summaryrefslogtreecommitdiffstats
path: root/include/libnetfilter_conntrack
Commit message (Collapse)AuthorAgeFilesLines
* Extend high-level API for netlink BSF to add negative logicPablo Neira Ayuso2008-07-181-0/+10
| | | | | | | This patch introduces nfct_filter_set_logic() to set the filtering logic which results in a more flexible solution. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add berkeley socket filtering high-level APIPablo Neira Ayuso2008-07-171-0/+35
| | | | | | | | This patch adds an abstraction level to berkeley sockets filter (BSF) for Netlink sockets available since Linux kernel 2.6.26. This provides an easy way to attach filters without knowing about BSF at all. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add full support of SCTPPablo Neira Ayuso2008-05-212-0/+21
|
* improve nfct_copy/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-05-141-1/+7
|
* - bump version to 0.0.92/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-161-1/+9
| | | | | | | | - recover the ID support - add support for timeout comparison - ignore set operation for counters and use attributes - fix broken status comparison - statify several __snprintf functions
* - add nfct_cmp (replacement for nfct_compare a bit more flexible)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-131-0/+22
| | | | | | - add nfct_copy - conditional build of original and reply tuples - fix secmark parsing
* add nfct_send/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-091-0/+4
|
* add support for NAT sequence adjusment/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-091-0/+6
|
* add NFCT_OF_TIME output flag to nfct_snprintf/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-131-0/+3
|
* - add support for secmark/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-172-0/+12
| | | | - fix typo s/test_but/test_bit/
* Add support for conntrack master setup/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-082-1/+10
|
* deprecated old libnetfilter_conntrack API/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-081-59/+102
|
* add support for TCP flagssvn_t_libnetfilter_conntrack-0.0.82/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-09-122-0/+24
|
* - introduce nfct_nfnlh() to use functions like nfnl_rcvbufsiz(): return ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-07-091-0/+1
| | | | | | | read-only nfnl_handle - remove unused build_id() from build.c - bump version to 0.0.81
* Introduce NFCT_Q_CREATE_UPDATE: create conntrack, if it exists, update it/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-071-0/+1
|
* introduce NFCT_SOPT_SETUP_* options to simplify object setup/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-041-0/+2
|
* - add warning note to ctnl_test.c: old API is deprecated/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-061-33/+47
| | | | | | | | - split expect_api_test.c into small example files expect_*.c - introduce alias tags for original tuple attributes - introduce nfexp_sizeof and nfexp_maxsize - build expectation attributes iif they are set - fix l3num setting in expect/build.c
* update credits/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-011-1/+1
|
* Move old deprecated libnetfilter_conntrack API definitions at the bottom of ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-011-293/+302
| | | | libnetfilter_conntrack.h. The old API will be removed after quite some time.
* introduce the new expectation API/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-011-0/+83
|
* - fix compilation warning in snprintf.c/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-241-1/+7
| | | | | | - introduce the new compare infrastructure: much simple than previous - introduce nfct_maxsize for nf_conntrack object allocated in the stack - more strict checkings in nfct_set_attr: third parameter is const
* add extern C's to public headers (Phil Dibowitz)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2007-03-298-0/+64
|
* [PATCH] Fix icmp_id setter and doc (Phil Dibowitz <phil@ipom.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-03-171-1/+1
| | | | | | | | ICMP ID is stored as a u_int16_t, but its setter function derefs it's arguement as a u_int8_t. Additionally the api "doc" claims it's a u8, when it's not. This patch fixes both.
* - replace ntohs by htons in the example file (reported by Victor Stinner)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-12-231-1/+2
| | | | | - introduce NFCT_O_PLAIN flag: NFCT_O_DEFAULT points to NFCT_O_PLAIN - remove commented line in nfct_new()
* Introduce the new libnetfilter_conntrack API, features:/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-12-193-1/+232
| | | | | | | | | - object oriented infrastructure - extensible and configurable output (XML) - low level functions to interact with netlink details - fairly documented Still backward compatible.
* [PATCH]: Userspace code related to fixed timeout patch (Eric Leblond ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-07-031-0/+5
| | | | <eric@inl.fr>)
* export a function required by nfct helper support/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-02-091-0/+8
|
* o Add missing layer-3 protocol flags for the expectation tuple/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-01-153-4/+19
| | | | o Update copyright date
* Introduce various API changes throughout the library stack/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-142-2/+5
| | | | | | | | | | | 1) make libnfnetlink dynamically allocate it's handles 2) apply that change throughout libnetfilter_* 3) add {nfq,nflog,nfct}_open_nfnl() functions that open the specific subsystem on top of an existing nfnl_handle, which is required for upcoming libnetfilter_conntrack_helper The changes break ABI and API compatibility of libnfnetlink, but don't break ABI or API compatibility of the libnetfilter_* libraries.
* we have to include l3extensions.h in dist/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-071-1/+2
|
* o add IPv6 support/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-265-5/+92
| | | | | | | | | | | | o clean up layer-4 compare functions o finish the comparison infrastructure: support for tuple/mark matching o fix bug in the default event display when used in conjunction with the comparison infrastructure. o Bumped version to 0.0.30 Thanks to Yasuyuki Kozakai for: [LIBNETFILTER_CONNTRACK] fix dumping IPv6 connections that in included in this commit.
* Yasuyuki confirmed that l3protonum must be u_int8_t instead of u_int16t.svn_t_libnetfilter_conntrack-0.0.29/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-211-10/+8
| | | | | Another reason to use such type: the nfnetlink header uses u_int8_t to set the layer 3 protocol family, so let's keep some consistency.
* Add support for per-family table flushing. ie. flush just AF_INET entries. ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-191-2/+2
| | | | Towards ipv6 support.
* Slightly API changes required for the upcoming ipv6 support/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-192-3/+7
|
* Add l3protonum field to nfct_tuple: ensure backward compatibility once /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-191-0/+1
| | | | the ipv6 suport comes.
* o Fixed bugs in UDP and SCTP protocol handlers (parse_proto)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-037-5/+146
| | | | | | | | | o Added the comparison infrastructure for layer-4 protocols o Added libnetfilter_conntrack_[tcp|udp|icmp|sctp].h that contains the protocol flags used by the comparison infrastructure o Added nfct_conntrack_compare to compare two conntracks based on flags o Killed nfct_event_netlink_handler o nfct_event_[conntrack|expect] requires ROOT privileges (reason: netlink multicast) o Bumped version to 0.29
* some old libc's don't define IPPROTO_SCTP/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-141-0/+6
|
* don't use kernel headers installed on system, but include our own ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-113-3/+138
| | | | linux_nnfnetlink_conntrack.h
* o nfct_build_conntrack is too much, the only clients are new_conntrack and svn_t_libnetfilter_conntrack-0.0.26/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-11-091-17/+17
| | | | | | | update_conntrack, and it doesn't even fit well for both cases. So I decided to kill it and inline the code adapting it when was necessary. o Convert all unsigned int/long to POSIX types u_int32_t. Better now than later :(.
* o move nfct_handler to libnetfilter_conntrack.c, better for encapsulation/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-11-061-4/+0
| | | | | | | | o fixed ICMP ID handling o fix -> libtool: link: libtool library `nfct_proto_*.la' must begin with `lib' o remove wrong flag at extensions/Makefile.am o bumped version to 0.0.26 o fixed versioning :(
* destination ipv6 address is also 128bits, not 64./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-041-1/+1
|
* add nfct_fd() function/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-041-0/+2
|
* add extra 'data' argument to callback functions/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-041-6/+6
|
* o Kill non-portable NIPQUAD, use inet_ntoa instead./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-11-031-1/+1
| | | | | | | | | | | | o nfct_build_conntrack flit bits of status, timeout, id and mark. o finish incomplete support for marks: kernel part missing (patch on the way) o network byte order translation in build_conntrack instead of nfct_conntrack_alloc. Now this translation is transparent to the clients of the library. o Kill last blank space output in nfct_sprintf_[conntrack|expect] (Thanks to Krzysztof Oledzk for reporting this). o add missing initialization of buffer in nfct_default_*_display. o Bumped version to 0.2.5.
* o Bumped version to 0.2.4/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-11-011-3/+3
| | | | | | | o Redefine NFCT_ALL_CT_GROUPS o Fix typemsg2enum prototype, flags and type are 16 bits long, not 8 bits o Fix wrong expectation timeout and ID output o Fix getting and killing conntracks by ID
* Special thanks to Deti Fiegl from the Leibniz Supercomputing Centre in ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-311-4/+7
| | | | | | | | | | | | | Munich, Germany for providing the "fast" hardware to reproduce spurious bugs ;) List of changes: o Replace misleading flag NFCT_ANY_GROUP by NFCT_ALL_GROUPS o Update test file to use NFCT_ALL_GROUPS o Add missing check of CTA_PROTOINFO_TCP that resulted in a segfault in conjuction with events. o Fix ICMP conntracks output o Add missing prototype definition of nfct_default_expect_display_id in libnetfilter_conntrack.h
* o Added the expectation printing API/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-301-4/+10
| | | | o Bumped version to 0.2.2
* o make static protocol handler functions/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-302-1/+3
| | | | | | | | o move build_tuple_proto and build_protoinfo to the extensions where it really belongs to. o Reworked the conntrack and expect netlink handlers o Fix expectation table output, now it's similar to the /proc output o Bumped version to 0.2.1
* Thanks to Harald for all the comments./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-292-25/+81
| | | | | | | | | | o libnetfilter_conntrack.h splitted into two parts: what is visible to application programs and what is visible to extensions. o Killed includes asm/types.h and linux/if.h o Fixed nasty wrong ipv6 definition o Stolen the status bits from ip_conntrack.h, we don't include ip_conntrack.h anymore. o move nfct_handle to libnetfilter_conntrack.c: better for encapsulation
* o Renamed nfct_[set|unset]_callback to nfct_[register|unregister]_callback/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-281-6/+49
| | | | | | | | | | | | | | | o Added some very brief comments to libnetfilter_conntrack.h o Implemented the conntrack printers API nfct_sprintf_* o Now nfct_default_conntrack_display display the classical /proc output, and nfct_default_conntrack_display the classical + conntrack ids o Use nfnl_talk if there's no data expected from kernel space to be processed, that is the case of nfct_[get|delete]_conntrack o Added some missing memset's zeroing o Code simplification: killed some char *buf where struct nfnlhdr is enough o Killed protocol handler destructors (fini) and nfct_unregister_proto: The library is unloaded if something goes wrong (different library versions), the modules never gets inserted in the proto_list. Fixes a segfault. o Bumped version to 0.2.0