Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Major rework of the user-space event filtering | Pablo Neira Ayuso | 2008-07-22 | 23 | -532/+807 |
| | | | | | | | | | | This patch reworks the user-space filtering. Although we have kernel-space filtering since Linux kernel >= 2.6.26, we keep userspace filtering to ensure backward compatibility. Moreover, this patch prepares the implementation of the kernel-space filtering via libnetfilter_conntrack's high-level berkeley socket filter API. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | fix xml output: wrap output with one root element | Pablo Neira Ayuso | 2008-06-22 | 2 | -4/+50 |
| | |||||
* | use only the original tuple to check if a conntrack is present | Pablo Neira Ayuso | 2008-06-16 | 1 | -1/+9 |
| | |||||
* | do not include Changelog in tarballs, user git shortlog for changelog instead | Pablo Neira Ayuso | 2008-06-15 | 1 | -1/+1 |
| | |||||
* | fix unsecure usage of printf and include limits.h (PATH_MAX and INT_MAX) | Albin Tonerre | 2008-06-15 | 3 | -1/+3 |
| | |||||
* | check if entries already exist in kernel before injection | Pablo Neira Ayuso | 2008-06-15 | 1 | -15/+24 |
| | |||||
* | delay the closure of the dump descriptor to fix assertion with cache_wtconntrack-tools-0.9.7 | Pablo Neira Ayuso | 2008-05-31 | 2 | -1/+4 |
| | |||||
* | increase deletion stats when the timer is scheduled in cache_del_timeout() | Pablo Neira Ayuso | 2008-05-31 | 1 | -2/+7 |
| | |||||
* | define SO_[RCV|SND]BUFFORCE if not set | Pablo Neira Ayuso | 2008-05-27 | 1 | -0/+8 |
| | |||||
* | fix make distcheck | Pablo Neira Ayuso | 2008-05-27 | 1 | -1/+1 |
| | |||||
* | remove secmark support for conntrackd | Pablo Neira Ayuso | 2008-05-27 | 2 | -3/+0 |
| | |||||
* | fix leak in cache_destroy(): release objects before destroying the cache | Pablo Neira Ayuso | 2008-05-26 | 2 | -0/+2 |
| | |||||
* | rework the HELLO logic inside FT-FW | Pablo Neira Ayuso | 2008-05-26 | 4 | -8/+59 |
| | |||||
* | add best effort replication protocol (aka NOTRACK) | Pablo Neira Ayuso | 2008-05-25 | 14 | -2/+592 |
| | |||||
* | add eventfd emulation to communicate receiver -> sender | Pablo Neira Ayuso | 2008-05-25 | 8 | -9/+117 |
| | |||||
* | add flex version warning (better with >= 2.5.33) | Pablo Neira Ayuso | 2008-05-22 | 2 | -0/+16 |
| | |||||
* | only allow the use of --secmark for listing (filtering) | Pablo Neira Ayuso | 2008-05-22 | 3 | -3/+7 |
| | | | | add missing string.h required by strdup in config parsing | ||||
* | check for missing IPv6 address before hashing | Pablo Neira Ayuso | 2008-05-21 | 1 | -0/+8 |
| | |||||
* | Updates (-U) show the effect of the operation in the conntrack entry | Pablo Neira Ayuso | 2008-05-20 | 1 | -11/+36 |
| | |||||
* | add Mcast[Snd|Rcv]SocketBuffer clauses to tune multicast socket buffers | Pablo Neira Ayuso | 2008-05-20 | 10 | -1/+141 |
| | |||||
* | improve network message sanity checkings | Pablo Neira Ayuso | 2008-05-18 | 6 | -40/+60 |
| | |||||
* | - remove (misleading) counters and use information from the statistics mode | Pablo Neira Ayuso | 2008-05-16 | 4 | -75/+12 |
| | | | | | - use generic nfct_copy() from libnetfilter_conntrack to update objects - use generic nfct_cmp() to compare objects | ||||
* | minor fix of the manpage (Max Wilhelm) | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-05-14 | 2 | -1/+2 |
| | |||||
* | Fix reorder possible reordering of destroy messages under message omission. ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-29 | 10 | -49/+105 |
| | | | | This patch introduces the TimeoutDestroy clause to determine how long a conntrack remains in the internal cache once it has been destroy from the kernel table. | ||||
* | rework of the FT-FW approach | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-26 | 6 | -110/+257 |
| | |||||
* | add more verbose error notification when the injection of a conntrack fails | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-16 | 6 | -13/+35 |
| | |||||
* | minor update of the manpages | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-16 | 2 | -3/+7 |
| | |||||
* | o fix NAT filtering via --src-nat and --dst-nat (reported by K.Oledzki) | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-16 | 9 | -66/+120 |
| | | | | | | o recover the ID support o show display counters to stderr o enable filtering by status and ID | ||||
* | fix conntrack -U -p tcp [...] | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-13 | 6 | -10/+68 |
| | |||||
* | relax parameter checking for UDP and TCP | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-13 | 2 | -2/+2 |
| | |||||
* | check for pkg-config before anything (fix bogus missing libraries failure) | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-13 | 2 | -0/+9 |
| | |||||
* | add initial automated qa testing for the conntrack cli | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-13 | 3 | -0/+102 |
| | |||||
* | This is a major improvement of the conntrack command line tool: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-13 | 3 | -78/+233 |
| | | | | | | | | o check for missing source/address IP/ports in creation and get operations o way more flexible conntrack updates and deletions o fix NAT filtering via --src-nat and --dst-nat (reported by K.Oledzki) o show display counters to stderr o minor cleanups | ||||
* | o simplify parameter-handling code | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-12 | 4 | -267/+157 |
| | | | | | o check for missing source/address IP/ports o minor cleanups | ||||
* | update manpages with the new URL | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-09 | 3 | -2/+4 |
| | |||||
* | improve netlink overrun handling | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-09 | 7 | -75/+111 |
| | |||||
* | fix asymmetric path support (still some open concerns) | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-08 | 4 | -4/+68 |
| | |||||
* | fix compilation in ARM (reported by Thiemo Seufer via Max Kellermann) | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-08 | 1 | -0/+1 |
| | |||||
* | fix minor compilation issue in amd64 with gcc4.3 (reported by Daniel Schepler | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-03-26 | 2 | -1/+2 |
| | | | | via M.Kellermann) | ||||
* | add missing libct_proto_icmpv6.c | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-03-25 | 1 | -0/+129 |
| | |||||
* | Krzysztof Oledzki <ole@ans.pl>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-03-25 | 5 | -4/+12 |
| | | | | | o add ICMPv6 (-p icmpv6) support o add possibility to distinguish between invalid (unknown) and empty proto | ||||
* | Pablo Neira Ayuso <pablo@netfilter.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-03-25 | 4 | -3/+12 |
| | | | | | | | o remove .svn directory from make distcheck tarballs (reported by B.Benjamini) + Krzysztof Oledzki <ole@ans.pl>: o fix minor compilation warning | ||||
* | remove .svn from doc/ in tarballs (reported by Gilad Benjamini) | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-03-09 | 1 | -1/+1 |
| | |||||
* | update changelog with 0.9.6 release datesvn_t_conntrack-tools-0.9.6 | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-03-08 | 1 | -1/+1 |
| | |||||
* | revert relicensing... still we use linux_list.h code which seems to be GPLv2 ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-03-08 | 31 | -654/+319 |
| | | | | only which is incompatible AFAIK | ||||
* | relicense conntrack-tools as GPLv3+, so far the most significant contributor ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-03-08 | 31 | -319/+654 |
| | | | | has been Max Kellermann and has no issues with relicensing their contributions. | ||||
* | cleanup: remove config_set from main(), use config_file variable instead | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-02-22 | 2 | -4/+4 |
| | |||||
* | compose the file descriptor set at initialization stage to save some cycles | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-02-19 | 9 | -21/+120 |
| | |||||
* | From: Max Kellermann <max@duempel.org> | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-02-14 | 6 | -20/+21 |
| | | | | whitespace cleanups | ||||
* | From: Max Kellermann <max@duempel.org> | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-02-14 | 1 | -3/+2 |
| | | | | use list_for_each_entry() |