conntrack-tools.git/src, branch conntrack-tools-1.0.1

conntrackd: fix checking of return value of queue_add()

2012-01-04T13:19:17+00:00

Most callers of queue_add() assume that it returns != 0 in case of success. However, it may return -1 in case that the queue gets full. In that case, most callers have to: - release the object that they want to enqueue. - decrement the refcount, in case they have bumped it. However, most of these callers are using the tx_queue which currently has no limit in size at all. This fix is necessary in case that I decide to limit the size of the transmission queue in the future (which makes a lot of sense indeed). Signed-off-by: Pablo Neira Ayuso

conntrackd: fix filtering of dump output if internal cache is disabled

2011-12-19T17:52:31+00:00

Signed-off-by: Pablo Neira Ayuso

conntrackd: add missing initial caching of gettimeofday()

2011-10-24T10:01:26+00:00

Thus, we fix conntrackd -i for flows that were just retrieved from the kernel: tcp 6 ESTABLISHED src=192.168.1.135 dst=208.68.163.220 sport=42179 dport=5222 src=208.68.163.220 dst=192.168.1.135 sport=5222 dport=42179 [ASSURED] mark=0 [active since 1319450515s] Note the wrong "active since" value. Signed-off-by: Pablo Neira Ayuso

conntrack: add missing break when parsing --id/--secmark options

2011-07-08T11:30:36+00:00

commit 147ed522f52a62ab0d854ddc443d27d97dbf6cdf (conntrack: add support for mark mask) failed to add a break after secmark/id option parsing. Results in '-m 42 -c 1' to search for mark 1 instead of 42. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso

conntrack: remove unused variable with -S

2011-06-22T09:21:01+00:00

Error: UNUSED_VALUE: conntrack-tools-1.0.0/src/conntrack.c:1297: returned_pointer: Pointer "nl" returned by "strchr(buf, 10)" is never used. Reported-by: Jiri Popelka Signed-off-by: Pablo Neira Ayuso

conntrack: skip sending update message to kernel if conntrack is unchanged

2011-06-15T12:46:30+00:00

This speeds up operation when a lot of conntracks exist, but only a few of them have to be altered. This change is user-visible because the exit message ("%d flow entries have been updated") will now print the number of entries that have been altered instead of the total number of conntracks seen. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso

conntrack: add support for mark mask

2011-06-15T12:46:19+00:00

Extend --mark option to optionally take a mask, seperated by '/', e.g. --mark 0x80/0xf0. When used with -L, only test those bits of the mark that are in the mask range (behaves like iptables like -m mark). When used with -U, zero out those bits indicated by the mask and XOR the new mark into the result (behaves like iptables -j MARK --set-xmark). Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso

conntrack: display informative message if expectation table is flushed

2011-02-22T14:34:59+00:00

With this patch, we display the following message after: # conntrack -F expect conntrack v0.9.15 (conntrack-tools): expectation table has been emptied. To make it consistent with the message displayed with conntrack -F. Signed-off-by: Pablo Neira Ayuso

conntrackd: remove use of deprecated nfct_maxsize()

2011-02-18T11:15:52+00:00

This patch removes the use of nfct_maxsize() and several abusive stack-based allocations. Signed-off-by: Pablo Neira Ayuso

conntrack: allocate template objects in the heap

2011-02-17T18:05:32+00:00

With this patch, we don't abuse the stack anymore, instead we allocate the template objects that are used in the heap. We stop using nfct_maxsize() which is now deprecated in libnetfilter_conntrack. Signed-off-by: Pablo Neira Ayuso