| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
This patch bumps version to 0.9.1 and it bumps the API revision number.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
> CC parse.lo
> parse.c: In function ‘__parse_conntrack’:
> parse.c:434:15: warning: array subscript is above array bounds
>
> struct nfattr *tb[CTA_SECCTX_MAX]
> 434: ct->secctx = strdup(NFA_DATA(tb[CTA_SECCTX-1]))
>
> CTA_SECCTX has value 19, and CTA_SECCTX_MAX is just 1.
Reported-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch deprecates the low level API. This API is not currently
used by any known clients (at least, at a quick glance at google).
These functions are a problem if we plan to port libnetfilter_conntrack
upon libmnl since they contain specific libnfnetlink bits.
I have also added __build_query_[ct|exp] to avoid compilation warnings.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
These functions are evil since they allow the use of memcpy() instead
of nfct_copy(). This is a problem because it violates the design
principle that the library follows, that is to provide opaque objects
in which the client code does not care on the binary layout.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
Thus, we have a fast version of nfct_copy() which allows to
copy the destination to the origin. After this call, the
destination is a clone of the origin.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This problem was caught by qa/test_api.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the connection tracking extension that allows
conntrack timestamping.
This requires a Linux kernel >= 2.6.38.
We have now 65 attributes, we need 96 bits to store what attributes
are set in the objects.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes an embarasing a use-after-free in nfct_destroy()
that was introduced by myself in:
http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_conntrack.git;a=commit;h=fdda1474cc8654430f245b7f01c30e8ff171fa60
Reported-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch adds support for the new attribute CTA_SECCTX that
supersedes CTA_SECMARK.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-Wall flags this:
make test_api test_filter
make[1]: Entering directory `/home/jengelh/code/libnetfilter_conntrack/qa'
CC test_api.o
test_api.c:16:8: warning: return type defaults to "int"
test_api.c: In function "eval_sigterm":
test_api.c:23:18: warning: too many arguments for format
test_api.c: In function "main":
test_api.c:55:2: warning: implicit declaration of function "fork"
test_api.c:34:22: warning: unused variable "h"
test_api.c:102:1: warning: control reaches end of non-void function
test_api.c: In function "eval_sigterm":
test_api.c:29:1: warning: control reaches end of non-void function
CCLD test_api
CC test_filter.o
test_filter.c: In function "main":
test_filter.c:58:4: warning: implicit declaration of function "inet_addr"
test_filter.c:74:2: warning: implicit declaration of function "strerror"
test_filter.c:74:2: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
test_filter.c:75:1: warning: control reaches end of non-void function
CCLD test_filter
make[1]: Leaving directory `/home/jengelh/code/libnetfilter_conntrack/qa'
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The addition of -Wall flagged some legitimate warnings:
make expect_dump expect_create expect_get expect_delete expect_flush expect_events expect_create_userspace conntrack_create conntrack_dump conntrack_update conntrack_delete conntrack_flush conntrack_create_nat conntrack_get conntrack_events conntrack_master conntrack_filter conntrack_grp_create ctexp_events
make[1]: Entering directory `/home/jengelh/code/libnetfilter_conntrack/utils'
CC expect_dump.o
expect_dump.c: In function "main":
expect_dump.c:36:3: warning: implicit declaration of function "strerror"
expect_dump.c:36:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
CCLD expect_dump
CC expect_create.o
expect_create.c: In function "main":
expect_create.c:31:2: warning: implicit declaration of function "inet_addr"
expect_create.c:54:3: warning: implicit declaration of function "strerror"
expect_create.c:54:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
expect_create.c:117:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
CCLD expect_create
CC expect_get.o
expect_get.c: In function "main":
expect_get.c:33:2: warning: implicit declaration of function "inet_addr"
expect_get.c:59:3: warning: implicit declaration of function "strerror"
expect_get.c:59:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
CCLD expect_get
CC expect_delete.o
expect_delete.c: In function "main":
expect_delete.c:21:2: warning: implicit declaration of function "inet_addr"
expect_delete.c:46:3: warning: implicit declaration of function "strerror"
expect_delete.c:46:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
CCLD expect_delete
CC expect_flush.o
expect_flush.c: In function "main":
expect_flush.c:23:3: warning: implicit declaration of function "strerror"
expect_flush.c:23:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
CCLD expect_flush
CC expect_events.o
expect_events.c: In function "main":
expect_events.c:44:3: warning: implicit declaration of function "strerror"
expect_events.c:44:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
CCLD expect_events
CC expect_create_userspace.o
expect_create_userspace.c: In function "main":
expect_create_userspace.c:31:2: warning: implicit declaration of function "inet_addr"
expect_create_userspace.c:58:3: warning: implicit declaration of function "strerror"
expect_create_userspace.c:58:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
expect_create_userspace.c:121:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
CCLD expect_create_userspace
CC conntrack_create.o
conntrack_create.c: In function "main":
conntrack_create.c:21:2: warning: implicit declaration of function "inet_addr"
conntrack_create.c:43:3: warning: implicit declaration of function "strerror"
conntrack_create.c:43:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
CCLD conntrack_create
CC conntrack_dump.o
conntrack_dump.c: In function "main":
conntrack_dump.c:37:3: warning: implicit declaration of function "strerror"
conntrack_dump.c:37:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
conntrack_dump.c:24:7: warning: unused variable "buf"
CCLD conntrack_dump
CC conntrack_update.o
conntrack_update.c: In function "main":
conntrack_update.c:21:2: warning: implicit declaration of function "inet_addr"
conntrack_update.c:43:3: warning: implicit declaration of function "strerror"
conntrack_update.c:43:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
CCLD conntrack_update
CC conntrack_delete.o
conntrack_delete.c: In function "main":
conntrack_delete.c:21:2: warning: implicit declaration of function "inet_addr"
conntrack_delete.c:38:3: warning: implicit declaration of function "strerror"
conntrack_delete.c:38:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
CCLD conntrack_delete
CC conntrack_flush.o
conntrack_flush.c: In function "main":
conntrack_flush.c:24:3: warning: implicit declaration of function "strerror"
conntrack_flush.c:24:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
conntrack_flush.c:12:7: warning: unused variable "buf"
CCLD conntrack_flush
CC conntrack_create_nat.o
conntrack_create_nat.c: In function "main":
conntrack_create_nat.c:21:2: warning: implicit declaration of function "inet_addr"
conntrack_create_nat.c:45:3: warning: implicit declaration of function "strerror"
conntrack_create_nat.c:45:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
CCLD conntrack_create_nat
CC conntrack_get.o
conntrack_get.c: In function "main":
conntrack_get.c:33:2: warning: implicit declaration of function "inet_addr"
conntrack_get.c:52:3: warning: implicit declaration of function "strerror"
conntrack_get.c:52:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
CCLD conntrack_get
CC conntrack_events.o
conntrack_events.c: In function "main":
conntrack_events.c:45:3: warning: implicit declaration of function "strerror"
conntrack_events.c:45:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
conntrack_events.c:29:7: warning: unused variable "buf"
conntrack_events.c:28:23: warning: unused variable "ct"
conntrack_events.c:26:11: warning: unused variable "family"
CCLD conntrack_events
CC conntrack_master.o
conntrack_master.c: In function "main":
conntrack_master.c:22:2: warning: implicit declaration of function "inet_addr"
conntrack_master.c:44:3: warning: implicit declaration of function "strerror"
conntrack_master.c:44:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
conntrack_master.c:86:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
CCLD conntrack_master
CC conntrack_filter.o
conntrack_filter.c: In function "main":
conntrack_filter.c:58:3: warning: implicit declaration of function "inet_addr"
conntrack_filter.c:98:3: warning: implicit declaration of function "strerror"
conntrack_filter.c:98:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
conntrack_filter.c:31:7: warning: unused variable "buf"
conntrack_filter.c:30:23: warning: unused variable "ct"
conntrack_filter.c:27:11: warning: unused variable "family"
CCLD conntrack_filter
CC conntrack_grp_create.o
conntrack_grp_create.c: In function "main":
conntrack_grp_create.c:21:3: warning: implicit declaration of function "inet_addr"
conntrack_grp_create.c:49:3: warning: implicit declaration of function "strerror"
conntrack_grp_create.c:49:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
CCLD conntrack_grp_create
CC ctexp_events.o
ctexp_events.c: In function "main":
ctexp_events.c:63:3: warning: implicit declaration of function "strerror"
ctexp_events.c:63:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’
CCLD ctexp_events
make[1]: Leaving directory `/home/jengelh/code/libnetfilter_conntrack/utils'
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|\ |
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| | |
This fixes a minor problem introduced in b245e4092c5a7f09729e64868a42e13f48a
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|/
|
|
|
|
|
|
|
|
|
| |
This patch uses CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ instead which is the
name that is used in the Linux kernel header. Thus, both the headers
and the internal copy for the library are in sync.
This problem was probably introduced at the time that we added support
for the DCCP handshake sequence number.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch exports several low-level function that allow to build
and parse netlink messages that contain ctnetlink expectation
information. They have been in the tree for quite so long, but
they were not exported. To leave the library in a consistent state
(ctnetlink conntrack functions provide the similar functionality)
I have decided to export them.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
With this patch, the expect_events example also listens to other
sort of expectation events that were added in Linux kernel 2.6.37-rc.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch re-works the callback handling to allow the use the same socket
to send/receive commands and listen to events of both conntrack and
expectation subsystems. Now you can register one callback for conntrack
and one for expectation with the same handler with no problems (before
this patch, this was not possible, you required two different handlers).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|\ |
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|/
|
|
|
|
|
| |
This patch updates the README file and it includes the re-licensing
of this library to make it GPLv2+.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
PKG_CHECK_MODULES already produces its own (and more verbose) messsage
when a module cannot be found.
Mucking around with CFLAGS and LIBS is also not needed since pkgconfig
takes care of providing variables, so let's use them in Makefile.am.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
| |
libtool automatically adds PIC flags as needed.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
| |
sh -e (-x) will provide the same functionality as the run function
previously.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
| |
Similar to the commit in iptables, add Libs.private to tell about
dependencies for static linking.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
| |
This patch adds some missing attribute checkings in the XML
output that may result in inconsistent output (thus, displaying
some attributes out of <meta dir="independent">...</meta>)
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch adds missing tags such as [UPDATE] and [DESTROY]
for expectation events. The Linux kernel does not support
any of this expectation events yet, but we include it for
future use.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This patch adds an example on how to set up a user-space expectation.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This patch changes the existing example to make it more realistic.
It also removes the timeout setup since this field is ignored by
ctnetlink if we specify a kernel-space conntrack helper to be used.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This patch allows to set the expectation flags from user-space.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
We also remove the reference to CTA_EXPECT_QUEUENR with was not ever
pushed into Linux kernel mainline.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This warning has been there for quite some time, fix it by relaxing the
const type checking.
callback.c: In function `__expect_callback':
callback.c:30: warning: passing argument 2 of `__parse_expect' from incompatible pointer type
../../include/internal/prototypes.h:32: note: expected `const struct nfattr **' but argument is of type `struct nfattr **'
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
PKG_CHECK_MODULES already produces its own (and more verbose) messsage
when a module cannot be found.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
There is no need to call AC_CANONICAL_SYSTEM when only AC_CANONICAL_HOST
is needed. Also, checking for $target is factually incorrect, since we
do not produce object code like a compiler. Use $host, which specifies
the triple/quadrople where the compiled program is supposed to run.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
Note: the use of -i seems required, otherwise autoreconf barfs about
missing tools (depcomp, etc.). Since they are provided in the tarballs
as files anyway rather than like previously as symlinks, I do not see a
problem using -i.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
Make_global.am:7: "INCLUDES" is the old name for "AM_CPPFLAGS" (or "*_CPPFLAGS")
qa/Makefile.am:1: "Make_global.am" included from here
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
automake options also need to definitely go into configure.ac, otherwise
they only apply to a single directory.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
With this patch, we put stack.c and bsf.c out of the documentation
since they are only for internal use. We also include the relevant
exported libnetfilter_*.h headers.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|