| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fedora 30 uses very recent gcc (version 9.1.1 20190503 (Red Hat 9.1.1-1)),
osf produces following warnings:
-Wformat-truncation warning have been introduced in the version 7.1 of gcc.
Also, remove a unneeded address check of "tmp + 1" in nf_osf_strchr().
nfnl_osf.c: In function ‘nfnl_osf_load_fingerprints’:
nfnl_osf.c:346:33: warning: ‘%s’ directive output may be truncated writing
up to 1023 bytes into a region of size 128 [-Wformat-truncation=]
346 | snprintf(obuf, sizeof(obuf), "%s,", pbeg);
| ^~
nfnl_osf.c:346:3: note: ‘snprintf’ output between 2 and 1025 bytes into a
destination of size 128
346 | snprintf(obuf, sizeof(obuf), "%s,", pbeg);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
nfnl_osf.c:354:40: warning: ‘%s’ directive output may be truncated writing
up to 1023 bytes into a region of size 32 [-Wformat-truncation=]
354 | snprintf(f.genre, sizeof(f.genre), "%s", pbeg);
| ^~
nfnl_osf.c:354:4: note: ‘snprintf’ output between 1 and 1024 bytes into a
destination of size 32
354 | snprintf(f.genre, sizeof(f.genre), "%s", pbeg);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
nfnl_osf.c:363:43: warning: ‘%s’ directive output may be truncated writing
up to 1023 bytes into a region of size 32 [-Wformat-truncation=]
363 | snprintf(f.version, sizeof(f.version), "%s", pbeg);
| ^~
nfnl_osf.c:363:3: note: ‘snprintf’ output between 1 and 1024 bytes into a
destination of size 32
363 | snprintf(f.version, sizeof(f.version), "%s", pbeg);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
nfnl_osf.c:370:47: warning: ‘%s’ directive output may be truncated writing
up to 1023 bytes into a region of size 32 [-Wformat-truncation=]
370 | snprintf(f.subtype, sizeof(f.subtype), "%s", pbeg);
| ^~
nfnl_osf.c:370:7: note: ‘snprintf’ output between 1 and 1024 bytes into a
destination of size 32
370 | snprintf(f.subtype, sizeof(f.subtype), "%s", pbeg);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
Content is rather sparse, but still better than no manpage at all.
Cc: Willem de Bruijn <willemb@google.com>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This gets rid of a number of assignments which are either redundant or
not used afterwards.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
| |
This eliminates the deprecation warning when compiling the sources.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
|
|
| |
Although it remains unclear what the original intention behind the
affected code was, but 'tmp + 1' always evaluates true since 'tmp' is a
pointer value.
Cc: Evgeniy Polyakov <johnpol@2ka.mxt.ru>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
| |
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
* -d is optional
* -h is not really a flag, just anything not recognized triggers the
help output.
* That '<del rules>' bit is rather confusing than helpful.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The musl libc exposes some struct tcphdr field only when _GNU_SOURCE is
defined. Fix the following build failure:
nfsynproxy.c: In function ‘parse_packet’:
nfsynproxy.c:34:9: error: ‘const struct tcphdr’ has no member named ‘syn’
if (!th->syn || !th->ack)
^
nfsynproxy.c:34:21: error: ‘const struct tcphdr’ has no member named ‘ack’
if (!th->syn || !th->ack)
^
nfsynproxy.c:42:8: error: ‘const struct tcphdr’ has no member named ‘res2’
if (th->res2 == 0x1)
^
nfsynproxy.c:45:13: error: ‘const struct tcphdr’ has no member named ‘doff’
length = th->doff * 4 - sizeof(*th);
^
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
Sync with latest OpenBSD release.
Changelog: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/pf.os
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel <netfilter-devel@vger.kernel.org>
Signed-off-by: Xose Vazquez Perez <xose.vazquez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync with latest *BSD release: https://gitweb.dragonflybsd.org/dragonfly.git/blob_plain/HEAD:/etc/pf.os
Changelog: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/pf.os
Cc: Evgeniy Polyakov <johnpol@2ka.mxt.ru>
Cc: Jan Engelhardt <jengelh@medozas.de>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel <netfilter-devel@vger.kernel.org>
Signed-off-by: Xose Vazquez Perez <xose.vazquez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
http://www.gnu.org/licenses/gpl-2.0.html
http://www.fsf.org/about/contact/
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following error while running nfsynproxy here:
pcap_compile: not-yet-activated pcap_t passed to pcap_compile
According to what I have read, we have to compile the filter
once the pcap_t handle has been activated.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
[ Originally synconf, but Jesper D. Brouer suggested to change
the name to avoid a possible filename clash. I also include
nfsynproxy in the final configure report --pablo ]
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Reported-by: Mart Frauenlob <mart.frauenlob@chello.at>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|\
| |
| |
| |
| | |
Resolve conflict with Nicolas' Dichtel update on utils/Makefile.am
for nfnl_osf.
|
| |
| |
| |
| |
| |
| |
| | |
If the user specify libnfnetlink_LIBS during the configure, we must use it.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A BPF compiler to convert tcpdump expressions to the decimal format
accepted by the libxt_bpf.
Generate a file and pass that to iptables:
nfbpf_compile RAW 'udp dst port 9000' > test.bpf
iptables -A OUTPUT -m bpf --bytecode-file test.bpf -j LOG
Or pass the output directly to iptables using backticks:
iptables -A INPUT -m bpf --bytecode \
"`./nfbpf_compile RAW 'udp dst port 9000'" -j LOG
This utility depends on libpcap. The library is only compiled if the option
--enable-bpf-compiler is explicitly passed to ./configure and libpcap is
found.
Pablo has mangled the original patch to rename the utility to
nfbpf_compile. Also modified the output to match exactly what
-m bpf --bytecode needs.
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
References; http://bugzilla.netfilter.org/show_bug.cgi?id=713
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
| |
This is where they belong, after all.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=713
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes this compile error:
CC nfnl_osf.o
nfnl_osf.c:48:36: fatal error: linux/netfilter/xt_osf.h: No such file or directory
compilation terminated.
References: http://marc.info/?l=netfilter&m=127449929621579&w=2
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
xt_osf is pretty useless without the actual fingerprint loader. Import
nfnl_osf-2009-06-07 and make it a part of the iptables distribution.
Cc: Evgeniy Polyakov <johnpol@2ka.mxt.ru>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|