summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-05-26bump version to 1.2.1Pablo Neira Ayuso
this release fixes a compilation issue in 1.2.0, sorry. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-05-26nfct: fix compilation of timeout extensionPablo Neira Ayuso
nfct-extensions/timeout.c: In function ‘nfct_timeout_cb’: nfct-extensions/timeout.c:99:2: warning: passing argument 4 of ‘nfct_timeout_snprintf’ makes integer from pointer without a cast [enabled by default] /usr/include/libnetfilter_cttimeout/libnetfilter_cttimeout.h:114:5: note: expected ‘unsigned int’ but argument is of type ‘struct nfct_timeout *’ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-05-26add README.nfctPablo Neira Ayuso
This files includes some short description on `nfct'. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-05-26add nfct(8) manpagePablo Neira Ayuso
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-05-26tests: conntrack: add run-test.sh scriptPablo Neira Ayuso
For automated testing of the conntrack utility. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-05-26move qa directory to tests/conntrack/Pablo Neira Ayuso
All automated testing for the conntrack-tools will now reside under the test directory. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-05-26build: update dependencies with libnetfilter_conntrack (>= 1.0.1)Pablo Neira Ayuso
libnetfilter_conntrack 1.0.1 includes important updates for the expectation side, which is used in this major milestone release. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-05-26nfct: fix compilation warning in cttimeout supportPablo Neira Ayuso
CC nfct-extensions/timeout.o ../../src/nfct-extensions/timeout.c: In function ‘nfct_cmd_timeout_parse_params’: ../../src/nfct-extensions/timeout.c:40:27: warning: variable ‘ret’ set but not used [-Wunused-but-set-variable] Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-05-26build: bump version to 1.2.0Pablo Neira Ayuso
Major milestone including the new `nfct' utility and the expectation support for conntrackd. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-05-26tests: add nfct tests for cttimeoutPablo Neira Ayuso
This patch adds the automated tests for the cttimeout infrastructure. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-05-26src: integrate nfct into the conntrack-tools treePablo Neira Ayuso
I'll need for the upcoming cthelper infrastructure. Moreover, we avoid more fragmentation in the netfilter user-space utilities. And the plan is that `nfct' will replace `conntrack' at some point. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-05-20conntrack: flush stdout for each expectation event, tooFlorian Westphal
else, piping "conntrack -E expect" output will be buffered/delayed, which is not what users expect. Normal conntrack events are already flushed. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-04-091:1.0.1-2+vyatta22debian/1.0.1-2+vyatta22Gaurav
2012-04-09force release:i386 vm build environ fixedGaurav
2012-03-27icmp[v6]: --icmp[v6]-[type|code] are optional for updates and deletesPablo Neira Ayuso
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-03-20src: manpage and help display improvementsAdrian Bridgett
This patch adds missing information regarding several conntrackd options to the manpage and the help info that is displayed in the command line. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-03-05doc: fix example on how to filter events via iptables CT targetPablo Neira Ayuso
You have to use this: iptables -I PREROUTING -t raw -j CT --ctevents assured,destroy instead of: iptables -I PREROUTING -t raw -j CT --ctevents assured Otherwise, conntrackd cache gets full since no destroy events are delivered. Reported-by: Kerin Millar <kerframil@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-03-031:1.0.1-2+vyatta21debian/1.0.1-2+vyatta21Deepti Kulkarni
2012-03-03new branchDeepti Kulkarni
2012-02-21doc: add ras, q.931 and h.245 to examples configuration filePablo Neira Ayuso
Now it includes: ExpectationSync { ... ras q.931 h.245 } Which are the set of helpers for h.323. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-02-21conntrackd: allow using lower/upper case in ExpectationSyncPablo Neira Ayuso
You can use: ExpectationSync { ftp ras q.931 sip } or: ExpectationSync { FTP RAS Q.931 SIP } no matter lower/upper case. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-02-14conntrack: allow to filter by mark from kernel-spacePablo Neira Ayuso
This patch uses the new infrastructure that allows us to filter by mark from kernel-space. This change ensures backward compatibility with kernels with no support for filtering by mark (Linux kernel <= 3.4.x). This requires lastest libnetfilter_conntrack library. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-02-081:1.0.1-2+vyatta20debian/1.0.1-2+vyatta20Gaurav Sinha
2012-02-08Merge branch 'oxnard' of git.vyatta.com:/git/conntrack-tools into oxnardGaurav Sinha
2012-02-08Merge branch 'upstream' into oxnardGaurav Sinha
2012-02-08Merge branch 'master' of git://git.netfilter.org/conntrack-tools into upstreamGaurav Sinha
2012-02-07conntrackd: fix parsing of expectation class, helper name and NATPablo Neira Ayuso
I forgot to modify the body of msg2exp to include the recently committed support for the expectation class, helper name and NAT. This patch fixes the problem. Now in node-1 (primary), it shows: proto=17 src=192.168.11.4 dst=192.168.10.5 sport=0 dport=5060 mask-src=255.255.255.255 mask-dst=255.255.255.255 sport=0 dport=65535 master-src=192.168.10.5 master-dst=192.168.11.4 sport=5060 dport=5060 PERMANENT class=0 helper=sip [active since 31s] And it node-2 (secondary), it shows: proto=17 src=192.168.11.4 dst=192.168.10.5 sport=0 dport=5060 mask-src=255.255.255.255 mask-dst=255.255.255.255 sport=0 dport=65535 master-src=192.168.10.5 master-dst=192.168.11.4 sport=5060 dport=5060 PERMANENT class=0 helper=sip [active since 180s] This has been tested with the SIP conntrack helper. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-02-07conntrackd: support expectfn synchronization for expectationsPablo Neira Ayuso
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-02-07conntrackd: add support to synchronize helper namePablo Neira Ayuso
For both conntrack and expectations. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-02-07conntrackd: add NAT expectation supportPablo Neira Ayuso
This patch adds the missing bits to support NAT expectation support. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-02-07conntrackd: add support expectation class synchronizationPablo Neira Ayuso
This patch adds support for synchronizing the expectation class. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-02-031:1.0.1-2+vyatta19vyatta/VC6.4-2012.05.31/i386vyatta/VC6.4-2012.04.30/i386vyatta/VC6.4-2012.03.27/i386debian/1.0.1-2+vyatta19Stephen Hemminger
2012-01-311:1.0.1-2+vyatta18Stephen Hemminger
2012-01-31reset epochStephen Hemminger
2012-01-231.0.1-2+vyatta18debian/1.0.1-2+vyatta18Gaurav Sinha
2012-01-23updating version string for conntrack-tools to 1.0.1Gaurav Sinha
2012-01-23Merge branch 'upstream' into oxnardGaurav Sinha
2012-01-23Revert "Merge of conntrack-tools from netfilter.org with support for dumping ↵Gaurav Sinha
expectations in XML format." Generated files got committed by git commit -a, thus reverting the commit. This reverts commit d8def099fed622b42f7b66468981d6d5c7aac74c.
2012-01-23Merge of conntrack-tools from netfilter.org with support for dumping ↵Gaurav Sinha
expectations in XML format.
2012-01-23Merge branch 'master' of git://git.netfilter.org/conntrack-tools into upstreamGaurav Sinha
2012-01-23conntrack: fix setting fixed-timeout status flagPablo Neira Ayuso
% conntrack -U -u FIXED_TIMEOUT conntrack v1.0.1 (conntrack-tools): Operation failed: Device or resource busy With this patch, you can make indeed make it: % conntrack -U -u FIXED_TIMEOUT [...] conntrack v1.0.1 (conntrack-tools): 8 flow entries have been updated. This patch also adds the corresponding simple QA tests. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-01-22conntrackd: support `-i exp -x' and `-e exp -x' optionsPablo Neira Ayuso
This patch allows you to dump the internal and external expectation cache in XML. % conntrackd -i exp -x <flow><layer3 protonum="2" protoname="ipv4"><expected><src>192.168.1.135</src><dst>130.89.148.12</dst></expected><mask><src>255.255.255.255</src><dst>255.255.255.255</dst></mask><master><src>192.168.1.135</src><dst>130.89.148.12</dst></master></layer3><layer4 protonum="6" protoname="tcp"><expected><sport>0</sport><dport>9082</dport></expected><mask><sport>0</sport><dport>65535</dport></mask><master><sport>50518</sport><dport>21</dport></master></layer4><meta><helper-name>ftp</helper-name></meta></flow> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-01-22conntrack: add expectation support for `-o' optionPablo Neira Ayuso
Now you can dump expectations in XML format and display the timestamp. conntrack -L exp -o xml,timestamp <?xml version="1.0" encoding="utf-8"?> <expect> <flow><layer3 protonum="2" protoname="ipv4"><expected><src>192.168.1.135</src><dst>130.89.148.12</dst></expected><mask><src>255.255.255.255</src><dst>255.255.255.255</dst></mask><master><src>192.168.1.135</src><dst>130.89.148.12</dst></master></layer3><layer4 protonum="6" protoname="tcp"><expected><sport>0</sport><dport>32877</dport></expected><mask><sport>0</sport><dport>65535</dport></mask><master><sport>49881</sport><dport>21</dport></master></layer4><meta><helper-name>ftp</helper-name><timeout>294</timeout><when><hour>21</hour><min>22</min><sec>09</sec><wday>1</wday><day>22</day><month>1</month><year>2012</year></when></meta></flow> </expect> You have to upgrade libnetfilter_conntrack to access this feature. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-01-22conntrackd: fix expectation filtering if ExpectationSync On is usedPablo Neira Ayuso
If ExpectationSync On is used, we synchronize no expectations at all due to a problem in the event filtering. This is bug, this patch fixes the problem. Reported-by: Gaurav Sinha <gaurav.sinha@vyatta.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-01-200.9.14-2+vyatta16debian/0.9.14-2+vyatta16Gaurav Sinha
2012-01-20Fixing build issue in debian/rulesGaurav Sinha
2012-01-200.9.14-2+vyatta15debian/0.9.14-2+vyatta15Gaurav Sinha
2012-01-20updating changelog for merge of expect-sync and oxnardGaurav Sinha
2012-01-18Creating development branch expect-sync, has merged content from oxnard and ↵expect-syncGaurav Sinha
upstream
2012-01-12Updating upstream with merged content from netfilter conntrack-tools version ↵Gaurav Sinha
1.0.1
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-20 23:24:42 +0000