Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 5 | -20/+19 |
| | | | | fix shadow warnings by renaming variables or making them local | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -9/+9 |
| | | | | | | yacc generates a function with a return value, and the conntrackd code uses "return;" to ignore a value. this is not legal. convert all of these to "break;" which might be what the author intended to do. | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 5 | -6/+6 |
| | | | | use const when possible | ||||
* | Max Kellermann <max@duempel.org> | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 3 | -27/+12 |
| | | | | Use list_for_each_entry() instead of list_for_each() | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 1 | -0/+3 |
| | | | | enable gcc warnings, including -Werror | ||||
* | Max Kellermann <max@duempel.org>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-15 | 3 | -5/+5 |
| | | | | | | the global variable "alarm" conflicts with the alarm() function from unistd.h. resolve that conflict by giving those two global variables a better name. | ||||
* | fix broken next alarm calculation in the run loop | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-14 | 1 | -1/+2 |
| | |||||
* | fix overflow in usecs in mod_alarm() | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-14 | 1 | -1/+1 |
| | |||||
* | make sure add_alarm() and mod_alarm() insert sorted by due time | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-14 | 1 | -2/+18 |
| | |||||
* | improve alarm framework based on suggestions from Max Duempel | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-14 | 5 | -29/+35 |
| | |||||
* | set up the configuration flags when defaulting | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-14 | 2 | -0/+2 |
| | |||||
* | add support for `conntrack -E -o xml,timestamp' | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-13 | 1 | -5/+8 |
| | |||||
* | add support for tagged vlan interfaces in the config file, e.g. eth0.1 | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-11 | 1 | -1/+1 |
| | |||||
* | fix buffer flush before exiting | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-11 | 1 | -1/+1 |
| | |||||
* | fix statistics mode CPU sucks up (broken with 7178) | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-09 | 1 | -2/+6 |
| | |||||
* | wake up the daemon iff there are real events to handle instead of polling ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-09 | 9 | -187/+98 |
| | | | | (Based on comments from Max Kellerman) | ||||
* | fix segfaul in the exit path for the statistics mode (introduced in r7175) | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-07 | 3 | -5/+8 |
| | |||||
* | fix logfiles permissions, do not default to umask | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-05 | 2 | -9/+33 |
| | |||||
* | implement buffered connection logging to improve performance | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-05 | 6 | -6/+112 |
| | |||||
* | rename class `buffer' to `queue' which is what it really implements | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-05 | 5 | -53/+52 |
| | |||||
* | daemonize conntrackd after initialization | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-05 | 1 | -12/+16 |
| | |||||
* | obsolete `-S' option: Use information provided by the config file | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-05 | 4 | -26/+42 |
| | |||||
* | Ben Lentz <BLentz@channing-bete.com>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-05 | 1 | -1/+8 |
| | | | | Detach daemon from its terminal | ||||
* | Ben Lentz <BLentz@channing-bete.com>: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-05 | 1 | -5/+6 |
| | | | | | | | Fix the crash when stats LogFile is off and stats Syslog is on -Esta línea y las que están debajo serán ignoradas-- M conntrack-tools/src/log.c | ||||
* | o add support for connection logging to the statistics mode via Logfile | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2008-01-03 | 10 | -50/+154 |
| | | | | | | o minor irrelevant fixes for uncommon error paths and fix several typos o use LOG_INFO for connection logging, use LOG_NOTICE for other information o minor error handling updates | ||||
* | - hash lookup speedups based on comments from netdev's discussions | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-12-31 | 1 | -4/+11 |
| | | | | | - minor fix for hash6 in cache.c (however, ipv6 support is still broken - several updates in the TODO file | ||||
* | show error and warning messages to stderr | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-12-24 | 4 | -19/+21 |
| | |||||
* | o add support for related conntracks (requires Linux kernel >= 2.6.22) | Ayuso/emailAddress=pablo@netfilter.org | 2007-12-23 | 3 | -10/+30 |
| | | | | o update leftover references to `persistent' and `nack' modes | ||||
* | fix minor typo in warning message | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-12-21 | 1 | -4/+4 |
| | |||||
* | o Use more appropriate names for the existing synchronization modes: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-12-21 | 7 | -56/+66 |
| | | | | | | o rename `persistent' mode to `alarm' o rename `nack' mode to `ftfw' o Now default synchronization mode is ftfw instead of alarm | ||||
* | raise ignorepoll limit from 1024 to INT_MAX | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-12-21 | 1 | -2/+3 |
| | |||||
* | = conntrack = | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-12-21 | 3 | -23/+35 |
| | | | | | | | | | | | o fix missing `-g' and `-n' options in getopt_long control string o add support for secmark (requires Linux kernel >= 2.6.25) o add mark and secmark information to the manpage o cleanup error message = conntrackd = o add support for secmark (requires Linux kernel >= 2.6.25) o add conntrackd (8) manpage | ||||
* | Add CacheWriteThrough clause: external cache write through policy. This ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-11-25 | 8 | -35/+125 |
| | | | | feature is particularly useful for active-active setup without connection persistency, ie. you cannot know which firewall would filter a packet that belongs to a connection. | ||||
* | add syslog support and bump version | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-09-12 | 10 | -80/+176 |
| | |||||
* | Remove window tracking disabling limitation (requires Linux kernel >= 2.6.22) | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-09-12 | 1 | -4/+9 |
| | |||||
* | conntrack-tools compilation problem (K.Kovacs) | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-08-06 | 1 | -1/+2 |
| | |||||
* | fix NAT in changes committed in r6904 | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-07-19 | 1 | -19/+30 |
| | |||||
* | - simplify cache_flush function: use cache_del() | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-07-19 | 1 | -12/+1 |
| | |||||
* | minor fix in the last commit: check conf->mtu instead of mtu that is < 0 | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-07-19 | 1 | -1/+1 |
| | |||||
* | conntrackd: | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-07-18 | 6 | -68/+107 |
| | | | | | | | | | - use buffer of MTU size conntrack: - better protocol argument checkings - fix per-protocol filtering, eg. conntrack -[L|E] -p tcp now works - show per-protocol help, ie. conntrack -h -p tcp - add alias --src for --orig-src and alias --dst for --orig-dst | ||||
* | - conntrack-tools requires libnetfilter_conntrack >= 0.0.81 | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-07-09 | 21 | -721/+744 |
| | | | | | | | | | | | | | - add len field to nethdr - implement buffered send/recv to batch messages - stop using netlink format for network messages: use similar TLV-based format - reduce synchronization messages size up to 60% - introduce periodic alive messages for sync-nack protocol - timeslice alarm implementation: remove alarm pthread, remove locking - simplify debugging functions: use nfct_snprintf instead - remove major use of libnfnetlink functions: use libnetfilter_conntrack API - deprecate conntrackd -F, use conntrack -F instead - major rework of the network infrastructure: much simple, less messy | ||||
* | fork when internal/external dump and commit requests are received | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-25 | 2 | -6/+8 |
| | |||||
* | - more cleanups and code refactorization | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-19 | 10 | -159/+139 |
| | | | | | | - remove several debug calls - create a child to dispatch dump requests: this will help to simplify the current locking schema. Later. | ||||
* | - local requests return EXIT_FAILURE if it can't connect to the daemon | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-13 | 3 | -65/+25 |
| | | | | - several cleanups | ||||
* | remove dlopen infrastructure: simplification, it was too much for it | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-09 | 2 | -17/+5 |
| | |||||
* | - add support for `-L --src-nat' and `-L --dst-nat' to show natted connections | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-09 | 1 | -4/+32 |
| | | | | - update conntrack(8) manpage | ||||
* | commit phase: if conntrack exists, update it | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-07 | 1 | -1/+1 |
| | |||||
* | o use NFCT_SOPT_SETUP_* facilities: nfct_setobjopt | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-04 | 1 | -102/+8 |
| | | | | o remove bogus option to get a conntrack in test.sh example file | ||||
* | o remove useless backlog parameter in multicast sockets | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-04 | 8 | -155/+88 |
| | | | | | | | | o remove reminiscents of delay destroy message and relax transitions o remove confusing StripNAT parameter: NAT support enabled by default o relax event tracking: *_update callbacks use cache_update_force o use wraparound-aware functions after/before/between o lots of cleanups | ||||
* | fix silly bug in build_network_message: out of bound memset | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-05-30 | 1 | -0/+1 |
| |