conntrack-tools branch, vyatta/expect, updated. conntrack-tools-1.0.0-14-g12bb2fb

Pablo Neira Ayuso netfilter-cvslog-bounces at lists.netfilter.org
Mon Nov 14 22:49:38 CET 2011


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "conntrack-tools".

The branch, vyatta/expect has been updated
  discards  cb6ddb96bde73e0efad7481263fcc4e272ab8ebd (commit)
       via  12bb2fbacd2938dd18cfeef255d5cce802618888 (commit)
       via  d5f8011d7346d4920ced19f052b935fd93317587 (commit)

This update added new revisions after undoing existing revisions.  That is
to say, the old revision is not a strict subset of the new revision.  This
situation occurs when you --force push a change and generate a repository
containing something like this:

 * -- * -- B -- O -- O -- O (cb6ddb96bde73e0efad7481263fcc4e272ab8ebd)
            \
             N -- N -- N (12bb2fbacd2938dd18cfeef255d5cce802618888)

When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 12bb2fbacd2938dd18cfeef255d5cce802618888
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Thu Oct 27 13:01:40 2011 +0200

    conntrackd: initial support for expectations (incomplete!)
    
    This patch adds initial support to synchronize expectations.
    Note that *it is imcomplete*. Currently, it only adds and
    deletes the expectation in the internal cache:
    
    (term-1)$ sudo modprobe nf_conntrack_ftp
    (term-1)$ nc ftp.debian.org 21
    USER anonymous
    PASS
    PASV
    
    (Now switch to term-2)
    
    (term-2)# conntrackd -i exp
    300 proto=6 src=192.168.1.137 dst=130.89.149.226 sport=0 dport=52712 [active since 55s]
    
    You have to enable the expectation support in the configuration
    file with the following option:
    
    Sync {
    	...
    	Options {
    		ExpectationSync On
    	}
    }
    
    This patch includes the sync message building/parsing functions (not yet
    tested).
    
    Still needs to be implemented:
    - Initial dump of the expect table.
    - The direct injection.
    - Commit operation.
    - Flush operation.
    - User-space filtering.
    
    Among others.
    
    You'll have to get a fresh working copy of libnetfilter_conntrack,
    otherwise you'll hit one assertion in nfct_cmp().
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit d5f8011d7346d4920ced19f052b935fd93317587
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Mon Nov 14 22:48:22 2011 +0100

    conntrackd: simplify cache_get_extra function
    
    This patch simplifies cache_get_extra which now takes only one
    parameter that is the cache_object. With it, the extra area can be
    calculated.

-----------------------------------------------------------------------

Summary of changes:
 include/cache.h    |    2 +-
 src/cache.c        |    4 ++--
 src/sync-alarm.c   |    3 +--
 src/sync-ftfw.c    |    6 ++----
 src/sync-notrack.c |    6 ++----
 5 files changed, 8 insertions(+), 13 deletions(-)


hooks/post-receive
-- 
conntrack-tools



More information about the netfilter-cvslog mailing list