summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* build: bump version to 0.9.13conntrack-tools-0.9.13Pablo Neira Ayuso2009-07-171-1/+1
| | | | | | This patch bumps conntrack-tools version to 0.9.13. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: fix English typo in documentationPablo Neira Ayuso2009-07-171-2/+2
| | | | | | | This is an update to commit 575fc906a302599cb9afeb136096dfd96bb57b17. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: fix wrong TCP handling in unused nl_update_conntrack()Pablo Neira Ayuso2009-06-211-1/+1
| | | | | | | | | | | This patch fixes an incorrect use of nfct_get_attr_u32() instead of nfct_get_attr_u8() to obtain the current TCP state. This patch also sets the IP_CT_TCP_FLAG_CLOSE_INIT for states >= TIME_WAIT. The function nl_update_conntrack() is currently unused so this fix does not resolve any pending issue. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: fix memory leak in cache_update_force()Pablo Neira Ayuso2009-06-211-1/+3
| | | | | | | | This patch fixes a memory leak in cache_update_force(). The problem occurs if the object does not exists in the cache and we fail to add it. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: add statistics for enospc errors in queuesPablo Neira Ayuso2009-06-202-2/+6
| | | | | | | This patch adds a new statistic field to count the number of enospc errors while adding new nodes to some queue. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: add statistics about queue node objectsPablo Neira Ayuso2009-06-201-0/+7
| | | | | | This patch adds the statistics for queue node objects. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: add `-s queue' to display queue statisticsPablo Neira Ayuso2009-06-206-2/+37
| | | | | | | | | | | | | | | | | | | | This patch re-introduces `-s queue' but now it displays generic queue statistics. # conntrackd -s queue active queue objects: 0 queue txqueue: current elements: 0 maximum elements: 2147483647 not enough space errors: 0 queue rsqueue: current elements: 72 maximum elements: 128 not enough space errors: 0 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: add the name field to queuesPablo Neira Ayuso2009-06-204-4/+11
| | | | | | | | This patch adds the name field to identify the queue by means of a string. This patch is used by the next one that introduces per-queue statistics. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: rename `-s queue' option by `-s rsqueue'Pablo Neira Ayuso2009-06-204-6/+6
| | | | | | | This patch renames the statistics option that displays the content of the resend queue which is used by the ftfw mode. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: use TLV format for SCTP/DCCP protocol informationPablo Neira Ayuso2009-06-123-64/+39
| | | | | | | | | | | | | | | | | | | In 400ae54438c4b85126f9fab0ae1dc067823b70f7, we added the SCTP support by means of a structure that was encapsulated in an TLV attribute. However, this structure didn't handle alignment and endianess issues appropriately. Similar problem was introduced in b808645ec71b7cc22cf5106b3d79625d07e6077c along with the DCCP support. This patch moves every field of this structure to independent attributes. I decided not to use nesting to make building and parsing more simple. Using TLV is a good idea, specially for DCCP and SCTP that are under development and that may include new fields and obsolete them in the future. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: add support to display statistics on existing child processesPablo Neira Ayuso2009-06-116-1/+37
| | | | | | | | | | This patch adds the ability to dump the list of existing child processes. In general, it would be hard to display one since child processes are generally forked for very specific tasks, like commit and flush operations, and they have very limited lifetime. However, this can be handy for debugging problems. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: use a permanent handler for commit operationsPablo Neira Ayuso2009-06-112-22/+15
| | | | | | | | | This patch adds a dedicated commit handler since there is a possible race condition that can happen if the child process ends before we have received all the event messages that the commit request has triggered. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: use a permanent handler for flush operationsPablo Neira Ayuso2009-06-113-43/+16
| | | | | | | | | | | In 6f5666a29cb7cbff08ce926ee1edb84a311ff6ee, I moved the flush operation into a child process and to use a disposable handler to perform flush requests. This patch adds a dedicated flush handler since there is a possible race condition that can happen if the child process ends before we have received all the event messages that the flush request has triggered. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: allow to limit the number of simultaneous child processesPablo Neira Ayuso2009-06-114-10/+34
| | | | | | | | This patch allows to limit the number of simultaneous child processes. This is required by the next patch that replaces disposable handlers to commit and flush with permanent handlers. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: block signals during the access to the process listPablo Neira Ayuso2009-06-111-1/+9
| | | | | | | A child process may finish while we are walking on the process list. This fixes possible concurrency problems. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: add missing initialization of PID in process infrastructurePablo Neira Ayuso2009-06-111-2/+5
| | | | | | | | In 0374398fd14bf587d80d9d31e361e266e69387c8, I introduced the process infrastructure. However, that patch missed the PID initialization. Without this patch, the process structures are never released. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: remove unused request nfct handlerPablo Neira Ayuso2009-06-102-11/+0
| | | | | | | This patch is a cleanup, it removes an unused nfct handler. This removal is due to recent commits that has obsolete it. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: remove obsolete changelog filePablo Neira Ayuso2009-05-261-649/+0
| | | | | | | | | | Thomas Jarosch doesn't like having out-dated information in the tree. Me neither. However, I didn't notice that this file has been including in every release, it seems that the autostuff magically includes if present. Reported-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: Added "m4" directory to make distThomas Jarosch2009-05-261-1/+1
| | | | | | | | | | Otherwise autoreconf fails like this: aclocal: couldn't open directory `m4': No such file or directory autoreconf: aclocal failed with exit status: 1 Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: remove an unused extern declaration in cache.hPablo Neira Ayuso2009-05-241-1/+0
| | | | | | This patch removes a reminiscent of the lifetime cache feature. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: remove redudant declaration of Port in the parserPablo Neira Ayuso2009-05-241-1/+0
| | | | | | | This patch is a cleanup, it removes a redudant declaration in the parser. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: remove the cache write-through policyPablo Neira Ayuso2009-05-237-92/+5
| | | | | | | | | | | | | | This patch removes the cache write-through clause. This feature remained undocumented although some has found it looking at the source code. This feature has remained in the tree for quite some time although it has several limitations. Moreover, it is specifically broken and dangerous for Linux kernels >= 2.6.29 since it generates loops in the synchronization. We do this removal first to prepare the introduction of a feature to bypass the external cache. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: flush operation use the child process and origin infrastructurePablo Neira Ayuso2009-05-233-3/+55
| | | | | | | | | | | | With this patch, the flush operation is performed by a child process. Thus, the parent process digests destroy events that ctnetlink reports back and, thanks to the origin infrastructure, we skip the messy implicit synchronization that are triggered by such events. This patch requires a Linux kernel >= 2.6.29 to benefit from this change, otherwise it has no effect. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: detect where the events comes fromPablo Neira Ayuso2009-05-2310-34/+157
| | | | | | | | | | Since Linux kernel 2.6.29, ctnetlink reports the changes that have been done using ctnetlink. With this patch, conntrackd can recognize who is the origin of the event messages. For example, this is interesting to avoid a messy implicit bulk send during the commit of entries. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: add child process infrastructurePablo Neira Ayuso2009-05-236-7/+82
| | | | | | | | | | | | | This patch adds a simple infrastructure that allows to account the child processes that have been forked. This also includes a callback handler that can be registered that is called once the child process finishes. We can extended this later to include an alarm to limit the maximum lifetime of a forked child process. This is good to ensure that child processes behave timely. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: use uint16_t instead of uint32_t for uint16_t attributesSamuel Gauthier2009-05-121-1/+1
| | | | | Signed-off-by: Samuel Gauthier <samuel.gauthier@6wind.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* sync: add support for DCCP state replicationPablo Neira Ayuso2009-04-246-0/+33
| | | | | | This patch adds initial support for DCCP state replication. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add DCCP role parameter for conntrack creationPablo Neira Ayuso2009-04-242-39/+57
| | | | | | | This patch adds `--role' parameter for DCCP which is required to create entries. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* sync: add support for SCTP state replicationPablo Neira Ayuso2009-04-186-3/+40
| | | | | | This patch adds initial support for SCTP state replication. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add GRE supportPablo Neira Ayuso2009-04-186-2/+212
| | | | | | | This patch adds GRE support for the command line tool conntrack. With this patch, we support all protocols available in the kernel. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.
* conntrack: fix English typo in output messagePablo Neira Ayuso2009-04-141-9/+9
| | | | | | This patch fixes an English typo in an output message. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: change scheduler and priority via configuration filePablo Neira Ayuso2009-04-148-1/+99
| | | | | | | | With this patch, you can change the scheduler policy and priority for conntrackd. Using a RT scheduler policy reduces the chances to hit ENOBUFS in Netlink. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add DCCP supportPablo Neira Ayuso2009-04-116-2/+252
| | | | | | This patch adds DCCP support for the command line tool conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add SCTP supportPablo Neira Ayuso2009-04-116-5/+275
| | | | | | This patch adds SCTP support to the command line tool conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add UDPlite supportPablo Neira Ayuso2009-04-116-3/+218
| | | | | | This patch adds UDPlite support for the command line tool conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: fix coupled-options sanity checkingsPablo Neira Ayuso2009-04-116-79/+119
| | | | | | | | | | | | This patch extends the generic_opt_check() function to add extra information on the possible option combinations. Under some specific situations, like the creation and getting of a conntrack, you may specify the original or the reply tuple but at least one MUST be present. This handling has been always tricky, it still remains but we're more user friendly at least. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: save one indent in the TCP supportPablo Neira Ayuso2009-04-111-61/+59
| | | | | | This patch saves one extra indent in the switch(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: cleanup error output with `-p tcp --state'Pablo Neira Ayuso2009-04-111-1/+1
| | | | | | | | | | This patch also removes a new line that is not required in the error message. # conntrack -L -p tcp --state CLOS conntrack v0.9.12 (conntrack-tools): Unknown TCP state CLOS > empty line < Try `conntrack -h' or 'conntrack --help' for more information.
* conntrack: remove hardcoded iteration in TCP supportPablo Neira Ayuso2009-04-101-14/+14
| | | | | | | This patch is a cleanup, it removes a hardcoded iteration in the TCP support. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* daemon: remove unused constants in header filePablo Neira Ayuso2009-04-101-6/+0
| | | | | | | This patch removes a couple of constants that have no clients in the conntrackd code. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: bump version to 0.9.12conntrack-tools-0.9.12Pablo Neira Ayuso2009-04-011-1/+1
| | | | | | | This patch bumps conntrack-tools version to 0.9.12 to prepare the release. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* config: cleanup error reporting during config file parsingPablo Neira Ayuso2009-03-311-111/+143
| | | | | | This patch cleans up the error reporting. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: set nice to -20 in example config filesPablo Neira Ayuso2009-03-313-9/+15
| | | | | | | | This patch sets the most favourable nice value for conntrackd in the default configuration files. This is generally a good idea to reduce the chances to hit ENOBUFS. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: remove broken command checking codePablo Neira Ayuso2009-03-311-22/+6
| | | | | | | | | This patch removes the broken command checking. This is better handled by the option checkings which comes just after this one. This patch also fixes some inconsistencies in the command parameter checking when long names are used. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add `-S' command to display kernel statisticsPablo Neira Ayuso2009-03-313-5/+92
| | | | | | | | | This patch adds `-S' command to display kernel statistics. Using raw `cat' on /proc and the hexadecimal output is not very handy. This option parses the /proc entry and display the information is a more human friendly way. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: fix missing bits in `-C' commandPablo Neira Ayuso2009-03-312-1/+6
| | | | | | | | This patch fixes some missing bits for the `-C' conntrack command like the manpage information, the usage help, the `--counters' synonymous and the commands vs. options checking. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* sync-mode: fix broken dedicated-link change in multichannel layerPablo Neira Ayuso2009-03-203-12/+12
| | | | | | | This patch fixes a problem that was introduced while adding the multichannel support. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* config: obsolete `ListenTo' clausePablo Neira Ayuso2009-03-202-26/+2
| | | | | | | This patch obsoletes the `ListenTo' clause which is a reminiscent of the intial event filtering code. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* mcast: remove several unused structure fieldsPablo Neira Ayuso2009-03-203-24/+1
| | | | | | This patch removes several structure fields that are unused. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* udp: fix missing scope_id in the socket creationPablo Neira Ayuso2009-03-206-6/+45
| | | | | | | | | This patch fixes an EINVAL error returned by bind() when opening an UDP server socket to propagate state-changes over the dedicated link. This patch also includes the change of the example configuration files in case that you want to use UDP over IPv6. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>