|
 |
eb5e09 |
Name: conntrack-tools
|
|
|
12f005 |
Version: 1.4.4
|
|
|
f7828c |
Release: 7%{?dist}
|
|
|
eb5e09 |
Summary: Manipulate netfilter connection tracking table and run High Availability
|
|
|
eb5e09 |
Group: System Environment/Base
|
|
|
eb5e09 |
License: GPLv2
|
|
|
eb5e09 |
URL: http://netfilter.org
|
|
|
eb5e09 |
Source0: http://netfilter.org/projects/%{name}/files/%{name}-%{version}.tar.bz2
|
|
|
eb5e09 |
Source1: conntrackd.service
|
|
|
eb5e09 |
Source2: conntrackd.conf
|
|
|
12f005 |
BuildRequires: libnfnetlink-devel >= 1.0.1, libnetfilter_conntrack-devel >= 1.0.6
|
|
|
eb5e09 |
BuildRequires: libnetfilter_cttimeout-devel >= 1.0.0, libnetfilter_cthelper-devel >= 1.0.0
|
|
|
eb5e09 |
BuildRequires: libmnl-devel >= 1.0.3, libnetfilter_queue-devel >= 1.0.2
|
|
|
eb5e09 |
BuildRequires: pkgconfig bison flex
|
|
|
12f005 |
Requires: libnetfilter_conntrack >= 1.0.6
|
|
|
eb5e09 |
Provides: conntrack = 1.0-1
|
|
|
eb5e09 |
Obsoletes: conntrack < 1.0-1
|
|
|
eb5e09 |
Requires(post): systemd
|
|
|
eb5e09 |
Requires(preun): systemd
|
|
|
eb5e09 |
Requires(postun): systemd
|
|
|
eb5e09 |
BuildRequires: systemd
|
|
|
eb5e09 |
|
|
|
0c8692 |
Patch1: 0001-conntrack-Support-IPv6-NAT.patch
|
|
|
0c8692 |
Patch2: 0002-conntrackd-helpers-dhcpv6-Fix-potential-array-overru.patch
|
|
|
0c8692 |
Patch3: 0003-nfct-Drop-dead-code-in-nfct_timeout_parse_params.patch
|
|
|
0c8692 |
Patch4: 0004-src-Fix-for-implicit-fallthrough-warnings.patch
|
|
|
5a989b |
Patch5: 0005-conntrack-Fix-CIDR-to-mask-conversion-on-Big-Endian.patch
|
|
|
5a989b |
Patch6: 0006-nfct-helper-Fix-NFCTH_ATTR_PROTO_L4NUM-size.patch
|
|
|
12f005 |
|
|
|
eb5e09 |
%description
|
|
|
eb5e09 |
With conntrack-tools you can setup a High Availability cluster and
|
|
|
eb5e09 |
synchronize conntrack state between multiple firewalls.
|
|
|
eb5e09 |
|
|
|
eb5e09 |
The conntrack-tools package contains two programs:
|
|
|
eb5e09 |
- conntrack: the command line interface to interact with the connection
|
|
|
eb5e09 |
tracking system.
|
|
|
eb5e09 |
- conntrackd: the connection tracking userspace daemon that can be used to
|
|
|
eb5e09 |
deploy highly available GNU/Linux firewalls and collect
|
|
|
eb5e09 |
statistics of the firewall use.
|
|
|
eb5e09 |
|
|
|
eb5e09 |
conntrack is used to search, list, inspect and maintain the netfilter
|
|
|
eb5e09 |
connection tracking subsystem of the Linux kernel.
|
|
|
eb5e09 |
Using conntrack, you can dump a list of all (or a filtered selection of)
|
|
|
eb5e09 |
currently tracked connections, delete connections from the state table,
|
|
|
eb5e09 |
and even add new ones.
|
|
|
eb5e09 |
In addition, you can also monitor connection tracking events, e.g.
|
|
|
eb5e09 |
show an event message (one line) per newly established connection.
|
|
|
eb5e09 |
|
|
|
eb5e09 |
%prep
|
|
|
0c8692 |
%autosetup -p1
|
|
|
eb5e09 |
|
|
|
eb5e09 |
%build
|
|
|
a027ed |
# do not use --enable-cthelper --enable-cttimeout, it causes disabling of these features
|
|
|
eb5e09 |
%configure --disable-static
|
|
|
eb5e09 |
%{__make} %{?_smp_mflags}
|
|
|
eb5e09 |
chmod 644 doc/sync/primary-backup.sh
|
|
|
eb5e09 |
rm -f doc/sync/notrack/conntrackd.conf.orig doc/sync/alarm/conntrackd.conf.orig doc/helper/conntrackd.conf.orig
|
|
|
eb5e09 |
|
|
|
eb5e09 |
%install
|
|
|
eb5e09 |
%{__make} install DESTDIR=%{buildroot}
|
|
|
eb5e09 |
find $RPM_BUILD_ROOT -type f -name "*.la" -exec rm -f {} ';'
|
|
|
eb5e09 |
mkdir -p %{buildroot}%{_sysconfdir}/conntrackd
|
|
|
eb5e09 |
install -d 0755 %{buildroot}%{_unitdir}
|
|
|
eb5e09 |
install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/
|
|
|
eb5e09 |
install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/conntrackd/
|
|
|
eb5e09 |
|
|
|
eb5e09 |
%files
|
|
|
eb5e09 |
%doc COPYING AUTHORS TODO doc
|
|
|
eb5e09 |
%dir %{_sysconfdir}/conntrackd
|
|
|
eb5e09 |
%config(noreplace) %{_sysconfdir}/conntrackd/conntrackd.conf
|
|
|
eb5e09 |
%{_unitdir}/conntrackd.service
|
|
|
eb5e09 |
%{_sbindir}/conntrack
|
|
|
eb5e09 |
%{_sbindir}/conntrackd
|
|
|
eb5e09 |
%{_sbindir}/nfct
|
|
|
eb5e09 |
%{_mandir}/man8/*
|
|
|
12f005 |
%{_mandir}/man5/*
|
|
|
eb5e09 |
%dir %{_libdir}/conntrack-tools
|
|
|
eb5e09 |
%{_libdir}/conntrack-tools/*
|
|
|
eb5e09 |
|
|
|
eb5e09 |
%post
|
|
|
eb5e09 |
%systemd_post conntrackd.service
|
|
|
eb5e09 |
|
|
|
eb5e09 |
%preun
|
|
|
eb5e09 |
%systemd_preun conntrackd.service
|
|
|
eb5e09 |
|
|
|
eb5e09 |
%postun
|
|
|
eb5e09 |
%systemd_postun conntrackd.service
|
|
|
eb5e09 |
|
|
|
eb5e09 |
%changelog
|
|
|
f7828c |
* Tue Sep 10 2019 Phil Sutter <psutter@redhat.com> - 1.4.4-7
|
|
|
5a989b |
- nfct: helper: Fix NFCTH_ATTR_PROTO_L4NUM size
|
|
|
5a989b |
|
|
|
f7828c |
* Wed Sep 04 2019 Phil Sutter <psutter@redhat.com> - 1.4.4-6
|
|
|
5a989b |
- conntrack: Fix CIDR to mask conversion on Big Endian
|
|
|
5a989b |
|
|
|
0c8692 |
* Wed Mar 27 2019 Phil Sutter <psutter@redhat.com> - 1.4.4-5
|
|
|
0c8692 |
- Add git commit info to IPv6 NAT support patch
|
|
|
0c8692 |
- Backport: conntrackd: helpers: dhcpv6: Fix potential array overrun
|
|
|
0c8692 |
- Backport: nfct: Drop dead code in nfct_timeout_parse_params()
|
|
|
0c8692 |
- Backport: src: Fix for implicit-fallthrough warnings
|
|
|
0c8692 |
|
|
|
0d337b |
* Fri Aug 24 2018 Paul Wouters <pwouters@redhat.com> - 1.4.4-4
|
|
|
0d337b |
- Resolves: rhbz#1578059 Greatest NVR version of conntrack-tools for ppc64le and x86_64 are different
|
|
|
0d337b |
|
|
|
12f005 |
* Mon Apr 03 2017 Paul Wouters <pwouters@redhat.com> - 1.4.4-3
|
|
|
12f005 |
- Resolves: rhbz#1425552 (explicitely Require: libnetfilter_conntrack >= 1.0.6 as it is same .so version)
|
|
|
12f005 |
|
|
|
12f005 |
* Thu Mar 16 2017 Paul Wouters <pwouters@redhat.com> - 1.4.4-2
|
|
|
12f005 |
- Resolves: rhbz#1425552 (conntrack cmd was missing IPv6 support as well)
|
|
|
12f005 |
|
|
|
12f005 |
* Fri Mar 03 2017 Paul Wouters <pwouters@redhat.com> - 1.4.4-1
|
|
|
12f005 |
- Resolves: rhbz#1425552 conntrack does not support Ipv6 NAT
|
|
|
12f005 |
|
|
|
a027ed |
* Fri Aug 12 2016 Paul Wouters <pwouters@redhat.com> - 1.4.3-1
|
|
|
a027ed |
- Resolves: rhbz#1351701 conntrackd -d throws "ERROR: Helper support is disabled"
|
|
|
a027ed |
|
|
|
eb5e09 |
* Fri Aug 21 2015 Paul Wouters <pwouters@redhat.com> - 1.4.2-9
|
|
|
eb5e09 |
- Resolves: rhbz#1255578 conntrackd could neither be started nor be stopped
|
|
|
eb5e09 |
|
|
|
eb5e09 |
* Tue Aug 18 2015 Paul Wouters <pwouters@redhat.com> - 1.4.2-8
|
|
|
eb5e09 |
- Resolves: rhbz#CVE-2015-6496
|
|
|
eb5e09 |
- Fold in upstream patches since 1.4.2 release up to git 900d7e8
|
|
|
eb5e09 |
- Fold in upstream patch set of 2015-08-18 for coverity issues
|
|
|
eb5e09 |
|
|
|
eb5e09 |
* Thu May 21 2015 Paul Wouters <pwouters@redhat.com> - 1.4.2-7
|
|
|
eb5e09 |
- Resolves: rhbz#1122611 [BNE] Add conntrack-tools package to RHEL-7
|