summaryrefslogtreecommitdiffstats
path: root/src/nlmsg.c
Commit message (Collapse)AuthorAgeFilesLines
* src: Add nfq_nlmsg_put2() - user specifies header flagsDuncan Roe2023-12-061-1/+57
| | | | | | | | | Enable mnl programs to get an explicit acknowledgement of whether a configuration request has been accepted. (nfnl programs do this already). Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libnetfilter_queue: src/nlmsg.c: SECCTX can be of any lengthTopi Miettinen2021-09-201-1/+1
| | | | | | | | | | Typically security contexts are not 'u32' sized but strings, for example 'system_u:object_r:my_http_client_packet_t:s0'. Fix length validation check to allow any context sizes. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> Signed-off-by: Florian Westphal <fw@strlen.de>
* src: doc: Insert SYNOPSIS sections for man pagesDuncan Roe2021-08-151-0/+28
| | | | | | | | | | | | In order to work with the post-processing logic in doxygen/Makefile.am, SYNOPSIS sections must be inserted at the end of the module description (text after \defgroup or \addtogroup) (becomes Detailed Description in the man page). Also a few minor updates including rename module uselessfns to do_not_use. Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: expose nfq_nlmsg_putDuncan Roe2020-02-241-3/+25
| | | | | | | | Move static nfq_hdr_put from examples/nf-queue.c into the library since everyone is going to want it. Also rename nfq_hdr_put to nfq_nlmsg_put. Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: doc: Final polish for current roundDuncan Roe2020-01-101-3/+1
| | | | | | | | | | | | | | | | - Ensure all functions that return something have a \returns - Demote more checksum functions to their own groups (reduces number of functions on main pages) - Clarify wording where appropriate - Add \sa (see also) where appropriate - Fix documented function name for nfq_tcp_get_hdr (no other mismatches noticed, but there may be some) - Add warnings regarding changing length of tcp packet - Make group names unique within libnetfilter_queue (else man pages would be overwritten) Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: doc: Fully document available verdictsDuncan Roe2019-12-091-2/+30
| | | | | | | | | | | | Updated: src/nlmsg.c - Document NF_DROP, NF_ACCEPT, NF_STOP, NF_REPEAT and NF_QUEUE_NR(new_queue). - Make line number of examples/nf-queue.c into a hyperlink. - Add hint that "cb" in function names is short for "callback". Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: doc: Update sample code to agree with documentationDuncan Roe2019-12-091-3/+2
| | | | | | | | | | Updated: src/nlmsg.c: Update nfq_nlmsg_verdict_put_pkt() sample code to use pktb_len() as recommended in src/extra/pktbuff.c, pktb_len() doco Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: doc: Document nfq_nlmsg_verdict_put_mark() and nfq_nlmsg_verdict_put_pkt()Duncan Roe2019-10-301-1/+44
| | | | | | | This completes the "Verdict helpers" module. Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Florian Westphal <fw@strlen.de>
* src: Enable clang buildDuncan Roe2019-10-081-9/+9
| | | | | | | | | | | | | | | | Modify the definition and use of EXPORT_SYMBOL as was done for libmnl in commit 444d6dc9. Additionally, avoid generating long (>80ch) lines when inserting EXPORT_SYMBOL. Finally, re-align multi-line parameter blocks with opening parenthesis. [ I have mangled the original patch to not split the function definition and its return value. --pablo ] Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: doc: Miscellaneous updatesDuncan Roe2019-10-081-9/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (These updates only cover functions used in a recent project) src/extra/ipv4.c: - nfq_ip_set_transport_header(): Add explanatory notes - nfq_ip_mangle() - Advise that there is a return code - Note that IPv4 length is updated as well as checksum src/extra/pktbuff.c: - pktb_alloc(): Minor rewording (English usage) - pktb_mangle(): Document src/extra/udp.c: - nfq_udp_get_hdr(): Fix params - nfq_udp_get_payload(): Fix params - nfq_udp_get_payload_len(): Fix params - nfq_udp_mangle_ipv4(): Rewrite documentation src/nlmsg.c: - nfq_nlmsg_verdict_put(): Document - nfq_nlmsg_cfg_put_cmd(): - Change name (was: nfq_nlmsg_cfg_build_request) - Fix params - Delete function return documentation (void fn) - nfq_nlmsg_cfg_put_params(); Document (params only) - nfq_nlmsg_cfg_put_qmaxlen(): Document (params only) - nfq_nlmsg_parse: - Change name (was: nfq_pkt_parse) - Fix params Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Revert "src: Declare the define visibility attribute together"Pablo Neira Ayuso2017-04-141-7/+14
| | | | | | | | This reverts commit 58cb0668dc15c78cd3af9eeaedf29386e86ecac1. Prepare a new patch to keep this update consistent with libmnl. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: Declare the define visibility attribute togetherKhem Raj2017-04-141-14/+7
| | | | | | | | | clang ignores the visibility attribute if its not defined before the definition. As a result these symbols become hidden and consumers of this library fail to link due to these missing symbols. Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nlmsg: add lacking attributes validationKen-ichirou MATSUZAWA2015-10-051-0/+9
| | | | | | | | This patch adds four (actually two) attributes validation with comparing to current kernel header. Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add security context informationRoman Kubiak2015-06-301-0/+1
| | | | | | | | | | | | This commit adds security context information structures and functions. This will allow userspace to find the security context of each packet (if it exists) and make decisions based on that. It should work for SELinux and SMACK. Signed-off-by: Roman Kubiak <r.kubiak@samsung.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: PF_BIND/UNBIND is ignored in 3.8 and laterFlorian Westphal2014-04-241-1/+4
| | | | | | | | | | There is confusion on what this command actually does and why examples commonly PF_UNBIND at startup. Since these are obsolete document that its not needed starting with Linux 3.8. Signed-off-by: Florian Westphal <fw@strlen.de>
* src: add support for UID/GID socket infoValentina Giusti2014-01-081-0/+2
| | | | | | | | With this patch libnetfilter_queue is able to parse UID/GID socket information. Signed-off-by: Valentina Giusti <Valentina.Giusti@bmw-carit.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add new GSO handling capabilitiesFlorian Westphal2013-04-301-0/+2
| | | | | | allows userspace to ask for large gso packets via nfqueue. Signed-off-by: Florian Westphal <fw@strlen.de>
* src: update doxygen documentation for new API for libmnlPablo Neira Ayuso2012-08-201-2/+2
| | | | | | This patch updates the doxygen documentation for the new API. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add new libnetfilter_queue API for libmnlPablo Neira Ayuso2012-08-061-0/+174
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>