summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* snprintf: fix compilation warning in 64-bits platformsPablo Neira Ayuso2008-10-301-2/+2
| | | | | | | We have to cast the counters to unsigned long long to fix a compilation warning in 64-bits platforms. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* API: use of __builtin_expect in error checking pathsPablo Neira Ayuso2008-10-302-10/+10
| | | | | | | | | This patch introduces likely() and unlikely() that use __builtin_expect to assist the compiler in the branch decisions. I am assuming that we have no clients of libnetfilter_conntrack that use gcc < 2.96. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* objopt: use indirect calls instead of switchPablo Neira Ayuso2008-10-301-63/+99
| | | | | | This patch replaces the use of switch by indirect function calls. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* helper: explicit helper assignation supportlibnetfilter_conntrack-0.0.97Pablo Neira Ayuso2008-10-134-0/+50
| | | | | | | | This patch adds support for explicit helper assignation. This support will not be of any help without the appropriate kernel support that will go into the Linux kernel 2.6.29 -sic-. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* compare: add two new flags for different level of comparisonsPablo Neira Ayuso2008-10-022-194/+344
| | | | | | | | This patch adds NFCT_CMP_MASK and NFCT_CMP_STRICT which determines the level of strictness that is applied to the comparison of two conntrack objects. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* API: fix endianess issueAlbert Veli2008-07-291-2/+2
| | | | | | | | In nfct_build_query() the *data argument is converted into a u_int8_t*. This works for little-endian but not for big-endian. Signed-off-by: Albert Veli <albert.veli@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: split internal.h into several internal header filesPablo Neira Ayuso2008-07-2530-34/+44
| | | | | | | This patch cleanups the internal headers by splitting them into several logical pieces. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Extend high-level API for netlink BSF to add negative logicPablo Neira Ayuso2008-07-182-19/+104
| | | | | | | This patch introduces nfct_filter_set_logic() to set the filtering logic which results in a more flexible solution. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add berkeley socket filtering high-level APIPablo Neira Ayuso2008-07-174-1/+550
| | | | | | | | This patch adds an abstraction level to berkeley sockets filter (BSF) for Netlink sockets available since Linux kernel 2.6.26. This provides an easy way to attach filters without knowing about BSF at all. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Use union of char buffer and message header to ensure proper byteFabian Hugelshofer2008-06-182-12/+18
| | | | | | alignment. Signed-off-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch>
* fix wrong ATTR_*_L3PROTO handling in the message buildingPablo Neira Ayuso2008-06-161-8/+14
| | | | | | - include missing ATTR_MASTER_L3PROTO attribute into messages - include ATTR_[ORIG|REPL]_L3PROTO iff there is at least another layer 3 attribute
* fix bug in nfct_cmp() with IPv6 addresslibnetfilter_conntrack-0.0.94Pablo Neira Ayuso2008-05-271-4/+4
|
* define ICMPV6_NI_QUERY and ICMPV6_NI_REPLY if not setPablo Neira Ayuso2008-05-271-0/+8
|
* add full support of SCTPPablo Neira Ayuso2008-05-217-3/+136
|
* fix nfct_copy with NFCT_CP_ORIG and NFCT_CP_REPLY flagsPablo Neira Ayuso2008-05-201-8/+15
|
* fix __nfct_l4 structure layout (specifically, ICMP)Pablo Neira Ayuso2008-05-161-8/+82
| | | | fix nfct_cmp(): add port comparison, better ICMP support
* compare layer 3 and layer 4 protocol number before addresses/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-05-161-28/+28
|
* improve nfct_copy/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-05-142-49/+474
|
* Add missing master tuple getters (reported by Max Wilhelm)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-292-0/+50
|
* - bump version to 0.0.92/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-165-19/+79
| | | | | | | | - recover the ID support - add support for timeout comparison - ignore set operation for counters and use attributes - fix broken status comparison - statify several __snprintf functions
* fix missing bitset in the autocomplete code/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-131-0/+3
|
* - add nfct_cmp (replacement for nfct_compare a bit more flexible)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-136-63/+243
| | | | | | - add nfct_copy - conditional build of original and reply tuples - fix secmark parsing
* add nfct_send/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-091-1/+32
|
* fix segfault while getting the conntrack ID (reported by Thomas Mader)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-041-0/+6
|
* This patch adds invmap support and duplicate code/id for reply direction,/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-251-0/+43
| | | | | | | | | so inserted conntracks get proper type, code and id. Without this fix "type", "code" and "id" in reply direction were always set to 0. It "automagically" worked for ICMP and ICMP_ECHOREPLY (ICMP_ECHOREPLY==8 -> ICMP_ECHO==*0*), but not with with other ICMP codes nor with ICMPv6. Signed-off-by: Krzysztof Oledzki <ole@ans.pl>
* This rather trivial patch adds ICMPv6 support for libnetfilter_conntrack,/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-254-0/+33
| | | | | | but only for the new API - deprecated/extensions was left unchanged. Signed-off-by: Krzysztof Oledzki <ole@ans.pl>
* - fix broken 'deprecated backward compatibility'svn_t_libnetfilter_conntrack-0.0.89/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-2211-80/+30
| | | | - fix glibc 2.7.20 compilation (based on patch from Paul P. Konkoff)
* add support for NAT sequence adjusment/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-094-0/+170
|
* add deprecated/Makefile.am/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-131-0/+3
|
* Several tree reorganizations:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-139-2/+657
| | | | | - move l3extensions/ and extensions/ to src/deprecated/ - don't create submodules under /usr/lib/libnetfilter_conntrack/ anymore
* several cleanups for Makefile.am/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-133-24/+16
|
* add NFCT_OF_TIME output flag to nfct_snprintf/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-132-2/+43
|
* add secmark getter and setters/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-052-0/+12
|
* add support for udplite/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-172-0/+4
|
* - add support for secmark/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-174-1/+35
| | | | - fix typo s/test_but/test_bit/
* - add missing getter for TCP flags/mask/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-152-7/+41
| | | | - add TCP flags/mask attributes if they are set, otherwise skip
* fix several compilation warnings (reported by J.Engelhardt)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-092-1/+3
|
* - move old API implementation to deprecated.c/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-083-100/+115
| | | | - rename libnetfilter_conntrack.c to main.c
* Add support for conntrack master setup/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-083-0/+84
|
* add support for TCP flagssvn_t_libnetfilter_conntrack-0.0.82/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-09-123-0/+46
|
* The getters have to point to the right sized types, otherwise they don't ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-09-022-6/+6
| | | | work on big-endian. Philip Craig <philipc@snapgear.com>
* add layer 4 protocol comparison to nfct_compare()svn_t_libnetfilter_conntrack-0.0.81/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-07-181-0/+12
|
* - introduce nfct_nfnlh() to use functions like nfnl_rcvbufsiz(): return ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-07-092-8/+6
| | | | | | | read-only nfnl_handle - remove unused build_id() from build.c - bump version to 0.0.81
* fix type in snprintf_default.c (Jozsef Kladecsik)svn_t_libnetfilter_conntrack-0.0.80/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-151-1/+1
|
* Introduce NFCT_Q_CREATE_UPDATE: create conntrack, if it exists, update it/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-071-7/+12
|
* nfexp_snprintf behaves as snprintf C99/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-072-27/+14
|
* nfct_snprintf now returns the number of bytes that would have been written, ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-072-109/+109
| | | | not just the number of bytes written. Emulate snprintf behaviour as in specified in C99
* fix nfct_snprintf behaviour if the buffer passed is too small (similar to ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-074-183/+62
| | | | C99 convention)
* introduce NFCT_SOPT_SETUP_* options to simplify object setup/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-041-0/+24
|
* fix silly bug in nfct_getobjopt(..., NFCT_GOPT_IS_*NAT), always return 1 if ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-041-8/+8
| | | | status flags are set