Hello,
after upgrading our amanda servers from version 3.3.9 to 3.5.1, the
servers could no longer pull backups from the clients. The clients are
located behind iptables firewalls with NAT.
Apparently, amanda 3.4 modified the CONNECT command used by
nf_conntrack_amanda to discover related connections [0].
The patch updates nf_conntrack_amanda accordingly. Client-server
communication works again across all amanda versions.
[0]
https://github.com/zmanda/amanda/commit/3b8384fc9f2941e2427f44c3aee29f561ed67894#diff-711e502fc81a65182c0954765b42919eR456
Best regards,
Florian
--- a/net/netfilter/nf_conntrack_amanda.c 2019-02-12 12:58:01.984724711 +0100
+++ b/net/netfilter/nf_conntrack_amanda.c 2019-02-12 12:57:41.104816972 +0100
@@ -54,6 +54,7 @@
SEARCH_DATA,
SEARCH_MESG,
SEARCH_INDEX,
+ SEARCH_STATE,
};
static struct {
@@ -81,6 +82,10 @@
.string = "INDEX ",
.len = 6,
},
+ [SEARCH_STATE] = {
+ .string = "STATE ",
+ .len = 6,
+ },
};
static int amanda_help(struct sk_buff *skb,
@@ -124,7 +129,7 @@
goto out;
stop += start;
- for (i = SEARCH_DATA; i <= SEARCH_INDEX; i++) {
+ for (i = SEARCH_DATA; i <= SEARCH_STATE; i++) {
off = skb_find_text(skb, start, stop, search[i].ts);
if (off == UINT_MAX)
continue;
@@ -168,7 +173,7 @@
}
static const struct nf_conntrack_expect_policy amanda_exp_policy = {
- .max_expected = 3,
+ .max_expected = 4,
.timeout = 180,
};
