Pablo Neira Ayuso wrote:
= Overview =
Following the lastest successful workshop in Sevilla, Andalusia, Spain
in september 2005. We are happy to announce the next edition in the
workshop series. This year the event will be hosted in Karlsruhe,
Germany from October 11th to 14th, 2007
Hi!
The netfilter project proudly presents libnetfilter_conntrack-0.0.75
libnetfilter_conntrack is a userspace library providing a programming
interface (API) to the in-kernel connection tracking state table.
You can download it from:
: if conntrack exists, update it
- local requests return EXIT_FAILURE if it can't connect to the daemon
- remove several debug statements
- fork when internal/external dump and commit requests are received
- lots of cleanups
[Pablo Neira Ayuso]
libnetfilter_conntrack 0.0.82
==
Changes from 0.0.81:
- add support for TCP flags
[Pablo Neira Ayuso]
- Fix big-endian issues with getters
[Philip Craig]
of the Netfilter Project)
--
Los honestos son inadaptados sociales -- Les Luthiers
Jan Engelhardt (1):
The second, deprecated, form of `AM_INIT_AUTOMAKE' has two required
Pablo Neira Ayuso (5):
recover the nested bit as now it is fully supported in kernel space.
major cleanup
Hi!
The netfilter project proudly presents:
* ulogd 2.0.0beta2
ulogd is a userspace logging daemon for netfilter/iptables related
logging. This includes per-packet logging of security violations,
per-packet logging for accounting purpose as well as per-flow logging.
ulogd comes in two
://ftp.netfilter.org/pub/libnfnetlink/
Enjoy,
Pablo - on behalf of the Netfilter Project.
--
Los honestos son inadaptados sociales -- Les Luthiers
Eric Leblond (1):
Suppress iftable_up function which is not used.
Jan Engelhardt (1):
libnfnetlink: mark functions as extern C
Pablo Neira
honestos son inadaptados sociales -- Les Luthiers
Pablo Neira Ayuso (2):
nfnl: allow disabling and enabling sequence tracking
nfnl: tag nfnl_talk() and nfnl_listen() as deprecated
in nflog_close().
Suppress reference to libnetfilter_queue which is the model of
libnetfilter_log.
Suppress NFULNL_MSG_CONFIG callback registration.
Pablo Neira Ayuso (2):
nflog: replace nfnl_talk by nfnl_query and disable sequence tracking
build: bump version to 0.0.16
Pablo Neira Ayuso wrote:
Hi!
The netfilter project proudly presents:
* libnetfilter_queue-0.0.17
libnetfilter_queue is a userspace library providing an API to packets
that have been queued by the kernel packet filter. It is is part of a
system that deprecates the old ip_queue
AC_CONFIG_MACRO_DIR
build: update configure.ac
Pablo Neira Ayuso (4):
doc: update ulogd man-page
NFCT: remove unused constant NFLOG_RMEM_DEFAULT
add ukey_* function for key assignation
build: bump version to 2.00beta3
Pierre Chifflier (13):
hwhdr: fix segfault
of the Netfilter Project,
Pablo.
--
Los honestos son inadaptados sociales -- Les Luthiers
Jan Engelhardt (1):
build: add m4 directory
Pablo Neira Ayuso (25):
src: fix compilation issue in gentoo due to missing include limits.h
doc: fix broken link to ulogd2 in the manual
address variable
iptables: print negation extrapositioned
Merge commit 'v1.4.3'
Merge branch 'plus'
CLASSIFY: document non-standard interpretation behavior
libxt_conntrack: properly output negation symbol
Pablo Neira Ayuso (1):
build: bump version to 1.4.3.2
/projects/libmnl/doxygen/
You can download it via FTP at:
ftp://ftp.netfilter.org/pub/libmnl
Enjoy!
Jan Engelhardt (1):
include: add missing unistd.h
Pablo Neira Ayuso (5):
examples: fix wrong group mask number in nfct-event
doc: add new website at netfilter.org to doxygen
AC_CONFIG_AUX_DIR and stash away tools
build: disable implicit .tar.gz archive generation and use POSIX mode
Jiri Popelka (1):
conntrack: objopt: NO_EFFECT
Pablo Neira Ayuso (20):
build: Linux kernel-style for compilation messages
doc: fix missing nfct_copy function not included
: Returns the position the entry was inserted
Maciej Żenczykowski (1):
src: mark newly opened fds as FD_CLOEXEC (close on exec)
Pablo Neira Ayuso (7):
Revert libiptc: Returns the position the entry was inserted
extensions: add nfacct match
Bump version to 1.4.13
Patrick McHardy
for each expectation event, too
Pablo Neira Ayuso (34):
conntrackd: generalize caching infrastructure
conntrackd: generalize external handlers to prepare expectation support
conntrackd: generalize/cleanup network message building/parsing
conntrackd: generalize local handler actions
was almost entirely written by Harald Welte, with contributions
from fellow hackers such as Pablo Neira Ayuso, Eric Leblond and Pierre
Chifflier.
ulogd-2.x requires several libraries:
* libnfnetlink that provides basic communication infrastructure via
Netlink.
* libmnl that provides basic
://ftp.netfilter.org/pub/conntrack-tools/
Have fun!
Jan Engelhardt (1):
update .gitignore
Pablo Neira Ayuso (7):
conntrackd: simplify TCP connection handling logic
conntrackd: fix compilation in src/parse.c
doc: fix documentation on ExpectationSync and H.323 helper
conntrackd: add
context structure nft_ctx
src: add --check option flag
parser: fix typo
src: add stateful object support for limit
tests: py: add tests for limit stateful object
Pablo Neira Ayuso (65):
include: fetch nf_tables.h updates
src: remove SET_F_* flag definitions
ana (1):
expr: hash: support of symmetric hash
Liping Zhang (1):
src: ct: add average bytes per packet counter support
Manuel Messner (1):
src: add TCP option matching requirements
Pablo M. Bermudo Garay (1):
src: limit stateful object support
Pablo Neira Ayuso (11):
or named limits
tests/monitor: Print error "this requires root" and exit
evaluate: print error for null string
tests/py: add test for empty string match
Pablo M. Bermudo Garay (1):
src: do not print limit keyword inside object definition
Pablo Neira Ayuso (9):
fwd statements
Harsha Sharma (1):
tests: shell: fetch rule handle with '-a' option and then delete rule
Pablo M. Bermudo Garay (1):
update gitignore
Pablo Neira Ayuso (4):
Revert ("src: Remove xt_stmt_() functions").
src: add 'auto-merge' option to sets
netlink_del
mp6: xlate: remove leftover space
xtables-translate: fix double space before comment
xtables-compat-restore: fix several memory leaks
xtables-compat: fix memory leak when listing
Pablo Neira Ayuso (7):
libxt_hashlimit: add new unit test to catch kernel bug
iptables
with clang
Harsha Sharma (1):
tests: change char * pointer to constant (const char *)
Pablo Neira Ayuso (2):
data_reg: calm down compilation warning in
nftnl_data_reg_value_json_parse()
build: libnftnl 1.0.9 release
Phil Sutter (7):
expr: Introduce nftnl_expr_fprintf
on current kernels
Lucas Stach (1):
xtables-legacy: add missing config.h include
Pablo Neira Ayuso (19):
nft: add type field to builtin_table
nft: move chain_cache back to struct nft_handle
nft: move initialize to struct nft_handle
xtables: constify struct bui
Florian Westphal (2):
set_elem: close a padding hole
src: libnftnl: export genid functions again
Laura Garcia Liebana (2):
Revert "expr: add map lookups for numgen statements"
Revert "expr: add map lookups for hash statements"
Pablo Neira Ayuso (
):
src: add synproxy support
Florian Westphal (1):
udata: fix sigbus crash on sparc
Laura Garcia Liebana (1):
src: enable set expiration date for set elements
Pablo Neira Ayuso (2):
include: resync nf_tables.h cache copy
build: libnftnl 1.1.4 release
Phil Sutter (1
support for matching ICMP type and code
ebt_ip: add support for matching IGMP type
Pablo Neira Ayuso (1):
build: ebtables 2.0.11 release
Pedro Alvarez (1):
Add kernel headers needed from v3.16
Petri Gynther (1):
fix compilation warning
Phil Sutter (11):
Use flock
overflows reported by static analysis
Jesper Dangaard Brouer (3):
Add man pages for arptables-{save,restore}
arptables: install man pages
arptables: add missing long option --set-counters and update documentation
Jonh Wendell (1):
build an libarptc.a archive
Pablo Neira Ayuso
expr: meta: Make NFT_DYNSET_OP_DELETE known
Eric Jallot (1):
flowtable: add support for handle attribute
Fernando Fernandez Mancera (1):
src: synproxy stateful object support
Manuel Messner (1):
flowtable: Fix symbol export for clang
Pablo Neira Ayuso (4):
flowtable
On Mon, Dec 02, 2019 at 08:30:25PM +0100, Jan Engelhardt wrote:
> On Monday 2019-12-02 16:33, Pablo Neira Ayuso wrote:
>
> >You can download it from:
> >
> >ftp://ftp.netfilter.org/pub/ebtables/
>
> There is a file called ebtables-2.0.11.tar.bz2 in there, but th
message.
include: update nf_tables.h.
bitwise: add support for passing mask and xor via registers.
Pablo Neira Ayuso (12):
include: typo in object.h C++ wrapper
udata: add NFTNL_UDATA_SET_*TYPEOF* definitions
udata: support for TLV attribute nesting
src: add
the handles of unknown rules in "nft monitor trace"
Pablo Neira Ayuso (53):
include: add nf_tables_compat.h to tarballs
build: nftables 0.9.3 depends on libnftnl 1.1.5
segtree: don't remove nul-root element from interval set
proto: add proto_desc_id enumeration
applications.
See ChangeLog that comes attached to this email for more details.
You can download it from:
http://www.netfilter.org/projects/libnftnl/downloads.html
ftp://ftp.netfilter.org/pub/libnftnl/
Happy firewalling.
Pablo Neira Ayuso (9):
qa: test_api: skip synproxy attributes in comparator
IPv6 destination address not usable (Bug 1378)
Jose M. Guisado Gomez (1):
src: fix strncpy -Wstringop-truncation warnings
Michal Kubecek (2):
conntrackd: use correct max unix path length
conntrackd: cthelper: Add new SLP helper
Pablo Neira Ayuso (8):
build: use -Wno-sign
NFTNL_UDATA_SET_COMMENT
table: add userdata support
object: add userdata and comment support
chain: add userdata and comment support
Pablo Neira Ayuso (6):
src: add support for chain ID attribute
examples: unbreak nft-set-elem-del
expr: socket: add wildcard support
expr
rt for set declarations
src: add comment support when adding tables
src: add comment support for objects
parser_bison: fail when specifying multiple comments
src: add comment support for chains
Pablo Neira Ayuso (45):
src: Allow for empty set variable definition
Hi everyone,
The Netfilter coreteam PGP key 0xAB4655A126D292E4 expired on
November 17th, 2020. Hence, we have generated a new PGP key
0xD55D978A8A1420E4. For more information, please visit:
https://www.netfilter.org/about.html#gpg
In accordance with good key management practices, we have also
ugs and feature request, file them via:
* https://bugzilla.netfilter.org
Have fun.
Fabrice Fontaine (1):
main: fix build with gcc <= 4.8
Pablo Neira Ayuso (8):
evaluate: missing datatype definition in implicit_set_declaration()
evaluate: remove superfluous check in set_ev
.1q
Pablo Neira Ayuso (32):
segtree: broken error reporting with mappings
parser_bison: proper ct timeout list initialization
src: NAT support for intervals in maps
include: resync nf_nat.h kernel header
src: add netmap support
src: add STMT_NAT_F_CONCAT f
Hi,
Kernel.org already disabled FTP years ago [1]:
"... we're thinking it's time to terminate another service that has
important protocol and security implications -- our FTP servers."
So netfilter.org will also be shutting down FTP services by
June 12th 2020.
As an alternative, you can
for more details.
You can download it from:
http://www.netfilter.org/projects/libnftnl/downloads.html
ftp://ftp.netfilter.org/pub/libnftnl/
Have fun.
Pablo Neira Ayuso (5):
udata: add NFTNL_UDATA_SET_DATA_INTERVAL
expr: objref: add nftnl_expr_objref_free() to release object name
expr
g native syntax
monitor: add assignment check for json_echo
monitor: fix formatting of if statements
Pablo Neira Ayuso (19):
tests: shell: exercise validation with nft -c
parser_bison: allow to restore limit from dynamic set
mnl: reply netlink error message might
for more details.
You can download it from:
https://www.netfilter.org/projects/libnftnl/downloads.html
Happy firewalling.
Jeremy Sowden (1):
bitwise: improve formatting of registers in bitwise dumps.
Pablo Neira Ayuso (5):
src: add NFTNL_SET_ELEM_EXPRESSIONS
src: add
for more details.
You can download it from:
http://www.netfilter.org/projects/libnftnl/downloads.html
https://www.netfilter.org/pub/libnftnl/
Have fun!
Pablo Neira Ayuso (4):
table: add table owner support
src: incorrect header refers to GPLv2 only
expr: socket: add cgroups v2 support
load to flowtable
Jan Engelhardt (1):
files: move example files away from /etc
Laura Garcia Liebana (1):
parser: allow to load stateful ct connlimit elements in sets
Marco Oliverio (1):
cache: check errno before invoking cache_release()
Pablo Neira Ayuso (62):
evaluate: disallow ct o
new queue flag input format
src: queue: allow use of arbitrary queue expressions
tests: extend queue testcases for new sreg support
src: queue: allow use of MAP statement for queue number retrieval
netlink_delinarize: don't check for set element if set is not populated
Kerin Mill
new `limit_bytes` rule
parser: add `limit_rate_pkts` and `limit_rate_bytes` rules
parser: extend limit syntax
Lukas Wunner (2):
tests: py: Move netdev-specific tests to appropriate subdirectory
src: Support netdev egress hook
Pablo Neira Ayuso (54):
src: queue: consolidate queue
for more details.
You can download it from:
https://www.netfilter.org/projects/libnftnl/downloads.html
https://www.netfilter.org/pub/libnftnl/
Happy firewalling.
Pablo Neira Ayuso (8):
include: update nf_tables.h
expr: add last match time support
expr: missing netlink attribute in last
):
configure: add --without-ipulog option to disable libipulog build
Natanael Copa (1):
include: Add include needed for integer type definition.
Pablo Neira Ayuso (4):
build: missing internal.h in Makefile.am
utils: nfulnl_test: call nflog_get_*() before printing field
tore more than one payload dependency
tests: py: remove redundant payload expressions
tests: shell: remove redundant payload expressions
Pablo Neira Ayuso (30):
cache: do not skip populating anonymous set with -t
mnl: different signedness compilation warning
cli: remove
The netfilter project announces a settlement with Patrick McHardy.
This settlement is legally binding and it governs any legal enforcement
activities concerning all programs and program libraries published by
the netfilter/iptables project on its website [1] as well as the Linux
kernel [2].
read_config_yy: correct `yyerror` prototype
read_config_yy: correct arguments passed to `inet_aton`
Pablo Neira Ayuso (8):
build: conntrack-tools requires libnetfilter_conntrack >= 1.0.9
conntrack: do not silence EEXIST error, use NLM_F_EXCL
conntrack: unbreak -U comm
datatypes
Nicolas Cavallari (1):
icmpv6: Allow matching target address in NS/NA, redirect and MLD
Pablo Neira Ayuso (33):
meta: stash context statement length when generating payload/meta
dependency
update INSTALL file
tests: shell: extend implicit chain map with flus
ler warning in date_type_parse()
Martin Gignac (1):
tests: py: Add meta time tests without 'meta' keyword
Pablo Neira Ayuso (34):
examples: compile with `make check' and add AM_CPPFLAGS
optimize: fix vmap with anonymous sets
optimize: more robust statement merge with
man(8) nft.
In case of bugs and feature request, file them via:
* https://bugzilla.netfilter.org
Happy firewalling.
Pablo Neira Ayuso (5):
optimize: segfault when releasing unsupported statement
tests: shell: sets_with_ifnames release netns on exit
evaluate: reset ctx->set
for more details.
You can download it from:
https://www.netfilter.org/projects/libnftnl/downloads.html
Happy firewalling.
Florian Westphal (1):
exthdr: tcp option reset support
Pablo Neira Ayuso (2):
set_elem: missing export symbol
build: libnftnl 1.2.2 release
Hi,
We are pleased to announce a new round in the Netfilter workshop series.
This year this event will take place from October 20 to October 21, 2022.
The event will be held at Zevenet [1] facilities in Mairena del Aljarafe,
Seville, Spain.
The Netfilter Workshop (NFWS) is the premier event
Vinson (1):
build: fix clang+glibc snprintf substitution error
Pablo Neira Ayuso (1):
build: libnftnl 1.2.3 release
oto: support DF, LE PHB, VA for DSCP
Pablo Neira Ayuso (38):
tests: shell: runtime set element automerge
rule: collapse set element commands
intervals: do not report exact overlaps for new elements
intervals: do not empty cache for maps
optimize: do not compare relat
log packet and conntrack
Pablo Neira Ayuso (6):
build: missing ipfix.h header when running make distcheck
output: SQLITE3: improve mapping of fields to DB columns
output: JSON: fix possible truncation of socket path
output: JSON: remove bogus check for host and port
output: G
ion of unclosed intervals containing address
prefixes
doc, src: make some spelling and grammatical improvements
Michael Braun (1):
concat with dynamically sized fields like vlan id
Pablo Neira Ayuso (31):
optimize: merging concatenation is unsupported
optimize: check for mer
a9de9777d613500b089a7416f936bf3ae5f070d2
Author: Pablo Neira Ayuso
Date: Fri Aug 28 21:01:43 2015 +0200
netfilter: nfnetlink: work around wrong endianess in res_id field
Old Linux kernel versions <= 4.9 might break without the above
kernel patch since libnftnl >= 1.2.4.
See Cha
On Wed, Nov 02, 2022 at 12:51:34PM +0100, Jan Engelhardt wrote:
>
> On Wednesday 2022-11-02 11:22, Pablo Neira Ayuso wrote:
> >
> >You can download it from:
> >
> >https://www.netfilter.org/projects/ulogd/downloads.html
>
> The git repo is still missing the 2.
On Thu, Mar 09, 2023 at 08:54:47PM +0100, Pablo Neira Ayuso wrote:
> Hi!
>
> The Netfilter project proudly presents:
>
> libnftnl 1.2.5
>
> libnftnl is a userspace library providing a low-level netlink
> programming interface (API) to the in-kernel nf_tables s
of the set element
user data area and the removal of an internal function without any
clients.
See ChangeLog that comes attached to this email for more details on
the updates.
You can download it from:
https://www.netfilter.org/projects/libnftnl/downloads.html
Happy firewalling.
Pablo Neira Ayuso (5
ts in mark statements
src: fix a couple of typo's in comments
Máté Eckl (1):
src: Update copyright header to GPLv2+ in socket.c
Pablo Neira Ayuso (43):
evaluate: fix shift exponent underflow in concatenation evaluation
ct: use inet_service_type for proto-src and proto-
ChangeLog that comes attached to this email for more details on
the updates.
You can download it from:
https://www.netfilter.org/projects/libnftnl/downloads.html
Happy firewalling.
Pablo Neira Ayuso (1):
build: libnftnl 1.2.6 release
Sriram Yagnaraman (1):
expr: meta: introduce broute meta
on output
Jeremy Sowden (9):
evaluate: insert byte-order conversions for expressions between 9 and 15
bits
evaluate: don't eval unary arguments
tests: py: add test-cases for ct and packet mark payload expressions
tests: shell: rename and move bitwise test-cases
tests:
Hi Jan,
On Mon, Jul 17, 2023 at 10:09:09AM +0200, Jan Engelhardt wrote:
>
> On Tuesday 2023-07-11 18:58, Pablo Neira Ayuso wrote:
> >The Netfilter project proudly presents:
> >libnftnl 1.2.6
>
> Something is off here.
> With 1.2.5 I had:
>
> /usr/lib/
Hi!
Thanks to Eric Leblond and Arturo Borrero who have now become emeritus
members of the coreteam.
Eric Leblond joined the coreteam in 2012 for his continuous
contributions to the project since 2005 with a particular interest in
the nfnetlink_* subsystems that allow to send packets and logs to
72 matches
Mail list logo
