* [ANNOUNCE] libnetfilter_conntrack 1.0.9 release
@ 2022-02-14 11:44 Florian Westphal
0 siblings, 0 replies; only message in thread
From: Florian Westphal @ 2022-02-14 11:44 UTC (permalink / raw)
To: netfilter-devel; +Cc: netfilter, netfilter-announce, lwn
[-- Attachment #1: Type: text/plain, Size: 1147 bytes --]
Hi!
The Netfilter project proudly presents:
libnetfilter_conntrack 1.0.9
This release comes with the new nfct_nlmsg_build_filter() function that
allows to add metadata for kernel-side filtering of conntrack entries
during conntrack table dump.
The nfct_query() API supports the new NFCT_Q_FLUSH_FILTER argument,
it allows to flush only ipv4 or ipv6 entries from the connection
tracking table.
nfct_snprint family of functions have been updated.
SCTP conntrack entries now support 'heartbeat sent/acked' state.
Entries offloaded to hardware include '[HW_OFFLOAD]' in the formatted
output string.
Notable bugs fixed with this release include:
Fix buffer overflows and out-of-bounds accesses in the
nfct_snprintf() functions.
nfct_nlmsg_build() did not work for ICMP flows unless all ICMP attributes
were set in the reply tuple too, this affected the 'conntrack' tool
where updates (e.g. setting the conntrack mark to a different value)
of ICMP flows would not work.
See ChangeLog that comes attached to this email for more details.
You can download it from:
https://www.netfilter.org/projects/libnetfilter_conntrack/downloads.html
[-- Attachment #2: changes-libnetfilter_conntrack-1.0.9.txt --]
[-- Type: text/plain, Size: 1893 bytes --]
Daniel Gröber (9):
src: Handle negative snprintf return values properly
src: Fix nfexp_snprintf return value docs
conntrack: Replace strncpy with snprintf to improve null byte handling
conntrack: Fix incorrect snprintf size calculation
include: Add ARRAY_SIZE() macro
conntrack: Fix buffer overflow on invalid icmp type in setters
conntrack: Move icmp request>reply type mapping to common file
conntrack: Fix buffer overflow in protocol related snprintf functions
conntrack: Fix buffer overflows in __snprintf_protoinfo* like in *2str fns
Eyal Birger (1):
examples: check return value of nfct_nlmsg_build()
Fabrice Fontaine (1):
libnetfilter_conntrack.pc.in: add LIBMNL_LIBS to Libs.Private
Florian Westphal (7):
conntrack: dccp print function should use dccp state
conntrack: sctp: update states
include: add CTA_STATS_CLASH_RESOLVE
include: sync uapi header with nf-next
src: add support for status dump filter
include: add CTA_STATS_CHAIN_TOOLONG from linux 5.15 uapi
libnetfilter_conntrack: bump version to 1.0.9
Jan Engelhardt (2):
build: use the right automake variables
Update .gitignore
Jeremy Sowden (1):
build: update obsolete autoconf macros
Ken-ichirou MATSUZAWA (1):
conntrack: fix invmap_icmpv6 entries
Luuk Paulussen (1):
conntrack: Don't use ICMP attrs in decision to build repl tuple
Pablo Neira Ayuso (5):
src: add IPS_HW_OFFLOAD flag
conntrack: add flush filter command
build: missing internal/proto.h in Makefile.am
conntrack: add nfct_nlmsg_build_filter() helper
conntrack: don't cancel nest on unknown layer 4 protocols
Phil Sutter (2):
tests: Fix for missing qa-connlabel.conf in tarball
tests: Add simple tests to TESTS variable
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-02-14 11:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-02-14 11:44 [ANNOUNCE] libnetfilter_conntrack 1.0.9 release Florian Westphal
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.