| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | helper: remove copy and paste from uapi kernel header | Pablo Neira Ayuso | 2016-11-24 | 2 | -1/+134 |
| | | | | | | | | | | Copy and paste of headers is not good, include kernel header that provide the necessary definitions. Cache a copy of nf_conntrack_common.h. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
| * | include: Sync with kernel headers | Felix Janda | 2015-05-21 | 2 | -42/+17 |
| | | | | | | Signed-off-by: Felix Janda <felix.janda@posteo.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
| * | nfct: timeout: add support for default protocol timeout tuning | Pablo Neira Ayuso | 2014-05-13 | 1 | -0/+2 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This new interface supersedes the /proc interface: /proc/sys/net/netfilter/nf_conntrack_PROTO_STATE_timeout to tune default conntrack timeout helpers. # nfct timeout default-get inet tcp .l3proto = 2, .l4proto = 6, .policy = { .SYN_SENT = 120, .SYN_RECV = 60, .ESTABLISHED = 432000, .FIN_WAIT = 120, .CLOSE_WAIT = 60, .LAST_ACK = 30, .TIME_WAIT = 120, .CLOSE = 10, .SYN_SENT2 = 120, .RETRANS = 300, .UNACKNOWLEDGED = 300, }, }; # nfct timeout default-set inet tcp ESTABLISHED 100 As replacement for the existing /proc interfaces for timeout tweaking. This feature requires a Linux kernel >= 3.13. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
| * | conntrackd: cthelper: allow to attach expectations via nfqueue | Pablo Neira Ayuso | 2013-09-26 | 1 | -0/+13 |
| | | | | | | | This requires the Linux kernel 3.12. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
| * | conntrackd: add cthelper infrastructure (+ example FTP helper) | Pablo Neira Ayuso | 2012-08-01 | 3 | -1/+155 |
| | | | | | | | | | | | | | This patch adds the user-space helper infrastructure. It also contains the implementation of the FTP helper in user-space. There's one example file that you can use to configure conntrackd as user-space connection tracking helper under: doc/helper/conntrackd.conf Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
| * | src: integrate nfct into the conntrack-tools tree | Pablo Neira Ayuso | 2012-05-26 | 4 | -0/+210 |
| I'll need for the upcoming cthelper infrastructure. Moreover, we avoid more fragmentation in the netfilter user-space utilities. And the plan is that `nfct' will replace `conntrack' at some point. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | |||||
 |
index : conntrack-tools | |
| conntrack-tools tree | pablo@netfilter.org |
| summaryrefslogtreecommitdiffstats |