[ANNOUNCE] conntrack-tools 0.9.8 released

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi!

The netfilter project proudly presents another development release of
the conntrack-tools. This release includes important updates, fixes and
improvements. Moreover, a new user manual has been released,
contributions to improve are welcome! Detailed changelog is attached.

What are the conntrack-tools?

- The userspace daemon so-called conntrackd that covers the specific
aspects of stateful Linux firewalls to enable high availability
solutions. It can be used as statistics collector of the firewall use as
well. The daemon is highly configurable and easily extensible.

- The command line interface (CLI) conntrack that provides an interface
to add, delete and update flow entries, list current active flows in
plain text/XML, current IPv4 NAT'ed flows, reset counters, and flush the
complete connection tracking table among many other.

Where can I download it from?

http://www.netfilter.org/projects/conntrack-tools/downloads.html

Where can I get more information about them?

http://people.netfilter.org/pablo/conntrack-tools/

Where can I have a look at the new user manual?

http://people.netfilter.org/pablo/conntrack-tools/install.html

On behalf of the Netfilter Project,
Pablo

Enjoy!

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers


Albin Tonerre (1):
      fix unsecure usage of printf and include limits.h (PATH_MAX and INT_MAX)
 
Pablo Neira Ayuso (63):
      check if entries already exist in kernel before injection
      do not include Changelog in tarballs, use git shortlog instead
      use only the original tuple to check if a conntrack is present
      fix xml output: wrap output with one root element
      Major rework of the user-space event filtering
      add support for kernel-space filtering via BSF
      log: syslog displays the entry that triggers the error
      filter: skip protocol state filtering if state not present
      conntrack: add new option --buffer-size for -E
      add more sanity checks in the input path
      commit: retry at least once if we hit ETIME or ENOMEM
      fix: use %zu instead of %u for size_t
      cleanup: remove obsolete clause Replicate in the example conffiles
      fix: wrong information related to default logging action
      fix: wrong use of timersub in cache_timer
      fix broken normal deletion in caches
      ftfw: show consistent information to users for problem diagnosing
      doc: remove duplicated example files
      script: rework scripts that enable interaction with keepalived
      conntrackd: add -t option to shorten conntrack timeouts
      fix missing updates in the example files
      script: fix broken if branches
      cache_iterators: do not report ENOENT in cache_reset_timers
      script: yet another minor fix
      netlink: add getter and check existence functions
      cache iterators: rework cache_reset_timers
      cache iterators: commit master entries before related ones
      netlink: avoid errors related to the expected bit handling
      conntrack: remove duplicated optarg checking
      conntrack: remove unrequired \n in error message
      conntrack: check for missing arguments in getopt_long
      conntrack: insert `conntrack-tools' string in help and error messages
      compilation: relax too strict warning checking
      ftfw: check for malformed ack and nack messages
      filter: fix NAT detection tweak
      cleanup: Linux kernel version checking
      filter: check if kernel-space filtering is available
      cleanup: remove some debug messages from sync-ftfw.c
      config: use /var/run to create the UNIX socket file
      fix: remove node from tx_list when the state-entry is destroy
      ftfw: fix race that triggers a double insertion into tx_list
      ftfw: fix race condition in the helloing routine
      ftfw: reset window and flush the resend queue during helloing
      conntrack: cleanup for the update path
      conntrack: cleanup XML header handling
      conntrack: fix mark-based filtering for event display
      conntrack: fix filtering for unsupported protocol
      conntrack: fix dump counter displayed with -L expect
      manual: add initial user manual
      doc: update INSTALL file
      conntrack: cleanup for NAT filtering
      cache: fix update of scheduled-to-timeout entries
      cache-iterators: improve committing
      config: fix usage of 'PurgeTimeout' in Sync NOTRACK
      notrack: fix double receival of resync requests
      doc: rise default size of the hashtable in the example file
      netlink: report when kernel-space event filtering is in use
      filter: fix segfault if the Filter clause is unused
      cache: use jhash2 instead of double jhash+jhash_2words
      filter: do not filter in user-space if kernel supports BSF
      doc: remove example about CacheWriteTrough
      doc: update conntrackd manpage
      conntrackd: add missing information on -t to the help
      conntrackd: bump version to 0.9.8


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux