anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-20 19:44:56 +02:00
Code Issues Releases Wiki Activity

doc: update xt_SYSRQ.man to reflect that the full IPv6 address is needed

Browse Source 
xt_SYSRQ uses NIP6_FMT, so requires the expanded form for the digest.

Reported-by: Jan Krcmar <honza801@gmail.com>
This commit is contained in:
Jan Engelhardt
2012-08-23 15:11:43 +02:00
parent cd7fc84b29
commit e5fe0b9c14
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
doc/changelog.txt
View File

@@ -5,6 +5,7 @@ Fixes:
- length2, SYSRQ, RAWNAT: preinitialize values for ipv6_find_hdr - length2, SYSRQ, RAWNAT: preinitialize values for ipv6_find_hdr
- TARPIT: fix memory leak when tarpit_generic() fails - TARPIT: fix memory leak when tarpit_generic() fails
- build: build: remove extraneous closing bracket in configure.ac - build: build: remove extraneous closing bracket in configure.ac
- doc: update xt_SYSRQ.man to reflect that the full IPv6 address is needed
v1.45 (2012-07-16) v1.45 (2012-07-16)

6
extensions/libxt_SYSRQ.man
View File

@@ -62,7 +62,7 @@ password="password"
seqno="$(date +%s)" seqno="$(date +%s)"
salt="$(dd bs=12 count=1 if=/dev/urandom 2>/dev/null | salt="$(dd bs=12 count=1 if=/dev/urandom 2>/dev/null |
openssl enc \-base64)" openssl enc \-base64)"
ipaddr=10.10.25.7 ipaddr="2001:0db8:0000:0000:0000:ff00:0042:8329"
req="$sysrq_key,$seqno,$salt" req="$sysrq_key,$seqno,$salt"
req="$req,$(echo \-n "$req,$ipaddr,$password" | sha1sum | cut \-c1\-40)" req="$req,$(echo \-n "$req,$ipaddr,$password" | sha1sum | cut \-c1\-40)"
@@ -75,8 +75,8 @@ sysrq key can be used at once, but bear in mind that, for example, a sync may
not complete before a subsequent reboot or poweroff. not complete before a subsequent reboot or poweroff.
.PP .PP
An IPv4 address should have no leading zeros, an IPv6 address should An IPv4 address should have no leading zeros, an IPv6 address should
be in the form recommended by RFC 5952. The debug option will log the be in the full expanded form (as shown above). The debug option will cause
correct form of the address. output to be emitted in the same form.
.PP .PP
The hashing scheme should be enough to prevent mis-use of SYSRQ in many The hashing scheme should be enough to prevent mis-use of SYSRQ in many
environments, but it is not perfect: take reasonable precautions to environments, but it is not perfect: take reasonable precautions to