conntrack-tools-1.4.8-1
- Rebase to version 1.4.8 + fixes from upstream
This commit is contained in:
parent
4321a14d9d
commit
5c26870cd5
2
.gitignore
vendored
2
.gitignore
vendored
@ -10,3 +10,5 @@ conntrack-tools-0.9.14.tar.bz2
|
||||
/conntrack-tools-1.4.6.tar.bz2
|
||||
/conntrack-tools-1.4.7.tar.bz2
|
||||
/conntrack-tools-1.4.7.tar.bz2.sig
|
||||
/conntrack-tools-1.4.8.tar.xz
|
||||
/conntrack-tools-1.4.8.tar.xz.sig
|
||||
|
53
0001-conntrack-ct-label-update-requires-proper-ruleset.patch
Normal file
53
0001-conntrack-ct-label-update-requires-proper-ruleset.patch
Normal file
@ -0,0 +1,53 @@
|
||||
From 0eb05477330b89faacb1f46933e8fc00a3795770 Mon Sep 17 00:00:00 2001
|
||||
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
Date: Wed, 11 Oct 2023 11:21:40 +0200
|
||||
Subject: [PATCH] conntrack: ct label update requires proper ruleset
|
||||
|
||||
As of kernel 6.6-rc, your ruleset must use either the 'connlabel' match
|
||||
in iptables or the 'ct label' statement in nftables to attach labels to
|
||||
conntrack entries. Update documentation to describe this behaviour.
|
||||
|
||||
This patch addresses a corner case scenario: conntrack already contains
|
||||
entries but ruleset that specifies connlabel did not get loaded yet.
|
||||
In such case, skip ENOSPC errors for conntracks that have no ct label
|
||||
extension.
|
||||
|
||||
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1622
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
(cherry picked from commit 58a5b32b2d5c7b6b755121930b6752e6c714f24f)
|
||||
---
|
||||
conntrack.8 | 4 ++++
|
||||
src/conntrack.c | 5 +++++
|
||||
2 files changed, 9 insertions(+)
|
||||
|
||||
diff --git a/conntrack.8 b/conntrack.8
|
||||
index 031eaa4e9fefb..3b6a15b5152d5 100644
|
||||
--- a/conntrack.8
|
||||
+++ b/conntrack.8
|
||||
@@ -193,6 +193,10 @@ Use multiple \-l options to specify multiple labels that need to be set.
|
||||
Specify the conntrack label to add to the selected conntracks.
|
||||
This option is only available in conjunction with "\-I, \-\-create",
|
||||
"\-A, \-\-add" or "\-U, \-\-update".
|
||||
+As a rule of thumb, you must use either the 'connlabel' match in your iptables
|
||||
+ruleset or the 'ct label' statement in your nftables ruleset, this turns on the
|
||||
+ct label support in the kernel and it allows you to update labels via
|
||||
+"\-U, \-\-update", otherwise label updates are ignored.
|
||||
.TP
|
||||
.BI "--label-del " "[LABEL]"
|
||||
Specify the conntrack label to delete from the selected conntracks.
|
||||
diff --git a/src/conntrack.c b/src/conntrack.c
|
||||
index f9758d78d39b9..c1551cadbdb33 100644
|
||||
--- a/src/conntrack.c
|
||||
+++ b/src/conntrack.c
|
||||
@@ -2195,6 +2195,11 @@ static int mnl_nfct_update_cb(const struct nlmsghdr *nlh, void *data)
|
||||
/* the entry has vanish in middle of the update */
|
||||
if (errno == ENOENT)
|
||||
goto destroy_ok;
|
||||
+ else if (cmd->options & (CT_OPT_ADD_LABEL | CT_OPT_DEL_LABEL) &&
|
||||
+ !nfct_attr_is_set(ct, ATTR_CONNLABELS) &&
|
||||
+ errno == ENOSPC)
|
||||
+ goto destroy_ok;
|
||||
+
|
||||
exit_error(OTHER_PROBLEM,
|
||||
"Operation failed: %s",
|
||||
err2str(errno, CT_UPDATE));
|
@ -0,0 +1,33 @@
|
||||
From 58c1e3ecb6a5d45fd2d6f012c98e08429a249d11 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Ignacy=20Gaw=C4=99dzki?=
|
||||
<ignacy.gawedzki@green-communications.fr>
|
||||
Date: Wed, 7 Feb 2024 15:50:13 +0100
|
||||
Subject: [PATCH] conntrack: don't print [USERSPACE] information in case of XML
|
||||
output
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
In case XML output is requested, refrain from appending "[USERSPACE]"
|
||||
and details to the output.
|
||||
|
||||
Signed-off-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr>
|
||||
Signed-off-by: Florian Westphal <fw@strlen.de>
|
||||
(cherry picked from commit e77aa7413d7feb315f9d388f595553af79a56d9d)
|
||||
---
|
||||
src/conntrack.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/conntrack.c b/src/conntrack.c
|
||||
index c1551cadbdb33..0d713520b9020 100644
|
||||
--- a/src/conntrack.c
|
||||
+++ b/src/conntrack.c
|
||||
@@ -1944,7 +1944,7 @@ static int event_cb(const struct nlmsghdr *nlh, void *data)
|
||||
|
||||
nfct_snprintf_labels(buf, sizeof(buf), ct, type, op_type, op_flags, labelmap);
|
||||
done:
|
||||
- if (nlh->nlmsg_pid) {
|
||||
+ if (nlh->nlmsg_pid && !(output_mask & _O_XML)) {
|
||||
char *prog = get_progname(nlh->nlmsg_pid);
|
||||
|
||||
if (prog)
|
@ -0,0 +1,38 @@
|
||||
From 3be8c5c33b10ca581d292872e63157a2e9c2c7b4 Mon Sep 17 00:00:00 2001
|
||||
From: Donald Yandt <donald.yandt@gmail.com>
|
||||
Date: Sat, 2 Mar 2024 11:08:00 -0500
|
||||
Subject: [PATCH] conntrackd: prevent memory loss if reallocation fails
|
||||
|
||||
Vector data will be lost if reallocation fails, leading to undefined
|
||||
behaviour.
|
||||
|
||||
Signed-off-by: Donald Yandt <donald.yandt@gmail.com>
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
(cherry picked from commit 3fae13ae9e36105d73ba012ea438366a8126e4f5)
|
||||
---
|
||||
src/vector.c | 7 +++++--
|
||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/vector.c b/src/vector.c
|
||||
index c81e7ce8412c6..92a54367d108a 100644
|
||||
--- a/src/vector.c
|
||||
+++ b/src/vector.c
|
||||
@@ -60,13 +60,16 @@ void vector_destroy(struct vector *v)
|
||||
|
||||
int vector_add(struct vector *v, void *data)
|
||||
{
|
||||
+ void *ptr;
|
||||
+
|
||||
if (v->cur_elems >= v->max_elems) {
|
||||
v->max_elems += DEFAULT_VECTOR_GROWTH;
|
||||
- v->data = realloc(v->data, v->max_elems * v->size);
|
||||
- if (v->data == NULL) {
|
||||
+ ptr = realloc(v->data, v->max_elems * v->size);
|
||||
+ if (!ptr) {
|
||||
v->max_elems -= DEFAULT_VECTOR_GROWTH;
|
||||
return -1;
|
||||
}
|
||||
+ v->data = ptr;
|
||||
}
|
||||
memcpy(v->data + (v->size * v->cur_elems), data, v->size);
|
||||
v->cur_elems++;
|
38
0004-conntrackd-exit-with-failure-status.patch
Normal file
38
0004-conntrackd-exit-with-failure-status.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From 94b64b706592e134aa8b63a125f9ab4bbfe7b773 Mon Sep 17 00:00:00 2001
|
||||
From: Donald Yandt <donald.yandt@gmail.com>
|
||||
Date: Sat, 2 Mar 2024 11:08:02 -0500
|
||||
Subject: [PATCH] conntrackd: exit with failure status
|
||||
|
||||
If no configuration file or an invalid parameter is provided, the daemon
|
||||
should exit with a failure status.
|
||||
|
||||
Signed-off-by: Donald Yandt <donald.yandt@gmail.com>
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
(cherry picked from commit 805a355fbc85aea237b940518ac806362aa4ecec)
|
||||
---
|
||||
src/main.c | 5 ++---
|
||||
1 file changed, 2 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/main.c b/src/main.c
|
||||
index de4773df8a204..c6b26002e9fa4 100644
|
||||
--- a/src/main.c
|
||||
+++ b/src/main.c
|
||||
@@ -175,7 +175,7 @@ int main(int argc, char *argv[])
|
||||
}
|
||||
show_usage(argv[0]);
|
||||
dlog(LOG_ERR, "Missing config filename");
|
||||
- break;
|
||||
+ exit(EXIT_FAILURE);
|
||||
case 'F':
|
||||
set_operation_mode(&type, REQUEST, argv);
|
||||
i = set_action_by_table(i, argc, argv,
|
||||
@@ -309,8 +309,7 @@ int main(int argc, char *argv[])
|
||||
default:
|
||||
show_usage(argv[0]);
|
||||
dlog(LOG_ERR, "Unknown option: %s", argv[i]);
|
||||
- return 0;
|
||||
- break;
|
||||
+ exit(EXIT_FAILURE);
|
||||
}
|
||||
}
|
||||
|
59
0005-conntrackd-Fix-signal-handler-race-condition.patch
Normal file
59
0005-conntrackd-Fix-signal-handler-race-condition.patch
Normal file
@ -0,0 +1,59 @@
|
||||
From 851ea4f58b9e3d725a079dcdb662b0964e1def8a Mon Sep 17 00:00:00 2001
|
||||
From: Markus Breitenberger <bre@keba.com>
|
||||
Date: Thu, 4 Apr 2024 10:39:39 +0000
|
||||
Subject: [PATCH] conntrackd: Fix signal handler race-condition
|
||||
|
||||
Install signal handlers after everything is initialized as there is a
|
||||
race condition that can happen when the process gets terminated after
|
||||
the signal handler is installed but before all fields in the global
|
||||
state are set up correctly, leading to a SIGSEGV as the cleanup code
|
||||
dereferences uninitialized pointers.
|
||||
|
||||
Signed-off-by: Markus Breitenberger <bre@keba.com>
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
(cherry picked from commit 7372179b9879d8893dcc2a3a8b0555655caade37)
|
||||
---
|
||||
src/run.c | 23 ++++++++++++-----------
|
||||
1 file changed, 12 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/src/run.c b/src/run.c
|
||||
index 37a0eb1c6b957..b31fff5ecdbe1 100644
|
||||
--- a/src/run.c
|
||||
+++ b/src/run.c
|
||||
@@ -277,6 +277,18 @@ init(void)
|
||||
}
|
||||
register_fd(STATE(local).fd, local_cb, NULL, STATE(fds));
|
||||
|
||||
+ /* Initialization */
|
||||
+ if (CONFIG(flags) & (CTD_SYNC_MODE | CTD_STATS_MODE))
|
||||
+ if (ctnl_init() < 0)
|
||||
+ return -1;
|
||||
+
|
||||
+#ifdef BUILD_CTHELPER
|
||||
+ if (CONFIG(flags) & CTD_HELPER) {
|
||||
+ if (cthelper_init() < 0)
|
||||
+ return -1;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
/* Signals handling */
|
||||
sigemptyset(&STATE(block));
|
||||
sigaddset(&STATE(block), SIGTERM);
|
||||
@@ -296,17 +308,6 @@ init(void)
|
||||
if (signal(SIGCHLD, child) == SIG_ERR)
|
||||
return -1;
|
||||
|
||||
- /* Initialization */
|
||||
- if (CONFIG(flags) & (CTD_SYNC_MODE | CTD_STATS_MODE))
|
||||
- if (ctnl_init() < 0)
|
||||
- return -1;
|
||||
-
|
||||
-#ifdef BUILD_CTHELPER
|
||||
- if (CONFIG(flags) & CTD_HELPER) {
|
||||
- if (cthelper_init() < 0)
|
||||
- return -1;
|
||||
- }
|
||||
-#endif
|
||||
time(&STATE(stats).daemon_start_time);
|
||||
|
||||
dlog(LOG_NOTICE, "initialization completed");
|
@ -0,0 +1,55 @@
|
||||
From c76537bf2c0452aa9fca79aa668d13743a875d88 Mon Sep 17 00:00:00 2001
|
||||
From: Pfeil Daniel <pda@keba.com>
|
||||
Date: Thu, 25 Apr 2024 12:13:11 +0000
|
||||
Subject: [PATCH] conntrackd: helpers/rpc: Don't add expectation table entry
|
||||
for portmap port
|
||||
|
||||
After an RPC call to portmap using the portmap program number (100000),
|
||||
subsequent RPC calls are not handled correctly by connection tracking.
|
||||
This results in client connections to ports specified in RPC replies
|
||||
failing to operate.
|
||||
|
||||
This issue arises because after an RPC call to portmap using the
|
||||
program number 100000, conntrackd adds an expectation table entry
|
||||
for the portmap port (typically 111). Due to this expectation table
|
||||
entry, subsequent RPC call connections are treated as sibling
|
||||
connections. Due to kernel restrictions, the connection helper for
|
||||
sibling connections cannot be changed. This is enforced in the kernel's
|
||||
handling in "net/netfilter/nf_conntrack_netlink.c", within the
|
||||
"ctnetlink_change_helper" function, after the comment:
|
||||
/* don't change helper of sibling connections */.
|
||||
Due to this kernel restriction, the private RPC data (struct rpc_info)
|
||||
sent from conntrackd to kernel-space is discarded by the kernel.
|
||||
|
||||
To resolve this, the proposed change is to eliminate the creation of
|
||||
an expectation table entry for the portmap port. The portmap port has
|
||||
to be opened via an iptables/nftables rule anyway, so adding an
|
||||
expectation table entry for the portmap port is unnecessary.
|
||||
|
||||
Why do our existing clients make RPC calls using the portmap program
|
||||
number? They use these calls for cyclic keepalive messages to verify
|
||||
that the link between the client and server is operational.
|
||||
|
||||
Signed-Off-By: Daniel Pfeil <pda@keba.com>
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
(cherry picked from commit 5b61acb75b74725d7914b24568023f670ddeff62)
|
||||
---
|
||||
src/helpers/rpc.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/helpers/rpc.c b/src/helpers/rpc.c
|
||||
index 732e9ba412713..d8e49036b3078 100644
|
||||
--- a/src/helpers/rpc.c
|
||||
+++ b/src/helpers/rpc.c
|
||||
@@ -399,6 +399,11 @@ rpc_helper_cb(struct pkt_buff *pkt, uint32_t protoff,
|
||||
xid, rpc_info->xid);
|
||||
goto out;
|
||||
}
|
||||
+ /* Ignore portmap program number */
|
||||
+ if (rpc_info->pm_prog == PMAPPROG) {
|
||||
+ pr_debug("RPC REPL: ignore portmap program number %lu\n", PMAPPROG);
|
||||
+ goto out;
|
||||
+ }
|
||||
if (rpc_reply(data, offset, datalen, rpc_info, &port_ptr) < 0)
|
||||
goto out;
|
||||
|
@ -1,105 +0,0 @@
|
||||
commit d417ceaa947c5f7f5d691037d0abe1deca957313
|
||||
Author: Jeremy Sowden <jeremy@azazel.net>
|
||||
Date: Sat Aug 26 17:32:26 2023 +0100
|
||||
|
||||
read_config_yy: correct arguments passed to `inet_aton`
|
||||
|
||||
`inet_aton` expects a `struct in_addr *`. In a number of calls, we pass
|
||||
pointers to structs or unions which contain a `struct in_addr` member. Pass
|
||||
pointers to the members instead. In another call, we pass a pointer to a
|
||||
uint32_t. Cast it.
|
||||
|
||||
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
|
||||
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
|
||||
index f06c6afff7cbfd81..71a087187522efe1 100644
|
||||
--- a/src/read_config_yy.y
|
||||
+++ b/src/read_config_yy.y
|
||||
@@ -246,9 +246,11 @@ multicast_options :
|
||||
|
||||
multicast_option : T_IPV4_ADDR T_IP
|
||||
{
|
||||
+ struct channel_conf *channel_conf = &conf.channel[conf.channel_num];
|
||||
+
|
||||
__max_dedicated_links_reached();
|
||||
|
||||
- if (!inet_aton($2, &conf.channel[conf.channel_num].u.mcast.in)) {
|
||||
+ if (!inet_aton($2, &channel_conf->u.mcast.in.inet_addr)) {
|
||||
dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
|
||||
free($2);
|
||||
break;
|
||||
@@ -310,9 +312,11 @@ multicast_option : T_IPV6_ADDR T_IP
|
||||
|
||||
multicast_option : T_IPV4_IFACE T_IP
|
||||
{
|
||||
+ struct channel_conf *channel_conf = &conf.channel[conf.channel_num];
|
||||
+
|
||||
__max_dedicated_links_reached();
|
||||
|
||||
- if (!inet_aton($2, &conf.channel[conf.channel_num].u.mcast.ifa)) {
|
||||
+ if (!inet_aton($2, &channel_conf->u.mcast.ifa.interface_addr)) {
|
||||
dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
|
||||
free($2);
|
||||
break;
|
||||
@@ -423,9 +427,11 @@ udp_options :
|
||||
|
||||
udp_option : T_IPV4_ADDR T_IP
|
||||
{
|
||||
+ struct channel_conf *channel_conf = &conf.channel[conf.channel_num];
|
||||
+
|
||||
__max_dedicated_links_reached();
|
||||
|
||||
- if (!inet_aton($2, &conf.channel[conf.channel_num].u.udp.server.ipv4)) {
|
||||
+ if (!inet_aton($2, &channel_conf->u.udp.server.ipv4.inet_addr)) {
|
||||
dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
|
||||
free($2);
|
||||
break;
|
||||
@@ -456,9 +462,11 @@ udp_option : T_IPV6_ADDR T_IP
|
||||
|
||||
udp_option : T_IPV4_DEST_ADDR T_IP
|
||||
{
|
||||
+ struct channel_conf *channel_conf = &conf.channel[conf.channel_num];
|
||||
+
|
||||
__max_dedicated_links_reached();
|
||||
|
||||
- if (!inet_aton($2, &conf.channel[conf.channel_num].u.udp.client)) {
|
||||
+ if (!inet_aton($2, &channel_conf->u.udp.client.inet_addr)) {
|
||||
dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
|
||||
free($2);
|
||||
break;
|
||||
@@ -574,9 +582,11 @@ tcp_options :
|
||||
|
||||
tcp_option : T_IPV4_ADDR T_IP
|
||||
{
|
||||
+ struct channel_conf *channel_conf = &conf.channel[conf.channel_num];
|
||||
+
|
||||
__max_dedicated_links_reached();
|
||||
|
||||
- if (!inet_aton($2, &conf.channel[conf.channel_num].u.tcp.server.ipv4)) {
|
||||
+ if (!inet_aton($2, &channel_conf->u.tcp.server.ipv4.inet_addr)) {
|
||||
dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
|
||||
free($2);
|
||||
break;
|
||||
@@ -607,9 +617,11 @@ tcp_option : T_IPV6_ADDR T_IP
|
||||
|
||||
tcp_option : T_IPV4_DEST_ADDR T_IP
|
||||
{
|
||||
+ struct channel_conf *channel_conf = &conf.channel[conf.channel_num];
|
||||
+
|
||||
__max_dedicated_links_reached();
|
||||
|
||||
- if (!inet_aton($2, &conf.channel[conf.channel_num].u.tcp.client)) {
|
||||
+ if (!inet_aton($2, &channel_conf->u.tcp.client.inet_addr)) {
|
||||
dlog(LOG_WARNING, "%s is not a valid IPv4 address", $2);
|
||||
free($2);
|
||||
break;
|
||||
@@ -1239,7 +1251,7 @@ filter_address_item : T_IPV4_ADDR T_IP
|
||||
}
|
||||
}
|
||||
|
||||
- if (!inet_aton($2, &ip.ipv4)) {
|
||||
+ if (!inet_aton($2, (struct in_addr *) &ip.ipv4)) {
|
||||
dlog(LOG_WARNING, "%s is not a valid IPv4, ignoring", $2);
|
||||
free($2);
|
||||
break;
|
@ -1,75 +0,0 @@
|
||||
commit 6ce497caac85f53a54e359ca57ad0f9dc379021f
|
||||
Author: Sam James <sam@gentoo.org>
|
||||
Date: Thu Nov 24 07:57:37 2022 +0000
|
||||
|
||||
config: Fix -Wimplicit-function-declaration
|
||||
|
||||
read_config_yy.c: In function ‘yyparse’:
|
||||
read_config_yy.c:1765:16: warning: implicit declaration of function ‘yylex’ [-Wimplicit-function-declaration]
|
||||
1765 | yychar = yylex ();
|
||||
| ^~~~~
|
||||
read_config_yy.c:1765:16: warning: nested extern declaration of ‘yylex’ [-Wnested-externs]
|
||||
read_config_yy.y:120:17: warning: implicit declaration of function ‘dlog’ [-Wimplicit-function-declaration]
|
||||
120 | dlog(LOG_ERR, "LogFile path is longer than %u characters",
|
||||
| ^~~~
|
||||
read_config_yy.y:120:17: warning: nested extern declaration of ‘dlog’ [-Wnested-externs]
|
||||
read_config_yy.y:240:14: warning: implicit declaration of function ‘inet_aton’; did you mean ‘in6_pton’? [-Wimplicit-function-declaration]
|
||||
240 | if (!inet_aton($2, &conf.channel[conf.channel_num].u.mcast.in)) {
|
||||
| ^~~~~~~~~
|
||||
| in6_pton
|
||||
|
||||
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1637
|
||||
Signed-off-by: Sam James <sam@gentoo.org>
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
|
||||
diff --git a/src/read_config_lex.l b/src/read_config_lex.l
|
||||
index b0d9e61e0e4b92ef..5633da604be6a132 100644
|
||||
--- a/src/read_config_lex.l
|
||||
+++ b/src/read_config_lex.l
|
||||
@@ -21,6 +21,7 @@
|
||||
|
||||
#include <string.h>
|
||||
|
||||
+#include "log.h"
|
||||
#include "conntrackd.h"
|
||||
#include "read_config_yy.h"
|
||||
%}
|
||||
@@ -169,7 +170,7 @@ notrack [N|n][O|o][T|t][R|r][A|a][C|c][K|k]
|
||||
%%
|
||||
|
||||
int
|
||||
-yywrap()
|
||||
+yywrap(void)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
|
||||
index 31109c4de042ccac..e5c57fd934890cbe 100644
|
||||
--- a/src/read_config_yy.y
|
||||
+++ b/src/read_config_yy.y
|
||||
@@ -31,14 +31,25 @@
|
||||
#include "cidr.h"
|
||||
#include "helper.h"
|
||||
#include "stack.h"
|
||||
+#include "log.h"
|
||||
+
|
||||
+#include <sys/socket.h>
|
||||
+#include <netinet/in.h>
|
||||
+#include <arpa/inet.h>
|
||||
+
|
||||
#include <sched.h>
|
||||
#include <dlfcn.h>
|
||||
+
|
||||
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
|
||||
#include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
|
||||
|
||||
extern char *yytext;
|
||||
extern int yylineno;
|
||||
|
||||
+int yylex (void);
|
||||
+int yyerror (char *msg);
|
||||
+void yyrestart (FILE *input_file);
|
||||
+
|
||||
struct ct_conf conf;
|
||||
|
||||
static void __kernel_filter_start(void);
|
@ -1,16 +1,20 @@
|
||||
Name: conntrack-tools
|
||||
Version: 1.4.7
|
||||
Release: 8%{?dist}
|
||||
Version: 1.4.8
|
||||
Release: 1%{?dist}
|
||||
Summary: Manipulate netfilter connection tracking table and run High Availability
|
||||
License: GPL-2.0-only
|
||||
URL: http://conntrack-tools.netfilter.org/
|
||||
Source0: http://netfilter.org/projects/%{name}/files/%{name}-%{version}.tar.bz2
|
||||
Source1: http://netfilter.org/projects/%{name}/files/%{name}-%{version}.tar.bz2.sig
|
||||
Source0: http://netfilter.org/projects/%{name}/files/%{name}-%{version}.tar.xz
|
||||
Source1: http://netfilter.org/projects/%{name}/files/%{name}-%{version}.tar.xz.sig
|
||||
Source2: NetfilterCoreTeam-OpenGPG-KEY.txt
|
||||
Source3: conntrackd.service
|
||||
Source4: conntrackd.conf
|
||||
Patch1: conntrack-tools-c99.patch
|
||||
Patch2: conntrack-tools-c99-2.patch
|
||||
Patch001: 0001-conntrack-ct-label-update-requires-proper-ruleset.patch
|
||||
Patch002: 0002-conntrack-don-t-print-USERSPACE-information-in-case-.patch
|
||||
Patch003: 0003-conntrackd-prevent-memory-loss-if-reallocation-fails.patch
|
||||
Patch004: 0004-conntrackd-exit-with-failure-status.patch
|
||||
Patch005: 0005-conntrackd-Fix-signal-handler-race-condition.patch
|
||||
Patch006: 0006-conntrackd-helpers-rpc-Don-t-add-expectation-table-e.patch
|
||||
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
@ -92,6 +96,9 @@ install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/conntrackd/
|
||||
%systemd_postun conntrackd.service
|
||||
|
||||
%changelog
|
||||
* Tue Jun 25 2024 Phil Sutter <psutter@redhat.com> - 1.4.8-1
|
||||
- Rebase to version 1.4.8 + fixes from upstream
|
||||
|
||||
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.4.7-8
|
||||
- Bump release for June 2024 mass rebuild
|
||||
|
||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (conntrack-tools-1.4.7.tar.bz2) = 3d37a6b8cd13fd3c149ab80009d686d2184920ba2d0d5c1b57abed6e92e0dd92cba868bfe22f1a155479fe5ab2e291b8bb8a7e72123a73788032202ac142653b
|
||||
SHA512 (conntrack-tools-1.4.7.tar.bz2.sig) = 5a2bcc6da792544029ddf0d3a4caf019b215907e66d491e5d98a4f1189fc9c03ec8aad5ad22166799c5f0c81273284cb757e9368c9d9d3049bc49da47c037e05
|
||||
SHA512 (conntrack-tools-1.4.8.tar.xz) = 95d8f6f068c1342ad7e767537e722272a4f5bd8b46b952713ade053a1043aa9ababbe5ce658ede9c77b6de5221b97ad8833777caffd69b67dd70a99f2b45afdf
|
||||
SHA512 (conntrack-tools-1.4.8.tar.xz.sig) = 8cd229d2e980ab1788e90fc8f53827fe1e4b21801cad6cddf6a9ff537501c40c52242cc964005b2889ad0a4548c772304db8696d4644611ecf9f091aca5c14ee
|
||||
|
Loading…
Reference in New Issue
Block a user