Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Major rework of the user-space event filtering | Pablo Neira Ayuso | 2008-07-22 | 1 | -4/+0 |
| | | | | | | | | | | This patch reworks the user-space filtering. Although we have kernel-space filtering since Linux kernel >= 2.6.26, we keep userspace filtering to ensure backward compatibility. Moreover, this patch prepares the implementation of the kernel-space filtering via libnetfilter_conntrack's high-level berkeley socket filter API. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | rework the HELLO logic inside FT-FW | Pablo Neira Ayuso | 2008-05-26 | 1 | -1/+3 |
| | |||||
* | add best effort replication protocol (aka NOTRACK) | Pablo Neira Ayuso | 2008-05-25 | 1 | -0/+2 |
| | |||||
* | add eventfd emulation to communicate receiver -> sender | Pablo Neira Ayuso | 2008-05-25 | 1 | -7/+21 |
| | |||||
* | add Mcast[Snd|Rcv]SocketBuffer clauses to tune multicast socket buffers | Pablo Neira Ayuso | 2008-05-20 | 1 | -0/+6 |
| | |||||
* | improve network message sanity checkings | Pablo Neira Ayuso | 2008-05-18 | 1 | -11/+30 |
| | |||||
* | Fix reorder possible reordering of destroy messages under message omission. ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-29 | 1 | -12/+15 |
| | | | | This patch introduces the TimeoutDestroy clause to determine how long a conntrack remains in the internal cache once it has been destroy from the kernel table. | ||||
* | rework of the FT-FW approach | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-26 | 1 | -26/+20 |
| | |||||
* | improve netlink overrun handling | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-04-09 | 1 | -54/+35 |
| | |||||
* | revert relicensing... still we use linux_list.h code which seems to be GPLv2 ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-03-08 | 1 | -1/+1 |
| | | | | only which is incompatible AFAIK | ||||
* | relicense conntrack-tools as GPLv3+, so far the most significant contributor ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-03-08 | 1 | -1/+1 |
| | | | | has been Max Kellermann and has no issues with relicensing their contributions. | ||||
* | compose the file descriptor set at initialization stage to save some cycles | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-02-19 | 1 | -5/+4 |
| | |||||
* | add IPv6 support to conntrackd | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-02-02 | 1 | -2/+0 |
| | |||||
* | remain is size_t instead of ssize_t to remove the cast | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-23 | 1 | -2/+2 |
| | |||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-23 | 1 | -4/+5 |
| | | | | use size_t | ||||
* | missing casting to keep -Werror happy | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-23 | 1 | -1/+1 |
| | |||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-23 | 1 | -0/+5 |
| | | | | | | check if the received packet is large enough Minor changes by the committer | ||||
* | add comment to clarify handle_msg() | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-23 | 1 | -0/+1 |
| | |||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-18 | 1 | -16/+16 |
| | | | | Simplify logging infrastructure | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-17 | 1 | -1/+1 |
| | | | | remove superfluous initialization | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-17 | 1 | -7/+7 |
| | | | | import only required C headers and put local headers on top to check | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-17 | 1 | -0/+3 |
| | | | | fix memory leaks in several error output paths | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -1/+1 |
| | | | | Fix tons of gcc warnings | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -0/+4 |
| | | | | add missing function prototypes | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -11/+12 |
| | | | | fix wrong invocations after prototype cleanup | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -3/+3 |
| | | | | | | the global variable "alarm" conflicts with the alarm() function from unistd.h. resolve that conflict by giving those two global variables a better name. | ||||
* | set up the configuration flags when defaulting | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-14 | 1 | -0/+1 |
| | |||||
* | wake up the daemon iff there are real events to handle instead of polling ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-09 | 1 | -2/+2 |
| | | | | (Based on comments from Max Kellerman) | ||||
* | rename class `buffer' to `queue' which is what it really implements | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-05 | 1 | -1/+0 |
| | |||||
* | obsolete `-S' option: Use information provided by the config file | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-05 | 1 | -3/+7 |
| | |||||
* | o add support for connection logging to the statistics mode via Logfile | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-03 | 1 | -2/+3 |
| | | | | | | o minor irrelevant fixes for uncommon error paths and fix several typos o use LOG_INFO for connection logging, use LOG_NOTICE for other information o minor error handling updates | ||||
* | o Use more appropriate names for the existing synchronization modes: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-12-21 | 1 | -4/+4 |
| | | | | | | o rename `persistent' mode to `alarm' o rename `nack' mode to `ftfw' o Now default synchronization mode is ftfw instead of alarm | ||||
* | Add CacheWriteThrough clause: external cache write through policy. This ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-11-25 | 1 | -5/+17 |
| | | | | feature is particularly useful for active-active setup without connection persistency, ie. you cannot know which firewall would filter a packet that belongs to a connection. | ||||
* | add syslog support and bump version | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-09-12 | 1 | -16/+17 |
| | |||||
* | conntrackd: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-07-18 | 1 | -1/+8 |
| | | | | | | | | | - use buffer of MTU size conntrack: - better protocol argument checkings - fix per-protocol filtering, eg. conntrack -[L|E] -p tcp now works - show per-protocol help, ie. conntrack -h -p tcp - add alias --src for --orig-src and alias --dst for --orig-dst | ||||
* | - conntrack-tools requires libnetfilter_conntrack >= 0.0.81 | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-07-09 | 1 | -63/+89 |
| | | | | | | | | | | | | | - add len field to nethdr - implement buffered send/recv to batch messages - stop using netlink format for network messages: use similar TLV-based format - reduce synchronization messages size up to 60% - introduce periodic alive messages for sync-nack protocol - timeslice alarm implementation: remove alarm pthread, remove locking - simplify debugging functions: use nfct_snprintf instead - remove major use of libnfnetlink functions: use libnetfilter_conntrack API - deprecate conntrackd -F, use conntrack -F instead - major rework of the network infrastructure: much simple, less messy | ||||
* | fork when internal/external dump and commit requests are received | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-25 | 1 | -2/+6 |
| | |||||
* | - more cleanups and code refactorization | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-19 | 1 | -41/+28 |
| | | | | | | - remove several debug calls - create a child to dispatch dump requests: this will help to simplify the current locking schema. Later. | ||||
* | o remove useless backlog parameter in multicast sockets | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-04 | 1 | -60/+44 |
| | | | | | | | | o remove reminiscents of delay destroy message and relax transitions o remove confusing StripNAT parameter: NAT support enabled by default o relax event tracking: *_update callbacks use cache_update_force o use wraparound-aware functions after/before/between o lots of cleanups | ||||
* | add missing ignore_conntrack in the overrun handler | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-05-21 | 1 | -0/+3 |
| | |||||
* | - introduce cache_iterate | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-05-20 | 1 | -3/+82 |
| | | | | | | | | - empty debug_ct function if DEBUG_CT is not set - revisit overrun handler: this is a hard battle, just try to do our best here, call Patrick :) - explicit warning message when netlink_buffer_max_growth is reached - fix silly bug in stats-mode when dumping in XML format - fix UDP handler for conntrack | ||||
* | - remove dead code sync-mode.c | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-05-18 | 1 | -38/+13 |
| | | | | | | | - flush nack queue in the conntrackd -f path - do not increase add_fail counter for EEXIST errors - cleanup sync-nack code - improve mcast_recv_netmsg: sanity check before checksumming! | ||||
* | first step forward to merge conntrackd and conntrack into the same building ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-04-16 | 1 | -0/+416 |
chain |