summaryrefslogtreecommitdiff
path: root/conntrack.8
AgeCommit message (Collapse)Author
2012-03-20src: manpage and help display improvementsAdrian Bridgett
This patch adds missing information regarding several conntrackd options to the manpage and the help info that is displayed in the command line. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2011-06-15conntrack: add support for mark maskFlorian Westphal
Extend --mark option to optionally take a mask, seperated by '/', e.g. --mark 0x80/0xf0. When used with -L, only test those bits of the mark that are in the mask range (behaves like iptables like -m mark). When used with -U, zero out those bits indicated by the mask and XOR the new mark into the result (behaves like iptables -j MARK --set-xmark). Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2011-02-17conntrack: add -o ktimestamp option (it requires linux >= 2.6.38)Pablo Neira Ayuso
This option requires Linux kernel >= 2.6.38, you have to enable conntrack timestamping with: echo 1 > /proc/sys/net/netfilter/nf_conntrack_timestamp # conntrack -L -o ktimestamp udp 17 59 src=192.168.1.128 dst=192.168.1.1 sport=52050 dport=53 src=192.168.1.1 dst=192.168.1.128 sport=53 dport=52050 [ASSURED] mark=0 delta-time=121 [start=Thu Feb 17 17:41:18 2011] use=1 # conntrack -L conntrack v0.9.15 (conntrack-tools): 20 flow entries have been shown. udp 17 31 src=192.168.1.128 dst=192.168.1.1 sport=52050 dport=53 src=192.168.1.1 dst=192.168.1.128 sport=53 dport=52050 [ASSURED] mark=0 delta-time=149 use=1 # conntrack -E -o ktimestamp ... [DESTROY] udp 17 src=192.168.1.128 dst=192.168.1.1 sport=40162 dport=53 src=192.168.1.1 dst=192.168.1.128 sport=53 dport=40162 [ASSURED] delta-time=3 [start=Thu Feb 17 17:44:57 2011] [stop=Thu Feb 17 17:45:00 2011] # conntrack -E [DESTROY] udp 17 src=192.168.1.128 dst=77.226.252.14 sport=123 dport=123 src=77.226.252.14 dst=192.168.1.128 sport=123 dport=123 delta-time=8 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2010-10-12conntrack: fix missing line break in conntrack(8) manpagePablo Neira Ayuso
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2010-07-05conntrack: add zone supportPablo Neira Ayuso
This patch adds `--zone' to the command line tool. This adds the missing user-space support for Patrick's McHardy iptables CT target. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2010-07-01conntrack: add `--any-nat' to filter any NATted flowPablo Neira Ayuso
This patch adds the --any-nat option that allows to display src-NATted OR dst-NATted flows. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2010-02-26conntrack: option `-t' in on the same line as `-m' in manpagePablo Neira Ayuso
From Richard Lucassen: > Btw: if you search the "-m --mask" option in the manpage, you'll see a > cosmetic typo: this option is on the same line as "-t --timeout" Reported-by: Richard Lucassen <reply5@xaq.nl> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-07-17doc: spell fix in conntrack(8) manpageJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-04-24conntrack: add DCCP role parameter for conntrack creationPablo Neira Ayuso
This patch adds `--role' parameter for DCCP which is required to create entries. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-04-18conntrack: add GRE supportPablo Neira Ayuso
This patch adds GRE support for the command line tool conntrack. With this patch, we support all protocols available in the kernel. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.
2009-04-11conntrack: add DCCP supportPablo Neira Ayuso
This patch adds DCCP support for the command line tool conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-04-11conntrack: add SCTP supportPablo Neira Ayuso
This patch adds SCTP support to the command line tool conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-04-11conntrack: add UDPlite supportPablo Neira Ayuso
This patch adds UDPlite support for the command line tool conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-03-31conntrack: add `-S' command to display kernel statisticsPablo Neira Ayuso
This patch adds `-S' command to display kernel statistics. Using raw `cat' on /proc and the hexadecimal output is not very handy. This option parses the /proc entry and display the information is a more human friendly way. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-03-31conntrack: fix missing bits in `-C' commandPablo Neira Ayuso
This patch fixes some missing bits for the `-C' conntrack command like the manpage information, the usage help, the `--counters' synonymous and the commands vs. options checking. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2009-01-17conntrack: add -C command to display the counterPablo Neira Ayuso
This patch adds the -C command, to display the table counter. In the case of `-C conntrack' the tool reads the proc interface. For expectation, it loops on the table to count the number of entries (as there is not proc interface to display the number of expectations). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-12-04manpage: add --status FIXED_TIMEOUT and EXPECTEDPablo Neira Ayuso
This patch adds FIXED_TIMEOUT and EXPECTED to the conntrack(8) manpage. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-10-22conntrack: add missing -U in conntrack(8) manpagePablo Neira Ayuso
This patch adds information about -U which was missing. Reported-by: Karel Rericha <karel@maxtel.cz> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-07-29CLI: add new option --buffer-size for -EPablo Neira Ayuso
Add new option --buffer-size for -E to set the netlink socket buffer size. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-04-16minor update of the manpages/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-04-16o fix NAT filtering via --src-nat and --dst-nat (reported by K.Oledzki)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
o recover the ID support o show display counters to stderr o enable filtering by status and ID
2008-04-09update manpages with the new URL/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2007-12-21= conntrack =/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
o fix missing `-g' and `-n' options in getopt_long control string o add support for secmark (requires Linux kernel >= 2.6.25) o add mark and secmark information to the manpage o cleanup error message = conntrackd = o add support for secmark (requires Linux kernel >= 2.6.25) o add conntrackd (8) manpage
2007-07-18include protocol filter parameters in the manpage/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2007-06-09- add support for `-L --src-nat' and `-L --dst-nat' to show natted connections/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
- update conntrack(8) manpage
2007-05-07o introduce '--output xml,extended,timestamp' option for '-L', '-G' and '-E'/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
o several fixes for the output of usage messages
2007-05-06- add warning note to ctnl_test.c: old API is deprecated/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
- split expect_api_test.c into small example files expect_*.c - introduce alias tags for original tuple attributes - introduce nfexp_sizeof and nfexp_maxsize - build expectation attributes iif they are set - fix l3num setting in expect/build.c
2007-04-16first step forward to merge conntrackd and conntrack into the same building ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
chain
2007-04-16initial import of the conntrack daemon to Netfilter SVN/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2005-12-26<pablo@netfilter.org>/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org
o add IPv6 support: main change o removed dead code: iptables_insmod and get_modprobe o compact the commands vs. options table o move working vars from the stack to the BSS section o update manpage o Bumped version to 1.0beta1 <yasuyuki.kozakai@toshiba.co.jp> o check address family mismatch o fix incomplete copying IPv6 addresses
2005-12-03o Add support to filter events. ie: -p tcp --orig-port-dst 80 in/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org
conjuction with -E to get all the requests to HTTP servers o Update manpage o Missing static function declaration in the protocol handlers o Use protocol flags defined in libnetfilter_conntrack o Kill leftover #include "conntrack.h" in the ICMP helper o Bumped version to 0.991
2005-11-01o Add --id to the conntrack manpage/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org
o Add myself to the list of ctnetlink author, it deserves it ;)
2005-09-24major update (See ChangeLog)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org
2005-06-24o Fixed syntax error (tab/space issue) in help message/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org
o Fixed getopt handling on big endian machines o Fixed possible future read-over-end-of-array in TCP extension o Add manpage o Add missing space at output of libct_proto_icmp.c o Add status bits that were introduced in 2.6.11 o Add SCTP extension o Add support for expect creation o Bump version number to 0.63