summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* pktbuff: fix pktb_push, _pull and _put functionPablo Neira Ayuso2012-08-201-2/+5
| | | | | | Fix wrong arithmetics and missing pktb->len update Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extra: pktbuff: pktb_expand_tail return 0 if there is no room in the tailPablo Neira Ayuso2012-08-201-3/+9
| | | | | | | | | | | | pktb_expand_tail returns 0 if there is no room for the mangling. Note that we don't support dynamic reallocation, instead the caller is responsible for allocating the extra room via pktb_alloc according to the maximum amount of bytes it needs for the mangling. Since pkt_buff layout is not exposed, we can change this in the future if we prefer dynamic reallocation. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add mangle functions for IPv4/TCP and IPv4/UDPPablo Neira Ayuso2012-08-0611-4/+146
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add pkt_buff and protocol helper functionsPablo Neira Ayuso2012-08-0614-2/+910
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add new libnetfilter_queue API for libmnlPablo Neira Ayuso2012-08-0615-13/+510
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: implement API to set per-queue flagsKrishna Kumar2012-07-144-1/+53
| | | | | | | | | | Implement API to set per-queue flags. This is initially used to implement fail-open support in NFQUEUE. [ Pablo mangled this patch to bump LIBVERSION as well ] Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: remove stray empty variableJan Engelhardt2012-06-301-1/+1
| | | | | | | | | | | | | | | | Compilation can fail when libnfnetlink is not in a directory searched by default. Reason is the empty KERNELDIR variable which makes for a gcc command like: gcc -I. -I../include -I -Wall -I/usr/include/libnfnetlink-1.0.0+git28 -Wall -c libnetfilter_queue.c What one would expect is that gcc would search in the (non-existent) directory "-Wall" and just continue as usual, since -Wall is specified again. Instead, gcc versions before 4.6 attempt to search the (similarly non-existent) directory "-I/usr/[...]" and thus miss. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
* build: remove unused lines in Makefile.amJan Engelhardt2012-06-241-2/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@inai.de>
* build: remove unnecessary AC_EXEEXTJan Engelhardt2012-01-051-1/+0
| | | | | | | The result of AC_EXEEXT is never used -- there is no ${EXEEXT} to be found in the Makefiles. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: bump version to 1.0.1libnetfilter_queue-1.0.1Pablo Neira Ayuso2012-01-022-2/+2
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: disable implicit .tar.gz archive generation and use POSIX modeJan Engelhardt2011-12-171-1/+2
|
* build: use AC_CONFIG_AUX_DIR and stash away toolsJan Engelhardt2011-12-172-5/+2
|
* Update .gitignoreJan Engelhardt2011-12-171-3/+3
| | | | Only ignore these paths if they are a directory.
* src: add notes on NF_STOLEN and NF_REPEAT to documentationFlorian Westphal2011-09-061-1/+6
| | | | | | | | | | | | The verdict NF_STOLEN must not be used. When using NF_REPEAT, one way to prevent re-queueing of the same packet is to also set an nfmark using nfq_set_verdict2, and set up the nefilter rules to only queue a packet when the mark is not (yet) set. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
* src: add NFQNL_MSG_VERDICT_BATCH supportFlorian Westphal2011-09-063-6/+54
| | | | | | | | | | | | | add nfq_set_verdict_batch() and nfq_set_verdict_batch2 (to also set the nfmark of all packets). verdicts sent by the _batch variant will affect all queued skbs whose id is smaller or equal to the given id. This facility is available from Linux 3.1 onwards. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
* build: fix file list warning with automake-1.9Jan Engelhardt2011-08-031-1/+1
| | | | | | | Makefile.am:12: EXTRA_DIST multiply defined in condition TRUE ... Makefile.am:3: ... "EXTRA_DIST" previously defined here Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: fix error with automake-1.9Jan Engelhardt2011-08-012-0/+2
| | | | | | | src/Makefile.am: C objects in subdir but "AM_PROG_CC_C_O" not in "configure.ac" Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: Linux kernel-style for compilation messagesPablo Neira Ayuso2011-03-151-0/+3
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: fix `make distcheck'Pablo Neira Ayuso2011-01-061-0/+2
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: use -Wall across the entire sourceJan Engelhardt2010-12-302-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: create a Make_global.am fileJan Engelhardt2010-12-303-3/+3
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: remove unused LIBTOOL_DEPSJan Engelhardt2010-12-301-2/+0
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: fix wrong documentation on NFQNL_COPY_NONEPablo Neira Ayuso2010-12-071-1/+1
| | | | | | NFQNL_COPY_NONE means noop and should not be used. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* utils: document ENOBUFS in nfqnl_test.cAlessandro Vesely2010-11-071-3/+20
| | | | | | | | | | | | | This patch documents the ENOBUFS error in the example file, that is a common problem is that question over and over again in the mailing list. I (Pablo) have mangled this patch with some comestic cleanups. BTW, Mistick Levi sent a similar patch in the same timeline (amazing how sometimes the same works can clash). Signed-off-by: Alessandro Vesely <vesely@tana.it> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Merge branch 'master' of git://dev.medozas.de/libnetfilter_queuePablo Neira Ayuso2010-11-071-1/+4
|\
| * build: use AC_OUTPUTJan Engelhardt2010-10-311-1/+3
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: default to not building static librariesJan Engelhardt2010-10-311-0/+1
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | doc: document some performance tweaks for libnetfilter_queuePablo Neira Ayuso2010-11-031-1/+22
| | | | | | | | | | | | | | This patch documents some performance tweaks for libnetfilter_queue applications. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | Merge branch 'master' of git://dev.medozas.de/libnetfilter_queuePablo Neira Ayuso2010-11-018-55/+32
|\|
| * Update .gitignoreJan Engelhardt2010-10-302-15/+19
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: remove -fPIC flagJan Engelhardt2010-10-301-1/+1
| | | | | | | | | | | | libtool automatically adds PIC flags as needed. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: remove statements without effectJan Engelhardt2010-10-301-4/+0
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: set Libs.private for pkgconfig fileJan Engelhardt2010-10-301-0/+1
| | | | | | | | | | | | | | Similar to the commit in iptables, add Libs.private to tell about dependencies for static linking. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: no need for error message in PKG_CHECK_MODULESJan Engelhardt2010-10-302-11/+3
| | | | | | | | | | | | | | | | | | | | PKG_CHECK_MODULES already produces its own (and more verbose) messsage when a module cannot be found. Mucking around with CFLAGS and LIBS is also not needed since pkgconfig takes care of providing variables, so let's use them in Makefile.am. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: run AC_CANONICAL_HOST onlyJan Engelhardt2010-10-301-2/+2
| | | | | | | | | | | | | | | | | | | | There is no need to call AC_CANONICAL_SYSTEM when only AC_CANONICAL_HOST is needed. Also, checking for $target is factually incorrect, since we do not produce object code like a compiler. Use $host, which specifies the triple/quadrople where the compiled program is supposed to run. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: use simpler autoreconf in autogenJan Engelhardt2010-10-301-17/+3
| | | | | | | | | | | | | | | | | | Note: the use of -i seems required, otherwise autoreconf barfs about missing tools (depcomp, etc.). Since they are provided in the tarballs as files anyway rather than like previously as symlinks, I do not see a problem using -i. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: avoid use of deprecated INCLUDESJan Engelhardt2010-10-302-2/+2
| | | | | | | | | | | | | | | | Makefile.am: "INCLUDES" is the old name for "AM_CPPFLAGS" (or "*_CPPFLAGS") And remove unused $(all_includes) Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: use modern call syntax for AC_INIT, AM_INIT_AUTOMAKEJan Engelhardt2010-10-302-4/+2
| | | | | | | | | | | | | | automake options also need to definitely go into configure.ac, otherwise they only apply to a single directory. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: build: use autoconf-suggested naming of filesJan Engelhardt2010-10-301-0/+0
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | license: upgrade to GPLv2+Pablo Neira Ayuso2010-10-291-1/+1
|/ | | | | | | | | | | | This patch upgrades the license to GPLv2+. I have received an explicit ACK via email from contributors that are: * Harald Welte <laforge@netfilter.org>. * Holger Freyther <zecke@selfish.org> * Alessandro Vesely <vesely@tana.it> * Bart Schuymer <bdschuym@pandora.be> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfq: fix redundant LIBVERSION definitionPablo Neira Ayuso2010-07-152-23/+19
| | | | | | | | I accidentally inserted LIBVERSION to Makefile.am but the one used is in src/Makefile.am. This patch removes the previous definition. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfq: add myself to the copyright noticePablo Neira Ayuso2010-07-151-0/+1
| | | | | | | This patch adds myself to the copyright notice according to my contributions in the git repository. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfq: add missing documentation on nfq_snprintf_xml()Pablo Neira Ayuso2010-07-151-0/+32
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfq: bump version to 1.0.0libnetfilter_queue-1.0.0Pablo Neira Ayuso2010-07-112-1/+23
| | | | | | | This patch bumps the library version to 1.0. I have also introduced LIBVERSION for the API versioning. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: add libtool m4 supportPablo Neira Ayuso2010-07-113-0/+5
| | | | | | | | libtoolize: Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.in and libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree. libtoolize: Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfq: remove libipq.hPablo Neira Ayuso2010-07-112-97/+1
| | | | | | | | | In 224df57de4479d65d4fec3eeaa8b1a4d63b8213f, we forgot to remove libipq.h that was introduced to add backward compatibility for libipq (which was never completed and now everybody should be using libnetfilter_queue instead). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfq: remove `0x' from HW protocol in output of nfq_snprintf_xml()Pablo Neira Ayuso2010-07-111-2/+2
| | | | | | This patch removes the prefix `0x' of the HW protocol. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfq: fix HW address output in nfq_snprintf_xml()Pablo Neira Ayuso2010-07-111-3/+3
| | | | | | | | | | | | This patch fixes the output of the HW address in XML files: <src>800:800:800:800:800:</src> now it looks fine: <src>0019a917a400</src> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfq: consistent nfq_snprintf_xml() return value with snprintf()Pablo Neira Ayuso2010-07-111-58/+61
| | | | | | | | | | With this patch, nfq_snprintf_xml() returns the number of characters printed. If the output was truncated, then the return value is the number of characters that would have been written if enough space had been available. This makes nfq_snprintf_xml() consistent with the behaviour of snprintf(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfq: fix compilation warning in nfq_snprintf_xml()Pablo Neira Ayuso2010-07-111-1/+1
| | | | | | | In 21fd1834b5ce0a1f5b590f7e1ad23bba64fbafdf, we changed nfq_get_payload() to take an unsigned char * instead of signed char *. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>