conntrack-tools branch, expect/vyatta, updated. conntrack-tools-1.0.0-13-gbbb18ea

Pablo Neira Ayuso netfilter-cvslog-bounces at lists.netfilter.org
Wed Nov 16 01:31:58 CET 2011


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "conntrack-tools".

The branch, expect/vyatta has been updated
  discards  4fa2c6cf983120010717ace8c512dbf3ff2e2aec (commit)
       via  bbb18ea30440edfa802da423afeddf1e6509f616 (commit)

This update added new revisions after undoing existing revisions.  That is
to say, the old revision is not a strict subset of the new revision.  This
situation occurs when you --force push a change and generate a repository
containing something like this:

 * -- * -- B -- O -- O -- O (4fa2c6cf983120010717ace8c512dbf3ff2e2aec)
            \
             N -- N -- N (bbb18ea30440edfa802da423afeddf1e6509f616)

When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit bbb18ea30440edfa802da423afeddf1e6509f616
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Thu Oct 27 13:01:40 2011 +0200

    conntrackd: initial support for expectations (incomplete!)
    
    This patch adds initial support to synchronize expectations.
    Note that *it is imcomplete*. Currently, it only adds and
    deletes the expectation in the internal cache:
    
    (term-1)$ sudo modprobe nf_conntrack_ftp
    (term-1)$ nc ftp.debian.org 21
    USER anonymous
    PASS
    PASV
    
    (Now switch to term-2)
    
    (term-2)# conntrackd -i exp
    300 proto=6 src=192.168.1.137 dst=130.89.149.226 sport=0 dport=52712 [active since 55s]
    
    You have to enable the expectation support in the configuration
    file with the following option:
    
    Sync {
    	...
    	Options {
    		ExpectationSync On
    	}
    }
    
    This patch includes the sync message building/parsing functions (not yet
    tested).
    
    Still needs to be implemented:
    - Initial dump of the expect table.
    - The direct injection.
    - Commit operation.
    - Flush operation.
    - User-space filtering.
    
    Among others.
    
    You'll have to get a fresh working copy of libnetfilter_conntrack,
    otherwise you'll hit one assertion in nfct_cmp().
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

Summary of changes:
 src/sync-mode.c |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
conntrack-tools



More information about the netfilter-cvslog mailing list