| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The payload parameters to nfq_set_verdict(), nfq_set_verdict2(), and
nfq_set_verdict_mark() are not modified by those functions, and
therefore should have datatype pointer-to-const. This both causes the
source-code to more effectively represent what is the purpose of the
parameter, and eliminates the need to cast away const-ness when calling
the functions with compilers that enforce strict casting. All existing
calling code should not need modification as pointer-to-X automatically
converts to pointer-to-const-X.
Signed-off-by: David Favro <netfilter@meta-dynamic.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
Now, we refer to nfq_set_verdict2() instead.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Alessandro Vessely <vesely@tana.it>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
* Several parameters are clarified.
* Several previously undocumented return-values are documented.
* nfq_set_verdict_mark() [now deprecated]: notes that mark is in
network byte order.
Signed-off-by: David Favro <netfilter@meta-dynamic.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch deprecates nfq_set_verdict_mark() in favour of
nfq_set_verdict2() which does exactly the same but it also
convert the mark value from host-byte order to network-byte
order as expected by nfnetlink_queue.
I know, this is hackish, but I prefer adding new functions
instead of API versioning which is also ugly.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This patch adds a minor notice to warn developers that its
application needs CAP_NET_ADMIN in order to send to and receive
packets from kernel-space.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch replaces the nfnl_talk() calls by the newer nfnl_query().
This patch also disables netlink sequence tracking by default.
Spurious race conditions in the sequence tracking may occur while
creating queues and receiving high load of packets at the same time.
Reported-by: Anton Vazir <anton.vazir@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch modifies the documentation format to switch to doxygen
format. This leads to a interesting and useful output. An example
can be found at the following url:
http://www.nufw.org/doc/libnetfilter_queue/
|
|
|
|
|
|
|
|
| |
nfnl_close() is calling nfnl_subsys_close() for all available
subsys. Thus it is not necessary to call it in the nfq_close()
function.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
This patch modifies a function to have through the file. Data length
variable was named data_len everywhere but in this function.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
This patch adds documentation for functions that were not existing
when the documentation was initially made. It also fixes some minor
typos.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the documentation that Brad Fisher <brad@info-link.net>
made time ago, you can get the original post from:
http://lists.netfilter.org/pipermail/netfilter-devel/2006-February/023286.html
This patch contains documentation that I did not have time to review in deep
yet. However, several developers has refered to this documentation as a good
kick-off to start developing applications for libnetfilter_queue.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Florath)
|
|
|
|
|
|
|
|
|
|
|
| |
1) make libnfnetlink dynamically allocate it's handles
2) apply that change throughout libnetfilter_*
3) add {nfq,nflog,nfct}_open_nfnl() functions that open
the specific subsystem on top of an existing nfnl_handle,
which is required for upcoming libnetfilter_conntrack_helper
The changes break ABI and API compatibility of libnfnetlink, but don't
break ABI or API compatibility of the libnetfilter_* libraries.
|
| |
|
| |
|
|
|
|
| |
prefix
|
| |
|
| |
|
|
|