[ANNOUNCE] conntrack-tools 0.9.9 released

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi!

The netfilter project proudly presents another development release of
the conntrack-tools. This release includes important updates, fixes and
improvements. See changelog for details.

Q: What are the conntrack-tools?
A: The conntrack-tools are:

- The userspace daemon so-called conntrackd that covers the specific
aspects of stateful Linux firewalls to enable high availability
solutions. It can be used as statistics collector of the firewall use as
well. The daemon is highly configurable and easily extensible.

- The command line interface (CLI) conntrack that provides an interface
to add, delete and update flow entries, list current active flows in
plain text/XML, current IPv4 NAT'ed flows, reset counters, and flush the
complete connection tracking table among many other.

Q: Where can I download it from?
A: http://www.netfilter.org/projects/conntrack-tools/downloads.html

Q: Where can I get more information about them?
A: http://conntrack-tools.netfilter.org

Q: Where can I have a look at the user manual?
A: http://conntrack-tools.netfilter.org/manual.html

Q: What are the main changes in this release?
A: The main changes in the conntrack command line interface are:
- filtering support for related connections (-L --status EXPECTED)
- several manpage updates
A: The main changes in the conntrackd user-space daemon are:
- new message format in the replication protocol (note that this breaks
backward compatibility with previous conntrack-tools releases)
- several performance improvements
- CIDR-based filtering support
- fixes and improvements in the state injection to kernel (aka. committing)
- several cleanups

On behalf of the Netfilter Project,
Pablo

Enjoy!

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers



Pablo Neira Ayuso (65):
      ftfw: rise the size of the acknowledgment window in the example
      conntrack: add missing -U in conntrack(8) manpage
      ftfw: add option `-v' to output debugging information (if any)
      ftfw: remove bottleneck in ack/nack handling
      network: remove message omission test-code
      network: add protocol version field (breaks backward compatibility)
      network: rework TLV-based protocol
      filter: use XOR instead of branches
      filter: use jhash2 instead of jhash for IPv6 addresses
      filter: remove useless branch in the check functions
      conntrack: --status should not be mandatory with -I
      filter: choose the filtering method via configuration file
      conntrack: cleanup command line tool protocol extensions
      build: add attribute header size to total attribute length
      filter: CIDR-based filtering support
      run: release fds structure in the exit path
      fds: remove unused array of file descriptors
      ftfw: remove useless ftfw_run invocation in the alive alarm handler
      src: move callbacks to run.c for better readability
      conntrack: do_parse_parameter show warning to stderr (not to stdout)
      conntrack: remove hardcoded buffer size, use sizeof instead
      conntrack: support diminutives for -L
      conntrack: move release options code to free_options()
      config: move `Checksum' inside `Multicast' clause
      network: make tx buffer initialization independent of mcast config
      manpage: add notice about conntrackd version incompatibilities
      conntrack: add new --status EXPECTED to filter expected connections
      manpage: add --status FIXED_TIMEOUT and EXPECTED
      build: do not include NTA_TIMEOUT in the replication messages
      netlink: clone conntrack object while creation/update
      netlink: use NFCT_Q_[CREATE|UPDATE] instead of NFCT_Q_CREATE_UPDATE
      netlink: constify conntrack object parameter of nl_*_conntrack()
      netlink: remove unnecessary whitespace lines in netlink.h
      netlink: unset ATTR_HELPER_NAME to avoid EBUSY in nl_update_conntrack()
      parse: fix missing master layer 4 protocol number assignation
      network: remove unused function mcast_send_netmsg()
      network: remove length parameter of mcast_buffered_send_netmsg()
      network: remove __do_send() function
      network: remove the netpld header from the messages
      network: fix data offset alignment returned by NTA_DATA macro
      parse: strict attribute size checking
      src: recover conntrackd -F operation
      run: better wait() error handling
      netlink: fix EILSEQ error messages due to process race condition
      cache_iterators: use a cloned object while resetting timers
      netlink: build TCP flags/mask only if this is a TCP connection
      netlink: conditional build of TCP flags/mask for updates
      netlink: do not build the reply tuple in update messages
      configure: conntrack-tools requires libnetfilter_conntrack 0.0.99
      network: use NET_T_* instead of NFCT_Q_*
      ftfw: do not check for data messages in tx_queue_xmit
      ftfw: resync messages can be retransmitted
      network: do more strict message type checking
      ftfw: shrink alive message size
      sync-mode: check if message type is >= NET_T_STATE_MAX before parsing
      src: cleanup, rename hashtable_test() by hashtable_find()
      cache: cleanup, rename __del2() by __del()
      netlink: log report initial netlink event socket buffer size
      doc: fix typo SocketBufferSizeMaxGrowth in example conffiles
      doc: document the netlink buffer size clauses
      doc: better documentation about ResendBufferSize
      doc: add note on McastSndSocketBuffer and McastRcvSocketBuffer
      netlink: fix type in warning message on SocketBufferSizeMaxGrowth
      automake: add missing cidr.h
      configure: bump version to 0.9.9


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux