diff options
| author | Kibum Kim <kb0929.kim@samsung.com> | 2012-01-07 00:47:33 +0900 |
|---|---|---|
| committer | Kibum Kim <kb0929.kim@samsung.com> | 2012-01-07 00:47:33 +0900 |
| commit | 8df0096515fc2575560e13982f9edf76bf39555e (patch) | |
| tree | 0d683bc1583f241ae5675f5fbdccb7260212b35b /libipq | |
| parent | dbc5ef4889caa206f4d47d83345357780ceef73e (diff) | |
| download | iptables-8df0096515fc2575560e13982f9edf76bf39555e.tar.gz iptables-8df0096515fc2575560e13982f9edf76bf39555e.tar.bz2 iptables-8df0096515fc2575560e13982f9edf76bf39555e.zip | |
Git init
Diffstat (limited to 'libipq')
| -rw-r--r-- | libipq/Makefile.am | 10 | ||||
| -rw-r--r-- | libipq/Makefile.in | 537 | ||||
| -rw-r--r-- | libipq/ipq_create_handle.3 | 84 | ||||
| -rw-r--r-- | libipq/ipq_destroy_handle.3 | 1 | ||||
| -rw-r--r-- | libipq/ipq_errstr.3 | 66 | ||||
| -rw-r--r-- | libipq/ipq_get_msgerr.3 | 1 | ||||
| -rw-r--r-- | libipq/ipq_get_packet.3 | 1 | ||||
| -rw-r--r-- | libipq/ipq_message_type.3 | 136 | ||||
| -rw-r--r-- | libipq/ipq_perror.3 | 1 | ||||
| -rw-r--r-- | libipq/ipq_read.3 | 106 | ||||
| -rw-r--r-- | libipq/ipq_set_mode.3 | 107 | ||||
| -rw-r--r-- | libipq/ipq_set_verdict.3 | 102 | ||||
| -rw-r--r-- | libipq/libipq.3 | 279 | ||||
| -rw-r--r-- | libipq/libipq.c | 380 |
14 files changed, 1811 insertions, 0 deletions
diff --git a/libipq/Makefile.am b/libipq/Makefile.am new file mode 100644 index 0000000..556a17b --- /dev/null +++ b/libipq/Makefile.am @@ -0,0 +1,10 @@ +# -*- Makefile -*- + +AM_CFLAGS = ${regular_CFLAGS} -I${top_builddir}/include -I${top_srcdir}/include + +libipq_la_SOURCES = libipq.c +lib_LTLIBRARIES = libipq.la +man_MANS = ipq_create_handle.3 ipq_destroy_handle.3 ipq_errstr.3 \ + ipq_get_msgerr.3 ipq_get_packet.3 ipq_message_type.3 \ + ipq_perror.3 ipq_read.3 ipq_set_mode.3 ipq_set_verdict.3 \ + libipq.3 diff --git a/libipq/Makefile.in b/libipq/Makefile.in new file mode 100644 index 0000000..79cc1bf --- /dev/null +++ b/libipq/Makefile.in @@ -0,0 +1,537 @@ +# Makefile.in generated by automake 1.10.2 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# -*- Makefile -*- + +VPATH = @srcdir@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = libipq +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)" +libLTLIBRARIES_INSTALL = $(INSTALL) +LTLIBRARIES = $(lib_LTLIBRARIES) +libipq_la_LIBADD = +am_libipq_la_OBJECTS = libipq.lo +libipq_la_OBJECTS = $(am_libipq_la_OBJECTS) +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libipq_la_SOURCES) +DIST_SOURCES = $(libipq_la_SOURCES) +man3dir = $(mandir)/man3 +NROFF = nroff +MANS = $(man_MANS) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +pkgdatadir = @pkgdatadir@ +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +blacklist_modules = @blacklist_modules@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +kbuilddir = @kbuilddir@ +kinclude_CFLAGS = @kinclude_CFLAGS@ +ksourcedir = @ksourcedir@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libnfnetlink_CFLAGS = @libnfnetlink_CFLAGS@ +libnfnetlink_LIBS = @libnfnetlink_LIBS@ +libxtables_vage = @libxtables_vage@ +libxtables_vcurrent = @libxtables_vcurrent@ +libxtables_vmajor = @libxtables_vmajor@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgconfigdir = @pkgconfigdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +regular_CFLAGS = @regular_CFLAGS@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +xtlibdir = @xtlibdir@ +AM_CFLAGS = ${regular_CFLAGS} -I${top_builddir}/include -I${top_srcdir}/include +libipq_la_SOURCES = libipq.c +lib_LTLIBRARIES = libipq.la +man_MANS = ipq_create_handle.3 ipq_destroy_handle.3 ipq_errstr.3 \ + ipq_get_msgerr.3 ipq_get_packet.3 ipq_message_type.3 \ + ipq_perror.3 ipq_read.3 ipq_set_mode.3 ipq_set_verdict.3 \ + libipq.3 + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu libipq/Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --gnu libipq/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +install-libLTLIBRARIES: $(lib_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + if test -f $$p; then \ + f=$(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + else :; fi; \ + done + +uninstall-libLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + p=$(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + done + +clean-libLTLIBRARIES: + -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libipq.la: $(libipq_la_OBJECTS) $(libipq_la_DEPENDENCIES) + $(LINK) -rpath $(libdir) $(libipq_la_OBJECTS) $(libipq_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libipq.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-man3: $(man3_MANS) $(man_MANS) + @$(NORMAL_INSTALL) + test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)" + @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.3*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $$i; then file=$$i; \ + else file=$(srcdir)/$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 3*) ;; \ + *) ext='3' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \ + done +uninstall-man3: + @$(NORMAL_UNINSTALL) + @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.3*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 3*) ;; \ + *) ext='3' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \ + rm -f "$(DESTDIR)$(man3dir)/$$inst"; \ + done + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$tags$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$tags $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) $$here + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) $(MANS) +installdirs: + for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +info: info-am + +info-am: + +install-data-am: install-man + +install-dvi: install-dvi-am + +install-exec-am: install-libLTLIBRARIES + +install-html: install-html-am + +install-info: install-info-am + +install-man: install-man3 + +install-pdf: install-pdf-am + +install-ps: install-ps-am + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-libLTLIBRARIES uninstall-man + +uninstall-man: uninstall-man3 + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libLTLIBRARIES clean-libtool ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am \ + install-libLTLIBRARIES install-man install-man3 install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-libLTLIBRARIES \ + uninstall-man uninstall-man3 + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/libipq/ipq_create_handle.3 b/libipq/ipq_create_handle.3 new file mode 100644 index 0000000..6c0c796 --- /dev/null +++ b/libipq/ipq_create_handle.3 @@ -0,0 +1,84 @@ +.TH IPQ_CREATE_HANDLE 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual" +.\" +\" $Id: ipq_create_handle.3,v 1.2 2001/10/16 14:41:02 jamesm Exp $ +.\" +.\" Copyright (c) 2000-2001 Netfilter Core Team +.\" +.\" This program is free software; you can redistribute it and/or modify +.\" it under the terms of the GNU General Public License as published by +.\" the Free Software Foundation; either version 2 of the License, or +.\" (at your option) any later version. +.\" +.\" This program is distributed in the hope that it will be useful, +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.\" GNU General Public License for more details. +.\" +.\" You should have received a copy of the GNU General Public License +.\" along with this program; if not, write to the Free Software +.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +.\" +.\" +.SH NAME +ipq_create_handle, ipq_destroy_handle \(em create and destroy libipq handles. +.SH SYNOPSIS +.B #include <linux/netfilter.h> +.br +.B #include <libipq.h> +.sp +.BI "struct ipq_handle *ipq_create_handle(u_int32_t " flags ", u_int32_t " protocol ");" +.br +.BI "int ipq_destroy_handle(struct ipq_handle *" h ); +.SH DESCRIPTION +The +.B ipq_create_handle +function initialises libipq for an application, attempts to bind to the +Netlink socket used by ip_queue, and returns an opaque context handle. It +should be the first libipq function to be called by an application. The +handle returned should be used in all subsequent library calls which +require a handle parameter. +.PP +The +.I flags +parameter is not currently used and should be set to zero by the application +for forward compatibility. +.PP +The +.I protocol +parameter is used to specify the protocol of the packets to be queued. +Valid values are NFPROTO_IPV4 for IPv4 and NFPROTO_IPV6 for IPv6. Currently, +only one protocol may be queued at a time for a handle. +.PP +The +.B ipq_destroy_handle +function frees up resources allocated by +.BR ipq_create_handle , +and should be used when the handle is no longer required by the application. +.SH RETURN VALUES +On success, +.B ipq_create_handle +returns a pointer to a context handle. +.br +On failure, NULL is returned. +.PP +On success, +.B ipq_destroy_handle +returns zero. +.br +On failure, \-1 is returned. +.SH ERRORS +On failure, a descriptive error message will be available +via the +.B ipq_errstr +function. +.SH BUGS +None known. +.SH AUTHOR +James Morris <jmorris@intercode.com.au> +.SH COPYRIGHT +Copyright (c) 2000-2001 Netfilter Core Team. +.PP +Distributed under the GNU General Public License. +.SH SEE ALSO +.BR iptables (8), +.BR libipq (3). diff --git a/libipq/ipq_destroy_handle.3 b/libipq/ipq_destroy_handle.3 new file mode 100644 index 0000000..29dcd98 --- /dev/null +++ b/libipq/ipq_destroy_handle.3 @@ -0,0 +1 @@ +.so man3/ipq_create_handle.3 diff --git a/libipq/ipq_errstr.3 b/libipq/ipq_errstr.3 new file mode 100644 index 0000000..bcb3ac4 --- /dev/null +++ b/libipq/ipq_errstr.3 @@ -0,0 +1,66 @@ +.TH IPQ_ERRSTR 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual" +.\" +.\" $Id: ipq_errstr.3,v 1.1 2000/11/20 14:13:32 jamesm Exp $ +.\" +.\" Copyright (c) 2000 Netfilter Core Team +.\" +.\" This program is free software; you can redistribute it and/or modify +.\" it under the terms of the GNU General Public License as published by +.\" the Free Software Foundation; either version 2 of the License, or +.\" (at your option) any later version. +.\" +.\" This program is distributed in the hope that it will be useful, +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.\" GNU General Public License for more details. +.\" +.\" You should have received a copy of the GNU General Public License +.\" along with this program; if not, write to the Free Software +.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +.\" +.\" +.SH NAME +ipq_errstr, ipq_perror \(em libipq error handling routines +.SH SYNOPSIS +.B #include <linux/netfilter.h> +.br +.B #include <libipq.h> +.sp +.BI "char *ipq_errstr(" void ); +.br +.BI "void ipq_perror(const char *" s ); +.SH DESCRIPTION +The +.B ipq_errstr +function returns a descriptive error message based on the current +value of the internal +.B ipq_errno +variable. All libipq API functions set this internal variable +upon failure. +.PP +The +.B ipq_perror +function prints an error message to stderr corresponding to the +current value of the internal +.B ipq_error +variable, and the global +.B errno +variable (if set). The error message is prefixed with the string +.I s +as supplied by the application. If +.I s +is NULL, the error message is prefixed with the string "ERROR". +.SH RETURN VALUE +.B ipq_errstr +returns an error message as outlined above. +.SH BUGS +None known. +.SH AUTHOR +James Morris <jmorris@intercode.com.au> +.SH COPYRIGHT +Copyright (c) 2000-2001 Netfilter Core Team. +.PP +Distributed under the GNU General Public License. +.SH SEE ALSO +.BR iptables (8), +.BR libipq (3). diff --git a/libipq/ipq_get_msgerr.3 b/libipq/ipq_get_msgerr.3 new file mode 100644 index 0000000..8a28be3 --- /dev/null +++ b/libipq/ipq_get_msgerr.3 @@ -0,0 +1 @@ +.so man3/ipq_message_type.3 diff --git a/libipq/ipq_get_packet.3 b/libipq/ipq_get_packet.3 new file mode 100644 index 0000000..8a28be3 --- /dev/null +++ b/libipq/ipq_get_packet.3 @@ -0,0 +1 @@ +.so man3/ipq_message_type.3 diff --git a/libipq/ipq_message_type.3 b/libipq/ipq_message_type.3 new file mode 100644 index 0000000..64b5220 --- /dev/null +++ b/libipq/ipq_message_type.3 @@ -0,0 +1,136 @@ +.TH IPQ_MESSAGE_TYPE 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual" +.\" +.\" $Id: ipq_message_type.3,v 1.1 2000/11/20 14:13:32 jamesm Exp $ +.\" +.\" Copyright (c) 2000-2001 Netfilter Core Team +.\" +.\" This program is free software; you can redistribute it and/or modify +.\" it under the terms of the GNU General Public License as published by +.\" the Free Software Foundation; either version 2 of the License, or +.\" (at your option) any later version. +.\" +.\" This program is distributed in the hope that it will be useful, +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.\" GNU General Public License for more details. +.\" +.\" You should have received a copy of the GNU General Public License +.\" along with this program; if not, write to the Free Software +.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +.\" +.\" +.SH NAME +ipq_message_type, ipq_get_packet, ipq_getmsgerr \(em query queue messages +.SH SYNOPSIS +.B #include <linux/netfilter.h> +.br +.B #include <libipq.h> +.sp +.BI "int ipq_message_type(const unsigned char *" buf ");" +.br +.BI "ipq_packet_msg_t *ipq_get_packet(const unsigned char *" buf ");" +.br +.BI "int ipq_get_msgerr(const unsigned char *" buf ");" +.SH DESCRIPTION +The +.B ipq_message_type +function returns the type of queue message returned to userspace +via +.BR ipq_read . +.PP +.B ipq_message_type +should always be called following a successful call to +.B ipq_read +to determine whether the message is a packet message or an +error message. The +.I buf +parameter should be the same data obtained from +the previous call to +.BR ipq_read . +.PP +.B ipq_message_type +will return one of the following values: +.TP +.B NLMSG_ERROR +An error message generated by the Netlink transport. +.PP +.TP +.B IPQM_PACKET +A packet message containing packet metadata and optional packet payload data. +.PP +The +.B ipq_get_packet +function should be called if +.B ipq_message_type +returns +.BR IPQM_PACKET . +The +.I buf +parameter should point to the same data used for the call to +.BR ipq_message_type . +The pointer returned by +.B ipq_get_packet +points to a packet message, which is declared as follows: +.PP +.RS +.nf +typedef struct ipq_packet_msg { + unsigned long packet_id; /* ID of queued packet */ + unsigned long mark; /* Netfilter mark value */ + long timestamp_sec; /* Packet arrival time (seconds) */ + long timestamp_usec; /* Packet arrvial time (+useconds) */ + unsigned int hook; /* Netfilter hook we rode in on */ + char indev_name[IFNAMSIZ]; /* Name of incoming interface */ + char outdev_name[IFNAMSIZ]; /* Name of outgoing interface */ + unsigned short hw_protocol; /* Hardware protocol (network order) */ + unsigned short hw_type; /* Hardware type */ + unsigned char hw_addrlen; /* Hardware address length */ + unsigned char hw_addr[8]; /* Hardware address */ + size_t data_len; /* Length of packet data */ + unsigned char payload[0]; /* Optional packet data */ +} ipq_packet_msg_t; +.fi +.RE +.PP +Each of these fields may be read by the application. If the queue mode +is +.B IPQ_COPY_PACKET +and the +.I data_len +value is greater than zero, the packet payload contents may be accessed +in the memory following the +.B ipq_packet_msg_t +structure to a range of +.I data_len. +.PP +The +.I packet_id +field contains a packet identifier to be used when calling +.BR ipq_set_verdict . +.PP +The +.B ipq_get_msgerr +function should be called if +.B ipq_message_type +returns +.BR NLMSG_ERROR. +The +.I buf +parameter should point to the same data used for the call to +.BR ipq_message_type . +The value returned by +.B ipq_get_msgerr +is set by higher level kernel code and corresponds to standard +.B errno +values. +.SH BUGS +None known. +.SH AUTHOR +James Morris <jmorris@intercode.com.au> +.SH COPYRIGHT +Copyright (c) 2000-2001 Netfilter Core Team. +.PP +Distributed under the GNU General Public License. +.SH SEE ALSO +.BR iptables (8), +.BR libipq (3). diff --git a/libipq/ipq_perror.3 b/libipq/ipq_perror.3 new file mode 100644 index 0000000..6efd53d --- /dev/null +++ b/libipq/ipq_perror.3 @@ -0,0 +1 @@ +.so man3/ipq_errstr.3 diff --git a/libipq/ipq_read.3 b/libipq/ipq_read.3 new file mode 100644 index 0000000..171c916 --- /dev/null +++ b/libipq/ipq_read.3 @@ -0,0 +1,106 @@ +.TH IPQ_READ 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual" +.\" +.\" $Id: ipq_read.3,v 1.2 2001/10/16 14:41:02 jamesm Exp $ +.\" +.\" Copyright (c) 2000-2001 Netfilter Core Team +.\" +.\" This program is free software; you can redistribute it and/or modify +.\" it under the terms of the GNU General Public License as published by +.\" the Free Software Foundation; either version 2 of the License, or +.\" (at your option) any later version. +.\" +.\" This program is distributed in the hope that it will be useful, +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.\" GNU General Public License for more details. +.\" +.\" You should have received a copy of the GNU General Public License +.\" along with this program; if not, write to the Free Software +.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +.\" +.\" +.SH NAME +ipq_read \(em read queue messages from ip_queue and read into supplied buffer +.SH SYNOPSIS +.B #include <linux/netfilter.h> +.br +.B #include <libipq.h> +.sp +.BI "ssize_t ipq_read(const struct ipq_handle *" h ", unsigned char *" buf ", size_t " len ", int " timeout ");" +.SH DESCRIPTION +The +.B ipq_read +function reads a queue message from the kernel and copies it to +the memory pointed to by +.I buf +to a maximum length of +. IR len . +.PP +The +.I h +parameter is a context handle which must previously have been returned +successfully from a call to +.BR ipq_create_handle . +.PP +The caller is responsible for ensuring that the memory pointed to by +.I buf +is large enough to contain +.I len +bytes. +.PP +The +.I timeout +parameter may be used to set a timeout for the operation, specified in microseconds. +This is implemented internally by the library via the +.BR select +system call. A value of zero provides normal, backwards-compatible blocking behaviour +with no timeout. A negative value causes the function to return immediately. +.PP +Data returned via +.I buf +should not be accessed directly. Use the +.BR ipq_message_type , +.BR ipq_get_packet ", and" +.BR ipq_get_msgerr +functions to access the queue message in the buffer. +.SH RETURN VALUE +On failure, \-1 is returned. +.br +On success, a non-zero positive value is returned when no timeout +value is specified. +.br +On success with a timeout value specified, zero is returned if no data +was available to read, or if a non-blocked signal was caught. In the +latter case, the global +.B errno +value will be set to +.BR EINTR . +.SH ERRORS +On error, a descriptive error message will be available +via the +.B ipq_errstr +function. +.SH DIAGNOSTICS +While the +.B ipq_read +function may return successfully, the queue message copied to the buffer +may itself be an error message from a higher level kernel component. Use +.B ipq_message_type +to determine if it is an error message, and +.B ipq_get_msgerr +to access the value of the message. +.SH BUGS +None known. +.SH AUTHOR +James Morris <jmorris@intercode.com.au> +.SH COPYRIGHT +Copyright (c) 2000-2001 Netfilter Core Team. +.PP +Distributed under the GNU General Public License. +.SH CREDITS +Joost Remijn implemented the timeout feature, which appeared in the 1.2.4 release of iptables. +.SH SEE ALSO +.BR iptables (8), +.BR libipq (3), +.BR select (2). + diff --git a/libipq/ipq_set_mode.3 b/libipq/ipq_set_mode.3 new file mode 100644 index 0000000..672ee4e --- /dev/null +++ b/libipq/ipq_set_mode.3 @@ -0,0 +1,107 @@ +.TH IPQ_SET_MODE 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual" +.\" +.\" $Id: ipq_set_mode.3,v 1.1 2000/11/20 14:13:32 jamesm Exp $ +.\" +.\" Copyright (c) 2000-2001 Netfilter Core Team +.\" +.\" This program is free software; you can redistribute it and/or modify +.\" it under the terms of the GNU General Public License as published by +.\" the Free Software Foundation; either version 2 of the License, or +.\" (at your option) any later version. +.\" +.\" This program is distributed in the hope that it will be useful, +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.\" GNU General Public License for more details. +.\" +.\" You should have received a copy of the GNU General Public License +.\" along with this program; if not, write to the Free Software +.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +.\" +.\" +.SH NAME +ipq_set_mode \(em set the ip_queue queuing mode +.SH SYNOPSIS +.B #include <linux/netfilter.h> +.br +.B #include <libipq.h> +.sp +.BI "int ipq_set_mode(const struct ipq_handle *" h ", u_int8_t " mode ", size_t " range ); +.SH DESCRIPTION +The +.B ipq_set_mode +function sends a message to the kernel ip_queue module, specifying whether +packet metadata only, or packet payloads as well as metadata should be copied to +userspace. +.PP +The +.I h +parameter is a context handle which must previously have been returned +successfully from a call to +.BR ipq_create_handle . +.PP +The +.I mode +parameter must be one of: +.TP +.B IPQ_COPY_META +Copy only packet metadata to userspace. +.TP +.B IPQ_COPY_PACKET +Copy packet metadata and packet payloads to userspace. +.PP +The +.I range +parameter is used to specify how many bytes of the payload to copy +to userspace. It is only valid for +.B IPQ_COPY_PACKET +mode and is otherwise ignored. The maximum useful value for +.I range +is 65535 (greater values will be clamped to this by ip_queue). +.PP +.B ipq_set_mode +is usually used immediately following +.B ipq_create_handle +to enable the flow of packets to userspace. +.PP +Note that as the underlying Netlink messaging transport is connectionless, +the ip_queue module does not know that a userspace application is ready to +communicate until it receives a message such as this. +.SH RETURN VALUE +On failure, \-1 is returned. +.br +On success, a non-zero positive value is returned. +.SH ERRORS +On failure, a descriptive error message will be available +via the +.B ipq_errstr +function. +.SH DIAGNOSTICS +A relatively common failure may occur if the ip_queue module is not loaded. +In this case, the following code excerpt: +.PP +.RS +.nf +status = ipq_set_mode(h, IPQ_COPY_META, 0); +if (status < 0) { + ipq_perror("myapp"); + ipq_destroy_handle(h); + exit(1); +} +.RE +.fi +.PP +would generate the following output: +.PP +.I myapp: Failed to send netlink message: Connection refused +.SH BUGS +None known. +.SH AUTHOR +James Morris <jmorris@intercode.com.au> +.SH COPYRIGHT +Copyright (c) 2000-2001 Netfilter Core Team. +.PP +Distributed under the GNU General Public License. +.SH SEE ALSO +.BR libipq (3), +.BR iptables (8). diff --git a/libipq/ipq_set_verdict.3 b/libipq/ipq_set_verdict.3 new file mode 100644 index 0000000..e9d3d3f --- /dev/null +++ b/libipq/ipq_set_verdict.3 @@ -0,0 +1,102 @@ +.TH IPQ_SET_VERDICT 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual" +.\" +.\" $Id: ipq_set_verdict.3,v 1.1 2000/11/20 14:13:32 jamesm Exp $ +.\" +.\" Copyright (c) 2000-2001 Netfilter Core Team +.\" +.\" This program is free software; you can redistribute it and/or modify +.\" it under the terms of the GNU General Public License as published by +.\" the Free Software Foundation; either version 2 of the License, or +.\" (at your option) any later version. +.\" +.\" This program is distributed in the hope that it will be useful, +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.\" GNU General Public License for more details. +.\" +.\" You should have received a copy of the GNU General Public License +.\" along with this program; if not, write to the Free Software +.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +.\" +.\" +.SH NAME +ipq_set_verdict \(em issue verdict and optionally modified packet to kernel +.SH SYNOPSIS +.B #include <linux/netfilter.h> +.br +.B #include <libipq.h> +.sp +.BI "int ipq_set_verdict(const struct ipq_handle *" h ", ipq_id_t " id ", unsigned int " verdict ", size_t " data_len ", unsigned char *" buf ");" +.SH DESCRIPTION +The +.B ipq_set_verdict +function issues a verdict on a packet previously obtained with +.BR ipq_read , +specifing the intended disposition of the packet, and optionally +supplying a modified version of the payload data. +.PP +The +.I h +parameter is a context handle which must previously have been returned +successfully from a call to +.BR ipq_create_handle . +.PP +The +.I id +parameter is the packet identifier obtained via +.BR ipq_get_packet . +.PP +The +.I verdict +parameter must be one of: +.TP +.B NF_ACCEPT +Accept the packet and continue traversal within the kernel. +.br +.TP +.B NF_DROP +Drop the packet. +.TP +\fBNF_QUEUE\fP +Requeue the packet. +.PP +\fBNF_STOLEN\fP and \fBNF_REPEAT\fP are kernel-internal constants and should +not be used from userspace as their exact side effects have not been +investigated. +.PP +The +.I data_len +parameter is the length of the data pointed to +by +.IR buf , +the optional replacement payload data. +.PP +If simply setting a verdict without modifying the payload data, use zero +for +.I data_len +and NULL for +.IR buf . +.PP +The application is responsible for recalculating any packet checksums +when modifying packets. +.SH RETURN VALUE +On failure, \-1 is returned. +.br +On success, a non-zero positive value is returned. +.SH ERRORS +On error, a descriptive error message will be available +via the +.B ipq_errstr +function. +.SH BUGS +None known. +.SH AUTHOR +James Morris <jmorris@intercode.com.au> +.SH COPYRIGHT +Copyright (c) 2000-2001 Netfilter Core Team. +.PP +Distributed under the GNU General Public License. +.SH SEE ALSO +.BR iptables (8), +.BR libipq (3). + diff --git a/libipq/libipq.3 b/libipq/libipq.3 new file mode 100644 index 0000000..0196248 --- /dev/null +++ b/libipq/libipq.3 @@ -0,0 +1,279 @@ +.TH LIBIPQ 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual" +.\" +.\" $Id: libipq.3,v 1.4 2001/10/16 16:58:25 jamesm Exp $ +.\" +.\" Copyright (c) 2000-2001 Netfilter Core Team +.\" +.\" This program is free software; you can redistribute it and/or modify +.\" it under the terms of the GNU General Public License as published by +.\" the Free Software Foundation; either version 2 of the License, or +.\" (at your option) any later version. +.\" +.\" This program is distributed in the hope that it will be useful, +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.\" GNU General Public License for more details. +.\" +.\" You should have received a copy of the GNU General Public License +.\" along with this program; if not, write to the Free Software +.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +.\" +.\" +.SH NAME +libipq \(em iptables userspace packet queuing library. +.SH SYNOPSIS +.B #include <linux/netfilter.h> +.br +.B #include <libipq.h> +.SH DESCRIPTION +libipq is a development library for iptables userspace packet queuing. +.SS Userspace Packet Queuing +Netfilter provides a mechanism for passing packets out of the stack for +queueing to userspace, then receiving these packets back into the kernel +with a verdict specifying what to do with the packets (such as ACCEPT +or DROP). These packets may also be modified in userspace prior to +reinjection back into the kernel. +.PP +For each supported protocol, a kernel module called a +.I queue handler +may register with Netfilter to perform the mechanics of passing +packets to and from userspace. +.PP +The standard queue handler for IPv4 is ip_queue. It is provided as an +experimental module with 2.4 kernels, and uses a Netlink socket for +kernel/userspace communication. +.PP +Once ip_queue is loaded, IP packets may be selected with iptables +and queued for userspace processing via the QUEUE target. For example, +running the following commands: +.PP + # modprobe iptable_filter +.br + # modprobe ip_queue +.br + # iptables \-A OUTPUT \-p icmp \-j QUEUE +.PP +will cause any locally generated ICMP packets (e.g. ping output) to +be sent to the ip_queue module, which will then attempt to deliver the +packets to a userspace application. If no userspace application is waiting, +the packets will be dropped +.PP +An application may receive and process these packets via libipq. +.PP +.PP +.SS Libipq Overview +Libipq provides an API for communicating with ip_queue. The following is +an overview of API usage, refer to individual man pages for more details +on each function. +.PP +.B Initialisation +.br +To initialise the library, call +.BR ipq_create_handle (3). +This will attempt to bind to the Netlink socket used by ip_queue and +return an opaque context handle for subsequent library calls. +.PP +.B Setting the Queue Mode +.br +.BR ipq_set_mode (3) +allows the application to specify whether packet metadata, or packet +payloads as well as metadata are copied to userspace. It is also used to +initially notify ip_queue that an application is ready to receive queue +messages. +.PP +.B Receiving Packets from the Queue +.br +.BR ipq_read (3) +waits for queue messages to arrive from ip_queue and copies +them into a supplied buffer. +Queue messages may be +.I packet messages +or +.I error messages. +.PP +The type of packet may be determined with +.BR ipq_message_type (3). +.PP +If it's a packet message, the metadata and optional payload may be retrieved with +.BR ipq_get_packet (3). +.PP +To retrieve the value of an error message, use +.BR ipq_get_msgerr (3). +.PP +.B Issuing Verdicts on Packets +.br +To issue a verdict on a packet, and optionally return a modified version +of the packet to the kernel, call +.BR ipq_set_verdict (3). +.PP +.B Error Handling +.br +An error string corresponding to the current value of the internal error +variable +.B ipq_errno +may be obtained with +.BR ipq_errstr (3). +.PP +For simple applications, calling +.BR ipq_perror (3) +will print the same message as +.BR ipq_errstr (3), +as well as the string corresponding to the global +.B errno +value (if set) to stderr. +.PP +.B Cleaning Up +.br +To free up the Netlink socket and destroy resources associated with +the context handle, call +.BR ipq_destroy_handle (3). +.SH SUMMARY +.TP 4 +.BR ipq_create_handle (3) +Initialise library, return context handle. +.TP +.BR ipq_set_mode (3) +Set the queue mode, to copy either packet metadata, or payloads +as well as metadata to userspace. +.TP +.BR ipq_read (3) +Wait for a queue message to arrive from ip_queue and read it into +a buffer. +.TP +.BR ipq_message_type (3) +Determine message type in the buffer. +.TP +.BR ipq_get_packet (3) +Retrieve a packet message from the buffer. +.TP +.BR ipq_get_msgerr (3) +Retrieve an error message from the buffer. +.TP +.BR ipq_set_verdict (3) +Set a verdict on a packet, optionally replacing its contents. +.TP +.BR ipq_errstr (3) +Return an error message corresponding to the internal ipq_errno variable. +.TP +.BR ipq_perror (3) +Helper function to print error messages to stderr. +.TP +.BR ipq_destroy_handle (3) +Destroy context handle and associated resources. +.SH EXAMPLE +The following is an example of a simple application which receives +packets and issues NF_ACCEPT verdicts on each packet. +.RS +.nf +/* + * This code is GPL. + */ +#include <linux/netfilter.h> +#include <libipq.h> +#include <stdio.h> + +#define BUFSIZE 2048 + +static void die(struct ipq_handle *h) +{ + ipq_perror("passer"); + ipq_destroy_handle(h); + exit(1); +} + +int main(int argc, char **argv) +{ + int status; + unsigned char buf[BUFSIZE]; + struct ipq_handle *h; + + h = ipq_create_handle(0, NFPROTO_IPV4); + if (!h) + die(h); + + status = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE); + if (status < 0) + die(h); + + do{ + status = ipq_read(h, buf, BUFSIZE, 0); + if (status < 0) + die(h); + + switch (ipq_message_type(buf)) { + case NLMSG_ERROR: + fprintf(stderr, "Received error message %d\\n", + ipq_get_msgerr(buf)); + break; + + case IPQM_PACKET: { + ipq_packet_msg_t *m = ipq_get_packet(buf); + + status = ipq_set_verdict(h, m->packet_id, + NF_ACCEPT, 0, NULL); + if (status < 0) + die(h); + break; + } + + default: + fprintf(stderr, "Unknown message type!\\n"); + break; + } + } while (1); + + ipq_destroy_handle(h); + return 0; +} +.RE +.fi +.PP +Pointers to more libipq application examples may be found in The +Netfilter FAQ. +.SH DIAGNOSTICS +For information about monitoring and tuning ip_queue, refer to the +Linux 2.4 Packet Filtering HOWTO. +.PP +If an application modifies a packet, it needs to also update any +checksums for the packet. Typically, the kernel will silently discard +modified packets with invalid checksums. +.SH SECURITY +Processes require CAP_NET_ADMIN capabilty to access the kernel ip_queue +module. Such processes can potentially access and modify any IP packets +received, generated or forwarded by the kernel. +.SH TODO +Per-handle +.B ipq_errno +values. +.SH BUGS +Probably. +.SH AUTHOR +James Morris <jmorris@intercode.com.au> +.SH COPYRIGHT +Copyright (c) 2000-2001 Netfilter Core Team. +.PP +Distributed under the GNU General Public License. +.SH CREDITS +Joost Remijn implemented the +.B ipq_read +timeout feature, which appeared in the 1.2.4 release of iptables. +.PP +Fernando Anton added support for IPv6. +.SH SEE ALSO +.BR iptables (8), +.BR ipq_create_handle (3), +.BR ipq_destroy_handle (3), +.BR ipq_errstr (3), +.BR ipq_get_msgerr (3), +.BR ipq_get_packet (3), +.BR ipq_message_type (3), +.BR ipq_perror (3), +.BR ipq_read (3), +.BR ipq_set_mode (3), +.BR ipq_set_verdict (3). +.PP +The Netfilter home page at http://netfilter.samba.org/ +which has links to The Networking Concepts HOWTO, The Linux 2.4 Packet +Filtering HOWTO, The Linux 2.4 NAT HOWTO, The Netfilter Hacking HOWTO, +The Netfilter FAQ and many other useful resources. + diff --git a/libipq/libipq.c b/libipq/libipq.c new file mode 100644 index 0000000..620cc2d --- /dev/null +++ b/libipq/libipq.c @@ -0,0 +1,380 @@ +/* + * libipq.c + * + * IPQ userspace library. + * + * Please note that this library is still developmental, and there may + * be some API changes. + * + * Author: James Morris <jmorris@intercode.com.au> + * + * 07-11-2001 Modified by Fernando Anton to add support for IPv6. + * + * Copyright (c) 2000-2001 Netfilter Core Team + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + */ + +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <unistd.h> +#include <sys/time.h> +#include <sys/types.h> + +#include <libipq/libipq.h> +#include <netinet/in.h> +#include <linux/netfilter.h> + +/**************************************************************************** + * + * Private interface + * + ****************************************************************************/ + +enum { + IPQ_ERR_NONE = 0, + IPQ_ERR_IMPL, + IPQ_ERR_HANDLE, + IPQ_ERR_SOCKET, + IPQ_ERR_BIND, + IPQ_ERR_BUFFER, + IPQ_ERR_RECV, + IPQ_ERR_NLEOF, + IPQ_ERR_ADDRLEN, + IPQ_ERR_STRUNC, + IPQ_ERR_RTRUNC, + IPQ_ERR_NLRECV, + IPQ_ERR_SEND, + IPQ_ERR_SUPP, + IPQ_ERR_RECVBUF, + IPQ_ERR_TIMEOUT, + IPQ_ERR_PROTOCOL +}; +#define IPQ_MAXERR IPQ_ERR_PROTOCOL + +struct ipq_errmap_t { + int errcode; + char *message; +} ipq_errmap[] = { + { IPQ_ERR_NONE, "Unknown error" }, + { IPQ_ERR_IMPL, "Implementation error" }, + { IPQ_ERR_HANDLE, "Unable to create netlink handle" }, + { IPQ_ERR_SOCKET, "Unable to create netlink socket" }, + { IPQ_ERR_BIND, "Unable to bind netlink socket" }, + { IPQ_ERR_BUFFER, "Unable to allocate buffer" }, + { IPQ_ERR_RECV, "Failed to receive netlink message" }, + { IPQ_ERR_NLEOF, "Received EOF on netlink socket" }, + { IPQ_ERR_ADDRLEN, "Invalid peer address length" }, + { IPQ_ERR_STRUNC, "Sent message truncated" }, + { IPQ_ERR_RTRUNC, "Received message truncated" }, + { IPQ_ERR_NLRECV, "Received error from netlink" }, + { IPQ_ERR_SEND, "Failed to send netlink message" }, + { IPQ_ERR_SUPP, "Operation not supported" }, + { IPQ_ERR_RECVBUF, "Receive buffer size invalid" }, + { IPQ_ERR_TIMEOUT, "Timeout"}, + { IPQ_ERR_PROTOCOL, "Invalid protocol specified" } +}; + +static int ipq_errno = IPQ_ERR_NONE; + +static ssize_t ipq_netlink_sendto(const struct ipq_handle *h, + const void *msg, size_t len); + +static ssize_t ipq_netlink_recvfrom(const struct ipq_handle *h, + unsigned char *buf, size_t len, + int timeout); + +static ssize_t ipq_netlink_sendmsg(const struct ipq_handle *h, + const struct msghdr *msg, + unsigned int flags); + +static char *ipq_strerror(int errcode); + +static ssize_t ipq_netlink_sendto(const struct ipq_handle *h, + const void *msg, size_t len) +{ + int status = sendto(h->fd, msg, len, 0, + (struct sockaddr *)&h->peer, sizeof(h->peer)); + if (status < 0) + ipq_errno = IPQ_ERR_SEND; + return status; +} + +static ssize_t ipq_netlink_sendmsg(const struct ipq_handle *h, + const struct msghdr *msg, + unsigned int flags) +{ + int status = sendmsg(h->fd, msg, flags); + if (status < 0) + ipq_errno = IPQ_ERR_SEND; + return status; +} + +static ssize_t ipq_netlink_recvfrom(const struct ipq_handle *h, + unsigned char *buf, size_t len, + int timeout) +{ + unsigned int addrlen; + int status; + struct nlmsghdr *nlh; + + if (len < sizeof(struct nlmsgerr)) { + ipq_errno = IPQ_ERR_RECVBUF; + return -1; + } + addrlen = sizeof(h->peer); + + if (timeout != 0) { + int ret; + struct timeval tv; + fd_set read_fds; + + if (timeout < 0) { + /* non-block non-timeout */ + tv.tv_sec = 0; + tv.tv_usec = 0; + } else { + tv.tv_sec = timeout / 1000000; + tv.tv_usec = timeout % 1000000; + } + + FD_ZERO(&read_fds); + FD_SET(h->fd, &read_fds); + ret = select(h->fd+1, &read_fds, NULL, NULL, &tv); + if (ret < 0) { + if (errno == EINTR) { + return 0; + } else { + ipq_errno = IPQ_ERR_RECV; + return -1; + } + } + if (!FD_ISSET(h->fd, &read_fds)) { + ipq_errno = IPQ_ERR_TIMEOUT; + return 0; + } + } + status = recvfrom(h->fd, buf, len, 0, + (struct sockaddr *)&h->peer, &addrlen); + if (status < 0) { + ipq_errno = IPQ_ERR_RECV; + return status; + } + if (addrlen != sizeof(h->peer)) { + ipq_errno = IPQ_ERR_RECV; + return -1; + } + if (h->peer.nl_pid != 0) { + ipq_errno = IPQ_ERR_RECV; + return -1; + } + if (status == 0) { + ipq_errno = IPQ_ERR_NLEOF; + return -1; + } + nlh = (struct nlmsghdr *)buf; + if (nlh->nlmsg_flags & MSG_TRUNC || nlh->nlmsg_len > status) { + ipq_errno = IPQ_ERR_RTRUNC; + return -1; + } + return status; +} + +static char *ipq_strerror(int errcode) +{ + if (errcode < 0 || errcode > IPQ_MAXERR) + errcode = IPQ_ERR_IMPL; + return ipq_errmap[errcode].message; +} + +/**************************************************************************** + * + * Public interface + * + ****************************************************************************/ + +/* + * Create and initialise an ipq handle. + */ +struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol) +{ + int status; + struct ipq_handle *h; + + h = (struct ipq_handle *)malloc(sizeof(struct ipq_handle)); + if (h == NULL) { + ipq_errno = IPQ_ERR_HANDLE; + return NULL; + } + + memset(h, 0, sizeof(struct ipq_handle)); + + if (protocol == NFPROTO_IPV4) + h->fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_FIREWALL); + else if (protocol == NFPROTO_IPV6) + h->fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_IP6_FW); + else { + ipq_errno = IPQ_ERR_PROTOCOL; + free(h); + return NULL; + } + + if (h->fd == -1) { + ipq_errno = IPQ_ERR_SOCKET; + close(h->fd); + free(h); + return NULL; + } + memset(&h->local, 0, sizeof(struct sockaddr_nl)); + h->local.nl_family = AF_NETLINK; + h->local.nl_pid = getpid(); + h->local.nl_groups = 0; + status = bind(h->fd, (struct sockaddr *)&h->local, sizeof(h->local)); + if (status == -1) { + ipq_errno = IPQ_ERR_BIND; + close(h->fd); + free(h); + return NULL; + } + memset(&h->peer, 0, sizeof(struct sockaddr_nl)); + h->peer.nl_family = AF_NETLINK; + h->peer.nl_pid = 0; + h->peer.nl_groups = 0; + return h; +} + +/* + * No error condition is checked here at this stage, but it may happen + * if/when reliable messaging is implemented. + */ +int ipq_destroy_handle(struct ipq_handle *h) +{ + if (h) { + close(h->fd); + free(h); + } + return 0; +} + +int ipq_set_mode(const struct ipq_handle *h, + u_int8_t mode, size_t range) +{ + struct { + struct nlmsghdr nlh; + ipq_peer_msg_t pm; + } req; + + memset(&req, 0, sizeof(req)); + req.nlh.nlmsg_len = NLMSG_LENGTH(sizeof(req)); + req.nlh.nlmsg_flags = NLM_F_REQUEST; + req.nlh.nlmsg_type = IPQM_MODE; + req.nlh.nlmsg_pid = h->local.nl_pid; + req.pm.msg.mode.value = mode; + req.pm.msg.mode.range = range; + return ipq_netlink_sendto(h, (void *)&req, req.nlh.nlmsg_len); +} + +/* + * timeout is in microseconds (1 second is 1000000 (1 million) microseconds) + * + */ +ssize_t ipq_read(const struct ipq_handle *h, + unsigned char *buf, size_t len, int timeout) +{ + return ipq_netlink_recvfrom(h, buf, len, timeout); +} + +int ipq_message_type(const unsigned char *buf) +{ + return ((struct nlmsghdr*)buf)->nlmsg_type; +} + +int ipq_get_msgerr(const unsigned char *buf) +{ + struct nlmsghdr *h = (struct nlmsghdr *)buf; + struct nlmsgerr *err = (struct nlmsgerr*)NLMSG_DATA(h); + return -err->error; +} + +ipq_packet_msg_t *ipq_get_packet(const unsigned char *buf) +{ + return NLMSG_DATA((struct nlmsghdr *)(buf)); +} + +int ipq_set_verdict(const struct ipq_handle *h, + ipq_id_t id, + unsigned int verdict, + size_t data_len, + unsigned char *buf) +{ + unsigned char nvecs; + size_t tlen; + struct nlmsghdr nlh; + ipq_peer_msg_t pm; + struct iovec iov[3]; + struct msghdr msg; + + memset(&nlh, 0, sizeof(nlh)); + nlh.nlmsg_flags = NLM_F_REQUEST; + nlh.nlmsg_type = IPQM_VERDICT; + nlh.nlmsg_pid = h->local.nl_pid; + memset(&pm, 0, sizeof(pm)); + pm.msg.verdict.value = verdict; + pm.msg.verdict.id = id; + pm.msg.verdict.data_len = data_len; + iov[0].iov_base = &nlh; + iov[0].iov_len = sizeof(nlh); + iov[1].iov_base = ± + iov[1].iov_len = sizeof(pm); + tlen = sizeof(nlh) + sizeof(pm); + nvecs = 2; + if (data_len && buf) { + iov[2].iov_base = buf; + iov[2].iov_len = data_len; + tlen += data_len; + nvecs++; + } + msg.msg_name = (void *)&h->peer; + msg.msg_namelen = sizeof(h->peer); + msg.msg_iov = iov; + msg.msg_iovlen = nvecs; + msg.msg_control = NULL; + msg.msg_controllen = 0; + msg.msg_flags = 0; + nlh.nlmsg_len = tlen; + return ipq_netlink_sendmsg(h, &msg, 0); +} + +/* Not implemented yet */ +int ipq_ctl(const struct ipq_handle *h, int request, ...) +{ + return 1; +} + +char *ipq_errstr(void) +{ + return ipq_strerror(ipq_errno); +} + +void ipq_perror(const char *s) +{ + if (s) + fputs(s, stderr); + else + fputs("ERROR", stderr); + if (ipq_errno) + fprintf(stderr, ": %s", ipq_errstr()); + if (errno) + fprintf(stderr, ": %s", strerror(errno)); + fputc('\n', stderr); +} |