conntrack-tools i.e. conntrack and conntrackd (mirror of https://github.com/vyos/conntrack-tools.git) https://git.amelek.net/vyos/conntrack-tools.git/atom?h=conntrack-tools-0.9.14 2009-12-23T18:40:49+00:00 2009-12-23T18:40:49+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-12-23T18:37:36+00:00 urn:sha1:ba8f0e07adc2e124fdb34a8a8f86fcce42a939d8 This patch fixes the clause `State' in `Filter' that allows you to filter by protocol state. This bug was introduced during the implementation of the TCP-based synchronization. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-12-19T14:24:20+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-10-06T09:19:28+00:00 urn:sha1:65645763ebe870fa01b5c1a5dbe810feb9397ff2 This patch adds state-synchronization for ICMP. You SHOULD use a Linux kernel >= 2.6.31, otherwise this patch can result in tons of state-updates. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-12-19T12:55:00+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-12-19T12:55:00+00:00 urn:sha1:2f52fea14f94fb267e22280bce2d45f44c3b34f0 With this patch, we use an indirect call to build the layer 4 information into the synchronization message. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-10-20T23:43:07+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-10-20T23:43:07+00:00 urn:sha1:8ad5df6121c46753a6d12fafa5ab9da309ddb721 This patch adds the clause `DisableInternalCache' that allows you to bypass the internal cache. This clause can only be used with the notrack synchronization mode. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-10-14T14:14:12+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-10-14T14:14:12+00:00 urn:sha1:6e7166b7d396884eedbaf250f8a06864f63c07fc In 0b03f4b759e439edd2c3da0add08050276d7dc5f, I forgot to increase the stats for successful cases. This patch fixes this. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-10-14T13:58:18+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-10-14T13:58:18+00:00 urn:sha1:0b03f4b759e439edd2c3da0add08050276d7dc5f # conntrackd -s external inject: connections created: 0 failed: 0 connections updated: 0 failed: 0 connections destroyed: 0 failed: 0 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-10-08T16:06:04+00:00 Hannes Eder heder@google.com 2009-10-08T16:06:04+00:00 urn:sha1:910d392806be7457f95aaab73e81abe20772bd05 Read an integer right away with fscanf() instead of read()-ing to a buffer, which was actually to small for the terminating '\0', and atoi()-ing. Furthermore read() might not read enough, though unlikely here. Signed-off-by: Hannes Eder <heder@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-10-08T16:04:11+00:00 Hannes Eder heder@google.com 2009-10-08T16:04:11+00:00 urn:sha1:eb1127e0f72274bdcdcf6fdef96f1cbac5d19f02 Avoid this error: conntrack v0.9.13 (conntrack-tools): Operation failed: No such file or directory when using 'conntrack -E -e ALL ...'. This is caused by the fact that netfilter expectations also get delivered, but things are not setup for this, nfnl_catch returns -1 and errno = ENOENT. Signed-off-by: Hannes Eder <heder@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-10-07T13:08:35+00:00 Hannes Eder heder@google.com 2009-10-07T13:08:35+00:00 urn:sha1:0cd2397e80d21d77ddb97794f24bb6945849093d When 'conntrack' is called with no arguments then garbage is printed after the usage message. This patch fixes this. Signed-off-by: Hannes Eder <heder@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-09-25T22:19:45+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-09-25T22:19:45+00:00 urn:sha1:bde8891c60cd31590b38459081886bb5d1910f97 This patch fixes a missing calculation of maxfd when a file descriptor is unregistered. Reported-by: Jean Mickael Guerin <jean-mickael.guerin@6wind.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>