summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Make it clear that this library is deprecatedHEADmasterDuncan Roe2019-11-042-4/+19
| | | | | | | | | | | src/iftable.c: Update group description src/libnfnetlink.c: - Re-work main page (which was based on the misconception that this library always gets used) - Update group description Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Minimally resurrect doxygen documentationDuncan Roe2019-11-042-1/+25
| | | | | | | | | | | | | | | | | | | | | | | The documentation was written in the days before doxygen required groups or even doxygen.cfg, so create doxygen.cfg.in and introduce one \defgroup per source file, encompassing pretty-much the whole file. Also add a tiny \mainpage. Added: doxygen.cfg.in: Same as for libmnl except FILE_PATTERNS = *.c libnfnetlink.h Updated: configure.ac: Create doxygen.cfg src/iftable.c: Add defgroup src/libnfnetlink.c: Add mainpage and defgroup Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libnfnetlink: hide private symbolsYury Gribov2018-05-112-1/+58
| | | | | | | | | | | | | | | | | They are: recalc_rebind_subscriptions rtnl_close rtnl_dump_type rtnl_handler_register rtnl_handler_unregister rtnl_open rtnl_parse_rtattr rtnl_receive rtnl_receive_multi Signed-off-by: Yury Gribov <tetra2005@gmail.com> Signed-off-by: Florian Westphal <fw@strlen.de>
* src: Use stdint types everywhereFelix Janda2015-05-295-45/+45
| | | | | Signed-off-by: Felix Janda <felix.janda@posteo.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libnfnetlink: initialize attribute padding to resolve valgrind warningsPablo Neira Ayuso2014-02-031-0/+1
| | | | | | | | | | | | | | | | | ==12195== Syscall param socketcall.sendto(msg) points to uninitialised byte(s) ==12195== at 0x51209C3: __sendto_nocancel (syscall-template.S:81) ==12195== by 0x53E4D12: nfnl_send (libnfnetlink.c:391) ==12195== by 0x53E6952: nfnl_query (libnfnetlink.c:1569) ==12195== by 0x4E344AF: __build_send_cfg_msg.isra.1 (libnetfilter_log.c:143) ==12195== by 0x4E34710: nflog_bind_group (libnetfilter_log.c:413) ==12195== by 0x400CB1: main (nfulnl_test.c:77) ==12195== Address 0x7fefff3e9 is on thread 1's stack This patch sets to zero the padding that is included to align the attribute payload. Reported-by: Ivan Homoliak <xhomol11@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: get source code license header in sync with current licensing termsPablo Neira Ayuso2013-08-072-3/+3
| | | | | | | | Since (3956761 license: upgrade to GPLv2+), we upgraded to GPLv2+, propagate that changes to src/iftable.c and src/rtnl.c Reported-by: Thomas Woerner <twoerner@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfnl: fix compilation warning with gcc-4.7Pablo Neira Ayuso2012-08-131-5/+2
| | | | | | | | | | | libnfnetlink.c: In function ‘nfnl_open’: libnfnetlink.c:177:6: warning: variable ‘err’ set but not used [-Wunused-but-set-variable] The getsockname value was not checked before. Better to check for errors, but I prefer not to modify this behaviour. This library will enter EOL once all netfilter libraries are fully ported to libmnl. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iftable: fix incomplete list of interfaces via nlif_queryPablo Neira Ayuso2012-08-133-1/+21
| | | | | | | | | | | | | | | | | | | | RTM_GETLINK with NLM_F_DUMP returns a multi-part netlink message. The existing code only handled the first message of it, thus, ignoring the remaining interfaces. This is the cause of the following bug in conntrackd: [Thu Aug 9 14:14:23 2012] (pid=3819) [notice] -- starting in daemon mode -- [Thu Aug 9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available! [Thu Aug 9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available! [Thu Aug 9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available! [Thu Aug 9 14:19:54 2012] (pid=3819) [notice] ---- shutdown received ---- Thanks to Jan Engelhardt for providing useful pointer to address the problem. Reported-by: Arturo Borrero <aborrero@cica.es> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: update copyright headerPablo Neira Ayuso2011-12-301-3/+4
| | | | | | | | | | This patch updates the copyright header and remove one ambiguos reference "incorporated herein by reference". This patch does *not* change the licensing terms of this library. It just clarifies it. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfnl: avoid exit on large packetJan Engelhardt2011-07-301-3/+1
| | | | | | | | Using exit from shared libraries is unwelcome (automated build systems flag it) and one should rather return gracefully. Looking at this particular spot however, while a Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: use -Wall across the entire sourceJan Engelhardt2011-07-301-2/+0
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: BAD_SIZEOFJiri Popelka2011-06-131-2/+2
| | | | | | | | | | | static analysis (analysis based only on compiling of sources, not based on running of binary) of the code revealed the following problem: libnfnetlink.c:481: Taking the size of pointer parameter "nlh" is suspicious. libnfnetlink.c:486: Taking the size of pointer parameter "nlh" is suspicious. Signed-off-by: Jiri Popelka <jpopelka@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: remove redundant castsJan Engelhardt2010-11-093-22/+21
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: remove -fPIC flagJan Engelhardt2010-10-301-2/+1
| | | | | | libtool automatically adds PIC flags as needed. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iftable: fix wrong handler unregistration on errorPablo Neira Ayuso2010-09-301-1/+1
| | | | | | | | Need to unregister the ifadd_handler in err_unregister instead of unregistering ifdel_handler. Signed-off-by: Andrey Kuzin <kuzinandrey@yandex.ru> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfnl: add nfnl_addattr8() functionPablo Neira Ayuso2009-06-111-0/+17
| | | | | | | This patch adds the function nfnl_addattr8() as it has been requested by Jozsef Kadlecsik, he needs it for his Netlink-port of ipset. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfnl: add nfnl_portid() to get the Netlink portID of a socketPablo Neira Ayuso2009-05-211-0/+10
| | | | | | | This patch adds the new interface nfnl_portid() to retrieve the Netlink portID that has been assigned to a given socket. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rtnl: fix wrong netlink group bindings in the interface APIPablo Neira Ayuso2009-04-291-2/+1
| | | | | | | | | This patch removes RTMGRP_IPV4_ROUTE and RTMGRP_IPV4_IFADDR which report event notifications about changes in the route and address of interfaces. We are only interested in the interface link status so RTMGRP_LINK is enough. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfnl: allow disabling and enabling sequence trackingPablo Neira Ayuso2009-02-171-4/+33
| | | | | | | | | | | | This patch adds a couple of functions to enable and disable netlink sequence tracking. Since nfqueue goes over a unicast socket, the same channel to receive control messages and packets is used. This leads to race conditions that may trigger sporious out-of-sequence errors while creating queues and receiving high load of packets at the same time. Reported-by: Anton Vazir <anton.vazir@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iftable: add nlif_get_ifflags to get the network interface flagsPablo Neira Ayuso2009-01-071-0/+33
| | | | | | | | This patch adds the nlif_get_ifflags to get the interface flags. This patch also modifies the example file to display if a network interface is running or not. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nlif: fix possible re-insertion in the list of interfacesPablo Neira Ayuso2009-01-071-1/+2
| | | | | | | This patch fixes a possible re-insertion of an existing entry in the list of interfaces. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Suppress iftable_up function which is not used.Eric Leblond2008-12-231-17/+0
| | | | | | Following compilation warning pointed out by Jan Engelhardt, this patch suppresses the iftable_up function which is of no use in this part of libnfnetlink library whom goal is to do ifindex to name resolution.
* Aligns buffers to maximum alignment of architecturelibnfnetlink-0.0.39Fabian Hugelshofer2008-06-181-3/+4
| | | | | | | | Aligns buffer to maximum aligment of architecture to make the cast of char pointers to struct pointers more portable. Packet decoding is still broken on particular platforms. Signed-off-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch>
* fix warning, getsockname takes a socklen_t as third parameterlibnfnetlink-0.0.38Pablo Neira Ayuso2008-05-311-1/+1
|
* major cleanup of index2name infrastructure: use linux list (and fix leak in ↵Pablo Neira Ayuso2008-05-252-94/+87
| | | | the nlif_close path)
* fix nfnl_nfa_addattr_l (reported by Rick Xu)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-151-3/+3
|
* nfnl_handle must be const in nfnl_rcvbufsizsvn_t_libnfnetlink-0.0.33/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-151-1/+1
|
* Introduce nfnl_set_rcv_buffer_size to set the receive buffer size used by /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-131-42/+16
| | | | | | | | | | | | | nfnl_catch. This revision changes the behaviour of nfnl_catch which does not perform a peek-and-resize if the buffer size used by nfnl_recv is too small. The only known client which may be affected by this change is libnetfilter_conntrack. However, this library uses nfnl_catch to get conntrack events which are always much smaller than 4096 bytes (default receive buffer size). This change boosts up performance in the receive path since we do only one recv instead of two.
* Marcus Sundberg <marcus@ingate.com> /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-08-091-0/+1
| | | | | | | Fix endless loop on unknown netfilter attributes. This prevents an endless loop when nfnl_check_attributes() sees an unknown attribute.
* fix handling of multipart netlink packets in nfnl_handle_packet (E.Leblond)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-08-081-0/+1
|
* [patch] libnfnetlink compile fix (Thomas Jarosch <thomas.jarosch@intra2net.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-03-162-0/+2
| | | | | attached patch fixes compilation of libnfnetlink for old glibc versions. Otherwise "struct iovec" is undefined.
* partially revert r6738, use linux/types.h instead of sys/types.h/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2007-02-271-1/+1
|
* fix typo: noinst_HEADERS includes rtnl.h not rtnl.c/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2007-02-121-1/+1
|
* partial cleanup for iftable.c and rtnl.c, still appropiate errno missing/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2007-02-124-146/+116
|
* - Initial commit of index2interface API (Eric Leblond), still work to do/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2007-01-264-120/+224
| | | | - added a test file to utils/iftest.c
* Remove header linux/types.h since it can conflict with type definitions ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2007-01-221-1/+0
| | | | available at sys/types.h
* Initialize callback structure (Victor Stinner)svn_t_libnfnetlink-0.0.25/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-12-291-1/+1
|
* Introduce several improvements in the library, still backward compatible./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-12-192-109/+653
| | | | | | | | | - add iterator API - add replacements for nfnl_listen and nfnl_talk - fix error handling - add assertions - add documentation - minor cleanups
* [PATCH] libnfnetlink compilation on FC5 (Eric Leblond <eric@inl.fr>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-07-071-0/+1
|
* we cannot return -EINVAL when we encounter attributes > subsys->cb_count, ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-05-171-2/+7
| | | | since that compromises interoperability with future kernels which might introduce new attributes.
* Fix wrong size of the netfilter netlink header. This implicitely fixes an/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-02-131-1/+1
| | | | alignment issue when nfnl_handle_packet is called as well. (Pablo Neira)
* nfnl_get_msg_next must check is the message is OK after NLMSG_NEXT ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-02-131-0/+5
| | | | is called. (Pablo Neira)
* add 16bit attribute functions/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-261-0/+34
|
* fix logic for using one socket for multiple subsystems to be compatible with/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-261-16/+40
| | | | multiple nfnetlink sockets per process (pid overlap)
* fix nfnl_build_nfa_iovec() to set the attribute values (Andreas Florath)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-231-0/+4
|
* fix some mistakes during Harald's recent changes (Pablo Neira)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-151-0/+9
|
* Introduce various API changes throughout the library stack/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-142-52/+167
| | | | | | | | | | | 1) make libnfnetlink dynamically allocate it's handles 2) apply that change throughout libnetfilter_* 3) add {nfq,nflog,nfct}_open_nfnl() functions that open the specific subsystem on top of an existing nfnl_handle, which is required for upcoming libnetfilter_conntrack_helper The changes break ABI and API compatibility of libnfnetlink, but don't break ABI or API compatibility of the libnetfilter_* libraries.
* [PATCH] Spelling fix (Badd) in libnfnetlink/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-11-261-1/+1
| | | | | | Spelling fix: s/Badd/Bad/ Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl>
* o It define NETLINK_NETFILTER if it's not defined./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-141-1/+1
| | | | o Kill KERNELDIR in Makefile.am, it's not set anymore. (Pablo Neira)
* handle EAGAIN in case the socket is nonblocking/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-051-2/+4
|