pool/conntrack-tools
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 573850 from security:netfilter

Browse Source 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/573850
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/conntrack-tools?expand=0&rev=29
This commit is contained in:
Dominique Leuenberger 2018-02-10 16:57:55 +00:00 committed by Git OBS Bridge
commit 7b645ebd33
7 changed files with 180 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
conntrack-tools.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Tue Jan 16 13:47:25 UTC 2018 - jengelh@inai.de
- submission from lars@linux-schulserver.de, partially applied
- split out new subpackage "conntrackd" for the eponymous
daemon (has systemd dependencies)
- add systemd service, logrotate config, sample sysconfig,
and sample config file.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Aug 22 11:33:28 UTC 2016 - jengelh@inai.de Mon Aug 22 11:33:28 UTC 2016 - jengelh@inai.de

98
conntrack-tools.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package conntrack-tools # spec file for package conntrack-tools
# #
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -16,6 +16,11 @@
# #
%if !%{defined _fillupdir}
# Leap/TW 15+
%define _fillupdir /var/adm/fillup-templates
%endif
Name: conntrack-tools Name: conntrack-tools
Version: 1.4.4 Version: 1.4.4
Release: 0 Release: 0
@ -28,6 +33,11 @@ Group: Productivity/Networking/Security
Source: ftp://ftp.netfilter.org/pub/conntrack-tools/%name-%version.tar.bz2 Source: ftp://ftp.netfilter.org/pub/conntrack-tools/%name-%version.tar.bz2
Source2: ftp://ftp.netfilter.org/pub/conntrack-tools/%name-%version.tar.bz2.sig Source2: ftp://ftp.netfilter.org/pub/conntrack-tools/%name-%version.tar.bz2.sig
Source3: %name.keyring Source3: %name.keyring
Source5: conntrackd.service
Source6: conntrackd.README.SUSE
Source7: conntrackd.logrotate
Source8: conntrackd.sysconfig
Source9: conntrackd.conf
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: automake BuildRequires: automake
@ -35,6 +45,7 @@ BuildRequires: bison
BuildRequires: flex >= 2.5.33 BuildRequires: flex >= 2.5.33
BuildRequires: libtool BuildRequires: libtool
BuildRequires: pkg-config >= 0.21 BuildRequires: pkg-config >= 0.21
BuildRequires: systemd-rpm-macros
BuildRequires: xz BuildRequires: xz
BuildRequires: pkgconfig(libmnl) >= 1.0.3 BuildRequires: pkgconfig(libmnl) >= 1.0.3
BuildRequires: pkgconfig(libnetfilter_conntrack) >= 1.0.6 BuildRequires: pkgconfig(libnetfilter_conntrack) >= 1.0.6
@ -42,49 +53,86 @@ BuildRequires: pkgconfig(libnetfilter_cthelper) >= 1.0.0
BuildRequires: pkgconfig(libnetfilter_cttimeout) >= 1.0.0 BuildRequires: pkgconfig(libnetfilter_cttimeout) >= 1.0.0
BuildRequires: pkgconfig(libnetfilter_queue) >= 1.0.2 BuildRequires: pkgconfig(libnetfilter_queue) >= 1.0.2
BuildRequires: pkgconfig(libnfnetlink) >= 1.0.1 BuildRequires: pkgconfig(libnfnetlink) >= 1.0.1
%if 0%{?suse_version} >= 1330
BuildRequires: pkgconfig(libsystemd) >= 227 BuildRequires: pkgconfig(libsystemd) >= 227
%endif
%description %description
The conntrack-tools are a set of tools targeted at system The conntrack/nfct utilities provide the userspace interface to the
administrators. They are conntrack, the userspace command line Netfilter connection tracking, replacing
interface, and conntrackd, the userspace daemon. The tool conntrack /proc/net/ip_conntrack. The tools can be used to search, list,
provides a full featured interface that has replaced the old procfs inspect and maintain the connection tracking subsystem of the Linux
interface. Using conntrack, you can view and manage the in-kernel kernel.
connection tracking state table from userspace. On the other hand,
conntrackd covers the specific aspects of stateful firewalls to %package -n conntrackd
enable highly available scenarios, and can be used as statistics Summary: Connection tracking daemon
collector as well. Group: Productivity/Networking/Security
Provides: conntrack-tools:/usr/sbin/conntrackd
Requires: conntrack-tools = %version-%release
Requires(post): fillup
Recommends: logrotate
%{?systemd_requires}
%description -n conntrackd
conntrackd is the user-space daemon for the Netfilter connection tracking
system. This daemon synchronizes connection tracking states between several
replica firewalls.
%prep %prep
%setup -q %setup -q
find doc -type f -name '*.orig' -delete find doc -type f -name "*.orig" -delete
find doc -type f -exec chmod -x "{}" "+"
%build %build
%configure \ %configure --disable-static --enable-systemd
%if 0%{?suse_version} >= 1330
--enable-systemd \
%endif
--disable-static
# CC read_config_lex.o # CC read_config_lex.o
#read_config_lex.l:24:28: fatal error: read_config_yy.h: No such file or #read_config_lex.l:24:28: fatal error: read_config_yy.h: No such file or
#directory #directory
make %{?_smp_mflags} -j1 make %{?_smp_mflags} -j1 V=1
%install %install
%make_install
b="%buildroot" b="%buildroot"
make install DESTDIR="$b" ln -s service "$b/%_sbindir/rcconntrackd"
find "$b/%_libdir" -type f -name "*.la" -delete find "$b/%_libdir" -type f -name "*.la" -delete
install -Dpm0644 "%_sourcedir"/conntrackd.service "$b/%_unitdir/conntrackd.service"
install -Dpm0644 "%_sourcedir/conntrackd.sysconfig" "$b/%_fillupdir/sysconfig.conntrackd"
install -Dpm0644 "%_sourcedir/conntrackd.logrotate" "$b/%_sysconfdir/logrotate.d/conntrackd"
b="%buildroot/%_docdir/%name"
mkdir -p "$b"
cp -a "%_sourcedir/conntrackd.README.SUSE" "%_sourcedir/conntrackd.conf" "$b/"
%pre -n conntrackd
%service_add_pre conntrackd.service
%post -n conntrackd
%fillup_only -n conntrackd
if [ "$1" -eq 1 -a ! -e "%_sysconfdir/conntrackd/conntrackd.conf" ]; then
install -Dpm0644 "%_docdir/%name/conntrackd.conf" "%_sysconfdir/conntrackd/conntrackd.conf"
fi
%service_add_post conntrackd.service
%preun -n conntrackd
%service_del_preun conntrackd.service
%postun -n conntrackd
%service_del_postun conntrackd.service
%files %files
%defattr(-,root,root)
%doc AUTHORS TODO doc/stats doc/helper
%_sbindir/conntrack %_sbindir/conntrack
%_sbindir/conntrackd
%_sbindir/nfct %_sbindir/nfct
%_mandir/man8/conntrack.8*
%_mandir/man8/nfct.8*
# Shared betweenn nfct and conntrackd:
%_libdir/%name %_libdir/%name
%_mandir/man5/*
%_mandir/man8/* %files -n conntrackd
%_sysconfdir/logrotate.d/conntrackd*
%_sbindir/conntrackd
%_sbindir/rcconntrackd
%_mandir/man5/conntrackd*
%_mandir/man8/conntrackd*
%dir %_docdir/%name
%_docdir/%name/conntrackd*
%_unitdir/conntrackd*
%_fillupdir/*conntrackd
%changelog %changelog

6
conntrackd.README.SUSE Normal file
View File

@ -0,0 +1,6 @@
The conntrackd daemon comes with an example conntrackd.conf configuration
file in /etc/conntrackd/ - please adjust to your needs (the file will not
get overwritten during package updates) to your needs.
If you want to start conntrackd with additional options (see
`man 8 conntrackd`), please add them in /etc/sysconfig/conntrackd.

36
conntrackd.conf Normal file
View File

@ -0,0 +1,36 @@
# This is a set of SUSE-provided recommendations. To use it or make
# modifications to it, copy it to /etc/conntrackd/conntrackd.conf and adjust
# /etc/sysconfig/conntrackd.
General {
Nice -5
HashSize 32768
HashLimit 131072
# LogFile on
Syslog on
LockFile /var/run/lock/conntrackd.lock
UNIX {
Path /var/run/conntrackd.sock
Backlog 20
}
# NetlinkBufferSize 2097152
# NetlinkBufferSizeMaxGrowth 8388608
SocketBufferSize 262142
SocketBufferSizeMaxGrown 655355
# Filter From Userspace {
# Address Ignore {
# IPv4_address 127.0.0.1 # loopback
# IPv6_address ::1 # loopback
# }
# }
# default SUSE systemd service unit file is of Type=notify
Systemd on
}
Stats {
LogFile on
}

14
conntrackd.logrotate Normal file
View File

@ -0,0 +1,14 @@
/var/log/conntrackd-stats.log {
compress
dateext
notifempty
missingok
nocreate
weekly
rotate 2
copytruncate
postrotate
/usr/sbin/rcconntrackd try-restart >/dev/null 2>&1
endscript
}

21
conntrackd.service Normal file
View File

@ -0,0 +1,21 @@
[Unit]
Description=Connection tracking userspace daemon
Documentation=man:conntrackd(8) man:conntrackd.conf(5)
After=network-online.target
Wants=network-online.target
[Service]
Type=notify
NotifyAccess=main
EnvironmentFile=-/etc/sysconfig/conntrackd
# daemon will not start if lock file is left dangling
ExecStartPre=/bin/rm -f $CONNTRACKD_LOCKFILE
ExecStart=/usr/sbin/conntrackd $CONNTRACKD_OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
ProtectSystem=full
ProtectHome=true
WatchdogSec=60
[Install]
WantedBy=multi-user.target

21
conntrackd.sysconfig Normal file
View File

@ -0,0 +1,21 @@
## Path: Network/Conntrackd
## Description: Basic Configuration of the connection tracking daemon
## Default: ""
## ServiceRestart: conntrackd
#
# If you want to start conntrackd with additional options (see
# `man 8 conntrackd`), please add them here.
#
CONNTRACKD_OPTIONS=""
## Description: The lock file of the running service
## Default: '/var/run/lock/conntrackd.lock'
## ServiceRestart: conntrackd
#
# Conntrackd holds a lock file when it iss started. Under normal
# conditions your should not need to modify anything here and
# leave the option as is.
# As the daemon will not start if the lock file is left dangling,
# the sysvinit and systemd scripts will try to remove any left
# over files first.
CONNTRACKD_LOCKFILE="/var/run/lock/conntrackd.lock"