summaryrefslogtreecommitdiffstats
path: root/src/extra/ipv6.c
Commit message (Collapse)AuthorAgeFilesLines
* src: Fix IPv6 Fragment Header processingDuncan Roe2023-10-081-3/+3
| | | | | | | | | | | 2 items: 1. frag_off (Fragment Offset pointer) overshot by 2 bytes because of adding offsetof() to it *after* it had been cast to uint16_t *. 2. Need to mask off LS 3 bits of ip6f_offlg *after* call to htons. Fixes: a0c885ae5a79 ("add pkt_buff and protocol helper functions") Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: doc: Insert SYNOPSIS sections for man pagesDuncan Roe2021-08-151-0/+11
| | | | | | | | | | | | In order to work with the post-processing logic in doxygen/Makefile.am, SYNOPSIS sections must be inserted at the end of the module description (text after \defgroup or \addtogroup) (becomes Detailed Description in the man page). Also a few minor updates including rename module uselessfns to do_not_use. Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* include: deprecate libnetfilter_queue/linux_nfnetlink_queue.hPablo Neira Ayuso2021-08-111-0/+1
| | | | | | Emit a warning to notify users that this file is deprecated. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: fix IPv6 header handlingEtan Kissling2021-02-191-2/+13
| | | | | | | | This corrects issues in IPv6 header handling that sometimes resulted in an endless loop. Signed-off-by: Etan Kissling <etan_kissling@apple.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Simplify struct pkt_buff: remove tailDuncan Roe2020-01-291-4/+4
| | | | | | | | | | In struct pkt_buff, we only ever needed any 2 of len, data and tail. This has caused bugs in the past, e.g. commit 8a4316f31. Delete tail, and where the value of pktb->tail was required, use new pktb_tail() function. Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add mangle functions for IPv6, IPv6/TCP and IPv6/UDPDuncan Roe2019-12-301-0/+29
| | | | | Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: Fix test for IPv6 headerDuncan Roe2019-12-071-1/+1
| | | | | | | | | | | | Updated: src/extra/ipv6.c: Only test the first 4 bits of the putative IPv6 header to be 6, since all the other bits are up for grabs. (I have seen nonzero Flow Control on the local interface and RFC2474 & RFC3168 document Traffic Class use). Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: doc: Eliminate doxygen warnings from ipv{4,6}.cDuncan Roe2019-11-041-12/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Updated: src/extra/ipv4.c: - Rename pkt formal arg of nfq_ip_mangle to pktb (to match all other struct pkt_buff args) - Make it clear that packet buffer is the user-space one - Sentence-case all parameter descriptions - Fix \param 3 of nfq_pkt_snprintf_ip to match prototype - Revised description of nfq_pkt_snprintf_ip for English usage, but left the "strange behaviour" bit at the end. (I know kernel developers hate snprintf: the purpose of the return code was not a blanket buffer overrun check but rather an amount to subtract from the size argument to the next snprintf call. It was therefore a bit of a screw-up to have snprintf take an unsigned size_t argument so the -ve size looks like a huge +ve one and snprintf keeps writing :( The programmer needs to use a signed type for size and explicitly test it for still being +ve before every snprintf call; with ssize_t, snprintf could have done nothing and returned zero with a -ve size so the programmer only needs to check right at the end. Ah well...) src/extra/ipv6.c: - Use \returns for all return values - Fix \param 3 of nfq_ip6_snprintf to match prototype - Sentence-case all parameter descriptions - Change IPv4 to IPv6 in a comment Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: Fix invalid conversion specifierDuncan Roe2019-10-081-1/+1
| | | | | | | | | Clang (but not gcc) warned about this. Gcc (but not clang) used to warn that nfq_set_verdict_mark is deprecated, but this has stopped since re-defining EXPORT_SYMBOL. Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: Enable clang buildDuncan Roe2019-10-081-3/+3
| | | | | | | | | | | | | | | | Modify the definition and use of EXPORT_SYMBOL as was done for libmnl in commit 444d6dc9. Additionally, avoid generating long (>80ch) lines when inserting EXPORT_SYMBOL. Finally, re-align multi-line parameter blocks with opening parenthesis. [ I have mangled the original patch to not split the function definition and its return value. --pablo ] Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Revert "src: Declare the define visibility attribute together"Pablo Neira Ayuso2017-04-141-3/+6
| | | | | | | | This reverts commit 58cb0668dc15c78cd3af9eeaedf29386e86ecac1. Prepare a new patch to keep this update consistent with libmnl. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: Declare the define visibility attribute togetherKhem Raj2017-04-141-6/+3
| | | | | | | | | clang ignores the visibility attribute if its not defined before the definition. As a result these symbols become hidden and consumers of this library fail to link due to these missing symbols. Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add mangle functions for IPv4/TCP and IPv4/UDPPablo Neira Ayuso2012-08-061-0/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add pkt_buff and protocol helper functionsPablo Neira Ayuso2012-08-061-0/+149
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>