| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Fix spelling of "humnan" and name nfq_pkt_snprintf_tcp_hdr
in description of nfq_tcp_snprintf. Same fix for nfq_udp_snprintf.
Reported-by: "G.W. Haywood" <ged@jubileegroup.co.uk>
Fixes: f40eabb01163 ("add pkt_buff and protocol helper functions")
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Change the order of gcc arguments following the discussion starting at
https://www.spinics.net/lists/netfilter-devel/msg90612.html.
[ Remove debugging options from original patch. --pablo ]
Reported-by: "G.W. Haywood" <ged@jubileegroup.co.uk>
Fixes: f0eb6a9c15a5 ("src: doc: Update the Main Page to be nft-focussed")
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
| |
Without this patch, the doxygen bug workaround in the previous commit is
ineffective since the test for doxygen's being a target version always
fails.
Fixes: 60aa4279fabf ("build: doc: Fix `fprintf` in man pages from using single quotes")
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
For example, `man nfq_open` shows
fprintf(stderr, 'error during nfq_open()\n');
where the single-quotes should be double-quotes (and are in the HTML).
This doxygen bug appeared in doxygen 1.9.2.
It is fixed in doxygen 1.13.0 (not yet released).
Fixes: 088c883bd1ca ("build: doc: Update build_man.sh for doxygen 1.9.2")
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
commit 9f52afa60839 ("build: doc: Fix rendering of verbatim '\n"' in man
pages") worked around a doxygen bug which was fixed at doxygen 1.9.
Applying the workaround to output from a fixed doxygen version reintroduced
the bug.
Update build_man.sh to record doxygen version and only apply workaround
if that version is broken.
Fixes: 9f52afa60839 ("build: doc: Fix rendering of verbatim '\n"' in man pages")
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
| |
Search for exact match of ".RI" had a '\' to escape '.' from the regexp
parser but was missing another '\' to escape the 1st '\' from shell.
Had not yet caused a problem but might as well do things correctly.
Fixes: 6d17e6daa1757 ("build: Speed up build_man.sh")
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
| |
|
|
|
|
|
|
|
| |
0c5e5fb introduced struct nfqnl_q_handle *qh_list which can point to
dynamically acquired memory. Without this patch, that memory is not freed.
Fixes: 0c5e5fb15205 ("sync with all 'upstream' changes in libnfnetlink_log")
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
| |
doxygen/Makefile.am now installs libnetfilter_queue.7 in the man tree.
Fixes: b35f537bd69b ("make the HTML main page available as `man 7 libnetfilter_queue`")
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Build_man.sh runs more than 10x as fast as it used to on a system with 16
cpus, and over 3x as fast on a system with 2 cpus. Overall cpu use is
reduced to about half what it was on any system. Much of this comes from
using ed in place of head, tail, cut &c. Using ed eliminates having to have
temp files, so edits can be backgrounded to reduce elapsed time.
Specifics:
- Split off inserting "See also" from make_man7().
make_man7 had its own for loop over real man pages to insert
"See also" lines. Put the code in a function and call it from the for
loop in post_process() instead. Eliminates `find man/man3 -type f`
which depended on make_symlinks().
- Background make_symlinks now it has no dependants.
- Re-implement rename_real_pages().
Use ed to extract the name of the first documented function from each
real man page instead of using grep in a for loop over the man links.
- del_bogus_synopsis() removes the lines that del_modules() would, so run
del_bogus_synopsis first and only run del_modules if del_bogus_synopsis
fails to delete anything (doxygen older than 1.8.20).
- Run make_man7() in background early on.
- Modify fix_name_line() to not use the temp files and background it.
fix_name_line still needs to work on a shortened target file but use
../$target.tmp instead of $fileC. (Put the uniquely-named temp file in
parent directory so as to not disturb `ls -S`).
- Streamline mygrep to not use any files and only return linnum.
Only fix_name_line used the found line in $fileG.
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
| |
Without #include <stdbool.h>, compilation will fail if pktbuff.h is
included early enough.
Fixes: ffa83b5968b5 ("add mangle functions for IPv4/TCP and IPv4/UDP")
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
| |
i.e. this one:
> -^I^I^I struct nfq_data *nfad, char *name);$
> +^I^I^I^I struct nfq_data *nfad, char *name);$
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
| |
Enable mnl programs to get an explicit acknowledgement of whether a
configuration request has been accepted.
(nfnl programs do this already).
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
2 items:
1. frag_off (Fragment Offset pointer) overshot by 2 bytes because of adding
offsetof() to it *after* it had been cast to uint16_t *.
2. Need to mask off LS 3 bits of ip6f_offlg *after* call to htons.
Fixes: a0c885ae5a79 ("add pkt_buff and protocol helper functions")
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this patch, man page users can miss important general information.
The HTML display stays as it was.
The man3 pages are updated to reference libnetfilter_queue.7.
build_man.sh must be invoked with arguments to activate man7 generation,
so will continue to work in other projects as before.
build_man.sh remains generic,
so should be able to make man7 pages for other netfilter projects.
v2: Change commit message from "how" to "why"
v3: Confine man page generation to build_man.sh per Pablo request;
Add build_man.sh to doxyfile.stamp dependencies (should have always been)
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
| |
s/destionation/destination
Fixes: 9a8e4c36188d ("examples: nf-queue: add more comments to this example")
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Add more comments to describe the nf-queue example that is based on
libmnl.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pktb_setup_raw() is a new function to initialise a new struct pkt_buff.
It takes the memory area to be used to store pkt_buff structure and the
data. Data is attached to the packet buffer (not copied), ie. the packet
buffer data points to the provided data pointer.
pktb_head_size() is a new function to return the amount of memory to
reserve for a new struct pkt_buff.
Extend documentation pon pktb_alloc().
Mostly original patch from Duncan Roe <duncan_roe@optusnet.com.au>.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
doxygen 1.9.5 complains about DOT_TRANSPARENT, removed.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
| |
Use a more modern alternative to bzip2.
Suggested-by: Jan Engelhardt <jengelh@inai.de>
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
| |
|
|
|
|
|
|
|
|
|
| |
The use of /bin/bash has been reported as a problem during a cross build of
libmnl with a build system running macOS or BSD.
build_man.sh is intended to be usable in a build, so don't start
with #!/bin/bash.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
| |
Fixes: c3bada27b1db ("examples: print hwaddr attribute if present")
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Function del_def_at_lines() removes lines of the form:
Definition at line <nnn> of file ...
At doxygen 1.9.2, <nnn> is displayed in bold, so upgrade the regex to match
an optional bold / normal pair around <nnn>
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There was a bug in 5.15 where HWADDR was included even if mac_header
start was same as network header.
In that case, userspace would get network header re-interpreted as a
mac address, i.e. hw->hw_addr[] set to network_header + 6 in ethernet
case.
Dump hwaddr if present.
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libnetfilter_queue is unique among the netfilter libraries in having a
module hierarchy.
If 'dot' is available, Doxygen will make an interactive diagram for a
module with a child or a parent, allowing users to conveniently move up
and down the hierarchy.
Update configure to output a warning if 'dot' is not installed and html
was requested.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New default action is: run doxygen (if installed) to produce man pages only.
This adds 124 KB to the build tree (and to the install tree, after
`make install`).
For finer control of built documentation, the old --with-doxygen configure
option is removed. Instead there are 2 new options:
--enable-html-doc # +1160 KB
--disable-man-pages # -124 KB
If doxygen is not installed, configure outputs a warning that man pages will not
be built. configure --disable-man-pages avoids this warning.
After --enable-html-doc
- `make install` installs built pages in htmldir instead of just leaving them
in the build tree.
- If the 'dot' program is not installed, configure outputs a warning that
interactive diagrams will be missing and to install graphviz to get them.
(There is an interactive diagram at the head of some modules, e.g.
User-space network packet buffer).
[ a few configure.ac edits to keep it in sync with libnetfilter_log --pablo]
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
doxygen.cfg moves to doxygen/; add generated files
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
An empty Detailed Description is 3 lines long but a short (1-para) DD is also 3
lines. Check that the 3rd line really is empty.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
| |
Typically security contexts are not 'u32' sized but strings, for example
'system_u:object_r:my_http_client_packet_t:s0'.
Fix length validation check to allow any context sizes.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
| |
Without this patch, '\n"' rendered as '0' in e.g. man nfq_create_queue
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
doxygen/Makefile was erroneously depending on Makefile.am when it should have
depended on itself.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Replace shell function call with a list of sources
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
`make distcleancheck` was not passing before this patchset. Now fixed.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
| |
- Move doxygen.cfg.in to doxygen/
- Tell doxygen.cfg.in where the sources are
- Let doxygen.cfg.in default its output to CWD
- In Makefile, `doxygen doxygen.cfg` "just works"
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- If there is a "Modules" section, delete it
- If "Detailed Description" is empty, delete "Detailed Description" line
- Reposition SYNOPSIS (with headers that we inserted) to start of page,
integrating with defined functions to look like other man pages
- Delete all "Definition at line nnn" lines
- Delete lines that make older versions of man o/p an unwanted blank line
For better readability, shell function definitions are separated by blank
lines, and there is a bit of annotation.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Split off shell script from within doxygen/Makefile.am into
doxygen/build_man.sh.
This patch by itself doesn't fix anything.
The patch is only for traceability, because diff patch format is not very good
at catching code updates and moving code together.
Therefore the script is exactly as it was; it still looks a bit different
because of having to un-double doubled-up $ signs, remove trailing ";/" and so
on.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In order to work with the post-processing logic in doxygen/Makefile.am,
SYNOPSIS sections must be inserted at the end of the module description
(text after \defgroup or \addtogroup)
(becomes Detailed Description in the man page).
Also a few minor updates including rename module uselessfns to do_not_use.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
Emit a warning to notify users that this file is deprecated.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
./configure
Also fix bogus "Doxygen not found ..." warning if --without-doxygen given
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There used to be 3 things in doxygen/Makefile.am that developers had to update:
1. The dependency list (i.e. all C sources)
2. The setgroup lines, which renamed each module man page to be the page for the
first described function. setgroup also set the target for:
3. The add2group lines, which symlinked pages for other documented functions
in the group.
The new system eliminates all of the above.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
nf_conntrack_netlink.h does not exist, refer to nfnetlink_conntrack.h instead.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
Clarify that NFQA_CT requires the CTA_* attribute definitions in
nfnetlink_conntrack.h
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
Add private helper function to set up the pkt_buff object.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The main fix is to move fixmanpages.sh to inside doxygen/Makefile.am.
This means that in future, developers need to update doxygen/Makefile.am
when they add new functions and source files, since fixmanpages.sh is deleted.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Acked-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This corrects issues in IPv6 header handling that sometimes resulted
in an endless loop.
Signed-off-by: Etan Kissling <etan_kissling@apple.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
Add support for processing ICMP packets using pkt_buff, similar to
existing library support for TCP and UDP.
Signed-off-by: Etan Kissling <etan_kissling@apple.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
-l is a library selection, needs to go into _LDADD/_LIBADD.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
