Syntrack module
===============

This kernel module can be used to keep the connection tracking tables of two
Linux routers in sync. The module itself will allow reading & writing the
conntrack table thru a character device (/dev/syntrack ; should be created
automatically with your average udev configuration). To synchronize the table
with another router/firewall, you will also need a userland tool.

To compile :
If the kernel has been patched according to the changes described below,
make EXTRA_CFLAGS=-DNAT_EXPORTED
otherwise,
make

To execute :
Once compiled, you'll find in the source directory a file named 'syntrack.ko' 
corresponding to the module ; insmod it into your running kernel. It should
create the /dev/syntrack device.
To test the whole synchronization process, you will need two Linux routers,
which should run the same kernel (no testing has been done yet with different
kernel versions ; it should work as long as the same conntrack options have
been set on both sides).
Run "syntrack_send backup.ip" on the "main" router, and "syntrack_recv main.ip"
on the "backup" router. From now on, the /proc/net/ip_conntrack special file
on the backup router will reflect the changes of the same file on the main
router.

If you want NAT to work correctly, you should apply the following changes to
your kernel sources :
	
File : ip_nat_core.c (net/ipv4/netfilter)
line 47 : /*static */unsigned int ip_nat_htable_size;
line 49 : /*static */struct list_head *bysource;

new exported symbols :
EXPORT_SYMBOL_GPL(ip_nat_htable_size);
EXPORT_SYMBOL_GPL(ip_nat_lock);
EXPORT_SYMBOL_GPL(bysource);

You can also do this using the patch file nat.diff :
	patch -p1 < nat.diff
at the linux kernel source directory.
To unpatch, just try :
	patch -p1 -R < nat.diff
at the same directory.
Without those changes, synchronization without NAT will work ; usage of NAT
will yield unpredictable results however.