This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via 9fa0fb55b55a55fc4b3a092ccb8000a5011ad2d9 (commit) via 7bcf28fd5f630d0808e2f7c8db339b94b50e897e (commit) via 5235df063e4dea832dfad8c22d689d9d72a43207 (commit) via bb885adb78801da4ee47ad19517dec4566cd9596 (commit) via 96d0efe9c85c435588a81a017770e5e4d8b4f736 (commit) via 8c5ccb6a2ec39be34dc696e6e73776b706e49cb3 (commit) via 55625ae8bc1c63bdef3ba503a9d586151776910c (commit) via 19ef2da5fa728ab6828a77df1013f5dee7662d6c (commit) from 75466c12cfd17030f32e698e0a98fbef38726cd3 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 9fa0fb55b55a55fc4b3a092ccb8000a5011ad2d9 Merge: 7bcf28f 55625ae Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Nov 23 22:28:41 2011 +0100
Merge remote-tracking branch 'maniacikarus/iptables'
commit 7bcf28fd5f630d0808e2f7c8db339b94b50e897e Merge: 5235df0 19ef2da Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Nov 23 22:28:29 2011 +0100
Merge remote-tracking branch 'maniacikarus/ids'
Conflicts: suricata/suricata.nm
commit 5235df063e4dea832dfad8c22d689d9d72a43207 Merge: bb885ad 96d0efe Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Nov 23 22:27:54 2011 +0100
Merge remote-tracking branch 'stevee/curl'
commit bb885adb78801da4ee47ad19517dec4566cd9596 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Nov 23 22:27:00 2011 +0100
mstpd: Add patch to ignore NO-CARRIER state.
commit 96d0efe9c85c435588a81a017770e5e4d8b4f736 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Nov 23 21:01:56 2011 +0100
curl: Enable testsuite.
Testsuite now works and will run through. Please ignore the error message on test 564. ( RUN: failed to start the SSH server )
commit 8c5ccb6a2ec39be34dc696e6e73776b706e49cb3 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Nov 23 20:58:18 2011 +0100
curl: Update to 7.23.1.
Fixes #295.
commit 55625ae8bc1c63bdef3ba503a9d586151776910c Author: Christian Schmidt christian.schmidt@ipfire.org Date: Mon Nov 21 18:18:41 2011 +0000
iptables: Updated to version 1.4.12.1
fixes: #291
commit 19ef2da5fa728ab6828a77df1013f5dee7662d6c Author: Christian Schmidt christian.schmidt@ipfire.org Date: Mon Nov 21 18:08:55 2011 +0000
suricata: Changed some config options.
-----------------------------------------------------------------------
Summary of changes: curl/curl.nm | 13 +- iptables/iptables.nm | 4 +- mstpd/mstpd.nm | 2 +- .../ignore-carrier-state-on-bridge-device.patch0 | 140 ++++++++++++++++++++ suricata/suricata.conf | 10 ++ suricata/suricata.nm | 2 +- suricata/systemd/suricata.service | 2 +- 7 files changed, 161 insertions(+), 12 deletions(-) create mode 100644 mstpd/patches/ignore-carrier-state-on-bridge-device.patch0
Difference in files: diff --git a/curl/curl.nm b/curl/curl.nm index 3baf575..5a752fd 100644 --- a/curl/curl.nm +++ b/curl/curl.nm @@ -4,8 +4,8 @@ ###############################################################################
name = curl -version = 7.21.7 -release = 1 +version = 7.23.1 +release = 2
groups = Application/Internet url = http://www.curl.haxx.se/ @@ -20,7 +20,7 @@ description user authentication, FTP upload, HTTP post, and file transfer resume. end
-source_dl = +source_dl = http://curl.haxx.se/download/
build requires @@ -53,10 +53,9 @@ build autoreconf -vfi end
- # Doesn't work - #test - # make check - #end + test + make check + end end
packages diff --git a/iptables/iptables.nm b/iptables/iptables.nm index b7ce6aa3d..771397d 100644 --- a/iptables/iptables.nm +++ b/iptables/iptables.nm @@ -4,7 +4,7 @@ ###############################################################################
name = iptables -version = 1.4.12 +version = 1.4.12.1 release = 1
groups = Networking/Tools @@ -18,7 +18,7 @@ description you should install this package. end
-source_dl = +source_dl = http://ftp.netfilter.org/pub/iptables/ sources = %{thisapp}.tar.bz2
build diff --git a/mstpd/mstpd.nm b/mstpd/mstpd.nm index 55197ba..87d3741 100644 --- a/mstpd/mstpd.nm +++ b/mstpd/mstpd.nm @@ -6,7 +6,7 @@ name = mstpd version = 0.01 svn_ver = 16 -release = 0.2-svn%{svn_ver}.1 +release = 0.2-svn%{svn_ver}.2 thisapp = %{name}-%{version}-svn%{svn_ver}
groups = Networking/Tools diff --git a/mstpd/patches/ignore-carrier-state-on-bridge-device.patch0 b/mstpd/patches/ignore-carrier-state-on-bridge-device.patch0 new file mode 100644 index 0000000..189bf96 --- /dev/null +++ b/mstpd/patches/ignore-carrier-state-on-bridge-device.patch0 @@ -0,0 +1,140 @@ +Index: bridge_ctl.h +=================================================================== +--- bridge_ctl.h (revision 16) ++++ bridge_ctl.h (working copy) +@@ -81,7 +81,7 @@ + + int init_bridge_ops(void); + +-int bridge_notify(int br_index, int if_index, bool newlink, bool up); ++int bridge_notify(int br_index, int if_index, bool newlink, unsigned flags); + + void bridge_bpdu_rcv(int ifindex, const unsigned char *data, int len); + +Index: brmon.c +=================================================================== +--- brmon.c (revision 16) ++++ brmon.c (working copy) +@@ -66,7 +66,7 @@ + int len = n->nlmsg_len; + char b1[IFNAMSIZ]; + int af_family = ifi->ifi_family; +- bool newlink, up; ++ bool newlink; + int br_index; + + if(n->nlmsg_type == NLMSG_DONE) +@@ -154,12 +154,6 @@ + fflush(fp); + + newlink = (n->nlmsg_type == RTM_NEWLINK); +- up = false; +- if(newlink && tb[IFLA_OPERSTATE]) +- { +- int state = *(uint8_t*)RTA_DATA(tb[IFLA_OPERSTATE]); +- up = (state == IF_OPER_UP) || (state == IF_OPER_UNKNOWN); +- } + + if(tb[IFLA_MASTER]) + br_index = *(int*)RTA_DATA(tb[IFLA_MASTER]); +@@ -168,7 +162,7 @@ + else + br_index = -1; + +- bridge_notify(br_index, ifi->ifi_index, newlink, up); ++ bridge_notify(br_index, ifi->ifi_index, newlink, ifi->ifi_flags); + + return 0; + } +Index: bridge_track.c +=================================================================== +--- bridge_track.c (revision 16) ++++ bridge_track.c (working copy) +@@ -279,13 +279,15 @@ + } + + /* br_index == if_index means: interface is bridge master */ +-int bridge_notify(int br_index, int if_index, bool newlink, bool up) ++int bridge_notify(int br_index, int if_index, bool newlink, unsigned flags) + { + port_t *ifc; + bridge_t *br = NULL, *other_br; ++ bool up = !!(flags & IFF_UP); ++ bool running = up && (flags & IFF_RUNNING); + +- LOG("br_index %d, if_index %d, newlink %d, up %d", +- br_index, if_index, newlink, up); ++ LOG("br_index %d, if_index %d, newlink %d, up %d, running %d", ++ br_index, if_index, newlink, up, running); + + if((br_index >= 0) && (br_index != if_index)) + { +@@ -296,9 +298,9 @@ + ERROR("Couldn't create data for bridge interface %d", br_index); + return -1; + } +- int br_up = ethtool_get_link(br->sysdeps.name); +- if(br_up >= 0) +- set_br_up(br, !!br_up); ++ int br_flags = get_flags(br->sysdeps.name); ++ if(br_flags >= 0) ++ set_br_up(br, !!(flags & IFF_UP)); + } + + if(br) +@@ -336,7 +338,7 @@ + delete_if(ifc); + return 0; + } +- set_if_up(ifc, up); /* And speed and duplex */ ++ set_if_up(ifc, running); /* And speed and duplex */ + } + else + { /* Interface is not a bridge slave */ +Index: netif_utils.c +=================================================================== +--- netif_utils.c (revision 16) ++++ netif_utils.c (working copy) +@@ -65,23 +65,17 @@ + return 0; + } + +-int ethtool_get_link(char *ifname) ++int get_flags(char *ifname) + { + struct ifreq ifr; + memset(&ifr, 0, sizeof(ifr)); + strncpy(ifr.ifr_name, ifname, IFNAMSIZ); +- struct ethtool_value eval; +- +- eval.cmd = ETHTOOL_GLINK; +- ifr.ifr_data = (caddr_t)&eval; +- if(0 > ioctl(netsock, SIOCETHTOOL, &ifr)) ++ if(0 > ioctl(netsock, SIOCGIFFLAGS, &ifr)) + { +- ERROR("Cannot get link status for %s: %m\n", ifname); ++ ERROR("%s: get interface flags failed: %m", ifname); + return -1; + } +- if(eval.data) +- return 1; +- return 0; ++ return ifr.ifr_flags; + } + + int ethtool_get_speed_duplex(char *ifname, int *speed, int *duplex) +Index: netif_utils.h +=================================================================== +--- netif_utils.h (revision 16) ++++ netif_utils.h (working copy) +@@ -31,9 +31,9 @@ + int netsock_init(void); + + int get_hwaddr(char *ifname, unsigned char *hwaddr); ++int get_flags(char *ifname); + + int ethtool_get_speed_duplex(char *ifname, int *speed, int *duplex); +-int ethtool_get_link(char *ifname); + + bool is_bridge(char *if_name); + diff --git a/suricata/suricata.conf b/suricata/suricata.conf index d1d5a25..8c2b1ed 100644 --- a/suricata/suricata.conf +++ b/suricata/suricata.conf @@ -255,6 +255,7 @@ flow-timeouts: stream: memcap: 33554432 checksum_validation: yes + inline: yes reassembly: memcap: 67108864 depth: 1048576 @@ -295,6 +296,15 @@ logging: enabled: no facility: local5 format: "[%i] <%d> -- " + - drop: + enabled: yes + filename: drop.log + append: yes + +nfq: + mode: repeat + repeat_mark: 1 + repeat_mask: 1
# PF_RING configuration. for use with native PF_RING support # for more info see http://www.ntop.org/PF_RING.html diff --git a/suricata/suricata.nm b/suricata/suricata.nm index 7c4cec5..d1e67e2 100644 --- a/suricata/suricata.nm +++ b/suricata/suricata.nm @@ -5,7 +5,7 @@
name = suricata version = 1.1 -release = 1 +release = 2
groups = Networking/IDS url = http://www.openinfosecfoundation.org/ diff --git a/suricata/systemd/suricata.service b/suricata/systemd/suricata.service index 4e0b689..24cfa98 100644 --- a/suricata/systemd/suricata.service +++ b/suricata/systemd/suricata.service @@ -5,7 +5,7 @@ After=syslog.target network.target [Service] Type=forking ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.conf -q 0 -q 1 -D -ExecStartPost=/sbin/iptables -I INPUT -j NFQUEUE -–queue-balance 0:1 +ExecStartPost=/sbin/iptables -I INPUT -mark ! --mark 1/1 -j NFQUEUE -–queue-balance 0:1 ExecReload=/bin/kill -HUP $MAINPID ExecStop=/sbin/iptables -D INPUT -j NFQUEUE -–queue-balance 0:1 ExecStopPost=/bin/kill $MAINPID
hooks/post-receive -- IPFire 3.x development tree