stop packet length investigations

toralf · Jul 20, 2024 · 6a86202 · 6a86202
1 parent 5825578
commit 6a86202
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 27 deletions.
diff --git a/ipv4-rules.sh b/ipv4-rules.sh
@@ -22,10 +22,7 @@ function addCommon() {
   $ipt -A INPUT -p tcp ! --syn -m state --state NEW -j $jump
   $ipt -A INPUT -m conntrack --ctstate INVALID -j $jump
 
-  for relay in $*; do
-    relay_2_ip_and_port
-    $ipt -A INPUT -p tcp --dst $orip --dport $orport -m length --length 40:60 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-  done
+  # do not touch established connections
   $ipt -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
   # ssh
@@ -255,7 +252,7 @@ start)
   trap bailOut INT QUIT TERM EXIT
   clearRules
   setSysctlValues
-  addCommon ${*:-${CONFIGURED_RELAYS:-$(getConfiguredRelays)}}
+  addCommon
   addHetzner
   additionalServices
   addTor ${*:-${CONFIGURED_RELAYS:-$(getConfiguredRelays)}}

diff --git a/ipv6-rules.sh b/ipv6-rules.sh
@@ -28,11 +28,7 @@ function addCommon() {
   # make sure NEW incoming tcp connections are SYN packets
   $ipt -A INPUT -p tcp ! --syn -m state --state NEW -j $jump
   $ipt -A INPUT -m conntrack --ctstate INVALID -j $jump
-
-  for relay in $*; do
-    relay_2_ip_and_port
-    $ipt -A INPUT -p tcp --dst $orip --dport $orport -m length --length 40:60 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-  done
+  # do not touch established connections
   $ipt -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
   # ssh
@@ -240,7 +236,7 @@ case $action in
 start)
   trap bailOut INT QUIT TERM EXIT
   clearRules
-  addCommon ${*:-${CONFIGURED_RELAYS6:-$(getConfiguredRelays6)}}
+  addCommon
   addHetzner
   additionalServices
   addTor ${*:-${CONFIGURED_RELAYS6:-$(getConfiguredRelays6)}}

diff --git a/metrics.sh b/metrics.sh
@@ -42,22 +42,6 @@ function printMetricsIptables() {
         echo "$var{ipver=\"${v:-4}\",nickname=\"$nickname\"} $pkts"
       done
   done
-
-  var="torutils_dropped_length_packets"
-  echo -e "# HELP $var Total number of dropped packets due to having a wrong length\n# TYPE $var gauge"
-  for v in "" 6; do
-    if [[ -z $v ]]; then
-      echo "$tables4"
-    else
-      echo "$tables6"
-    fi |
-      grep 'length .* ctstate RELATED,ESTABLISHED' | awk '{ print $1, $11 }' |
-      while read -r pkts dport; do
-        orport=$(cut -f 2 -d ':' <<<$dport)
-        nickname=${NICKNAME:-$(_orport2nickname $orport)}
-        echo "$var{ipver=\"${v:-4}\",nickname=\"$nickname\"} $pkts"
-      done
-  done
 }
 
 function _orport2nickname() {