conntrack-tools.git/doc/sync/ftfw, branch conntrack-tools-1.0.0 conntrack-tools i.e. conntrack and conntrackd (mirror of https://github.com/vyos/conntrack-tools.git) https://git.amelek.net/vyos/conntrack-tools.git/atom?h=conntrack-tools-1.0.0 2010-08-04T17:02:58+00:00 conntrackd: fix wrong kernel requirements for TCPWindowTracking in example files 2010-08-04T17:02:58+00:00 Pablo Neira Ayuso pablo@netfilter.org 2010-08-04T17:02:58+00:00 urn:sha1:023735ca0eab6681804036bb55416b4fc9720b74 This patch fixes wrong Linux kernel requirements in the example configuration files. We require a Linux kernel >= 2.6.36 instead of >= 2.6.35 as the files suggest. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> conntrackd: warn on TCPWindowTracking option (it requires kernel >= 2.6.35) 2010-07-15T18:15:16+00:00 Pablo Neira Ayuso pablo@netfilter.org 2010-07-15T18:15:16+00:00 urn:sha1:c06742539805717a02c6bc5088843d4fd59b6ded This patch adds a comment on the TCPWindowTracking option to warn that this will be supported since the Linux kernel 2.6.35. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> conntrackd: fix ICMPv6 support 2010-07-01T15:38:07+00:00 Pablo Neira Ayuso pablo@netfilter.org 2010-07-01T15:38:07+00:00 urn:sha1:c93ff79c70e1595af94abbadce685087f702c39b This patch fixes several minor nitpicks to support IPv6 failover: * ICMPv6 type/code/id were missing in synchronization messages. * The use of '-' as string in the configuration file was not allowed. * Include example in configuration file under doc/. Reported-by: Mohit Mehta <mohit.mehta@vyatta.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> conntrackd: add support for TCP window scale factor synchronization 2010-02-11T11:06:37+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-12-29T19:02:55+00:00 urn:sha1:56817d1c0cc30bcd65c56c2f73634b256603cc4d This patch adds a new option TCPWindowTracking that allows not to disable TCP window tracking as it occurs by default. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> conntrackd: fix UDP filtering in configuration file 2010-02-11T10:56:37+00:00 Pablo Neira Ayuso pablo@netfilter.org 2010-02-11T10:56:37+00:00 urn:sha1:73da80df0c3cf4175662b3da4dfbd3574d34f96a UDP filtering was broken during the addition of the UDP-based synchronization protocol that was introduced in 0.9.14. This patch fixes the problem. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> conntrackd: add ICMP support for state-synchronization 2009-12-19T14:24:20+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-10-06T09:19:28+00:00 urn:sha1:65645763ebe870fa01b5c1a5dbe810feb9397ff2 This patch adds state-synchronization for ICMP. You SHOULD use a Linux kernel >= 2.6.31, otherwise this patch can result in tons of state-updates. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> conntrackd: break lines at 80 characters in example config files 2009-09-23T15:10:40+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-09-23T15:10:40+00:00 urn:sha1:b52b2712e51172b0c03d3ed25a8f6377d81e51e9 In 49540362b2a25aadbaf25fd087414776aa5a67a8, we forgot to break lines at 80 characters. This patch cleans up this issue. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> conntrackd: fix bad configuration file for DisableExternalCache statement 2009-09-03T13:06:23+00:00 Samuel Gauthier samuel.gauthier@6wind.com 2009-09-03T13:06:23+00:00 urn:sha1:49540362b2a25aadbaf25fd087414776aa5a67a8 DisableExternalCache is supposed to be put in mode NOTRACK{} or Mode FTFW{} statement. Signed-off-by: Samuel Gauthier <samuel.gauthier@6wind.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> conntrackd: add `DisableExternalCache' clause 2009-08-19T14:59:38+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-08-19T14:59:38+00:00 urn:sha1:3e6852f806c4368eda451b39f12b2ac2f2b5d33b This patch adds the clause `DisableExternalCache' that allows you to disable the external cache and to directly inject the entries into the kernel conntrack table. As a result, the CPU consumption of conntrackd increases. This clause can only be used with the FT-FW and the notrack synchronization modes, but not with the alarm mode. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> conntrackd: add support for IPv6 kernel-space filtering via BSF 2009-07-21T14:57:54+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-07-21T14:57:54+00:00 urn:sha1:e55321739fa5e04920feeb2a25b02073d8eb9e10 This patch adds the missing support to filter IPv6 from kernel-space by means of the BSF API that libnetfilter_conntrack provides. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>