# !/bin/sh # # Copyright (C) 2003 Nexedi SARL # Written by Yoshinori OKUJI . . /etc/sysconfig/vpn # Get the disk usage of an argument. get_disk_usage() { df "$1" | tail -n 1 | sed 's/.* \([0-9]*\)\% .*/\1/' } # Kill all processes certainly. kill_all_completely() { killall "$1" >/dev/null 2>&1 sleep 1 killall -9 -w "$1" >/dev/null 2>&1 sleep 1 } # Get the network device used for the internet connection. get_net_dev() { case $CONNECTION_TYPE in pppoe|pppoa) device=ppp0 ;; dhcp) device=`/usr/sbin/eaglectrl -i` ;; esac if test "$MODEM_TYPE" = usb; then device=`/usr/sbin/eaglectrl -i` fi echo $device } # Restart the PPP connection. restart_ppp() { # It is better to stop ipsec, because it often happens that ipsec net device # is registered as a default gateway, when ppp connection is cut off. This # makes it impossible to register ppp as a default gateway. /etc/init.d/ipsec stop case "$CONNECTION_TYPE" in pppoe) /etc/init.d/adsl stop kill_all_completely pppd ;; pppoa) /usr/sbin/stopadsl kill_all_completely pppd ;; dhcp) killall dhclient ;; esac if test "$MODEM_TYPE" = usb; then device="`/usr/sbin/eaglectrl -i`" if test "x$device" != x; then /sbin/ifconfig $device down fi # FIXME : as eagle-usb is broken, this is removed #modprobe -r eagle-usb #/etc/init.d/usb stop #sleep 5 #/etc/init.d/usb start modprobe eagle-usb /usr/sbin/eaglectrl -d /usr/sbin/eaglectrl -s600 fi # XXX seems to be required in mandrake 10.1 if test x`get_net_dev` !- x ; then ifconfig `get_net_dev` up fi case "$CONNECTION_TYPE" in pppoe) /etc/init.d/adsl start ;; pppoa) /usr/sbin/startadsl ;; dhcp) if test x`get_net_dev` != x ; then dhclient `get_net_dev` fi ;; esac sleep 1 } # Escape special characters for a regular expression. escape_regexp() { echo "$1" | sed 's/\./\\./g' } # Check the PPP connection. check_ppp_connection() { connected_via_ppp=0 if ip addr show dev `get_net_dev` | grep inet >/dev/null 2>&1; then for h in google.fr yahoo.fr nexedi.com; do if ping -c 3 $h >/dev/null 2>&1; then connected_via_ppp=1 break fi done fi echo $connected_via_ppp } # Check if /var/log is full. If so, remove old compressed logs. if test `get_disk_usage /var/log` -gt 95; then find /var/log -name '*.gz' -print | xargs rm -f fi # Still full? Then, remove old non-compressed logs. if test `get_disk_usage /var/log` -gt 95; then find /var/log -name '*.[0-9]' -print | xargs rm -f fi # Still full? Then, make all logs empty and restart syslog. if test `get_disk_usage /var/log` -gt 95; then find /var/log -type f -exec cp -f /dev/null {} \; /etc/init.d/syslog restart fi # Check the PPP connection. if test `check_ppp_connection` -eq 0; then restart_ppp fi if test $VPN_TYPE = 'center' -o $VPN_TYPE = 'leaf'; then if test `check_ppp_connection` -eq 1; then # Check the IPSec connections. connected_via_ipsec=0 if test $VPN_TYPE = 'leaf'; then # This is a leaf node. # FIXME : here, we could check the "setkey -DP" output if ping -c 3 $CENTER_ADDR >/dev/null 2>&1; then connected_via_ipsec=1 fi else # This is a central node. If at least one of the connections is alive, # assume that IPSec is in a working state. linked=0 for n in $LEAF_NETS; do # FIXME : here, we could check the "setkey -DP" output linked=1 break done if test $linked -ne 0; then for h in $LEAF_ADDRS; do if ping -c 3 $h >/dev/null 2>&1; then connected_via_ipsec=1 break fi done fi fi if test $connected_via_ipsec -eq 0; then # Make sure that shorewall is working well. /etc/init.d/shorewall restart /etc/init.d/ipsec restart fi fi fi # Wait 60 seconds for the next check. sleep 60