Compare commits

...

No commits in common. "c8" and "c9s" have entirely different histories.
c8 ... c9s

17 changed files with 318 additions and 11 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/libnetfilter_cttimeout-1.0.0.tar.bz2
/libnetfilter_cttimeout-1.0.0.tar.bz2

View File

@ -1 +0,0 @@
24cba24b0371e80007be4ea0fa9d872df63b8a7a SOURCES/libnetfilter_cttimeout-1.0.0.tar.bz2

6
gating.yaml Normal file
View File

@ -0,0 +1,6 @@
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

View File

@ -1,14 +1,14 @@
Name: libnetfilter_cttimeout
Version: 1.0.0
Release: 11%{?dist}
Release: 19%{?dist}
Summary: Timeout policy tuning for Netfilter/conntrack
Group: System Environment/Libraries
License: GPLv2+
URL: http://netfilter.org
Source0: http://netfilter.org/projects/%{name}/files/%{name}-%{version}.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gcc
BuildRequires: libmnl-devel >= 1.0.0, pkgconfig, kernel-headers
BuildRequires: make
%description
This infrastructure allows you to define fine-grain timeout
@ -20,7 +20,6 @@ policy to the kernel.
%package devel
Summary: Timeout policy tuning for Netfilter/conntrack
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: libmnl-devel >= 1.0.0
Requires: kernel-headers
@ -46,11 +45,7 @@ rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
find $RPM_BUILD_ROOT -type f -name "*.la" -exec rm -f {} ';'
%clean
rm -rf $RPM_BUILD_ROOT
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%ldconfig_scriptlets
%files
%doc COPYING README
@ -63,6 +58,31 @@ rm -rf $RPM_BUILD_ROOT
%{_includedir}/libnetfilter_cttimeout/*.h
%changelog
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.0-19
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.0-18
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

1
sources Normal file
View File

@ -0,0 +1 @@
7697437fc9ebb6f6b83df56a633db7f9 libnetfilter_cttimeout-1.0.0.tar.bz2

22
tests/run-test.sh Normal file
View File

@ -0,0 +1,22 @@
#!/bin/bash
_UID=`id -u`
if [ $_UID -ne 0 ]
then
echo "Run this test as root"
exit 1
fi
gcc test.c -o test
#
# XXX: module auto-load not support by nfnetlink_cttimeout yet :-(
#
# any or all of these might be built-ins rather than modules, so don't error
# out on failure from modprobe
modprobe nf_conntrack_ipv4 || true
modprobe nf_conntrack_ipv6 || true
modprobe nf_conntrack_proto_udplite || true
modprobe nf_conntrack_proto_sctp || true
modprobe nf_conntrack_proto_dccp || true
modprobe nf_conntrack_proto_gre || true
./test timeout

100
tests/test.c Normal file
View File

@ -0,0 +1,100 @@
/*
* (c) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
*
* Extremely simple test utility for the command line tools.
*
* Based on test-conntrack.c
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <dirent.h>
#define PATH "/usr/sbin"
int main(int argc, char *argv[])
{
int ret, ok = 0, bad = 0, line;
FILE *fp;
DIR *d;
char buf[1024];
struct dirent *dent;
char file[1024];
if (argc < 2) {
fprintf(stderr, "Usage: %s directory\n", argv[0]);
exit(EXIT_FAILURE);
}
d = opendir(argv[1]);
if (d == NULL) {
perror("opendir");
exit(EXIT_FAILURE);
}
setenv("PATH", PATH, 1);
while ((dent = readdir(d)) != NULL) {
sprintf(file, "%s/%s", argv[1], dent->d_name);
line = 0;
fp = fopen(file, "r");
if (fp == NULL) {
perror("cannot find testsuite file");
exit(EXIT_FAILURE);
}
while (fgets(buf, sizeof(buf), fp)) {
char *res;
line++;
if (buf[0] == '#' || buf[0] == ' ')
continue;
res = strchr(buf, ';');
if (!res) {
printf("malformed file %s at line %d\n",
dent->d_name, line);
exit(EXIT_FAILURE);
}
*res = '\0';
res+=2;
printf("(%d) Executing: %s\n", line, buf);
ret = system(buf);
if (WIFEXITED(ret) &&
WEXITSTATUS(ret) == EXIT_SUCCESS) {
if (res[0] == 'O' &&
res[1] == 'K')
ok++;
else {
bad++;
printf("^----- BAD\n");
}
} else {
if (res[0] == 'B' &&
res[1] == 'A' &&
res[2] == 'D')
ok++;
else {
bad++;
printf("^----- BAD\n");
}
}
printf("=====\n");
}
fclose(fp);
}
closedir(d);
fprintf(stdout, "OK: %d BAD: %d\n", ok, bad);
}

15
tests/tests.yml Normal file
View File

@ -0,0 +1,15 @@
# Tests for libnetfilter_cttimeout
- hosts: localhost
tags:
- classic
roles:
- role: standard-test-basic
required_packages:
- gcc
- conntrack-tools
tests:
- sanity-test:
dir: .
run: chmod +x run-test.sh && ./run-test.sh timeout | tee cttimeout_test.log | grep -q '^OK':' [0-9]* BAD':' 0$'
save_files:
- cttimeout_test.log

16
tests/timeout/00tcp Normal file
View File

@ -0,0 +1,16 @@
# add policy object `test'
nfct add timeout test inet tcp established 100 ; OK
# get policy object `test'
nfct get timeout test ; OK
# delete policy object `test'
nfct delete timeout test ; OK
# get unexistent policy object `dummy'
nfct get timeout test ; BAD
# delete policy object `test', however, it does not exists anymore
nfct delete timeout test ; BAD
# add policy object `test'
nfct add timeout test inet tcp syn_sent 1 syn_recv 2 established 3 fin_wait 4 close_wait 5 last_ack 6 time_wait 7 close 8 syn_sent2 9 retrans 10 unacknowledged 11 ; OK
# get policy object `test'
nfct get timeout test ; OK
# delete policy object `test'
nfct delete timeout test ; OK

16
tests/timeout/01udp Normal file
View File

@ -0,0 +1,16 @@
# add policy object `test'
nfct add timeout test inet udp unreplied 10 ; OK
# get policy object `test'
nfct get timeout test ; OK
# delete policy object `test'
nfct delete timeout test ; OK
# get unexistent policy object `dummy'
nfct get timeout test ; BAD
# delete policy object `test', however, it does not exists anymore
nfct delete timeout test ; BAD
# add policy object `test'
nfct add timeout test inet udp unreplied 1 replied 2 ; OK
# get policy object `test'
nfct get timeout test ; OK
# delete policy object `test'
nfct delete timeout test ; OK

16
tests/timeout/02generic Normal file
View File

@ -0,0 +1,16 @@
# add policy object `test'
nfct add timeout test inet generic timeout 10 ; OK
# get policy object `test'
nfct get timeout test ; OK
# delete policy object `test'
nfct delete timeout test ; OK
# get unexistent policy object `dummy'
nfct get timeout test ; BAD
# delete policy object `test', however, it does not exists anymore
nfct delete timeout test ; BAD
# add policy object `test'
nfct add timeout test inet generic timeout 1 ; OK
# get policy object `test'
nfct get timeout test ; OK
# delete policy object `test'
nfct delete timeout test ; OK

16
tests/timeout/03udplite Normal file
View File

@ -0,0 +1,16 @@
# add policy object `test'
nfct add timeout test inet udplite unreplied 10 ; OK
# get policy object `test'
nfct get timeout test ; OK
# delete policy object `test'
nfct delete timeout test ; OK
# get unexistent policy object `dummy'
nfct get timeout test ; BAD
# delete policy object `test', however, it does not exists anymore
nfct delete timeout test ; BAD
# add policy object `test'
nfct add timeout test inet udplite unreplied 1 replied 2 ; OK
# get policy object `test'
nfct get timeout test ; OK
# delete policy object `test'
nfct delete timeout test ; OK

16
tests/timeout/04icmp Normal file
View File

@ -0,0 +1,16 @@
# add policy object `test'
nfct add timeout test inet icmp timeout 10 ; OK
# get policy object `test'
nfct get timeout test ; OK
# delete policy object `test'
nfct delete timeout test ; OK
# get unexistent policy object `dummy'
nfct get timeout test ; BAD
# delete policy object `test', however, it does not exists anymore
nfct delete timeout test ; BAD
# add policy object `test'
nfct add timeout test inet icmp timeout 1 ; OK
# get policy object `test'
nfct get timeout test ; OK
# delete policy object `test'
nfct delete timeout test ; OK

16
tests/timeout/05icmpv6 Normal file
View File

@ -0,0 +1,16 @@
# add policy object `test'
nfct add timeout test inet6 icmpv6 timeout 10 ; OK
# get policy object `test'
nfct get timeout test ; OK
# delete policy object `test'
nfct delete timeout test ; OK
# get unexistent policy object `dummy'
nfct get timeout test ; BAD
# delete policy object `test', however, it does not exists anymore
nfct delete timeout test ; BAD
# add policy object `test'
nfct add timeout test inet6 icmpv6 timeout 1 ; OK
# get policy object `test'
nfct get timeout test ; OK
# delete policy object `test'
nfct delete timeout test ; OK

16
tests/timeout/06sctp Normal file
View File

@ -0,0 +1,16 @@
# add policy object `test'
nfct add timeout test inet sctp established 100 ; OK
# get policy object `test'
nfct get timeout test ; OK
# delete policy object `test'
nfct delete timeout test ; OK
# get unexistent policy object `dummy'
nfct get timeout test ; BAD
# delete policy object `test', however, it does not exists anymore
nfct delete timeout test ; BAD
# add policy object `test'
nfct add timeout test inet sctp closed 1 cookie_wait 2 cookie_echoed 3 established 4 shutdown_sent 5 shutdown_recd 6 shutdown_ack_sent 7 ; OK
# get policy object `test'
nfct get timeout test ; OK
# delete policy object `test'
nfct delete timeout test ; OK

16
tests/timeout/07dccp Normal file
View File

@ -0,0 +1,16 @@
# add policy object `test'
nfct add timeout test inet dccp request 100 ; OK
# get policy object `test'
nfct get timeout test ; OK
# delete policy object `test'
nfct delete timeout test ; OK
# get unexistent policy object `dummy'
nfct get timeout test ; BAD
# delete policy object `test', however, it does not exists anymore
nfct delete timeout test ; BAD
# add policy object `test'
nfct add timeout test inet dccp request 1 respond 2 partopen 3 open 4 closereq 5 closing 6 timewait 7 ; OK
# get policy object `test'
nfct get timeout test ; OK
# delete policy object `test'
nfct delete timeout test ; OK

16
tests/timeout/08gre Normal file
View File

@ -0,0 +1,16 @@
# add policy object `test'
nfct add timeout test inet gre unreplied 10 ; OK
# get policy object `test'
nfct get timeout test ; OK
# delete policy object `test'
nfct delete timeout test ; OK
# get unexistent policy object `dummy'
nfct get timeout test ; BAD
# delete policy object `test', however, it does not exists anymore
nfct delete timeout test ; BAD
# add policy object `test'
nfct add timeout test inet gre unreplied 1 replied 2 ; OK
# get policy object `test'
nfct get timeout test ; OK
# delete policy object `test'
nfct delete timeout test ; OK