Home | History | Annotate | only in /external/libnetfilter_conntrack
Up to higher level directory
NameDateSize
aclocal.m422-Oct-202050.6K
Android.bp22-Oct-20201.2K
build-aux/22-Oct-2020
compile22-Oct-20203.7K
config.guess22-Oct-202043.9K
config.h.in22-Oct-20201.9K
config.sub22-Oct-202033.8K
configure22-Oct-2020446.6K
configure.ac22-Oct-20201.9K
COPYING22-Oct-202017.6K
depcomp22-Oct-202018.2K
doxygen.cfg.in22-Oct-20205.2K
examples/22-Oct-2020
include/22-Oct-2020
install-sh22-Oct-202013.3K
libnetfilter_conntrack.pc.in22-Oct-2020422
ltmain.sh22-Oct-2020237.7K
m4/22-Oct-2020
Make_global.am22-Oct-2020358
Makefile.am22-Oct-2020268
Makefile.in22-Oct-202028.3K
missing22-Oct-202011.2K
MODULE_LICENSE_GPL22-Oct-20200
NOTICE22-Oct-202017.6K
OWNERS22-Oct-202046
qa/22-Oct-2020
README22-Oct-20202.8K
src/22-Oct-2020
utils/22-Oct-2020

README

      1 libnetfilter_conntrack - userspace library for the connection tracking system
      2 (C) 2005-2011 Pablo Neira Ayuso <pablo (a] netfilter.org>
      3 =============================================================================
      4 
      5 = Connection Tracking System =
      6 
      7 The connection tracking system is a in-kernel subsystem that stores information
      8 about the state of a connection in a memory structure that contains the source
      9 and destination IP addresses, port number pairs, protocol types, state, and 
     10 timeout. With this extra information, we can define more intelligent filtering
     11 policies. 
     12 
     13 Moreover, there are some application protocols, such as FTP, TFTP, IRC, PPTP 
     14 that have aspects that are hard to track for a firewall that follows the 
     15 traditional static filtering approach. The connection tracking system defines 
     16 a mechanism to track such aspects.
     17 
     18 The connection tracking system does not alter the packets themselves; the 
     19 default behavior always lets the packets continue their travel through the
     20 network stack, although there are a couple of very specific exceptions where 
     21 packets can be dropped (e.g., under memory exhaustion). So keep in mind that 
     22 the connection tracking system just tracks packets; it does not filter.
     23 
     24 For further information on the connection tracking system, please see the
     25 reference section at the bottom of this document.
     26 
     27 = What is libnetfilter_conntrack? =
     28 
     29 libnetfilter_conntrack is an userspace library that provides an interface to 
     30 the in-kernel connection tracking system.
     31 
     32 = License =
     33 
     34 libnetfilter_conntrack is released under GPLv2 or any later at your option.
     35 
     36 = Prerequirements for libnetfilter_conntrack =
     37 
     38 Linux kernel version >= 2.6.18 (http://www.kernel.org) and enable support for:
     39 
     40  * connection tracking system (quite obvious ;)
     41  * nfnetlink
     42  * ctnetlink (ip_conntrack_netlink)
     43  * connection tracking event notification API 
     44 
     45 = Documentation =
     46 
     47 You can generate the doxygen-based documentation by invoking:
     48 	$ doxygen doxygen.cfg
     49 
     50 = Examples =
     51 
     52 You can find a set of handy examples on the use of libnetfilter_conntrack 
     53 under the directory utils/ distributed with this library. You can compile them
     54 by invoking:
     55 	$ make check
     56 
     57 = Heads Up =
     58 
     59 libnetfilter_conntrack used to provided two different APIs: The old one had
     60 several limitations, for that reason, it was deprecated time ago. The existing
     61 library only provides the new API that solves former deficiencies. Thus, make
     62 sure you use recent versions of libnetfilter_conntrack and, in case that
     63 you are using the old API, consider porting your application to the new one.
     64 
     65 Since libnetfilter_conntrack >= 0.9.1, you can use the same handler obtained
     66 via nfct_open() to register conntrack and expectation callbacks (before this
     67 version, this was not possible).
     68 
     69 = References =
     70 
     71 [1] Pablo Neira Ayuso. Netfilter's Connection Tracking System:
     72     http://people.netfilter.org/pablo/docs/login.pdf
     73