search for: nfct

https://bugzilla.netfilter.org/show_bug.cgi?id=990 Bug ID: 990 Summary: nfct segfault in nfct_helper_free Product: libnetfilter_cthelper Version: unspecified Hardware: x86_64 OS: SuSE Linux Status: NEW Severity: normal Priority: P5 Component: libnetfilter_cthelper Assignee: pa...

...es attached to this email for more details. You can download it from: http://www.netfilter.org/projects/conntrack-tools/downloads.html ftp://ftp.netfilter.org/pub/conntrack-tools/ Have fun! -------------- next part -------------- Arturo Borrero (2): man: fix hyphen used as minus sign nfct: don't link against libnetfilter_conntrack Arturo Borrero Gonzalez (2): list: fix prefetch dummy doc/debian.conntrackd.init.d: drop file Ash Hughes (1): conntrackd: userspace SSDP helper Chas Williams III (1): cthelper: don't pass up a 0 length queue Clemence Fau...

Hi! The Netfilter project proudly presents: conntrack-tools 1.2.0 This release is a major milestone that includes support for expectation synchronization and the new nfct utility that, by now, only supports the new cttimeout infrastructure. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/conntrack-tools/downloads.html ftp://ftp.netfilter.org/pub/conntrack-tools/ Have fun! -------------...

...ted-printable diff -urN linux-2.4.19-pre6.orig/include/linux/skbuff.h linux-2.4.19-pre6-n= f-01/include/linux/skbuff.h --- linux-2.4.19-pre6.orig/include/linux/skbuff.h Sun Apr 7 15:27:29 2002 +++ linux-2.4.19-pre6-nf-01/include/linux/skbuff.h Fri Apr 12 00:52:31 2002 @@ -1144,6 +1144,17 @@ if (nfct) atomic_inc(&nfct->master->use); } +static inline struct nf_ct_info * +skb_nf_ct(struct sk_buff *skb) +{ + return skb->nfct; +} +#else +static inline struct nf_ct_info * +skb_nf_ct(struct sk_buff *skb) +{ + return NULL; +} #endif =20 #endif /* __KERNEL__ */ diff -urN linux-2.4.19...

...-------- next part -------------- Bj?rn L?ssig (2): build: use pkglibdir instead of pkglibexecdir for automake doc: add documentation for SIGUSR2 Eric Leblond (8): Mysql schema: fix delimiter Mysql schema: fix procedure declaration ulogd.conf: fix mysql definition for NFCT autoconf: fix sqlite configure description message. HWHDR: Fix various crashes DB output: fix crash in SIGHUP handling pcap: fix build on some recent x86_64 platform pcap: add file option to configuration file Harald Welte (1): ulogd2 / DBI / table name Jan And...

...6300kbit hfsc,classify ifb0 - 6300kbit hfsc eth1 tcclasses: #INTERFACE MARK RATE(:DMAX:UMAX) CEIL PRIORITY OPTIONS ifb0:110 - full/4:50 full/2 1 tcp-ack,tos-minimize-delay ifb0:130 - full/2 full*9/10 3 flow=nfct-dst ifb0:140 - full/4 full*9/10 4 default,flow=nfct-dst eth1:110 - full/4:50 full/2 1 tcp-ack,tos-minimize-delay eth1:120 - full*3/4 full*9/10 2 default,flow=nfct-src After upgrading I was getting this message in my log: Nov 14 13:42:42...

...2 tcp-ack $MID_IF:130 - 20*full/100 95*full/100 3 default $MID_IF:140 - 15*full/100 85*full/100 4 $MID_IF:150 - 10*full/100 85*full/100 5 $INET1_IF:110 - 30*full/100 95*full/100 1 flow=nfct-src $INET1_IF:120 - 20*full/100 85*full/100 2 flow=nfct-src,tcp-ack $INET1_IF:130 - 20*full/100 75*full/100 3 flow=nfct-src,default $INET1_IF:140 - 15*full/100 45*full/100 4 flow=nfct-src $INET1_IF:150 -...

I''m havign a HUGE amount of difficulty getting shoreline to work with LVS. We use it here constantly so we know it works. The problem is packets come in, get directed to a webserver, webserver returns the packet to firewall, and then it goes into a black hole. rp_filter is off globally on all interfaces. LVS seems to be working right.... I use shorewall tcrules to mark packets on

...al bugfixes and support for the new cttimeout infrastructure. This allows you to attach specific timeout policies to flow via iptables CT target. The following example shows the usage of this new infrastructure in a couple of steps: 1) Create a timeout policy with name `custom-tcp-policy1': nfct timeout add custom-tcp-policy1 inet tcp established 200 2) Attach it to traffic going from 1.1.1.1 to 2.2.2.2 iptables -I PREROUTING -t raw -s 1.1.1.1 -d 2.2.2.2 -p tcp \ -j CT --timeout custom-tcp-policy1 The new nfct resides in the conntrack-tools tree. By now, this new utility only su...

...ado Gomez (1): src: fix strncpy -Wstringop-truncation warnings Michal Kubecek (2): conntrackd: use correct max unix path length conntrackd: cthelper: Add new SLP helper Pablo Neira Ayuso (8): build: use -Wno-sign-compare with autogenerated flex code conntrack: extend nfct_mnl_socket_open() to use it to handle events conntrack: use libmnl for conntrack events conntrack: add -o userspace option to tag user-triggered events conntrackd: use strncpy() to unix path conntrack: support for IPS_OFFLOAD conntrackd: incorrect filtering of Address...

http://bugzilla.netfilter.org/show_bug.cgi?id=586 Summary: Problems changing the source address of a packet Product: libnetfilter_queue Version: unspecified Platform: All OS/Version: All Status: NEW Severity: blocker Priority: P1 Component: libnetfilter_queue AssignedTo: laforge at netfilter.org

Hi, Hi, I get an error with TC Simple. System: shorewall 4.5.6.2 kernel 3.5.3 iptables 1.4.13 xtables 1.45 iproute2 3.5.1 OS: gentoo/linux amd64 when shorewall executes this command: tc filter add dev eth0 protocol all prio 1 parent 1011: handle 1011 flow hash keys nfct-src divisor 1024 It fails with this error: RTNETLINK answers: No such file or directory We have an error talking to the kernel All modules mentioned in http://www.shorewall.net/FAQ.htm#TC are loaded With empty tcinterfaces it gets no error. Content of tcinterfaces: #INTERFACE T...

...RKSFORME ------- Comment #3 from eric at inl.fr 2009-12-14 20:31 ------- With latest git tree, I did not manage to reproduce the problem. For the record, I've used the following stack: stack=log1:NFLOG,base1:BASE,mark1:MARK,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU stack=ct1:NFCT,mark1:MARK,op1:OPRINT -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...r is stopped ulogd -c /etc/ulogd.conf --uid ulogd Fatal error, check logfile "/var/log/ulogd/ulogd.log". yoda:~ # cat /var/log/ulogd/ulogd.log Mon Mar 14 15:39:20 2011 <5> ulogd.c:372 registering plugin `NFLOG' Mon Mar 14 15:39:20 2011 <5> ulogd.c:372 registering plugin `NFCT' Mon Mar 14 15:39:20 2011 <5> ulogd.c:372 registering plugin `IFINDEX' Mon Mar 14 15:39:20 2011 <5> ulogd.c:372 registering plugin `IP2STR' Mon Mar 14 15:39:20 2011 <5> ulogd.c:372 registering plugin `IP2BIN' Mon Mar 14 15:39:20 2011 <5> ulogd.c:372 registeri...

...conntrack: mnl: fix parsing payload len conntrack: remove duplicate code qa: update cmp ATTR_ZONE size mark and zone conntrack: api: add two new bitmask functions qa: add tests for new bitmask functions doc: fix symbol name typo in comment qa: build unshared nfct environment conntrack: add mark event filter qa: add test for mark event filter conntrack: fix stop timestamp assignment Pablo Neira Ayuso (3): src: fix documentation regarding nfct_catch() and nfexp_catch() build: bump version to 1.0.5 qa: Keep ct_echo_event an...

...s is working here. # iptables-save # Generated by iptables-save v1.6.0 on Tue Feb 16 20:59:25 2016 *raw :PREROUTING ACCEPT [6:406] :OUTPUT ACCEPT [5:268] -A PREROUTING -p tcp -m tcp --dport 1416 -j CT --timeout test-tcp-2 -A PREROUTING -p tcp -m tcp --dport 1414 -j CT --timeout test-tcp COMMIT # nfct list timeout .test-tcp = { .l3proto = 2, .l4proto = 6, .policy = { .SYN_SENT = 120, .SYN_RECV = 60, .ESTABLISHED = 100, .FIN_WAIT = 120, .CLOSE_WAIT = 10, .LAST_ACK = 30,...

http://bugzilla.netfilter.org/show_bug.cgi?id=591 Summary: NAT REDIRECT target does not always work Product: netfilter/iptables Version: unspecified Platform: i386 OS/Version: Debian GNU/Linux Status: NEW Severity: major Priority: P1 Component: NAT AssignedTo: laforge at netfilter.org

...traffic on an interface! To use the ''flow'' classifier, you specify ''flow=<keys>'' in the OPTIONS column of an HTB leaf class (one that has no sub-classes). I recommend that you use the following: Shaping internet-bound traffic flow=nfct-src Shaping traffic bound for your local net flow=dst These will cause a ''flow'' to consists of the traffic to/from each internal system. 2) In order to generalize support for learning the gateway for dynamic interfaces, a new...

http://bugzilla.netfilter.org/show_bug.cgi?id=789 Summary: ulog_ct loses outputentries Product: ulogd Version: SVN (please provide timestamp) Platform: i386 OS/Version: Debian GNU/Linux Status: NEW Severity: major Priority: P5 Component: ulogd AssignedTo: netfilter-buglog at lists.netfilter.org

...sp bfbb1e20 error 4 in ulogd[8048000+6000] hmmm. valgrind won't run on this kern. ulogd logged this every time; nothing more init never completed. Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `NFLOG' Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `NFCT' Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `IFINDEX' Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `IP2STR' Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `IP2BIN' Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registeri...