summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* add support for udplite/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-172-0/+4
|
* - add support for secmark/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-174-1/+35
| | | | - fix typo s/test_but/test_bit/
* - add missing getter for TCP flags/mask/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-152-7/+41
| | | | - add TCP flags/mask attributes if they are set, otherwise skip
* fix several compilation warnings (reported by J.Engelhardt)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-092-1/+3
|
* - move old API implementation to deprecated.c/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-083-100/+115
| | | | - rename libnetfilter_conntrack.c to main.c
* Add support for conntrack master setup/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-083-0/+84
|
* add support for TCP flagssvn_t_libnetfilter_conntrack-0.0.82/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-09-123-0/+46
|
* The getters have to point to the right sized types, otherwise they don't ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-09-022-6/+6
| | | | work on big-endian. Philip Craig <philipc@snapgear.com>
* add layer 4 protocol comparison to nfct_compare()svn_t_libnetfilter_conntrack-0.0.81/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-07-181-0/+12
|
* - introduce nfct_nfnlh() to use functions like nfnl_rcvbufsiz(): return ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-07-092-8/+6
| | | | | | | read-only nfnl_handle - remove unused build_id() from build.c - bump version to 0.0.81
* fix type in snprintf_default.c (Jozsef Kladecsik)svn_t_libnetfilter_conntrack-0.0.80/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-151-1/+1
|
* Introduce NFCT_Q_CREATE_UPDATE: create conntrack, if it exists, update it/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-071-7/+12
|
* nfexp_snprintf behaves as snprintf C99/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-072-27/+14
|
* nfct_snprintf now returns the number of bytes that would have been written, ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-072-109/+109
| | | | not just the number of bytes written. Emulate snprintf behaviour as in specified in C99
* fix nfct_snprintf behaviour if the buffer passed is too small (similar to ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-074-183/+62
| | | | C99 convention)
* introduce NFCT_SOPT_SETUP_* options to simplify object setup/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-041-0/+24
|
* fix silly bug in nfct_getobjopt(..., NFCT_GOPT_IS_*NAT), always return 1 if ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-041-8/+8
| | | | status flags are set
* fix invalid argument error: status flags may not be present in update messages/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-041-2/+7
|
* add support for 64 bits counters (Krzysztof Oledzki)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-291-8/+24
|
* - delete ctnl_test.c since it contains examples of the old *deprecated* API/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-202-4/+4
| | | | | - fix wrong port display in the XML output (Morten Isaksen) - use ntohs instead htons in snprintf_default.c
* - add warning note to ctnl_test.c: old API is deprecated/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-062-23/+54
| | | | | | | | - split expect_api_test.c into small example files expect_*.c - introduce alias tags for original tuple attributes - introduce nfexp_sizeof and nfexp_maxsize - build expectation attributes iif they are set - fix l3num setting in expect/build.c
* introduce the new expectation API/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-0112-18/+904
|
* - fix compilation warning in snprintf.c/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-243-3/+146
| | | | | | - introduce the new compare infrastructure: much simple than previous - introduce nfct_maxsize for nf_conntrack object allocated in the stack - more strict checkings in nfct_set_attr: third parameter is const
* Set status bit if whatever status flags are available, not only for ASSURED ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2007-03-211-4/+1
| | | | and SEEN_REPLY
* [PATCH] Fix icmp_id setter and doc (Phil Dibowitz <phil@ipom.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-03-171-1/+1
| | | | | | | | ICMP ID is stored as a u_int16_t, but its setter function derefs it's arguement as a u_int8_t. Additionally the api "doc" claims it's a u8, when it's not. This patch fixes both.
* - fix inconsistency in the behaviour of nfct_set_attr with ATTR_STATUS: now ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2007-02-272-6/+10
| | | | | | status flags bits of conntrack objects in userspace can be set and unset as it happens with other attributes. - nfct_get_objopt with NAT detectors previously checks if the status attribute is set, otherwise it just skips it.
* fix wrong documentation in nfct_attr_get_u[*] functions/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2007-02-121-6/+9
|
* - fix a crash on trying to set the counters of a conntracksvn_t_libnetfilter_conntrack-0.0.50/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2007-01-052-2/+16
| | | | | | | - document that ATTR_*_COUNTER_*, ATTR_USE and ATTR_ID are unsettable - implement getter for the ATTR_USE attribute Based on patches from Victor Stinner.
* Minor fix in the counter parsing: replace htonl by ntonl, anyway they are ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-12-292-4/+4
| | | | actually the same function so this should not break anything.
* Fix minor nitpick in the XML output (Victor Stinner)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-12-291-2/+2
|
* - replace ntohs by htons in the example file (reported by Victor Stinner)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-12-231-3/+0
| | | | | - introduce NFCT_O_PLAIN flag: NFCT_O_DEFAULT points to NFCT_O_PLAIN - remove commented line in nfct_new()
* Introduce the new libnetfilter_conntrack API, features:/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-12-1913-13/+2492
| | | | | | | | | - object oriented infrastructure - extensible and configurable output (XML) - low level functions to interact with netlink details - fairly documented Still backward compatible.
* Remove check for UID == 0, it is wrong for multiple reasons. (Sebastian ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-08-161-12/+0
| | | | Hagen <sebastian_hagen@memespace.net>)
* [PATCH 1/6] libnetfilter_conntrack pkt-config modifications (KOVACS ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-08-031-2/+2
| | | | Krisztian <hidden@balabit.hu>)
* Fix expectation mask dumping/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-03-011-1/+33
|
* export a function required by nfct helper support/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-02-091-2/+2
|
* add version info/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-02-091-1/+1
|
* Simplification: nfnl_send + nfnl_listen calls for nfnl_talk/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-02-091-18/+3
|
* flush stdout, so realtime output to a pipe is broken (Daniel De Graaf)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-01-221-0/+1
|
* o Add missing layer-3 protocol flags for the expectation tuple/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-01-151-2/+2
| | | | o Update copyright date
* Introduce various API changes throughout the library stack/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-141-59/+109
| | | | | | | | | | | 1) make libnfnetlink dynamically allocate it's handles 2) apply that change throughout libnetfilter_* 3) add {nfq,nflog,nfct}_open_nfnl() functions that open the specific subsystem on top of an existing nfnl_handle, which is required for upcoming libnetfilter_conntrack_helper The changes break ABI and API compatibility of libnfnetlink, but don't break ABI or API compatibility of the libnetfilter_* libraries.
* o add IPv6 support/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-261-36/+137
| | | | | | | | | | | | o clean up layer-4 compare functions o finish the comparison infrastructure: support for tuple/mark matching o fix bug in the default event display when used in conjunction with the comparison infrastructure. o Bumped version to 0.0.30 Thanks to Yasuyuki Kozakai for: [LIBNETFILTER_CONNTRACK] fix dumping IPv6 connections that in included in this commit.
* Add support for per-family table flushing. ie. flush just AF_INET entries. ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-191-4/+4
| | | | Towards ipv6 support.
* Slightly API changes required for the upcoming ipv6 support/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-191-8/+10
|
* Use u_int8_t for CTA_PROTO_NUM/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-12-181-1/+1
|
* o Fixed bugs in UDP and SCTP protocol handlers (parse_proto)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-031-10/+51
| | | | | | | | | o Added the comparison infrastructure for layer-4 protocols o Added libnetfilter_conntrack_[tcp|udp|icmp|sctp].h that contains the protocol flags used by the comparison infrastructure o Added nfct_conntrack_compare to compare two conntracks based on flags o Killed nfct_event_netlink_handler o nfct_event_[conntrack|expect] requires ROOT privileges (reason: netlink multicast) o Bumped version to 0.29
* - get rid of KERNELDIR include/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-141-5/+1
| | | | - have only one place where we specify the includes (Make_global.am)
* o nfct_build_conntrack is too much, the only clients are new_conntrack and svn_t_libnetfilter_conntrack-0.0.26/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-11-091-53/+67
| | | | | | | update_conntrack, and it doesn't even fit well for both cases. So I decided to kill it and inline the code adapting it when was necessary. o Convert all unsigned int/long to POSIX types u_int32_t. Better now than later :(.
* introduce library API versioning and plugin release handling/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-062-3/+9
|
* - modules don't need a 'lib' prefix/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-061-2/+2
| | | | - modules need to be linked against libnetfilter_conntrack.la, otherwise they miss a dependency