summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* src: document NFQA_CFG_F_CONNTRACK flagPablo Neira Ayuso2013-03-141-5/+9
| | | | | | Suggested by Eric Leblond. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doxygen: improve documentationEric Leblond2013-01-251-1/+21
| | | | | This patch improves the doxygen documentation and adds a reference to an external article.
* doxygen: improve fail-open documentation.Eric Leblond2013-01-251-0/+8
|
* examples: nf-queue: fix api usageFlorian Westphal2012-11-251-12/+12
| | | | | | | | | | | 1. struct nlattr *attr[NFQA_MAX+1] must be initialized. Otherwise, attr[FOO] might be non-null after parsing even if that attribute isn't present in the message. 2. mnl_attr_get_payload will never return NULL (if the attribute is NULL, it returns MNL_ATTR_HDRLEN.) Signed-off-by: Florian Westphal <fw@strlen.de>
* build: resolve automake-1.12 warningsJan Engelhardt2012-10-081-0/+1
| | | | | | | | am/ltlibrary.am: warning: 'libnetfilter_queue.la': linking libtool libraries using a non-POSIX archiver requires 'AM_PROG_AR' in 'configure.ac' Signed-off-by: Jan Engelhardt <jengelh@inai.de>
* bump version to 1.0.2libnetfilter_queue-1.0.2Pablo Neira Ayuso2012-10-081-1/+1
| | | | | | | | | | | | | | LIBVERSION is already correctly updates, previous release was: 3:0:2 and this is: 4:0:3 This release includes new interfaces, but we're still backward compatible. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* fix compilation warning in nfq_get_payloadPablo Neira Ayuso2012-08-211-1/+2
| | | | | | | libnetfilter_queue.c: In function 'nfq_get_payload': libnetfilter_queue.c:1116:8: warning: pointer targets in assignment differ in signedness [-Wpointer-sign] Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nf-queue: fix compilation warning with gcc-4.7Pablo Neira Ayuso2012-08-202-8/+7
| | | | | | | nf-queue.c: In function ‘main’: nf-queue.c:146:12: warning: unused variable ‘id’ [-Wunused-variable] Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: update doxygen documentation for new API for libmnlPablo Neira Ayuso2012-08-206-7/+86
| | | | | | This patch updates the doxygen documentation for the new API. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* pktbuff: fix pktb_push, _pull and _put functionPablo Neira Ayuso2012-08-201-2/+5
| | | | | | Fix wrong arithmetics and missing pktb->len update Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extra: pktbuff: pktb_expand_tail return 0 if there is no room in the tailPablo Neira Ayuso2012-08-201-3/+9
| | | | | | | | | | | | pktb_expand_tail returns 0 if there is no room for the mangling. Note that we don't support dynamic reallocation, instead the caller is responsible for allocating the extra room via pktb_alloc according to the maximum amount of bytes it needs for the mangling. Since pkt_buff layout is not exposed, we can change this in the future if we prefer dynamic reallocation. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add mangle functions for IPv4/TCP and IPv4/UDPPablo Neira Ayuso2012-08-0611-4/+146
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add pkt_buff and protocol helper functionsPablo Neira Ayuso2012-08-0614-2/+910
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add new libnetfilter_queue API for libmnlPablo Neira Ayuso2012-08-0615-13/+510
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: implement API to set per-queue flagsKrishna Kumar2012-07-144-1/+53
| | | | | | | | | | Implement API to set per-queue flags. This is initially used to implement fail-open support in NFQUEUE. [ Pablo mangled this patch to bump LIBVERSION as well ] Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: remove stray empty variableJan Engelhardt2012-06-301-1/+1
| | | | | | | | | | | | | | | | Compilation can fail when libnfnetlink is not in a directory searched by default. Reason is the empty KERNELDIR variable which makes for a gcc command like: gcc -I. -I../include -I -Wall -I/usr/include/libnfnetlink-1.0.0+git28 -Wall -c libnetfilter_queue.c What one would expect is that gcc would search in the (non-existent) directory "-Wall" and just continue as usual, since -Wall is specified again. Instead, gcc versions before 4.6 attempt to search the (similarly non-existent) directory "-I/usr/[...]" and thus miss. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
* build: remove unused lines in Makefile.amJan Engelhardt2012-06-241-2/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@inai.de>
* build: remove unnecessary AC_EXEEXTJan Engelhardt2012-01-051-1/+0
| | | | | | | The result of AC_EXEEXT is never used -- there is no ${EXEEXT} to be found in the Makefiles. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: bump version to 1.0.1libnetfilter_queue-1.0.1Pablo Neira Ayuso2012-01-022-2/+2
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: disable implicit .tar.gz archive generation and use POSIX modeJan Engelhardt2011-12-171-1/+2
|
* build: use AC_CONFIG_AUX_DIR and stash away toolsJan Engelhardt2011-12-172-5/+2
|
* Update .gitignoreJan Engelhardt2011-12-171-3/+3
| | | | Only ignore these paths if they are a directory.
* src: add notes on NF_STOLEN and NF_REPEAT to documentationFlorian Westphal2011-09-061-1/+6
| | | | | | | | | | | | The verdict NF_STOLEN must not be used. When using NF_REPEAT, one way to prevent re-queueing of the same packet is to also set an nfmark using nfq_set_verdict2, and set up the nefilter rules to only queue a packet when the mark is not (yet) set. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
* src: add NFQNL_MSG_VERDICT_BATCH supportFlorian Westphal2011-09-063-6/+54
| | | | | | | | | | | | | add nfq_set_verdict_batch() and nfq_set_verdict_batch2 (to also set the nfmark of all packets). verdicts sent by the _batch variant will affect all queued skbs whose id is smaller or equal to the given id. This facility is available from Linux 3.1 onwards. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
* build: fix file list warning with automake-1.9Jan Engelhardt2011-08-031-1/+1
| | | | | | | Makefile.am:12: EXTRA_DIST multiply defined in condition TRUE ... Makefile.am:3: ... "EXTRA_DIST" previously defined here Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: fix error with automake-1.9Jan Engelhardt2011-08-012-0/+2
| | | | | | | src/Makefile.am: C objects in subdir but "AM_PROG_CC_C_O" not in "configure.ac" Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: Linux kernel-style for compilation messagesPablo Neira Ayuso2011-03-151-0/+3
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: fix `make distcheck'Pablo Neira Ayuso2011-01-061-0/+2
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: use -Wall across the entire sourceJan Engelhardt2010-12-302-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: create a Make_global.am fileJan Engelhardt2010-12-303-3/+3
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: remove unused LIBTOOL_DEPSJan Engelhardt2010-12-301-2/+0
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: fix wrong documentation on NFQNL_COPY_NONEPablo Neira Ayuso2010-12-071-1/+1
| | | | | | NFQNL_COPY_NONE means noop and should not be used. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* utils: document ENOBUFS in nfqnl_test.cAlessandro Vesely2010-11-071-3/+20
| | | | | | | | | | | | | This patch documents the ENOBUFS error in the example file, that is a common problem is that question over and over again in the mailing list. I (Pablo) have mangled this patch with some comestic cleanups. BTW, Mistick Levi sent a similar patch in the same timeline (amazing how sometimes the same works can clash). Signed-off-by: Alessandro Vesely <vesely@tana.it> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Merge branch 'master' of git://dev.medozas.de/libnetfilter_queuePablo Neira Ayuso2010-11-071-1/+4
|\
| * build: use AC_OUTPUTJan Engelhardt2010-10-311-1/+3
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: default to not building static librariesJan Engelhardt2010-10-311-0/+1
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | doc: document some performance tweaks for libnetfilter_queuePablo Neira Ayuso2010-11-031-1/+22
| | | | | | | | | | | | | | This patch documents some performance tweaks for libnetfilter_queue applications. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | Merge branch 'master' of git://dev.medozas.de/libnetfilter_queuePablo Neira Ayuso2010-11-018-55/+32
|\ \ | |/
| * Update .gitignoreJan Engelhardt2010-10-302-15/+19
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: remove -fPIC flagJan Engelhardt2010-10-301-1/+1
| | | | | | | | | | | | libtool automatically adds PIC flags as needed. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: remove statements without effectJan Engelhardt2010-10-301-4/+0
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: set Libs.private for pkgconfig fileJan Engelhardt2010-10-301-0/+1
| | | | | | | | | | | | | | Similar to the commit in iptables, add Libs.private to tell about dependencies for static linking. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: no need for error message in PKG_CHECK_MODULESJan Engelhardt2010-10-302-11/+3
| | | | | | | | | | | | | | | | | | | | PKG_CHECK_MODULES already produces its own (and more verbose) messsage when a module cannot be found. Mucking around with CFLAGS and LIBS is also not needed since pkgconfig takes care of providing variables, so let's use them in Makefile.am. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: run AC_CANONICAL_HOST onlyJan Engelhardt2010-10-301-2/+2
| | | | | | | | | | | | | | | | | | | | There is no need to call AC_CANONICAL_SYSTEM when only AC_CANONICAL_HOST is needed. Also, checking for $target is factually incorrect, since we do not produce object code like a compiler. Use $host, which specifies the triple/quadrople where the compiled program is supposed to run. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: use simpler autoreconf in autogenJan Engelhardt2010-10-301-17/+3
| | | | | | | | | | | | | | | | | | Note: the use of -i seems required, otherwise autoreconf barfs about missing tools (depcomp, etc.). Since they are provided in the tarballs as files anyway rather than like previously as symlinks, I do not see a problem using -i. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: avoid use of deprecated INCLUDESJan Engelhardt2010-10-302-2/+2
| | | | | | | | | | | | | | | | Makefile.am: "INCLUDES" is the old name for "AM_CPPFLAGS" (or "*_CPPFLAGS") And remove unused $(all_includes) Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: use modern call syntax for AC_INIT, AM_INIT_AUTOMAKEJan Engelhardt2010-10-302-4/+2
| | | | | | | | | | | | | | automake options also need to definitely go into configure.ac, otherwise they only apply to a single directory. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: build: use autoconf-suggested naming of filesJan Engelhardt2010-10-301-0/+0
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | license: upgrade to GPLv2+Pablo Neira Ayuso2010-10-291-1/+1
|/ | | | | | | | | | | | This patch upgrades the license to GPLv2+. I have received an explicit ACK via email from contributors that are: * Harald Welte <laforge@netfilter.org>. * Holger Freyther <zecke@selfish.org> * Alessandro Vesely <vesely@tana.it> * Bart Schuymer <bdschuym@pandora.be> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfq: fix redundant LIBVERSION definitionPablo Neira Ayuso2010-07-152-23/+19
| | | | | | | | I accidentally inserted LIBVERSION to Makefile.am but the one used is in src/Makefile.am. This patch removes the previous definition. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>