* [ANNOUNCE] conntrack-tools 1.4.7 release
@ 2022-10-06 15:07 Phil Sutter
0 siblings, 0 replies; only message in thread
From: Phil Sutter @ 2022-10-06 15:07 UTC (permalink / raw)
To: netfilter-announce; +Cc: netfilter, netfilter-devel, lwn
[-- Attachment #1: Type: text/plain, Size: 2442 bytes --]
Hi!
The Netfilter project proudly presents:
conntrack-tools 1.4.7
This release contains new features:
* IPS_HW_OFFLOAD flag specifies that a conntrack entry has been
offloaded into the hardware
* 'clash_resolve' and 'chaintoolong' stats counters
* Default to unspec family if '-f' flag is absent to improve support for
dual-stack setups
* Support filtering events by IP address family
* Support flushing per IP address family
* Add "save" output format representing data in conntrack parameters
* Support loading conntrack commands from a batch file, e.g. generated
by "save" output format
* Annotate portid in events by the program name (if found)
* Accept yes/no as synonyms to on/off in conntrackd.conf
* Support user space helper auto-loading upon daemon startup, relieving
users from manual 'nfct add helper' calls
* Filter dumps by status on kernel side if possible
* Accept to filter for any status other than SEEN_REPLY using
'UNREPLIED'
* Use libmnl internally
* Reuse netlink socket for improved performance with bulk CT entry loads
* Remove '-o userspace' flag and always tag user space triggered events
* Introduce '-A' command, a variant of '-I' which does not fail if the
entry exists already
... and fixes:
* ICMP entry creation would fail when reply data was specified
* Sync zone value also
* Log external inject problems as warning only
* Endianness bug parsing IP addresses
* Ignore conntrack ID when looking up cache entries to allow for stuck
old ones to be replaced eventually
* Broken parsing of IPv6 M-SEARCH requests in ssdp cthelper
* Eliminate the need for lazy binding in nfct
* Fix for use of unknown protocol values
* Sanitize protocol value parsing, catch illegal values
* Ensure unknown protocol values are included in '-o save' dumps
... and documentation updates:
* Fixed examples in manual
* Refer to nf_conntrack sysctl instead of the deprecated ip_conntrack
one
* Misc updates to the manual
* Add an older example script creating an active-active setup using the
cluster match
You can download the new release from:
https://netfilter.org/projects/conntrack-tools/downloads.html#conntrack-tools-1.4.7
To build the code, updated libnetfilter_conntrack 1.0.9 is required:
https://netfilter.org/projects/libnetfilter_conntrack/downloads.html#libnetfilter_conntrack-1.0.9
In case of bugs and feature requests, file them via:
* https://bugzilla.netfilter.org
Happy firewalling!
[-- Attachment #2: changes-conntrack-tools-1.4.7.txt --]
[-- Type: text/plain, Size: 5268 bytes --]
Aaron Thompson (1):
conntrackd: cthelper: ssdp: Fix parsing of IPv6 M-SEARCH requests.
Adam Casella (1):
conntrackd: cache: fix zone entry uniqueness in external cache
Arturo Borrero Gonzalez (8):
.gitignore: add nano swap file
conntrackd: external_inject: report inject issues as warning
conntrackd: introduce yes & no config values
tests: introduce new python-based framework for running tests
tests: introduce some basic testcases for the new conntrack-tools
testing framework
tests: introduce replicating scenario and simple icmp test case
tests: conntrackd: add testcase for missing hashtable buckets and max
entries
tests: conntrackd: silence sysctl
Florian Westphal (8):
conntrack: add support for CLASH_RESOLVED counter
conntrack: pretty-print the portid
conntrack: enable kernel-based status filtering with -L -u STATUS
conntrack: add shorthand mnemonic for UNREPLIED
conntrack: add support for chaintoolong stat counter
conntrack: fix compiler warnings
conntrack: remove -o userspace
conntrack: unbreak event mode
Jeremy Sowden (9):
build: remove commented-out macros from configure.ac
build: quote AC_INIT arguments
build: replace `AM_PROG_LIBTOOL` and `AC_DISABLE_STATIC` with
`LT_INIT`
build: remove yacc-generated header from EXTRA_DIST
build: clean yacc- and lex-generated files with maintainer-clean
build: fix dependency-tracking of yacc-generated header
build: only require bison and flex if the generated files do not exist
build: remove MAINTAINERCLEANFILES
build: replace `AM_PROG_LEX` with `AC_PROG_LEX`
Mikhail Sennikovsky (20):
tests: icmp entry create/delete
conntrack: fix icmp entry creation
conntrack: implement save output format
conntrack.8: man update for opts format support
conntrack: accept commands from file
conntrack.8: man update for --load-file support
tests: saving and loading ct entries, save format
tests: conntrack -L/-D ip family filtering
tests/conntrack: script for stress-testing ct load
conntrack: pass sock to nfct_mnl_*() functions
conntrack: use libmnl for updating conntrack table
conntrack: use libmnl for ct entries deletion
conntrack: use libmnl for flushing conntrack table
conntrack: use same modifier socket for bulk ops
conntrack: set reply l4 proto for unknown protocol
conntrack: fix protocol number parsing
conntrack: fix -o save dump for unknown protocols
conntrack: generalize command parsing
conntrack: use C99 initializer syntax for option map
conntrack: introduce new -A command
Pablo Neira Ayuso (44):
conntrack: add support for the IPS_HW_OFFLOAD flag
conntrack: add a few more tests
doc: manual: fix conntrack examples
doc: manual: refer to nf_conntrack sysctl
doc: manual: general documentation revamp
conntrack: default to unspec family for dualstack setups
conntrack: allow to filter event by family
conntrack: allow to flush per family
conntrackd: add ip netns test script
conntrack: add struct ct_cmd
conntrack: add struct ct_tmpl
conntrack: add do_command_ct()
tests: conntrackd: move basic netns scenario setup to shell script
conntrackd: set default hashtable buckets and max entries if not
specified
conntrack: pass command object to callbacks
conntrack: pass ct_cmd to nfct_filter_init()
conntrack: pass cmd to nfct_filter()
conntrack: pass cmd to filter nat, mark and network functions
conntrack: move options flag to ct_cmd object
conntrack: add function to print command stats
conntrack: release options after parsing
conntrackd: fix endianness bug in IPv4 and IPv6 address
conntrackd: cthelper: Set up userspace helpers when daemon starts
doc: manual: Document userspace helper configuration at daemon startup
conntrackd: cthelper: fix overlapping queue numbers in example file
src: conntrackd: add #include <linux/netfilter/nfnetlink_queue.h>
doc: add cluster match script
conntrackd: do not include conntrack ID in hashtable cmp
conntrack: pass filter_dump object to nfct_mnl_dump()
conntrack: enhance mnl_nfct_dump_cb()
conntrack: use libmnl for listing conntrack table
conntrack: add nfct_mnl_talk() and nfct_mnl_recv() helper functions
conntrack: add netlink flags to nfct_mnl_nlmsghdr_put()
conntrack: use libmnl to create entry
conntrack: rename nfct_mnl_recv() to __nfct_mnl_dump()
conntrack: add nfct_mnl_request()
nfct: remove lazy binding
conntrack: consolidate socket open call
conntrackd: build: always add ports to sync message
conntrack: pass command object to nfct_mnl_request()
conntrack: update CT_GET to use libmnl
conntrack: update manpage with new -A command
conntrack: use IPPROTO_RAW
conntrack: slightly simplify parse_proto_num() by using strtoul()
Phil Sutter (9):
hash: Flush tables when destroying
cache: Fix features array allocation
Fix potential buffer overrun in snprintf() calls
helpers: ftp: Avoid ugly casts
read_config_yy: Drop extra argument from dlog() call
Don't call exit() from signal handler
Drop pointless assignments
connntrack: Fix for memleak when parsing -j arg
local: Avoid sockaddr_un::sun_path buffer overflow
Yi Yang (1):
conntrack: fix zone sync issue
Štěpán Němec (1):
conntrack.8: minor copy edit
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-10-06 15:08 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-06 15:07 [ANNOUNCE] conntrack-tools 1.4.7 release Phil Sutter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).