I'm getting more and more of the fail-over code done. It now implements
conntrack exemption (NOTRACK) for the sync device, and also blocks all
incoming/outgoing network traffic on any node that is currently in 'slave'
state. This means that all interfaces can be configured, any applications can
be running, sockets bound, ... - but none of that will be visible to the
network until the node is propagated to master state.
This needs explicit support for new netfilter hooks in the core network stack (I call them l2hooks, other people NETFILTER_PACKET).
Main parts that are missing:
- Correctly deal with sync packet loss situations
- Replicate expectations (needs conntrack expect notifications)
- Testing on SMP systems, there might be locking bugs