Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | add Mcast[Snd|Rcv]SocketBuffer clauses to tune multicast socket buffers | Pablo Neira Ayuso | 2008-05-20 | 1 | -0/+2 | |
| | ||||||
* | improve network message sanity checkings | Pablo Neira Ayuso | 2008-05-18 | 2 | -2/+2 | |
| | ||||||
* | Fix reorder possible reordering of destroy messages under message omission. ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-29 | 3 | -2/+5 | |
| | | | | This patch introduces the TimeoutDestroy clause to determine how long a conntrack remains in the internal cache once it has been destroy from the kernel table. | |||||
* | rework of the FT-FW approach | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-26 | 1 | -15/+23 | |
| | ||||||
* | add more verbose error notification when the injection of a conntrack fails | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-16 | 1 | -1/+1 | |
| | ||||||
* | o fix NAT filtering via --src-nat and --dst-nat (reported by K.Oledzki) | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-16 | 1 | -8/+4 | |
| | | | | | | o recover the ID support o show display counters to stderr o enable filtering by status and ID | |||||
* | fix conntrack -U -p tcp [...] | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-13 | 1 | -0/+3 | |
| | ||||||
* | improve netlink overrun handling | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-09 | 2 | -1/+11 | |
| | ||||||
* | fix asymmetric path support (still some open concerns) | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-08 | 1 | -0/+4 | |
| | ||||||
* | Krzysztof Oledzki <ole@ans.pl>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-03-25 | 1 | -0/+1 | |
| | | | | | o add ICMPv6 (-p icmpv6) support o add possibility to distinguish between invalid (unknown) and empty proto | |||||
* | Pablo Neira Ayuso <pablo@netfilter.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-03-25 | 2 | -2/+2 | |
| | | | | | | | o remove .svn directory from make distcheck tarballs (reported by B.Benjamini) + Krzysztof Oledzki <ole@ans.pl>: o fix minor compilation warning | |||||
* | compose the file descriptor set at initialization stage to save some cycles | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-02-19 | 3 | -2/+20 | |
| | ||||||
* | From: Max Kellermann <max@duempel.org> | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-02-14 | 1 | -2/+2 | |
| | | | | whitespace cleanups | |||||
* | add IPv6 support to conntrackd | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-02-02 | 3 | -4/+6 | |
| | ||||||
* | implement a rb-tree based alarm framework | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-29 | 3 | -15/+173 | |
| | ||||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-23 | 2 | -5/+6 | |
| | | | | use size_t | |||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-23 | 1 | -0/+2 | |
| | | | | introduce alarm_pending() | |||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-23 | 1 | -1/+0 | |
| | | | | remove unused prototype in network.h | |||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-23 | 2 | -4/+9 | |
| | | | | | | added struct local_server, several cleanups in local socket infrastructure This patch include minor changes by the comitter | |||||
* | remove alarm counter | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-22 | 1 | -2/+0 | |
| | ||||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-22 | 1 | -2/+4 | |
| | | | | | | - Pass next_alarm to __run() only if there is an alarm - Eliminate the "timeout" parameter - the alarm functions get_next_alarm_run() and do_alarm_run() return an timeval pointer instead of a boolean | |||||
* | Based on patch from Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-20 | 1 | -10/+1 | |
| | | | | merge mod_alarm() into add_alarm(), remove alarm_set_expiration() | |||||
* | yet another rework of the alarm scheduler | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-18 | 1 | -1/+7 | |
| | ||||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-18 | 4 | -28/+3 | |
| | | | | Simplify logging infrastructure | |||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-17 | 9 | -15/+9 | |
| | | | | import only required C headers and put local headers on top to check | |||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-17 | 2 | -6/+8 | |
| | | | | use size_t for buffer sizes | |||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-17 | 1 | -0/+2 | |
| | | | | add buffer_destroy() to buffer.c | |||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-17 | 8 | -43/+52 | |
| | | | | use C99 integers (uint32_t instead of u_int32_t) | |||||
* | remove unix socket file on exit | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -1/+1 | |
| | ||||||
* | minor constification fixes | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -1/+1 | |
| | | | | update libnfnetlink dependencies | |||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 7 | -12/+16 | |
| | | | | Fix tons of gcc warnings | |||||
* | merge several *_alarm() functions into init_alarm() | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -6/+3 | |
| | ||||||
* | add traffic_stats.h and netlink.h to include/Makefile.am | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -1/+2 | |
| | ||||||
* | Add include/netlink.h and include/traffic_stats.h | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 2 | -0/+31 | |
| | ||||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 4 | -0/+30 | |
| | | | | add missing function prototypes | |||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -4/+4 | |
| | | | | use the comma operator instead of curly braces | |||||
* | constify queue_iterate() | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -1/+1 | |
| | ||||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -1/+1 | |
| | | | | remove prefetch from slist.h since it confuses gcc | |||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 4 | -4/+4 | |
| | | | | use const when possible | |||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -2/+2 | |
| | | | | | | the global variable "alarm" conflicts with the alarm() function from unistd.h. resolve that conflict by giving those two global variables a better name. | |||||
* | improve alarm framework based on suggestions from Max Duempel | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-14 | 1 | -0/+7 | |
| | ||||||
* | wake up the daemon iff there are real events to handle instead of polling ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-09 | 5 | -21/+4 | |
| | | | | (Based on comments from Max Kellerman) | |||||
* | fix make distcheck | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-07 | 1 | -1/+1 | |
| | ||||||
* | implement buffered connection logging to improve performance | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-05 | 3 | -1/+28 | |
| | ||||||
* | rename class `buffer' to `queue' which is what it really implements | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-05 | 3 | -32/+32 | |
| | ||||||
* | obsolete `-S' option: Use information provided by the config file | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-05 | 1 | -2/+4 | |
| | ||||||
* | o add support for connection logging to the statistics mode via Logfile | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-03 | 2 | -4/+9 | |
| | | | | | | o minor irrelevant fixes for uncommon error paths and fix several typos o use LOG_INFO for connection logging, use LOG_NOTICE for other information o minor error handling updates | |||||
* | o Use more appropriate names for the existing synchronization modes: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-12-21 | 2 | -7/+7 | |
| | | | | | | o rename `persistent' mode to `alarm' o rename `nack' mode to `ftfw' o Now default synchronization mode is ftfw instead of alarm | |||||
* | = conntrack = | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-12-21 | 1 | -1/+4 | |
| | | | | | | | | | | | o fix missing `-g' and `-n' options in getopt_long control string o add support for secmark (requires Linux kernel >= 2.6.25) o add mark and secmark information to the manpage o cleanup error message = conntrackd = o add support for secmark (requires Linux kernel >= 2.6.25) o add conntrackd (8) manpage | |||||
* | Add CacheWriteThrough clause: external cache write through policy. This ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-11-25 | 2 | -0/+5 | |
| | | | | feature is particularly useful for active-active setup without connection persistency, ie. you cannot know which firewall would filter a packet that belongs to a connection. |