| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Enable mnl programs to get an explicit acknowledgement of whether a
configuration request has been accepted.
(nfnl programs do this already).
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
Typically security contexts are not 'u32' sized but strings, for example
'system_u:object_r:my_http_client_packet_t:s0'.
Fix length validation check to allow any context sizes.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to work with the post-processing logic in doxygen/Makefile.am,
SYNOPSIS sections must be inserted at the end of the module description
(text after \defgroup or \addtogroup)
(becomes Detailed Description in the man page).
Also a few minor updates including rename module uselessfns to do_not_use.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
Move static nfq_hdr_put from examples/nf-queue.c into the library since
everyone is going to want it. Also rename nfq_hdr_put to nfq_nlmsg_put.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Ensure all functions that return something have a \returns
- Demote more checksum functions to their own groups
(reduces number of functions on main pages)
- Clarify wording where appropriate
- Add \sa (see also) where appropriate
- Fix documented function name for nfq_tcp_get_hdr
(no other mismatches noticed, but there may be some)
- Add warnings regarding changing length of tcp packet
- Make group names unique within libnetfilter_queue
(else man pages would be overwritten)
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updated:
src/nlmsg.c - Document NF_DROP, NF_ACCEPT, NF_STOP, NF_REPEAT and
NF_QUEUE_NR(new_queue).
- Make line number of examples/nf-queue.c into a hyperlink.
- Add hint that "cb" in function names is short for "callback".
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
Updated:
src/nlmsg.c: Update nfq_nlmsg_verdict_put_pkt() sample code to use pktb_len()
as recommended in src/extra/pktbuff.c, pktb_len() doco
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This completes the "Verdict helpers" module.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modify the definition and use of EXPORT_SYMBOL as was done for libmnl in
commit 444d6dc9.
Additionally, avoid generating long (>80ch) lines when inserting
EXPORT_SYMBOL.
Finally, re-align multi-line parameter blocks with opening parenthesis.
[ I have mangled the original patch to not split the function definition and
its return value. --pablo ]
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(These updates only cover functions used in a recent project)
src/extra/ipv4.c: - nfq_ip_set_transport_header(): Add explanatory notes
- nfq_ip_mangle()
- Advise that there is a return code
- Note that IPv4 length is updated as well as checksum
src/extra/pktbuff.c: - pktb_alloc(): Minor rewording (English usage)
- pktb_mangle(): Document
src/extra/udp.c: - nfq_udp_get_hdr(): Fix params
- nfq_udp_get_payload(): Fix params
- nfq_udp_get_payload_len(): Fix params
- nfq_udp_mangle_ipv4(): Rewrite documentation
src/nlmsg.c: - nfq_nlmsg_verdict_put(): Document
- nfq_nlmsg_cfg_put_cmd():
- Change name (was: nfq_nlmsg_cfg_build_request)
- Fix params
- Delete function return documentation (void fn)
- nfq_nlmsg_cfg_put_params(); Document (params only)
- nfq_nlmsg_cfg_put_qmaxlen(): Document (params only)
- nfq_nlmsg_parse:
- Change name (was: nfq_pkt_parse)
- Fix params
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This reverts commit 58cb0668dc15c78cd3af9eeaedf29386e86ecac1.
Prepare a new patch to keep this update consistent with libmnl.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
clang ignores the visibility attribute if its not defined before the
definition. As a result these symbols become hidden and consumers of
this library fail to link due to these missing symbols.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This patch adds four (actually two) attributes validation with
comparing to current kernel header.
Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds security context information structures
and functions.
This will allow userspace to find the security context of each
packet (if it exists) and make decisions based on that.
It should work for SELinux and SMACK.
Signed-off-by: Roman Kubiak <r.kubiak@samsung.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
There is confusion on what this command actually does and why
examples commonly PF_UNBIND at startup.
Since these are obsolete document that its not needed starting
with Linux 3.8.
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
| |
With this patch libnetfilter_queue is able to parse UID/GID
socket information.
Signed-off-by: Valentina Giusti <Valentina.Giusti@bmw-carit.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
allows userspace to ask for large gso packets via nfqueue.
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
| |
This patch updates the doxygen documentation for the new API.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|