jooseong lee [Fri, 30 Sep 2016 07:09:12 +0000 (16:09 +0900)]
Modify license name format
Change-Id: Ia78b6aa6a33279398fe0a1995fcb7d0e08e22326
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
r.kubiak [Mon, 16 Nov 2015 13:14:51 +0000 (14:14 +0100)]
Added spec file.
Ken-ichirou MATSUZAWA [Fri, 11 Sep 2015 01:54:53 +0000 (10:54 +0900)]
nlmsg: add lacking attributes validation
This patch adds four (actually two) attributes validation with
comparing to current kernel header.
Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Roman Kubiak [Tue, 16 Jun 2015 16:14:47 +0000 (18:14 +0200)]
src: add security context information
This commit adds security context information structures
and functions.
This will allow userspace to find the security context of each
packet (if it exists) and make decisions based on that.
It should work for SELinux and SMACK.
Signed-off-by: Roman Kubiak <r.kubiak@samsung.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Felix Janda [Tue, 16 Jun 2015 19:23:04 +0000 (21:23 +0200)]
libnetfilter_queue.h: Include <sys/time.h> for struct timeval
Signed-off-by: Felix Janda <felix.janda@posteo.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Felix Janda [Sat, 16 May 2015 12:45:46 +0000 (14:45 +0200)]
extra: Define _GNU_SOURCE to get members of tcphdr&ucphdr
The source uses linux names for members of tcphdr. For example
"source" instead of "th_sport", ... musl libc's headers need
_GNU_SOURCE defined in order to expose these.
Signed-off-by: Felix Janda <felix.janda@posteo.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Felix Janda [Sat, 16 May 2015 12:45:23 +0000 (14:45 +0200)]
src: Use stdint types everywhere
Signed-off-by: Felix Janda <felix.janda@posteo.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Felix Janda [Sat, 16 May 2015 12:24:41 +0000 (14:24 +0200)]
include: Sync with kernel headers
Signed-off-by: Felix Janda <felix.janda@posteo.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Mon, 30 Jun 2014 10:18:07 +0000 (12:18 +0200)]
extra: tcp: insufficient sanitization in nfq_tcp_get_payload()
Similar to 7335cbe ("extra: fix wrong implementation in
nfq_udp_get_payload").
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Ting-Wei Lan [Fri, 20 Jun 2014 10:27:00 +0000 (18:27 +0800)]
extra: fix wrong implementation in nfq_udp_get_payload
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Ting-Wei Lan [Fri, 20 Jun 2014 10:26:59 +0000 (18:26 +0800)]
extra: use inet_ntop instead of inet_ntoa
The result of inet_ntoa() will be overwritten by the next call to
inet_ntoa(), so using it twice in the same snprintf() call causes
wrong result.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Ting-Wei Lan [Sat, 7 Jun 2014 12:15:13 +0000 (20:15 +0800)]
include: fix wrong function name in the header
There is no nfq_ip6hdr_snprintf(). nfq_ip6_snprintf() is the correct name.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Álvaro Neira Ayuso [Mon, 9 Jun 2014 08:52:24 +0000 (10:52 +0200)]
utils: add the parameter queue number in nfqnl_test
This patch allows to stablish the number of the queue that
we want to read the packets.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Álvaro Neira Ayuso [Fri, 6 Jun 2014 09:52:40 +0000 (11:52 +0200)]
utils: Remove unused variable in nfqnl_test
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Florian Westphal [Thu, 24 Apr 2014 09:01:11 +0000 (11:01 +0200)]
src: PF_BIND/UNBIND is ignored in 3.8 and later
There is confusion on what this command actually does and why
examples commonly PF_UNBIND at startup.
Since these are obsolete document that its not needed starting
with Linux 3.8.
Signed-off-by: Florian Westphal <fw@strlen.de>
Valentina Giusti [Tue, 7 Jan 2014 13:30:20 +0000 (14:30 +0100)]
utils: add example usage of nfq_get_uid and nfq_get_gid
[ Mangled this patch to indicate that this kernel does not support
UID/GID retrieval not to confuse users --pablo ]
Signed-off-by: Valentina Giusti <Valentina.Giusti@bmw-carit.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Valentina Giusti [Tue, 7 Jan 2014 13:30:19 +0000 (14:30 +0100)]
src: add support for UID/GID socket info
With this patch libnetfilter_queue is able to parse UID/GID
socket information.
Signed-off-by: Valentina Giusti <Valentina.Giusti@bmw-carit.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Gustavo Zacarias [Tue, 10 Sep 2013 19:23:34 +0000 (16:23 -0300)]
configure: uclinux is also linux
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Tue, 13 Aug 2013 16:01:30 +0000 (18:01 +0200)]
src: extra: add prefix nfq_ to internal checksum functions
These functions are internal and they belong to the libnetfilter_queue scope,
so let's add the corresponding nfq_ prefix.
Suggested-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Florian Westphal [Tue, 13 Aug 2013 08:48:50 +0000 (10:48 +0200)]
build: avoid symbol namespace pollution
As of
f40eabb01 (add pkt_buff and protocol helper functions)
libnetfilter_queue accidentally exports the internal function named
'checksum'. This is a bit too generic and may cause crashes with
applications that worked fine before.
This patch makes the functions checksum, checksum_tcpudp_ipv4 and
checksum_tcpudp_ipv6 local by building with fvis-hidden and adding
EXPORTs for the legacy api calls and the ones that seem to have missing
EXPORT tags (mainly pktbuff api).
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Florian Westphal [Fri, 26 Apr 2013 08:21:17 +0000 (10:21 +0200)]
examples/nf-queue: receive large gso packets
Signed-off-by: Florian Westphal <fw@strlen.de>
Florian Westphal [Fri, 26 Apr 2013 08:21:16 +0000 (10:21 +0200)]
src: add new GSO handling capabilities
allows userspace to ask for large gso packets via nfqueue.
Signed-off-by: Florian Westphal <fw@strlen.de>
Florian Westphal [Fri, 26 Apr 2013 08:21:16 +0000 (10:21 +0200)]
examples/nf-queue: handle recv error, use larger buffer
We ask for 0xffff copy size, so we need a buffer that can
hold 0xffff, plus a few more bytes to allow for netlink attributes.
Also, turn off/handle ENOBUFS.
Signed-off-by: Florian Westphal <fw@strlen.de>
Tamas Lengyel [Fri, 31 May 2013 12:20:57 +0000 (12:20 +0000)]
fix valgrind errors of uninitialised byte during call to nfq_unbind_pf
Valgrind generates error reports during a call
to the nfq_unbind_pf function:
==00:00:00:08.662 22111== 4 errors in context 1 of 1:
==00:00:00:08.662 22111== Syscall param socketcall.sendto(msg) points
to uninitialised byte(s)
...
==00:00:00:08.662 22111== Uninitialised value was created by a stack allocation
==00:00:00:08.662 22111== at 0x679C30B: __build_send_cfg_msg
(libnetfilter_queue.c:178
Signed-off-by: Tamas K Lengyel <tamas.k.lengyel@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Florian Westphal [Fri, 26 Apr 2013 08:21:16 +0000 (10:21 +0200)]
build: don't install internal.h
Signed-off-by: Florian Westphal <fw@strlen.de>
Pablo Neira Ayuso [Thu, 14 Mar 2013 11:11:06 +0000 (12:11 +0100)]
src: document NFQA_CFG_F_CONNTRACK flag
Suggested by Eric Leblond.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Sun, 13 Jan 2013 20:56:00 +0000 (21:56 +0100)]
doxygen: improve documentation
This patch improves the doxygen documentation and adds a reference
to an external article.
Eric Leblond [Sun, 13 Jan 2013 20:40:59 +0000 (21:40 +0100)]
doxygen: improve fail-open documentation.
Florian Westphal [Fri, 23 Nov 2012 11:10:10 +0000 (12:10 +0100)]
examples: nf-queue: fix api usage
1. struct nlattr *attr[NFQA_MAX+1] must be initialized.
Otherwise, attr[FOO] might be non-null after parsing
even if that attribute isn't present in the message.
2. mnl_attr_get_payload will never return NULL (if the
attribute is NULL, it returns MNL_ATTR_HDRLEN.)
Signed-off-by: Florian Westphal <fw@strlen.de>
Jan Engelhardt [Mon, 8 Oct 2012 13:16:32 +0000 (15:16 +0200)]
build: resolve automake-1.12 warnings
am/ltlibrary.am: warning: 'libnetfilter_queue.la': linking libtool
libraries using a non-POSIX archiver requires 'AM_PROG_AR' in
'configure.ac'
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Pablo Neira Ayuso [Mon, 8 Oct 2012 10:28:40 +0000 (12:28 +0200)]
bump version to 1.0.2
LIBVERSION is already correctly updates, previous release was:
3:0:2
and this is:
4:0:3
This release includes new interfaces, but we're still backward compatible.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Tue, 21 Aug 2012 11:58:05 +0000 (13:58 +0200)]
fix compilation warning in nfq_get_payload
libnetfilter_queue.c: In function 'nfq_get_payload':
libnetfilter_queue.c:1116:8: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Mon, 20 Aug 2012 17:50:17 +0000 (19:50 +0200)]
examples: nf-queue: fix compilation warning with gcc-4.7
nf-queue.c: In function ‘main’:
nf-queue.c:146:12: warning: unused variable ‘id’ [-Wunused-variable]
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Mon, 20 Aug 2012 17:48:05 +0000 (19:48 +0200)]
src: update doxygen documentation for new API for libmnl
This patch updates the doxygen documentation for the new API.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Mon, 20 Aug 2012 17:34:31 +0000 (19:34 +0200)]
pktbuff: fix pktb_push, _pull and _put function
Fix wrong arithmetics and missing pktb->len update
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Mon, 20 Aug 2012 16:57:05 +0000 (18:57 +0200)]
extra: pktbuff: pktb_expand_tail return 0 if there is no room in the tail
pktb_expand_tail returns 0 if there is no room for the mangling.
Note that we don't support dynamic reallocation, instead the
caller is responsible for allocating the extra room via pktb_alloc
according to the maximum amount of bytes it needs for the mangling.
Since pkt_buff layout is not exposed, we can change this in the
future if we prefer dynamic reallocation.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Thu, 31 May 2012 08:52:46 +0000 (10:52 +0200)]
add mangle functions for IPv4/TCP and IPv4/UDP
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Mon, 14 May 2012 11:14:14 +0000 (13:14 +0200)]
add pkt_buff and protocol helper functions
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Mon, 16 Apr 2012 17:12:58 +0000 (19:12 +0200)]
add new libnetfilter_queue API for libmnl
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Krishna Kumar [Wed, 6 Jun 2012 00:59:00 +0000 (00:59 +0000)]
src: implement API to set per-queue flags
Implement API to set per-queue flags. This is initially used
to implement fail-open support in NFQUEUE.
[ Pablo mangled this patch to bump LIBVERSION as well ]
Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jan Engelhardt [Sat, 30 Jun 2012 00:28:25 +0000 (02:28 +0200)]
build: remove stray empty variable
Compilation can fail when libnfnetlink is not in a directory searched
by default. Reason is the empty KERNELDIR variable which makes for a
gcc command like:
gcc -I. -I../include -I -Wall -I/usr/include/libnfnetlink-1.0.0+git28
-Wall -c libnetfilter_queue.c
What one would expect is that gcc would search in the (non-existent)
directory "-Wall" and just continue as usual, since -Wall is specified
again. Instead, gcc versions before 4.6 attempt to search the
(similarly non-existent) directory "-I/usr/[...]" and thus miss.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Jan Engelhardt [Sun, 24 Jun 2012 12:58:28 +0000 (14:58 +0200)]
build: remove unused lines in Makefile.am
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Jan Engelhardt [Thu, 5 Jan 2012 04:36:21 +0000 (05:36 +0100)]
build: remove unnecessary AC_EXEEXT
The result of AC_EXEEXT is never used -- there is no ${EXEEXT} to be
found in the Makefiles.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Pablo Neira Ayuso [Mon, 2 Jan 2012 19:28:45 +0000 (20:28 +0100)]
build: bump version to 1.0.1
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jan Engelhardt [Sat, 17 Dec 2011 03:02:34 +0000 (04:02 +0100)]
build: disable implicit .tar.gz archive generation and use POSIX mode
Jan Engelhardt [Sat, 17 Dec 2011 03:02:23 +0000 (04:02 +0100)]
build: use AC_CONFIG_AUX_DIR and stash away tools
Jan Engelhardt [Sat, 17 Dec 2011 03:01:46 +0000 (04:01 +0100)]
Update .gitignore
Only ignore these paths if they are a directory.
Florian Westphal [Tue, 6 Sep 2011 11:48:25 +0000 (13:48 +0200)]
src: add notes on NF_STOLEN and NF_REPEAT to documentation
The verdict NF_STOLEN must not be used.
When using NF_REPEAT, one way to prevent re-queueing of the
same packet is to also set an nfmark using nfq_set_verdict2,
and set up the nefilter rules to only queue a packet when the
mark is not (yet) set.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
Florian Westphal [Tue, 6 Sep 2011 11:47:43 +0000 (13:47 +0200)]
src: add NFQNL_MSG_VERDICT_BATCH support
add nfq_set_verdict_batch() and nfq_set_verdict_batch2 (to also
set the nfmark of all packets).
verdicts sent by the _batch variant will affect all queued skbs
whose id is smaller or equal to the given id.
This facility is available from Linux 3.1 onwards.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
Jan Engelhardt [Mon, 1 Aug 2011 18:01:48 +0000 (20:01 +0200)]
build: fix file list warning with automake-1.9
Makefile.am:12: EXTRA_DIST multiply defined in condition TRUE ...
Makefile.am:3: ... "EXTRA_DIST" previously defined here
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Jan Engelhardt [Mon, 1 Aug 2011 18:01:23 +0000 (20:01 +0200)]
build: fix error with automake-1.9
src/Makefile.am: C objects in subdir but "AM_PROG_CC_C_O"
not in "configure.ac"
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Pablo Neira Ayuso [Tue, 15 Mar 2011 17:23:42 +0000 (18:23 +0100)]
build: Linux kernel-style for compilation messages
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Thu, 6 Jan 2011 02:42:49 +0000 (03:42 +0100)]
build: fix `make distcheck'
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jan Engelhardt [Thu, 30 Dec 2010 22:15:53 +0000 (23:15 +0100)]
build: use -Wall across the entire source
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Jan Engelhardt [Thu, 30 Dec 2010 22:15:18 +0000 (23:15 +0100)]
build: create a Make_global.am file
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Jan Engelhardt [Thu, 30 Dec 2010 22:09:28 +0000 (23:09 +0100)]
build: remove unused LIBTOOL_DEPS
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Pablo Neira Ayuso [Tue, 7 Dec 2010 09:06:21 +0000 (10:06 +0100)]
doc: fix wrong documentation on NFQNL_COPY_NONE
NFQNL_COPY_NONE means noop and should not be used.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Alessandro Vesely [Sun, 7 Nov 2010 20:38:31 +0000 (21:38 +0100)]
utils: document ENOBUFS in nfqnl_test.c
This patch documents the ENOBUFS error in the example file, that
is a common problem is that question over and over again in the
mailing list.
I (Pablo) have mangled this patch with some comestic cleanups. BTW,
Mistick Levi sent a similar patch in the same timeline (amazing how
sometimes the same works can clash).
Signed-off-by: Alessandro Vesely <vesely@tana.it>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jan Engelhardt [Sun, 31 Oct 2010 09:11:18 +0000 (10:11 +0100)]
build: use AC_OUTPUT
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Jan Engelhardt [Sat, 30 Oct 2010 22:33:25 +0000 (00:33 +0200)]
build: default to not building static libraries
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Pablo Neira Ayuso [Wed, 3 Nov 2010 17:58:22 +0000 (18:58 +0100)]
doc: document some performance tweaks for libnetfilter_queue
This patch documents some performance tweaks for libnetfilter_queue
applications.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Jan Engelhardt [Sat, 30 Oct 2010 21:15:19 +0000 (23:15 +0200)]
Update .gitignore
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Jan Engelhardt [Sat, 30 Oct 2010 21:54:44 +0000 (23:54 +0200)]
build: remove -fPIC flag
libtool automatically adds PIC flags as needed.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Jan Engelhardt [Sat, 30 Oct 2010 21:38:03 +0000 (23:38 +0200)]
build: remove statements without effect
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Jan Engelhardt [Sat, 30 Oct 2010 21:11:26 +0000 (23:11 +0200)]
build: set Libs.private for pkgconfig file
Similar to the commit in iptables, add Libs.private to tell about
dependencies for static linking.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Jan Engelhardt [Sat, 30 Oct 2010 21:09:45 +0000 (23:09 +0200)]
build: no need for error message in PKG_CHECK_MODULES
PKG_CHECK_MODULES already produces its own (and more verbose) messsage
when a module cannot be found.
Mucking around with CFLAGS and LIBS is also not needed since pkgconfig
takes care of providing variables, so let's use them in Makefile.am.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Jan Engelhardt [Sat, 30 Oct 2010 21:07:13 +0000 (23:07 +0200)]
build: run AC_CANONICAL_HOST only
There is no need to call AC_CANONICAL_SYSTEM when only
AC_CANONICAL_HOST is needed. Also, checking for $target is factually
incorrect, since we do not produce object code like a compiler. Use
$host, which specifies the triple/quadrople where the compiled program
is supposed to run.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Jan Engelhardt [Sat, 30 Oct 2010 21:02:33 +0000 (23:02 +0200)]
build: use simpler autoreconf in autogen
Note: the use of -i seems required, otherwise autoreconf barfs about
missing tools (depcomp, etc.). Since they are provided in the tarballs
as files anyway rather than like previously as symlinks, I do not see
a problem using -i.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Jan Engelhardt [Sat, 30 Oct 2010 21:05:38 +0000 (23:05 +0200)]
build: avoid use of deprecated INCLUDES
Makefile.am: "INCLUDES" is the old name for "AM_CPPFLAGS" (or "*_CPPFLAGS")
And remove unused $(all_includes)
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Jan Engelhardt [Sat, 30 Oct 2010 21:04:32 +0000 (23:04 +0200)]
build: use modern call syntax for AC_INIT, AM_INIT_AUTOMAKE
automake options also need to definitely go into configure.ac, otherwise
they only apply to a single directory.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Jan Engelhardt [Sat, 30 Oct 2010 21:03:12 +0000 (23:03 +0200)]
build: build: use autoconf-suggested naming of files
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Pablo Neira Ayuso [Fri, 29 Oct 2010 18:44:04 +0000 (20:44 +0200)]
license: upgrade to GPLv2+
This patch upgrades the license to GPLv2+. I have received an explicit
ACK via email from contributors that are:
* Harald Welte <laforge@netfilter.org>.
* Holger Freyther <zecke@selfish.org>
* Alessandro Vesely <vesely@tana.it>
* Bart Schuymer <bdschuym@pandora.be>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Thu, 15 Jul 2010 09:12:30 +0000 (11:12 +0200)]
nfq: fix redundant LIBVERSION definition
I accidentally inserted LIBVERSION to Makefile.am but the one
used is in src/Makefile.am. This patch removes the previous
definition.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Thu, 15 Jul 2010 08:41:18 +0000 (10:41 +0200)]
nfq: add myself to the copyright notice
This patch adds myself to the copyright notice according to my contributions
in the git repository.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Thu, 15 Jul 2010 08:10:25 +0000 (10:10 +0200)]
nfq: add missing documentation on nfq_snprintf_xml()
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Sun, 11 Jul 2010 15:19:12 +0000 (17:19 +0200)]
nfq: bump version to 1.0.0
This patch bumps the library version to 1.0. I have also introduced
LIBVERSION for the API versioning.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Sun, 11 Jul 2010 15:19:54 +0000 (17:19 +0200)]
build: add libtool m4 support
libtoolize: Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.in and
libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree.
libtoolize: Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Sun, 11 Jul 2010 15:25:30 +0000 (17:25 +0200)]
nfq: remove libipq.h
In
224df57de4479d65d4fec3eeaa8b1a4d63b8213f, we forgot to remove
libipq.h that was introduced to add backward compatibility for
libipq (which was never completed and now everybody should be
using libnetfilter_queue instead).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Sun, 11 Jul 2010 13:08:40 +0000 (15:08 +0200)]
nfq: remove `0x' from HW protocol in output of nfq_snprintf_xml()
This patch removes the prefix `0x' of the HW protocol.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Sun, 11 Jul 2010 13:00:13 +0000 (15:00 +0200)]
nfq: fix HW address output in nfq_snprintf_xml()
This patch fixes the output of the HW address in XML files:
<src>800:800:800:800:800:</src>
now it looks fine:
<src>
0019a917a400</src>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Sun, 11 Jul 2010 11:22:29 +0000 (13:22 +0200)]
nfq: consistent nfq_snprintf_xml() return value with snprintf()
With this patch, nfq_snprintf_xml() returns the number of characters
printed. If the output was truncated, then the return value is the
number of characters that would have been written if enough space
had been available. This makes nfq_snprintf_xml() consistent with
the behaviour of snprintf().
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Sun, 11 Jul 2010 11:42:28 +0000 (13:42 +0200)]
nfq: fix compilation warning in nfq_snprintf_xml()
In
21fd1834b5ce0a1f5b590f7e1ad23bba64fbafdf, we changed nfq_get_payload()
to take an unsigned char * instead of signed char *.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Tue, 26 Jan 2010 13:06:35 +0000 (14:06 +0100)]
add nfq_snprintf_xml() to output a packet in XML format
This patch adds a new function to output the packet in XML format.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
David Fabro [Thu, 10 Jun 2010 13:04:06 +0000 (15:04 +0200)]
added .gitignore for base directory
Signed-off-by: David Favro <netfilter@meta-dynamic.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
David Fabro [Thu, 10 Jun 2010 13:03:44 +0000 (15:03 +0200)]
payload buffer datatypes are consistent
The 'data' parameter to nfq_get_payload() returns pointer to unsigned
char (rather than signed char) to make it consistent with the 'buf'
parameter of nfq_set_verdict(), nfq_set_verdict2(), and
nfq_set_verdict_mark(), all of which refer to the same data. Either
signed or unsigned is fine, but they should be consistent as the output
of nfq_get_payload() may be passed back into nfq_set_verdict*(); in that
case, this change eliminates the need for typecasting in the calling
code when using compilers that enforce strict typecasting.
Signed-off-by: David Favro <netfilter@meta-dynamic.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
David Fabro [Thu, 10 Jun 2010 12:54:41 +0000 (14:54 +0200)]
non-modified payload arguments are pointer-to-const
The payload parameters to nfq_set_verdict(), nfq_set_verdict2(), and
nfq_set_verdict_mark() are not modified by those functions, and
therefore should have datatype pointer-to-const. This both causes the
source-code to more effectively represent what is the purpose of the
parameter, and eliminates the need to cast away const-ness when calling
the functions with compilers that enforce strict casting. All existing
calling code should not need modification as pointer-to-X automatically
converts to pointer-to-const-X.
Signed-off-by: David Favro <netfilter@meta-dynamic.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Mon, 10 May 2010 14:56:28 +0000 (16:56 +0200)]
doc: remove references to deprecated nfq_set_verdict_mark()
Now, we refer to nfq_set_verdict2() instead.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Alessandro Vesely [Mon, 10 May 2010 14:54:37 +0000 (16:54 +0200)]
doc: document possible verdicts on packets and minor change in example
Signed-off-by: Alessandro Vessely <vesely@tana.it>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
David Favro [Mon, 10 May 2010 14:50:09 +0000 (16:50 +0200)]
doc: enhancements
* Several parameters are clarified.
* Several previously undocumented return-values are documented.
* nfq_set_verdict_mark() [now deprecated]: notes that mark is in
network byte order.
Signed-off-by: David Favro <netfilter@meta-dynamic.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Sun, 9 May 2010 21:24:43 +0000 (23:24 +0200)]
nfq: deprecate nfq_set_verdict_mark() in favour of nfq_set_verdict2()
This patch deprecates nfq_set_verdict_mark() in favour of
nfq_set_verdict2() which does exactly the same but it also
convert the mark value from host-byte order to network-byte
order as expected by nfnetlink_queue.
I know, this is hackish, but I prefer adding new functions
instead of API versioning which is also ugly.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Holger Hans Peter Freyther [Sun, 27 Dec 2009 15:02:51 +0000 (16:02 +0100)]
doc: make doxygen.cfg.in work with doxygen 1.6.1
* DETAILS_AT_TOP is deprecated and newer versions of
doxygens are warning about this. Remove this option.
* Empty HTML_HEADER as newer versions of doxygen check
if the file exists and fail if it doesn't. Looking at
the history of this project the file never existed.
* This continues to work with doxygen 1.5.6.
Signed-off-by: Holger Hans Peter Freyther <zecke@selfish.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Patrick McHardy [Thu, 17 Sep 2009 11:46:25 +0000 (13:46 +0200)]
remove libipq_compat
It has never been finished and nowadays people should be using
libnfnetlink_queue directly anyways. In case someone wants to
finish it, it can easily be restored from the history.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Pablo Neira Ayuso [Thu, 16 Jul 2009 07:58:56 +0000 (09:58 +0200)]
nfq: add minor comment in the documentation to warn about privileges
This patch adds a minor notice to warn developers that its
application needs CAP_NET_ADMIN in order to send to and receive
packets from kernel-space.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Fri, 6 Mar 2009 16:01:49 +0000 (17:01 +0100)]
build: bump version to 0.0.17
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso [Tue, 17 Feb 2009 19:47:21 +0000 (20:47 +0100)]
nfq: replace nfnl_talk by nfnl_query and disable sequence tracking
This patch replaces the nfnl_talk() calls by the newer nfnl_query().
This patch also disables netlink sequence tracking by default.
Spurious race conditions in the sequence tracking may occur while
creating queues and receiving high load of packets at the same time.
Reported-by: Anton Vazir <anton.vazir@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Bart De Schuymer [Mon, 26 Jan 2009 15:33:57 +0000 (16:33 +0100)]
nfqnl_test: add hw src address, physindev and physoutdev support
This adds the hardware source address, physindev and physoutdev support
to nfqnl_test
Signed-off-by: Bart De Schuymer <bdschuym@pandora.be>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Pablo Neira Ayuso [Tue, 6 Jan 2009 12:21:50 +0000 (13:21 +0100)]
doc: put doxygen configuration file into diet
This patch puts the doxygen config file into diet since it was
bloated with tons of comments. If we need help, we can go look
for the official documentation instead of consuming ~50KB.
With this patch, the file results in ~5KB.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond [Mon, 22 Dec 2008 10:52:51 +0000 (11:52 +0100)]
Add doxygen config file.
This patch adds a doxygen configuration file which is generated by
the configure script.
Eric Leblond [Wed, 17 Dec 2008 23:03:52 +0000 (00:03 +0100)]
Switch documentation style to doxygen.
This patch modifies the documentation format to switch to doxygen
format. This leads to a interesting and useful output. An example
can be found at the following url:
http://www.nufw.org/doc/libnetfilter_queue/
Eric Leblond [Wed, 17 Dec 2008 15:29:56 +0000 (16:29 +0100)]
Suppress double call of nfnl_subsys_close()
nfnl_close() is calling nfnl_subsys_close() for all available
subsys. Thus it is not necessary to call it in the nfq_close()
function.
Signed-off-by: Eric Leblond <eric@inl.fr>