debian/0000755000000000000000000000000012253340642007167 5ustar debian/copyright0000644000000000000000000000133712154126614011127 0ustar This package was debianized by Max Kellermann on Thu Sep 21 00:09:44 CEST 2006 It was downloaded from http://conntrack-tools.netfilter.org/downloads.html Upstream Authors: Pablo Neira Ayuso Harald Welte Copyright: (C) 2005 by Pablo Neira Ayuso This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. On Debian GNU/Linux systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL'. debian/conntrack.install0000644000000000000000000000011012154126614012532 0ustar debian/tmp/usr/sbin/conntrack debian/tmp/usr/share/man/man8/conntrack.8 debian/conntrackd.postinst0000644000000000000000000000061012154126614013120 0ustar #!/bin/sh set -e action=$1 version=$2 # package versions < 0.9.8-1 had the configuration file in a # non-standard location if [ "$action" = configure -a -n "$version" ] && dpkg --compare-versions "$version" lt "1:0.9.8-1" && test -f /etc/conntrackd.conf.dpkg-updating then # unmodified version, delete without prompting rm /etc/conntrackd.conf.dpkg-updating fi #DEBHELPER# debian/changelog0000644000000000000000000002135212253340642011044 0ustar conntrack (1:1.4.1-1ubuntu1) trusty; urgency=low * Merge from Debian unstable. Remaining changes: - Error on fwrite failure in src/read_config_lex.c. - Patch from Kees Cook to not ignore return value of chdir call. * Merge the above changes into a patch and drop the parse.c change as its included in debian -- Bhavani Shankar Sun, 15 Dec 2013 19:58:06 +0530 conntrack (1:1.4.1-1) unstable; urgency=low * [095df09] Move to 3.0 (quilt) for bz2 support * [6b61aef] Imported Upstream version 1.4.1 - Fix build error in parse.c (Closes: #707388) * [6d981a0] Update build-deps -- Alexander Wirt Thu, 06 Jun 2013 13:43:18 +0200 conntrack (1:1.2.1-1ubuntu1) quantal; urgency=low * Merge from Debian unstable. Remaining changes: - Error on fwrite failure in src/read_config_lex.c. - Patch from Kees Cook to not ignore return value of chdir call. * Include stdio.h to fix FTBFS. -- Angel Abad Fri, 27 Jul 2012 11:40:16 +0200 conntrack (1:1.2.1-1) unstable; urgency=low * [ed902b3] Initial upstream branch. * [ea27bb4] Imported Upstream version 1.2.1 * [9a5f9ae] Update libnetfilter_conntrack requirement * [92005c6] Fix dependency * [fb4a63b] wrap-and-sort debian/control * [21100c2] Remove obsolete stuff * [30f468d] Convert to dh9 * [b96ec88] Bump standards version * [741f6a6] wrap-and-sort * [9c43cb9] Install examples * [f403c41] Installation of examples moved to dh_installexamples * [d60e302] Remove wrong example -- Alexander Wirt Tue, 12 Jun 2012 18:09:58 +0200 conntrack (1:1.0.0-2ubuntu1) oneiric; urgency=low * Merge from debian unstable. (LP: #778690) Remaining changes: - Error on fwrite failure in src/read_config_lex.c. - Patch from Kees Cook to not ignore return value of chdir call. -- Angel Abad Tue, 07 Jun 2011 15:17:56 +0200 conntrack (1:1.0.0-2) unstable; urgency=low * Build depend on libnetfilter-conntrack >= 0.9.1 (Closes: #616410) -- Alexander Wirt Fri, 04 Mar 2011 10:07:00 +0100 conntrack (1:1.0.0-1) unstable; urgency=low * New upstream version (Closes: #589202, #589203, #589204) - Fix removing of conntrack entries (Closes: #496769) * Bump standards version * Force deb source 1.0 * Use invoke-rc.d in logrotate.de (Closes: #613512) * Make logrotate silent (Closes: #605247) -- Alexander Wirt Thu, 03 Mar 2011 23:07:26 +0100 conntrack (1:0.9.14-2ubuntu1) maverick; urgency=low * Merge from debian unstable (LP: #599148), remaining changes: - Error on fwrite failure in src/read_config_lex.c. - Patch from Kees Cook to not ignore return value of chdir call. -- Lorenzo De Liso Sun, 27 Jun 2010 23:47:14 +0200 conntrack (1:0.9.14-2) unstable; urgency=low * Integrate lost NMU from Stefan Fritsch. Thanks Stefan * Prevent dpkg conffile prompt for unmodified conntrackd.conf when upgrading from pre 1:0.9.12-1 (closes: #542662). -- Alexander Wirt Sat, 13 Feb 2010 11:17:59 +0100 conntrack (1:0.9.14-1) unstable; urgency=low * New upstream version * Add ${misc:Depends} to all binary packages * Add dpatch support * Bump standards version (no changes) * Remove Max from Uploaders. Thanks for your work! * Backport patch from HEAD to fix UDP filtering. Thanks tino for the hint -- Alexander Wirt Sat, 30 Jan 2010 18:34:09 +0100 conntrack (1:0.9.13-1.1ubuntu1) lucid; urgency=low * Merge from debian testing. Remaining changes: LP: #506831 - Error on fwrite failure in src/read_config_lex.c. - Patch from Kees Cook to not ignore return value of chdir call. -- Bhavani Shankar Wed, 13 Jan 2010 10:36:40 +0530 conntrack (1:0.9.13-1.1) unstable; urgency=high * Non-maintainer upload. * Prevent dpkg conffile prompt for unmodified conntrackd.conf when upgrading from pre 1:0.9.12-1 (closes: #542662). -- Stefan Fritsch Sat, 28 Nov 2009 20:41:03 +0100 conntrack (1:0.9.13-1) unstable; urgency=low [ Max Kellermann ] * new upstream release (Closes: #537896, #545918) - require libnfnetlink 1.0.0, libnetfilter_conntrack 0.0.100 - ChangeLog was removed by upstream * updated home page in the copyright file (Closes: #533583) * correct LSB dependencies in init script, patch by Petter Reinholdtsen (Closes: #541079) [ Alexander Wirt ] * Bump standards version -- Alexander Wirt Thu, 17 Sep 2009 12:32:19 +0200 conntrack (1:0.9.12-1ubuntu1) karmic; urgency=low * Merge from debian unstable (LP: #380358), remaining changes: - Error on fwrite failure in src/read_config_lex.c. - Patch from Kees Cook to not ignore return value of chdir call. * debian/copyright: Updated download site. -- Andres Rodriguez Thu, 18 Jun 2009 18:27:31 -0500 conntrack (1:0.9.12-1) unstable; urgency=low [ Max Kellermann ] * new upstream release - build-depend on libnfnetlink 0.0.40, libnetfilter-conntrack 0.0.99 - fixes FTBS (undeclared variable) (Closes: #522181, #518891) * moved conntrackd.conf to /etc/conntrackd/conntrackd.conf (Closes: #477679) * updated sample configuration file * updated home page to http://conntrack-tools.netfilter.org/ * restart conntrackd after logrotate (Closes: #513079) [ Alexander Wirt ] * Bump standards version -- Alexander Wirt Thu, 02 Apr 2009 11:37:25 +0200 conntrack (1:0.9.7-1.1ubuntu2) jaunty; urgency=low * Patch from Kees Cook to not ignore return value of chdir call. Thanks Kees (LP: #256380) * Remove undef of _FORTIFY_SOURCE. * Error on fwrite failure in src/read_config_lex.c. -- James Westby Mon, 24 Nov 2008 01:27:09 +0000 conntrack (1:0.9.7-1.1ubuntu1) jaunty; urgency=low * Merge from debian unstable (LP: 256380), remaining changes: + #include in {main,ignore_pool}.c to get PATH_MAX and INT_MAX + local.c: Fix insecure printf usage + debian/rules: -undef _FORTIFY_SOURCE so that it doesn't fail about ignored chdir() return value. -- Manny Vindiola Fri, 21 Nov 2008 18:36:33 -0500 conntrack (1:0.9.7-1.1) unstable; urgency=low * Non-maintainer upload. * Add casts to printf() statement in event_cb() to avoid a compiler warning on sparc which results in build failure (Closes: #492813) -- Jurij Smakov Sat, 23 Aug 2008 20:51:33 +0100 conntrack (1:0.9.7-1) unstable; urgency=low [ Max Kellermann ] * new upstream release - dropped all patches because they have been merged by upstream - depend on libnfnetlink 0.0.33, libnetfilter-conntrack 0.0.94 [ Alexander Wirt ] * Bump standards version (No changes) -- Alexander Wirt Tue, 22 Jul 2008 23:33:30 +0200 conntrack (1:0.9.6-4ubuntu1) intrepid; urgency=low * debian/patches: Add fix_includes_and_printf_usage.dpatch - #include in {main,ignore_pool}.c to get PATH_MAX and INT_MAX - local.c: Fix insecure printf usage * debian/rules: undef _FORTIFY_SOURCE so that it doesn't fail about ignored chdir() return value. * Modify Maintainer value to match the DebianMaintainerField specification. -- Albin Tonnerre Sun, 15 Jun 2008 18:39:30 +0200 conntrack (1:0.9.6-4) unstable; urgency=low [ Max Kellermann ] * fix compilation on SPARC (printf argument mismatch) -- Alexander Wirt Mon, 14 Apr 2008 23:09:22 +0200 conntrack (1:0.9.6-3) unstable; urgency=low [ Max Kellermann ] * fix gcc 4.3 compilation errors: - "large integer implicitly truncated to unsigned type" (Closes: #472812) - "'input' defined but not used" (Closes: #474768) -- Alexander Wirt Tue, 08 Apr 2008 22:08:10 +0200 conntrack (1:0.9.6-2) unstable; urgency=low * Build depend on bison (Closes: #472442) -- Alexander Wirt Mon, 24 Mar 2008 12:35:44 +0100 conntrack (1:0.9.6-1) unstable; urgency=low [ Max Kellermann ] * new upstream release * added package "conntrackd" * updated watchfile for new upstream name "conntrack-tools" (Closes: #449899) * removed "-Wall" from CFLAGS override * moved DH_COMPAT to debian/compat * don't ignore "make distclean" errors * bumped Standards-Version to 3.7.3 * install upstream changelog * added Homepage header to debian/control * call dh_install with -X.svn because upstream accidently distributed the .svn directories -- Alexander Wirt Fri, 21 Mar 2008 22:46:22 +0100 conntrack (1.00~beta2-1) unstable; urgency=low * initial debian release (Closes: #388615) -- Max Kellermann Thu, 21 Sep 2006 18:04:51 +0200 debian/conntrackd.install0000644000000000000000000000016012154126613012702 0ustar debian/conntrackd.conf etc/conntrackd debian/tmp/usr/sbin/conntrackd debian/tmp/usr/share/man/man8/conntrackd.8 debian/source/0000755000000000000000000000000012154126614010470 5ustar debian/source/format0000644000000000000000000000001412154126614011676 0ustar 3.0 (quilt) debian/conntrackd.init0000755000000000000000000000255312154126613012212 0ustar #!/bin/bash # # conntrackd Start conntrackd using /etc/conntrackd.conf # # Written by Max Kellermann # ### BEGIN INIT INFO # Provides: conntrackd # Required-Start: $network $syslog $remote_fs # Required-Stop: $network $syslog $remote_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Description: Starts conntrackd # short-description: Starts conntrackd ### END INIT INFO #includes lsb functions source /lib/lsb/init-functions PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/sbin/conntrackd test -x $DAEMON || exit 0 CONFIG=/etc/conntrackd/conntrackd.conf OPTIONS="" test -f /etc/default/conntrackd && source /etc/default/conntrackd test -f $CONFIG || exit 0 case "$1" in start) log_begin_msg "Starting conntrackd" start-stop-daemon --start --quiet \ --exec $DAEMON \ -- \ -d \ -C "$CONFIG" \ $OPTIONS log_end_msg $? ;; stop) log_begin_msg "Stopping conntrackd" $DAEMON \ -C "$CONFIG" \ -k log_end_msg $? ;; restart|force-reload) $0 stop sleep 1 $0 start ;; *) log_action_msg "Usage: /etc/init.d/conntrackd {start|stop|restart|force-reload}" exit 1 ;; esac exit 0 debian/conntrackd.README.Debian0000644000000000000000000000045412154126614013361 0ustar conntrackd can run in two modes: - statistics mode - synchronization mode This package comes with a sample configuration file for the statistics mode in (/etc/conntrackd/conntrackd.conf). There are also sample configuration files for the synchronization mode in /usr/share/doc/conntrackd/examples. debian/conntrackd.examples0000644000000000000000000000002312154126614013051 0ustar doc/stats doc/sync debian/conntrackd.preinst0000755000000000000000000000134612154126613012732 0ustar #!/bin/sh set -e action=$1 version=$2 if [ "$action" = upgrade -a -n "$version" ] && dpkg --compare-versions "$version" lt "1:0.9.8-1" && test -f /etc/conntrackd.conf && ! test -e /etc/conntrackd/conntrackd.conf; then # package versions < 0.9.8-1 had the configuration file in a # non-standard location mkdir -p /etc/conntrackd if md5sum /etc/conntrackd.conf 2> /dev/null | grep -q 9e463d9bb7902e513da1b90b326bd43d then # unmodified version, dpkg should not prompt, delete in postinst mv /etc/conntrackd.conf /etc/conntrackd.conf.dpkg-updating else # move to new location to make dpkg prompt mv /etc/conntrackd.conf /etc/conntrackd/conntrackd.conf fi fi #DEBHELPER# debian/control0000644000000000000000000000230212154126613010567 0ustar Source: conntrack Section: net Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Alexander Wirt Homepage: http://conntrack-tools.netfilter.org/ Build-Depends: bison, debhelper (>= 9), flex, libmnl-dev (>= 1.0.1), libnetfilter-conntrack-dev (>= 1.0.1), libnetfilter-cthelper0-dev, libnetfilter-cttimeout-dev (>= 1.0.0), libnetfilter-queue-dev (>= 1.0.2), libnfnetlink-dev (>= 1.0.1) Standards-Version: 3.9.4 Package: conntrack Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends} Description: Program to modify the conntrack tables conntrack is a userspace command line program targeted at system administrators. It enables them to view and manage the in-kernel connection tracking state table. Package: conntrackd Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends} Description: Connection tracking daemon Conntrackd can replicate the status of the connections that are currently being processed by your stateful firewall based on Linux. Conntrackd can also run as statistics daemon. debian/patches/0000755000000000000000000000000012253336453010623 5ustar debian/patches/changes.patch0000644000000000000000000000150012253337675013257 0ustar Description: Convert ubuntu changes to a patch --- conntrack-1.4.1.orig/src/read_config_lex.c +++ conntrack-1.4.1/src/read_config_lex.c @@ -4330,7 +4330,8 @@ static int input (void ); /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ -#define ECHO do { if (fwrite( yytext, yyleng, 1, yyout )) {} } while (0) + +#define ECHO if (fwrite( yytext, yyleng, 1, yyout )) yy_fatal_error (strerror (errno)); #endif /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, --- conntrack-1.4.1.orig/src/main.c +++ conntrack-1.4.1/src/main.c @@ -382,7 +382,10 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } - chdir("/"); + if (chdir("/")<0) { + perror("chdir"); + exit(EXIT_FAILURE); + } close(STDIN_FILENO); /* Daemonize conntrackd */ debian/patches/series0000644000000000000000000000001612253336453012035 0ustar changes.patch debian/conntrackd.logrotate0000644000000000000000000000023212154126614013235 0ustar /var/log/conntrackd-stats.log { weekly rotate 2 missingok postrotate invoke-rc.d conntrackd restart > /dev/null endscript } debian/conntrack.examples0000644000000000000000000000001012154126614012701 0ustar doc/cli debian/conntrackd.conf0000644000000000000000000000413612154126614012171 0ustar # # General settings # General { # # Number of buckets in the caches: hash table # HashSize 8192 # # Maximum number of conntracks: # it must be >= $ cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max # HashLimit 65535 # # Logfile: on (/var/log/conntrackd.log), off, or a filename # Default: off # #LogFile on # # Syslog: on, off or a facility name (daemon (default) or local0..7) # Default: off # Syslog on # # Lockfile # LockFile /var/lock/conntrackd.lock # # Unix socket configuration # UNIX { Path /var/run/conntrackd.sock Backlog 20 } # # Netlink socket buffer size # SocketBufferSize 262142 # # Increase the socket buffer up to maximun if required # SocketBufferSizeMaxGrown 655355 # # Event filtering: This clause allows you to filter certain traffic, # There are currently three filter-sets: Protocol, Address and # State. The filter is attached to an action that can be: Accept or # Ignore. Thus, you can define the event filtering policy of the # filter-sets in positive or negative logic depending on your needs. # Filter { # # Accept only certain protocols: You may want to log the # state of flows depending on their layer 4 protocol. # Protocol Accept { TCP } # # Ignore traffic for a certain set of IP's. # Address Ignore { IPv4_address 127.0.0.1 # loopback } # # Uncomment this line below if you want to filter by flow state. # The existing TCP states are: SYN_SENT, SYN_RECV, ESTABLISHED, # FIN_WAIT, CLOSE_WAIT, LAST_ACK, TIME_WAIT, CLOSED, LISTEN. # # State Accept { # ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP # } } } Stats { # # If you enable this option, the daemon writes the information about # destroyed connections to a logfile. Default is off. # Logfile: on, off, or a filename # Default file: (/var/log/conntrackd-stats.log) # LogFile on # # Enable connection logging via Syslog. Default is off. # Syslog: on, off or a facility name (daemon (default) or local0..7) # If you set the facility, use the same as in the General clause, # otherwise you'll get a warning message. # #Syslog on } debian/conntrackd.postrm0000644000000000000000000000061612154126614012567 0ustar #!/bin/sh set -e action=$1 # package versions < 0.9.8-1 had the configuration file in a # non-standard location if [ "$action" = "abort-upgrade" ] && [ -f /etc/conntrackd.conf.dpkg-updating ] then # unmodified version, restore mv /etc/conntrackd.conf.dpkg-updating /etc/conntrackd.conf fi if [ "$action" = "purge" ] ; then rm -f /etc/conntrackd.conf.dpkg-updating fi #DEBHELPER# debian/rules0000755000000000000000000000067112154126613010253 0ustar #!/usr/bin/make -f # -*- makefile -*- # Sample debian/rules that uses debhelper. # This file was originally written by Joey Hess and Craig Small. # As a special exception, when this file is copied by dh-make into a # dh-make output file, you may use that output file without restriction. # This special exception was added by Craig Small in version 0.37 of dh-make. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 %: dh $@ debian/conntrackd.default0000644000000000000000000000017212154126614012664 0ustar # Which configuration file? #CONFIG=/etc/conntrackd/conntrackd.conf # Additional options for daemon startup. #OPTIONS="" debian/clean0000644000000000000000000000002412154126614010171 0ustar config.log lex.yy.c debian/compat0000644000000000000000000000000212154126614010366 0ustar 9 debian/watch0000644000000000000000000000017612154126614010225 0ustar version=3 opts="uversionmangle=s/beta/~beta/" \ http://ftp.netfilter.org/pub/conntrack-tools/conntrack-tools-(\S+)\.tar\.bz2