conntrack-tools branch, expect/vyatta, created. conntrack-tools-1.0.0-13-gdfeb3a7
Pablo Neira Ayuso
netfilter-cvslog-bounces at lists.netfilter.org
Tue Nov 15 11:54:47 CET 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "conntrack-tools".
The branch, expect/vyatta has been created
at dfeb3a70cf1356fb014620011e43202f9444892f (commit)
- Log -----------------------------------------------------------------
commit dfeb3a70cf1356fb014620011e43202f9444892f
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Thu Oct 27 13:01:40 2011 +0200
conntrackd: initial support for expectations (incomplete!)
This patch adds initial support to synchronize expectations.
Note that *it is imcomplete*. Currently, it only adds and
deletes the expectation in the internal cache:
(term-1)$ sudo modprobe nf_conntrack_ftp
(term-1)$ nc ftp.debian.org 21
USER anonymous
PASS
PASV
(Now switch to term-2)
(term-2)# conntrackd -i exp
300 proto=6 src=192.168.1.137 dst=130.89.149.226 sport=0 dport=52712 [active since 55s]
You have to enable the expectation support in the configuration
file with the following option:
Sync {
...
Options {
ExpectationSync On
}
}
This patch includes the sync message building/parsing functions (not yet
tested).
Still needs to be implemented:
- Initial dump of the expect table.
- The direct injection.
- Commit operation.
- Flush operation.
- User-space filtering.
Among others.
You'll have to get a fresh working copy of libnetfilter_conntrack,
otherwise you'll hit one assertion in nfct_cmp().
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 38a41950ac807e4d79928e9d1b4a70b7fe508e59
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Mon Nov 14 22:48:22 2011 +0100
conntrackd: simplify cache_get_extra function
This patch simplifies cache_get_extra which now takes only one
parameter that is the cache_object. With it, the extra area can be
calculated.
commit 9a644c42532a1c8a46cb7a2e731606c696f33b61
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Thu Oct 27 12:18:34 2011 +0200
conntrackd: generalize local handler actions
This patch prepares the introduction of actions with the expectation
table. Mostly renamings.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit dfbefbeffa44f5fc7eb8d2f556e3a94c2c05c595
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed Oct 26 12:54:13 2011 +0200
conntrackd: generalize/cleanup network message building/parsing
This patch generalizes the network message building and parsing
to prepare the upcoming expectation support.
Basically, it renames:
- NET_T_STATE_* by NET_T_STATE_CT_*, as I plan to add NET_T_STATE_EXP_*
- BUILD_NETMSG by BUILD_NETMSG_FROM_CT, and build_payload by ct2msg.
I plan to add exp2msg.
- parse_payload by msg2ct, since I plan to add msg2exp.
- object_status_to_network_type by ct_object_status_to_network_type, as
we will have exp_object_status_to_network_type at some point.
- add prefix ct_ to all parsing functions in parse.c, as we will have
similar functions to convert messages to expectation objects.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 7205363caff342918eb3bf165a9d0a8c4f42c652
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Thu Oct 27 12:04:50 2011 +0200
conntrackd: generalize external handlers to prepare expectation support
This patch contains cleanups to prepare the expectation support for
external handlers. Mostly renamings.
I have also updated the file headers to include Vyatta in the copyright
statement.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 6965380d7df0f5da5153672649b65bed967d2e02
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Mon Oct 24 12:16:02 2011 +0200
conntrackd: generalize caching infrastructure
This patch generalizes the caching infrastructure to store different
object types. This patch is the first in the series to prepare
support for the synchronization of expectations.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
hooks/post-receive
--
conntrack-tools
More information about the netfilter-cvslog
mailing list