summaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* src: add support for UID/GID socket infoValentina Giusti2014-01-083-2/+14
| | | | | | | | With this patch libnetfilter_queue is able to parse UID/GID socket information. Signed-off-by: Valentina Giusti <Valentina.Giusti@bmw-carit.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add new GSO handling capabilitiesFlorian Westphal2013-04-302-6/+28
| | | | | | allows userspace to ask for large gso packets via nfqueue. Signed-off-by: Florian Westphal <fw@strlen.de>
* add mangle functions for IPv4/TCP and IPv4/UDPPablo Neira Ayuso2012-08-064-0/+9
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add pkt_buff and protocol helper functionsPablo Neira Ayuso2012-08-066-1/+84
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add new libnetfilter_queue API for libmnlPablo Neira Ayuso2012-08-066-6/+117
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: implement API to set per-queue flagsKrishna Kumar2012-07-142-0/+10
| | | | | | | | | | Implement API to set per-queue flags. This is initially used to implement fail-open support in NFQUEUE. [ Pablo mangled this patch to bump LIBVERSION as well ] Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add NFQNL_MSG_VERDICT_BATCH supportFlorian Westphal2011-09-062-0/+10
| | | | | | | | | | | | | add nfq_set_verdict_batch() and nfq_set_verdict_batch2 (to also set the nfmark of all packets). verdicts sent by the _batch variant will affect all queued skbs whose id is smaller or equal to the given id. This facility is available from Linux 3.1 onwards. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
* nfq: remove libipq.hPablo Neira Ayuso2010-07-112-97/+1
| | | | | | | | | In 224df57de4479d65d4fec3eeaa8b1a4d63b8213f, we forgot to remove libipq.h that was introduced to add backward compatibility for libipq (which was never completed and now everybody should be using libnetfilter_queue instead). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add nfq_snprintf_xml() to output a packet in XML formatPablo Neira Ayuso2010-06-131-0/+12
| | | | | | This patch adds a new function to output the packet in XML format. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* payload buffer datatypes are consistentDavid Fabro2010-06-101-1/+1
| | | | | | | | | | | | | | The 'data' parameter to nfq_get_payload() returns pointer to unsigned char (rather than signed char) to make it consistent with the 'buf' parameter of nfq_set_verdict(), nfq_set_verdict2(), and nfq_set_verdict_mark(), all of which refer to the same data. Either signed or unsigned is fine, but they should be consistent as the output of nfq_get_payload() may be passed back into nfq_set_verdict*(); in that case, this change eliminates the need for typecasting in the calling code when using compilers that enforce strict typecasting. Signed-off-by: David Favro <netfilter@meta-dynamic.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* non-modified payload arguments are pointer-to-constDavid Fabro2010-06-101-3/+3
| | | | | | | | | | | | | | The payload parameters to nfq_set_verdict(), nfq_set_verdict2(), and nfq_set_verdict_mark() are not modified by those functions, and therefore should have datatype pointer-to-const. This both causes the source-code to more effectively represent what is the purpose of the parameter, and eliminates the need to cast away const-ness when calling the functions with compilers that enforce strict casting. All existing calling code should not need modification as pointer-to-X automatically converts to pointer-to-const-X. Signed-off-by: David Favro <netfilter@meta-dynamic.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfq: deprecate nfq_set_verdict_mark() in favour of nfq_set_verdict2()Pablo Neira Ayuso2010-05-091-6/+14
| | | | | | | | | | | | This patch deprecates nfq_set_verdict_mark() in favour of nfq_set_verdict2() which does exactly the same but it also convert the mark value from host-byte order to network-byte order as expected by nfnetlink_queue. I know, this is hackish, but I prefer adding new functions instead of API versioning which is also ugly. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libnfq: mark functions as extern CJan Engelhardt2008-06-242-1/+15
| | | | | | | | | | mark functions as extern C This is needed when #included from C++. Reported-by: Simon <turner25@gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* remove linux/types.h include/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-131-1/+0
|
* interface index to name API (Eric Leblond)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2007-01-311-0/+9
|
* Add patch to set max. queue length (Eric Leblond)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-11-132-3/+7
|
* Introduce various API changes throughout the library stack/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-141-0/+1
| | | | | | | | | | | 1) make libnfnetlink dynamically allocate it's handles 2) apply that change throughout libnetfilter_* 3) add {nfq,nflog,nfct}_open_nfnl() functions that open the specific subsystem on top of an existing nfnl_handle, which is required for upcoming libnetfilter_conntrack_helper The changes break ABI and API compatibility of libnfnetlink, but don't break ABI or API compatibility of the libnetfilter_* libraries.
* - don't install test program/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-113-3/+96
| | | | | - use local copy of nfnetlink_queue header - bump version number to 0.0.11
* fix nfq_get_timestamp() to use struct timeval and be endian correct/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-061-2/+1
|
* get rid of superfluous 'datalength' parameter of nfq_get_payload() function/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-051-3/+2
|
* rename all data types and functions to get rid of 'nl' (== netlink) part in ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-052-31/+31
| | | | prefix
* abstract 'nfattr' in 'nfnl_q_data'/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-051-10/+11
|
* rename files correctly (Eric Leblond)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-10-261-0/+0
|
* rename libnfnetlink_queue to libnetfilter_queue/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-10-095-4/+4
|
* fix include order/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-09-231-1/+2
|
* use new accessor functions (Eric Leblond, Harald Welte)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-09-231-1/+31
|
* sync with all 'upstream' changes in libnfnetlink_log/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-08-072-31/+26
|
* build fixes following restructuring/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-301-1/+1
|
* directory restructuring/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-304-0/+155