#!/bin/bash
###############################################################################
#
# This is HA-VPN-supervisor
#
# based on echo-ping, heartbeat, and my own idea of
# HA-VPN consists of 4 or more IPSec-gateways,
# 2 as normal way, 2 others as backup connection
#
# this script is running on the normal gateways only
# to have an idea of the line-avaliablity without using
# the ipsec-channel. echo-pings are sent out every second.
# if they fail, Linux-HA is shut-down to make the backups
# coming up with their internal interface.
#
# autor:        J.Hubertz
# date:         20040126
# license:      GNU/General Public License
#
###############################################################################
# feel free to improve or change,
# this is your copy of HA-VPN-supervisor!
###############################################################################
#
# TARGET is the other end of the normal connection
TARGET="gw-ba"
# TIMEOUT this count of seconds between every ping
TIMEOUT=1
# wait MAXFAIL * TIMEOUT until activating backup services
MAXFAIL=5
# wait HYSTERE * TIMEOUT seconds after things go well again
# before restarting normal service
HYSTERE=180
# startup assumes not to have a failure state
FAIL=0
#VERBOSE=-v
VERBOSE=""
#
ACTION_FAIL_START="/root/bin/HA-VPN-action-script start"
ACTION_OK_AGAIN="/root/bin/HA-VPN-action-script stop"
#
PING=/usr/bin/echoping
LOG="/usr/bin/logger -t HA-VPN"

math () {
        eval echo "\$(($*))"
	}

echo "`date +%Y%m%d%H%M%S` `basename $0` starting" | $LOG

while :
do
VAL=`$PING ${VERBOSE} -u -t $TIMEOUT -s 5 ${TARGET} 2>&1`
ERROR=$?
if [ $ERROR -gt 0 ] ; then
        echo "$DAT $ERROR $FAIL $VAL" | $LOG
	# we got a timeout
	if [ $FAIL -lt 0 ] ; then
		# was recovering before, fails again
	        FAIL=`math $MAXFAIL + 1`
	fi
	if [ $FAIL -eq $MAXFAIL ] ; then
		# we have to start backup services
		:
		FAIL=`math $FAIL + 1`
		echo "$DAT starting backup now: ${ACTION_FAIL_START}" | $LOG
		${ACTION_FAIL_START}
	else
		if [ $FAIL -lt $MAXFAIL ] ; then
			FAIL=`math $FAIL + 1`
		fi
	fi
else
	# ping was sucessfully done
	if [ $FAIL -gt $MAXFAIL ] ; then
		FAIL=`math 0 - $HYSTERE `
	fi
	if [ $FAIL -le $MAXFAIL -a $FAIL -ge 0 ] ; then
		FAIL=0
	fi
	if [ $FAIL -lt 0 ] ; then
		# we are waiting hysteresis seconds before restarting
		echo "$DAT $ERROR $FAIL $VAL" | $LOG
		FAIL=`math $FAIL + 1`
		if [ $FAIL -eq 0 ] ; then
			# restart normal services again
			:
			echo "$DAT normal again now: ${ACTION_OK_AGAIN}" | $LOG
			${ACTION_OK_AGAIN}
		fi
	fi
fi
#echo "$DAT $ERROR $FAIL $VAL" | $LOG
sleep $TIMEOUT
done
# never reached
exit 0