diff options
-rw-r--r-- | debian/changelog | 903 |
1 files changed, 903 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 05ad082..f7b4c0c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,906 @@ +conntrack (0.9.14-2+vyatta15) unstable; urgency=low + + [ /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org ] + * add pablo's conntrack tool + * - add support for new list-conntrack-and-zero-counters flag (-z) + * add GPL + + [ /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org ] + * Major resync + * o Created changelog file + * Kill hardcoded CONNTRACK_LIB_DIR=/usr/local/lib, now it uses $prefix + value + * Simplify event_handler + * Completed some stuff related to protocol helpers: + * o Added descriptive error messages. + * Fix wrong handler number in expectation dumping + * Added missing libct_proto_icmp file + + [ /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org ] + * o Fixed syntax error (tab/space issue) in help message + + [ /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org ] + * o Use conntrack netlink attributes: Major change + + [ /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org ] + * major re-sync with current names/definitions in libctnetlink and + kernel + * libctnetlink now called libnfnetlink_conntrack + + [ /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org ] + * More re-sync to work fine with current ip_conntrack_netlink + implementation + + [ /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org ] + * use new header file + + [ /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org ] + * Resync to current libnfnetlink_conntrack and 2.6.14 tree + * Resync to 2.6.14 and libnfnetlink_conntrack + * Bumped version to 0.80 + * kill TODO file + * o Fix packet and bytes counters (use __be64_to_cpu) + * Fix ip_conntrack_netlink load-on-demand + + [ /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org ] + * make sure we build against KERELDIR! + * get rid of old "-A" stuff + * get rid of c++ style comments + * major update (See ChangeLog) + * fix "dist-bzip2" for firt reelase + * make sure manpage is included in dist + + [ /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org ] + * o Fix up counters + * See Changelog + * See ChangeLog + * See ChangeLog + * See ChangeLog + * See ChangeLog + * See ChangeLog + * See ChangeLog + * See ChangeLog + * See ChangeLog + * See ChangeLog + * See ChangeLog. This fixes an indentation problem in conntrack.c, + I've separated + * See ChangeLog + * See ChangeLog + * o Add --id to the conntrack manpage + * o Fix --id parameter parsing + * See ChangeLog + * See ChangeLog + * See ChangeLog + + [ /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org ] + * add extra argument to nfct_register_callback() to accomodate change + in libnetfilter_conntrack + * update changelog + * we don't use libnfnetlink directly, so we don't link it explicitly + + [ /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org ] + * See ChangeLog + * See ChangeLog + * See ChangeLog + + [ /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org ] + * - rename plugisn to remove 'lib' prefix + * don't use library versioning for extensions + * we don't use libnfnetlink directly, so there is no need for having + configure script checking for it + * - don't install the header files when 'make install' is run. they're + private + * update changelog to reflect recent changes + * - get rid of KERNELDIR + * use AM_CFLAGS, not CFLAGS + * update revision to 0.99 + * linke with libnetfilter_conntrack + * some libc's don't have IPPROTO_SCTP yet + + [ /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org ] + * Fixed oversized number of options (Marcus Sundberg) + * o Add support to filter events. ie: -p tcp --orig-port-dst 80 in + * o Restore include "conntrack.h" in ICMP handler + * We only support ipv4 at the moment, set l3protonum to AF_INET + * More changes to prepare upcoming ipv4 support + * <pablo@netfilter.org> + + [ /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org ] + * add debian package support (Max Kellermann) + * use '1.00' instead of '1.0' as version number + * make 'rules' executable, remove 'tarball' from cdbs + * add 'debian' to EXTRA_DIST + + [ /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org ] + * o Added missing parameters to set the ports of an expectation tuple + * o Add support to filter dumped entries. ie: + * fix ICMP protocol extension parse callback + + [ /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org ] + * [PATCH] conntrack: Fix option parsing for ARM (Philip Craig + + [ /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org ] + * [PATCH] fix conntrack compilation (Eric Leblond <eric@inl.fr>) + * [PATCH]: Userspace code related to fixed timeout patch (Eric Leblond + <eric@inl.fr>) + * [PATCH 5/6] conntrack pkt-config changes (KOVACS Krisztian + <hidden@balabit.hu>) + + [ /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org ] + * comment `autoheader' invocation from autogen.sh, we don't need any + config.h file to compile the conntrack tool + + [ /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org ] + * [patch] conntrack compile fix (Thomas Jarosch + <thomas.jarosch@intra2net.com>) + * [patch] conntrack tool: Fix loading of protocol helpers (Thomas + Jarosch <thomas.jarosch@intra2net.com>) + + [ /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org ] + * initial import of the conntrack daemon to Netfilter SVN + * first step forward to merge conntrackd and conntrack into the same + building chain + * del initial daemon and cli directories + * - Merge conntrack and conntrackd changelogs, even if it will be + dropped from SVN soon. + * introduce conntrack(8) manpage + * - bump version to 0.9.3 + * - remove overkill recursive Makefile.am definition in examples/ (use + EXTRA_DIST) + * move test.sh into examples/ + * fix MODULE_DIR enviroment variable + * - add warning note to ctnl_test.c: old API is deprecated + * - update changelog + * o introduce '--output xml,extended,timestamp' option for '-L', '-G' + and '-E' + * add script for keepalived fault state (eg. unplugged cable/link + down) + * - remove dead code sync-mode.c + * - introduce cache_iterate + * add missing ignore_conntrack in the overrun handler + * - update TODO list + * simplify checksum code: use UDP/multicast checksum facilities + * conntrack --output requires one parameter (Krzysztof Oledzki) + * fix silly bug in build_network_message: out of bound memset + * fix error message in configure.in (Eric Leblond) + * o remove useless backlog parameter in multicast sockets + * o use NFCT_SOPT_SETUP_* facilities: nfct_setobjopt + * add aliases --sport and --dport to make it more iptables-like + * commit phase: if conntrack exists, update it + * - add support for `-L --src-nat' and `-L --dst-nat' to show natted + connections + * add library dependency checking + * remove dlopen infrastructure: simplification, it was too much for it + * - local requests return EXIT_FAILURE if it can't connect to the + daemon + * - more cleanups and code refactorization + * fork when internal/external dump and commit requests are received + * fix dyslexia bug in Changelog (Pablo... we live in 2007, not in + 2006) and + * do not include .svn directories in tarballs + * - conntrack-tools requires libnetfilter_conntrack >= 0.0.81 + * conntrackd: + * include protocol filter parameters in the manpage + * minor fix in the last commit: check conf->mtu instead of mtu that is + < 0 + * - simplify cache_flush function: use cache_del() + * fix NAT in changes committed in r6904 + * prepare 0.9.5 release + * remove script_fault.sh script + * conntrackd requires the connection tracking event API: insist more + in INSTALL + * conntrack-tools compilation problem (K.Kovacs) + * improve INSTALL file + * Remove window tracking disabling limitation (requires Linux kernel + >= 2.6.22) + * bump libnetfilter_conntrack version dependency + * add syslog support and bump version + * Add CacheWriteThrough clause: external cache write through policy. + This feature is particularly useful for active-active setup without + connection persistency, ie. you cannot know which firewall would + filter a packet that belongs to a connection. + * = conntrack = + * raise ignorepoll limit from 1024 to INT_MAX + * o Use more appropriate names for the existing synchronization modes: + * fix minor typo in warning message + + [ Ayuso/emailAddress=pablo@netfilter.org ] + * rename `examples' directory to `doc' + * o add support for related conntracks (requires Linux kernel >= + 2.6.22) + + [ /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org ] + * show error and warning messages to stderr + * - hash lookup speedups based on comments from netdev's discussions + * o add support for connection logging to the statistics mode via + Logfile + * add more descriptive information to the conntrackd.conf example file + for the stats mode + * update TODO file: logging for the statistics has been implemented + * Ben Lentz <BLentz@channing-bete.com>: + * Ben Lentz <BLentz@channing-bete.com>: + * obsolete `-S' option: Use information provided by the config file + * update conntrackd(8) manpage last update reference + * daemonize conntrackd after initialization + * rename class `buffer' to `queue' which is what it really implements + * implement buffered connection logging to improve performance + * fix logfiles permissions, do not default to umask + * fix make distcheck + * fix segfaul in the exit path for the statistics mode (introduced in + r7175) + * wake up the daemon iff there are real events to handle instead of + polling (Based on comments from Max Kellerman) + * fix statistics mode CPU sucks up (broken with 7178) + * fix buffer flush before exiting + * add support for tagged vlan interfaces in the config file, e.g. + eth0.1 + * o remove -lpthread during compilation + * add support for `conntrack -E -o xml,timestamp' + * set up the configuration flags when defaulting + * improve alarm framework based on suggestions from Max Duempel + * make sure add_alarm() and mod_alarm() insert sorted by due time + * fix overflow in usecs in mod_alarm() + * fix broken next alarm calculation in the run loop + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org> + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * constify queue_iterate() + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Add include/netlink.h and include/traffic_stats.h + * add traffic_stats.h and netlink.h to include/Makefile.am + * merge several *_alarm() functions into init_alarm() + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * minor constification fixes + * use list_del_init() and list_empty() to check if a node is in the + list + * more list_empty() use instead of directly check the header + * Max Kellermann <max@duempel.org>: + * fix missing bracket + * remove unrequired list_del_init in alarm.c + * remove unix socket file on exit + * use umask() to set up file permissions + * fix missing command initialization (breakage introduced in r7208) + * Max Kellermann <max@duempel.org>: + * enable C99 mode + * Max Kellermann <max@duempel.org>: + * Max Kellerman <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Fix wrong dlog call + * yet another rework of the alarm scheduler + * Based on patch from Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * remove alarm counter + * minor cleanups + * fix inconsistent alarm update in cache_alarm_update + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * add comment to clarify handle_msg() + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * missing casting to keep -Werror happy + * Max Kellermann <max@duempel.org>: + * Max Kellermann <max@duempel.org>: + * remain is size_t instead of ssize_t to remove the cast + * implement a rb-tree based alarm framework + * add IPv6 support to conntrackd + * remove leftover line referring old -S option + * o add IPv6 information to synchronization messages + * add missing bits for NAT sequence adjusment support + * From: Max Kellermann <max@duempel.org> + * From: Max Kellermann <max@duempel.org> + * From: Max Kellermann <max@duempel.org> + * From: Max Kellermann <max@duempel.org> + * From: Max Kellermann <max@duempel.org> + * compose the file descriptor set at initialization stage to save some + cycles + * cleanup: remove config_set from main(), use config_file variable + instead + * relicense conntrack-tools as GPLv3+, so far the most significant + contributor has been Max Kellermann and has no issues with + relicensing their contributions. + * revert relicensing... still we use linux_list.h code which seems to + be GPLv2 only which is incompatible AFAIK + * update changelog with 0.9.6 release date + * remove .svn from doc/ in tarballs (reported by Gilad Benjamini) + * Pablo Neira Ayuso <pablo@netfilter.org>: + * Krzysztof Oledzki <ole@ans.pl>: + * add missing libct_proto_icmpv6.c + * fix minor compilation issue in amd64 with gcc4.3 (reported by Daniel + Schepler + * fix compilation in ARM (reported by Thiemo Seufer via Max + Kellermann) + * fix asymmetric path support (still some open concerns) + * improve netlink overrun handling + * update manpages with the new URL + * o simplify parameter-handling code + * This is a major improvement of the conntrack command line tool: + * add initial automated qa testing for the conntrack cli + * check for pkg-config before anything (fix bogus missing libraries + failure) + * relax parameter checking for UDP and TCP + * fix conntrack -U -p tcp [...] + * o fix NAT filtering via --src-nat and --dst-nat (reported by + K.Oledzki) + * minor update of the manpages + * add more verbose error notification when the injection of a + conntrack fails + * rework of the FT-FW approach + * Fix reorder possible reordering of destroy messages under message + omission. This patch introduces the TimeoutDestroy clause to + determine how long a conntrack remains in the internal cache once it + has been destroy from the kernel table. + * minor fix of the manpage (Max Wilhelm) + + [ Pablo Neira Ayuso ] + * - remove (misleading) counters and use information from the + statistics mode + * improve network message sanity checkings + * add Mcast[Snd|Rcv]SocketBuffer clauses to tune multicast socket + buffers + * Updates (-U) show the effect of the operation in the conntrack entry + * check for missing IPv6 address before hashing + * only allow the use of --secmark for listing (filtering) + * add flex version warning (better with >= 2.5.33) + * add eventfd emulation to communicate receiver -> sender + * add best effort replication protocol (aka NOTRACK) + * rework the HELLO logic inside FT-FW + * fix leak in cache_destroy(): release objects before destroying the + cache + * remove secmark support for conntrackd + * fix make distcheck + * define SO_[RCV|SND]BUFFORCE if not set + * increase deletion stats when the timer is scheduled in + cache_del_timeout() + * delay the closure of the dump descriptor to fix assertion with + cache_wt + * check if entries already exist in kernel before injection + + [ Albin Tonerre ] + * fix unsecure usage of printf and include limits.h (PATH_MAX and + INT_MAX) + + [ Pablo Neira Ayuso ] + * do not include Changelog in tarballs, user git shortlog for + changelog instead + * use only the original tuple to check if a conntrack is present + * fix xml output: wrap output with one root element + * Major rework of the user-space event filtering + * add support for kernel-space filtering via BSF + * log: syslog displays the entry that triggers the error + * filter: skip protocol state filtering if state not present + * CLI: add new option --buffer-size for -E + * add more sanity checks in the input path + + [ Eric Leblond ] + * commit: retry at least once if we hit ETIME or ENOMEM + + [ Pablo Neira Ayuso ] + * fix: use %zu instead of %u for size_t + * cleanup: remove obsolete clause Replicate in the example conffiles + * fix: wrong information related to default logging action + * fix: wrong use of timersub in cache_timer + * fix broken normal deletion in caches + * ftfw: show consistent information to users for problem diagnosing + * doc: remove duplicated example files + * script: rework scripts that enable interaction with keepalived + * conntrackd: add -t option to shorten conntrack timeouts + * fix missing updates in the example files + * script: fix broken if branches + * cache_iterators: do not report ENOENT in cache_reset_timers + * script: yet another minor fix + * netlink: add getter and check existence functions + * cache iterators: rework cache_reset_timers + * cache iterators: commit master entries before related ones + * netlink: avoid errors related to the expected bit handling + * cli: remove duplicated optarg checking + * cli: remove unrequired \n in error message + * cli: check for missing arguments in getopt_long + * cli: insert `conntrack-tools' string in help and error messages + * compilation: relax too strict warning checking + * ftfw: check for malformed ack and nack messages + * filter: fix NAT detection tweak + * cleanup: Linux kernel version checking + * filter: check if kernel-space filtering is available + * cleanup: remove some debug messages from sync-ftfw.c + * config: use /var/run to create the UNIX socket file + * fix: remove node from tx_list when the state-entry is destroy + * ftfw: fix race that triggers a double insertion into tx_list + * ftfw: fix race condition in the helloing routine + * ftfw: reset window and flush the resend queue during helloing + * conntrack: cleanup for the update path + * conntrack: cleanup XML header handling + * conntrack: fix mark-based filtering for event display + * conntrack: fix filtering for unsupported protocol + * conntrack: fix dump counter displayed with -L expect + * manual: add initial user manual + * doc: update INSTALL file + * conntrack: cleanup for NAT filtering + * cache: fix update of scheduled-to-timeout entries + * cache-iterators: improve committing + * config: fix usage of 'PurgeTimeout' in Sync NOTRACK + * notrack: fix double receival of resync requests + * doc: rise default size of the hashtable in the example file + * netlink: report when kernel-space event filtering is in use + * filter: fix segfault if the Filter clause is unused + * cache: use jhash2 instead of double jhash+jhash_2words + * filter: do not filter in user-space if kernel supports BSF + * doc: remove example about CacheWriteTrough + * doc: update conntrackd manpage + * conntrackd: add missing information on -t to the help + * conntrackd: bump version to 0.9.8 + * ftfw: rise the size of the acknowledgment window in the example + * conntrack: add missing -U in conntrack(8) manpage + * ftfw: add option `-v' to output debugging information (if any) + * ftfw: remove bottleneck in ack/nack handling + * network: remove message omission test-code + * network: add protocol version field (breaks backward compatibility) + * network: rework TLV-based protocol + * filter: use XOR instead of branches + * filter: use jhash2 instead of jhash for IPv6 addresses + * filter: remove useless branch in the check functions + * conntrack: --status should not be mandatory with -I + * filter: choose the filtering method via configuration file + * conntrack: cleanup command line tool protocol extensions + * build: add attribute header size to total attribute length + * filter: CIDR-based filtering support + * run: release fds structure in the exit path + * fds: remove unused array of file descriptors + * ftfw: remove useless ftfw_run invocation in the alive alarm handler + * src: move callbacks to run.c for better readability + * conntrack: do_parse_parameter show warning to stderr (not to stdout) + * conntrack: remove hardcoded buffer size, use sizeof instead + * conntrack: support diminutives for -L + * conntrack: move release options code to free_options() + * config: move `Checksum' inside `Multicast' clause + * network: make tx buffer initialization independent of mcast config + * manpage: add notice about conntrackd version incompatibilities + * conntrack: add new --status EXPECTED to filter expected connections + * manpage: add --status FIXED_TIMEOUT and EXPECTED + * build: do not include NTA_TIMEOUT in the replication messages + * netlink: clone conntrack object while creation/update + * netlink: use NFCT_Q_[CREATE|UPDATE] instead of NFCT_Q_CREATE_UPDATE + * netlink: constify conntrack object parameter of nl_*_conntrack() + * netlink: remove unnecessary whitespace lines in netlink.h + * netlink: unset ATTR_HELPER_NAME to avoid EBUSY in + nl_update_conntrack() + * parse: fix missing master layer 4 protocol number assignation + * network: remove unused function mcast_send_netmsg() + * network: remove length parameter of mcast_buffered_send_netmsg() + * network: remove __do_send() function + * network: remove the netpld header from the messages + * network: fix data offset alignment returned by NTA_DATA macro + * parse: strict attribute size checking + * src: recover conntrackd -F operation + * run: better wait() error handling + * netlink: fix EILSEQ error messages due to process race condition + * cache_iterators: use a cloned object while resetting timers + * netlink: build TCP flags/mask only if this is a TCP connection + * netlink: conditional build of TCP flags/mask for updates + * netlink: do not build the reply tuple in update messages + * configure: conntrack-tools requires libnetfilter_conntrack 0.0.99 + * network: use NET_T_* instead of NFCT_Q_* + * ftfw: do not check for data messages in tx_queue_xmit + * ftfw: resync messages can be retransmitted + * network: do more strict message type checking + * ftfw: shrink alive message size + * sync-mode: check if message type is >= NET_T_STATE_MAX before + parsing + * src: cleanup, rename hashtable_test() by hashtable_find() + * cache: cleanup, rename __del2() by __del() + * netlink: log report initial netlink event socket buffer size + * doc: fix typo SocketBufferSizeMaxGrowth in example conffiles + * doc: document the netlink buffer size clauses + * doc: better documentation about ResendBufferSize + * x + * doc: revert commit 9bc7d7f8f333e79323495a193f92c9d4f1708da9 + * doc: add note on McastSndSocketBuffer and McastRcvSocketBuffer + * netlink: fix type in warning message on SocketBufferSizeMaxGrowth + * configure: bump version to 0.9.9 + * automake: add missing cidr.h + * headers: delete unused flags in conntrackd.h + * src: add network statistics via `-s network' + * src: add cache statistics via `-s cache' + * src: add run-time statistics via `-s runtime' + * sync-mode: remove unnecessary split lines + * conntrackd: fix missing \n in conntrackd -h + * cache_iterators: display the commit time taken in the logs + * cache_iterators: add total entries available in the cache to stats + * cache: fix ENOSPC errors due to over-population of inactive entries + * filter: skip filtering by state if the event has no state info + * run: show current netlink buffer size in `-s runtime' + * netlink: don't double the netlink buffer twice during resize + * src: constify hashtable parameter in hash() callbacks + * hashtable: use calloc instead of malloc + memset + * hashtable: check NULL instead of ! for pointers + * filter: add prefix ct_filter_ to hash and compare functions + * run: limit the number of iterations over the event handling + * src: rework of the hash-cache infrastructure + * cache: add status field to store the object status + * run: relax resynchronization algorithm when netlink overruns + * sync: unify tx_list and tx_queue into one single tx_queue + * ftfw: move helloing to ftfw_xmit() + * sync: add generic tx_queue for all synchronization modes + * sync: enqueue state updates to tx_queue + * network: do not re-set the message type in nethdr_set* functions + * src: support for redundant dedicated links + * src: rename overrun handler to resync handler + * src: remove register_fds hooks + * src: add state polling support (oppossed to current event-driven) + * cache: add objects statistics + * ftfw: add ResendQueueSize and deprecate ResendBufferSize clauses + * src: add `-s queue' and change `-v' behaviour + * conntrack: add -C command to display the counter + * src: obsolete `DestroyTimeout' clause + * conntrack: fix use of -u which is optional with -I + * cache_iterators: start a clean session if commit finds an entry + * cache: remove nl_exist_conntrack() function + * cache: mangle timeout inside nl_*_conntrack() functions + * src: don't clone when calling nl_*_conntrack functions + * src: change behaviour of `-t' option + * cache: move lifetime feature to main cache code + * src: add support for approximate timeout calculation during commit + * src: increase default PurgeTimeout value + * netlink: set IP_CT_TCP_FLAG_CLOSE_INIT for TIME_WAIT states + * doc: unset CommitTimeout by default + * doc: use 'From' instead of 'from' in the example configfiles + * doc: increase hashtable bucket size and limits in example files + * configure: bump version to 0.9.10 + + [ Jan Engelhardt ] + * build: upgrade build system + + [ Pablo Neira Ayuso ] + * build: replace INCLUDES by AM_CPPFLAGS according to autoreconf + * configure: conntrack-tools >= 0.9.10 requires libnfnetlink >= 0.0.40 + * netlink: refactorize several nl_init_*_handler() functions + * src: re-work polling strategy + * netlink: add new option NetlinkOverrunResync + * sync-mode: flush also internal cache after reset PurgeTimeout + * conntrack: allow use of --state with -D + * src: add Nice clause to set the nice value + * config: nl_overrun must be signed int instead of unsigned + * cache_iterators: fix wrong printf format in commit-time message + * src: use resync handler for polling instead of dump handler + * stats-mode: fix polling based logging + * conntrackd: add `-f internal' and `-f external' options + * conntrackd: display help information with `-h' + * conntrackd: don't initialize logging for client request + * doc: unset ACKWindowSize in example configuration files + * doc: add new primary-backup.sh script for >= 2.6.29 + * doc: add bulk update to primary-script.sh script + * headers: don't use NFCT_DIR_MAX in statistics structure + * network: fix endianess issue in synchronization network header + * network: fix endianess issue in acknowledgment network header + * sync-mode: change current link if message is correct + * src: remove obsolete debug() and debug_ct() calls + * doc: revert primary-backup-2.6.29-and-higher.sh script + * mcast: fix compilation warning due missing header + * config: add NetlinkBufferSize and NetlinkBufferSizeMaxGrowth + * netlink: use u8 getter for TCP states + * build: bump version to 0.9.11 + * src: fix compilation issue in gentoo due to missing include limits.h + + [ Jan Engelhardt ] + * build: add m4 directory + + [ Pablo Neira Ayuso ] + * doc: fix broken link to ulogd2 in the manual + * extensions: remove use of old libnetfilter API flags + * src: remove debian/ directory + * sync-mode: rename mcast_send_sync() to sync_send() + * sync-mode: rename mcast_iface structure to interface + * sync-mode: add abstract layer to make daemon independent of + multicast + * sync-mode: rename mcast_track_*() by nethdr_track_*() + * sync-mode: add unicast UDP support to propagate state-changes + * sync-mode: fix wrong output stats refering lost/malformed packets + * sync-mode: save one tab inside switch, cleanup + * sync-mode: cleanup reminiscent of multicast dependency + * mcast: mcast_send() takes a const pointer to buffer + * sync-mode: change `multicast' by `link' for `-s' option + * parse: fix broken destination port address translation + * udp: fix missing scope_id in the socket creation + * mcast: remove several unused structure fields + * config: obsolete `ListenTo' clause + * sync-mode: fix broken dedicated-link change in multichannel layer + * conntrack: fix missing bits in `-C' command + * conntrack: add `-S' command to display kernel statistics + * conntrack: remove broken command checking code + * doc: set nice to -20 in example config files + * config: cleanup error reporting during config file parsing + * build: bump version to 0.9.12 + * daemon: remove unused constants in header file + * conntrack: remove hardcoded iteration in TCP support + * conntrack: cleanup error output with `-p tcp --state' + * conntrack: save one indent in the TCP support + * conntrack: fix coupled-options sanity checkings + * conntrack: add UDPlite support + * conntrack: add SCTP support + * conntrack: add DCCP support + * conntrackd: change scheduler and priority via configuration file + * conntrack: fix English typo in output message + * conntrack: add GRE support + * sync: add support for SCTP state replication + * conntrack: add DCCP role parameter for conntrack creation + * sync: add support for DCCP state replication + + [ Samuel Gauthier ] + * build: use uint16_t instead of uint32_t for uint16_t attributes + + [ Pablo Neira Ayuso ] + * conntrackd: add child process infrastructure + * conntrackd: detect where the events comes from + * conntrackd: flush operation use the child process and origin + infrastructure + * conntrackd: remove the cache write-through policy + * conntrackd: remove redudant declaration of Port in the parser + * conntrackd: remove an unused extern declaration in cache.h + + [ Thomas Jarosch ] + * build: Added "m4" directory to make dist + + [ Pablo Neira Ayuso ] + * src: remove obsolete changelog file + * conntrackd: remove unused request nfct handler + * conntrackd: add missing initialization of PID in process + infrastructure + * conntrackd: block signals during the access to the process list + * conntrackd: allow to limit the number of simultaneous child + processes + * conntrackd: use a permanent handler for flush operations + * conntrackd: use a permanent handler for commit operations + * conntrackd: add support to display statistics on existing child + processes + * build: use TLV format for SCTP/DCCP protocol information + * conntrackd: rename `-s queue' option by `-s rsqueue' + * conntrackd: add the name field to queues + * conntrackd: add `-s queue' to display queue statistics + * conntrackd: add statistics about queue node objects + * conntrackd: add statistics for enospc errors in queues + * conntrackd: fix memory leak in cache_update_force() + * conntrackd: fix wrong TCP handling in unused nl_update_conntrack() + * conntrack: fix English typo in documentation + * build: bump version to 0.9.13 + * build: update library version requirements + + [ Jan Engelhardt ] + * doc: spell fix in conntrack(8) manpage + + [ Pablo Neira Ayuso ] + * local: add LOCAL_RET_* return values for UNIX sockets callbacks + * conntrackd: add iterators with limited steps in hash and cache types + * conntrackd: rework commit not to fork a child process + * conntrackd: improve handling of external messages + * conntrackd: reset event limit iteration counter + * conntrackd: add clause to enable ctnetlink reliable event delivery + * conntrackd: add support for IPv6 kernel-space filtering via BSF + * conntrackd: use conntrack ID in the cache lookup + * conntrackd: fix crash for unubuffered channel on exit path + * conntrackd: more robust sanity checking on synchronization messages + * conntrackd: add `DisableExternalCache' clause + * conntrackd: reduce the number of gettimeofday() syscalls + * conntrackd: allow to remove file descriptors from set + * conntrackd: add support state-replication based on TCP + * conntrackd: net message memory allocation is unsafe + + [ Samuel Gauthier ] + * conntrackd: better parse_payload protection against corrupted + packets + * conntrackd: fix bad configuration file for DisableExternalCache + statement + + [ Pablo Neira Ayuso ] + * conntrackd: fix MTU for TCP channels + * conntrackd: fix return value in notrack_local() + * conntrackd: improve error handling in tcp_send + * conntrackd: fix `conf' local variable in channel.c that shadows + global + * conntrackd: fix re-connect with multiple TCP channels + * conntrackd: break lines at 80 characters in example config files + * conntrackd: rate-limit the amount of connect() calls + * conntrackd: add retention queue for TCP errors + * conntrackd: add alive control messages to notrack mode + * conntrackd: fix wrong calculation of new maxfd on unregister_fds() + + [ Hannes Eder ] + * conntrack: fix output when no arguments are passed + * conntrack: avoid error with expectations when using 'conntrack -E -e + ALL ...' + * conntrack: use fscanf() instead of read() for showing counter + + [ Pablo Neira Ayuso ] + * conntrackd: add statistics when the external cache is disabled + * conntrackd: add missing external statistics + * conntrackd: add `DisableInternalCache' clause + * conntrackd: use indirect call to build layer 4 protocol information + * conntrackd: add ICMP support for state-synchronization + * conntrackd: fix flow-state filtering for TCP + * conntrackd: document internal cache disabling and TCP-based + synchronization + * conntrack: fix manually created TCP entries with window tracking + enabled + * conntrackd: document `-B' command + * build: bump version to 0.9.14 + * conntrackd: fix UDP filtering in configuration file + * conntrackd: add support for TCP window scale factor synchronization + * conntrackd: cleanup port addition in the message building path + * conntrackd: fix `conntrackd -c' if external cache is disabled + * conntrack: option `-t' in on the same line as `-m' in manpage + * conntrackd: PollSecs goes in the General clause for statistics + * conntrackd: split __run() routine for poll and event-driven modes + * doc: description on how to block traffic with conntrack was + incomplete + * conntrack: fix `-L --src-nat --dst-nat' + + [ Mohit Mehta ] + * conntrackd: `-i -x' does not display internal cache in XML + + [ Pablo Neira Ayuso ] + * conntrack: revert fix `-L --src-nat --dst-nat' + * conntrack: fix `conntrack -L --src-nat --dst-nat' (second try) + * conntrack: `-L --src-nat --dst-nat' filter using AND, not OR logic + * conntrackd: complete TCP window scale support + * conntrack: expand array that maps option-flags to option-names + * conntrack: put all the commands and options code together + * conntrack: fix port filter with `--src-nat' and `--dst-nat' + * conntrack: add `--any-nat' to filter any NATted flow + * conntrack: add testsuite for NAT filtering options + * conntrack: re-fix inconsistent display with `--src-nat' and `--dst- + nat' + * conntrack: fix bogus NATted flows in filtering + * conntrack: fix `conntrack --src-nat 3.3.3.3' and similar + * conntrack: fix `conntrack --src-nat 1.1.1.1' if PAT applied + * conntrack: fix `conntrack --any-nat 1.1.1.1' filtering + * conntrack: --[src|dst|any]-nat requires IP:PORT as argument + * conntrack: fix `conntrack --[src|dst|any]-nat IP:PORT' if port + mismatches + * conntrack: cleanup parsing of the NAT arguments + + [ Mohit Mehta ] + * conntrackd: update error message for max netlink socket size reached + + [ Pablo Neira Ayuso ] + * conntrackd: fix ICMPv6 support + * conntrack: add zone support + + [ Mohit Mehta ] + * conntrackd: enforce strict logic for NetlinkBufferSize[*] clauses + + [ Pablo Neira Ayuso ] + * conntrackd: open event handler once cache has been populated + * conntrackd: setup event reliability after handler creation + + [ Mohit Mehta ] + * conntrackd: replace cryptic `mfrm' by `malformed' in `-s' + + [ Pablo Neira Ayuso ] + * conntrackd: fix parsing of NAT sequence adjustment in + synchronization messages + * conntrackd: warn on TCPWindowTracking option (it requires kernel >= + 2.6.35) + * build: update libnetfilter_conntrack dependency (>= 0.0.102) + * build: bump version to 0.9.15 + * conntrackd: fix wrong kernel requirements for TCPWindowTracking in + example files + * conntrackd: minor documentation update (two new questions in the + FAQ) + * conntrack: fix missing line break in conntrack(8) manpage + * conntrack: allow to listen to all kind of expectation events + + [ Jan Engelhardt ] + * build: use autoconf-suggested naming of files + * build: use modern call syntax for AM_INIT_AUTOMAKE + * build: drop unused $(all_includes) + * build: remove statements without effect + * build: remove unused $(all_libraries) + * build: no need for error message in PKG_CHECK_MODULES + * Add .gitignore files + * build: resolve automake warning + * build: default to not building static libraries + * build: run autoupdate to replace obsolete constructs + * build: use AM_YFLAGS instead of overriding YACC + * build: remove redundant bison/lex tests + + [ Pablo Neira Ayuso ] + * doc: update conntrack-tools manual + * doc: remove reference to the CT target + * local: don't override initial return value + * sync: don't override initial return value of local handler + * cache: close commit request if we already have one in progress + * cache: log if we received a commit request while already one in + progress + * conntrackd: event iteration limiter is already reset in main select + loop + * conntrackd: rise number of committed entries per step + * conntrack: add -o ktimestamp option (it requires linux >= 2.6.38) + * conntrackd: use nfct_copy() with override flag in cache_object_new() + * conntrack: allocate template objects in the heap + * conntrackd: remove use of deprecated nfct_maxsize() + * doc: document -s option of conntrackd in the manual + * doc: document redundant link support for conntrackd + * conntrack: display informative message if expectation table is + flushed + * conntrack: support SYN_SENT2 TCP state as --state parameter + * doc: add reference to the CT target again + * doc: add missing conntrackd -s invocation with options + * build: conntrack-tools now requires libnetfilter_conntrack >= 0.9.1 + * doc: prepare 1.0.0 release in conntrack-tools manual + * build: bump version to 1.0.0 + * build: Linux kernel-style for compilation messages + + [ Florian Westphal ] + * conntrack: add support for mark mask + * conntrack: skip sending update message to kernel if conntrack is + unchanged + + [ Pablo Neira Ayuso ] + * conntrack: remove unused variable with -S + + [ Florian Westphal ] + * testsuite: add tests for --mark option + * conntrack: add missing break when parsing --id/--secmark options + + [ Pablo Neira Ayuso ] + * conntrackd: add missing initial caching of gettimeofday() + + [ Jan Engelhardt ] + * Update .gitignore + * build: use AC_CONFIG_AUX_DIR and stash away tools + * build: disable implicit .tar.gz archive generation and use POSIX + mode + + [ Pablo Neira Ayuso ] + * conntrackd: fix filtering of dump output if internal cache is + disabled + * doc: primary-backup.sh: clarify licensing terms (GPLv2+) + * conntrackd: fix checking of return value of queue_add() + * build: bump version to 1.0.1 + * conntrackd: generalize caching infrastructure + * conntrackd: generalize external handlers to prepare expectation + support + * conntrackd: generalize/cleanup network message building/parsing + * conntrackd: generalize local handler actions + * conntrackd: simplify cache_get_extra function + * conntrackd: remove cache_data_get_object and replace by direct + pointer + * conntrackd: constify ct parameter of ct_filter_* functions + * conntrackd: relax checkings in ct_filter_sanity_check + * conntrackd: minor cleanup for commit + * conntrackd: support for expectation synchronization + * doc: update conntrack-tools manual to detail expectation support + + [ Gaurav Sinha ] + * updating changelog for merge of expect-sync and oxnard + + -- Gaurav Sinha <gaurav.sinha@vyatta.com> Fri, 20 Jan 2012 15:55:05 -0800 + conntrack (0.9.14-2+vyatta14) unstable; urgency=low * Collapse of expect-sync branch to oxnard. Brings in support for expect table sync. |