conntrack-tools branch, master, updated. conntrack-tools-0.9.14-33-g5bec6c7

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Wed Jul 7 14:44:28 CEST 2010 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "conntrack-tools".

The branch, master has been updated
       via  5bec6c7dbc3bafd5befa60381d2e6b743b7b4b98 (commit)
       via  a5c2a83f907a6a82912165bf2ef67ded13e84bc1 (commit)
       via  5fe142121d73e7e261f9da532288f1857d25897b (commit)
      from  3562ca2e16cac2af2ac6f344ba462b40a05d370f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5bec6c7dbc3bafd5befa60381d2e6b743b7b4b98
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Wed Jul 7 14:42:22 2010 +0200

    conntrackd: setup event reliability after handler creation
    
    This patch enables the event reliability in an early stage of the
    event handler initialization.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit a5c2a83f907a6a82912165bf2ef67ded13e84bc1
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Thu Dec 31 19:10:41 2009 +0100

    conntrackd: open event handler once cache has been populated
    
    With this patch, we open the event handler once the internal
    cache (if any) is populated. This reduces the chances of a
    possible premature overrun if we lauch conntrackd in a busy
    firewall. However, we may still start with an internal cache
    that may differ a bit from the once in the kernel.
    
    This patch has no impact in setups where conntrackd is started
    in a spare firewall.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit 5fe142121d73e7e261f9da532288f1857d25897b
Author: Mohit Mehta <mohit.mehta at vyatta.com>
Date:   Wed Jul 7 12:39:48 2010 +0200

    conntrackd: enforce strict logic for NetlinkBufferSize[*] clauses
    
    - NetlinkBufferSize value passed to the kernel gets doubled [see SO_RCVBUF
      in net/core/sock.c]; it's halved now before it gets sent to the kernel.
      This ensures that daemon starts up with a netlink socket buffer size
      equal to the value set for NetlinkBufferSize in configuration file.
    
    - Previously, netlink socket buffer size would only stop increasing after
      it had increased beyond NetlinkBufferSizeMaxGrowth value. With this commit
      netlink socket buffer size increases as long as it is less than or
     equal to NetlinkBufferSizeMaxGrowth value.
    
    Signed-off-by: Mohit Mehta <mohit.mehta at vyatta.com>
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

Summary of changes:
 src/netlink.c |   59 +++++++++++++++++++++++++++++++-------------------------
 src/run.c     |   31 +++++++++++++++++------------
 2 files changed, 51 insertions(+), 39 deletions(-)


hooks/post-receive
-- 
conntrack-tools

More information about the netfilter-cvslog mailing list