summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-11-271:1.4.3-1+vyos2+lithium13debian/1.4.3-1+vyos2+lithium13lithiumAlex Harpin
2015-11-26conntrack-tools: tidy up debian/rules to avoid deprecated warningsAlex Harpin
Tidy up debian/rules to avoid some deprecated warnings from calling older routines.
2015-11-26conntrack-tools: workaround older version of automake in squeezeAlex Harpin
Versions of automake less than 1.11.2, which includes Squeeze, lack the AM_PROG_AR macro, avoid using it if that's the case.
2015-11-26Merge tag 'conntrack-tools-1.4.3' into lithiumAlex Harpin
conntrack-tools 1.4.3 release
2015-11-26conntrack-tools: drop unrequired build-depends from debian packagingAlex Harpin
Drop the unrequired build-depends from the nfct package in debian/control.
2015-11-261:1.4.2-1+vyos2+lithium12debian/1.4.2-1+vyos2+lithium12Alex Harpin
2015-11-26conntrack-tools: bump build requirements for 1.4.2Alex Harpin
Bump the build requirements of conntrack-tools 1.4.2 to the versions needed for a build.
2015-11-25Merge tag 'conntrack-tools-1.4.2' into lithiumAlex Harpin
conntrack-tools 1.4.2 release
2015-11-251:1.4.1-1+vyos2+lithium11debian/1.4.1-1+vyos2+lithium11Alex Harpin
2015-11-24conntrack-tools: bump build requirements for 1.4.1Alex Harpin
Bump the build requirements of conntrack-tools 1.4.1 to the versions needed for a build.
2015-11-24Merge tag 'conntrack-tools-1.4.1' into lithiumAlex Harpin
conntrack-tools 1.4.1 release
2015-11-241:1.4.0-1+vyos2+lithium10debian/1.4.0-1+vyos2+lithium10Alex Harpin
2015-11-24conntrack-tools: bump build requirements to actual levelAlex Harpin
Bump the build requirements of conntrack-tools 1.4.0 to the actual level needed for a build.
2015-11-221:1.4.0-1+vyos2+lithium9debian/1.4.0-1+vyos2+lithium9Alex Harpin
2015-11-22Update debian packagingAlex Harpin
2015-11-211:1.4.0-1+vyos2+lithium8Alex Harpin
2015-11-21Merge tag 'conntrack-tools-1.4.0' into lithiumAlex Harpin
conntrack-tools 1.4.0 release
2015-10-111:1.2.1-1+vyos2+lithium7debian/1.2.1-1+vyos2+lithium7Alex Harpin
2015-10-021:1.0.1-3+vyos2+lithium6debian/1.0.1-3+vyos2+lithium6Alex Harpin
2015-10-02conntrackd: build: fix crash when optional kernel modules are not loadedPablo Neira Ayuso
Fix a possible crash if conntrackd sees DCCP, SCTP and ICMPv6 traffic and the corresponding kernel modules that track this traffic are not available. Fixes: http://bugzilla.netfilter.org/show_bug.cgi?id=910 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-09-08conntrack-tools 1.4.3 releasePablo Neira Ayuso
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-09-08nfct: update syntax in documentationPablo Neira Ayuso
Since dd73ceecdbe8 ("nfct: Update syntax to specify command before subsystem") the command comes before the object type. Update documentation accordingly. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-08-26nfct: Update syntax to specify command before subsystemPablo Neira Ayuso
This patch gets the nfct syntax in sync with nft so it looks like this: nfct <add|delete|...> object ... instead of: nfct object <add|delete|...> ... This patch retains backward compatibility so you can still use the old syntax. The manpage and tests have been also updated to promote the adoption of this syntax. We should have little existing clients of this tool as we can only use this to configure the cttimeout and cthelper infrastructures. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-08-26tests: fix run-test.shPablo Neira Ayuso
This reports: run-test.sh: line 3: UID: read-only variable rename it to _UID. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-08-26nfct: don't link against libnetfilter_conntrackArturo Borrero
The nfct program uses none of the symbols of libnetfilter_conntrack. Linking against it means that distributors have to maintain an useless depedency. This was spotted by the dpkg-shlibdeps tool. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-08-26doc/debian.conntrackd.init.d: drop fileArturo Borrero Gonzalez
This file is likely dead code. It's outdated. Also I think distributors should manage themselves to integrate daemons in their operating systems. Following this idea, this file doesn't belong here. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-08-26list: fix prefetch dummyArturo Borrero Gonzalez
[...] CC conntrack.o In file included from ../include/conntrack.h:4:0, from conntrack.c:41: conntrack.c: In function ‘findproto’: ../include/linux_list.h:385:59: warning: right-hand operand of comma expression has no effect [-Wunused-value] for (pos = list_entry((head)->next, typeof(*pos), member), \ ^ [...] The original patch is from Patrick McHardy <kaber@trash.net>. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-08-18conntrackd: missing break in expectation message parser functionPablo Neira Ayuso
Fortunately, the TLVs come in order in the message, however, if the order is changed we'll incorrectly set up the expectation. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-08-18conntrackd: use strncpy to set up the cache namePablo Neira Ayuso
This is not exposed, but use the strncpy() variant to calm down static code validators. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-08-18conntrackd: simplify branch in tcp_accept()Pablo Neira Ayuso
The same code is executed regardless the reason why accept() has failed. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-08-18conntrackd: fix error handling in nfq_queue_cb()Pablo Neira Ayuso
Make sure we have a clean exit on error, everything needs to be properly released. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-08-18conntrackd: fix descriptor leak in do_local_request()Pablo Neira Ayuso
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-08-18conntrackd: fix leak in fork_process_new()Pablo Neira Ayuso
Release the child_process structure in case that fork() fails. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-08-18conntrackd: NTA_MAX is also an invalid attributePablo Neira Ayuso
Otherwise this can result in an off-by-one array access. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-08-18conntrackd: fix sanitization of expection attribute in the wire formatPablo Neira Ayuso
The maximum number of attribute is NTA_EXP_MAX for expectation sync messages. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-07-03conntrack: made the protocol option value case insensitiveSzilárd Pfeiffer
Extensions register protocols by lowercase protocol name, but value of proto command line option may be uppercase. Extension related options cannot be used when protocol name comparision fails. Signed-off-by: Szilárd Pfeiffer <pfeiffer.szilard@balabit.hu> Signed-off-by: Florian Westphal <fw@strlen.de>
2015-06-26conntrack: fix expectation entry creationSzilárd Pfeiffer
Signed-off-by: Szilárd Pfeiffer <pfeiffer.szilard@balabit.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-06-26conntrack: refactor handling of address optionsSzilárd Pfeiffer
Signed-off-by: Szilárd Pfeiffer <pfeiffer.szilard@balabit.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-06-26tests: conntrack: don't overwrite read-only shell variablePablo Neira Ayuso
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-06-141:1.0.1-3+vyos2+lithium5debian/1.0.1-3+vyos2+lithium5Alex Harpin
2015-06-14conntrack: update dh_gencontrol with new development build flagAlex Harpin
2015-06-12cthelper: Optimise nfq_queue_cbPaul Aitken
ct and myct have both already been checked for non-NULL, so there's no need to check either of them again later. Signed-off-by: Paul Aitken <paitken@brocade.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-06-12conntrackd: remove unused 'numbytes'Paul Aitken
'numbytes' isn't used and can be removed. Signed-off-by: Paul Aitken <paitken@brocade.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-05-29expect: Fix wrong memset usagePablo Neira Ayuso
memset fills bytes, not ulongs - so the second parameter (the fill value) has to be a byte. Reported-by: Paul Aitken <paitken@brocade.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-05-21cthelper: don't pass up a 0 length queueChas Williams III
If the user didn't specify a queue length in the configuration file it will have a length of 0. Allow the kernel's default to take precedence instead. Signed-off-by: Charles (Chas) Williams <ciwillia@brocade.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-05-21netlink: Use <fcntl.h> instead of legacy synonym <sys/fcntl.h>Felix Janda
Signed-off-by: Felix Janda <felix.janda@posteo.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-05-21src: Define _GNU_SOURCE to get members of tcphdr&ucphdrFelix Janda
The source uses linux names for members of tcphdr. For example "source" instead of "th_sport", ... musl libc's headers need _GNU_SOURCE defined in order to expose these. Signed-off-by: Felix Janda <felix.janda@posteo.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-05-21src: Include <sys/select.h> for fd_setFelix Janda
Signed-off-by: Felix Janda <felix.janda@posteo.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-05-21src: Use stdint typesFelix Janda
Signed-off-by: Felix Janda <felix.janda@posteo.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-05-21include: Sync with kernel headersFelix Janda
Signed-off-by: Felix Janda <felix.janda@posteo.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 04:24:51 +0000