Sync from SUSE:SLFO:Main conntrack-tools revision 4878dd55656e7934e0c684fa7383b543
This commit is contained in:
commit
c082974b96
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
BIN
conntrack-tools-1.4.8.tar.xz
(Stored with Git LFS)
Normal file
BIN
conntrack-tools-1.4.8.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
conntrack-tools-1.4.8.tar.xz.sig
Normal file
BIN
conntrack-tools-1.4.8.tar.xz.sig
Normal file
Binary file not shown.
226
conntrack-tools.changes
Normal file
226
conntrack-tools.changes
Normal file
@ -0,0 +1,226 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 29 11:32:56 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
- Update to release 1.4.8
|
||||
* Fix spurious EOPNOSUPP and ENOBUFS errors with -U/--update
|
||||
command.
|
||||
* Fix spurious ENOENT -D/--delete.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 6 19:02:32 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
- Update to release 1.4.7
|
||||
* Changes to the "conntrack" program:
|
||||
* "clash_resolve" and "chaintoolong" stats counters
|
||||
* Defaults to the `unspec` family if the `-f` flag is absent,
|
||||
so as to improve support for dual-stack setups.
|
||||
* Support filtering events by IP address family.
|
||||
* Support flushing per IP address family.
|
||||
* Added the `save` output format representing data in conntrack
|
||||
parameters, and support for loading such files back.
|
||||
* Remove the `-o userspace` flag and always tag user space
|
||||
triggered events.
|
||||
* Introduce the `-A` flags, a variant of `-I` which does not
|
||||
fail if the entry exists already.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 30 08:34:07 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
||||
|
||||
- Added hardening to systemd service(s). Modified:
|
||||
* conntrackd.service
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 1 18:55:00 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
- Update to release 1.4.6
|
||||
* conntrackd: fix UDP IPv6 destination address not being usable
|
||||
* conntrack: Allow protocol number zero
|
||||
* conntrackd: cthelper: Add new SLP helper
|
||||
- Drop conntrackd-Use-strdup-in-lexer.patch,
|
||||
conntrackd-use-strncpy-to-unix-path.patch,
|
||||
conntrackd-cthelper-Add-new-SLP-helper.patch,
|
||||
conntrackd-use-correct-max-unix-path-length.patch (merged)
|
||||
- Drop require on systemd, since it can run in a namespace without.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 23 06:43:55 UTC 2019 - Michal Kubeček <mkubecek@suse.cz>
|
||||
|
||||
- conntrackd-cthelper-Add-new-SLP-helper.patch:
|
||||
userspace conntrack helper for SLP (Service Location Protocol) to
|
||||
replace SUSE specific kernel helper (rejected by upstream) from
|
||||
openSUSE / SLE kernel packages (FATE#324143 bsc#1127886)
|
||||
- run autoreconf before build (patch above touches Makefile.am)
|
||||
- add commented out conntrack helper config example to default
|
||||
conntrackd.conf
|
||||
- drop deprecated (and ignored) options Nice and UNIX/Backlog from
|
||||
default conntrackd.conf
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 15 11:20:59 UTC 2019 - Michal Kubeček <mkubecek@suse.cz>
|
||||
|
||||
- Fix 1.4.5 parser issues (bsc#1141480):
|
||||
conntrackd-use-strncpy-to-unix-path.patch
|
||||
conntrackd-Use-strdup-in-lexer.patch
|
||||
conntrackd-use-correct-max-unix-path-length.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 1 12:39:52 UTC 2018 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.4.5
|
||||
* new synproxy support
|
||||
* improved logging support (both stdout/stderr and log files)
|
||||
* new mDNS ct helper
|
||||
* deprecate unix backlog configuration
|
||||
* drop old/obsolete/deprecated conntrackd.conf config options
|
||||
* improved support for UPnP in the SSDP ct helper
|
||||
* add stronger TCP flags support
|
||||
* conntrack CLI tool: new support for IPv6 NAT
|
||||
* nfct CLI tool: some improvements to the build (-z lazy)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 16 23:53:12 UTC 2018 - jengelh@inai.de
|
||||
|
||||
- Add tirpc for openSUSE 15 and onwards.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 16 13:47:25 UTC 2018 - jengelh@inai.de
|
||||
|
||||
- submission from lars@linux-schulserver.de, partially applied
|
||||
- split out new subpackage "conntrackd" for the eponymous
|
||||
daemon (has systemd dependencies)
|
||||
- add systemd service, logrotate config, sample sysconfig,
|
||||
and sample config file.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 22 11:33:28 UTC 2016 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.4.4
|
||||
* conntrackd: add systemd support
|
||||
* conntrack: support delete by label
|
||||
* conntrack: add support for netmask filtering
|
||||
* conntrack: add support for CIDR notation
|
||||
* conntrack: Add missing tables "dying" and "unconfirmed"
|
||||
to usage output.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 9 16:27:05 UTC 2015 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.4.3
|
||||
* conntrack: fix expectation entry creation
|
||||
* expect: Fix wrong memset usage
|
||||
* cthelper: don't pass up a 0 length queue
|
||||
* conntrackd: allow strings with underscore from flex scanner
|
||||
* conntrack: fix setting labels in updates
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 8 19:14:05 UTC 2015 - jengelh@inai.de
|
||||
|
||||
- Update to new git snapshot 1.4.2.g26
|
||||
* Chromecast/SSDP support, SSDP userspace helper
|
||||
* TFTP userspace helper support
|
||||
* Support for attaching expectations via nfqueue
|
||||
* Fix directory lookup for helper plugins
|
||||
* Fixes a possible crash if conntrackd sees DCCP, SCTP and ICMPv6
|
||||
traffic and the corresponding kernel modules that track this
|
||||
traffic are not available. [bnc#942419, CVE-2015-6496]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 23 15:16:24 UTC 2014 - jengelh@inai.de
|
||||
|
||||
- Drop gpg-offline build-time requirement; this is now handled by
|
||||
the local source validator
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 7 13:13:50 UTC 2013 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.4.2
|
||||
* This release includes bugfixes and the connlabel support.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 4 19:59:14 UTC 2013 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.4.1
|
||||
* conntrack: add support to dump the dying and unconfirmed list via
|
||||
ctnetlink
|
||||
* conntrackd: fix deadlock due to wrong nested signal blocking
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 20 17:37:55 CET 2012 - sbrabec@suse.cz
|
||||
|
||||
- Verify GPG signature
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 8 12:32:55 UTC 2012 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.4.0
|
||||
* This release adds the user-space helper infrastructure which
|
||||
includes the RPC portmapper (to support NFSv3) and Oracle*TNS
|
||||
helpers.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 31 12:10:49 UTC 2012 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.2.2
|
||||
* conntrackd: commit operation has to be synchronous
|
||||
* conntrackd: implement selective flushing for -t and -F commands
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 31 12:03:49 UTC 2012 - jengelh@inai.de
|
||||
|
||||
- Resolve compilation failure due to missing #include
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat May 26 18:38:34 UTC 2012 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.2.1
|
||||
* Add support for NAT expectations, synchronization of expectation
|
||||
class, helper names and expect functions. Filtering by mark is
|
||||
now allowed.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 4 20:16:48 UTC 2012 - jengelh@medozas.de
|
||||
|
||||
- Update to new upstream release 1.0.1
|
||||
* add support for mark masks
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Sep 17 23:49:42 UTC 2011 - jengelh@medozas.de
|
||||
|
||||
- Remove redundant tags/sections from specfile
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Feb 27 04:33:13 UTC 2011 - jengelh@medozas.de
|
||||
|
||||
- new upstream release 1.0.0
|
||||
* SYN_SENT2 support for the command line tool conntrack (which was
|
||||
added in Linux kernel >= 2.6.31).
|
||||
* allow to listen to update and destroy expectation events (it
|
||||
requires a Linux kernel >= 2.6.37).
|
||||
* conntrack timestamping support with -o ktimestamp (this support
|
||||
requires the upcoming Linux 2.6.38).
|
||||
* one fix for conntrackd: two very consecutive commit invocations
|
||||
with option -c may result in the hang of the second commit
|
||||
invocation if the first commit did not finish yet. As a result the
|
||||
second commit invocation required a manual SIGTERM.
|
||||
- Remove redundant %clean section
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 15 19:47:42 UTC 2010 - jengelh@medozas.de
|
||||
|
||||
- new upstream release 0.9.15
|
||||
* support for conntrack zones
|
||||
* support for TCP window scale synchronization
|
||||
* fixes to option parsing and printouts
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 23 22:08:54 UTC 2010 - jengelh@medozas.de
|
||||
|
||||
- new upstream release: 0.9.14
|
||||
- use %_smp_mflags
|
||||
- wrap description at col 70
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Sep 20 17:01:40 UTC 2009 - bitshuffler #suse@irc.freenode.org
|
||||
|
||||
- Updated to 0.9.13
|
||||
|
64
conntrack-tools.keyring
Normal file
64
conntrack-tools.keyring
Normal file
@ -0,0 +1,64 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBF+HdQgBEACzteJUJGtj3N6u5mcGh4Nu/9GQfwrrphZuI7jto2N6+ZoURded
|
||||
660mFLnax7wgIE8ugAa085jwFWbFY3FzGutUs/kDmnqy9WneYNBLIAF3ZTFfY+oi
|
||||
V1C09bBlHKDj9gSEM2TZ/qU14exKdSloqcMKSdIqLQX27w/D6WmO1crDjOKKN9F2
|
||||
zjc3uLjo1gIPrY+Kdld29aI0W4gYvNLOo+ewhVC5Q6ymWOdR3eKaP2HIAt8CYf0t
|
||||
Sx8ChHdBvXQITDmXoGPLTTiCHBoUzaJ/N8m4AZTuSUTr9g3jUNFmL48OrJjFPhHh
|
||||
KDY0V59id5nPu4RX3fa/XW+4FNlrthA5V9dQSIPh7r7uHynDtkcCHT5m4mn0NqG3
|
||||
dsUqeYQlrWKCVDTfX/WQB3Rq1tgmOssFG9kZkXcVTmis3KFP1ZAahBRB33OJgSfi
|
||||
WKc/mWLMEQcljbysbJzq74Vrjg44DNK7vhAXGoR35kjj5saduxTywdb3iZhGXEsg
|
||||
9zqV0uOIfMQsQJQCZTlkqvZibdB3xlRyiCwqlf1eHB2Vo7efWbRIizX2da4c5xUj
|
||||
+IL1eSPmTV+52x1dYXpn/cSVKJAROtcSmwvMRyjuGOcTNtir0XHCxC5YYBow6tKR
|
||||
U1hrFiulCMH80HeS+u/g4SpT4lcv+x0DlN5BfWQuN5k5ZzwKb6EQs092qQARAQAB
|
||||
tCxOZXRmaWx0ZXIgQ29yZSBUZWFtIDxjb3JldGVhbUBuZXRmaWx0ZXIub3JnPokC
|
||||
VAQTAQoAPhYhBDfZZKzASYHHVQD7m9Vdl4qKFCDkBQJfh3UIAhsDBQkHhM4ABQsJ
|
||||
CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJENVdl4qKFCDk0msQAJTIK8TLHw2IJDc6
|
||||
+ZfUJc+znSNwskO+A4lwvb1vRY5qFV+CA2S1eUS4HGDWDT0sPKie6Nx4+FBczkWd
|
||||
RA+eaKDqQeS5Vzc2f0bl74un91h7yE8O2NsVnpL166MnAAk3/ACjHsZX2PzF12F6
|
||||
4stvGQFpjZRWItj0I6bvPY6CTtqVPB98a6RpdbS9kGxCCMrL3CFGDXGSjXes5KwN
|
||||
IvngmVB36wjb3QgEtQIv13jrWFfiXeuieqMRyC6Z3KNYVcvis34eGxPFD9MHrK+w
|
||||
bdw3KzMBJd7hMoVRl32Q13T/PX8H3pqWMqKaL41wHUswRt0IQjNZnRvRnlJ0VDFf
|
||||
Wep/3dFK+uQbdABuiwCiRli5mWeOMCP+qJodP1OZSGqg0VwZWUGdCGG5+qIhngOj
|
||||
QVomvJ7N4eRLU3xuPVjLoBeHzvViUPpYtWQ/YiZK5rWTJHhu88xZaysFJRaV+Uz3
|
||||
wPkeqdArRRXl1Tpy+cKy7D5BZAr7OjT1wboon23IM2DJRurbaHD8blMsjZ07pbvb
|
||||
4hdpiE6mqq7CYskDz2UGTaFfEW4bFnKtvKTXEnmcqc4mWcr2z9BBYouGmcFczgET
|
||||
tE02XejmExXV2RPUtXfLuNIbVpuXG1qhzNuXAfm+S/68XDSFrwyK8/Dgq5ga0iIP
|
||||
n8Uvz12Xu/Qde+NicogLNWF90QJ2iQIzBBABCgAdFiEEwJ2yBj8dcDS6YVKtq0ZV
|
||||
oSbSkuQFAl+HdTEACgkQq0ZVoSbSkuSrmhAAi64OqYjb2ZbAJbFAPM6pijyys6Y9
|
||||
o8ZyLoCRCUXNrjWkNIozTgmj5fm0ECrUXKyrB6OJhTvaRXmqLcBwWOAnP1v7wb+S
|
||||
ZhEwP0n6E1mZW0t1Qt0xX8yifM5Tpvy+757OSrsuoRpXwwz4Ubuc6G4N/McoRSfU
|
||||
tVUcz3sKF8hcbETD/hVZb9Qfv0ZjQxu8LiBfKfgy2Eg8yExTdO027hYqQc5q2HEp
|
||||
HRjD2PMyI33V8KqffWn0AkofweOOFxg1ePV5X9M8rYP+k/2gjPkrrvnZgF/4SxDM
|
||||
FATmHaIbO3zEQg+u2f1mVCZASBBN1MLth7dMOoClHBmxnQ8uapRg9GNxs7TnXmV/
|
||||
diZZbqLf6i9bW/scvWEIdM8EGKpbGjdWIlgQJTIuz3seB+9zOdq9L3uTQWHnYLid
|
||||
R3YkyOsBRqQvM7Gb3zYgvlPjZ+L2FeGg5rD/eeLbv+k027E0TSAgtHoSA2pVTDDK
|
||||
uqCXVKfmk1I0SO83L9teBblxed07LeVaS9/uK00rWM/TM1bwogfF/4ZEsmAWznzv
|
||||
Xan/QmrYNgK3C3AZ4pMX7pGCGV1w93Fw3tUzaEJeS2LlsiL5aPOF63b/DqM6W2nl
|
||||
UqGjKTdVLuF+JgoRH5U2wCyHYhDFm+CaFsYUu2Jf5hTmVWOR3anBoXy6Ty8SoV8q
|
||||
KxtKpmKmIdPhDe65Ag0EX4d1CAEQANJMZApYzeeLrc7Rs6fGDK4Z3ejEST+aq7vO
|
||||
RT9YEppRBG1QoUDBuNodAFxIWM6SpwvN7X9AZeIML2EOjDabF5Q6RNHbwODyLDYc
|
||||
wmqtWh0NNpK85fXwDgcLOQW+dPimsk3ni1crXhhjZgs6syb9yM/pDi0Tf7wzNZt0
|
||||
0p736zlpQPMORfO+mFgac0FVt/GQsTdIwTBzZ36fcV3W8iPH334Sqsatp617R+z+
|
||||
q2alH8Vynz12iHi2oJFtmTxhghCROPcLWz3XMKv9A7BfuZeE0k+pK7xnBKrpZzKU
|
||||
k1j2uzTKzV2Bquo5HNDsy9PgQn16BlXVrxdHfQnBz2w67aHMKnPD/v+K81oxtnuk
|
||||
pwBAT8Wovkyy1VTLhQH5F0y5bpQrVH/Lwq0/q421hfD3iPHtb2tC1heT9ze/sqkY
|
||||
plctFb81fx3o8xcBpvuIaTB3URptf8JNvh5KjETZFMQvAddq8oYovoKu+Z/585uC
|
||||
qwO0Fohpw9qRwmhq7UBvGDVAVgo6kKjMW2Z9U3OnfggrDCytCIZh8eLNagfRL2cu
|
||||
iq8Sx+cGGt1zoCPhjDN1MaNt/KHm8Gxr+lP+RxH3Et3pEX6mmhSCaU4wr0W5Bf3p
|
||||
jEtiOwnqajisBQCHh49OGiV8Vg9uQN5GpLpPpbvnGS4vq8jdj6p3gsiS2F7JMy7O
|
||||
ysBENBkXABEBAAGJAjwEGAEKACYWIQQ32WSswEmBx1UA+5vVXZeKihQg5AUCX4d1
|
||||
CAIbDAUJB4TOAAAKCRDVXZeKihQg5NMIEACBdwXwDMRB8rQeqNrhbh7pjbHHFmag
|
||||
8bPvkmCq/gYGx9MQEKFUFtEGNSBh6m5pXr9hJ9HD2V16q9ERbuBcA6wosz4efQFB
|
||||
bbage7ZSECCN+xMLirQGRVbTozu2eS8FXedH0X9f0JWLDGWwRg+pAqSOtuFjHhYM
|
||||
jVpwbH/s71BhH84x5RgWezh2BWLbP3UuY7JtWNAvAaeo53Js2dzzgjDopPis4qZR
|
||||
rLR9cTGjqa6ZTc/PlLfaCsm6rGBlNx/bFJjz75+yn7vMQa47fOBt4qfriHX7G/Tg
|
||||
3s8xsQSLEm3IBEYh27hoc9ZD45EXgm9ZiGA21t9v1jA27yTVaUrPbC40iDv/CMcQ
|
||||
7N2Y1sJRvmrd+2pKxtNNutujjwgBguo5bKK253R5Hy0a+NzK2LSc/GmR8EJJEwW1
|
||||
7r6road7Ss6YImCZExeY+CAW0FEzwQpmqfOdlusvIyk4x4r12JH8Q8NWHMzU3Ym/
|
||||
yqdopn/SCwCfXJsL4/eHLCaWuyiWjljNa7MwPDITx2ZPRE5QEqCqi4gaDWXyVHt8
|
||||
leGE1G3zoXNJogWhDswh105UnlZEEfOvbHbaxgWPjLV/xkuHhVlaqdyXbTExrgK6
|
||||
U2wevNS03dBuQ6bjNIbMIt9ulbiBV8MJWR0PZtnNJ958f1QXC4GT+L3FG1g5Jtz+
|
||||
rlbu70nh2kSJrg==
|
||||
=wukb
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
140
conntrack-tools.spec
Normal file
140
conntrack-tools.spec
Normal file
@ -0,0 +1,140 @@
|
||||
#
|
||||
# spec file for package conntrack-tools
|
||||
#
|
||||
# Copyright (c) 2023 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
%if !%{defined _fillupdir}
|
||||
# Leap/TW 15+
|
||||
%define _fillupdir /var/adm/fillup-templates
|
||||
%endif
|
||||
|
||||
Name: conntrack-tools
|
||||
Version: 1.4.8
|
||||
Release: 0
|
||||
Summary: Userspace tools for interacting with the Connection Tracking System
|
||||
License: GPL-2.0-or-later
|
||||
Group: Productivity/Networking/Security
|
||||
URL: http://conntrack-tools.netfilter.org/
|
||||
|
||||
#Git-Clone: git://git.netfilter.org/conntrack-tools
|
||||
Source: https://www.netfilter.org/projects/conntrack-tools/files/conntrack-tools-%version.tar.xz
|
||||
Source2: https://www.netfilter.org/projects/conntrack-tools/files/conntrack-tools-%version.tar.xz.sig
|
||||
Source3: %name.keyring
|
||||
Source5: conntrackd.service
|
||||
Source6: conntrackd.README.SUSE
|
||||
Source7: conntrackd.logrotate
|
||||
Source8: conntrackd.sysconfig
|
||||
Source9: conntrackd.conf
|
||||
|
||||
BuildRequires: automake
|
||||
BuildRequires: bison
|
||||
BuildRequires: flex >= 2.5.33
|
||||
BuildRequires: libtool
|
||||
BuildRequires: pkg-config >= 0.21
|
||||
BuildRequires: systemd-rpm-macros
|
||||
BuildRequires: xz
|
||||
BuildRequires: pkgconfig(libmnl) >= 1.0.3
|
||||
BuildRequires: pkgconfig(libnetfilter_conntrack) >= 1.0.9
|
||||
BuildRequires: pkgconfig(libnetfilter_cthelper) >= 1.0.0
|
||||
BuildRequires: pkgconfig(libnetfilter_cttimeout) >= 1.0.0
|
||||
BuildRequires: pkgconfig(libnetfilter_queue) >= 1.0.2
|
||||
BuildRequires: pkgconfig(libnfnetlink) >= 1.0.1
|
||||
BuildRequires: pkgconfig(libsystemd) >= 227
|
||||
%if 0%{?suse_version} >= 1500
|
||||
BuildRequires: pkgconfig(libtirpc)
|
||||
%endif
|
||||
|
||||
%description
|
||||
The conntrack/nfct utilities provide the userspace interface to the
|
||||
Netfilter connection tracking, replacing
|
||||
/proc/net/ip_conntrack. The tools can be used to search, list,
|
||||
inspect and maintain the connection tracking subsystem of the Linux
|
||||
kernel.
|
||||
|
||||
%package -n conntrackd
|
||||
Summary: Connection tracking daemon
|
||||
Group: Productivity/Networking/Security
|
||||
Provides: conntrack-tools:/usr/sbin/conntrackd
|
||||
Requires: conntrack-tools = %version-%release
|
||||
Requires(post): fillup
|
||||
Recommends: logrotate
|
||||
|
||||
%description -n conntrackd
|
||||
conntrackd is the user-space daemon for the Netfilter connection tracking
|
||||
system. This daemon synchronizes connection tracking states between several
|
||||
replica firewalls.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
find doc -type f -name "*.orig" -delete
|
||||
find doc -type f -exec chmod -x "{}" "+"
|
||||
|
||||
%build
|
||||
autoreconf -vif
|
||||
%configure --disable-static --enable-systemd
|
||||
# CC read_config_lex.o
|
||||
#read_config_lex.l:24:28: fatal error: read_config_yy.h: No such file or
|
||||
#directory
|
||||
%make_build -j1
|
||||
|
||||
%install
|
||||
%make_install
|
||||
b="%buildroot"
|
||||
ln -s service "$b/%_sbindir/rcconntrackd"
|
||||
find "$b/%_libdir" -type f -name "*.la" -delete
|
||||
install -Dpm0644 "%_sourcedir"/conntrackd.service "$b/%_unitdir/conntrackd.service"
|
||||
install -Dpm0644 "%_sourcedir/conntrackd.sysconfig" "$b/%_fillupdir/sysconfig.conntrackd"
|
||||
install -Dpm0644 "%_sourcedir/conntrackd.logrotate" "$b/%_sysconfdir/logrotate.d/conntrackd"
|
||||
b="%buildroot/%_docdir/%name"
|
||||
mkdir -p "$b"
|
||||
cp -a "%_sourcedir/conntrackd.README.SUSE" "%_sourcedir/conntrackd.conf" "$b/"
|
||||
|
||||
%pre -n conntrackd
|
||||
%service_add_pre conntrackd.service
|
||||
|
||||
%post -n conntrackd
|
||||
%fillup_only -n conntrackd
|
||||
if [ "$1" -eq 1 -a ! -e "%_sysconfdir/conntrackd/conntrackd.conf" ]; then
|
||||
install -Dpm0644 "%_docdir/%name/conntrackd.conf" "%_sysconfdir/conntrackd/conntrackd.conf"
|
||||
fi
|
||||
%service_add_post conntrackd.service
|
||||
|
||||
%preun -n conntrackd
|
||||
%service_del_preun conntrackd.service
|
||||
|
||||
%postun -n conntrackd
|
||||
%service_del_postun conntrackd.service
|
||||
|
||||
%files
|
||||
%_sbindir/conntrack
|
||||
%_sbindir/nfct
|
||||
%_mandir/man8/conntrack.8*
|
||||
%_mandir/man8/nfct.8*
|
||||
# Shared betweenn nfct and conntrackd:
|
||||
%_libdir/%name/
|
||||
|
||||
%files -n conntrackd
|
||||
%_sysconfdir/logrotate.d/conntrackd*
|
||||
%_sbindir/conntrackd
|
||||
%_sbindir/rcconntrackd
|
||||
%_mandir/man5/conntrackd*
|
||||
%_mandir/man8/conntrackd*
|
||||
%dir %_docdir/%name
|
||||
%_docdir/%name/conntrackd*
|
||||
%_unitdir/conntrackd*
|
||||
%_fillupdir/*conntrackd
|
||||
|
||||
%changelog
|
6
conntrackd.README.SUSE
Normal file
6
conntrackd.README.SUSE
Normal file
@ -0,0 +1,6 @@
|
||||
The conntrackd daemon comes with an example conntrackd.conf configuration
|
||||
file in /etc/conntrackd/ - please adjust to your needs (the file will not
|
||||
get overwritten during package updates) to your needs.
|
||||
|
||||
If you want to start conntrackd with additional options (see
|
||||
`man 8 conntrackd`), please add them in /etc/sysconfig/conntrackd.
|
138
conntrackd.conf
Normal file
138
conntrackd.conf
Normal file
@ -0,0 +1,138 @@
|
||||
# This is a set of SUSE-provided recommendations. To use it or make
|
||||
# modifications to it, copy it to /etc/conntrackd/conntrackd.conf and adjust
|
||||
# /etc/sysconfig/conntrackd.
|
||||
|
||||
General {
|
||||
HashSize 32768
|
||||
HashLimit 131072
|
||||
# LogFile on
|
||||
Syslog on
|
||||
LockFile /var/run/lock/conntrackd.lock
|
||||
|
||||
UNIX {
|
||||
Path /var/run/conntrackd.sock
|
||||
}
|
||||
|
||||
# NetlinkBufferSize 2097152
|
||||
# NetlinkBufferSizeMaxGrowth 8388608
|
||||
SocketBufferSize 262142
|
||||
SocketBufferSizeMaxGrown 655355
|
||||
|
||||
# Filter From Userspace {
|
||||
# Address Ignore {
|
||||
# IPv4_address 127.0.0.1 # loopback
|
||||
# IPv6_address ::1 # loopback
|
||||
# }
|
||||
# }
|
||||
|
||||
# default SUSE systemd service unit file is of Type=notify
|
||||
Systemd on
|
||||
}
|
||||
|
||||
Stats {
|
||||
LogFile on
|
||||
}
|
||||
|
||||
#Helper {
|
||||
# # Before this, you have to make sure you have registered the `ftp'
|
||||
# # user-space helper stub via:
|
||||
# #
|
||||
# # nfct add helper ftp inet tcp
|
||||
# #
|
||||
# Type ftp inet tcp {
|
||||
# #
|
||||
# # Set NFQUEUE number you want to use to receive traffic from
|
||||
# # the kernel.
|
||||
# #
|
||||
# QueueNum 0
|
||||
#
|
||||
# #
|
||||
# # Maximum number of packets waiting in the queue to receive
|
||||
# # a verdict from user-space. Default is 1024.
|
||||
# #
|
||||
# # Rise value if you hit the following error message:
|
||||
# # "nf_queue: full at X entries, dropping packets(s)"
|
||||
# #
|
||||
# QueueLen 10240
|
||||
#
|
||||
# #
|
||||
# # Set the Expectation policy for this helper. This section
|
||||
# # is optional; if left unspecified, the defaults from the
|
||||
# # ctd_helper struct will be used.
|
||||
# #
|
||||
# Policy ftp {
|
||||
# #
|
||||
# # Maximum number of simultaneous expectations
|
||||
# #
|
||||
# ExpectMax 1
|
||||
# #
|
||||
# # Maximum living time for one expectation (in seconds).
|
||||
# #
|
||||
# ExpectTimeout 300
|
||||
# }
|
||||
# }
|
||||
# Type rpc inet tcp {
|
||||
# QueueNum 1
|
||||
# QueueLen 10240
|
||||
# Policy rpc {
|
||||
# ExpectMax 1
|
||||
# ExpectTimeout 300
|
||||
# }
|
||||
# }
|
||||
# Type rpc inet udp {
|
||||
# QueueNum 2
|
||||
# QueueLen 10240
|
||||
# Policy rpc {
|
||||
# ExpectMax 1
|
||||
# ExpectTimeout 300
|
||||
# }
|
||||
# }
|
||||
# Type tns inet tcp {
|
||||
# QueueNum 3
|
||||
# QueueLen 10240
|
||||
# Policy tns {
|
||||
# ExpectMax 1
|
||||
# ExpectTimeout 300
|
||||
# }
|
||||
# }
|
||||
# Type dhcpv6 inet6 udp {
|
||||
# QueueNum 4
|
||||
# QueueLen 10240
|
||||
# Policy dhcpv6 {
|
||||
# ExpectMax 1
|
||||
# ExpectTimeout 300
|
||||
# }
|
||||
# }
|
||||
# Type ssdp inet udp {
|
||||
# QueueNum 5
|
||||
# QueueLen 10240
|
||||
# Policy ssdp {
|
||||
# ExpectMax 8
|
||||
# ExpectTimeout 300
|
||||
# }
|
||||
# }
|
||||
# Type ssdp inet tcp {
|
||||
# QueueNum 5
|
||||
# QueueLen 10240
|
||||
# Policy ssdp {
|
||||
# ExpectMax 8
|
||||
# ExpectTimeout 300
|
||||
# }
|
||||
# }
|
||||
# Type mdns inet udp {
|
||||
# QueueNum 6
|
||||
# QueueLen 10240
|
||||
# Policy mdns {
|
||||
# ExpectMax 8
|
||||
# ExpectTimeout 30
|
||||
# }
|
||||
# }
|
||||
# Type slp inet udp {
|
||||
# QueueNum 7
|
||||
# QueueLen 10240
|
||||
# Policy slp {
|
||||
# ExpectMax 8
|
||||
# ExpectTimeout 16
|
||||
# }
|
||||
# }
|
||||
#}
|
14
conntrackd.logrotate
Normal file
14
conntrackd.logrotate
Normal file
@ -0,0 +1,14 @@
|
||||
/var/log/conntrackd-stats.log {
|
||||
compress
|
||||
dateext
|
||||
notifempty
|
||||
missingok
|
||||
nocreate
|
||||
weekly
|
||||
rotate 2
|
||||
copytruncate
|
||||
|
||||
postrotate
|
||||
/usr/sbin/rcconntrackd try-restart >/dev/null 2>&1
|
||||
endscript
|
||||
}
|
31
conntrackd.service
Normal file
31
conntrackd.service
Normal file
@ -0,0 +1,31 @@
|
||||
[Unit]
|
||||
Description=Connection tracking userspace daemon
|
||||
Documentation=man:conntrackd(8) man:conntrackd.conf(5)
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
NotifyAccess=main
|
||||
EnvironmentFile=-/etc/sysconfig/conntrackd
|
||||
# daemon will not start if lock file is left dangling
|
||||
ExecStartPre=/bin/rm -f $CONNTRACKD_LOCKFILE
|
||||
ExecStart=/usr/sbin/conntrackd $CONNTRACKD_OPTIONS
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
Restart=on-failure
|
||||
ProtectSystem=full
|
||||
ProtectHome=true
|
||||
# added automatically, for details please see
|
||||
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
||||
PrivateDevices=true
|
||||
ProtectHostname=true
|
||||
ProtectClock=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectControlGroups=true
|
||||
RestrictRealtime=true
|
||||
# end of automatic additions
|
||||
WatchdogSec=60
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
21
conntrackd.sysconfig
Normal file
21
conntrackd.sysconfig
Normal file
@ -0,0 +1,21 @@
|
||||
## Path: Network/Conntrackd
|
||||
## Description: Basic Configuration of the connection tracking daemon
|
||||
## Default: ""
|
||||
## ServiceRestart: conntrackd
|
||||
#
|
||||
# If you want to start conntrackd with additional options (see
|
||||
# `man 8 conntrackd`), please add them here.
|
||||
#
|
||||
CONNTRACKD_OPTIONS=""
|
||||
|
||||
## Description: The lock file of the running service
|
||||
## Default: '/var/run/lock/conntrackd.lock'
|
||||
## ServiceRestart: conntrackd
|
||||
#
|
||||
# Conntrackd holds a lock file when it iss started. Under normal
|
||||
# conditions your should not need to modify anything here and
|
||||
# leave the option as is.
|
||||
# As the daemon will not start if the lock file is left dangling,
|
||||
# the sysvinit and systemd scripts will try to remove any left
|
||||
# over files first.
|
||||
CONNTRACKD_LOCKFILE="/var/run/lock/conntrackd.lock"
|
Loading…
Reference in New Issue
Block a user