Date: Fri, 22 Apr 2011 16:16:26 +0300 From: Georgi Geshev <root@...k-labs.exploits-bg.com> To: owl-dev@...ts.openwall.com Subject: Re: new soft: conntrack, ucarp Hello, In my humble opinion, this is an appropriate (enough) suggestion, especially concerning the conntrack-tools. Let me know if I should / may prepare the RPM package builds or it is actually preferable that some code review is done first. Regards, Georgi On Fri, Apr 22, 2011 at 3:26 PM, Vasiliy Kulikov <segoon@...nwall.com>wrote: > Hi, > > I'd suggest to include into Owl 3 packages: > > > 1) conntrack (http://conntrack-tools.netfilter.org/). > > "Program to modify the conntrack tables > > conntrack is a userspace command line program targeted at system > administrators. It enables them to view and manage the in-kernel > connection tracking state table." > > It is a very usefull tool to debug and profile statefull firewall rules. > > > 24 kb installed in Ubuntu. > > > 2) conntrackd (the same tarball). > > "Connection tracking daemon > > Conntrackd can replicate the status of the connections that are > currently being processed by your stateful firewall based on Linux. > Conntrackd can also run as statistics daemon." > > It can be used for HA firewall setups. 110 kb in Ubuntu. > > Both conntrack* require new library, libnfnetlink (14 kb installed in > Ubuntu). > > > 3) ucarp (http://www.ucarp.org/project/ucarp). > > "user-space replacement to VRRP -- automatic IP fail-over > > UCARP allows a pair of hosts to share common virtual IP addresses in > order to provide automatic fail-over. It is a portable user-land > implementation of the secure and patent-free Common Address Redundancy > Protocol (CARP, OpenBSD's alternative to the VRRP). > . > Strong points of the CARP protocol are: very low overhead, > cryptographically signed messages, interoperability between different > operating systems and no need for any dedicated extra network link > between redundant hosts." > > 37 kb installed, needs only libpcap. Originates in OpenBSD camp ;-) > > > If it is not appropriate to include them into the Owl, it would be handy > to have them in some secondary repository. > > > Thanks, > > -- > Vasiliy Kulikov > http://www.openwall.com - bringing security into open computing > environments > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iQIcBAEBAgAGBQJNsXP+AAoJEBoUx9gkVaZceP4QAM8S92hoRAmuvClHBcKJYs9a > oRWdVZwQOBKkizCxNvVb5xBYUp15cpDg/cyEKVHCKadvRbrZOH7jYy8w3RivAol9 > oCjnZvU+HDxwQ+lg0CQYs7/mnh9RoSPDlxlHuz5psiKTJab9MzqZBGw6d6F9jvxZ > fgKSpxjyx+QUaX3UbRpz0xki73E+6vU7gTTJFjdophYU8A410lO6Nz+Qnh5DEOgq > TkodHzL+E2FmYtcKgMpmX+54VJ9kXZ3Vv1G+3yXONR01Bsk5K5mYqe7uX7O8pVQB > 81Z4sfj2WRmHN7sS0TwnP+yVyazFApeP38aH3eySkx4ZTbYW1IcrBcAqmp6zJ+/X > osOqqyVRatgEjzjEN2B7Kwd2LS+d1XNOHeI3s6VfLV2uIZFtxSP7mNnLpExVsfc7 > +EDoiGfDRfbR8fViiFWSkh36fOVJmwfG9fzY9E3yjf9SLCcoglmQcno8fVAoc5Jz > 7VVPSvLzcy2Ts44LqGzHy/6qoXTew5zy+Fp1ZshZLtfRvNENRTO/sHbJq0So9v5L > lNNF2Sl9ufszKc8nwfiOaNo0QRfcQ2FWy1GAM74hDaTcZ/JdABK2EF8OaDSgcYf4 > tPbN9W+wgp4g1iYvY3etnAZJ+4eK3Hd71eQOpgLSezhHf8ornpacKzX46Ve4qpw4 > cFy1plDzMnbkoTckJzkP > =TdzT > -----END PGP SIGNATURE----- > > Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.