List Info

Thread: libnetfilter_conntrack 0.0.81 release
libnetfilter_conntrack 0.0.81 release
country flaguser name
Spain		 2007-07-28 07:38:04 
Hi!

The netfilter project proudly presents
libnetfilter_conntrack-0.0.81

libnetfilter_conntrack is a userspace library providing a
programming
interface (API) to the in-kernel connection tracking state
table.

This release includes minor changes and bugfixes. See
ChangeLog for more
details. Upgrade is recommended.

You can download it from:

http://www.netfilter.org/projects/libnetfilter_conntrac
k/
ftp://ftp.netfilter.org/pub/libnetfilter_conntrack/

Pablo (on behalf of the Netfilter Project)

-- 
"Será preciso viajar a través de los ojos de los
idiotas" -- Poeta en
Nueva York -- Federico García Lorca.
  
Re: ip_conntrack growing indefinitely
country flaguser name
Germany		 2007-08-11 02:38:08 
> For now it has been patched setting ip_conntrack_max to
65536 but 
> connections still grow indefinitely (seems NAT never
drops old
> connections). Any idea of the reasons? Could be related
with the kernel
> version (2 years old) we're running?

I've a similar phenomen using kernel 2.6.18-4-vserver-686 :
conntrack -L|wc -l
3340
nearly all started at a similar time from two ports to
random

example iptstate:
Source Destination   Proto  State       TTL
1.2.3.4:42573 1.2.3.4:842 tcp ESTABLISHED 10:44:43
1.2.3.4:42574 1.2.3.4:1501 tcp ESTABLISHED 10:43:51
1.2.3.4:42573 1.2.3.4:1392 tcp ESTABLISHED 10:43:20

well :- on my wish list now something like that:
conntrack -D -s 1.2.3.4 -d 1.2.3.4 -p tcp --orig-port-src
42573 --orig-port-dst *
Re: ip_conntrack growing indefinitely
country flaguser name
France		 2007-08-11 03:04:28 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Le Sat, 11 Aug 2007 09:38:08 +0200,
fd4 <fd4itsec4u.de> a écrit :

> > For now it has been patched setting
ip_conntrack_max to 65536 but 
> 
> well :- on my wish list now something like that:
> conntrack -D -s 1.2.3.4 -d 1.2.3.4 -p tcp
--orig-port-src 42573
> --orig-port-dst *

You should try this:
http://software.inl.fr/trac/trac.cgi/wiki/pynetfi
lter_conntrack

It does exactly what you want.

BR,
- -- 
Eric Leblond <ericregit.org>
NuFW, Now User Filtering Works : http://www.nufw.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGvW2PnxA7CdMWjzIRAn4xAJsFD/7db/FCNw6iwTByznnY5PDpdACf
degE
pslZiNpAY6TtqT0F0Iw4HTw=
=6G59
-----END PGP SIGNATURE-----
[1-3]

about | contact  Other archives ( Real Estate discussion Medical topics )