Author: baggins Date: Mon Jan 11 14:30:23 2010 GMT
Module: firewall-init Tag: HEAD
---- Log message:
- support old and new naming schemes of kernel modules
---- Files affected:
firewall-init/firewall.d:
functions (1.20 -> 1.21)
---- Diffs:
================================================================
Index: firewall-init/firewall.d/functions
diff -u firewall-init/firewall.d/functions:1.20
firewall-init/firewall.d/functions:1.21
--- firewall-init/firewall.d/functions:1.20 Sat Jan 9 15:14:34 2010
+++ firewall-init/firewall.d/functions Mon Jan 11 15:30:18 2010
@@ -1,9 +1,46 @@
#!/bin/sh - keep it for file(1) to get bourne shell script result
+__set_modules()
+{
+ local _x _y _z v old_IFS kernelver
+ {
+ read _x _y v _z
+ old_IFS=$IFS
+ IFS='.'
+ set -- $v
+ IFS=$old_IFS
+
+ # strip _* or -* from versions like: "2.6.25_vanilla-1",
"2.6.25-1"
+ kernelver=${3%%[-_]*}
+
+ while [ ${#kernelver} -lt 3 ]; do kernelver="0$kernelver"; done
+ kernelver="$2$kernelver"
+ while [ ${#kernelver} -lt 6 ]; do kernelver="0$kernelver"; done
+ kernelver="$1$kernelver"
+ while [ ${#kernelver} -lt 9 ]; do kernelver="0$kernelver"; done
+ } < /proc/version
+
+ if [ "$kernelver" -lt "002006022" ]; then
+ __NAT_MODULES=ip_nat
+ __IP4_CONNTRACK=ip_conntrack
+ __IP6_CONNTRACK=
+ __NF_CONNTRACK=no
+ else
+ __NAT_MODULES=nf_nat
+ __IP4_CONNTRACK=nf_conntrack_ipv4
+ __IP6_CONNTRACK=nf_conntrack_ipv6
+ __NF_CONNTRACK=yes
+ fi
+
+}
+
generic_load_modules()
{
local i conn b
+ __set_modules
+ is_yes $__NF_CONNTRACK || return
+
_modprobe die -a x_tables
_modprobe die -a nf_conntrack
@@ -37,8 +74,9 @@
{
local i conn b
+ __set_modules
_modprobe die -a ip_tables
- _modprobe die -a nf_conntrack_ipv4
+ _modprobe die -a $__IP4_CONNTRACK
if [ "$CONNTRACK_MODULES" = "all" -o -z "$CONNTRACK_MODULES" ] ; then
conn=""
@@ -68,10 +106,10 @@
if echo "$ipv4_TABLES" | awk '!/nat/ {exit 1}' ; then
if [ "$NAT_MODULES" = "all" -o -z "$NAT_MODULES" ] ; then
conn=""
- for i in /lib/modules/`uname
-r`/kernel/net/ipv4/netfilter/nf_nat_*.ko{.gz,} ; do
+ for i in /lib/modules/`uname
-r`/kernel/net/ipv4/netfilter/${__NAT_MODULES}_*.ko{.gz,} ; do
if [ -f "$i" ]; then
for b in $NAT_MODULES_BLACKLIST ; do
- if [[ "$i" = */nf_nat_$b.ko* ]]; then
+ if [[ "$i" = */${__NAT_MODULES}_$b.ko*
]]; then
i=
break
fi
@@ -86,7 +124,7 @@
elif [ "$NAT_MODULES" != "none" ] ; then
conn=""
for i in $NAT_MODULES ; do
- conn="$conn ip_nat_$i"
+ conn="$conn ${__NAT_MODULES}_$i"
done
_modprobe die -a $conn
fi
@@ -95,8 +133,9 @@
ipv6_load_modules()
{
+ __set_modules
_modprobe die -a ip6_tables
- _modprobe die -a nf_conntrack_ipv6
+ [ -n "$__IP6_CONNTRACK" ] && _modprobe die -a $__IP6_CONNTRACK
}
generic_remove_modules()
@@ -116,11 +155,12 @@
{
local modules
+ __set_modules
modules="`lsmod | grep "^ipt_" | cut -f 1 -d ' '`"
[ -n "$modules" ] && rmmod $modules
- modules="`lsmod | grep "^nf_nat_" | cut -f 1 -d ' '`"
- [ -n "$modules" ] && rmmod $modules
modules="`lsmod | grep "^iptable_" | cut -f 1 -d ' '`"
+ [ -n "$modules" ] && rmmod $modules
+ modules="`lsmod | grep "^${__NAT_MODULES}" | cut -f 1 -d ' '`"
[ -n "$modules" ] && rmmod $modules
modules="`lsmod | grep "^ip_conntrack" | cut -f 1 -d ' '`"
[ -n "$modules" ] && rmmod $modules
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/firewall-init/firewall.d/functions?r1=1.20&r2=1.21&f=u
_______________________________________________
pld-cvs-commit mailing list
pld-cvs-commit@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
