Browse code
conntrack-tools: Added new package
compiling conntrack-tools requires glibc obsolete
rpc support which exist only till glibc <= 2.14
So, added a patch for compiling with libtirpc which has
required rpc headers
Change-Id: I76e60b59d0ce3c6a4c6fd1dcf2ad2c6956405c34
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/6811
Tested-by: michellew <michellew@vmware.com>
Reviewed-by: michellew <michellew@vmware.com>
Ankit Jain authored on 2019/03/02 02:16:01Showing 3 changed files
- SPECS/conntrack-tools/conntrack-tools-compiling-support-libtirpc.patch
- SPECS/conntrack-tools/conntrack-tools.spec
- SPECS/conntrack-tools/conntrackd.service
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,110 @@ |
| 0 |
+From patchwork Tue Feb 12 23:38:28 2019 |
|
| 1 |
+Content-Type: text/plain; charset="utf-8" |
|
| 2 |
+MIME-Version: 1.0 |
|
| 3 |
+Content-Transfer-Encoding: 7bit |
|
| 4 |
+Subject: [conntrack-tools,v2] Support compiling against libtirpc |
|
| 5 |
+X-Patchwork-Submitter: Phil Sutter <phil@nwl.cc> |
|
| 6 |
+X-Patchwork-Id: 1040906 |
|
| 7 |
+X-Patchwork-Delegate: pablo@netfilter.org |
|
| 8 |
+Message-Id: <20190212233828.6455-1-phil@nwl.cc> |
|
| 9 |
+To: Pablo Neira Ayuso <pablo@netfilter.org> |
|
| 10 |
+Cc: netfilter-devel@vger.kernel.org, Jan Engelhardt <jengelh@inai.de> |
|
| 11 |
+Date: Wed, 13 Feb 2019 00:38:28 +0100 |
|
| 12 |
+From: Phil Sutter <phil@nwl.cc> |
|
| 13 |
+List-Id: <netfilter-devel.vger.kernel.org> |
|
| 14 |
+ |
|
| 15 |
+Try compiling against libtirpc on systems where RPC headers are not |
|
| 16 |
+provided by Glibc. |
|
| 17 |
+ |
|
| 18 |
+Due to naming conflicts, rpc_call() has had to be renamed. |
|
| 19 |
+ |
|
| 20 |
+Cc: Jan Engelhardt <jengelh@inai.de> |
|
| 21 |
+Signed-off-by: Phil Sutter <phil@nwl.cc> |
|
| 22 |
+--- |
|
| 23 |
+Note that I didn't do real functional testing apart from running |
|
| 24 |
+conntrack and nfct testsuites. OTOH, in Fedora Rawhide the package is |
|
| 25 |
+linked against libtirpc as well and seems to work. |
|
| 26 |
+ |
|
| 27 |
+Changes since v1: |
|
| 28 |
+- Fix @VAR@ into ${VAR} in Makefile.am as suggested by Jan Engelhardt.
|
|
| 29 |
+--- |
|
| 30 |
+ Make_global.am | 3 ++- |
|
| 31 |
+ Makefile.am | 2 +- |
|
| 32 |
+ configure.ac | 6 ++++++ |
|
| 33 |
+ src/helpers/rpc.c | 7 ++++--- |
|
| 34 |
+ 4 files changed, 13 insertions(+), 5 deletions(-) |
|
| 35 |
+ |
|
| 36 |
+diff --git a/Make_global.am b/Make_global.am |
|
| 37 |
+index 80842493a4ad0..554bb3ccc6951 100644 |
|
| 38 |
+--- a/Make_global.am |
|
| 39 |
+@@ -6,4 +6,5 @@ AM_CFLAGS = -std=gnu99 -W -Wall \ |
|
| 40 |
+ ${LIBNETFILTER_CONNTRACK_CFLAGS} \
|
|
| 41 |
+ ${LIBNETFILTER_CTTIMEOUT_CFLAGS} \
|
|
| 42 |
+ ${LIBNETFILTER_QUEUE_CFLAGS} \
|
|
| 43 |
+- ${LIBNETFILTER_CTHELPER_CFLAGS}
|
|
| 44 |
++ ${LIBNETFILTER_CTHELPER_CFLAGS} \
|
|
| 45 |
++ ${LIBTIRPC_CFLAGS}
|
|
| 46 |
+diff --git a/Makefile.am b/Makefile.am |
|
| 47 |
+index f64d60438d411..d73d7f4c54ff2 100644 |
|
| 48 |
+--- a/Makefile.am |
|
| 49 |
+@@ -7,7 +7,7 @@ EXTRA_DIST = $(man_MANS) Make_global.am doc m4 tests |
|
| 50 |
+ |
|
| 51 |
+ SUBDIRS = extensions src |
|
| 52 |
+ DIST_SUBDIRS = include src extensions |
|
| 53 |
+-LIBS = @LIBNETFILTER_CONNTRACK_LIBS@ |
|
| 54 |
++LIBS = ${LIBNETFILTER_CONNTRACK_LIBS} ${LIBTIRPC_LIBS}
|
|
| 55 |
+ |
|
| 56 |
+ dist-hook: |
|
| 57 |
+ rm -rf `find $(distdir)/doc -name *.orig` |
|
| 58 |
+diff --git a/configure.ac b/configure.ac |
|
| 59 |
+index 048d261ac1088..5384d3c80962c 100644 |
|
| 60 |
+--- a/configure.ac |
|
| 61 |
+@@ -73,6 +73,12 @@ AM_CONDITIONAL([HAVE_SYSTEMD], [test "x$enable_systemd" = "xyes"]) |
|
| 62 |
+ |
|
| 63 |
+ AC_CHECK_HEADERS([linux/capability.h],, [AC_MSG_ERROR([Cannot find linux/capabibility.h])]) |
|
| 64 |
+ |
|
| 65 |
++# check for rpc_msg.h existence |
|
| 66 |
++AC_CHECK_HEADER([rpc/rpc_msg.h], [have_rpc_msg_h=yes], [have_rpc_msg_h=no]) |
|
| 67 |
++AS_IF([test "x$have_rpc_msg_h" = "xno"], |
|
| 68 |
++ [PKG_CHECK_MODULES([LIBTIRPC], [libtirpc], [], |
|
| 69 |
++ [AC_MSG_ERROR([No provider for rpc/rpc_msg.h found])])]) |
|
| 70 |
++ |
|
| 71 |
+ # Checks for libraries. |
|
| 72 |
+ # FIXME: Replace `main' with a function in `-lc': |
|
| 73 |
+ dnl AC_CHECK_LIB([c], [main]) |
|
| 74 |
+diff --git a/src/helpers/rpc.c b/src/helpers/rpc.c |
|
| 75 |
+index 3a7b337135f04..bd24dd3269c8e 100644 |
|
| 76 |
+--- a/src/helpers/rpc.c |
|
| 77 |
+@@ -26,6 +26,7 @@ |
|
| 78 |
+ |
|
| 79 |
+ #include <errno.h> |
|
| 80 |
+ |
|
| 81 |
++#include <rpc/clnt.h> |
|
| 82 |
+ #include <rpc/rpc_msg.h> |
|
| 83 |
+ #include <rpc/pmap_prot.h> |
|
| 84 |
+ #define _GNU_SOURCE |
|
| 85 |
+@@ -114,8 +115,8 @@ nf_nat_rpc(struct pkt_buff *pkt, int dir, struct nf_expect *exp, |
|
| 86 |
+ #define ROUNDUP(n) ((((n) + 3)/4)*4) |
|
| 87 |
+ |
|
| 88 |
+ static int |
|
| 89 |
+-rpc_call(const uint32_t *data, uint32_t offset, uint32_t datalen, |
|
| 90 |
+- struct rpc_info *rpc_info) |
|
| 91 |
++rpc_parse_call(const uint32_t *data, uint32_t offset, uint32_t datalen, |
|
| 92 |
++ struct rpc_info *rpc_info) |
|
| 93 |
+ {
|
|
| 94 |
+ uint32_t p, r; |
|
| 95 |
+ |
|
| 96 |
+@@ -393,7 +394,7 @@ rpc_helper_cb(struct pkt_buff *pkt, uint32_t protoff, |
|
| 97 |
+ } |
|
| 98 |
+ |
|
| 99 |
+ if (rm_dir == CALL) {
|
|
| 100 |
+- if (rpc_call(data, offset, datalen, rpc_info) < 0) |
|
| 101 |
++ if (rpc_parse_call(data, offset, datalen, rpc_info) < 0) |
|
| 102 |
+ goto out; |
|
| 103 |
+ |
|
| 104 |
+ rpc_info->xid = xid; |
|
| 105 |
+ |
| 0 | 106 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,117 @@ |
| 0 |
+Summary: The conntrack-tools are a set of userspace tools for Linux |
|
| 1 |
+Name: conntrack-tools |
|
| 2 |
+Version: 1.4.5 |
|
| 3 |
+Release: 1%{?dist}
|
|
| 4 |
+License: GPLv2 |
|
| 5 |
+URL: http://conntrack-tools.netfilter.org |
|
| 6 |
+Group: System Environment/Base |
|
| 7 |
+Vendor: VMware, Inc. |
|
| 8 |
+Distribution: Photon |
|
| 9 |
+Source0: https://netfilter.org/projects/%{name}/files/%{name}-%{version}.tar.bz2
|
|
| 10 |
+%define sha1 %{name}=7d03a8d6d9ef56a9980ebfe25a282123807f8dcb
|
|
| 11 |
+Source1: conntrackd.service |
|
| 12 |
+Patch0: conntrack-tools-compiling-support-libtirpc.patch |
|
| 13 |
+BuildRequires: libnetfilter_conntrack-devel |
|
| 14 |
+BuildRequires: libnfnetlink-devel |
|
| 15 |
+BuildRequires: libmnl-devel |
|
| 16 |
+BuildRequires: libtirpc-devel |
|
| 17 |
+BuildRequires: libnetfilter_cttimeout-devel |
|
| 18 |
+BuildRequires: libnetfilter_cthelper-devel |
|
| 19 |
+BuildRequires: libnetfilter_queue-devel |
|
| 20 |
+BuildRequires: systemd-devel |
|
| 21 |
+Requires: libmnl |
|
| 22 |
+Requires: libnetfilter_conntrack |
|
| 23 |
+Requires: libnfnetlink |
|
| 24 |
+Requires: libnetfilter_cttimeout |
|
| 25 |
+Requires: libnetfilter_cthelper |
|
| 26 |
+Requires: libnetfilter_queue |
|
| 27 |
+Requires: systemd |
|
| 28 |
+ |
|
| 29 |
+%description |
|
| 30 |
+The conntrack-tools are a set of free software userspace tools for Linux that allow system administrators interact with the Connection Tracking System, which is the module that provides stateful packet inspection for iptables. The conntrack-tools are the userspace daemon conntrackd and the command line interface conntrack. |
|
| 31 |
+The conntrack-tools package contains two programs: |
|
| 32 |
+ |
|
| 33 |
+ - conntrack: the command line interface to interact with the connection |
|
| 34 |
+ tracking system. |
|
| 35 |
+ |
|
| 36 |
+ - conntrackd: the connection tracking userspace daemon that can be used to |
|
| 37 |
+ deploy highly available GNU/Linux firewalls and collect |
|
| 38 |
+ statistics of the firewall use. |
|
| 39 |
+ |
|
| 40 |
+%prep |
|
| 41 |
+%setup -q |
|
| 42 |
+%patch0 -p1 |
|
| 43 |
+ |
|
| 44 |
+aclocal |
|
| 45 |
+autoconf |
|
| 46 |
+ |
|
| 47 |
+%build |
|
| 48 |
+%configure \ |
|
| 49 |
+ --enable-systemd \ |
|
| 50 |
+ --disable-static \ |
|
| 51 |
+ --disable-silent-rules |
|
| 52 |
+make %{?_smp_mflags}
|
|
| 53 |
+ |
|
| 54 |
+%install |
|
| 55 |
+make DESTDIR=%{buildroot} install
|
|
| 56 |
+find %{buildroot} -type f -name '*.la' -exec rm -f {} ';'
|
|
| 57 |
+install -vdm 755 %{buildroot}%{_sysconfdir}/conntrackd
|
|
| 58 |
+install -m 0644 doc/stats/conntrackd.conf %{buildroot}%{_sysconfdir}/conntrackd
|
|
| 59 |
+install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/conntrackd.service
|
|
| 60 |
+install -vdm 755 %{buildroot}%{_datadir}/conntrackd
|
|
| 61 |
+install -vdm 755 %{buildroot}%{_sharedstatedir}/conntrackd
|
|
| 62 |
+ |
|
| 63 |
+%check |
|
| 64 |
+make %{?_smp_mflags} check
|
|
| 65 |
+ |
|
| 66 |
+%pre -p /bin/sh |
|
| 67 |
+if ! getent group conntrackd >/dev/null; then |
|
| 68 |
+ groupadd -r conntrackd |
|
| 69 |
+fi |
|
| 70 |
+if ! getent passwd conntrackd >/dev/null; then |
|
| 71 |
+ useradd -r -g conntrackd -d /var/lib/conntrackd -s /sbin/nologin -c "Conntrack tools User" conntrackd |
|
| 72 |
+fi |
|
| 73 |
+exit 0 |
|
| 74 |
+ |
|
| 75 |
+ |
|
| 76 |
+%post |
|
| 77 |
+/sbin/ldconfig |
|
| 78 |
+chown -R conntrackd:conntrackd /var/lib/conntrackd |
|
| 79 |
+chown -R conntrackd:conntrackd /usr/share/conntrackd |
|
| 80 |
+%systemd_post conntrackd.service |
|
| 81 |
+ |
|
| 82 |
+%preun |
|
| 83 |
+/sbin/ldconfig |
|
| 84 |
+%systemd_preun conntrackd.service |
|
| 85 |
+ |
|
| 86 |
+%postun -p /bin/sh |
|
| 87 |
+%systemd_postun_with_restart conntrackd.service |
|
| 88 |
+if [ $1 -eq 0 ] ; then |
|
| 89 |
+ getent passwd conntrackd > /dev/null |
|
| 90 |
+ if [ "$?" == "0" ] ; then |
|
| 91 |
+ userdel conntrackd |
|
| 92 |
+ fi |
|
| 93 |
+ getent group conntrackd >/dev/null |
|
| 94 |
+ if [ "$?" == "0" ] ; then |
|
| 95 |
+ groupdel conntrackd |
|
| 96 |
+ fi |
|
| 97 |
+fi |
|
| 98 |
+exit |
|
| 99 |
+ |
|
| 100 |
+%files |
|
| 101 |
+%defattr(-,conntrackd,conntrackd) |
|
| 102 |
+%{_sbindir}/conntrack
|
|
| 103 |
+%{_sbindir}/conntrackd
|
|
| 104 |
+%{_sbindir}/nfct
|
|
| 105 |
+%{_mandir}/man8/*
|
|
| 106 |
+%{_mandir}/man5/*
|
|
| 107 |
+%{_libdir}/%{name}/*.so
|
|
| 108 |
+%config(noreplace) %{_sysconfdir}/conntrackd/conntrackd.conf
|
|
| 109 |
+%{_unitdir}/conntrackd.service
|
|
| 110 |
+%{_datadir}/conntrackd
|
|
| 111 |
+%{_sharedstatedir}/conntrackd
|
|
| 112 |
+ |
|
| 113 |
+%changelog |
|
| 114 |
+* Fri Mar 01 2019 Ankit Jain <ankitja@vmware.com> 1.4.5-1 |
|
| 115 |
+- Initial build. First version |
|
| 116 |
+ |
| 0 | 117 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,14 @@ |
| 0 |
+[Unit] |
|
| 1 |
+Description=Conntrack Daemon |
|
| 2 |
+Documentation=man:conntrackd(8) man:conntrackd.conf(5) |
|
| 3 |
+After=network.target |
|
| 4 |
+ |
|
| 5 |
+[Service] |
|
| 6 |
+Type=notify |
|
| 7 |
+ExecStart=/usr/sbin/conntrackd -C /etc/conntrackd/conntrackd.conf |
|
| 8 |
+ExecReload=/usr/bin/kill -HUP $MAINPID |
|
| 9 |
+Restart=on-failure |
|
| 10 |
+KillSignal=SIGINT |
|
| 11 |
+ |
|
| 12 |
+[Install] |
|
| 13 |
+WantedBy=multi-user.target |