summaryrefslogtreecommitdiffstats
path: root/include/conntrack.h
Commit message (Collapse)AuthorAgeFilesLines
* conntrack: add zone supportPablo Neira Ayuso2010-07-051-1/+1
| | | | | | | | This patch adds `--zone' to the command line tool. This adds the missing user-space support for Patrick's McHardy iptables CT target. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add `--any-nat' to filter any NATted flowPablo Neira Ayuso2010-07-011-1/+1
| | | | | | | This patch adds the --any-nat option that allows to display src-NATted OR dst-NATted flows. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: put all the commands and options code togetherPablo Neira Ayuso2010-06-221-142/+1
| | | | | | | | This patch is a cleanup, it puts all the commands and options code together. This makes easier and less error-prone the task to add new commands and options. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add GRE supportPablo Neira Ayuso2009-04-181-0/+1
| | | | | | | This patch adds GRE support for the command line tool conntrack. With this patch, we support all protocols available in the kernel. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.
* conntrack: add DCCP supportPablo Neira Ayuso2009-04-111-0/+1
| | | | | | This patch adds DCCP support for the command line tool conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add SCTP supportPablo Neira Ayuso2009-04-111-3/+1
| | | | | | This patch adds SCTP support to the command line tool conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add UDPlite supportPablo Neira Ayuso2009-04-111-0/+1
| | | | | | This patch adds UDPlite support for the command line tool conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: fix coupled-options sanity checkingsPablo Neira Ayuso2009-04-111-4/+4
| | | | | | | | | | | | This patch extends the generic_opt_check() function to add extra information on the possible option combinations. Under some specific situations, like the creation and getting of a conntrack, you may specify the original or the reply tuple but at least one MUST be present. This handling has been always tricky, it still remains but we're more user friendly at least. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add `-S' command to display kernel statisticsPablo Neira Ayuso2009-03-311-1/+4
| | | | | | | | | This patch adds `-S' command to display kernel statistics. Using raw `cat' on /proc and the hexadecimal output is not very handy. This option parses the /proc entry and display the information is a more human friendly way. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add -C command to display the counterPablo Neira Ayuso2009-01-171-1/+7
| | | | | | | | | | This patch adds the -C command, to display the table counter. In the case of `-C conntrack' the tool reads the proc interface. For expectation, it loops on the table to count the number of entries (as there is not proc interface to display the number of expectations). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: fix filtering for unsupported protocolPablo Neira Ayuso2008-10-041-0/+1
| | | | | | | | | This patch fixes filtering for unsupported protocol. Thus, you can use -L -p 47 or -L -p gre to filter `gre' traffic. Based on an initial patch from Bryan Duff <bduff@astrocorp.com>. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: cleanup XML header handlingPablo Neira Ayuso2008-09-281-6/+0
| | | | | | | This patch removes the use of snprintf and directly print the XML header to the standard output. This simplifies the handling. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* CLI: add new option --buffer-size for -EPablo Neira Ayuso2008-07-291-1/+4
| | | | | | | Add new option --buffer-size for -E to set the netlink socket buffer size. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* fix xml output: wrap output with one root elementPablo Neira Ayuso2008-06-221-0/+6
|
* o fix NAT filtering via --src-nat and --dst-nat (reported by K.Oledzki)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-161-8/+4
| | | | | | o recover the ID support o show display counters to stderr o enable filtering by status and ID
* fix conntrack -U -p tcp [...]/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-131-0/+3
|
* Krzysztof Oledzki <ole@ans.pl>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-251-0/+1
| | | | | o add ICMPv6 (-p icmpv6) support o add possibility to distinguish between invalid (unknown) and empty proto
* Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-171-1/+0
| | | | import only required C headers and put local headers on top to check
* Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-171-1/+2
| | | | use C99 integers (uint32_t instead of u_int32_t)
* Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-151-4/+4
| | | | Fix tons of gcc warnings
* = conntrack =/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-211-1/+4
| | | | | | | | | | | o fix missing `-g' and `-n' options in getopt_long control string o add support for secmark (requires Linux kernel >= 2.6.25) o add mark and secmark information to the manpage o cleanup error message = conntrackd = o add support for secmark (requires Linux kernel >= 2.6.25) o add conntrackd (8) manpage
* conntrackd:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-07-181-8/+20
| | | | | | | | | - use buffer of MTU size conntrack: - better protocol argument checkings - fix per-protocol filtering, eg. conntrack -[L|E] -p tcp now works - show per-protocol help, ie. conntrack -h -p tcp - add alias --src for --orig-src and alias --dst for --orig-dst
* remove dlopen infrastructure: simplification, it was too much for it/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-091-0/+4
|
* o introduce '--output xml,extended,timestamp' option for '-L', '-G' and '-E'/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-071-3/+14
| | | | o several fixes for the output of usage messages
* - add warning note to ctnl_test.c: old API is deprecated/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-061-13/+15
| | | | | | | | - split expect_api_test.c into small example files expect_*.c - introduce alias tags for original tuple attributes - introduce nfexp_sizeof and nfexp_maxsize - build expectation attributes iif they are set - fix l3num setting in expect/build.c
* first step forward to merge conntrackd and conntrack into the same building ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-161-0/+160
| | | | chain
* initial import of the conntrack daemon to Netfilter SVN/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-161-160/+0
|
* [PATCH] fix conntrack compilation (Eric Leblond <eric@inl.fr>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-06-191-0/+4
|
* o Added missing parameters to set the ports of an expectation tuple/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-01-151-0/+1
| | | | o Bumped version to 1.00beta2
* <pablo@netfilter.org>/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-261-1/+4
| | | | | | | | | | | | o add IPv6 support: main change o removed dead code: iptables_insmod and get_modprobe o compact the commands vs. options table o move working vars from the stack to the BSS section o update manpage o Bumped version to 1.0beta1 <yasuyuki.kozakai@toshiba.co.jp> o check address family mismatch o fix incomplete copying IPv6 addresses
* Fixed oversized number of options (Marcus Sundberg)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-11-221-2/+2
|
* some libc's don't have IPPROTO_SCTP yet/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-141-0/+5
|
* See ChangeLog/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-11-061-1/+0
|
* See ChangeLog/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-11-031-12/+107
|
* See ChangeLog/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-11-031-1/+1
|
* See ChangeLog/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-11-011-1/+1
|
* See ChangeLog/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-311-1/+1
|
* See ChangeLog/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-281-2/+1
|
* See ChangeLog/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-271-3/+4
|
* See ChangeLog/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-161-0/+53