From 58cb0668dc15c78cd3af9eeaedf29386e86ecac1 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Mon, 10 Apr 2017 12:58:04 -0700 Subject: src: Declare the define visibility attribute together clang ignores the visibility attribute if its not defined before the definition. As a result these symbols become hidden and consumers of this library fail to link due to these missing symbols. Signed-off-by: Khem Raj Signed-off-by: Pablo Neira Ayuso --- src/extra/ipv4.c | 15 +++---- src/extra/ipv6.c | 9 ++-- src/extra/pktbuff.c | 42 ++++++------------ src/extra/tcp.c | 21 +++------ src/extra/udp.c | 21 +++------ src/internal.h | 5 +-- src/libnetfilter_queue.c | 108 ++++++++++++++++------------------------------- src/nlmsg.c | 21 +++------ 8 files changed, 81 insertions(+), 161 deletions(-) (limited to 'src') diff --git a/src/extra/ipv4.c b/src/extra/ipv4.c index a93d113..56d5dc7 100644 --- a/src/extra/ipv4.c +++ b/src/extra/ipv4.c @@ -32,7 +32,7 @@ * This funcion returns NULL if the IPv4 is malformed or the protocol version * is not 4. On success, it returns a valid pointer to the IPv4 header. */ -struct iphdr *nfq_ip_get_hdr(struct pkt_buff *pktb) +struct iphdr __EXPORTED *nfq_ip_get_hdr(struct pkt_buff *pktb) { struct iphdr *iph; unsigned int pktlen = pktb->tail - pktb->network_header; @@ -53,14 +53,13 @@ struct iphdr *nfq_ip_get_hdr(struct pkt_buff *pktb) return iph; } -EXPORT_SYMBOL(nfq_ip_get_hdr); /** * nfq_ip_set_transport_header - set transport header * \param pktb: pointer to network packet buffer * \param iph: pointer to the IPv4 header */ -int nfq_ip_set_transport_header(struct pkt_buff *pktb, struct iphdr *iph) +int __EXPORTED nfq_ip_set_transport_header(struct pkt_buff *pktb, struct iphdr *iph) { int doff = iph->ihl * 4; @@ -71,7 +70,6 @@ int nfq_ip_set_transport_header(struct pkt_buff *pktb, struct iphdr *iph) pktb->transport_header = pktb->network_header + doff; return 0; } -EXPORT_SYMBOL(nfq_ip_set_transport_header); /** * nfq_ip_set_checksum - set IPv4 checksum @@ -80,14 +78,13 @@ EXPORT_SYMBOL(nfq_ip_set_transport_header); * \note Call to this function if you modified the IPv4 header to update the * checksum. */ -void nfq_ip_set_checksum(struct iphdr *iph) +void __EXPORTED nfq_ip_set_checksum(struct iphdr *iph) { uint32_t iph_len = iph->ihl * 4; iph->check = 0; iph->check = nfq_checksum(0, (uint16_t *)iph, iph_len); } -EXPORT_SYMBOL(nfq_ip_set_checksum); /** * nfq_ip_mangle - mangle IPv4 packet buffer @@ -100,7 +97,7 @@ EXPORT_SYMBOL(nfq_ip_set_checksum); * * \note This function recalculates the IPv4 checksum (if needed). */ -int nfq_ip_mangle(struct pkt_buff *pkt, unsigned int dataoff, +int __EXPORTED nfq_ip_mangle(struct pkt_buff *pkt, unsigned int dataoff, unsigned int match_offset, unsigned int match_len, const char *rep_buffer, unsigned int rep_len) { @@ -116,7 +113,6 @@ int nfq_ip_mangle(struct pkt_buff *pkt, unsigned int dataoff, return 1; } -EXPORT_SYMBOL(nfq_ip_mangle); /** * nfq_pkt_snprintf_ip - print IPv4 header into buffer in iptables LOG format @@ -128,7 +124,7 @@ EXPORT_SYMBOL(nfq_ip_mangle); * case that there is enough room in the buffer. Read snprintf manpage for more * information to know more about this strange behaviour. */ -int nfq_ip_snprintf(char *buf, size_t size, const struct iphdr *iph) +int __EXPORTED nfq_ip_snprintf(char *buf, size_t size, const struct iphdr *iph) { int ret; struct in_addr src = { iph->saddr }; @@ -147,7 +143,6 @@ int nfq_ip_snprintf(char *buf, size_t size, const struct iphdr *iph) return ret; } -EXPORT_SYMBOL(nfq_ip_snprintf); /** * @} diff --git a/src/extra/ipv6.c b/src/extra/ipv6.c index 7c5dc9b..6641c6b 100644 --- a/src/extra/ipv6.c +++ b/src/extra/ipv6.c @@ -33,7 +33,7 @@ * This funcion returns NULL if an invalid header is found. On sucess, it * returns a valid pointer to the header. */ -struct ip6_hdr *nfq_ip6_get_hdr(struct pkt_buff *pktb) +struct ip6_hdr __EXPORTED *nfq_ip6_get_hdr(struct pkt_buff *pktb) { struct ip6_hdr *ip6h; unsigned int pktlen = pktb->tail - pktb->network_header; @@ -50,7 +50,6 @@ struct ip6_hdr *nfq_ip6_get_hdr(struct pkt_buff *pktb) return ip6h; } -EXPORT_SYMBOL(nfq_ip6_get_hdr); /** * nfq_ip6_set_transport_header - set transport header pointer for IPv6 packet @@ -61,7 +60,7 @@ EXPORT_SYMBOL(nfq_ip6_get_hdr); * This function returns 1 if the protocol has been found and the transport * header has been set. Otherwise, it returns 0. */ -int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h, +int __EXPORTED nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h, uint8_t target) { uint8_t nexthdr = ip6h->ip6_nxt; @@ -115,7 +114,6 @@ int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h, pktb->transport_header = cur; return cur ? 1 : 0; } -EXPORT_SYMBOL(nfq_ip6_set_transport_header); /** * nfq_ip6_snprintf - print IPv6 header into one buffer in iptables LOG format @@ -124,7 +122,7 @@ EXPORT_SYMBOL(nfq_ip6_set_transport_header); * \param ip6_hdr: pointer to a valid IPv6 header. * */ -int nfq_ip6_snprintf(char *buf, size_t size, const struct ip6_hdr *ip6h) +int __EXPORTED nfq_ip6_snprintf(char *buf, size_t size, const struct ip6_hdr *ip6h) { int ret; char src[INET6_ADDRSTRLEN]; @@ -143,7 +141,6 @@ int nfq_ip6_snprintf(char *buf, size_t size, const struct ip6_hdr *ip6h) return ret; } -EXPORT_SYMBOL(nfq_ip6_snprintf); /** * @} diff --git a/src/extra/pktbuff.c b/src/extra/pktbuff.c index 1c15a00..54d8244 100644 --- a/src/extra/pktbuff.c +++ b/src/extra/pktbuff.c @@ -40,7 +40,7 @@ * * \return a pointer to a new queue handle or NULL on failure. */ -struct pkt_buff * +struct pkt_buff __EXPORTED * pktb_alloc(int family, void *data, size_t len, size_t extra) { struct pkt_buff *pktb; @@ -84,120 +84,108 @@ pktb_alloc(int family, void *data, size_t len, size_t extra) } return pktb; } -EXPORT_SYMBOL(pktb_alloc); /** * pktb_data - return pointer to the beginning of the packet buffer * \param pktb Pointer to packet buffer */ -uint8_t *pktb_data(struct pkt_buff *pktb) +uint8_t __EXPORTED *pktb_data(struct pkt_buff *pktb) { return pktb->data; } -EXPORT_SYMBOL(pktb_data); /** * pktb_len - return length of the packet buffer * \param pktb Pointer to packet buffer */ -uint32_t pktb_len(struct pkt_buff *pktb) +uint32_t __EXPORTED pktb_len(struct pkt_buff *pktb) { return pktb->len; } -EXPORT_SYMBOL(pktb_len); /** * pktb_free - release packet buffer * \param pktb Pointer to packet buffer */ -void pktb_free(struct pkt_buff *pktb) +void __EXPORTED pktb_free(struct pkt_buff *pktb) { free(pktb); } -EXPORT_SYMBOL(pktb_free); /** * pktb_push - update pointer to the beginning of the packet buffer * \param pktb Pointer to packet buffer */ -void pktb_push(struct pkt_buff *pktb, unsigned int len) +void __EXPORTED pktb_push(struct pkt_buff *pktb, unsigned int len) { pktb->data -= len; pktb->len += len; } -EXPORT_SYMBOL(pktb_push); /** * pktb_pull - update pointer to the beginning of the packet buffer * \param pktb Pointer to packet buffer */ -void pktb_pull(struct pkt_buff *pktb, unsigned int len) +void __EXPORTED pktb_pull(struct pkt_buff *pktb, unsigned int len) { pktb->data += len; pktb->len -= len; } -EXPORT_SYMBOL(pktb_pull); /** * pktb_put - add extra bytes to the tail of the packet buffer * \param pktb Pointer to packet buffer */ -void pktb_put(struct pkt_buff *pktb, unsigned int len) +void __EXPORTED pktb_put(struct pkt_buff *pktb, unsigned int len) { pktb->tail += len; pktb->len += len; } -EXPORT_SYMBOL(pktb_put); /** * pktb_trim - set new length for this packet buffer * \param pktb Pointer to packet buffer */ -void pktb_trim(struct pkt_buff *pktb, unsigned int len) +void __EXPORTED pktb_trim(struct pkt_buff *pktb, unsigned int len) { pktb->len = len; } -EXPORT_SYMBOL(pktb_trim); /** * pktb_tailroom - get room in bytes in the tail of the packet buffer * \param pktb Pointer to packet buffer */ -unsigned int pktb_tailroom(struct pkt_buff *pktb) +unsigned int __EXPORTED pktb_tailroom(struct pkt_buff *pktb) { return pktb->data_len - pktb->len; } -EXPORT_SYMBOL(pktb_tailroom); /** * pktb_mac_header - return pointer to layer 2 header (if any) * \param pktb Pointer to packet buffer */ -uint8_t *pktb_mac_header(struct pkt_buff *pktb) +uint8_t __EXPORTED *pktb_mac_header(struct pkt_buff *pktb) { return pktb->mac_header; } -EXPORT_SYMBOL(pktb_mac_header); /** * pktb_network_header - return pointer to layer 3 header * \param pktb Pointer to packet buffer */ -uint8_t *pktb_network_header(struct pkt_buff *pktb) +uint8_t __EXPORTED *pktb_network_header(struct pkt_buff *pktb) { return pktb->network_header; } -EXPORT_SYMBOL(pktb_network_header); /** * pktb_transport_header - return pointer to layer 4 header (if any) * \param pktb Pointer to packet buffer */ -uint8_t *pktb_transport_header(struct pkt_buff *pktb) +uint8_t __EXPORTED *pktb_transport_header(struct pkt_buff *pktb) { return pktb->transport_header; } -EXPORT_SYMBOL(pktb_transport_header); static int pktb_expand_tail(struct pkt_buff *pkt, int extra) { @@ -224,7 +212,7 @@ static int enlarge_pkt(struct pkt_buff *pkt, unsigned int extra) return 1; } -int pktb_mangle(struct pkt_buff *pkt, +int __EXPORTED pktb_mangle(struct pkt_buff *pkt, unsigned int dataoff, unsigned int match_offset, unsigned int match_len, @@ -258,17 +246,15 @@ int pktb_mangle(struct pkt_buff *pkt, pkt->mangled = true; return 1; } -EXPORT_SYMBOL(pktb_mangle); /** * pktb_mangled - return true if packet has been mangled * \param pktb Pointer to packet buffer */ -bool pktb_mangled(const struct pkt_buff *pkt) +bool __EXPORTED pktb_mangled(const struct pkt_buff *pkt) { return pkt->mangled; } -EXPORT_SYMBOL(pktb_mangled); /** * @} diff --git a/src/extra/tcp.c b/src/extra/tcp.c index d1cd79d..8038ce5 100644 --- a/src/extra/tcp.c +++ b/src/extra/tcp.c @@ -40,7 +40,7 @@ * \note You have to call nfq_ip_set_transport_header or * nfq_ip6_set_transport_header first to access the TCP header. */ -struct tcphdr *nfq_tcp_get_hdr(struct pkt_buff *pktb) +struct tcphdr __EXPORTED *nfq_tcp_get_hdr(struct pkt_buff *pktb) { if (pktb->transport_header == NULL) return NULL; @@ -51,14 +51,13 @@ struct tcphdr *nfq_tcp_get_hdr(struct pkt_buff *pktb) return (struct tcphdr *)pktb->transport_header; } -EXPORT_SYMBOL(nfq_tcp_get_hdr); /** * nfq_tcp_get_payload - get the TCP packet payload * \param tcph: pointer to the TCP header * \param pktb: pointer to user-space network packet buffer */ -void *nfq_tcp_get_payload(struct tcphdr *tcph, struct pkt_buff *pktb) +void __EXPORTED *nfq_tcp_get_payload(struct tcphdr *tcph, struct pkt_buff *pktb) { unsigned int len = tcph->doff * 4; @@ -72,47 +71,43 @@ void *nfq_tcp_get_payload(struct tcphdr *tcph, struct pkt_buff *pktb) return pktb->transport_header + len; } -EXPORT_SYMBOL(nfq_tcp_get_payload); /** * nfq_tcp_get_payload_len - get the tcp packet payload * \param tcph: pointer to the TCP header * \param pktb: pointer to user-space network packet buffer */ -unsigned int +unsigned int __EXPORTED nfq_tcp_get_payload_len(struct tcphdr *tcph, struct pkt_buff *pktb) { return pktb->tail - pktb->transport_header; } -EXPORT_SYMBOL(nfq_tcp_get_payload_len); /** * nfq_tcp_set_checksum_ipv4 - computes IPv4/TCP packet checksum * \param tcph: pointer to the TCP header * \param iph: pointer to the IPv4 header */ -void +void __EXPORTED nfq_tcp_compute_checksum_ipv4(struct tcphdr *tcph, struct iphdr *iph) { /* checksum field in header needs to be zero for calculation. */ tcph->check = 0; tcph->check = nfq_checksum_tcpudp_ipv4(iph); } -EXPORT_SYMBOL(nfq_tcp_compute_checksum_ipv4); /** * nfq_tcp_set_checksum_ipv6 - computes IPv6/TCP packet checksum * \param tcph: pointer to the TCP header * \param iph: pointer to the IPv6 header */ -void +void __EXPORTED nfq_tcp_compute_checksum_ipv6(struct tcphdr *tcph, struct ip6_hdr *ip6h) { /* checksum field in header needs to be zero for calculation. */ tcph->check = 0; tcph->check = nfq_checksum_tcpudp_ipv6(ip6h, tcph); } -EXPORT_SYMBOL(nfq_tcp_compute_checksum_ipv6); /* * The union cast uses a gcc extension to avoid aliasing problems @@ -134,7 +129,7 @@ union tcp_word_hdr { * \param tcp: pointer to a valid tcp header. * */ -int nfq_tcp_snprintf(char *buf, size_t size, const struct tcphdr *tcph) +int __EXPORTED nfq_tcp_snprintf(char *buf, size_t size, const struct tcphdr *tcph) { int ret, len = 0; @@ -177,7 +172,6 @@ int nfq_tcp_snprintf(char *buf, size_t size, const struct tcphdr *tcph) return ret; } -EXPORT_SYMBOL(nfq_tcp_snprintf); /** * nfq_tcp_mangle_ipv4 - mangle TCP/IPv4 packet buffer @@ -189,7 +183,7 @@ EXPORT_SYMBOL(nfq_tcp_snprintf); * * \note This function recalculates the IPv4 and TCP checksums for you. */ -int +int __EXPORTED nfq_tcp_mangle_ipv4(struct pkt_buff *pkt, unsigned int match_offset, unsigned int match_len, const char *rep_buffer, unsigned int rep_len) @@ -208,7 +202,6 @@ nfq_tcp_mangle_ipv4(struct pkt_buff *pkt, return 1; } -EXPORT_SYMBOL(nfq_tcp_mangle_ipv4); /** * @} diff --git a/src/extra/udp.c b/src/extra/udp.c index 8c44a66..99c8faa 100644 --- a/src/extra/udp.c +++ b/src/extra/udp.c @@ -37,7 +37,7 @@ * This function returns NULL if invalid UDP header is found. On success, * it returns the UDP header. */ -struct udphdr *nfq_udp_get_hdr(struct pkt_buff *pktb) +struct udphdr __EXPORTED *nfq_udp_get_hdr(struct pkt_buff *pktb) { if (pktb->transport_header == NULL) return NULL; @@ -48,14 +48,13 @@ struct udphdr *nfq_udp_get_hdr(struct pkt_buff *pktb) return (struct udphdr *)pktb->transport_header; } -EXPORT_SYMBOL(nfq_udp_get_hdr); /** * nfq_udp_get_payload - get the UDP packet payload. * \param udph: the pointer to the UDP header. * \param tail: pointer to the tail of the packet */ -void *nfq_udp_get_payload(struct udphdr *udph, struct pkt_buff *pktb) +void __EXPORTED *nfq_udp_get_payload(struct udphdr *udph, struct pkt_buff *pktb) { uint16_t len = ntohs(udph->len); @@ -69,17 +68,15 @@ void *nfq_udp_get_payload(struct udphdr *udph, struct pkt_buff *pktb) return pktb->transport_header + sizeof(struct udphdr); } -EXPORT_SYMBOL(nfq_udp_get_payload); /** * nfq_udp_get_payload_len - get the udp packet payload. * \param udp: the pointer to the udp header. */ -unsigned int nfq_udp_get_payload_len(struct udphdr *udph, struct pkt_buff *pktb) +unsigned int __EXPORTED nfq_udp_get_payload_len(struct udphdr *udph, struct pkt_buff *pktb) { return pktb->tail - pktb->transport_header; } -EXPORT_SYMBOL(nfq_udp_get_payload_len); /** * nfq_udp_set_checksum_ipv4 - computes a IPv4/TCP packet's segment @@ -91,14 +88,13 @@ EXPORT_SYMBOL(nfq_udp_get_payload_len); * \see nfq_pkt_compute_ip_checksum * \see nfq_pkt_compute_udp_checksum */ -void +void __EXPORTED nfq_udp_compute_checksum_ipv4(struct udphdr *udph, struct iphdr *iph) { /* checksum field in header needs to be zero for calculation. */ udph->check = 0; udph->check = nfq_checksum_tcpudp_ipv4(iph); } -EXPORT_SYMBOL(nfq_udp_compute_checksum_ipv4); /** * nfq_udp_set_checksum_ipv6 - computes a IPv6/TCP packet's segment @@ -110,14 +106,13 @@ EXPORT_SYMBOL(nfq_udp_compute_checksum_ipv4); * \see nfq_pkt_compute_ip_checksum * \see nfq_pkt_compute_udp_checksum */ -void +void __EXPORTED nfq_udp_compute_checksum_ipv6(struct udphdr *udph, struct ip6_hdr *ip6h) { /* checksum field in header needs to be zero for calculation. */ udph->check = 0; udph->check = nfq_checksum_tcpudp_ipv6(ip6h, udph); } -EXPORT_SYMBOL(nfq_udp_compute_checksum_ipv6); /** * nfq_tcp_mangle_ipv4 - mangle TCP/IPv4 packet buffer @@ -129,7 +124,7 @@ EXPORT_SYMBOL(nfq_udp_compute_checksum_ipv6); * * \note This function recalculates the IPv4 and TCP checksums for you. */ -int +int __EXPORTED nfq_udp_mangle_ipv4(struct pkt_buff *pkt, unsigned int match_offset, unsigned int match_len, const char *rep_buffer, unsigned int rep_len) @@ -148,7 +143,6 @@ nfq_udp_mangle_ipv4(struct pkt_buff *pkt, return 1; } -EXPORT_SYMBOL(nfq_udp_mangle_ipv4); /** * nfq_pkt_snprintf_udp_hdr - print udp header into one buffer in a humnan @@ -158,12 +152,11 @@ EXPORT_SYMBOL(nfq_udp_mangle_ipv4); * \param udp: pointer to a valid udp header. * */ -int nfq_udp_snprintf(char *buf, size_t size, const struct udphdr *udph) +int __EXPORTED nfq_udp_snprintf(char *buf, size_t size, const struct udphdr *udph) { return snprintf(buf, size, "SPT=%u DPT=%u ", htons(udph->source), htons(udph->dest)); } -EXPORT_SYMBOL(nfq_udp_snprintf); /** * @} diff --git a/src/internal.h b/src/internal.h index 558d267..79b0752 100644 --- a/src/internal.h +++ b/src/internal.h @@ -5,10 +5,9 @@ #include #include #ifdef HAVE_VISIBILITY_HIDDEN -# define __visible __attribute__((visibility("default"))) -# define EXPORT_SYMBOL(x) typeof(x) (x) __visible +# define __EXPORTED __attribute__((visibility("default"))) #else -# define EXPORT_SYMBOL +# define __EXPORTED #endif struct iphdr; diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c index 065d618..ab0b66b 100644 --- a/src/libnetfilter_queue.c +++ b/src/libnetfilter_queue.c @@ -133,8 +133,7 @@ struct nfq_data { struct nfattr **data; }; -int nfq_errno; -EXPORT_SYMBOL(nfq_errno); +int __EXPORTED nfq_errno; /*********************************************************************** * low level stuff @@ -218,11 +217,10 @@ static int __nfq_rcv_pkt(struct nlmsghdr *nlh, struct nfattr *nfa[], /* public interface */ -struct nfnl_handle *nfq_nfnlh(struct nfq_handle *h) +struct nfnl_handle __EXPORTED *nfq_nfnlh(struct nfq_handle *h) { return h->nfnlh; } -EXPORT_SYMBOL(nfq_nfnlh); /** * @@ -294,11 +292,10 @@ EXPORT_SYMBOL(nfq_nfnlh); * over the netlink connection associated with the given queue connection * handle. */ -int nfq_fd(struct nfq_handle *h) +int __EXPORTED nfq_fd(struct nfq_handle *h) { return nfnl_fd(nfq_nfnlh(h)); } -EXPORT_SYMBOL(nfq_fd); /** * @} */ @@ -349,7 +346,7 @@ EXPORT_SYMBOL(nfq_fd); * * \return a pointer to a new queue handle or NULL on failure. */ -struct nfq_handle *nfq_open(void) +struct nfq_handle __EXPORTED *nfq_open(void) { struct nfnl_handle *nfnlh = nfnl_open(); struct nfq_handle *qh; @@ -366,7 +363,6 @@ struct nfq_handle *nfq_open(void) return qh; } -EXPORT_SYMBOL(nfq_open); /** * @} @@ -382,7 +378,7 @@ EXPORT_SYMBOL(nfq_open); * * \return a pointer to a new queue handle or NULL on failure. */ -struct nfq_handle *nfq_open_nfnl(struct nfnl_handle *nfnlh) +struct nfq_handle __EXPORTED *nfq_open_nfnl(struct nfnl_handle *nfnlh) { struct nfnl_callback pkt_cb = { .call = __nfq_rcv_pkt, @@ -419,7 +415,6 @@ out_free: free(h); return NULL; } -EXPORT_SYMBOL(nfq_open_nfnl); /** * \addtogroup LibrarySetup @@ -438,7 +433,7 @@ EXPORT_SYMBOL(nfq_open_nfnl); * * \return 0 on success, non-zero on failure. */ -int nfq_close(struct nfq_handle *h) +int __EXPORTED nfq_close(struct nfq_handle *h) { int ret; @@ -447,7 +442,6 @@ int nfq_close(struct nfq_handle *h) free(h); return ret; } -EXPORT_SYMBOL(nfq_close); /** * nfq_bind_pf - bind a nfqueue handler to a given protocol family @@ -460,11 +454,10 @@ EXPORT_SYMBOL(nfq_close); * * \return integer inferior to 0 in case of failure */ -int nfq_bind_pf(struct nfq_handle *h, uint16_t pf) +int __EXPORTED nfq_bind_pf(struct nfq_handle *h, uint16_t pf) { return __build_send_cfg_msg(h, NFQNL_CFG_CMD_PF_BIND, 0, pf); } -EXPORT_SYMBOL(nfq_bind_pf); /** * nfq_unbind_pf - unbind nfqueue handler from a protocol family @@ -476,11 +469,10 @@ EXPORT_SYMBOL(nfq_bind_pf); * * This call is obsolete, Linux kernels from 3.8 onwards ignore it. */ -int nfq_unbind_pf(struct nfq_handle *h, uint16_t pf) +int __EXPORTED nfq_unbind_pf(struct nfq_handle *h, uint16_t pf) { return __build_send_cfg_msg(h, NFQNL_CFG_CMD_PF_UNBIND, 0, pf); } -EXPORT_SYMBOL(nfq_unbind_pf); /** @@ -524,7 +516,7 @@ typedef int nfq_callback(struct nfq_q_handle *qh, * The callback should return < 0 to stop processing. */ -struct nfq_q_handle *nfq_create_queue(struct nfq_handle *h, +struct nfq_q_handle __EXPORTED *nfq_create_queue(struct nfq_handle *h, uint16_t num, nfq_callback *cb, void *data) @@ -555,7 +547,6 @@ struct nfq_q_handle *nfq_create_queue(struct nfq_handle *h, add_qh(qh); return qh; } -EXPORT_SYMBOL(nfq_create_queue); /** * @} @@ -573,7 +564,7 @@ EXPORT_SYMBOL(nfq_create_queue); * Removes the binding for the specified queue handle. This call also unbind * from the nfqueue handler, so you don't have to call nfq_unbind_pf. */ -int nfq_destroy_queue(struct nfq_q_handle *qh) +int __EXPORTED nfq_destroy_queue(struct nfq_q_handle *qh) { int ret = __build_send_cfg_msg(qh->h, NFQNL_CFG_CMD_UNBIND, qh->id, 0); if (ret == 0) { @@ -583,7 +574,6 @@ int nfq_destroy_queue(struct nfq_q_handle *qh) return ret; } -EXPORT_SYMBOL(nfq_destroy_queue); /** * nfq_handle_packet - handle a packet received from the nfqueue subsystem @@ -597,11 +587,10 @@ EXPORT_SYMBOL(nfq_destroy_queue); * * \return 0 on success, non-zero on failure. */ -int nfq_handle_packet(struct nfq_handle *h, char *buf, int len) +int __EXPORTED nfq_handle_packet(struct nfq_handle *h, char *buf, int len) { return nfnl_handle_packet(h->nfnlh, buf, len); } -EXPORT_SYMBOL(nfq_handle_packet); /** * nfq_set_mode - set the amount of packet data that nfqueue copies to userspace @@ -618,7 +607,7 @@ EXPORT_SYMBOL(nfq_handle_packet); * * \return -1 on error; >=0 otherwise. */ -int nfq_set_mode(struct nfq_q_handle *qh, +int __EXPORTED nfq_set_mode(struct nfq_q_handle *qh, uint8_t mode, uint32_t range) { union { @@ -638,7 +627,6 @@ int nfq_set_mode(struct nfq_q_handle *qh, return nfnl_query(qh->h->nfnlh, &u.nmh); } -EXPORT_SYMBOL(nfq_set_mode); /** * nfq_set_queue_flags - set flags (options) for the kernel queue @@ -690,7 +678,7 @@ EXPORT_SYMBOL(nfq_set_mode); * * \return -1 on error with errno set appropriately; =0 otherwise. */ -int nfq_set_queue_flags(struct nfq_q_handle *qh, +int __EXPORTED nfq_set_queue_flags(struct nfq_q_handle *qh, uint32_t mask, uint32_t flags) { union { @@ -711,7 +699,6 @@ int nfq_set_queue_flags(struct nfq_q_handle *qh, return nfnl_query(qh->h->nfnlh, &u.nmh); } -EXPORT_SYMBOL(nfq_set_queue_flags); /** * nfq_set_queue_maxlen - Set kernel queue maximum length parameter @@ -724,7 +711,7 @@ EXPORT_SYMBOL(nfq_set_queue_flags); * * \return -1 on error; >=0 otherwise. */ -int nfq_set_queue_maxlen(struct nfq_q_handle *qh, +int __EXPORTED nfq_set_queue_maxlen(struct nfq_q_handle *qh, uint32_t queuelen) { union { @@ -742,7 +729,6 @@ int nfq_set_queue_maxlen(struct nfq_q_handle *qh, return nfnl_query(qh->h->nfnlh, &u.nmh); } -EXPORT_SYMBOL(nfq_set_queue_maxlen); /** * @} @@ -829,14 +815,13 @@ static int __set_verdict(struct nfq_q_handle *qh, uint32_t id, * * \return -1 on error; >= 0 otherwise. */ -int nfq_set_verdict(struct nfq_q_handle *qh, uint32_t id, +int __EXPORTED nfq_set_verdict(struct nfq_q_handle *qh, uint32_t id, uint32_t verdict, uint32_t data_len, const unsigned char *buf) { return __set_verdict(qh, id, verdict, 0, 0, data_len, buf, NFQNL_MSG_VERDICT); } -EXPORT_SYMBOL(nfq_set_verdict); /** * nfq_set_verdict2 - like nfq_set_verdict, but you can set the mark. @@ -847,14 +832,13 @@ EXPORT_SYMBOL(nfq_set_verdict); * \param data_len number of bytes of data pointed to by #buf * \param buf the buffer that contains the packet data */ -int nfq_set_verdict2(struct nfq_q_handle *qh, uint32_t id, +int __EXPORTED nfq_set_verdict2(struct nfq_q_handle *qh, uint32_t id, uint32_t verdict, uint32_t mark, uint32_t data_len, const unsigned char *buf) { return __set_verdict(qh, id, verdict, htonl(mark), 1, data_len, buf, NFQNL_MSG_VERDICT); } -EXPORT_SYMBOL(nfq_set_verdict2); /** * nfq_set_verdict_batch - issue verdicts on several packets at once @@ -868,13 +852,12 @@ EXPORT_SYMBOL(nfq_set_verdict2); * batch support was added in Linux 3.1. * These functions will fail silently on older kernels. */ -int nfq_set_verdict_batch(struct nfq_q_handle *qh, uint32_t id, +int __EXPORTED nfq_set_verdict_batch(struct nfq_q_handle *qh, uint32_t id, uint32_t verdict) { return __set_verdict(qh, id, verdict, 0, 0, 0, NULL, NFQNL_MSG_VERDICT_BATCH); } -EXPORT_SYMBOL(nfq_set_verdict_batch); /** * nfq_set_verdict_batch2 - like nfq_set_verdict_batch, but you can set a mark. @@ -883,13 +866,12 @@ EXPORT_SYMBOL(nfq_set_verdict_batch); * \param verdict verdict to return to netfilter (NF_ACCEPT, NF_DROP) * \param mark mark to put on packet */ -int nfq_set_verdict_batch2(struct nfq_q_handle *qh, uint32_t id, +int __EXPORTED nfq_set_verdict_batch2(struct nfq_q_handle *qh, uint32_t id, uint32_t verdict, uint32_t mark) { return __set_verdict(qh, id, verdict, htonl(mark), 1, 0, NULL, NFQNL_MSG_VERDICT_BATCH); } -EXPORT_SYMBOL(nfq_set_verdict_batch2); /** * nfq_set_verdict_mark - like nfq_set_verdict, but you can set the mark. @@ -905,14 +887,13 @@ EXPORT_SYMBOL(nfq_set_verdict_batch2); * This function is deprecated since it is broken, its use is highly * discouraged. Please, use nfq_set_verdict2 instead. */ -int nfq_set_verdict_mark(struct nfq_q_handle *qh, uint32_t id, +int __EXPORTED nfq_set_verdict_mark(struct nfq_q_handle *qh, uint32_t id, uint32_t verdict, uint32_t mark, uint32_t data_len, const unsigned char *buf) { return __set_verdict(qh, id, verdict, mark, 1, data_len, buf, NFQNL_MSG_VERDICT); } -EXPORT_SYMBOL(nfq_set_verdict_mark); /** * @} @@ -947,12 +928,11 @@ EXPORT_SYMBOL(nfq_set_verdict_mark); } __attribute__ ((packed)); \endverbatim */ -struct nfqnl_msg_packet_hdr *nfq_get_msg_packet_hdr(struct nfq_data *nfad) +struct nfqnl_msg_packet_hdr __EXPORTED *nfq_get_msg_packet_hdr(struct nfq_data *nfad) { return nfnl_get_pointer_to_data(nfad->data, NFQA_PACKET_HDR, struct nfqnl_msg_packet_hdr); } -EXPORT_SYMBOL(nfq_get_msg_packet_hdr); /** * nfq_get_nfmark - get the packet mark @@ -960,11 +940,10 @@ EXPORT_SYMBOL(nfq_get_msg_packet_hdr); * * \return the netfilter mark currently assigned to the given queued packet. */ -uint32_t nfq_get_nfmark(struct nfq_data *nfad) +uint32_t __EXPORTED nfq_get_nfmark(struct nfq_data *nfad) { return ntohl(nfnl_get_data(nfad->data, NFQA_MARK, uint32_t)); } -EXPORT_SYMBOL(nfq_get_nfmark); /** * nfq_get_timestamp - get the packet timestamp @@ -975,7 +954,7 @@ EXPORT_SYMBOL(nfq_get_nfmark); * * \return 0 on success, non-zero on failure. */ -int nfq_get_timestamp(struct nfq_data *nfad, struct timeval *tv) +int __EXPORTED nfq_get_timestamp(struct nfq_data *nfad, struct timeval *tv) { struct nfqnl_msg_packet_timestamp *qpt; qpt = nfnl_get_pointer_to_data(nfad->data, NFQA_TIMESTAMP, @@ -988,7 +967,6 @@ int nfq_get_timestamp(struct nfq_data *nfad, struct timeval *tv) return 0; } -EXPORT_SYMBOL(nfq_get_timestamp); /** * nfq_get_indev - get the interface that the packet was received through @@ -1001,11 +979,10 @@ EXPORT_SYMBOL(nfq_get_timestamp); * \warning all nfq_get_dev() functions return 0 if not set, since linux * only allows ifindex >= 1, see net/core/dev.c:2600 (in 2.6.13.1) */ -uint32_t nfq_get_indev(struct nfq_data *nfad) +uint32_t __EXPORTED nfq_get_indev(struct nfq_data *nfad) { return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_INDEV, uint32_t)); } -EXPORT_SYMBOL(nfq_get_indev); /** * nfq_get_physindev - get the physical interface that the packet was received @@ -1015,11 +992,10 @@ EXPORT_SYMBOL(nfq_get_indev); * If the returned index is 0, the packet was locally generated or the * physical input interface is no longer known (ie. POSTROUTING?). */ -uint32_t nfq_get_physindev(struct nfq_data *nfad) +uint32_t __EXPORTED nfq_get_physindev(struct nfq_data *nfad) { return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_PHYSINDEV, uint32_t)); } -EXPORT_SYMBOL(nfq_get_physindev); /** * nfq_get_outdev - gets the interface that the packet will be routed out @@ -1029,11 +1005,10 @@ EXPORT_SYMBOL(nfq_get_physindev); * returned index is 0, the packet is destined for localhost or the output * interface is not yet known (ie. PREROUTING?). */ -uint32_t nfq_get_outdev(struct nfq_data *nfad) +uint32_t __EXPORTED nfq_get_outdev(struct nfq_data *nfad) { return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_OUTDEV, uint32_t)); } -EXPORT_SYMBOL(nfq_get_outdev); /** * nfq_get_physoutdev - get the physical interface that the packet output @@ -1045,11 +1020,10 @@ EXPORT_SYMBOL(nfq_get_outdev); * * \return The index of physical interface that the packet output will be routed out. */ -uint32_t nfq_get_physoutdev(struct nfq_data *nfad) +uint32_t __EXPORTED nfq_get_physoutdev(struct nfq_data *nfad) { return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_PHYSOUTDEV, uint32_t)); } -EXPORT_SYMBOL(nfq_get_physoutdev); /** * nfq_get_indev_name - get the name of the interface the packet @@ -1089,13 +1063,12 @@ EXPORT_SYMBOL(nfq_get_physoutdev); \endverbatim * */ -int nfq_get_indev_name(struct nlif_handle *nlif_handle, +int __EXPORTED nfq_get_indev_name(struct nlif_handle *nlif_handle, struct nfq_data *nfad, char *name) { uint32_t ifindex = nfq_get_indev(nfad); return nlif_index2name(nlif_handle, ifindex, name); } -EXPORT_SYMBOL(nfq_get_indev_name); /** * nfq_get_physindev_name - get the name of the physical interface the @@ -1109,13 +1082,12 @@ EXPORT_SYMBOL(nfq_get_indev_name); * * \return -1 in case of error, > 0 if it succeed. */ -int nfq_get_physindev_name(struct nlif_handle *nlif_handle, +int __EXPORTED nfq_get_physindev_name(struct nlif_handle *nlif_handle, struct nfq_data *nfad, char *name) { uint32_t ifindex = nfq_get_physindev(nfad); return nlif_index2name(nlif_handle, ifindex, name); } -EXPORT_SYMBOL(nfq_get_physindev_name); /** * nfq_get_outdev_name - get the name of the physical interface the @@ -1129,13 +1101,12 @@ EXPORT_SYMBOL(nfq_get_physindev_name); * * \return -1 in case of error, > 0 if it succeed. */ -int nfq_get_outdev_name(struct nlif_handle *nlif_handle, +int __EXPORTED nfq_get_outdev_name(struct nlif_handle *nlif_handle, struct nfq_data *nfad, char *name) { uint32_t ifindex = nfq_get_outdev(nfad); return nlif_index2name(nlif_handle, ifindex, name); } -EXPORT_SYMBOL(nfq_get_outdev_name); /** * nfq_get_physoutdev_name - get the name of the interface the @@ -1150,13 +1121,12 @@ EXPORT_SYMBOL(nfq_get_outdev_name); * \return -1 in case of error, > 0 if it succeed. */ -int nfq_get_physoutdev_name(struct nlif_handle *nlif_handle, +int __EXPORTED nfq_get_physoutdev_name(struct nlif_handle *nlif_handle, struct nfq_data *nfad, char *name) { uint32_t ifindex = nfq_get_physoutdev(nfad); return nlif_index2name(nlif_handle, ifindex, name); } -EXPORT_SYMBOL(nfq_get_physoutdev_name); /** * nfq_get_packet_hw @@ -1180,12 +1150,11 @@ EXPORT_SYMBOL(nfq_get_physoutdev_name); } __attribute__ ((packed)); \endverbatim */ -struct nfqnl_msg_packet_hw *nfq_get_packet_hw(struct nfq_data *nfad) +struct nfqnl_msg_packet_hw __EXPORTED *nfq_get_packet_hw(struct nfq_data *nfad) { return nfnl_get_pointer_to_data(nfad->data, NFQA_HWADDR, struct nfqnl_msg_packet_hw); } -EXPORT_SYMBOL(nfq_get_packet_hw); /** * nfq_get_uid - get the UID of the user the packet belongs to @@ -1193,7 +1162,7 @@ EXPORT_SYMBOL(nfq_get_packet_hw); * * \return 1 if there is a UID available, 0 otherwise. */ -int nfq_get_uid(struct nfq_data *nfad, uint32_t *uid) +int __EXPORTED nfq_get_uid(struct nfq_data *nfad, uint32_t *uid) { if (!nfnl_attr_present(nfad->data, NFQA_UID)) return 0; @@ -1201,7 +1170,6 @@ int nfq_get_uid(struct nfq_data *nfad, uint32_t *uid) *uid = ntohl(nfnl_get_data(nfad->data, NFQA_UID, uint32_t)); return 1; } -EXPORT_SYMBOL(nfq_get_uid); /** * nfq_get_gid - get the GID of the user the packet belongs to @@ -1209,7 +1177,7 @@ EXPORT_SYMBOL(nfq_get_uid); * * \return 1 if there is a GID available, 0 otherwise. */ -int nfq_get_gid(struct nfq_data *nfad, uint32_t *gid) +int __EXPORTED nfq_get_gid(struct nfq_data *nfad, uint32_t *gid) { if (!nfnl_attr_present(nfad->data, NFQA_GID)) return 0; @@ -1217,7 +1185,6 @@ int nfq_get_gid(struct nfq_data *nfad, uint32_t *gid) *gid = ntohl(nfnl_get_data(nfad->data, NFQA_GID, uint32_t)); return 1; } -EXPORT_SYMBOL(nfq_get_gid); /** @@ -1227,7 +1194,7 @@ EXPORT_SYMBOL(nfq_get_gid); * * \return -1 on error, otherwise > 0 */ -int nfq_get_secctx(struct nfq_data *nfad, unsigned char **secdata) +int __EXPORTED nfq_get_secctx(struct nfq_data *nfad, unsigned char **secdata) { if (!nfnl_attr_present(nfad->data, NFQA_SECCTX)) return -1; @@ -1240,7 +1207,6 @@ int nfq_get_secctx(struct nfq_data *nfad, unsigned char **secdata) return 0; } -EXPORT_SYMBOL(nfq_get_secctx); /** * nfq_get_payload - get payload @@ -1253,7 +1219,7 @@ EXPORT_SYMBOL(nfq_get_secctx); * * \return -1 on error, otherwise > 0. */ -int nfq_get_payload(struct nfq_data *nfad, unsigned char **data) +int __EXPORTED nfq_get_payload(struct nfq_data *nfad, unsigned char **data) { *data = (unsigned char *) nfnl_get_pointer_to_data(nfad->data, NFQA_PAYLOAD, char); @@ -1262,7 +1228,6 @@ int nfq_get_payload(struct nfq_data *nfad, unsigned char **data) return -1; } -EXPORT_SYMBOL(nfq_get_payload); /** * @} @@ -1307,7 +1272,7 @@ do { \ * would have been printed into the buffer (in case that there is enough * room in it). See snprintf() return value for more information. */ -int nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags) +int __EXPORTED nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags) { struct nfqnl_msg_packet_hdr *ph; struct nfqnl_msg_packet_hw *hwph; @@ -1460,7 +1425,6 @@ int nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags) return len; } -EXPORT_SYMBOL(nfq_snprintf_xml); /** * @} diff --git a/src/nlmsg.c b/src/nlmsg.c index ba28c77..5582407 100644 --- a/src/nlmsg.c +++ b/src/nlmsg.c @@ -30,7 +30,7 @@ * @{ */ -void nfq_nlmsg_verdict_put(struct nlmsghdr *nlh, int id, int verdict) +void __EXPORTED nfq_nlmsg_verdict_put(struct nlmsghdr *nlh, int id, int verdict) { struct nfqnl_msg_verdict_hdr vh = { .verdict = htonl(verdict), @@ -38,20 +38,17 @@ void nfq_nlmsg_verdict_put(struct nlmsghdr *nlh, int id, int verdict) }; mnl_attr_put(nlh, NFQA_VERDICT_HDR, sizeof(vh), &vh); } -EXPORT_SYMBOL(nfq_nlmsg_verdict_put); -void nfq_nlmsg_verdict_put_mark(struct nlmsghdr *nlh, uint32_t mark) +void __EXPORTED nfq_nlmsg_verdict_put_mark(struct nlmsghdr *nlh, uint32_t mark) { mnl_attr_put_u32(nlh, NFQA_MARK, htonl(mark)); } -EXPORT_SYMBOL(nfq_nlmsg_verdict_put_mark); -void +void __EXPORTED nfq_nlmsg_verdict_put_pkt(struct nlmsghdr *nlh, const void *pkt, uint32_t plen) { mnl_attr_put(nlh, NFQA_PAYLOAD, plen, pkt); } -EXPORT_SYMBOL(nfq_nlmsg_verdict_put_pkt); /** * @} @@ -85,7 +82,7 @@ EXPORT_SYMBOL(nfq_nlmsg_verdict_put_pkt); * given protocol family. Both commands are ignored by Linux kernel 3.8 and * later versions. */ -void nfq_nlmsg_cfg_put_cmd(struct nlmsghdr *nlh, uint16_t pf, uint8_t cmd) +void __EXPORTED nfq_nlmsg_cfg_put_cmd(struct nlmsghdr *nlh, uint16_t pf, uint8_t cmd) { struct nfqnl_msg_config_cmd command = { .command = cmd, @@ -93,9 +90,8 @@ void nfq_nlmsg_cfg_put_cmd(struct nlmsghdr *nlh, uint16_t pf, uint8_t cmd) }; mnl_attr_put(nlh, NFQA_CFG_CMD, sizeof(command), &command); } -EXPORT_SYMBOL(nfq_nlmsg_cfg_put_cmd); -void nfq_nlmsg_cfg_put_params(struct nlmsghdr *nlh, uint8_t mode, int range) +void __EXPORTED nfq_nlmsg_cfg_put_params(struct nlmsghdr *nlh, uint8_t mode, int range) { struct nfqnl_msg_config_params params = { .copy_range = htonl(range), @@ -103,13 +99,11 @@ void nfq_nlmsg_cfg_put_params(struct nlmsghdr *nlh, uint8_t mode, int range) }; mnl_attr_put(nlh, NFQA_CFG_PARAMS, sizeof(params), ¶ms); } -EXPORT_SYMBOL(nfq_nlmsg_cfg_put_params); -void nfq_nlmsg_cfg_put_qmaxlen(struct nlmsghdr *nlh, uint32_t queue_maxlen) +void __EXPORTED nfq_nlmsg_cfg_put_qmaxlen(struct nlmsghdr *nlh, uint32_t queue_maxlen) { mnl_attr_put_u32(nlh, NFQA_CFG_QUEUE_MAXLEN, htonl(queue_maxlen)); } -EXPORT_SYMBOL(nfq_nlmsg_cfg_put_qmaxlen); /** * @} @@ -179,12 +173,11 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data) * This function returns MNL_CB_ERROR if any error occurs, or MNL_CB_OK on * success. */ -int nfq_nlmsg_parse(const struct nlmsghdr *nlh, struct nlattr **attr) +int __EXPORTED nfq_nlmsg_parse(const struct nlmsghdr *nlh, struct nlattr **attr) { return mnl_attr_parse(nlh, sizeof(struct nfgenmsg), nfq_pkt_parse_attr_cb, attr); } -EXPORT_SYMBOL(nfq_nlmsg_parse); /** * @} -- cgit v1.2.3