summaryrefslogtreecommitdiff
path: root/src/main.c
AgeCommit message (Collapse)Author
2008-08-02conntrackd: add -t option to shorten conntrack timeoutsPablo Neira Ayuso
This patch adds the new option `-t' for conntrackd. This option shortens the value of the timeout for the cached entries that lives in the kernel. This option is particularly useful to remove the zombie established entries that remain in kernel if the user tests the platform by forcing the takeover from one to another node several times. We currently use the value of CommitTimeout which is sane for it. Adding a new option does not seem to add more flexibility IMO. Once we get the patches to notify user changes via ctnetlink and the netlink flag NLM_F_ECHO works, we may directly invoke a massive purge of the entries, however, such solution would still need evaluation. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2008-06-15fix unsecure usage of printf and include limits.h (PATH_MAX and INT_MAX)Albin Tonerre
2008-03-08revert relicensing... still we use linux_list.h code which seems to be GPLv2 ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
only which is incompatible AFAIK
2008-03-08relicense conntrack-tools as GPLv3+, so far the most significant contributor ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
has been Max Kellermann and has no issues with relicensing their contributions.
2008-02-22cleanup: remove config_set from main(), use config_file variable instead/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-02-14From: Max Kellermann <max@duempel.org>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
whitespace cleanups
2008-01-18Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
Simplify logging infrastructure
2008-01-18Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
there is no need to check capabilities - the socket() call will fail a few lines later anyway, producing an error message which is good enough.
2008-01-17Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
import only required C headers and put local headers on top to check
2008-01-17Max Kellerman <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
o always close stdin - even in non-daemon mode, it is of no use o chdir("/") to release the cwd inode o ignore setsid() failure, because there is only one possible and o fix harmless error condition
2008-01-15use umask() to set up file permissions/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-01-15Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
Fix tons of gcc warnings
2008-01-15Max Kellermann <max@duempel.org>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
add missing function prototypes
2008-01-09wake up the daemon iff there are real events to handle instead of polling ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
(Based on comments from Max Kellerman)
2008-01-05fix logfiles permissions, do not default to umask/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-01-05daemonize conntrackd after initialization/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-01-05obsolete `-S' option: Use information provided by the config file/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2008-01-05Ben Lentz <BLentz@channing-bete.com>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
Detach daemon from its terminal
2008-01-03o add support for connection logging to the statistics mode via Logfile/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
o minor irrelevant fixes for uncommon error paths and fix several typos o use LOG_INFO for connection logging, use LOG_NOTICE for other information o minor error handling updates
2007-12-24show error and warning messages to stderr/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2007-12-21o Use more appropriate names for the existing synchronization modes:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
o rename `persistent' mode to `alarm' o rename `nack' mode to `ftfw' o Now default synchronization mode is ftfw instead of alarm
2007-09-12add syslog support and bump version/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
2007-07-09- conntrack-tools requires libnetfilter_conntrack >= 0.0.81 /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
- add len field to nethdr - implement buffered send/recv to batch messages - stop using netlink format for network messages: use similar TLV-based format - reduce synchronization messages size up to 60% - introduce periodic alive messages for sync-nack protocol - timeslice alarm implementation: remove alarm pthread, remove locking - simplify debugging functions: use nfct_snprintf instead - remove major use of libnfnetlink functions: use libnetfilter_conntrack API - deprecate conntrackd -F, use conntrack -F instead - major rework of the network infrastructure: much simple, less messy
2007-06-13- local requests return EXIT_FAILURE if it can't connect to the daemon/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
- several cleanups
2007-04-16first step forward to merge conntrackd and conntrack into the same building ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org
chain
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 19:14:58 +0000