conntrack-tools.git, branch upstream

Merge remote-tracking branch 'source/master' into upstream

2015-10-02T06:43:42+00:00

conntrack: add zone direction support

2015-09-29T18:39:42+00:00

This patch adds support for zone directions. Since all options have the orig/reply as a prefix, I named it --orig-zone and --reply-zone to stay consistent with the rest of the cmdline options. As for the option chars, there was no unallocated reasonable combination, thus only long options are officially exposed in the help, similarly as in other cases. Test suite results, after patch: OK: 79 BAD: 0 Signed-off-by: Daniel Borkmann Signed-off-by: Pablo Neira Ayuso

conntrack-tools 1.4.3 release

2015-09-08T18:10:47+00:00

Signed-off-by: Pablo Neira Ayuso

nfct: update syntax in documentation

2015-09-08T18:10:13+00:00

Since dd73ceecdbe8 ("nfct: Update syntax to specify command before subsystem") the command comes before the object type. Update documentation accordingly. Signed-off-by: Pablo Neira Ayuso

nfct: Update syntax to specify command before subsystem

2015-08-26T18:43:55+00:00

This patch gets the nfct syntax in sync with nft so it looks like this: nfct object ... instead of: nfct object ... This patch retains backward compatibility so you can still use the old syntax. The manpage and tests have been also updated to promote the adoption of this syntax. We should have little existing clients of this tool as we can only use this to configure the cttimeout and cthelper infrastructures. Signed-off-by: Pablo Neira Ayuso

tests: fix run-test.sh

2015-08-26T18:43:55+00:00

This reports: run-test.sh: line 3: UID: read-only variable rename it to _UID. Signed-off-by: Pablo Neira Ayuso

nfct: don't link against libnetfilter_conntrack

2015-08-26T18:43:55+00:00

The nfct program uses none of the symbols of libnetfilter_conntrack. Linking against it means that distributors have to maintain an useless depedency. This was spotted by the dpkg-shlibdeps tool. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso

doc/debian.conntrackd.init.d: drop file

2015-08-26T18:43:55+00:00

This file is likely dead code. It's outdated. Also I think distributors should manage themselves to integrate daemons in their operating systems. Following this idea, this file doesn't belong here. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso

list: fix prefetch dummy

2015-08-26T18:43:51+00:00

[...] CC conntrack.o In file included from ../include/conntrack.h:4:0, from conntrack.c:41: conntrack.c: In function ‘findproto’: ../include/linux_list.h:385:59: warning: right-hand operand of comma expression has no effect [-Wunused-value] for (pos = list_entry((head)->next, typeof(*pos), member), \ ^ [...] The original patch is from Patrick McHardy . Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso

conntrackd: missing break in expectation message parser function

2015-08-18T17:22:07+00:00

Fortunately, the TLVs come in order in the message, however, if the order is changed we'll incorrectly set up the expectation. Signed-off-by: Pablo Neira Ayuso