• Home
  • History
  • Annotate
  • only in /external/libnetfilter_conntrack/
NameDateSize

..11-Jun-201812 KiB

aclocal.m411-Jun-201850.6 KiB

Android.bp11-Jun-20181.2 KiB

build-aux/11-Jun-20184 KiB

compile11-Jun-20183.7 KiB

config.guess11-Jun-201843.9 KiB

config.h.in11-Jun-20181.9 KiB

config.sub11-Jun-201833.8 KiB

configure11-Jun-2018446.6 KiB

configure.ac11-Jun-20181.9 KiB

COPYING11-Jun-201817.6 KiB

depcomp11-Jun-201818.2 KiB

doxygen.cfg.in11-Jun-20185.2 KiB

examples/11-Jun-20184 KiB

include/11-Jun-20184 KiB

install-sh11-Jun-201813.3 KiB

libnetfilter_conntrack.pc.in11-Jun-2018422

ltmain.sh11-Jun-2018237.7 KiB

m4/11-Jun-20184 KiB

Make_global.am11-Jun-2018358

Makefile.am11-Jun-2018268

Makefile.in11-Jun-201828.3 KiB

missing11-Jun-201811.2 KiB

qa/11-Jun-20184 KiB

README11-Jun-20182.8 KiB

src/11-Jun-20184 KiB

utils/11-Jun-20184 KiB

README

1libnetfilter_conntrack - userspace library for the connection tracking system
2(C) 2005-2011 Pablo Neira Ayuso <pablo@netfilter.org>
3=============================================================================
4
5= Connection Tracking System =
6
7The connection tracking system is a in-kernel subsystem that stores information
8about the state of a connection in a memory structure that contains the source
9and destination IP addresses, port number pairs, protocol types, state, and 
10timeout. With this extra information, we can define more intelligent filtering
11policies. 
12
13Moreover, there are some application protocols, such as FTP, TFTP, IRC, PPTP 
14that have aspects that are hard to track for a firewall that follows the 
15traditional static filtering approach. The connection tracking system defines 
16a mechanism to track such aspects.
17
18The connection tracking system does not alter the packets themselves; the 
19default behavior always lets the packets continue their travel through the
20network stack, although there are a couple of very specific exceptions where 
21packets can be dropped (e.g., under memory exhaustion). So keep in mind that 
22the connection tracking system just tracks packets; it does not filter.
23
24For further information on the connection tracking system, please see the
25reference section at the bottom of this document.
26
27= What is libnetfilter_conntrack? =
28
29libnetfilter_conntrack is an userspace library that provides an interface to 
30the in-kernel connection tracking system.
31
32= License =
33
34libnetfilter_conntrack is released under GPLv2 or any later at your option.
35
36= Prerequirements for libnetfilter_conntrack =
37
38Linux kernel version >= 2.6.18 (http://www.kernel.org) and enable support for:
39
40 * connection tracking system (quite obvious ;)
41 * nfnetlink
42 * ctnetlink (ip_conntrack_netlink)
43 * connection tracking event notification API 
44
45= Documentation =
46
47You can generate the doxygen-based documentation by invoking:
48	$ doxygen doxygen.cfg
49
50= Examples =
51
52You can find a set of handy examples on the use of libnetfilter_conntrack 
53under the directory utils/ distributed with this library. You can compile them
54by invoking:
55	$ make check
56
57= Heads Up =
58
59libnetfilter_conntrack used to provided two different APIs: The old one had
60several limitations, for that reason, it was deprecated time ago. The existing
61library only provides the new API that solves former deficiencies. Thus, make
62sure you use recent versions of libnetfilter_conntrack and, in case that
63you are using the old API, consider porting your application to the new one.
64
65Since libnetfilter_conntrack >= 0.9.1, you can use the same handler obtained
66via nfct_open() to register conntrack and expectation callbacks (before this
67version, this was not possible).
68
69= References =
70
71[1] Pablo Neira Ayuso. Netfilter's Connection Tracking System:
72    http://people.netfilter.org/pablo/docs/login.pdf
73