* #10170: ukloniti konflikte s prethodnim kernelom

* #10171: detektirati Layer7 prije upgrade-a
* #10172: NEWS.CARNet za ExecShield, Layer7

diff --git a/NEWS.CARNet b/NEWS.CARNet
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/debian/changelog b/debian/changelog
index d58be28..d0bc41b 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+kernel-2.6-cn (3:2.6.26-6) stable; urgency=low
+
+  * #10170: ukloniti konflikte s prethodnim kernelom
+  * #10171: detektirati Layer7 prije upgrade-a
+  * #10172: NEWS.CARNet za ExecShield, Layer7
+
+ -- Dinko Korunic <kreator@carnet.hr>  Mon, 22 Feb 2010 16:23:35 +0100
+
 kernel-2.6-cn (3:2.6.26-5) stable; urgency=low
 
   * depend o opcenitim/generickim kernel paketima umjesto specificnim

diff --git a/debian/control b/debian/control
index 0b1ccd3..e8690f6 100644 (file)
--- a/debian/control
+++ b/debian/control
@@ -9,8 +9,8 @@ Package: kernel-2.6-cn
 Architecture: all
 Section: base
 Depends: grub (>= 0.97-47lenny2), procps (>= 1:3.2.7-11), udev (>= 0.125-7+lenny1), perl-base, carnet-tools-cn (>= 2.8.2), module-init-tools (>= 3.4-1), mount (>= 2.13.1.1-1), e2fsprogs (>= 1.41.3-1), microcode.ctl (>= 1.17-9), irqbalance (>= 0.55-2.4lenny1), mdadm (>= 2.6.7.2-1), firmware-bnx2 (>= 0.14+lenny1), linux-image-686-bigmem | linux-image-amd64
-Conflicts: iplogger, kernel-cn, kernel-2.4-cn (<< 2.4.33-2), linux-image-2.6.26-2+cn1-686-bigmem, linux-image-2.6.26-2+cn1-amd64
-Replaces: kernel-cn, kernel-2.4-cn, linux-image-2.6.26-2+cn1-686-bigmem, linux-image-2.6.26-2+cn1-amd64
+Conflicts: iplogger, kernel-cn, kernel-2.4-cn (<< 2.4.33-2)
+Replaces: kernel-cn, kernel-2.4-cn
 Provides: kernel-cn
 Recommends: memtest86+
 Description: Linux kernel virtual package for CARNet Linux servers

diff --git a/debian/docs b/debian/docs
index ef5ce6c..878b263 100644 (file)
--- a/debian/docs
+++ b/debian/docs
@@ -1,2 +1,3 @@
 changelog.CARNet
 README.CARNet
+NEWS.CARNet

diff --git a/debian/postinst b/debian/postinst
index 2167bed..86621d5 100755 (executable)
--- a/debian/postinst
+++ b/debian/postinst
@@ -324,9 +324,8 @@ net.ipv4.icmp_echo_ignore_broadcasts=1
 net.ipv4.icmp_ignore_bogus_error_responses=1
 net.ipv4.ip_forward=0
 net.ipv4.ip_local_port_range=10000 65000
-net.ipv4.tcp_congestion_control=cubic
 net.ipv4.tcp_ecn=0
-net.ipv4.tcp_max_syn_backlog=8192
+net.ipv4.tcp_max_syn_backlog=1024
 net.ipv4.tcp_retries1=2
 net.ipv4.tcp_rfc1337=1
 net.ipv4.tcp_syncookies=1
@@ -335,7 +334,7 @@ EOF
 
 # old kernel params
 if [ -e /etc/sysctl.conf ]; then
-    egrep -v 'net\.core\.(r|w)mem_max|net\.ipv4\.tcp_(r|w)mem|vm\.bdflush|net\.ipv4\.ip_local_port_range|kernel\.rtsig-max|net\.ipv4\.tcp_syncookies|kernel\.exec-shield' \
+    egrep -v 'net\.core\.(r|w)mem_max|net\.ipv4\.tcp_(r|w)mem|vm\.bdflush|net\.ipv4\.ip_local_port_range|kernel\.rtsig-max|net\.ipv4\.tcp_syncookies|kernel\.exec-shield|net\.ipv4\.tcp_max_syn_backlog|net\.ipv4\.tcp_congestion_control' \
         /etc/sysctl.conf >> /etc/sysctl.conf.$$
 fi
 

diff --git a/debian/preinst b/debian/preinst
index cef0916..01a7582 100755 (executable)
--- a/debian/preinst
+++ b/debian/preinst
@@ -45,6 +45,13 @@ for i in $DIVERT_TO; do
 done
 echo "."
 
+################################################################################
+
+if iptables-save | grep -qs '^-A.* -m layer7 '; then
+    echo 'CN: Layer7 Netfilter no longer supported, report this to SysHelp!'
+    exit 1
+fi
+
 # dh_installdeb will replace this with shell code automatically
 # generated by other debhelper scripts.