[ANNOUNCE] conntrackd-0.9.2 released

[ANNOUNCE] conntrackd-0.9.2 released

[Pablo Neira Ayuso]

Overview:

Conntrackd is the userspace daemon for the Connection Tracking System.
This daemon maintains a copy of the Connection Tracking System in
userspace. It is entirely written in C and is highly configurable and
easily extensible. Currently it covers the specific aspects of Stateful
Linux firewalls to enable High Availability (HA) solutions and can be
used as statistics collector of the firewall use.

Status:

This project is under development, people feeling brave are encouraged
to test a send nice reports ;)

Main changes:
- the unnofficial libraries are not required anymore
- a new NACK based protocol

More information available at:

http://people.netfilter.org/pablo/conntrackd/

P.S: There is a TODO file inside the tarball that includes some pending
stuff that needs to be done in case that you are thinking about
contributing to the project.

-- 
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris

Re: [ANNOUNCE] conntrackd-0.9.2 released

[Maximilian Wilhelm]

[-- Attachment #1: Type: text/plain, Size: 724 bytes --]

Am Mittwoch, den 17 Januar hub Pablo Neira Ayuso folgendes in die Tasten:

Hi!

> This project is under development, people feeling brave are encouraged
> to test a send nice reports ;)

I noticed two things:

 * conntrackd isn´t release regarding to changelog.
 * see attached two patches which fix the INSTALL file regarding
   the dependency two libnfnetlink and libnetfilter_conntrack and
   additionally remove some whitespaces.
   (Apply the whitespace patch first.)

[...]
> P.S: There is a TODO file inside the tarball that includes some pending
> stuff that needs to be done in case that you are thinking about
> contributing to the project.
 
I´ll give the manpage a shot.

Ciao
Max
-- 
	Follow the white penguin.

[-- Attachment #2: INSTALL.whitespace.patch --]
[-- Type: text/plain, Size: 2722 bytes --]

--- conntrackd-0.9.2/INSTALL	2007-01-17 02:48:29.000000000 +0100
+++ conntrackd-0.9.2-whitespacefix/INSTALL	2007-01-17 15:58:18.000000000 +0100
@@ -27,7 +27,7 @@
      - nfnetlink
      - ctnetlink (ip_conntrack_netlink)
      - connection tracking event notification API
- 
+
  o libnfnetlink: the netfilter netlink library
    use the official release available in netfilter.org
 
@@ -47,9 +47,9 @@
     For node 2: conntrackd-x.x.x/examples/sync/node2/keepalived.conf
 
     These files can be used to set up a simple VRRP cluster composed of
-    two machines that hold the virtual IPs 192.168.0.100 on eth0 and 
-    192.168.1.100 on eth1. 
- 
+    two machines that hold the virtual IPs 192.168.0.100 on eth0 and
+    192.168.1.100 on eth1.
+
     If you are not familiar with keepalived, please read the official
     docs available at http://www.keepalived.org
 
@@ -60,16 +60,16 @@
 
     To setup 'conntrackd' in synchronization mode, you have to put the
     configuration file in the directory /etc/conntrackd.
- 
+
     On node 1:
 	# cp examples/sync/_type_/node1/conntrackd.conf /etc/conntrackd.conf
 
     On node 2:
         # cp examples/sync/_type_/node1/conntrackd.conf /etc/conntrackd.conf
 
-    Where _type_ is the synchronization type selected, currently there are 
-    two: the persistent mode and the NACK mode. The persistent mode consumes 
-    more resources than the NACK mode, however the NACK mode is still 
+    Where _type_ is the synchronization type selected, currently there are
+    two: the persistent mode and the NACK mode. The persistent mode consumes
+    more resources than the NACK mode, however the NACK mode is still
     experimental
 
     Do not forget to edit the files in order to adapt them to the
@@ -89,7 +89,7 @@
 
     - Dump the cache of connections that are currently being processed by
       this node (aka. internal cache):
-      
+
     # conntrackd -i
 
     - Dump the cache of connections that has been transfered from
@@ -104,7 +104,7 @@
  5) Setting up interaction with keepalived
 
     If keepalived detects the failure of the active node, then it designates
-    a candidate node that will replace the failing active. On such event, 
+    a candidate node that will replace the failing active. On such event,
     the external cache, eg. the cache that contains the connections processed
     by other nodes, must be commited. To commit the external cache, just type:
 
@@ -159,7 +159,7 @@
 
 2.2.2. Configuration
 
- Setting up conntrackd in statistics mode is rather easy. Just copy the 
+ Setting up conntrackd in statistics mode is rather easy. Just copy the
  configuration file
 
     # cp examples/stats/conntrackd.conf /etc/conntrackd.conf

[-- Attachment #3: INSTALL.docupdate.patch --]
[-- Type: text/plain, Size: 2005 bytes --]

--- conntrackd-0.9.2/INSTALL	2007-01-17 15:58:18.000000000 +0100
+++ conntrackd-0.9.2-docupdate/INSTALL	2007-01-17 15:54:58.000000000 +0100
@@ -29,13 +29,23 @@
      - connection tracking event notification API
 
  o libnfnetlink: the netfilter netlink library
-   use the official release available in netfilter.org
+
+     Since conntrackd version 0.9.2 you can used the official release availble at
+     http://www.netfilter.org/projects/libnfnetlink/files/
+
+     Up to conntrackd version 0.9.1 use the unofficial release available at the
+     download section
 
  o libnetfilter_conntrack: the netfilter conntrack library
-   use the oficial release available in netfilter.org
+
+     Since  conntrackd version 0.9.2 you can used the official release availble at
+     http://www.netfilter.org/projects/libnetfilter_conntrack/files/
+
+     Up to conntrackd version 0.9.1 use the unnoficial release available at the
+     download section
 
  o Keepalived version 1.x (http://www.keepalived.org)
-   check if your distribution comes with a recent version
+     check if your distribution comes with a recent version
 
 2.1.2. Configuration
 
@@ -152,10 +162,20 @@
       - connection tracking event notification API
 
  o libnfnetlink: the netfilter netlink library
-   use the unofficial release available at the download section
+
+     Since conntrackd version 0.9.2 you can used the official release availble at
+     http://www.netfilter.org/projects/libnfnetlink/files/
+
+     Up to conntrackd version 0.9.1 use the unofficial release available at the
+     download section
 
  o libnetfilter_conntrack: the netfilter conntrack library
-   use the unnoficial release available at the download section
+
+     Since  conntrackd version 0.9.2 you can used the official release availble at
+     http://www.netfilter.org/projects/libnetfilter_conntrack/files/
+
+     Up to conntrackd version 0.9.1 use the unnoficial release available at the
+     download section
 
 2.2.2. Configuration
 

Re: [nf-failover] [ANNOUNCE] conntrackd-0.9.2 released

[Michael Steinmann]

On Wed, January 17, 2007 3:49 am, Pablo Neira Ayuso wrote:
> This project is under development, people feeling brave are encouraged
> to test a send nice reports ;)

thanks for the new release.
I noticed a small glitch with keyword case in the persistent mode example
config files:

examples/sync/persistent/node1/conntrackd.conf
       mode PERSISTENT {

examples/sync/persistent/node2/conntrackd.conf
       Mode PERSISTENT {

The Mode keyword is case sensitive which will lead to the following error
when starting node1:

Error parsing config file: line (5), symbol 'mode': syntax error



Also, to build conntrackd I had to patch two include files:

--- /usr/local/include/libnfnetlink/libnfnetlink.h.orig 2007-01-19
08:46:42.000000000 +0100
+++ /usr/local/include/libnfnetlink/libnfnetlink.h      2007-01-19
13:35:19.000000000 +0100
@@ -16,7 +16,6 @@
 #endif

 #include <linux/types.h>
-#include <sys/socket.h>        /* for sa_family_t */
 #include <linux/netlink.h>
 #include <libnfnetlink/linux_nfnetlink.h>


---
/usr/local/include/libnetfilter_conntrack/libnetfilter_conntrack.h.orig   
 2007-01-19 08:48:13.000000000 +0100
+++ /usr/local/include/libnetfilter_conntrack/libnetfilter_conntrack.h 
2007-01-19 13:34:47.000000000 +0100
@@ -8,7 +8,6 @@
 #ifndef _LIBNETFILTER_CONNTRACK_H_
 #define _LIBNETFILTER_CONNTRACK_H_

-#include <netinet/in.h>
 #include <libnfnetlink/linux_nfnetlink.h>
 #include <libnfnetlink/libnfnetlink.h>
 #include <libnetfilter_conntrack/linux_nfnetlink_conntrack.h>
@@ -338,7 +337,6 @@

 /* high level API */

-#include <sys/types.h>

 /* conntrack object */
 struct nf_conntrack;


This is with libnfnetlink-0.0.25 and libnetfilter_conntrack-0.0.50 as per
the docs. Kernel is 2.6.20.

--
mike