

  
53
        [ $estab -eq 0 ] && { 
54
                echo $con p1 down
55
                echo $con p1 down | logger
56
        }
57
        [ $p2 -eq 1 ] && {
58
                echo $con p2 up
59
#               echo $con p2 up | logger ## This is too chatty
60
                p2count=$(( $p2count + 1 ));
61
        }
62
        totalcount=$(( $totalcount + 1 ))
46 63
done
47 64

  
48 65
echo
49 66
echo ===
50 67
echo estab $estabcount / $totalcount
68
echo estab $estabcount / $totalcount | logger
51 69
echo p2 $p2count / $totalcount
70
echo p2 $p2count / $totalcount | logger
52 71
echo buf_err $buferr / $totalcount
53
echo ===
72
echo buf_err $buferr / $totalcount | logger
73
echo === ipsecmon ended ===
74
echo === ipsecmon ended === | logger
54 75
echo
55 76

  
56 77
[ $totalcount -gt 0 ] && [ $buferr -gt 0 ] && {
57
echo $buferr connections show buffer space errors - bouncing openbgpd and ipsec
58
bounceall
59
exit
78
        echo $buferr connections show buffer space errors - bouncing openbgpd and ipsec
79
        echo $buferr connections show buffer space errors - bouncing openbgpd and ipsec | logger
80
        bounceall
81
        exit
60 82
}
61 83

  
62 84
[ $totalcount -gt 0 ] && [ $estabcount -eq 0 ] && {
63
echo no connections have p1 up - bouncing openbgpd and ipsec
64
bounceall
65
exit
85
        echo no connections have p1 up - bouncing openbgpd and ipsec
86
        echo no connections have p1 up - bouncing openbgpd and ipsec | logger
87
        bounceall
88
        exit
66 89
}
67 90

  
68 91
[ $totalcount -gt 0 ] && [ $estabcount -eq $totalcount ] && [ $p2count -eq 0 ] && {
69
echo all connections have p1 up but no connections have p2 up - bouncing openbgpd and ipsec
70
bounceall
71
exit
92
        echo all connections have p1 up but no connections have p2 up - bouncing openbgpd and ipsec
93
        echo all connections have p1 up but no connections have p2 up - bouncing openbgpd and ipsec | logger
94
        bounceall
95
        exit
72 96
}
73