From 99499fdbe5221847288a6d18edf1032d2702cff9 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Fri, 22 Feb 2013 14:30:21 +0100 Subject: [PATCH] add support for setting sysctls, remove tcp_westwood option, its not present on current kernels --- defaults.c | 31 ++++++++++++++++++++++++++++++- defaults.h | 2 ++ main.c | 12 ++++++++---- options.h | 1 - 4 files changed, 40 insertions(+), 6 deletions(-) diff --git a/defaults.c b/defaults.c index d2037f8..7f41c83 100644 --- a/defaults.c +++ b/defaults.c @@ -74,7 +74,6 @@ const struct fw3_option fw3_default_opts[] = { FW3_OPT("tcp_syncookies", bool, defaults, tcp_syncookies), FW3_OPT("tcp_ecn", bool, defaults, tcp_ecn), - FW3_OPT("tcp_westwood", bool, defaults, tcp_westwood), FW3_OPT("tcp_window_scaling", bool, defaults, tcp_window_scaling), FW3_OPT("accept_redirects", bool, defaults, accept_redirects), @@ -288,6 +287,36 @@ fw3_print_default_tail_rules(enum fw3_table table, enum fw3_family family, fw3_pr("-A delegate_forward -j reject\n"); } +static void +set_default(const char *name, bool set) +{ + FILE *f; + char path[sizeof("/proc/sys/net/ipv4/tcp_window_scaling\0")]; + + snprintf(path, sizeof(path), "/proc/sys/net/ipv4/tcp_%s", name); + + info(" * Set tcp_%s to %s", name, set ? "on" : "off", name); + + if (!(f = fopen(path, "w"))) + { + info(" ! Unable to write value: %s", strerror(errno)); + return; + } + + fprintf(f, "%u\n", set); + fclose(f); +} + +void +fw3_set_defaults(struct fw3_state *state) +{ + info("Setting sysctl values"); + + set_default("ecn", state->defaults.tcp_ecn); + set_default("syncookies", state->defaults.tcp_syncookies); + set_default("window_scaling", state->defaults.tcp_window_scaling); +} + static void reset_policy(enum fw3_table table) { diff --git a/defaults.h b/defaults.h index 562b895..29babd8 100644 --- a/defaults.h +++ b/defaults.h @@ -34,6 +34,8 @@ void fw3_print_default_head_rules(enum fw3_table table, enum fw3_family family, void fw3_print_default_tail_rules(enum fw3_table table, enum fw3_family family, struct fw3_state *state); +void fw3_set_defaults(struct fw3_state *state); + void fw3_flush_rules(enum fw3_table table, enum fw3_family family, bool pass2, struct fw3_state *state); diff --git a/main.c b/main.c index 6eb002f..65de9f5 100644 --- a/main.c +++ b/main.c @@ -240,11 +240,15 @@ start(struct fw3_state *state, bool reload) enum fw3_family family; enum fw3_table table; - if (!print_rules && !reload && - fw3_command_pipe(false, "ipset", "-exist", "-")) + if (!print_rules && !reload) { - fw3_create_ipsets(state); - fw3_command_close(); + fw3_set_defaults(state); + + if (fw3_command_pipe(false, "ipset", "-exist", "-")) + { + fw3_create_ipsets(state); + fw3_command_close(); + } } for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++) diff --git a/options.h b/options.h index a9257a3..96afcd2 100644 --- a/options.h +++ b/options.h @@ -228,7 +228,6 @@ struct fw3_defaults bool tcp_syncookies; bool tcp_ecn; - bool tcp_westwood; bool tcp_window_scaling; bool accept_redirects; -- 2.25.1