[ANNOUNCE] conntrack-tools 1.4.6

Pablo Neira Ayuso pablo at netfilter.org
Wed Apr 1 19:43:39 CEST 2020


The Netfilter project proudly presents:

        conntrack-tools 1.4.6

The conntrack-tools are a set of tools targeted at system
administrators. They are conntrack, the userspace command line
interface, and conntrackd, the userspace daemon. The tool conntrack
provides a full featured interface that is intended to replace the old
/proc/net/ip_conntrack interface. Using conntrack, you can view and
manage the in-kernel connection tracking state table from userspace.
On the other hand, conntrackd covers the specific aspects of stateful
firewalls to enable highly available scenarios, and can be used as
statistics collector as well.

See ChangeLog that comes attached to this email for more details.

You can download it from:


Happy firewalling.
-------------- next part --------------
Arturo Borrero Gonzalez (2):
      conntrackd.conf.8: fix state filter example
      docs: refresh references to /proc/net/core/rmem_default

Ash Hughes (2):
      conntrackd: search for RPC headers
      conntrackd: Use strdup in lexer

Brian Haley (1):
      conntrack: Allow protocol number zero

Jan-Martin Raemer (1):
      conntrackd: UDP IPv6 destination address not usable (Bug 1378)

Jose M. Guisado Gomez (1):
      src: fix strncpy -Wstringop-truncation warnings

Michal Kubecek (2):
      conntrackd: use correct max unix path length
      conntrackd: cthelper: Add new SLP helper

Pablo Neira Ayuso (8):
      build: use -Wno-sign-compare with autogenerated flex code
      conntrack: extend nfct_mnl_socket_open() to use it to handle events
      conntrack: use libmnl for conntrack events
      conntrack: add -o userspace option to tag user-triggered events
      conntrackd: use strncpy() to unix path
      conntrack: support for IPS_OFFLOAD
      conntrackd: incorrect filtering of Address with cidr /0
      conntrack-tools 1.4.6 release

Phil Sutter (7):
      conntrackd: helpers: dhcpv6: Fix potential array overrun
      nfct: Drop dead code in nfct_timeout_parse_params()
      src: Fix for implicit-fallthrough warnings
      conntrack: Fix CIDR to mask conversion on Big Endian
      nfct: helper: Fix NFCTH_ATTR_PROTO_L4NUM size
      Makefile.am: Use ${} instead of @...@
      helpers: Fix for warning when compiling against libtirpc

Robin Geuze (2):
      sync-notrack: Apply userspace filter on resync with internal cache disabled
      conntrackd: Fix "Address Accept" filter case

Ronald Wahl (1):
      conntrack: -f family filter does not work

Simon Kirby (1):
      sync-mode: Also cancel flush timer in ALL_FLUSH_CACHE

More information about the netfilter-announce mailing list