| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Add private helper function to set up the pkt_buff object.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The main fix is to move fixmanpages.sh to inside doxygen/Makefile.am.
This means that in future, developers need to update doxygen/Makefile.am
when they add new functions and source files, since fixmanpages.sh is deleted.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Acked-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This corrects issues in IPv6 header handling that sometimes resulted
in an endless loop.
Signed-off-by: Etan Kissling <etan_kissling@apple.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
Add support for processing ICMP packets using pkt_buff, similar to
existing library support for TCP and UDP.
Signed-off-by: Etan Kissling <etan_kissling@apple.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
-l is a library selection, needs to go into _LDADD/_LIBADD.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
src/extra/checksum.c had a stray group close sequence at the end.
(Spotted after sending doxygen o/p to /dev/null)
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
doxygen.cfg only needs to contain non-default options.
Removing other options shaves 4KB (off a 5KB file).
Also remove options that are obsolete at the latest doxygen release:
PERL_PATH, MSCGEN_PATH and PAPER_TYPE=a4wide (defaults to a4).
While being about it, send doxygen stdout to /dev/null to make (future)
warnings easier to see.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Tested-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
Otherwise make distcheck does not include this script.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
doxygen documentation was not enabled in previous releases, let's
recover this default behaviour. This is implicitly fixing up `make
distcheck' to build the tarballs.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
Allows to turn off doxygen even if its installed, via
--without-doxygen.
Default is to probe for doxygen presence (--with-doxygen).
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
| |
Also bump libtool version, we added new interfaces, but nothing
was removed.
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
| |
AC_OUTPUT must be done after HAVE_DOXYGEN variable has been set, else
the varable substitution in doxygen/Makefile.in doesn't work and the
Makefile always contains the supposedly conditional section.
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
| |
Silly, since its easy to fetch this via libmnl.
Unfortunately there is a large number of software that uses the old
API, so add a helper to return the attribute.
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
| |
Move static nfq_hdr_put from examples/nf-queue.c into the library since
everyone is going to want it. Also rename nfq_hdr_put to nfq_nlmsg_put.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This enables one to enter "man <any nfq function>" and get the appropriate
group man page created by doxygen.
- New makefile in doxygen directory. Rebuilds documentation if any sources
change that contain doxygen comments, or if fixmanpages.sh changes
- New shell script fixmanpages.sh which
- Renames each group man page to the first function listed therein
- Creates symlinks for subsequently listed functions (if any)
- Deletes _* temp files
- Update top-level makefile to visit new subdir doxygen
- Update top-level configure to only build documentation if doxygen installed
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
|
|
| |
In struct pkt_buff, we only ever needed any 2 of len, data and tail.
This has caused bugs in the past, e.g. commit 8a4316f31.
Delete tail, and where the value of pktb->tail was required,
use new pktb_tail() function.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
head and data always had the same value.
head was in the minority, so replace with data where it was used.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
In pktb_alloc, declare struct ethhdr *ethhdr at function start,
thus avoiding cute braces on case AF_BRIDGE.
This costs nothing and generates less code.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
Remember to subtract the TCP header length.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Ensure all functions that return something have a \returns
- Demote more checksum functions to their own groups
(reduces number of functions on main pages)
- Clarify wording where appropriate
- Add \sa (see also) where appropriate
- Fix documented function name for nfq_tcp_get_hdr
(no other mismatches noticed, but there may be some)
- Add warnings regarding changing length of tcp packet
- Make group names unique within libnetfilter_queue
(else man pages would be overwritten)
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
All remaining instances of pkt refer to something other than a pkt_buff.
In the prototype for nfq_nlmsg_parse, pkt is changed to attr.
Inconsistent whitespace in headers has been left for another day.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Change items of the form #<word> to "\b <word>".
(#<word> is rather obscurely documented to be a reference to a documented
entity)
- Re-work text wrapping in above change to keep lines within 80cc
- Add 2 missing \param directives
12 warnings fixed
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
- Add 5 opaque or internal items to the EXCLUDE_SYMBOLS list
- Remove 4 obsolete configuration lines
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
- Update prototype
- Update doxygen documentation
- Update declaration
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
- Fix calculation of header length
- Upgrade calculation of payload length: Allow for extra headers before
the UDP header.
- Delete "sum += ... s6_addr16[i] >> 16" lines, since uint16_t >> 16 == 0
- Use upgraded payload length in pseudo-header
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Make it clear that packet buffer is the user-space one
- Use \returns for all return values
- Make function names in doc agree with prototypes
- Make number and names of params in doc agree with prototypes
- Divide functions into a hierarchy:
top-level: Functions all programs that modify data will use
(nfq_udp_snprintf is optional)
2nd-level: Rarely-used (except internally) functions
- Add see-also snprintf
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
Remember to subtract the UDP header length.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updated:
src/nlmsg.c - Document NF_DROP, NF_ACCEPT, NF_STOP, NF_REPEAT and
NF_QUEUE_NR(new_queue).
- Make line number of examples/nf-queue.c into a hyperlink.
- Add hint that "cb" in function names is short for "callback".
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
Updated:
src/nlmsg.c: Update nfq_nlmsg_verdict_put_pkt() sample code to use pktb_len()
as recommended in src/extra/pktbuff.c, pktb_len() doco
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Divide functions into a hierarchy:
top-level: Functions all programs that modify data will use
2nd-level: Rarely-used functions
3rd-level: Functions not to use (should have been declared static)
Only the top-level functions appear on the "User-space network packet buffer"
page, which looks a lot less daunting than it used to.
Parameter descriptions all match prototypes
All non-void functions have a "Returns" paragraph
Code change:
pktb_alloc: set errno to EPROTONOSUPPORT before doing error return because
protocol is not supported
Detailed other updates (top-level)
pktb_alloc: - Add "Errors" para
- Add "See also" para
pktb_data, pktb_len: Add "appropriate use" line
pktb_mangle: Add warning to use a different function unless mangling MAC hddr
pktb_mangled: Add usage hint line
Detailed other updates (2nd-level)
pktb_mac_header: Point out only for AF_BRIDGE
pktb_tailroom: Point out no dynamic expansion
pktb_transport_header: Add note that programmer must code to set this
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updated:
src/extra/ipv6.c: Only test the first 4 bits of the putative IPv6 header to be
6, since all the other bits are up for grabs.
(I have seen nonzero Flow Control on the local interface and
RFC2474 & RFC3168 document Traffic Class use).
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
The removed code sent configuration commands NFQNL_CFG_CMD_PF_UNBIND &
NFQNL_CFG_CMD_PF_BIND which the kernel required prior to 3.8.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updated:
src/extra/pktbuff.c: If pktb was created in family AF_BRIDGE, then pktb->len
will include the bytes in the network header.
So set the IPv4 length to "tail - network_header"
rather than len
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At least on the local interface, the MAC header of an IPv6 packet specifies
IPv6 protocol (rather than IP). This surprised me, since the first octet of
the IP datagram is the IP version, but I guess it's an efficiency thing.
Without this patch, pktb_alloc() returns NULL when an IPv6 packet is
encountered.
Updated:
src/extra/pktbuff.c: - Treat ETH_P_IPV6 the same as ETH_P_IP.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this patch, AF_INET6 pktb_alloc() creates a pktb with NULL
network_header. But in src/extra/ipv6.c, nfq_ip6_get_hdr() assumes that
pktb->network_header is valid.
Updated:
src/extra/pktbuff.c: Treat AF_INET6 the same as AF_INET.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
skb->tail is used in many places, so it's important to keep it up to date.
Updated:
src/extra/pktbuff.c: Fix pktb_trim()
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updated:
src/extra/ipv4.c: - Rename pkt formal arg of nfq_ip_mangle to pktb
(to match all other struct pkt_buff args)
- Make it clear that packet buffer is the user-space one
- Sentence-case all parameter descriptions
- Fix \param 3 of nfq_pkt_snprintf_ip to match prototype
- Revised description of nfq_pkt_snprintf_ip for English
usage, but left the "strange behaviour" bit at the end.
(I know kernel developers hate snprintf: the purpose of the
return code was not a blanket buffer overrun check but
rather an amount to subtract from the size argument to the
next snprintf call.
It was therefore a bit of a screw-up to have snprintf take
an unsigned size_t argument so the -ve size looks like a
huge +ve one and snprintf keeps writing :(
The programmer needs to use a signed type for size and
explicitly test it for still being +ve before every
snprintf call; with ssize_t, snprintf could have done
nothing and returned zero with a -ve size so the
programmer only needs to check right at the end.
Ah well...)
src/extra/ipv6.c: - Use \returns for all return values
- Fix \param 3 of nfq_ip6_snprintf to match prototype
- Sentence-case all parameter descriptions
- Change IPv4 to IPv6 in a comment
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|