Hi!
The Netfilter project proudly presents:
conntrack-tools 1.4.7
This release contains new features:
* IPS_HW_OFFLOAD flag specifies that a conntrack entry has been
offloaded into the hardware
* 'clash_resolve' and 'chaintoolong' stats counters
* Default to unspec family if '-f' flag is absent to improve support for
dual-stack setups
* Support filtering events by IP address family
* Support flushing per IP address family
* Add "save" output format representing data in conntrack parameters
* Support loading conntrack commands from a batch file, e.g. generated
by "save" output format
* Annotate portid in events by the program name (if found)
* Accept yes/no as synonyms to on/off in conntrackd.conf
* Support user space helper auto-loading upon daemon startup, relieving
users from manual 'nfct add helper' calls
* Filter dumps by status on kernel side if possible
* Accept to filter for any status other than SEEN_REPLY using
'UNREPLIED'
* Use libmnl internally
* Reuse netlink socket for improved performance with bulk CT entry loads
* Remove '-o userspace' flag and always tag user space triggered events
* Introduce '-A' command, a variant of '-I' which does not fail if the
entry exists already
... and fixes:
* ICMP entry creation would fail when reply data was specified
* Sync zone value also
* Log external inject problems as warning only
* Endianness bug parsing IP addresses
* Ignore conntrack ID when looking up cache entries to allow for stuck
old ones to be replaced eventually
* Broken parsing of IPv6 M-SEARCH requests in ssdp cthelper
* Eliminate the need for lazy binding in nfct
* Fix for use of unknown protocol values
* Sanitize protocol value parsing, catch illegal values
* Ensure unknown protocol values are included in '-o save' dumps
... and documentation updates:
* Fixed examples in manual
* Refer to nf_conntrack sysctl instead of the deprecated ip_conntrack
one
* Misc updates to the manual
* Add an older example script creating an active-active setup using the
cluster match
You can download the new release from:
https://netfilter.org/projects/conntrack-tools/downloads.html#conntrack-tools-1.4.7
To build the code, updated libnetfilter_conntrack 1.0.9 is required:
https://netfilter.org/projects/libnetfilter_conntrack/downloads.html#libnetfilter_conntrack-1.0.9
In case of bugs and feature requests, file them via:
* https://bugzilla.netfilter.org
Happy firewalling!
The Netfilter project proudly presents:
conntrack-tools 1.4.7
This release contains new features:
* IPS_HW_OFFLOAD flag specifies that a conntrack entry has been
offloaded into the hardware
* 'clash_resolve' and 'chaintoolong' stats counters
* Default to unspec family if '-f' flag is absent to improve support for
dual-stack setups
* Support filtering events by IP address family
* Support flushing per IP address family
* Add "save" output format representing data in conntrack parameters
* Support loading conntrack commands from a batch file, e.g. generated
by "save" output format
* Annotate portid in events by the program name (if found)
* Accept yes/no as synonyms to on/off in conntrackd.conf
* Support user space helper auto-loading upon daemon startup, relieving
users from manual 'nfct add helper' calls
* Filter dumps by status on kernel side if possible
* Accept to filter for any status other than SEEN_REPLY using
'UNREPLIED'
* Use libmnl internally
* Reuse netlink socket for improved performance with bulk CT entry loads
* Remove '-o userspace' flag and always tag user space triggered events
* Introduce '-A' command, a variant of '-I' which does not fail if the
entry exists already
... and fixes:
* ICMP entry creation would fail when reply data was specified
* Sync zone value also
* Log external inject problems as warning only
* Endianness bug parsing IP addresses
* Ignore conntrack ID when looking up cache entries to allow for stuck
old ones to be replaced eventually
* Broken parsing of IPv6 M-SEARCH requests in ssdp cthelper
* Eliminate the need for lazy binding in nfct
* Fix for use of unknown protocol values
* Sanitize protocol value parsing, catch illegal values
* Ensure unknown protocol values are included in '-o save' dumps
... and documentation updates:
* Fixed examples in manual
* Refer to nf_conntrack sysctl instead of the deprecated ip_conntrack
one
* Misc updates to the manual
* Add an older example script creating an active-active setup using the
cluster match
You can download the new release from:
https://netfilter.org/projects/conntrack-tools/downloads.html#conntrack-tools-1.4.7
To build the code, updated libnetfilter_conntrack 1.0.9 is required:
https://netfilter.org/projects/libnetfilter_conntrack/downloads.html#libnetfilter_conntrack-1.0.9
In case of bugs and feature requests, file them via:
* https://bugzilla.netfilter.org
Happy firewalling!
Attached Files:
-
changes-conntrack-tools-1.4.7.txt (5.14 KB)