|
Lines 11-16
Link Here
|
| 11 |
need net |
11 |
need net |
| 12 |
} |
12 |
} |
| 13 |
|
13 |
|
|
|
14 |
KV_to_int() |
| 15 |
{ |
| 16 |
[ -z $1 ] && return 1 |
| 17 |
|
| 18 |
local x=${1%%[!0-9.]*} y= z= |
| 19 |
local KV_MAJOR=${x%%.*} |
| 20 |
y=${x#*.} |
| 21 |
[ "$x" = "$y" ] && y=0.0 |
| 22 |
local KV_MINOR=${y%%.*} |
| 23 |
z=${y#*.} |
| 24 |
[ "$y" = "$z" ] && z=0 |
| 25 |
local KV_MICRO=${z%%.*} |
| 26 |
local KV_int=$((${KV_MAJOR} * 65536 + ${KV_MINOR} * 256 + ${KV_MICRO} )) |
| 27 |
|
| 28 |
# We make version 2.2.0 the minimum version we will handle as |
| 29 |
# a sanity check ... if its less, we fail ... |
| 30 |
[ "${KV_int}" -lt 131584 ] && return 1 |
| 31 |
|
| 32 |
echo "${KV_int}" |
| 33 |
} |
| 34 |
|
| 35 |
_RC_GET_KV_CACHE="" |
| 36 |
get_KV() |
| 37 |
{ |
| 38 |
if [ -z "${_RC_GET_KV_CACHE}" ] ; then |
| 39 |
_RC_GET_KV_CACHE="$(uname -r)" |
| 40 |
fi |
| 41 |
echo "$(KV_to_int "${_RC_GET_KV_CACHE}")" |
| 42 |
|
| 43 |
return $? |
| 44 |
} |
| 45 |
|
| 14 |
checkconfig() { |
46 |
checkconfig() { |
| 15 |
# check for netfilter conntrack kernel support |
47 |
# check for netfilter conntrack kernel support |
| 16 |
local nf_ct_available=0 |
48 |
local nf_ct_available=0 |
|
Lines 38-64
Link Here
|
| 38 |
eerror |
70 |
eerror |
| 39 |
return 1 |
71 |
return 1 |
| 40 |
fi |
72 |
fi |
| 41 |
# check if netfilter conntrack TCP window tracking is disabled |
73 |
|
| 42 |
local nf_ct_tcp_be_liberal=0 |
74 |
# check if netfilter conntrack TCP window tracking is disabled (kernel < 2.6.22) |
| 43 |
for k in net.netfilter.nf_conntrack_tcp_be_liberal \ |
75 |
if [ $(get_KV) -lt $(KV_to_int 2.6.22) ]; then |
| 44 |
net.ipv4.netfilter.ip_conntrack_tcp_be_liberal; do |
76 |
local nf_ct_tcp_be_liberal=0 |
| 45 |
nf_ct_tcp_be_liberal=$(sysctl -e -n ${k} 2>/dev/null) |
77 |
for k in net.netfilter.nf_conntrack_tcp_be_liberal \ |
| 46 |
if [ ${?} -ne 0 ]; then |
78 |
net.ipv4.netfilter.ip_conntrack_tcp_be_liberal; do |
| 47 |
continue # sysctl key not found |
79 |
nf_ct_tcp_be_liberal=$(sysctl -e -n ${k} 2>/dev/null) |
| 48 |
else |
80 |
if [ ${?} -ne 0 ]; then |
| 49 |
break # sysctl key found |
81 |
continue # sysctl key not found |
|
|
82 |
else |
| 83 |
break # sysctl key found |
| 84 |
fi |
| 85 |
done |
| 86 |
if [ ${nf_ct_tcp_be_liberal} -ne 1 ]; then |
| 87 |
eerror |
| 88 |
eerror "You need to disable TCP window tracking for Kernel < 2.6.22!" |
| 89 |
eerror "Add the following line to your /etc/sysctl.conf:" |
| 90 |
eerror |
| 91 |
eerror " ${k} = 1" |
| 92 |
eerror |
| 93 |
eerror "...and run this to activate the setting: sysctl -q -p" |
| 94 |
eerror |
| 95 |
return 1 |
| 50 |
fi |
96 |
fi |
| 51 |
done |
|
|
| 52 |
if [ ${nf_ct_tcp_be_liberal} -ne 1 ]; then |
| 53 |
eerror |
| 54 |
eerror "You need to disable TCP window tracking!" |
| 55 |
eerror "Add the following line to your /etc/sysctl.conf:" |
| 56 |
eerror |
| 57 |
eerror " ${k} = 1" |
| 58 |
eerror |
| 59 |
eerror "...and run this to activate the setting: sysctl -q -p" |
| 60 |
eerror |
| 61 |
return 1 |
| 62 |
fi |
97 |
fi |
| 63 |
# check for config file |
98 |
# check for config file |
| 64 |
if [ ! -e "${CONNTRACKD_CFG}" ]; then |
99 |
if [ ! -e "${CONNTRACKD_CFG}" ]; then |
