summaryrefslogtreecommitdiffstats
path: root/include/Makefile.am
Commit message (Collapse)AuthorAgeFilesLines
* conntrackd: add `DisableInternalCache' clausePablo Neira Ayuso2009-10-211-1/+1
| | | | | | | | This patch adds the clause `DisableInternalCache' that allows you to bypass the internal cache. This clause can only be used with the notrack synchronization mode. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: add support state-replication based on TCPPablo Neira Ayuso2009-08-231-1/+1
| | | | | | | | This patch adds support for TCP as protocol to replicate state-changes between two daemons. Note that this only makes sense with the notrack mode. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: reduce the number of gettimeofday() syscallsPablo Neira Ayuso2009-08-211-1/+1
| | | | | | | | This patch reduces the number of gettimeofday syscalls by caching the current time in a variable at the beginning of the main loop. Based on a suggestion from Vincent Jardin. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: add `DisableExternalCache' clausePablo Neira Ayuso2009-08-191-1/+1
| | | | | | | | | | | This patch adds the clause `DisableExternalCache' that allows you to disable the external cache and to directly inject the entries into the kernel conntrack table. As a result, the CPU consumption of conntrackd increases. This clause can only be used with the FT-FW and the notrack synchronization modes, but not with the alarm mode. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: detect where the events comes fromPablo Neira Ayuso2009-05-231-1/+1
| | | | | | | | | | Since Linux kernel 2.6.29, ctnetlink reports the changes that have been done using ctnetlink. With this patch, conntrackd can recognize who is the origin of the event messages. For example, this is interesting to avoid a messy implicit bulk send during the commit of entries. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: add child process infrastructurePablo Neira Ayuso2009-05-231-1/+2
| | | | | | | | | | | | | This patch adds a simple infrastructure that allows to account the child processes that have been forked. This also includes a callback handler that can be registered that is called once the child process finishes. We can extended this later to include an alarm to limit the maximum lifetime of a forked child process. This is good to ensure that child processes behave timely. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* sync-mode: add unicast UDP support to propagate state-changesPablo Neira Ayuso2009-03-131-1/+1
| | | | | | | | This patch adds support for unicast UDP to the channel infrastructure. With this patch, you can select UDP unicast to propagate state-changes instead of multicast. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* sync-mode: add abstract layer to make daemon independent of multicastPablo Neira Ayuso2009-03-121-1/+1
| | | | | | | | | This patch reworks conntrackd to make it independent of the protocol used to propagate state-changes. This patch adds the channel layer abstraction, this layer allows you to add support for different protocols like unicast UDP or TIPC. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: rework of the hash-cache infrastructurePablo Neira Ayuso2009-01-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Currently, the caching system is implemented in a two layer architecture: hashtable (inner layer) and cache (upper layer). This patch reworks the hash-cache infrastructure to solve some initial design problems to make it more flexible, the main strong points of this patch are: * Memory handling is done in the cache layer, not in the inner hashtable layer. This removes one of the main dependencies between the hashtable and the cache classes. * Remove excessive encapsulation: the former cache used to hide a lot of details of the inner hashtable implementation. * Fix over-hashing of some operations: lookup-delete-add required three hash calculations. Similarly, the update-or-add operation required two hash calculations. Now, we calculate the hash once and re-use the value how many times as we need. This patch simplifies the caching system. As a result, we save ~130 lines of code. Small code means and less complexity means less chance to have bugs. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* automake: add missing cidr.hconntrack-tools-0.9.9Pablo Neira Ayuso2008-12-181-1/+1
| | | | | | This patch adds cidr.h to Makefile.am in include/ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* filter: CIDR-based filtering supportPablo Neira Ayuso2008-11-251-1/+1
| | | | | | | | | | This patch adds CIDR-based filtering support. The current implementation is O(n). This patch also introduces the vector data type which is used to store the IP address and the network mask. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Major rework of the user-space event filteringPablo Neira Ayuso2008-07-221-2/+2
| | | | | | | | | | This patch reworks the user-space filtering. Although we have kernel-space filtering since Linux kernel >= 2.6.26, we keep userspace filtering to ensure backward compatibility. Moreover, this patch prepares the implementation of the kernel-space filtering via libnetfilter_conntrack's high-level berkeley socket filter API. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* fix make distcheckPablo Neira Ayuso2008-05-271-1/+1
|
* add eventfd emulation to communicate receiver -> senderPablo Neira Ayuso2008-05-251-1/+1
|
* compose the file descriptor set at initialization stage to save some cycles/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-191-1/+1
|
* implement a rb-tree based alarm framework/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-291-1/+1
|
* Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-181-1/+1
| | | | Simplify logging infrastructure
* add traffic_stats.h and netlink.h to include/Makefile.am/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-151-1/+2
|
* wake up the daemon iff there are real events to handle instead of polling ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-091-1/+1
| | | | (Based on comments from Max Kellerman)
* fix make distcheck/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-071-1/+1
|
* - conntrack-tools requires libnetfilter_conntrack >= 0.0.81 /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-07-091-1/+1
| | | | | | | | | | | | | - add len field to nethdr - implement buffered send/recv to batch messages - stop using netlink format for network messages: use similar TLV-based format - reduce synchronization messages size up to 60% - introduce periodic alive messages for sync-nack protocol - timeslice alarm implementation: remove alarm pthread, remove locking - simplify debugging functions: use nfct_snprintf instead - remove major use of libnfnetlink functions: use libnetfilter_conntrack API - deprecate conntrackd -F, use conntrack -F instead - major rework of the network infrastructure: much simple, less messy
* - bump version to 0.9.3/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-171-1/+2
| | | | | - show 'conntrack-tools' string when 'conntrack -V' is issued - include missing headers to include/Makefile.am
* first step forward to merge conntrackd and conntrack into the same building ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-161-0/+5
| | | | chain
* initial import of the conntrack daemon to Netfilter SVN/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-161-2/+0
|
* - don't install the header files when 'make install' is run. they're private/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-111-1/+1
| | | | - don't check for kernel header files, since we don't include any.
* - rename plugisn to remove 'lib' prefix/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-101-1/+1
| | | | - move them into 'pkglibdir'
* o Created changelog file/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-05-011-0/+2
o Deleted libctnetlink.h and libnfnetlink.h from the include/ dir. o Added support for version (-V) and help (-h) o Added event mask based support o Added GPLv2 headers o Use fprintf instead of printf o Defined print_tuple and print_proto output interfaces o ctnl_[get|del]_conntrack handles return value from kernel via msgerr o Added support for conntrack table flushing o Added test case file (test.sh) o Improve dump output o Autoconf stuff for conntrack + some pablo's modifications. o Fixed packet counters formatting (use %llu instead of %lu)