Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | - add warning note to ctnl_test.c: old API is deprecated | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-05-06 | 1 | -33/+47 |
| | | | | | | | | - split expect_api_test.c into small example files expect_*.c - introduce alias tags for original tuple attributes - introduce nfexp_sizeof and nfexp_maxsize - build expectation attributes iif they are set - fix l3num setting in expect/build.c | ||||
* | update credits | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-05-01 | 1 | -1/+1 |
| | |||||
* | Move old deprecated libnetfilter_conntrack API definitions at the bottom of ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-05-01 | 1 | -293/+302 |
| | | | | libnetfilter_conntrack.h. The old API will be removed after quite some time. | ||||
* | introduce the new expectation API | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-05-01 | 2 | -0/+112 |
| | |||||
* | - fix compilation warning in snprintf.c | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-04-24 | 2 | -1/+10 |
| | | | | | | - introduce the new compare infrastructure: much simple than previous - introduce nfct_maxsize for nf_conntrack object allocated in the stack - more strict checkings in nfct_set_attr: third parameter is const | ||||
* | add extern C's to public headers (Phil Dibowitz) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2007-03-29 | 8 | -0/+64 |
| | |||||
* | [PATCH] Fix icmp_id setter and doc (Phil Dibowitz <phil@ipom.com>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-03-17 | 1 | -1/+1 |
| | | | | | | | | ICMP ID is stored as a u_int16_t, but its setter function derefs it's arguement as a u_int8_t. Additionally the api "doc" claims it's a u8, when it's not. This patch fixes both. | ||||
* | [patch] libnetlink_conntrack compile fix (Thomas Jarosch ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-03-16 | 1 | -0/+4 |
| | | | | | | | <thomas.jarosch@intra2net.com>) attached patch fixes compilation of libnetlink_conntrack for old glibc versions. | ||||
* | - replace ntohs by htons in the example file (reported by Victor Stinner) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2006-12-23 | 1 | -1/+2 |
| | | | | | - introduce NFCT_O_PLAIN flag: NFCT_O_DEFAULT points to NFCT_O_PLAIN - remove commented line in nfct_new() | ||||
* | Introduce the new libnetfilter_conntrack API, features: | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2006-12-19 | 5 | -2/+387 |
| | | | | | | | | | - object oriented infrastructure - extensible and configurable output (XML) - low level functions to interact with netlink details - fairly documented Still backward compatible. | ||||
* | [PATCH]: Userspace code related to fixed timeout patch (Eric Leblond ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-07-03 | 1 | -0/+5 |
| | | | | <eric@inl.fr>) | ||||
* | export a function required by nfct helper support | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-09 | 1 | -0/+8 |
| | |||||
* | o Add missing layer-3 protocol flags for the expectation tuple | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2006-01-15 | 3 | -4/+19 |
| | | | | o Update copyright date | ||||
* | Introduce various API changes throughout the library stack | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-01-14 | 2 | -2/+5 |
| | | | | | | | | | | | 1) make libnfnetlink dynamically allocate it's handles 2) apply that change throughout libnetfilter_* 3) add {nfq,nflog,nfct}_open_nfnl() functions that open the specific subsystem on top of an existing nfnl_handle, which is required for upcoming libnetfilter_conntrack_helper The changes break ABI and API compatibility of libnfnetlink, but don't break ABI or API compatibility of the libnetfilter_* libraries. | ||||
* | we have to include l3extensions.h in dist | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-01-07 | 1 | -1/+2 |
| | |||||
* | o add IPv6 support | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-12-26 | 5 | -5/+92 |
| | | | | | | | | | | | | o clean up layer-4 compare functions o finish the comparison infrastructure: support for tuple/mark matching o fix bug in the default event display when used in conjunction with the comparison infrastructure. o Bumped version to 0.0.30 Thanks to Yasuyuki Kozakai for: [LIBNETFILTER_CONNTRACK] fix dumping IPv6 connections that in included in this commit. | ||||
* | Yasuyuki confirmed that l3protonum must be u_int8_t instead of u_int16t.svn_t_libnetfilter_conntrack-0.0.29 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-12-21 | 1 | -10/+8 |
| | | | | | Another reason to use such type: the nfnetlink header uses u_int8_t to set the layer 3 protocol family, so let's keep some consistency. | ||||
* | Add support for per-family table flushing. ie. flush just AF_INET entries. ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-12-19 | 1 | -2/+2 |
| | | | | Towards ipv6 support. | ||||
* | Slightly API changes required for the upcoming ipv6 support | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-12-19 | 2 | -3/+7 |
| | |||||
* | Add l3protonum field to nfct_tuple: ensure backward compatibility once | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-12-19 | 1 | -0/+1 |
| | | | | the ipv6 suport comes. | ||||
* | o Fixed bugs in UDP and SCTP protocol handlers (parse_proto) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-12-03 | 7 | -5/+146 |
| | | | | | | | | | o Added the comparison infrastructure for layer-4 protocols o Added libnetfilter_conntrack_[tcp|udp|icmp|sctp].h that contains the protocol flags used by the comparison infrastructure o Added nfct_conntrack_compare to compare two conntracks based on flags o Killed nfct_event_netlink_handler o nfct_event_[conntrack|expect] requires ROOT privileges (reason: netlink multicast) o Bumped version to 0.29 | ||||
* | some old libc's don't define IPPROTO_SCTP | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-14 | 1 | -0/+6 |
| | |||||
* | don't use kernel headers installed on system, but include our own ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-11 | 4 | -3/+140 |
| | | | | linux_nnfnetlink_conntrack.h | ||||
* | o nfct_build_conntrack is too much, the only clients are new_conntrack and svn_t_libnetfilter_conntrack-0.0.26 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-11-09 | 1 | -17/+17 |
| | | | | | | | update_conntrack, and it doesn't even fit well for both cases. So I decided to kill it and inline the code adapting it when was necessary. o Convert all unsigned int/long to POSIX types u_int32_t. Better now than later :(. | ||||
* | o move nfct_handler to libnetfilter_conntrack.c, better for encapsulation | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-11-06 | 1 | -4/+0 |
| | | | | | | | | o fixed ICMP ID handling o fix -> libtool: link: libtool library `nfct_proto_*.la' must begin with `lib' o remove wrong flag at extensions/Makefile.am o bumped version to 0.0.26 o fixed versioning :( | ||||
* | destination ipv6 address is also 128bits, not 64. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-04 | 1 | -1/+1 |
| | |||||
* | add nfct_fd() function | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-04 | 1 | -0/+2 |
| | |||||
* | add extra 'data' argument to callback functions | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-04 | 1 | -6/+6 |
| | |||||
* | o Kill non-portable NIPQUAD, use inet_ntoa instead. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-11-03 | 1 | -1/+1 |
| | | | | | | | | | | | | o nfct_build_conntrack flit bits of status, timeout, id and mark. o finish incomplete support for marks: kernel part missing (patch on the way) o network byte order translation in build_conntrack instead of nfct_conntrack_alloc. Now this translation is transparent to the clients of the library. o Kill last blank space output in nfct_sprintf_[conntrack|expect] (Thanks to Krzysztof Oledzk for reporting this). o add missing initialization of buffer in nfct_default_*_display. o Bumped version to 0.2.5. | ||||
* | o Bumped version to 0.2.4 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-11-01 | 1 | -3/+3 |
| | | | | | | | o Redefine NFCT_ALL_CT_GROUPS o Fix typemsg2enum prototype, flags and type are 16 bits long, not 8 bits o Fix wrong expectation timeout and ID output o Fix getting and killing conntracks by ID | ||||
* | Special thanks to Deti Fiegl from the Leibniz Supercomputing Centre in ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-10-31 | 1 | -4/+7 |
| | | | | | | | | | | | | | Munich, Germany for providing the "fast" hardware to reproduce spurious bugs ;) List of changes: o Replace misleading flag NFCT_ANY_GROUP by NFCT_ALL_GROUPS o Update test file to use NFCT_ALL_GROUPS o Add missing check of CTA_PROTOINFO_TCP that resulted in a segfault in conjuction with events. o Fix ICMP conntracks output o Add missing prototype definition of nfct_default_expect_display_id in libnetfilter_conntrack.h | ||||
* | o Added the expectation printing API | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-10-30 | 1 | -4/+10 |
| | | | | o Bumped version to 0.2.2 | ||||
* | o make static protocol handler functions | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-10-30 | 2 | -1/+3 |
| | | | | | | | | o move build_tuple_proto and build_protoinfo to the extensions where it really belongs to. o Reworked the conntrack and expect netlink handlers o Fix expectation table output, now it's similar to the /proc output o Bumped version to 0.2.1 | ||||
* | Thanks to Harald for all the comments. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-10-29 | 2 | -25/+81 |
| | | | | | | | | | | o libnetfilter_conntrack.h splitted into two parts: what is visible to application programs and what is visible to extensions. o Killed includes asm/types.h and linux/if.h o Fixed nasty wrong ipv6 definition o Stolen the status bits from ip_conntrack.h, we don't include ip_conntrack.h anymore. o move nfct_handle to libnetfilter_conntrack.c: better for encapsulation | ||||
* | o Renamed nfct_[set|unset]_callback to nfct_[register|unregister]_callback | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-10-28 | 1 | -6/+49 |
| | | | | | | | | | | | | | | | o Added some very brief comments to libnetfilter_conntrack.h o Implemented the conntrack printers API nfct_sprintf_* o Now nfct_default_conntrack_display display the classical /proc output, and nfct_default_conntrack_display the classical + conntrack ids o Use nfnl_talk if there's no data expected from kernel space to be processed, that is the case of nfct_[get|delete]_conntrack o Added some missing memset's zeroing o Code simplification: killed some char *buf where struct nfnlhdr is enough o Killed protocol handler destructors (fini) and nfct_unregister_proto: The library is unloaded if something goes wrong (different library versions), the modules never gets inserted in the proto_list. Fixes a segfault. o Bumped version to 0.2.0 | ||||
* | o new nfct_handler prototype | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-10-27 | 1 | -5/+10 |
| | | | | | | | | | | | o NFCT_COUNTERS splitted in NFCT_COUNTERS_[ORIG|RPLY] o all global vars are now static o kill nfct_set_handler, it was too much o fixed very stupid bug in counters printing o fixed conntrack getting: invalid netlink flags NLM_F_[ROOT|MATCH] o nfnl_send returns the proper error to the client, instead of returning -1 o some cleanup's: killed the ret, it was useless o test for the conntrack API completed, still missing the expectation test | ||||
* | o Add conntrack event notification test | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-10-23 | 1 | -3/+10 |
| | | | | | | o Define NFCT_ANY_GROUP flag o Now callback can return a value to stop receiving events o implement nfct_unset_callback() | ||||
* | o Bumped version to 0.1.3 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-10-21 | 1 | -23/+39 |
| | | | | | | | | o Add support for ID's o Fixed stupid bug in NFCT_* flags, I'm stupid o Simplify handler logic o Define event message NFCT_MSG_* o Add support for conntrack marking (kernelspace part still missing) | ||||
* | Some API changes, still some slighty modification are about to come before | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-10-21 | 1 | -27/+21 |
| | | | | the first 1.0 release | ||||
* | o Missing flags fro nfct_open() | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-10-20 | 1 | -0/+5 |
| | | | | | o fix some indentation o fix a leak on error path in ncft_open() | ||||
* | Commit libnetfilter_conntrack.h, I missed it :( | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-10-20 | 1 | -57/+126 |
| | |||||
* | Rename libnfnetlink_conntrack to libnetfilter_conntrack, for some | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-10-20 | 1 | -0/+0 |
| | | | | unknown reason this didn't happen in the lastest commit. | ||||
* | Major changes, this library isn't libnfnetlink_conntrack anymore. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-10-16 | 5 | -7/+728 |
| | | | | | We provide an high level interface that abstracts from the netlink sockets. Now users don't need to know anything about them. | ||||
* | - Add missing files: include/libnfnetlink_conntrack/Makefile.am and ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-10-07 | 2 | -1/+7 |
| | | | | | | | | | | | | | | include/Makefile.am. - Rename list_conntrack_handler to callback_handler, IMHO a proper name for such function. - Use new nfnl_open prototype: Now it's got four parameters. - Kill recurrent definition of the structure nfnlhdr: Actually this should go somewhere in libnfnetlink, later. - Ignore utils subdirectory. It contains a testsuite that is currently broken. Yes I know you're aware of it ;) it's on the TODO list. I'll fix later. - ctnl_error now has a nicer definition. - kill some unneeded ctnl_error messages on failure. (Pablo Neira) | ||||
* | include ip_conntrack.h for status bit enum | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-09-24 | 1 | -0/+3 |
| | |||||
* | fix include paths, use correct automake version, add missing Makefile.am | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-09-23 | 1 | -0/+2 |
| | |||||
* | This patch includes the following updates for the userspace | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-08-05 | 1 | -1/+6 |
| | | | | | | | | | | | | | | libnfnetlink_conntrack library: a) change ctnl_open prototype: Now the subsystem is passed as parameter to select if we work working with given subsystem, say NFNL_CTNETLINK_CONNTRACK[_EXP]. b) added functions ctnl_[new|get|del]_expect c) minor change in ctnl_build_tuple that let us create tuples based on CTA_* and CTA_EXPECT_* attributes. (Pablo Neira) | ||||
* | fix up include path names | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-07-30 | 1 | -1/+2 |
| | |||||
* | restructuring libctnetlink -> libnfnetlink_conntrack | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-07-30 | 1 | -0/+122 |