[conntrack-tools] delay the closure of the dump descriptor to fix assertion with cache_wt
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Mon Jun 2 17:32:56 CEST 2008
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=88ec0bca76a82468c9c4c330b533d476e5a7c7d0
at 88ec0bca76a82468c9c4c330b533d476e5a7c7d0 (tag)
tagging 2a838790b8a545e95841cb216a7623b3d9560bce (commit)
replaces svn_t_conntrack-tools-0.9.6
tagged by Pablo Neira Ayuso
on Sat May 31 17:37:36 2008 +0200
- Log -----------------------------------------------------------------
conntrack-tools 0.9.7 release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQBIQXDKQYf4ZS0Jh+YRArJQAJ4mLG/t5Sm4SXQmXqR+jWnmaR7LEwCcDlKs
QCuxwk6mJnfiMKMZMdKodeM=
=ozKD
-----END PGP SIGNATURE-----
/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo at netfilter.org (21):
remove .svn from doc/ in tarballs (reported by Gilad Benjamini)
Pablo Neira Ayuso <pablo at netfilter.org>:
Krzysztof Oledzki <ole at ans.pl>:
add missing libct_proto_icmpv6.c
fix minor compilation issue in amd64 with gcc4.3 (reported by Daniel Schepler
fix compilation in ARM (reported by Thiemo Seufer via Max Kellermann)
fix asymmetric path support (still some open concerns)
improve netlink overrun handling
update manpages with the new URL
o simplify parameter-handling code
This is a major improvement of the conntrack command line tool:
add initial automated qa testing for the conntrack cli
check for pkg-config before anything (fix bogus missing libraries failure)
relax parameter checking for UDP and TCP
fix conntrack -U -p tcp [...]
o fix NAT filtering via --src-nat and --dst-nat (reported by K.Oledzki)
minor update of the manpages
add more verbose error notification when the injection of a conntrack fails
rework of the FT-FW approach
Fix reorder possible reordering of destroy messages under message omission. This patch introduces the TimeoutDestroy clause to determine how long a conntrack remains in the internal cache once it has been destroy from the kernel table.
minor fix of the manpage (Max Wilhelm)
Pablo Neira Ayuso (16):
- remove (misleading) counters and use information from the statistics mode
improve network message sanity checkings
add Mcast[Snd|Rcv]SocketBuffer clauses to tune multicast socket buffers
Updates (-U) show the effect of the operation in the conntrack entry
check for missing IPv6 address before hashing
only allow the use of --secmark for listing (filtering)
add flex version warning (better with >= 2.5.33)
add eventfd emulation to communicate receiver -> sender
add best effort replication protocol (aka NOTRACK)
rework the HELLO logic inside FT-FW
fix leak in cache_destroy(): release objects before destroying the cache
remove secmark support for conntrackd
fix make distcheck
define SO_[RCV|SND]BUFFORCE if not set
increase deletion stats when the timer is scheduled in cache_del_timeout()
delay the closure of the dump descriptor to fix assertion with cache_wt
-----------------------------------------------------------------------
More information about the netfilter-cvslog
mailing list