summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* conntrack: add support for chaintoolong stat counterHEADmasterFlorian Westphal9 days1-3/+4
| | | | | | | | | | | | | | | | | While at it, also fix up commit 5ec55c2a0a264 ("conntrack: add support for CLASH_RESOLVED counter"). The intention was to also print unknown statistic counters provided the attributes are of type u32, but mnl_attr_type_valid() needs the correct max-attr number for this to work. With this fix in place, conntrack -S shows: cpu=3 found=0 inv[..] clash_resolve=0 unknown1=8200 on a modified kernel. Signed-off-by: Florian Westphal <fw@strlen.de>
* tests/conntrack: script for stress-testing ct loadMikhail Sennikovsky12 days1-0/+163
| | | | | | | | | | The tests/conntrack/bulk-load-stress.sh is intended to be used for stress-testing the bulk load of ct entries from a file (-R option). Script usage detail is given by the ./bulk-load-stress.sh -h Signed-off-by: Mikhail Sennikovsky <mikhail.sennikovskii@ionos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add shorthand mnemonic for UNREPLIEDFlorian Westphal2021-08-051-0/+12
| | | | | | | | | conntrack tool prints [UNREPLIED] if a conntrack entry lacks the SEEN_REPLY bit. Accept this as '-u' argument too. If requested, mask is set to SEEN_REPLY and value remains 0 (bit not set). Signed-off-by: Florian Westphal <fw@strlen.de>
* conntrack: enable kernel-based status filtering with -L -u STATUSFlorian Westphal2021-08-051-4/+55
| | | | | | | | | This change is backwards compatible: Old kernels do not recognize CTA_STATUS_MASK attribute and will ignore it (no filtering in kernel). Signed-off-by: Florian Westphal <fw@strlen.de>
* conntrackd: cthelper: fix overlapping queue numbers in example filePablo Neira Ayuso2021-05-281-4/+4
| | | | | | | Userspace helpers cannot have overlapping queue number, update the example file to fix the existing overlap. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: manual: Document userspace helper configuration at daemon startupPablo Neira Ayuso2021-05-281-21/+21
| | | | | | Describe how to configure conntrackd using the new simple setup approach. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: cthelper: Set up userspace helpers when daemon startsPablo Neira Ayuso2021-05-285-3/+30
| | | | | | | Add a new setting to allow conntrackd to autoconfigure the userspace helpers at startup. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: fix endianness bug in IPv4 and IPv6 addressPablo Neira Ayuso2021-05-032-13/+28
| | | | | | | | Add ct_parse_be32() and ct_parse_be128() and use them to deal with an IP address which is already in network byte order. Reported-by: Tao Gong <gongtao0607@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: conntrack -L/-D ip family filteringMikhail Sennikovsky2021-05-031-1/+71
| | | | | | | | | | | | | Tests to cover conntrack -L and conntrack -D with and w/o family (-f) specfied. conntrack -L and contnrack -D shold list/delete both IPv4 and IPv6 entries if no family is specified, and should ony display the corresponding entries if the family is given. Signed-off-by: Mikhail Sennikovsky <mikhail.sennikovskii@cloud.ionos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: saving and loading ct entries, save formatMikhail Sennikovsky2021-05-033-12/+229
| | | | | Signed-off-by: Mikhail Sennikovsky <mikhail.sennikovskii@cloud.ionos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack.8: man update for --load-file supportMikhail Sennikovsky2021-05-031-0/+8
| | | | | Signed-off-by: Mikhail Sennikovsky <mikhail.sennikovskii@cloud.ionos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: accept commands from fileMikhail Sennikovsky2021-05-031-6/+219
| | | | | | | | | | | | | | | | | | | | | | | | | | This commit implements the --load-file option which allows processing conntrack commands stored in file. Most often this would be used as a counter-part for the -o save option, which outputs conntrack entries in the format of the conntrack tool options. This could be useful when one needs to add/update/delete a large set of ct entries with a single conntrack tool invocation. This patch introduces a ct_cmd_list, which represents a list of ct_cmd elements. Expected syntax is "conntrack --load-file file". If "-" is given as a file name, stdin is used. No other commands or options are allowed to be specified in conjunction with the --load-file command. It is however possible to specify multiple --load-file file pairs. Example: Copy all entries from ct zone 11 to ct zone 12: conntrack -L -w 11 -o save | sed "s/-w 11/-w 12/g" | \ conntrack --load-file - Joint work with Pablo. Signed-off-by: Mikhail Sennikovsky <mikhail.sennikovskii@ionos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: release options after parsingPablo Neira Ayuso2021-05-031-1/+2
| | | | | | | | | | | | | | | Fix memleak in parser: ==8445== 3,808 bytes in 2 blocks are definitely lost in loss record 6 of 6 ==8445== at 0x483577F: malloc (vg_replace_malloc.c:299) ==8445== by 0x112636: merge_options (conntrack.c:1056) ==8445== by 0x112636: do_parse (conntrack.c:2903) ==8445== by 0x11343E: ct_file_parse_line (conntrack.c:3672) ==8445== by 0x11343E: ct_parse_file (conntrack.c:3693) ==8445== by 0x10D819: main (conntrack.c:3750) Fixes: 8f76d6360dbf ("conntrack: add struct ct_cmd") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add function to print command statsPablo Neira Ayuso2021-03-151-8/+17
| | | | | | Wrap code to display command stats in a function. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: move options flag to ct_cmd objectPablo Neira Ayuso2021-03-151-48/+59
| | | | | | Prepare for the batch support. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: pass cmd to filter nat, mark and network functionsPablo Neira Ayuso2021-03-151-10/+11
| | | | | | | Pass the command object to the nat, mark and IP address userspace filters. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: pass cmd to nfct_filter()Pablo Neira Ayuso2021-03-151-10/+9
| | | | | | Pass the command object to the userspace filter routine. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: pass ct_cmd to nfct_filter_init()Pablo Neira Ayuso2021-03-151-6/+8
| | | | | | Pass command object to initialize the userspace filter. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: pass command object to callbacksPablo Neira Ayuso2021-03-151-23/+27
| | | | | | | | | Pass the command object to prepare for batch support. Move ct_cmd structure definition right at the top of file otherwise compilation breaks. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: conntrackd: silence sysctlArturo Borrero Gonzalez2021-03-121-1/+1
| | | | | | | We are not interested in sysctl echoing the value it just set. Acked-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
* tests: conntrackd: add testcase for missing hashtable buckets and max entriesArturo Borrero Gonzalez2021-03-102-0/+36
| | | | | | | | This test case covers missing hashtable buckets and max entries configuration options. There should be a value for them, otherwise the daemon segfaults. Acked-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
* conntrackd: set default hashtable buckets and max entries if not specifiedPablo Neira Ayuso2021-03-081-0/+6
| | | | | | | | | | | Fall back to 65536 buckets and 262144 entries. It would be probably good to add code to autoadjust by reading /proc/sys/net/netfilter/nf_conntrack_buckets and /proc/sys/net/nf_conntrack_max. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1491 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: conntrackd: move basic netns scenario setup to shell scriptPablo Neira Ayuso2021-02-032-27/+61
| | | | | | | | | This allows for running the script away from the test infrastructure, which is convenient when developing new tests. This also allows for reusing the same netns setup from new tests. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
* tests: introduce replicating scenario and simple icmp test caseArturo Borrero Gonzalez2021-02-012-0/+112
| | | | | | | | | | | | | | | | | | | | | | | | | | | This patch introduces a new scenario with a virtual network layout that was previously designed by Pablo (see commit 7f1fb5dad90f04caa94f4fcefd1340aeb2c2f0e3). The scenario is called 'basic_2_peer_network_tcp_notrack' and can be used to test conntrack entry replication in TCP/NOTRACK mode with both caches disables. In this mode entry syncronization should happen basically in the same instant the event is produced. The testcase is very simple, but works really well: * send 1 ping to a network peer across the router * verify the conntrack entry has been replicated to the stand-by router === 8< === $ cd tests ; sudo ./conntrackd-tests.py --single tcp_notrack_replicate_icmp [conntrackd-tests.py] INFO: --- running test: tcp_notrack_replicate_icmp [conntrackd-tests.py] INFO: --- passed test: tcp_notrack_replicate_icmp [conntrackd-tests.py] INFO: --- [conntrackd-tests.py] INFO: --- finished [conntrackd-tests.py] INFO: --- passed tests: 1 [conntrackd-tests.py] INFO: --- failed tests: 0 [conntrackd-tests.py] INFO: --- scenario failure: 0 [conntrackd-tests.py] INFO: --- total tests: 1 === 8< === Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
* tests: introduce some basic testcases for the new conntrack-tools testing ↵Arturo Borrero Gonzalez2021-02-013-0/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | framework Introduce some initial basic testcases for configuration parsing and standard daemon startup and shutdown routines. This should give an example of how the framework works. Here is an example of running this: === 8< === $ cd tests/conntrackd ; sudo ./conntrackd-tests.py [conntrackd-tests.py] INFO: --- running test: stats_general [conntrackd-tests.py] INFO: --- passed test: stats_general [conntrackd-tests.py] INFO: --- running test: stats_network [conntrackd-tests.py] INFO: --- passed test: stats_network [conntrackd-tests.py] INFO: --- running test: stats_runtime [conntrackd-tests.py] INFO: --- passed test: stats_runtime [conntrackd-tests.py] INFO: --- running test: stats_process [conntrackd-tests.py] INFO: --- passed test: stats_process [conntrackd-tests.py] INFO: --- running test: stats_queue [conntrackd-tests.py] INFO: --- passed test: stats_queue [conntrackd-tests.py] INFO: --- running test: stats_ct [conntrackd-tests.py] INFO: --- passed test: stats_ct [conntrackd-tests.py] INFO: --- running test: stats_expect [conntrackd-tests.py] INFO: --- passed test: stats_expect [conntrackd-tests.py] INFO: --- [conntrackd-tests.py] INFO: --- finished [conntrackd-tests.py] INFO: --- passed tests: 7 [conntrackd-tests.py] INFO: --- failed tests: 0 [conntrackd-tests.py] INFO: --- scenario failure: 0 [conntrackd-tests.py] INFO: --- total tests: 7 === 8< === Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
* tests: introduce new python-based framework for running testsArturo Borrero Gonzalez2021-02-011-0/+263
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This test suite should help us develop better tests for conntrack-tools in general and conntrackd in particular. The framework is composed of a runner script, written in python3, and 3 yaml files for configuration and testcase definition: - scenarios.yaml: contains information on network scenarios for tests to use - tests.yaml: contains testcase definition - env.yaml: contains default values for environment variables The test cases can be anything, from a simple command to an external script call to perform more complex operations. See follow-up patches to know more on how this works. The plan is to replace or call from this framework the other testsuites in this tree. The runner script is rather simple, and it should be more or less straight forward to use it. On Debian machines, it requires the *python3-yaml* package to be installed as a dependency. For reference, here are the script options: === 8< === $ tests/conntrackd/conntrackd-tests.py --help usage: conntrackd-tests.py [-h] [--tests-file TESTS_FILE] [--scenarios-file SCENARIOS_FILE] [--env-file ENV_FILE] [--single SINGLE] [--start-scenario START_SCENARIO] [--stop-scenario STOP_SCENARIO] [--debug] Utility to run tests for conntrack-tools optional arguments: -h, --help show this help message and exit --tests-file TESTS_FILE File with testcase definitions. Defaults to 'tests.yaml' --scenarios-file SCENARIOS_FILE File with configuration scenarios for tests. Defaults to 'scenarios.yaml' --env-file ENV_FILE File with environment variables for scenarios/tests. Defaults to 'env.yaml' --single SINGLE Execute a single testcase and exit. Use this for developing testcases --start-scenario START_SCENARIO Execute scenario start commands and exit. Use this for developing testcases --stop-scenario STOP_SCENARIO Execute scenario stop commands and exit. Use this for cleanup --debug debug mode === 8< === To run it, simply use: === 8< === $ cd tests/conntrackd/ ; sudo ./conntrackd-tests.py [..] === 8< === Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
* conntrackd: introduce yes & no config valuesArturo Borrero Gonzalez2021-02-012-57/+61
| | | | | | They are equivalent of 'on' and 'off' and makes the config easier to understand. Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
* conntrack: add do_command_ct()Pablo Neira Ayuso2021-01-141-20/+24
| | | | | | Wrap the code to run the command around the do_command_ct() function. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add struct ct_tmplPablo Neira Ayuso2021-01-141-110/+121
| | | | | | | | | | | | | | Remove the global template object, add it to struct ct_cmd. This patch prepares for the batch support. The global cur_tmpl pointer is used to access the template from the callbacks and the exit_error() path. Note that it should be possible to remove this global cur_tmpl pointer by passing the new command object as parameter to the callbacks and exit_error(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add struct ct_cmdPablo Neira Ayuso2021-01-141-49/+76
| | | | | | | This new object stores the result of the command parser, this prepares for batch support. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: add ip netns test scriptPablo Neira Ayuso2020-12-274-0/+146
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds a script that creates a ip netns testbed. The network topology looks like this: veth0---veth0 host nsr1 ns2 veth0----veth0 ns1 veth2 | veth0 nsr2 * ns1 and ns2 are clients to generate traffic * nsr1 and nsr2 run conntrackd to synchronize states * nsr1 is the primary gateway - veth2 is used to synchronize states * nsr2 is the backup gateway - veth0 is used to synchronize states To set up the testbed: % sudo ./conntrackd-netns-test.sh start To test your testbed works, from ns2: % sudo ip netns exec ns2 nc -l -p 8080 From ns1: % sudo ip netns exec ns1 nc -vvv 10.0.1.2 8080 From nsr1: % sudo ip netns exec nsr1 conntrackd -s -C conntrackd-nsr1.conf cache internal: current active connections: 1 [...] cache external: current active connections: 0 From nsr2: % sudo ip netns exec nsr1 conntrackd -s -C conntrackd-nsr2.conf cache internal: current active connections: 0 [...] cache external: current active connections: 1 To stop it: % sudo ./conntrackd-netns-test.sh stop Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: pretty-print the portidFlorian Westphal2020-12-171-7/+172
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | DESTROY events already include the portid. Add some /proc glue to lookup the portid. Problem is that there is no direct mapping to a name. Lookup steps are: 1. Obtain the portid inode from /proc/net/netlink. If we can't even find that, no luck. 2. assume portid == pid and search /proc/portid/fd/ for a socket with matching inode. This is modeled on iproute2 ss tool. If /proc/portid/fd/ comes up empty, entire process space (/proc/*/fd) is searched for a matching inode. As this is quite some work, cache the last portid result (including 'not found', so that 'conntrack -F' generating 10000k events will do this lookup only once. The lookup won't work in case the deleting/flushing program has already exited; in that case [USERSPACE] tag and portid are still included. Example: $ conntrack -E -o userspace [DESTROY] tcp 6 src=192... dst=192... sport=4404 dport=22 ... [USERSPACE] portid=5146 progname=conntrack Signed-off-by: Florian Westphal <fw@strlen.de>
* conntrackd: external_inject: report inject issues as warningArturo Borrero Gonzalez2020-12-081-9/+19
| | | | | | | | | | | | | | | | | | | | | | | In busy firewalls that run conntrackd in NOTRACK with both internal and external caches disabled, external_inject can get lots of traffic. In case of issues injecting or updating conntrack entries a log entry will be generated, the infamous inject-addX, inject-updX messages. But there is nothing end users can do about this error message, which is purely internal. This patch is basically cosmetic, relaxing the message from ERROR to WARNING. The information reported is also extended a bit. The idea is to leave ERROR messages to issues that would *stop* or *prevent* conntrackd from working at all. Another nice thing to do in the future is to rate-limit this message, which is generated in the data path and can easily fill log files. But ideally, the actual root cause would be fixed, and there would be no WARNING message reported at all, meaning that all conntrack entries are smoothly synced between the firewalls in the cluster. We can work on that later. Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* .gitignore: add nano swap fileArturo Borrero Gonzalez2020-12-081-0/+2
| | | | | | | Ignore the nano swap file. Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack.8: man update for opts format supportMikhail Sennikovsky2020-11-021-1/+4
| | | | | Signed-off-by: Mikhail Sennikovsky <mikhail.sennikovskii@cloud.ionos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: implement save output formatMikhail Sennikovsky2020-11-0210-4/+391
| | | | | | | | | | | | | | | This commit allows dumping conntrack entries in the format used by the conntrack parameters, aka "save" output format. This is useful for saving ct entry data to allow applying it later on. To enable the "save" output the "-o save" parameter needs to be passed to the conntrack tool invocation. [ pablo@netfilter.org: several updates to the original patch ] Signed-off-by: Mikhail Sennikovsky <mikhail.sennikovskii@cloud.ionos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: allow to flush per familyPablo Neira Ayuso2020-10-291-2/+2
| | | | | | | | This allows users to flush IPv4 entries only through: conntrack -F -f ipv4 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: allow to filter event by familyPablo Neira Ayuso2020-10-281-2/+5
| | | | | | | | This patch allows you to filter event through -f, e.g. conntrack -E -f ipv4 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: default to unspec family for dualstack setupsPablo Neira Ayuso2020-10-273-3/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 2bcbae4c14b2 ("conntrack: -f family filter does not work") restored the fallback to IPv4 if -f is not specified, which was the original behaviour. This patch modifies the default to use the unspec family if -f is not specified for the following ct commands: - list - update - delete - get (these two commands below do not support for -f though, but in case this is extended in the future to support it): - flush - event The existing code that parses IPv4 and IPv6 addresses already infers the family, which simplifies the introduction of this update. The expect commands are not updated, they still require many mandatory options for filtering. This patch includes a few test updates too. Based on patch from Mikhail Sennikovsky. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: fix zone sync issueYi Yang2020-10-203-0/+9
| | | | | | | | | In some use cases, zone is used to differentiate different conntrack state tables, so zone also should be synchronized if it is set. Signed-off-by: Yi Yang <yangyi01@inspur.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: fix icmp entry creationMikhail Sennikovsky2020-10-132-0/+12
| | | | | | | | | | | | | | | Creating icmp ct entry with command like conntrack -I -t 29 -u SEEN_REPLY -s 1.1.1.1 -d 2.2.2.2 -r 2.2.2.2 \ -q 1.1.1.1 -p icmp --icmp-type 8 --icmp-code 0 --icmp-id 1226 results in nfct_query( NFCT_Q_CREATE ) request would fail because reply L4 proto is not set while having reply data specified Set reply L4 proto when reply data is given for the icmp ct entry Signed-off-by: Mikhail Sennikovsky <mikhail.sennikovskii@cloud.ionos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: icmp entry create/deleteMikhail Sennikovsky2020-10-131-0/+4
| | | | | | | Add test to cover icmp entry creation/deletion with conntrack Signed-off-by: Mikhail Sennikovsky <mikhail.sennikovskii@cloud.ionos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add support for CLASH_RESOLVED counterFlorian Westphal2020-08-251-3/+14
| | | | | | | | | | While at it, also allow to display up to 4 counters that are sent by kernel but that we do not know. This is useful to list counters that a new kernel supports with and older release of conntrack-tools. Signed-off-by: Florian Westphal <fw@strlen.de>
* doc: manual: general documentation revampPablo Neira Ayuso2020-06-071-81/+91
| | | | | | A quick revamp on the conntrack-tools manual which is aging a bit. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: manual: refer to nf_conntrack sysctlPablo Neira Ayuso2020-06-071-6/+5
| | | | | | | ip_conntrack sysctl entries are very old and available for backward compatibility reasons. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: manual: fix conntrack examplesPablo Neira Ayuso2020-06-071-14/+14
| | | | | | | | | > (1) The mark in the command line is '10', not '1'. > (2) The dport in the example is '993', not '3486' and not '34846'. ... text says "has been deleted"; but conntrack prints "have been deleted" Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add a few more testsPablo Neira Ayuso2020-05-282-0/+22
| | | | | | Extend testsuite with a few more tests. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add support for the IPS_HW_OFFLOAD flagPablo Neira Ayuso2020-04-282-4/+18
| | | | | | | This patch adds support for the IPS_HW_OFFLOAD flag which specifies that this conntrack entry has been offloaded into the hardware. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack-tools 1.4.6 releaseconntrack-tools-1.4.6Pablo Neira Ayuso2020-04-011-2/+2
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* helpers: Fix for warning when compiling against libtirpcPhil Sutter2019-11-121-3/+4
| | | | | | | | | | | | | | | | | Fix for the following warning: In file included from rpc.c:29: /usr/include/tirpc/rpc/rpc_msg.h:214:52: warning: 'struct rpc_err' declared inside parameter list will not be visible outside of this definition or declaration 214 | extern void _seterr_reply(struct rpc_msg *, struct rpc_err *); | ^~~~~~~ Struct rpc_err is declared in rpc/clnt.h which also declares rpc_call(), therefore rename the local version. Fixes: 5ededc4476f27 ("conntrackd: search for RPC headers") Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>