[PATCH 0/9] Add netfilter tools and libraries

DoneSubmitted by fesoj000.
Details
3 participants
  • fesoj000
  • Ludovic Courtès
  • Maxime Devos
Owner
unassigned
Severity
normal
F
F
fesoj000 wrote on 19 Mar 01:19 +0100
(address . guix-patches@gnu.org)
871b5ef4-87f1-bd27-0d24-0725064b2894@gmail.com
Hi there,

nftables is already available but i am missing the other tools
to interact with the netfilter kernel subsystem.

This patch series, aside from some netfilter dependencies,
includes three main attractions. Details of which, can be found
in the description slots.

1. conntrack-tools
2. nfacct
3. ulogd

BR
F
F
fesoj000 wrote on 19 Mar 01:47 +0100
[PATCH 1/9] gnu: Add libnetfilter-conntrack
(address . 54457@debbugs.gnu.org)
1aa4ccd6-0a20-7f59-3ce9-83c7f3520713@gmail.com
* gnu/packages/linux.scm (libnetfilter-conntrack): New variable.
---
gnu/packages/linux.scm | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)

Toggle diff (39 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index bf18724990..837e8e5566 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7246,6 +7246,32 @@ (define-public nftables
  userspace queueing component and the logging subsystem.")
      (license license:gpl2)))
  
+(define-public libnetfilter-conntrack
+  (package
+   (name "libnetfilter_conntrack")
+   (version "1.0.8")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/"
+                         "libnetfilter_conntrack/files/"
+                         "libnetfilter_conntrack-"
+                         version ".tar.bz2"))
+     (sha256
+      (base32
+       "1ky1mqgnplw2h9jf0kn0a69d94jkydhbiipng9l2hdcj13h3pl8c"))))
+   (build-system gnu-build-system)
+   (native-inputs (list libnfnetlink libmnl pkg-config))
+   (synopsis "Library for kernel connection tracking state table.")
+   (description "libnetfilter_conntrack is a userspace library providing a
+programming interface (API) to the in-kernel connection tracking state table.
+The library libnetfilter_conntrack has been previously known as
+libnfnetlink_conntrack and libctnetlink. This library is currently used by
+conntrack-tools among many other applications.")
+   (home-page (string-append "https://netfilter.org/projects/"
+                             "libnetfilter_conntrack/index.html"))
+   (license license:gpl2+)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 19 Mar 01:47 +0100
[PATCH 2/9] gnu: Add libnetfilter-cttimeout
(address . 54457@debbugs.gnu.org)
cf08e8f1-3322-6bdc-6f12-95259d955dff@gmail.com
* gnu/packages/linux.scm (libnetfilter-cttimeout): New variable.
---
gnu/packages/linux.scm | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)

Toggle diff (39 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 837e8e5566..6dbec31064 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7272,6 +7272,32 @@ (define-public libnetfilter-conntrack
                               "libnetfilter_conntrack/index.html"))
     (license license:gpl2+)))
  
+(define-public libnetfilter-cttimeout
+  (package
+   (name "libnetfilter_cttimeout")
+   (version "1.0.0")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/"
+                         "libnetfilter_cttimeout/files/"
+                         "libnetfilter_cttimeout-"
+                         version ".tar.bz2"))
+     (sha256
+      (base32
+       "1fpyz1zlvcq80244knvyvy87909xjqlj02lmw8yblz2m9xsi5axf"))))
+   (build-system gnu-build-system)
+   (native-inputs (list libmnl pkg-config))
+   (synopsis "Library for kernel connection tracking timeout infrastructure")
+   (description "libnetfilter_cttimeout is the userspace library that provides
+the programming interface to the fine-grain connection tracking timeout
+infrastructure. With this library, you can create, update and delete timeout
+policies that can be attached to traffic flows. This library is used by
+conntrack-tools.")
+   (home-page (string-append "https://netfilter.org/projects/"
+                             "libnetfilter_cttimeout/index.html"))
+   (license license:gpl2)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 19 Mar 01:47 +0100
[PATCH 3/9] gnu: Add libnetfilter-cthelper
(address . 54457@debbugs.gnu.org)
7fab503e-2634-b878-d844-e322a56893b1@gmail.com
* gnu/packages/linux.scm (libnetfilter-cthelper): New variable.
---
gnu/packages/linux.scm | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)

Toggle diff (38 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 6dbec31064..8ddd495441 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7298,6 +7298,31 @@ (define-public libnetfilter-cttimeout
                               "libnetfilter_cttimeout/index.html"))
     (license license:gpl2)))
  
+(define-public libnetfilter-cthelper
+  (package
+   (name "libnetfilter_cthelper")
+   (version "1.0.0")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/"
+                         "libnetfilter_cthelper/files/"
+                         "libnetfilter_cthelper-"
+                         version ".tar.bz2"))
+     (sha256
+      (base32
+       "0gfgzkc1fjniqwk4jxds72c0lcgfhq2591hrvjrvd9nrqiqqwq87"))))
+   (build-system gnu-build-system)
+   (native-inputs (list libmnl pkg-config))
+   (synopsis "Library for kernel user-space helper infrastructure.")
+   (description "libnetfilter_cthelper is the userspace library that provides
+the programming interface to the user-space helper infrastructure available
+since Linux kernel 3.6. With this library, you register, configure, enable and
+disable user-space helpers. This library is used by conntrack-tools.")
+   (home-page (string-append "https://netfilter.org/projects/"
+                             "libnetfilter_cthelper/index.html"))
+   (license license:gpl2)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 19 Mar 01:47 +0100
[PATCH 4/9] gnu: Add libnetfilter-queue
(address . 54457@debbugs.gnu.org)
d5f78454-ef21-2a33-b592-95a7a55abdb5@gmail.com
* gnu/packages/linux.scm (libnetfilter-queue): New variable.
---
gnu/packages/linux.scm | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)

Toggle diff (36 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 8ddd495441..900f76063c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7323,6 +7323,29 @@ (define-public libnetfilter-cthelper
                               "libnetfilter_cthelper/index.html"))
     (license license:gpl2)))
  
+(define-public libnetfilter-queue
+  (package
+   (name "libnetfilter_queue")
+   (version "1.0.5")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/"
+                         "libnetfilter_queue/files/"
+                         "libnetfilter_queue-"
+                         version ".tar.bz2"))
+     (sha256
+      (base32
+       "1xdra6i4p8jkv943ygjw646qx8df27f7p5852kc06vjx608krzzr"))))
+   (build-system gnu-build-system)
+   (native-inputs (list libmnl libnfnetlink pkg-config))
+   (synopsis "Userspace library for kernel netfilter infrastructure and state")
+   (description "libnetfilter_queue is a userspace library providing an API to
+packets that have been queued by the kernel packet filter. It is is part of a
+system that deprecates the old ip_queue / libipq mechanism.")
+   (home-page "https://netfilter.org/projects/libnetfilter_queue/index.html")
+   (license license:gpl1)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 19 Mar 01:47 +0100
[PATCH 5/9] gnu: Add conntrack-tools
(address . 54457@debbugs.gnu.org)
7d4ea9a8-aa41-8f2f-35fd-da9b8e95b1ce@gmail.com
* gnu/packages/linux.scm (conntrack-tools): New variable.
---
gnu/packages/linux.scm | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)

Toggle diff (53 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 900f76063c..b44abb5908 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -128,6 +128,7 @@ (define-module (gnu packages linux)
    #:use-module (gnu packages networking)
    #:use-module (gnu packages ninja)
    #:use-module (gnu packages nss)
+  #:use-module (gnu packages onc-rpc)
    #:use-module (gnu packages perl)
    #:use-module (gnu packages pciutils)
    #:use-module (gnu packages pkg-config)
@@ -7346,6 +7347,38 @@ (define-public libnetfilter-queue
     (home-page "https://netfilter.org/projects/libnetfilter_queue/index.html")
     (license license:gpl1)))
  
+(define-public conntrack-tools
+  (package
+   (name "conntrack-tools")
+   (version "1.4.6")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/"
+                         "conntrack-tools/files/"
+                         "conntrack-tools-"
+                         version ".tar.bz2"))
+     (sha256
+      (base32
+       "0psx41bclqrh4514yzq03rvs3cq3scfpd1v4kkyxnic2hk65j22r"))))
+   (build-system gnu-build-system)
+   (native-inputs
+    (list bison flex libtirpc libnetfilter-conntrack libnetfilter-cttimeout
+          libnetfilter-cthelper libnetfilter-queue libnfnetlink libmnl
+          pkg-config))
+   (synopsis "Set of tools targeting the conntrack kernel subsystem.")
+   (description "The tool conntrack provides a full featured interface that is
+intended to replace the old /proc/net/ip_conntrack interface.Using conntrack,
+you can view and manage the in-kernel connection tracking state table from
+userspace. On the other hand, conntrackd covers the specific aspects of stateful
+firewalls to enable highly available scenarios, and can be used as statistics
+collector as well.
+Since 1.2.0, the conntrack-tools includes the nfct command line utility. This
+utility only supports the nfnetlink_cttimeout by now. In the long run, we expect
+that it will replace conntrack by providing a syntax similar to nftables.")
+   (home-page "https://netfilter.org/projects/conntrack-tools/index.html")
+   (license license:gpl1)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 19 Mar 01:47 +0100
[PATCH 6/9] gnu: Add libnetfilter-acct
(address . 54457@debbugs.gnu.org)
a5be2880-d80d-a350-4f64-6705691c5f26@gmail.com
* gnu/packages/linux.scm (libnetfilter-acct): New variable.
---
gnu/packages/linux.scm | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)

Toggle diff (42 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index b44abb5908..fdd5d6a59d 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7379,6 +7379,35 @@ (define-public conntrack-tools
     (home-page "https://netfilter.org/projects/conntrack-tools/index.html")
     (license license:gpl1)))
  
+(define-public libnetfilter-acct
+  (package
+   (name "libnetfilter_acct")
+   (version "1.0.3")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/" name "/files/" name
+                         "-" version ".tar.bz2"))
+     (sha256
+      (base32
+       "06lsjndgfjsgfjr43px2n2wk3nr7whz6r405mks3887y7vpwwl22"))))
+   (build-system gnu-build-system)
+   (native-inputs (list pkg-config libmnl))
+   (synopsis "Library providing interface to extended accounting infrastructure.")
+   (description "libnetfilter_acct is the userspace library providing interface
+to extended accounting infrastructure.
+@enumerate
+@item
+creating accounting objects
+@item
+retrieving accounting objects (and atomically set to zero)
+@item
+deleting accounting objects
+@end enumerate
+For the nfnetlink_acct subsystem.")
+   (home-page "https://netfilter.org/projects/libnetfilter_acct/index.html")
+   (license license:lgpl2.1)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 19 Mar 01:47 +0100
[PATCH 7/9] gnu: Add nfacct
(address . 54457@debbugs.gnu.org)
b44b8277-1bc7-de93-b9b0-5c66ef2bdc9a@gmail.com
* gnu/packages/linux.scm (nfacct): New variable.
---
gnu/packages/linux.scm | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)

Toggle diff (44 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index fdd5d6a59d..183f6ef5b4 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7408,6 +7408,37 @@ (define-public libnetfilter-acct
     (home-page "https://netfilter.org/projects/libnetfilter_acct/index.html")
     (license license:lgpl2.1)))
  
+(define-public nfacct
+  (package
+   (name "nfacct")
+   (version "1.0.2")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/" name "/files/" name
+                         "-" version ".tar.bz2"))
+     (sha256
+      (base32
+       "0sdxbxjyapbqcp2ami5jd10vz4xbbdvx39f3wfy1iqsbflc25zzc"))))
+   (build-system gnu-build-system)
+   (native-inputs (list pkg-config libmnl libnetfilter-acct))
+   (synopsis "Command line tool to create/retrieve/delete accounting objects")
+   (description "nfacct is the command line tool to create/retrieve/delete
+accounting objects
+@enumerate
+@item
+listing the objects of the nfacct table in plain text/XML
+@item
+atomically get and reset objects of the nfacct table
+@item
+adding new objects to the nfacct table
+@item
+deleting objects from the nfacct table
+@end enumerate
+")
+   (home-page "https://netfilter.org/projects/nfacct/index.html")
+   (license license:gpl2)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 19 Mar 01:47 +0100
[PATCH 8/9] gnu: Add libnetfilter-log
(address . 54457@debbugs.gnu.org)
7f34743c-4251-6de2-082f-dc9aa3cb2cc9@gmail.com
* gnu/packages/linux.scm (libnetfilter-log): New variable.
---
gnu/packages/linux.scm | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)

Toggle diff (41 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 183f6ef5b4..bb8ed6b1fb 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7439,6 +7439,34 @@ (define-public nfacct
     (home-page "https://netfilter.org/projects/nfacct/index.html")
     (license license:gpl2)))
  
+(define-public libnetfilter-log
+  (package
+   (name "libnetfilter_log")
+   (version "1.0.2")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/" name "/files/" name
+                         "-" version ".tar.bz2"))
+     (sha256
+      (base32
+       "1spy9xs41v76kid5ana8n126f3mvgq6fjibbfbj4kn0larbhix73"))))
+   (build-system gnu-build-system)
+   (native-inputs (list pkg-config libnfnetlink libmnl))
+   (synopsis "Userspace library providing interface to packets logged by
+netfilter.")
+   (description "libnetfilter_log is a userspace library providing interface to
+packets that have been logged by the kernel packet filter. It is is part of a
+system that deprecates the old syslog/dmesg based packet logging. This library
+has been previously known as libnfnetlink_log.
+@enumerate
+@item
+receiving to-be-logged packets from the kernel nfnetlink_log subsystem
+@end enumerate
+")
+   (home-page "https://netfilter.org/projects/libnetfilter_log/index.html")
+   (license license:gpl2)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 19 Mar 01:47 +0100
[PATCH 9/9] gnu: Add ulogd
(address . 54457@debbugs.gnu.org)
24cd6dd3-3bc5-d412-3ce8-30cbbd00c57d@gmail.com
* gnu/packages/linux.scm (ulogd): New variable.
---
gnu/packages/linux.scm | 44 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 44 insertions(+)

Toggle diff (57 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index bb8ed6b1fb..5787384431 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7467,6 +7467,50 @@ (define-public libnetfilter-log
     (home-page "https://netfilter.org/projects/libnetfilter_log/index.html")
     (license license:gpl2)))
  
+(define-public ulogd
+  (package
+   (name "ulogd")
+   (version "2.0.7")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/" name "/files/" name
+                         "-" version ".tar.bz2"))
+     (sha256
+      (base32
+       "0ax9959c4bapq78n13bbaibcf1gwjir3ngx8l2dh45lw9m4ha2lr"))))
+   (build-system gnu-build-system)
+   (native-inputs (list pkg-config libnfnetlink libmnl libnetfilter-log
+                        libnetfilter-conntrack libnetfilter-acct))
+   (arguments
+    `(#:phases
+      (modify-phases %standard-phases
+        (add-after 'install 'install-doc
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let ((out-etc (string-append (assoc-ref outputs "out") "/etc"))
+                  (ulogd.conf "ulogd.conf"))
+              (mkdir-p out-etc)
+              (copy-file ulogd.conf (string-append out-etc "/" ulogd.conf)))
+            #t)))))
+   (synopsis "Userspace logging daemon for netfilter/iptables.")
+   (description "ulogd is a userspace logging daemon for netfilter/iptables
+related logging. This includes per-packet logging of security violations,
+per-packet logging for accounting, per-flow logging and flexible user-defined
+accounting.
+@enumerate
+@item
+Packet and flow-based traffic accounting
+@item
+Flexible user-defined traffic accounting via nfacct infrastructure
+@item
+SQL database back-end support: SQLite3, MySQL and PostgreSQL
+@item
+Text-based output formats: CSV, XML, Netfilter's LOG, Netfilter's conntrack
+@end enumerate
+")
+   (home-page "https://netfilter.org/projects/nfacct/index.html")
+   (license license:gpl2)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
M
M
Maxime Devos wrote on 19 Mar 14:54 +0100
Re: [bug#54457] [PATCH 5/9] gnu: Add conntrack-tools
68c0bdcb2eaaf1397209bcc2c9fc4c90744a0779.camel@telenet.be
fesoj000 schreef op za 19-03-2022 om 01:47 [+0100]:
Toggle quote (5 lines)
> +   (native-inputs
> +    (list bison flex libtirpc libnetfilter-conntrack libnetfilter-cttimeout
> +          libnetfilter-cthelper libnetfilter-queue libnfnetlink libmnl
> +          pkg-config))

Do all of these need to be 'native-inputs'? I would expect the libnet*
stuff libraries to be run at run-time, so wouldn't they need to be
compiled for the --target architecture instead of --system, and hence,
'inputs'?

As a test, if you have a non-aarch64 system, you can run

$ ./pre-inst-env guix build conntrack-tools --target=aarch64-linux-gnu

and see if it actually compiles.

Greetings,
Maxime.
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYjXgiBccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7jOUAQCehM+45eX2G3rZEFYlWYInafEH
d9gzVYOMkWYupmZ4DAD/RxSRRz74Jh8U7cv+C2qxbYynB/24RRf9YYKq9h6aZAM=
=Zy+r
-----END PGP SIGNATURE-----


M
M
Maxime Devos wrote on 19 Mar 14:54 +0100
Re: [bug#54457] [PATCH 9/9] gnu: Add ulogd
bfb39a8c97e16874c7c990d35e083a1b56d622f4.camel@telenet.be
fesoj000 schreef op za 19-03-2022 om 01:47 [+0100]:
Toggle quote (2 lines)
> +            #t)))))

Trailing #t in phases are not required anymore.
-----BEGIN PGP SIGNATURE-----

iIwEABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYjXgqhccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7gFKAP0U5GBOn94iAxMgk2zmUcY6fqDd
ps+Ns6rmJyv0CKT38gD2M43cXsKlpHWfcnzE4jtCxmBjXwUVc6oUQitLE+CFCw==
=PZj7
-----END PGP SIGNATURE-----


M
M
Maxime Devos wrote on 20 Mar 00:19 +0100
Re: [bug#54457] [PATCH 5/9] gnu: Add conntrack-tools
111dad5579e6e2c86877b885d0ee94ed201ee324.camel@telenet.be
fesoj000 schreef op za 19-03-2022 om 01:47 [+0100]:
Toggle quote (3 lines)
> libnfnetlink
> +   (license license:gpl1)))

libnfnetlink is gpl2 according to libnfnetlink, so at first sight,
there appears to be a license incompatibility here.

Greetings,
Maxime.
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYjZk5xccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7hGJAQCCwlFCvTGp1pfd4eMrwfGGPssK
5wFg6Z/46Shp/dehBwEA+lUNK3/QriAh7dVRdTzQInzj7BPAWDWQ2ueHNwHrPw4=
=ABa0
-----END PGP SIGNATURE-----


M
M
Maxime Devos wrote on 20 Mar 00:20 +0100
Re: [bug#54457] [PATCH 7/9] gnu: Add nfacct
6491be6f76512940889e1538b9d1ee6fb47ebaeb.camel@telenet.be
fesoj000 schreef op za 19-03-2022 om 01:47 [+0100]:
Toggle quote (2 lines)
> +   (license license:gpl2)))

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYjZlMRccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7ojVAQDS9o/P50vOHd/8+TYF7bAFFRac
TjsAbckksMO8B7JcGwEA9BT/sAV85K0y58q8OyEHHZCsLRYTMz7CAA2ICPlZCA0=
=yhg/
-----END PGP SIGNATURE-----


M
M
Maxime Devos wrote on 20 Mar 00:22 +0100
Re: [bug#54457] [PATCH 4/9] gnu: Add libnetfilter-queue
dd43b69cdd4a28f5e996a82f10f0e0264355181e.camel@telenet.be
fesoj000 schreef op za 19-03-2022 om 01:47 [+0100]:
Toggle quote (4 lines)
> +(define-public libnetfilter-queue
> +  (package
> +   (name "libnetfilter_queue")

Why the underscore?
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYjZlsRccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7gQTAP9w81jGZxjd+M0o5ThoL98YtDAS
LCI257eBw79McALIfwD/RjEwNm9UDDdCly5Z+fw+BWut2t47jaKYFKXPEf9YKAw=
=n/Oe
-----END PGP SIGNATURE-----


M
M
Maxime Devos wrote on 20 Mar 00:23 +0100
2aecc250844074eb19cd9a76b3fb5c84312e5f6d.camel@telenet.be
fesoj000 schreef op za 19-03-2022 om 01:47 [+0100]:
Toggle quote (6 lines)
> +   (description "libnetfilter_queue is a userspace library providing an API to
> +packets that have been queued by the kernel packet filter. It is is part of a
> +system that deprecates the old ip_queue / libipq mechanism.")
> +   (home-page "https://netfilter.org/projects/libnetfilter_queue/index.html")
> +   (license license:gpl1)))

IIRC, glibc is LGPL2+. Would that make libnetfilter-queue license-
incompatible with glibc?
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYjZl5RccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7lTNAQCxHfnjsJ6xEpXQQ2C6PbbyinzY
+AqLo+wz7GOw+h1UfgEAuMz3SJP2DZycwl8hgjQ7Vu9m8vrYTCYyukUamq1rOw8=
=AI+R
-----END PGP SIGNATURE-----


M
M
Maxime Devos wrote on 20 Mar 00:25 +0100
c9d10a637fee0eee4c2a981f96bb4b8fa87ba133.camel@telenet.be
fesoj000 schreef op za 19-03-2022 om 01:47 [+0100]:
Toggle quote (6 lines)
> +   (description "libnetfilter_queue is a userspace library providing an API to
> +packets that have been queued by the kernel packet filter. It is is part of a
> +system that deprecates the old ip_queue / libipq mechanism.")
> +   (home-page "https://netfilter.org/projects/libnetfilter_queue/index.html")
> +   (license license:gpl1)))

This looks rather Linux-specific, so I'd set (supported-systems ...)
appropriately. Maybe:

(supported-systems (filter target-linux? %supported-systems))
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYjZmUhccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7lfnAP9f73QtFm8psZ5jrpkatmBFWpNT
8KogL9xtBQfQl+TWOQEArvCwbMU2DXom/wcDIphKX79iX9bRD/ysMr64UAnhvQw=
=lCgT
-----END PGP SIGNATURE-----


M
M
Maxime Devos wrote on 20 Mar 00:26 +0100
Re: [bug#54457] [PATCH 3/9] gnu: Add libnetfilter-cthelper
03fbf56ee94ad53817bd29b5c6b771fb83c4a62a.camel@telenet.be
fesoj000 schreef op za 19-03-2022 om 01:47 [+0100]:
Toggle quote (4 lines)
> +   (description "libnetfilter_cthelper is the userspace library that provides
> +the programming interface to the user-space helper infrastructure available
> +since Linux kernel 3.6.

I think that nowadays >3.6 can be assumed, especially since the Guix
daemon uses the namespacing features which requires a recentish kernel,
so this doesn't need to be mentioned I think?
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYjZmoxccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7q4zAP4orLpE5VXC1ZVCYMPv9an7pU/Q
9pKZIT6G1St45+ofoAEAz1M7bQ7PuSRii6iiiULFSRyiQEIXP48P5h2KzoKcIAQ=
=Td4K
-----END PGP SIGNATURE-----


M
M
Maxime Devos wrote on 20 Mar 00:27 +0100
1cbeea467293bf13ede91b11cf3512e99e8e1b67.camel@telenet.be
fesoj000 schreef op za 19-03-2022 om 01:47 [+0100]:
Toggle quote (2 lines)
> +   (synopsis "Library for kernel user-space helper infrastructure.")

What kernel user-space infrastructure, precisely? Taken to the
extreme, can I use this library to turn off a CPU?

Greetings,
Maxime.
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYjZm7BccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7igWAP9eaGyniWEJdW0MkyK0dfAlUnJb
7TD9it1JQVAu1X8T5AEArQi2yxCQ3twXYFN8RDjG9rt8yj1JqvawhYnHH6OJHA8=
=WkBj
-----END PGP SIGNATURE-----


M
M
Maxime Devos wrote on 20 Mar 00:28 +0100
a7c4653f429040165ab1d063dee0527d8a7c6d09.camel@telenet.be
fesoj000 schreef op za 19-03-2022 om 01:47 [+0100]:
Toggle quote (2 lines)
> +   (description "libnetfilter_cthelper is the userspace library [...]

It's certainly _a_ library for doing certain stuff, but someone can
definitely write another library for doing that as well, so I wouldn't
use ‘the’ here.
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYjZnOBccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7qMdAQCDbBxejMbB757H5/FJOItOt1GB
hG5Eyc482xduOafTtgD+L64OCc8urW5qKrlGkRTLIxXv/QKzh0jHDPOpVcujFA0=
=cdR9
-----END PGP SIGNATURE-----


M
M
Maxime Devos wrote on 20 Mar 00:29 +0100
0bc49bfe741d48a323c25f905dc86122313fe71b.camel@telenet.be
fesoj000 schreef op za 19-03-2022 om 01:47 [+0100]:
Toggle quote (2 lines)
> This library is used by conntrack-tools.")

This information is already available with "guix show conntrack-tools".
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYjZnVBccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7lbVAQDe35yG3IQDsWA/mmzx8zLeRMxu
U3HZjbjEBAz7OGkvegEAzXo+1ewr9/57i2eah2PwlJK/UfQmXW66OLOAu3Xvjwc=
=CD58
-----END PGP SIGNATURE-----


M
M
Maxime Devos wrote on 20 Mar 00:29 +0100
b41c51f5de66a451b3afbe3d515ef935741350f9.camel@telenet.be
fesoj000 schreef op za 19-03-2022 om 01:47 [+0100]:
Toggle quote (3 lines)
> With this library, you register, configure, enable and
> +disable user-space helpers

What kind of helpers?
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYjZnYRccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7skeAQDkMYX1gIe4DFKYMtNQiQXLKCfB
+meDP0OVsSTLXJyuwQEAlYPgpdfLtjUHwEoW6Vv5PvayaOP3hpRj9QMcIYEmrAw=
=utDw
-----END PGP SIGNATURE-----


F
F
fesoj000 wrote on 21 Mar 20:49 +0100
Re: [bug#54457] [PATCH 4/9] gnu: Add libnetfilter-queue
4ab3c687-b512-7a12-0dd9-23b635decc4e@gmail.com
On 3/20/22 12:23 AM, Maxime Devos wrote:
Toggle quote (9 lines)
> fesoj000 schreef op za 19-03-2022 om 01:47 [+0100]:
>> +   (description "libnetfilter_queue is a userspace library providing an API to
>> +packets that have been queued by the kernel packet filter. It is is part of a
>> +system that deprecates the old ip_queue / libipq mechanism.")
>> +   (home-page "https://netfilter.org/projects/libnetfilter_queue/index.html")
>> +   (license license:gpl1)))
>
> IIRC, glibc is LGPL2+. Would that make libnetfilter-queue license-
> incompatible with glibc?
I have only very limited knowledge of the interoperability of licenses. But to tackle
this specific problem, the library actually is GPLv2 [0]. I will check all the libraries
again to make sure the licenses are up-to-date.

F
F
fesoj000 wrote on 21 Mar 20:49 +0100
d9e84498-d0ee-8770-3760-f5a051e94ba7@gmail.com
On 3/20/22 12:22 AM, Maxime Devos wrote:
Toggle quote (6 lines)
> fesoj000 schreef op za 19-03-2022 om 01:47 [+0100]:
>> +(define-public libnetfilter-queue
>> +  (package
>> +   (name "libnetfilter_queue")
>
> Why the underscore?
The upstream name of the library is 'libnetfilter_queue', i used
'-' for the variable definition because this felt more lispy. But for
the string i thought it makes more sense to use the upstream name. My
thought process could be wrong though.
M
M
Maxime Devos wrote on 21 Mar 21:08 +0100
a69c8543c755a2c80034a6bd1943f7a0a201b6b7.camel@telenet.be
fesoj000 schreef op ma 21-03-2022 om 20:49 [+0100]:
Toggle quote (5 lines)
> The upstream name of the library is 'libnetfilter_queue', i used
> '-' for the variable definition because this felt more lispy. But for
> the string i thought it makes more sense to use the upstream name. My
> thought process could be wrong though.

Guix turns #\_ characters into #\- characters as a naming convention.
From (guix)Package Naming:

A package actually has two names associated with it. [...]

Both are usually the same and correspond to the lowercase conversion
of the project name chosen upstream, with underscores replaced with
hyphens. For instance, GNUnet is available as ‘gnunet’, and SDL_net as
‘sdl-net’.
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYjjbThccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7jbHAQCa33TfDDcoGip6OiujAfhdmLYx
5CmJJBQrFATtEC0hiQD9HGCjo8TiGD4DMzsKvwp9XyO8WLE2cfz0pItI3AaXcQk=
=np6B
-----END PGP SIGNATURE-----


F
F
fesoj000 wrote on 21 Mar 21:15 +0100
Re: [bug#54457] [PATCH 5/9] gnu: Add conntrack-tools
cd9d9544-3976-bce9-604f-9fb285fa4f39@gmail.com
On 3/19/22 2:54 PM, Maxime Devos wrote:
Toggle quote (16 lines)
> fesoj000 schreef op za 19-03-2022 om 01:47 [+0100]:
>> +   (native-inputs
>> +    (list bison flex libtirpc libnetfilter-conntrack libnetfilter-cttimeout
>> +          libnetfilter-cthelper libnetfilter-queue libnfnetlink libmnl
>> +          pkg-config))
>
> Do all of these need to be 'native-inputs'? I would expect the libnet*
> stuff libraries to be run at run-time, so wouldn't they need to be
> compiled for the --target architecture instead of --system, and hence,
> 'inputs'?
>
> As a test, if you have a non-aarch64 system, you can run
>
> $ ./pre-inst-env guix build conntrack-tools --target=aarch64-linux-gnu
>
> and see if it actually compiles.
you are correct, they have to be inputs. This is an 'old' mistake, i have this
packages in my channel since more then a year. Thanks for spotting this and the
other stuff.
F
F
fesoj000 wrote on 21 Mar 22:19 +0100
[PATCH 0/9] Add netfilter tools and libraries v2
(address . 54457@debbugs.gnu.org)
481b0350-c801-3b06-c35b-6073da2894af@gmail.com
- fixed native-inputs and inputs
- fixed names s/_/-/
- fixed licenses, i took the license mentioned in the sources
- fixed the description of libnetfilter-cthelper
- added supported-systems, netfilter is linux specific
- removed trailing #t in phases of ulogd
F
F
fesoj000 wrote on 21 Mar 22:19 +0100
[PATCH 1/9] gnu: Add libnetfilter-conntrack
(address . 54457@debbugs.gnu.org)
6bad44e1-99e7-1e72-84db-2a3f4c53b857@gmail.com
* gnu/packages/linux.scm (libnetfilter-conntrack): New variable.
---
gnu/packages/linux.scm | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)

Toggle diff (41 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 8d9dc01839..037cb12e3f 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7246,6 +7246,34 @@ (define-public nftables
  userspace queueing component and the logging subsystem.")
      (license license:gpl2)))
  
+(define-public libnetfilter-conntrack
+  (package
+   (name "libnetfilter-conntrack")
+   (version "1.0.8")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/"
+                         "libnetfilter_conntrack/files/"
+                         "libnetfilter_conntrack-"
+                         version ".tar.bz2"))
+     (sha256
+      (base32
+       "1ky1mqgnplw2h9jf0kn0a69d94jkydhbiipng9l2hdcj13h3pl8c"))))
+   (build-system gnu-build-system)
+   (supported-systems (filter target-linux? %supported-systems))
+   (native-inputs (list pkg-config))
+   (inputs (list libnfnetlink libmnl))
+   (synopsis "Library for kernel connection tracking state table.")
+   (description "libnetfilter_conntrack is a userspace library providing a
+programming interface (API) to the in-kernel connection tracking state table.
+The library libnetfilter_conntrack has been previously known as
+libnfnetlink_conntrack and libctnetlink. This library is currently used by
+conntrack-tools among many other applications.")
+   (home-page (string-append "https://netfilter.org/projects/"
+                             "libnetfilter_conntrack/index.html"))
+   (license license:gpl2+)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 21 Mar 22:20 +0100
[PATCH 2/9] gnu: Add libnetfilter-cttimeout
(address . 54457@debbugs.gnu.org)
e1f8c78f-ee0c-21f8-dc74-2eaa0a16db71@gmail.com
* gnu/packages/linux.scm (libnetfilter-cttimeout): New variable.
---
gnu/packages/linux.scm | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)

Toggle diff (41 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 037cb12e3f..7ea3776057 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7274,6 +7274,34 @@ (define-public libnetfilter-conntrack
                               "libnetfilter_conntrack/index.html"))
     (license license:gpl2+)))
  
+(define-public libnetfilter-cttimeout
+  (package
+   (name "libnetfilter_cttimeout")
+   (version "1.0.0")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/"
+                         "libnetfilter_cttimeout/files/"
+                         "libnetfilter_cttimeout-"
+                         version ".tar.bz2"))
+     (sha256
+      (base32
+       "1fpyz1zlvcq80244knvyvy87909xjqlj02lmw8yblz2m9xsi5axf"))))
+   (build-system gnu-build-system)
+   (supported-systems (filter target-linux? %supported-systems))
+   (native-inputs (list pkg-config))
+   (inputs (list libmnl pkg-config))
+   (synopsis "Library for kernel connection tracking timeout infrastructure")
+   (description "libnetfilter_cttimeout is the userspace library that provides
+the programming interface to the fine-grain connection tracking timeout
+infrastructure. With this library, you can create, update and delete timeout
+policies that can be attached to traffic flows. This library is used by
+conntrack-tools.")
+   (home-page (string-append "https://netfilter.org/projects/"
+                             "libnetfilter_cttimeout/index.html"))
+   (license license:gpl2)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 21 Mar 22:20 +0100
[PATCH 3/9] gnu: Add libnetfilter-cthelper
(address . 54457@debbugs.gnu.org)
f561fa23-36ec-383a-aca7-25d48a1ea6a4@gmail.com
* gnu/packages/linux.scm (libnetfilter-cthelper): New variable.
---
gnu/packages/linux.scm | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)

Toggle diff (47 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 7ea3776057..0c7f82f9ac 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7302,6 +7302,40 @@ (define-public libnetfilter-cttimeout
                               "libnetfilter_cttimeout/index.html"))
     (license license:gpl2)))
  
+(define-public libnetfilter-cthelper
+  (package
+   (name "libnetfilter-cthelper")
+   (version "1.0.0")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/"
+                         "libnetfilter_cthelper/files/"
+                         "libnetfilter_cthelper-"
+                         version ".tar.bz2"))
+     (sha256
+      (base32
+       "0gfgzkc1fjniqwk4jxds72c0lcgfhq2591hrvjrvd9nrqiqqwq87"))))
+   (build-system gnu-build-system)
+   (supported-systems (filter target-linux? %supported-systems))
+   (native-inputs (list pkg-config))
+   (inputs (list libmnl))
+   (synopsis "Library for user-space connection tracking helpers")
+   (description "libnetfilter_cthelper is a userspace library that provides a
+programming interface to user-space connection tracking helpers.
+@enumerate
+@item
+register new user-space connection tracking helpers
+@item
+unregister user-space connection tracking helpers
+@item
+list existing registered user-space connection tracking helpers
+@end enumerate
+")
+   (home-page (string-append "https://netfilter.org/projects/"
+                             "libnetfilter_cthelper/index.html"))
+   (license license:gpl2+)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 21 Mar 22:20 +0100
[PATCH 4/9] gnu: Add libnetfilter-queue
(address . 54457@debbugs.gnu.org)
d6ed0137-0bf0-d1f2-43e4-fad3dce3c47c@gmail.com
* gnu/packages/linux.scm (libnetfilter-queue): New variable.
---
gnu/packages/linux.scm | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)

Toggle diff (38 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 0c7f82f9ac..4246750503 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7336,6 +7336,31 @@ (define-public libnetfilter-cthelper
                               "libnetfilter_cthelper/index.html"))
     (license license:gpl2+)))
  
+(define-public libnetfilter-queue
+  (package
+   (name "libnetfilter-queue")
+   (version "1.0.5")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/"
+                         "libnetfilter_queue/files/"
+                         "libnetfilter_queue-"
+                         version ".tar.bz2"))
+     (sha256
+      (base32
+       "1xdra6i4p8jkv943ygjw646qx8df27f7p5852kc06vjx608krzzr"))))
+   (build-system gnu-build-system)
+   (supported-systems (filter target-linux? %supported-systems))
+   (native-inputs (list pkg-config))
+   (inputs (list libmnl libnfnetlink))
+   (synopsis "Userspace library for kernel netfilter infrastructure and state")
+   (description "libnetfilter_queue is a userspace library providing an API to
+packets that have been queued by the kernel packet filter. It is is part of a
+system that deprecates the old ip_queue / libipq mechanism.")
+   (home-page "https://netfilter.org/projects/libnetfilter_queue/index.html")
+   (license license:gpl2+)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 21 Mar 22:20 +0100
[PATCH 5/9] gnu: Add conntrack-tools
(address . 54457@debbugs.gnu.org)
2d7ff41a-dbc6-f0ac-0310-72ac548445c3@gmail.com
* gnu/packages/linux.scm (conntrack-tools): New variable.
---
gnu/packages/linux.scm | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)

Toggle diff (53 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 4246750503..7ba43bb60f 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -128,6 +128,7 @@ (define-module (gnu packages linux)
    #:use-module (gnu packages networking)
    #:use-module (gnu packages ninja)
    #:use-module (gnu packages nss)
+  #:use-module (gnu packages onc-rpc)
    #:use-module (gnu packages perl)
    #:use-module (gnu packages pciutils)
    #:use-module (gnu packages pkg-config)
@@ -7361,6 +7362,38 @@ (define-public libnetfilter-queue
     (home-page "https://netfilter.org/projects/libnetfilter_queue/index.html")
     (license license:gpl2+)))
  
+(define-public conntrack-tools
+  (package
+   (name "conntrack-tools")
+   (version "1.4.6")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/"
+                         "conntrack-tools/files/"
+                         "conntrack-tools-"
+                         version ".tar.bz2"))
+     (sha256
+      (base32
+       "0psx41bclqrh4514yzq03rvs3cq3scfpd1v4kkyxnic2hk65j22r"))))
+   (build-system gnu-build-system)
+   (supported-systems (filter target-linux? %supported-systems))
+   (native-inputs (list bison flex pkg-config))
+   (inputs (list libtirpc libnetfilter-conntrack libnetfilter-cttimeout
+                 libnetfilter-cthelper libnetfilter-queue libnfnetlink libmnl))
+   (synopsis "Set of tools targeting the conntrack kernel subsystem.")
+   (description "The tool conntrack provides a full featured interface that is
+intended to replace the old /proc/net/ip_conntrack interface.Using conntrack,
+you can view and manage the in-kernel connection tracking state table from
+userspace. On the other hand, conntrackd covers the specific aspects of stateful
+firewalls to enable highly available scenarios, and can be used as statistics
+collector as well.
+Since 1.2.0, the conntrack-tools includes the nfct command line utility. This
+utility only supports the nfnetlink_cttimeout by now. In the long run, we expect
+that it will replace conntrack by providing a syntax similar to nftables.")
+   (home-page "https://netfilter.org/projects/conntrack-tools/index.html")
+   (license license:gpl2+)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 21 Mar 22:20 +0100
[PATCH 6/9] gnu: Add libnetfilter-acct
(address . 54457@debbugs.gnu.org)
e3f547e4-5400-b5be-1e5d-1284990de38e@gmail.com
* gnu/packages/linux.scm (libnetfilter-acct): New variable.
---
gnu/packages/linux.scm | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)

Toggle diff (44 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 7ba43bb60f..bc9e4697f0 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7394,6 +7394,37 @@ (define-public conntrack-tools
     (home-page "https://netfilter.org/projects/conntrack-tools/index.html")
     (license license:gpl2+)))
  
+(define-public libnetfilter-acct
+  (package
+   (name "libnetfilter-acct")
+   (version "1.0.3")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/" name "/files/" name
+                         "-" version ".tar.bz2"))
+     (sha256
+      (base32
+       "06lsjndgfjsgfjr43px2n2wk3nr7whz6r405mks3887y7vpwwl22"))))
+   (build-system gnu-build-system)
+   (supported-systems (filter target-linux? %supported-systems))
+   (native-inputs (list pkg-config))
+   (inputs (list libmnl))
+   (synopsis "Library providing interface to extended accounting infrastructure.")
+   (description "libnetfilter_acct is the userspace library providing interface
+to extended accounting infrastructure.
+@enumerate
+@item
+creating accounting objects
+@item
+retrieving accounting objects (and atomically set to zero)
+@item
+deleting accounting objects
+@end enumerate
+For the nfnetlink_acct subsystem.")
+   (home-page "https://netfilter.org/projects/libnetfilter_acct/index.html")
+   (license license:lgpl2.1+)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 21 Mar 22:20 +0100
[PATCH 7/9] gnu: Add nfacct
(address . 54457@debbugs.gnu.org)
a59ce18c-c5ae-a9b7-f75f-bbca53b353e9@gmail.com
* gnu/packages/linux.scm (nfacct): New variable.
---
gnu/packages/linux.scm | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)

Toggle diff (46 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index bc9e4697f0..49abac08d5 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7425,6 +7425,39 @@ (define-public libnetfilter-acct
     (home-page "https://netfilter.org/projects/libnetfilter_acct/index.html")
     (license license:lgpl2.1+)))
  
+(define-public nfacct
+  (package
+   (name "nfacct")
+   (version "1.0.2")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/" name "/files/" name
+                         "-" version ".tar.bz2"))
+     (sha256
+      (base32
+       "0sdxbxjyapbqcp2ami5jd10vz4xbbdvx39f3wfy1iqsbflc25zzc"))))
+   (build-system gnu-build-system)
+   (supported-systems (filter target-linux? %supported-systems))
+   (native-inputs (list pkg-config))
+   (inputs (list libmnl libnetfilter-acct))
+   (synopsis "Command line tool to create/retrieve/delete accounting objects")
+   (description "nfacct is the command line tool to create/retrieve/delete
+accounting objects
+@enumerate
+@item
+listing the objects of the nfacct table in plain text/XML
+@item
+atomically get and reset objects of the nfacct table
+@item
+adding new objects to the nfacct table
+@item
+deleting objects from the nfacct table
+@end enumerate
+")
+   (home-page "https://netfilter.org/projects/nfacct/index.html")
+   (license license:gpl2+)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 21 Mar 22:20 +0100
[PATCH 8/9] gnu: Add libnetfilter-log
(address . 54457@debbugs.gnu.org)
524e47d3-af2a-d12c-42fd-f7d8f30a7a0d@gmail.com
* gnu/packages/linux.scm (libnetfilter-log): New variable.
---
gnu/packages/linux.scm | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)

Toggle diff (43 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 49abac08d5..3124e57ef0 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7458,6 +7458,36 @@ (define-public nfacct
     (home-page "https://netfilter.org/projects/nfacct/index.html")
     (license license:gpl2+)))
  
+(define-public libnetfilter-log
+  (package
+   (name "libnetfilter-log")
+   (version "1.0.2")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/" name "/files/" name
+                         "-" version ".tar.bz2"))
+     (sha256
+      (base32
+       "1spy9xs41v76kid5ana8n126f3mvgq6fjibbfbj4kn0larbhix73"))))
+   (build-system gnu-build-system)
+   (supported-systems (filter target-linux? %supported-systems))
+   (native-inputs (list pkg-config))
+   (inputs (list libnfnetlink libmnl))
+   (synopsis "Userspace library providing interface to packets logged by
+netfilter.")
+   (description "libnetfilter_log is a userspace library providing interface to
+packets that have been logged by the kernel packet filter. It is is part of a
+system that deprecates the old syslog/dmesg based packet logging. This library
+has been previously known as libnfnetlink_log.
+@enumerate
+@item
+receiving to-be-logged packets from the kernel nfnetlink_log subsystem
+@end enumerate
+")
+   (home-page "https://netfilter.org/projects/libnetfilter_log/index.html")
+   (license license:gpl2+)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 21 Mar 22:20 +0100
[PATCH 9/9] gnu: Add ulogd
(address . 54457@debbugs.gnu.org)
51481207-31b7-58bc-00de-f0633a3a1059@gmail.com
* gnu/packages/linux.scm (ulogd): New variable.
---
gnu/packages/linux.scm | 45 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+)

Toggle diff (58 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 3124e57ef0..94d7cd92dd 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7488,6 +7488,51 @@ (define-public libnetfilter-log
     (home-page "https://netfilter.org/projects/libnetfilter_log/index.html")
     (license license:gpl2+)))
  
+(define-public ulogd
+  (package
+   (name "ulogd")
+   (version "2.0.7")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/" name "/files/" name
+                         "-" version ".tar.bz2"))
+     (sha256
+      (base32
+       "0ax9959c4bapq78n13bbaibcf1gwjir3ngx8l2dh45lw9m4ha2lr"))))
+   (build-system gnu-build-system)
+   (supported-systems (filter target-linux? %supported-systems))
+   (native-inputs (list pkg-config))
+   (inputs (list pkg-config libnfnetlink libmnl libnetfilter-log
+                 libnetfilter-conntrack libnetfilter-acct))
+   (arguments
+    `(#:phases
+      (modify-phases %standard-phases
+        (add-after 'install 'install-doc
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let ((out-etc (string-append (assoc-ref outputs "out") "/etc"))
+                  (ulogd.conf "ulogd.conf"))
+              (mkdir-p out-etc)
+              (copy-file ulogd.conf (string-append out-etc "/" ulogd.conf))))))))
+   (synopsis "Userspace logging daemon for netfilter/iptables.")
+   (description "ulogd is a userspace logging daemon for netfilter/iptables
+related logging. This includes per-packet logging of security violations,
+per-packet logging for accounting, per-flow logging and flexible user-defined
+accounting.
+@enumerate
+@item
+Packet and flow-based traffic accounting
+@item
+Flexible user-defined traffic accounting via nfacct infrastructure
+@item
+SQL database back-end support: SQLite3, MySQL and PostgreSQL
+@item
+Text-based output formats: CSV, XML, Netfilter's LOG, Netfilter's conntrack
+@end enumerate
+")
+   (home-page "https://netfilter.org/projects/nfacct/index.html")
+   (license license:gpl2)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 21 Mar 22:31 +0100
Re: [PATCH 6/9] gnu: Add libnetfilter-acct
(address . 54457@debbugs.gnu.org)
938ec68e-bb21-758d-7e79-0c7201ab678f@gmail.com
Toggle quote (2 lines)
> +     (uri (string-append "https://netfilter.org/projects/"name "/files/" name
> +                         "-" version ".tar.bz2"))
wrong patch ... resending shortly.
F
F
fesoj000 wrote on 21 Mar 22:31 +0100
Re: [PATCH 8/9] gnu: Add libnetfilter-log
(address . 54457@debbugs.gnu.org)
8d3c5edc-d5f4-1bbe-bbd7-5f328bf7f7a2@gmail.com
Toggle quote (2 lines)
> +     (uri (string-append "https://netfilter.org/projects/"name "/files/" name
> +                         "-" version ".tar.bz2"))
wrong patch ... resending shortly.
F
F
fesoj000 wrote on 21 Mar 22:32 +0100
[PATCH 6/9] gnu: Add libnetfilter-acct
(address . 54457@debbugs.gnu.org)
e1326815-3e70-a352-f682-10831d74256f@gmail.com
* gnu/packages/linux.scm (libnetfilter-acct): New variable.
---
gnu/packages/linux.scm | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)

Toggle diff (46 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 7ba43bb60f..6f18142bc8 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7394,6 +7394,39 @@ (define-public conntrack-tools
     (home-page "https://netfilter.org/projects/conntrack-tools/index.html")
     (license license:gpl2+)))
  
+(define-public libnetfilter-acct
+  (package
+   (name "libnetfilter-acct")
+   (version "1.0.3")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/"
+                         "libnetfilter_acct/files/"
+                         "libnetfilter_acct-"
+                         version ".tar.bz2"))
+     (sha256
+      (base32
+       "06lsjndgfjsgfjr43px2n2wk3nr7whz6r405mks3887y7vpwwl22"))))
+   (build-system gnu-build-system)
+   (supported-systems (filter target-linux? %supported-systems))
+   (native-inputs (list pkg-config))
+   (inputs (list libmnl))
+   (synopsis "Library providing interface to extended accounting infrastructure.")
+   (description "libnetfilter_acct is the userspace library providing interface
+to extended accounting infrastructure.
+@enumerate
+@item
+creating accounting objects
+@item
+retrieving accounting objects (and atomically set to zero)
+@item
+deleting accounting objects
+@end enumerate
+For the nfnetlink_acct subsystem.")
+   (home-page "https://netfilter.org/projects/libnetfilter_acct/index.html")
+   (license license:lgpl2.1+)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 21 Mar 22:32 +0100
[PATCH 8/9] gnu: Add libnetfilter-log
(address . 54457@debbugs.gnu.org)
74c5480d-b5d4-3d49-e53d-b18ff5a366eb@gmail.com
* gnu/packages/linux.scm (libnetfilter-log): New variable.
---
gnu/packages/linux.scm | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)

Toggle diff (45 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 3bc1933e16..afebd42fec 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7460,6 +7460,38 @@ (define-public nfacct
     (home-page "https://netfilter.org/projects/nfacct/index.html")
     (license license:gpl2+)))
  
+(define-public libnetfilter-log
+  (package
+   (name "libnetfilter-log")
+   (version "1.0.2")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/"
+                         "libnetfilter_log/files/"
+                         "libnetfilter_log-"
+                         version ".tar.bz2"))
+     (sha256
+      (base32
+       "1spy9xs41v76kid5ana8n126f3mvgq6fjibbfbj4kn0larbhix73"))))
+   (build-system gnu-build-system)
+   (supported-systems (filter target-linux? %supported-systems))
+   (native-inputs (list pkg-config))
+   (inputs (list libnfnetlink libmnl))
+   (synopsis "Userspace library providing interface to packets logged by
+netfilter.")
+   (description "libnetfilter_log is a userspace library providing interface to
+packets that have been logged by the kernel packet filter. It is is part of a
+system that deprecates the old syslog/dmesg based packet logging. This library
+has been previously known as libnfnetlink_log.
+@enumerate
+@item
+receiving to-be-logged packets from the kernel nfnetlink_log subsystem
+@end enumerate
+")
+   (home-page "https://netfilter.org/projects/libnetfilter_log/index.html")
+   (license license:gpl2+)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
M
M
Maxime Devos wrote on 23 Mar 20:38 +0100
Re: [bug#54457] [PATCH 2/9] gnu: Add libnetfilter-cttimeout
d7e5c3fe0eaeaa32c61c5ffbee0d30c16bc837f2.camel@telenet.be
fesoj000 schreef op ma 21-03-2022 om 22:20 [+0100]:
Toggle quote (2 lines)
> +   (inputs (list libmnl pkg-config))

pkg-config probably shouldn't be an input (native-input is fine
though).
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYjt3UBccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7kLoAP4yKNc/zQZTKon/gjYdzhjQzLjP
k8TtehY5A9ta7nLCGgD+IC1GN/z9JyaSLgWyT+EgCeHsA7blWl3HAn7SUH1H6AA=
=qUwn
-----END PGP SIGNATURE-----


M
M
Maxime Devos wrote on 23 Mar 20:39 +0100
Re: [bug#54457] [PATCH 0/9] Add netfilter tools and libraries v2
01f37eab88bf2691b1acb29ab006b0c638c95408.camel@telenet.be
fesoj000 schreef op ma 21-03-2022 om 22:19 [+0100]:
Toggle quote (2 lines)
> - fixed names s/_/-/

You appear to have missed libnetfilter_cttimeout
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYjt3ixccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7o9uAQDvsbLf0xRhFE/XabnCzQjkCxWi
m5/BHpyTigqYpWPjwwD9EQI4omACt2K2lJnAM0IAGkwW0vaQXMu0HTSOxPhLBwg=
=qTft
-----END PGP SIGNATURE-----


M
M
Maxime Devos wrote on 23 Mar 20:41 +0100
Re: [bug#54457] [PATCH 9/9] gnu: Add ulogd
1b8078f4367dda851de6e32f1e5acba4eaf593a9.camel@telenet.be
fesoj000 schreef op ma 21-03-2022 om 22:20 [+0100]:
Toggle quote (2 lines)
> +@item
> +SQL database back-end support: SQLite3, MySQL and PostgreSQL
Does this work out-of-the-box, or do extra inputs need to be added for
this?
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYjt36hccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7gQ9AP44pLypUMuyKT+5PoajqeiFmXBl
jtsnNrwvAB41TPke4AD/Vv+NtmMjH6QiuLM/jXzx/wa3Reb/EWkfdOweTxBd0AY=
=62t9
-----END PGP SIGNATURE-----


M
M
Maxime Devos wrote on 23 Mar 20:42 +0100
b2f39cfc451a5e6fbd139300aa235bff9173e800.camel@telenet.be
fesoj000 schreef op ma 21-03-2022 om 22:20 [+0100]:
Toggle quote (2 lines)
> +   (supported-systems (filter target-linux? %supported-systems))

Conventionally, supported-systems appears at the bottom of the package
definition.
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYjt4DxccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7hqDAP0aMl3djWDrBE96866kNXm48AxR
EQCrMeUi4ucB3hU2OgD9FU4h5C9/RXd+YozjJVKK71r9Q/PsuGMfPtZ0ZpV1mw8=
=FnSR
-----END PGP SIGNATURE-----


M
M
Maxime Devos wrote on 23 Mar 20:46 +0100
9b882f9691bbb7a274acb2a42e3ac8e47b6d56a7.camel@telenet.be
fesoj000 schreef op ma 21-03-2022 om 22:20 [+0100]:
Toggle quote (3 lines)
> +          (lambda* (#:key outputs #:allow-other-keys)
> +            (let ((out-etc (string-append (assoc-ref outputs "out") "/etc"))

FWIW, you can simplify this to

(lambda _
(let ((out-etc (string-append #$output "/etc")))
[...])),

eliminating the output label in favour of G-exps -- see e.g. 'hostapd'.
IMO this is a bit tidier, but not everyone seems to agree.

Greetings,
Maxime.
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYjt5KBccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7irNAP0dRsRKm0esDxgY1tgRZ2wsBSa+
rBB9VmmYlTqvqdWmgAEA6InBxcBFKOuEVULp4V1RHit4okp+8SdUqIeoE6s7dA4=
=oCz6
-----END PGP SIGNATURE-----


M
M
Maxime Devos wrote on 23 Mar 20:48 +0100
Re: [bug#54457] [PATCH 1/9] gnu: Add libnetfilter-conntrack
6711634f3c72512cd7560bc88c386fa6abad7cd1.camel@telenet.be
fesoj000 schreef op ma 21-03-2022 om 22:19 [+0100]:
Toggle quote (3 lines)
> +   (home-page (string-append "https://netfilter.org/projects/"
> +                             "libnetfilter_conntrack/index.html"))

You don't have to do 'string-append' here; IIUC, going beyond 80
columns is considered acceptable if it is due to long URLs.

Greetings,
Maxime.
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYjt5dxccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7hSYAP9dMWo06nmKM18qcM3uDMmqblYN
OMEpu6lNS9SohEq+bQD/auvWc4Q4ak8Vdc0CBEoyzdjNeM9W+38XFU0cwssv2A8=
=AY+X
-----END PGP SIGNATURE-----


F
F
fesoj000 wrote on 23 Mar 22:28 +0100
Re: [bug#54457] [PATCH 9/9] gnu: Add ulogd
aced404c-c180-ea70-b22b-2a7ed58e9231@gmail.com
On 3/23/22 8:41 PM, Maxime Devos wrote:
Toggle quote (5 lines)
> fesoj000 schreef op ma 21-03-2022 om 22:20 [+0100]:
>> +@item
>> +SQL database back-end support: SQLite3, MySQL and PostgreSQL
> Does this work out-of-the-box, or do extra inputs need to be added for
> this?
Good point, this is the upstream description of the daemon. I personally
only use syslog output currently. And yes, to add support for those
database back-ends, we need to add them as inputs. Although i would prefer
to not "blow up" the package. Postgresql and especially mysql a rather "big
boys". On a router this might be a little much. This could be fixed, by
providing a separate "lib" output for those.

For me personally, i plan to continue using syslog output. Further i plan
to use pcap and josn output for certain things, but so far i did not have
time to play with that.

So, what i would do is, add sqlite, libpcap and jansson as inputs. This
enables sqlite, pcap and json output support in ulogd.

If postgresql and mysql is something somebody needs, i would propose to
introduce a new package variant which adds those inputs.

Is this something we could do?
L
L
Ludovic Courtès wrote on 24 Mar 12:24 +0100
control message for bug #54457
(address . control@debbugs.gnu.org)
87mthfd24l.fsf@gnu.org
tags 54457 + moreinfo
quit
F
F
fesoj000 wrote on 26 Mar 13:31 +0100
Re: [bug#54457] [PATCH 9/9] gnu: Add ulogd
5ea6d886-771b-f72f-291a-d103ff6286e8@gmail.com
On 3/23/22 10:28 PM, fesoj000 wrote:
Toggle quote (24 lines)
> On 3/23/22 8:41 PM, Maxime Devos wrote:
>> fesoj000 schreef op ma 21-03-2022 om 22:20 [+0100]:
>>> +@item
>>> +SQL database back-end support: SQLite3, MySQL and PostgreSQL
>> Does this work out-of-the-box, or do extra inputs need to be added for
>> this?
> Good point, this is the upstream description of the daemon. I personally
> only use syslog output currently. And yes, to add support for those
> database back-ends, we need to add them as inputs. Although i would prefer
> to not "blow up" the package. Postgresql and especially mysql a rather "big
> boys". On a router this might be a little much. This could be fixed, by
> providing a separate "lib" output for those.
>
> For me personally, i plan to continue using syslog output. Further i plan
> to use pcap and josn output for certain things, but so far i did not have
> time to play with that.
>
> So, what i would do is, add sqlite, libpcap and jansson as inputs. This
> enables sqlite, pcap and json output support in ulogd.
>
> If postgresql and mysql is something somebody needs, i would propose to
> introduce a new package variant which adds those inputs.
>
> Is this something we could do?
Below one can find three definitions, the first is ulogd with sqlite, libpcap
and jansson inputs. Following that is ulogd+postgresql and ulogd+mysql with the
additional inputs they need.

After the package definitions the output of guix size follows for every
definition. ulogd has a size of 85.0 MiB, ulogd+postgresql has a size of 140.4
MiB, ulogd+mysql has a size of 702.9 MiB.

According to this data, i would consider postgresql as input for ulogd. But
mysql increases the size way too much for me. I need to move images around the
network or upload them to some cloud. Maybe mariadb could be used as a mysql
replacement, are they still compatible? But mariadb is also large 370 MiB ...

I will wait a day or two, if i do not hear any other opinion on that i will send
a new patchset where ulogd gets postgresql as input, but mysql not.

(define-public ulogd
(package
(name "ulogd")
(version "2.0.7")
(source
(origin
(method url-fetch)
(uri (string-append "https://netfilter.org/projects/"name "/files/" name
"-" version ".tar.bz2"))
(sha256
(base32
"0ax9959c4bapq78n13bbaibcf1gwjir3ngx8l2dh45lw9m4ha2lr"))))
(build-system gnu-build-system)
(supported-systems (filter target-linux? %supported-systems))
(native-inputs (list pkg-config))
(inputs (list libnfnetlink libmnl libnetfilter-log libnetfilter-conntrack
libnetfilter-acct sqlite libpcap jansson))
(arguments
(list #:phases
#~(modify-phases %standard-phases
(add-after 'install 'install-doc
(lambda _
(let ((out-etc (string-append #$output "/etc"))
(ulogd.conf "ulogd.conf"))
(mkdir-p out-etc)
(copy-file ulogd.conf (string-append out-etc "/" ulogd.conf))))))))
(synopsis "Userspace logging daemon for netfilter/iptables.")
(description "ulogd is a userspace logging daemon for netfilter/iptables
related logging. This includes per-packet logging of security violations,
per-packet logging for accounting, per-flow logging and flexible user-defined
accounting.
@enumerate
@item
Packet and flow-based traffic accounting
@item
Flexible user-defined traffic accounting via nfacct infrastructure
@item
SQL database back-end support: SQLite3
@item
Text-based output formats: CSV, XML, Netfilter's LOG, Netfilter's conntrack
@end enumerate
")
(license license:gpl2)))

(define-public ulogd+postgresql
(package
(inherit ulogd)
(name (string-append (package-name ulogd) "+postgresql"))
(inputs (modify-inputs (package-inputs ulogd)
(append postgresql)))
(arguments
(substitute-keyword-arguments (package-arguments ulogd)
((#:configure-flags configure-flags ''())
`(append ,configure-flags
(list (string-append "--with-pgsql="
(assoc-ref %build-inputs "postgresql")))))))))

(define-public ulogd+postgresql
(package
(inherit ulogd)
(name (string-append (package-name ulogd) "+postgresql"))
(inputs (modify-inputs (package-inputs ulogd)
(append postgresql)))
(arguments
(substitute-keyword-arguments (package-arguments ulogd)
((#:configure-flags configure-flags ''())
`(append ,configure-flags
(list (string-append "--with-pgsql="
(assoc-ref %build-inputs "postgresql")))))))))

(define-public ulogd+mysql
(package
(inherit ulogd)
(name (string-append (package-name ulogd) "+mysql"))
(inputs (modify-inputs (package-inputs ulogd)
(append mysql zlib openssl)))
(arguments
(substitute-keyword-arguments (package-arguments ulogd)
((#:configure-flags configure-flags ''())
`(append ,configure-flags
(list (string-append "--with-mysql="
(assoc-ref %build-inputs "mysql")))))))))

$ ./pre-inst-env guix size ulogd
store item total self
/gnu/store/5h2w4qi9hk1qzzgi1w83220ydslinr4s-glibc-2.33 38.3 36.6 43.1%
/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib 71.7 33.4 39.3%
/gnu/store/9rrnm5hdjw7cy96a2a9rfgh6y08wsbmf-ncurses-6.2.20210619 77.6 5.9 7.0%
/gnu/store/xmzx5mzv4863yw9kmr2ykndgp37p8if0-sqlite-3.36.0 82.3 3.2 3.8%
/gnu/store/720rj90bch716isd8z7lcwrnvz28ap4y-bash-static-5.1.8 1.7 1.7 2.0%
/gnu/store/wcwls45278gzpjvwlvrrs1y7h30g44xh-readline-8.1.1 79.0 1.4 1.7%
/gnu/store/4y5m9lb8k3qkb1y9m02sw9w9a6hacd16-bash-minimal-5.1.8 39.3 1.0 1.2%
/gnu/store/c8mld9g531an1r002ksbidp224l9xgff-libpcap-1.10.1 73.3 0.7 0.8%
/gnu/store/sww4g1nq9bi3hn8xqdf9x507kn3vql9v-ulogd-2.0.7 85.0 0.5 0.6%
/gnu/store/l7i9mq16vy8cp05zl0a3r5awyfsps27b-libnetfilter-conntrack-1.0.8 72.0 0.2 0.2%
/gnu/store/nprljhh7a86351vg6h23va3kfdnkwnd4-jansson-2.13.1 71.7 0.1 0.1%
/gnu/store/mfnzmv8i64s53m0g0cn2fx2sav48ssfc-libnetfilter-log-1.0.2 71.9 0.1 0.1%
/gnu/store/cpsfihchx5spv7c6y5fch0zlkvkwvlnq-libnfnetlink-1.0.1 71.7 0.1 0.1%
/gnu/store/dj7kw3mqasw0rxdbm1gkajgsznhw8b4h-libmnl-1.0.4 71.7 0.1 0.1%
/gnu/store/iny0cn6qbj0xxczqk4hfmjacyfal44w8-libnetfilter-acct-1.0.3 71.8 0.0 0.1%
total: 85.0 MiB

$ ./pre-inst-env guix size ulogd+postgresql
store item total self
/gnu/store/5h2w4qi9hk1qzzgi1w83220ydslinr4s-glibc-2.33 38.3 36.6 26.1%
/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib 71.7 33.4 23.8%
/gnu/store/q6qp3521gay7izpz8p68d21zsdmz6nnm-postgresql-13.4 135.5 24.3 17.3%
/gnu/store/d251rfgc9nm2clzffzhgiipdvfvzkvwi-coreutils-8.32 88.0 16.4 11.6%
/gnu/store/5583c2za2jsn9g6az79rnksgvigwnsk7-util-linux-2.37.2-lib 80.7 9.0 6.4%
/gnu/store/9rrnm5hdjw7cy96a2a9rfgh6y08wsbmf-ncurses-6.2.20210619 77.6 5.9 4.2%
/gnu/store/plr00nij45964cyy7sfcg5rcsi8hks0h-openssl-1.1.1l 77.2 5.5 3.9%
/gnu/store/xmzx5mzv4863yw9kmr2ykndgp37p8if0-sqlite-3.36.0 82.3 3.2 2.3%
/gnu/store/720rj90bch716isd8z7lcwrnvz28ap4y-bash-static-5.1.8 1.7 1.7 1.2%
/gnu/store/wcwls45278gzpjvwlvrrs1y7h30g44xh-readline-8.1.1 79.0 1.4 1.0%
/gnu/store/4y5m9lb8k3qkb1y9m02sw9w9a6hacd16-bash-minimal-5.1.8 39.3 1.0 0.7%
/gnu/store/c8mld9g531an1r002ksbidp224l9xgff-libpcap-1.10.1 73.3 0.7 0.5%
/gnu/store/snh4hdpg7k75s4gjcd2s77lkxrxx2m0m-ulogd+postgresql-2.0.7 140.4 0.6 0.4%
/gnu/store/8qv5kb2fgm4c3bf70zcg9l6hkf3qzpw9-zlib-1.2.11 71.9 0.2 0.2%
/gnu/store/l7i9mq16vy8cp05zl0a3r5awyfsps27b-libnetfilter-conntrack-1.0.8 72.0 0.2 0.1%
/gnu/store/nprljhh7a86351vg6h23va3kfdnkwnd4-jansson-2.13.1 71.7 0.1 0.1%
/gnu/store/mfnzmv8i64s53m0g0cn2fx2sav48ssfc-libnetfilter-log-1.0.2 71.9 0.1 0.0%
/gnu/store/cpsfihchx5spv7c6y5fch0zlkvkwvlnq-libnfnetlink-1.0.1 71.7 0.1 0.0%
/gnu/store/dj7kw3mqasw0rxdbm1gkajgsznhw8b4h-libmnl-1.0.4 71.7 0.1 0.0%
/gnu/store/iny0cn6qbj0xxczqk4hfmjacyfal44w8-libnetfilter-acct-1.0.3 71.8 0.0 0.0%
total: 140.4 MiB

$ ./pre-inst-env guix size ulogd+mysql
store item total self
/gnu/store/a1qdzqnqqxshdzv9andf4v9kr8dspyil-mysql-5.7.33 697.9 204.3 29.1%
/gnu/store/069aq2v993kpc41yabp5b6vm4wb9jkhg-gcc-10.3.0 217.7 145.8 20.7%
/gnu/store/vdlmzq6h0x5lxhr0nkr315dh2fbhm8d8-boost-1.59.0 219.7 108.5 15.4%
/gnu/store/hy6abswwv4d89zp464fw52z65fkzr7h5-perl-5.34.0 147.7 58.6 8.3%
/gnu/store/hzic3ddl5yvnyw7gm4a0qc5icgqy2442-icu4c-69.1 110.7 38.0 5.4%
/gnu/store/5h2w4qi9hk1qzzgi1w83220ydslinr4s-glibc-2.33 38.3 36.6 5.2%
/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib 71.7 33.4 4.7%
/gnu/store/8fpk2cja3f07xls48jfnpgrzrljpqivr-coreutils-8.32 91.6 16.4 2.3%
/gnu/store/vqdsrvs9jbn0ix2a58s99jwkh74124y5-coreutils-minimal-8.32 88.0 16.4 2.3%
/gnu/store/d99ykvj3axzzidygsmdmzxah4lvxd6hw-bash-5.1.8 85.3 6.2 0.9%
/gnu/store/9rrnm5hdjw7cy96a2a9rfgh6y08wsbmf-ncurses-6.2.20210619 77.6 5.9 0.8%
/gnu/store/plr00nij45964cyy7sfcg5rcsi8hks0h-openssl-1.1.1l 77.2 5.5 0.8%
/gnu/store/dalhky8hh7ib25m63j0c3sh6iqqf2p36-mit-krb5-1.19.2 82.2 3.9 0.6%
/gnu/store/55q02v1a3qz8n7rlhy3jva9qjkfwj8y0-gawk-5.1.0 88.6 3.3 0.5%
/gnu/store/xmzx5mzv4863yw9kmr2ykndgp37p8if0-sqlite-3.36.0 82.3 3.2 0.5%
/gnu/store/fwbiihd2sbhai63y1pvvdh0f2bakfzrf-gmp-6.2.1 74.4 2.7 0.4%
/gnu/store/720rj90bch716isd8z7lcwrnvz28ap4y-bash-static-5.1.8 1.7 1.7 0.2%
/gnu/store/di5bqb45hi5lvp2q08hlxqjdcl9phjb1-pcre-8.45 73.4 1.7 0.2%
/gnu/store/m2wmfwk2m4390dwbnjm6ps5y4c9pchi5-procps-3.3.16 79.1 1.5 0.2%
/gnu/store/wcwls45278gzpjvwlvrrs1y7h30g44xh-readline-8.1.1 79.0 1.4 0.2%
/gnu/store/2b3blhwbag1ial0dhxw7wh4zjxl0cqpk-pkg-config-0.29.2 72.8 1.1 0.2%
/gnu/store/4y5m9lb8k3qkb1y9m02sw9w9a6hacd16-bash-minimal-5.1.8 39.3 1.0 0.1%
/gnu/store/hrgqa7m498wfavq4awai3xz86ifkjxdr-grep-3.6 75.2 0.8 0.1%
/gnu/store/zhd6blbfz40xp62i4d1rcgbyrpkynbkc-sed-4.8 72.5 0.8 0.1%
/gnu/store/c8mld9g531an1r002ksbidp224l9xgff-libpcap-1.10.1 73.3 0.7 0.1%
/gnu/store/dxvpcggxj40bbb2pp3ddicapy4gzzzqk-ulogd+mysql-2.0.7 702.9 0.6 0.1%
/gnu/store/nvqxvcx05jgixpnshxp9nypacwc2mri2-libtirpc-1.3.1 82.7 0.5 0.1%
/gnu/store/s3hl12jxz9ybs7nsy7kq7ybzz7qnzmsg-bzip2-1.0.8 73.1 0.4 0.1%
/gnu/store/a38k2v29l6l0iz6pmlk4dmzwdbvl10lq-acl-2.3.1 72.3 0.3 0.0%
/gnu/store/a7ggx0af69gv4k5mr1k617p4vy9kgx2v-libcap-2.62 72.0 0.3 0.0%
/gnu/store/jkjs0inmzhj4vsvclbf08nmh0shm7lrf-attr-2.5.1 71.9 0.2 0.0%
/gnu/store/8qv5kb2fgm4c3bf70zcg9l6hkf3qzpw9-zlib-1.2.11 71.9 0.2 0.0%
/gnu/store/mrd2bamw39851jpr4m2q8gimg8s48gzh-zlib-1.2.11 38.5 0.2 0.0%
/gnu/store/l7i9mq16vy8cp05zl0a3r5awyfsps27b-libnetfilter-conntrack-1.0.8 72.0 0.2 0.0%
/gnu/store/nprljhh7a86351vg6h23va3kfdnkwnd4-jansson-2.13.1 71.7 0.1 0.0%
/gnu/store/mfnzmv8i64s53m0g0cn2fx2sav48ssfc-libnetfilter-log-1.0.2 71.9 0.1 0.0%
/gnu/store/m4dgk1q4zvzw6lnccr7fd941w0sisb5b-libaio-0.3.112 71.7 0.1 0.0%
/gnu/store/cpsfihchx5spv7c6y5fch0zlkvkwvlnq-libnfnetlink-1.0.1 71.7 0.1 0.0%
/gnu/store/dj7kw3mqasw0rxdbm1gkajgsznhw8b4h-libmnl-1.0.4 71.7 0.1 0.0%
/gnu/store/4r6f3a6n82nv48c7nznhhcl19k7pl0ig-libsigsegv-2.13 71.7 0.1 0.0%
/gnu/store/iny0cn6qbj0xxczqk4hfmjacyfal44w8-libnetfilter-acct-1.0.3 71.8 0.0 0.0%
total: 702.9 MiB

BR
M
M
Maxime Devos wrote on 26 Mar 19:30 +0100
e275cac40fb64367960fdd453046ed6db0071089.camel@telenet.be
fesoj000 schreef op za 26-03-2022 om 13:31 [+0100]:
Toggle quote (9 lines)
> After the package definitions the output of guix size follows for every
> definition. ulogd has a size of 85.0 MiB, ulogd+postgresql has a size of 140.4
> MiB, ulogd+mysql has a size of 702.9 MiB.
>
> According to this data, i would consider postgresql as input for ulogd. But
> mysql increases the size way too much for me. I need to move images around the
> network or upload them to some cloud. Maybe mariadb could be used as a mysql
> replacement, are they still compatible? But mariadb is also large 370 MiB ...

It looks like ulogd2 has a kind of plugin architecture (see
the plugins can be put in separate outputs (or separate packages,
whatever's the most convenient)? That should eliminate the closure
size concerns.

It might be be necessary to introduce some kind of ULOGD_PLUGIN_PATH
though such that it will actually find the libraries it tries to
dlopen, without having to explicitely pass the full
/gnu/store/.../lib/....so.

Greetings,
Maxime.
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYj9bvRccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7g3tAQCo59dZYc20Qc85TO+z07nxvCt3
kKLDafYBegubOOCALgD+P+Gtj70e2m7KDxpXMCbgac8nwbtUzpslHrp+pdAKXgI=
=S/FA
-----END PGP SIGNATURE-----


F
F
fesoj000 wrote on 27 Mar 00:34 +0100
[PATCHv3 0/9] Add netfilter tools and libraries
(address . 54457@debbugs.gnu.org)
047770d3-bd24-ab84-1fa7-ad079536cf84@gmail.com
- fixed names s/_/-/
- fixed libnetfilter-cttimeout inputs
- use #$output where possible
- keep urls as a single string literal
- move supported-systems to the 'bottom'
- have every ulogd plugin in a separate output. To use a plugin, one
has to include the absolute path to the <plugin>.so in the ulogd
config file. That means, from a package point of view, no extra
measures are necessary to make the plugins available to ulogd.
A ulogd-service-type will need to take care of the plugin paths.
F
F
fesoj000 wrote on 27 Mar 00:34 +0100
[PATCHv3 1/9] gnu: Add libnetfilter-conntrack
(address . 54457@debbugs.gnu.org)
4d48ac8c-9a1e-9ccc-9d00-3f114e496ec5@gmail.com
* gnu/packages/linux.scm (libnetfilter-conntrack): New variable.
---
gnu/packages/linux.scm | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)

Toggle diff (41 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 72eb106ec2..3f7118dadc 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7278,6 +7278,34 @@ (define-public nftables
  userspace queueing component and the logging subsystem.")
      (license license:gpl2)))
  
+(define-public libnetfilter-conntrack
+  (package
+   (name "libnetfilter-conntrack")
+   (version "1.0.8")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/"
+                         "libnetfilter_conntrack/files/"
+                         "libnetfilter_conntrack-"
+                         version ".tar.bz2"))
+     (sha256
+      (base32
+       "1ky1mqgnplw2h9jf0kn0a69d94jkydhbiipng9l2hdcj13h3pl8c"))))
+   (build-system gnu-build-system)
+   (native-inputs (list pkg-config))
+   (inputs (list libnfnetlink libmnl))
+   (synopsis "Library for kernel connection tracking state table.")
+   (description "libnetfilter_conntrack is a userspace library providing a
+programming interface (API) to the in-kernel connection tracking state table.
+The library libnetfilter_conntrack has been previously known as
+libnfnetlink_conntrack and libctnetlink. This library is currently used by
+conntrack-tools among many other applications.")
+   (home-page (string-append
+               "https://netfilter.org/projects/libnetfilter_conntrack/index.html"))
+   (supported-systems (filter target-linux? %supported-systems))
+   (license license:gpl2+)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 27 Mar 00:34 +0100
[PATCHv3 2/9] gnu: Add libnetfilter-cttimeout
(address . 54457@debbugs.gnu.org)
738bfc99-1a5e-831f-8b33-6a39585017bb@gmail.com
* gnu/packages/linux.scm (libnetfilter-cttimeout): New variable.
---
gnu/packages/linux.scm | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)

Toggle diff (41 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 3f7118dadc..4e9d8867dd 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7306,6 +7306,34 @@ (define-public libnetfilter-conntrack
     (supported-systems (filter target-linux? %supported-systems))
     (license license:gpl2+)))
  
+(define-public libnetfilter-cttimeout
+  (package
+   (name "libnetfilter-cttimeout")
+   (version "1.0.0")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/"
+                         "libnetfilter_cttimeout/files/"
+                         "libnetfilter_cttimeout-"
+                         version ".tar.bz2"))
+     (sha256
+      (base32
+       "1fpyz1zlvcq80244knvyvy87909xjqlj02lmw8yblz2m9xsi5axf"))))
+   (build-system gnu-build-system)
+   (native-inputs (list pkg-config))
+   (inputs (list libmnl))
+   (synopsis "Library for kernel connection tracking timeout infrastructure")
+   (description "libnetfilter_cttimeout is the userspace library that provides
+the programming interface to the fine-grain connection tracking timeout
+infrastructure. With this library, you can create, update and delete timeout
+policies that can be attached to traffic flows. This library is used by
+conntrack-tools.")
+   (home-page (string-append
+               "https://netfilter.org/projects/libnetfilter_cttimeout/index.html"))
+   (supported-systems (filter target-linux? %supported-systems))
+   (license license:gpl2)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 27 Mar 00:34 +0100
[PATCHv3 3/9] gnu: Add libnetfilter-cthelper
(address . 54457@debbugs.gnu.org)
89faea54-2c8b-bfcf-d19e-e6c5950302c7@gmail.com
* gnu/packages/linux.scm (libnetfilter-cthelper): New variable.
---
gnu/packages/linux.scm | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)

Toggle diff (47 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 4e9d8867dd..5520478025 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7334,6 +7334,40 @@ (define-public libnetfilter-cttimeout
     (supported-systems (filter target-linux? %supported-systems))
     (license license:gpl2)))
  
+(define-public libnetfilter-cthelper
+  (package
+   (name "libnetfilter-cthelper")
+   (version "1.0.0")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/"
+                         "libnetfilter_cthelper/files/"
+                         "libnetfilter_cthelper-"
+                         version ".tar.bz2"))
+     (sha256
+      (base32
+       "0gfgzkc1fjniqwk4jxds72c0lcgfhq2591hrvjrvd9nrqiqqwq87"))))
+   (build-system gnu-build-system)
+   (native-inputs (list pkg-config))
+   (inputs (list libmnl))
+   (synopsis "Library for user-space connection tracking helpers")
+   (description "libnetfilter_cthelper is a userspace library that provides a
+programming interface to user-space connection tracking helpers.
+@enumerate
+@item
+register new user-space connection tracking helpers
+@item
+unregister user-space connection tracking helpers
+@item
+list existing registered user-space connection tracking helpers
+@end enumerate
+")
+   (home-page (string-append
+               "https://netfilter.org/projects/libnetfilter_cthelper/index.html"))
+   (supported-systems (filter target-linux? %supported-systems))
+   (license license:gpl2+)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 27 Mar 00:34 +0100
[PATCHv3 4/9] gnu: Add libnetfilter-queue
(address . 54457@debbugs.gnu.org)
6ee33f64-700c-03b7-bd53-7088df7c5b78@gmail.com
* gnu/packages/linux.scm (libnetfilter-queue): New variable.
---
gnu/packages/linux.scm | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)

Toggle diff (38 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 5520478025..b6a5a19e18 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7368,6 +7368,31 @@ (define-public libnetfilter-cthelper
     (supported-systems (filter target-linux? %supported-systems))
     (license license:gpl2+)))
  
+(define-public libnetfilter-queue
+  (package
+   (name "libnetfilter-queue")
+   (version "1.0.5")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/"
+                         "libnetfilter_queue/files/"
+                         "libnetfilter_queue-"
+                         version ".tar.bz2"))
+     (sha256
+      (base32
+       "1xdra6i4p8jkv943ygjw646qx8df27f7p5852kc06vjx608krzzr"))))
+   (build-system gnu-build-system)
+   (native-inputs (list pkg-config))
+   (inputs (list libmnl libnfnetlink))
+   (synopsis "Userspace library for kernel netfilter infrastructure and state")
+   (description "libnetfilter_queue is a userspace library providing an API to
+packets that have been queued by the kernel packet filter. It is is part of a
+system that deprecates the old ip_queue / libipq mechanism.")
+   (home-page "https://netfilter.org/projects/libnetfilter_queue/index.html")
+   (supported-systems (filter target-linux? %supported-systems))
+   (license license:gpl2+)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 27 Mar 00:34 +0100
[PATCHv3 5/9] gnu: Add conntrack-tools
(address . 54457@debbugs.gnu.org)
d32aa4e3-3ef5-e388-1739-61b6f14276b2@gmail.com
* gnu/packages/linux.scm (conntrack-tools): New variable.
---
gnu/packages/linux.scm | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)

Toggle diff (53 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index b6a5a19e18..0d3a69b17c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -128,6 +128,7 @@ (define-module (gnu packages linux)
    #:use-module (gnu packages networking)
    #:use-module (gnu packages ninja)
    #:use-module (gnu packages nss)
+  #:use-module (gnu packages onc-rpc)
    #:use-module (gnu packages perl)
    #:use-module (gnu packages pciutils)
    #:use-module (gnu packages pkg-config)
@@ -7393,6 +7394,38 @@ (define-public libnetfilter-queue
     (supported-systems (filter target-linux? %supported-systems))
     (license license:gpl2+)))
  
+(define-public conntrack-tools
+  (package
+   (name "conntrack-tools")
+   (version "1.4.6")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/"
+                         "conntrack-tools/files/"
+                         "conntrack-tools-"
+                         version ".tar.bz2"))
+     (sha256
+      (base32
+       "0psx41bclqrh4514yzq03rvs3cq3scfpd1v4kkyxnic2hk65j22r"))))
+   (build-system gnu-build-system)
+   (native-inputs (list bison flex pkg-config))
+   (inputs (list libtirpc libnetfilter-conntrack libnetfilter-cttimeout
+                 libnetfilter-cthelper libnetfilter-queue libnfnetlink libmnl))
+   (synopsis "Set of tools targeting the conntrack kernel subsystem.")
+   (description "The tool conntrack provides a full featured interface that is
+intended to replace the old /proc/net/ip_conntrack interface.Using conntrack,
+you can view and manage the in-kernel connection tracking state table from
+userspace. On the other hand, conntrackd covers the specific aspects of stateful
+firewalls to enable highly available scenarios, and can be used as statistics
+collector as well.
+Since 1.2.0, the conntrack-tools includes the nfct command line utility. This
+utility only supports the nfnetlink_cttimeout by now. In the long run, we expect
+that it will replace conntrack by providing a syntax similar to nftables.")
+   (home-page "https://netfilter.org/projects/conntrack-tools/index.html")
+   (supported-systems (filter target-linux? %supported-systems))
+   (license license:gpl2+)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 27 Mar 00:34 +0100
[PATCHv3 6/9] gnu: Add libnetfilter-acct
(address . 54457@debbugs.gnu.org)
a97b06d9-3caa-3bb7-2152-f365c656bbff@gmail.com
* gnu/packages/linux.scm (libnetfilter-acct): New variable.
---
gnu/packages/linux.scm | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)

Toggle diff (46 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 0d3a69b17c..4956f9dc6c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7426,6 +7426,39 @@ (define-public conntrack-tools
     (supported-systems (filter target-linux? %supported-systems))
     (license license:gpl2+)))
  
+(define-public libnetfilter-acct
+  (package
+   (name "libnetfilter-acct")
+   (version "1.0.3")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/"
+                         "libnetfilter_acct/files/"
+                         "libnetfilter_acct-"
+                         version ".tar.bz2"))
+     (sha256
+      (base32
+       "06lsjndgfjsgfjr43px2n2wk3nr7whz6r405mks3887y7vpwwl22"))))
+   (build-system gnu-build-system)
+   (native-inputs (list pkg-config))
+   (inputs (list libmnl))
+   (synopsis "Library providing interface to extended accounting infrastructure.")
+   (description "libnetfilter_acct is the userspace library providing interface
+to extended accounting infrastructure.
+@enumerate
+@item
+creating accounting objects
+@item
+retrieving accounting objects (and atomically set to zero)
+@item
+deleting accounting objects
+@end enumerate
+For the nfnetlink_acct subsystem.")
+   (home-page "https://netfilter.org/projects/libnetfilter_acct/index.html")
+   (supported-systems (filter target-linux? %supported-systems))
+   (license license:lgpl2.1+)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 27 Mar 00:34 +0100
[PATCHv3 7/9] gnu: Add nfacct
(address . 54457@debbugs.gnu.org)
15f7e7fc-0712-3902-3f1c-706a848c3ee1@gmail.com
* gnu/packages/linux.scm (nfacct): New variable.
---
gnu/packages/linux.scm | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)

Toggle diff (46 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 4956f9dc6c..74c088fa0d 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7459,6 +7459,39 @@ (define-public libnetfilter-acct
     (supported-systems (filter target-linux? %supported-systems))
     (license license:lgpl2.1+)))
  
+(define-public nfacct
+  (package
+   (name "nfacct")
+   (version "1.0.2")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/" name "/files/" name
+                         "-" version ".tar.bz2"))
+     (sha256
+      (base32
+       "0sdxbxjyapbqcp2ami5jd10vz4xbbdvx39f3wfy1iqsbflc25zzc"))))
+   (build-system gnu-build-system)
+   (native-inputs (list pkg-config))
+   (inputs (list libmnl libnetfilter-acct))
+   (synopsis "Command line tool to create/retrieve/delete accounting objects")
+   (description "nfacct is the command line tool to create/retrieve/delete
+accounting objects
+@enumerate
+@item
+listing the objects of the nfacct table in plain text/XML
+@item
+atomically get and reset objects of the nfacct table
+@item
+adding new objects to the nfacct table
+@item
+deleting objects from the nfacct table
+@end enumerate
+")
+   (home-page "https://netfilter.org/projects/nfacct/index.html")
+   (supported-systems (filter target-linux? %supported-systems))
+   (license license:gpl2+)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 27 Mar 00:34 +0100
[PATCHv3 8/9] gnu: Add libnetfilter-log
(address . 54457@debbugs.gnu.org)
963b4cf7-f3d0-9026-2e8d-417dc804907b@gmail.com
* gnu/packages/linux.scm (libnetfilter-log): New variable.
---
gnu/packages/linux.scm | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)

Toggle diff (45 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 74c088fa0d..6dc42439f5 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7492,6 +7492,38 @@ (define-public nfacct
     (supported-systems (filter target-linux? %supported-systems))
     (license license:gpl2+)))
  
+(define-public libnetfilter-log
+  (package
+   (name "libnetfilter-log")
+   (version "1.0.2")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/"
+                         "libnetfilter_log/files/"
+                         "libnetfilter_log-"
+                         version ".tar.bz2"))
+     (sha256
+      (base32
+       "1spy9xs41v76kid5ana8n126f3mvgq6fjibbfbj4kn0larbhix73"))))
+   (build-system gnu-build-system)
+   (native-inputs (list pkg-config))
+   (inputs (list libnfnetlink libmnl))
+   (synopsis "Userspace library providing interface to packets logged by
+netfilter.")
+   (description "libnetfilter_log is a userspace library providing interface to
+packets that have been logged by the kernel packet filter. It is is part of a
+system that deprecates the old syslog/dmesg based packet logging. This library
+has been previously known as libnfnetlink_log.
+@enumerate
+@item
+receiving to-be-logged packets from the kernel nfnetlink_log subsystem
+@end enumerate
+")
+   (home-page "https://netfilter.org/projects/libnetfilter_log/index.html")
+   (supported-systems (filter target-linux? %supported-systems))
+   (license license:gpl2+)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 27 Mar 00:34 +0100
[PATCHv3 9/9] gnu: Add ulogd
(address . 54457@debbugs.gnu.org)
8b915636-f5d6-0de5-2489-c9675df66387@gmail.com
* gnu/packages/linux.scm (ulogd): New variable.
---
gnu/packages/linux.scm | 75 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 75 insertions(+)

Toggle diff (95 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 6dc42439f5..7dba2cd9c6 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -99,6 +99,7 @@ (define-module (gnu packages linux)
    #:use-module (gnu packages compression)
    #:use-module (gnu packages dbm)
    #:use-module (gnu packages datastructures)
+  #:use-module (gnu packages databases)
    #:use-module (gnu packages docbook)
    #:use-module (gnu packages documentation)
    #:use-module (gnu packages elf)
@@ -7524,6 +7525,80 @@ (define-public libnetfilter-log
     (supported-systems (filter target-linux? %supported-systems))
     (license license:gpl2+)))
  
+(define-public ulogd
+  (package
+   (name "ulogd")
+   (version "2.0.7")
+   (source
+    (origin
+     (method url-fetch)
+     (uri (string-append "https://netfilter.org/projects/" name "/files/" name
+                         "-" version ".tar.bz2"))
+     (sha256
+      (base32
+       "0ax9959c4bapq78n13bbaibcf1gwjir3ngx8l2dh45lw9m4ha2lr"))))
+   (build-system gnu-build-system)
+   (outputs '("out"
+              ;; additonal non-default output plugins
+              "json" "pcap" "sqlite3" "pgsql" "mysql"))
+   (native-inputs (list pkg-config))
+   (inputs (list libnfnetlink libmnl libnetfilter-log libnetfilter-conntrack
+                 libnetfilter-acct sqlite libpcap jansson postgresql mysql zlib
+                 openssl))
+   (arguments
+    (list #:configure-flags
+          #~(list (string-append "--with-pgsql="
+                                 (assoc-ref %build-inputs "postgresql"))
+                  (string-append "--with-mysql="
+                                 (assoc-ref %build-inputs "mysql")))
+          #:phases
+          #~(modify-phases %standard-phases
+              (add-after 'install 'install-doc
+                (lambda _
+                  (let ((out-etc (string-append #$output "/etc"))
+                        (ulogd.conf "ulogd.conf"))
+                    (mkdir-p out-etc)
+                    (copy-file ulogd.conf (string-append out-etc "/"
+                                                         ulogd.conf)))))
+              (add-after 'install 'setup-plugin-outputs
+                (lambda* (#:key outputs #:allow-other-keys)
+                  (with-directory-excursion
+                      (string-append #$output "/lib/ulogd/")
+                    (for-each
+                     (lambda (output-name)
+                       (let ((output-dir (string-append
+                                          (assoc-ref outputs output-name)
+                                          "/lib/ulogd/")))
+                         (mkdir-p output-dir)
+                         (for-each
+                          (lambda (plugin)
+                            (copy-file plugin (string-append output-dir plugin))
+                            (delete-file plugin))
+                          (find-files "."
+                           (string-append "ulogd_output_"
+                                          (string-upcase output-name)
+                                          ".*$")))))
+                     (list "json" "pcap" "sqlite3" "pgsql" "mysql"))))))))
+   (synopsis "Userspace logging daemon for netfilter/iptables.")
+   (description "ulogd is a userspace logging daemon for netfilter/iptables
+related logging. This includes per-packet logging of security violations,
+per-packet logging for accounting, per-flow logging and flexible user-defined
+accounting.
+@enumerate
+@item
+Packet and flow-based traffic accounting
+@item
+Flexible user-defined traffic accounting via nfacct infrastructure
+@item
+SQL database back-end support: SQLite3, PostgreSQL, MySQL
+@item
+Text-based output formats: CSV, XML, Netfilter's LOG, Netfilter's conntrack
+@end enumerate
+")
+   (home-page "https://netfilter.org/projects/nfacct/index.html")
+   (supported-systems (filter target-linux? %supported-systems))
+   (license license:gpl2)))
+
  (define-public proot
    (package
      (name "proot")
-- 
2.34.0
F
F
fesoj000 wrote on 1 Apr 14:48 +0200
Re: [PATCHv3 0/9] Add netfilter tools and libraries
(address . 54457@debbugs.gnu.org)
ef5878f7-f6d7-c58c-226b-2cfabb48ad6b@gmail.com
Ping

On 3/27/22 12:34 AM, fesoj000 wrote:
Toggle quote (11 lines)
> - fixed names s/_/-/
> - fixed libnetfilter-cttimeout inputs
> - use #$output where possible
> - keep urls as a single string literal
> - move supported-systems to the 'bottom'
> - have every ulogd plugin in a separate output. To use a plugin, one
>   has to include the absolute path to the <plugin>.so in the ulogd
>   config file. That means, from a package point of view, no extra
>   measures are necessary to make the plugins available to ulogd.
>   A ulogd-service-type will need to take care of the plugin paths.
>
L
L
Ludovic Courtès wrote on 11 Apr 14:01 +0200
Re: bug#54457: [PATCH 0/9] Add netfilter tools and libraries
(name . fesoj000)(address . fesoj000@gmail.com)(address . 54457-done@debbugs.gnu.org)
878rsbkewn.fsf_-_@gnu.org
Hi,

fesoj000 <fesoj000@gmail.com> skribis:

Toggle quote (11 lines)
> - fixed names s/_/-/
> - fixed libnetfilter-cttimeout inputs
> - use #$output where possible
> - keep urls as a single string literal
> - move supported-systems to the 'bottom'
> - have every ulogd plugin in a separate output. To use a plugin, one
> has to include the absolute path to the <plugin>.so in the ulogd
> config file. That means, from a package point of view, no extra
> measures are necessary to make the plugins available to ulogd.
> A ulogd-service-type will need to take care of the plugin paths.

Pushed the whole series as 087abdb9a2cd2634a2bec3e5a2ecfe94d8f39417.

I had to do quite a bit of work to address ‘guix lint’ warnings, notably
regarding synopses/descriptions, and to adjust formatting. Please pay
attention to ‘guix lint’ warning in the future and consider running
‘guix style’.

Thanks!

Ludo’.
Closed
?
Your comment

This issue is archived.

To comment on this conversation send email to 54457@debbugs.gnu.org