webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
bpfire/lfs/conntrack-tools
Adolf Belka b685b5e7e9 conntrack-tools: Update to version 1.4.7 
- Update from 1.4.6 to 1.4.7
- Update of rootfile not required
- Requires update fo libnetfilter_conntrack from 1.0.8 to 1.0.9
- Changelog
    conntrack-tools 1.4.7
     This release contains new features:
	* IPS_HW_OFFLOAD flag specifies that a conntrack entry has been
	  offloaded into the hardware
	* 'clash_resolve' and 'chaintoolong' stats counters
	* Default to unspec family if '-f' flag is absent to improve support for
	  dual-stack setups
	* Support filtering events by IP address family
	* Support flushing per IP address family
	* Add "save" output format representing data in conntrack parameters
	* Support loading conntrack commands from a batch file, e.g. generated
	  by "save" output format
	* Annotate portid in events by the program name (if found)
	* Accept yes/no as synonyms to on/off in conntrackd.conf
	* Support user space helper auto-loading upon daemon startup, relieving
	  users from manual 'nfct add helper' calls
	* Filter dumps by status on kernel side if possible
	* Accept to filter for any status other than SEEN_REPLY using
	  'UNREPLIED'
	* Use libmnl internally
	* Reuse netlink socket for improved performance with bulk CT entry loads
	* Remove '-o userspace' flag and always tag user space triggered events
	* Introduce '-A' command, a variant of '-I' which does not fail if the
	  entry exists already
     ... and fixes:
	* ICMP entry creation would fail when reply data was specified
	* Sync zone value also
	* Log external inject problems as warning only
	* Endianness bug parsing IP addresses
	* Ignore conntrack ID when looking up cache entries to allow for stuck
	  old ones to be replaced eventually
	* Broken parsing of IPv6 M-SEARCH requests in ssdp cthelper
	* Eliminate the need for lazy binding in nfct
	* Fix for use of unknown protocol values
	* Sanitize protocol value parsing, catch illegal values
	* Ensure unknown protocol values are included in '-o save' dumps
     ... and documentation updates:
	* Fixed examples in manual
	* Refer to nf_conntrack sysctl instead of the deprecated ip_conntrack
	  one
	* Misc updates to the manual
	* Add an older example script creating an active-active setup using the
	  cluster match

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
2022-11-19 19:24:14 +00:00

3.2 KiB
Raw Permalink Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink