summaryrefslogtreecommitdiff
path: root/daemon/CHANGELOG
blob: afab61d310a059c6532a3c2748fea58e8725bbdb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
version 0.9.3 (yet unreleased)
------------------------------
o fix commit of confirmed expectations (reported by Nishit Shah)
o fix double increment of counters in cache_update_force() (Niko Tyni)
o nl_dump_handler must return NFCT_CB_CONTINUE (Niko Tyni)
o initialize buffer in nl_event_handler() and nl_dump_handler() (Niko Tyni) 
o CacheCommit value can be set via conntrackd.conf for the NACK approach
o fix leaks in the hashtable/cache flush path (Niko Tyni)
o fix leak if a connection already exists in the cache (Niko Tyni)
o introduce a new header that encapsulates netlink messages
o remove all '_entry' tail from all functions in cache.c
o split cache.c: move cache iterators to file cache_iterators.c
o fix inconsistencies in the cache API related to counters
o cleanup 'usage' message
o fix typo in examples/sync/nack/node1/conntrackd.conf
o introduce message checksumming as described in RFC1071 (enabled by default)
o major cleanups in the synchronization code
o just warn once that the maximum netlink socket buffer has been reached
o fix ignore conntrack entries by IP and introduce ignore pool abstraction layer
o introduce netlink socket buffer overrun handler
o constification of hash, compare and hashtable_test functions in hash.c
o introduce ACKnowledgement mechanisms to reduce the size of the resend queue
o remove OK messages at startup since provide useless data
o fix compilation warning in mcast.c: recvfrom takes socklen_t not size_t
o add a lock per buffer: makes buffer code thread safe
o introduce 'Replicate' clause to explicitely set states to be replicated
o kill cache feature abuse: introduce nicer cache hooks for sync algorithms
o fix oversized buffer allocated in the stack in the cache functions
o add support to dump internal/external cache in XML format '-x'

version 0.9.2 (2006/01/17)
--------------------------
o remove spamming packet lost messages
o generalize network netlink sequence tracking 
o fix bogus error message on resync `-R'
o fix endianess issues in the network netlink message
o introduce generic netlink multicast primitives to send and receive
o fix bogus replayed multicast message due to sequence numbering wraparound
o introduce counter for malformed netlink messages received
o introduce a new syntax for the `Sync' section  in the configuration file
o several cleanups and remove unused variables
o add autostuff to include examples in the tarball (reported by Victor Lozano)
o use the new API available in libnetfilter_conntrack-0.0.50
o implement a NACK based protocol for replication

version 0.9.1 (2006/11/06)
--------------------------
o conntrackd requires kernel >= 2.6.18
o remove bogus TIMERS_MODE constant
o implement bulk mode '-B': first works to address the preemption issue
o fix minor reduction conflicts in the configfile grammar
o check for CAP_NET_ADMIN instead of requiring root privileges
o check that linux/capability.h exists
o fix formatting at dump statistics '-s'
o move dump traffic stats before multicast traffic stats
o move event and dump handler to a generic infrastructure: kill events.c file
o kill unused function inc_ct_stats
o kill file resync.h
o cleanup broadcast_sync: renamed to mcast_send_sync
o sed 's/perror/debug/g' local.c
o fix bogus increment of update_fail stats at dump stage
o display descriptive error if we can't connect to conntrackd via UNIX socket
o remove debugging message from alarm.c
o move dump_mcast_stats to mcast.c where it really belongs
o rename stats.c to traffic_stats.c
o check for replayed/lost multicast message: simple seq tracking w/o recovery
o reissue nfnl_catch on ENOENT error: a message for other subsystem
o remove test/ directory in tree
o improve cache commit stats
o kill last_commit and last_flush from cache statistics: use the logfile
o recover cache naming for dump stats `-s'
o display multicast sequence tracking statistics: packets lost and replayed
o zero ct_sync_state and ct_stats_state structures after allocation
o improve keepalived scripts:
   - resync with conntrack table on transition to master
   - send bulk on transition to backup
o implement alarm cascade of ten levels
o implement timer cache flavour: limited life of entries in the external cache
o implement a global lock that protects operation with conntrack entries
o remove debug checking in cache_del_entry
o set a reduced timeout for committed entries: 180 seconds by default
o update comments on the sync-mode code
o introduce delay destroy messages facility
o increase timer for external states from 60 to 180 seconds
o remove unused replicate/dont_replicated constants
o fix cache entry clashing issue (reported by Maik Hentsche)
o fix bogus increment of error stats in the external cache
o remove pollution generated by `[REQ] cache dump' message from logfile

version 0.9.0 (2006/09/17)
--------------------------
o implement initial for IPv6 (untested)
o implement generic extensible cache: kill the internal and external caches
o implement persistence cache feature
o implement lifetime cache feature
o modify UNIX facilities identification numbers:
  separate master conntrack facilities and internal plugin facilities
o break backward compatibility of configuration file:
  remove IgnoreLoopback, use IgnoreTrafficFor instead
  remove IgnoreMulticastTraffic, use IgnoreTrafficFor instead
o merge event/event_subsys and sync/sync_subsys initialization to run.c
o improve control of the iteration process in the hashtables
o fix wrong locking in the alarm thread
o supersede AcceptNAT by StripNAT clause
o replace ignore traffic array by a hashtable
o move lockfile checking before daemonization
o on initialization error give a descriptive error
o introduce netlink socket size grown limitator
o introduce force resync with master conntrack table facility '-R'
o ignore SIGPIPE signal
o kill post_step since it is not used anymore

version 0.8.3 (2006/09/03)
--------------------------
Author: Maik Hentsche <maik mm-double net>

o Fix typo in conntrackd -h
o Disable debugging messages by default
o No signals while signals handlings
o Add extra checkings at forking
o Check maximum size for file passed via -C

Author: Pablo Neira Ayuso <pablo netfilter org>

o retry select() if EINTR is returned (Reported by Maik Hentsche)
o Fix bug in slist_for_each_entry (Reported by Maik Hetsche)
o Signal handler registration done after intialization
o Implement alarm thread (based on Maik Hentsche's patch)
o Fix segfault on conntrackd -k (Reported by Maik Hentsche)
o Fix bug on alarm removal (Reported by Maik Hentsche)
o configure stops if bison, flex or yacc are not installed

version 0.8.2 (2006/07/05)
--------------------------
o RelaxTransitions clause introduced in Sync mode
o multicast messages sequence tracking
o SocketBufferSize clause to set up the netlink socket buffer
o use new libnfnetlink API to solve limitations of nfnl_listen
o extra sanity checkings for netlink multicast messages
o improve statistics
o tons of cleanups 8)

version 0.8.1 (2006/06/13)
--------------------------
o -f now just flushes the internal and external caches
o -F flushes the master conntrack table
o fix segfault under heavy load and signal received
o added -S mode for statistics: still needs more thinking

version 0.8.0 (2006/06/11)
--------------------------
o more work to generalize the daemon: now it's ready to implement
modular support for adaptive timers and conntrack statistics, time
to implement them ;). This is *still* a work in progress.

version 0.7.2 (2006/06/05)
--------------------------
o stupid bug in normal and alarm caches initialization: flush unset
o fix racy signal handling

version 0.7.1 (2006/06/05)
--------------------------
o Bugfix for multicast sockets communication

version 0.7 (2006/06/01)
------------------------
o Major code re-structuration: internal and external cache abstraction
o sequence tracking for event messages
o expect more changes, I still dislike some stuff in its current status ;)

version 0.6 (2006/05/31)
------------------------
o Lock file support
o use new API nfct_conntrack_event_raw
o major code clean ups

version 0.5 (2006/05/30)
-------------------------
o Fix multicast server binds to wrong interface
o Include clause `IgnoreProtocol', deprecates IgnoreUDP and IgnoreICMP

version 0.4 (2006/05/29)
------------------------
o Initial release