Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | fix several compilation warnings (reported by J.Engelhardt) | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-12-09 | 2 | -1/+3 |
| | |||||
* | - move old API implementation to deprecated.c | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-12-08 | 3 | -100/+115 |
| | | | | - rename libnetfilter_conntrack.c to main.c | ||||
* | Add support for conntrack master setup | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-12-08 | 3 | -0/+84 |
| | |||||
* | add support for TCP flagssvn_t_libnetfilter_conntrack-0.0.82 | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-09-12 | 3 | -0/+46 |
| | |||||
* | The getters have to point to the right sized types, otherwise they don't ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-09-02 | 2 | -6/+6 |
| | | | | work on big-endian. Philip Craig <philipc@snapgear.com> | ||||
* | add layer 4 protocol comparison to nfct_compare()svn_t_libnetfilter_conntrack-0.0.81 | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-07-18 | 1 | -0/+12 |
| | |||||
* | - introduce nfct_nfnlh() to use functions like nfnl_rcvbufsiz(): return ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-07-09 | 2 | -8/+6 |
| | | | | | | | read-only nfnl_handle - remove unused build_id() from build.c - bump version to 0.0.81 | ||||
* | fix type in snprintf_default.c (Jozsef Kladecsik)svn_t_libnetfilter_conntrack-0.0.80 | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-15 | 1 | -1/+1 |
| | |||||
* | Introduce NFCT_Q_CREATE_UPDATE: create conntrack, if it exists, update it | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-07 | 1 | -7/+12 |
| | |||||
* | nfexp_snprintf behaves as snprintf C99 | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-07 | 2 | -27/+14 |
| | |||||
* | nfct_snprintf now returns the number of bytes that would have been written, ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-07 | 2 | -109/+109 |
| | | | | not just the number of bytes written. Emulate snprintf behaviour as in specified in C99 | ||||
* | fix nfct_snprintf behaviour if the buffer passed is too small (similar to ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-07 | 4 | -183/+62 |
| | | | | C99 convention) | ||||
* | introduce NFCT_SOPT_SETUP_* options to simplify object setup | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-04 | 1 | -0/+24 |
| | |||||
* | fix silly bug in nfct_getobjopt(..., NFCT_GOPT_IS_*NAT), always return 1 if ↵ | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-04 | 1 | -8/+8 |
| | | | | status flags are set | ||||
* | fix invalid argument error: status flags may not be present in update messages | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-06-04 | 1 | -2/+7 |
| | |||||
* | add support for 64 bits counters (Krzysztof Oledzki) | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-05-29 | 1 | -8/+24 |
| | |||||
* | - delete ctnl_test.c since it contains examples of the old *deprecated* API | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-05-20 | 2 | -4/+4 |
| | | | | | - fix wrong port display in the XML output (Morten Isaksen) - use ntohs instead htons in snprintf_default.c | ||||
* | - add warning note to ctnl_test.c: old API is deprecated | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-05-06 | 2 | -23/+54 |
| | | | | | | | | - split expect_api_test.c into small example files expect_*.c - introduce alias tags for original tuple attributes - introduce nfexp_sizeof and nfexp_maxsize - build expectation attributes iif they are set - fix l3num setting in expect/build.c | ||||
* | introduce the new expectation API | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-05-01 | 12 | -18/+904 |
| | |||||
* | - fix compilation warning in snprintf.c | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org | 2007-04-24 | 3 | -3/+146 |
| | | | | | | - introduce the new compare infrastructure: much simple than previous - introduce nfct_maxsize for nf_conntrack object allocated in the stack - more strict checkings in nfct_set_attr: third parameter is const | ||||
* | Set status bit if whatever status flags are available, not only for ASSURED ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2007-03-21 | 1 | -4/+1 |
| | | | | and SEEN_REPLY | ||||
* | [PATCH] Fix icmp_id setter and doc (Phil Dibowitz <phil@ipom.com>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-03-17 | 1 | -1/+1 |
| | | | | | | | | ICMP ID is stored as a u_int16_t, but its setter function derefs it's arguement as a u_int8_t. Additionally the api "doc" claims it's a u8, when it's not. This patch fixes both. | ||||
* | - fix inconsistency in the behaviour of nfct_set_attr with ATTR_STATUS: now ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2007-02-27 | 2 | -6/+10 |
| | | | | | | status flags bits of conntrack objects in userspace can be set and unset as it happens with other attributes. - nfct_get_objopt with NAT detectors previously checks if the status attribute is set, otherwise it just skips it. | ||||
* | fix wrong documentation in nfct_attr_get_u[*] functions | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2007-02-12 | 1 | -6/+9 |
| | |||||
* | - fix a crash on trying to set the counters of a conntracksvn_t_libnetfilter_conntrack-0.0.50 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2007-01-05 | 2 | -2/+16 |
| | | | | | | | - document that ATTR_*_COUNTER_*, ATTR_USE and ATTR_ID are unsettable - implement getter for the ATTR_USE attribute Based on patches from Victor Stinner. | ||||
* | Minor fix in the counter parsing: replace htonl by ntonl, anyway they are ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2006-12-29 | 2 | -4/+4 |
| | | | | actually the same function so this should not break anything. | ||||
* | Fix minor nitpick in the XML output (Victor Stinner) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2006-12-29 | 1 | -2/+2 |
| | |||||
* | - replace ntohs by htons in the example file (reported by Victor Stinner) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2006-12-23 | 1 | -3/+0 |
| | | | | | - introduce NFCT_O_PLAIN flag: NFCT_O_DEFAULT points to NFCT_O_PLAIN - remove commented line in nfct_new() | ||||
* | Introduce the new libnetfilter_conntrack API, features: | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2006-12-19 | 13 | -13/+2492 |
| | | | | | | | | | - object oriented infrastructure - extensible and configurable output (XML) - low level functions to interact with netlink details - fairly documented Still backward compatible. | ||||
* | Remove check for UID == 0, it is wrong for multiple reasons. (Sebastian ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-08-16 | 1 | -12/+0 |
| | | | | Hagen <sebastian_hagen@memespace.net>) | ||||
* | [PATCH 1/6] libnetfilter_conntrack pkt-config modifications (KOVACS ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-08-03 | 1 | -2/+2 |
| | | | | Krisztian <hidden@balabit.hu>) | ||||
* | Fix expectation mask dumping | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2006-03-01 | 1 | -1/+33 |
| | |||||
* | export a function required by nfct helper support | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-09 | 1 | -2/+2 |
| | |||||
* | add version info | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-09 | 1 | -1/+1 |
| | |||||
* | Simplification: nfnl_send + nfnl_listen calls for nfnl_talk | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2006-02-09 | 1 | -18/+3 |
| | |||||
* | flush stdout, so realtime output to a pipe is broken (Daniel De Graaf) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2006-01-22 | 1 | -0/+1 |
| | |||||
* | o Add missing layer-3 protocol flags for the expectation tuple | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2006-01-15 | 1 | -2/+2 |
| | | | | o Update copyright date | ||||
* | Introduce various API changes throughout the library stack | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-01-14 | 1 | -59/+109 |
| | | | | | | | | | | | 1) make libnfnetlink dynamically allocate it's handles 2) apply that change throughout libnetfilter_* 3) add {nfq,nflog,nfct}_open_nfnl() functions that open the specific subsystem on top of an existing nfnl_handle, which is required for upcoming libnetfilter_conntrack_helper The changes break ABI and API compatibility of libnfnetlink, but don't break ABI or API compatibility of the libnetfilter_* libraries. | ||||
* | o add IPv6 support | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-12-26 | 1 | -36/+137 |
| | | | | | | | | | | | | o clean up layer-4 compare functions o finish the comparison infrastructure: support for tuple/mark matching o fix bug in the default event display when used in conjunction with the comparison infrastructure. o Bumped version to 0.0.30 Thanks to Yasuyuki Kozakai for: [LIBNETFILTER_CONNTRACK] fix dumping IPv6 connections that in included in this commit. | ||||
* | Add support for per-family table flushing. ie. flush just AF_INET entries. ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-12-19 | 1 | -4/+4 |
| | | | | Towards ipv6 support. | ||||
* | Slightly API changes required for the upcoming ipv6 support | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-12-19 | 1 | -8/+10 |
| | |||||
* | Use u_int8_t for CTA_PROTO_NUM | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2005-12-18 | 1 | -1/+1 |
| | |||||
* | o Fixed bugs in UDP and SCTP protocol handlers (parse_proto) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-12-03 | 1 | -10/+51 |
| | | | | | | | | | o Added the comparison infrastructure for layer-4 protocols o Added libnetfilter_conntrack_[tcp|udp|icmp|sctp].h that contains the protocol flags used by the comparison infrastructure o Added nfct_conntrack_compare to compare two conntracks based on flags o Killed nfct_event_netlink_handler o nfct_event_[conntrack|expect] requires ROOT privileges (reason: netlink multicast) o Bumped version to 0.29 | ||||
* | - get rid of KERNELDIR include | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-14 | 1 | -5/+1 |
| | | | | - have only one place where we specify the includes (Make_global.am) | ||||
* | o nfct_build_conntrack is too much, the only clients are new_conntrack and svn_t_libnetfilter_conntrack-0.0.26 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-11-09 | 1 | -53/+67 |
| | | | | | | | update_conntrack, and it doesn't even fit well for both cases. So I decided to kill it and inline the code adapting it when was necessary. o Convert all unsigned int/long to POSIX types u_int32_t. Better now than later :(. | ||||
* | introduce library API versioning and plugin release handling | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-06 | 2 | -3/+9 |
| | |||||
* | - modules don't need a 'lib' prefix | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-06 | 1 | -2/+2 |
| | | | | - modules need to be linked against libnetfilter_conntrack.la, otherwise they miss a dependency | ||||
* | sed 's/nfct_proto_.so/libnfct_proto_.so/g' | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-11-06 | 1 | -2/+2 |
| | |||||
* | o move nfct_handler to libnetfilter_conntrack.c, better for encapsulation | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org | 2005-11-06 | 1 | -2/+5 |
| | | | | | | | | o fixed ICMP ID handling o fix -> libtool: link: libtool library `nfct_proto_*.la' must begin with `lib' o remove wrong flag at extensions/Makefile.am o bumped version to 0.0.26 o fixed versioning :( | ||||
* | - move plugins to their own subdirectory | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-05 | 1 | -2/+2 |
| | | | | - rename plugins to something that indicates their purpose (protocol) |