summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorDuncan Roe <duncan_roe@optusnet.com.au>2019-10-08 11:49:45 +1100
committerPablo Neira Ayuso <pablo@netfilter.org>2019-10-08 12:19:10 +0200
commit24ba8cd8e4cebb0faeddff68498b5fdad7f1dd6b (patch)
treee3551c29b5ad1e24a85ebca386ae9d88888765a0 /src
parentae497107eb8b44e2ad8429a0ffa971ded1fe801c (diff)
src: Enable clang build
Modify the definition and use of EXPORT_SYMBOL as was done for libmnl in commit 444d6dc9. Additionally, avoid generating long (>80ch) lines when inserting EXPORT_SYMBOL. Finally, re-align multi-line parameter blocks with opening parenthesis. [ I have mangled the original patch to not split the function definition and its return value. --pablo ] Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r--src/extra/ipv4.c10
-rw-r--r--src/extra/ipv6.c6
-rw-r--r--src/extra/pktbuff.c41
-rw-r--r--src/extra/tcp.c30
-rw-r--r--src/extra/udp.c27
-rw-r--r--src/internal.h3
-rw-r--r--src/libnetfilter_queue.c104
-rw-r--r--src/nlmsg.c18
8 files changed, 112 insertions, 127 deletions
diff --git a/src/extra/ipv4.c b/src/extra/ipv4.c
index 20f3c12..3eb1054 100644
--- a/src/extra/ipv4.c
+++ b/src/extra/ipv4.c
@@ -32,6 +32,7 @@
* This funcion returns NULL if the IPv4 is malformed or the protocol version
* is not 4. On success, it returns a valid pointer to the IPv4 header.
*/
+EXPORT_SYMBOL
struct iphdr *nfq_ip_get_hdr(struct pkt_buff *pktb)
{
struct iphdr *iph;
@@ -53,7 +54,6 @@ struct iphdr *nfq_ip_get_hdr(struct pkt_buff *pktb)
return iph;
}
-EXPORT_SYMBOL(nfq_ip_get_hdr);
/**
* nfq_ip_set_transport_header - set transport header
@@ -64,6 +64,7 @@ EXPORT_SYMBOL(nfq_ip_get_hdr);
*
* Level 4 helper functions need this to be set.
*/
+EXPORT_SYMBOL
int nfq_ip_set_transport_header(struct pkt_buff *pktb, struct iphdr *iph)
{
int doff = iph->ihl * 4;
@@ -75,7 +76,6 @@ int nfq_ip_set_transport_header(struct pkt_buff *pktb, struct iphdr *iph)
pktb->transport_header = pktb->network_header + doff;
return 0;
}
-EXPORT_SYMBOL(nfq_ip_set_transport_header);
/**
* nfq_ip_set_checksum - set IPv4 checksum
@@ -84,6 +84,7 @@ EXPORT_SYMBOL(nfq_ip_set_transport_header);
* \note Call to this function if you modified the IPv4 header to update the
* checksum.
*/
+EXPORT_SYMBOL
void nfq_ip_set_checksum(struct iphdr *iph)
{
uint32_t iph_len = iph->ihl * 4;
@@ -91,7 +92,6 @@ void nfq_ip_set_checksum(struct iphdr *iph)
iph->check = 0;
iph->check = nfq_checksum(0, (uint16_t *)iph, iph_len);
}
-EXPORT_SYMBOL(nfq_ip_set_checksum);
/**
* nfq_ip_mangle - mangle IPv4 packet buffer
@@ -105,6 +105,7 @@ EXPORT_SYMBOL(nfq_ip_set_checksum);
* \note This function updates the IPv4 length and recalculates the IPv4
* checksum (if necessary)
*/
+EXPORT_SYMBOL
int nfq_ip_mangle(struct pkt_buff *pkt, unsigned int dataoff,
unsigned int match_offset, unsigned int match_len,
const char *rep_buffer, unsigned int rep_len)
@@ -121,7 +122,6 @@ int nfq_ip_mangle(struct pkt_buff *pkt, unsigned int dataoff,
return 1;
}
-EXPORT_SYMBOL(nfq_ip_mangle);
/**
* nfq_pkt_snprintf_ip - print IPv4 header into buffer in iptables LOG format
@@ -133,6 +133,7 @@ EXPORT_SYMBOL(nfq_ip_mangle);
* case that there is enough room in the buffer. Read snprintf manpage for more
* information to know more about this strange behaviour.
*/
+EXPORT_SYMBOL
int nfq_ip_snprintf(char *buf, size_t size, const struct iphdr *iph)
{
int ret;
@@ -152,7 +153,6 @@ int nfq_ip_snprintf(char *buf, size_t size, const struct iphdr *iph)
return ret;
}
-EXPORT_SYMBOL(nfq_ip_snprintf);
/**
* @}
diff --git a/src/extra/ipv6.c b/src/extra/ipv6.c
index 7c5dc9b..c0020ca 100644
--- a/src/extra/ipv6.c
+++ b/src/extra/ipv6.c
@@ -33,6 +33,7 @@
* This funcion returns NULL if an invalid header is found. On sucess, it
* returns a valid pointer to the header.
*/
+EXPORT_SYMBOL
struct ip6_hdr *nfq_ip6_get_hdr(struct pkt_buff *pktb)
{
struct ip6_hdr *ip6h;
@@ -50,7 +51,6 @@ struct ip6_hdr *nfq_ip6_get_hdr(struct pkt_buff *pktb)
return ip6h;
}
-EXPORT_SYMBOL(nfq_ip6_get_hdr);
/**
* nfq_ip6_set_transport_header - set transport header pointer for IPv6 packet
@@ -61,6 +61,7 @@ EXPORT_SYMBOL(nfq_ip6_get_hdr);
* This function returns 1 if the protocol has been found and the transport
* header has been set. Otherwise, it returns 0.
*/
+EXPORT_SYMBOL
int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h,
uint8_t target)
{
@@ -115,7 +116,6 @@ int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h,
pktb->transport_header = cur;
return cur ? 1 : 0;
}
-EXPORT_SYMBOL(nfq_ip6_set_transport_header);
/**
* nfq_ip6_snprintf - print IPv6 header into one buffer in iptables LOG format
@@ -124,6 +124,7 @@ EXPORT_SYMBOL(nfq_ip6_set_transport_header);
* \param ip6_hdr: pointer to a valid IPv6 header.
*
*/
+EXPORT_SYMBOL
int nfq_ip6_snprintf(char *buf, size_t size, const struct ip6_hdr *ip6h)
{
int ret;
@@ -143,7 +144,6 @@ int nfq_ip6_snprintf(char *buf, size_t size, const struct ip6_hdr *ip6h)
return ret;
}
-EXPORT_SYMBOL(nfq_ip6_snprintf);
/**
* @}
diff --git a/src/extra/pktbuff.c b/src/extra/pktbuff.c
index 25b173b..8cb7fe9 100644
--- a/src/extra/pktbuff.c
+++ b/src/extra/pktbuff.c
@@ -40,8 +40,8 @@
*
* \return a pointer to a new queue handle or NULL on failure.
*/
-struct pkt_buff *
-pktb_alloc(int family, void *data, size_t len, size_t extra)
+EXPORT_SYMBOL
+struct pkt_buff *pktb_alloc(int family, void *data, size_t len, size_t extra)
{
struct pkt_buff *pktb;
void *pkt_data;
@@ -84,120 +84,119 @@ pktb_alloc(int family, void *data, size_t len, size_t extra)
}
return pktb;
}
-EXPORT_SYMBOL(pktb_alloc);
/**
* pktb_data - return pointer to the beginning of the packet buffer
* \param pktb Pointer to packet buffer
*/
+EXPORT_SYMBOL
uint8_t *pktb_data(struct pkt_buff *pktb)
{
return pktb->data;
}
-EXPORT_SYMBOL(pktb_data);
/**
* pktb_len - return length of the packet buffer
* \param pktb Pointer to packet buffer
*/
+EXPORT_SYMBOL
uint32_t pktb_len(struct pkt_buff *pktb)
{
return pktb->len;
}
-EXPORT_SYMBOL(pktb_len);
/**
* pktb_free - release packet buffer
* \param pktb Pointer to packet buffer
*/
+EXPORT_SYMBOL
void pktb_free(struct pkt_buff *pktb)
{
free(pktb);
}
-EXPORT_SYMBOL(pktb_free);
/**
* pktb_push - update pointer to the beginning of the packet buffer
* \param pktb Pointer to packet buffer
*/
+EXPORT_SYMBOL
void pktb_push(struct pkt_buff *pktb, unsigned int len)
{
pktb->data -= len;
pktb->len += len;
}
-EXPORT_SYMBOL(pktb_push);
/**
* pktb_pull - update pointer to the beginning of the packet buffer
* \param pktb Pointer to packet buffer
*/
+EXPORT_SYMBOL
void pktb_pull(struct pkt_buff *pktb, unsigned int len)
{
pktb->data += len;
pktb->len -= len;
}
-EXPORT_SYMBOL(pktb_pull);
/**
* pktb_put - add extra bytes to the tail of the packet buffer
* \param pktb Pointer to packet buffer
*/
+EXPORT_SYMBOL
void pktb_put(struct pkt_buff *pktb, unsigned int len)
{
pktb->tail += len;
pktb->len += len;
}
-EXPORT_SYMBOL(pktb_put);
/**
* pktb_trim - set new length for this packet buffer
* \param pktb Pointer to packet buffer
*/
+EXPORT_SYMBOL
void pktb_trim(struct pkt_buff *pktb, unsigned int len)
{
pktb->len = len;
}
-EXPORT_SYMBOL(pktb_trim);
/**
* pktb_tailroom - get room in bytes in the tail of the packet buffer
* \param pktb Pointer to packet buffer
*/
+EXPORT_SYMBOL
unsigned int pktb_tailroom(struct pkt_buff *pktb)
{
return pktb->data_len - pktb->len;
}
-EXPORT_SYMBOL(pktb_tailroom);
/**
* pktb_mac_header - return pointer to layer 2 header (if any)
* \param pktb Pointer to packet buffer
*/
+EXPORT_SYMBOL
uint8_t *pktb_mac_header(struct pkt_buff *pktb)
{
return pktb->mac_header;
}
-EXPORT_SYMBOL(pktb_mac_header);
/**
* pktb_network_header - return pointer to layer 3 header
* \param pktb Pointer to packet buffer
*/
+EXPORT_SYMBOL
uint8_t *pktb_network_header(struct pkt_buff *pktb)
{
return pktb->network_header;
}
-EXPORT_SYMBOL(pktb_network_header);
/**
* pktb_transport_header - return pointer to layer 4 header (if any)
* \param pktb Pointer to packet buffer
*/
+EXPORT_SYMBOL
uint8_t *pktb_transport_header(struct pkt_buff *pktb)
{
return pktb->transport_header;
}
-EXPORT_SYMBOL(pktb_transport_header);
static int pktb_expand_tail(struct pkt_buff *pkt, int extra)
{
@@ -237,12 +236,13 @@ static int enlarge_pkt(struct pkt_buff *pkt, unsigned int extra)
* argument to the pktb_alloc() call that created \b pkt is less than the excess
* of \b rep_len over \b match_len
*/
+EXPORT_SYMBOL
int pktb_mangle(struct pkt_buff *pkt,
- unsigned int dataoff,
- unsigned int match_offset,
- unsigned int match_len,
- const char *rep_buffer,
- unsigned int rep_len)
+ unsigned int dataoff,
+ unsigned int match_offset,
+ unsigned int match_len,
+ const char *rep_buffer,
+ unsigned int rep_len)
{
unsigned char *data;
@@ -271,17 +271,16 @@ int pktb_mangle(struct pkt_buff *pkt,
pkt->mangled = true;
return 1;
}
-EXPORT_SYMBOL(pktb_mangle);
/**
* pktb_mangled - return true if packet has been mangled
* \param pktb Pointer to packet buffer
*/
+EXPORT_SYMBOL
bool pktb_mangled(const struct pkt_buff *pkt)
{
return pkt->mangled;
}
-EXPORT_SYMBOL(pktb_mangled);
/**
* @}
diff --git a/src/extra/tcp.c b/src/extra/tcp.c
index a66f392..136d7ea 100644
--- a/src/extra/tcp.c
+++ b/src/extra/tcp.c
@@ -40,6 +40,7 @@
* \note You have to call nfq_ip_set_transport_header or
* nfq_ip6_set_transport_header first to access the TCP header.
*/
+EXPORT_SYMBOL
struct tcphdr *nfq_tcp_get_hdr(struct pkt_buff *pktb)
{
if (pktb->transport_header == NULL)
@@ -51,13 +52,13 @@ struct tcphdr *nfq_tcp_get_hdr(struct pkt_buff *pktb)
return (struct tcphdr *)pktb->transport_header;
}
-EXPORT_SYMBOL(nfq_tcp_get_hdr);
/**
* nfq_tcp_get_payload - get the TCP packet payload
* \param tcph: pointer to the TCP header
* \param pktb: pointer to user-space network packet buffer
*/
+EXPORT_SYMBOL
void *nfq_tcp_get_payload(struct tcphdr *tcph, struct pkt_buff *pktb)
{
unsigned int len = tcph->doff * 4;
@@ -72,47 +73,43 @@ void *nfq_tcp_get_payload(struct tcphdr *tcph, struct pkt_buff *pktb)
return pktb->transport_header + len;
}
-EXPORT_SYMBOL(nfq_tcp_get_payload);
/**
* nfq_tcp_get_payload_len - get the tcp packet payload
* \param tcph: pointer to the TCP header
* \param pktb: pointer to user-space network packet buffer
*/
-unsigned int
-nfq_tcp_get_payload_len(struct tcphdr *tcph, struct pkt_buff *pktb)
+EXPORT_SYMBOL
+unsigned int nfq_tcp_get_payload_len(struct tcphdr *tcph, struct pkt_buff *pktb)
{
return pktb->tail - pktb->transport_header;
}
-EXPORT_SYMBOL(nfq_tcp_get_payload_len);
/**
* nfq_tcp_set_checksum_ipv4 - computes IPv4/TCP packet checksum
* \param tcph: pointer to the TCP header
* \param iph: pointer to the IPv4 header
*/
-void
-nfq_tcp_compute_checksum_ipv4(struct tcphdr *tcph, struct iphdr *iph)
+EXPORT_SYMBOL
+void nfq_tcp_compute_checksum_ipv4(struct tcphdr *tcph, struct iphdr *iph)
{
/* checksum field in header needs to be zero for calculation. */
tcph->check = 0;
tcph->check = nfq_checksum_tcpudp_ipv4(iph, IPPROTO_TCP);
}
-EXPORT_SYMBOL(nfq_tcp_compute_checksum_ipv4);
/**
* nfq_tcp_set_checksum_ipv6 - computes IPv6/TCP packet checksum
* \param tcph: pointer to the TCP header
* \param iph: pointer to the IPv6 header
*/
-void
-nfq_tcp_compute_checksum_ipv6(struct tcphdr *tcph, struct ip6_hdr *ip6h)
+EXPORT_SYMBOL
+void nfq_tcp_compute_checksum_ipv6(struct tcphdr *tcph, struct ip6_hdr *ip6h)
{
/* checksum field in header needs to be zero for calculation. */
tcph->check = 0;
tcph->check = nfq_checksum_tcpudp_ipv6(ip6h, tcph, IPPROTO_TCP);
}
-EXPORT_SYMBOL(nfq_tcp_compute_checksum_ipv6);
/*
* The union cast uses a gcc extension to avoid aliasing problems
@@ -134,6 +131,7 @@ union tcp_word_hdr {
* \param tcp: pointer to a valid tcp header.
*
*/
+EXPORT_SYMBOL
int nfq_tcp_snprintf(char *buf, size_t size, const struct tcphdr *tcph)
{
int ret, len = 0;
@@ -177,7 +175,6 @@ int nfq_tcp_snprintf(char *buf, size_t size, const struct tcphdr *tcph)
return ret;
}
-EXPORT_SYMBOL(nfq_tcp_snprintf);
/**
* nfq_tcp_mangle_ipv4 - mangle TCP/IPv4 packet buffer
@@ -189,10 +186,10 @@ EXPORT_SYMBOL(nfq_tcp_snprintf);
*
* \note This function recalculates the IPv4 and TCP checksums for you.
*/
-int
-nfq_tcp_mangle_ipv4(struct pkt_buff *pkt,
- unsigned int match_offset, unsigned int match_len,
- const char *rep_buffer, unsigned int rep_len)
+EXPORT_SYMBOL
+int nfq_tcp_mangle_ipv4(struct pkt_buff *pkt,
+ unsigned int match_offset, unsigned int match_len,
+ const char *rep_buffer, unsigned int rep_len)
{
struct iphdr *iph;
struct tcphdr *tcph;
@@ -208,7 +205,6 @@ nfq_tcp_mangle_ipv4(struct pkt_buff *pkt,
return 1;
}
-EXPORT_SYMBOL(nfq_tcp_mangle_ipv4);
/**
* @}
diff --git a/src/extra/udp.c b/src/extra/udp.c
index 92165b4..fed23e2 100644
--- a/src/extra/udp.c
+++ b/src/extra/udp.c
@@ -36,6 +36,7 @@
* This function returns NULL if invalid UDP header is found. On success,
* it returns the UDP header.
*/
+EXPORT_SYMBOL
struct udphdr *nfq_udp_get_hdr(struct pkt_buff *pktb)
{
if (pktb->transport_header == NULL)
@@ -47,13 +48,13 @@ struct udphdr *nfq_udp_get_hdr(struct pkt_buff *pktb)
return (struct udphdr *)pktb->transport_header;
}
-EXPORT_SYMBOL(nfq_udp_get_hdr);
/**
* nfq_udp_get_payload - get the UDP packet payload.
* \param udph: Pointer to UDP header
* \param pktb: Pointer to network packet buffer
*/
+EXPORT_SYMBOL
void *nfq_udp_get_payload(struct udphdr *udph, struct pkt_buff *pktb)
{
uint16_t len = ntohs(udph->len);
@@ -68,18 +69,17 @@ void *nfq_udp_get_payload(struct udphdr *udph, struct pkt_buff *pktb)
return pktb->transport_header + sizeof(struct udphdr);
}
-EXPORT_SYMBOL(nfq_udp_get_payload);
/**
* nfq_udp_get_payload_len - get the udp packet payload.
* \param udph: Pointer to UDP header
* \param pktb: Pointer to network packet buffer
*/
+EXPORT_SYMBOL
unsigned int nfq_udp_get_payload_len(struct udphdr *udph, struct pkt_buff *pktb)
{
return pktb->tail - pktb->transport_header;
}
-EXPORT_SYMBOL(nfq_udp_get_payload_len);
/**
* nfq_udp_set_checksum_ipv4 - computes a IPv4/TCP packet's segment
@@ -91,14 +91,13 @@ EXPORT_SYMBOL(nfq_udp_get_payload_len);
* \see nfq_pkt_compute_ip_checksum
* \see nfq_pkt_compute_udp_checksum
*/
-void
-nfq_udp_compute_checksum_ipv4(struct udphdr *udph, struct iphdr *iph)
+EXPORT_SYMBOL
+void nfq_udp_compute_checksum_ipv4(struct udphdr *udph, struct iphdr *iph)
{
/* checksum field in header needs to be zero for calculation. */
udph->check = 0;
udph->check = nfq_checksum_tcpudp_ipv4(iph, IPPROTO_UDP);
}
-EXPORT_SYMBOL(nfq_udp_compute_checksum_ipv4);
/**
* nfq_udp_set_checksum_ipv6 - computes a IPv6/TCP packet's segment
@@ -110,14 +109,13 @@ EXPORT_SYMBOL(nfq_udp_compute_checksum_ipv4);
* \see nfq_pkt_compute_ip_checksum
* \see nfq_pkt_compute_udp_checksum
*/
-void
-nfq_udp_compute_checksum_ipv6(struct udphdr *udph, struct ip6_hdr *ip6h)
+EXPORT_SYMBOL
+void nfq_udp_compute_checksum_ipv6(struct udphdr *udph, struct ip6_hdr *ip6h)
{
/* checksum field in header needs to be zero for calculation. */
udph->check = 0;
udph->check = nfq_checksum_tcpudp_ipv6(ip6h, udph, IPPROTO_UDP);
}
-EXPORT_SYMBOL(nfq_udp_compute_checksum_ipv6);
/**
* nfq_udp_mangle_ipv4 - Mangle UDP/IPv4 packet buffer
@@ -131,10 +129,10 @@ EXPORT_SYMBOL(nfq_udp_compute_checksum_ipv6);
* \note This function updates the IPv4 and UDP lengths and recalculates their
* checksums for you.
*/
-int
-nfq_udp_mangle_ipv4(struct pkt_buff *pkt,
- unsigned int match_offset, unsigned int match_len,
- const char *rep_buffer, unsigned int rep_len)
+EXPORT_SYMBOL
+int nfq_udp_mangle_ipv4(struct pkt_buff *pkt,
+ unsigned int match_offset, unsigned int match_len,
+ const char *rep_buffer, unsigned int rep_len)
{
struct iphdr *iph;
struct udphdr *udph;
@@ -152,7 +150,6 @@ nfq_udp_mangle_ipv4(struct pkt_buff *pkt,
return 1;
}
-EXPORT_SYMBOL(nfq_udp_mangle_ipv4);
/**
* nfq_pkt_snprintf_udp_hdr - print udp header into one buffer in a humnan
@@ -162,12 +159,12 @@ EXPORT_SYMBOL(nfq_udp_mangle_ipv4);
* \param udp: pointer to a valid udp header.
*
*/
+EXPORT_SYMBOL
int nfq_udp_snprintf(char *buf, size_t size, const struct udphdr *udph)
{
return snprintf(buf, size, "SPT=%u DPT=%u ",
htons(udph->source), htons(udph->dest));
}
-EXPORT_SYMBOL(nfq_udp_snprintf);
/**
* @}
diff --git a/src/internal.h b/src/internal.h
index d648bfe..d968325 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -5,8 +5,7 @@
#include <stdint.h>
#include <stdbool.h>
#ifdef HAVE_VISIBILITY_HIDDEN
-# define __visible __attribute__((visibility("default")))
-# define EXPORT_SYMBOL(x) typeof(x) (x) __visible
+# define EXPORT_SYMBOL __attribute__((visibility("default")))
#else
# define EXPORT_SYMBOL
#endif
diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c
index 673e3b0..7014878 100644
--- a/src/libnetfilter_queue.c
+++ b/src/libnetfilter_queue.c
@@ -133,8 +133,7 @@ struct nfq_data {
struct nfattr **data;
};
-int nfq_errno;
-EXPORT_SYMBOL(nfq_errno);
+EXPORT_SYMBOL int nfq_errno;
/***********************************************************************
* low level stuff
@@ -218,11 +217,11 @@ static int __nfq_rcv_pkt(struct nlmsghdr *nlh, struct nfattr *nfa[],
/* public interface */
+EXPORT_SYMBOL
struct nfnl_handle *nfq_nfnlh(struct nfq_handle *h)
{
return h->nfnlh;
}
-EXPORT_SYMBOL(nfq_nfnlh);
/**
*
@@ -294,11 +293,11 @@ EXPORT_SYMBOL(nfq_nfnlh);
* over the netlink connection associated with the given queue connection
* handle.
*/
+EXPORT_SYMBOL
int nfq_fd(struct nfq_handle *h)
{
return nfnl_fd(nfq_nfnlh(h));
}
-EXPORT_SYMBOL(nfq_fd);
/**
* @}
*/
@@ -349,6 +348,7 @@ EXPORT_SYMBOL(nfq_fd);
*
* \return a pointer to a new queue handle or NULL on failure.
*/
+EXPORT_SYMBOL
struct nfq_handle *nfq_open(void)
{
struct nfnl_handle *nfnlh = nfnl_open();
@@ -366,7 +366,6 @@ struct nfq_handle *nfq_open(void)
return qh;
}
-EXPORT_SYMBOL(nfq_open);
/**
* @}
@@ -382,6 +381,7 @@ EXPORT_SYMBOL(nfq_open);
*
* \return a pointer to a new queue handle or NULL on failure.
*/
+EXPORT_SYMBOL
struct nfq_handle *nfq_open_nfnl(struct nfnl_handle *nfnlh)
{
struct nfnl_callback pkt_cb = {
@@ -419,7 +419,6 @@ out_free:
free(h);
return NULL;
}
-EXPORT_SYMBOL(nfq_open_nfnl);
/**
* \addtogroup LibrarySetup
@@ -438,16 +437,16 @@ EXPORT_SYMBOL(nfq_open_nfnl);
*
* \return 0 on success, non-zero on failure.
*/
+EXPORT_SYMBOL
int nfq_close(struct nfq_handle *h)
{
int ret;
-
+
ret = nfnl_close(h->nfnlh);
if (ret == 0)
free(h);
return ret;
}
-EXPORT_SYMBOL(nfq_close);
/**
* nfq_bind_pf - bind a nfqueue handler to a given protocol family
@@ -460,11 +459,11 @@ EXPORT_SYMBOL(nfq_close);
*
* \return integer inferior to 0 in case of failure
*/
+EXPORT_SYMBOL
int nfq_bind_pf(struct nfq_handle *h, uint16_t pf)
{
return __build_send_cfg_msg(h, NFQNL_CFG_CMD_PF_BIND, 0, pf);
}
-EXPORT_SYMBOL(nfq_bind_pf);
/**
* nfq_unbind_pf - unbind nfqueue handler from a protocol family
@@ -476,11 +475,11 @@ EXPORT_SYMBOL(nfq_bind_pf);
*
* This call is obsolete, Linux kernels from 3.8 onwards ignore it.
*/
+EXPORT_SYMBOL
int nfq_unbind_pf(struct nfq_handle *h, uint16_t pf)
{
return __build_send_cfg_msg(h, NFQNL_CFG_CMD_PF_UNBIND, 0, pf);
}
-EXPORT_SYMBOL(nfq_unbind_pf);
/**
@@ -524,10 +523,9 @@ typedef int nfq_callback(struct nfq_q_handle *qh,
* The callback should return < 0 to stop processing.
*/
-struct nfq_q_handle *nfq_create_queue(struct nfq_handle *h,
- uint16_t num,
- nfq_callback *cb,
- void *data)
+EXPORT_SYMBOL
+struct nfq_q_handle *nfq_create_queue(struct nfq_handle *h, uint16_t num,
+ nfq_callback *cb, void *data)
{
int ret;
struct nfq_q_handle *qh;
@@ -555,7 +553,6 @@ struct nfq_q_handle *nfq_create_queue(struct nfq_handle *h,
add_qh(qh);
return qh;
}
-EXPORT_SYMBOL(nfq_create_queue);
/**
* @}
@@ -573,6 +570,7 @@ EXPORT_SYMBOL(nfq_create_queue);
* Removes the binding for the specified queue handle. This call also unbind
* from the nfqueue handler, so you don't have to call nfq_unbind_pf.
*/
+EXPORT_SYMBOL
int nfq_destroy_queue(struct nfq_q_handle *qh)
{
int ret = __build_send_cfg_msg(qh->h, NFQNL_CFG_CMD_UNBIND, qh->id, 0);
@@ -583,7 +581,6 @@ int nfq_destroy_queue(struct nfq_q_handle *qh)
return ret;
}
-EXPORT_SYMBOL(nfq_destroy_queue);
/**
* nfq_handle_packet - handle a packet received from the nfqueue subsystem
@@ -597,11 +594,11 @@ EXPORT_SYMBOL(nfq_destroy_queue);
*
* \return 0 on success, non-zero on failure.
*/
+EXPORT_SYMBOL
int nfq_handle_packet(struct nfq_handle *h, char *buf, int len)
{
return nfnl_handle_packet(h->nfnlh, buf, len);
}
-EXPORT_SYMBOL(nfq_handle_packet);
/**
* nfq_set_mode - set the amount of packet data that nfqueue copies to userspace
@@ -618,8 +615,8 @@ EXPORT_SYMBOL(nfq_handle_packet);
*
* \return -1 on error; >=0 otherwise.
*/
-int nfq_set_mode(struct nfq_q_handle *qh,
- uint8_t mode, uint32_t range)
+EXPORT_SYMBOL
+int nfq_set_mode(struct nfq_q_handle *qh, uint8_t mode, uint32_t range)
{
union {
char buf[NFNL_HEADER_LEN
@@ -638,7 +635,6 @@ int nfq_set_mode(struct nfq_q_handle *qh,
return nfnl_query(qh->h->nfnlh, &u.nmh);
}
-EXPORT_SYMBOL(nfq_set_mode);
/**
* nfq_set_queue_flags - set flags (options) for the kernel queue
@@ -708,8 +704,8 @@ EXPORT_SYMBOL(nfq_set_mode);
*
* \return -1 on error with errno set appropriately; =0 otherwise.
*/
-int nfq_set_queue_flags(struct nfq_q_handle *qh,
- uint32_t mask, uint32_t flags)
+EXPORT_SYMBOL
+int nfq_set_queue_flags(struct nfq_q_handle *qh, uint32_t mask, uint32_t flags)
{
union {
char buf[NFNL_HEADER_LEN
@@ -729,7 +725,6 @@ int nfq_set_queue_flags(struct nfq_q_handle *qh,
return nfnl_query(qh->h->nfnlh, &u.nmh);
}
-EXPORT_SYMBOL(nfq_set_queue_flags);
/**
* nfq_set_queue_maxlen - Set kernel queue maximum length parameter
@@ -742,8 +737,8 @@ EXPORT_SYMBOL(nfq_set_queue_flags);
*
* \return -1 on error; >=0 otherwise.
*/
-int nfq_set_queue_maxlen(struct nfq_q_handle *qh,
- uint32_t queuelen)
+EXPORT_SYMBOL
+int nfq_set_queue_maxlen(struct nfq_q_handle *qh, uint32_t queuelen)
{
union {
char buf[NFNL_HEADER_LEN
@@ -760,7 +755,6 @@ int nfq_set_queue_maxlen(struct nfq_q_handle *qh,
return nfnl_query(qh->h->nfnlh, &u.nmh);
}
-EXPORT_SYMBOL(nfq_set_queue_maxlen);
/**
* @}
@@ -847,14 +841,14 @@ static int __set_verdict(struct nfq_q_handle *qh, uint32_t id,
*
* \return -1 on error; >= 0 otherwise.
*/
+EXPORT_SYMBOL
int nfq_set_verdict(struct nfq_q_handle *qh, uint32_t id,
- uint32_t verdict, uint32_t data_len,
- const unsigned char *buf)
+ uint32_t verdict, uint32_t data_len,
+ const unsigned char *buf)
{
return __set_verdict(qh, id, verdict, 0, 0, data_len, buf,
NFQNL_MSG_VERDICT);
}
-EXPORT_SYMBOL(nfq_set_verdict);
/**
* nfq_set_verdict2 - like nfq_set_verdict, but you can set the mark.
@@ -865,6 +859,7 @@ EXPORT_SYMBOL(nfq_set_verdict);
* \param data_len number of bytes of data pointed to by #buf
* \param buf the buffer that contains the packet data
*/
+EXPORT_SYMBOL
int nfq_set_verdict2(struct nfq_q_handle *qh, uint32_t id,
uint32_t verdict, uint32_t mark,
uint32_t data_len, const unsigned char *buf)
@@ -872,7 +867,6 @@ int nfq_set_verdict2(struct nfq_q_handle *qh, uint32_t id,
return __set_verdict(qh, id, verdict, htonl(mark), 1, data_len,
buf, NFQNL_MSG_VERDICT);
}
-EXPORT_SYMBOL(nfq_set_verdict2);
/**
* nfq_set_verdict_batch - issue verdicts on several packets at once
@@ -886,13 +880,13 @@ EXPORT_SYMBOL(nfq_set_verdict2);
* batch support was added in Linux 3.1.
* These functions will fail silently on older kernels.
*/
+EXPORT_SYMBOL
int nfq_set_verdict_batch(struct nfq_q_handle *qh, uint32_t id,
- uint32_t verdict)
+ uint32_t verdict)
{
return __set_verdict(qh, id, verdict, 0, 0, 0, NULL,
NFQNL_MSG_VERDICT_BATCH);
}
-EXPORT_SYMBOL(nfq_set_verdict_batch);
/**
* nfq_set_verdict_batch2 - like nfq_set_verdict_batch, but you can set a mark.
@@ -901,13 +895,13 @@ EXPORT_SYMBOL(nfq_set_verdict_batch);
* \param verdict verdict to return to netfilter (NF_ACCEPT, NF_DROP)
* \param mark mark to put on packet
*/
+EXPORT_SYMBOL
int nfq_set_verdict_batch2(struct nfq_q_handle *qh, uint32_t id,
- uint32_t verdict, uint32_t mark)
+ uint32_t verdict, uint32_t mark)
{
return __set_verdict(qh, id, verdict, htonl(mark), 1, 0,
NULL, NFQNL_MSG_VERDICT_BATCH);
}
-EXPORT_SYMBOL(nfq_set_verdict_batch2);
/**
* nfq_set_verdict_mark - like nfq_set_verdict, but you can set the mark.
@@ -923,14 +917,14 @@ EXPORT_SYMBOL(nfq_set_verdict_batch2);
* This function is deprecated since it is broken, its use is highly
* discouraged. Please, use nfq_set_verdict2 instead.
*/
+EXPORT_SYMBOL
int nfq_set_verdict_mark(struct nfq_q_handle *qh, uint32_t id,
- uint32_t verdict, uint32_t mark,
- uint32_t data_len, const unsigned char *buf)
+ uint32_t verdict, uint32_t mark,
+ uint32_t data_len, const unsigned char *buf)
{
return __set_verdict(qh, id, verdict, mark, 1, data_len, buf,
NFQNL_MSG_VERDICT);
}
-EXPORT_SYMBOL(nfq_set_verdict_mark);
/**
* @}
@@ -965,12 +959,12 @@ EXPORT_SYMBOL(nfq_set_verdict_mark);
} __attribute__ ((packed));
\endverbatim
*/
+EXPORT_SYMBOL
struct nfqnl_msg_packet_hdr *nfq_get_msg_packet_hdr(struct nfq_data *nfad)
{
return nfnl_get_pointer_to_data(nfad->data, NFQA_PACKET_HDR,
struct nfqnl_msg_packet_hdr);
}
-EXPORT_SYMBOL(nfq_get_msg_packet_hdr);
/**
* nfq_get_nfmark - get the packet mark
@@ -978,11 +972,11 @@ EXPORT_SYMBOL(nfq_get_msg_packet_hdr);
*
* \return the netfilter mark currently assigned to the given queued packet.
*/
+EXPORT_SYMBOL
uint32_t nfq_get_nfmark(struct nfq_data *nfad)
{
return ntohl(nfnl_get_data(nfad->data, NFQA_MARK, uint32_t));
}
-EXPORT_SYMBOL(nfq_get_nfmark);
/**
* nfq_get_timestamp - get the packet timestamp
@@ -993,6 +987,7 @@ EXPORT_SYMBOL(nfq_get_nfmark);
*
* \return 0 on success, non-zero on failure.
*/
+EXPORT_SYMBOL
int nfq_get_timestamp(struct nfq_data *nfad, struct timeval *tv)
{
struct nfqnl_msg_packet_timestamp *qpt;
@@ -1006,7 +1001,6 @@ int nfq_get_timestamp(struct nfq_data *nfad, struct timeval *tv)
return 0;
}
-EXPORT_SYMBOL(nfq_get_timestamp);
/**
* nfq_get_indev - get the interface that the packet was received through
@@ -1019,11 +1013,11 @@ EXPORT_SYMBOL(nfq_get_timestamp);
* \warning all nfq_get_dev() functions return 0 if not set, since linux
* only allows ifindex >= 1, see net/core/dev.c:2600 (in 2.6.13.1)
*/
+EXPORT_SYMBOL
uint32_t nfq_get_indev(struct nfq_data *nfad)
{
return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_INDEV, uint32_t));
}
-EXPORT_SYMBOL(nfq_get_indev);
/**
* nfq_get_physindev - get the physical interface that the packet was received
@@ -1033,11 +1027,11 @@ EXPORT_SYMBOL(nfq_get_indev);
* If the returned index is 0, the packet was locally generated or the
* physical input interface is no longer known (ie. POSTROUTING?).
*/
+EXPORT_SYMBOL
uint32_t nfq_get_physindev(struct nfq_data *nfad)
{
return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_PHYSINDEV, uint32_t));
}
-EXPORT_SYMBOL(nfq_get_physindev);
/**
* nfq_get_outdev - gets the interface that the packet will be routed out
@@ -1047,11 +1041,11 @@ EXPORT_SYMBOL(nfq_get_physindev);
* returned index is 0, the packet is destined for localhost or the output
* interface is not yet known (ie. PREROUTING?).
*/
+EXPORT_SYMBOL
uint32_t nfq_get_outdev(struct nfq_data *nfad)
{
return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_OUTDEV, uint32_t));
}
-EXPORT_SYMBOL(nfq_get_outdev);
/**
* nfq_get_physoutdev - get the physical interface that the packet output
@@ -1063,11 +1057,11 @@ EXPORT_SYMBOL(nfq_get_outdev);
*
* \return The index of physical interface that the packet output will be routed out.
*/
+EXPORT_SYMBOL
uint32_t nfq_get_physoutdev(struct nfq_data *nfad)
{
return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_PHYSOUTDEV, uint32_t));
}
-EXPORT_SYMBOL(nfq_get_physoutdev);
/**
* nfq_get_indev_name - get the name of the interface the packet
@@ -1107,13 +1101,13 @@ EXPORT_SYMBOL(nfq_get_physoutdev);
\endverbatim
*
*/
+EXPORT_SYMBOL
int nfq_get_indev_name(struct nlif_handle *nlif_handle,
- struct nfq_data *nfad, char *name)
+ struct nfq_data *nfad, char *name)
{
uint32_t ifindex = nfq_get_indev(nfad);
return nlif_index2name(nlif_handle, ifindex, name);
}
-EXPORT_SYMBOL(nfq_get_indev_name);
/**
* nfq_get_physindev_name - get the name of the physical interface the
@@ -1127,13 +1121,13 @@ EXPORT_SYMBOL(nfq_get_indev_name);
*
* \return -1 in case of error, > 0 if it succeed.
*/
+EXPORT_SYMBOL
int nfq_get_physindev_name(struct nlif_handle *nlif_handle,
struct nfq_data *nfad, char *name)
{
uint32_t ifindex = nfq_get_physindev(nfad);
return nlif_index2name(nlif_handle, ifindex, name);
}
-EXPORT_SYMBOL(nfq_get_physindev_name);
/**
* nfq_get_outdev_name - get the name of the physical interface the
@@ -1147,13 +1141,13 @@ EXPORT_SYMBOL(nfq_get_physindev_name);
*
* \return -1 in case of error, > 0 if it succeed.
*/
+EXPORT_SYMBOL
int nfq_get_outdev_name(struct nlif_handle *nlif_handle,
struct nfq_data *nfad, char *name)
{
uint32_t ifindex = nfq_get_outdev(nfad);
return nlif_index2name(nlif_handle, ifindex, name);
}
-EXPORT_SYMBOL(nfq_get_outdev_name);
/**
* nfq_get_physoutdev_name - get the name of the interface the
@@ -1168,13 +1162,13 @@ EXPORT_SYMBOL(nfq_get_outdev_name);
* \return -1 in case of error, > 0 if it succeed.
*/
+EXPORT_SYMBOL
int nfq_get_physoutdev_name(struct nlif_handle *nlif_handle,
struct nfq_data *nfad, char *name)
{
uint32_t ifindex = nfq_get_physoutdev(nfad);
return nlif_index2name(nlif_handle, ifindex, name);
}
-EXPORT_SYMBOL(nfq_get_physoutdev_name);
/**
* nfq_get_packet_hw
@@ -1198,12 +1192,12 @@ EXPORT_SYMBOL(nfq_get_physoutdev_name);
} __attribute__ ((packed));
\endverbatim
*/
+EXPORT_SYMBOL
struct nfqnl_msg_packet_hw *nfq_get_packet_hw(struct nfq_data *nfad)
{
return nfnl_get_pointer_to_data(nfad->data, NFQA_HWADDR,
struct nfqnl_msg_packet_hw);
}
-EXPORT_SYMBOL(nfq_get_packet_hw);
/**
* nfq_get_uid - get the UID of the user the packet belongs to
@@ -1215,6 +1209,7 @@ EXPORT_SYMBOL(nfq_get_packet_hw);
*
* \return 1 if there is a UID available, 0 otherwise.
*/
+EXPORT_SYMBOL
int nfq_get_uid(struct nfq_data *nfad, uint32_t *uid)
{
if (!nfnl_attr_present(nfad->data, NFQA_UID))
@@ -1223,7 +1218,6 @@ int nfq_get_uid(struct nfq_data *nfad, uint32_t *uid)
*uid = ntohl(nfnl_get_data(nfad->data, NFQA_UID, uint32_t));
return 1;
}
-EXPORT_SYMBOL(nfq_get_uid);
/**
* nfq_get_gid - get the GID of the user the packet belongs to
@@ -1235,6 +1229,7 @@ EXPORT_SYMBOL(nfq_get_uid);
*
* \return 1 if there is a GID available, 0 otherwise.
*/
+EXPORT_SYMBOL
int nfq_get_gid(struct nfq_data *nfad, uint32_t *gid)
{
if (!nfnl_attr_present(nfad->data, NFQA_GID))
@@ -1243,7 +1238,6 @@ int nfq_get_gid(struct nfq_data *nfad, uint32_t *gid)
*gid = ntohl(nfnl_get_data(nfad->data, NFQA_GID, uint32_t));
return 1;
}
-EXPORT_SYMBOL(nfq_get_gid);
/**
* nfq_get_secctx - get the security context for this packet
@@ -1256,6 +1250,7 @@ EXPORT_SYMBOL(nfq_get_gid);
*
* \return -1 on error, otherwise > 0
*/
+EXPORT_SYMBOL
int nfq_get_secctx(struct nfq_data *nfad, unsigned char **secdata)
{
if (!nfnl_attr_present(nfad->data, NFQA_SECCTX))
@@ -1269,7 +1264,6 @@ int nfq_get_secctx(struct nfq_data *nfad, unsigned char **secdata)
return 0;
}
-EXPORT_SYMBOL(nfq_get_secctx);
/**
* nfq_get_payload - get payload
@@ -1282,6 +1276,7 @@ EXPORT_SYMBOL(nfq_get_secctx);
*
* \return -1 on error, otherwise > 0.
*/
+EXPORT_SYMBOL
int nfq_get_payload(struct nfq_data *nfad, unsigned char **data)
{
*data = (unsigned char *)
@@ -1291,7 +1286,6 @@ int nfq_get_payload(struct nfq_data *nfad, unsigned char **data)
return -1;
}
-EXPORT_SYMBOL(nfq_get_payload);
/**
* @}
@@ -1336,6 +1330,7 @@ do { \
* would have been printed into the buffer (in case that there is enough
* room in it). See snprintf() return value for more information.
*/
+EXPORT_SYMBOL
int nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags)
{
struct nfqnl_msg_packet_hdr *ph;
@@ -1489,7 +1484,6 @@ int nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags)
return len;
}
-EXPORT_SYMBOL(nfq_snprintf_xml);
/**
* @}
diff --git a/src/nlmsg.c b/src/nlmsg.c
index ac0adab..d06e6db 100644
--- a/src/nlmsg.c
+++ b/src/nlmsg.c
@@ -40,6 +40,7 @@
* The calling sequence is \b main --> \b mnl_cb_run --> \b queue_cb -->
* \b nfq_send_verdict --> \b nfq_nlmsg_verdict_put
*/
+EXPORT_SYMBOL
void nfq_nlmsg_verdict_put(struct nlmsghdr *nlh, int id, int verdict)
{
struct nfqnl_msg_verdict_hdr vh = {
@@ -48,20 +49,19 @@ void nfq_nlmsg_verdict_put(struct nlmsghdr *nlh, int id, int verdict)
};
mnl_attr_put(nlh, NFQA_VERDICT_HDR, sizeof(vh), &vh);
}
-EXPORT_SYMBOL(nfq_nlmsg_verdict_put);
+EXPORT_SYMBOL
void nfq_nlmsg_verdict_put_mark(struct nlmsghdr *nlh, uint32_t mark)
{
mnl_attr_put_u32(nlh, NFQA_MARK, htonl(mark));
}
-EXPORT_SYMBOL(nfq_nlmsg_verdict_put_mark);
-void
-nfq_nlmsg_verdict_put_pkt(struct nlmsghdr *nlh, const void *pkt, uint32_t plen)
+EXPORT_SYMBOL
+void nfq_nlmsg_verdict_put_pkt(struct nlmsghdr *nlh, const void *pkt,
+ uint32_t plen)
{
mnl_attr_put(nlh, NFQA_PAYLOAD, plen, pkt);
}
-EXPORT_SYMBOL(nfq_nlmsg_verdict_put_pkt);
/**
* @}
@@ -92,6 +92,7 @@ EXPORT_SYMBOL(nfq_nlmsg_verdict_put_pkt);
* given protocol family. Both commands are ignored by Linux kernel 3.8 and
* later versions.
*/
+EXPORT_SYMBOL
void nfq_nlmsg_cfg_put_cmd(struct nlmsghdr *nlh, uint16_t pf, uint8_t cmd)
{
struct nfqnl_msg_config_cmd command = {
@@ -100,7 +101,6 @@ void nfq_nlmsg_cfg_put_cmd(struct nlmsghdr *nlh, uint16_t pf, uint8_t cmd)
};
mnl_attr_put(nlh, NFQA_CFG_CMD, sizeof(command), &command);
}
-EXPORT_SYMBOL(nfq_nlmsg_cfg_put_cmd);
/**
* nfq_nlmsg_cfg_put_params Add parameter to netlink message
@@ -108,6 +108,7 @@ EXPORT_SYMBOL(nfq_nlmsg_cfg_put_cmd);
* \param mode one of NFQNL_COPY_NONE, NFQNL_COPY_META or NFQNL_COPY_PACKET
* \param range value of parameter
*/
+EXPORT_SYMBOL
void nfq_nlmsg_cfg_put_params(struct nlmsghdr *nlh, uint8_t mode, int range)
{
struct nfqnl_msg_config_params params = {
@@ -116,18 +117,17 @@ void nfq_nlmsg_cfg_put_params(struct nlmsghdr *nlh, uint8_t mode, int range)
};
mnl_attr_put(nlh, NFQA_CFG_PARAMS, sizeof(params), &params);
}
-EXPORT_SYMBOL(nfq_nlmsg_cfg_put_params);
/**
* nfq_nlmsg_cfg_put_qmaxlen Add queue maximum length to netlink message
* \param nlh Pointer to netlink message
* \param queue_maxlen Maximum queue length
*/
+EXPORT_SYMBOL
void nfq_nlmsg_cfg_put_qmaxlen(struct nlmsghdr *nlh, uint32_t queue_maxlen)
{
mnl_attr_put_u32(nlh, NFQA_CFG_QUEUE_MAXLEN, htonl(queue_maxlen));
}
-EXPORT_SYMBOL(nfq_nlmsg_cfg_put_qmaxlen);
/**
* @}
@@ -197,12 +197,12 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data)
* This function returns MNL_CB_ERROR if any error occurs, or MNL_CB_OK on
* success.
*/
+EXPORT_SYMBOL
int nfq_nlmsg_parse(const struct nlmsghdr *nlh, struct nlattr **attr)
{
return mnl_attr_parse(nlh, sizeof(struct nfgenmsg),
nfq_pkt_parse_attr_cb, attr);
}
-EXPORT_SYMBOL(nfq_nlmsg_parse);
/**
* @}