| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
The function may return -1 (and set errno). Assume it will leave
addr_len value unchanged, so checking is necessary to not hide the
error.
Fixes: 4248314d40187 ("nfnl: fix compilation warning with gcc-4.7")
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
|
|
|
|
|
|
|
|
| |
src/iftable.c: Update group description
src/libnfnetlink.c: - Re-work main page (which was based on the misconception
that this library always gets used)
- Update group description
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The documentation was written in the days before doxygen required groups or even
doxygen.cfg, so create doxygen.cfg.in and introduce one \defgroup per source
file, encompassing pretty-much the whole file.
Also add a tiny \mainpage.
Added:
doxygen.cfg.in: Same as for libmnl except FILE_PATTERNS = *.c libnfnetlink.h
Updated:
configure.ac: Create doxygen.cfg
src/iftable.c: Add defgroup
src/libnfnetlink.c: Add mainpage and defgroup
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
They are:
recalc_rebind_subscriptions
rtnl_close
rtnl_dump_type
rtnl_handler_register
rtnl_handler_unregister
rtnl_open
rtnl_parse_rtattr
rtnl_receive
rtnl_receive_multi
Signed-off-by: Yury Gribov <tetra2005@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
| |
Signed-off-by: Felix Janda <felix.janda@posteo.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
==12195== Syscall param socketcall.sendto(msg) points to uninitialised byte(s)
==12195== at 0x51209C3: __sendto_nocancel (syscall-template.S:81)
==12195== by 0x53E4D12: nfnl_send (libnfnetlink.c:391)
==12195== by 0x53E6952: nfnl_query (libnfnetlink.c:1569)
==12195== by 0x4E344AF: __build_send_cfg_msg.isra.1 (libnetfilter_log.c:143)
==12195== by 0x4E34710: nflog_bind_group (libnetfilter_log.c:413)
==12195== by 0x400CB1: main (nfulnl_test.c:77)
==12195== Address 0x7fefff3e9 is on thread 1's stack
This patch sets to zero the padding that is included to align the
attribute payload.
Reported-by: Ivan Homoliak <xhomol11@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
Since (3956761 license: upgrade to GPLv2+), we upgraded to GPLv2+,
propagate that changes to src/iftable.c and src/rtnl.c
Reported-by: Thomas Woerner <twoerner@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
libnfnetlink.c: In function ‘nfnl_open’:
libnfnetlink.c:177:6: warning: variable ‘err’ set but not used [-Wunused-but-set-variable]
The getsockname value was not checked before. Better to check for errors, but
I prefer not to modify this behaviour. This library will enter EOL once all
netfilter libraries are fully ported to libmnl.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RTM_GETLINK with NLM_F_DUMP returns a multi-part netlink message.
The existing code only handled the first message of it, thus,
ignoring the remaining interfaces.
This is the cause of the following bug in conntrackd:
[Thu Aug 9 14:14:23 2012] (pid=3819) [notice] -- starting in daemon mode --
[Thu Aug 9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available!
[Thu Aug 9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available!
[Thu Aug 9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available!
[Thu Aug 9 14:19:54 2012] (pid=3819) [notice] ---- shutdown received ----
Thanks to Jan Engelhardt for providing useful pointer to address the
problem.
Reported-by: Arturo Borrero <aborrero@cica.es>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch updates the copyright header and remove one ambiguos
reference "incorporated herein by reference".
This patch does *not* change the licensing terms of this library.
It just clarifies it.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
Using exit from shared libraries is unwelcome (automated build systems
flag it) and one should rather return gracefully. Looking at this
particular spot however, while a
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
|
|
|
| |
static analysis (analysis based only on compiling of sources, not based on running of binary)
of the code revealed the following problem:
libnfnetlink.c:481: Taking the size of pointer parameter "nlh" is suspicious.
libnfnetlink.c:486: Taking the size of pointer parameter "nlh" is suspicious.
Signed-off-by: Jiri Popelka <jpopelka@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
| |
libtool automatically adds PIC flags as needed.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
| |
Need to unregister the ifadd_handler in err_unregister instead of
unregistering ifdel_handler.
Signed-off-by: Andrey Kuzin <kuzinandrey@yandex.ru>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch adds the function nfnl_addattr8() as it has been requested
by Jozsef Kadlecsik, he needs it for his Netlink-port of ipset.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch adds the new interface nfnl_portid() to retrieve the
Netlink portID that has been assigned to a given socket.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch removes RTMGRP_IPV4_ROUTE and RTMGRP_IPV4_IFADDR which
report event notifications about changes in the route and address
of interfaces. We are only interested in the interface link status
so RTMGRP_LINK is enough.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a couple of functions to enable and disable netlink
sequence tracking. Since nfqueue goes over a unicast socket, the
same channel to receive control messages and packets is used. This
leads to race conditions that may trigger sporious out-of-sequence
errors while creating queues and receiving high load of packets at
the same time.
Reported-by: Anton Vazir <anton.vazir@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This patch adds the nlif_get_ifflags to get the interface flags.
This patch also modifies the example file to display if a network
interface is running or not.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch fixes a possible re-insertion of an existing entry in
the list of interfaces.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
Following compilation warning pointed out by Jan Engelhardt, this patch
suppresses the iftable_up function which is of no use in this part of
libnfnetlink library whom goal is to do ifindex to name resolution.
|
|
|
|
|
|
|
|
| |
Aligns buffer to maximum aligment of architecture to make the cast of
char pointers to struct pointers more portable. Packet decoding is still
broken on particular platforms.
Signed-off-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch>
|
| |
|
|
|
|
| |
the nlif_close path)
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nfnl_catch. This revision changes the behaviour of nfnl_catch which does not
perform a peek-and-resize if the buffer size used by nfnl_recv is too small.
The only known client which may be affected by this change is
libnetfilter_conntrack. However, this library uses nfnl_catch to get conntrack
events which are always much smaller than 4096 bytes (default receive buffer
size).
This change boosts up performance in the receive path since we do only one recv
instead of two.
|
|
|
|
|
|
|
| |
Fix endless loop on unknown netfilter attributes.
This prevents an endless loop when nfnl_check_attributes() sees
an unknown attribute.
|
| |
|
|
|
|
|
| |
attached patch fixes compilation of libnfnetlink for old glibc versions.
Otherwise "struct iovec" is undefined.
|
| |
|
| |
|
| |
|
|
|
|
| |
- added a test file to utils/iftest.c
|
|
|
|
| |
available at sys/types.h
|
| |
|
|
|
|
|
|
|
|
|
| |
- add iterator API
- add replacements for nfnl_listen and nfnl_talk
- fix error handling
- add assertions
- add documentation
- minor cleanups
|
| |
|
|
|
|
| |
since that compromises interoperability with future kernels which might introduce new attributes.
|
|
|
|
| |
alignment issue when nfnl_handle_packet is called as well. (Pablo Neira)
|
|
|
|
| |
is called. (Pablo Neira)
|
| |
|
|
|
|
| |
multiple nfnetlink sockets per process (pid overlap)
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
1) make libnfnetlink dynamically allocate it's handles
2) apply that change throughout libnetfilter_*
3) add {nfq,nflog,nfct}_open_nfnl() functions that open
the specific subsystem on top of an existing nfnl_handle,
which is required for upcoming libnetfilter_conntrack_helper
The changes break ABI and API compatibility of libnfnetlink, but don't
break ABI or API compatibility of the libnetfilter_* libraries.
|
|
|
|
|
|
| |
Spelling fix: s/Badd/Bad/
Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl>
|
|
|
|
| |
o Kill KERNELDIR in Makefile.am, it's not set anymore. (Pablo Neira)
|