1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
|
2006-03-20
<hidden@sch.bme.hu>
o fix ICMP protocol extension parse callback
2006-01-15
<pablo@netfilter.org>
o Added missing parameters to set the ports of an expectation tuple
o Add support to filter dumped entries.
ie: conntrack -L -p tcp --orig-port-dst 993
display all the connections to IMAPS servers
conntrack -L -m 2
display all the connection marked with 2
o Bumped version to 1.00beta2
2005-12-26
<pablo@netfilter.org>
o add IPv6 support: main change
o removed dead code: iptables_insmod and get_modprobe
o compact the commands vs. options table
o move working vars from the stack to the BSS section
o update manpage
o Bumped version to 1.0beta1
<yasuyuki.kozakai@toshiba.co.jp>
o check address family mismatch
o fix incomplete copying IPv6 addresses
2005-12-19
<pablo@netfilter.org>
o We only support ipv4 at the moment: set l3protonum to AF_INET
o Minor changes to prepare upcoming ipv6 support
2005-12-03
<pablo@netfilter.org>
o Add support to filter events. ie: -p tcp --orig-port-dst 80 in
conjuction with -E to get all the requests to HTTP servers
o Update manpage
o Missing static function declaration in the protocol handlers
o Use protocol flags defined in libnetfilter_conntrack
o Bumped version to 0.991
2005-11-22
<marcus@ingate.com>
o Fix oversized number of options
2005-11-11
<laforge@netfilter.org>
o don't check for kernel header path in configure, since we don't use
kernel headers
o don't check for libnfnetlink, we don't use it directly
o move plugins into pkglibdir
o remove 'lib' prefix of plugins, they're not really libraries
o remove version information from plugin filenames
o Bumped version to 0.99
2005-11-09
<pablo@netfilter.org>
o set status to zero, libnetfilter_conntrack now activate
IPS_CONFIRMED since all conntrack in hash must be confirmed.
o Bumped version to 0.98
2005-11-08
<olenf@ans.pl>
o Fix warnings generated by gcc -Wall
o Fix conntrack exit value at error
o Replace obsolete inet_addr by inet_aton
2005-11-05
<olenf@ans.pl>
o Improved conntrack -h output
o add htons for icmp id.
<pablo@eurodev.net>
o -t and -u are optional at update.
o Fixed versioning :(
o Bumped version to 0.97
2005-11-03
<laforge@netfilter.org>
o Use extra 'data' argument of nfct_register_callback() function that
I've introduced in libetfilter_conntrack.
<olenf@ans.pl>
o moves conntrack tool from bin to sbin directory since this
application is an administration utility and it requires uid==0 or
CAP_NET_ADMIN
<pablo@eurodev.net>
o check if --state missing when -p is passed
o command type is passed to final_check: checkings based on the
command can be done now.
o kill duplicated definition of IPS_* bits: Already present in
libnetfilter_conntrack.
o Move action and command enum to conntrack.h
o kill NIPQUAD macro
o make conntrack handler cth static.
o Bumped version to 0.96
2005-11-01
<pablo@eurodev.net>
o Fix error message describing illegal option -E -i
o -D -i ID requires tuple information: Display an error message
o Use NFCT_ALL_CT_GROUPS flag instead of NFCT_ALL_GROUPS
o Event mask doesn't make sense for expectations, kill dead code
o Bumped version to 0.95
<olenf@ans.pl>
o Fix wrong formating in conntrack -h
2005-10-30
<pablo@eurodev.net>
Special thanks to Deti Fiegl from the Leibniz Supercomputing Centre in
Munich, Germany for providing the "fast" hardware to reproduce
spurious bugs ;)
o Replace misleading message "Not enough memory" by "Can't open handler"
o New option -i for expectation dumping: conntrack -L expect [-i]
o sed 's/VERSION/CONNTRACK_VERSION/g'
o Fix nfct_open flags, now uses NFCT_ALL_GROUPS when needed
o Bumped version to 0.94
2005-10-28
<pablo@eurodev.net>
o New option -i for dumping: conntrack -L [-i]
o Fixed warning in findproto due to a stupid wrong type definition
o sed 's/nfct_set_callback/nfct_register_callback/g'
o killed the 'retry' logic, *sigh* it is broken in some cases
o killed broken and unneeded protocol handler destructors (fini)
o killed unregister_proto
o Fixed code indentation in the command selector
o Bumped version to 0.93
2005-10-27
<pablo@eurodev.net>
o Use conntrack VERSION instead of the old LIBCT_VERSION
o proto_list and lib_dir are now static
o kill dead code: function dump_tuple
o Bumped version to 0.92
2005-10-25
<eleblond@inl.fr>
o Add missing autogen.sh file
2005-10-24
<pablo@eurodev.net>
o use NFCT_ANY_GROUP flag in nfct_open()
2005-10-21
<pablo@eurodev.net>
o Bumped version to 0.90
o Add support for id and marks
2005-10-20
<pablo@eurodev.net>
o Kill some more files that generated by the autocrap
o Resync with the lastest libnetfilter_conntrack API changes
2005-10-16
<pablo@netfilter.org>
o Rename libct_proto.h to conntrack.h
o Remove config.h.in from svn, it's autogenerated by the autocrap :)
o Remove dead functions in the SCTP protocol helper
2005-10-14
<pablo@netfilter.org>
o Kill config.h.in, it's generated by the autocrap
o The conntrack tool now uses libnetfilter_conntrack :)
o libct.c has been killed, now it's in libnetfilter_conntrack
o Check if you're root or CAP_NET_ADMIN
o Bumped version number to 0.86
2005-10-07
<chentschel@iplan.com.ar>
o Fixed ICMP options
<pablo@netfilter.org>
o Multiple fixes for the ICMP protocol handler
o Fix ICMP output: wrong output. type and code were set to zero.
2005-10-05
<pablo@netfilter.org>
o Fix up counters
o Fix up compilation (IPS_* stuff missing), still need a proper fix
o Bumped version number to 0.82
2005-09-24
<laforge@netfilter.org>
o Get rid of C++ style comments
o Remove remaining bits of "-A --action", group-mask and dump-mask
o Clean up #include's
o Fix double-free when exiting via signal handler (Ctrl+C)
o Add "version" member to plugins
o Fix some Endianness issues when printing CTA_STATUS
2005-08-31
<pablo@netfilter.org>
o Fix packet and bytes counters (use __be64_to_cpu)
o Fix ip_conntrack_netlink load-on-demand
2005-07-12
<pablo@eurodev.net>
o Use conntrack netlink attributes: Major change
o Kill action setting: Mask based dumping
o Fix ChangeLog
2005-05-23
<laforge@netfilter.org>
o Fixed syntax error (tab/space issue) in help message
o Fixed getopt handling on big endian machines
o Fixed possible future read-over-end-of-array in TCP extension
o Add manpage
o Add missing space at output of libct_proto_icmp.c
o Add status bits that were introduced in 2.6.11
o Add SCTP extension
o Add support for expect creation
o Bump version number to 0.63
2005-05-17
<pablo@eurodev.net>
o Added descriptive error messages.
o Fix wrong flags check in [tcp|udp] proto helpers.
2005-05-16
<pablo@eurodev.net>
o Implemented ICMP proto helper
o Added help() and final_check() functions for proto helpers.
2005-05-01
<pablo@eurodev.net>
o Created changelog file
o Deleted libctnetlink.h and libnfnetlink.h from the include/ dir.
o Added support for version (-V) and help (-h)
o Added event mask based support
o Added GPLv2 headers
o Use fprintf instead of printf
o Defined print_tuple and print_proto output interfaces
o ctnl_[get|del]_conntrack handles return value from kernel via msgerr
o Added support for conntrack table flushing
o Added test case file (test.sh)
o Improve dump output
<azez@ufomechanic.net>
o Autoconf stuff for conntrack + some pablo's modifications.
o Fixed packet counters formatting (use %llu instead of %lu)
2005-04-25
<pablo@eurodev.net>
o Added support for mask based event dumping
o Added support for mask based event notification
o On-demand autoload of ip_conntrack_netlink
|