On Sat, 8 Mar 2008, Pablo Neira Ayuso wrote:
Hi!
Hi,
The netfilter project proudly presents another development release of the conntrack-tools. This release includes important improvements, new features and bugfixes:
<CUT> I attached two patches to fix two warnings about shadowed declarations. BTW: It seems there is somethig wrong with --dst-nat/--src-nat filtering: # conntrack -L --src-nat|wc -l;conntrack -L --src-nat=1.2.3.4|wc -l;conntrack -L --src-nat=244.244.244.244|wc -l 5010 5010 5010If I understand it properly "conntrack -L --src-nat=A.B.C.D" is supposed to show only connections snated to A.B.C.D, but as you can see it ignores this parameter and shows all snated connections.
From the other hand --dst-nat works in exactly opposite way: it filters out all connections, even matching ones.
Best regards, Krzysztof Olędzki
diff -Nur conntrack-tools-20080308-orig/include/network.h conntrack-tools-20080308/include/network.h --- conntrack-tools-20080308-orig/include/network.h 2008-01-23 13:30:36.000000000 +0100 +++ conntrack-tools-20080308/include/network.h 2008-03-08 17:39:56.000000000 +0100 @@ -61,7 +61,7 @@ struct mcast_conf; -int mcast_buffered_init(struct mcast_conf *conf); +int mcast_buffered_init(struct mcast_conf *mconf); void mcast_buffered_destroy(void); int mcast_buffered_send_netmsg(struct mcast_sock *m, void *data, size_t len); ssize_t mcast_buffered_pending_netmsg(struct mcast_sock *m);
diff -Nur conntrack-tools-20080308-orig/include/state_helper.h conntrack-tools-20080308/include/state_helper.h --- conntrack-tools-20080308-orig/include/state_helper.h 2008-03-08 17:50:11.000000000 +0100 +++ conntrack-tools-20080308/include/state_helper.h 2008-03-08 17:50:41.000000000 +0100 @@ -17,6 +17,6 @@ }; int state_helper_verdict(int type, struct nf_conntrack *ct); -void state_helper_register(struct state_replication_helper *h, int state); +void state_helper_register(struct state_replication_helper *h, int h_state); #endif
