| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pktb_setup_raw() is a new function to initialise a new struct pkt_buff.
It takes the memory area to be used to store pkt_buff structure and the
data. Data is attached to the packet buffer (not copied), ie. the packet
buffer data points to the provided data pointer.
pktb_head_size() is a new function to return the amount of memory to
reserve for a new struct pkt_buff.
Extend documentation pon pktb_alloc().
Mostly original patch from Duncan Roe <duncan_roe@optusnet.com.au>.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In order to work with the post-processing logic in doxygen/Makefile.am,
SYNOPSIS sections must be inserted at the end of the module description
(text after \defgroup or \addtogroup)
(becomes Detailed Description in the man page).
Also a few minor updates including rename module uselessfns to do_not_use.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
Add private helper function to set up the pkt_buff object.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
| |
In struct pkt_buff, we only ever needed any 2 of len, data and tail.
This has caused bugs in the past, e.g. commit 8a4316f31.
Delete tail, and where the value of pktb->tail was required,
use new pktb_tail() function.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
head and data always had the same value.
head was in the minority, so replace with data where it was used.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
In pktb_alloc, declare struct ethhdr *ethhdr at function start,
thus avoiding cute braces on case AF_BRIDGE.
This costs nothing and generates less code.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
All remaining instances of pkt refer to something other than a pkt_buff.
In the prototype for nfq_nlmsg_parse, pkt is changed to attr.
Inconsistent whitespace in headers has been left for another day.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
| |
- Update prototype
- Update doxygen documentation
- Update declaration
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Divide functions into a hierarchy:
top-level: Functions all programs that modify data will use
2nd-level: Rarely-used functions
3rd-level: Functions not to use (should have been declared static)
Only the top-level functions appear on the "User-space network packet buffer"
page, which looks a lot less daunting than it used to.
Parameter descriptions all match prototypes
All non-void functions have a "Returns" paragraph
Code change:
pktb_alloc: set errno to EPROTONOSUPPORT before doing error return because
protocol is not supported
Detailed other updates (top-level)
pktb_alloc: - Add "Errors" para
- Add "See also" para
pktb_data, pktb_len: Add "appropriate use" line
pktb_mangle: Add warning to use a different function unless mangling MAC hddr
pktb_mangled: Add usage hint line
Detailed other updates (2nd-level)
pktb_mac_header: Point out only for AF_BRIDGE
pktb_tailroom: Point out no dynamic expansion
pktb_transport_header: Add note that programmer must code to set this
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At least on the local interface, the MAC header of an IPv6 packet specifies
IPv6 protocol (rather than IP). This surprised me, since the first octet of
the IP datagram is the IP version, but I guess it's an efficiency thing.
Without this patch, pktb_alloc() returns NULL when an IPv6 packet is
encountered.
Updated:
src/extra/pktbuff.c: - Treat ETH_P_IPV6 the same as ETH_P_IP.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Without this patch, AF_INET6 pktb_alloc() creates a pktb with NULL
network_header. But in src/extra/ipv6.c, nfq_ip6_get_hdr() assumes that
pktb->network_header is valid.
Updated:
src/extra/pktbuff.c: Treat AF_INET6 the same as AF_INET.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
skb->tail is used in many places, so it's important to keep it up to date.
Updated:
src/extra/pktbuff.c: Fix pktb_trim()
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
| |
The documentation generally uses OSI layer numbering, where TCP (i.e. Transport)
is layer 4 so that IP is layer 3.
Bring pktb_mangle documentation into line with this.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modify the definition and use of EXPORT_SYMBOL as was done for libmnl in
commit 444d6dc9.
Additionally, avoid generating long (>80ch) lines when inserting
EXPORT_SYMBOL.
Finally, re-align multi-line parameter blocks with opening parenthesis.
[ I have mangled the original patch to not split the function definition and
its return value. --pablo ]
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(These updates only cover functions used in a recent project)
src/extra/ipv4.c: - nfq_ip_set_transport_header(): Add explanatory notes
- nfq_ip_mangle()
- Advise that there is a return code
- Note that IPv4 length is updated as well as checksum
src/extra/pktbuff.c: - pktb_alloc(): Minor rewording (English usage)
- pktb_mangle(): Document
src/extra/udp.c: - nfq_udp_get_hdr(): Fix params
- nfq_udp_get_payload(): Fix params
- nfq_udp_get_payload_len(): Fix params
- nfq_udp_mangle_ipv4(): Rewrite documentation
src/nlmsg.c: - nfq_nlmsg_verdict_put(): Document
- nfq_nlmsg_cfg_put_cmd():
- Change name (was: nfq_nlmsg_cfg_build_request)
- Fix params
- Delete function return documentation (void fn)
- nfq_nlmsg_cfg_put_params(); Document (params only)
- nfq_nlmsg_cfg_put_qmaxlen(): Document (params only)
- nfq_nlmsg_parse:
- Change name (was: nfq_pkt_parse)
- Fix params
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This reverts commit 58cb0668dc15c78cd3af9eeaedf29386e86ecac1.
Prepare a new patch to keep this update consistent with libmnl.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
clang ignores the visibility attribute if its not defined before the
definition. As a result these symbols become hidden and consumers of
this library fail to link due to these missing symbols.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As of f40eabb01 (add pkt_buff and protocol helper functions)
libnetfilter_queue accidentally exports the internal function named
'checksum'. This is a bit too generic and may cause crashes with
applications that worked fine before.
This patch makes the functions checksum, checksum_tcpudp_ipv4 and
checksum_tcpudp_ipv6 local by building with fvis-hidden and adding
EXPORTs for the legacy api calls and the ones that seem to have missing
EXPORT tags (mainly pktbuff api).
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
This patch updates the doxygen documentation for the new API.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
Fix wrong arithmetics and missing pktb->len update
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
pktb_expand_tail returns 0 if there is no room for the mangling.
Note that we don't support dynamic reallocation, instead the
caller is responsible for allocating the extra room via pktb_alloc
according to the maximum amount of bytes it needs for the mangling.
Since pkt_buff layout is not exposed, we can change this in the
future if we prefer dynamic reallocation.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
