diff --git a/0005-conntrackd-set-default-hashtable-buckets-and-max-ent.patch b/0005-conntrackd-set-default-hashtable-buckets-and-max-ent.patch new file mode 100644 index 0000000000000000000000000000000000000000..0d2c548a4015c4e31e3dd944e2e196a390dc2ee6 --- /dev/null +++ b/0005-conntrackd-set-default-hashtable-buckets-and-max-ent.patch @@ -0,0 +1,38 @@ +From c63bdecd96375309d32239c7a83d985ac51704c5 Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso +Date: Mon, 8 Mar 2021 16:29:25 +0100 +Subject: [PATCH] conntrackd: set default hashtable buckets and max entries if + not specified + +Fall back to 65536 buckets and 262144 entries. + +It would be probably good to add code to autoadjust by reading +/proc/sys/net/netfilter/nf_conntrack_buckets and +/proc/sys/net/nf_conntrack_max. + +Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1491 +Signed-off-by: Pablo Neira Ayuso +(cherry picked from commit 3276471d23d4d96d55e9a0fb7a10983d8097dc45) +--- + src/read_config_yy.y | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/read_config_yy.y b/src/read_config_yy.y +index cc0eb183bde34..7f6dae821e5a2 100644 +--- a/src/read_config_yy.y ++++ b/src/read_config_yy.y +@@ -1924,5 +1924,11 @@ init_config(char *filename) + NF_NETLINK_CONNTRACK_DESTROY; + } + ++ /* default hashtable buckets and maximum number of entries */ ++ if (!CONFIG(hashsize)) ++ CONFIG(hashsize) = 65536; ++ if (!CONFIG(limit)) ++ CONFIG(limit) = 262144; ++ + return 0; + } +-- +2.38.0 + diff --git a/conntrack-tools-1.4.4.tar.bz2 b/conntrack-tools-1.4.4.tar.bz2 deleted file mode 100644 index dd3811fb7abc94bfd00e12af980f933b5e64feb8..0000000000000000000000000000000000000000 Binary files a/conntrack-tools-1.4.4.tar.bz2 and /dev/null differ diff --git a/conntrack-tools.spec b/conntrack-tools.spec index f756de51cf679c81a70af10feafbd980f6cf4cff..4f603f2ca65ebc0f95abf54073c9e7f7445d8d74 100644 --- a/conntrack-tools.spec +++ b/conntrack-tools.spec @@ -1,7 +1,7 @@ %define anolis_release .0.1 Name: conntrack-tools Version: 1.4.4 -Release: 10%{anolis_release}%{?dist} +Release: 11%{anolis_release}%{?dist} Summary: Manipulate netfilter connection tracking table and run High Availability Group: System Environment/Base License: GPLv2 @@ -14,6 +14,7 @@ Patch1: conntrack-tools-1.4.4-nat_tuple-leak.patch Patch2: conntrack-tools-1.4.4-free-pktb-after-use.patch Patch3: conntrack-Fix-CIDR-to-mask-conversion-on-Big-Endian.patch Patch4: nfct-helper-Fix-NFCTH_ATTR_PROTO_L4NUM-size.patch +Patch5: 0005-conntrackd-set-default-hashtable-buckets-and-max-ent.patch BuildRequires: libnfnetlink-devel >= 1.0.1, libnetfilter_conntrack-devel >= 1.0.6 BuildRequires: libnetfilter_cttimeout-devel >= 1.0.0, libnetfilter_cthelper-devel >= 1.0.0 @@ -62,6 +63,7 @@ Doc pages for %{name}. %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 %build export LDFLAGS="${LDFLAGS} -Wl,-z,lazy" @@ -106,9 +108,12 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/conntrackd/ %systemd_postun conntrackd.service %changelog -* Sat Jul 16 2022 DengXiewei - 1.4.4-10.0.1 +* Tue May 30 2023 DengXiewei - 1.4.4-11.0.1 - Add doc sub package +* Fri Nov 04 2022 Phil Sutter - 1.4.4-11 +- conntrackd: set default hashtable buckets and max entries if not specified + * Mon Nov 18 2019 Phil Sutter - 1.4.4-10 - Fix issues on Big Endian (rhbz#1750744) diff --git a/dist b/dist new file mode 100644 index 0000000000000000000000000000000000000000..9c0e36ec42a2d9bfefacb21ac6354c9ddd910533 --- /dev/null +++ b/dist @@ -0,0 +1 @@ +an8 diff --git a/download b/download new file mode 100644 index 0000000000000000000000000000000000000000..8c3a1c39bcfc0e868c13336147141c5d4bad84b8 --- /dev/null +++ b/download @@ -0,0 +1 @@ +acd9e0b27cf16ae3092ba900e4d7560e conntrack-tools-1.4.4.tar.bz2