diff options
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/README.source | 2 | ||||
| -rw-r--r-- | debian/changelog | 109 | ||||
| -rw-r--r-- | debian/compat | 1 | ||||
| -rw-r--r-- | debian/conntrack.install | 2 | ||||
| -rw-r--r-- | debian/conntrackd.README.Debian | 8 | ||||
| -rw-r--r-- | debian/conntrackd.conf | 101 | ||||
| -rw-r--r-- | debian/conntrackd.default | 5 | ||||
| -rw-r--r-- | debian/conntrackd.init | 61 | ||||
| -rw-r--r-- | debian/conntrackd.install | 4 | ||||
| -rw-r--r-- | debian/conntrackd.logrotate | 9 | ||||
| -rw-r--r-- | debian/conntrackd.postinst | 17 | ||||
| -rw-r--r-- | debian/conntrackd.postrm | 19 | ||||
| -rw-r--r-- | debian/conntrackd.preinst | 25 | ||||
| -rw-r--r-- | debian/control | 24 | ||||
| -rw-r--r-- | debian/copyright | 21 | ||||
| -rw-r--r-- | debian/patches/00list | 1 | ||||
| -rw-r--r-- | debian/patches/10-fix_udp_support.dpatch | 48 | ||||
| -rwxr-xr-x | debian/rules | 98 | ||||
| -rw-r--r-- | debian/watch | 4 |
19 files changed, 559 insertions, 0 deletions
diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 0000000..b9e490d --- /dev/null +++ b/debian/README.source @@ -0,0 +1,2 @@ +We use dpatch for patch handling inside our nagios packages. Please see +/usr/share/doc/dpatch/README.source.gz (if you have installed dpatch) for documentation about dpatch. diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..b3f5b58 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,109 @@ +conntrack (1:0.9.14-2) unstable; urgency=low + + * Integrate lost NMU from Stefan Fritsch. Thanks Stefan + * Prevent dpkg conffile prompt for unmodified conntrackd.conf when upgrading + from pre 1:0.9.12-1 (closes: #542662). + + -- Alexander Wirt <formorer@debian.org> Sat, 13 Feb 2010 11:17:59 +0100 + +conntrack (1:0.9.14-1) unstable; urgency=low + + * New upstream version + * Add ${misc:Depends} to all binary packages + * Add dpatch support + * Bump standards version (no changes) + * Remove Max from Uploaders. Thanks for your work! + * Backport patch from HEAD to fix UDP filtering. + Thanks tino for the hint + + -- Alexander Wirt <formorer@debian.org> Sat, 30 Jan 2010 18:34:09 +0100 + +conntrack (1:0.9.13-1) unstable; urgency=low + + [ Max Kellermann ] + * new upstream release (Closes: #537896, #545918) + - require libnfnetlink 1.0.0, libnetfilter_conntrack 0.0.100 + - ChangeLog was removed by upstream + * updated home page in the copyright file (Closes: #533583) + * correct LSB dependencies in init script, patch by Petter Reinholdtsen + (Closes: #541079) + + [ Alexander Wirt ] + * Bump standards version + + -- Alexander Wirt <formorer@debian.org> Thu, 17 Sep 2009 12:32:19 +0200 + +conntrack (1:0.9.12-1) unstable; urgency=low + + [ Max Kellermann ] + * new upstream release + - build-depend on libnfnetlink 0.0.40, libnetfilter-conntrack 0.0.99 + - fixes FTBS (undeclared variable) + (Closes: #522181, #518891) + * moved conntrackd.conf to /etc/conntrackd/conntrackd.conf (Closes: #477679) + * updated sample configuration file + * updated home page to http://conntrack-tools.netfilter.org/ + * restart conntrackd after logrotate (Closes: #513079) + + [ Alexander Wirt ] + * Bump standards version + + -- Alexander Wirt <formorer@debian.org> Thu, 02 Apr 2009 11:37:25 +0200 + +conntrack (1:0.9.7-1) unstable; urgency=low + + [ Max Kellermann ] + * new upstream release + - dropped all patches because they have been merged by upstream + - depend on libnfnetlink 0.0.33, libnetfilter-conntrack 0.0.94 + + [ Alexander Wirt ] + * Bump standards version (No changes) + + -- Alexander Wirt <formorer@debian.org> Tue, 22 Jul 2008 23:33:30 +0200 + +conntrack (1:0.9.6-4) unstable; urgency=low + + [ Max Kellermann ] + * fix compilation on SPARC (printf argument mismatch) + + -- Alexander Wirt <formorer@debian.org> Mon, 14 Apr 2008 23:09:22 +0200 + +conntrack (1:0.9.6-3) unstable; urgency=low + + [ Max Kellermann ] + * fix gcc 4.3 compilation errors: + - "large integer implicitly truncated to unsigned type" (Closes: #472812) + - "'input' defined but not used" (Closes: #474768) + + -- Alexander Wirt <formorer@debian.org> Tue, 08 Apr 2008 22:08:10 +0200 + +conntrack (1:0.9.6-2) unstable; urgency=low + + * Build depend on bison (Closes: #472442) + + -- Alexander Wirt <formorer@debian.org> Mon, 24 Mar 2008 12:35:44 +0100 + +conntrack (1:0.9.6-1) unstable; urgency=low + + [ Max Kellermann ] + * new upstream release + * added package "conntrackd" + * updated watchfile for new upstream name "conntrack-tools" (Closes: + #449899) + * removed "-Wall" from CFLAGS override + * moved DH_COMPAT to debian/compat + * don't ignore "make distclean" errors + * bumped Standards-Version to 3.7.3 + * install upstream changelog + * added Homepage header to debian/control + * call dh_install with -X.svn because upstream accidently distributed + the .svn directories + + -- Alexander Wirt <formorer@debian.org> Fri, 21 Mar 2008 22:46:22 +0100 + +conntrack (1.00~beta2-1) unstable; urgency=low + + * initial debian release (Closes: #388615) + + -- Max Kellermann <max@duempel.org> Thu, 21 Sep 2006 18:04:51 +0200 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..7ed6ff8 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +5 diff --git a/debian/conntrack.install b/debian/conntrack.install new file mode 100644 index 0000000..ab442d1 --- /dev/null +++ b/debian/conntrack.install @@ -0,0 +1,2 @@ +debian/tmp/usr/sbin/conntrack +debian/tmp/usr/share/man/man8/conntrack.8 diff --git a/debian/conntrackd.README.Debian b/debian/conntrackd.README.Debian new file mode 100644 index 0000000..8964ec4 --- /dev/null +++ b/debian/conntrackd.README.Debian @@ -0,0 +1,8 @@ +conntrackd can run in two modes: +- statistics mode +- synchronization mode + +This package comes with a sample configuration file for the statistics +mode in (/etc/conntrackd/conntrackd.conf). There are also sample +configuration files for the synchronization mode in +/usr/share/doc/conntrackd/examples. diff --git a/debian/conntrackd.conf b/debian/conntrackd.conf new file mode 100644 index 0000000..6d76261 --- /dev/null +++ b/debian/conntrackd.conf @@ -0,0 +1,101 @@ +# +# General settings +# +General { + # + # Number of buckets in the caches: hash table + # + HashSize 8192 + + # + # Maximum number of conntracks: + # it must be >= $ cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max + # + HashLimit 65535 + + # + # Logfile: on (/var/log/conntrackd.log), off, or a filename + # Default: off + # + #LogFile on + + # + # Syslog: on, off or a facility name (daemon (default) or local0..7) + # Default: off + # + Syslog on + + # + # Lockfile + # + LockFile /var/lock/conntrackd.lock + + # + # Unix socket configuration + # + UNIX { + Path /var/run/conntrackd.sock + Backlog 20 + } + + # + # Netlink socket buffer size + # + SocketBufferSize 262142 + + # + # Increase the socket buffer up to maximun if required + # + SocketBufferSizeMaxGrown 655355 + + # + # Event filtering: This clause allows you to filter certain traffic, + # There are currently three filter-sets: Protocol, Address and + # State. The filter is attached to an action that can be: Accept or + # Ignore. Thus, you can define the event filtering policy of the + # filter-sets in positive or negative logic depending on your needs. + # + Filter { + # + # Accept only certain protocols: You may want to log the + # state of flows depending on their layer 4 protocol. + # + Protocol Accept { + TCP + } + + # + # Ignore traffic for a certain set of IP's. + # + Address Ignore { + IPv4_address 127.0.0.1 # loopback + } + + # + # Uncomment this line below if you want to filter by flow state. + # The existing TCP states are: SYN_SENT, SYN_RECV, ESTABLISHED, + # FIN_WAIT, CLOSE_WAIT, LAST_ACK, TIME_WAIT, CLOSED, LISTEN. + # + # State Accept { + # ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP + # } + } +} + +Stats { + # + # If you enable this option, the daemon writes the information about + # destroyed connections to a logfile. Default is off. + # Logfile: on, off, or a filename + # Default file: (/var/log/conntrackd-stats.log) + # + LogFile on + + # + # Enable connection logging via Syslog. Default is off. + # Syslog: on, off or a facility name (daemon (default) or local0..7) + # If you set the facility, use the same as in the General clause, + # otherwise you'll get a warning message. + # + #Syslog on +} diff --git a/debian/conntrackd.default b/debian/conntrackd.default new file mode 100644 index 0000000..9926d79 --- /dev/null +++ b/debian/conntrackd.default @@ -0,0 +1,5 @@ +# Which configuration file? +#CONFIG=/etc/conntrackd/conntrackd.conf + +# Additional options for daemon startup. +#OPTIONS="" diff --git a/debian/conntrackd.init b/debian/conntrackd.init new file mode 100644 index 0000000..0c5ccb9 --- /dev/null +++ b/debian/conntrackd.init @@ -0,0 +1,61 @@ +#!/bin/bash +# +# conntrackd Start conntrackd using /etc/conntrackd.conf +# +# Written by Max Kellermann <max@duempel.org> +# +### BEGIN INIT INFO +# Provides: conntrackd +# Required-Start: $network $syslog $remote_fs +# Required-Stop: $network $syslog $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Description: Starts conntrackd +# short-description: Starts conntrackd +### END INIT INFO + +#includes lsb functions +source /lib/lsb/init-functions + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/conntrackd + +test -x $DAEMON || exit 0 + +CONFIG=/etc/conntrackd/conntrackd.conf +OPTIONS="" + +test -f /etc/default/conntrackd && source /etc/default/conntrackd + +test -f $CONFIG || exit 0 + +case "$1" in + start) + log_begin_msg "Starting conntrackd" + start-stop-daemon --start --quiet \ + --exec $DAEMON \ + -- \ + -d \ + -C "$CONFIG" \ + $OPTIONS + log_end_msg $? + ;; + stop) + log_begin_msg "Stopping conntrackd" + $DAEMON \ + -C "$CONFIG" \ + -k + log_end_msg $? + ;; + restart|force-reload) + $0 stop + sleep 1 + $0 start + ;; + *) + log_action_msg "Usage: /etc/init.d/conntrackd {start|stop|restart|force-reload}" + exit 1 + ;; +esac + +exit 0 diff --git a/debian/conntrackd.install b/debian/conntrackd.install new file mode 100644 index 0000000..c1e634d --- /dev/null +++ b/debian/conntrackd.install @@ -0,0 +1,4 @@ +debian/tmp/usr/sbin/conntrackd +debian/tmp/usr/share/man/man8/conntrackd.8 +debian/conntrackd.conf etc/conntrackd +doc/stats doc/sync usr/share/doc/conntrackd/examples diff --git a/debian/conntrackd.logrotate b/debian/conntrackd.logrotate new file mode 100644 index 0000000..f8b88fd --- /dev/null +++ b/debian/conntrackd.logrotate @@ -0,0 +1,9 @@ +/var/log/conntrackd-stats.log { + weekly + rotate 2 + missingok + + postrotate + /etc/init.d/conntrackd restart + endscript +} diff --git a/debian/conntrackd.postinst b/debian/conntrackd.postinst new file mode 100644 index 0000000..847932b --- /dev/null +++ b/debian/conntrackd.postinst @@ -0,0 +1,17 @@ +#!/bin/sh +set -e + +action=$1 +version=$2 + +# package versions < 0.9.8-1 had the configuration file in a +# non-standard location +if [ "$action" = configure -a -n "$version" ] && + dpkg --compare-versions "$version" lt "1:0.9.8-1" && + test -f /etc/conntrackd.conf.dpkg-updating +then + # unmodified version, delete without prompting + rm /etc/conntrackd.conf.dpkg-updating +fi + +#DEBHELPER# diff --git a/debian/conntrackd.postrm b/debian/conntrackd.postrm new file mode 100644 index 0000000..4c29446 --- /dev/null +++ b/debian/conntrackd.postrm @@ -0,0 +1,19 @@ +#!/bin/sh +set -e + +action=$1 + +# package versions < 0.9.8-1 had the configuration file in a +# non-standard location +if [ "$action" = "abort-upgrade" ] && + [ -f /etc/conntrackd.conf.dpkg-updating ] +then + # unmodified version, restore + mv /etc/conntrackd.conf.dpkg-updating /etc/conntrackd.conf +fi + +if [ "$action" = "purge" ] ; then + rm -f /etc/conntrackd.conf.dpkg-updating +fi + +#DEBHELPER# diff --git a/debian/conntrackd.preinst b/debian/conntrackd.preinst new file mode 100644 index 0000000..2bb65ef --- /dev/null +++ b/debian/conntrackd.preinst @@ -0,0 +1,25 @@ +#!/bin/sh +set -e + +action=$1 +version=$2 + +if [ "$action" = upgrade -a -n "$version" ] && + dpkg --compare-versions "$version" lt "1:0.9.8-1" && + test -f /etc/conntrackd.conf && + ! test -e /etc/conntrackd/conntrackd.conf; then + # package versions < 0.9.8-1 had the configuration file in a + # non-standard location + mkdir -p /etc/conntrackd + if md5sum /etc/conntrackd.conf 2> /dev/null | + grep -q 9e463d9bb7902e513da1b90b326bd43d + then + # unmodified version, dpkg should not prompt, delete in postinst + mv /etc/conntrackd.conf /etc/conntrackd.conf.dpkg-updating + else + # move to new location to make dpkg prompt + mv /etc/conntrackd.conf /etc/conntrackd/conntrackd.conf + fi +fi + +#DEBHELPER# diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..67fa7ea --- /dev/null +++ b/debian/control @@ -0,0 +1,24 @@ +Source: conntrack +Section: net +Priority: optional +Maintainer: Alexander Wirt <formorer@debian.org> +Homepage: http://conntrack-tools.netfilter.org/ +Build-Depends: debhelper (>= 5), libnfnetlink-dev (>= 1.0.0), + libnetfilter-conntrack-dev (>= 0.0.101), bison, flex, dpatch +Standards-Version: 3.8.4 + +Package: conntrack +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Program to modify the conntrack tables + conntrack is a userspace command line program targeted at system + administrators. It enables them to view and manage the in-kernel + connection tracking state table. + +Package: conntrackd +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Connection tracking daemon + Conntrackd can replicate the status of the connections that are + currently being processed by your stateful firewall based on Linux. + Conntrackd can also run as statistics daemon. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..5ab105b --- /dev/null +++ b/debian/copyright @@ -0,0 +1,21 @@ +This package was debianized by Max Kellermann <max@duempel.org> on +Thu Sep 21 00:09:44 CEST 2006 + +It was downloaded from http://conntrack-tools.netfilter.org/downloads.html + +Upstream Authors: +Pablo Neira Ayuso <pablo@netfilter.org> +Harald Welte <laforge@netfilter.org> + +Copyright: + +(C) 2005 by Pablo Neira Ayuso <pablo@netfilter.org> +<laforge@netfilter.org> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or (at + your option) any later version. + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. diff --git a/debian/patches/00list b/debian/patches/00list new file mode 100644 index 0000000..8c83bcc --- /dev/null +++ b/debian/patches/00list @@ -0,0 +1 @@ +10-fix_udp_support diff --git a/debian/patches/10-fix_udp_support.dpatch b/debian/patches/10-fix_udp_support.dpatch new file mode 100644 index 0000000..4eed834 --- /dev/null +++ b/debian/patches/10-fix_udp_support.dpatch @@ -0,0 +1,48 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 10-fix_udp_support.dpatch by Pablo Neira Ayuso <pablo@netfilter.org> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: conntrackd: fix UDP filtering in configuration file +## DP: picked from the conntrack mailinglist + +@DPATCH@ +diff -urNad conntrack-0.9.14~/doc/sync/ftfw/conntrackd.conf conntrack-0.9.14/doc/sync/ftfw/conntrackd.conf +--- conntrack-0.9.14~/doc/sync/ftfw/conntrackd.conf 2009-12-23 18:14:01.000000000 +0100 ++++ conntrack-0.9.14/doc/sync/ftfw/conntrackd.conf 2010-02-12 16:23:53.000000000 +0100 +@@ -357,6 +357,7 @@ + TCP + SCTP + DCCP ++ # UDP + # ICMP # This requires a Linux kernel >= 2.6.31 + } + +diff -urNad conntrack-0.9.14~/src/read_config_yy.y conntrack-0.9.14/src/read_config_yy.y +--- conntrack-0.9.14~/src/read_config_yy.y 2009-12-23 19:45:51.000000000 +0100 ++++ conntrack-0.9.14/src/read_config_yy.y 2010-02-12 16:23:53.000000000 +0100 +@@ -1221,6 +1221,25 @@ + pent->p_proto); + }; + ++filter_protocol_item : T_UDP ++{ ++ struct protoent *pent; ++ ++ pent = getprotobyname("udp"); ++ if (pent == NULL) { ++ print_err(CTD_CFG_WARN, "getprotobyname() cannot find " ++ "protocol `udp' in /etc/protocols"); ++ break; ++ } ++ ct_filter_add_proto(STATE(us_filter), pent->p_proto); ++ ++ __kernel_filter_start(); ++ ++ nfct_filter_add_attr_u32(STATE(filter), ++ NFCT_FILTER_L4PROTO, ++ pent->p_proto); ++}; ++ + filter_item : T_ADDRESS T_ACCEPT '{' filter_address_list '}' + { + ct_filter_set_logic(STATE(us_filter), diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..8fe7d91 --- /dev/null +++ b/debian/rules @@ -0,0 +1,98 @@ +#!/usr/bin/make -f +# -*- mode: makefile; coding: utf-8 -*- + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + +CFLAGS = -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 -fno-strict-aliasing +endif + +# fix "read_config_lex.c:4451: error: 'input' defined but not used" +CFLAGS += -DYY_NO_INPUT + +build: debian/stamp-build +debian/stamp-build: patch + dh_testdir + + # ./configure + CFLAGS="$(CFLAGS)" ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) \ + --disable-dependency-tracking \ + --prefix=/usr + + # Build libnetfilter-conntrack + $(MAKE) + + touch $@ + +clean: clean1 unpatch +clean1: + dh_testdir + dh_testroot + rm -f debian/stamp-* + + [ ! -f Makefile ] || $(MAKE) distclean + + dh_clean + +install: debian/stamp-install +debian/stamp-install: debian/stamp-build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) DESTDIR=`pwd`/debian/tmp install + + touch $@ + +# And now the simple things for dpatch. Here we only apply/unapply the patches. +# You can do more things with dpatch, like having patches only applied on +# a special architecture - see the non-dh version of the sample for this! +patch: patch-stamp +patch-stamp: + dpatch apply-all + dpatch cat-all >patch-stamp + touch patch-stamp + +unpatch: + dpatch deapply-all + rm -rf patch-stamp debian/patched + + + +# Build architecture-independent files here. +binary-indep: + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir -a + dh_testroot -a + dh_installdocs -a -A AUTHORS + dh_installchangelogs -a + dh_installlogrotate -a + dh_installinit -a + dh_install -a -X.svn + dh_link -a + dh_strip -a + dh_compress -a + dh_fixperms -a + dh_installdeb -a + dh_shlibdeps -a + dh_gencontrol -a + dh_md5sums -a + dh_builddeb -a + +source diff: + @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install patch unpatch \ + clean1 diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..e684794 --- /dev/null +++ b/debian/watch @@ -0,0 +1,4 @@ +version=3 + +opts="uversionmangle=s/beta/~beta/" \ +http://ftp.netfilter.org/pub/conntrack-tools/conntrack-tools-(\S+)\.tar\.bz2 |