summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* api: fix bogus netlink flags in nfexp_build_querylibnetfilter_conntrack-0.0.98Pablo Neira Ayuso2008-11-291-2/+2
| | | | | | | This patch removes unnecessary flags included in NFCT_Q_DUMP, and NFCT_Q_DESTROY requests for expectations. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* api: fix bogus netlink flags in nfct_build_queryPablo Neira Ayuso2008-11-291-3/+3
| | | | | | | This patch removes unnecessary flags included in NFCT_Q_DUMP, NFCT_Q_DUMP_RESET and NFCT_Q_DESTROY requests. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* bsf: remove unnecessary function inlinePablo Neira Ayuso2008-11-281-9/+9
| | | | | | | | | This patch removes unnecessary function inlining in the BSF code generation. There is not reason to get any significant performance improvement in an operation that should be done in the initialization path. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* bsf: major rework of the BSF generation codePablo Neira Ayuso2008-11-259-268/+420
| | | | | | | | | | | | | | | | This patch reworks the BSF automatic generation code. This feature needs more love and it has several limitations like that the maximum number of IPs are 127 due to BSF code restrictions. See this patch as a first step forward. This patch also adds the stack data type, which is used to resolve jump dynamically instead of the previous static approach. This patch also includes fixes in the limitations, previous calculations were wrong. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* helper: fix missing copy function for helper namePablo Neira Ayuso2008-11-232-0/+13
| | | | | | | | | | | | This patch fixes a NULL dereference to a function pointer in nfct_copy() that is triggered when you try to copy the helper name. This patch also adds an assertion to easily report similar problems in the future. Thanks to <pageexec@freemail.hu> for his detailed debugging report. Reported-by: Wolfram Schlich <lists@wolfram.schlich.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* qa: add test file to check for missing indirect function callsPablo Neira Ayuso2008-11-234-2/+111
| | | | | | | | This patch adds a rudimentary test file to check for possible unset indirect function calls. This automated test should be run after adding a new attribute. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: set specific array size for the APIPablo Neira Ayuso2008-11-237-8/+8
| | | | | | | This patch adds the size of the arrays to set to NULL unset elements. This helps to spot unset functions for new attributes. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* version: bump to 0.0.98Pablo Neira Ayuso2008-10-301-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* API: add nfct_attr_is_set_array functionPablo Neira Ayuso2008-10-302-0/+32
| | | | | | | This new function checks for the presence of a given set of attributes that are passed as an array. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* groups: add attribute group APIPablo Neira Ayuso2008-10-3012-3/+582
| | | | | | | | | | | | This new API allows you to set and get some logical set of attributes. This is not intended to replace the existing per-attribute get/set API but to provide more efficient way to get/set certain attributes. This change includes an example file (conntrack_grp_create.c) of the use of the attribute group API. See ATTR_GRP_* for more information on the existing groups. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* snprintf: fix compilation warning in 64-bits platformsPablo Neira Ayuso2008-10-301-2/+2
| | | | | | | We have to cast the counters to unsigned long long to fix a compilation warning in 64-bits platforms. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* API: use of __builtin_expect in error checking pathsPablo Neira Ayuso2008-10-303-10/+13
| | | | | | | | | This patch introduces likely() and unlikely() that use __builtin_expect to assist the compiler in the branch decisions. I am assuming that we have no clients of libnetfilter_conntrack that use gcc < 2.96. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* objopt: use indirect calls instead of switchPablo Neira Ayuso2008-10-302-63/+101
| | | | | | This patch replaces the use of switch by indirect function calls. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* helper: explicit helper assignation supportlibnetfilter_conntrack-0.0.97Pablo Neira Ayuso2008-10-137-0/+55
| | | | | | | | This patch adds support for explicit helper assignation. This support will not be of any help without the appropriate kernel support that will go into the Linux kernel 2.6.29 -sic-. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* compare: add two new flags for different level of comparisonsPablo Neira Ayuso2008-10-023-194/+346
| | | | | | | | This patch adds NFCT_CMP_MASK and NFCT_CMP_STRICT which determines the level of strictness that is applied to the comparison of two conntrack objects. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* API: fix endianess issueAlbert Veli2008-07-292-3/+3
| | | | | | | | In nfct_build_query() the *data argument is converted into a u_int8_t*. This works for little-endian but not for big-endian. Signed-off-by: Albert Veli <albert.veli@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: split internal.h into several internal header filesPablo Neira Ayuso2008-07-2545-449/+510
| | | | | | | This patch cleanups the internal headers by splitting them into several logical pieces. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* bsf: use ntohl instead of htonl in the examplePablo Neira Ayuso2008-07-231-1/+2
| | | | | | Fix wrong use of htonl in the example filter. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Extend high-level API for netlink BSF to add negative logicPablo Neira Ayuso2008-07-185-19/+124
| | | | | | | This patch introduces nfct_filter_set_logic() to set the filtering logic which results in a more flexible solution. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add berkeley socket filtering high-level APIPablo Neira Ayuso2008-07-179-3/+738
| | | | | | | | This patch adds an abstraction level to berkeley sockets filter (BSF) for Netlink sockets available since Linux kernel 2.6.26. This provides an easy way to attach filters without knowing about BSF at all. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add comment in expect_create test filePablo Neira Ayuso2008-07-151-0/+5
| | | | | | | | The test file requires nf_conntrack_ftp to work properly, otherwise it returns EINVAL. This patch adds a small comment to remember users to load the module before going ahead. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* bump version to 0.0.96libnetfilter_conntrack-0.0.96Pablo Neira Ayuso2008-07-091-1/+1
|
* conditional compilation of testsuite utilsPablo Neira Ayuso2008-07-021-1/+1
| | | | | | Use `make check' to compile the examples in utils/ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* remove slip through change in conntrack_event.cPablo Neira Ayuso2008-07-021-249/+1
|
* bump version to 0.0.95libnetfilter_conntrack-0.0.95Pablo Neira Ayuso2008-06-272-3/+251
|
* Use union of char buffer and message header to ensure proper byteFabian Hugelshofer2008-06-182-12/+18
| | | | | | alignment. Signed-off-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch>
* fix wrong ATTR_*_L3PROTO handling in the message buildingPablo Neira Ayuso2008-06-161-8/+14
| | | | | | - include missing ATTR_MASTER_L3PROTO attribute into messages - include ATTR_[ORIG|REPL]_L3PROTO iff there is at least another layer 3 attribute
* fix bug in nfct_cmp() with IPv6 addresslibnetfilter_conntrack-0.0.94Pablo Neira Ayuso2008-05-271-4/+4
|
* define ICMPV6_NI_QUERY and ICMPV6_NI_REPLY if not setPablo Neira Ayuso2008-05-271-0/+8
|
* add full support of SCTPPablo Neira Ayuso2008-05-2110-3/+162
|
* fix nfct_copy with NFCT_CP_ORIG and NFCT_CP_REPLY flagsPablo Neira Ayuso2008-05-201-8/+15
|
* fix __nfct_l4 structure layout (specifically, ICMP)Pablo Neira Ayuso2008-05-163-14/+104
| | | | fix nfct_cmp(): add port comparison, better ICMP support
* compare layer 3 and layer 4 protocol number before addresses/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-05-161-28/+28
|
* improve nfct_copy/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-05-145-51/+484
|
* Add missing master tuple getters (reported by Max Wilhelm)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-292-0/+50
|
* - bump version to 0.0.92/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-167-21/+89
| | | | | | | | - recover the ID support - add support for timeout comparison - ignore set operation for counters and use attributes - fix broken status comparison - statify several __snprintf functions
* check for pkg-config before anything (fix bogus missing libnfnetlink failure)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-131-0/+8
|
* fix missing bitset in the autocomplete code/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-132-0/+25
|
* - add nfct_cmp (replacement for nfct_compare a bit more flexible)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-139-65/+267
| | | | | | - add nfct_copy - conditional build of original and reply tuples - fix secmark parsing
* add nfct_send/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-093-2/+37
|
* fix segfault while getting the conntrack ID (reported by Thomas Mader)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-041-0/+6
|
* This patch adds invmap support and duplicate code/id for reply direction,/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-251-0/+43
| | | | | | | | | so inserted conntracks get proper type, code and id. Without this fix "type", "code" and "id" in reply direction were always set to 0. It "automagically" worked for ICMP and ICMP_ECHOREPLY (ICMP_ECHOREPLY==8 -> ICMP_ECHO==*0*), but not with with other ICMP codes nor with ICMPv6. Signed-off-by: Krzysztof Oledzki <ole@ans.pl>
* This rather trivial patch adds ICMPv6 support for libnetfilter_conntrack,/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-254-0/+33
| | | | | | but only for the new API - deprecated/extensions was left unchanged. Signed-off-by: Krzysztof Oledzki <ole@ans.pl>
* - fix broken 'deprecated backward compatibility'svn_t_libnetfilter_conntrack-0.0.89/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-2212-80/+39
| | | | - fix glibc 2.7.20 compilation (based on patch from Paul P. Konkoff)
* add support for NAT sequence adjusment/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-097-1/+183
|
* add deprecated/Makefile.am/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-131-0/+3
|
* Several tree reorganizations:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-1313-45/+34
| | | | | - move l3extensions/ and extensions/ to src/deprecated/ - don't create submodules under /usr/lib/libnetfilter_conntrack/ anymore
* several cleanups for Makefile.am/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-133-24/+16
|
* add NFCT_OF_TIME output flag to nfct_snprintf/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-136-4/+49
|
* add secmark getter and setters/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-052-0/+12
|