This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 415969cc1b8edd06ee84375614c4eb06cf182d36 (commit) via 593a9326d8f309c78ff87d43793210cd92e42d14 (commit) from 92fbca34173e3533cdae748d6c7196c42ed94e6c (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 415969cc1b8edd06ee84375614c4eb06cf182d36 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Sep 20 20:33:05 2019 +0200
kernel: Backport patch to fix a netfilter contrack related issue.
This fixes the packet drop issue when using suricata on IPFire.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 593a9326d8f309c78ff87d43793210cd92e42d14 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Sep 21 09:52:02 2019 +0000
start core137 and add kernel and IO-Socket-SSL to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/core/{136 => 137}/exclude | 0 .../core/{136 => 137}/filelists/IO-Socket-SSL | 0 .../124 => core/137}/filelists/aarch64/linux | 0 .../137}/filelists/aarch64/linux-initrd | 0 .../137}/filelists/armv5tel/linux-initrd-kirkwood | 0 .../137}/filelists/armv5tel/linux-initrd-multi | 0 .../137}/filelists/armv5tel/linux-kirkwood | 0 .../137}/filelists/armv5tel/linux-multi | 0 .../{oldcore/113 => core/137}/filelists/files | 3 +- .../{oldcore/100 => core/137}/filelists/i586/linux | 0 .../100 => core/137}/filelists/i586/linux-initrd | 0 .../100 => core/137}/filelists/x86_64/linux | 0 .../100 => core/137}/filelists/x86_64/linux-initrd | 0 .../rootfiles/{oldcore/134 => core/137}/update.sh | 6 +- config/rootfiles/{core => oldcore}/136/exclude | 0 .../{core => oldcore}/136/filelists/Archive-Tar | 0 .../{core => oldcore}/136/filelists/Archive-Zip | 0 .../{core => oldcore}/136/filelists/BerkeleyDB | 0 .../{core => oldcore}/136/filelists/Compress-Zlib | 0 .../{core => oldcore}/136/filelists/Convert-TNEF | 0 .../{core => oldcore}/136/filelists/Convert-UUlib | 0 .../136/filelists/Crypt-PasswdMD5 | 0 .../{core => oldcore}/136/filelists/Digest | 0 .../{core => oldcore}/136/filelists/Digest-HMAC | 0 .../{core => oldcore}/136/filelists/Digest-SHA1 | 0 .../{core => oldcore}/136/filelists/GD-Graph | 0 .../{core => oldcore}/136/filelists/GD-TextUtil | 0 .../{core => oldcore}/136/filelists/GeoIP | 0 .../{core => oldcore}/136/filelists/HTML-Parser | 0 .../{core => oldcore}/136/filelists/HTML-Tagset | 0 .../{core => oldcore}/136/filelists/HTML-Template | 0 .../{core => oldcore}/136/filelists/IO-Socket-SSL | 0 .../{core => oldcore}/136/filelists/IO-Stringy | 0 .../{core => oldcore}/136/filelists/Locale-Country | 0 .../{core => oldcore}/136/filelists/Mail-Tools | 0 .../{core => oldcore}/136/filelists/Net-DNS | 0 .../{core => oldcore}/136/filelists/Net-IPv4Addr | 0 .../{core => oldcore}/136/filelists/Net-Server | 0 .../{core => oldcore}/136/filelists/Net-Telnet | 0 .../{core => oldcore}/136/filelists/Net_SSLeay | 0 .../{core => oldcore}/136/filelists/Text-Tabs+Wrap | 0 .../rootfiles/{core => oldcore}/136/filelists/URI | 0 .../{core => oldcore}/136/filelists/Unix-Syslog | 0 .../{core => oldcore}/136/filelists/XML-Parser | 0 .../{core => oldcore}/136/filelists/aarch64/gcc | 0 .../{core => oldcore}/136/filelists/apache2 | 0 .../{core => oldcore}/136/filelists/armv5tel/gcc | 0 .../rootfiles/{core => oldcore}/136/filelists/bind | 0 .../136/filelists/ca-certificates | 0 .../{core => oldcore}/136/filelists/dhcpcd | 0 .../{core => oldcore}/136/filelists/files | 0 .../136/filelists/geoip-generator | 0 .../{core => oldcore}/136/filelists/hwdata | 0 .../{core => oldcore}/136/filelists/i586/gcc | 0 .../136/filelists/i586/openssl-sse2 | 0 .../rootfiles/{core => oldcore}/136/filelists/knot | 0 .../{core => oldcore}/136/filelists/liboping | 0 .../{core => oldcore}/136/filelists/libwww-perl | 0 .../{core => oldcore}/136/filelists/logrotate | 0 .../{core => oldcore}/136/filelists/openssh | 0 .../{core => oldcore}/136/filelists/openssl | 0 .../{core => oldcore}/136/filelists/patch | 0 .../rootfiles/{core => oldcore}/136/filelists/perl | 0 .../136/filelists/perl-Apache-Htpasswd | 0 .../{core => oldcore}/136/filelists/perl-CGI | 0 .../136/filelists/perl-Device-Modem | 0 .../136/filelists/perl-Device-SerialPort | 0 .../136/filelists/perl-Email-Date-Format | 0 .../{core => oldcore}/136/filelists/perl-Font-TTF | 0 .../{core => oldcore}/136/filelists/perl-GD | 0 .../{core => oldcore}/136/filelists/perl-IO-String | 0 .../{core => oldcore}/136/filelists/perl-MIME-Lite | 0 .../136/filelists/perl-Net-CIDR-Lite | 0 .../136/filelists/perl-NetAddr-IP | 0 .../{core => oldcore}/136/filelists/perl-PDF-API2 | 0 .../136/filelists/perl-Sort-Naturally | 0 .../{core => oldcore}/136/filelists/perl-Switch | 0 .../136/filelists/perl-Text-CSV_XS | 0 .../{core => oldcore}/136/filelists/rrdtool | 0 .../{core => oldcore}/136/filelists/unbound | 0 .../{core => oldcore}/136/filelists/usb_modeswitch | 0 .../136/filelists/usb_modeswitch_data | 0 .../{core => oldcore}/136/filelists/x86_64/gcc | 0 config/rootfiles/{core => oldcore}/136/update.sh | 0 lfs/linux | 3 + make.sh | 2 +- ...nux-5.0-netfilter-conntrack-resolve-clash.patch | 75 ++++++++++++++++++++++ 87 files changed, 82 insertions(+), 7 deletions(-) copy config/rootfiles/core/{136 => 137}/exclude (100%) copy config/rootfiles/core/{136 => 137}/filelists/IO-Socket-SSL (100%) copy config/rootfiles/{oldcore/124 => core/137}/filelists/aarch64/linux (100%) copy config/rootfiles/{oldcore/124 => core/137}/filelists/aarch64/linux-initrd (100%) copy config/rootfiles/{oldcore/121 => core/137}/filelists/armv5tel/linux-initrd-kirkwood (100%) copy config/rootfiles/{oldcore/121 => core/137}/filelists/armv5tel/linux-initrd-multi (100%) copy config/rootfiles/{oldcore/100 => core/137}/filelists/armv5tel/linux-kirkwood (100%) copy config/rootfiles/{oldcore/100 => core/137}/filelists/armv5tel/linux-multi (100%) copy config/rootfiles/{oldcore/113 => core/137}/filelists/files (51%) copy config/rootfiles/{oldcore/100 => core/137}/filelists/i586/linux (100%) copy config/rootfiles/{oldcore/100 => core/137}/filelists/i586/linux-initrd (100%) copy config/rootfiles/{oldcore/100 => core/137}/filelists/x86_64/linux (100%) copy config/rootfiles/{oldcore/100 => core/137}/filelists/x86_64/linux-initrd (100%) copy config/rootfiles/{oldcore/134 => core/137}/update.sh (98%) rename config/rootfiles/{core => oldcore}/136/exclude (100%) rename config/rootfiles/{core => oldcore}/136/filelists/Archive-Tar (100%) rename config/rootfiles/{core => oldcore}/136/filelists/Archive-Zip (100%) rename config/rootfiles/{core => oldcore}/136/filelists/BerkeleyDB (100%) rename config/rootfiles/{core => oldcore}/136/filelists/Compress-Zlib (100%) rename config/rootfiles/{core => oldcore}/136/filelists/Convert-TNEF (100%) rename config/rootfiles/{core => oldcore}/136/filelists/Convert-UUlib (100%) rename config/rootfiles/{core => oldcore}/136/filelists/Crypt-PasswdMD5 (100%) rename config/rootfiles/{core => oldcore}/136/filelists/Digest (100%) rename config/rootfiles/{core => oldcore}/136/filelists/Digest-HMAC (100%) rename config/rootfiles/{core => oldcore}/136/filelists/Digest-SHA1 (100%) rename config/rootfiles/{core => oldcore}/136/filelists/GD-Graph (100%) rename config/rootfiles/{core => oldcore}/136/filelists/GD-TextUtil (100%) rename config/rootfiles/{core => oldcore}/136/filelists/GeoIP (100%) rename config/rootfiles/{core => oldcore}/136/filelists/HTML-Parser (100%) rename config/rootfiles/{core => oldcore}/136/filelists/HTML-Tagset (100%) rename config/rootfiles/{core => oldcore}/136/filelists/HTML-Template (100%) rename config/rootfiles/{core => oldcore}/136/filelists/IO-Socket-SSL (100%) rename config/rootfiles/{core => oldcore}/136/filelists/IO-Stringy (100%) rename config/rootfiles/{core => oldcore}/136/filelists/Locale-Country (100%) rename config/rootfiles/{core => oldcore}/136/filelists/Mail-Tools (100%) rename config/rootfiles/{core => oldcore}/136/filelists/Net-DNS (100%) rename config/rootfiles/{core => oldcore}/136/filelists/Net-IPv4Addr (100%) rename config/rootfiles/{core => oldcore}/136/filelists/Net-Server (100%) rename config/rootfiles/{core => oldcore}/136/filelists/Net-Telnet (100%) rename config/rootfiles/{core => oldcore}/136/filelists/Net_SSLeay (100%) rename config/rootfiles/{core => oldcore}/136/filelists/Text-Tabs+Wrap (100%) rename config/rootfiles/{core => oldcore}/136/filelists/URI (100%) rename config/rootfiles/{core => oldcore}/136/filelists/Unix-Syslog (100%) rename config/rootfiles/{core => oldcore}/136/filelists/XML-Parser (100%) rename config/rootfiles/{core => oldcore}/136/filelists/aarch64/gcc (100%) rename config/rootfiles/{core => oldcore}/136/filelists/apache2 (100%) rename config/rootfiles/{core => oldcore}/136/filelists/armv5tel/gcc (100%) rename config/rootfiles/{core => oldcore}/136/filelists/bind (100%) rename config/rootfiles/{core => oldcore}/136/filelists/ca-certificates (100%) rename config/rootfiles/{core => oldcore}/136/filelists/dhcpcd (100%) rename config/rootfiles/{core => oldcore}/136/filelists/files (100%) rename config/rootfiles/{core => oldcore}/136/filelists/geoip-generator (100%) rename config/rootfiles/{core => oldcore}/136/filelists/hwdata (100%) rename config/rootfiles/{core => oldcore}/136/filelists/i586/gcc (100%) rename config/rootfiles/{core => oldcore}/136/filelists/i586/openssl-sse2 (100%) rename config/rootfiles/{core => oldcore}/136/filelists/knot (100%) rename config/rootfiles/{core => oldcore}/136/filelists/liboping (100%) rename config/rootfiles/{core => oldcore}/136/filelists/libwww-perl (100%) rename config/rootfiles/{core => oldcore}/136/filelists/logrotate (100%) rename config/rootfiles/{core => oldcore}/136/filelists/openssh (100%) rename config/rootfiles/{core => oldcore}/136/filelists/openssl (100%) rename config/rootfiles/{core => oldcore}/136/filelists/patch (100%) rename config/rootfiles/{core => oldcore}/136/filelists/perl (100%) rename config/rootfiles/{core => oldcore}/136/filelists/perl-Apache-Htpasswd (100%) rename config/rootfiles/{core => oldcore}/136/filelists/perl-CGI (100%) rename config/rootfiles/{core => oldcore}/136/filelists/perl-Device-Modem (100%) rename config/rootfiles/{core => oldcore}/136/filelists/perl-Device-SerialPort (100%) rename config/rootfiles/{core => oldcore}/136/filelists/perl-Email-Date-Format (100%) rename config/rootfiles/{core => oldcore}/136/filelists/perl-Font-TTF (100%) rename config/rootfiles/{core => oldcore}/136/filelists/perl-GD (100%) rename config/rootfiles/{core => oldcore}/136/filelists/perl-IO-String (100%) rename config/rootfiles/{core => oldcore}/136/filelists/perl-MIME-Lite (100%) rename config/rootfiles/{core => oldcore}/136/filelists/perl-Net-CIDR-Lite (100%) rename config/rootfiles/{core => oldcore}/136/filelists/perl-NetAddr-IP (100%) rename config/rootfiles/{core => oldcore}/136/filelists/perl-PDF-API2 (100%) rename config/rootfiles/{core => oldcore}/136/filelists/perl-Sort-Naturally (100%) rename config/rootfiles/{core => oldcore}/136/filelists/perl-Switch (100%) rename config/rootfiles/{core => oldcore}/136/filelists/perl-Text-CSV_XS (100%) rename config/rootfiles/{core => oldcore}/136/filelists/rrdtool (100%) rename config/rootfiles/{core => oldcore}/136/filelists/unbound (100%) rename config/rootfiles/{core => oldcore}/136/filelists/usb_modeswitch (100%) rename config/rootfiles/{core => oldcore}/136/filelists/usb_modeswitch_data (100%) rename config/rootfiles/{core => oldcore}/136/filelists/x86_64/gcc (100%) rename config/rootfiles/{core => oldcore}/136/update.sh (100%) create mode 100644 src/patches/linux/linux-5.0-netfilter-conntrack-resolve-clash.patch
Difference in files: diff --git a/config/rootfiles/core/136/exclude b/config/rootfiles/core/137/exclude similarity index 100% rename from config/rootfiles/core/136/exclude rename to config/rootfiles/core/137/exclude diff --git a/config/rootfiles/core/136/filelists/IO-Socket-SSL b/config/rootfiles/core/137/filelists/IO-Socket-SSL similarity index 100% rename from config/rootfiles/core/136/filelists/IO-Socket-SSL rename to config/rootfiles/core/137/filelists/IO-Socket-SSL diff --git a/config/rootfiles/core/137/filelists/aarch64/linux b/config/rootfiles/core/137/filelists/aarch64/linux new file mode 120000 index 000000000..3a2532bc7 --- /dev/null +++ b/config/rootfiles/core/137/filelists/aarch64/linux @@ -0,0 +1 @@ +../../../../common/aarch64/linux \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/aarch64/linux-initrd b/config/rootfiles/core/137/filelists/aarch64/linux-initrd new file mode 120000 index 000000000..8acdb0f31 --- /dev/null +++ b/config/rootfiles/core/137/filelists/aarch64/linux-initrd @@ -0,0 +1 @@ +../../../../common/aarch64/linux-initrd \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-kirkwood b/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-kirkwood new file mode 120000 index 000000000..39c5591b7 --- /dev/null +++ b/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-kirkwood @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-initrd-kirkwood \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-multi b/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-multi new file mode 120000 index 000000000..0b1b4530a --- /dev/null +++ b/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-multi @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-initrd-multi \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/armv5tel/linux-kirkwood b/config/rootfiles/core/137/filelists/armv5tel/linux-kirkwood new file mode 120000 index 000000000..72171071e --- /dev/null +++ b/config/rootfiles/core/137/filelists/armv5tel/linux-kirkwood @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-kirkwood \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/armv5tel/linux-multi b/config/rootfiles/core/137/filelists/armv5tel/linux-multi new file mode 120000 index 000000000..204eb4c43 --- /dev/null +++ b/config/rootfiles/core/137/filelists/armv5tel/linux-multi @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-multi \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/files b/config/rootfiles/core/137/filelists/files new file mode 100644 index 000000000..ce4e51768 --- /dev/null +++ b/config/rootfiles/core/137/filelists/files @@ -0,0 +1,4 @@ +etc/system-release +etc/issue +srv/web/ipfire/cgi-bin/credits.cgi +var/ipfire/langs diff --git a/config/rootfiles/core/137/filelists/i586/linux b/config/rootfiles/core/137/filelists/i586/linux new file mode 120000 index 000000000..693ec4bbf --- /dev/null +++ b/config/rootfiles/core/137/filelists/i586/linux @@ -0,0 +1 @@ +../../../../common/i586/linux \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/i586/linux-initrd b/config/rootfiles/core/137/filelists/i586/linux-initrd new file mode 120000 index 000000000..32a03e6a9 --- /dev/null +++ b/config/rootfiles/core/137/filelists/i586/linux-initrd @@ -0,0 +1 @@ +../../../../common/i586/linux-initrd \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/x86_64/linux b/config/rootfiles/core/137/filelists/x86_64/linux new file mode 120000 index 000000000..0615b5b9a --- /dev/null +++ b/config/rootfiles/core/137/filelists/x86_64/linux @@ -0,0 +1 @@ +../../../../common/x86_64/linux \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/x86_64/linux-initrd b/config/rootfiles/core/137/filelists/x86_64/linux-initrd new file mode 120000 index 000000000..1b9fff70f --- /dev/null +++ b/config/rootfiles/core/137/filelists/x86_64/linux-initrd @@ -0,0 +1 @@ +../../../../common/x86_64/linux-initrd \ No newline at end of file diff --git a/config/rootfiles/core/137/update.sh b/config/rootfiles/core/137/update.sh new file mode 100644 index 000000000..8c8019b90 --- /dev/null +++ b/config/rootfiles/core/137/update.sh @@ -0,0 +1,149 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2019 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +core=137 + +exit_with_error() { + # Set last succesfull installed core. + echo $(($core-1)) > /opt/pakfire/db/core/mine + # don't start pakfire again at error + killall -KILL pak_update + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: $1" + exit $2 +} + +# Remove old core updates from pakfire cache to save space... +for (( i=1; i<=$core; i++ )); do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +KVER="xxxKVERxxx" + +# Backup uEnv.txt if exist +if [ -e /boot/uEnv.txt ]; then + cp -vf /boot/uEnv.txt /boot/uEnv.txt.org +fi + +# Do some sanity checks. +case $(uname -r) in + *-ipfire*) + # Ok. + ;; + *) + exit_with_error "ERROR cannot update. No IPFire Kernel." 1 + ;; +esac + +# Check diskspace on root +ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + +if [ $ROOTSPACE -lt 80000 ]; then + exit_with_error "ERROR cannot update because not enough free space on root." 2 + exit 2 +fi + +# Remove the old kernel +rm -rf /boot/System.map-* +rm -rf /boot/config-* +rm -rf /boot/ipfirerd-* +rm -rf /boot/initramfs-* +rm -rf /boot/vmlinuz-* +rm -rf /boot/uImage-*-ipfire-* +rm -rf /boot/zImage-*-ipfire-* +rm -rf /boot/uInit-*-ipfire-* +rm -rf /boot/dtb-*-ipfire-* +rm -rf /lib/modules +rm -f /etc/sysconfig/lm_sensors + +# Remove files + +# Stop services + +# Extract files +extract_files + +# update linker config +ldconfig + +# Update Language cache +/usr/local/bin/update-lang-cache + +# Start services + +# Search sensors again after reboot into the new kernel +rm -f /etc/sysconfig/lm_sensors + +# Upadate Kernel version uEnv.txt +if [ -e /boot/uEnv.txt ]; then + sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt +fi + +# call user update script (needed for some arm boards) +if [ -e /boot/pakfire-kernel-update ]; then + /boot/pakfire-kernel-update ${KVER} +fi + +case "$(uname -m)" in + i?86) + # Force (re)install pae kernel if pae is supported + rm -rf /opt/pakfire/db/installed/meta-linux-pae + rm -rf /opt/pakfire/db/rootfiles/linux-pae + if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then + ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + if [ $BOOTSPACE -lt 22000 -o $ROOTSPACE -lt 120000 ]; then + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: WARNING not enough space for pae kernel." + touch /var/run/need_reboot + else + echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae + echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae + echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae + fi + else + touch /var/run/need_reboot + fi + ;; + *) + # This update needs a reboot... + touch /var/run/need_reboot + ;; +esac + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi + +sync + +# Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/oldcore/136/exclude b/config/rootfiles/oldcore/136/exclude new file mode 100644 index 000000000..b22159878 --- /dev/null +++ b/config/rootfiles/oldcore/136/exclude @@ -0,0 +1,28 @@ +boot/config.txt +boot/grub/grub.cfg +boot/grub/grubenv +etc/alternatives +etc/collectd.custom +etc/default/grub +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/dma +var/ipfire/time +var/ipfire/ovpn +var/lib/alternatives +var/log/cache +var/log/dhcpcd.log +var/log/messages +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/136/filelists/Archive-Tar b/config/rootfiles/oldcore/136/filelists/Archive-Tar similarity index 100% rename from config/rootfiles/core/136/filelists/Archive-Tar rename to config/rootfiles/oldcore/136/filelists/Archive-Tar diff --git a/config/rootfiles/core/136/filelists/Archive-Zip b/config/rootfiles/oldcore/136/filelists/Archive-Zip similarity index 100% rename from config/rootfiles/core/136/filelists/Archive-Zip rename to config/rootfiles/oldcore/136/filelists/Archive-Zip diff --git a/config/rootfiles/core/136/filelists/BerkeleyDB b/config/rootfiles/oldcore/136/filelists/BerkeleyDB similarity index 100% rename from config/rootfiles/core/136/filelists/BerkeleyDB rename to config/rootfiles/oldcore/136/filelists/BerkeleyDB diff --git a/config/rootfiles/core/136/filelists/Compress-Zlib b/config/rootfiles/oldcore/136/filelists/Compress-Zlib similarity index 100% rename from config/rootfiles/core/136/filelists/Compress-Zlib rename to config/rootfiles/oldcore/136/filelists/Compress-Zlib diff --git a/config/rootfiles/core/136/filelists/Convert-TNEF b/config/rootfiles/oldcore/136/filelists/Convert-TNEF similarity index 100% rename from config/rootfiles/core/136/filelists/Convert-TNEF rename to config/rootfiles/oldcore/136/filelists/Convert-TNEF diff --git a/config/rootfiles/core/136/filelists/Convert-UUlib b/config/rootfiles/oldcore/136/filelists/Convert-UUlib similarity index 100% rename from config/rootfiles/core/136/filelists/Convert-UUlib rename to config/rootfiles/oldcore/136/filelists/Convert-UUlib diff --git a/config/rootfiles/core/136/filelists/Crypt-PasswdMD5 b/config/rootfiles/oldcore/136/filelists/Crypt-PasswdMD5 similarity index 100% rename from config/rootfiles/core/136/filelists/Crypt-PasswdMD5 rename to config/rootfiles/oldcore/136/filelists/Crypt-PasswdMD5 diff --git a/config/rootfiles/core/136/filelists/Digest b/config/rootfiles/oldcore/136/filelists/Digest similarity index 100% rename from config/rootfiles/core/136/filelists/Digest rename to config/rootfiles/oldcore/136/filelists/Digest diff --git a/config/rootfiles/core/136/filelists/Digest-HMAC b/config/rootfiles/oldcore/136/filelists/Digest-HMAC similarity index 100% rename from config/rootfiles/core/136/filelists/Digest-HMAC rename to config/rootfiles/oldcore/136/filelists/Digest-HMAC diff --git a/config/rootfiles/core/136/filelists/Digest-SHA1 b/config/rootfiles/oldcore/136/filelists/Digest-SHA1 similarity index 100% rename from config/rootfiles/core/136/filelists/Digest-SHA1 rename to config/rootfiles/oldcore/136/filelists/Digest-SHA1 diff --git a/config/rootfiles/core/136/filelists/GD-Graph b/config/rootfiles/oldcore/136/filelists/GD-Graph similarity index 100% rename from config/rootfiles/core/136/filelists/GD-Graph rename to config/rootfiles/oldcore/136/filelists/GD-Graph diff --git a/config/rootfiles/core/136/filelists/GD-TextUtil b/config/rootfiles/oldcore/136/filelists/GD-TextUtil similarity index 100% rename from config/rootfiles/core/136/filelists/GD-TextUtil rename to config/rootfiles/oldcore/136/filelists/GD-TextUtil diff --git a/config/rootfiles/core/136/filelists/GeoIP b/config/rootfiles/oldcore/136/filelists/GeoIP similarity index 100% rename from config/rootfiles/core/136/filelists/GeoIP rename to config/rootfiles/oldcore/136/filelists/GeoIP diff --git a/config/rootfiles/core/136/filelists/HTML-Parser b/config/rootfiles/oldcore/136/filelists/HTML-Parser similarity index 100% rename from config/rootfiles/core/136/filelists/HTML-Parser rename to config/rootfiles/oldcore/136/filelists/HTML-Parser diff --git a/config/rootfiles/core/136/filelists/HTML-Tagset b/config/rootfiles/oldcore/136/filelists/HTML-Tagset similarity index 100% rename from config/rootfiles/core/136/filelists/HTML-Tagset rename to config/rootfiles/oldcore/136/filelists/HTML-Tagset diff --git a/config/rootfiles/core/136/filelists/HTML-Template b/config/rootfiles/oldcore/136/filelists/HTML-Template similarity index 100% rename from config/rootfiles/core/136/filelists/HTML-Template rename to config/rootfiles/oldcore/136/filelists/HTML-Template diff --git a/config/rootfiles/oldcore/136/filelists/IO-Socket-SSL b/config/rootfiles/oldcore/136/filelists/IO-Socket-SSL new file mode 120000 index 000000000..d24492371 --- /dev/null +++ b/config/rootfiles/oldcore/136/filelists/IO-Socket-SSL @@ -0,0 +1 @@ +../../../common/IO-Socket-SSL \ No newline at end of file diff --git a/config/rootfiles/core/136/filelists/IO-Stringy b/config/rootfiles/oldcore/136/filelists/IO-Stringy similarity index 100% rename from config/rootfiles/core/136/filelists/IO-Stringy rename to config/rootfiles/oldcore/136/filelists/IO-Stringy diff --git a/config/rootfiles/core/136/filelists/Locale-Country b/config/rootfiles/oldcore/136/filelists/Locale-Country similarity index 100% rename from config/rootfiles/core/136/filelists/Locale-Country rename to config/rootfiles/oldcore/136/filelists/Locale-Country diff --git a/config/rootfiles/core/136/filelists/Mail-Tools b/config/rootfiles/oldcore/136/filelists/Mail-Tools similarity index 100% rename from config/rootfiles/core/136/filelists/Mail-Tools rename to config/rootfiles/oldcore/136/filelists/Mail-Tools diff --git a/config/rootfiles/core/136/filelists/Net-DNS b/config/rootfiles/oldcore/136/filelists/Net-DNS similarity index 100% rename from config/rootfiles/core/136/filelists/Net-DNS rename to config/rootfiles/oldcore/136/filelists/Net-DNS diff --git a/config/rootfiles/core/136/filelists/Net-IPv4Addr b/config/rootfiles/oldcore/136/filelists/Net-IPv4Addr similarity index 100% rename from config/rootfiles/core/136/filelists/Net-IPv4Addr rename to config/rootfiles/oldcore/136/filelists/Net-IPv4Addr diff --git a/config/rootfiles/core/136/filelists/Net-Server b/config/rootfiles/oldcore/136/filelists/Net-Server similarity index 100% rename from config/rootfiles/core/136/filelists/Net-Server rename to config/rootfiles/oldcore/136/filelists/Net-Server diff --git a/config/rootfiles/core/136/filelists/Net-Telnet b/config/rootfiles/oldcore/136/filelists/Net-Telnet similarity index 100% rename from config/rootfiles/core/136/filelists/Net-Telnet rename to config/rootfiles/oldcore/136/filelists/Net-Telnet diff --git a/config/rootfiles/core/136/filelists/Net_SSLeay b/config/rootfiles/oldcore/136/filelists/Net_SSLeay similarity index 100% rename from config/rootfiles/core/136/filelists/Net_SSLeay rename to config/rootfiles/oldcore/136/filelists/Net_SSLeay diff --git a/config/rootfiles/core/136/filelists/Text-Tabs+Wrap b/config/rootfiles/oldcore/136/filelists/Text-Tabs+Wrap similarity index 100% rename from config/rootfiles/core/136/filelists/Text-Tabs+Wrap rename to config/rootfiles/oldcore/136/filelists/Text-Tabs+Wrap diff --git a/config/rootfiles/core/136/filelists/URI b/config/rootfiles/oldcore/136/filelists/URI similarity index 100% rename from config/rootfiles/core/136/filelists/URI rename to config/rootfiles/oldcore/136/filelists/URI diff --git a/config/rootfiles/core/136/filelists/Unix-Syslog b/config/rootfiles/oldcore/136/filelists/Unix-Syslog similarity index 100% rename from config/rootfiles/core/136/filelists/Unix-Syslog rename to config/rootfiles/oldcore/136/filelists/Unix-Syslog diff --git a/config/rootfiles/core/136/filelists/XML-Parser b/config/rootfiles/oldcore/136/filelists/XML-Parser similarity index 100% rename from config/rootfiles/core/136/filelists/XML-Parser rename to config/rootfiles/oldcore/136/filelists/XML-Parser diff --git a/config/rootfiles/core/136/filelists/aarch64/gcc b/config/rootfiles/oldcore/136/filelists/aarch64/gcc similarity index 100% rename from config/rootfiles/core/136/filelists/aarch64/gcc rename to config/rootfiles/oldcore/136/filelists/aarch64/gcc diff --git a/config/rootfiles/core/136/filelists/apache2 b/config/rootfiles/oldcore/136/filelists/apache2 similarity index 100% rename from config/rootfiles/core/136/filelists/apache2 rename to config/rootfiles/oldcore/136/filelists/apache2 diff --git a/config/rootfiles/core/136/filelists/armv5tel/gcc b/config/rootfiles/oldcore/136/filelists/armv5tel/gcc similarity index 100% rename from config/rootfiles/core/136/filelists/armv5tel/gcc rename to config/rootfiles/oldcore/136/filelists/armv5tel/gcc diff --git a/config/rootfiles/core/136/filelists/bind b/config/rootfiles/oldcore/136/filelists/bind similarity index 100% rename from config/rootfiles/core/136/filelists/bind rename to config/rootfiles/oldcore/136/filelists/bind diff --git a/config/rootfiles/core/136/filelists/ca-certificates b/config/rootfiles/oldcore/136/filelists/ca-certificates similarity index 100% rename from config/rootfiles/core/136/filelists/ca-certificates rename to config/rootfiles/oldcore/136/filelists/ca-certificates diff --git a/config/rootfiles/core/136/filelists/dhcpcd b/config/rootfiles/oldcore/136/filelists/dhcpcd similarity index 100% rename from config/rootfiles/core/136/filelists/dhcpcd rename to config/rootfiles/oldcore/136/filelists/dhcpcd diff --git a/config/rootfiles/core/136/filelists/files b/config/rootfiles/oldcore/136/filelists/files similarity index 100% rename from config/rootfiles/core/136/filelists/files rename to config/rootfiles/oldcore/136/filelists/files diff --git a/config/rootfiles/core/136/filelists/geoip-generator b/config/rootfiles/oldcore/136/filelists/geoip-generator similarity index 100% rename from config/rootfiles/core/136/filelists/geoip-generator rename to config/rootfiles/oldcore/136/filelists/geoip-generator diff --git a/config/rootfiles/core/136/filelists/hwdata b/config/rootfiles/oldcore/136/filelists/hwdata similarity index 100% rename from config/rootfiles/core/136/filelists/hwdata rename to config/rootfiles/oldcore/136/filelists/hwdata diff --git a/config/rootfiles/core/136/filelists/i586/gcc b/config/rootfiles/oldcore/136/filelists/i586/gcc similarity index 100% rename from config/rootfiles/core/136/filelists/i586/gcc rename to config/rootfiles/oldcore/136/filelists/i586/gcc diff --git a/config/rootfiles/core/136/filelists/i586/openssl-sse2 b/config/rootfiles/oldcore/136/filelists/i586/openssl-sse2 similarity index 100% rename from config/rootfiles/core/136/filelists/i586/openssl-sse2 rename to config/rootfiles/oldcore/136/filelists/i586/openssl-sse2 diff --git a/config/rootfiles/core/136/filelists/knot b/config/rootfiles/oldcore/136/filelists/knot similarity index 100% rename from config/rootfiles/core/136/filelists/knot rename to config/rootfiles/oldcore/136/filelists/knot diff --git a/config/rootfiles/core/136/filelists/liboping b/config/rootfiles/oldcore/136/filelists/liboping similarity index 100% rename from config/rootfiles/core/136/filelists/liboping rename to config/rootfiles/oldcore/136/filelists/liboping diff --git a/config/rootfiles/core/136/filelists/libwww-perl b/config/rootfiles/oldcore/136/filelists/libwww-perl similarity index 100% rename from config/rootfiles/core/136/filelists/libwww-perl rename to config/rootfiles/oldcore/136/filelists/libwww-perl diff --git a/config/rootfiles/core/136/filelists/logrotate b/config/rootfiles/oldcore/136/filelists/logrotate similarity index 100% rename from config/rootfiles/core/136/filelists/logrotate rename to config/rootfiles/oldcore/136/filelists/logrotate diff --git a/config/rootfiles/core/136/filelists/openssh b/config/rootfiles/oldcore/136/filelists/openssh similarity index 100% rename from config/rootfiles/core/136/filelists/openssh rename to config/rootfiles/oldcore/136/filelists/openssh diff --git a/config/rootfiles/core/136/filelists/openssl b/config/rootfiles/oldcore/136/filelists/openssl similarity index 100% rename from config/rootfiles/core/136/filelists/openssl rename to config/rootfiles/oldcore/136/filelists/openssl diff --git a/config/rootfiles/core/136/filelists/patch b/config/rootfiles/oldcore/136/filelists/patch similarity index 100% rename from config/rootfiles/core/136/filelists/patch rename to config/rootfiles/oldcore/136/filelists/patch diff --git a/config/rootfiles/core/136/filelists/perl b/config/rootfiles/oldcore/136/filelists/perl similarity index 100% rename from config/rootfiles/core/136/filelists/perl rename to config/rootfiles/oldcore/136/filelists/perl diff --git a/config/rootfiles/core/136/filelists/perl-Apache-Htpasswd b/config/rootfiles/oldcore/136/filelists/perl-Apache-Htpasswd similarity index 100% rename from config/rootfiles/core/136/filelists/perl-Apache-Htpasswd rename to config/rootfiles/oldcore/136/filelists/perl-Apache-Htpasswd diff --git a/config/rootfiles/core/136/filelists/perl-CGI b/config/rootfiles/oldcore/136/filelists/perl-CGI similarity index 100% rename from config/rootfiles/core/136/filelists/perl-CGI rename to config/rootfiles/oldcore/136/filelists/perl-CGI diff --git a/config/rootfiles/core/136/filelists/perl-Device-Modem b/config/rootfiles/oldcore/136/filelists/perl-Device-Modem similarity index 100% rename from config/rootfiles/core/136/filelists/perl-Device-Modem rename to config/rootfiles/oldcore/136/filelists/perl-Device-Modem diff --git a/config/rootfiles/core/136/filelists/perl-Device-SerialPort b/config/rootfiles/oldcore/136/filelists/perl-Device-SerialPort similarity index 100% rename from config/rootfiles/core/136/filelists/perl-Device-SerialPort rename to config/rootfiles/oldcore/136/filelists/perl-Device-SerialPort diff --git a/config/rootfiles/core/136/filelists/perl-Email-Date-Format b/config/rootfiles/oldcore/136/filelists/perl-Email-Date-Format similarity index 100% rename from config/rootfiles/core/136/filelists/perl-Email-Date-Format rename to config/rootfiles/oldcore/136/filelists/perl-Email-Date-Format diff --git a/config/rootfiles/core/136/filelists/perl-Font-TTF b/config/rootfiles/oldcore/136/filelists/perl-Font-TTF similarity index 100% rename from config/rootfiles/core/136/filelists/perl-Font-TTF rename to config/rootfiles/oldcore/136/filelists/perl-Font-TTF diff --git a/config/rootfiles/core/136/filelists/perl-GD b/config/rootfiles/oldcore/136/filelists/perl-GD similarity index 100% rename from config/rootfiles/core/136/filelists/perl-GD rename to config/rootfiles/oldcore/136/filelists/perl-GD diff --git a/config/rootfiles/core/136/filelists/perl-IO-String b/config/rootfiles/oldcore/136/filelists/perl-IO-String similarity index 100% rename from config/rootfiles/core/136/filelists/perl-IO-String rename to config/rootfiles/oldcore/136/filelists/perl-IO-String diff --git a/config/rootfiles/core/136/filelists/perl-MIME-Lite b/config/rootfiles/oldcore/136/filelists/perl-MIME-Lite similarity index 100% rename from config/rootfiles/core/136/filelists/perl-MIME-Lite rename to config/rootfiles/oldcore/136/filelists/perl-MIME-Lite diff --git a/config/rootfiles/core/136/filelists/perl-Net-CIDR-Lite b/config/rootfiles/oldcore/136/filelists/perl-Net-CIDR-Lite similarity index 100% rename from config/rootfiles/core/136/filelists/perl-Net-CIDR-Lite rename to config/rootfiles/oldcore/136/filelists/perl-Net-CIDR-Lite diff --git a/config/rootfiles/core/136/filelists/perl-NetAddr-IP b/config/rootfiles/oldcore/136/filelists/perl-NetAddr-IP similarity index 100% rename from config/rootfiles/core/136/filelists/perl-NetAddr-IP rename to config/rootfiles/oldcore/136/filelists/perl-NetAddr-IP diff --git a/config/rootfiles/core/136/filelists/perl-PDF-API2 b/config/rootfiles/oldcore/136/filelists/perl-PDF-API2 similarity index 100% rename from config/rootfiles/core/136/filelists/perl-PDF-API2 rename to config/rootfiles/oldcore/136/filelists/perl-PDF-API2 diff --git a/config/rootfiles/core/136/filelists/perl-Sort-Naturally b/config/rootfiles/oldcore/136/filelists/perl-Sort-Naturally similarity index 100% rename from config/rootfiles/core/136/filelists/perl-Sort-Naturally rename to config/rootfiles/oldcore/136/filelists/perl-Sort-Naturally diff --git a/config/rootfiles/core/136/filelists/perl-Switch b/config/rootfiles/oldcore/136/filelists/perl-Switch similarity index 100% rename from config/rootfiles/core/136/filelists/perl-Switch rename to config/rootfiles/oldcore/136/filelists/perl-Switch diff --git a/config/rootfiles/core/136/filelists/perl-Text-CSV_XS b/config/rootfiles/oldcore/136/filelists/perl-Text-CSV_XS similarity index 100% rename from config/rootfiles/core/136/filelists/perl-Text-CSV_XS rename to config/rootfiles/oldcore/136/filelists/perl-Text-CSV_XS diff --git a/config/rootfiles/core/136/filelists/rrdtool b/config/rootfiles/oldcore/136/filelists/rrdtool similarity index 100% rename from config/rootfiles/core/136/filelists/rrdtool rename to config/rootfiles/oldcore/136/filelists/rrdtool diff --git a/config/rootfiles/core/136/filelists/unbound b/config/rootfiles/oldcore/136/filelists/unbound similarity index 100% rename from config/rootfiles/core/136/filelists/unbound rename to config/rootfiles/oldcore/136/filelists/unbound diff --git a/config/rootfiles/core/136/filelists/usb_modeswitch b/config/rootfiles/oldcore/136/filelists/usb_modeswitch similarity index 100% rename from config/rootfiles/core/136/filelists/usb_modeswitch rename to config/rootfiles/oldcore/136/filelists/usb_modeswitch diff --git a/config/rootfiles/core/136/filelists/usb_modeswitch_data b/config/rootfiles/oldcore/136/filelists/usb_modeswitch_data similarity index 100% rename from config/rootfiles/core/136/filelists/usb_modeswitch_data rename to config/rootfiles/oldcore/136/filelists/usb_modeswitch_data diff --git a/config/rootfiles/core/136/filelists/x86_64/gcc b/config/rootfiles/oldcore/136/filelists/x86_64/gcc similarity index 100% rename from config/rootfiles/core/136/filelists/x86_64/gcc rename to config/rootfiles/oldcore/136/filelists/x86_64/gcc diff --git a/config/rootfiles/core/136/update.sh b/config/rootfiles/oldcore/136/update.sh similarity index 100% rename from config/rootfiles/core/136/update.sh rename to config/rootfiles/oldcore/136/update.sh diff --git a/lfs/linux b/lfs/linux index a9e30714f..a0b28652d 100644 --- a/lfs/linux +++ b/lfs/linux @@ -146,6 +146,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # Fix uevent PHYSDEVDRIVER cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-2.6.32.27_mcs7830-fix-driver-name.patch
+ # Fix for netfilter nf_conntrack: resolve clash for matching conntracks + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.0-netfilter-conntrack-resolve-clash.patch + ifeq "$(KCFG)" "-kirkwood" cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14.40-kirkwood-dtb.patch endif diff --git a/make.sh b/make.sh index bea4f5d6d..f8370ca0b 100755 --- a/make.sh +++ b/make.sh @@ -26,7 +26,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name # If you update the version don't forget to update backupiso and add it to core update VERSION="2.23" # Version number -CORE="136" # Core Level (Filename) +CORE="137" # Core Level (Filename) PAKFIRE_CORE="136" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan diff --git a/src/patches/linux/linux-5.0-netfilter-conntrack-resolve-clash.patch b/src/patches/linux/linux-5.0-netfilter-conntrack-resolve-clash.patch new file mode 100644 index 000000000..914cd0675 --- /dev/null +++ b/src/patches/linux/linux-5.0-netfilter-conntrack-resolve-clash.patch @@ -0,0 +1,75 @@ +commit ed07d9a021df6da53456663a76999189badc432a +Author: Martynas Pumputis martynas@weave.works +Date: Mon Jul 2 16:52:14 2018 +0200 + + netfilter: nf_conntrack: resolve clash for matching conntracks + + This patch enables the clash resolution for NAT (disabled in + "590b52e10d41") if clashing conntracks match (i.e. both tuples are equal) + and a protocol allows it. + + The clash might happen for a connections-less protocol (e.g. UDP) when + two threads in parallel writes to the same socket and consequent calls + to "get_unique_tuple" return the same tuples (incl. reply tuples). + + In this case it is safe to perform the resolution, as the losing CT + describes the same mangling as the winning CT, so no modifications to + the packet are needed, and the result of rules traversal for the loser's + packet stays valid. + + Signed-off-by: Martynas Pumputis martynas@weave.works + Signed-off-by: Pablo Neira Ayuso pablo@netfilter.org + +diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c +index 5123e91b1982..4ced7c7102b6 100644 +--- a/net/netfilter/nf_conntrack_core.c ++++ b/net/netfilter/nf_conntrack_core.c +@@ -632,6 +632,18 @@ nf_ct_key_equal(struct nf_conntrack_tuple_hash *h, + net_eq(net, nf_ct_net(ct)); + } + ++static inline bool ++nf_ct_match(const struct nf_conn *ct1, const struct nf_conn *ct2) ++{ ++ return nf_ct_tuple_equal(&ct1->tuplehash[IP_CT_DIR_ORIGINAL].tuple, ++ &ct2->tuplehash[IP_CT_DIR_ORIGINAL].tuple) && ++ nf_ct_tuple_equal(&ct1->tuplehash[IP_CT_DIR_REPLY].tuple, ++ &ct2->tuplehash[IP_CT_DIR_REPLY].tuple) && ++ nf_ct_zone_equal(ct1, nf_ct_zone(ct2), IP_CT_DIR_ORIGINAL) && ++ nf_ct_zone_equal(ct1, nf_ct_zone(ct2), IP_CT_DIR_REPLY) && ++ net_eq(nf_ct_net(ct1), nf_ct_net(ct2)); ++} ++ + /* caller must hold rcu readlock and none of the nf_conntrack_locks */ + static void nf_ct_gc_expired(struct nf_conn *ct) + { +@@ -825,19 +837,21 @@ static int nf_ct_resolve_clash(struct net *net, struct sk_buff *skb, + /* This is the conntrack entry already in hashes that won race. */ + struct nf_conn *ct = nf_ct_tuplehash_to_ctrack(h); + const struct nf_conntrack_l4proto *l4proto; ++ enum ip_conntrack_info oldinfo; ++ struct nf_conn *loser_ct = nf_ct_get(skb, &oldinfo); + + l4proto = __nf_ct_l4proto_find(nf_ct_l3num(ct), nf_ct_protonum(ct)); + if (l4proto->allow_clash && +- ((ct->status & IPS_NAT_DONE_MASK) == 0) && + !nf_ct_is_dying(ct) && + atomic_inc_not_zero(&ct->ct_general.use)) { +- enum ip_conntrack_info oldinfo; +- struct nf_conn *loser_ct = nf_ct_get(skb, &oldinfo); +- +- nf_ct_acct_merge(ct, ctinfo, loser_ct); +- nf_conntrack_put(&loser_ct->ct_general); +- nf_ct_set(skb, ct, oldinfo); +- return NF_ACCEPT; ++ if (((ct->status & IPS_NAT_DONE_MASK) == 0) || ++ nf_ct_match(ct, loser_ct)) { ++ nf_ct_acct_merge(ct, ctinfo, loser_ct); ++ nf_conntrack_put(&loser_ct->ct_general); ++ nf_ct_set(skb, ct, oldinfo); ++ return NF_ACCEPT; ++ } ++ nf_ct_put(ct); + } + NF_CT_STAT_INC(net, drop); + return NF_DROP;
hooks/post-receive -- IPFire 2.x development tree