Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | add more sanity checks in the input path | Pablo Neira Ayuso | 2008-08-01 | 1 | -8/+0 |
| | | | | | | | Some users have reported crashes when nf_conntrack_ipv6 was not present. This patch performs more robust sanity checks in the input path. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | increase deletion stats when the timer is scheduled in cache_del_timeout() | Pablo Neira Ayuso | 2008-05-31 | 1 | -2/+7 |
| | |||||
* | fix leak in cache_destroy(): release objects before destroying the cache | Pablo Neira Ayuso | 2008-05-26 | 1 | -0/+1 |
| | |||||
* | check for missing IPv6 address before hashing | Pablo Neira Ayuso | 2008-05-21 | 1 | -0/+8 |
| | |||||
* | - remove (misleading) counters and use information from the statistics mode | Pablo Neira Ayuso | 2008-05-16 | 1 | -73/+2 |
| | | | | | - use generic nfct_copy() from libnetfilter_conntrack to update objects - use generic nfct_cmp() to compare objects | ||||
* | Fix reorder possible reordering of destroy messages under message omission. ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-29 | 1 | -25/+56 |
| | | | | This patch introduces the TimeoutDestroy clause to determine how long a conntrack remains in the internal cache once it has been destroy from the kernel table. | ||||
* | revert relicensing... still we use linux_list.h code which seems to be GPLv2 ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-03-08 | 1 | -1/+1 |
| | | | | only which is incompatible AFAIK | ||||
* | relicense conntrack-tools as GPLv3+, so far the most significant contributor ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-03-08 | 1 | -1/+1 |
| | | | | has been Max Kellermann and has no issues with relicensing their contributions. | ||||
* | add IPv6 support to conntrackd | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-02-02 | 1 | -40/+67 |
| | |||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-17 | 1 | -2/+4 |
| | | | | import only required C headers and put local headers on top to check | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-17 | 1 | -9/+9 |
| | | | | use C99 integers (uint32_t instead of u_int32_t) | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -13/+15 |
| | | | | Fix tons of gcc warnings | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -1/+1 |
| | | | | use const when possible | ||||
* | - hash lookup speedups based on comments from netdev's discussions | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-12-31 | 1 | -4/+11 |
| | | | | | - minor fix for hash6 in cache.c (however, ipv6 support is still broken - several updates in the TODO file | ||||
* | Add CacheWriteThrough clause: external cache write through policy. This ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-11-25 | 1 | -8/+9 |
| | | | | feature is particularly useful for active-active setup without connection persistency, ie. you cannot know which firewall would filter a packet that belongs to a connection. | ||||
* | - conntrack-tools requires libnetfilter_conntrack >= 0.0.81 | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-07-09 | 1 | -38/+2 |
| | | | | | | | | | | | | | - add len field to nethdr - implement buffered send/recv to batch messages - stop using netlink format for network messages: use similar TLV-based format - reduce synchronization messages size up to 60% - introduce periodic alive messages for sync-nack protocol - timeslice alarm implementation: remove alarm pthread, remove locking - simplify debugging functions: use nfct_snprintf instead - remove major use of libnfnetlink functions: use libnetfilter_conntrack API - deprecate conntrackd -F, use conntrack -F instead - major rework of the network infrastructure: much simple, less messy | ||||
* | - more cleanups and code refactorization | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-19 | 1 | -1/+0 |
| | | | | | | - remove several debug calls - create a child to dispatch dump requests: this will help to simplify the current locking schema. Later. | ||||
* | - introduce cache_iterate | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-05-20 | 1 | -0/+9 |
| | | | | | | | | - empty debug_ct function if DEBUG_CT is not set - revisit overrun handler: this is a hard battle, just try to do our best here, call Patrick :) - explicit warning message when netlink_buffer_max_growth is reached - fix silly bug in stats-mode when dumping in XML format - fix UDP handler for conntrack | ||||
* | - remove dead code sync-mode.c | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-05-18 | 1 | -4/+5 |
| | | | | | | | - flush nack queue in the conntrackd -f path - do not increase add_fail counter for EEXIST errors - cleanup sync-nack code - improve mcast_recv_netmsg: sanity check before checksumming! | ||||
* | first step forward to merge conntrackd and conntrack into the same building ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-04-16 | 1 | -0/+446 |
chain |