summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2008-08-02script: rework scripts that enable interaction with keepalivedPablo Neira Ayuso
This patch reworks the documentation section. It removes the replicated keepalived.conf files and merge all the scripts into one to reduce confusion and improve maintainability. It's likely that the documentation directory will suffer more restructurations in the near future. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-08-01doc: remove duplicated example filesPablo Neira Ayuso
This patch removes the directories node1/ and node2/ since the differences are few small and the user should be able to get it running if he RTFM. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-08-01ftfw: show consistent information to users for problem diagnosingPablo Neira Ayuso
This patch hides information that may confuse users while they are diagnosing problems in their setup. For example, we hide entries that are schedule to expire - from the user side, they are already destroyed entries; and we show in the counters the real active entries, not all that are stored in the caches. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-08-01fix broken normal deletion in cachesPablo Neira Ayuso
This patch fixes the non-timer-based cache deletion. This bug affects the alarm-based approach since the backup replicas did not get the deletion event, thus, delaying the deletion. This patch introduces cache_find() to look up for a conntrack object and __cache_del_timer() to perform direct deletions by means of the pointer obtained with cache_find(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-08-01fix: wrong use of timersub in cache_timerPablo Neira Ayuso
Fix wrong output in the dump of the expire timer which was negative. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-08-01fix: wrong information related to default logging actionPablo Neira Ayuso
Logging is set off by default instead of what the example files state. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-08-01cleanup: remove obsolete clause Replicate in the example conffilesPablo Neira Ayuso
Remove obsolete clause Replicate in the example configuration files. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-08-01fix: use %zu instead of %u for size_tPablo Neira Ayuso
Use %zu instead of %u for size_t to remove compilation warning. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-08-01commit: retry at least once if we hit ETIME or ENOMEMEric Leblond
Some users are reporting ETIME errors in the update. This happens when you try to update a conntrack that is expiring. To avoid this problem, we retry once at least. We do similar for ENOMEM errors, although only users in virtual machines have reported this AFAIK. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-08-01add more sanity checks in the input pathPablo Neira Ayuso
Some users have reported crashes when nf_conntrack_ipv6 was not present. This patch performs more robust sanity checks in the input path. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-07-29CLI: add new option --buffer-size for -EPablo Neira Ayuso
Add new option --buffer-size for -E to set the netlink socket buffer size. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-07-29filter: skip protocol state filtering if state not presentPablo Neira Ayuso
Skip user-space the protocol state filter if the protocol state is not present in the event message. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-07-24log: syslog displays the entry that triggers the errorPablo Neira Ayuso
This patch fixes an inconsistency in the output. If syslog was chosen as logger, the conntrack entries that triggered an error were not displayed. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-07-23add support for kernel-space filtering via BSFPablo Neira Ayuso
This patch adds support for kernel-space filtering via BSF by means of the libnetfilter_conntrack's BSF high-level API. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-07-22Major rework of the user-space event filteringPablo Neira Ayuso
This patch reworks the user-space filtering. Although we have kernel-space filtering since Linux kernel >= 2.6.26, we keep userspace filtering to ensure backward compatibility. Moreover, this patch prepares the implementation of the kernel-space filtering via libnetfilter_conntrack's high-level berkeley socket filter API. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-06-22fix xml output: wrap output with one root elementPablo Neira Ayuso
2008-06-16use only the original tuple to check if a conntrack is presentPablo Neira Ayuso
2008-06-15do not include Changelog in tarballs, user git shortlog for changelog insteadPablo Neira Ayuso
2008-06-15fix unsecure usage of printf and include limits.h (PATH_MAX and INT_MAX)Albin Tonerre
2008-06-15check if entries already exist in kernel before injectionPablo Neira Ayuso
2008-05-31delay the closure of the dump descriptor to fix assertion with cache_wtconntrack-tools-0.9.7Pablo Neira Ayuso
2008-05-31increase deletion stats when the timer is scheduled in cache_del_timeout()Pablo Neira Ayuso
2008-05-27define SO_[RCV|SND]BUFFORCE if not setPablo Neira Ayuso
2008-05-27fix make distcheckPablo Neira Ayuso
2008-05-27remove secmark support for conntrackdPablo Neira Ayuso
2008-05-26fix leak in cache_destroy(): release objects before destroying the cachePablo Neira Ayuso
2008-05-26rework the HELLO logic inside FT-FWPablo Neira Ayuso
2008-05-25add best effort replication protocol (aka NOTRACK)Pablo Neira Ayuso
2008-05-25add eventfd emulation to communicate receiver -> senderPablo Neira Ayuso
2008-05-22add flex version warning (better with >= 2.5.33)Pablo Neira Ayuso
2008-05-22only allow the use of --secmark for listing (filtering)Pablo Neira Ayuso
add missing string.h required by strdup in config parsing
2008-05-21check for missing IPv6 address before hashingPablo Neira Ayuso
2008-05-20Updates (-U) show the effect of the operation in the conntrack entryPablo Neira Ayuso
2008-05-20add Mcast[Snd|Rcv]SocketBuffer clauses to tune multicast socket buffersPablo Neira Ayuso
2008-05-18improve network message sanity checkingsPablo Neira Ayuso
2008-05-16- remove (misleading) counters and use information from the statistics modePablo Neira Ayuso
- use generic nfct_copy() from libnetfilter_conntrack to update objects - use generic nfct_cmp() to compare objects
2008-05-14minor fix of the manpage (Max Wilhelm)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-29Fix reorder possible reordering of destroy messages under message omission. ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
This patch introduces the TimeoutDestroy clause to determine how long a conntrack remains in the internal cache once it has been destroy from the kernel table.
2008-04-26rework of the FT-FW approach/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-16add more verbose error notification when the injection of a conntrack fails/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-16minor update of the manpages/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-16o fix NAT filtering via --src-nat and --dst-nat (reported by K.Oledzki)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
o recover the ID support o show display counters to stderr o enable filtering by status and ID
2008-04-13fix conntrack -U -p tcp [...]/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-13relax parameter checking for UDP and TCP/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-13check for pkg-config before anything (fix bogus missing libraries failure)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-13add initial automated qa testing for the conntrack cli/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-13This is a major improvement of the conntrack command line tool:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
o check for missing source/address IP/ports in creation and get operations o way more flexible conntrack updates and deletions o fix NAT filtering via --src-nat and --dst-nat (reported by K.Oledzki) o show display counters to stderr o minor cleanups
2008-04-12o simplify parameter-handling code/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
o check for missing source/address IP/ports o minor cleanups
2008-04-09update manpages with the new URL/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-09improve netlink overrun handling/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-09 20:33:58 +0000