summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* o Use more appropriate names for the existing synchronization modes:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-217-56/+66
| | | | | | o rename `persistent' mode to `alarm' o rename `nack' mode to `ftfw' o Now default synchronization mode is ftfw instead of alarm
* raise ignorepoll limit from 1024 to INT_MAX/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-211-2/+3
|
* = conntrack =/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-213-23/+35
| | | | | | | | | | | o fix missing `-g' and `-n' options in getopt_long control string o add support for secmark (requires Linux kernel >= 2.6.25) o add mark and secmark information to the manpage o cleanup error message = conntrackd = o add support for secmark (requires Linux kernel >= 2.6.25) o add conntrackd (8) manpage
* Add CacheWriteThrough clause: external cache write through policy. This ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-11-258-35/+125
| | | | feature is particularly useful for active-active setup without connection persistency, ie. you cannot know which firewall would filter a packet that belongs to a connection.
* add syslog support and bump version/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-09-1210-80/+176
|
* Remove window tracking disabling limitation (requires Linux kernel >= 2.6.22)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-09-121-4/+9
|
* conntrack-tools compilation problem (K.Kovacs)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-08-061-1/+2
|
* fix NAT in changes committed in r6904/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-07-191-19/+30
|
* - simplify cache_flush function: use cache_del()/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-07-191-12/+1
|
* minor fix in the last commit: check conf->mtu instead of mtu that is < 0/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-07-191-1/+1
|
* conntrackd:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-07-186-68/+107
| | | | | | | | | - use buffer of MTU size conntrack: - better protocol argument checkings - fix per-protocol filtering, eg. conntrack -[L|E] -p tcp now works - show per-protocol help, ie. conntrack -h -p tcp - add alias --src for --orig-src and alias --dst for --orig-dst
* - conntrack-tools requires libnetfilter_conntrack >= 0.0.81 /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-07-0921-721/+744
| | | | | | | | | | | | | - add len field to nethdr - implement buffered send/recv to batch messages - stop using netlink format for network messages: use similar TLV-based format - reduce synchronization messages size up to 60% - introduce periodic alive messages for sync-nack protocol - timeslice alarm implementation: remove alarm pthread, remove locking - simplify debugging functions: use nfct_snprintf instead - remove major use of libnfnetlink functions: use libnetfilter_conntrack API - deprecate conntrackd -F, use conntrack -F instead - major rework of the network infrastructure: much simple, less messy
* fork when internal/external dump and commit requests are received/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-252-6/+8
|
* - more cleanups and code refactorization/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-1910-159/+139
| | | | | | - remove several debug calls - create a child to dispatch dump requests: this will help to simplify the current locking schema. Later.
* - local requests return EXIT_FAILURE if it can't connect to the daemon/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-133-65/+25
| | | | - several cleanups
* remove dlopen infrastructure: simplification, it was too much for it/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-092-17/+5
|
* - add support for `-L --src-nat' and `-L --dst-nat' to show natted connections/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-091-4/+32
| | | | - update conntrack(8) manpage
* commit phase: if conntrack exists, update it/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-071-1/+1
|
* o use NFCT_SOPT_SETUP_* facilities: nfct_setobjopt/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-041-102/+8
| | | | o remove bogus option to get a conntrack in test.sh example file
* o remove useless backlog parameter in multicast sockets/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-048-155/+88
| | | | | | | | o remove reminiscents of delay destroy message and relax transitions o remove confusing StripNAT parameter: NAT support enabled by default o relax event tracking: *_update callbacks use cache_update_force o use wraparound-aware functions after/before/between o lots of cleanups
* fix silly bug in build_network_message: out of bound memset/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-301-0/+1
|
* conntrack --output requires one parameter (Krzysztof Oledzki)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-291-1/+1
|
* simplify checksum code: use UDP/multicast checksum facilities/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-245-67/+11
|
* add missing ignore_conntrack in the overrun handler/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-213-1/+7
|
* - introduce cache_iterate/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-206-82/+150
| | | | | | | | - empty debug_ct function if DEBUG_CT is not set - revisit overrun handler: this is a hard battle, just try to do our best here, call Patrick :) - explicit warning message when netlink_buffer_max_growth is reached - fix silly bug in stats-mode when dumping in XML format - fix UDP handler for conntrack
* - remove dead code sync-mode.c/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-186-95/+93
| | | | | | | - flush nack queue in the conntrackd -f path - do not increase add_fail counter for EEXIST errors - cleanup sync-nack code - improve mcast_recv_netmsg: sanity check before checksumming!
* o introduce '--output xml,extended,timestamp' option for '-L', '-G' and '-E'/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-071-14/+39
| | | | o several fixes for the output of usage messages
* - update changelog/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-061-13/+13
| | | | - use positive logic in error handling
* - add warning note to ctnl_test.c: old API is deprecated/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-061-310/+425
| | | | | | | | - split expect_api_test.c into small example files expect_*.c - introduce alias tags for original tuple attributes - introduce nfexp_sizeof and nfexp_maxsize - build expectation attributes iif they are set - fix l3num setting in expect/build.c
* - bump version to 0.9.3/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-171-1/+1
| | | | | - show 'conntrack-tools' string when 'conntrack -V' is issued - include missing headers to include/Makefile.am
* first step forward to merge conntrackd and conntrack into the same building ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-1629-0/+6220
| | | | chain
* initial import of the conntrack daemon to Netfilter SVN/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-162-1138/+0
|
* [patch] conntrack tool: Fix loading of protocol helpers (Thomas Jarosch ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-03-161-1/+1
| | | | | | | | | | <thomas.jarosch@intra2net.com>) the pkgconfig changes from August 2006 broke the loading of the protocol helpers as dlopen() doesn't search for symbols in the main executable. As a result the protocol helpers can't find register_proto(). Attached patch fixes the problem.
* [patch] conntrack compile fix (Thomas Jarosch <thomas.jarosch@intra2net.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-03-161-0/+1
|
* [PATCH 5/6] conntrack pkt-config changes (KOVACS Krisztian <hidden@balabit.hu>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-08-031-2/+2
|
* [PATCH]: Userspace code related to fixed timeout patch (Eric Leblond ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-07-031-4/+4
| | | | <eric@inl.fr>)
* [PATCH] conntrack: Fix option parsing for ARM (Philip Craig/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-05-221-1/+1
| | | | | <philipc@snapgear.com>) The result of getopt_long() was assigned to a char, which defaults to unsigned
* o Add support to filter dumped entries. ie:/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-01-151-22/+45
| | | | | | | - display all the connections to IMAPS servers conntrack -L -p tcp --orig-port-dst 993 - display all the connection marked with 2 conntrack -L -m 2
* o Added missing parameters to set the ports of an expectation tuple/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-01-151-1/+1
| | | | o Bumped version to 1.00beta2
* <pablo@netfilter.org>/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-261-161/+176
| | | | | | | | | | | | o add IPv6 support: main change o removed dead code: iptables_insmod and get_modprobe o compact the commands vs. options table o move working vars from the stack to the BSS section o update manpage o Bumped version to 1.0beta1 <yasuyuki.kozakai@toshiba.co.jp> o check address family mismatch o fix incomplete copying IPv6 addresses
* More changes to prepare upcoming ipv4 supportsvn_t_conntrack-0.991/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-191-5/+5
|
* We only support ipv4 at the moment, set l3protonum to AF_INET/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-191-0/+8
|
* o Restore include "conntrack.h" in ICMP handler/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-041-2/+3
| | | | o Add missing flags coversion in SCTP handler
* o Add support to filter events. ie: -p tcp --orig-port-dst 80 in/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-031-15/+24
| | | | | | | | | conjuction with -E to get all the requests to HTTP servers o Update manpage o Missing static function declaration in the protocol handlers o Use protocol flags defined in libnetfilter_conntrack o Kill leftover #include "conntrack.h" in the ICMP helper o Bumped version to 0.991
* linke with libnetfilter_conntrack/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-141-1/+1
|
* - get rid of KERNELDIR/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-141-3/+2
| | | | - use Make_global.am
* - rename plugisn to remove 'lib' prefix/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-101-2/+2
| | | | - move them into 'pkglibdir'
* See ChangeLog/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-11-091-1/+1
|
* See ChangeLog/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-11-081-19/+31
|
* See ChangeLog/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-11-061-32/+54
|