* [ANNOUNCE] conntrack-tools 1.4.9 release
@ 2026-02-04 1:00 Pablo Neira Ayuso
0 siblings, 0 replies; only message in thread
From: Pablo Neira Ayuso @ 2026-02-04 1:00 UTC (permalink / raw)
To: netfilter-devel; +Cc: netfilter, netfilter-announce, lwn
[-- Attachment #1: Type: text/plain, Size: 1469 bytes --]
Hi!
The Netfilter project proudly presents:
conntrack-tools 1.4.9
This release contains bugfixes, for the conntrack cli:
- skip ENOSPC on updates when ct label is not available
- don't print [USERSPACE] information in case of XML output
- fix parsing of tuple-port-src and tuple-port-dst
- improve --secmark,--id,--zone parser
- improve --mark parser
- fix for ENOENT in delete to align behaviour with updates
- fix compiler warnings with -Wcalloc-transposed-args
- prefer kernel-provided event timestamp via CTA_TIMESTAMP_EVENT
if it is available
- introduce --labelmap option to specify connlabel.conf path
- Extend error message for EBUSY when registering userspace helper
and the conntrackd daemon:
- don't add expectation table entry for RPC portmap port
- fix signal handler race-condition
- restrict multicast reception, otherwise multicast sync messages
can be received from any interface if your firewall policy does
not restrict the interface used for sending and receiving them.
- remove double close() in multicast resulting in EBADFD
You can download the new release from:
https://netfilter.org/projects/conntrack-tools/downloads.html#conntrack-tools-1.4.9
To build the code, updated libnetfilter_conntrack 1.1.1 is required:
https://netfilter.org/projects/libnetfilter_conntrack/downloads.html#libnetfilter_conntrack-1.1.1
In case of bugs and feature requests, file them via:
* https://bugzilla.netfilter.org
Happy firewalling.
[-- Attachment #2: changes-conntrack-tools-1.4.9.txt --]
[-- Type: text/plain, Size: 1579 bytes --]
Ahelenia Ziemiańska (1):
conntrack: -L doesn't take a value, so don't discard one (same for -IUDGEFA)
Christoph Heiss (2):
conntrack: move label parsing to after argument parsing
conntrack: introduce --labelmap option to specify connlabel.conf path
Donald Yandt (2):
conntrackd: prevent memory loss if reallocation fails
conntrackd: exit with failure status
Florian Westphal (2):
conntrack: prefer kernel-provided event timestamp if it is available
conntrack: --id argument is mandatory
Ignacy Gawędzki (1):
conntrack: don't print [USERSPACE] information in case of XML output
Markus Breitenberger (1):
conntrackd: Fix signal handler race-condition
Pablo Neira Ayuso (8):
conntrack: ct label update requires proper ruleset
tests: conntrack: missing space before option
conntrack: improve --secmark,--id,--zone parser
conntrack: improve --mark parser
conntrackd: restrict multicast reception
conntrackd: remove double close() in multicast resulting in EBADFD
conntrackd: update netns test to support IPv6
conntrack-tools 1.4.9 release
Pfeil Daniel (1):
conntrackd: helpers/rpc: Don't add expectation table entry for portmap port
Phil Sutter (3):
conntrack: Fix for ENOENT in mnl_nfct_delete_cb()
src: Eliminate warnings with -Wcalloc-transposed-args
nfct: helper: Extend error message for EBUSY
Stephan Brunner (1):
conntrack: tcp: fix parsing of tuple-port-src and tuple-port-dst
Xavier Claude (1):
conntrackd.conf.5: fix typos
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-02-04 1:00 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-04 1:00 [ANNOUNCE] conntrack-tools 1.4.9 release Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox