Signed-off-by: Chris Taylor <[email protected]> --- This patch adds patches to oidentd
012-netfilter_layer3_independant_conntrack.patch *Support Layer 3 Independent Connection tracking on Linux. -- This adds support for NF_CONNTRACK in addition to MASQUERADE and IP_CONNTRACK, bringing the support up to date with current kernels. 015-nf_conntrack_acct_handling.patch *Add handling for nf_conntrack_acct being off (Thanks to Jonas Gorski) -- The default for /proc/sys/net/netfilter/nf_conntrack_acct is now 0, which breaks the code added in patch 012. This extends it to work in both cases, as per the IP_CONNTRACK code. Patches, 010, 011, 013 and 014 provide several masquerade fixes. Patches 010 through 014 are sourced from http://sa.me.uk/pub/patches/oidentd/ , courtesy of Simon Arlott <[email protected]> Patch 015 is my own, with much assistance from Jonas Gorski. .../net/oidentd/patches/010-masq_fport.patch | 324 +++++++++++++++ .../oidentd/patches/011-forward_after_masq.patch | 415 ++++++++++++++++++++ ...12-netfilter_layer3_independant_conntrack.patch | 173 ++++++++ .../net/oidentd/patches/013-local_nat.patch | 102 +++++ .../net/oidentd/patches/014-v4_mapped_fix.patch | 38 ++ .../patches/015-nf_conntrack_acct_handling.patch | 31 ++ 6 files changed, 1083 insertions(+), 0 deletions(-) create mode 100644 feeds/packages/net/oidentd/patches/010-masq_fport.patch create mode 100644 feeds/packages/net/oidentd/patches/011-forward_after_masq.patch create mode 100644 feeds/packages/net/oidentd/patches/012-netfilter_layer3_independant_conntrack.patch create mode 100644 feeds/packages/net/oidentd/patches/013-local_nat.patch create mode 100644 feeds/packages/net/oidentd/patches/014-v4_mapped_fix.patch create mode 100644 feeds/packages/net/oidentd/patches/015-nf_conntrack_acct_handling.patch diff --git a/feeds/packages/net/oidentd/patches/010-masq_fport.patch b/feeds/packages/net/oidentd/patches/010-masq_fport.patch new file mode 100644 index 0000000..afe31a6 --- /dev/null +++ b/feeds/packages/net/oidentd/patches/010-masq_fport.patch @@ -0,0 +1,324 @@ +diff -r -U4 oidentd-2.0.8/ChangeLog oidentd-2.0.8a/ChangeLog +--- oidentd-2.0.8/ChangeLog 2006-05-22 06:09:34.000000000 +0100 ++++ oidentd-2.0.8a/ChangeLog 2007-04-10 18:57:11.000000000 +0100 +@@ -1,4 +1,10 @@ ++Tue Apr 10 18:45:00 BST 2006 Simon Arlott <[email protected]> ++ ++ * Fix bug handling NAT with a different destination port on Linux. ++ ++ * Fix forwarding when the destination port is different. ++ + Mon May 22 00:20:15 EDT 2006 Ryan McCabe <[email protected]> + + * Released as version 2.0.8. + +diff -r -U4 oidentd-2.0.8/src/kernel/darwin.c oidentd-2.0.8a/src/kernel/darwin.c +--- oidentd-2.0.8/src/kernel/darwin.c 2006-05-22 05:45:28.000000000 +0100 ++++ oidentd-2.0.8a/src/kernel/darwin.c 2007-04-10 18:43:31.000000000 +0100 +@@ -263,8 +263,9 @@ + + for (; np != NULL ; np = nat.nat_next) { + int ret; + in_port_t masq_lport; ++ in_port_t masq_fport; + + if (getbuf((u_long) np, &nat, sizeof(nat)) == -1) + break; + +@@ -293,13 +294,14 @@ + + lport = ntohs(lport); + fport = ntohs(fport); + masq_lport = ntohs(nat.nat_inport); ++ masq_fport = ntohs(nat.nat_outport); + + sin_setv4(nat.nat_inip.s_addr, &ss); + + if (opt_enabled(FORWARD)) { +- ret = fwd_request(sock, lport, masq_lport, fport, &ss); ++ ret = fwd_request(sock, lport, masq_lport, fport, masq_fport, &ss); + if (ret == 0) + return (0); + else { + char ipbuf[MAX_IPLEN]; +diff -r -U4 oidentd-2.0.8/src/kernel/freebsd5.c oidentd-2.0.8a/src/kernel/freebsd5.c +--- oidentd-2.0.8/src/kernel/freebsd5.c 2006-05-22 05:31:19.000000000 +0100 ++++ oidentd-2.0.8a/src/kernel/freebsd5.c 2007-04-10 18:44:26.000000000 +0100 +@@ -416,8 +416,9 @@ + + for (; np != NULL ; np = nat.nat_next) { + int ret; + in_port_t masq_lport; ++ in_port_t masq_fport; + + if (getbuf((u_long) np, &nat, sizeof(nat)) == -1) { + debug("getbuf: %s", strerror(errno)); + break; +@@ -448,13 +449,14 @@ + + lport = ntohs(lport); + fport = ntohs(fport); + masq_lport = ntohs(nat.nat_inport); ++ masq_fport = ntohs(nat.nat_outport); + + sin_setv4(nat.nat_inip.s_addr, &ss); + + if (opt_enabled(FORWARD)) { +- ret = fwd_request(sock, lport, masq_lport, fport, &ss); ++ ret = fwd_request(sock, lport, masq_lport, fport, masq_fport, &ss); + + if (ret == 0) + return (0); + else { +diff -r -U4 oidentd-2.0.8/src/kernel/freebsd.c oidentd-2.0.8a/src/kernel/freebsd.c +--- oidentd-2.0.8/src/kernel/freebsd.c 2006-05-22 05:31:19.000000000 +0100 ++++ oidentd-2.0.8a/src/kernel/freebsd.c 2007-04-10 18:44:15.000000000 +0100 +@@ -435,8 +435,9 @@ + + for (; np != NULL ; np = nat.nat_next) { + int ret; + in_port_t masq_lport; ++ in_port_t masq_fport; + + if (getbuf((u_long) np, &nat, sizeof(nat)) == -1) { + debug("getbuf: %s", strerror(errno)); + break; +@@ -467,13 +468,14 @@ + + lport = ntohs(lport); + fport = ntohs(fport); + masq_lport = ntohs(nat.nat_inport); ++ masq_fport = ntohs(nat.nat_outport); + + sin_setv4(nat.nat_inip.s_addr, &ss); + + if (opt_enabled(FORWARD)) { +- ret = fwd_request(sock, lport, masq_lport, fport, &ss); ++ ret = fwd_request(sock, lport, masq_lport, fport, masq_fport, &ss); + + if (ret == 0) + return (0); + else { +diff -r -U4 oidentd-2.0.8/src/kernel/linux.c oidentd-2.0.8a/src/kernel/linux.c +--- oidentd-2.0.8/src/kernel/linux.c 2006-05-22 04:58:53.000000000 +0100 ++++ oidentd-2.0.8a/src/kernel/linux.c 2007-04-10 19:58:44.000000000 +0100 +@@ -323,32 +323,34 @@ + char user[MAX_ULEN]; + in_addr_t remoten; + in_addr_t localm; + in_addr_t remotem; ++ in_addr_t localn; + struct sockaddr_storage ss; + int ret; + + if (!netfilter) { + u_int32_t mport_temp; ++ u_int32_t nport_temp; + u_int32_t masq_lport_temp; + u_int32_t masq_fport_temp; + +- ret = sscanf(buf, "%15s %X:%X %X:%X %X %*X %*d %*d %*u", ++ ret = sscanf(buf, "%15s %X:%X %X:%X %X %X %*d %*d %*u", + proto, &localm, &masq_lport_temp, +- &remotem, &masq_fport_temp, &mport_temp); ++ &remotem, &masq_fport_temp, &mport_temp, &nport_temp); + +- if (ret != 6) ++ if (ret != 7) + continue; + + mport = (in_port_t) mport_temp; ++ nport = (in_port_t) nport_temp; + masq_lport = (in_port_t) masq_lport_temp; + masq_fport = (in_port_t) masq_fport_temp; + } else { + int l1, l2, l3, l4, r1, r2, r3, r4; + int nl1, nl2, nl3, nl4, nr1, nr2, nr3, nr4; + u_int32_t nport_temp; + u_int32_t mport_temp; +- in_addr_t localn; + u_int32_t masq_lport_temp; + u_int32_t masq_fport_temp; + + ret = sscanf(buf, +@@ -380,39 +382,36 @@ + remotem = r1 << 24 | r2 << 16 | r3 << 8 | r4; + + localn = nl1 << 24 | nl2 << 16 | nl3 << 8 | nl4; + remoten = nr1 << 24 | nr2 << 16 | nr3 << 8 | nr4; +- +- if (remotem != localn) +- remotem = localn; + } + + if (strcasecmp(proto, "tcp")) + continue; + + if (mport != lport) + continue; + +- if (masq_fport != fport) ++ if (nport != fport) + continue; + +- if (remotem != ntohl(SIN4(faddr)->sin_addr.s_addr)) { ++ if (localn != ntohl(SIN4(faddr)->sin_addr.s_addr)) { + if (!opt_enabled(PROXY)) + continue; + + if (SIN4(faddr)->sin_addr.s_addr != SIN4(&proxy)->sin_addr.s_addr) + continue; + +- if (remotem == SIN4(&proxy)->sin_addr.s_addr) ++ if (localn == SIN4(&proxy)->sin_addr.s_addr) + continue; + } + + sin_setv4(htonl(localm), &ss); + + if (opt_enabled(FORWARD)) { + char ipbuf[MAX_IPLEN]; + +- if (fwd_request(sock, lport, masq_lport, fport, &ss) == 0) ++ if (fwd_request(sock, lport, masq_lport, fport, masq_fport, &ss) == 0) + goto out_success; + + get_ip(&ss, ipbuf, sizeof(ipbuf)); + +diff -r -U4 oidentd-2.0.8/src/kernel/netbsd.c oidentd-2.0.8a/src/kernel/netbsd.c +--- oidentd-2.0.8/src/kernel/netbsd.c 2006-05-22 05:51:14.000000000 +0100 ++++ oidentd-2.0.8a/src/kernel/netbsd.c 2007-04-10 18:44:44.000000000 +0100 +@@ -289,8 +289,9 @@ + + for (; np != NULL ; np = nat.nat_next) { + int ret; + in_port_t masq_lport; ++ in_port_t masq_fport; + + if (getbuf((u_long) np, &nat, sizeof(nat)) == -1) + break; + +@@ -319,13 +320,14 @@ + + lport = ntohs(lport); + fport = ntohs(fport); + masq_lport = ntohs(nat.nat_inport); ++ masq_fport = ntohs(nat.nat_outport); + + sin_setv4(nat.nat_inip.s_addr, &ss); + + if (opt_enabled(FORWARD)) { +- ret = fwd_request(sock, lport, masq_lport, fport, &ss); ++ ret = fwd_request(sock, lport, masq_lport, fport, masq_fport, &ss); + if (ret == 0) + return (0); + else { + char ipbuf[MAX_IPLEN]; +diff -r -U4 oidentd-2.0.8/src/kernel/openbsd30.c oidentd-2.0.8a/src/kernel/openbsd30.c +--- oidentd-2.0.8/src/kernel/openbsd30.c 2006-05-22 01:31:19.000000000 +0100 ++++ oidentd-2.0.8a/src/kernel/openbsd30.c 2007-04-10 18:45:23.000000000 +0100 +@@ -124,8 +124,9 @@ + char os[24]; + char user[MAX_ULEN]; + struct sockaddr_storage ss; + in_port_t masq_lport; ++ in_port_t masq_fport; + + if (faddr->ss_family != AF_INET || laddr->ss_family != AF_INET) + return (-1); + +@@ -156,13 +157,14 @@ + + fport = ntohs(fport); + lport = ntohs(lport); + masq_lport = ntohs(natlook.rsport); ++ masq_fport = ntohs(natlook.rdport); + + sin_setv4(natlook.rsaddr.v4.s_addr, &ss); + + if (opt_enabled(FORWARD)) { +- ret = fwd_request(sock, lport, masq_lport, fport, &ss); ++ ret = fwd_request(sock, lport, masq_lport, fport, masq_fport, &ss); + if (ret == 0) + return (0); + else { + char ipbuf[MAX_IPLEN]; +diff -r -U4 oidentd-2.0.8/src/kernel/openbsd.c oidentd-2.0.8a/src/kernel/openbsd.c +--- oidentd-2.0.8/src/kernel/openbsd.c 2006-05-22 01:31:19.000000000 +0100 ++++ oidentd-2.0.8a/src/kernel/openbsd.c 2007-04-10 18:45:54.000000000 +0100 +@@ -253,8 +253,9 @@ + + for (; np != NULL ; np = nat.nat_next) { + int ret; + in_port_t masq_lport; ++ in_port_t masq_fport; + + if (getbuf((u_long) np, &nat, sizeof(nat)) == -1) + break; + +@@ -283,13 +284,14 @@ + + lport = ntohs(lport); + fport = ntohs(fport); + masq_lport = ntohs(nat.nat_inport); ++ masq_fport = ntohs(nat.nat_outport); + + sin_setv4(nat.nat_inip.s_addr, &ss); + + if (opt_enabled(FORWARD)) { +- ret = fwd_request(sock, lport, masq_lport, fport, &ss); ++ ret = fwd_request(sock, lport, masq_lport, fport, masq_fport, &ss); + if (ret == 0) + return (0); + else { + char ipbuf[MAX_IPLEN]; +diff -r -U4 oidentd-2.0.8/src/oidentd_masq.c oidentd-2.0.8a/src/oidentd_masq.c +--- oidentd-2.0.8/src/oidentd_masq.c 2006-05-22 04:34:00.000000000 +0100 ++++ oidentd-2.0.8a/src/oidentd_masq.c 2007-04-10 18:41:13.000000000 +0100 +@@ -243,8 +243,9 @@ + int fwd_request( int sock, + in_port_t real_lport, + in_port_t masq_lport, + in_port_t real_fport, ++ in_port_t masq_fport, + struct sockaddr_storage *mrelay) + { + char ipbuf[MAX_IPLEN]; + char user[512]; +@@ -279,9 +280,9 @@ + ipbuf, ntohs(sin_port(mrelay)), strerror(errno)); + goto out_fail; + } + +- if (sockprintf(fsock, "%d , %d\r\n", masq_lport, real_fport) < 1) { ++ if (sockprintf(fsock, "%d , %d\r\n", masq_lport, masq_fport) < 1) { + debug("write: %s", strerror(errno)); + goto out_fail; + } + +@@ -312,10 +313,10 @@ + sockprintf(sock, "%d , %d : USERID : %s : %s\r\n", + real_lport, real_fport, ret_os, user); + + o_log(NORMAL, +- "[%s] Successful lookup (by forward): %d (%d) , %d : %s", +- ipbuf, real_lport, masq_lport, real_fport, user); ++ "[%s] Successful lookup (by forward): %d (%d) , %d (%d) : %s", ++ ipbuf, real_lport, masq_lport, real_fport, masq_fport, user); + + return (0); + + out_fail: +diff -r -U4 oidentd-2.0.8/src/oidentd_masq.h oidentd-2.0.8a/src/oidentd_masq.h +--- oidentd-2.0.8/src/oidentd_masq.h 2006-05-21 23:52:24.000000000 +0100 ++++ oidentd-2.0.8a/src/oidentd_masq.h 2007-04-10 18:41:22.000000000 +0100 +@@ -30,8 +30,9 @@ + int fwd_request(int sock, + in_port_t real_lport, + in_port_t masq_lport, + in_port_t real_fport, ++ in_port_t masq_fport, + struct sockaddr_storage *mrelay); + + #endif + diff --git a/feeds/packages/net/oidentd/patches/011-forward_after_masq.patch b/feeds/packages/net/oidentd/patches/011-forward_after_masq.patch new file mode 100644 index 0000000..9eca81c --- /dev/null +++ b/feeds/packages/net/oidentd/patches/011-forward_after_masq.patch @@ -0,0 +1,415 @@ +diff -U4 -r oidentd-2.0.8/ChangeLog oidentd-2.0.8b/ChangeLog +--- oidentd-2.0.8/ChangeLog 2007-04-10 18:57:11.000000000 +0100 ++++ oidentd-2.0.8b/ChangeLog 2007-04-10 20:57:27.000000000 +0100 +@@ -1,10 +1,12 @@ +-Tue Apr 10 18:45:00 BST 2006 Simon Arlott <[email protected]> ++Tue Apr 10 20:57:00 BST 2006 Simon Arlott <[email protected]> + + * Fix bug handling NAT with a different destination port on Linux. + + * Fix forwarding when the destination port is different. + ++ * Add an option that does forwarding only if the masquerading file lookup fails. ++ + Mon May 22 00:20:15 EDT 2006 Ryan McCabe <[email protected]> + + * Released as version 2.0.8. + +diff -U4 -r oidentd-2.0.8/doc/oidentd.8 oidentd-2.0.8b/doc/oidentd.8 +--- oidentd-2.0.8/doc/oidentd.8 2003-07-13 19:27:52.000000000 +0100 ++++ oidentd-2.0.8b/doc/oidentd.8 2007-04-10 20:56:53.000000000 +0100 +@@ -104,8 +104,12 @@ + .BR oidentd_masq.conf (5) + for details on configuring support for masqueraded/NAT connections. + + .TP ++.B "\-M or \-\-forward-last" ++Check IP masquerading file before forwarding. ++ ++.TP + .B "\-o or \-\-other=[<string>]" + The string specified will be returned as the OS string by default for all successful ident lookups. If no argument is given, "OTHER" will be returned instead of the name of the operating system. Some requests may be interpreted as having failed by the client side (with ident in general, not just with \fBoidentd\fP), when some other string is returned instead of the actual name of the operating system. + + .TP +diff -U4 -r oidentd-2.0.8/src/kernel/darwin.c oidentd-2.0.8b/src/kernel/darwin.c +--- oidentd-2.0.8/src/kernel/darwin.c 2007-04-10 18:43:31.000000000 +0100 ++++ oidentd-2.0.8b/src/kernel/darwin.c 2007-04-10 20:38:30.000000000 +0100 +@@ -261,9 +261,10 @@ + if (getbuf(kinfo->nl[N_NATLIST].n_value, &np, sizeof(np)) == -1) + return (-1); + + for (; np != NULL ; np = nat.nat_next) { +- int ret; ++ int retf; ++ int retm; + in_port_t masq_lport; + in_port_t masq_fport; + + if (getbuf((u_long) np, &nat, sizeof(nat)) == -1) +@@ -298,23 +299,25 @@ + masq_fport = ntohs(nat.nat_outport); + + sin_setv4(nat.nat_inip.s_addr, &ss); + +- if (opt_enabled(FORWARD)) { +- ret = fwd_request(sock, lport, masq_lport, fport, masq_fport, &ss); +- if (ret == 0) +- return (0); +- else { ++ retm = find_masq_entry(&ss, user, sizeof(user), os, sizeof(os)); ++ ++ if (opt_enabled(FORWARD) && (retm != 0 || !opt_enabled(MASQ_OVERRIDE))) { ++ retf = fwd_request(sock, lport, masq_lport, fport, masq_fport, &ss); ++ if (retf == 0) { ++ if (retm != 0) ++ return (0); ++ } else { + char ipbuf[MAX_IPLEN]; + + get_ip(&ss, ipbuf, sizeof(ipbuf)); + debug("Forward to %s (%d %d) failed", + ipbuf, nat.nat_inport, fport); + } + } +- +- ret = find_masq_entry(&ss, user, sizeof(user), os, sizeof(os)); +- if (ret == 0) { ++ ++ if (retm == 0) { + char ipbuf[MAX_IPLEN]; + + sockprintf(sock, "%d , %d : USERID : %s : %s\r\n", + lport, fport, os, user); +diff -U4 -r oidentd-2.0.8/src/kernel/freebsd5.c oidentd-2.0.8b/src/kernel/freebsd5.c +--- oidentd-2.0.8/src/kernel/freebsd5.c 2007-04-10 18:44:26.000000000 +0100 ++++ oidentd-2.0.8b/src/kernel/freebsd5.c 2007-04-10 20:39:49.000000000 +0100 +@@ -414,9 +414,10 @@ + if (getbuf(kinfo->nl[N_NATLIST].n_value, &np, sizeof(np)) == -1) + return (-1); + + for (; np != NULL ; np = nat.nat_next) { +- int ret; ++ int retm; ++ int retf; + in_port_t masq_lport; + in_port_t masq_fport; + + if (getbuf((u_long) np, &nat, sizeof(nat)) == -1) { +@@ -453,14 +454,17 @@ + masq_fport = ntohs(nat.nat_outport); + + sin_setv4(nat.nat_inip.s_addr, &ss); + +- if (opt_enabled(FORWARD)) { +- ret = fwd_request(sock, lport, masq_lport, fport, masq_fport, &ss); ++ retm = find_masq_entry(&ss, user, sizeof(user), os, sizeof(os)); + +- if (ret == 0) +- return (0); +- else { ++ if (opt_enabled(FORWARD) && (retm != 0 || !opt_enabled(MASQ_OVERRIDE))) { ++ retf = fwd_request(sock, lport, masq_lport, fport, masq_fport, &ss); ++ ++ if (retf == 0) { ++ if (retm != 0) ++ return (0); ++ } else { + char ipbuf[MAX_IPLEN]; + + get_ip(&ss, ipbuf, sizeof(ipbuf)); + +@@ -468,10 +472,9 @@ + ipbuf, lport, fport, nat.nat_inport, nat.nat_outport); + } + } + +- ret = find_masq_entry(&ss, user, sizeof(user), os, sizeof(os)); +- if (ret == 0) { ++ if (retm == 0) { + char ipbuf[MAX_IPLEN]; + + sockprintf(sock, "%d , %d : USERID : %s : %s\r\n", + lport, fport, os, user); +diff -U4 -r oidentd-2.0.8/src/kernel/freebsd.c oidentd-2.0.8b/src/kernel/freebsd.c +--- oidentd-2.0.8/src/kernel/freebsd.c 2007-04-10 18:44:15.000000000 +0100 ++++ oidentd-2.0.8b/src/kernel/freebsd.c 2007-04-10 20:40:25.000000000 +0100 +@@ -433,9 +433,10 @@ + if (getbuf(kinfo->nl[N_NATLIST].n_value, &np, sizeof(np)) == -1) + return (-1); + + for (; np != NULL ; np = nat.nat_next) { +- int ret; ++ int retm; ++ int retf; + in_port_t masq_lport; + in_port_t masq_fport; + + if (getbuf((u_long) np, &nat, sizeof(nat)) == -1) { +@@ -472,14 +473,17 @@ + masq_fport = ntohs(nat.nat_outport); + + sin_setv4(nat.nat_inip.s_addr, &ss); + +- if (opt_enabled(FORWARD)) { +- ret = fwd_request(sock, lport, masq_lport, fport, masq_fport, &ss); ++ retm = find_masq_entry(&ss, user, sizeof(user), os, sizeof(os)); + +- if (ret == 0) +- return (0); +- else { ++ if (opt_enabled(FORWARD) && (retm != 0 || !opt_enabled(MASQ_OVERRIDE))) { ++ retf = fwd_request(sock, lport, masq_lport, fport, masq_fport, &ss); ++ ++ if (retf == 0) { ++ if (retm != 0) ++ return (0); ++ } else { + char ipbuf[MAX_IPLEN]; + + get_ip(&ss, ipbuf, sizeof(ipbuf)); + +@@ -487,10 +491,9 @@ + ipbuf, lport, fport, nat.nat_inport, nat.nat_outport); + } + } + +- ret = find_masq_entry(&ss, user, sizeof(user), os, sizeof(os)); +- if (ret == 0) { ++ if (retm == 0) { + char ipbuf[MAX_IPLEN]; + + sockprintf(sock, "%d , %d : USERID : %s : %s\r\n", + lport, fport, os, user); +diff -U4 -r oidentd-2.0.8/src/kernel/linux.c oidentd-2.0.8b/src/kernel/linux.c +--- oidentd-2.0.8/src/kernel/linux.c 2007-04-10 19:58:44.000000000 +0100 ++++ oidentd-2.0.8b/src/kernel/linux.c 2007-04-10 20:41:37.000000000 +0100 +@@ -406,9 +406,11 @@ + } + + sin_setv4(htonl(localm), &ss); + +- if (opt_enabled(FORWARD)) { ++ ret = find_masq_entry(&ss, user, sizeof(user), os, sizeof(os)); ++ ++ if (opt_enabled(FORWARD) && (ret != 0 || !opt_enabled(MASQ_OVERRIDE))) { + char ipbuf[MAX_IPLEN]; + + if (fwd_request(sock, lport, masq_lport, fport, masq_fport, &ss) == 0) + goto out_success; +@@ -417,9 +419,8 @@ + + debug("Forward to %s (%d %d) failed", ipbuf, masq_lport, fport); + } + +- ret = find_masq_entry(&ss, user, sizeof(user), os, sizeof(os)); + if (ret == 0) { + char ipbuf[MAX_IPLEN]; + + sockprintf(sock, "%d , %d : USERID : %s : %s\r\n", +diff -U4 -r oidentd-2.0.8/src/kernel/netbsd.c oidentd-2.0.8b/src/kernel/netbsd.c +--- oidentd-2.0.8/src/kernel/netbsd.c 2007-04-10 18:44:44.000000000 +0100 ++++ oidentd-2.0.8b/src/kernel/netbsd.c 2007-04-10 20:42:32.000000000 +0100 +@@ -287,9 +287,10 @@ + if (getbuf(kinfo->nl[N_NATLIST].n_value, &np, sizeof(np)) == -1) + return (-1); + + for (; np != NULL ; np = nat.nat_next) { +- int ret; ++ int retm; ++ int retf; + in_port_t masq_lport; + in_port_t masq_fport; + + if (getbuf((u_long) np, &nat, sizeof(nat)) == -1) +@@ -324,23 +325,25 @@ + masq_fport = ntohs(nat.nat_outport); + + sin_setv4(nat.nat_inip.s_addr, &ss); + +- if (opt_enabled(FORWARD)) { +- ret = fwd_request(sock, lport, masq_lport, fport, masq_fport, &ss); +- if (ret == 0) +- return (0); +- else { ++ retm = find_masq_entry(&ss, user, sizeof(user), os, sizeof(os)); ++ ++ if (opt_enabled(FORWARD) && (retm != 0 || !opt_enabled(MASQ_OVERRIDE))) { ++ retf = fwd_request(sock, lport, masq_lport, fport, masq_fport, &ss); ++ if (retf == 0) { ++ if (retm != 0) ++ return (0); ++ } else { + char ipbuf[MAX_IPLEN]; + + get_ip(&ss, ipbuf, sizeof(ipbuf)); + debug("Forward to %s (%d %d) failed", + ipbuf, nat.nat_inport, fport); + } + } + +- ret = find_masq_entry(&ss, user, sizeof(user), os, sizeof(os)); +- if (ret == 0) { ++ if (retm == 0) { + char ipbuf[MAX_IPLEN]; + + sockprintf(sock, "%d , %d : USERID : %s : %s\r\n", + lport, fport, os, user); +diff -U4 -r oidentd-2.0.8/src/kernel/openbsd30.c oidentd-2.0.8b/src/kernel/openbsd30.c +--- oidentd-2.0.8/src/kernel/openbsd30.c 2007-04-10 18:45:23.000000000 +0100 ++++ oidentd-2.0.8b/src/kernel/openbsd30.c 2007-04-10 20:43:11.000000000 +0100 +@@ -119,9 +119,10 @@ + struct sockaddr_storage *faddr) + { + struct pfioc_natlook natlook; + int pfdev; +- int ret; ++ int retm; ++ int retf; + char os[24]; + char user[MAX_ULEN]; + struct sockaddr_storage ss; + in_port_t masq_lport; +@@ -161,23 +162,25 @@ + masq_fport = ntohs(natlook.rdport); + + sin_setv4(natlook.rsaddr.v4.s_addr, &ss); + +- if (opt_enabled(FORWARD)) { +- ret = fwd_request(sock, lport, masq_lport, fport, masq_fport, &ss); +- if (ret == 0) +- return (0); +- else { ++ retm = find_masq_entry(&ss, user, sizeof(user), os, sizeof(os)); ++ ++ if (opt_enabled(FORWARD) && (retm != 0 || !opt_enabled(MASQ_OVERRIDE))) { ++ retf = fwd_request(sock, lport, masq_lport, fport, masq_fport, &ss); ++ if (retf == 0) { ++ if (retm != 0) ++ return (0); ++ } else { + char ipbuf[MAX_IPLEN]; + + get_ip(&ss, ipbuf, sizeof(ipbuf)); + debug("Forward to %s (%d %d) (%d) failed", + ipbuf, lport, natlook.rsport, fport); + } + } + +- ret = find_masq_entry(&ss, user, sizeof(user), os, sizeof(os)); +- if (ret == 0) { ++ if (retm == 0) { + char ipbuf[MAX_IPLEN]; + + sockprintf(sock, "%d , %d : USERID : %s : %s\r\n", + lport, fport, os, user); +diff -U4 -r oidentd-2.0.8/src/kernel/openbsd.c oidentd-2.0.8b/src/kernel/openbsd.c +--- oidentd-2.0.8/src/kernel/openbsd.c 2007-04-10 18:45:54.000000000 +0100 ++++ oidentd-2.0.8b/src/kernel/openbsd.c 2007-04-10 20:43:47.000000000 +0100 +@@ -251,9 +251,10 @@ + if (getbuf(kinfo->nl[N_NATLIST].n_value, &np, sizeof(np)) == -1) + return (-1); + + for (; np != NULL ; np = nat.nat_next) { +- int ret; ++ int retm; ++ int retf; + in_port_t masq_lport; + in_port_t masq_fport; + + if (getbuf((u_long) np, &nat, sizeof(nat)) == -1) +@@ -288,23 +289,25 @@ + masq_fport = ntohs(nat.nat_outport); + + sin_setv4(nat.nat_inip.s_addr, &ss); + +- if (opt_enabled(FORWARD)) { +- ret = fwd_request(sock, lport, masq_lport, fport, masq_fport, &ss); +- if (ret == 0) +- return (0); +- else { ++ retm = find_masq_entry(&ss, user, sizeof(user), os, sizeof(os)); ++ ++ if (opt_enabled(FORWARD) && (retm != 0 || !opt_enabled(MASQ_OVERRIDE))) { ++ retf = fwd_request(sock, lport, masq_lport, fport, masq_fport, &ss); ++ if (retf == 0) { ++ if (retm != 0) ++ return (0); ++ } else { + char ipbuf[MAX_IPLEN]; + + get_ip(&ss, ipbuf, sizeof(ipbuf)); + debug("Forward to %s (%d %d) failed", + ipbuf, lport, nat.nat_inport); + } + } + +- ret = find_masq_entry(&ss, user, sizeof(user), os, sizeof(os)); +- if (ret == 0) { ++ if (retm == 0) { + char ipbuf[MAX_IPLEN]; + + sockprintf(sock, "%d , %d : USERID : %s : %s\r\n", + lport, fport, os, user); +diff -U4 -r oidentd-2.0.8/src/oidentd_options.c oidentd-2.0.8b/src/oidentd_options.c +--- oidentd-2.0.8/src/oidentd_options.c 2006-05-22 01:31:19.000000000 +0100 ++++ oidentd-2.0.8b/src/oidentd_options.c 2007-04-10 20:32:40.000000000 +0100 +@@ -39,9 +39,9 @@ + #include <oidentd_user_db.h> + #include <oidentd_options.h> + + #ifdef MASQ_SUPPORT +-# define OPTSTRING "a:c:C:def::g:hiIl:mo::p:P:qr:St:u:Uv" ++# define OPTSTRING "a:c:C:def::g:hiIl:mMo::p:P:qr:St:u:Uv" + extern in_port_t fwdport; + #else + # define OPTSTRING "a:c:C:deg:hiIl:o::p:P:qr:St:u:Uv" + #endif +@@ -84,9 +84,10 @@ + #endif + {"version", no_argument, 0, 'v'}, + #ifdef MASQ_SUPPORT + {"forward", optional_argument, 0, 'f'}, +- {"masquerade", no_argument, 0, 'm'}, ++ {"masquerade", no_argument, 0, 'm'}, ++ {"forward-last", no_argument, 0, 'M'}, + #endif + {"proxy", required_argument, 0, 'P'}, + {NULL, 0, NULL, 0} + }; +@@ -204,8 +205,13 @@ + case 'm': + enable_opt(MASQ); + break; + ++ case 'M': ++ enable_opt(MASQ); ++ enable_opt(MASQ_OVERRIDE); ++ break; ++ + #endif + case 'P': + { + if (get_addr(optarg, &proxy) == -1) { +@@ -387,8 +393,9 @@ + + #ifdef MASQ_SUPPORT + "-f or --forward [<port>] Forward requests for masqueraded hosts to the host on port <port>\n" + "-m or --masquerade Enable support for IP masquerading\n" ++"-M or --forward-last Check IP masquerading file before forwarding\n" + #endif + + "-P or --proxy <host> <host> acts as a proxy, forwarding connections to us\n" + "-g or --group <group> Run with specified group or GID\n" +diff -U4 -r oidentd-2.0.8/src/oidentd_options.h oidentd-2.0.8b/src/oidentd_options.h +--- oidentd-2.0.8/src/oidentd_options.h 2006-05-21 23:52:24.000000000 +0100 ++++ oidentd-2.0.8b/src/oidentd_options.h 2007-04-10 20:31:13.000000000 +0100 +@@ -32,8 +32,9 @@ + #define QUIET (1 << 0x09) + #define FOREGROUND (1 << 0x0a) + #define NOSYSLOG (1 << 0x0b) + #define STDIO (1 << 0x0c) ++#define MASQ_OVERRIDE (1 << 0x0d) + + bool opt_enabled(u_int32_t option); + void disable_opt(u_int32_t option); + int get_options(int argc, char *const argv[]); diff --git a/feeds/packages/net/oidentd/patches/012-netfilter_layer3_independant_conntrack.patch b/feeds/packages/net/oidentd/patches/012-netfilter_layer3_independant_conntrack.patch new file mode 100644 index 0000000..673a2d2 --- /dev/null +++ b/feeds/packages/net/oidentd/patches/012-netfilter_layer3_independant_conntrack.patch @@ -0,0 +1,173 @@ +diff -U4 -r oidentd-2.0.8/ChangeLog oidentd-2.0.8c/ChangeLog +--- oidentd-2.0.8/ChangeLog 2007-04-10 20:57:27.000000000 +0100 ++++ oidentd-2.0.8c/ChangeLog 2007-04-10 20:57:32.000000000 +0100 +@@ -5,8 +5,10 @@ + * Fix forwarding when the destination port is different. + + * Add an option that does forwarding only if the masquerading file lookup fails. + ++ * Support Layer 3 Independent Connection tracking on Linux. ++ + Mon May 22 00:20:15 EDT 2006 Ryan McCabe <[email protected]> + + * Released as version 2.0.8. + +diff -U4 -r oidentd-2.0.8/src/kernel/linux.c oidentd-2.0.8c/src/kernel/linux.c +--- oidentd-2.0.8/src/kernel/linux.c 2007-04-10 20:41:37.000000000 +0100 ++++ oidentd-2.0.8c/src/kernel/linux.c 2007-04-10 20:49:05.000000000 +0100 +@@ -46,9 +46,10 @@ + + #define CFILE "/proc/net/tcp" + #define CFILE6 "/proc/net/tcp6" + #define MASQFILE "/proc/net/ip_masquerade" +-#define CONNTRACK "/proc/net/ip_conntrack" ++#define IPCONNTRACK "/proc/net/ip_conntrack" ++#define NFCONNTRACK "/proc/net/nf_conntrack" + + static int netlink_sock; + extern struct sockaddr_storage proxy; + +@@ -57,10 +58,16 @@ + in_port_t src_port, + in_port_t dst_port); + + #ifdef MASQ_SUPPORT ++enum { ++ CT_UNKNOWN, ++ CT_MASQFILE, ++ CT_IPCONNTRACK, ++ CT_NFCONNTRACK ++}; + FILE *masq_fp; +-bool netfilter; ++int conntrack = CT_UNKNOWN; + #endif + + /* + ** System dependant initialization. Call only once! +@@ -75,20 +82,31 @@ + debug("fopen: %s: %s", MASQFILE, strerror(errno)); + return false; + } + +- masq_fp = fopen(CONNTRACK, "r"); ++ masq_fp = fopen(NFCONNTRACK, "r"); + if (masq_fp == NULL) { + if (errno != ENOENT) { +- debug("fopen: %s: %s", CONNTRACK, strerror(errno)); ++ debug("fopen: %s: %s", NFCONNTRACK, strerror(errno)); + return false; + } +- masq_fp = fopen("/dev/null", "r"); +- } + +- netfilter = true; ++ masq_fp = fopen(IPCONNTRACK, "r"); ++ if (masq_fp == NULL) { ++ if (errno != ENOENT) { ++ debug("fopen: %s: %s", IPCONNTRACK, strerror(errno)); ++ return false; ++ } ++ ++ masq_fp = fopen("/dev/null", "r"); ++ } else { ++ conntrack = CT_IPCONNTRACK; ++ } ++ } else { ++ conntrack = CT_NFCONNTRACK; ++ } + } else { +- netfilter = false; ++ conntrack = CT_MASQFILE; + } + #endif + + return true; +@@ -301,21 +319,22 @@ + lport = ntohs(lport); + fport = ntohs(fport); + + /* masq support failed to initialize */ +- if (masq_fp == NULL) ++ if (masq_fp == NULL || conntrack == CT_UNKNOWN) + return (-1); + + /* rewind fp to read new contents */ + rewind(masq_fp); + +- if (!netfilter) { ++ if (conntrack == CT_MASQFILE) { + /* Eat the header line. */ + fgets(buf, sizeof(buf), masq_fp); + } + + while (fgets(buf, sizeof(buf), masq_fp)) { + char os[24]; ++ char family[16]; + char proto[16]; + in_port_t mport; + in_port_t nport; + in_port_t masq_lport; +@@ -327,9 +346,9 @@ + in_addr_t localn; + struct sockaddr_storage ss; + int ret; + +- if (!netfilter) { ++ if (conntrack == CT_MASQFILE) { + u_int32_t mport_temp; + u_int32_t nport_temp; + u_int32_t masq_lport_temp; + u_int32_t masq_fport_temp; +@@ -344,9 +363,9 @@ + mport = (in_port_t) mport_temp; + nport = (in_port_t) nport_temp; + masq_lport = (in_port_t) masq_lport_temp; + masq_fport = (in_port_t) masq_fport_temp; +- } else { ++ } else if (conntrack == CT_IPCONNTRACK) { + int l1, l2, l3, l4, r1, r2, r3, r4; + int nl1, nl2, nl3, nl4, nr1, nr2, nr3, nr4; + u_int32_t nport_temp; + u_int32_t mport_temp; +@@ -382,8 +401,40 @@ + remotem = r1 << 24 | r2 << 16 | r3 << 8 | r4; + + localn = nl1 << 24 | nl2 << 16 | nl3 << 8 | nl4; + remoten = nr1 << 24 | nr2 << 16 | nr3 << 8 | nr4; ++ } else if (conntrack == CT_NFCONNTRACK) { ++ int l1, l2, l3, l4, r1, r2, r3, r4; ++ int nl1, nl2, nl3, nl4, nr1, nr2, nr3, nr4; ++ u_int32_t nport_temp; ++ u_int32_t mport_temp; ++ u_int32_t masq_lport_temp; ++ u_int32_t masq_fport_temp; ++ ++ ret = sscanf(buf, ++ "%15s %*d %15s %*d %*d ESTABLISHED src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d packets=%*d bytes=%*d src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d", ++ family, proto, &l1, &l2, &l3, &l4, &r1, &r2, &r3, &r4, ++ &masq_lport_temp, &masq_fport_temp, ++ &nl1, &nl2, &nl3, &nl4, &nr1, &nr2, &nr3, &nr4, ++ &nport_temp, &mport_temp); ++ ++ if (ret != 22) ++ continue; ++ ++ if (strcasecmp(family, "ipv4")) /* ? */ ++ continue; ++ ++ masq_lport = (in_port_t) masq_lport_temp; ++ masq_fport = (in_port_t) masq_fport_temp; ++ ++ nport = (in_port_t) nport_temp; ++ mport = (in_port_t) mport_temp; ++ ++ localm = l1 << 24 | l2 << 16 | l3 << 8 | l4; ++ remotem = r1 << 24 | r2 << 16 | r3 << 8 | r4; ++ ++ localn = nl1 << 24 | nl2 << 16 | nl3 << 8 | nl4; ++ remoten = nr1 << 24 | nr2 << 16 | nr3 << 8 | nr4; + } + + if (strcasecmp(proto, "tcp")) + continue; diff --git a/feeds/packages/net/oidentd/patches/013-local_nat.patch b/feeds/packages/net/oidentd/patches/013-local_nat.patch new file mode 100644 index 0000000..ed2a141 --- /dev/null +++ b/feeds/packages/net/oidentd/patches/013-local_nat.patch @@ -0,0 +1,102 @@ +diff -U4 -r oidentd-2.0.8/ChangeLog oidentd-2.0.8d/ChangeLog +--- oidentd-2.0.8/ChangeLog 2007-04-10 20:57:32.000000000 +0100 ++++ oidentd-2.0.8d/ChangeLog 2007-04-10 22:13:49.000000000 +0100 +@@ -1,5 +1,5 @@ +-Tue Apr 10 20:57:00 BST 2006 Simon Arlott <[email protected]> ++Tue Apr 10 22:14:00 BST 2006 Simon Arlott <[email protected]> + + * Fix bug handling NAT with a different destination port on Linux. + + * Fix forwarding when the destination port is different. +@@ -7,8 +7,10 @@ + * Add an option that does forwarding only if the masquerading file lookup fails. + + * Support Layer 3 Independent Connection tracking on Linux. + ++ * Handle local NAT on Linux (instead of fowarding to self). ++ + Mon May 22 00:20:15 EDT 2006 Ryan McCabe <[email protected]> + + * Released as version 2.0.8. + +diff -U4 -r oidentd-2.0.8/src/kernel/linux.c oidentd-2.0.8d/src/kernel/linux.c +--- oidentd-2.0.8/src/kernel/linux.c 2007-04-10 20:49:05.000000000 +0100 ++++ oidentd-2.0.8d/src/kernel/linux.c 2007-04-10 22:12:58.000000000 +0100 +@@ -51,8 +51,9 @@ + #define NFCONNTRACK "/proc/net/nf_conntrack" + + static int netlink_sock; + extern struct sockaddr_storage proxy; ++extern char *ret_os; + + static int lookup_tcp_diag( struct sockaddr_storage *src_addr, + struct sockaddr_storage *dst_addr, + in_port_t src_port, +@@ -305,11 +306,8 @@ + struct sockaddr_storage *faddr) + { + char buf[2048]; + +- /* laddr is unneeded on Linux */ +- (void) laddr; +- + /* + ** There's no masq support for IPv6 yet. + */ + +@@ -444,8 +442,55 @@ + + if (nport != fport) + continue; + ++ /* Local NAT, don't forward or do masquerade entry lookup. */ ++ if (localm == remoten) { ++ int con_uid = -1; ++ struct passwd *pw; ++ char suser[MAX_ULEN]; ++ char ipbuf[MAX_IPLEN]; ++ ++ sin_setv4(htonl(remotem), &ss); ++ get_ip(faddr, ipbuf, sizeof(ipbuf)); ++ ++ if (con_uid == -1 && faddr->ss_family == AF_INET) ++ con_uid = get_user4(htons(masq_lport), htons(masq_fport), laddr, &ss); ++ ++ /* Add call to get_user6 when IPv6 NAT is supported. */ ++ ++ if (con_uid == -1) ++ return (-1); ++ ++ pw = getpwuid(con_uid); ++ if (pw == NULL) { ++ sockprintf(sock, "%d,%d:ERROR:%s\r\n", ++ lport, fport, ERROR("NO-USER")); ++ ++ debug("getpwuid(%d): %s", con_uid, strerror(errno)); ++ return (0); ++ } ++ ++ ret = get_ident(pw, masq_lport, masq_fport, laddr, &ss, suser, sizeof(suser)); ++ if (ret == -1) { ++ sockprintf(sock, "%d,%d:ERROR:%s\r\n", ++ lport, fport, ERROR("HIDDEN-USER")); ++ ++ o_log(NORMAL, "[%s] %d (%d) , %d (%d) : HIDDEN-USER (%s)", ++ ipbuf, lport, masq_lport, fport, masq_fport, pw->pw_name); ++ ++ goto out_success; ++ } ++ ++ sockprintf(sock, "%d,%d:USERID:%s:%s\r\n", ++ lport, fport, ret_os, suser); ++ ++ o_log(NORMAL, "[%s] Successful lookup: %d (%d) , %d (%d) : %s (%s)", ++ ipbuf, lport, masq_lport, fport, masq_fport, pw->pw_name, suser); ++ ++ goto out_success; ++ } ++ + if (localn != ntohl(SIN4(faddr)->sin_addr.s_addr)) { + if (!opt_enabled(PROXY)) + continue; + diff --git a/feeds/packages/net/oidentd/patches/014-v4_mapped_fix.patch b/feeds/packages/net/oidentd/patches/014-v4_mapped_fix.patch new file mode 100644 index 0000000..d990b10 --- /dev/null +++ b/feeds/packages/net/oidentd/patches/014-v4_mapped_fix.patch @@ -0,0 +1,38 @@ +diff -U4 -r oidentd-2.0.8/ChangeLog oidentd-2.0.8e/ChangeLog +--- oidentd-2.0.8/ChangeLog 2007-04-10 22:13:49.000000000 +0100 ++++ oidentd-2.0.8e/ChangeLog 2007-04-10 22:13:54.000000000 +0100 +@@ -9,8 +9,10 @@ + * Support Layer 3 Independent Connection tracking on Linux. + + * Handle local NAT on Linux (instead of fowarding to self). + ++ * Copy fport before converting v4-mapped v6 addresses. ++ + Mon May 22 00:20:15 EDT 2006 Ryan McCabe <[email protected]> + + * Released as version 2.0.8. + +diff -U4 -r oidentd-2.0.8/src/oidentd.c oidentd-2.0.8e/src/oidentd.c +--- oidentd-2.0.8/src/oidentd.c 2006-05-22 01:43:26.000000000 +0100 ++++ oidentd-2.0.8e/src/oidentd.c 2007-04-10 22:08:25.000000000 +0100 +@@ -225,8 +225,10 @@ + debug("getsockname: %s", strerror(errno)); + return (-1); + } + ++ fport = htons(sin_port(&faddr)); ++ + #ifdef WANT_IPV6 + laddr6 = laddr; + faddr6 = faddr; + +@@ -242,9 +244,8 @@ + sin_setv4(in4.s_addr, &faddr); + } + #endif + +- fport = htons(sin_port(&faddr)); + get_ip(&faddr, ip_buf, sizeof(ip_buf)); + + if (get_hostname(&faddr, host_buf, sizeof(host_buf)) != 0) { + o_log(NORMAL, "Connection from %s:%d", ip_buf, fport); diff --git a/feeds/packages/net/oidentd/patches/015-nf_conntrack_acct_handling.patch b/feeds/packages/net/oidentd/patches/015-nf_conntrack_acct_handling.patch new file mode 100644 index 0000000..7c0da3f --- /dev/null +++ b/feeds/packages/net/oidentd/patches/015-nf_conntrack_acct_handling.patch @@ -0,0 +1,31 @@ +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,7 @@ ++Thu Aug 18 22:42:50 BST 2011 Chris Taylor <[email protected]> ++ ++ * Add handling for nf_conntrack_acct being off (Thanks to Jonas Gorski) ++ + Tue Apr 10 22:14:00 BST 2006 Simon Arlott <[email protected]> + + * Fix bug handling NAT with a different destination port on Linux. +--- a/src/kernel/linux.c ++++ b/src/kernel/linux.c +@@ -415,7 +415,17 @@ int masq( int sock, + &nl1, &nl2, &nl3, &nl4, &nr1, &nr2, &nr3, &nr4, + &nport_temp, &mport_temp); + +- if (ret != 22) ++ /* Added to handle /proc/sys/net/netfilter/nf_conntrack_acct = 0 */ ++ if (ret != 22) { ++ ret = sscanf(buf, ++ "%15s %*d %15s %*d %*d ESTABLISHED src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d", ++ family, proto, &l1, &l2, &l3, &l4, &r1, &r2, &r3, &r4, ++ &masq_lport_temp, &masq_fport_temp, ++ &nl1, &nl2, &nl3, &nl4, &nr1, &nr2, &nr3, &nr4, ++ &nport_temp, &mport_temp); ++ } ++ ++ if (ret != 22) + continue; + + if (strcasecmp(family, "ipv4")) /* ? */ -- 1.5.6.5 _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
