summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-02-25Remove Makefile.in, redundant/superseded by *Makefile.inmasterSven-Thorsten Dietrich
2013-02-25Add configure.in to .gitignoreSven-Thorsten Dietrich
2013-02-25Remove generated file configure.inSven-Thorsten Dietrich
2013-02-25Remove generated fileSven-Thorsten Dietrich
2013-02-21Remove generated files.Sven-Thorsten Dietrich
2013-02-14Fix build error:Sven-Thorsten Dietrich
parse.c: In function ‘msg2ct’: parse.c:258: error: ‘NULL’ undeclared (first use in this function) parse.c:258: error: (Each undeclared identifier is reported only once parse.c:258: error: for each function it appears in.) needed #include <stdddef.h>
2012-10-131:1.0.1-2+vyatta36debian/1.0.1-2+vyatta36John Southworth
2012-10-13fix tagsJohn Southworth
2012-10-131:1.0.1-2+vyatta35+daisy1debian/1.0.1-2+vyatta35+daisy1John Southworth
2012-10-13create daisy branchJohn Southworth
2012-09-121:1.0.1-2+vyatta35vyatta/VC6.5R1/i386vyatta/VC6.5R1/amd64debian/1.0.1-2+vyatta35Gaurav Sinha
2012-09-12conntrackd: parse: fix wrong maximum length for ATTR_EXP_FNPablo Neira Ayuso
It was set to NFCT_HELPER_NAME_MAX (16 bytes), but we have function names that are larger, eg. nf-nat-follow-master which is 18 bytes long. This leads to hitting malformed message while synchronizing expectations. I'll add some new constant to libnetfilter_conntrack instead of hardcoding this, later. Reported-by: Gaurav Sinha <gaurav.sinha@vyatta.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> (cherry picked from commit 46faeab56cf4117f41cb6f1f1c40a9c18a81372f) (cherry picked from commit 0cf70ce9b1bcb63d54d9514558b74ae2bde39d9f)
2012-07-311:1.0.1-2+vyatta34debian/1.0.1-2+vyatta34Gaurav Sinha
2012-07-31fixing 8243: fix will selectively flush the conntrack table on master, ↵Gaurav Sinha
ignoring ignored addresses during flush
2012-07-061:1.0.1-2+vyatta33debian/1.0.1-2+vyatta33Gaurav Sinha
2012-07-06conntrackd: fix commit operation, needs to be synchronousPablo Neira Ayuso
While adding the expectation support for conntrackd, I accidentally broke synchrony in 'conntrackd -c' command. Basically, conntrackd -c should not return control to the shell until the cache has been committed. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> (cherry picked from commit 7eb63b5872f07903d952aa5cfd6ad0e7647a066a) (cherry picked from commit 93d244a982f80a691bfb6eb4e17e2cccc32a5cb9)
2012-07-06conntrackd: add bugtrap notice in case of flush while commit in progressPablo Neira Ayuso
Flushing the external cache, ie. conntrackd -f, while commit is in progress is not allowed anymore, ie. conntrackd -c. Note that conntrackd -c is synchronous. Thus, it returns control to the caller once the commit has finished. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> (cherry picked from commit 8648ae6d08bb84030c2c3519454532f6e04e31d9) (cherry picked from commit 3611b5f5992837224205361c25cfed55c47af8c4)
2012-06-071:1.0.1-2+vyatta32debian/1.0.1-2+vyatta32Gaurav Sinha
2012-06-07Merge branch 'cthelper12' of git://git.netfilter.org/conntrack-tools into ↵Gaurav Sinha
pacifica Conflicts: include/helper.h src/expect.c src/helpers/ftp.c src/helpers/rpc.c src/helpers/tns.c tests/conntrackd/cthelper/main.c tests/conntrackd/cthelper/run-test.sh
2012-06-07tests: conntrackd: add cthelper-test infrastructurePablo Neira Ayuso
This patch adds the automated testing infrastructure the user-space helpers. Basically, this adds the `cthelper-test' program that can be invoked from the command line: ./cthelper-test pcaps/oracle-tns-redirect.pcap tns tcp 1521 To test the helper with one PCAP file that contains traces of Oracle TNS traffic. It also provides tweaks to test the DNAT content mangling code: ./cthelper-test pcaps/oracle-tns-redirect.pcap tns tcp 1521 dnat This will also allow fuzzy testing of user-space helper, for further validation, not yet implemented. To compile this tool, you have to run: ./configure make check under the qa/cthelper-test/ directory. I'm doing like this because this directory is not included in the standalone tarball that make distcheck generates (I don't want to bloat it with development tools that can be retrieved from the git repository). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-06-07conntrackd: TNS helper added to cthelperJozsef Kadlecsik
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-06-07conntrackd: RPC helper added to cthelperJozsef Kadlecsik
How to use this helper in a few steps: 1) You can enable this helper via: nfct helper add rpc inet tcp nfct helper add rpc inet udp 2) Configure /etc/conntrackd/conntrackd.conf and launch it. 3) You can test this helper locally with the following rule-set: iptables -A OUTPUT -t raw -p udp -m udp --dport 111 -j CT --helper rpc iptables -A OUTPUT -t raw -p tcp -m tcp --dport 111 -j CT --helper rpc iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 111 -j ACCEPT iptables -A OUTPUT -p udp -m state --state NEW,ESTABLISHED -m udp --dport 111 -j ACCEPT iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -P OUTPUT DROP 4) Configure NFS and export some local directory. Then, mount it with version 3. mount.nfs -onfsvers=3 127.0.0.1:/srv/cvs /mnt/ You should see permanent expectations created for this. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-06-07conntrackd: add cthelper infrastructure (+ example FTP helper)Pablo Neira Ayuso
This patch adds the user-space helper infrastructure. It also contains the implementation of the FTP helper in user-space. There's one example file that you can use to configure conntrackd as user-space connection tracking helper under: doc/helper/conntrackd.conf Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-06-051:1.0.1-2+vyatta31debian/1.0.1-2+vyatta31Gaurav Sinha
2012-06-05Debian package conntrack-helpers to package helpers in user spaceGaurav Sinha
2012-06-041:1.0.1-2+vyatta30debian/1.0.1-2+vyatta30Gaurav Sinha
2012-06-04forced release:cttimeout refreshed on build machineGaurav Sinha
2012-06-041:1.0.1-2+vyatta29debian/1.0.1-2+vyatta29Gaurav Sinha
2012-06-04Add nfct debian package to this submodule.Gaurav Sinha
2012-06-011:1.0.1-2+vyatta28debian/1.0.1-2+vyatta28Gaurav Sinha
2012-06-01Merge branch 'cthelper10' of git://git.netfilter.org/conntrack-tools into ↵user_space_helpersGaurav Sinha
user_space_helpers Conflicts: src/cthelper.c src/helpers/ftp.c src/helpers/tns.c
2012-05-31tests: conntrackd: add cthelper-test infrastructurePablo Neira Ayuso
This patch adds the automated testing infrastructure the user-space helpers. Basically, this adds the `cthelper-test' program that can be invoked from the command line: ./cthelper-test oracle-tns/oracle-tns-redirect.pcap tns tcp To test the helper with one PCAP file that contains traces of Oracle TNS traffic. This will also allow fuzzy testing of user-space helper, for further validation, not yet implemented. To compile this tool, you have to run: ./configure make check under the qa/cthelper-test/ directory. I'm doing like this because this directory is not included in the standalone tarball that make distcheck generates (I don't want to bloat it with development tools that can be retrieved from the git repository). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-05-31conntrackd: TNS helper added to cthelperJozsef Kadlecsik
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-05-31conntrackd: RPC helper added to cthelperJozsef Kadlecsik
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-05-31conntrackd: add cthelper infrastructure (+ example FTP helper)Pablo Neira Ayuso
This patch adds the user-space helper infrastructure. It also contains the implementation of the FTP helper in user-space. There's one example file that you can use to configure conntrackd as user-space connection tracking helper under: doc/helper/conntrackd.conf Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-05-301:1.0.1-2+vyatta27debian/1.0.1-2+vyatta27Gaurav Sinha
2012-05-30forced releaseGaurav Sinha
2012-05-301:1.0.1-2+vyatta26debian/1.0.1-2+vyatta26Gaurav Sinha
2012-05-30forced releaseGaurav Sinha
2012-05-301:1.0.1-2+vyatta25debian/1.0.1-2+vyatta25Gaurav Sinha
2012-05-30force release:dependency fix on build machineGaurav Sinha
2012-05-301:1.0.1-2+vyatta24debian/1.0.1-2+vyatta24Gaurav Sinha
2012-05-30force release:post build dependency fix on build machineGaurav Sinha
2012-05-301:1.0.1-2+vyatta23debian/1.0.1-2+vyatta23Gaurav Sinha
2012-05-30Merge branch 'cthelper9' of git://git.netfilter.org/conntrack-tools into ↵Gaurav Sinha
user_space_helpers Conflicts: .gitignore src/run.c
2012-05-28tests: conntrackd: add cthelper-test infrastructurePablo Neira Ayuso
This patch adds the automated testing infrastructure the user-space helpers. Basically, this adds the `cthelper-test' program that can be invoked from the command line: ./cthelper-test oracle-tns/oracle-tns-redirect.pcap tns tcp To test the helper with one PCAP file that contains traces of Oracle TNS traffic. This will also allow fuzzy testing of user-space helper, for further validation, not yet implemented. To compile this tool, you have to run: ./configure make check under the qa/cthelper-test/ directory. I'm doing like this because this directory is not included in the standalone tarball that make distcheck generates (I don't want to bloat it with development tools that can be retrieved from the git repository). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-05-28conntrackd: TNS helper added to cthelperJozsef Kadlecsik
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-05-28conntrackd: RPC helper added to cthelperJozsef Kadlecsik
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-05-28conntrackd: add cthelper infrastructure (+ example FTP helper)Pablo Neira Ayuso
This patch adds the user-space helper infrastructure. It also contains the implementation of the FTP helper in user-space. There's one example file that you can use to configure conntrackd as user-space connection tracking helper under: doc/helper/conntrackd.conf Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-05-28conntrackd: move ctnetlink code to ctnl.c (removed from run.c)Pablo Neira Ayuso
This patch moves the specific ctnetlink code to ctnl.c to prepare the introduction of the cthelper infrastructure. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-19 08:31:36 +0000