summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2008-07-22Major rework of the user-space event filteringPablo Neira Ayuso
This patch reworks the user-space filtering. Although we have kernel-space filtering since Linux kernel >= 2.6.26, we keep userspace filtering to ensure backward compatibility. Moreover, this patch prepares the implementation of the kernel-space filtering via libnetfilter_conntrack's high-level berkeley socket filter API. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-06-22fix xml output: wrap output with one root elementPablo Neira Ayuso
2008-06-16use only the original tuple to check if a conntrack is presentPablo Neira Ayuso
2008-06-15do not include Changelog in tarballs, user git shortlog for changelog insteadPablo Neira Ayuso
2008-06-15fix unsecure usage of printf and include limits.h (PATH_MAX and INT_MAX)Albin Tonerre
2008-06-15check if entries already exist in kernel before injectionPablo Neira Ayuso
2008-05-31delay the closure of the dump descriptor to fix assertion with cache_wtconntrack-tools-0.9.7Pablo Neira Ayuso
2008-05-31increase deletion stats when the timer is scheduled in cache_del_timeout()Pablo Neira Ayuso
2008-05-27define SO_[RCV|SND]BUFFORCE if not setPablo Neira Ayuso
2008-05-27fix make distcheckPablo Neira Ayuso
2008-05-27remove secmark support for conntrackdPablo Neira Ayuso
2008-05-26fix leak in cache_destroy(): release objects before destroying the cachePablo Neira Ayuso
2008-05-26rework the HELLO logic inside FT-FWPablo Neira Ayuso
2008-05-25add best effort replication protocol (aka NOTRACK)Pablo Neira Ayuso
2008-05-25add eventfd emulation to communicate receiver -> senderPablo Neira Ayuso
2008-05-22add flex version warning (better with >= 2.5.33)Pablo Neira Ayuso
2008-05-22only allow the use of --secmark for listing (filtering)Pablo Neira Ayuso
add missing string.h required by strdup in config parsing
2008-05-21check for missing IPv6 address before hashingPablo Neira Ayuso
2008-05-20Updates (-U) show the effect of the operation in the conntrack entryPablo Neira Ayuso
2008-05-20add Mcast[Snd|Rcv]SocketBuffer clauses to tune multicast socket buffersPablo Neira Ayuso
2008-05-18improve network message sanity checkingsPablo Neira Ayuso
2008-05-16- remove (misleading) counters and use information from the statistics modePablo Neira Ayuso
- use generic nfct_copy() from libnetfilter_conntrack to update objects - use generic nfct_cmp() to compare objects
2008-05-14minor fix of the manpage (Max Wilhelm)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-29Fix reorder possible reordering of destroy messages under message omission. ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
This patch introduces the TimeoutDestroy clause to determine how long a conntrack remains in the internal cache once it has been destroy from the kernel table.
2008-04-26rework of the FT-FW approach/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-16add more verbose error notification when the injection of a conntrack fails/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-16minor update of the manpages/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-16o fix NAT filtering via --src-nat and --dst-nat (reported by K.Oledzki)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
o recover the ID support o show display counters to stderr o enable filtering by status and ID
2008-04-13fix conntrack -U -p tcp [...]/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-13relax parameter checking for UDP and TCP/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-13check for pkg-config before anything (fix bogus missing libraries failure)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-13add initial automated qa testing for the conntrack cli/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-13This is a major improvement of the conntrack command line tool:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
o check for missing source/address IP/ports in creation and get operations o way more flexible conntrack updates and deletions o fix NAT filtering via --src-nat and --dst-nat (reported by K.Oledzki) o show display counters to stderr o minor cleanups
2008-04-12o simplify parameter-handling code/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
o check for missing source/address IP/ports o minor cleanups
2008-04-09update manpages with the new URL/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-09improve netlink overrun handling/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-08fix asymmetric path support (still some open concerns)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-08fix compilation in ARM (reported by Thiemo Seufer via Max Kellermann)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-03-26fix minor compilation issue in amd64 with gcc4.3 (reported by Daniel Schepler/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
via M.Kellermann)
2008-03-25add missing libct_proto_icmpv6.c/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-03-25Krzysztof Oledzki <ole@ans.pl>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
o add ICMPv6 (-p icmpv6) support o add possibility to distinguish between invalid (unknown) and empty proto
2008-03-25Pablo Neira Ayuso <pablo@netfilter.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
o remove .svn directory from make distcheck tarballs (reported by B.Benjamini) + Krzysztof Oledzki <ole@ans.pl>: o fix minor compilation warning
2008-03-09remove .svn from doc/ in tarballs (reported by Gilad Benjamini)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-03-08update changelog with 0.9.6 release datesvn_t_conntrack-tools-0.9.6/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-03-08revert relicensing... still we use linux_list.h code which seems to be GPLv2 ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
only which is incompatible AFAIK
2008-03-08relicense conntrack-tools as GPLv3+, so far the most significant contributor ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
has been Max Kellermann and has no issues with relicensing their contributions.
2008-02-22cleanup: remove config_set from main(), use config_file variable instead/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-02-19compose the file descriptor set at initialization stage to save some cycles/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-02-14From: Max Kellermann <max@duempel.org>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
whitespace cleanups
2008-02-14From: Max Kellermann <max@duempel.org>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
use list_for_each_entry()
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 17:33:00 +0000