summaryrefslogtreecommitdiffstats
path: root/src/cthelper.c
Commit message (Collapse)AuthorAgeFilesLines
* conntrackd: cthelper: Set up userspace helpers when daemon startsPablo Neira Ayuso2021-05-281-0/+4
| | | | | | | Add a new setting to allow conntrackd to autoconfigure the userspace helpers at startup. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: cthelper: Free pktb after useKevin Cernekee2017-02-011-0/+1
| | | | | | | | According to valgrind, this currently leaks ~512B to 2kB for each packet sent to the userspace helper. Signed-off-by: Kevin Cernekee <cernekee@chromium.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: fix error handling in nfq_queue_cb()Pablo Neira Ayuso2015-08-181-14/+15
| | | | | | | Make sure we have a clean exit on error, everything needs to be properly released. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cthelper: Optimise nfq_queue_cbPaul Aitken2015-06-121-5/+3
| | | | | | | | ct and myct have both already been checked for non-NULL, so there's no need to check either of them again later. Signed-off-by: Paul Aitken <paitken@brocade.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cthelper: don't pass up a 0 length queueChas Williams III2015-05-211-1/+4
| | | | | | | | | If the user didn't specify a queue length in the configuration file it will have a length of 0. Allow the kernel's default to take precedence instead. Signed-off-by: Charles (Chas) Williams <ciwillia@brocade.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: Define _GNU_SOURCE to get members of tcphdr&ucphdrFelix Janda2015-05-211-0/+1
| | | | | | | | | The source uses linux names for members of tcphdr. For example "source" instead of "th_sport", ... musl libc's headers need _GNU_SOURCE defined in order to expose these. Signed-off-by: Felix Janda <felix.janda@posteo.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: cthelper: allow to attach expectations via nfqueuePablo Neira Ayuso2013-09-261-0/+11
| | | | | | This requires the Linux kernel 3.12. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cthelper: helpers may not use private information areaPablo Neira Ayuso2013-06-071-3/+5
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cthelper: add IPv6 supportPablo Neira Ayuso2013-06-071-24/+46
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: cthelper: add QueueLen optionPablo Neira Ayuso2012-09-101-2/+4
| | | | | | | | | | | This patch adds the QueueLen option, that allows you to increase the maximum number of packets waiting in the nfnetlink_queue to receive a verdict from userspace. Rising the default value (1024) is useful to avoid hitting the following error message: "nf_queue: full at X entries, dropping packets(s)". Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: add cthelper infrastructure (+ example FTP helper)Pablo Neira Ayuso2012-08-011-0/+521
This patch adds the user-space helper infrastructure. It also contains the implementation of the FTP helper in user-space. There's one example file that you can use to configure conntrackd as user-space connection tracking helper under: doc/helper/conntrackd.conf Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>