[bug#54457,5/9] gnu: Add conntrack-tools
Commit Message
* gnu/packages/linux.scm (conntrack-tools): New variable.
---
gnu/packages/linux.scm | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
Comments
fesoj000 schreef op za 19-03-2022 om 01:47 [+0100]:
> + (native-inputs
> + (list bison flex libtirpc libnetfilter-conntrack libnetfilter-cttimeout
> + libnetfilter-cthelper libnetfilter-queue libnfnetlink libmnl
> + pkg-config))
Do all of these need to be 'native-inputs'? I would expect the libnet*
stuff libraries to be run at run-time, so wouldn't they need to be
compiled for the --target architecture instead of --system, and hence,
'inputs'?
As a test, if you have a non-aarch64 system, you can run
$ ./pre-inst-env guix build conntrack-tools --target=aarch64-linux-gnu
and see if it actually compiles.
Greetings,
Maxime.
fesoj000 schreef op za 19-03-2022 om 01:47 [+0100]:
> libnfnetlink
> + (license license:gpl1)))
libnfnetlink is gpl2 according to libnfnetlink, so at first sight,
there appears to be a license incompatibility here.
Greetings,
Maxime.
On 3/19/22 2:54 PM, Maxime Devos wrote:
> fesoj000 schreef op za 19-03-2022 om 01:47 [+0100]:
>> + (native-inputs
>> + (list bison flex libtirpc libnetfilter-conntrack libnetfilter-cttimeout
>> + libnetfilter-cthelper libnetfilter-queue libnfnetlink libmnl
>> + pkg-config))
>
> Do all of these need to be 'native-inputs'? I would expect the libnet*
> stuff libraries to be run at run-time, so wouldn't they need to be
> compiled for the --target architecture instead of --system, and hence,
> 'inputs'?
>
> As a test, if you have a non-aarch64 system, you can run
>
> $ ./pre-inst-env guix build conntrack-tools --target=aarch64-linux-gnu
>
> and see if it actually compiles.
you are correct, they have to be inputs. This is an 'old' mistake, i have this
packages in my channel since more then a year. Thanks for spotting this and the
other stuff.
@@ -128,6 +128,7 @@ (define-module (gnu packages linux)
#:use-module (gnu packages networking)
#:use-module (gnu packages ninja)
#:use-module (gnu packages nss)
+ #:use-module (gnu packages onc-rpc)
#:use-module (gnu packages perl)
#:use-module (gnu packages pciutils)
#:use-module (gnu packages pkg-config)
@@ -7346,6 +7347,38 @@ (define-public libnetfilter-queue
(home-page "https://netfilter.org/projects/libnetfilter_queue/index.html")
(license license:gpl1)))
+(define-public conntrack-tools
+ (package
+ (name "conntrack-tools")
+ (version "1.4.6")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://netfilter.org/projects/"
+ "conntrack-tools/files/"
+ "conntrack-tools-"
+ version ".tar.bz2"))
+ (sha256
+ (base32
+ "0psx41bclqrh4514yzq03rvs3cq3scfpd1v4kkyxnic2hk65j22r"))))
+ (build-system gnu-build-system)
+ (native-inputs
+ (list bison flex libtirpc libnetfilter-conntrack libnetfilter-cttimeout
+ libnetfilter-cthelper libnetfilter-queue libnfnetlink libmnl
+ pkg-config))
+ (synopsis "Set of tools targeting the conntrack kernel subsystem.")
+ (description "The tool conntrack provides a full featured interface that is
+intended to replace the old /proc/net/ip_conntrack interface.Using conntrack,
+you can view and manage the in-kernel connection tracking state table from
+userspace. On the other hand, conntrackd covers the specific aspects of stateful
+firewalls to enable highly available scenarios, and can be used as statistics
+collector as well.
+Since 1.2.0, the conntrack-tools includes the nfct command line utility. This
+utility only supports the nfnetlink_cttimeout by now. In the long run, we expect
+that it will replace conntrack by providing a syntax similar to nftables.")
+ (home-page "https://netfilter.org/projects/conntrack-tools/index.html")
+ (license license:gpl1)))
+
(define-public proot
(package
(name "proot")