conntrack-tools.git/src, branch master

Remove generated files.

2013-02-21T19:42:20+00:00

Fix build error:

2013-02-15T00:07:15+00:00

parse.c: In function ‘msg2ct’: parse.c:258: error: ‘NULL’ undeclared (first use in this function) parse.c:258: error: (Each undeclared identifier is reported only once parse.c:258: error: for each function it appears in.) needed #include

conntrackd: parse: fix wrong maximum length for ATTR_EXP_FN

2012-09-12T21:05:08+00:00

It was set to NFCT_HELPER_NAME_MAX (16 bytes), but we have function names that are larger, eg. nf-nat-follow-master which is 18 bytes long. This leads to hitting malformed message while synchronizing expectations. I'll add some new constant to libnetfilter_conntrack instead of hardcoding this, later. Reported-by: Gaurav Sinha Signed-off-by: Pablo Neira Ayuso (cherry picked from commit 46faeab56cf4117f41cb6f1f1c40a9c18a81372f) (cherry picked from commit 0cf70ce9b1bcb63d54d9514558b74ae2bde39d9f)

fixing 8243: fix will selectively flush the conntrack table on master, ignoring ignored addresses during flush

2012-07-31T17:25:05+00:00

conntrackd: fix commit operation, needs to be synchronous

2012-07-07T00:03:36+00:00

While adding the expectation support for conntrackd, I accidentally broke synchrony in 'conntrackd -c' command. Basically, conntrackd -c should not return control to the shell until the cache has been committed. Signed-off-by: Pablo Neira Ayuso (cherry picked from commit 7eb63b5872f07903d952aa5cfd6ad0e7647a066a) (cherry picked from commit 93d244a982f80a691bfb6eb4e17e2cccc32a5cb9)

conntrackd: add bugtrap notice in case of flush while commit in progress

2012-07-07T00:03:18+00:00

Flushing the external cache, ie. conntrackd -f, while commit is in progress is not allowed anymore, ie. conntrackd -c. Note that conntrackd -c is synchronous. Thus, it returns control to the caller once the commit has finished. Signed-off-by: Pablo Neira Ayuso (cherry picked from commit 8648ae6d08bb84030c2c3519454532f6e04e31d9) (cherry picked from commit 3611b5f5992837224205361c25cfed55c47af8c4)

Merge branch 'cthelper12' of git://git.netfilter.org/conntrack-tools into pacifica

2012-06-07T17:36:39+00:00

Conflicts: include/helper.h src/expect.c src/helpers/ftp.c src/helpers/rpc.c src/helpers/tns.c tests/conntrackd/cthelper/main.c tests/conntrackd/cthelper/run-test.sh

conntrackd: TNS helper added to cthelper

2012-06-07T15:39:38+00:00

Signed-off-by: Jozsef Kadlecsik Signed-off-by: Pablo Neira Ayuso

conntrackd: RPC helper added to cthelper

2012-06-07T15:36:56+00:00

How to use this helper in a few steps: 1) You can enable this helper via: nfct helper add rpc inet tcp nfct helper add rpc inet udp 2) Configure /etc/conntrackd/conntrackd.conf and launch it. 3) You can test this helper locally with the following rule-set: iptables -A OUTPUT -t raw -p udp -m udp --dport 111 -j CT --helper rpc iptables -A OUTPUT -t raw -p tcp -m tcp --dport 111 -j CT --helper rpc iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 111 -j ACCEPT iptables -A OUTPUT -p udp -m state --state NEW,ESTABLISHED -m udp --dport 111 -j ACCEPT iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -P OUTPUT DROP 4) Configure NFS and export some local directory. Then, mount it with version 3. mount.nfs -onfsvers=3 127.0.0.1:/srv/cvs /mnt/ You should see permanent expectations created for this. Signed-off-by: Jozsef Kadlecsik Signed-off-by: Pablo Neira Ayuso

conntrackd: add cthelper infrastructure (+ example FTP helper)

2012-06-07T15:33:22+00:00

This patch adds the user-space helper infrastructure. It also contains the implementation of the FTP helper in user-space. There's one example file that you can use to configure conntrackd as user-space connection tracking helper under: doc/helper/conntrackd.conf Signed-off-by: Pablo Neira Ayuso