summaryrefslogtreecommitdiffstats
path: root/conntrack.8
Commit message (Collapse)AuthorAgeFilesLines
* src: manpage and help display improvementsAdrian Bridgett2012-03-201-3/+3
| | | | | | | | This patch adds missing information regarding several conntrackd options to the manpage and the help info that is displayed in the command line. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add support for mark maskFlorian Westphal2011-06-151-2/+6
| | | | | | | | | | | | | | | Extend --mark option to optionally take a mask, seperated by '/', e.g. --mark 0x80/0xf0. When used with -L, only test those bits of the mark that are in the mask range (behaves like iptables like -m mark). When used with -U, zero out those bits indicated by the mask and XOR the new mark into the result (behaves like iptables -j MARK --set-xmark). Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add -o ktimestamp option (it requires linux >= 2.6.38)Pablo Neira Ayuso2011-02-171-2/+5
| | | | | | | | | | | | | | | | | | | | | | | This option requires Linux kernel >= 2.6.38, you have to enable conntrack timestamping with: echo 1 > /proc/sys/net/netfilter/nf_conntrack_timestamp # conntrack -L -o ktimestamp udp 17 59 src=192.168.1.128 dst=192.168.1.1 sport=52050 dport=53 src=192.168.1.1 dst=192.168.1.128 sport=53 dport=52050 [ASSURED] mark=0 delta-time=121 [start=Thu Feb 17 17:41:18 2011] use=1 # conntrack -L conntrack v0.9.15 (conntrack-tools): 20 flow entries have been shown. udp 17 31 src=192.168.1.128 dst=192.168.1.1 sport=52050 dport=53 src=192.168.1.1 dst=192.168.1.128 sport=53 dport=52050 [ASSURED] mark=0 delta-time=149 use=1 # conntrack -E -o ktimestamp ... [DESTROY] udp 17 src=192.168.1.128 dst=192.168.1.1 sport=40162 dport=53 src=192.168.1.1 dst=192.168.1.128 sport=53 dport=40162 [ASSURED] delta-time=3 [start=Thu Feb 17 17:44:57 2011] [stop=Thu Feb 17 17:45:00 2011] # conntrack -E [DESTROY] udp 17 src=192.168.1.128 dst=77.226.252.14 sport=123 dport=123 src=77.226.252.14 dst=192.168.1.128 sport=123 dport=123 delta-time=8 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: fix missing line break in conntrack(8) manpagePablo Neira Ayuso2010-10-121-0/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add zone supportPablo Neira Ayuso2010-07-051-1/+4
| | | | | | | | This patch adds `--zone' to the command line tool. This adds the missing user-space support for Patrick's McHardy iptables CT target. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add `--any-nat' to filter any NATted flowPablo Neira Ayuso2010-07-011-0/+3
| | | | | | | This patch adds the --any-nat option that allows to display src-NATted OR dst-NATted flows. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: option `-t' in on the same line as `-m' in manpagePablo Neira Ayuso2010-02-261-0/+1
| | | | | | | | | From Richard Lucassen: > Btw: if you search the "-m --mask" option in the manpage, you'll see a > cosmetic typo: this option is on the same line as "-t --timeout" Reported-by: Richard Lucassen <reply5@xaq.nl> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: spell fix in conntrack(8) manpageJan Engelhardt2009-07-171-1/+1
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add DCCP role parameter for conntrack creationPablo Neira Ayuso2009-04-241-1/+3
| | | | | | | This patch adds `--role' parameter for DCCP which is required to create entries. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add GRE supportPablo Neira Ayuso2009-04-181-0/+14
| | | | | | | This patch adds GRE support for the command line tool conntrack. With this patch, we support all protocols available in the kernel. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.
* conntrack: add DCCP supportPablo Neira Ayuso2009-04-111-0/+17
| | | | | | This patch adds DCCP support for the command line tool conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add SCTP supportPablo Neira Ayuso2009-04-111-0/+23
| | | | | | This patch adds SCTP support to the command line tool conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add UDPlite supportPablo Neira Ayuso2009-04-111-1/+16
| | | | | | This patch adds UDPlite support for the command line tool conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add `-S' command to display kernel statisticsPablo Neira Ayuso2009-03-311-0/+5
| | | | | | | | | This patch adds `-S' command to display kernel statistics. Using raw `cat' on /proc and the hexadecimal output is not very handy. This option parses the /proc entry and display the information is a more human friendly way. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: fix missing bits in `-C' commandPablo Neira Ayuso2009-03-311-0/+2
| | | | | | | | This patch fixes some missing bits for the `-C' conntrack command like the manpage information, the usage help, the `--counters' synonymous and the commands vs. options checking. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add -C command to display the counterPablo Neira Ayuso2009-01-171-0/+3
| | | | | | | | | | This patch adds the -C command, to display the table counter. In the case of `-C conntrack' the tool reads the proc interface. For expectation, it loops on the table to count the number of entries (as there is not proc interface to display the number of expectations). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* manpage: add --status FIXED_TIMEOUT and EXPECTEDPablo Neira Ayuso2008-12-041-1/+1
| | | | | | | This patch adds FIXED_TIMEOUT and EXPECTED to the conntrack(8) manpage. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add missing -U in conntrack(8) manpagePablo Neira Ayuso2008-10-221-1/+6
| | | | | | | This patch adds information about -U which was missing. Reported-by: Karel Rericha <karel@maxtel.cz> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* CLI: add new option --buffer-size for -EPablo Neira Ayuso2008-07-291-0/+10
| | | | | | | Add new option --buffer-size for -E to set the netlink socket buffer size. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* minor update of the manpages/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-161-3/+4
|
* o fix NAT filtering via --src-nat and --dst-nat (reported by K.Oledzki)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-161-11/+16
| | | | | | o recover the ID support o show display counters to stderr o enable filtering by status and ID
* update manpages with the new URL/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-091-1/+1
|
* = conntrack =/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-211-0/+5
| | | | | | | | | | | o fix missing `-g' and `-n' options in getopt_long control string o add support for secmark (requires Linux kernel >= 2.6.25) o add mark and secmark information to the manpage o cleanup error message = conntrackd = o add support for secmark (requires Linux kernel >= 2.6.25) o add conntrackd (8) manpage
* include protocol filter parameters in the manpage/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-07-181-0/+43
|
* - add support for `-L --src-nat' and `-L --dst-nat' to show natted connections/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-091-5/+9
| | | | - update conntrack(8) manpage
* o introduce '--output xml,extended,timestamp' option for '-L', '-G' and '-E'/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-071-7/+21
| | | | o several fixes for the output of usage messages
* - add warning note to ctnl_test.c: old API is deprecated/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-061-2/+7
| | | | | | | | - split expect_api_test.c into small example files expect_*.c - introduce alias tags for original tuple attributes - introduce nfexp_sizeof and nfexp_maxsize - build expectation attributes iif they are set - fix l3num setting in expect/build.c
* first step forward to merge conntrackd and conntrack into the same building ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-161-0/+142
| | | | chain
* initial import of the conntrack daemon to Netfilter SVN/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-161-142/+0
|
* <pablo@netfilter.org>/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-261-0/+4
| | | | | | | | | | | | o add IPv6 support: main change o removed dead code: iptables_insmod and get_modprobe o compact the commands vs. options table o move working vars from the stack to the BSS section o update manpage o Bumped version to 1.0beta1 <yasuyuki.kozakai@toshiba.co.jp> o check address family mismatch o fix incomplete copying IPv6 addresses
* o Add support to filter events. ie: -p tcp --orig-port-dst 80 in/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-031-9/+5
| | | | | | | | | conjuction with -E to get all the requests to HTTP servers o Update manpage o Missing static function declaration in the protocol handlers o Use protocol flags defined in libnetfilter_conntrack o Kill leftover #include "conntrack.h" in the ICMP helper o Bumped version to 0.991
* o Add --id to the conntrack manpage/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-11-011-1/+4
| | | | o Add myself to the list of ctnetlink author, it deserves it ;)
* major update (See ChangeLog)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-09-241-14/+1
|
* o Fixed syntax error (tab/space issue) in help message/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-06-241-0/+152
o Fixed getopt handling on big endian machines o Fixed possible future read-over-end-of-array in TCP extension o Add manpage o Add missing space at output of libct_proto_icmp.c o Add status bits that were introduced in 2.6.11 o Add SCTP extension o Add support for expect creation o Bump version number to 0.63
generated by cgit v1.2.3 (git 2.25.0) at 2024-11-01 00:07:50 +0000