| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
This patch adds missing DCCP ports in the output:
# conntrack -D -p dccp
dccp 33 18 RESPOND src=1.1.1.1 dst=2.2.2.2 packets=0 bytes=0 [UNREPLIED] src=2.2.2.2 dst=1.1.1.1 packets=0 bytes=0 mark=0 secmark=0 use=2
conntrack v0.9.12 (conntrack-tools): 1 flow entries have been deleted.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
This patch fixes an unfortunate bug in the SCTP vtag parsing.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch adds the missing bits to display the protocol state
in the XML output.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This patch merges duplicated protocol string definitions in the
snprintf infrastructure. I have also fixed the size of the string
array. This patch is a cleanup.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
This patch adds initial DCCP support for libnetfilter_conntrack.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
This patch refreshes the nfnetlink_conntrack.h copy against 2.6.29.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch removes the debian directory. According to the debian
policy, this directory should not be in source tree.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch deprecates several header files that contain enums that
were define in the very old libnetfilter_conntrack API.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
This patch adds support for UDPlite transport protocol.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch adds support for GRE transport protocol.
Tested-by: Byan Buff <bduff@ecessa.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This patch removes a reminiscent constant of the old API whose value
is the same of __DIR_ORIG. This patch also removes the prototype
definition from libnetfilter_conntrack.h.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
This patch resets the library age since the old API has been removed
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
This patch removes the first API version which was scheduled in
2007. That API had several major limitations that the new one
solved. I don't know of any known existing client of this old
API.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This patch remove the inconditional inclusion of the TCP state
attribute in netlink messages. We cannot assume this for update
messages.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch fixes an inconsistency in enum cta_natseq. The
CTA_NAT_SEQ_UNSPEC was missing.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch removes the use of strerr(errno) when the returned
valued is != -1. This fixes random segfaults in my x86_64
machines. According to the documentation, errno should not be
used unless the returned value is -1.
This patch also includes some missing nfct_close() calls in
the examples.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch fixes some minor issues that confuse kernel-doc in the
generation of the API reference documentation.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
Bump libnetfilter_conntrack version to 0.0.99
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch fixes a missing stack.h file in Makefile.am. Maintaining
a Makefile.am for the header files sucks a lot.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch removes unnecessary flags included in NFCT_Q_DUMP,
and NFCT_Q_DESTROY requests for expectations.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch removes unnecessary flags included in NFCT_Q_DUMP,
NFCT_Q_DUMP_RESET and NFCT_Q_DESTROY requests.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
This patch removes unnecessary function inlining in the BSF code
generation. There is not reason to get any significant performance
improvement in an operation that should be done in the
initialization path.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch reworks the BSF automatic generation code. This
feature needs more love and it has several limitations like
that the maximum number of IPs are 127 due to BSF code
restrictions. See this patch as a first step forward.
This patch also adds the stack data type, which is used to
resolve jump dynamically instead of the previous static
approach.
This patch also includes fixes in the limitations, previous
calculations were wrong.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes a NULL dereference to a function pointer in
nfct_copy() that is triggered when you try to copy the helper
name. This patch also adds an assertion to easily report similar
problems in the future.
Thanks to <pageexec@freemail.hu> for his detailed debugging report.
Reported-by: Wolfram Schlich <lists@wolfram.schlich.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This patch adds a rudimentary test file to check for possible unset
indirect function calls. This automated test should be run after
adding a new attribute.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch adds the size of the arrays to set to NULL unset
elements. This helps to spot unset functions for new attributes.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This new function checks for the presence of a given set of
attributes that are passed as an array.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This new API allows you to set and get some logical set of
attributes. This is not intended to replace the existing
per-attribute get/set API but to provide more efficient way
to get/set certain attributes. This change includes an example
file (conntrack_grp_create.c) of the use of the attribute group API.
See ATTR_GRP_* for more information on the existing groups.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
We have to cast the counters to unsigned long long to fix
a compilation warning in 64-bits platforms.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
This patch introduces likely() and unlikely() that use
__builtin_expect to assist the compiler in the branch decisions.
I am assuming that we have no clients of libnetfilter_conntrack
that use gcc < 2.96.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
This patch replaces the use of switch by indirect function calls.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This patch adds support for explicit helper assignation. This support
will not be of any help without the appropriate kernel support that will
go into the Linux kernel 2.6.29 -sic-.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This patch adds NFCT_CMP_MASK and NFCT_CMP_STRICT which determines the
level of strictness that is applied to the comparison of two conntrack
objects.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
In nfct_build_query() the *data argument is converted into a u_int8_t*.
This works for little-endian but not for big-endian.
Signed-off-by: Albert Veli <albert.veli@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch cleanups the internal headers by splitting them into several
logical pieces.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
Fix wrong use of htonl in the example filter.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch introduces nfct_filter_set_logic() to set the filtering
logic which results in a more flexible solution.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This patch adds an abstraction level to berkeley sockets filter (BSF) for
Netlink sockets available since Linux kernel 2.6.26. This provides an
easy way to attach filters without knowing about BSF at all.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
The test file requires nf_conntrack_ftp to work properly, otherwise
it returns EINVAL. This patch adds a small comment to remember users
to load the module before going ahead.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| | |
|
| |
|
|
|
|
| |
Use `make check' to compile the examples in utils/
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| | |
|
| | |
|
| |
|
|
|
|
| |
alignment.
Signed-off-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch>
|
| |
|
|
|
|
| |
- include missing ATTR_MASTER_L3PROTO attribute into messages
- include ATTR_[ORIG|REPL]_L3PROTO iff there is at least another layer 3
attribute
|
| | |
|
| | |
|
| | |
|
