conntrack-tools branch, vyatta/expect, updated. conntrack-tools-1.0.0-13-gcb6ddb9
Pablo Neira Ayuso
netfilter-cvslog-bounces at lists.netfilter.org
Mon Nov 14 22:42:29 CET 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "conntrack-tools".
The branch, vyatta/expect has been updated
discards cb4f58ded0eb5338c242d646dbbe0e2f79599171 (commit)
discards b8ecd120c74c3b6778bb63996ecdc3e5e2770df6 (commit)
discards 15c1191629a2a0e987ffd79d1d489c683acfbaef (commit)
via cb6ddb96bde73e0efad7481263fcc4e272ab8ebd (commit)
via 2c108a07eba210478c18296f5ebcc4d8c99d1b70 (commit)
via ec103537fe1dc166492ede1aafcc928398fa7aac (commit)
This update added new revisions after undoing existing revisions. That is
to say, the old revision is not a strict subset of the new revision. This
situation occurs when you --force push a change and generate a repository
containing something like this:
* -- * -- B -- O -- O -- O (cb4f58ded0eb5338c242d646dbbe0e2f79599171)
\
N -- N -- N (cb6ddb96bde73e0efad7481263fcc4e272ab8ebd)
When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit cb6ddb96bde73e0efad7481263fcc4e272ab8ebd
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Thu Oct 27 13:01:40 2011 +0200
conntrackd: initial support for expectations (incomplete!)
This patch adds initial support to synchronize expectations.
Note that *it is imcomplete*. Currently, it only adds and
deletes the expectation in the internal cache:
(term-1)$ sudo modprobe nf_conntrack_ftp
(term-1)$ nc ftp.debian.org 21
USER anonymous
PASS
PASV
(Now switch to term-2)
(term-2)# conntrackd -i exp
300 proto=6 src=192.168.1.137 dst=130.89.149.226 sport=0 dport=52712 [active since 55s]
You have to enable the expectation support in the configuration
file with the following option:
Sync {
...
Options {
ExpectationSync On
}
}
This patch includes the sync message building/parsing functions (not yet
tested).
Still needs to be implemented:
- Initial dump of the expect table.
- The direct injection.
- Commit operation.
- Flush operation.
- User-space filtering.
Among others.
You'll have to get a fresh working copy of libnetfilter_conntrack,
otherwise you'll hit one assertion in nfct_cmp().
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 2c108a07eba210478c18296f5ebcc4d8c99d1b70
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Thu Oct 27 12:18:34 2011 +0200
conntrackd: generalize local handler actions
This patch prepares the introduction of actions with the expectation
table. Mostly renamings.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit ec103537fe1dc166492ede1aafcc928398fa7aac
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed Oct 26 12:54:13 2011 +0200
conntrackd: generalize/cleanup network message building/parsing
This patch generalizes the network message building and parsing
to prepare the upcoming expectation support.
Basically, it renames:
- NET_T_STATE_* by NET_T_STATE_CT_*, as I plan to add NET_T_STATE_EXP_*
- BUILD_NETMSG by BUILD_NETMSG_FROM_CT, and build_payload by ct2msg.
I plan to add exp2msg.
- parse_payload by msg2ct, since I plan to add msg2exp.
- object_status_to_network_type by ct_object_status_to_network_type, as
we will have exp_object_status_to_network_type at some point.
- add prefix ct_ to all parsing functions in parse.c, as we will have
similar functions to convert messages to expectation objects.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
Summary of changes:
include/network.h | 18 +++++
src/build.c | 170 +++++++++++++++++++++++++++++++++++++++-----------
src/parse.c | 178 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
src/sync-mode.c | 37 +++++++++++
4 files changed, 363 insertions(+), 40 deletions(-)
hooks/post-receive
--
conntrack-tools
More information about the netfilter-cvslog
mailing list