From 4e60aa36a78532d5b2675ec054f3c9abca0e933d Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 26 May 2009 12:01:19 +0200 Subject: src: remove obsolete changelog file Thomas Jarosch doesn't like having out-dated information in the tree. Me neither. However, I didn't notice that this file has been including in every release, it seems that the autostuff magically includes if present. Reported-by: Thomas Jarosch Signed-off-by: Pablo Neira Ayuso --- ChangeLog | 649 -------------------------------------------------------------- 1 file changed, 649 deletions(-) delete mode 100644 ChangeLog diff --git a/ChangeLog b/ChangeLog deleted file mode 100644 index 25d8a6f..0000000 --- a/ChangeLog +++ /dev/null @@ -1,649 +0,0 @@ -version 0.9.7 (yet unreleased) ------------------------------- - -o remove .svn directory from make distcheck tarballs (reported by B.Benjamini) -o fix minor compilation issue in amd64 with gcc4.3 (reported by Daniel Schepler) -o update manpages with the new URL: http://conntrack-tools.netfilter.org -o check for pkg-config at configure stage -o add flex version warning (better with >= 2.5.33) - -= conntrack = -o fix minor compilation warning (Krzysztof Oledzki) -o add ICMPv6 (-p icmpv6) support (Krzysztof Oledzki) -o distinguish between invalid (unknown) and empty proto (Krzysztof Oledzki) -o simplify parameter-handling code -o check for missing source/address IP/ports in creation and get operations -o way more flexible conntrack updates and deletions -o fix NAT filtering via --src-nat and --dst-nat (reported by K.Oledzki) -o recover the ID support -o only allow the use of --secmark for listing (filtering) -o show display counters to stderr -o enable filtering by status and ID -o update manpage -o minor cleanups - -= conntrackd = -o fix asymmetric path support (reported by Gary Richards) -o improve netlink overrun handling -o add more verbose error notification when we fail to inject a conntrack -o rework of the FT-FW approach -o minor fix of the manpage (Max Wilhelm) -o remove (misleading) counters and use information from the statistics mode -o use generic nfct_copy() from libnetfilter_conntrack to update objects -o use generic nfct_cmp() to compare objects -o improve network message sanity checkings -o add Mcast[Snd|Rcv]SocketBuffer clauses to tune multicast socket buffers -o add missing string.h required by strdup in config parsing -o add eventfd emulation to communicate receiver -> sender -o add best effort replication protocol (aka NOTRACK) -o rework the HELLO logic inside FT-FW -o fix leak in cache_destroy(): release objects before destroying the cache -o delay the closure of the dump descriptor to fix assertion with cache_wt - -version 0.9.6 (2008/03/08) ------------------------------- - -Pablo Neira Ayuso : - -o fix compilation problem due to missing headers (Krisztian Kovacs) -o include kernel options and Fedora comments in the INSTALL file -o remove -lpthread during compilation -o update library function checking in configure.in - -= conntrack = -o fix missing `-g' and `-n' options in getopt_long control string -o add support for secmark (requires Linux kernel >= 2.6.25) -o add mark and secmark information to the manpage -o cleanup error message -o add support for -E -o xml,timestamp - -= conntrackd = -o Add IPv6 support -o Remove window tracking disabling limitation (requires Linux kernel >= 2.6.22) -o syslog support (based on patch from Simon Lodal) -o add CacheWriteThrough clause: external cache write through policy -o add support for secmark (requires Linux kernel >= 2.6.25) -o add conntrackd (8) manpage -o raise ignorepool maximum limit from 1024 to INT_MAX -o Use more appropriate names for the existing synchronization modes: - o rename `persistent' mode to `alarm' - o rename `nack' mode to `ftfw' -o Now default synchronization mode is ftfw instead of alarm -o rename `examples' directory to `doc' -o add support for related conntracks (requires Linux kernel >= 2.6.22) -o show error and warning messages to stderr -o hash lookup speedups based on comments from netdev's discussions -o add support for connection logging to the statistics mode via Logfile -o minor irrelevant fixes for uncommon error paths and fix several typos -o detach daemon from its terminal (Ben Lenitz ) -o obsolete `-S' option: Use information provided by the config file -o daemonize conntrackd after initialization -o rename class `buffer' to `queue' which is what it really implements -o fix logfiles permissions, do not default to umask -o wake up the daemon iff there are real events to handle instead of polling -o add support for tagged vlan interfaces in the config file, e.g. eth0.1 -o implement a rb-tree based alarm framework -o constify queue_iterate() -o use list_del_init() and list_empty() to check if a node is in the list -o remove unix socket file on exit -o use umask() to set up file permissions -o add support for NAT sequence adjustment (requires Linux kernel >= 2.6.25) -o remove TODO file from release tarballs -o compose the file descriptor set at initialization stage to save some cycles -o cleanup: remove config_set from main(), use config_file variable instead - -Max Kellermann : - -o fix shadow warnings by renaming variables or making them local -o remove "-g" from Makefile.am, this should be specified by the user -o enable C99 mode -o use C99 integers (uint32_t instead of u_int32_t) -o remove several superfluous initializations - -= conntrack = -o check for malloc() failure in merge_opts -o eliminate local variable by returning from the loop -o explicitly cast in nat_parse() - -= conntrackd = -o resolve global variable "alarm" conflict with alarm() function in unistd.h. -o enable gcc warnings, including -Werror -o use list_for_each_entry() instead of list_for_each() -o use const when possible -o remove prefetch in slist.h since it confuses gcc -o fix illegal use of return in the yacc code, use break instead -o fix wrong invocations after prototype cleanup -o set the return type of the parse functions to "void" -o use the comma operator instead of curly braces -o add missing function prototypes -o merge several *_alarm() functions into init_alarm() -o use add_alarm() in mod_alarm() to avoid code duplication -o import tcp_state_helper only once -o add missing printf arguments -o use timeradd() since manipulating tv_sec directly -o fix lots of gcc warnings -o don't call INIT_LIST_HEAD on list item when unneeded -o always close stdin - even in non-daemon mode, it is of no use -o chdir("/") to release the cwd inode -o ignore setsid() failure, because there is only one possible and -o fix harmless error condition -o fix memory leaks in several error output paths -o import only required C headers and put local headers on top to check -o fix double free() bug in the error output path of mcast_create() -o eliminate unsed cache_get_conntrack() in rs_list_to_tx() -o remove capability code and rely on the error returned by the syscall -o major simplification of the logging infrastructure -o use fputs() instead of fprintf() in log.c -o improve error message if netlink initialization fails -o merge mod_alarm() into add_alarm(), remove alarm_set_expiration() -o remove init_alarm() before add_alarm() -o fix error checking of local_create_server() -o added struct local_server, several cleanups in local socket infrastructure -o remove unused prototypes in network.h -o check if the received packet is large enough -o introduce alarm_pending() -o cleanup: use size_t instead of integer -o several cleanups in the rbtree-based alarm -o whitespace cleanups - -version 0.9.5 (2007/07/29) ------------------------------- - -= conntrackd = -o conntrack-tools requires libnetfilter_conntrack >= 0.0.81 -o add len field to nethdr -o implement buffered send/recv to batch messages -o use buffer of MTU size -o stop using netlink format for network messages: use similar TLV-based format -o reduce synchronization messages size up to 60% -o introduce periodic alive messages for sync-nack protocol -o timeslice alarm implementation: remove alarm pthread, remove locking -o simplify debugging functions: use nfct_snprintf instead -o remove major use of libnfnetlink functions: use libnetfilter_conntrack API -o deprecate conntrackd -F, use conntrack -F instead -o major rework of the network infrastructure: much simple, less messy -o simplify cache_flush function: use cache_del() -o remove current script_fault.sh when we reach fault state -o conntrackd requires the connection tracking event API: insist more in INSTALL - -= conntrack = -o better protocol argument checkings -o fix per-protocol filtering, eg. conntrack -L -p tcp -o show per-protocol help, ie. conntrack -h -p tcp -o add alias --src for --orig-src and alias --dst for --orig-dst -o include protocol filters in the manpage - -version 0.9.4 (2007/07/02) ------------------------------- - -o fix error message in configure.in (Eric Leblond) -o add library dependency checking to configure.in - -= conntrackd = -o simplify checksum code: use UDP/multicast checksum facilities -o fix silly bug in build_network_message: out of bound memset -o remove useless backlog parameter in multicast sockets -o remove reminiscents of delay destroy message and relax transitions -o remove confusing StripNAT parameter: NAT support enabled by default -o relax event tracking: *_update callbacks use cache_update_force -o use wraparound-aware functions after/before/between -o commit phase: if conntrack exists, update it -o local requests return EXIT_FAILURE if it can't connect to the daemon -o remove several debug statements -o fork when internal/external dump and commit requests are received -o lots of cleanups - -= conntrack = -o fix segfault with conntrack --output (Krzysztof Oledzki) -o use NFCT_SOPT_SETUP_* facilities: nfct_setobjopt -o remove bogus option to get a conntrack in test.sh example file -o add aliases --sport and --dport to make it more iptables-like -o add support for `-L --src-nat' and `-L --dst-nat' to show natted connections -o update conntrack(8) manpage -o remove dlopen infrastructure - -version 0.9.3 (2007/05/22) ------------------------------- - -= conntrackd = -o fix commit of confirmed expectations (reported by Nishit Shah) -o fix double increment of counters in cache_update_force() (Niko Tyni) -o nl_dump_handler must return NFCT_CB_CONTINUE (Niko Tyni) -o initialize buffer in nl_event_handler() and nl_dump_handler() (Niko Tyni) -o CacheCommit value can be set via conntrackd.conf for the NACK approach -o fix leaks in the hashtable/cache flush path (Niko Tyni) -o fix leak if a connection already exists in the cache (Niko Tyni) -o introduce a new header that encapsulates netlink messages -o remove all '_entry' tail from all functions in cache.c -o split cache.c: move cache iterators to file cache_iterators.c -o fix inconsistencies in the cache API related to counters -o cleanup 'usage' message -o fix typo in examples/sync/nack/node1/conntrackd.conf -o introduce message checksumming as described in RFC1071 (enabled by default) -o major cleanups in the synchronization code -o just warn once that the maximum netlink socket buffer has been reached -o fix ignore conntrack entries by IP and introduce ignore pool abstraction layer -o introduce netlink socket buffer overrun handler -o constification of hash, compare and hashtable_test functions in hash.c -o introduce ACKnowledgement mechanisms to reduce the size of the resend queue -o remove OK messages at startup since provide useless data -o fix compilation warning in mcast.c: recvfrom takes socklen_t not size_t -o add a lock per buffer: makes buffer code thread safe -o introduce 'Replicate' clause to explicitely set states to be replicated -o kill cache feature abuse: introduce nicer cache hooks for sync algorithms -o fix oversized buffer allocated in the stack in the cache functions -o add support to dump internal/external cache in XML format '-x' -o add script for keepalived fault state (eg. unplugged cable/link down) - -= conntrack = -o port conntrack to the new libnetfilter_conntrack API -o introduce '--output xml,extended,timestamp' option for '-L', '-G' and '-E' -o deprecated '--id' -o replace '-a' by '--src-nat' and '--dst-nat' -o use positive logic in error handling -o remove sctp support until is fully supported in the kernel side -o update conntrack manpage -o update test.sh file in examples/cli/ -o several fixes for the output of usage messages - -version 0.9.2 (2007/01/17) --------------------------- -o remove spamming packet lost messages -o generalize network netlink sequence tracking -o fix bogus error message on resync `-R' -o fix endianess issues in the network netlink message -o introduce generic netlink multicast primitives to send and receive -o fix bogus replayed multicast message due to sequence numbering wraparound -o introduce counter for malformed netlink messages received -o introduce a new syntax for the `Sync' section in the configuration file -o several cleanups and remove unused variables -o add autostuff to include examples in the tarball (reported by Victor Lozano) -o use the new API available in libnetfilter_conntrack-0.0.50 -o implement a NACK based protocol for replication - -version 0.9.1 (2006/11/06) --------------------------- -o conntrackd requires kernel >= 2.6.18 -o remove bogus TIMERS_MODE constant -o implement bulk mode '-B': first works to address the preemption issue -o fix minor reduction conflicts in the configfile grammar -o check for CAP_NET_ADMIN instead of requiring root privileges -o check that linux/capability.h exists -o fix formatting at dump statistics '-s' -o move dump traffic stats before multicast traffic stats -o move event and dump handler to a generic infrastructure: kill events.c file -o kill unused function inc_ct_stats -o kill file resync.h -o cleanup broadcast_sync: renamed to mcast_send_sync -o sed 's/perror/debug/g' local.c -o fix bogus increment of update_fail stats at dump stage -o display descriptive error if we can't connect to conntrackd via UNIX socket -o remove debugging message from alarm.c -o move dump_mcast_stats to mcast.c where it really belongs -o rename stats.c to traffic_stats.c -o check for replayed/lost multicast message: simple seq tracking w/o recovery -o reissue nfnl_catch on ENOENT error: a message for other subsystem -o remove test/ directory in tree -o improve cache commit stats -o kill last_commit and last_flush from cache statistics: use the logfile -o recover cache naming for dump stats `-s' -o display multicast sequence tracking statistics: packets lost and replayed -o zero ct_sync_state and ct_stats_state structures after allocation -o improve keepalived scripts: - - resync with conntrack table on transition to master - - send bulk on transition to backup -o implement alarm cascade of ten levels -o implement timer cache flavour: limited life of entries in the external cache -o implement a global lock that protects operation with conntrack entries -o remove debug checking in cache_del_entry -o set a reduced timeout for committed entries: 180 seconds by default -o update comments on the sync-mode code -o introduce delay destroy messages facility -o increase timer for external states from 60 to 180 seconds -o remove unused replicate/dont_replicated constants -o fix cache entry clashing issue (reported by Maik Hentsche) -o fix bogus increment of error stats in the external cache -o remove pollution generated by `[REQ] cache dump' message from logfile - -version 0.9.0 (2006/09/17) --------------------------- -o implement initial for IPv6 (untested) -o implement generic extensible cache: kill the internal and external caches -o implement persistence cache feature -o implement lifetime cache feature -o modify UNIX facilities identification numbers: - separate master conntrack facilities and internal plugin facilities -o break backward compatibility of configuration file: - remove IgnoreLoopback, use IgnoreTrafficFor instead - remove IgnoreMulticastTraffic, use IgnoreTrafficFor instead -o merge event/event_subsys and sync/sync_subsys initialization to run.c -o improve control of the iteration process in the hashtables -o fix wrong locking in the alarm thread -o supersede AcceptNAT by StripNAT clause -o replace ignore traffic array by a hashtable -o move lockfile checking before daemonization -o on initialization error give a descriptive error -o introduce netlink socket size grown limitator -o introduce force resync with master conntrack table facility '-R' -o ignore SIGPIPE signal -o kill post_step since it is not used anymore - -version 0.8.3 (2006/09/03) --------------------------- -Author: Maik Hentsche - -o Fix typo in conntrackd -h -o Disable debugging messages by default -o No signals while signals handlings -o Add extra checkings at forking -o Check maximum size for file passed via -C - -Author: Pablo Neira Ayuso - -o retry select() if EINTR is returned (Reported by Maik Hentsche) -o Fix bug in slist_for_each_entry (Reported by Maik Hetsche) -o Signal handler registration done after intialization -o Implement alarm thread (based on Maik Hentsche's patch) -o Fix segfault on conntrackd -k (Reported by Maik Hentsche) -o Fix bug on alarm removal (Reported by Maik Hentsche) -o configure stops if bison, flex or yacc are not installed - -version 0.8.2 (2006/07/05) --------------------------- -o RelaxTransitions clause introduced in Sync mode -o multicast messages sequence tracking -o SocketBufferSize clause to set up the netlink socket buffer -o use new libnfnetlink API to solve limitations of nfnl_listen -o extra sanity checkings for netlink multicast messages -o improve statistics -o tons of cleanups 8) - -version 0.8.1 (2006/06/13) --------------------------- -o -f now just flushes the internal and external caches -o -F flushes the master conntrack table -o fix segfault under heavy load and signal received -o added -S mode for statistics: still needs more thinking - -version 0.8.0 (2006/06/11) --------------------------- -o more work to generalize the daemon: now it's ready to implement -modular support for adaptive timers and conntrack statistics, time -to implement them ;). This is *still* a work in progress. - -version 0.7.2 (2006/06/05) --------------------------- -o stupid bug in normal and alarm caches initialization: flush unset -o fix racy signal handling - -version 0.7.1 (2006/06/05) --------------------------- -o Bugfix for multicast sockets communication - -version 0.7 (2006/06/01) ------------------------- -o Major code re-structuration: internal and external cache abstraction -o sequence tracking for event messages -o expect more changes, I still dislike some stuff in its current status ;) - -version 0.6 (2006/05/31) ------------------------- -o Lock file support -o use new API nfct_conntrack_event_raw -o major code clean ups - -version 0.5 (2006/05/30) -------------------------- -o Fix multicast server binds to wrong interface -o Include clause `IgnoreProtocol', deprecates IgnoreUDP and IgnoreICMP - -version 0.4 (2006/05/29) ------------------------- -o Initial release - -conntrack changelog -=================== - -2006-03-20 - - o fix ICMP protocol extension parse callback - -2006-01-15 - - o Added missing parameters to set the ports of an expectation tuple - o Add support to filter dumped entries. - ie: conntrack -L -p tcp --orig-port-dst 993 - display all the connections to IMAPS servers - conntrack -L -m 2 - display all the connection marked with 2 - o Bumped version to 1.00beta2 - -2005-12-26 - - o add IPv6 support: main change - o removed dead code: iptables_insmod and get_modprobe - o compact the commands vs. options table - o move working vars from the stack to the BSS section - o update manpage - o Bumped version to 1.0beta1 - - o check address family mismatch - o fix incomplete copying IPv6 addresses - -2005-12-19 - - o We only support ipv4 at the moment: set l3protonum to AF_INET - o Minor changes to prepare upcoming ipv6 support - -2005-12-03 - - o Add support to filter events. ie: -p tcp --orig-port-dst 80 in - conjuction with -E to get all the requests to HTTP servers - o Update manpage - o Missing static function declaration in the protocol handlers - o Use protocol flags defined in libnetfilter_conntrack - o Bumped version to 0.991 - -2005-11-22 - - o Fix oversized number of options - -2005-11-11 - - o don't check for kernel header path in configure, since we don't use - kernel headers - o don't check for libnfnetlink, we don't use it directly - o move plugins into pkglibdir - o remove 'lib' prefix of plugins, they're not really libraries - o remove version information from plugin filenames - o Bumped version to 0.99 -2005-11-09 - - o set status to zero, libnetfilter_conntrack now activate - IPS_CONFIRMED since all conntrack in hash must be confirmed. - o Bumped version to 0.98 - -2005-11-08 - - o Fix warnings generated by gcc -Wall - o Fix conntrack exit value at error - o Replace obsolete inet_addr by inet_aton - -2005-11-05 - - o Improved conntrack -h output - o add htons for icmp id. - - o -t and -u are optional at update. - o Fixed versioning :( - o Bumped version to 0.97 - -2005-11-03 - - o Use extra 'data' argument of nfct_register_callback() function that - I've introduced in libetfilter_conntrack. - - o moves conntrack tool from bin to sbin directory since this - application is an administration utility and it requires uid==0 or - CAP_NET_ADMIN - - o check if --state missing when -p is passed - o command type is passed to final_check: checkings based on the - command can be done now. - o kill duplicated definition of IPS_* bits: Already present in - libnetfilter_conntrack. - o Move action and command enum to conntrack.h - o kill NIPQUAD macro - o make conntrack handler cth static. - o Bumped version to 0.96 - -2005-11-01 - - o Fix error message describing illegal option -E -i - o -D -i ID requires tuple information: Display an error message - o Use NFCT_ALL_CT_GROUPS flag instead of NFCT_ALL_GROUPS - o Event mask doesn't make sense for expectations, kill dead code - o Bumped version to 0.95 - - o Fix wrong formating in conntrack -h - -2005-10-30 - - Special thanks to Deti Fiegl from the Leibniz Supercomputing Centre in - Munich, Germany for providing the "fast" hardware to reproduce - spurious bugs ;) - - o Replace misleading message "Not enough memory" by "Can't open handler" - o New option -i for expectation dumping: conntrack -L expect [-i] - o sed 's/VERSION/CONNTRACK_VERSION/g' - o Fix nfct_open flags, now uses NFCT_ALL_GROUPS when needed - o Bumped version to 0.94 - -2005-10-28 - - o New option -i for dumping: conntrack -L [-i] - o Fixed warning in findproto due to a stupid wrong type definition - o sed 's/nfct_set_callback/nfct_register_callback/g' - o killed the 'retry' logic, *sigh* it is broken in some cases - o killed broken and unneeded protocol handler destructors (fini) - o killed unregister_proto - o Fixed code indentation in the command selector - o Bumped version to 0.93 - -2005-10-27 - - o Use conntrack VERSION instead of the old LIBCT_VERSION - o proto_list and lib_dir are now static - o kill dead code: function dump_tuple - o Bumped version to 0.92 - -2005-10-25 - - o Add missing autogen.sh file - -2005-10-24 - - o use NFCT_ANY_GROUP flag in nfct_open() - -2005-10-21 - - o Bumped version to 0.90 - o Add support for id and marks - -2005-10-20 - - o Kill some more files that generated by the autocrap - o Resync with the lastest libnetfilter_conntrack API changes - -2005-10-16 - - o Rename libct_proto.h to conntrack.h - o Remove config.h.in from svn, it's autogenerated by the autocrap :) - o Remove dead functions in the SCTP protocol helper - -2005-10-14 - - o Kill config.h.in, it's generated by the autocrap - o The conntrack tool now uses libnetfilter_conntrack :) - o libct.c has been killed, now it's in libnetfilter_conntrack - o Check if you're root or CAP_NET_ADMIN - o Bumped version number to 0.86 - -2005-10-07 - - o Fixed ICMP options - - o Multiple fixes for the ICMP protocol handler - o Fix ICMP output: wrong output. type and code were set to zero. - -2005-10-05 - - o Fix up counters - o Fix up compilation (IPS_* stuff missing), still need a proper fix - o Bumped version number to 0.82 - -2005-09-24 - - o Get rid of C++ style comments - o Remove remaining bits of "-A --action", group-mask and dump-mask - o Clean up #include's - o Fix double-free when exiting via signal handler (Ctrl+C) - o Add "version" member to plugins - o Fix some Endianness issues when printing CTA_STATUS - -2005-08-31 - - o Fix packet and bytes counters (use __be64_to_cpu) - o Fix ip_conntrack_netlink load-on-demand - -2005-07-12 - - o Use conntrack netlink attributes: Major change - o Kill action setting: Mask based dumping - o Fix ChangeLog - -2005-05-23 - - o Fixed syntax error (tab/space issue) in help message - o Fixed getopt handling on big endian machines - o Fixed possible future read-over-end-of-array in TCP extension - o Add manpage - o Add missing space at output of libct_proto_icmp.c - o Add status bits that were introduced in 2.6.11 - o Add SCTP extension - o Add support for expect creation - o Bump version number to 0.63 - -2005-05-17 - - o Added descriptive error messages. - o Fix wrong flags check in [tcp|udp] proto helpers. - -2005-05-16 - - o Implemented ICMP proto helper - o Added help() and final_check() functions for proto helpers. - -2005-05-01 - - o Created changelog file - o Deleted libctnetlink.h and libnfnetlink.h from the include/ dir. - o Added support for version (-V) and help (-h) - o Added event mask based support - o Added GPLv2 headers - o Use fprintf instead of printf - o Defined print_tuple and print_proto output interfaces - o ctnl_[get|del]_conntrack handles return value from kernel via msgerr - o Added support for conntrack table flushing - o Added test case file (test.sh) - o Improve dump output - - - o Autoconf stuff for conntrack + some pablo's modifications. - o Fixed packet counters formatting (use %llu instead of %lu) - -2005-04-25 - - o Added support for mask based event dumping - o Added support for mask based event notification - o On-demand autoload of ip_conntrack_netlink -- cgit v1.2.3