summaryrefslogtreecommitdiffstats
path: root/src/conntrack
Commit message (Collapse)AuthorAgeFilesLines
* Extend high-level API for netlink BSF to add negative logicPablo Neira Ayuso2008-07-182-19/+104
| | | | | | | This patch introduces nfct_filter_set_logic() to set the filtering logic which results in a more flexible solution. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add berkeley socket filtering high-level APIPablo Neira Ayuso2008-07-174-1/+550
| | | | | | | | This patch adds an abstraction level to berkeley sockets filter (BSF) for Netlink sockets available since Linux kernel 2.6.26. This provides an easy way to attach filters without knowing about BSF at all. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Use union of char buffer and message header to ensure proper byteFabian Hugelshofer2008-06-181-8/+12
| | | | | | alignment. Signed-off-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch>
* fix wrong ATTR_*_L3PROTO handling in the message buildingPablo Neira Ayuso2008-06-161-8/+14
| | | | | | - include missing ATTR_MASTER_L3PROTO attribute into messages - include ATTR_[ORIG|REPL]_L3PROTO iff there is at least another layer 3 attribute
* fix bug in nfct_cmp() with IPv6 addresslibnetfilter_conntrack-0.0.94Pablo Neira Ayuso2008-05-271-4/+4
|
* define ICMPV6_NI_QUERY and ICMPV6_NI_REPLY if not setPablo Neira Ayuso2008-05-271-0/+8
|
* add full support of SCTPPablo Neira Ayuso2008-05-217-3/+136
|
* fix nfct_copy with NFCT_CP_ORIG and NFCT_CP_REPLY flagsPablo Neira Ayuso2008-05-201-8/+15
|
* fix __nfct_l4 structure layout (specifically, ICMP)Pablo Neira Ayuso2008-05-161-8/+82
| | | | fix nfct_cmp(): add port comparison, better ICMP support
* compare layer 3 and layer 4 protocol number before addresses/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-05-161-28/+28
|
* improve nfct_copy/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-05-142-49/+474
|
* Add missing master tuple getters (reported by Max Wilhelm)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-292-0/+50
|
* - bump version to 0.0.92/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-165-19/+79
| | | | | | | | - recover the ID support - add support for timeout comparison - ignore set operation for counters and use attributes - fix broken status comparison - statify several __snprintf functions
* fix missing bitset in the autocomplete code/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-131-0/+3
|
* - add nfct_cmp (replacement for nfct_compare a bit more flexible)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-136-63/+243
| | | | | | - add nfct_copy - conditional build of original and reply tuples - fix secmark parsing
* add nfct_send/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-091-1/+32
|
* fix segfault while getting the conntrack ID (reported by Thomas Mader)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-041-0/+6
|
* This patch adds invmap support and duplicate code/id for reply direction,/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-251-0/+43
| | | | | | | | | so inserted conntracks get proper type, code and id. Without this fix "type", "code" and "id" in reply direction were always set to 0. It "automagically" worked for ICMP and ICMP_ECHOREPLY (ICMP_ECHOREPLY==8 -> ICMP_ECHO==*0*), but not with with other ICMP codes nor with ICMPv6. Signed-off-by: Krzysztof Oledzki <ole@ans.pl>
* This rather trivial patch adds ICMPv6 support for libnetfilter_conntrack,/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-254-0/+33
| | | | | | but only for the new API - deprecated/extensions was left unchanged. Signed-off-by: Krzysztof Oledzki <ole@ans.pl>
* - fix broken 'deprecated backward compatibility'svn_t_libnetfilter_conntrack-0.0.89/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-222-3/+3
| | | | - fix glibc 2.7.20 compilation (based on patch from Paul P. Konkoff)
* add support for NAT sequence adjusment/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-094-0/+170
|
* several cleanups for Makefile.am/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-131-12/+8
|
* add NFCT_OF_TIME output flag to nfct_snprintf/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-132-2/+43
|
* add secmark getter and setters/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-052-0/+12
|
* add support for udplite/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-172-0/+4
|
* - add support for secmark/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-174-1/+35
| | | | - fix typo s/test_but/test_bit/
* - add missing getter for TCP flags/mask/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-152-7/+41
| | | | - add TCP flags/mask attributes if they are set, otherwise skip
* fix several compilation warnings (reported by J.Engelhardt)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-091-1/+1
|
* Add support for conntrack master setup/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-083-0/+84
|
* add support for TCP flagssvn_t_libnetfilter_conntrack-0.0.82/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-09-123-0/+46
|
* The getters have to point to the right sized types, otherwise they don't ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-09-021-3/+3
| | | | work on big-endian. Philip Craig <philipc@snapgear.com>
* add layer 4 protocol comparison to nfct_compare()svn_t_libnetfilter_conntrack-0.0.81/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-07-181-0/+12
|
* - introduce nfct_nfnlh() to use functions like nfnl_rcvbufsiz(): return ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-07-091-8/+1
| | | | | | | read-only nfnl_handle - remove unused build_id() from build.c - bump version to 0.0.81
* fix type in snprintf_default.c (Jozsef Kladecsik)svn_t_libnetfilter_conntrack-0.0.80/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-151-1/+1
|
* Introduce NFCT_Q_CREATE_UPDATE: create conntrack, if it exists, update it/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-071-7/+12
|
* nfct_snprintf now returns the number of bytes that would have been written, ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-072-109/+109
| | | | not just the number of bytes written. Emulate snprintf behaviour as in specified in C99
* fix nfct_snprintf behaviour if the buffer passed is too small (similar to ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-074-183/+62
| | | | C99 convention)
* introduce NFCT_SOPT_SETUP_* options to simplify object setup/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-041-0/+24
|
* fix silly bug in nfct_getobjopt(..., NFCT_GOPT_IS_*NAT), always return 1 if ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-041-8/+8
| | | | status flags are set
* fix invalid argument error: status flags may not be present in update messages/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-041-2/+7
|
* add support for 64 bits counters (Krzysztof Oledzki)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-291-8/+24
|
* - delete ctnl_test.c since it contains examples of the old *deprecated* API/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-202-4/+4
| | | | | - fix wrong port display in the XML output (Morten Isaksen) - use ntohs instead htons in snprintf_default.c
* introduce the new expectation API/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-012-16/+7
|
* - fix compilation warning in snprintf.c/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-243-3/+146
| | | | | | - introduce the new compare infrastructure: much simple than previous - introduce nfct_maxsize for nf_conntrack object allocated in the stack - more strict checkings in nfct_set_attr: third parameter is const
* Set status bit if whatever status flags are available, not only for ASSURED ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2007-03-211-4/+1
| | | | and SEEN_REPLY
* [PATCH] Fix icmp_id setter and doc (Phil Dibowitz <phil@ipom.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-03-171-1/+1
| | | | | | | | ICMP ID is stored as a u_int16_t, but its setter function derefs it's arguement as a u_int8_t. Additionally the api "doc" claims it's a u8, when it's not. This patch fixes both.
* - fix inconsistency in the behaviour of nfct_set_attr with ATTR_STATUS: now ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2007-02-272-6/+10
| | | | | | status flags bits of conntrack objects in userspace can be set and unset as it happens with other attributes. - nfct_get_objopt with NAT detectors previously checks if the status attribute is set, otherwise it just skips it.
* fix wrong documentation in nfct_attr_get_u[*] functions/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2007-02-121-6/+9
|
* - fix a crash on trying to set the counters of a conntracksvn_t_libnetfilter_conntrack-0.0.50/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2007-01-052-2/+16
| | | | | | | - document that ATTR_*_COUNTER_*, ATTR_USE and ATTR_ID are unsettable - implement getter for the ATTR_USE attribute Based on patches from Victor Stinner.
* Minor fix in the counter parsing: replace htonl by ntonl, anyway they are ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-12-291-2/+2
| | | | actually the same function so this should not break anything.