conntrack-tools.git/include, branch conntrack-tools-0.9.9

automake: add missing cidr.h

2008-12-18T10:54:09+00:00

This patch adds cidr.h to Makefile.am in include/ Signed-off-by: Pablo Neira Ayuso

src: cleanup, rename hashtable_test() by hashtable_find()

2008-12-17T11:42:00+00:00

This patch renames the function hashtable_test() by hashtable_find() which is a better name IMO to describe this function. Signed-off-by: Pablo Neira Ayuso

ftfw: shrink alive message size

2008-12-13T16:24:47+00:00

This patch reduces the size of alive messages by removing the "from" and "to" fields which are not of any help. This patch also removes the IS_CTL() macro since it does not return true for the control messages anymore but only for IS_ACK(), IS_NACK() and IS_RESYNC(). Signed-off-by: Pablo Neira Ayuso

network: do more strict message type checking

2008-12-13T16:24:27+00:00

This patch adds more strict checking in the message type. We add a new message type NET_T_CTL for control messages. Signed-off-by: Pablo Neira Ayuso

network: use NET_T_* instead of NFCT_Q_*

2008-12-13T15:15:18+00:00

This patch replaces the use of NFCT_Q_* in the message type by specific network message type NET_T_*. The query types are reserved for libnetfilter_conntrack operations. Signed-off-by: Pablo Neira Ayuso

netlink: fix EILSEQ error messages due to process race condition

2008-12-11T17:35:03+00:00

This patch fixes a race condition that triggers EILSEQ errors (wrong sequence message). The problems is triggered when the child process resets the timers at the same time that the parent process requests a resync. Since both the child and the parent process use the same descriptors, the sequence tracking code in libnfnetlink gets confused as it considers that it is receiving out of sequence netlink messages. This patch introduces internal handlers to commit and reset timers so that the parent and the child do not use the same descriptors to operate with the kernel. This patch changes the prototype of all nf_*_conntrack() functions. Now, the nfct handler is passed as first parameter, this change is required to fix this problem. The rest of the changes on the API is done for consistency. Signed-off-by: Pablo Neira Ayuso

src: recover conntrackd -F operation

2008-12-08T23:02:44+00:00

This patch recovers the option -F for conntrackd. This will be particularly useful to flush the kernel conntrack table without getting the event notification of the conntrack deletions (that will happen with Linux kernel >= 2.6.29). Signed-off-by: Pablo Neira Ayuso

parse: strict attribute size checking

2008-12-08T22:58:31+00:00

This patch adds strict attribute size checking. This is good to detect corrupted or malformed messages. Signed-off-by: Pablo Neira Ayuso

network: fix data offset alignment returned by NTA_DATA macro

2008-12-08T10:20:44+00:00

This patch aligns the data offset that is returned by the NTA_DATA macro. Signed-off-by: Pablo Neira Ayuso

network: remove the netpld header from the messages

2008-12-08T10:10:47+00:00

This patch simplifies the message format of the replication messages. As a result, we save four bytes. The netpld header was introduced in the early protocol design. Today, it does not have any reason to exist. Signed-off-by: Pablo Neira Ayuso