Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | filter: check if kernel-space filtering is available | Pablo Neira Ayuso | 2008-09-17 | 1 | -0/+4 |
| | | | | | | | | Check if the Linux kernel is >= 2.6.26, otherwise it does not support kernel-space filtering. This is not clean but we have no choice, the BSF infrastructure does not return ENOTSUPP for unsupported operations. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | cleanup: Linux kernel version checking | Pablo Neira Ayuso | 2008-09-17 | 1 | -6/+1 |
| | | | | | | | Minor cleanup to save a couple of lines in the Linux kernel version checking. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | conntrackd: add -t option to shorten conntrack timeouts | Pablo Neira Ayuso | 2008-08-02 | 1 | -0/+4 |
| | | | | | | | | | | | | | | | | | This patch adds the new option `-t' for conntrackd. This option shortens the value of the timeout for the cached entries that lives in the kernel. This option is particularly useful to remove the zombie established entries that remain in kernel if the user tests the platform by forcing the takeover from one to another node several times. We currently use the value of CommitTimeout which is sane for it. Adding a new option does not seem to add more flexibility IMO. Once we get the patches to notify user changes via ctnetlink and the netlink flag NLM_F_ECHO works, we may directly invoke a massive purge of the entries, however, such solution would still need evaluation. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | fix unsecure usage of printf and include limits.h (PATH_MAX and INT_MAX) | Albin Tonerre | 2008-06-15 | 1 | -0/+1 |
| | |||||
* | revert relicensing... still we use linux_list.h code which seems to be GPLv2 ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-03-08 | 1 | -1/+1 |
| | | | | only which is incompatible AFAIK | ||||
* | relicense conntrack-tools as GPLv3+, so far the most significant contributor ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-03-08 | 1 | -1/+1 |
| | | | | has been Max Kellermann and has no issues with relicensing their contributions. | ||||
* | cleanup: remove config_set from main(), use config_file variable instead | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-02-22 | 1 | -4/+3 |
| | |||||
* | From: Max Kellermann <max@duempel.org> | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-02-14 | 1 | -3/+3 |
| | | | | whitespace cleanups | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-18 | 1 | -2/+2 |
| | | | | Simplify logging infrastructure | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-18 | 1 | -52/+0 |
| | | | | | there is no need to check capabilities - the socket() call will fail a few lines later anyway, producing an error message which is good enough. | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-17 | 1 | -4/+4 |
| | | | | import only required C headers and put local headers on top to check | ||||
* | Max Kellerman <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-17 | 1 | -8/+5 |
| | | | | | | | o always close stdin - even in non-daemon mode, it is of no use o chdir("/") to release the cwd inode o ignore setsid() failure, because there is only one possible and o fix harmless error condition | ||||
* | use umask() to set up file permissions | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -1/+4 |
| | |||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -3/+9 |
| | | | | Fix tons of gcc warnings | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -4/+0 |
| | | | | add missing function prototypes | ||||
* | wake up the daemon iff there are real events to handle instead of polling ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-09 | 1 | -1/+1 |
| | | | | (Based on comments from Max Kellerman) | ||||
* | fix logfiles permissions, do not default to umask | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-05 | 1 | -3/+1 |
| | |||||
* | daemonize conntrackd after initialization | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-05 | 1 | -12/+16 |
| | |||||
* | obsolete `-S' option: Use information provided by the config file | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-05 | 1 | -6/+6 |
| | |||||
* | Ben Lentz <BLentz@channing-bete.com>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-05 | 1 | -1/+8 |
| | | | | Detach daemon from its terminal | ||||
* | o add support for connection logging to the statistics mode via Logfile | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-03 | 1 | -8/+6 |
| | | | | | | o minor irrelevant fixes for uncommon error paths and fix several typos o use LOG_INFO for connection logging, use LOG_NOTICE for other information o minor error handling updates | ||||
* | show error and warning messages to stderr | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-12-24 | 1 | -1/+1 |
| | |||||
* | o Use more appropriate names for the existing synchronization modes: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-12-21 | 1 | -1/+1 |
| | | | | | | o rename `persistent' mode to `alarm' o rename `nack' mode to `ftfw' o Now default synchronization mode is ftfw instead of alarm | ||||
* | add syslog support and bump version | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-09-12 | 1 | -6/+6 |
| | |||||
* | - conntrack-tools requires libnetfilter_conntrack >= 0.0.81 | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-07-09 | 1 | -0/+1 |
| | | | | | | | | | | | | | - add len field to nethdr - implement buffered send/recv to batch messages - stop using netlink format for network messages: use similar TLV-based format - reduce synchronization messages size up to 60% - introduce periodic alive messages for sync-nack protocol - timeslice alarm implementation: remove alarm pthread, remove locking - simplify debugging functions: use nfct_snprintf instead - remove major use of libnfnetlink functions: use libnetfilter_conntrack API - deprecate conntrackd -F, use conntrack -F instead - major rework of the network infrastructure: much simple, less messy | ||||
* | - local requests return EXIT_FAILURE if it can't connect to the daemon | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-13 | 1 | -1/+3 |
| | | | | - several cleanups | ||||
* | first step forward to merge conntrackd and conntrack into the same building ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-04-16 | 1 | -0/+302 |
chain |