Sync from SUSE:SLFO:Main conntrack-tools revision 4878dd55656e7934e0c684fa7383b543

This commit is contained in:
Adrian Schröter 2024-05-03 11:48:18 +02:00
commit c082974b96
11 changed files with 666 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

BIN
conntrack-tools-1.4.8.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

Binary file not shown.

226
conntrack-tools.changes Normal file
View File

@ -0,0 +1,226 @@
-------------------------------------------------------------------
Fri Sep 29 11:32:56 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
- Update to release 1.4.8
* Fix spurious EOPNOSUPP and ENOBUFS errors with -U/--update
command.
* Fix spurious ENOENT -D/--delete.
-------------------------------------------------------------------
Thu Oct 6 19:02:32 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
- Update to release 1.4.7
* Changes to the "conntrack" program:
* "clash_resolve" and "chaintoolong" stats counters
* Defaults to the `unspec` family if the `-f` flag is absent,
so as to improve support for dual-stack setups.
* Support filtering events by IP address family.
* Support flushing per IP address family.
* Added the `save` output format representing data in conntrack
parameters, and support for loading such files back.
* Remove the `-o userspace` flag and always tag user space
triggered events.
* Introduce the `-A` flags, a variant of `-I` which does not
fail if the entry exists already.
-------------------------------------------------------------------
Mon Aug 30 08:34:07 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s). Modified:
* conntrackd.service
-------------------------------------------------------------------
Wed Apr 1 18:55:00 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
- Update to release 1.4.6
* conntrackd: fix UDP IPv6 destination address not being usable
* conntrack: Allow protocol number zero
* conntrackd: cthelper: Add new SLP helper
- Drop conntrackd-Use-strdup-in-lexer.patch,
conntrackd-use-strncpy-to-unix-path.patch,
conntrackd-cthelper-Add-new-SLP-helper.patch,
conntrackd-use-correct-max-unix-path-length.patch (merged)
- Drop require on systemd, since it can run in a namespace without.
-------------------------------------------------------------------
Tue Jul 23 06:43:55 UTC 2019 - Michal Kubeček <mkubecek@suse.cz>
- conntrackd-cthelper-Add-new-SLP-helper.patch:
userspace conntrack helper for SLP (Service Location Protocol) to
replace SUSE specific kernel helper (rejected by upstream) from
openSUSE / SLE kernel packages (FATE#324143 bsc#1127886)
- run autoreconf before build (patch above touches Makefile.am)
- add commented out conntrack helper config example to default
conntrackd.conf
- drop deprecated (and ignored) options Nice and UNIX/Backlog from
default conntrackd.conf
-------------------------------------------------------------------
Mon Jul 15 11:20:59 UTC 2019 - Michal Kubeček <mkubecek@suse.cz>
- Fix 1.4.5 parser issues (bsc#1141480):
conntrackd-use-strncpy-to-unix-path.patch
conntrackd-Use-strdup-in-lexer.patch
conntrackd-use-correct-max-unix-path-length.patch
-------------------------------------------------------------------
Tue May 1 12:39:52 UTC 2018 - jengelh@inai.de
- Update to new upstream release 1.4.5
* new synproxy support
* improved logging support (both stdout/stderr and log files)
* new mDNS ct helper
* deprecate unix backlog configuration
* drop old/obsolete/deprecated conntrackd.conf config options
* improved support for UPnP in the SSDP ct helper
* add stronger TCP flags support
* conntrack CLI tool: new support for IPv6 NAT
* nfct CLI tool: some improvements to the build (-z lazy)
-------------------------------------------------------------------
Fri Mar 16 23:53:12 UTC 2018 - jengelh@inai.de
- Add tirpc for openSUSE 15 and onwards.
-------------------------------------------------------------------
Tue Jan 16 13:47:25 UTC 2018 - jengelh@inai.de
- submission from lars@linux-schulserver.de, partially applied
- split out new subpackage "conntrackd" for the eponymous
daemon (has systemd dependencies)
- add systemd service, logrotate config, sample sysconfig,
and sample config file.
-------------------------------------------------------------------
Mon Aug 22 11:33:28 UTC 2016 - jengelh@inai.de
- Update to new upstream release 1.4.4
* conntrackd: add systemd support
* conntrack: support delete by label
* conntrack: add support for netmask filtering
* conntrack: add support for CIDR notation
* conntrack: Add missing tables "dying" and "unconfirmed"
to usage output.
-------------------------------------------------------------------
Wed Sep 9 16:27:05 UTC 2015 - jengelh@inai.de
- Update to new upstream release 1.4.3
* conntrack: fix expectation entry creation
* expect: Fix wrong memset usage
* cthelper: don't pass up a 0 length queue
* conntrackd: allow strings with underscore from flex scanner
* conntrack: fix setting labels in updates
-------------------------------------------------------------------
Thu Jan 8 19:14:05 UTC 2015 - jengelh@inai.de
- Update to new git snapshot 1.4.2.g26
* Chromecast/SSDP support, SSDP userspace helper
* TFTP userspace helper support
* Support for attaching expectations via nfqueue
* Fix directory lookup for helper plugins
* Fixes a possible crash if conntrackd sees DCCP, SCTP and ICMPv6
traffic and the corresponding kernel modules that track this
traffic are not available. [bnc#942419, CVE-2015-6496]
-------------------------------------------------------------------
Tue Sep 23 15:16:24 UTC 2014 - jengelh@inai.de
- Drop gpg-offline build-time requirement; this is now handled by
the local source validator
-------------------------------------------------------------------
Wed Aug 7 13:13:50 UTC 2013 - jengelh@inai.de
- Update to new upstream release 1.4.2
* This release includes bugfixes and the connlabel support.
-------------------------------------------------------------------
Mon Mar 4 19:59:14 UTC 2013 - jengelh@inai.de
- Update to new upstream release 1.4.1
* conntrack: add support to dump the dying and unconfirmed list via
ctnetlink
* conntrackd: fix deadlock due to wrong nested signal blocking
-------------------------------------------------------------------
Tue Nov 20 17:37:55 CET 2012 - sbrabec@suse.cz
- Verify GPG signature
-------------------------------------------------------------------
Mon Oct 8 12:32:55 UTC 2012 - jengelh@inai.de
- Update to new upstream release 1.4.0
* This release adds the user-space helper infrastructure which
includes the RPC portmapper (to support NFSv3) and Oracle*TNS
helpers.
-------------------------------------------------------------------
Tue Jul 31 12:10:49 UTC 2012 - jengelh@inai.de
- Update to new upstream release 1.2.2
* conntrackd: commit operation has to be synchronous
* conntrackd: implement selective flushing for -t and -F commands
-------------------------------------------------------------------
Thu May 31 12:03:49 UTC 2012 - jengelh@inai.de
- Resolve compilation failure due to missing #include
-------------------------------------------------------------------
Sat May 26 18:38:34 UTC 2012 - jengelh@inai.de
- Update to new upstream release 1.2.1
* Add support for NAT expectations, synchronization of expectation
class, helper names and expect functions. Filtering by mark is
now allowed.
-------------------------------------------------------------------
Wed Jan 4 20:16:48 UTC 2012 - jengelh@medozas.de
- Update to new upstream release 1.0.1
* add support for mark masks
-------------------------------------------------------------------
Sat Sep 17 23:49:42 UTC 2011 - jengelh@medozas.de
- Remove redundant tags/sections from specfile
-------------------------------------------------------------------
Sun Feb 27 04:33:13 UTC 2011 - jengelh@medozas.de
- new upstream release 1.0.0
* SYN_SENT2 support for the command line tool conntrack (which was
added in Linux kernel >= 2.6.31).
* allow to listen to update and destroy expectation events (it
requires a Linux kernel >= 2.6.37).
* conntrack timestamping support with -o ktimestamp (this support
requires the upcoming Linux 2.6.38).
* one fix for conntrackd: two very consecutive commit invocations
with option -c may result in the hang of the second commit
invocation if the first commit did not finish yet. As a result the
second commit invocation required a manual SIGTERM.
- Remove redundant %clean section
-------------------------------------------------------------------
Thu Jul 15 19:47:42 UTC 2010 - jengelh@medozas.de
- new upstream release 0.9.15
* support for conntrack zones
* support for TCP window scale synchronization
* fixes to option parsing and printouts
-------------------------------------------------------------------
Tue Feb 23 22:08:54 UTC 2010 - jengelh@medozas.de
- new upstream release: 0.9.14
- use %_smp_mflags
- wrap description at col 70
-------------------------------------------------------------------
Sun Sep 20 17:01:40 UTC 2009 - bitshuffler #suse@irc.freenode.org
- Updated to 0.9.13

64
conntrack-tools.keyring Normal file
View File

@ -0,0 +1,64 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF+HdQgBEACzteJUJGtj3N6u5mcGh4Nu/9GQfwrrphZuI7jto2N6+ZoURded
660mFLnax7wgIE8ugAa085jwFWbFY3FzGutUs/kDmnqy9WneYNBLIAF3ZTFfY+oi
V1C09bBlHKDj9gSEM2TZ/qU14exKdSloqcMKSdIqLQX27w/D6WmO1crDjOKKN9F2
zjc3uLjo1gIPrY+Kdld29aI0W4gYvNLOo+ewhVC5Q6ymWOdR3eKaP2HIAt8CYf0t
Sx8ChHdBvXQITDmXoGPLTTiCHBoUzaJ/N8m4AZTuSUTr9g3jUNFmL48OrJjFPhHh
KDY0V59id5nPu4RX3fa/XW+4FNlrthA5V9dQSIPh7r7uHynDtkcCHT5m4mn0NqG3
dsUqeYQlrWKCVDTfX/WQB3Rq1tgmOssFG9kZkXcVTmis3KFP1ZAahBRB33OJgSfi
WKc/mWLMEQcljbysbJzq74Vrjg44DNK7vhAXGoR35kjj5saduxTywdb3iZhGXEsg
9zqV0uOIfMQsQJQCZTlkqvZibdB3xlRyiCwqlf1eHB2Vo7efWbRIizX2da4c5xUj
+IL1eSPmTV+52x1dYXpn/cSVKJAROtcSmwvMRyjuGOcTNtir0XHCxC5YYBow6tKR
U1hrFiulCMH80HeS+u/g4SpT4lcv+x0DlN5BfWQuN5k5ZzwKb6EQs092qQARAQAB
tCxOZXRmaWx0ZXIgQ29yZSBUZWFtIDxjb3JldGVhbUBuZXRmaWx0ZXIub3JnPokC
VAQTAQoAPhYhBDfZZKzASYHHVQD7m9Vdl4qKFCDkBQJfh3UIAhsDBQkHhM4ABQsJ
CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJENVdl4qKFCDk0msQAJTIK8TLHw2IJDc6
+ZfUJc+znSNwskO+A4lwvb1vRY5qFV+CA2S1eUS4HGDWDT0sPKie6Nx4+FBczkWd
RA+eaKDqQeS5Vzc2f0bl74un91h7yE8O2NsVnpL166MnAAk3/ACjHsZX2PzF12F6
4stvGQFpjZRWItj0I6bvPY6CTtqVPB98a6RpdbS9kGxCCMrL3CFGDXGSjXes5KwN
IvngmVB36wjb3QgEtQIv13jrWFfiXeuieqMRyC6Z3KNYVcvis34eGxPFD9MHrK+w
bdw3KzMBJd7hMoVRl32Q13T/PX8H3pqWMqKaL41wHUswRt0IQjNZnRvRnlJ0VDFf
Wep/3dFK+uQbdABuiwCiRli5mWeOMCP+qJodP1OZSGqg0VwZWUGdCGG5+qIhngOj
QVomvJ7N4eRLU3xuPVjLoBeHzvViUPpYtWQ/YiZK5rWTJHhu88xZaysFJRaV+Uz3
wPkeqdArRRXl1Tpy+cKy7D5BZAr7OjT1wboon23IM2DJRurbaHD8blMsjZ07pbvb
4hdpiE6mqq7CYskDz2UGTaFfEW4bFnKtvKTXEnmcqc4mWcr2z9BBYouGmcFczgET
tE02XejmExXV2RPUtXfLuNIbVpuXG1qhzNuXAfm+S/68XDSFrwyK8/Dgq5ga0iIP
n8Uvz12Xu/Qde+NicogLNWF90QJ2iQIzBBABCgAdFiEEwJ2yBj8dcDS6YVKtq0ZV
oSbSkuQFAl+HdTEACgkQq0ZVoSbSkuSrmhAAi64OqYjb2ZbAJbFAPM6pijyys6Y9
o8ZyLoCRCUXNrjWkNIozTgmj5fm0ECrUXKyrB6OJhTvaRXmqLcBwWOAnP1v7wb+S
ZhEwP0n6E1mZW0t1Qt0xX8yifM5Tpvy+757OSrsuoRpXwwz4Ubuc6G4N/McoRSfU
tVUcz3sKF8hcbETD/hVZb9Qfv0ZjQxu8LiBfKfgy2Eg8yExTdO027hYqQc5q2HEp
HRjD2PMyI33V8KqffWn0AkofweOOFxg1ePV5X9M8rYP+k/2gjPkrrvnZgF/4SxDM
FATmHaIbO3zEQg+u2f1mVCZASBBN1MLth7dMOoClHBmxnQ8uapRg9GNxs7TnXmV/
diZZbqLf6i9bW/scvWEIdM8EGKpbGjdWIlgQJTIuz3seB+9zOdq9L3uTQWHnYLid
R3YkyOsBRqQvM7Gb3zYgvlPjZ+L2FeGg5rD/eeLbv+k027E0TSAgtHoSA2pVTDDK
uqCXVKfmk1I0SO83L9teBblxed07LeVaS9/uK00rWM/TM1bwogfF/4ZEsmAWznzv
Xan/QmrYNgK3C3AZ4pMX7pGCGV1w93Fw3tUzaEJeS2LlsiL5aPOF63b/DqM6W2nl
UqGjKTdVLuF+JgoRH5U2wCyHYhDFm+CaFsYUu2Jf5hTmVWOR3anBoXy6Ty8SoV8q
KxtKpmKmIdPhDe65Ag0EX4d1CAEQANJMZApYzeeLrc7Rs6fGDK4Z3ejEST+aq7vO
RT9YEppRBG1QoUDBuNodAFxIWM6SpwvN7X9AZeIML2EOjDabF5Q6RNHbwODyLDYc
wmqtWh0NNpK85fXwDgcLOQW+dPimsk3ni1crXhhjZgs6syb9yM/pDi0Tf7wzNZt0
0p736zlpQPMORfO+mFgac0FVt/GQsTdIwTBzZ36fcV3W8iPH334Sqsatp617R+z+
q2alH8Vynz12iHi2oJFtmTxhghCROPcLWz3XMKv9A7BfuZeE0k+pK7xnBKrpZzKU
k1j2uzTKzV2Bquo5HNDsy9PgQn16BlXVrxdHfQnBz2w67aHMKnPD/v+K81oxtnuk
pwBAT8Wovkyy1VTLhQH5F0y5bpQrVH/Lwq0/q421hfD3iPHtb2tC1heT9ze/sqkY
plctFb81fx3o8xcBpvuIaTB3URptf8JNvh5KjETZFMQvAddq8oYovoKu+Z/585uC
qwO0Fohpw9qRwmhq7UBvGDVAVgo6kKjMW2Z9U3OnfggrDCytCIZh8eLNagfRL2cu
iq8Sx+cGGt1zoCPhjDN1MaNt/KHm8Gxr+lP+RxH3Et3pEX6mmhSCaU4wr0W5Bf3p
jEtiOwnqajisBQCHh49OGiV8Vg9uQN5GpLpPpbvnGS4vq8jdj6p3gsiS2F7JMy7O
ysBENBkXABEBAAGJAjwEGAEKACYWIQQ32WSswEmBx1UA+5vVXZeKihQg5AUCX4d1
CAIbDAUJB4TOAAAKCRDVXZeKihQg5NMIEACBdwXwDMRB8rQeqNrhbh7pjbHHFmag
8bPvkmCq/gYGx9MQEKFUFtEGNSBh6m5pXr9hJ9HD2V16q9ERbuBcA6wosz4efQFB
bbage7ZSECCN+xMLirQGRVbTozu2eS8FXedH0X9f0JWLDGWwRg+pAqSOtuFjHhYM
jVpwbH/s71BhH84x5RgWezh2BWLbP3UuY7JtWNAvAaeo53Js2dzzgjDopPis4qZR
rLR9cTGjqa6ZTc/PlLfaCsm6rGBlNx/bFJjz75+yn7vMQa47fOBt4qfriHX7G/Tg
3s8xsQSLEm3IBEYh27hoc9ZD45EXgm9ZiGA21t9v1jA27yTVaUrPbC40iDv/CMcQ
7N2Y1sJRvmrd+2pKxtNNutujjwgBguo5bKK253R5Hy0a+NzK2LSc/GmR8EJJEwW1
7r6road7Ss6YImCZExeY+CAW0FEzwQpmqfOdlusvIyk4x4r12JH8Q8NWHMzU3Ym/
yqdopn/SCwCfXJsL4/eHLCaWuyiWjljNa7MwPDITx2ZPRE5QEqCqi4gaDWXyVHt8
leGE1G3zoXNJogWhDswh105UnlZEEfOvbHbaxgWPjLV/xkuHhVlaqdyXbTExrgK6
U2wevNS03dBuQ6bjNIbMIt9ulbiBV8MJWR0PZtnNJ958f1QXC4GT+L3FG1g5Jtz+
rlbu70nh2kSJrg==
=wukb
-----END PGP PUBLIC KEY BLOCK-----

140
conntrack-tools.spec Normal file
View File

@ -0,0 +1,140 @@
#
# spec file for package conntrack-tools
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%if !%{defined _fillupdir}
# Leap/TW 15+
%define _fillupdir /var/adm/fillup-templates
%endif
Name: conntrack-tools
Version: 1.4.8
Release: 0
Summary: Userspace tools for interacting with the Connection Tracking System
License: GPL-2.0-or-later
Group: Productivity/Networking/Security
URL: http://conntrack-tools.netfilter.org/
#Git-Clone: git://git.netfilter.org/conntrack-tools
Source: https://www.netfilter.org/projects/conntrack-tools/files/conntrack-tools-%version.tar.xz
Source2: https://www.netfilter.org/projects/conntrack-tools/files/conntrack-tools-%version.tar.xz.sig
Source3: %name.keyring
Source5: conntrackd.service
Source6: conntrackd.README.SUSE
Source7: conntrackd.logrotate
Source8: conntrackd.sysconfig
Source9: conntrackd.conf
BuildRequires: automake
BuildRequires: bison
BuildRequires: flex >= 2.5.33
BuildRequires: libtool
BuildRequires: pkg-config >= 0.21
BuildRequires: systemd-rpm-macros
BuildRequires: xz
BuildRequires: pkgconfig(libmnl) >= 1.0.3
BuildRequires: pkgconfig(libnetfilter_conntrack) >= 1.0.9
BuildRequires: pkgconfig(libnetfilter_cthelper) >= 1.0.0
BuildRequires: pkgconfig(libnetfilter_cttimeout) >= 1.0.0
BuildRequires: pkgconfig(libnetfilter_queue) >= 1.0.2
BuildRequires: pkgconfig(libnfnetlink) >= 1.0.1
BuildRequires: pkgconfig(libsystemd) >= 227
%if 0%{?suse_version} >= 1500
BuildRequires: pkgconfig(libtirpc)
%endif
%description
The conntrack/nfct utilities provide the userspace interface to the
Netfilter connection tracking, replacing
/proc/net/ip_conntrack. The tools can be used to search, list,
inspect and maintain the connection tracking subsystem of the Linux
kernel.
%package -n conntrackd
Summary: Connection tracking daemon
Group: Productivity/Networking/Security
Provides: conntrack-tools:/usr/sbin/conntrackd
Requires: conntrack-tools = %version-%release
Requires(post): fillup
Recommends: logrotate
%description -n conntrackd
conntrackd is the user-space daemon for the Netfilter connection tracking
system. This daemon synchronizes connection tracking states between several
replica firewalls.
%prep
%setup -q
find doc -type f -name "*.orig" -delete
find doc -type f -exec chmod -x "{}" "+"
%build
autoreconf -vif
%configure --disable-static --enable-systemd
# CC read_config_lex.o
#read_config_lex.l:24:28: fatal error: read_config_yy.h: No such file or
#directory
%make_build -j1
%install
%make_install
b="%buildroot"
ln -s service "$b/%_sbindir/rcconntrackd"
find "$b/%_libdir" -type f -name "*.la" -delete
install -Dpm0644 "%_sourcedir"/conntrackd.service "$b/%_unitdir/conntrackd.service"
install -Dpm0644 "%_sourcedir/conntrackd.sysconfig" "$b/%_fillupdir/sysconfig.conntrackd"
install -Dpm0644 "%_sourcedir/conntrackd.logrotate" "$b/%_sysconfdir/logrotate.d/conntrackd"
b="%buildroot/%_docdir/%name"
mkdir -p "$b"
cp -a "%_sourcedir/conntrackd.README.SUSE" "%_sourcedir/conntrackd.conf" "$b/"
%pre -n conntrackd
%service_add_pre conntrackd.service
%post -n conntrackd
%fillup_only -n conntrackd
if [ "$1" -eq 1 -a ! -e "%_sysconfdir/conntrackd/conntrackd.conf" ]; then
install -Dpm0644 "%_docdir/%name/conntrackd.conf" "%_sysconfdir/conntrackd/conntrackd.conf"
fi
%service_add_post conntrackd.service
%preun -n conntrackd
%service_del_preun conntrackd.service
%postun -n conntrackd
%service_del_postun conntrackd.service
%files
%_sbindir/conntrack
%_sbindir/nfct
%_mandir/man8/conntrack.8*
%_mandir/man8/nfct.8*
# Shared betweenn nfct and conntrackd:
%_libdir/%name/
%files -n conntrackd
%_sysconfdir/logrotate.d/conntrackd*
%_sbindir/conntrackd
%_sbindir/rcconntrackd
%_mandir/man5/conntrackd*
%_mandir/man8/conntrackd*
%dir %_docdir/%name
%_docdir/%name/conntrackd*
%_unitdir/conntrackd*
%_fillupdir/*conntrackd
%changelog

6
conntrackd.README.SUSE Normal file
View File

@ -0,0 +1,6 @@
The conntrackd daemon comes with an example conntrackd.conf configuration
file in /etc/conntrackd/ - please adjust to your needs (the file will not
get overwritten during package updates) to your needs.
If you want to start conntrackd with additional options (see
`man 8 conntrackd`), please add them in /etc/sysconfig/conntrackd.

138
conntrackd.conf Normal file
View File

@ -0,0 +1,138 @@
# This is a set of SUSE-provided recommendations. To use it or make
# modifications to it, copy it to /etc/conntrackd/conntrackd.conf and adjust
# /etc/sysconfig/conntrackd.
General {
HashSize 32768
HashLimit 131072
# LogFile on
Syslog on
LockFile /var/run/lock/conntrackd.lock
UNIX {
Path /var/run/conntrackd.sock
}
# NetlinkBufferSize 2097152
# NetlinkBufferSizeMaxGrowth 8388608
SocketBufferSize 262142
SocketBufferSizeMaxGrown 655355
# Filter From Userspace {
# Address Ignore {
# IPv4_address 127.0.0.1 # loopback
# IPv6_address ::1 # loopback
# }
# }
# default SUSE systemd service unit file is of Type=notify
Systemd on
}
Stats {
LogFile on
}
#Helper {
# # Before this, you have to make sure you have registered the `ftp'
# # user-space helper stub via:
# #
# # nfct add helper ftp inet tcp
# #
# Type ftp inet tcp {
# #
# # Set NFQUEUE number you want to use to receive traffic from
# # the kernel.
# #
# QueueNum 0
#
# #
# # Maximum number of packets waiting in the queue to receive
# # a verdict from user-space. Default is 1024.
# #
# # Rise value if you hit the following error message:
# # "nf_queue: full at X entries, dropping packets(s)"
# #
# QueueLen 10240
#
# #
# # Set the Expectation policy for this helper. This section
# # is optional; if left unspecified, the defaults from the
# # ctd_helper struct will be used.
# #
# Policy ftp {
# #
# # Maximum number of simultaneous expectations
# #
# ExpectMax 1
# #
# # Maximum living time for one expectation (in seconds).
# #
# ExpectTimeout 300
# }
# }
# Type rpc inet tcp {
# QueueNum 1
# QueueLen 10240
# Policy rpc {
# ExpectMax 1
# ExpectTimeout 300
# }
# }
# Type rpc inet udp {
# QueueNum 2
# QueueLen 10240
# Policy rpc {
# ExpectMax 1
# ExpectTimeout 300
# }
# }
# Type tns inet tcp {
# QueueNum 3
# QueueLen 10240
# Policy tns {
# ExpectMax 1
# ExpectTimeout 300
# }
# }
# Type dhcpv6 inet6 udp {
# QueueNum 4
# QueueLen 10240
# Policy dhcpv6 {
# ExpectMax 1
# ExpectTimeout 300
# }
# }
# Type ssdp inet udp {
# QueueNum 5
# QueueLen 10240
# Policy ssdp {
# ExpectMax 8
# ExpectTimeout 300
# }
# }
# Type ssdp inet tcp {
# QueueNum 5
# QueueLen 10240
# Policy ssdp {
# ExpectMax 8
# ExpectTimeout 300
# }
# }
# Type mdns inet udp {
# QueueNum 6
# QueueLen 10240
# Policy mdns {
# ExpectMax 8
# ExpectTimeout 30
# }
# }
# Type slp inet udp {
# QueueNum 7
# QueueLen 10240
# Policy slp {
# ExpectMax 8
# ExpectTimeout 16
# }
# }
#}

14
conntrackd.logrotate Normal file
View File

@ -0,0 +1,14 @@
/var/log/conntrackd-stats.log {
compress
dateext
notifempty
missingok
nocreate
weekly
rotate 2
copytruncate
postrotate
/usr/sbin/rcconntrackd try-restart >/dev/null 2>&1
endscript
}

31
conntrackd.service Normal file
View File

@ -0,0 +1,31 @@
[Unit]
Description=Connection tracking userspace daemon
Documentation=man:conntrackd(8) man:conntrackd.conf(5)
After=network-online.target
Wants=network-online.target
[Service]
Type=notify
NotifyAccess=main
EnvironmentFile=-/etc/sysconfig/conntrackd
# daemon will not start if lock file is left dangling
ExecStartPre=/bin/rm -f $CONNTRACKD_LOCKFILE
ExecStart=/usr/sbin/conntrackd $CONNTRACKD_OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
ProtectSystem=full
ProtectHome=true
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions
WatchdogSec=60
[Install]
WantedBy=multi-user.target

21
conntrackd.sysconfig Normal file
View File

@ -0,0 +1,21 @@
## Path: Network/Conntrackd
## Description: Basic Configuration of the connection tracking daemon
## Default: ""
## ServiceRestart: conntrackd
#
# If you want to start conntrackd with additional options (see
# `man 8 conntrackd`), please add them here.
#
CONNTRACKD_OPTIONS=""
## Description: The lock file of the running service
## Default: '/var/run/lock/conntrackd.lock'
## ServiceRestart: conntrackd
#
# Conntrackd holds a lock file when it iss started. Under normal
# conditions your should not need to modify anything here and
# leave the option as is.
# As the daemon will not start if the lock file is left dangling,
# the sysvinit and systemd scripts will try to remove any left
# over files first.
CONNTRACKD_LOCKFILE="/var/run/lock/conntrackd.lock"