From 116472b83bf831afb4d4281ce532cd71bf76d01e Mon Sep 17 00:00:00 2001 From: Wolfram Schlich Date: Thu, 20 Nov 2008 12:06:32 +0000 Subject: improve init script, fix *DEPEND (Portage version: 2.2_rc13/cvs/Linux 2.6.24-gentoo-r5-1 i686, RepoMan options: --force) --- net-firewall/conntrack-tools/ChangeLog | 9 +- .../conntrack-tools-0.9.8-r1.ebuild | 55 ++++++++++++ .../conntrack-tools/files/conntrackd.confd-r1 | 15 ++++ .../conntrack-tools/files/conntrackd.initd-r1 | 99 ++++++++++++++++++++++ net-firewall/conntrack-tools/metadata.xml | 7 +- 5 files changed, 183 insertions(+), 2 deletions(-) create mode 100644 net-firewall/conntrack-tools/conntrack-tools-0.9.8-r1.ebuild create mode 100644 net-firewall/conntrack-tools/files/conntrackd.confd-r1 create mode 100644 net-firewall/conntrack-tools/files/conntrackd.initd-r1 (limited to 'net-firewall/conntrack-tools') diff --git a/net-firewall/conntrack-tools/ChangeLog b/net-firewall/conntrack-tools/ChangeLog index 8e10090e1d93..74f1cd494cbf 100644 --- a/net-firewall/conntrack-tools/ChangeLog +++ b/net-firewall/conntrack-tools/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-firewall/conntrack-tools # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/conntrack-tools/ChangeLog,v 1.20 2008/11/01 15:38:32 cedk Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/conntrack-tools/ChangeLog,v 1.21 2008/11/20 12:06:32 wschlich Exp $ + +*conntrack-tools-0.9.8-r1 (17 Nov 2008) + + 17 Nov 2008; Wolfram Schlich + +files/conntrackd.confd-r1, +files/conntrackd.initd-r1, metadata.xml, + +conntrack-tools-0.9.8-r1.ebuild: + improve init script, fix *DEPEND 01 Nov 2008; Cédric Krier conntrack-tools-0.9.6-r1.ebuild, conntrack-tools-0.9.7-r2.ebuild, diff --git a/net-firewall/conntrack-tools/conntrack-tools-0.9.8-r1.ebuild b/net-firewall/conntrack-tools/conntrack-tools-0.9.8-r1.ebuild new file mode 100644 index 000000000000..7536b413d8fd --- /dev/null +++ b/net-firewall/conntrack-tools/conntrack-tools-0.9.8-r1.ebuild @@ -0,0 +1,55 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/conntrack-tools/conntrack-tools-0.9.8-r1.ebuild,v 1.1 2008/11/20 12:06:32 wschlich Exp $ + +inherit linux-info eutils + +DESCRIPTION="Connection tracking userspace tools" +HOMEPAGE="http://conntrack-tools.netfilter.org" +SRC_URI="http://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~hppa ~sparc ~x86" +IUSE="" + +RDEPEND=" + >=net-libs/libnfnetlink-0.0.33 + >=net-libs/libnetfilter_conntrack-0.0.97 + !net-firewall/conntrack" +DEPEND="${RDEPEND} + >=dev-util/pkgconfig-0.9.0" + +pkg_setup() { + linux-info_pkg_setup + + if kernel_is lt 2 6 18 ; then + die "${PN} requires at least 2.6.18 kernel version" + fi + + #netfilter core team has changed some option names with kernel 2.6.20 + if kernel_is lt 2 6 20 ; then + CONFIG_CHECK="IP_NF_CONNTRACK_NETLINK" + else + CONFIG_CHECK="NF_CT_NETLINK" + fi + CONFIG_CHECK="${CONFIG_CHECK} NF_CONNTRACK NF_CONNTRACK_IPV4 + NETFILTER_NETLINK NF_CONNTRACK_EVENTS" + + check_extra_config +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed" + + newinitd "${FILESDIR}/conntrackd.initd-r1" conntrackd + newconfd "${FILESDIR}/conntrackd.confd-r1" conntrackd + + insinto /etc/conntrackd + doins doc/stats/conntrackd.conf + + dodoc AUTHORS ChangeLog + + insinto /usr/share/doc/${PF} + pushd doc &>/dev/null && doins -r . && popd &>/dev/null +} diff --git a/net-firewall/conntrack-tools/files/conntrackd.confd-r1 b/net-firewall/conntrack-tools/files/conntrackd.confd-r1 new file mode 100644 index 000000000000..7c937cbd9e3e --- /dev/null +++ b/net-firewall/conntrack-tools/files/conntrackd.confd-r1 @@ -0,0 +1,15 @@ +# conntrackd config file +# default: /etc/conntrackd/conntrackd.conf +#CONNTRACKD_CFG=/etc/conntrackd/conntrackd.conf + +# conntrackd lockfile (must match the "LockFile" entry +# from the "General" section in the config file) +# default: /var/lock/conntrack.lock +#CONNTRACKD_LOCK=/var/lock/conntrack.lock + +# extra options for conntrackd +#CONNTRACKD_OPTS="" # you must NOT use -C here! + +# depend on a specific network interface +#RC_NEED="net.eth1" # baselayout-1 +#rc_need="net.eth1" # baselayout-2/OpenRC diff --git a/net-firewall/conntrack-tools/files/conntrackd.initd-r1 b/net-firewall/conntrack-tools/files/conntrackd.initd-r1 new file mode 100644 index 000000000000..9394badca125 --- /dev/null +++ b/net-firewall/conntrack-tools/files/conntrackd.initd-r1 @@ -0,0 +1,99 @@ +#!/sbin/runscript +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +CONNTRACKD_BIN="/usr/sbin/conntrackd" +CONNTRACKD_CFG=${CONNTRACKD_CFG:-/etc/conntrackd/conntrackd.conf} +CONNTRACKD_LOCK=${CONNTRACKD_LOCK:-/var/lock/conntrack.lock} + +depend() { + use logger + need net +} + +checkconfig() { + # check for netfilter conntrack kernel support + local nf_ct_available=0 + for k in net.netfilter.nf_conntrack_max \ + net.ipv4.netfilter.ip_conntrack_max \ + net.nf_conntrack_max; do + if sysctl -e -n ${k} &>/dev/null; then + nf_ct_available=1 # sysctl key found + break + fi + done + if [ ${nf_ct_available} -eq 0 ]; then + eerror + eerror "Your kernel is missing netfilter conntrack support!" + eerror "Make sure your kernel was compiled with netfilter conntrack support." + eerror + eerror "If it was compiled as a module you need to ensure the module is being" + eerror "loaded before starting conntrackd." + eerror "Either add an entry to /etc/modules.autoload/[...] (for baselayout-1)" + eerror "or /etc/conf.d/modules (for baselayout-2/OpenRC) or load the module" + eerror "by hand like this, depending on your kernel version:" + eerror + eerror " modprobe nf_conntrack # (for newer kernels)" + eerror " modprobe ip_conntrack # (for older kernels)" + eerror + return 1 + fi + # check if netfilter conntrack TCP window tracking is disabled + local nf_ct_tcp_be_liberal=0 + for k in net.netfilter.nf_conntrack_tcp_be_liberal \ + net.ipv4.netfilter.ip_conntrack_tcp_be_liberal; do + nf_ct_tcp_be_liberal=$(sysctl -e -n ${k} 2>/dev/null) + if [ ${?} -ne 0 ]; then + continue # sysctl key not found + else + break # sysctl key found + fi + done + if [ ${nf_ct_tcp_be_liberal} -ne 1 ]; then + eerror + eerror "You need to disable TCP window tracking!" + eerror "Add the following line to your /etc/sysctl.conf:" + eerror + eerror " ${k} = 1" + eerror + eerror "...and run this to activate the setting: sysctl -q -p" + eerror + return 1 + fi + # check for config file + if [ ! -e "${CONNTRACKD_CFG}" ]; then + eerror + eerror "The conntrackd config file (${CONNTRACKD_CFG})" + eerror "is missing!" + eerror + return 1 + fi + # check for leftover lockfile + if [ -f "${CONNTRACKD_LOCK}" ]; then + ewarn + ewarn "The conntrackd lockfile (${CONNTRACKD_LOCK})" + ewarn "exists although the service is not marked as started." + ewarn "Will remove the lockfile and start the service in 10s" + ewarn "if not interrupted..." + ewarn + sleep 10 + if ! rm -f "${CONNTRACKD_LOCK}"; then + eerror "Failed to remove the conntrackd lockfile (${CONNTRACKD_LOCK})" + return 1 + fi + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting conntrackd" + start-stop-daemon --start --exec "${CONNTRACKD_BIN}" \ + -- -d -C "${CONNTRACKD_CFG}" ${CONNTRACKD_OPTS} + eend $? +} + +stop() { + ebegin "Stopping conntrackd" + start-stop-daemon --stop --exec "${CONNTRACKD_BIN}" + eend $? +} diff --git a/net-firewall/conntrack-tools/metadata.xml b/net-firewall/conntrack-tools/metadata.xml index e70c6ec9dab7..161a8f14146b 100644 --- a/net-firewall/conntrack-tools/metadata.xml +++ b/net-firewall/conntrack-tools/metadata.xml @@ -5,6 +5,12 @@ cedk@gentoo.org Cédric Krier + Primary maintainer + + + wschlich@gentoo.org + Wolfram Schlich + Secondary maintainer A set of tools targeted at system administrators. They are conntrack, @@ -12,4 +18,3 @@ daemon. - -- cgit v1.2.3-65-gdbad