summaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* include: pktbuff.h needs stdbool.hHEADmasterDuncan Roe2024-01-081-0/+2
| | | | | | | | | Without #include <stdbool.h>, compilation will fail if pktbuff.h is included early enough. Fixes: ffa83b5968b5 ("add mangle functions for IPv4/TCP and IPv4/UDP") Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Florian Westphal <fw@strlen.de>
* whitespace: replace spaces with tab in indentDuncan Roe2023-12-091-1/+1
| | | | | | | | | i.e. this one: > -^I^I^I struct nfq_data *nfad, char *name);$ > +^I^I^I^I struct nfq_data *nfad, char *name);$ Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Florian Westphal <fw@strlen.de>
* src: Add nfq_nlmsg_put2() - user specifies header flagsDuncan Roe2023-12-061-0/+1
| | | | | | | | | Enable mnl programs to get an explicit acknowledgement of whether a configuration request has been accepted. (nfnl programs do this already). Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* include: remove trailing spacesDuncan Roe2023-10-261-3/+3
| | | | | Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add alternative API to set up packet bufferPablo Neira Ayuso2023-08-201-0/+3
| | | | | | | | | | | | | | | | pktb_setup_raw() is a new function to initialise a new struct pkt_buff. It takes the memory area to be used to store pkt_buff structure and the data. Data is attached to the packet buffer (not copied), ie. the packet buffer data points to the provided data pointer. pktb_head_size() is a new function to return the amount of memory to reserve for a new struct pkt_buff. Extend documentation pon pktb_alloc(). Mostly original patch from Duncan Roe <duncan_roe@optusnet.com.au>. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* include: deprecate libnetfilter_queue/linux_nfnetlink_queue.hPablo Neira Ayuso2021-08-111-0/+2
| | | | | | Emit a warning to notify users that this file is deprecated. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* include: refer to nfnetlink_conntrack.h, not nf_conntrack_netlink.hDuncan Roe2021-07-072-4/+4
| | | | | | | nf_conntrack_netlink.h does not exist, refer to nfnetlink_conntrack.h instead. Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add pkt_buff function for ICMPEtan Kissling2021-02-092-0/+9
| | | | | | | | Add support for processing ICMP packets using pkt_buff, similar to existing library support for TCP and UDP. Signed-off-by: Etan Kissling <etan_kissling@apple.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add nfq_get_skbinfo()Florian Westphal2020-02-251-0/+1
| | | | | | | | Silly, since its easy to fetch this via libmnl. Unfortunately there is a large number of software that uses the old API, so add a helper to return the attribute. Signed-off-by: Florian Westphal <fw@strlen.de>
* src: expose nfq_nlmsg_putDuncan Roe2020-02-241-0/+1
| | | | | | | | Move static nfq_hdr_put from examples/nf-queue.c into the library since everyone is going to want it. Also rename nfq_hdr_put to nfq_nlmsg_put. Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: Always use pktb as formal arg of type struct pkt_buffDuncan Roe2020-01-035-6/+6
| | | | | | | | | | | All remaining instances of pkt refer to something other than a pkt_buff. In the prototype for nfq_nlmsg_parse, pkt is changed to attr. Inconsistent whitespace in headers has been left for another day. Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Florian Westphal <fw@strlen.de>
* src: pktb_mangle has signed offset arg so can mangle MAC header with -ve oneDuncan Roe2019-12-301-1/+1
| | | | | | | | | - Update prototype - Update doxygen documentation - Update declaration Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add mangle functions for IPv6, IPv6/TCP and IPv6/UDPDuncan Roe2019-12-303-0/+3
| | | | | Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add security context informationRoman Kubiak2015-06-303-2/+8
| | | | | | | | | | | | This commit adds security context information structures and functions. This will allow userspace to find the security context of each packet (if it exists) and make decisions based on that. It should work for SELinux and SMACK. Signed-off-by: Roman Kubiak <r.kubiak@samsung.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libnetfilter_queue.h: Include <sys/time.h> for struct timevalFelix Janda2015-06-191-1/+1
| | | | | Signed-off-by: Felix Janda <felix.janda@posteo.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: Use stdint types everywhereFelix Janda2015-05-291-28/+28
| | | | | Signed-off-by: Felix Janda <felix.janda@posteo.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* include: Sync with kernel headersFelix Janda2015-05-271-34/+37
| | | | | Signed-off-by: Felix Janda <felix.janda@posteo.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* include: fix wrong function name in the headerTing-Wei Lan2014-06-201-1/+1
| | | | | | There is no nfq_ip6hdr_snprintf(). nfq_ip6_snprintf() is the correct name. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add support for UID/GID socket infoValentina Giusti2014-01-083-2/+14
| | | | | | | | With this patch libnetfilter_queue is able to parse UID/GID socket information. Signed-off-by: Valentina Giusti <Valentina.Giusti@bmw-carit.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add new GSO handling capabilitiesFlorian Westphal2013-04-302-6/+28
| | | | | | allows userspace to ask for large gso packets via nfqueue. Signed-off-by: Florian Westphal <fw@strlen.de>
* add mangle functions for IPv4/TCP and IPv4/UDPPablo Neira Ayuso2012-08-064-0/+9
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add pkt_buff and protocol helper functionsPablo Neira Ayuso2012-08-066-1/+84
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add new libnetfilter_queue API for libmnlPablo Neira Ayuso2012-08-066-6/+117
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: implement API to set per-queue flagsKrishna Kumar2012-07-142-0/+10
| | | | | | | | | | Implement API to set per-queue flags. This is initially used to implement fail-open support in NFQUEUE. [ Pablo mangled this patch to bump LIBVERSION as well ] Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add NFQNL_MSG_VERDICT_BATCH supportFlorian Westphal2011-09-062-0/+10
| | | | | | | | | | | | | add nfq_set_verdict_batch() and nfq_set_verdict_batch2 (to also set the nfmark of all packets). verdicts sent by the _batch variant will affect all queued skbs whose id is smaller or equal to the given id. This facility is available from Linux 3.1 onwards. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
* nfq: remove libipq.hPablo Neira Ayuso2010-07-112-97/+1
| | | | | | | | | In 224df57de4479d65d4fec3eeaa8b1a4d63b8213f, we forgot to remove libipq.h that was introduced to add backward compatibility for libipq (which was never completed and now everybody should be using libnetfilter_queue instead). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add nfq_snprintf_xml() to output a packet in XML formatPablo Neira Ayuso2010-06-131-0/+12
| | | | | | This patch adds a new function to output the packet in XML format. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* payload buffer datatypes are consistentDavid Fabro2010-06-101-1/+1
| | | | | | | | | | | | | | The 'data' parameter to nfq_get_payload() returns pointer to unsigned char (rather than signed char) to make it consistent with the 'buf' parameter of nfq_set_verdict(), nfq_set_verdict2(), and nfq_set_verdict_mark(), all of which refer to the same data. Either signed or unsigned is fine, but they should be consistent as the output of nfq_get_payload() may be passed back into nfq_set_verdict*(); in that case, this change eliminates the need for typecasting in the calling code when using compilers that enforce strict typecasting. Signed-off-by: David Favro <netfilter@meta-dynamic.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* non-modified payload arguments are pointer-to-constDavid Fabro2010-06-101-3/+3
| | | | | | | | | | | | | | The payload parameters to nfq_set_verdict(), nfq_set_verdict2(), and nfq_set_verdict_mark() are not modified by those functions, and therefore should have datatype pointer-to-const. This both causes the source-code to more effectively represent what is the purpose of the parameter, and eliminates the need to cast away const-ness when calling the functions with compilers that enforce strict casting. All existing calling code should not need modification as pointer-to-X automatically converts to pointer-to-const-X. Signed-off-by: David Favro <netfilter@meta-dynamic.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfq: deprecate nfq_set_verdict_mark() in favour of nfq_set_verdict2()Pablo Neira Ayuso2010-05-091-6/+14
| | | | | | | | | | | | This patch deprecates nfq_set_verdict_mark() in favour of nfq_set_verdict2() which does exactly the same but it also convert the mark value from host-byte order to network-byte order as expected by nfnetlink_queue. I know, this is hackish, but I prefer adding new functions instead of API versioning which is also ugly. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libnfq: mark functions as extern CJan Engelhardt2008-06-242-1/+15
| | | | | | | | | | mark functions as extern C This is needed when #included from C++. Reported-by: Simon <turner25@gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* remove linux/types.h include/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-131-1/+0
|
* interface index to name API (Eric Leblond)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2007-01-311-0/+9
|
* Add patch to set max. queue length (Eric Leblond)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-11-132-3/+7
|
* Introduce various API changes throughout the library stack/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-141-0/+1
| | | | | | | | | | | 1) make libnfnetlink dynamically allocate it's handles 2) apply that change throughout libnetfilter_* 3) add {nfq,nflog,nfct}_open_nfnl() functions that open the specific subsystem on top of an existing nfnl_handle, which is required for upcoming libnetfilter_conntrack_helper The changes break ABI and API compatibility of libnfnetlink, but don't break ABI or API compatibility of the libnetfilter_* libraries.
* - don't install test program/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-113-3/+96
| | | | | - use local copy of nfnetlink_queue header - bump version number to 0.0.11
* fix nfq_get_timestamp() to use struct timeval and be endian correct/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-061-2/+1
|
* get rid of superfluous 'datalength' parameter of nfq_get_payload() function/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-051-3/+2
|
* rename all data types and functions to get rid of 'nl' (== netlink) part in ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-052-31/+31
| | | | prefix
* abstract 'nfattr' in 'nfnl_q_data'/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-051-10/+11
|
* rename files correctly (Eric Leblond)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-10-261-0/+0
|
* rename libnfnetlink_queue to libnetfilter_queue/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-10-095-4/+4
|
* fix include order/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-09-231-1/+2
|
* use new accessor functions (Eric Leblond, Harald Welte)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-09-231-1/+31
|
* sync with all 'upstream' changes in libnfnetlink_log/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-08-072-31/+26
|
* build fixes following restructuring/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-301-1/+1
|
* directory restructuring/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-304-0/+155