|
1
|
#!/bin/sh
|
|
2
|
|
|
3
|
estabcount=0
|
|
4
|
p2count=0
|
|
5
|
totalcount=0
|
|
6
|
buferr=0
|
|
7
|
|
|
8
|
bounceall() {
|
|
9
|
echo "Restarting"
|
|
10
|
echo "Restarting" | logger
|
|
11
|
/usr/local/etc/rc.d/bgpd.sh stop
|
|
12
|
sleep 1
|
|
13
|
$ipsecpath stop
|
|
14
|
sleep 1
|
|
15
|
$ipsecpath start
|
|
16
|
sleep 3
|
|
17
|
/usr/local/etc/rc.d/bgpd.sh start
|
|
18
|
}
|
|
19
|
|
|
20
|
ipsecpath=/usr/local/sbin/ipsec
|
|
21
|
|
|
22
|
echo "=== ipsecmon started at `date` ==="
|
|
23
|
echo "=== ipsecmon started at `date` ===" | logger
|
|
24
|
|
|
25
|
for con in `$ipsecpath status | grep "\[" | sed 's/\[.*//g' | sort | uniq` ;
|
|
26
|
do
|
|
27
|
echo $con
|
|
28
|
estab=0
|
|
29
|
p2=0
|
|
30
|
|
|
31
|
$ipsecpath status $con | grep ESTAB >/dev/null 2>&1 && estab=1
|
|
32
|
$ipsecpath status $con | grep INSTALLED >/dev/null 2>&1 && p2=1
|
|
33
|
|
|
34
|
[ $estab -eq 1 ] && {
|
|
35
|
echo $con p1 up
|
|
36
|
# echo $con p1 up | logger ## This is too chatty
|
|
37
|
estabcount=$(( $estabcount + 1 ))
|
|
38
|
|
|
39
|
[ $p2 -eq 0 ] && {
|
|
40
|
echo $con p2 down, restarting
|
|
41
|
echo $con p2 down, restarting | logger
|
|
42
|
echo stopping $con...
|
|
43
|
echo stopping $con... | logger
|
|
44
|
$ipsecpath down $con >/dev/null 2>&1
|
|
45
|
sleep 1
|
|
46
|
echo starting $con...
|
|
47
|
echo starting $con... | logger
|
|
48
|
$ipsecpath up $con | grep error | grep "buffer space" >/dev/null 2>&1 && { echo "PF_KEY buffer error while starting $con"; buferr=$(( $buferr + 1 )); }
|
|
49
|
}
|
|
50
|
|
|
51
|
}
|
|
52
|
|
|
53
|
[ $estab -eq 0 ] && {
|
|
54
|
echo $con p1 down
|
|
55
|
echo $con p1 down | logger
|
|
56
|
}
|
|
57
|
[ $p2 -eq 1 ] && {
|
|
58
|
echo $con p2 up
|
|
59
|
# echo $con p2 up | logger ## This is too chatty
|
|
60
|
p2count=$(( $p2count + 1 ));
|
|
61
|
}
|
|
62
|
totalcount=$(( $totalcount + 1 ))
|
|
63
|
done
|
|
64
|
|
|
65
|
echo
|
|
66
|
echo ===
|
|
67
|
echo estab $estabcount / $totalcount
|
|
68
|
echo estab $estabcount / $totalcount | logger
|
|
69
|
echo p2 $p2count / $totalcount
|
|
70
|
echo p2 $p2count / $totalcount | logger
|
|
71
|
echo buf_err $buferr / $totalcount
|
|
72
|
echo buf_err $buferr / $totalcount | logger
|
|
73
|
echo === ipsecmon ended ===
|
|
74
|
echo === ipsecmon ended === | logger
|
|
75
|
echo
|
|
76
|
|
|
77
|
[ $totalcount -gt 0 ] && [ $buferr -gt 0 ] && {
|
|
78
|
echo $buferr connections show buffer space errors - bouncing openbgpd and ipsec
|
|
79
|
echo $buferr connections show buffer space errors - bouncing openbgpd and ipsec | logger
|
|
80
|
bounceall
|
|
81
|
exit
|
|
82
|
}
|
|
83
|
|
|
84
|
[ $totalcount -gt 0 ] && [ $estabcount -eq 0 ] && {
|
|
85
|
echo no connections have p1 up - bouncing openbgpd and ipsec
|
|
86
|
echo no connections have p1 up - bouncing openbgpd and ipsec | logger
|
|
87
|
bounceall
|
|
88
|
exit
|
|
89
|
}
|
|
90
|
|
|
91
|
[ $totalcount -gt 0 ] && [ $estabcount -eq $totalcount ] && [ $p2count -eq 0 ] && {
|
|
92
|
echo all connections have p1 up but no connections have p2 up - bouncing openbgpd and ipsec
|
|
93
|
echo all connections have p1 up but no connections have p2 up - bouncing openbgpd and ipsec | logger
|
|
94
|
bounceall
|
|
95
|
exit
|
|
96
|
}
|