| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Typically security contexts are not 'u32' sized but strings, for example
'system_u:object_r:my_http_client_packet_t:s0'.
Fix length validation check to allow any context sizes.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
| |
Without this patch, '\n"' rendered as '0' in e.g. man nfq_create_queue
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
doxygen/Makefile was erroneously depending on Makefile.am when it should have
depended on itself.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Replace shell function call with a list of sources
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
`make distcleancheck` was not passing before this patchset. Now fixed.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
| |
- Move doxygen.cfg.in to doxygen/
- Tell doxygen.cfg.in where the sources are
- Let doxygen.cfg.in default its output to CWD
- In Makefile, `doxygen doxygen.cfg` "just works"
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- If there is a "Modules" section, delete it
- If "Detailed Description" is empty, delete "Detailed Description" line
- Reposition SYNOPSIS (with headers that we inserted) to start of page,
integrating with defined functions to look like other man pages
- Delete all "Definition at line nnn" lines
- Delete lines that make older versions of man o/p an unwanted blank line
For better readability, shell function definitions are separated by blank
lines, and there is a bit of annotation.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Split off shell script from within doxygen/Makefile.am into
doxygen/build_man.sh.
This patch by itself doesn't fix anything.
The patch is only for traceability, because diff patch format is not very good
at catching code updates and moving code together.
Therefore the script is exactly as it was; it still looks a bit different
because of having to un-double doubled-up $ signs, remove trailing ";/" and so
on.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In order to work with the post-processing logic in doxygen/Makefile.am,
SYNOPSIS sections must be inserted at the end of the module description
(text after \defgroup or \addtogroup)
(becomes Detailed Description in the man page).
Also a few minor updates including rename module uselessfns to do_not_use.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
Emit a warning to notify users that this file is deprecated.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
./configure
Also fix bogus "Doxygen not found ..." warning if --without-doxygen given
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There used to be 3 things in doxygen/Makefile.am that developers had to update:
1. The dependency list (i.e. all C sources)
2. The setgroup lines, which renamed each module man page to be the page for the
first described function. setgroup also set the target for:
3. The add2group lines, which symlinked pages for other documented functions
in the group.
The new system eliminates all of the above.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
nf_conntrack_netlink.h does not exist, refer to nfnetlink_conntrack.h instead.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
Clarify that NFQA_CT requires the CTA_* attribute definitions in
nfnetlink_conntrack.h
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
Add private helper function to set up the pkt_buff object.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The main fix is to move fixmanpages.sh to inside doxygen/Makefile.am.
This means that in future, developers need to update doxygen/Makefile.am
when they add new functions and source files, since fixmanpages.sh is deleted.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Acked-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This corrects issues in IPv6 header handling that sometimes resulted
in an endless loop.
Signed-off-by: Etan Kissling <etan_kissling@apple.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
Add support for processing ICMP packets using pkt_buff, similar to
existing library support for TCP and UDP.
Signed-off-by: Etan Kissling <etan_kissling@apple.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
-l is a library selection, needs to go into _LDADD/_LIBADD.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
src/extra/checksum.c had a stray group close sequence at the end.
(Spotted after sending doxygen o/p to /dev/null)
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
doxygen.cfg only needs to contain non-default options.
Removing other options shaves 4KB (off a 5KB file).
Also remove options that are obsolete at the latest doxygen release:
PERL_PATH, MSCGEN_PATH and PAPER_TYPE=a4wide (defaults to a4).
While being about it, send doxygen stdout to /dev/null to make (future)
warnings easier to see.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Tested-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Otherwise make distcheck does not include this script.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
doxygen documentation was not enabled in previous releases, let's
recover this default behaviour. This is implicitly fixing up `make
distcheck' to build the tarballs.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
Allows to turn off doxygen even if its installed, via
--without-doxygen.
Default is to probe for doxygen presence (--with-doxygen).
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
| |
Also bump libtool version, we added new interfaces, but nothing
was removed.
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
| |
AC_OUTPUT must be done after HAVE_DOXYGEN variable has been set, else
the varable substitution in doxygen/Makefile.in doesn't work and the
Makefile always contains the supposedly conditional section.
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
| |
Silly, since its easy to fetch this via libmnl.
Unfortunately there is a large number of software that uses the old
API, so add a helper to return the attribute.
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
| |
Move static nfq_hdr_put from examples/nf-queue.c into the library since
everyone is going to want it. Also rename nfq_hdr_put to nfq_nlmsg_put.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This enables one to enter "man <any nfq function>" and get the appropriate
group man page created by doxygen.
- New makefile in doxygen directory. Rebuilds documentation if any sources
change that contain doxygen comments, or if fixmanpages.sh changes
- New shell script fixmanpages.sh which
- Renames each group man page to the first function listed therein
- Creates symlinks for subsequently listed functions (if any)
- Deletes _* temp files
- Update top-level makefile to visit new subdir doxygen
- Update top-level configure to only build documentation if doxygen installed
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
| |
In struct pkt_buff, we only ever needed any 2 of len, data and tail.
This has caused bugs in the past, e.g. commit 8a4316f31.
Delete tail, and where the value of pktb->tail was required,
use new pktb_tail() function.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
head and data always had the same value.
head was in the minority, so replace with data where it was used.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
In pktb_alloc, declare struct ethhdr *ethhdr at function start,
thus avoiding cute braces on case AF_BRIDGE.
This costs nothing and generates less code.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Remember to subtract the TCP header length.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Ensure all functions that return something have a \returns
- Demote more checksum functions to their own groups
(reduces number of functions on main pages)
- Clarify wording where appropriate
- Add \sa (see also) where appropriate
- Fix documented function name for nfq_tcp_get_hdr
(no other mismatches noticed, but there may be some)
- Add warnings regarding changing length of tcp packet
- Make group names unique within libnetfilter_queue
(else man pages would be overwritten)
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
All remaining instances of pkt refer to something other than a pkt_buff.
In the prototype for nfq_nlmsg_parse, pkt is changed to attr.
Inconsistent whitespace in headers has been left for another day.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Change items of the form #<word> to "\b <word>".
(#<word> is rather obscurely documented to be a reference to a documented
entity)
- Re-work text wrapping in above change to keep lines within 80cc
- Add 2 missing \param directives
12 warnings fixed
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
- Add 5 opaque or internal items to the EXCLUDE_SYMBOLS list
- Remove 4 obsolete configuration lines
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
- Update prototype
- Update doxygen documentation
- Update declaration
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
- Fix calculation of header length
- Upgrade calculation of payload length: Allow for extra headers before
the UDP header.
- Delete "sum += ... s6_addr16[i] >> 16" lines, since uint16_t >> 16 == 0
- Use upgraded payload length in pseudo-header
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Make it clear that packet buffer is the user-space one
- Use \returns for all return values
- Make function names in doc agree with prototypes
- Make number and names of params in doc agree with prototypes
- Divide functions into a hierarchy:
top-level: Functions all programs that modify data will use
(nfq_udp_snprintf is optional)
2nd-level: Rarely-used (except internally) functions
- Add see-also snprintf
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
