#!/bin/sh
#
### BEGIN INIT INFO
# Provides: ct_sync
# Required-Start: $network
# Required-Stop: $network
# Should-Start: shorewall
# Should-Stop: shorewall
# Default-Start: 2 3 4 5
# Short-Description: Connection tracking state replication
# Description: Connection tracking state replication service
### END INIT INFO

. /etc/init.d/functions

CT_SYNC_CONF=/etc/sysconfig/ct_sync
[ -f $CT_SYNC_CONF ] && . $CT_SYNC_CONF

NAME=ct_sync

if [ -n "$CMARKBIT" ]; then
    HEXMARK=`printf 0x%0.8x $((1 << $CMARKBIT))`
fi

case "$1" in
  start)
        gprintf "Starting %s: " $NAME
	if [ "$ENABLE" = "yes" -a -n "$INTERFACE" -a -n "$CMARKBIT" ]; then
		# Marking traffic to be replicated
		iptables -t mangle -A PREROUTING -m state --state NEW -j CONNMARK --set-mark $HEXMARK/$HEXMARK
		# Prevent interaction between TCP window tracking and ct_sync
		echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal
		# Loading the ct_sync module
		modprobe $NAME syncdev=$INTERFACE cmarkbit=$CMARKBIT
	        RETVAL=$?
	else
		RETVAL=1
	fi
	[ $RETVAL -eq 0 ] && success || failure
        echo
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$NAME
        ;;
  stop)
        gprintf "Shutting down %s: " $NAME
	if [ "$ENABLE" = "yes" -a -n "$INTERFACE" -a -n "$CMARKBIT" ]; then
	    iptables -t mangle -D PREROUTING -m state --state NEW -j CONNMARK --set-mark $HEXMARK/$HEXMARK
	    rmmod $NAME
            RETVAL=$?
	else
	    RETVAL=1
	fi
	[ $RETVAL -eq 0 ] && success || failure
        echo
        [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$NAME
        ;;
  status)
        [ -f /var/lock/subsys/$NAME ]
        RETVAL=$?
        [ $RETVAL -eq 0 ] && gprintf "%s is running\n" $NAME || gprintf "%s is stopped\n" $NAME
        ;;
  restart|reload)
        $0 stop
        $0 start
        ;;
  condrestart)
        [ -f /var/lock/subsys/$NAME ] && restart || :
        ;;
  *)
        gprintf "Usage: %s {start|stop|status|restart}\n" "$0"
        RETVAL=1
        ;;
esac

exit $RETVAL