conntrack-tools - conntrack-tools tree

	Commit message (Collapse)	Author	Age	Files	Lines
*	ftfw: show consistent information to users for problem diagnosing	Pablo Neira Ayuso	2008-08-01	1	-0/+2
\| \| \| \| \| \| \| \| \| \|	This patch hides information that may confuse users while they are diagnosing problems in their setup. For example, we hide entries that are schedule to expire - from the user side, they are already destroyed entries; and we show in the counters the real active entries, not all that are stored in the caches. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
*	fix broken normal deletion in caches	Pablo Neira Ayuso	2008-08-01	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \|	This patch fixes the non-timer-based cache deletion. This bug affects the alarm-based approach since the backup replicas did not get the deletion event, thus, delaying the deletion. This patch introduces cache_find() to look up for a conntrack object and __cache_del_timer() to perform direct deletions by means of the pointer obtained with cache_find(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
*	CLI: add new option --buffer-size for -E	Pablo Neira Ayuso	2008-07-29	1	-1/+4
\| \| \| \| \| \| \|	Add new option --buffer-size for -E to set the netlink socket buffer size. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
*	add support for kernel-space filtering via BSF	Pablo Neira Ayuso	2008-07-23	1	-0/+2
\| \| \| \| \| \| \|	This patch adds support for kernel-space filtering via BSF by means of the libnetfilter_conntrack's BSF high-level API. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
*	Major rework of the user-space event filtering	Pablo Neira Ayuso	2008-07-22	6	-44/+71
\| \| \| \| \| \| \| \| \| \|	This patch reworks the user-space filtering. Although we have kernel-space filtering since Linux kernel >= 2.6.26, we keep userspace filtering to ensure backward compatibility. Moreover, this patch prepares the implementation of the kernel-space filtering via libnetfilter_conntrack's high-level berkeley socket filter API. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
*	fix xml output: wrap output with one root element	Pablo Neira Ayuso	2008-06-22	1	-0/+6
\|
*	fix make distcheck	Pablo Neira Ayuso	2008-05-27	1	-1/+1
\|
*	rework the HELLO logic inside FT-FW	Pablo Neira Ayuso	2008-05-26	1	-1/+11
\|
*	add best effort replication protocol (aka NOTRACK)	Pablo Neira Ayuso	2008-05-25	1	-0/+1
\|
*	add eventfd emulation to communicate receiver -> sender	Pablo Neira Ayuso	2008-05-25	3	-1/+16
\|
*	add Mcast[Snd\|Rcv]SocketBuffer clauses to tune multicast socket buffers	Pablo Neira Ayuso	2008-05-20	1	-0/+2
\|
*	improve network message sanity checkings	Pablo Neira Ayuso	2008-05-18	2	-2/+2
\|
*	Fix reorder possible reordering of destroy messages under message omission. ↵	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-04-29	3	-2/+5
\| \| \| \|	This patch introduces the TimeoutDestroy clause to determine how long a conntrack remains in the internal cache once it has been destroy from the kernel table.
*	rework of the FT-FW approach	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-04-26	1	-15/+23
\|
*	add more verbose error notification when the injection of a conntrack fails	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-04-16	1	-1/+1
\|
*	o fix NAT filtering via --src-nat and --dst-nat (reported by K.Oledzki)	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-04-16	1	-8/+4
\| \| \| \| \| \|	o recover the ID support o show display counters to stderr o enable filtering by status and ID
*	fix conntrack -U -p tcp [...]	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-04-13	1	-0/+3
\|
*	improve netlink overrun handling	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-04-09	2	-1/+11
\|
*	fix asymmetric path support (still some open concerns)	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-04-08	1	-0/+4
\|
*	Krzysztof Oledzki <ole@ans.pl>:	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-03-25	1	-0/+1
\| \| \| \| \|	o add ICMPv6 (-p icmpv6) support o add possibility to distinguish between invalid (unknown) and empty proto
*	Pablo Neira Ayuso <pablo@netfilter.org>:	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-03-25	2	-2/+2
\| \| \| \| \| \| \|	o remove .svn directory from make distcheck tarballs (reported by B.Benjamini) + Krzysztof Oledzki <ole@ans.pl>: o fix minor compilation warning
*	compose the file descriptor set at initialization stage to save some cycles	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-02-19	3	-2/+20
\|
*	From: Max Kellermann <max@duempel.org>	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-02-14	1	-2/+2
\| \| \| \|	whitespace cleanups
*	add IPv6 support to conntrackd	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-02-02	3	-4/+6
\|
*	implement a rb-tree based alarm framework	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-29	3	-15/+173
\|
*	Max Kellermann <max@duempel.org>:	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-23	2	-5/+6
\| \| \| \|	use size_t
*	Max Kellermann <max@duempel.org>:	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-23	1	-0/+2
\| \| \| \|	introduce alarm_pending()
*	Max Kellermann <max@duempel.org>:	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-23	1	-1/+0
\| \| \| \|	remove unused prototype in network.h
*	Max Kellermann <max@duempel.org>:	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-23	2	-4/+9
\| \| \| \| \| \|	added struct local_server, several cleanups in local socket infrastructure This patch include minor changes by the comitter
*	remove alarm counter	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-22	1	-2/+0
\|
*	Max Kellermann <max@duempel.org>:	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-22	1	-2/+4
\| \| \| \| \| \|	- Pass next_alarm to __run() only if there is an alarm - Eliminate the "timeout" parameter - the alarm functions get_next_alarm_run() and do_alarm_run() return an timeval pointer instead of a boolean
*	Based on patch from Max Kellermann <max@duempel.org>:	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-20	1	-10/+1
\| \| \| \|	merge mod_alarm() into add_alarm(), remove alarm_set_expiration()
*	yet another rework of the alarm scheduler	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-18	1	-1/+7
\|
*	Max Kellermann <max@duempel.org>:	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-18	4	-28/+3
\| \| \| \|	Simplify logging infrastructure
*	Max Kellermann <max@duempel.org>:	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-17	9	-15/+9
\| \| \| \|	import only required C headers and put local headers on top to check
*	Max Kellermann <max@duempel.org>:	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-17	2	-6/+8
\| \| \| \|	use size_t for buffer sizes
*	Max Kellermann <max@duempel.org>:	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-17	1	-0/+2
\| \| \| \|	add buffer_destroy() to buffer.c
*	Max Kellermann <max@duempel.org>:	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-17	8	-43/+52
\| \| \| \|	use C99 integers (uint32_t instead of u_int32_t)
*	remove unix socket file on exit	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-15	1	-1/+1
\|
*	minor constification fixes	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-15	1	-1/+1
\| \| \| \|	update libnfnetlink dependencies
*	Max Kellermann <max@duempel.org>:	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-15	7	-12/+16
\| \| \| \|	Fix tons of gcc warnings
*	merge several *_alarm() functions into init_alarm()	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-15	1	-6/+3
\|
*	add traffic_stats.h and netlink.h to include/Makefile.am	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-15	1	-1/+2
\|
*	Add include/netlink.h and include/traffic_stats.h	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-15	2	-0/+31
\|
*	Max Kellermann <max@duempel.org>:	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-15	4	-0/+30
\| \| \| \|	add missing function prototypes
*	Max Kellermann <max@duempel.org>:	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-15	1	-4/+4
\| \| \| \|	use the comma operator instead of curly braces
*	constify queue_iterate()	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-15	1	-1/+1
\|
*	Max Kellermann <max@duempel.org>:	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-15	1	-1/+1
\| \| \| \|	remove prefetch from slist.h since it confuses gcc
*	Max Kellermann <max@duempel.org>:	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-15	4	-4/+4
\| \| \| \|	use const when possible
*	Max Kellermann <max@duempel.org>:	/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org	2008-01-15	1	-2/+2
\| \| \| \| \| \|	the global variable "alarm" conflicts with the alarm() function from unistd.h. resolve that conflict by giving those two global variables a better name.