|
Revision 2107, 1.2 kB
(checked in by mbr, 1 year ago)
|
updated iptables trailing space link
|
- Property svn:eol-style set to
native
- Property svn:keywords set to
Author Date Id Revision
|
| Line | |
|---|
| 1 |
|
|---|
| 2 |
This README applies to the patch files contained within the "patches" |
|---|
| 3 |
directory in the psad (http://www.cipherdyne.org/psad) sources. |
|---|
| 4 |
|
|---|
| 5 |
The patches in this directory are organized by kernel version or iptables |
|---|
| 6 |
version, so "linux-2.4.27_conntrack.patch" applies to the linux-2.4.27 |
|---|
| 7 |
kernel, and "iptables-1.3.8_LOG_prefix_space.patch" applies to iptables-1.3.8. |
|---|
| 8 |
|
|---|
| 9 |
The "iptables-1.3.8_LOG_prefix_space.patch" adds a trailing space to any |
|---|
| 10 |
iptables log prefix that does not already include a space. This means that an |
|---|
| 11 |
iptables log prefix cannot break the separator tokens (specifically the IN= |
|---|
| 12 |
token) in an iptables log message. More information about this can be found |
|---|
| 13 |
here: |
|---|
| 14 |
|
|---|
| 15 |
http://www.cipherdyne.org/blog/2007/08/trailing-spaces-and-iptables-log-prefixes.html |
|---|
| 16 |
|
|---|
| 17 |
Many of the patches in this directory apply to the conntrack module. |
|---|
| 18 |
Specifically, each patch extends the close wait timeout for TCP connections |
|---|
| 19 |
from 60 seconds to 2 minutes. If you are seeing iptables log messages for TCP |
|---|
| 20 |
ACK packets associated with legitimate TCP connections (i.e. packets are not |
|---|
| 21 |
being correctly identified as such by the conntrack module), you may want to |
|---|
| 22 |
apply the appropriate conntrack patch. See the BUGS section of the psad man |
|---|
| 23 |
page for more information. |
|---|
