| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Fix wrong arithmetics and missing pktb->len update
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
pktb_expand_tail returns 0 if there is no room for the mangling.
Note that we don't support dynamic reallocation, instead the
caller is responsible for allocating the extra room via pktb_alloc
according to the maximum amount of bytes it needs for the mangling.
Since pkt_buff layout is not exposed, we can change this in the
future if we prefer dynamic reallocation.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
Implement API to set per-queue flags. This is initially used
to implement fail-open support in NFQUEUE.
[ Pablo mangled this patch to bump LIBVERSION as well ]
Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Compilation can fail when libnfnetlink is not in a directory searched
by default. Reason is the empty KERNELDIR variable which makes for a
gcc command like:
gcc -I. -I../include -I -Wall -I/usr/include/libnfnetlink-1.0.0+git28
-Wall -c libnetfilter_queue.c
What one would expect is that gcc would search in the (non-existent)
directory "-Wall" and just continue as usual, since -Wall is specified
again. Instead, gcc versions before 4.6 attempt to search the
(similarly non-existent) directory "-I/usr/[...]" and thus miss.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
|
|
|
|
|
|
|
| |
The result of AC_EXEEXT is never used -- there is no ${EXEEXT} to be
found in the Makefiles.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
| |
|
|
|
|
| |
Only ignore these paths if they are a directory.
|
|
|
|
|
|
|
|
|
|
|
|
| |
The verdict NF_STOLEN must not be used.
When using NF_REPEAT, one way to prevent re-queueing of the
same packet is to also set an nfmark using nfq_set_verdict2,
and set up the nefilter rules to only queue a packet when the
mark is not (yet) set.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
add nfq_set_verdict_batch() and nfq_set_verdict_batch2 (to also
set the nfmark of all packets).
verdicts sent by the _batch variant will affect all queued skbs
whose id is smaller or equal to the given id.
This facility is available from Linux 3.1 onwards.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
|
|
|
|
|
|
|
| |
Makefile.am:12: EXTRA_DIST multiply defined in condition TRUE ...
Makefile.am:3: ... "EXTRA_DIST" previously defined here
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
| |
src/Makefile.am: C objects in subdir but "AM_PROG_CC_C_O"
not in "configure.ac"
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
| |
NFQNL_COPY_NONE means noop and should not be used.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch documents the ENOBUFS error in the example file, that
is a common problem is that question over and over again in the
mailing list.
I (Pablo) have mangled this patch with some comestic cleanups. BTW,
Mistick Levi sent a similar patch in the same timeline (amazing how
sometimes the same works can clash).
Signed-off-by: Alessandro Vesely <vesely@tana.it>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|\ |
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| |
| | |
This patch documents some performance tweaks for libnetfilter_queue
applications.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|\| |
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| | |
libtool automatically adds PIC flags as needed.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| |
| | |
Similar to the commit in iptables, add Libs.private to tell about
dependencies for static linking.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
PKG_CHECK_MODULES already produces its own (and more verbose) messsage
when a module cannot be found.
Mucking around with CFLAGS and LIBS is also not needed since pkgconfig
takes care of providing variables, so let's use them in Makefile.am.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There is no need to call AC_CANONICAL_SYSTEM when only
AC_CANONICAL_HOST is needed. Also, checking for $target is factually
incorrect, since we do not produce object code like a compiler. Use
$host, which specifies the triple/quadrople where the compiled program
is supposed to run.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Note: the use of -i seems required, otherwise autoreconf barfs about
missing tools (depcomp, etc.). Since they are provided in the tarballs
as files anyway rather than like previously as symlinks, I do not see
a problem using -i.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Makefile.am: "INCLUDES" is the old name for "AM_CPPFLAGS" (or "*_CPPFLAGS")
And remove unused $(all_includes)
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| |
| | |
automake options also need to definitely go into configure.ac, otherwise
they only apply to a single directory.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|/
|
|
|
|
|
|
|
|
|
|
| |
This patch upgrades the license to GPLv2+. I have received an explicit
ACK via email from contributors that are:
* Harald Welte <laforge@netfilter.org>.
* Holger Freyther <zecke@selfish.org>
* Alessandro Vesely <vesely@tana.it>
* Bart Schuymer <bdschuym@pandora.be>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
I accidentally inserted LIBVERSION to Makefile.am but the one
used is in src/Makefile.am. This patch removes the previous
definition.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch adds myself to the copyright notice according to my contributions
in the git repository.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch bumps the library version to 1.0. I have also introduced
LIBVERSION for the API versioning.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
libtoolize: Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.in and
libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree.
libtoolize: Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
In 224df57de4479d65d4fec3eeaa8b1a4d63b8213f, we forgot to remove
libipq.h that was introduced to add backward compatibility for
libipq (which was never completed and now everybody should be
using libnetfilter_queue instead).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This patch removes the prefix `0x' of the HW protocol.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes the output of the HW address in XML files:
<src>800:800:800:800:800:</src>
now it looks fine:
<src>0019a917a400</src>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
With this patch, nfq_snprintf_xml() returns the number of characters
printed. If the output was truncated, then the return value is the
number of characters that would have been written if enough space
had been available. This makes nfq_snprintf_xml() consistent with
the behaviour of snprintf().
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
In 21fd1834b5ce0a1f5b590f7e1ad23bba64fbafdf, we changed nfq_get_payload()
to take an unsigned char * instead of signed char *.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|