summaryrefslogtreecommitdiffstats
path: root/utils
Commit message (Collapse)AuthorAgeFilesLines
* bsf: add support for IPv6 address filteringPablo Neira Ayuso2009-07-141-0/+13
| | | | | | | | | | | | This patch adds support to auto-generate BSF code for IPv6. It requires a Linux kernel >= 2.6.29. The maximum number of addresses is limited to 20 (12 BSF lines per IPv6 address comparison). I am not sure that to remove this limit is useful given that oprofile does not show very good numbers for very large (in terms of lines) filters. This completes one feature that is available in IPv4 but that was missing in IPv6. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tcp: add support for SYN_SENT2 statePablo Neira Ayuso2009-06-105-6/+6
| | | | | | | | | This patch adds support for the new SYN_SENT2 state that Jozsef has introduced to support TCP simultaneous open in 2.6.31. We can safely include support for this feature now since the LISTEN state was not ever really used. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* utils: fix wrong use of errno in example filesPablo Neira Ayuso2008-12-1017-62/+116
| | | | | | | | | | | | This patch removes the use of strerr(errno) when the returned valued is != -1. This fixes random segfaults in my x86_64 machines. According to the documentation, errno should not be used unless the returned value is -1. This patch also includes some missing nfct_close() calls in the examples. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* groups: add attribute group APIPablo Neira Ayuso2008-10-302-1/+59
| | | | | | | | | | | | This new API allows you to set and get some logical set of attributes. This is not intended to replace the existing per-attribute get/set API but to provide more efficient way to get/set certain attributes. This change includes an example file (conntrack_grp_create.c) of the use of the attribute group API. See ATTR_GRP_* for more information on the existing groups. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* helper: explicit helper assignation supportlibnetfilter_conntrack-0.0.97Pablo Neira Ayuso2008-10-131-0/+1
| | | | | | | | This patch adds support for explicit helper assignation. This support will not be of any help without the appropriate kernel support that will go into the Linux kernel 2.6.29 -sic-. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* API: fix endianess issueAlbert Veli2008-07-291-1/+1
| | | | | | | | In nfct_build_query() the *data argument is converted into a u_int8_t*. This works for little-endian but not for big-endian. Signed-off-by: Albert Veli <albert.veli@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* bsf: use ntohl instead of htonl in the examplePablo Neira Ayuso2008-07-231-1/+2
| | | | | | Fix wrong use of htonl in the example filter. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Extend high-level API for netlink BSF to add negative logicPablo Neira Ayuso2008-07-181-0/+5
| | | | | | | This patch introduces nfct_filter_set_logic() to set the filtering logic which results in a more flexible solution. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add berkeley socket filtering high-level APIPablo Neira Ayuso2008-07-172-1/+88
| | | | | | | | This patch adds an abstraction level to berkeley sockets filter (BSF) for Netlink sockets available since Linux kernel 2.6.26. This provides an easy way to attach filters without knowing about BSF at all. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add comment in expect_create test filePablo Neira Ayuso2008-07-151-0/+5
| | | | | | | | The test file requires nf_conntrack_ftp to work properly, otherwise it returns EINVAL. This patch adds a small comment to remember users to load the module before going ahead. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conditional compilation of testsuite utilsPablo Neira Ayuso2008-07-021-1/+1
| | | | | | Use `make check' to compile the examples in utils/ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* remove slip through change in conntrack_event.cPablo Neira Ayuso2008-07-021-249/+1
|
* bump version to 0.0.95libnetfilter_conntrack-0.0.95Pablo Neira Ayuso2008-06-271-1/+249
|
* add NFCT_OF_TIME output flag to nfct_snprintf/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-131-1/+1
|
* remove read-only variable from example file/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-171-7/+1
|
* add examples on how to add a new related conntrack/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-091-0/+93
|
* Add support for conntrack master setup/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-081-1/+6
|
* introduce NFCT_SOPT_SETUP_* options to simplify object setup/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-044-52/+28
|
* - do not install example files, just compile them/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-211-1/+1
| | | | - bump version to 0.0.75
* - delete ctnl_test.c since it contains examples of the old *deprecated* API/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-202-165/+1
| | | | | - fix wrong port display in the XML output (Morten Isaksen) - use ntohs instead htons in snprintf_default.c
* - split new_api_test.c into several conntrack_*.c files to learn much easier ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-1310-130/+414
| | | | how the new API works
* - add warning note to ctnl_test.c: old API is deprecated/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-069-165/+376
| | | | | | | | - split expect_api_test.c into small example files expect_*.c - introduce alias tags for original tuple attributes - introduce nfexp_sizeof and nfexp_maxsize - build expectation attributes iif they are set - fix l3num setting in expect/build.c
* introduce the new expectation API/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-012-1/+165
|
* - replace ntohs by htons in the example file (reported by Victor Stinner)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-12-231-4/+4
| | | | | - introduce NFCT_O_PLAIN flag: NFCT_O_DEFAULT points to NFCT_O_PLAIN - remove commented line in nfct_new()
* Introduce the new libnetfilter_conntrack API, features:/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-12-192-1/+129
| | | | | | | | | - object oriented infrastructure - extensible and configurable output (XML) - low level functions to interact with netlink details - fairly documented Still backward compatible.
* Fix endianess of tcp ports in the tuple./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org2006-03-261-4/+4
|
* Make sure we set l3protonum in the tuples./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org2006-03-261-0/+2
|
* Slightly API changes required for the upcoming ipv6 support/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-191-2/+2
|
* o Fixed bugs in UDP and SCTP protocol handlers (parse_proto)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-031-0/+5
| | | | | | | | | o Added the comparison infrastructure for layer-4 protocols o Added libnetfilter_conntrack_[tcp|udp|icmp|sctp].h that contains the protocol flags used by the comparison infrastructure o Added nfct_conntrack_compare to compare two conntracks based on flags o Killed nfct_event_netlink_handler o nfct_event_[conntrack|expect] requires ROOT privileges (reason: netlink multicast) o Bumped version to 0.29
* - get rid of KERNELDIR include/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-141-1/+1
| | | | - have only one place where we specify the includes (Make_global.am)
* add extra 'data' argument to callback functions/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-041-3/+3
|
* o ctnl_test now uses NFCT_ALL_CT_GROUPS/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-11-011-1/+1
|
* Special thanks to Deti Fiegl from the Leibniz Supercomputing Centre in ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-311-1/+13
| | | | | | | | | | | | | Munich, Germany for providing the "fast" hardware to reproduce spurious bugs ;) List of changes: o Replace misleading flag NFCT_ANY_GROUP by NFCT_ALL_GROUPS o Update test file to use NFCT_ALL_GROUPS o Add missing check of CTA_PROTOINFO_TCP that resulted in a segfault in conjuction with events. o Fix ICMP conntracks output o Add missing prototype definition of nfct_default_expect_display_id in libnetfilter_conntrack.h
* o Renamed nfct_[set|unset]_callback to nfct_[register|unregister]_callback/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-281-2/+2
| | | | | | | | | | | | | | | o Added some very brief comments to libnetfilter_conntrack.h o Implemented the conntrack printers API nfct_sprintf_* o Now nfct_default_conntrack_display display the classical /proc output, and nfct_default_conntrack_display the classical + conntrack ids o Use nfnl_talk if there's no data expected from kernel space to be processed, that is the case of nfct_[get|delete]_conntrack o Added some missing memset's zeroing o Code simplification: killed some char *buf where struct nfnlhdr is enough o Killed protocol handler destructors (fini) and nfct_unregister_proto: The library is unloaded if something goes wrong (different library versions), the modules never gets inserted in the proto_list. Fixes a segfault. o Bumped version to 0.2.0
* o new nfct_handler prototype/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-271-7/+39
| | | | | | | | | | | o NFCT_COUNTERS splitted in NFCT_COUNTERS_[ORIG|RPLY] o all global vars are now static o kill nfct_set_handler, it was too much o fixed very stupid bug in counters printing o fixed conntrack getting: invalid netlink flags NLM_F_[ROOT|MATCH] o nfnl_send returns the proper error to the client, instead of returning -1 o some cleanup's: killed the ret, it was useless o test for the conntrack API completed, still missing the expectation test
* o Add conntrack event notification test/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-231-1/+17
| | | | | | o Define NFCT_ANY_GROUP flag o Now callback can return a value to stop receiving events o implement nfct_unset_callback()
* o Fix wrong list initialization of proto_list/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-232-192/+81
| | | | o Added a simple test case, yet incomplete
* - Add missing files: include/libnfnetlink_conntrack/Makefile.am and ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-10-071-0/+3
| | | | | | | | | | | | | | include/Makefile.am. - Rename list_conntrack_handler to callback_handler, IMHO a proper name for such function. - Use new nfnl_open prototype: Now it's got four parameters. - Kill recurrent definition of the structure nfnlhdr: Actually this should go somewhere in libnfnetlink, later. - Ignore utils subdirectory. It contains a testsuite that is currently broken. Yes I know you're aware of it ;) it's on the TODO list. I'll fix later. - ctnl_error now has a nicer definition. - kill some unneeded ctnl_error messages on failure. (Pablo Neira)
* - make ctnl_test compile again (but it still needs to be ported)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-09-231-1/+8
| | | | - document new 3parameter open function
* fix include paths, use correct automake version, add missing Makefile.am/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-09-232-6/+6
|
* fix up include path names/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-301-5/+5
|
* restructuring libctnetlink -> libnfnetlink_conntrack/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-302-0/+196