| Age | Commit message (Collapse) | Author |
|---|
|
This patch adds support for TCP as protocol to replicate
state-changes between two daemons. Note that this only
makes sense with the notrack mode.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
With this patch, a) we set the file descriptors for the
synchronization channels as non-blocking, b) we perform more than
one recv() call per select() signal on the socket and c) we limit
the iteration to the value that EventIterationLimit has set.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch removes several structure fields that are unused.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch removes a compilation warning. The buffer passed to
be sent must be const.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch reworks conntrackd to make it independent of the protocol
used to propagate state-changes. This patch adds the channel layer
abstraction, this layer allows you to add support for different
protocols like unicast UDP or TIPC.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch adds include limits.h to mcast.c and sync-mode.c. Why Gentoo
maintainers did not report me the problem? :(
http://bugs.gentoo.org/show_bug.cgi?id=256497
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch includes libnfnetlink.h header in mcast.c to remove
a compilation warning due to missing prototype declaration.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch removes debug() and debug_ct(), I haven't use the
debugging information that these functions provide in years.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch adds support for redundant dedicated links. You can add
a pool of dedicated links that can be used if the current active
fails.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
only which is incompatible AFAIK
|
|
has been Max Kellermann and has no issues with relicensing their contributions.
|
|
|
|
use size_t
|
|
fix double free() bug in the error output path of mcast_create()
|
|
remove superfluous initialization
|
|
import only required C headers and put local headers on top to check
|
|
fix memory leaks in several error output paths
|
|
use C99 integers (uint32_t instead of u_int32_t)
|
|
Fix tons of gcc warnings
|
|
- use buffer of MTU size
conntrack:
- better protocol argument checkings
- fix per-protocol filtering, eg. conntrack -[L|E] -p tcp now works
- show per-protocol help, ie. conntrack -h -p tcp
- add alias --src for --orig-src and alias --dst for --orig-dst
|
|
- add len field to nethdr
- implement buffered send/recv to batch messages
- stop using netlink format for network messages: use similar TLV-based format
- reduce synchronization messages size up to 60%
- introduce periodic alive messages for sync-nack protocol
- timeslice alarm implementation: remove alarm pthread, remove locking
- simplify debugging functions: use nfct_snprintf instead
- remove major use of libnfnetlink functions: use libnetfilter_conntrack API
- deprecate conntrackd -F, use conntrack -F instead
- major rework of the network infrastructure: much simple, less messy
|
|
|
|
chain
|
