Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | include: Sync with kernel headers | Felix Janda | 2015-05-21 | 2 | -42/+17 |
| | | | | | Signed-off-by: Felix Janda <felix.janda@posteo.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | nfct: timeout: add support for default protocol timeout tuning | Pablo Neira Ayuso | 2014-05-13 | 1 | -0/+2 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This new interface supersedes the /proc interface: /proc/sys/net/netfilter/nf_conntrack_PROTO_STATE_timeout to tune default conntrack timeout helpers. # nfct timeout default-get inet tcp .l3proto = 2, .l4proto = 6, .policy = { .SYN_SENT = 120, .SYN_RECV = 60, .ESTABLISHED = 432000, .FIN_WAIT = 120, .CLOSE_WAIT = 60, .LAST_ACK = 30, .TIME_WAIT = 120, .CLOSE = 10, .SYN_SENT2 = 120, .RETRANS = 300, .UNACKNOWLEDGED = 300, }, }; # nfct timeout default-set inet tcp ESTABLISHED 100 As replacement for the existing /proc interfaces for timeout tweaking. This feature requires a Linux kernel >= 3.13. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | conntrackd: cthelper: allow to attach expectations via nfqueue | Pablo Neira Ayuso | 2013-09-26 | 1 | -0/+13 |
| | | | | | | This requires the Linux kernel 3.12. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | conntrackd: add cthelper infrastructure (+ example FTP helper) | Pablo Neira Ayuso | 2012-08-01 | 3 | -1/+155 |
| | | | | | | | | | | | | This patch adds the user-space helper infrastructure. It also contains the implementation of the FTP helper in user-space. There's one example file that you can use to configure conntrackd as user-space connection tracking helper under: doc/helper/conntrackd.conf Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | src: integrate nfct into the conntrack-tools tree | Pablo Neira Ayuso | 2012-05-26 | 4 | -0/+210 |
I'll need for the upcoming cthelper infrastructure. Moreover, we avoid more fragmentation in the netfilter user-space utilities. And the plan is that `nfct' will replace `conntrack' at some point. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |