conntrack-tools branch, master, updated. conntrack-tools-0.9.14-33-g5bec6c7
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Wed Jul 7 14:44:28 CEST 2010
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "conntrack-tools".
The branch, master has been updated
via 5bec6c7dbc3bafd5befa60381d2e6b743b7b4b98 (commit)
via a5c2a83f907a6a82912165bf2ef67ded13e84bc1 (commit)
via 5fe142121d73e7e261f9da532288f1857d25897b (commit)
from 3562ca2e16cac2af2ac6f344ba462b40a05d370f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5bec6c7dbc3bafd5befa60381d2e6b743b7b4b98
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed Jul 7 14:42:22 2010 +0200
conntrackd: setup event reliability after handler creation
This patch enables the event reliability in an early stage of the
event handler initialization.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit a5c2a83f907a6a82912165bf2ef67ded13e84bc1
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Thu Dec 31 19:10:41 2009 +0100
conntrackd: open event handler once cache has been populated
With this patch, we open the event handler once the internal
cache (if any) is populated. This reduces the chances of a
possible premature overrun if we lauch conntrackd in a busy
firewall. However, we may still start with an internal cache
that may differ a bit from the once in the kernel.
This patch has no impact in setups where conntrackd is started
in a spare firewall.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 5fe142121d73e7e261f9da532288f1857d25897b
Author: Mohit Mehta <mohit.mehta at vyatta.com>
Date: Wed Jul 7 12:39:48 2010 +0200
conntrackd: enforce strict logic for NetlinkBufferSize[*] clauses
- NetlinkBufferSize value passed to the kernel gets doubled [see SO_RCVBUF
in net/core/sock.c]; it's halved now before it gets sent to the kernel.
This ensures that daemon starts up with a netlink socket buffer size
equal to the value set for NetlinkBufferSize in configuration file.
- Previously, netlink socket buffer size would only stop increasing after
it had increased beyond NetlinkBufferSizeMaxGrowth value. With this commit
netlink socket buffer size increases as long as it is less than or
equal to NetlinkBufferSizeMaxGrowth value.
Signed-off-by: Mohit Mehta <mohit.mehta at vyatta.com>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
Summary of changes:
src/netlink.c | 59 +++++++++++++++++++++++++++++++-------------------------
src/run.c | 31 +++++++++++++++++------------
2 files changed, 51 insertions(+), 39 deletions(-)
hooks/post-receive
--
conntrack-tools
More information about the netfilter-cvslog
mailing list