conntrack-tools.git/include, branch upstream

Merge remote-tracking branch 'source/master' into upstream

2015-10-02T06:43:42+00:00

conntrack: add zone direction support

2015-09-29T18:39:42+00:00

This patch adds support for zone directions. Since all options have the orig/reply as a prefix, I named it --orig-zone and --reply-zone to stay consistent with the rest of the cmdline options. As for the option chars, there was no unallocated reasonable combination, thus only long options are officially exposed in the help, similarly as in other cases. Test suite results, after patch: OK: 79 BAD: 0 Signed-off-by: Daniel Borkmann Signed-off-by: Pablo Neira Ayuso

nfct: Update syntax to specify command before subsystem

2015-08-26T18:43:55+00:00

This patch gets the nfct syntax in sync with nft so it looks like this: nfct object ... instead of: nfct object ... This patch retains backward compatibility so you can still use the old syntax. The manpage and tests have been also updated to promote the adoption of this syntax. We should have little existing clients of this tool as we can only use this to configure the cttimeout and cthelper infrastructures. Signed-off-by: Pablo Neira Ayuso

list: fix prefetch dummy

2015-08-26T18:43:51+00:00

[...] CC conntrack.o In file included from ../include/conntrack.h:4:0, from conntrack.c:41: conntrack.c: In function ‘findproto’: ../include/linux_list.h:385:59: warning: right-hand operand of comma expression has no effect [-Wunused-value] for (pos = list_entry((head)->next, typeof(*pos), member), \ ^ [...] The original patch is from Patrick McHardy . Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso

src: Include for fd_set

2015-05-21T12:47:28+00:00

Signed-off-by: Felix Janda Signed-off-by: Pablo Neira Ayuso

src: Use stdint types

2015-05-21T12:46:53+00:00

Signed-off-by: Felix Janda Signed-off-by: Pablo Neira Ayuso

include: Sync with kernel headers

2015-05-21T12:46:18+00:00

Signed-off-by: Felix Janda Signed-off-by: Pablo Neira Ayuso

nfct: timeout: add support for default protocol timeout tuning

2014-05-13T13:53:28+00:00

This new interface supersedes the /proc interface: /proc/sys/net/netfilter/nf_conntrack_PROTO_STATE_timeout to tune default conntrack timeout helpers. # nfct timeout default-get inet tcp .l3proto = 2, .l4proto = 6, .policy = { .SYN_SENT = 120, .SYN_RECV = 60, .ESTABLISHED = 432000, .FIN_WAIT = 120, .CLOSE_WAIT = 60, .LAST_ACK = 30, .TIME_WAIT = 120, .CLOSE = 10, .SYN_SENT2 = 120, .RETRANS = 300, .UNACKNOWLEDGED = 300, }, }; # nfct timeout default-set inet tcp ESTABLISHED 100 As replacement for the existing /proc interfaces for timeout tweaking. This feature requires a Linux kernel >= 3.13. Signed-off-by: Pablo Neira Ayuso

conntrackd: cthelper: add TFTP helper

2013-10-03T08:51:03+00:00

This patch adds an userspace port of the TFTP helper that is currently implemented in the kernel. This includes NAT support. It requires a Linux kernel 3.12. Signed-off-by: Pablo Neira Ayuso

nfct: src: consolidate netlink socket creation

2013-10-01T11:23:39+00:00

Open the socket from the main function, then pass it as parameter to the corresponding interpreter. Signed-off-by: Pablo Neira Ayuso