| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
The function may return -1 (and set errno). Assume it will leave
addr_len value unchanged, so checking is necessary to not hide the
error.
Fixes: 4248314d40187 ("nfnl: fix compilation warning with gcc-4.7")
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
|
|
|
|
|
|
|
|
| |
src/iftable.c: Update group description
src/libnfnetlink.c: - Re-work main page (which was based on the misconception
that this library always gets used)
- Update group description
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The documentation was written in the days before doxygen required groups or even
doxygen.cfg, so create doxygen.cfg.in and introduce one \defgroup per source
file, encompassing pretty-much the whole file.
Also add a tiny \mainpage.
Added:
doxygen.cfg.in: Same as for libmnl except FILE_PATTERNS = *.c libnfnetlink.h
Updated:
configure.ac: Create doxygen.cfg
src/iftable.c: Add defgroup
src/libnfnetlink.c: Add mainpage and defgroup
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Felix Janda <felix.janda@posteo.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
==12195== Syscall param socketcall.sendto(msg) points to uninitialised byte(s)
==12195== at 0x51209C3: __sendto_nocancel (syscall-template.S:81)
==12195== by 0x53E4D12: nfnl_send (libnfnetlink.c:391)
==12195== by 0x53E6952: nfnl_query (libnfnetlink.c:1569)
==12195== by 0x4E344AF: __build_send_cfg_msg.isra.1 (libnetfilter_log.c:143)
==12195== by 0x4E34710: nflog_bind_group (libnetfilter_log.c:413)
==12195== by 0x400CB1: main (nfulnl_test.c:77)
==12195== Address 0x7fefff3e9 is on thread 1's stack
This patch sets to zero the padding that is included to align the
attribute payload.
Reported-by: Ivan Homoliak <xhomol11@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
libnfnetlink.c: In function ‘nfnl_open’:
libnfnetlink.c:177:6: warning: variable ‘err’ set but not used [-Wunused-but-set-variable]
The getsockname value was not checked before. Better to check for errors, but
I prefer not to modify this behaviour. This library will enter EOL once all
netfilter libraries are fully ported to libmnl.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch updates the copyright header and remove one ambiguos
reference "incorporated herein by reference".
This patch does *not* change the licensing terms of this library.
It just clarifies it.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
Using exit from shared libraries is unwelcome (automated build systems
flag it) and one should rather return gracefully. Looking at this
particular spot however, while a
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
|
|
|
| |
static analysis (analysis based only on compiling of sources, not based on running of binary)
of the code revealed the following problem:
libnfnetlink.c:481: Taking the size of pointer parameter "nlh" is suspicious.
libnfnetlink.c:486: Taking the size of pointer parameter "nlh" is suspicious.
Signed-off-by: Jiri Popelka <jpopelka@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
| |
This patch adds the function nfnl_addattr8() as it has been requested
by Jozsef Kadlecsik, he needs it for his Netlink-port of ipset.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch adds the new interface nfnl_portid() to retrieve the
Netlink portID that has been assigned to a given socket.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a couple of functions to enable and disable netlink
sequence tracking. Since nfqueue goes over a unicast socket, the
same channel to receive control messages and packets is used. This
leads to race conditions that may trigger sporious out-of-sequence
errors while creating queues and receiving high load of packets at
the same time.
Reported-by: Anton Vazir <anton.vazir@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
Aligns buffer to maximum aligment of architecture to make the cast of
char pointers to struct pointers more portable. Packet decoding is still
broken on particular platforms.
Signed-off-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nfnl_catch. This revision changes the behaviour of nfnl_catch which does not
perform a peek-and-resize if the buffer size used by nfnl_recv is too small.
The only known client which may be affected by this change is
libnetfilter_conntrack. However, this library uses nfnl_catch to get conntrack
events which are always much smaller than 4096 bytes (default receive buffer
size).
This change boosts up performance in the receive path since we do only one recv
instead of two.
|
|
|
|
|
|
|
| |
Fix endless loop on unknown netfilter attributes.
This prevents an endless loop when nfnl_check_attributes() sees
an unknown attribute.
|
| |
|
|
|
|
|
| |
attached patch fixes compilation of libnfnetlink for old glibc versions.
Otherwise "struct iovec" is undefined.
|
| |
|
|
|
|
| |
available at sys/types.h
|
| |
|
|
|
|
|
|
|
|
|
| |
- add iterator API
- add replacements for nfnl_listen and nfnl_talk
- fix error handling
- add assertions
- add documentation
- minor cleanups
|
| |
|
|
|
|
| |
since that compromises interoperability with future kernels which might introduce new attributes.
|
|
|
|
| |
alignment issue when nfnl_handle_packet is called as well. (Pablo Neira)
|
|
|
|
| |
is called. (Pablo Neira)
|
| |
|
|
|
|
| |
multiple nfnetlink sockets per process (pid overlap)
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
1) make libnfnetlink dynamically allocate it's handles
2) apply that change throughout libnetfilter_*
3) add {nfq,nflog,nfct}_open_nfnl() functions that open
the specific subsystem on top of an existing nfnl_handle,
which is required for upcoming libnetfilter_conntrack_helper
The changes break ABI and API compatibility of libnfnetlink, but don't
break ABI or API compatibility of the libnetfilter_* libraries.
|
|
|
|
|
|
| |
Spelling fix: s/Badd/Bad/
Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
- fix a problem with the attributes types. We have to use NFA_TYPE instead of
reading from nfa->nfa_type now that your patch to see the highest bit of
nfa_type has been pushed forward.
- Implement __be_to_cpu64. I haven't found any implementation available at the
moment.
(Pablo Neira)
|
| |
|
| |
|
| |
|
|
|
|
| |
- add new nfnl_recv() function
|
| |
|
|
|
|
|
| |
junk handler)
- fix stack overflow in __nfnl_handle_msg. nfattr array was wrongly sized
|
|
|
|
|
|
|
| |
- export nfnl_check_attributes()
- fix segfault (nfnlh->cb assignment missing)
- memset() the nfattr array in nfnl_parse_attr()
- fix endless loop in msg_next()
|
| |
|
|
|