| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
There is no need to call AC_CANONICAL_SYSTEM when only
AC_CANONICAL_HOST is needed. Also, checking for $target is factually
incorrect, since we do not produce object code like a compiler. Use
$host, which specifies the triple/quadrople where the compiled program
is supposed to run.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
|
| |
Note: the use of -i seems required, otherwise autoreconf barfs about
missing tools (depcomp, etc.). Since they are provided in the tarballs
as files anyway rather than like previously as symlinks, I do not see
a problem using -i.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
| |
Makefile.am: "INCLUDES" is the old name for "AM_CPPFLAGS" (or "*_CPPFLAGS")
And remove unused $(all_includes)
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
| |
automake options also need to definitely go into configure.ac, otherwise
they only apply to a single directory.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
| |
I accidentally inserted LIBVERSION to Makefile.am but the one
used is in src/Makefile.am. This patch removes the previous
definition.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch adds myself to the copyright notice according to my contributions
in the git repository.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch bumps the library version to 1.0. I have also introduced
LIBVERSION for the API versioning.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
libtoolize: Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.in and
libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree.
libtoolize: Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
In 224df57de4479d65d4fec3eeaa8b1a4d63b8213f, we forgot to remove
libipq.h that was introduced to add backward compatibility for
libipq (which was never completed and now everybody should be
using libnetfilter_queue instead).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This patch removes the prefix `0x' of the HW protocol.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes the output of the HW address in XML files:
<src>800:800:800:800:800:</src>
now it looks fine:
<src>0019a917a400</src>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
With this patch, nfq_snprintf_xml() returns the number of characters
printed. If the output was truncated, then the return value is the
number of characters that would have been written if enough space
had been available. This makes nfq_snprintf_xml() consistent with
the behaviour of snprintf().
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
In 21fd1834b5ce0a1f5b590f7e1ad23bba64fbafdf, we changed nfq_get_payload()
to take an unsigned char * instead of signed char *.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This patch adds a new function to output the packet in XML format.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: David Favro <netfilter@meta-dynamic.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'data' parameter to nfq_get_payload() returns pointer to unsigned
char (rather than signed char) to make it consistent with the 'buf'
parameter of nfq_set_verdict(), nfq_set_verdict2(), and
nfq_set_verdict_mark(), all of which refer to the same data. Either
signed or unsigned is fine, but they should be consistent as the output
of nfq_get_payload() may be passed back into nfq_set_verdict*(); in that
case, this change eliminates the need for typecasting in the calling
code when using compilers that enforce strict typecasting.
Signed-off-by: David Favro <netfilter@meta-dynamic.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The payload parameters to nfq_set_verdict(), nfq_set_verdict2(), and
nfq_set_verdict_mark() are not modified by those functions, and
therefore should have datatype pointer-to-const. This both causes the
source-code to more effectively represent what is the purpose of the
parameter, and eliminates the need to cast away const-ness when calling
the functions with compilers that enforce strict casting. All existing
calling code should not need modification as pointer-to-X automatically
converts to pointer-to-const-X.
Signed-off-by: David Favro <netfilter@meta-dynamic.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
Now, we refer to nfq_set_verdict2() instead.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Alessandro Vessely <vesely@tana.it>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
* Several parameters are clarified.
* Several previously undocumented return-values are documented.
* nfq_set_verdict_mark() [now deprecated]: notes that mark is in
network byte order.
Signed-off-by: David Favro <netfilter@meta-dynamic.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch deprecates nfq_set_verdict_mark() in favour of
nfq_set_verdict2() which does exactly the same but it also
convert the mark value from host-byte order to network-byte
order as expected by nfnetlink_queue.
I know, this is hackish, but I prefer adding new functions
instead of API versioning which is also ugly.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* DETAILS_AT_TOP is deprecated and newer versions of
doxygens are warning about this. Remove this option.
* Empty HTML_HEADER as newer versions of doxygen check
if the file exists and fail if it doesn't. Looking at
the history of this project the file never existed.
* This continues to work with doxygen 1.5.6.
Signed-off-by: Holger Hans Peter Freyther <zecke@selfish.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
It has never been finished and nowadays people should be using
libnfnetlink_queue directly anyways. In case someone wants to
finish it, it can easily be restored from the history.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
| |
This patch adds a minor notice to warn developers that its
application needs CAP_NET_ADMIN in order to send to and receive
packets from kernel-space.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch replaces the nfnl_talk() calls by the newer nfnl_query().
This patch also disables netlink sequence tracking by default.
Spurious race conditions in the sequence tracking may occur while
creating queues and receiving high load of packets at the same time.
Reported-by: Anton Vazir <anton.vazir@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This adds the hardware source address, physindev and physoutdev support
to nfqnl_test
Signed-off-by: Bart De Schuymer <bdschuym@pandora.be>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
|
| |
This patch puts the doxygen config file into diet since it was
bloated with tons of comments. If we need help, we can go look
for the official documentation instead of consuming ~50KB.
With this patch, the file results in ~5KB.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
This patch adds a doxygen configuration file which is generated by
the configure script.
|
|
|
|
|
|
|
| |
This patch modifies the documentation format to switch to doxygen
format. This leads to a interesting and useful output. An example
can be found at the following url:
http://www.nufw.org/doc/libnetfilter_queue/
|
|
|
|
|
|
|
|
| |
nfnl_close() is calling nfnl_subsys_close() for all available
subsys. Thus it is not necessary to call it in the nfq_close()
function.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
This patch modifies the example program to use nfq_fd function
instead of call to nfnetlink function.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
This patch modifies a function to have through the file. Data length
variable was named data_len everywhere but in this function.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
This patch adds documentation for functions that were not existing
when the documentation was initially made. It also fixes some minor
typos.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the documentation that Brad Fisher <brad@info-link.net>
made time ago, you can get the original post from:
http://lists.netfilter.org/pipermail/netfilter-devel/2006-February/023286.html
This patch contains documentation that I did not have time to review in deep
yet. However, several developers has refered to this documentation as a good
kick-off to start developing applications for libnetfilter_queue.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
Use `make check' to compile the examples in utils/
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|\ |
|
| |\ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
mark functions as extern C
This is needed when #included from C++.
Reported-by: Simon <turner25@gmail.com>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |/
|/|
| |
| | |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|/ |
|
|
|
|
| |
fix compilation issues on newer toolchains
|
| |
|
| |
|
| |
|
|
|
|
| |
file to compile the conntrack tool
|
| |
|
| |
|