mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-04-19 18:26:44 +02:00
95 lines
2.7 KiB
Bash
95 lines
2.7 KiB
Bash
#!/sbin/openrc-run
|
|
# Copyright 1999-2008 Gentoo Foundation
|
|
# Distributed under the terms of the GNU General Public License v2
|
|
|
|
CONNTRACKD_CFG=${CONNTRACKD_CFG:-/etc/conntrackd/conntrackd.conf}
|
|
CONNTRACKD_LOCK=${CONNTRACKD_LOCK:-/var/lock/conntrack.lock}
|
|
|
|
command="/usr/sbin/conntrackd"
|
|
command_args="-C ${CONNTRACKD_CFG} ${CONNTRACKD_OPTS}"
|
|
command_background="yes"
|
|
pidfile="/run/$RC_SVCNAME.pid"
|
|
required_files="$CONNTRACKD_CFG"
|
|
|
|
depend() {
|
|
use logger
|
|
need net
|
|
after firewall
|
|
}
|
|
|
|
checkconfig() {
|
|
# check for netfilter conntrack kernel support
|
|
local nf_ct_available=0
|
|
for k in net.netfilter.nf_conntrack_max \
|
|
net.ipv4.netfilter.ip_conntrack_max \
|
|
net.nf_conntrack_max; do
|
|
if sysctl -e -n ${k} &>/dev/null; then
|
|
nf_ct_available=1 # sysctl key found
|
|
break
|
|
fi
|
|
done
|
|
if [ ${nf_ct_available} -eq 0 ]; then
|
|
eerror
|
|
eerror "Your kernel is missing netfilter conntrack support!"
|
|
eerror "Make sure your kernel was compiled with netfilter conntrack support."
|
|
eerror
|
|
eerror "If it was compiled as a module you need to ensure the module is being"
|
|
eerror "loaded before starting conntrackd."
|
|
eerror "Either add an entry to /etc/modules.autoload/[...] (for baselayout-1)"
|
|
eerror "or /etc/conf.d/modules (for baselayout-2/OpenRC) or load the module"
|
|
eerror "by hand like this, depending on your kernel version:"
|
|
eerror
|
|
eerror " modprobe nf_conntrack # (for newer kernels)"
|
|
eerror " modprobe ip_conntrack # (for older kernels)"
|
|
eerror
|
|
return 1
|
|
fi
|
|
# check if netfilter conntrack TCP window tracking is disabled
|
|
local nf_ct_tcp_be_liberal=0
|
|
for k in net.netfilter.nf_conntrack_tcp_be_liberal \
|
|
net.ipv4.netfilter.ip_conntrack_tcp_be_liberal; do
|
|
nf_ct_tcp_be_liberal=$(sysctl -e -n ${k} 2>/dev/null)
|
|
if [ ${?} -ne 0 ]; then
|
|
continue # sysctl key not found
|
|
else
|
|
break # sysctl key found
|
|
fi
|
|
done
|
|
if [ ${nf_ct_tcp_be_liberal} -ne 1 ]; then
|
|
eerror
|
|
eerror "You need to disable TCP window tracking!"
|
|
eerror "Add the following line to your /etc/sysctl.conf:"
|
|
eerror
|
|
eerror " ${k} = 1"
|
|
eerror
|
|
eerror "...and run this to activate the setting: sysctl -q -p"
|
|
eerror
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
start_pre() {
|
|
if [ "${RC_CMD}" != "restart" ] ; then
|
|
checkconfig || return $?
|
|
fi
|
|
# check for leftover lockfile
|
|
if [ -f "${CONNTRACKD_LOCK}" ]; then
|
|
ewarn
|
|
ewarn "The conntrackd lockfile (${CONNTRACKD_LOCK})"
|
|
ewarn "exists although the service is not marked as started."
|
|
ewarn "Will remove the lockfile and start the service in 10s"
|
|
ewarn "if not interrupted..."
|
|
ewarn
|
|
sleep 10
|
|
if ! rm -f "${CONNTRACKD_LOCK}"; then
|
|
eerror "Failed to remove the conntrackd lockfile (${CONNTRACKD_LOCK})"
|
|
return 1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
stop_pre() {
|
|
if [ "${RC_CMD}" = "restart" ] ; then
|
|
checkconfig || return $?
|
|
fi
|
|
}
|