problem with conntrack utility and kernel 2.6.14
Pablo Neira
pablo at eurodev.net
Mon Oct 31 05:41:59 CET 2005
Hi,
JFYI, I just commited the following changes to libconntrack_netfilter:
o Replace misleading flag NFCT_ANY_GROUP by NFCT_ALL_GROUPS
o Update test file to use NFCT_ALL_GROUPS
o Add missing check of CTA_PROTOINFO_TCP that resulted in a segfault in
conjuction with events
o Fix ICMP conntracks output
o Add missing prototype definition of nfct_default_expect_display_id in
libnetfilter_conntrack.h
and the following to conntrack:
o Replace misleading message "Not enough memory" by "Can't open handler"
o New option -i for expectation dumping: conntrack -L expect [-i]
o sed 's/VERSION/CONNTRACK_VERSION/g'
o Fix nfct_open flags, now uses NFCT_ALL_GROUPS when needed
o Bumped version to 0.94
AFAIK these fix the problems concerned with the dumping. The problem
wasn't 64 bits arch specific at all, actually the matter was that I
required some fast hardware to reproduce them that I don't have. Thanks
to Deti Fiegl for providing me such fast hardware via SSH to reproduce
the bugs ;)
I've been giving some testing to the conntrack tool and seems to work
fine under big stress situation. If you spot any other bug, please let
me know. I'm willing to do the first 1.0 official as soon as people
don't complain about bugs.
--
Pablo
More information about the netfilter-devel
mailing list