Release of libnfnetlink, libnfnetlink_conntrack and conntrack

Release of libnfnetlink, libnfnetlink_conntrack and conntrack

[Netfilter Core Team]

[-- Attachment #1: Type: text/plain, Size: 1662 bytes --]

Hi!

The netfilter project proudly presents:

	libnfnetlink-0.0.10
	libnfnetlink_conntrack-0.0.10
	conntrack-0.81

Each of those three releases is the first official release of the
respective project.  They're the counterparts to the first pieces of the
"next generation" netfilter subsystem that will be present in the 2.6.14
linux kernel release.

libnfnetlink
	is the low-level userspace library for nfnetlink based
	communication between the kernel-side netfilter and the
	userspace world.

libnfnetlink_conntrack
	is the librarry for userspace access to the in-kernel connection
	tracking table.

conntrack
	is a commandline program for listing, querying, deleting,
	updating entries in the connection tracking table.  It also
	supports real-time tracing of connection tracking state changes
	(conntrack events).

You can download the three releases from 
	ftp://ftp.netfilter.org/pub/libnfnetlink/libnfnetlink-0.0.10.tar.bz2
	ftp://ftp.netfilter.org/pub/libnfnetlink_conntrack/libnfnetlink_conntrack-0.0.10.tar.bz2
	ftp://ftp.netfilter.org/pub/conntrack/conntrack-0.81.tar.bz2

Happy firewalling,

	Harald Welte (for the Netfilter Core Team)

p.s.: expect some more news on libnfnetlink_log and libnfnetlink_queue
in the next couple of days(!)

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [ANNOUNCE] Release of libnfnetlink, libnfnetlink_conntrack and conntrack

[Pasi Kärkkäinen]

On Sat, Sep 24, 2005 at 11:54:13PM +0200, Netfilter Core Team wrote:
> Hi!
> 
> The netfilter project proudly presents:
> 
> 	libnfnetlink-0.0.10
> 	libnfnetlink_conntrack-0.0.10
> 	conntrack-0.81
> 
> Each of those three releases is the first official release of the
> respective project.  They're the counterparts to the first pieces of the
> "next generation" netfilter subsystem that will be present in the 2.6.14
> linux kernel release.
> 
> libnfnetlink
> 	is the low-level userspace library for nfnetlink based
> 	communication between the kernel-side netfilter and the
> 	userspace world.
> 
> libnfnetlink_conntrack
> 	is the librarry for userspace access to the in-kernel connection
> 	tracking table.
> 
> conntrack
> 	is a commandline program for listing, querying, deleting,
> 	updating entries in the connection tracking table.  It also
> 	supports real-time tracing of connection tracking state changes
> 	(conntrack events).
> 
> You can download the three releases from 
> 	ftp://ftp.netfilter.org/pub/libnfnetlink/libnfnetlink-0.0.10.tar.bz2
> 	ftp://ftp.netfilter.org/pub/libnfnetlink_conntrack/libnfnetlink_conntrack-0.0.10.tar.bz2
> 	ftp://ftp.netfilter.org/pub/conntrack/conntrack-0.81.tar.bz2
> 
> Happy firewalling,
> 
> 	Harald Welte (for the Netfilter Core Team)
>

Cool. 

These will be used for the future netfilter-ha / conntrack sync stuff?

- Pasi Kärkkäinen
 
> p.s.: expect some more news on libnfnetlink_log and libnfnetlink_queue
> in the next couple of days(!)
> 
> -- 
> - Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
> ============================================================================
>   "Fragmentation is like classful addressing -- an interesting early
>    architectural error that shows how much experimentation was going
>    on while IP was being designed."                    -- Paul Vixie

Re: [ANNOUNCE] Release of libnfnetlink, libnfnetlink_conntrack and conntrack

[Krzysztof Oledzki]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 868 bytes --]



On Sat, 24 Sep 2005, Netfilter Core Team wrote:

> Hi!
Hi,

> The netfilter project proudly presents:
>
> 	libnfnetlink-0.0.10
> 	libnfnetlink_conntrack-0.0.10
> 	conntrack-0.81

It seems that conntrack is not able to display properly counters 
for incoming packets:

# conntrack -L
tcp      6 431999 ESTABLISHED src=192.168.0.33 dst=192.168.11.74 sport=33328 dport=22 packets=2025 bytes=292027 src=192.168.11.74 dst=192.168.0.33 sport=22 dport=33328 packets=0 bytes=0 [ASSURED] mark=0 use=1 id=42

# cat /proc/net/ip_conntrack
tcp      6 431999 ESTABLISHED src=192.168.0.33 dst=192.168.11.74 sport=33328 dport=22 packets=3106 bytes=218222 src=192.168.11.74 dst=192.168.0.33 sport=22 dport=33328 packets=2015 bytes=290691 [ASSURED] mark=0 use=1

BTW: Is it possible to use "id" to delete a conntrack?

Best regards,


 			Krzysztof Olędzki

conntrack display problem [Was Re: [ANNOUNCE] Release of libnfnetlink, libnfnetlink_conntrack and conntrack]

[Pablo Neira]

Krzysztof Oledzki wrote:
> It seems that conntrack is not able to display properly counters for 
> incoming packets:
> 
> # conntrack -L
> tcp      6 431999 ESTABLISHED src=192.168.0.33 dst=192.168.11.74 
> sport=33328 dport=22 packets=2025 bytes=292027 src=192.168.11.74 
> dst=192.168.0.33 sport=22 dport=33328 packets=0 bytes=0 [ASSURED] mark=0 
> use=1 id=42
> 
> # cat /proc/net/ip_conntrack
> tcp      6 431999 ESTABLISHED src=192.168.0.33 dst=192.168.11.74 
> sport=33328 dport=22 packets=3106 bytes=218222 src=192.168.11.74 
> dst=192.168.0.33 sport=22 dport=33328 packets=2015 bytes=290691 
> [ASSURED] mark=0 use=1

Already fixed, please check SVN.

> BTW: Is it possible to use "id" to delete a conntrack?

Not yet but it will be soon. Then it could be possible to use the id 
together with one of the tuples (original or reply) to kill conntracks.

--
Pablo

Re: [ANNOUNCE] Release of libnfnetlink, libnfnetlink_conntrack and conntrack

[Krzysztof Oledzki]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 346 bytes --]



On Sat, 24 Sep 2005, Netfilter Core Team wrote:

> Hi!
>
> The netfilter project proudly presents:
>
> 	libnfnetlink-0.0.10
> 	libnfnetlink_conntrack-0.0.10
> 	conntrack-0.81


What such errors mean?

nfnl_parse_attr: deficit (4) len (43200).

nfnl_parse_attr: deficit (2) len (35072).

Best regards,

 			Krzysztof Olędzki

Re: [ANNOUNCE] Release of libnfnetlink, libnfnetlink_conntrack and conntrack

[Pablo Neira]

Krzysztof Oledzki wrote:
> What such errors mean?
> 
> nfnl_parse_attr: deficit (4) len (43200).
> 
> nfnl_parse_attr: deficit (2) len (35072).

This is due to a wrong calculation of the minimum message size. It is
fixed in SVN.

--
Pablo

Re: [ANNOUNCE] Release of libnfnetlink, libnfnetlink_conntrack and conntrack

[Krzysztof Oledzki]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 452 bytes --]



On Mon, 17 Oct 2005, Pablo Neira wrote:

> Krzysztof Oledzki wrote:
>> What such errors mean?
>> 
>> nfnl_parse_attr: deficit (4) len (43200).
>> 
>> nfnl_parse_attr: deficit (2) len (35072).
>
> This is due to a wrong calculation of the minimum message size. It is
> fixed in SVN.

OK! :) Thank you. When are you going to relase new versions of 
libnfnetlink/libnfnetlink_conntrack/conntrack?

Best regards,

 			Krzysztof Olędzki