conntrack-tools i.e. conntrack and conntrackd (mirror of https://github.com/vyos/conntrack-tools.git) https://git.amelek.net/vyos/conntrack-tools.git/atom?h=conntrack-tools-0.9.14 2009-12-23T19:31:10+00:00 2009-12-23T19:31:10+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-12-23T19:31:10+00:00 urn:sha1:f49cfb7598c0433d3cb3dc3d829b510a205313f4 This patch documents the internal cache disabling feature that is available for the NOTRACK mode. I have also added an example on how to set up a TCP-based state-synchronization. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-12-19T14:24:20+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-10-06T09:19:28+00:00 urn:sha1:65645763ebe870fa01b5c1a5dbe810feb9397ff2 This patch adds state-synchronization for ICMP. You SHOULD use a Linux kernel >= 2.6.31, otherwise this patch can result in tons of state-updates. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-09-23T15:10:40+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-09-23T15:10:40+00:00 urn:sha1:b52b2712e51172b0c03d3ed25a8f6377d81e51e9 In 49540362b2a25aadbaf25fd087414776aa5a67a8, we forgot to break lines at 80 characters. This patch cleans up this issue. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-09-03T13:06:23+00:00 Samuel Gauthier samuel.gauthier@6wind.com 2009-09-03T13:06:23+00:00 urn:sha1:49540362b2a25aadbaf25fd087414776aa5a67a8 DisableExternalCache is supposed to be put in mode NOTRACK{} or Mode FTFW{} statement. Signed-off-by: Samuel Gauthier <samuel.gauthier@6wind.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-08-23T10:11:20+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-08-23T10:11:20+00:00 urn:sha1:cf3be894fcb95adb360425c8482954522e9110d2 This patch adds support for TCP as protocol to replicate state-changes between two daemons. Note that this only makes sense with the notrack mode. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-08-19T14:59:38+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-08-19T14:59:38+00:00 urn:sha1:3e6852f806c4368eda451b39f12b2ac2f2b5d33b This patch adds the clause `DisableExternalCache' that allows you to disable the external cache and to directly inject the entries into the kernel conntrack table. As a result, the CPU consumption of conntrackd increases. This clause can only be used with the FT-FW and the notrack synchronization modes, but not with the alarm mode. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-07-21T14:57:54+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-07-21T14:57:54+00:00 urn:sha1:e55321739fa5e04920feeb2a25b02073d8eb9e10 This patch adds the missing support to filter IPv6 from kernel-space by means of the BSF API that libnetfilter_conntrack provides. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-07-21T12:36:18+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-07-21T12:36:18+00:00 urn:sha1:0521db731c0daa417a3dfb67fba7c6f80596e553 This patch adds the NetlinkEventsReliable clause, this is useful to turn on reliable Netlink event delivery. This features requires a Linux kernel >= 2.6.31. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-04-24T10:23:03+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-04-24T10:23:03+00:00 urn:sha1:b808645ec71b7cc22cf5106b3d79625d07e6077c This patch adds initial support for DCCP state replication. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-04-18T17:36:38+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-04-18T17:36:38+00:00 urn:sha1:400ae54438c4b85126f9fab0ae1dc067823b70f7 This patch adds initial support for SCTP state replication. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>