From 6a86202f30b2fc58ca9db99b2c730a8f790bbb45 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Toralf=20F=C3=B6rster?= <toralf.foerster@gmx.de>
Date: Sat, 20 Jul 2024 18:56:36 +0200
Subject: [PATCH] stop packet length investigations

---
 ipv4-rules.sh |  7 ++-----
 ipv6-rules.sh |  8 ++------
 metrics.sh    | 16 ----------------
 3 files changed, 4 insertions(+), 27 deletions(-)

diff --git a/ipv4-rules.sh b/ipv4-rules.sh
index 564af5e..230142f 100755
--- a/ipv4-rules.sh
+++ b/ipv4-rules.sh
@@ -22,10 +22,7 @@ function addCommon() {
   $ipt -A INPUT -p tcp ! --syn -m state --state NEW -j $jump
   $ipt -A INPUT -m conntrack --ctstate INVALID -j $jump
 
-  for relay in $*; do
-    relay_2_ip_and_port
-    $ipt -A INPUT -p tcp --dst $orip --dport $orport -m length --length 40:60 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-  done
+  # do not touch established connections
   $ipt -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
   # ssh
@@ -255,7 +252,7 @@ start)
   trap bailOut INT QUIT TERM EXIT
   clearRules
   setSysctlValues
-  addCommon ${*:-${CONFIGURED_RELAYS:-$(getConfiguredRelays)}}
+  addCommon
   addHetzner
   additionalServices
   addTor ${*:-${CONFIGURED_RELAYS:-$(getConfiguredRelays)}}
diff --git a/ipv6-rules.sh b/ipv6-rules.sh
index 1050fd9..502f6ff 100755
--- a/ipv6-rules.sh
+++ b/ipv6-rules.sh
@@ -28,11 +28,7 @@ function addCommon() {
   # make sure NEW incoming tcp connections are SYN packets
   $ipt -A INPUT -p tcp ! --syn -m state --state NEW -j $jump
   $ipt -A INPUT -m conntrack --ctstate INVALID -j $jump
-
-  for relay in $*; do
-    relay_2_ip_and_port
-    $ipt -A INPUT -p tcp --dst $orip --dport $orport -m length --length 40:60 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-  done
+  # do not touch established connections
   $ipt -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
   # ssh
@@ -240,7 +236,7 @@ case $action in
 start)
   trap bailOut INT QUIT TERM EXIT
   clearRules
-  addCommon ${*:-${CONFIGURED_RELAYS6:-$(getConfiguredRelays6)}}
+  addCommon
   addHetzner
   additionalServices
   addTor ${*:-${CONFIGURED_RELAYS6:-$(getConfiguredRelays6)}}
diff --git a/metrics.sh b/metrics.sh
index 91c3602..8af314c 100755
--- a/metrics.sh
+++ b/metrics.sh
@@ -42,22 +42,6 @@ function printMetricsIptables() {
         echo "$var{ipver=\"${v:-4}\",nickname=\"$nickname\"} $pkts"
       done
   done
-
-  var="torutils_dropped_length_packets"
-  echo -e "# HELP $var Total number of dropped packets due to having a wrong length\n# TYPE $var gauge"
-  for v in "" 6; do
-    if [[ -z $v ]]; then
-      echo "$tables4"
-    else
-      echo "$tables6"
-    fi |
-      grep 'length .* ctstate RELATED,ESTABLISHED' | awk '{ print $1, $11 }' |
-      while read -r pkts dport; do
-        orport=$(cut -f 2 -d ':' <<<$dport)
-        nickname=${NICKNAME:-$(_orport2nickname $orport)}
-        echo "$var{ipver=\"${v:-4}\",nickname=\"$nickname\"} $pkts"
-      done
-  done
 }
 
 function _orport2nickname() {