* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. f224c3f26535c5b8c7530f32af933697c9678fb2
@ 2013-01-03 15:29 git
0 siblings, 0 replies; only message in thread
From: git @ 2013-01-03 15:29 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 20487 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via f224c3f26535c5b8c7530f32af933697c9678fb2 (commit)
via a10733a5d8580b6ab8cff46235daab6547723781 (commit)
from ac2f710771ba327b5b8fd1b8f3829b977d08aa24 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f224c3f26535c5b8c7530f32af933697c9678fb2
Author: Arne Fitzenreiter <Arne_F(a)ipfire.org>
Date: Thu Jan 3 16:28:21 2013 +0100
red.up: add script to cleanup conntrack-table if red ip has changed.
commit a10733a5d8580b6ab8cff46235daab6547723781
Author: Arne Fitzenreiter <Arne_F(a)ipfire.org>
Date: Thu Jan 3 14:27:11 2013 +0100
conntrack-tools: add conntrack and needed deps.
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/armv5tel/initscripts | 1 +
config/rootfiles/common/conntrack-tools | 6 ++++
config/rootfiles/common/i586/initscripts | 1 +
config/rootfiles/common/iptables | 38 +++++++++++++---------
config/rootfiles/common/libmnl | 7 ++++
config/rootfiles/core/66/filelists/conntrack-tools | 1 +
config/rootfiles/core/66/filelists/files | 1 +
config/rootfiles/core/66/filelists/libmnl | 1 +
lfs/{libpng => conntrack-tools} | 10 +++---
lfs/iptables | 20 ++++++++++--
lfs/{libpng => libmnl} | 10 +++---
make.sh | 2 ++
.../init.d/networking/red.up/01-conntrack-cleanup | 25 ++++++++++++++
13 files changed, 95 insertions(+), 28 deletions(-)
create mode 100644 config/rootfiles/common/conntrack-tools
create mode 100644 config/rootfiles/common/libmnl
create mode 120000 config/rootfiles/core/66/filelists/conntrack-tools
create mode 120000 config/rootfiles/core/66/filelists/libmnl
copy lfs/{libpng => conntrack-tools} (93%)
copy lfs/{libpng => libmnl} (93%)
create mode 100644 src/initscripts/init.d/networking/red.up/01-conntrack-cleanup
Difference in files:
diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts
index 90f9be1..1a613ac 100644
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -73,6 +73,7 @@ etc/rc.d/init.d/networking/red.down/10-ovpn
etc/rc.d/init.d/networking/red.down/20-RL-firewall
etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl
#etc/rc.d/init.d/networking/red.up
+etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup
etc/rc.d/init.d/networking/red.up/05-RS-dnsmasq
etc/rc.d/init.d/networking/red.up/10-miniupnpd
etc/rc.d/init.d/networking/red.up/10-multicast
diff --git a/config/rootfiles/common/conntrack-tools b/config/rootfiles/common/conntrack-tools
new file mode 100644
index 0000000..5ce29aa
--- /dev/null
+++ b/config/rootfiles/common/conntrack-tools
@@ -0,0 +1,6 @@
+usr/sbin/conntrack
+#usr/sbin/conntrackd
+#usr/sbin/nfct
+#usr/share/man/man8/conntrack.8
+#usr/share/man/man8/conntrackd.8
+#usr/share/man/man8/nfct.8
diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts
index 737e878..f26e244 100644
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -75,6 +75,7 @@ etc/rc.d/init.d/networking/red.down/10-ovpn
etc/rc.d/init.d/networking/red.down/20-RL-firewall
etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl
#etc/rc.d/init.d/networking/red.up
+etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup
etc/rc.d/init.d/networking/red.up/05-RS-dnsmasq
etc/rc.d/init.d/networking/red.up/10-miniupnpd
etc/rc.d/init.d/networking/red.up/10-multicast
diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables
index d30cbf5..39225a4 100644
--- a/config/rootfiles/common/iptables
+++ b/config/rootfiles/common/iptables
@@ -140,6 +140,18 @@ sbin/xtables-multi
#usr/include/libiptc/xtcshared.h
#usr/include/libipulog
#usr/include/libipulog/libipulog.h
+#usr/include/libnetfilter_conntrack
+#usr/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+#usr/include/libnetfilter_conntrack/libnetfilter_conntrack_dccp.h
+#usr/include/libnetfilter_conntrack/libnetfilter_conntrack_icmp.h
+#usr/include/libnetfilter_conntrack/libnetfilter_conntrack_ipv4.h
+#usr/include/libnetfilter_conntrack/libnetfilter_conntrack_ipv6.h
+#usr/include/libnetfilter_conntrack/libnetfilter_conntrack_sctp.h
+#usr/include/libnetfilter_conntrack/libnetfilter_conntrack_tcp.h
+#usr/include/libnetfilter_conntrack/libnetfilter_conntrack_udp.h
+#usr/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
+#usr/include/libnetfilter_cttimeout
+#usr/include/libnetfilter_cttimeout/libnetfilter_cttimeout.h
#usr/include/libnetfilter_queue
#usr/include/libnetfilter_queue/libipq.h
#usr/include/libnetfilter_queue/libnetfilter_queue.h
@@ -149,14 +161,9 @@ sbin/xtables-multi
#usr/include/libnfnetlink/linux_nfnetlink.h
#usr/include/libnfnetlink/linux_nfnetlink_compat.h
#usr/include/linux/netfilter/Kbuild
-#usr/include/linux/netfilter/ipset
#usr/include/linux/netfilter/ipset/Kbuild
-#usr/include/linux/netfilter/ipset/ip_set.h
#usr/include/linux/netfilter/ipset/ip_set_ahash.h
-#usr/include/linux/netfilter/ipset/ip_set_bitmap.h
#usr/include/linux/netfilter/ipset/ip_set_getport.h
-#usr/include/linux/netfilter/ipset/ip_set_hash.h
-#usr/include/linux/netfilter/ipset/ip_set_list.h
#usr/include/linux/netfilter/ipset/ip_set_timeout.h
#usr/include/linux/netfilter/ipset/pfxlen.h
#usr/include/linux/netfilter/nf_conntrack_amanda.h
@@ -171,23 +178,20 @@ sbin/xtables-multi
#usr/include/linux/netfilter/nf_conntrack_sip.h
#usr/include/linux/netfilter/nf_conntrack_snmp.h
#usr/include/linux/netfilter/nf_conntrack_tftp.h
-#usr/include/linux/netfilter/xt_AUDIT.h
-#usr/include/linux/netfilter/xt_CHECKSUM.h
-#usr/include/linux/netfilter/xt_CT.h
-#usr/include/linux/netfilter/xt_IDLETIMER.h
#usr/include/linux/netfilter/xt_IMQ.h
-#usr/include/linux/netfilter/xt_TEE.h
-#usr/include/linux/netfilter/xt_addrtype.h
-#usr/include/linux/netfilter/xt_cpu.h
-#usr/include/linux/netfilter/xt_devgroup.h
-#usr/include/linux/netfilter/xt_ipvs.h
#usr/include/linux/netfilter/xt_layer7.h
-#usr/include/linux/netfilter/xt_set.h
-#usr/include/linux/netfilter/xt_socket.h
#usr/include/net/netfilter
#usr/include/net/netfilter/nf_conntrack_tuple.h
#usr/include/net/netfilter/nf_nat.h
#usr/include/xtables.h
+#usr/lib/libnetfilter_conntrack.la
+usr/lib/libnetfilter_conntrack.so
+usr/lib/libnetfilter_conntrack.so.3
+usr/lib/libnetfilter_conntrack.so.3.4.0
+#usr/lib/libnetfilter_cttimeout.la
+usr/lib/libnetfilter_cttimeout.so
+usr/lib/libnetfilter_cttimeout.so.1
+usr/lib/libnetfilter_cttimeout.so.1.0.0
#usr/lib/libnetfilter_queue.a
#usr/lib/libnetfilter_queue.la
usr/lib/libnetfilter_queue.so
@@ -207,6 +211,8 @@ usr/lib/libnfnetlink.so.0.2.0
#usr/lib/pkgconfig/libip6tc.pc
#usr/lib/pkgconfig/libipq.pc
#usr/lib/pkgconfig/libiptc.pc
+#usr/lib/pkgconfig/libnetfilter_conntrack.pc
+#usr/lib/pkgconfig/libnetfilter_cttimeout.pc
#usr/lib/pkgconfig/libnetfilter_queue.pc
#usr/lib/pkgconfig/libnfnetlink.pc
#usr/lib/pkgconfig/xtables.pc
diff --git a/config/rootfiles/common/libmnl b/config/rootfiles/common/libmnl
new file mode 100644
index 0000000..36732c4
--- /dev/null
+++ b/config/rootfiles/common/libmnl
@@ -0,0 +1,7 @@
+#usr/include/libmnl
+#usr/include/libmnl/libmnl.h
+#usr/lib/libmnl.la
+usr/lib/libmnl.so
+usr/lib/libmnl.so.0
+usr/lib/libmnl.so.0.1.0
+#usr/lib/pkgconfig/libmnl.pc
diff --git a/config/rootfiles/core/66/filelists/conntrack-tools b/config/rootfiles/core/66/filelists/conntrack-tools
new file mode 120000
index 0000000..88fbe06
--- /dev/null
+++ b/config/rootfiles/core/66/filelists/conntrack-tools
@@ -0,0 +1 @@
+../../../common/conntrack-tools
\ No newline at end of file
diff --git a/config/rootfiles/core/66/filelists/files b/config/rootfiles/core/66/filelists/files
index bf51301..91142e0 100644
--- a/config/rootfiles/core/66/filelists/files
+++ b/config/rootfiles/core/66/filelists/files
@@ -7,6 +7,7 @@ etc/rc.d/init.d/halt
etc/rc.d/init.d/leds
etc/rc.d/init.d/mountfs
etc/rc.d/init.d/network
+etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup
etc/rc.d/init.d/networking/red.up/98-leds
etc/rc.d/init.d/partresize
etc/rc.d/init.d/reboot
diff --git a/config/rootfiles/core/66/filelists/libmnl b/config/rootfiles/core/66/filelists/libmnl
new file mode 120000
index 0000000..f671c41
--- /dev/null
+++ b/config/rootfiles/core/66/filelists/libmnl
@@ -0,0 +1 @@
+../../../common/libmnl
\ No newline at end of file
diff --git a/lfs/conntrack-tools b/lfs/conntrack-tools
new file mode 100644
index 0000000..f5ea315
--- /dev/null
+++ b/lfs/conntrack-tools
@@ -0,0 +1,77 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2013 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.2.2
+
+THISAPP = conntrack-tools-$(VER)
+DL_FILE = $(THISAPP).tar.bz2
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = a8afc813e16265655f83991fc0df35b6
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/iptables b/lfs/iptables
index ceb560d..a247ba7 100644
--- a/lfs/iptables
+++ b/lfs/iptables
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2007-2013 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -38,17 +38,23 @@ TARGET = $(DIR_INFO)/$(THISAPP)
objects = $(DL_FILE) \
netfilter-layer7-v2.22.tar.gz \
libnfnetlink-1.0.0.tar.bz2 \
- libnetfilter_queue-0.0.17.tar.bz2
+ libnetfilter_queue-0.0.17.tar.bz2 \
+ libnetfilter_conntrack-1.0.2.tar.bz2 \
+ libnetfilter_cttimeout-1.0.0.tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
netfilter-layer7-v2.22.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.22.tar.gz
libnfnetlink-1.0.0.tar.bz2 = $(URL_IPFIRE)/libnfnetlink-1.0.0.tar.bz2
libnetfilter_queue-0.0.17.tar.bz2 = $(URL_IPFIRE)/libnetfilter_queue-0.0.17.tar.bz2
+libnetfilter_conntrack-1.0.2.tar.bz2 = $(URL_IPFIRE)/libnetfilter_conntrack-1.0.2.tar.bz2
+libnetfilter_cttimeout-1.0.0.tar.bz2 = $(URL_IPFIRE)/libnetfilter_cttimeout-1.0.0.tar.bz2
$(DL_FILE)_MD5 = 5ab24ad683f76689cfe7e0c73f44855d
netfilter-layer7-v2.22.tar.gz_MD5 = 98dff8a3d5a31885b73341633f69501f
libnfnetlink-1.0.0.tar.bz2_MD5 = 016fdec8389242615024c529acc1adb8
libnetfilter_queue-0.0.17.tar.bz2_MD5 = 2cde35e678ead3a8f9eb896bf807a159
+libnetfilter_conntrack-1.0.2.tar.bz2_MD5 = 447114b5d61bb9a9617ead3217c3d3ff
+libnetfilter_cttimeout-1.0.0.tar.bz2_MD5 = 7697437fc9ebb6f6b83df56a633db7f9
install : $(TARGET)
@@ -124,5 +130,15 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_SRC)/libnetfilter_queue-0.0.17 && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_SRC)/libnetfilter_queue-0.0.17 && make install
+ cd $(DIR_SRC) && tar xfj $(DIR_DL)/libnetfilter_conntrack-1.0.2.tar.bz2
+ cd $(DIR_SRC)/libnetfilter_conntrack-1.0.2 && ./configure --prefix=/usr
+ cd $(DIR_SRC)/libnetfilter_conntrack-1.0.2 && make $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_SRC)/libnetfilter_conntrack-1.0.2 && make install
+
+ cd $(DIR_SRC) && tar xfj $(DIR_DL)/libnetfilter_cttimeout-1.0.0.tar.bz2
+ cd $(DIR_SRC)/libnetfilter_cttimeout-1.0.0 && ./configure --prefix=/usr
+ cd $(DIR_SRC)/libnetfilter_cttimeout-1.0.0 && make $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_SRC)/libnetfilter_cttimeout-1.0.0 && make install
+
@rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-1.0.0 $(DIR_SRC)/netfilter-layer7* $(DIR_SRC)/libnetfilter_queue-0.0.17
@$(POSTBUILD)
diff --git a/lfs/libmnl b/lfs/libmnl
new file mode 100644
index 0000000..5341e4b
--- /dev/null
+++ b/lfs/libmnl
@@ -0,0 +1,77 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2013 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.0.3
+
+THISAPP = libmnl-$(VER)
+DL_FILE = $(THISAPP).tar.bz2
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 7d95fc3bea3365bc03c48e484224f65f
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 21808c9..b1d7cf6 100755
--- a/make.sh
+++ b/make.sh
@@ -509,7 +509,9 @@ buildipfire() {
ipfiremake mtools
ipfiremake initscripts
ipfiremake whatmask
+ ipfiremake libmnl
ipfiremake iptables
+ ipfiremake conntrack-tools
ipfiremake libupnp
ipfiremake ipaddr
ipfiremake iputils
diff --git a/src/initscripts/init.d/networking/red.up/01-conntrack-cleanup b/src/initscripts/init.d/networking/red.up/01-conntrack-cleanup
new file mode 100644
index 0000000..4bb43b9
--- /dev/null
+++ b/src/initscripts/init.d/networking/red.up/01-conntrack-cleanup
@@ -0,0 +1,25 @@
+#!/bin/bash
+############################################################################
+# conntrack-cleanup - remove conntrack entries with the last red ipaddress #
+############################################################################
+#
+
+curr_ip=`cat /var/ipfire/red/local-ipaddress 2>/dev/null`
+last_ip=`cat /var/lock/last-ipaddress 2>/dev/null`
+
+if [ "$curr_ip" == "$last_ip" ]; then
+ exit 0
+fi
+
+if [ -z "$curr_ip" ]; then
+ echo ERROR: cannot read current IP.
+ exit 1
+fi
+
+if [ ! -z "$last_ip" ]; then
+ conntrack -D -s $last_ip 2>&1 > /dev/null
+ conntrack -D -d $last_ip 2>&1 > /dev/null
+ conntrack -D -r $last_ip 2>&1 > /dev/null
+ conntrack -D -q $last_ip 2>&1 > /dev/null
+fi
+echo $curr_ip > /var/lock/last-ipaddress
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-01-03 15:29 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-01-03 15:29 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. f224c3f26535c5b8c7530f32af933697c9678fb2 git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox