version 0.9.3 (yet unreleased) ------------------------------ o fix commit of confirmed expectations (reported by Nishit Shah) o fix double increment of counters in cache_update_force() (Niko Tyni) o nl_dump_handler must return NFCT_CB_CONTINUE (Niko Tyni) o initialize buffer in nl_event_handler() and nl_dump_handler() (Niko Tyni) o CacheCommit value can be set via conntrackd.conf for the NACK approach o fix leaks in the hashtable/cache flush path (Niko Tyni) o fix leak if a connection already exists in the cache (Niko Tyni) o introduce a new header that encapsulates netlink messages o remove all '_entry' tail from all functions in cache.c o split cache.c: move cache iterators to file cache_iterators.c o fix inconsistencies in the cache API related to counters o cleanup 'usage' message o fix typo in examples/sync/nack/node1/conntrackd.conf o introduce message checksumming as described in RFC1071 (enabled by default) o major cleanups in the synchronization code o just warn once that the maximum netlink socket buffer has been reached o fix ignore conntrack entries by IP and introduce ignore pool abstraction layer o introduce netlink socket buffer overrun handler o constification of hash, compare and hashtable_test functions in hash.c o introduce ACKnowledgement mechanisms to reduce the size of the resend queue o remove OK messages at startup since provide useless data o fix compilation warning in mcast.c: recvfrom takes socklen_t not size_t o add a lock per buffer: makes buffer code thread safe o introduce 'Replicate' clause to explicitely set states to be replicated o kill cache feature abuse: introduce nicer cache hooks for sync algorithms o fix oversized buffer allocated in the stack in the cache functions o add support to dump internal/external cache in XML format '-x' version 0.9.2 (2006/01/17) -------------------------- o remove spamming packet lost messages o generalize network netlink sequence tracking o fix bogus error message on resync `-R' o fix endianess issues in the network netlink message o introduce generic netlink multicast primitives to send and receive o fix bogus replayed multicast message due to sequence numbering wraparound o introduce counter for malformed netlink messages received o introduce a new syntax for the `Sync' section in the configuration file o several cleanups and remove unused variables o add autostuff to include examples in the tarball (reported by Victor Lozano) o use the new API available in libnetfilter_conntrack-0.0.50 o implement a NACK based protocol for replication version 0.9.1 (2006/11/06) -------------------------- o conntrackd requires kernel >= 2.6.18 o remove bogus TIMERS_MODE constant o implement bulk mode '-B': first works to address the preemption issue o fix minor reduction conflicts in the configfile grammar o check for CAP_NET_ADMIN instead of requiring root privileges o check that linux/capability.h exists o fix formatting at dump statistics '-s' o move dump traffic stats before multicast traffic stats o move event and dump handler to a generic infrastructure: kill events.c file o kill unused function inc_ct_stats o kill file resync.h o cleanup broadcast_sync: renamed to mcast_send_sync o sed 's/perror/debug/g' local.c o fix bogus increment of update_fail stats at dump stage o display descriptive error if we can't connect to conntrackd via UNIX socket o remove debugging message from alarm.c o move dump_mcast_stats to mcast.c where it really belongs o rename stats.c to traffic_stats.c o check for replayed/lost multicast message: simple seq tracking w/o recovery o reissue nfnl_catch on ENOENT error: a message for other subsystem o remove test/ directory in tree o improve cache commit stats o kill last_commit and last_flush from cache statistics: use the logfile o recover cache naming for dump stats `-s' o display multicast sequence tracking statistics: packets lost and replayed o zero ct_sync_state and ct_stats_state structures after allocation o improve keepalived scripts: - resync with conntrack table on transition to master - send bulk on transition to backup o implement alarm cascade of ten levels o implement timer cache flavour: limited life of entries in the external cache o implement a global lock that protects operation with conntrack entries o remove debug checking in cache_del_entry o set a reduced timeout for committed entries: 180 seconds by default o update comments on the sync-mode code o introduce delay destroy messages facility o increase timer for external states from 60 to 180 seconds o remove unused replicate/dont_replicated constants o fix cache entry clashing issue (reported by Maik Hentsche) o fix bogus increment of error stats in the external cache o remove pollution generated by `[REQ] cache dump' message from logfile version 0.9.0 (2006/09/17) -------------------------- o implement initial for IPv6 (untested) o implement generic extensible cache: kill the internal and external caches o implement persistence cache feature o implement lifetime cache feature o modify UNIX facilities identification numbers: separate master conntrack facilities and internal plugin facilities o break backward compatibility of configuration file: remove IgnoreLoopback, use IgnoreTrafficFor instead remove IgnoreMulticastTraffic, use IgnoreTrafficFor instead o merge event/event_subsys and sync/sync_subsys initialization to run.c o improve control of the iteration process in the hashtables o fix wrong locking in the alarm thread o supersede AcceptNAT by StripNAT clause o replace ignore traffic array by a hashtable o move lockfile checking before daemonization o on initialization error give a descriptive error o introduce netlink socket size grown limitator o introduce force resync with master conntrack table facility '-R' o ignore SIGPIPE signal o kill post_step since it is not used anymore version 0.8.3 (2006/09/03) -------------------------- Author: Maik Hentsche o Fix typo in conntrackd -h o Disable debugging messages by default o No signals while signals handlings o Add extra checkings at forking o Check maximum size for file passed via -C Author: Pablo Neira Ayuso o retry select() if EINTR is returned (Reported by Maik Hentsche) o Fix bug in slist_for_each_entry (Reported by Maik Hetsche) o Signal handler registration done after intialization o Implement alarm thread (based on Maik Hentsche's patch) o Fix segfault on conntrackd -k (Reported by Maik Hentsche) o Fix bug on alarm removal (Reported by Maik Hentsche) o configure stops if bison, flex or yacc are not installed version 0.8.2 (2006/07/05) -------------------------- o RelaxTransitions clause introduced in Sync mode o multicast messages sequence tracking o SocketBufferSize clause to set up the netlink socket buffer o use new libnfnetlink API to solve limitations of nfnl_listen o extra sanity checkings for netlink multicast messages o improve statistics o tons of cleanups 8) version 0.8.1 (2006/06/13) -------------------------- o -f now just flushes the internal and external caches o -F flushes the master conntrack table o fix segfault under heavy load and signal received o added -S mode for statistics: still needs more thinking version 0.8.0 (2006/06/11) -------------------------- o more work to generalize the daemon: now it's ready to implement modular support for adaptive timers and conntrack statistics, time to implement them ;). This is *still* a work in progress. version 0.7.2 (2006/06/05) -------------------------- o stupid bug in normal and alarm caches initialization: flush unset o fix racy signal handling version 0.7.1 (2006/06/05) -------------------------- o Bugfix for multicast sockets communication version 0.7 (2006/06/01) ------------------------ o Major code re-structuration: internal and external cache abstraction o sequence tracking for event messages o expect more changes, I still dislike some stuff in its current status ;) version 0.6 (2006/05/31) ------------------------ o Lock file support o use new API nfct_conntrack_event_raw o major code clean ups version 0.5 (2006/05/30) ------------------------- o Fix multicast server binds to wrong interface o Include clause `IgnoreProtocol', deprecates IgnoreUDP and IgnoreICMP version 0.4 (2006/05/29) ------------------------ o Initial release