debian/0000755000000000000000000000000012246673572007204 5ustar debian/natlog.default0000644000000000000000000000112712246673572012037 0ustar # Lines added by the package maintainer: # The `conntrack' argument is the only mode I can offer by default. # as I don't know the devices of your firewall. # You might consider changing "conntrack" to the names of two devices, # the first device being the device behind the firewall (hosts there have # their IP addresses source-natted), the 2nd device being the device before # the firewall (e.g., the device connected to the Internet or outside world). # Example: # DAEMON_ARGS="tun0 eth0" DAEMON_ARGS="conntrack" # change to `yes' (no quotes) if natlog should start automatically START=no debian/natlog.postrm0000644000000000000000000000172612246673572011744 0ustar #!/bin/sh # postrm script for natlog # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `purge' # * `upgrade' # * `failed-upgrade' # * `abort-install' # * `abort-install' # * `abort-upgrade' # * `disappear' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) # rm -f /etc/rc2.d/S20.natlog /etc/rc0.d/K20.natlog ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/natlog.init0000644000000000000000000001342712246673572011364 0ustar #! /bin/sh ### BEGIN INIT INFO # Provides: natlog # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: S # Default-Stop: # Short-Description: NAT logging daemon ### END INIT INFO # Author: Frank B. Brokken # George Danchev # Do NOT "set -e" # PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="NAT logging daemon" NAME=natlog DAEMON=/usr/sbin/$NAME #DAEMON_ARGS="--options args" PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh # re-set VERBOSE VERBOSE="yes" # Define LSB log_* functions. # Depend on lsb-base (>= 3.2-14) to ensure that this file is present # and status_of_proc is working. . /lib/lsb/init-functions # Only start if /etc/default/natlog holds START="yes" check_default_start_allowed() { if [ "$START" != "yes" ]; then [ "$VERBOSE" = "yes" ] && log_warning_msg "Not starting ${DESC} ${NAME}, disabled via /etc/default/${NAME}" exit 0 fi } load_kernel_module() { local module args module="$1" m_args="$2" # bail out if ip_conntrack support is already there [ -f /proc/net/ip_conntrack ] && return 0 # give up if the kernel does not support modules [ -f /proc/modules ] || return 0 [ -x /sbin/modprobe ] || return 0 if [ "$VERBOSE" = "yes" ]; then log_action_msg "Loading kernel module $module" modprobe $module $m_args || true else modprobe $module $m_args > /dev/null 2>&1 || true fi } # # Function that starts the daemon/service # do_start() { # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ || return 1 start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ $DAEMON_ARGS \ || return 2 # Add code here, if necessary, that waits for the process to be ready # to handle requests from services started subsequently which depend # on this one. As a last resort, sleep for some time. } # # Function that stops the daemon/service # do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Wait for children to finish too if this is a daemon that forks # and if the daemon is only ever run from this initscript. # If the above conditions are not satisfied then add some other code # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON [ "$?" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. rm -f $PIDFILE return "$RETVAL" } # # Function that sends a SIGHUP to the daemon/service # do_reload() { # # If the daemon can reload its configuration without # restarting (for example, when it is sent a SIGHUP), # then implement that here. # start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME return 0 } case "$1" in start) check_default_start_allowed load_kernel_module nf_conntrack_ipv4 [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 1) [ "$VERBOSE" != no ] && echo -n " - daemon was already stopped" && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; status) status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? ;; #reload|force-reload) # # If do_reload() is not implemented then leave this commented out # and leave 'force-reload' as an alias for 'restart'. # #log_daemon_msg "Reloading $DESC" "$NAME" #do_reload #log_end_msg $? #;; restart|force-reload) # # If the "reload" option is implemented then remove the # 'force-reload' alias # log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 exit 3 ;; esac : debian/rules0000755000000000000000000000710112246673572010263 0ustar #!/usr/bin/make -f # -*- makefile -*- # The following is for internal development usage only # Update that sum when new _upstream_ releases occur, this # catches silent file content forges at the upstream server side # Archive downloaded from https://www.icce.rug.nl/debian/natlog # file: natlog_x.y.z.tar.gz MD5TRUSTED := cb6ea8b633fbbbcf120da4d024c40648 # Uncomment this to turn on verbose mode. # export DH_VERBOSE=1 export LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS) export CPPFLAGS = $(shell dpkg-buildflags --get CPPFLAGS) export CXXFLAGS = $(shell dpkg-buildflags --get CXXFLAGS) # depend on g++-4.8 for debian ports export CXX = g++-4.8 CXXFLAGS += --std=c++0x -Wall configure: configure-stamp configure-stamp: dh_testdir # Add here commands to configure the package. touch configure-stamp build: build-indep build-arch build-indep: build-arch: build-stamp build-stamp: configure-stamp dh_testdir # compile the package. ./build program ./build man touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp configure-stamp # Add here commands to clean up after the build process. ./build clean dh_clean install: build dh_testdir dh_testroot dh_prep -k dh_installdirs # Add here commands to install the package into debian/natlog. ./build install program debian/natlog/usr/sbin/natlog ./build install man debian/natlog/usr/share/man/man1 ./build install std debian/natlog/usr/share/doc/natlog mkdir -p debian/natlog/etc/logrotate.d cp debian/natlog.logrotate debian/natlog/etc/logrotate.d/natlog cp etc/natlog.conf debian/natlog/etc/natlog.conf #mkdir -p debian/natlog/usr/share/lintian/overrides #cp debian/natlog.overrides \ # debian/natlog/usr/share/lintian/overrides/natlog # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot dh_installchangelogs dh_installdocs dh_installinit -- defaults 20 # dh_installdocs PROVIDE BLANK DELIMITED LIST OF FILES LIKE README dh_link dh_strip dh_compress dh_fixperms dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb # The following is for internal development usage only # Archive downloaded from https://www.icce.rug.nl/debian/natlog # file: natlog_x.y.z.tar.gz DEBVERSION:=$(shell head -n 1 debian/changelog | sed -e 's/^[^(]*(\([^)]*\)).*/\1/') UPVERSION:=$(shell echo $(DEBVERSION) | sed -e 's/^.*://' -e 's/-[0-9.]*$$//' -e 's/.dfsg$$//') UPNAME := natlog UPFILE := $(UPNAME)_$(UPVERSION).tar.gz DEFILE := $(UPNAME)_$(UPVERSION).orig.tar.gz URL := https://www.icce.rug.nl/debian/natlog MD5CURRENT := `md5sum ../tarballs/$(DEFILE) | sed -e 's/ .*//'` get-orig-source: @@[ -d ../tarballs/. ]||mkdir -p ../tarballs -@if [ ! -f ../tarballs/$(DEFILE) ] ; then \ echo "Downloading $(URL)/$(UPFILE) from $(URL)/$(UPFILE) ..." ; \ wget --no-check-certificate --quiet -N -nv -T20 -t3 -O \ ../tarballs/$(DEFILE) $(URL)/$(UPFILE) ; \ else \ echo "Upstream source tarball have been already downloaded" ; \ fi -@if [ "$(MD5CURRENT)" != "$(MD5TRUSTED)" ] ; then \ echo "Expecting upstream filename md5sum $(MD5TRUSTED), but $(MD5CURRENT) found" ; \ echo "Upstream filename md5sum is NOT trusted! Possible upstream filename forge!" ; \ false ; \ else \ echo "Upstream filename md5sum is trusted!" ; \ fi print-version: @@echo "Debian version: $(DEBVERSION)" @@echo "Upstream version: $(UPVERSION)" binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install configure debian/natlog.logrotate0000644000000000000000000000013012246673572012404 0ustar /var/log/natlog.log { weekly rotate 4 compress nocreate missingok } debian/changelog0000644000000000000000000001171212246673572011060 0ustar natlog (1.00.2-1) unstable; urgency=low * New upstream release. (Closes: #730911) * Bump Standards-Version to 3.9.5. -- tony mancill Sun, 01 Dec 2013 09:52:46 -0800 natlog (1.00.1-3) unstable; urgency=low * Switch g++ dependency to g++-4.8 to allow auto-builders to install the necessary compiler on architectures where g++ (>= 4:4.7) is not available. * Update Vcs fields to be canonical. -- tony mancill Sat, 10 Aug 2013 22:52:39 -0700 natlog (1.00.1-2) unstable; urgency=low * Bump libbobcat-dev versioned build dependency to 3.11, which is the first Debian version to include . Thanks to Thorsten Glaser for pointing out the build failure on m68k. -- tony mancill Sun, 04 Aug 2013 20:39:57 -0700 natlog (1.00.1-1) unstable; urgency=low * Patch cancelled: included in upstream sources * Removed strict 4.7 version dependency from debian/rules * Reorganized debian/rules, removed the git-build target * New upstream release: bumped to 1.00.1 after using natlog for about a year without encountering serious problems -- Frank B. Brokken Tue, 18 Jun 2013 20:30:43 +0200 natlog (0.91.3-3) unstable; urgency=low * Add patch for FTBFS. (Closes: #710630) -- tony mancill Sat, 01 Jun 2013 20:23:12 -0700 natlog (0.91.3-2) unstable; urgency=low * restore $syslog dependency to init script * export CXX in debian/rules * install /etc/natlog.conf in d/rules (no longer installed by icmake) -- tony mancill Wed, 06 Feb 2013 22:17:13 -0800 natlog (0.91.3-1) unstable; urgency=low [ Frank B. Brokken ] * new upstream release, * Natlog now catches std::exceptions instead of FBB::Errno exceptions, and returns 0 with the --help and --version options * build script recognizes CXX, CPPFLAGS, CXXFLAGS, and LDFLAGS environment variables * debian/patches/use-g++-4.7.patch now superfluous: removed * init script now starts in runlevel S [ tony mancill ] * Depend on g++-4.7. * Bump Standards-Version to 3.9.4. * Update Vcs fields to point to packaging repo on git.debian.org. -- tony mancill Sun, 27 Jan 2013 18:47:43 -0800 natlog (0.91.0-3) unstable; urgency=low * Use source format 3.0 (quilt) * Build depend on g++-4.7, since it is available on all architectures. * Patch up build to use g++-4.7 (to be removed when g++ >=4.7 becomes the default compiler on all Debian supported architectures) * Attempt to load kernel module nf_conntrack_ipv4 from init script, since this provides /proc/net/ip_conntrack, effectively what natlog checks for on startup. Bail out if /proc/net/ip_conntrack is already found to be available (unlikely to hit a possible race). * Fix a typo in synopsis, thanks to Vincent Blut. (Closes: #679567) -- George Danchev Fri, 13 Jul 2012 10:56:59 +0200 natlog (0.91.0-2) unstable; urgency=low * Build-depend on g++ 4:4.7.0 (forgotten epoch in the g++ version led to FTBFS on armel, ia64, powerpc, s390, s390x where an old compiler choke the override keyword) -- George Danchev Sun, 01 Jul 2012 07:52:38 +0200 natlog (0.91.0-1) unstable; urgency=low [ Frank B. Brokken ] * New upstream release fixes message handling (in daemon mode all messages are sent to the syslog daemon), and verifies the user's ability to start conntrack before conntrack is actually started. The daemon's parent merely returns 0 if its child started successfully, otherwise 1 is returned. * Added natlog init script. [ George Danchev ] * Build-depend on libpcap-dev * Build depend on debhelper >= 9, resp. use compat 9 * Engage dpkg-buildflags for CPPFLAGS, CFLAGS, CXXFLAGS, LDFLAGS * Use dh_prep rather than dh_clean -k * Architecture: linux-any * Drop dh_testdir from get* targets * natlog.init - comment DAEMON_ARGS="--options args", these are to be set from /etc/default/natlog * Check default start option, add more verbosity * Use update-rc.d in postinst and postrm * Depend on lsb-base (>= 3.2-14) to ensure that /lib/lsb/init-functions is present. * Point Vcs fields to openfmi.net * Add Tony Mancill and me to Uploaders -- George Danchev Mon, 18 Jun 2012 18:40:06 +0200 natlog (0.10.0-1) unstable; urgency=low * New upstream version, NATLOG now at sourceforge * Updated the control file to reflext the above change -- Frank B. Brokken Sat, 09 Jun 2012 16:48:43 +0200 natlog (0.03.0-1) unstable; urgency=low * New upstream version -- Frank B. Brokken Thu, 07 Jun 2012 17:22:22 +0200 natlog (0.02.0-1) unstable; urgency=low * New upstream version -- Frank B. Brokken Thu, 07 Jun 2012 14:14:12 +0200 natlog (0.01.0-1) unstable; urgency=low * Initial Release. -- Frank B. Brokken Tue, 05 Jun 2012 21:40:46 +0200 debian/source/0000755000000000000000000000000012246673572010504 5ustar debian/source/format0000644000000000000000000000001412246673572011712 0ustar 3.0 (quilt) debian/compat0000644000000000000000000000000212246673572010402 0ustar 9 debian/copyright0000644000000000000000000000244612246673572011145 0ustar This package was debianized by Frank B. Brokken on Wed, 01 Oct 2008 20:01:58 +0200 It was downloaded from: https://www.icce.rug.nl/svnroot/natlog Upstream Author: Frank B. Brokken Copyright: natlog short description Copyright (c) 2008 - now by Frank B. Brokken, University of Groningen. License: This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. On Debian systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL'. Debian packaging copyright:   (C) 2008 Frank B. Brokken and is licensed under the GPL, see above. debian/control0000644000000000000000000000322012246673572010604 0ustar Source: natlog Section: devel Priority: optional Maintainer: Frank B. Brokken Uploaders: George Danchev , tony mancill Build-Depends: debhelper (>= 9), g++-4.8, icmake (>= 7.19.00), libbobcat-dev (>= 3.11.00), libpcap-dev, yodl (>= 3.00.0) Standards-Version: 3.9.5 Vcs-Git: git://anonscm.debian.org/collab-maint/natlog.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/natlog.git Homepage: http://natlog.sourceforge.net/ Package: natlog Architecture: linux-any Depends: ${misc:Depends}, ${shlibs:Depends}, lsb-base (>= 3.2-14) Suggests: conntrack (>= 1.0.0) Description: Source-natting firewall logging utility Firewalls like iptables usually offer POSTROUTING source network address translation facilities changing the source address of a host behind the firewall to the address of the host before the firewall. . The standard log facilities provided by iptables do not easily allow us to associate addresses behind the firewall to their source-natted equivalents before the firewall. Natlog was designed to fill in that particular niche. . When running natlog, messages are sent to the syslog daemon and/or to the standard output stream showing the essential characteristics of the connection using source natting. Here is an example: . from Fri 8 22:30:10:55588 until Fri 8 22:40:43:807100: 192.168.19.72:4467 (via: 129.125.90.132:4467) to 200.49.219.180:443 . Natlog depends on facilities provided by iptables; work is in progress to generate logs using facilities offered by the pcap library. debian/natlog.postinst0000644000000000000000000000241712246673572012301 0ustar #!/bin/sh # postinst script for natlog # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-remove' # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in configure) # ln -sf ../init.d/natlog /etc/rc2.d/S01.natlog # ln -sf ../init.d/natlog /etc/rc3.d/S01.natlog # ln -sf ../init.d/natlog /etc/rc4.d/S01.natlog # ln -sf ../init.d/natlog /etc/rc5.d/S01.natlog # ln -sf ../init.d/natlog /etc/rc0.d/K02.natlog # ln -sf ../init.d/natlog /etc/rc1.d/K02.natlog # ln -sf ../init.d/natlog /etc/rc6.d/K02.natlog ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0