| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
2 items:
1. frag_off (Fragment Offset pointer) overshot by 2 bytes because of adding
offsetof() to it *after* it had been cast to uint16_t *.
2. Need to mask off LS 3 bits of ip6f_offlg *after* call to htons.
Fixes: a0c885ae5a79 ("add pkt_buff and protocol helper functions")
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to work with the post-processing logic in doxygen/Makefile.am,
SYNOPSIS sections must be inserted at the end of the module description
(text after \defgroup or \addtogroup)
(becomes Detailed Description in the man page).
Also a few minor updates including rename module uselessfns to do_not_use.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
Emit a warning to notify users that this file is deprecated.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This corrects issues in IPv6 header handling that sometimes resulted
in an endless loop.
Signed-off-by: Etan Kissling <etan_kissling@apple.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
In struct pkt_buff, we only ever needed any 2 of len, data and tail.
This has caused bugs in the past, e.g. commit 8a4316f31.
Delete tail, and where the value of pktb->tail was required,
use new pktb_tail() function.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updated:
src/extra/ipv6.c: Only test the first 4 bits of the putative IPv6 header to be
6, since all the other bits are up for grabs.
(I have seen nonzero Flow Control on the local interface and
RFC2474 & RFC3168 document Traffic Class use).
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updated:
src/extra/ipv4.c: - Rename pkt formal arg of nfq_ip_mangle to pktb
(to match all other struct pkt_buff args)
- Make it clear that packet buffer is the user-space one
- Sentence-case all parameter descriptions
- Fix \param 3 of nfq_pkt_snprintf_ip to match prototype
- Revised description of nfq_pkt_snprintf_ip for English
usage, but left the "strange behaviour" bit at the end.
(I know kernel developers hate snprintf: the purpose of the
return code was not a blanket buffer overrun check but
rather an amount to subtract from the size argument to the
next snprintf call.
It was therefore a bit of a screw-up to have snprintf take
an unsigned size_t argument so the -ve size looks like a
huge +ve one and snprintf keeps writing :(
The programmer needs to use a signed type for size and
explicitly test it for still being +ve before every
snprintf call; with ssize_t, snprintf could have done
nothing and returned zero with a -ve size so the
programmer only needs to check right at the end.
Ah well...)
src/extra/ipv6.c: - Use \returns for all return values
- Fix \param 3 of nfq_ip6_snprintf to match prototype
- Sentence-case all parameter descriptions
- Change IPv4 to IPv6 in a comment
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
Clang (but not gcc) warned about this. Gcc (but not clang) used to warn that
nfq_set_verdict_mark is deprecated, but this has stopped since re-defining
EXPORT_SYMBOL.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modify the definition and use of EXPORT_SYMBOL as was done for libmnl in
commit 444d6dc9.
Additionally, avoid generating long (>80ch) lines when inserting
EXPORT_SYMBOL.
Finally, re-align multi-line parameter blocks with opening parenthesis.
[ I have mangled the original patch to not split the function definition and
its return value. --pablo ]
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This reverts commit 58cb0668dc15c78cd3af9eeaedf29386e86ecac1.
Prepare a new patch to keep this update consistent with libmnl.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
clang ignores the visibility attribute if its not defined before the
definition. As a result these symbols become hidden and consumers of
this library fail to link due to these missing symbols.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|