From: Arne Fitzenreiter <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 415969cc1b8edd06ee84375614c4eb06cf182d36
Date: Sat, 21 Sep 2019 12:22:15 +0000 [thread overview]
Message-ID: <46b8pv6tppz2y5N@people01.haj.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 46188 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 415969cc1b8edd06ee84375614c4eb06cf182d36 (commit)
via 593a9326d8f309c78ff87d43793210cd92e42d14 (commit)
from 92fbca34173e3533cdae748d6c7196c42ed94e6c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 415969cc1b8edd06ee84375614c4eb06cf182d36
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Sep 20 20:33:05 2019 +0200
kernel: Backport patch to fix a netfilter contrack related issue.
This fixes the packet drop issue when using suricata on IPFire.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 593a9326d8f309c78ff87d43793210cd92e42d14
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Sep 21 09:52:02 2019 +0000
start core137 and add kernel and IO-Socket-SSL to updater
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/core/{136 => 137}/exclude | 0
.../core/{136 => 137}/filelists/IO-Socket-SSL | 0
.../124 => core/137}/filelists/aarch64/linux | 0
.../137}/filelists/aarch64/linux-initrd | 0
.../137}/filelists/armv5tel/linux-initrd-kirkwood | 0
.../137}/filelists/armv5tel/linux-initrd-multi | 0
.../137}/filelists/armv5tel/linux-kirkwood | 0
.../137}/filelists/armv5tel/linux-multi | 0
.../{oldcore/113 => core/137}/filelists/files | 3 +-
.../{oldcore/100 => core/137}/filelists/i586/linux | 0
.../100 => core/137}/filelists/i586/linux-initrd | 0
.../100 => core/137}/filelists/x86_64/linux | 0
.../100 => core/137}/filelists/x86_64/linux-initrd | 0
.../rootfiles/{oldcore/134 => core/137}/update.sh | 6 +-
config/rootfiles/{core => oldcore}/136/exclude | 0
.../{core => oldcore}/136/filelists/Archive-Tar | 0
.../{core => oldcore}/136/filelists/Archive-Zip | 0
.../{core => oldcore}/136/filelists/BerkeleyDB | 0
.../{core => oldcore}/136/filelists/Compress-Zlib | 0
.../{core => oldcore}/136/filelists/Convert-TNEF | 0
.../{core => oldcore}/136/filelists/Convert-UUlib | 0
.../136/filelists/Crypt-PasswdMD5 | 0
.../{core => oldcore}/136/filelists/Digest | 0
.../{core => oldcore}/136/filelists/Digest-HMAC | 0
.../{core => oldcore}/136/filelists/Digest-SHA1 | 0
.../{core => oldcore}/136/filelists/GD-Graph | 0
.../{core => oldcore}/136/filelists/GD-TextUtil | 0
.../{core => oldcore}/136/filelists/GeoIP | 0
.../{core => oldcore}/136/filelists/HTML-Parser | 0
.../{core => oldcore}/136/filelists/HTML-Tagset | 0
.../{core => oldcore}/136/filelists/HTML-Template | 0
.../{core => oldcore}/136/filelists/IO-Socket-SSL | 0
.../{core => oldcore}/136/filelists/IO-Stringy | 0
.../{core => oldcore}/136/filelists/Locale-Country | 0
.../{core => oldcore}/136/filelists/Mail-Tools | 0
.../{core => oldcore}/136/filelists/Net-DNS | 0
.../{core => oldcore}/136/filelists/Net-IPv4Addr | 0
.../{core => oldcore}/136/filelists/Net-Server | 0
.../{core => oldcore}/136/filelists/Net-Telnet | 0
.../{core => oldcore}/136/filelists/Net_SSLeay | 0
.../{core => oldcore}/136/filelists/Text-Tabs+Wrap | 0
.../rootfiles/{core => oldcore}/136/filelists/URI | 0
.../{core => oldcore}/136/filelists/Unix-Syslog | 0
.../{core => oldcore}/136/filelists/XML-Parser | 0
.../{core => oldcore}/136/filelists/aarch64/gcc | 0
.../{core => oldcore}/136/filelists/apache2 | 0
.../{core => oldcore}/136/filelists/armv5tel/gcc | 0
.../rootfiles/{core => oldcore}/136/filelists/bind | 0
.../136/filelists/ca-certificates | 0
.../{core => oldcore}/136/filelists/dhcpcd | 0
.../{core => oldcore}/136/filelists/files | 0
.../136/filelists/geoip-generator | 0
.../{core => oldcore}/136/filelists/hwdata | 0
.../{core => oldcore}/136/filelists/i586/gcc | 0
.../136/filelists/i586/openssl-sse2 | 0
.../rootfiles/{core => oldcore}/136/filelists/knot | 0
.../{core => oldcore}/136/filelists/liboping | 0
.../{core => oldcore}/136/filelists/libwww-perl | 0
.../{core => oldcore}/136/filelists/logrotate | 0
.../{core => oldcore}/136/filelists/openssh | 0
.../{core => oldcore}/136/filelists/openssl | 0
.../{core => oldcore}/136/filelists/patch | 0
.../rootfiles/{core => oldcore}/136/filelists/perl | 0
.../136/filelists/perl-Apache-Htpasswd | 0
.../{core => oldcore}/136/filelists/perl-CGI | 0
.../136/filelists/perl-Device-Modem | 0
.../136/filelists/perl-Device-SerialPort | 0
.../136/filelists/perl-Email-Date-Format | 0
.../{core => oldcore}/136/filelists/perl-Font-TTF | 0
.../{core => oldcore}/136/filelists/perl-GD | 0
.../{core => oldcore}/136/filelists/perl-IO-String | 0
.../{core => oldcore}/136/filelists/perl-MIME-Lite | 0
.../136/filelists/perl-Net-CIDR-Lite | 0
.../136/filelists/perl-NetAddr-IP | 0
.../{core => oldcore}/136/filelists/perl-PDF-API2 | 0
.../136/filelists/perl-Sort-Naturally | 0
.../{core => oldcore}/136/filelists/perl-Switch | 0
.../136/filelists/perl-Text-CSV_XS | 0
.../{core => oldcore}/136/filelists/rrdtool | 0
.../{core => oldcore}/136/filelists/unbound | 0
.../{core => oldcore}/136/filelists/usb_modeswitch | 0
.../136/filelists/usb_modeswitch_data | 0
.../{core => oldcore}/136/filelists/x86_64/gcc | 0
config/rootfiles/{core => oldcore}/136/update.sh | 0
lfs/linux | 3 +
make.sh | 2 +-
...nux-5.0-netfilter-conntrack-resolve-clash.patch | 75 ++++++++++++++++++++++
87 files changed, 82 insertions(+), 7 deletions(-)
copy config/rootfiles/core/{136 => 137}/exclude (100%)
copy config/rootfiles/core/{136 => 137}/filelists/IO-Socket-SSL (100%)
copy config/rootfiles/{oldcore/124 => core/137}/filelists/aarch64/linux (100%)
copy config/rootfiles/{oldcore/124 => core/137}/filelists/aarch64/linux-initrd (100%)
copy config/rootfiles/{oldcore/121 => core/137}/filelists/armv5tel/linux-initrd-kirkwood (100%)
copy config/rootfiles/{oldcore/121 => core/137}/filelists/armv5tel/linux-initrd-multi (100%)
copy config/rootfiles/{oldcore/100 => core/137}/filelists/armv5tel/linux-kirkwood (100%)
copy config/rootfiles/{oldcore/100 => core/137}/filelists/armv5tel/linux-multi (100%)
copy config/rootfiles/{oldcore/113 => core/137}/filelists/files (51%)
copy config/rootfiles/{oldcore/100 => core/137}/filelists/i586/linux (100%)
copy config/rootfiles/{oldcore/100 => core/137}/filelists/i586/linux-initrd (100%)
copy config/rootfiles/{oldcore/100 => core/137}/filelists/x86_64/linux (100%)
copy config/rootfiles/{oldcore/100 => core/137}/filelists/x86_64/linux-initrd (100%)
copy config/rootfiles/{oldcore/134 => core/137}/update.sh (98%)
rename config/rootfiles/{core => oldcore}/136/exclude (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/Archive-Tar (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/Archive-Zip (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/BerkeleyDB (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/Compress-Zlib (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/Convert-TNEF (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/Convert-UUlib (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/Crypt-PasswdMD5 (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/Digest (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/Digest-HMAC (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/Digest-SHA1 (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/GD-Graph (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/GD-TextUtil (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/GeoIP (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/HTML-Parser (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/HTML-Tagset (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/HTML-Template (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/IO-Socket-SSL (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/IO-Stringy (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/Locale-Country (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/Mail-Tools (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/Net-DNS (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/Net-IPv4Addr (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/Net-Server (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/Net-Telnet (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/Net_SSLeay (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/Text-Tabs+Wrap (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/URI (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/Unix-Syslog (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/XML-Parser (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/aarch64/gcc (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/apache2 (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/armv5tel/gcc (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/bind (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/ca-certificates (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/dhcpcd (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/files (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/geoip-generator (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/hwdata (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/i586/gcc (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/i586/openssl-sse2 (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/knot (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/liboping (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/libwww-perl (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/logrotate (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/openssh (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/openssl (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/patch (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/perl (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/perl-Apache-Htpasswd (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/perl-CGI (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/perl-Device-Modem (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/perl-Device-SerialPort (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/perl-Email-Date-Format (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/perl-Font-TTF (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/perl-GD (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/perl-IO-String (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/perl-MIME-Lite (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/perl-Net-CIDR-Lite (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/perl-NetAddr-IP (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/perl-PDF-API2 (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/perl-Sort-Naturally (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/perl-Switch (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/perl-Text-CSV_XS (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/rrdtool (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/unbound (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/usb_modeswitch (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/usb_modeswitch_data (100%)
rename config/rootfiles/{core => oldcore}/136/filelists/x86_64/gcc (100%)
rename config/rootfiles/{core => oldcore}/136/update.sh (100%)
create mode 100644 src/patches/linux/linux-5.0-netfilter-conntrack-resolve-clash.patch
Difference in files:
diff --git a/config/rootfiles/core/136/exclude b/config/rootfiles/core/137/exclude
similarity index 100%
rename from config/rootfiles/core/136/exclude
rename to config/rootfiles/core/137/exclude
diff --git a/config/rootfiles/core/136/filelists/IO-Socket-SSL b/config/rootfiles/core/137/filelists/IO-Socket-SSL
similarity index 100%
rename from config/rootfiles/core/136/filelists/IO-Socket-SSL
rename to config/rootfiles/core/137/filelists/IO-Socket-SSL
diff --git a/config/rootfiles/core/137/filelists/aarch64/linux b/config/rootfiles/core/137/filelists/aarch64/linux
new file mode 120000
index 000000000..3a2532bc7
--- /dev/null
+++ b/config/rootfiles/core/137/filelists/aarch64/linux
@@ -0,0 +1 @@
+../../../../common/aarch64/linux
\ No newline at end of file
diff --git a/config/rootfiles/core/137/filelists/aarch64/linux-initrd b/config/rootfiles/core/137/filelists/aarch64/linux-initrd
new file mode 120000
index 000000000..8acdb0f31
--- /dev/null
+++ b/config/rootfiles/core/137/filelists/aarch64/linux-initrd
@@ -0,0 +1 @@
+../../../../common/aarch64/linux-initrd
\ No newline at end of file
diff --git a/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-kirkwood b/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-kirkwood
new file mode 120000
index 000000000..39c5591b7
--- /dev/null
+++ b/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-kirkwood
@@ -0,0 +1 @@
+../../../../common/armv5tel/linux-initrd-kirkwood
\ No newline at end of file
diff --git a/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-multi b/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-multi
new file mode 120000
index 000000000..0b1b4530a
--- /dev/null
+++ b/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-multi
@@ -0,0 +1 @@
+../../../../common/armv5tel/linux-initrd-multi
\ No newline at end of file
diff --git a/config/rootfiles/core/137/filelists/armv5tel/linux-kirkwood b/config/rootfiles/core/137/filelists/armv5tel/linux-kirkwood
new file mode 120000
index 000000000..72171071e
--- /dev/null
+++ b/config/rootfiles/core/137/filelists/armv5tel/linux-kirkwood
@@ -0,0 +1 @@
+../../../../common/armv5tel/linux-kirkwood
\ No newline at end of file
diff --git a/config/rootfiles/core/137/filelists/armv5tel/linux-multi b/config/rootfiles/core/137/filelists/armv5tel/linux-multi
new file mode 120000
index 000000000..204eb4c43
--- /dev/null
+++ b/config/rootfiles/core/137/filelists/armv5tel/linux-multi
@@ -0,0 +1 @@
+../../../../common/armv5tel/linux-multi
\ No newline at end of file
diff --git a/config/rootfiles/core/137/filelists/files b/config/rootfiles/core/137/filelists/files
new file mode 100644
index 000000000..ce4e51768
--- /dev/null
+++ b/config/rootfiles/core/137/filelists/files
@@ -0,0 +1,4 @@
+etc/system-release
+etc/issue
+srv/web/ipfire/cgi-bin/credits.cgi
+var/ipfire/langs
diff --git a/config/rootfiles/core/137/filelists/i586/linux b/config/rootfiles/core/137/filelists/i586/linux
new file mode 120000
index 000000000..693ec4bbf
--- /dev/null
+++ b/config/rootfiles/core/137/filelists/i586/linux
@@ -0,0 +1 @@
+../../../../common/i586/linux
\ No newline at end of file
diff --git a/config/rootfiles/core/137/filelists/i586/linux-initrd b/config/rootfiles/core/137/filelists/i586/linux-initrd
new file mode 120000
index 000000000..32a03e6a9
--- /dev/null
+++ b/config/rootfiles/core/137/filelists/i586/linux-initrd
@@ -0,0 +1 @@
+../../../../common/i586/linux-initrd
\ No newline at end of file
diff --git a/config/rootfiles/core/137/filelists/x86_64/linux b/config/rootfiles/core/137/filelists/x86_64/linux
new file mode 120000
index 000000000..0615b5b9a
--- /dev/null
+++ b/config/rootfiles/core/137/filelists/x86_64/linux
@@ -0,0 +1 @@
+../../../../common/x86_64/linux
\ No newline at end of file
diff --git a/config/rootfiles/core/137/filelists/x86_64/linux-initrd b/config/rootfiles/core/137/filelists/x86_64/linux-initrd
new file mode 120000
index 000000000..1b9fff70f
--- /dev/null
+++ b/config/rootfiles/core/137/filelists/x86_64/linux-initrd
@@ -0,0 +1 @@
+../../../../common/x86_64/linux-initrd
\ No newline at end of file
diff --git a/config/rootfiles/core/137/update.sh b/config/rootfiles/core/137/update.sh
new file mode 100644
index 000000000..8c8019b90
--- /dev/null
+++ b/config/rootfiles/core/137/update.sh
@@ -0,0 +1,149 @@
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2019 IPFire-Team <info(a)ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+core=137
+
+exit_with_error() {
+ # Set last succesfull installed core.
+ echo $(($core-1)) > /opt/pakfire/db/core/mine
+ # don't start pakfire again at error
+ killall -KILL pak_update
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: $1"
+ exit $2
+}
+
+# Remove old core updates from pakfire cache to save space...
+for (( i=1; i<=$core; i++ )); do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+KVER="xxxKVERxxx"
+
+# Backup uEnv.txt if exist
+if [ -e /boot/uEnv.txt ]; then
+ cp -vf /boot/uEnv.txt /boot/uEnv.txt.org
+fi
+
+# Do some sanity checks.
+case $(uname -r) in
+ *-ipfire*)
+ # Ok.
+ ;;
+ *)
+ exit_with_error "ERROR cannot update. No IPFire Kernel." 1
+ ;;
+esac
+
+# Check diskspace on root
+ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+
+if [ $ROOTSPACE -lt 80000 ]; then
+ exit_with_error "ERROR cannot update because not enough free space on root." 2
+ exit 2
+fi
+
+# Remove the old kernel
+rm -rf /boot/System.map-*
+rm -rf /boot/config-*
+rm -rf /boot/ipfirerd-*
+rm -rf /boot/initramfs-*
+rm -rf /boot/vmlinuz-*
+rm -rf /boot/uImage-*-ipfire-*
+rm -rf /boot/zImage-*-ipfire-*
+rm -rf /boot/uInit-*-ipfire-*
+rm -rf /boot/dtb-*-ipfire-*
+rm -rf /lib/modules
+rm -f /etc/sysconfig/lm_sensors
+
+# Remove files
+
+# Stop services
+
+# Extract files
+extract_files
+
+# update linker config
+ldconfig
+
+# Update Language cache
+/usr/local/bin/update-lang-cache
+
+# Start services
+
+# Search sensors again after reboot into the new kernel
+rm -f /etc/sysconfig/lm_sensors
+
+# Upadate Kernel version uEnv.txt
+if [ -e /boot/uEnv.txt ]; then
+ sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt
+fi
+
+# call user update script (needed for some arm boards)
+if [ -e /boot/pakfire-kernel-update ]; then
+ /boot/pakfire-kernel-update ${KVER}
+fi
+
+case "$(uname -m)" in
+ i?86)
+ # Force (re)install pae kernel if pae is supported
+ rm -rf /opt/pakfire/db/installed/meta-linux-pae
+ rm -rf /opt/pakfire/db/rootfiles/linux-pae
+ if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then
+ ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+ BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1`
+ if [ $BOOTSPACE -lt 22000 -o $ROOTSPACE -lt 120000 ]; then
+ /usr/bin/logger -p syslog.emerg -t ipfire \
+ "core-update-${core}: WARNING not enough space for pae kernel."
+ touch /var/run/need_reboot
+ else
+ echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae
+ echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae
+ echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae
+ fi
+ else
+ touch /var/run/need_reboot
+ fi
+ ;;
+ *)
+ # This update needs a reboot...
+ touch /var/run/need_reboot
+ ;;
+esac
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+
+# Update grub config to display new core version
+if [ -e /boot/grub/grub.cfg ]; then
+ grub-mkconfig -o /boot/grub/grub.cfg
+fi
+
+sync
+
+# Don't report the exitcode last command
+exit 0
diff --git a/config/rootfiles/oldcore/136/exclude b/config/rootfiles/oldcore/136/exclude
new file mode 100644
index 000000000..b22159878
--- /dev/null
+++ b/config/rootfiles/oldcore/136/exclude
@@ -0,0 +1,28 @@
+boot/config.txt
+boot/grub/grub.cfg
+boot/grub/grubenv
+etc/alternatives
+etc/collectd.custom
+etc/default/grub
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/snort/snort.conf
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/dma
+var/ipfire/time
+var/ipfire/ovpn
+var/lib/alternatives
+var/log/cache
+var/log/dhcpcd.log
+var/log/messages
+var/state/dhcp/dhcpd.leases
+var/updatecache
diff --git a/config/rootfiles/core/136/filelists/Archive-Tar b/config/rootfiles/oldcore/136/filelists/Archive-Tar
similarity index 100%
rename from config/rootfiles/core/136/filelists/Archive-Tar
rename to config/rootfiles/oldcore/136/filelists/Archive-Tar
diff --git a/config/rootfiles/core/136/filelists/Archive-Zip b/config/rootfiles/oldcore/136/filelists/Archive-Zip
similarity index 100%
rename from config/rootfiles/core/136/filelists/Archive-Zip
rename to config/rootfiles/oldcore/136/filelists/Archive-Zip
diff --git a/config/rootfiles/core/136/filelists/BerkeleyDB b/config/rootfiles/oldcore/136/filelists/BerkeleyDB
similarity index 100%
rename from config/rootfiles/core/136/filelists/BerkeleyDB
rename to config/rootfiles/oldcore/136/filelists/BerkeleyDB
diff --git a/config/rootfiles/core/136/filelists/Compress-Zlib b/config/rootfiles/oldcore/136/filelists/Compress-Zlib
similarity index 100%
rename from config/rootfiles/core/136/filelists/Compress-Zlib
rename to config/rootfiles/oldcore/136/filelists/Compress-Zlib
diff --git a/config/rootfiles/core/136/filelists/Convert-TNEF b/config/rootfiles/oldcore/136/filelists/Convert-TNEF
similarity index 100%
rename from config/rootfiles/core/136/filelists/Convert-TNEF
rename to config/rootfiles/oldcore/136/filelists/Convert-TNEF
diff --git a/config/rootfiles/core/136/filelists/Convert-UUlib b/config/rootfiles/oldcore/136/filelists/Convert-UUlib
similarity index 100%
rename from config/rootfiles/core/136/filelists/Convert-UUlib
rename to config/rootfiles/oldcore/136/filelists/Convert-UUlib
diff --git a/config/rootfiles/core/136/filelists/Crypt-PasswdMD5 b/config/rootfiles/oldcore/136/filelists/Crypt-PasswdMD5
similarity index 100%
rename from config/rootfiles/core/136/filelists/Crypt-PasswdMD5
rename to config/rootfiles/oldcore/136/filelists/Crypt-PasswdMD5
diff --git a/config/rootfiles/core/136/filelists/Digest b/config/rootfiles/oldcore/136/filelists/Digest
similarity index 100%
rename from config/rootfiles/core/136/filelists/Digest
rename to config/rootfiles/oldcore/136/filelists/Digest
diff --git a/config/rootfiles/core/136/filelists/Digest-HMAC b/config/rootfiles/oldcore/136/filelists/Digest-HMAC
similarity index 100%
rename from config/rootfiles/core/136/filelists/Digest-HMAC
rename to config/rootfiles/oldcore/136/filelists/Digest-HMAC
diff --git a/config/rootfiles/core/136/filelists/Digest-SHA1 b/config/rootfiles/oldcore/136/filelists/Digest-SHA1
similarity index 100%
rename from config/rootfiles/core/136/filelists/Digest-SHA1
rename to config/rootfiles/oldcore/136/filelists/Digest-SHA1
diff --git a/config/rootfiles/core/136/filelists/GD-Graph b/config/rootfiles/oldcore/136/filelists/GD-Graph
similarity index 100%
rename from config/rootfiles/core/136/filelists/GD-Graph
rename to config/rootfiles/oldcore/136/filelists/GD-Graph
diff --git a/config/rootfiles/core/136/filelists/GD-TextUtil b/config/rootfiles/oldcore/136/filelists/GD-TextUtil
similarity index 100%
rename from config/rootfiles/core/136/filelists/GD-TextUtil
rename to config/rootfiles/oldcore/136/filelists/GD-TextUtil
diff --git a/config/rootfiles/core/136/filelists/GeoIP b/config/rootfiles/oldcore/136/filelists/GeoIP
similarity index 100%
rename from config/rootfiles/core/136/filelists/GeoIP
rename to config/rootfiles/oldcore/136/filelists/GeoIP
diff --git a/config/rootfiles/core/136/filelists/HTML-Parser b/config/rootfiles/oldcore/136/filelists/HTML-Parser
similarity index 100%
rename from config/rootfiles/core/136/filelists/HTML-Parser
rename to config/rootfiles/oldcore/136/filelists/HTML-Parser
diff --git a/config/rootfiles/core/136/filelists/HTML-Tagset b/config/rootfiles/oldcore/136/filelists/HTML-Tagset
similarity index 100%
rename from config/rootfiles/core/136/filelists/HTML-Tagset
rename to config/rootfiles/oldcore/136/filelists/HTML-Tagset
diff --git a/config/rootfiles/core/136/filelists/HTML-Template b/config/rootfiles/oldcore/136/filelists/HTML-Template
similarity index 100%
rename from config/rootfiles/core/136/filelists/HTML-Template
rename to config/rootfiles/oldcore/136/filelists/HTML-Template
diff --git a/config/rootfiles/oldcore/136/filelists/IO-Socket-SSL b/config/rootfiles/oldcore/136/filelists/IO-Socket-SSL
new file mode 120000
index 000000000..d24492371
--- /dev/null
+++ b/config/rootfiles/oldcore/136/filelists/IO-Socket-SSL
@@ -0,0 +1 @@
+../../../common/IO-Socket-SSL
\ No newline at end of file
diff --git a/config/rootfiles/core/136/filelists/IO-Stringy b/config/rootfiles/oldcore/136/filelists/IO-Stringy
similarity index 100%
rename from config/rootfiles/core/136/filelists/IO-Stringy
rename to config/rootfiles/oldcore/136/filelists/IO-Stringy
diff --git a/config/rootfiles/core/136/filelists/Locale-Country b/config/rootfiles/oldcore/136/filelists/Locale-Country
similarity index 100%
rename from config/rootfiles/core/136/filelists/Locale-Country
rename to config/rootfiles/oldcore/136/filelists/Locale-Country
diff --git a/config/rootfiles/core/136/filelists/Mail-Tools b/config/rootfiles/oldcore/136/filelists/Mail-Tools
similarity index 100%
rename from config/rootfiles/core/136/filelists/Mail-Tools
rename to config/rootfiles/oldcore/136/filelists/Mail-Tools
diff --git a/config/rootfiles/core/136/filelists/Net-DNS b/config/rootfiles/oldcore/136/filelists/Net-DNS
similarity index 100%
rename from config/rootfiles/core/136/filelists/Net-DNS
rename to config/rootfiles/oldcore/136/filelists/Net-DNS
diff --git a/config/rootfiles/core/136/filelists/Net-IPv4Addr b/config/rootfiles/oldcore/136/filelists/Net-IPv4Addr
similarity index 100%
rename from config/rootfiles/core/136/filelists/Net-IPv4Addr
rename to config/rootfiles/oldcore/136/filelists/Net-IPv4Addr
diff --git a/config/rootfiles/core/136/filelists/Net-Server b/config/rootfiles/oldcore/136/filelists/Net-Server
similarity index 100%
rename from config/rootfiles/core/136/filelists/Net-Server
rename to config/rootfiles/oldcore/136/filelists/Net-Server
diff --git a/config/rootfiles/core/136/filelists/Net-Telnet b/config/rootfiles/oldcore/136/filelists/Net-Telnet
similarity index 100%
rename from config/rootfiles/core/136/filelists/Net-Telnet
rename to config/rootfiles/oldcore/136/filelists/Net-Telnet
diff --git a/config/rootfiles/core/136/filelists/Net_SSLeay b/config/rootfiles/oldcore/136/filelists/Net_SSLeay
similarity index 100%
rename from config/rootfiles/core/136/filelists/Net_SSLeay
rename to config/rootfiles/oldcore/136/filelists/Net_SSLeay
diff --git a/config/rootfiles/core/136/filelists/Text-Tabs+Wrap b/config/rootfiles/oldcore/136/filelists/Text-Tabs+Wrap
similarity index 100%
rename from config/rootfiles/core/136/filelists/Text-Tabs+Wrap
rename to config/rootfiles/oldcore/136/filelists/Text-Tabs+Wrap
diff --git a/config/rootfiles/core/136/filelists/URI b/config/rootfiles/oldcore/136/filelists/URI
similarity index 100%
rename from config/rootfiles/core/136/filelists/URI
rename to config/rootfiles/oldcore/136/filelists/URI
diff --git a/config/rootfiles/core/136/filelists/Unix-Syslog b/config/rootfiles/oldcore/136/filelists/Unix-Syslog
similarity index 100%
rename from config/rootfiles/core/136/filelists/Unix-Syslog
rename to config/rootfiles/oldcore/136/filelists/Unix-Syslog
diff --git a/config/rootfiles/core/136/filelists/XML-Parser b/config/rootfiles/oldcore/136/filelists/XML-Parser
similarity index 100%
rename from config/rootfiles/core/136/filelists/XML-Parser
rename to config/rootfiles/oldcore/136/filelists/XML-Parser
diff --git a/config/rootfiles/core/136/filelists/aarch64/gcc b/config/rootfiles/oldcore/136/filelists/aarch64/gcc
similarity index 100%
rename from config/rootfiles/core/136/filelists/aarch64/gcc
rename to config/rootfiles/oldcore/136/filelists/aarch64/gcc
diff --git a/config/rootfiles/core/136/filelists/apache2 b/config/rootfiles/oldcore/136/filelists/apache2
similarity index 100%
rename from config/rootfiles/core/136/filelists/apache2
rename to config/rootfiles/oldcore/136/filelists/apache2
diff --git a/config/rootfiles/core/136/filelists/armv5tel/gcc b/config/rootfiles/oldcore/136/filelists/armv5tel/gcc
similarity index 100%
rename from config/rootfiles/core/136/filelists/armv5tel/gcc
rename to config/rootfiles/oldcore/136/filelists/armv5tel/gcc
diff --git a/config/rootfiles/core/136/filelists/bind b/config/rootfiles/oldcore/136/filelists/bind
similarity index 100%
rename from config/rootfiles/core/136/filelists/bind
rename to config/rootfiles/oldcore/136/filelists/bind
diff --git a/config/rootfiles/core/136/filelists/ca-certificates b/config/rootfiles/oldcore/136/filelists/ca-certificates
similarity index 100%
rename from config/rootfiles/core/136/filelists/ca-certificates
rename to config/rootfiles/oldcore/136/filelists/ca-certificates
diff --git a/config/rootfiles/core/136/filelists/dhcpcd b/config/rootfiles/oldcore/136/filelists/dhcpcd
similarity index 100%
rename from config/rootfiles/core/136/filelists/dhcpcd
rename to config/rootfiles/oldcore/136/filelists/dhcpcd
diff --git a/config/rootfiles/core/136/filelists/files b/config/rootfiles/oldcore/136/filelists/files
similarity index 100%
rename from config/rootfiles/core/136/filelists/files
rename to config/rootfiles/oldcore/136/filelists/files
diff --git a/config/rootfiles/core/136/filelists/geoip-generator b/config/rootfiles/oldcore/136/filelists/geoip-generator
similarity index 100%
rename from config/rootfiles/core/136/filelists/geoip-generator
rename to config/rootfiles/oldcore/136/filelists/geoip-generator
diff --git a/config/rootfiles/core/136/filelists/hwdata b/config/rootfiles/oldcore/136/filelists/hwdata
similarity index 100%
rename from config/rootfiles/core/136/filelists/hwdata
rename to config/rootfiles/oldcore/136/filelists/hwdata
diff --git a/config/rootfiles/core/136/filelists/i586/gcc b/config/rootfiles/oldcore/136/filelists/i586/gcc
similarity index 100%
rename from config/rootfiles/core/136/filelists/i586/gcc
rename to config/rootfiles/oldcore/136/filelists/i586/gcc
diff --git a/config/rootfiles/core/136/filelists/i586/openssl-sse2 b/config/rootfiles/oldcore/136/filelists/i586/openssl-sse2
similarity index 100%
rename from config/rootfiles/core/136/filelists/i586/openssl-sse2
rename to config/rootfiles/oldcore/136/filelists/i586/openssl-sse2
diff --git a/config/rootfiles/core/136/filelists/knot b/config/rootfiles/oldcore/136/filelists/knot
similarity index 100%
rename from config/rootfiles/core/136/filelists/knot
rename to config/rootfiles/oldcore/136/filelists/knot
diff --git a/config/rootfiles/core/136/filelists/liboping b/config/rootfiles/oldcore/136/filelists/liboping
similarity index 100%
rename from config/rootfiles/core/136/filelists/liboping
rename to config/rootfiles/oldcore/136/filelists/liboping
diff --git a/config/rootfiles/core/136/filelists/libwww-perl b/config/rootfiles/oldcore/136/filelists/libwww-perl
similarity index 100%
rename from config/rootfiles/core/136/filelists/libwww-perl
rename to config/rootfiles/oldcore/136/filelists/libwww-perl
diff --git a/config/rootfiles/core/136/filelists/logrotate b/config/rootfiles/oldcore/136/filelists/logrotate
similarity index 100%
rename from config/rootfiles/core/136/filelists/logrotate
rename to config/rootfiles/oldcore/136/filelists/logrotate
diff --git a/config/rootfiles/core/136/filelists/openssh b/config/rootfiles/oldcore/136/filelists/openssh
similarity index 100%
rename from config/rootfiles/core/136/filelists/openssh
rename to config/rootfiles/oldcore/136/filelists/openssh
diff --git a/config/rootfiles/core/136/filelists/openssl b/config/rootfiles/oldcore/136/filelists/openssl
similarity index 100%
rename from config/rootfiles/core/136/filelists/openssl
rename to config/rootfiles/oldcore/136/filelists/openssl
diff --git a/config/rootfiles/core/136/filelists/patch b/config/rootfiles/oldcore/136/filelists/patch
similarity index 100%
rename from config/rootfiles/core/136/filelists/patch
rename to config/rootfiles/oldcore/136/filelists/patch
diff --git a/config/rootfiles/core/136/filelists/perl b/config/rootfiles/oldcore/136/filelists/perl
similarity index 100%
rename from config/rootfiles/core/136/filelists/perl
rename to config/rootfiles/oldcore/136/filelists/perl
diff --git a/config/rootfiles/core/136/filelists/perl-Apache-Htpasswd b/config/rootfiles/oldcore/136/filelists/perl-Apache-Htpasswd
similarity index 100%
rename from config/rootfiles/core/136/filelists/perl-Apache-Htpasswd
rename to config/rootfiles/oldcore/136/filelists/perl-Apache-Htpasswd
diff --git a/config/rootfiles/core/136/filelists/perl-CGI b/config/rootfiles/oldcore/136/filelists/perl-CGI
similarity index 100%
rename from config/rootfiles/core/136/filelists/perl-CGI
rename to config/rootfiles/oldcore/136/filelists/perl-CGI
diff --git a/config/rootfiles/core/136/filelists/perl-Device-Modem b/config/rootfiles/oldcore/136/filelists/perl-Device-Modem
similarity index 100%
rename from config/rootfiles/core/136/filelists/perl-Device-Modem
rename to config/rootfiles/oldcore/136/filelists/perl-Device-Modem
diff --git a/config/rootfiles/core/136/filelists/perl-Device-SerialPort b/config/rootfiles/oldcore/136/filelists/perl-Device-SerialPort
similarity index 100%
rename from config/rootfiles/core/136/filelists/perl-Device-SerialPort
rename to config/rootfiles/oldcore/136/filelists/perl-Device-SerialPort
diff --git a/config/rootfiles/core/136/filelists/perl-Email-Date-Format b/config/rootfiles/oldcore/136/filelists/perl-Email-Date-Format
similarity index 100%
rename from config/rootfiles/core/136/filelists/perl-Email-Date-Format
rename to config/rootfiles/oldcore/136/filelists/perl-Email-Date-Format
diff --git a/config/rootfiles/core/136/filelists/perl-Font-TTF b/config/rootfiles/oldcore/136/filelists/perl-Font-TTF
similarity index 100%
rename from config/rootfiles/core/136/filelists/perl-Font-TTF
rename to config/rootfiles/oldcore/136/filelists/perl-Font-TTF
diff --git a/config/rootfiles/core/136/filelists/perl-GD b/config/rootfiles/oldcore/136/filelists/perl-GD
similarity index 100%
rename from config/rootfiles/core/136/filelists/perl-GD
rename to config/rootfiles/oldcore/136/filelists/perl-GD
diff --git a/config/rootfiles/core/136/filelists/perl-IO-String b/config/rootfiles/oldcore/136/filelists/perl-IO-String
similarity index 100%
rename from config/rootfiles/core/136/filelists/perl-IO-String
rename to config/rootfiles/oldcore/136/filelists/perl-IO-String
diff --git a/config/rootfiles/core/136/filelists/perl-MIME-Lite b/config/rootfiles/oldcore/136/filelists/perl-MIME-Lite
similarity index 100%
rename from config/rootfiles/core/136/filelists/perl-MIME-Lite
rename to config/rootfiles/oldcore/136/filelists/perl-MIME-Lite
diff --git a/config/rootfiles/core/136/filelists/perl-Net-CIDR-Lite b/config/rootfiles/oldcore/136/filelists/perl-Net-CIDR-Lite
similarity index 100%
rename from config/rootfiles/core/136/filelists/perl-Net-CIDR-Lite
rename to config/rootfiles/oldcore/136/filelists/perl-Net-CIDR-Lite
diff --git a/config/rootfiles/core/136/filelists/perl-NetAddr-IP b/config/rootfiles/oldcore/136/filelists/perl-NetAddr-IP
similarity index 100%
rename from config/rootfiles/core/136/filelists/perl-NetAddr-IP
rename to config/rootfiles/oldcore/136/filelists/perl-NetAddr-IP
diff --git a/config/rootfiles/core/136/filelists/perl-PDF-API2 b/config/rootfiles/oldcore/136/filelists/perl-PDF-API2
similarity index 100%
rename from config/rootfiles/core/136/filelists/perl-PDF-API2
rename to config/rootfiles/oldcore/136/filelists/perl-PDF-API2
diff --git a/config/rootfiles/core/136/filelists/perl-Sort-Naturally b/config/rootfiles/oldcore/136/filelists/perl-Sort-Naturally
similarity index 100%
rename from config/rootfiles/core/136/filelists/perl-Sort-Naturally
rename to config/rootfiles/oldcore/136/filelists/perl-Sort-Naturally
diff --git a/config/rootfiles/core/136/filelists/perl-Switch b/config/rootfiles/oldcore/136/filelists/perl-Switch
similarity index 100%
rename from config/rootfiles/core/136/filelists/perl-Switch
rename to config/rootfiles/oldcore/136/filelists/perl-Switch
diff --git a/config/rootfiles/core/136/filelists/perl-Text-CSV_XS b/config/rootfiles/oldcore/136/filelists/perl-Text-CSV_XS
similarity index 100%
rename from config/rootfiles/core/136/filelists/perl-Text-CSV_XS
rename to config/rootfiles/oldcore/136/filelists/perl-Text-CSV_XS
diff --git a/config/rootfiles/core/136/filelists/rrdtool b/config/rootfiles/oldcore/136/filelists/rrdtool
similarity index 100%
rename from config/rootfiles/core/136/filelists/rrdtool
rename to config/rootfiles/oldcore/136/filelists/rrdtool
diff --git a/config/rootfiles/core/136/filelists/unbound b/config/rootfiles/oldcore/136/filelists/unbound
similarity index 100%
rename from config/rootfiles/core/136/filelists/unbound
rename to config/rootfiles/oldcore/136/filelists/unbound
diff --git a/config/rootfiles/core/136/filelists/usb_modeswitch b/config/rootfiles/oldcore/136/filelists/usb_modeswitch
similarity index 100%
rename from config/rootfiles/core/136/filelists/usb_modeswitch
rename to config/rootfiles/oldcore/136/filelists/usb_modeswitch
diff --git a/config/rootfiles/core/136/filelists/usb_modeswitch_data b/config/rootfiles/oldcore/136/filelists/usb_modeswitch_data
similarity index 100%
rename from config/rootfiles/core/136/filelists/usb_modeswitch_data
rename to config/rootfiles/oldcore/136/filelists/usb_modeswitch_data
diff --git a/config/rootfiles/core/136/filelists/x86_64/gcc b/config/rootfiles/oldcore/136/filelists/x86_64/gcc
similarity index 100%
rename from config/rootfiles/core/136/filelists/x86_64/gcc
rename to config/rootfiles/oldcore/136/filelists/x86_64/gcc
diff --git a/config/rootfiles/core/136/update.sh b/config/rootfiles/oldcore/136/update.sh
similarity index 100%
rename from config/rootfiles/core/136/update.sh
rename to config/rootfiles/oldcore/136/update.sh
diff --git a/lfs/linux b/lfs/linux
index a9e30714f..a0b28652d 100644
--- a/lfs/linux
+++ b/lfs/linux
@@ -146,6 +146,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
# Fix uevent PHYSDEVDRIVER
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-2.6.32.27_mcs7830-fix-driver-name.patch
+ # Fix for netfilter nf_conntrack: resolve clash for matching conntracks
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.0-netfilter-conntrack-resolve-clash.patch
+
ifeq "$(KCFG)" "-kirkwood"
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14.40-kirkwood-dtb.patch
endif
diff --git a/make.sh b/make.sh
index bea4f5d6d..f8370ca0b 100755
--- a/make.sh
+++ b/make.sh
@@ -26,7 +26,7 @@ NAME="IPFire" # Software name
SNAME="ipfire" # Short name
# If you update the version don't forget to update backupiso and add it to core update
VERSION="2.23" # Version number
-CORE="136" # Core Level (Filename)
+CORE="137" # Core Level (Filename)
PAKFIRE_CORE="136" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
diff --git a/src/patches/linux/linux-5.0-netfilter-conntrack-resolve-clash.patch b/src/patches/linux/linux-5.0-netfilter-conntrack-resolve-clash.patch
new file mode 100644
index 000000000..914cd0675
--- /dev/null
+++ b/src/patches/linux/linux-5.0-netfilter-conntrack-resolve-clash.patch
@@ -0,0 +1,75 @@
+commit ed07d9a021df6da53456663a76999189badc432a
+Author: Martynas Pumputis <martynas(a)weave.works>
+Date: Mon Jul 2 16:52:14 2018 +0200
+
+ netfilter: nf_conntrack: resolve clash for matching conntracks
+
+ This patch enables the clash resolution for NAT (disabled in
+ "590b52e10d41") if clashing conntracks match (i.e. both tuples are equal)
+ and a protocol allows it.
+
+ The clash might happen for a connections-less protocol (e.g. UDP) when
+ two threads in parallel writes to the same socket and consequent calls
+ to "get_unique_tuple" return the same tuples (incl. reply tuples).
+
+ In this case it is safe to perform the resolution, as the losing CT
+ describes the same mangling as the winning CT, so no modifications to
+ the packet are needed, and the result of rules traversal for the loser's
+ packet stays valid.
+
+ Signed-off-by: Martynas Pumputis <martynas(a)weave.works>
+ Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org>
+
+diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
+index 5123e91b1982..4ced7c7102b6 100644
+--- a/net/netfilter/nf_conntrack_core.c
++++ b/net/netfilter/nf_conntrack_core.c
+@@ -632,6 +632,18 @@ nf_ct_key_equal(struct nf_conntrack_tuple_hash *h,
+ net_eq(net, nf_ct_net(ct));
+ }
+
++static inline bool
++nf_ct_match(const struct nf_conn *ct1, const struct nf_conn *ct2)
++{
++ return nf_ct_tuple_equal(&ct1->tuplehash[IP_CT_DIR_ORIGINAL].tuple,
++ &ct2->tuplehash[IP_CT_DIR_ORIGINAL].tuple) &&
++ nf_ct_tuple_equal(&ct1->tuplehash[IP_CT_DIR_REPLY].tuple,
++ &ct2->tuplehash[IP_CT_DIR_REPLY].tuple) &&
++ nf_ct_zone_equal(ct1, nf_ct_zone(ct2), IP_CT_DIR_ORIGINAL) &&
++ nf_ct_zone_equal(ct1, nf_ct_zone(ct2), IP_CT_DIR_REPLY) &&
++ net_eq(nf_ct_net(ct1), nf_ct_net(ct2));
++}
++
+ /* caller must hold rcu readlock and none of the nf_conntrack_locks */
+ static void nf_ct_gc_expired(struct nf_conn *ct)
+ {
+@@ -825,19 +837,21 @@ static int nf_ct_resolve_clash(struct net *net, struct sk_buff *skb,
+ /* This is the conntrack entry already in hashes that won race. */
+ struct nf_conn *ct = nf_ct_tuplehash_to_ctrack(h);
+ const struct nf_conntrack_l4proto *l4proto;
++ enum ip_conntrack_info oldinfo;
++ struct nf_conn *loser_ct = nf_ct_get(skb, &oldinfo);
+
+ l4proto = __nf_ct_l4proto_find(nf_ct_l3num(ct), nf_ct_protonum(ct));
+ if (l4proto->allow_clash &&
+- ((ct->status & IPS_NAT_DONE_MASK) == 0) &&
+ !nf_ct_is_dying(ct) &&
+ atomic_inc_not_zero(&ct->ct_general.use)) {
+- enum ip_conntrack_info oldinfo;
+- struct nf_conn *loser_ct = nf_ct_get(skb, &oldinfo);
+-
+- nf_ct_acct_merge(ct, ctinfo, loser_ct);
+- nf_conntrack_put(&loser_ct->ct_general);
+- nf_ct_set(skb, ct, oldinfo);
+- return NF_ACCEPT;
++ if (((ct->status & IPS_NAT_DONE_MASK) == 0) ||
++ nf_ct_match(ct, loser_ct)) {
++ nf_ct_acct_merge(ct, ctinfo, loser_ct);
++ nf_conntrack_put(&loser_ct->ct_general);
++ nf_ct_set(skb, ct, oldinfo);
++ return NF_ACCEPT;
++ }
++ nf_ct_put(ct);
+ }
+ NF_CT_STAT_INC(net, drop);
+ return NF_DROP;
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2019-09-21 12:22 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46b8pv6tppz2y5N@people01.haj.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox