Hello community,
here is the log from the commit of package libnetfilter_queue for openSUSE:Factory
checked in at Tue Nov 2 16:16:25 CET 2010.
--------
--- libnetfilter_queue/libnetfilter_queue.changes 2010-02-23 23:23:00.000000000 +0100
+++ /mounts/work_src_done/STABLE/libnetfilter_queue/libnetfilter_queue.changes 2010-11-02 14:00:06.000000000 +0100
@@ -1,0 +2,7 @@
+Sun Jul 11 16:44:46 UTC 2010 - jengelh@medozas.de
+
+- Update to new upstream release 1.0.0
+* Deprecate nfq_set_verdict_mark in favor of nfq_set_verdict2
+* Add nfq_snprintf_xml to output packet as XML
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
libnetfilter_queue-0.0.17.tar.bz2
New:
----
libnetfilter_queue-1.0.0.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libnetfilter_queue.spec ++++++
--- /var/tmp/diff_new_pack.NaUaxi/_old 2010-11-02 16:16:09.000000000 +0100
+++ /var/tmp/diff_new_pack.NaUaxi/_new 2010-11-02 16:16:09.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package libnetfilter_queue (Version 0.0.17)
+# spec file for package libnetfilter_queue (Version 1.0.0)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -20,12 +20,12 @@
%define soname 1
Name: libnetfilter_queue
-Version: 0.0.17
+Version: 1.0.0
Release: 1
License: GNU GPL v2
Group: Productivity/Networking/Security
Url: http://netfilter.org/projects/libnetfilter_queue/
-Source: http://netfilter.org/projects/libnetfilter_queue/files/%{name}-%{version}.tar.bz2
+Source: http://netfilter.org/projects/libnetfilter_queue/files/%name-%version.tar.bz...
Source2: baselibs.conf
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: libnfnetlink-devel linux-kernel-headers >= 2.6.14 pkg-config
@@ -38,27 +38,27 @@
libnetfilter_queue has been previously known as libnfnetlink_queue.
-%define debug_package_requires %{name}%{soname} = %{version}-%{release}
+%define debug_package_requires %name%soname = %version-%release
-%package -n %{name}%{soname}
+%package -n %name%soname
Group: System/Libraries
Summary: Userspace library for packets that have been queued by the kernel packet filter
-%description -n %{name}%{soname}
+%description -n %name%soname
libnetfilter_queue is a userspace library providing an API to packets
that have been queued by the kernel packet filter. It is is part of a
system that deprecates the old ip_queue / libipq mechanism.
libnetfilter_queue has been previously known as libnfnetlink_queue.
-%package -n %{name}-devel
-
+%package devel
+License: GNU GPL v2
Group: Development/Libraries/C and C++
-Requires: %{name}%{soname} = %{version} libnfnetlink-devel
+Requires: %name%soname = %version, libnfnetlink-devel
Summary: Userspace library for packets that have been queued by the kernel packet filter
-%description -n %{name}-devel
+%description devel
libnetfilter_queue is a userspace library providing an API to packets
that have been queued by the kernel packet filter. It is is part of a
system that deprecates the old ip_queue / libipq mechanism.
@@ -74,25 +74,20 @@
%install
%makeinstall
-find %{buildroot} -name "*.la" -delete
-
-%post -n %{name}%{soname} -p /sbin/ldconfig
+find "%buildroot" -name "*.la" -delete
-%postun -n %{name}%{soname} -p /sbin/ldconfig
+%post -n %name%soname -p /sbin/ldconfig
-%clean
-test "%{buildroot}" != "/" && %__rm -rf %{buildroot}
+%postun -n %name%soname -p /sbin/ldconfig
-%files -n %{name}%{soname}
+%files -n %name%soname
%defattr(-,root,root)
-%{_libdir}/libnetfilter_queue.so.%{soname}*
-%{_libdir}/libnetfilter_queue_libipq.so.%{soname}*
+%_libdir/libnetfilter_queue.so.%{soname}*
%files -n %{name}-devel
%defattr(-,root,root)
-%{_includedir}/libnetfilter_queue
-%{_libdir}/libnetfilter_queue.so
-%{_libdir}/libnetfilter_queue_libipq.so
-%{_libdir}/pkgconfig/libnetfilter_queue.pc
+%_includedir/libnetfilter_queue
+%_libdir/libnetfilter_queue.so
+%_libdir/pkgconfig/libnetfilter_queue.pc
%changelog
++++++ libnetfilter_queue-0.0.17.tar.bz2 -> libnetfilter_queue-1.0.0.tar.bz2 ++++++
++++ 59284 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnetfilter_queue-0.0.17/Makefile.am new/libnetfilter_queue-1.0.0/Makefile.am
--- old/libnetfilter_queue-0.0.17/Makefile.am 2008-05-16 17:29:58.000000000 +0200
+++ new/libnetfilter_queue-1.0.0/Makefile.am 2010-07-11 17:30:25.000000000 +0200
@@ -1,5 +1,29 @@
+# This is _NOT_ the library release version, it's an API version.
+# Extracted from Chapter 6 "Library interface versions" of the libtool docs.
+#
+# <snippet>
+# Here are a set of rules to help you update your library version information:
+#
+# 1. Start with version information of `0:0:0' for each libtool library.
+# 2. Update the version information only immediately before a public release
+# of your software. More frequent updates are unnecessary, and only guarantee
+# that the current interface number gets larger faster.
+# 3. If the library source code has changed at all since the last update,
+# then increment revision (`c:r:a' becomes `c:r+1:a').
+# 4. If any interfaces have been added, removed, or changed since the last
+# update, increment current, and set revision to 0.
+# 5. If any interfaces have been added since the last public release, then
+# increment age.
+# 6. If any interfaces have been removed since the last public release, then
+# set age to 0.
+# </snippet>
+#
+LIBVERSION=1:0:1
+
AUTOMAKE_OPTIONS = foreign dist-bzip2 1.6
+ACLOCAL_AMFLAGS = -I m4
+
EXTRA_DIST = $(man_MANS)
SUBDIRS = include src utils
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnetfilter_queue-0.0.17/configure.in new/libnetfilter_queue-1.0.0/configure.in
--- old/libnetfilter_queue-0.0.17/configure.in 2009-03-06 17:01:38.000000000 +0100
+++ new/libnetfilter_queue-1.0.0/configure.in 2010-07-11 17:30:25.000000000 +0200
@@ -2,8 +2,9 @@
AC_INIT
AC_CANONICAL_SYSTEM
+AC_CONFIG_MACRO_DIR([m4])
-AM_INIT_AUTOMAKE(libnetfilter_queue, 0.0.17)
+AM_INIT_AUTOMAKE(libnetfilter_queue, 1.0.0)
AC_PROG_CC
AC_EXEEXT
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnetfilter_queue-0.0.17/doxygen.cfg.in new/libnetfilter_queue-1.0.0/doxygen.cfg.in
--- old/libnetfilter_queue-0.0.17/doxygen.cfg.in 2009-01-06 13:16:45.000000000 +0100
+++ new/libnetfilter_queue-1.0.0/doxygen.cfg.in 2009-12-27 16:01:34.000000000 +0100
@@ -16,7 +16,6 @@
JAVADOC_AUTOBRIEF = NO
QT_AUTOBRIEF = NO
MULTILINE_CPP_IS_BRIEF = NO
-DETAILS_AT_TOP = NO
INHERIT_DOCS = YES
SEPARATE_MEMBER_PAGES = NO
TAB_SIZE = 8
@@ -95,7 +94,7 @@
GENERATE_HTML = YES
HTML_OUTPUT = html
HTML_FILE_EXTENSION = .html
-HTML_HEADER = "header.html"
+HTML_HEADER =
HTML_STYLESHEET =
HTML_ALIGN_MEMBERS = YES
GENERATE_HTMLHELP = NO
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnetfilter_queue-0.0.17/include/libnetfilter_queue/Makefile.am new/libnetfilter_queue-1.0.0/include/libnetfilter_queue/Makefile.am
--- old/libnetfilter_queue-0.0.17/include/libnetfilter_queue/Makefile.am 2008-05-16 17:29:58.000000000 +0200
+++ new/libnetfilter_queue-1.0.0/include/libnetfilter_queue/Makefile.am 2010-07-11 17:30:10.000000000 +0200
@@ -1,3 +1,3 @@
-pkginclude_HEADERS = libnetfilter_queue.h libipq.h linux_nfnetlink_queue.h
+pkginclude_HEADERS = libnetfilter_queue.h linux_nfnetlink_queue.h
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnetfilter_queue-0.0.17/include/libnetfilter_queue/libipq.h new/libnetfilter_queue-1.0.0/include/libnetfilter_queue/libipq.h
--- old/libnetfilter_queue-0.0.17/include/libnetfilter_queue/libipq.h 2008-06-27 12:11:02.000000000 +0200
+++ new/libnetfilter_queue-1.0.0/include/libnetfilter_queue/libipq.h 1970-01-01 01:00:00.000000000 +0100
@@ -1,96 +0,0 @@
-/*
- * libipq.h
- *
- * IPQ library for userspace.
- *
- * Author: James Morris
- *
- * Copyright (c) 2000-2001 Netfilter Core Team
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- */
-#ifndef _LIBIPQ_H
-#define _LIBIPQ_H
-
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
-#ifdef KERNEL_64_USERSPACE_32
-#include "ip_queue_64.h"
-typedef u_int64_t ipq_id_t;
-#else
-#include
-typedef unsigned long ipq_id_t;
-#endif
-
-#ifdef DEBUG_LIBIPQ
-#include
-#define LDEBUG(x...) fprintf(stderr, ## x)
-#else
-#define LDEBUG(x...)
-#endif /* DEBUG_LIBIPQ */
-
-/* FIXME: glibc sucks */
-#ifndef MSG_TRUNC
-#define MSG_TRUNC 0x20
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct ipq_handle
-{
- struct nfq_handle *nfqnlh;
- struct nfq_q_handle *qh;
- u_int8_t family;
- u_int8_t blocking;
-};
-
-struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol);
-
-int ipq_destroy_handle(struct ipq_handle *h);
-
-ssize_t ipq_read(const struct ipq_handle *h,
- unsigned char *buf, size_t len, int timeout);
-
-int ipq_set_mode(const struct ipq_handle *h, u_int8_t mode, size_t len);
-
-ipq_packet_msg_t *ipq_get_packet(const unsigned char *buf);
-
-int ipq_message_type(const unsigned char *buf);
-
-int ipq_get_msgerr(const unsigned char *buf);
-
-int ipq_set_verdict(const struct ipq_handle *h,
- ipq_id_t id,
- unsigned int verdict,
- size_t data_len,
- unsigned char *buf);
-
-int ipq_ctl(const struct ipq_handle *h, int request, ...);
-
-char *ipq_errstr(void);
-void ipq_perror(const char *s);
-
-#ifdef __cplusplus
-} /* extern "C" */
-#endif
-
-#endif /* _LIBIPQ_H */
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnetfilter_queue-0.0.17/include/libnetfilter_queue/libnetfilter_queue.h new/libnetfilter_queue-1.0.0/include/libnetfilter_queue/libnetfilter_queue.h
--- old/libnetfilter_queue-0.0.17/include/libnetfilter_queue/libnetfilter_queue.h 2009-01-06 13:13:05.000000000 +0100
+++ new/libnetfilter_queue-1.0.0/include/libnetfilter_queue/libnetfilter_queue.h 2010-06-13 21:29:19.000000000 +0200
@@ -60,14 +60,22 @@
u_int32_t id,
u_int32_t verdict,
u_int32_t data_len,
- unsigned char *buf);
+ const unsigned char *buf);
-extern int nfq_set_verdict_mark(struct nfq_q_handle *qh,
- u_int32_t id,
- u_int32_t verdict,
- u_int32_t mark,
- u_int32_t datalen,
- unsigned char *buf);
+extern int nfq_set_verdict2(struct nfq_q_handle *qh,
+ u_int32_t id,
+ u_int32_t verdict,
+ u_int32_t mark,
+ u_int32_t datalen,
+ const unsigned char *buf);
+
+extern __attribute__((deprecated))
+int nfq_set_verdict_mark(struct nfq_q_handle *qh,
+ u_int32_t id,
+ u_int32_t verdict,
+ u_int32_t mark,
+ u_int32_t datalen,
+ const unsigned char *buf);
/* message parsing function */
@@ -96,7 +104,19 @@
extern struct nfqnl_msg_packet_hw *nfq_get_packet_hw(struct nfq_data *nfad);
/* return -1 if problem, length otherwise */
-extern int nfq_get_payload(struct nfq_data *nfad, char **data);
+extern int nfq_get_payload(struct nfq_data *nfad, unsigned char **data);
+
+enum {
+ NFQ_XML_HW = (1 << 0),
+ NFQ_XML_MARK = (1 << 1),
+ NFQ_XML_DEV = (1 << 2),
+ NFQ_XML_PHYSDEV = (1 << 3),
+ NFQ_XML_PAYLOAD = (1 << 4),
+ NFQ_XML_TIME = (1 << 5),
+ NFQ_XML_ALL = ~0U,
+};
+
+extern int nfq_snprintf_xml(char *buf, size_t len, struct nfq_data *tb, int flags);
#ifdef __cplusplus
} /* extern "C" */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnetfilter_queue-0.0.17/missing new/libnetfilter_queue-1.0.0/missing
--- old/libnetfilter_queue-0.0.17/missing 2008-02-10 03:55:24.000000000 +0100
+++ new/libnetfilter_queue-1.0.0/missing 2010-01-18 07:28:57.000000000 +0100
@@ -1,10 +1,10 @@
#! /bin/sh
# Common stub for a few missing GNU programs while installing.
-scriptversion=2006-05-10.23
+scriptversion=2009-04-28.21; # UTC
-# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006
-# Free Software Foundation, Inc.
+# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006,
+# 2008, 2009 Free Software Foundation, Inc.
# Originally by Fran,cois Pinard , 1996.
# This program is free software; you can redistribute it and/or modify
@@ -18,9 +18,7 @@
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-# 02110-1301, USA.
+# along with this program. If not, see http://www.gnu.org/licenses/.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -89,6 +87,9 @@
tar try tar, gnutar, gtar, then tar without non-portable flags
yacc create \`y.tab.[ch]', if possible, from existing .[ch]
+Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and
+\`g' are ignored when checking the name.
+
Send bug reports to ."
exit $?
;;
@@ -106,15 +107,22 @@
esac
+# normalize program name to check for.
+program=`echo "$1" | sed '
+ s/^gnu-//; t
+ s/^gnu//; t
+ s/^g//; t'`
+
# Now exit if we have it, but it failed. Also exit now if we
# don't have it and --version was passed (most likely to detect
-# the program).
+# the program). This is about non-GNU programs, so use $1 not
+# $program.
case $1 in
- lex|yacc)
+ lex*|yacc*)
# Not GNU programs, they don't have --version.
;;
- tar)
+ tar*)
if test -n "$run"; then
echo 1>&2 "ERROR: \`tar' requires --run"
exit 1
@@ -138,7 +146,7 @@
# If it does not exist, or fails to run (possibly an outdated version),
# try to emulate it.
-case $1 in
+case $program in
aclocal*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
@@ -148,7 +156,7 @@
touch aclocal.m4
;;
- autoconf)
+ autoconf*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified \`${configure_ac}'. You might want to install the
@@ -157,7 +165,7 @@
touch configure
;;
- autoheader)
+ autoheader*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified \`acconfig.h' or \`${configure_ac}'. You might want
@@ -187,7 +195,7 @@
while read f; do touch "$f"; done
;;
- autom4te)
+ autom4te*)
echo 1>&2 "\
WARNING: \`$1' is needed, but is $msg.
You might have modified some files without having the
@@ -210,7 +218,7 @@
fi
;;
- bison|yacc)
+ bison*|yacc*)
echo 1>&2 "\
WARNING: \`$1' $msg. You should only need it if
you modified a \`.y' file. You may need the \`Bison' package
@@ -240,7 +248,7 @@
fi
;;
- lex|flex)
+ lex*|flex*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified a \`.l' file. You may need the \`Flex' package
@@ -263,7 +271,7 @@
fi
;;
- help2man)
+ help2man*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified a dependency of a manual page. You may need the
@@ -277,11 +285,11 @@
else
test -z "$file" || exec >$file
echo ".ab help2man is required to generate this page"
- exit 1
+ exit $?
fi
;;
- makeinfo)
+ makeinfo*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified a \`.texi' or \`.texinfo' file, or any other file
@@ -310,7 +318,7 @@
touch $file
;;
- tar)
+ tar*)
shift
# We have already tried tar in the generic part.
@@ -363,5 +371,6 @@
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-end: "$"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
# End:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnetfilter_queue-0.0.17/src/Makefile.am new/libnetfilter_queue-1.0.0/src/Makefile.am
--- old/libnetfilter_queue-0.0.17/src/Makefile.am 2008-05-16 17:29:58.000000000 +0200
+++ new/libnetfilter_queue-1.0.0/src/Makefile.am 2009-12-27 16:01:16.000000000 +0100
@@ -6,14 +6,8 @@
AM_CFLAGS = -fPIC -Wall
LIBS = @LIBNFQUEUE_LIBS@
-lib_LTLIBRARIES = libnetfilter_queue.la libnetfilter_queue_libipq.la
+lib_LTLIBRARIES = libnetfilter_queue.la
libnetfilter_queue_la_LDFLAGS = -Wc,-nostartfiles -lnfnetlink \
-version-info $(LIBVERSION)
libnetfilter_queue_la_SOURCES = libnetfilter_queue.c
-
-libnetfilter_queue_libipq_la_LDFLAGS = -Wc,-nostartfiles \
- -version-info 1:0:0
-libnetfilter_queue_libipq_la_LIBADD = ./libnetfilter_queue.la
-libnetfilter_queue_libipq_la_SOURCES = libipq_compat.c
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnetfilter_queue-0.0.17/src/libipq_compat.c new/libnetfilter_queue-1.0.0/src/libipq_compat.c
--- old/libnetfilter_queue-0.0.17/src/libipq_compat.c 2008-05-16 17:29:58.000000000 +0200
+++ new/libnetfilter_queue-1.0.0/src/libipq_compat.c 1970-01-01 01:00:00.000000000 +0100
@@ -1,247 +0,0 @@
-/*
- * libipq - backwards compatibility library for libnetfilter_queue
- *
- * (C) 2005 by Harald Welte
- *
- * Based on original libipq.c,
- * Author: James Morris
- * 07-11-2001 Modified by Fernando Anton to add support for IPv6.
- * Copyright (c) 2000-2001 Netfilter Core Team
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- */
-
-#include
-#include
-#include
-#include
-#include
-#include
-
-#include
-#include
-
-/****************************************************************************
- *
- * Private interface
- *
- ****************************************************************************/
-
-enum {
- IPQ_ERR_NONE = 0,
- IPQ_ERR_IMPL,
- IPQ_ERR_HANDLE,
- IPQ_ERR_SOCKET,
- IPQ_ERR_BIND,
- IPQ_ERR_BUFFER,
- IPQ_ERR_RECV,
- IPQ_ERR_NLEOF,
- IPQ_ERR_ADDRLEN,
- IPQ_ERR_STRUNC,
- IPQ_ERR_RTRUNC,
- IPQ_ERR_NLRECV,
- IPQ_ERR_SEND,
- IPQ_ERR_SUPP,
- IPQ_ERR_RECVBUF,
- IPQ_ERR_TIMEOUT,
- IPQ_ERR_PROTOCOL
-};
-#define IPQ_MAXERR IPQ_ERR_PROTOCOL
-
-struct ipq_errmap_t {
- int errcode;
- char *message;
-} ipq_errmap[] = {
- { IPQ_ERR_NONE, "Unknown error" },
- { IPQ_ERR_IMPL, "Implementation error" },
- { IPQ_ERR_HANDLE, "Unable to create netlink handle" },
- { IPQ_ERR_SOCKET, "Unable to create netlink socket" },
- { IPQ_ERR_BIND, "Unable to bind netlink socket" },
- { IPQ_ERR_BUFFER, "Unable to allocate buffer" },
- { IPQ_ERR_RECV, "Failed to receive netlink message" },
- { IPQ_ERR_NLEOF, "Received EOF on netlink socket" },
- { IPQ_ERR_ADDRLEN, "Invalid peer address length" },
- { IPQ_ERR_STRUNC, "Sent message truncated" },
- { IPQ_ERR_RTRUNC, "Received message truncated" },
- { IPQ_ERR_NLRECV, "Received error from netlink" },
- { IPQ_ERR_SEND, "Failed to send netlink message" },
- { IPQ_ERR_SUPP, "Operation not supported" },
- { IPQ_ERR_RECVBUF, "Receive buffer size invalid" },
- { IPQ_ERR_TIMEOUT, "Timeout"},
- { IPQ_ERR_PROTOCOL, "Invalid protocol specified" }
-};
-
-static int ipq_errno = IPQ_ERR_NONE;
-
-static char *ipq_strerror(int errcode)
-{
- if (errcode < 0 || errcode > IPQ_MAXERR)
- errcode = IPQ_ERR_IMPL;
- return ipq_errmap[errcode].message;
-}
-
-/****************************************************************************
- *
- * Public interface
- *
- ****************************************************************************/
-
-/*
- * Create and initialise an ipq handle.
- */
-struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol)
-{
- int status;
- struct ipq_handle *h;
-
- h = (struct ipq_handle *)malloc(sizeof(struct ipq_handle));
- if (h == NULL) {
- ipq_errno = IPQ_ERR_HANDLE;
- return NULL;
- }
-
- memset(h, 0, sizeof(struct ipq_handle));
-
- h->nfqnlh = nfq_open();
- if (!h->nfqnlh) {
- ipq_errno = IPQ_ERR_SOCKET;
- goto err_free;
- }
-
- if (protocol == PF_INET)
- status = nfq_bind_pf(h->nfqnlh, PF_INET);
- else if (protocol == PF_INET6)
- status = nfq_bind_pf(h->nfqnlh, PF_INET6);
- else {
- ipq_errno = IPQ_ERR_PROTOCOL;
- goto err_close;
- }
- h->family = protocol;
- if (status < 0) {
- ipq_errno = IPQ_ERR_BIND;
- goto err_close;
- }
-
- h->qh = nfq_create_queue(h->nfqnlh, 0, NULL, NULL);
- if (!h->qh) {
- ipq_errno = IPQ_ERR_BIND;
- goto err_close;
- }
-
- return h;
-
-err_close:
- nfq_close(h->nfqnlh);
-err_free:
- free(h);
- return NULL;
-}
-
-/*
- * No error condition is checked here at this stage, but it may happen
- * if/when reliable messaging is implemented.
- */
-int ipq_destroy_handle(struct ipq_handle *h)
-{
- if (h) {
- nfq_close(h->nfqnlh);
- free(h);
- }
- return 0;
-}
-
-int ipq_set_mode(const struct ipq_handle *h,
- u_int8_t mode, size_t range)
-{
- return nfq_set_mode(h->qh, mode, range);
-}
-
-/*
- * timeout is in microseconds (1 second is 1000000 (1 million) microseconds)
- *
- */
-ssize_t ipq_read(const struct ipq_handle *h,
- unsigned char *buf, size_t len, int timeout)
-{
- struct nfattr *tb[NFQA_MAX];
- struct nlmsghdr *nlh = (struct nlmsghdr *)buf;
- struct nfgenmsg *msg = NULL;
- struct nfattr *nfa;
-
- //return ipq_netlink_recvfrom(h, buf, len, timeout);
-
- /* This really sucks. We have to copy the whole packet
- * in order to build a data structure that is compatible to
- * the old ipq interface... */
-
- nfa = nfnl_parse_hdr(nfq_nfnlh(h->nfqnlh), nlh, &msg);
- if (!msg || !nfa)
- return 0;
-
- if (msg->nfgen_family != h->family)
- return 0;
-
- nfnl_parse_attr(tb, NFQA_MAX, nfa, 0xffff);
-
-
- return 0;
-}
-
-int ipq_message_type(const unsigned char *buf)
-{
- return ((struct nlmsghdr*)buf)->nlmsg_type;
-}
-
-int ipq_get_msgerr(const unsigned char *buf)
-{
- struct nlmsghdr *h = (struct nlmsghdr *)buf;
- struct nlmsgerr *err = (struct nlmsgerr*)NLMSG_DATA(h);
- return -err->error;
-}
-
-ipq_packet_msg_t *ipq_get_packet(const unsigned char *buf)
-{
- return NLMSG_DATA((struct nlmsghdr *)(buf));
-}
-
-int ipq_set_verdict(const struct ipq_handle *h,
- ipq_id_t id,
- unsigned int verdict,
- size_t data_len,
- unsigned char *buf)
-{
- return nfq_set_verdict(h->qh, id, verdict, data_len, buf);
-}
-
-/* Not implemented yet */
-int ipq_ctl(const struct ipq_handle *h, int request, ...)
-{
- return 1;
-}
-
-char *ipq_errstr(void)
-{
- return ipq_strerror(ipq_errno);
-}
-
-void ipq_perror(const char *s)
-{
- if (s)
- fputs(s, stderr);
- else
- fputs("ERROR", stderr);
- if (ipq_errno)
- fprintf(stderr, ": %s", ipq_errstr());
- if (errno)
- fprintf(stderr, ": %s", strerror(errno));
- fputc('\n', stderr);
-}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libnetfilter_queue-0.0.17/src/libnetfilter_queue.c new/libnetfilter_queue-1.0.0/src/libnetfilter_queue.c
--- old/libnetfilter_queue-0.0.17/src/libnetfilter_queue.c 2009-02-17 20:55:23.000000000 +0100
+++ new/libnetfilter_queue-1.0.0/src/libnetfilter_queue.c 2010-07-11 15:07:54.000000000 +0200
@@ -55,6 +55,10 @@
* The current development version of libnetfilter_queue can be accessed
* at https://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_queue.git;a=summ....
*
+ * \section Privileges
+ * You need the CAP_NET_ADMIN capability in order to allow your application
+ * to receive from and to send packets to kernel-space.
+ *
* \section Using libnetfilter_queue
*
* To write your own program using libnetfilter_queue, you should start by reading
@@ -207,13 +211,22 @@
* \verbatim
fd = nfq_fd(h);
- while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
+ while ((rv = recv(fd, buf, sizeof(buf), 0)) >= 0) {
printf("pkt received\n");
nfq_handle_packet(h, buf, rv);
}
\endverbatim
* When the decision on a packet has been choosed, the verdict has to be given
- * by calling nfq_set_verdict() or nfq_set_verdict_mark().
+ * by calling nfq_set_verdict() or nfq_set_verdict2(). The verdict
+ * determines the destiny of the packet as follows:
+ *
+ * - NF_DROP discarded the packet
+ * - NF_ACCEPT the packet passes, continue iterations
+ * - NF_STOLEN gone away
+ * - NF_QUEUE inject the packet into a different queue
+ * (the target queue number is in the high 16 bits of the verdict)
+ * - NF_REPEAT iterate the same cycle once more
+ * - NF_STOP accept, but don't continue iterations
*
* Data and information about the packet can be fetch by using message parsing
* functions (See \link Parsing \endlink).
@@ -537,6 +550,8 @@
* - NFQNL_COPY_NONE - do not copy any data
* - NFQNL_COPY_META - copy only packet metadata
* - NFQNL_COPY_PACKET - copy entire packet
+ *
+ * \return -1 on error; >=0 otherwise.
*/
int nfq_set_mode(struct nfq_q_handle *qh,
u_int8_t mode, u_int32_t range)
@@ -567,6 +582,8 @@
* Sets the size of the queue in kernel. This fixes the maximum number
* of packets the kernel will store before internally before dropping
* upcoming packets.
+ *
+ * \return -1 on error; >=0 otherwise.
*/
int nfq_set_queue_maxlen(struct nfq_q_handle *qh,
u_int32_t queuelen)
@@ -593,7 +610,7 @@
static int __set_verdict(struct nfq_q_handle *qh, u_int32_t id,
u_int32_t verdict, u_int32_t mark, int set_mark,
- u_int32_t data_len, unsigned char *data)
+ u_int32_t data_len, const unsigned char *data)
{
struct nfqnl_msg_verdict_hdr vh;
union {
@@ -629,8 +646,9 @@
nvecs = 1;
if (data_len) {
+ /* The typecast here is to cast away data's const-ness: */
nfnl_build_nfa_iovec(&iov[1], &data_attr, NFQA_PAYLOAD,
- data_len, data);
+ data_len, (unsigned char *) data);
nvecs += 2;
/* Add the length of the appended data to the message
* header. The size of the attribute is given in the
@@ -665,17 +683,19 @@
*
* Notifies netfilter of the userspace verdict for the given packet. Every
* queued packet _must_ have a verdict specified by userspace, either by
- * calling this function, or by calling the nfq_set_verdict_mark() function.
+ * calling this function, or by calling the nfq_set_verdict2() function.
+ *
+ * \return -1 on error; >= 0 otherwise.
*/
int nfq_set_verdict(struct nfq_q_handle *qh, u_int32_t id,
u_int32_t verdict, u_int32_t data_len,
- unsigned char *buf)
+ const unsigned char *buf)
{
return __set_verdict(qh, id, verdict, 0, 0, data_len, buf);
}
/**
- * nfq_set_verdict_mark - like nfq_set_verdict, but you can set the mark.
+ * nfq_set_verdict2 - like nfq_set_verdict, but you can set the mark.
* \param qh Netfilter queue handle obtained by call to nfq_create_queue().
* \param id ID assigned to packet by netfilter.
* \param verdict verdict to return to netfilter (NF_ACCEPT, NF_DROP)
@@ -683,9 +703,30 @@
* \param data_len number of bytes of data pointed to by #buf
* \param buf the buffer that contains the packet data
*/
+int nfq_set_verdict2(struct nfq_q_handle *qh, u_int32_t id,
+ u_int32_t verdict, u_int32_t mark,
+ u_int32_t data_len, const unsigned char *buf)
+{
+ return __set_verdict(qh, id, verdict, htonl(mark), 1, data_len, buf);
+}
+
+/**
+ * nfq_set_verdict_mark - like nfq_set_verdict, but you can set the mark.
+ * \param qh Netfilter queue handle obtained by call to nfq_create_queue().
+ * \param id ID assigned to packet by netfilter.
+ * \param verdict verdict to return to netfilter (NF_ACCEPT, NF_DROP)
+ * \param mark the mark to put on the packet, in network byte order.
+ * \param data_len number of bytes of data pointed to by #buf
+ * \param buf the buffer that contains the packet data
+ *
+ * \return -1 on error; >= 0 otherwise.
+ *
+ * This function is deprecated since it is broken, its use is highly
+ * discouraged. Please, use nfq_set_verdict2 instead.
+ */
int nfq_set_verdict_mark(struct nfq_q_handle *qh, u_int32_t id,
u_int32_t verdict, u_int32_t mark,
- u_int32_t data_len, unsigned char *buf)
+ u_int32_t data_len, const unsigned char *buf)
{
return __set_verdict(qh, id, verdict, mark, 1, data_len, buf);
}
@@ -825,11 +866,10 @@
* was received through
* \param nlif_handle pointer to a nlif interface resolving handle
* \param nfad Netlink packet data handle passed to callback function
- * \param name pointer that will be set to the interface name string
+ * \param name pointer to the buffer to receive the interface name;
+ * not more than \c IFNAMSIZ bytes will be copied to it.
* \return -1 in case of error, >0 if it succeed.
*
- * The #name variable will point to the name of the input interface.
- *
* To use a nlif_handle, You need first to call nlif_open() and to open
* an handler. Don't forget to store the result as it will be used
* during all your program life:
@@ -871,10 +911,8 @@
* packet was received through
* \param nlif_handle pointer to a nlif interface resolving handle
* \param nfad Netlink packet data handle passed to callback function
- * \param name pointer that will be set to the interface name string
- *
- * The #name variable will point to the name of the input physical
- * interface.
+ * \param name pointer to the buffer to receive the interface name;
+ * not more than \c IFNAMSIZ bytes will be copied to it.
*
* See nfq_get_indev_name() documentation for nlif_handle usage.
*
@@ -892,9 +930,8 @@
* packet will be sent to
* \param nlif_handle pointer to a nlif interface resolving handle
* \param nfad Netlink packet data handle passed to callback function
- * \param name pointer that will be set to the interface name string
- *
- * The #name variable will point to the name of the output interface.
+ * \param name pointer to the buffer to receive the interface name;
+ * not more than \c IFNAMSIZ bytes will be copied to it.
*
* See nfq_get_indev_name() documentation for nlif_handle usage.
*
@@ -912,9 +949,8 @@
* packet will be sent to
* \param nlif_handle pointer to a nlif interface resolving handle
* \param nfad Netlink packet data handle passed to callback function
- * \param name pointer that will be set to the interface name string
- * The #name variable will point to the name of the physical
- * output interface.
+ * \param name pointer to the buffer to receive the interface name;
+ * not more than \c IFNAMSIZ bytes will be copied to it.
*
* See nfq_get_indev_name() documentation for nlif_handle usage.
*
@@ -967,7 +1003,7 @@
*
* \return -1 on error, otherwise > 0.
*/
-int nfq_get_payload(struct nfq_data *nfad, char **data)
+int nfq_get_payload(struct nfq_data *nfad, unsigned char **data)
{
*data = nfnl_get_pointer_to_data(nfad->data, NFQA_PAYLOAD, char);
if (*data)
@@ -976,6 +1012,160 @@
return -1;
}
+#define SNPRINTF_FAILURE(ret, rem, offset, len) \
+do { \
+ if (ret < 0) \
+ return ret; \
+ len += ret; \
+ if (ret > rem) \
+ ret = rem; \
+ offset += ret; \
+ rem -= ret; \
+} while (0)
+
+int nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags)
+{
+ struct nfqnl_msg_packet_hdr *ph;
+ struct nfqnl_msg_packet_hw *hwph;
+ u_int32_t mark, ifi;
+ int size, offset = 0, len = 0, ret;
+ unsigned char *data;
+
+ size = snprintf(buf + offset, rem, "<pkt>");
+ SNPRINTF_FAILURE(size, rem, offset, len);
+
+ if (flags & NFQ_XML_TIME) {
+ time_t t;
+ struct tm tm;
+
+ t = time(NULL);
+ if (localtime_r(&t, &tm) == NULL)
+ return -1;
+
+ size = snprintf(buf + offset, rem, "<when>");
+ SNPRINTF_FAILURE(size, rem, offset, len);
+
+ size = snprintf(buf + offset, rem,
+ "<hour>%d</hour>", tm.tm_hour);
+ SNPRINTF_FAILURE(size, rem, offset, len);
+
+ size = snprintf(buf + offset,
+ rem, "<min>%02d</min>", tm.tm_min);
+ SNPRINTF_FAILURE(size, rem, offset, len);
+
+ size = snprintf(buf + offset,
+ rem, "<sec>%02d</sec>", tm.tm_sec);
+ SNPRINTF_FAILURE(size, rem, offset, len);
+
+ size = snprintf(buf + offset, rem, "<wday>%d</wday>",
+ tm.tm_wday + 1);
+ SNPRINTF_FAILURE(size, rem, offset, len);
+
+ size = snprintf(buf + offset, rem, "<day>%d</day>", tm.tm_mday);
+ SNPRINTF_FAILURE(size, rem, offset, len);
+
+ size = snprintf(buf + offset, rem, "<month>%d</month>",
+ tm.tm_mon + 1);
+ SNPRINTF_FAILURE(size, rem, offset, len);
+
+ size = snprintf(buf + offset, rem, "<year>%d</year>",
+ 1900 + tm.tm_year);
+ SNPRINTF_FAILURE(size, rem, offset, len);
+
+ size = snprintf(buf + offset, rem, "</when>");
+ SNPRINTF_FAILURE(size, rem, offset, len);
+ }
+
+ ph = nfq_get_msg_packet_hdr(tb);
+ if (ph) {
+ size = snprintf(buf + offset, rem,
+ "<hook>%u</hook><id>%u</id>",
+ ph->hook, ntohl(ph->packet_id));
+ SNPRINTF_FAILURE(size, rem, offset, len);
+
+ hwph = nfq_get_packet_hw(tb);
+ if (hwph && (flags & NFQ_XML_HW)) {
+ int i, hlen = ntohs(hwph->hw_addrlen);
+
+ size = snprintf(buf + offset, rem, "<hw><proto>%04x"
+ "</proto>",
+ ntohs(ph->hw_protocol));
+ SNPRINTF_FAILURE(size, rem, offset, len);
+
+ size = snprintf(buf + offset, rem, "<src>");
+ SNPRINTF_FAILURE(size, rem, offset, len);
+
+ for (i=0; ihw_addr[i]);
+ SNPRINTF_FAILURE(size, rem, offset, len);
+ }
+
+ size = snprintf(buf + offset, rem, "</src></hw>");
+ SNPRINTF_FAILURE(size, rem, offset, len);
+ } else if (flags & NFQ_XML_HW) {
+ size = snprintf(buf + offset, rem, "<hw><proto>%04x"
+ "</proto></hw>",
+ ntohs(ph->hw_protocol));
+ SNPRINTF_FAILURE(size, rem, offset, len);
+ }
+ }
+
+ mark = nfq_get_nfmark(tb);
+ if (mark && (flags & NFQ_XML_MARK)) {
+ size = snprintf(buf + offset, rem, "<mark>%u</mark>", mark);
+ SNPRINTF_FAILURE(size, rem, offset, len);
+ }
+
+ ifi = nfq_get_indev(tb);
+ if (ifi && (flags & NFQ_XML_DEV)) {
+ size = snprintf(buf + offset, rem, "<indev>%u</indev>", ifi);
+ SNPRINTF_FAILURE(size, rem, offset, len);
+ }
+
+ ifi = nfq_get_outdev(tb);
+ if (ifi && (flags & NFQ_XML_DEV)) {
+ size = snprintf(buf + offset, rem, "<outdev>%u</outdev>", ifi);
+ SNPRINTF_FAILURE(size, rem, offset, len);
+ }
+
+ ifi = nfq_get_physindev(tb);
+ if (ifi && (flags & NFQ_XML_PHYSDEV)) {
+ size = snprintf(buf + offset, rem,
+ "<physindev>%u</physindev>", ifi);
+ SNPRINTF_FAILURE(size, rem, offset, len);
+ }
+
+ ifi = nfq_get_physoutdev(tb);
+ if (ifi && (flags & NFQ_XML_PHYSDEV)) {
+ size = snprintf(buf + offset, rem,
+ "<physoutdev>%u</physoutdev>", ifi);
+ SNPRINTF_FAILURE(size, rem, offset, len);
+ }
+
+ ret = nfq_get_payload(tb, &data);
+ if (ret >= 0 && (flags & NFQ_XML_PAYLOAD)) {
+ int i;
+
+ size = snprintf(buf + offset, rem, "<payload>");
+ SNPRINTF_FAILURE(size, rem, offset, len);
+
+ for (i=0; i