firewall-init: firewall.d/functions - support old and new naming schemes of...

[baggins]

Author: baggins                      Date: Mon Jan 11 14:30:23 2010 GMT
Module: firewall-init                 Tag: HEAD
---- Log message:
- support old and new naming schemes of kernel modules

---- Files affected:
firewall-init/firewall.d:
   functions (1.20 -> 1.21) 

---- Diffs:

================================================================
Index: firewall-init/firewall.d/functions
diff -u firewall-init/firewall.d/functions:1.20 firewall-init/firewall.d/functions:1.21
--- firewall-init/firewall.d/functions:1.20	Sat Jan  9 15:14:34 2010
+++ firewall-init/firewall.d/functions	Mon Jan 11 15:30:18 2010
@@ -1,9 +1,46 @@
 #!/bin/sh - keep it for file(1) to get bourne shell script result
 
+__set_modules()
+{
+	local _x _y _z v old_IFS kernelver
+	{
+		read _x _y v _z
+		old_IFS=$IFS
+		IFS='.'
+		set -- $v
+		IFS=$old_IFS
+
+		# strip _* or -* from versions like: "2.6.25_vanilla-1", "2.6.25-1"
+		kernelver=${3%%[-_]*}
+		
+		while [ ${#kernelver} -lt 3 ]; do kernelver="0$kernelver"; done
+		kernelver="$2$kernelver"
+		while [ ${#kernelver} -lt 6 ]; do kernelver="0$kernelver"; done
+		kernelver="$1$kernelver"
+		while [ ${#kernelver} -lt 9 ]; do kernelver="0$kernelver"; done
+	} < /proc/version
+
+	if [ "$kernelver" -lt "002006022" ]; then
+		__NAT_MODULES=ip_nat
+		__IP4_CONNTRACK=ip_conntrack
+		__IP6_CONNTRACK=
+		__NF_CONNTRACK=no
+	else
+		__NAT_MODULES=nf_nat
+		__IP4_CONNTRACK=nf_conntrack_ipv4
+		__IP6_CONNTRACK=nf_conntrack_ipv6
+		__NF_CONNTRACK=yes
+	fi
+
+}
+
 generic_load_modules()
 {
 	local i conn b
 
+	__set_modules
+	is_yes $__NF_CONNTRACK || return
+
 	_modprobe die -a x_tables
 	_modprobe die -a nf_conntrack
 
@@ -37,8 +74,9 @@
 {
 	local i conn b
 
+	__set_modules
 	_modprobe die -a ip_tables
-	_modprobe die -a nf_conntrack_ipv4
+	_modprobe die -a $__IP4_CONNTRACK
 
 	if [ "$CONNTRACK_MODULES" = "all" -o -z "$CONNTRACK_MODULES" ] ; then
 	    conn=""
@@ -68,10 +106,10 @@
 	if echo "$ipv4_TABLES" | awk '!/nat/ {exit 1}' ; then
 	    if [ "$NAT_MODULES" = "all" -o -z "$NAT_MODULES" ] ; then
 		conn=""
-		for i in /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/nf_nat_*.ko{.gz,} ; do
+		for i in /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/${__NAT_MODULES}_*.ko{.gz,} ; do
 			if [ -f "$i" ]; then
 				for b in $NAT_MODULES_BLACKLIST ; do
-					if [[ "$i" = */nf_nat_$b.ko* ]]; then
+					if [[ "$i" = */${__NAT_MODULES}_$b.ko* ]]; then
 						i=
 						break
 					fi
@@ -86,7 +124,7 @@
 	    elif [ "$NAT_MODULES" != "none" ] ; then
 		conn=""
 		for i in $NAT_MODULES ; do
-			    conn="$conn ip_nat_$i"
+			    conn="$conn ${__NAT_MODULES}_$i"
 		done
 		_modprobe die -a $conn
 	    fi
@@ -95,8 +133,9 @@
 
 ipv6_load_modules()
 {
+	__set_modules
 	_modprobe die -a ip6_tables
-	_modprobe die -a nf_conntrack_ipv6
+	[ -n "$__IP6_CONNTRACK" ] && _modprobe die -a $__IP6_CONNTRACK
 }
 
 generic_remove_modules()
@@ -116,11 +155,12 @@
 {
 	local modules
 
+	__set_modules
 	modules="`lsmod | grep "^ipt_" | cut -f 1 -d ' '`"
 	[ -n "$modules" ] && rmmod $modules
-	modules="`lsmod | grep "^nf_nat_" | cut -f 1 -d ' '`"
-	[ -n "$modules" ] && rmmod $modules
 	modules="`lsmod | grep "^iptable_" | cut -f 1 -d ' '`"
+	[ -n "$modules" ] && rmmod $modules
+	modules="`lsmod | grep "^${__NAT_MODULES}" | cut -f 1 -d ' '`"
 	[ -n "$modules" ] && rmmod $modules
 	modules="`lsmod | grep "^ip_conntrack" | cut -f 1 -d ' '`"
 	[ -n "$modules" ] && rmmod $modules
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/firewall-init/firewall.d/functions?r1=1.20&r2=1.21&f=u