conntrack-tools.git/include/linux, branch upstream

include: Sync with kernel headers

2015-05-21T12:46:18+00:00

Signed-off-by: Felix Janda Signed-off-by: Pablo Neira Ayuso

nfct: timeout: add support for default protocol timeout tuning

2014-05-13T13:53:28+00:00

This new interface supersedes the /proc interface: /proc/sys/net/netfilter/nf_conntrack_PROTO_STATE_timeout to tune default conntrack timeout helpers. # nfct timeout default-get inet tcp .l3proto = 2, .l4proto = 6, .policy = { .SYN_SENT = 120, .SYN_RECV = 60, .ESTABLISHED = 432000, .FIN_WAIT = 120, .CLOSE_WAIT = 60, .LAST_ACK = 30, .TIME_WAIT = 120, .CLOSE = 10, .SYN_SENT2 = 120, .RETRANS = 300, .UNACKNOWLEDGED = 300, }, }; # nfct timeout default-set inet tcp ESTABLISHED 100 As replacement for the existing /proc interfaces for timeout tweaking. This feature requires a Linux kernel >= 3.13. Signed-off-by: Pablo Neira Ayuso

conntrackd: cthelper: allow to attach expectations via nfqueue

2013-09-26T16:52:26+00:00

This requires the Linux kernel 3.12. Signed-off-by: Pablo Neira Ayuso

conntrackd: add cthelper infrastructure (+ example FTP helper)

2012-08-01T17:20:06+00:00

This patch adds the user-space helper infrastructure. It also contains the implementation of the FTP helper in user-space. There's one example file that you can use to configure conntrackd as user-space connection tracking helper under: doc/helper/conntrackd.conf Signed-off-by: Pablo Neira Ayuso

src: integrate nfct into the conntrack-tools tree

2012-05-26T13:29:19+00:00

I'll need for the upcoming cthelper infrastructure. Moreover, we avoid more fragmentation in the netfilter user-space utilities. And the plan is that `nfct' will replace `conntrack' at some point. Signed-off-by: Pablo Neira Ayuso