diff options
Diffstat (limited to 'main/conntrack-tools')
| -rw-r--r-- | main/conntrack-tools/APKBUILD | 28 | ||||
| -rw-r--r-- | main/conntrack-tools/conntrackd.confd | 15 | ||||
| -rw-r--r-- | main/conntrack-tools/conntrackd.initd | 99 |
3 files changed, 142 insertions, 0 deletions
diff --git a/main/conntrack-tools/APKBUILD b/main/conntrack-tools/APKBUILD new file mode 100644 index 00000000000..96a402a2f16 --- /dev/null +++ b/main/conntrack-tools/APKBUILD @@ -0,0 +1,28 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=conntrack-tools +pkgver=0.9.10 +pkgrel=0 +pkgdesc="Connection tracking userspace tools" +url="http://conntrack-tools.netfilter.org" +license="GPL-2" +subpackages="$pkgname-doc" +depends="uclibc libnfnetlink libnetfilter_conntrack" +makedepends="pkgconfig libnfnetlink-dev libnetfilter_conntrack-dev" +source="http://www.netfilter.org/projects/conntrack-tools/files/$pkgname-$pkgver.tar.bz2 + conntrackd.initd + conntrackd.confd + " + +build() { + cd "$srcdir"/$pkgname-$pkgver + ./configure --prefix=/usr + make || return 1 + make DESTDIR="$pkgdir" install || return 1 + + install -Dm755 ../conntrackd.initd "$pkgdir"/etc/init.d/conntrackd + install -Dm644 ../conntrackd.confd "$pkgdir"/etc/conf.d/conntrackd + install -Dm644 doc/stats/conntrackd.conf "$pkgdir"/etc/conntrackd +} +md5sums="cd46ed2d5cd4797add0cd444a209c1e7 conntrack-tools-0.9.10.tar.bz2 +144831a8a79561ef184b84ba94f0837b conntrackd.initd +8ebf3838b69d20e6bb4a173844502039 conntrackd.confd" diff --git a/main/conntrack-tools/conntrackd.confd b/main/conntrack-tools/conntrackd.confd new file mode 100644 index 00000000000..7c937cbd9e3 --- /dev/null +++ b/main/conntrack-tools/conntrackd.confd @@ -0,0 +1,15 @@ +# conntrackd config file +# default: /etc/conntrackd/conntrackd.conf +#CONNTRACKD_CFG=/etc/conntrackd/conntrackd.conf + +# conntrackd lockfile (must match the "LockFile" entry +# from the "General" section in the config file) +# default: /var/lock/conntrack.lock +#CONNTRACKD_LOCK=/var/lock/conntrack.lock + +# extra options for conntrackd +#CONNTRACKD_OPTS="" # you must NOT use -C here! + +# depend on a specific network interface +#RC_NEED="net.eth1" # baselayout-1 +#rc_need="net.eth1" # baselayout-2/OpenRC diff --git a/main/conntrack-tools/conntrackd.initd b/main/conntrack-tools/conntrackd.initd new file mode 100644 index 00000000000..9394badca12 --- /dev/null +++ b/main/conntrack-tools/conntrackd.initd @@ -0,0 +1,99 @@ +#!/sbin/runscript +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +CONNTRACKD_BIN="/usr/sbin/conntrackd" +CONNTRACKD_CFG=${CONNTRACKD_CFG:-/etc/conntrackd/conntrackd.conf} +CONNTRACKD_LOCK=${CONNTRACKD_LOCK:-/var/lock/conntrack.lock} + +depend() { + use logger + need net +} + +checkconfig() { + # check for netfilter conntrack kernel support + local nf_ct_available=0 + for k in net.netfilter.nf_conntrack_max \ + net.ipv4.netfilter.ip_conntrack_max \ + net.nf_conntrack_max; do + if sysctl -e -n ${k} &>/dev/null; then + nf_ct_available=1 # sysctl key found + break + fi + done + if [ ${nf_ct_available} -eq 0 ]; then + eerror + eerror "Your kernel is missing netfilter conntrack support!" + eerror "Make sure your kernel was compiled with netfilter conntrack support." + eerror + eerror "If it was compiled as a module you need to ensure the module is being" + eerror "loaded before starting conntrackd." + eerror "Either add an entry to /etc/modules.autoload/[...] (for baselayout-1)" + eerror "or /etc/conf.d/modules (for baselayout-2/OpenRC) or load the module" + eerror "by hand like this, depending on your kernel version:" + eerror + eerror " modprobe nf_conntrack # (for newer kernels)" + eerror " modprobe ip_conntrack # (for older kernels)" + eerror + return 1 + fi + # check if netfilter conntrack TCP window tracking is disabled + local nf_ct_tcp_be_liberal=0 + for k in net.netfilter.nf_conntrack_tcp_be_liberal \ + net.ipv4.netfilter.ip_conntrack_tcp_be_liberal; do + nf_ct_tcp_be_liberal=$(sysctl -e -n ${k} 2>/dev/null) + if [ ${?} -ne 0 ]; then + continue # sysctl key not found + else + break # sysctl key found + fi + done + if [ ${nf_ct_tcp_be_liberal} -ne 1 ]; then + eerror + eerror "You need to disable TCP window tracking!" + eerror "Add the following line to your /etc/sysctl.conf:" + eerror + eerror " ${k} = 1" + eerror + eerror "...and run this to activate the setting: sysctl -q -p" + eerror + return 1 + fi + # check for config file + if [ ! -e "${CONNTRACKD_CFG}" ]; then + eerror + eerror "The conntrackd config file (${CONNTRACKD_CFG})" + eerror "is missing!" + eerror + return 1 + fi + # check for leftover lockfile + if [ -f "${CONNTRACKD_LOCK}" ]; then + ewarn + ewarn "The conntrackd lockfile (${CONNTRACKD_LOCK})" + ewarn "exists although the service is not marked as started." + ewarn "Will remove the lockfile and start the service in 10s" + ewarn "if not interrupted..." + ewarn + sleep 10 + if ! rm -f "${CONNTRACKD_LOCK}"; then + eerror "Failed to remove the conntrackd lockfile (${CONNTRACKD_LOCK})" + return 1 + fi + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting conntrackd" + start-stop-daemon --start --exec "${CONNTRACKD_BIN}" \ + -- -d -C "${CONNTRACKD_CFG}" ${CONNTRACKD_OPTS} + eend $? +} + +stop() { + ebegin "Stopping conntrackd" + start-stop-daemon --stop --exec "${CONNTRACKD_BIN}" + eend $? +} |