| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds security context information structures
and functions.
This will allow userspace to find the security context of each
packet (if it exists) and make decisions based on that.
It should work for SELinux and SMACK.
Signed-off-by: Roman Kubiak <r.kubiak@samsung.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Felix Janda <felix.janda@posteo.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This patch allows to stablish the number of the queue that
we want to read the packets.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
| |
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
| |
[ Mangled this patch to indicate that this kernel does not support
UID/GID retrieval not to confuse users --pablo ]
Signed-off-by: Valentina Giusti <Valentina.Giusti@bmw-carit.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch documents the ENOBUFS error in the example file, that
is a common problem is that question over and over again in the
mailing list.
I (Pablo) have mangled this patch with some comestic cleanups. BTW,
Mistick Levi sent a similar patch in the same timeline (amazing how
sometimes the same works can clash).
Signed-off-by: Alessandro Vesely <vesely@tana.it>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'data' parameter to nfq_get_payload() returns pointer to unsigned
char (rather than signed char) to make it consistent with the 'buf'
parameter of nfq_set_verdict(), nfq_set_verdict2(), and
nfq_set_verdict_mark(), all of which refer to the same data. Either
signed or unsigned is fine, but they should be consistent as the output
of nfq_get_payload() may be passed back into nfq_set_verdict*(); in that
case, this change eliminates the need for typecasting in the calling
code when using compilers that enforce strict typecasting.
Signed-off-by: David Favro <netfilter@meta-dynamic.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This adds the hardware source address, physindev and physoutdev support
to nfqnl_test
Signed-off-by: Bart De Schuymer <bdschuym@pandora.be>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
| |
This patch modifies the example program to use nfq_fd function
instead of call to nfnetlink function.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
| |
fix compilation issues on newer toolchains
|
| |
|
|
|
|
| |
prefix
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|