summaryrefslogtreecommitdiffstats
path: root/extensions
Commit message (Collapse)AuthorAgeFilesLines
* src: Use stdint typesFelix Janda2015-05-218-11/+11
| | | | | Signed-off-by: Felix Janda <felix.janda@posteo.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: fix doc/cli/test.sh create-expectPablo Neira Ayuso2015-02-115-5/+5
| | | | | | | | | | | | | | | | | | when I run the test script of conntrack-tools sh doc/cli/test.sh create-expect the output is: conntrack v1.4.1 (conntrack-tools): You need to supply the `--reply-port-src' option for this command. Try `conntrack -h' or 'conntrack --help' for more information. This used to work without the --reply-port-src stuff using version 0.9.13 IIRC. Reported-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* icmp[v6]: --icmp[v6]-[type|code] are optional for updates and deletesPablo Neira Ayuso2012-03-272-4/+4
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: support SYN_SENT2 TCP state as --state parameterPablo Neira Ayuso2011-02-221-2/+7
| | | | | | | | Since Linux kernel 2.6.31, the LISTEN state is SYN_SENT2. With this patch, we allow to use -p tcp --state SYN_SENT2 which was not possible so far. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: fix manually created TCP entries with window tracking enabledPablo Neira Ayuso2009-12-231-0/+14
| | | | | | | | | With this patch, we allow to manually create TCP entries in the table. Basically, we disable TCP window tracking for this entry to avoid problems. Reported-by: Roman Fiedler <roman.fiedler@ait.ac.at> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add DCCP role parameter for conntrack creationPablo Neira Ayuso2009-04-241-38/+54
| | | | | | | This patch adds `--role' parameter for DCCP which is required to create entries. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add GRE supportPablo Neira Ayuso2009-04-182-1/+195
| | | | | | | This patch adds GRE support for the command line tool conntrack. With this patch, we support all protocols available in the kernel. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.
* conntrack: add DCCP supportPablo Neira Ayuso2009-04-112-1/+232
| | | | | | This patch adds DCCP support for the command line tool conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add SCTP supportPablo Neira Ayuso2009-04-112-1/+249
| | | | | | This patch adds SCTP support to the command line tool conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add UDPlite supportPablo Neira Ayuso2009-04-112-1/+199
| | | | | | This patch adds UDPlite support for the command line tool conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: fix coupled-options sanity checkingsPablo Neira Ayuso2009-04-114-57/+56
| | | | | | | | | | | | This patch extends the generic_opt_check() function to add extra information on the possible option combinations. Under some specific situations, like the creation and getting of a conntrack, you may specify the original or the reply tuple but at least one MUST be present. This handling has been always tricky, it still remains but we're more user friendly at least. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: save one indent in the TCP supportPablo Neira Ayuso2009-04-111-61/+59
| | | | | | This patch saves one extra indent in the switch(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: cleanup error output with `-p tcp --state'Pablo Neira Ayuso2009-04-111-1/+1
| | | | | | | | | | This patch also removes a new line that is not required in the error message. # conntrack -L -p tcp --state CLOS conntrack v0.9.12 (conntrack-tools): Unknown TCP state CLOS > empty line < Try `conntrack -h' or 'conntrack --help' for more information.
* conntrack: remove hardcoded iteration in TCP supportPablo Neira Ayuso2009-04-101-14/+14
| | | | | | | This patch is a cleanup, it removes a hardcoded iteration in the TCP support. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: remove use of old libnetfilter API flagsPablo Neira Ayuso2009-03-064-36/+102
| | | | | | | This patch removes the use of the obsolete old libnetfilter protocol flags. This patch also improves error reporting in TCP and UDP. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: allow use of --state with -DPablo Neira Ayuso2009-02-081-1/+1
| | | | | | | With this patch, you can use -p tcp --state to delete based on the protocol state. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: cleanup command line tool protocol extensionsPablo Neira Ayuso2008-11-184-187/+52
| | | | | | This patch cleans up the protocol extensions. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: fix filtering for unsupported protocolPablo Neira Ayuso2008-10-042-1/+37
| | | | | | | | | This patch fixes filtering for unsupported protocol. Thus, you can use -L -p 47 or -L -p gre to filter `gre' traffic. Based on an initial patch from Bryan Duff <bduff@astrocorp.com>. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* fix conntrack -U -p tcp [...]/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-134-0/+58
|
* relax parameter checking for UDP and TCP/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-132-2/+2
|
* o simplify parameter-handling code/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-122-50/+16
| | | | | o check for missing source/address IP/ports o minor cleanups
* add missing libct_proto_icmpv6.c/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-251-0/+129
|
* Krzysztof Oledzki <ole@ans.pl>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-251-1/+2
| | | | | o add ICMPv6 (-p icmpv6) support o add possibility to distinguish between invalid (unknown) and empty proto
* Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-172-2/+3
| | | | import only required C headers and put local headers on top to check
* Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-153-5/+3
| | | | Fix tons of gcc warnings
* include protocol filter parameters in the manpage/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-07-183-39/+0
|
* conntrackd:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-07-183-40/+118
| | | | | | | | | - use buffer of MTU size conntrack: - better protocol argument checkings - fix per-protocol filtering, eg. conntrack -[L|E] -p tcp now works - show per-protocol help, ie. conntrack -h -p tcp - add alias --src for --orig-src and alias --dst for --orig-dst
* remove dlopen infrastructure: simplification, it was too much for it/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-094-20/+8
|
* add aliases --sport and --dport to make it more iptables-like/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-042-0/+4
|
* - introduce cache_iterate/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-201-20/+34
| | | | | | | | - empty debug_ct function if DEBUG_CT is not set - revisit overrun handler: this is a hard battle, just try to do our best here, call Patrick :) - explicit warning message when netlink_buffer_max_growth is reached - fix silly bug in stats-mode when dumping in XML format - fix UDP handler for conntrack
* o introduce '--output xml,extended,timestamp' option for '-L', '-G' and '-E'/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-073-35/+20
| | | | o several fixes for the output of usage messages
* - add warning note to ctnl_test.c: old API is deprecated/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-065-283/+191
| | | | | | | | - split expect_api_test.c into small example files expect_*.c - introduce alias tags for original tuple attributes - introduce nfexp_sizeof and nfexp_maxsize - build expectation attributes iif they are set - fix l3num setting in expect/build.c
* first step forward to merge conntrackd and conntrack into the same building ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-168-0/+648
| | | | chain
* initial import of the conntrack daemon to Netfilter SVN/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-168-648/+0
|
* fix ICMP protocol extension parse callback/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-03-191-0/+1
|
* o Added missing parameters to set the ports of an expectation tuple/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-01-153-1/+53
| | | | o Bumped version to 1.00beta2
* o Restore include "conntrack.h" in ICMP handler/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-042-12/+13
| | | | o Add missing flags coversion in SCTP handler
* o Add support to filter events. ie: -p tcp --orig-port-dst 80 in/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-034-150/+82
| | | | | | | | | conjuction with -E to get all the requests to HTTP servers o Update manpage o Missing static function declaration in the protocol handlers o Use protocol flags defined in libnetfilter_conntrack o Kill leftover #include "conntrack.h" in the ICMP helper o Bumped version to 0.991
* use AM_CFLAGS, not CFLAGS/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-141-1/+1
|
* - get rid of KERNELDIR/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-141-2/+1
| | | | - use Make_global.am
* don't use library versioning for extensions/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-111-4/+4
|
* - rename plugisn to remove 'lib' prefix/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-101-6/+10
| | | | - move them into 'pkglibdir'
* See ChangeLog/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-11-064-5/+5
|
* See ChangeLog/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-11-034-6/+12
|
* See ChangeLog/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-11-032-4/+16
|
* See ChangeLog/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-314-4/+4
|
* See ChangeLog/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-284-24/+0
|
* See ChangeLog/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-274-4/+4
|
* See ChangeLog/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-164-33/+4
|
* See ChangeLog/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-164-119/+37
|