summaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* API: use of __builtin_expect in error checking pathsPablo Neira Ayuso2008-10-301-0/+3
| | | | | | | | | This patch introduces likely() and unlikely() that use __builtin_expect to assist the compiler in the branch decisions. I am assuming that we have no clients of libnetfilter_conntrack that use gcc < 2.96. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* objopt: use indirect calls instead of switchPablo Neira Ayuso2008-10-301-0/+2
| | | | | | This patch replaces the use of switch by indirect function calls. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* helper: explicit helper assignation supportlibnetfilter_conntrack-0.0.97Pablo Neira Ayuso2008-10-132-0/+4
| | | | | | | | This patch adds support for explicit helper assignation. This support will not be of any help without the appropriate kernel support that will go into the Linux kernel 2.6.29 -sic-. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* compare: add two new flags for different level of comparisonsPablo Neira Ayuso2008-10-021-0/+2
| | | | | | | | This patch adds NFCT_CMP_MASK and NFCT_CMP_STRICT which determines the level of strictness that is applied to the comparison of two conntrack objects. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: split internal.h into several internal header filesPablo Neira Ayuso2008-07-2514-414/+465
| | | | | | | This patch cleanups the internal headers by splitting them into several logical pieces. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Extend high-level API for netlink BSF to add negative logicPablo Neira Ayuso2008-07-182-0/+15
| | | | | | | This patch introduces nfct_filter_set_logic() to set the filtering logic which results in a more flexible solution. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add berkeley socket filtering high-level APIPablo Neira Ayuso2008-07-172-0/+99
| | | | | | | | This patch adds an abstraction level to berkeley sockets filter (BSF) for Netlink sockets available since Linux kernel 2.6.26. This provides an easy way to attach filters without knowing about BSF at all. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add full support of SCTPPablo Neira Ayuso2008-05-213-0/+26
|
* fix __nfct_l4 structure layout (specifically, ICMP)Pablo Neira Ayuso2008-05-161-5/+21
| | | | fix nfct_cmp(): add port comparison, better ICMP support
* improve nfct_copy/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-05-142-1/+9
|
* - bump version to 0.0.92/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-161-1/+9
| | | | | | | | - recover the ID support - add support for timeout comparison - ignore set operation for counters and use attributes - fix broken status comparison - statify several __snprintf functions
* fix missing bitset in the autocomplete code/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-131-0/+22
|
* - add nfct_cmp (replacement for nfct_compare a bit more flexible)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-132-1/+23
| | | | | | - add nfct_copy - conditional build of original and reply tuples - fix secmark parsing
* add nfct_send/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-091-0/+4
|
* - fix broken 'deprecated backward compatibility'svn_t_libnetfilter_conntrack-0.0.89/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-221-0/+9
| | | | - fix glibc 2.7.20 compilation (based on patch from Paul P. Konkoff)
* add support for NAT sequence adjusment/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-092-0/+12
|
* add NFCT_OF_TIME output flag to nfct_snprintf/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-132-0/+4
|
* add conditional IPPROTO_UDPLITE declaration/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-171-0/+4
|
* - add support for secmark/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-173-0/+13
| | | | - fix typo s/test_but/test_bit/
* fix several compilation warnings (reported by J.Engelhardt)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-091-0/+3
|
* Add support for conntrack master setup/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-083-2/+12
|
* deprecated old libnetfilter_conntrack API/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-081-59/+102
|
* add support for TCP flagssvn_t_libnetfilter_conntrack-0.0.82/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-09-123-4/+32
|
* - introduce nfct_nfnlh() to use functions like nfnl_rcvbufsiz(): return ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-07-091-0/+1
| | | | | | | read-only nfnl_handle - remove unused build_id() from build.c - bump version to 0.0.81
* Introduce NFCT_Q_CREATE_UPDATE: create conntrack, if it exists, update it/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-071-0/+1
|
* nfct_snprintf now returns the number of bytes that would have been written, ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-071-2/+3
| | | | not just the number of bytes written. Emulate snprintf behaviour as in specified in C99
* fix nfct_snprintf behaviour if the buffer passed is too small (similar to ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-071-0/+6
| | | | C99 convention)
* introduce NFCT_SOPT_SETUP_* options to simplify object setup/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-041-0/+2
|
* - add warning note to ctnl_test.c: old API is deprecated/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-061-33/+47
| | | | | | | | - split expect_api_test.c into small example files expect_*.c - introduce alias tags for original tuple attributes - introduce nfexp_sizeof and nfexp_maxsize - build expectation attributes iif they are set - fix l3num setting in expect/build.c
* update credits/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-011-1/+1
|
* Move old deprecated libnetfilter_conntrack API definitions at the bottom of ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-011-293/+302
| | | | libnetfilter_conntrack.h. The old API will be removed after quite some time.
* introduce the new expectation API/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-012-0/+112
|
* - fix compilation warning in snprintf.c/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-242-1/+10
| | | | | | - introduce the new compare infrastructure: much simple than previous - introduce nfct_maxsize for nf_conntrack object allocated in the stack - more strict checkings in nfct_set_attr: third parameter is const
* add extern C's to public headers (Phil Dibowitz)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2007-03-298-0/+64
|
* [PATCH] Fix icmp_id setter and doc (Phil Dibowitz <phil@ipom.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-03-171-1/+1
| | | | | | | | ICMP ID is stored as a u_int16_t, but its setter function derefs it's arguement as a u_int8_t. Additionally the api "doc" claims it's a u8, when it's not. This patch fixes both.
* [patch] libnetlink_conntrack compile fix (Thomas Jarosch ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-03-161-0/+4
| | | | | | | <thomas.jarosch@intra2net.com>) attached patch fixes compilation of libnetlink_conntrack for old glibc versions.
* - replace ntohs by htons in the example file (reported by Victor Stinner)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-12-231-1/+2
| | | | | - introduce NFCT_O_PLAIN flag: NFCT_O_DEFAULT points to NFCT_O_PLAIN - remove commented line in nfct_new()
* Introduce the new libnetfilter_conntrack API, features:/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-12-195-2/+387
| | | | | | | | | - object oriented infrastructure - extensible and configurable output (XML) - low level functions to interact with netlink details - fairly documented Still backward compatible.
* [PATCH]: Userspace code related to fixed timeout patch (Eric Leblond ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-07-031-0/+5
| | | | <eric@inl.fr>)
* export a function required by nfct helper support/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-02-091-0/+8
|
* o Add missing layer-3 protocol flags for the expectation tuple/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-01-153-4/+19
| | | | o Update copyright date
* Introduce various API changes throughout the library stack/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-142-2/+5
| | | | | | | | | | | 1) make libnfnetlink dynamically allocate it's handles 2) apply that change throughout libnetfilter_* 3) add {nfq,nflog,nfct}_open_nfnl() functions that open the specific subsystem on top of an existing nfnl_handle, which is required for upcoming libnetfilter_conntrack_helper The changes break ABI and API compatibility of libnfnetlink, but don't break ABI or API compatibility of the libnetfilter_* libraries.
* we have to include l3extensions.h in dist/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-071-1/+2
|
* o add IPv6 support/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-265-5/+92
| | | | | | | | | | | | o clean up layer-4 compare functions o finish the comparison infrastructure: support for tuple/mark matching o fix bug in the default event display when used in conjunction with the comparison infrastructure. o Bumped version to 0.0.30 Thanks to Yasuyuki Kozakai for: [LIBNETFILTER_CONNTRACK] fix dumping IPv6 connections that in included in this commit.
* Yasuyuki confirmed that l3protonum must be u_int8_t instead of u_int16t.svn_t_libnetfilter_conntrack-0.0.29/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-211-10/+8
| | | | | Another reason to use such type: the nfnetlink header uses u_int8_t to set the layer 3 protocol family, so let's keep some consistency.
* Add support for per-family table flushing. ie. flush just AF_INET entries. ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-191-2/+2
| | | | Towards ipv6 support.
* Slightly API changes required for the upcoming ipv6 support/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-192-3/+7
|
* Add l3protonum field to nfct_tuple: ensure backward compatibility once /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-191-0/+1
| | | | the ipv6 suport comes.
* o Fixed bugs in UDP and SCTP protocol handlers (parse_proto)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-037-5/+146
| | | | | | | | | o Added the comparison infrastructure for layer-4 protocols o Added libnetfilter_conntrack_[tcp|udp|icmp|sctp].h that contains the protocol flags used by the comparison infrastructure o Added nfct_conntrack_compare to compare two conntracks based on flags o Killed nfct_event_netlink_handler o nfct_event_[conntrack|expect] requires ROOT privileges (reason: netlink multicast) o Bumped version to 0.29
* some old libc's don't define IPPROTO_SCTP/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-141-0/+6
|