Conntrackd is the userspace daemon for the Netfilter's Connection Tracking System. This daemon maintains a copy of the Connection Tracking System in userspace. It is entirely written in C and is highly configurable and easily extensible. Currently it covers the specific aspects of Stateful Linux firewalls to enable high availability solutions and can be used as statistics collector of the firewall use.
Zzzzzzzz...
What info do you need? Or did you mean NEEDBEER, or NEEDSLEEP? ;)
Is this a request for ebuild or what exactly?
It is a request for a new ebuild for conntrackd, yes. Its firewall software so it should go to net-firewall. It depends on libnfnetlink ≥ 0.0.25 and libnetfilter_conntrack ≥ 0.0.50 which both are in portage but needs a version bump.
Created attachment 109390 [details] conntrackd-0.9.2.ebuild Does not compile against uclibc, but it's a start at least. In file included from /usr/include/sys/uio.h:24, from /usr/include/sys/socket.h:27, from /usr/include/libnfnetlink/libnfnetlink.h:19, from proxy.c:19: /usr/include/sys/types.h:61: error: conflicting types for 'dev_t' /usr/include/linux/types.h:27: error: previous declaration of 'dev_t' was here /usr/include/sys/types.h:71: error: conflicting types for 'mode_t' /usr/include/linux/types.h:33: error: previous declaration of 'mode_t' was here /usr/include/sys/types.h:76: error: conflicting types for 'nlink_t' /usr/include/linux/types.h:36: error: previous declaration of 'nlink_t' was here In file included from /usr/include/sys/types.h:215, from /usr/include/sys/uio.h:24, from /usr/include/sys/socket.h:27, from /usr/include/libnfnetlink/libnfnetlink.h:19, from proxy.c:19: /usr/include/sys/select.h:68: error: conflicting types for 'fd_set' /usr/include/linux/types.h:24: error: previous declaration of 'fd_set' was here In file included from /usr/include/sys/uio.h:24, from /usr/include/sys/socket.h:27, from /usr/include/libnfnetlink/libnfnetlink.h:19, from proxy.c:19: /usr/include/sys/types.h:230: error: conflicting types for 'blkcnt_t' /usr/include/linux/types.h:158: error: previous declaration of 'blkcnt_t' was here make[1]: *** [proxy.o] Error 1
The ebuild compiles fine on amd64, but fails on uclibc.
conntrackd compiled just fine on uclibc when sys-kernel/linux-headers-2.6.20 was installed. Unfortunally, uclibc did not. I guess we only need an init.d script and a default /etc/conntrackd/conntrackd.conf file.
Created attachment 113550 [details] files/conntrackd.initd /etc/init.d/conntrackd
Created attachment 113552 [details] files/conntrackd.confd /etc/conf.d/conntrackd
Created attachment 113554 [details] conntrackd-0.9.2.ebuild Updated ebuild. It copies the examples/stats/conntrackd.conf file as default config.
I have a question. In the INSTALL file I read this: 6) Disable TCP window tracking Until the appropiate patches don't go into kernel mainline, you will have to disable TCP window tracking, consider this as a temporary solution: # echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal [end of cite] I wonder if the the init.d script should silently just set the setting on "start" or just fail with an eerror saying that user should enable ip_conntrack_tcp_be_liberal in /etc/sysctl.conf? Comments?
Created attachment 114487 [details] files/conntrackd.initd Updated init.d script that verifies that TCP window tracking is disabled.
*** This bug has been marked as a duplicate of bug 182019 ***
