TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
402976fe51
twx-linux/include/linux/netfilter
History
Pablo Neira Ayuso 24de58f465 netfilter: xt_CT: allow to attach timeout policy + glue code 
This patch allows you to attach the timeout policy via the
CT target, it adds a new revision of the target to ensure
backward compatibility. Moreover, it also contains the glue
code to stick the timeout object defined via nfnetlink_cttimeout
to the given flow.

Example usage (it requires installing the nfct tool and
libnetfilter_cttimeout):

1) create the timeout policy:

 nfct timeout add tcp-policy0 inet tcp \
	established 1000 close 10 time_wait 10 last_ack 10

2) attach the timeout policy to the packet:

 iptables -I PREROUTING -t raw -p tcp -j CT --timeout tcp-policy0

You have to install the following user-space software:

a) libnetfilter_cttimeout:
   git://git.netfilter.org/libnetfilter_cttimeout

b) nfct:
   git://git.netfilter.org/nfct

You also have to get iptables with -j CT --timeout support.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-03-07 17:41:28 +01:00
..
ipset netfilter: ipset: hash:net,iface timeout bug fixed 2012-03-07 17:40:37 +01:00
Kbuild netfilter: add cttimeout infrastructure for fine timeout tuning 2012-03-07 17:41:22 +01:00
nf_conntrack_amanda.h
nf_conntrack_common.h netfilter: revert user-space expectation helper support 2012-01-16 14:01:23 +01:00
nf_conntrack_dccp.h
nf_conntrack_ftp.h
nf_conntrack_h323_asn1.h
nf_conntrack_h323_types.h
nf_conntrack_h323.h
nf_conntrack_irc.h
nf_conntrack_pptp.h
nf_conntrack_proto_gre.h
nf_conntrack_sane.h
nf_conntrack_sctp.h
nf_conntrack_sip.h
nf_conntrack_snmp.h
nf_conntrack_tcp.h netfilter: nf_ct_tcp: move retransmission and unacknowledged timeout to array 2012-03-07 17:41:15 +01:00
nf_conntrack_tftp.h
nf_conntrack_tuple_common.h netfilter: nf_nat: export NAT definitions to userspace 2011-12-23 14:36:43 +01:00
nf_nat.h netfilter: nf_nat: export NAT definitions to userspace 2011-12-23 14:36:43 +01:00
nfnetlink_acct.h netfilter: add extended accounting infrastructure over nfnetlink 2011-12-25 02:43:03 +01:00
nfnetlink_compat.h
nfnetlink_conntrack.h netfilter: ctnetlink: allow to set expectfn for expectations 2012-03-07 17:40:46 +01:00
nfnetlink_cttimeout.h netfilter: add cttimeout infrastructure for fine timeout tuning 2012-03-07 17:41:22 +01:00
nfnetlink_log.h
nfnetlink_queue.h
nfnetlink.h netfilter: add cttimeout infrastructure for fine timeout tuning 2012-03-07 17:41:22 +01:00
x_tables.h percpu: Remove irqsafe_cpu_xxx variants 2011-12-22 10:40:20 -08:00
xt_addrtype.h
xt_AUDIT.h
xt_CHECKSUM.h
xt_CLASSIFY.h
xt_cluster.h
xt_comment.h
xt_connbytes.h
xt_connlimit.h
xt_connmark.h
xt_CONNMARK.h
xt_CONNSECMARK.h
xt_conntrack.h
xt_cpu.h
xt_CT.h netfilter: xt_CT: allow to attach timeout policy + glue code 2012-03-07 17:41:28 +01:00
xt_dccp.h
xt_devgroup.h
xt_dscp.h
xt_DSCP.h
xt_ecn.h netfilter: xtables: give xt_ecn its own name 2011-12-27 20:31:38 +01:00
xt_esp.h
xt_hashlimit.h
xt_helper.h
xt_IDLETIMER.h
xt_iprange.h
xt_ipvs.h
xt_LED.h
xt_length.h
xt_limit.h
xt_LOG.h netfilter: merge ipt_LOG and ip6_LOG into xt_LOG 2012-03-07 17:40:49 +01:00
xt_mac.h
xt_mark.h
xt_MARK.h
xt_multiport.h
xt_nfacct.h netfilter: xtables: add nfacct match to support extended accounting 2011-12-25 02:43:17 +01:00
xt_NFLOG.h
xt_NFQUEUE.h
xt_osf.h
xt_owner.h
xt_physdev.h
xt_pkttype.h
xt_policy.h
xt_quota.h
xt_rateest.h
xt_RATEEST.h
xt_realm.h
xt_recent.h
xt_rpfilter.h netfilter: add ipv4 reverse path filter match 2011-12-04 22:43:37 +01:00
xt_sctp.h
xt_SECMARK.h
xt_set.h
xt_socket.h
xt_state.h
xt_statistic.h
xt_string.h
xt_tcpmss.h
xt_TCPMSS.h
xt_TCPOPTSTRIP.h
xt_tcpudp.h
xt_TEE.h
xt_time.h
xt_TPROXY.h
xt_u32.h