Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 303371 Details for
Bug 405919
net-firewall/conntrack-tools: init-script did not check kernel version for disabling tcp window tracking
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
conntrackd.initd-r1.patch
conntrackd.initd-r1.patch (text/plain), 2.42 KB, created by
Marcel Pennewiß
on 2012-02-26 16:12:13 UTC
(
hide
)
Description:
conntrackd.initd-r1.patch
Filename:
MIME Type:
Creator:
Marcel Pennewiß
Created:
2012-02-26 16:12:13 UTC
Size:
2.42 KB
patch
obsolete
>--- conntrackd.initd-r1 2012-02-25 14:46:17.750453995 +0100 >+++ conntrackd.initd-r2 2012-02-25 14:49:02.945706134 +0100 >@@ -11,6 +11,38 @@ > need net > } > >+KV_to_int() >+{ >+ [ -z $1 ] && return 1 >+ >+ local x=${1%%[!0-9.]*} y= z= >+ local KV_MAJOR=${x%%.*} >+ y=${x#*.} >+ [ "$x" = "$y" ] && y=0.0 >+ local KV_MINOR=${y%%.*} >+ z=${y#*.} >+ [ "$y" = "$z" ] && z=0 >+ local KV_MICRO=${z%%.*} >+ local KV_int=$((${KV_MAJOR} * 65536 + ${KV_MINOR} * 256 + ${KV_MICRO} )) >+ >+ # We make version 2.2.0 the minimum version we will handle as >+ # a sanity check ... if its less, we fail ... >+ [ "${KV_int}" -lt 131584 ] && return 1 >+ >+ echo "${KV_int}" >+} >+ >+_RC_GET_KV_CACHE="" >+get_KV() >+{ >+ if [ -z "${_RC_GET_KV_CACHE}" ] ; then >+ _RC_GET_KV_CACHE="$(uname -r)" >+ fi >+ echo "$(KV_to_int "${_RC_GET_KV_CACHE}")" >+ >+ return $? >+} >+ > checkconfig() { > # check for netfilter conntrack kernel support > local nf_ct_available=0 >@@ -38,27 +70,30 @@ > eerror > return 1 > fi >- # check if netfilter conntrack TCP window tracking is disabled >- local nf_ct_tcp_be_liberal=0 >- for k in net.netfilter.nf_conntrack_tcp_be_liberal \ >- net.ipv4.netfilter.ip_conntrack_tcp_be_liberal; do >- nf_ct_tcp_be_liberal=$(sysctl -e -n ${k} 2>/dev/null) >- if [ ${?} -ne 0 ]; then >- continue # sysctl key not found >- else >- break # sysctl key found >+ >+ # check if netfilter conntrack TCP window tracking is disabled (kernel < 2.6.22) >+ if [ $(get_KV) -lt $(KV_to_int 2.6.22) ]; then >+ local nf_ct_tcp_be_liberal=0 >+ for k in net.netfilter.nf_conntrack_tcp_be_liberal \ >+ net.ipv4.netfilter.ip_conntrack_tcp_be_liberal; do >+ nf_ct_tcp_be_liberal=$(sysctl -e -n ${k} 2>/dev/null) >+ if [ ${?} -ne 0 ]; then >+ continue # sysctl key not found >+ else >+ break # sysctl key found >+ fi >+ done >+ if [ ${nf_ct_tcp_be_liberal} -ne 1 ]; then >+ eerror >+ eerror "You need to disable TCP window tracking for Kernel < 2.6.22!" >+ eerror "Add the following line to your /etc/sysctl.conf:" >+ eerror >+ eerror " ${k} = 1" >+ eerror >+ eerror "...and run this to activate the setting: sysctl -q -p" >+ eerror >+ return 1 > fi >- done >- if [ ${nf_ct_tcp_be_liberal} -ne 1 ]; then >- eerror >- eerror "You need to disable TCP window tracking!" >- eerror "Add the following line to your /etc/sysctl.conf:" >- eerror >- eerror " ${k} = 1" >- eerror >- eerror "...and run this to activate the setting: sysctl -q -p" >- eerror >- return 1 > fi > # check for config file > if [ ! -e "${CONNTRACKD_CFG}" ]; then
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=303371">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 405919
:
303371
