Author: baggins Date: Mon Jan 11 14:30:23 2010 GMT Module: firewall-init Tag: HEAD ---- Log message: - support old and new naming schemes of kernel modules
---- Files affected: firewall-init/firewall.d: functions (1.20 -> 1.21) ---- Diffs: ================================================================ Index: firewall-init/firewall.d/functions diff -u firewall-init/firewall.d/functions:1.20 firewall-init/firewall.d/functions:1.21 --- firewall-init/firewall.d/functions:1.20 Sat Jan 9 15:14:34 2010 +++ firewall-init/firewall.d/functions Mon Jan 11 15:30:18 2010 @@ -1,9 +1,46 @@ #!/bin/sh - keep it for file(1) to get bourne shell script result +__set_modules() +{ + local _x _y _z v old_IFS kernelver + { + read _x _y v _z + old_IFS=$IFS + IFS='.' + set -- $v + IFS=$old_IFS + + # strip _* or -* from versions like: "2.6.25_vanilla-1", "2.6.25-1" + kernelver=${3%%[-_]*} + + while [ ${#kernelver} -lt 3 ]; do kernelver="0$kernelver"; done + kernelver="$2$kernelver" + while [ ${#kernelver} -lt 6 ]; do kernelver="0$kernelver"; done + kernelver="$1$kernelver" + while [ ${#kernelver} -lt 9 ]; do kernelver="0$kernelver"; done + } < /proc/version + + if [ "$kernelver" -lt "002006022" ]; then + __NAT_MODULES=ip_nat + __IP4_CONNTRACK=ip_conntrack + __IP6_CONNTRACK= + __NF_CONNTRACK=no + else + __NAT_MODULES=nf_nat + __IP4_CONNTRACK=nf_conntrack_ipv4 + __IP6_CONNTRACK=nf_conntrack_ipv6 + __NF_CONNTRACK=yes + fi + +} + generic_load_modules() { local i conn b + __set_modules + is_yes $__NF_CONNTRACK || return + _modprobe die -a x_tables _modprobe die -a nf_conntrack @@ -37,8 +74,9 @@ { local i conn b + __set_modules _modprobe die -a ip_tables - _modprobe die -a nf_conntrack_ipv4 + _modprobe die -a $__IP4_CONNTRACK if [ "$CONNTRACK_MODULES" = "all" -o -z "$CONNTRACK_MODULES" ] ; then conn="" @@ -68,10 +106,10 @@ if echo "$ipv4_TABLES" | awk '!/nat/ {exit 1}' ; then if [ "$NAT_MODULES" = "all" -o -z "$NAT_MODULES" ] ; then conn="" - for i in /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/nf_nat_*.ko{.gz,} ; do + for i in /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/${__NAT_MODULES}_*.ko{.gz,} ; do if [ -f "$i" ]; then for b in $NAT_MODULES_BLACKLIST ; do - if [[ "$i" = */nf_nat_$b.ko* ]]; then + if [[ "$i" = */${__NAT_MODULES}_$b.ko* ]]; then i= break fi @@ -86,7 +124,7 @@ elif [ "$NAT_MODULES" != "none" ] ; then conn="" for i in $NAT_MODULES ; do - conn="$conn ip_nat_$i" + conn="$conn ${__NAT_MODULES}_$i" done _modprobe die -a $conn fi @@ -95,8 +133,9 @@ ipv6_load_modules() { + __set_modules _modprobe die -a ip6_tables - _modprobe die -a nf_conntrack_ipv6 + [ -n "$__IP6_CONNTRACK" ] && _modprobe die -a $__IP6_CONNTRACK } generic_remove_modules() @@ -116,11 +155,12 @@ { local modules + __set_modules modules="`lsmod | grep "^ipt_" | cut -f 1 -d ' '`" [ -n "$modules" ] && rmmod $modules - modules="`lsmod | grep "^nf_nat_" | cut -f 1 -d ' '`" - [ -n "$modules" ] && rmmod $modules modules="`lsmod | grep "^iptable_" | cut -f 1 -d ' '`" + [ -n "$modules" ] && rmmod $modules + modules="`lsmod | grep "^${__NAT_MODULES}" | cut -f 1 -d ' '`" [ -n "$modules" ] && rmmod $modules modules="`lsmod | grep "^ip_conntrack" | cut -f 1 -d ' '`" [ -n "$modules" ] && rmmod $modules ================================================================ ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/firewall-init/firewall.d/functions?r1=1.20&r2=1.21&f=u _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit