* [PATCH 0/2] Specify nf_queue max length from userspace @ 2006-06-13 16:56 Eric Leblond 2006-06-13 17:06 ` [PATCH 1/2] " Eric Leblond 2006-06-13 17:07 ` [PATCH 2/2] [libnetfilter_queue] " Eric Leblond 0 siblings, 2 replies; 10+ messages in thread From: Eric Leblond @ 2006-06-13 16:56 UTC (permalink / raw) To: netfilter-devel [-- Attachment #1: Type: text/plain, Size: 474 bytes --] Hi, With libnetfilter_queue it was not anymore possible to specify the max queue length from userspace. All needed framework was already in nfnetlink_queue code and as queue instance has its own max length, it was thus possible to specify max length on a per queue basis. To be able to do so, I've added a new function nfq_set_queue_maxlen to libnetfilter_queue and done needed modifications in nfnetlink_queue code. BR, -- Eric Leblond <eric@inl.fr> INL [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 1/2] Specify nf_queue max length from userspace 2006-06-13 16:56 [PATCH 0/2] Specify nf_queue max length from userspace Eric Leblond @ 2006-06-13 17:06 ` Eric Leblond 2006-06-16 12:36 ` Pablo Neira Ayuso 2006-06-19 16:26 ` Patrick McHardy 2006-06-13 17:07 ` [PATCH 2/2] [libnetfilter_queue] " Eric Leblond 1 sibling, 2 replies; 10+ messages in thread From: Eric Leblond @ 2006-06-13 17:06 UTC (permalink / raw) To: netfilter-devel [-- Attachment #1.1: Type: text/plain, Size: 90 bytes --] Attach patch is against current git kernel tree. -- Eric Leblond <eric@inl.fr> INL [-- Attachment #1.2: specify-queue-max-length-from-userspace.txt --] [-- Type: text/plain, Size: 1535 bytes --] Signed-off-by: Eric Leblond <eric@inl.fr> --- include/linux/netfilter/nfnetlink_queue.h | 2 ++ net/netfilter/nfnetlink_queue.c | 7 ++++++- 2 files changed, 8 insertions(+), 1 deletions(-) 1fb988dc51e2465500df50ff4e085f80acb7b6a3 diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h index 9e77437..ce32c54 100644 --- a/include/linux/netfilter/nfnetlink_queue.h +++ b/include/linux/netfilter/nfnetlink_queue.h @@ -67,6 +67,7 @@ struct nfqnl_msg_config_cmd { } __attribute__ ((packed)); enum nfqnl_config_mode { + NFQNL_COPY_UNSPEC, NFQNL_COPY_NONE, NFQNL_COPY_META, NFQNL_COPY_PACKET, @@ -75,6 +76,7 @@ enum nfqnl_config_mode { struct nfqnl_msg_config_params { u_int32_t copy_range; u_int8_t copy_mode; /* enum nfqnl_config_mode */ + u_int32_t queue_maxlen; } __attribute__ ((packed)); diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 86a4ac3..6032ad5 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -935,8 +935,13 @@ nfqnl_recv_config(struct sock *ctnl, str goto out_put; } params = NFA_DATA(nfqa[NFQA_CFG_PARAMS-1]); - nfqnl_set_mode(queue, params->copy_mode, + if (params->copy_mode != NFQNL_COPY_UNSPEC){ + nfqnl_set_mode(queue, params->copy_mode, ntohl(params->copy_range)); + } + if (params->queue_maxlen) { + queue->queue_maxlen=ntohl(params->queue_maxlen); + } } out_put: -- 1.3.3 [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH 1/2] Specify nf_queue max length from userspace 2006-06-13 17:06 ` [PATCH 1/2] " Eric Leblond @ 2006-06-16 12:36 ` Pablo Neira Ayuso 2006-06-17 21:24 ` Eric Leblond 2006-06-19 16:26 ` Patrick McHardy 1 sibling, 1 reply; 10+ messages in thread From: Pablo Neira Ayuso @ 2006-06-16 12:36 UTC (permalink / raw) To: Eric Leblond; +Cc: netfilter-devel Hi Eric, Eric Leblond wrote: > include/linux/netfilter/nfnetlink_queue.h | 2 ++ > net/netfilter/nfnetlink_queue.c | 7 ++++++- > 2 files changed, 8 insertions(+), 1 deletions(-) > > 1fb988dc51e2465500df50ff4e085f80acb7b6a3 > diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h > index 9e77437..ce32c54 100644 > --- a/include/linux/netfilter/nfnetlink_queue.h > +++ b/include/linux/netfilter/nfnetlink_queue.h > @@ -67,6 +67,7 @@ struct nfqnl_msg_config_cmd { > } __attribute__ ((packed)); > > enum nfqnl_config_mode { > + NFQNL_COPY_UNSPEC, > NFQNL_COPY_NONE, > NFQNL_COPY_META, > NFQNL_COPY_PACKET, If you have to add new attributes, do it always at the end, in other words, just before NFQNL_COPY_MAX. Otherwise you're breaking backward compatibility. See that old binaries use COPY_NONE set to 0, but after applying your patch COPY_NONE is set to 1. Result: old binaries will no work with nfnetlink_queue anymore. > @@ -75,6 +76,7 @@ enum nfqnl_config_mode { > struct nfqnl_msg_config_params { > u_int32_t copy_range; > u_int8_t copy_mode; /* enum nfqnl_config_mode */ > + u_int32_t queue_maxlen; > } __attribute__ ((packed)); Same thing here. If you have to modify this structure, you need to create a new one called struct nfqnl_msg_config_params2. Since I don't like this option, I think that the best solution is to add a new attribute called NFQNL_CFG_QUEUE_MAXLEN. -- The dawn of the fourth age of Linux firewalling is coming; a time of great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 1/2] Specify nf_queue max length from userspace 2006-06-16 12:36 ` Pablo Neira Ayuso @ 2006-06-17 21:24 ` Eric Leblond 2006-06-18 17:13 ` Pablo Neira Ayuso 0 siblings, 1 reply; 10+ messages in thread From: Eric Leblond @ 2006-06-17 21:24 UTC (permalink / raw) To: Pablo Neira Ayuso; +Cc: netfilter-devel [-- Attachment #1: Type: text/plain, Size: 1862 bytes --] Hi Pablo, On Fri, 2006-06-16 at 14:36 +0200, Pablo Neira Ayuso wrote: > Hi Eric, > > enum nfqnl_config_mode { > > + NFQNL_COPY_UNSPEC, > > NFQNL_COPY_NONE, > > NFQNL_COPY_META, > > NFQNL_COPY_PACKET, > > If you have to add new attributes, do it always at the end, in other > words, just before NFQNL_COPY_MAX. Otherwise you're breaking backward > compatibility. See that old binaries use COPY_NONE set to 0, but after > applying your patch COPY_NONE is set to 1. Result: old binaries will no > work with nfnetlink_queue anymore. I agree with you on this point. But, as I know that second point was also breaking compatibility, I've made the choice to put less significant value first. It looks cleaner to me. > > @@ -75,6 +76,7 @@ enum nfqnl_config_mode { > > struct nfqnl_msg_config_params { > > u_int32_t copy_range; > > u_int8_t copy_mode; /* enum nfqnl_config_mode */ > > + u_int32_t queue_maxlen; > > } __attribute__ ((packed)); > > Same thing here. If you have to modify this structure, you need to > create a new one called struct nfqnl_msg_config_params2. Since I don't > like this option, I think that the best solution is to add a new > attribute called NFQNL_CFG_QUEUE_MAXLEN. I also think this is the cleanest way not to loose binary compatibility. But, as you notice it, it's ugly as queue max length is a param. The user-basis of libnetfilter_queue is really small for the moment: Only about two projects use it. There may be also some unpublished project but it should hurt too much to break binary compatibility to have a cleaner code. In fact, I think that having only one attribute and one structure could be used in the future to have a function that will be able to set copy mode and queue length in one call and one message. BR, -- Eric Leblond <eric@inl.fr> INL [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 1/2] Specify nf_queue max length from userspace 2006-06-17 21:24 ` Eric Leblond @ 2006-06-18 17:13 ` Pablo Neira Ayuso 0 siblings, 0 replies; 10+ messages in thread From: Pablo Neira Ayuso @ 2006-06-18 17:13 UTC (permalink / raw) To: Eric Leblond; +Cc: netfilter-devel Eric Leblond wrote: > Hi Pablo, > > On Fri, 2006-06-16 at 14:36 +0200, Pablo Neira Ayuso wrote: > >>Hi Eric, >> >>> enum nfqnl_config_mode { >>>+ NFQNL_COPY_UNSPEC, >>> NFQNL_COPY_NONE, >>> NFQNL_COPY_META, >>> NFQNL_COPY_PACKET, >> >>If you have to add new attributes, do it always at the end, in other >>words, just before NFQNL_COPY_MAX. Otherwise you're breaking backward >>compatibility. See that old binaries use COPY_NONE set to 0, but after >>applying your patch COPY_NONE is set to 1. Result: old binaries will no >>work with nfnetlink_queue anymore. > > > I agree with you on this point. But, as I know that second point was > also breaking compatibility, I've made the choice to put less > significant value first. It looks cleaner to me. > > >>>@@ -75,6 +76,7 @@ enum nfqnl_config_mode { >>> struct nfqnl_msg_config_params { >>> u_int32_t copy_range; >>> u_int8_t copy_mode; /* enum nfqnl_config_mode */ >>>+ u_int32_t queue_maxlen; >>> } __attribute__ ((packed)); >> >>Same thing here. If you have to modify this structure, you need to >>create a new one called struct nfqnl_msg_config_params2. Since I don't >>like this option, I think that the best solution is to add a new >>attribute called NFQNL_CFG_QUEUE_MAXLEN. > > > I also think this is the cleanest way not to loose binary compatibility. > But, as you notice it, it's ugly as queue max length is a param. The > user-basis of libnetfilter_queue is really small for the moment: Only > about two projects use it. There may be also some unpublished project > but it should hurt too much to break binary compatibility to have a > cleaner code. Actually, this is what happen when you attach kernel and userspace to a certain structure. Instead, I think that it is better to split structures into fields. > In fact, I think that having only one attribute and one structure could > be used in the future to have a function that will be able to set copy > mode and queue length in one call and one message. This is not true, you can still implement a function that sets the queue length and copy mode with the solution that I proposed. -- The dawn of the fourth age of Linux firewalling is coming; a time of great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 1/2] Specify nf_queue max length from userspace 2006-06-13 17:06 ` [PATCH 1/2] " Eric Leblond 2006-06-16 12:36 ` Pablo Neira Ayuso @ 2006-06-19 16:26 ` Patrick McHardy 2006-06-19 19:57 ` Eric Leblond 2006-06-19 20:01 ` [PATCH 2/2] " Eric Leblond 1 sibling, 2 replies; 10+ messages in thread From: Patrick McHardy @ 2006-06-19 16:26 UTC (permalink / raw) To: Eric Leblond; +Cc: netfilter-devel Eric Leblond wrote: > Attach patch is against current git kernel tree. > > > > ------------------------------------------------------------------------ > > Signed-off-by: Eric Leblond <eric@inl.fr> > > > --- > > include/linux/netfilter/nfnetlink_queue.h | 2 ++ > net/netfilter/nfnetlink_queue.c | 7 ++++++- > 2 files changed, 8 insertions(+), 1 deletions(-) > > 1fb988dc51e2465500df50ff4e085f80acb7b6a3 > diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h > index 9e77437..ce32c54 100644 > --- a/include/linux/netfilter/nfnetlink_queue.h > +++ b/include/linux/netfilter/nfnetlink_queue.h > @@ -67,6 +67,7 @@ struct nfqnl_msg_config_cmd { > } __attribute__ ((packed)); > > enum nfqnl_config_mode { > + NFQNL_COPY_UNSPEC, > NFQNL_COPY_NONE, > NFQNL_COPY_META, > NFQNL_COPY_PACKET, Looks like an ABI breaker. > @@ -75,6 +76,7 @@ enum nfqnl_config_mode { > struct nfqnl_msg_config_params { > u_int32_t copy_range; > u_int8_t copy_mode; /* enum nfqnl_config_mode */ > + u_int32_t queue_maxlen; > } __attribute__ ((packed)); This too. Why not just use a new attribute? ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 1/2] Specify nf_queue max length from userspace 2006-06-19 16:26 ` Patrick McHardy @ 2006-06-19 19:57 ` Eric Leblond 2006-06-20 1:21 ` Patrick McHardy 2006-06-19 20:01 ` [PATCH 2/2] " Eric Leblond 1 sibling, 1 reply; 10+ messages in thread From: Eric Leblond @ 2006-06-19 19:57 UTC (permalink / raw) To: Patrick McHardy; +Cc: netfilter-devel [-- Attachment #1.1: Type: text/plain, Size: 769 bytes --] Hi, > > @@ -75,6 +76,7 @@ enum nfqnl_config_mode { > > struct nfqnl_msg_config_params { > > u_int32_t copy_range; > > u_int8_t copy_mode; /* enum nfqnl_config_mode */ > > + u_int32_t queue_maxlen; > > } __attribute__ ((packed)); > > This too. Why not just use a new attribute? I did not like the idea of having params split between two structures. And as the user base is still small, I thought we may break ABI to have something cleaner. Pablo and you do not like the idea, I wrote a patch that should not break the ABI (attached to the mail). In fact, after introducing the new attribute, I just found it is in a way cleaner than my initial one because code does not depend from a structure. BR, -- Eric Leblond <eric@inl.fr> INL [-- Attachment #1.2: specify-queue-max-length-from-userspace.patch --] [-- Type: text/x-patch, Size: 1224 bytes --] ------------------------------------------------------------------------ Signed-off-by: Eric Leblond <eric@inl.fr> --- diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h index 9e77437..22ffac0 100644 --- a/include/linux/netfilter/nfnetlink_queue.h +++ b/include/linux/netfilter/nfnetlink_queue.h @@ -82,6 +82,7 @@ enum nfqnl_attr_config { NFQA_CFG_UNSPEC, NFQA_CFG_CMD, /* nfqnl_msg_config_cmd */ NFQA_CFG_PARAMS, /* nfqnl_msg_config_params */ + NFQA_CFG_QUEUE_MAXLEN, /* u_int32_t */ __NFQA_CFG_MAX }; #define NFQA_CFG_MAX (__NFQA_CFG_MAX-1) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 86a4ac3..936c86b 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -939,6 +939,14 @@ nfqnl_recv_config(struct sock *ctnl, str ntohl(params->copy_range)); } + if (nfqa[NFQA_CFG_QUEUE_MAXLEN-1]) { + u_int32_t *queue_maxlen; + queue_maxlen = NFA_DATA(nfqa[NFQA_CFG_QUEUE_MAXLEN-1]); + spin_lock_bh(&queue->lock); + queue->queue_maxlen = ntohl(*queue_maxlen); + spin_unlock_bh(&queue->lock); + } + out_put: instance_put(queue); return ret; [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH 1/2] Specify nf_queue max length from userspace 2006-06-19 19:57 ` Eric Leblond @ 2006-06-20 1:21 ` Patrick McHardy 0 siblings, 0 replies; 10+ messages in thread From: Patrick McHardy @ 2006-06-20 1:21 UTC (permalink / raw) To: Eric Leblond; +Cc: netfilter-devel Eric Leblond wrote: > I did not like the idea of having params split between two structures. > And as the user base is still small, I thought we may break ABI to have > something cleaner. > Pablo and you do not like the idea, I wrote a patch that should not > break the ABI (attached to the mail). > In fact, after introducing the new attribute, I just found it is in a > way cleaner than my initial one because code does not depend from a > structure. Yes, that is better. I still would prefer to have all configuration attributes nested under some common attribute .. but I can't see a clean way to do that right now. Let me think about this some more. ^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 2/2] Specify nf_queue max length from userspace 2006-06-19 16:26 ` Patrick McHardy 2006-06-19 19:57 ` Eric Leblond @ 2006-06-19 20:01 ` Eric Leblond 1 sibling, 0 replies; 10+ messages in thread From: Eric Leblond @ 2006-06-19 20:01 UTC (permalink / raw) To: Patrick McHardy; +Cc: netfilter-devel [-- Attachment #1.1: Type: text/plain, Size: 1495 bytes --] Hi, Please found attached to this mail a libnetfilter_queue patch related to my previous mail and patch. BR, On Mon, 2006-06-19 at 18:26 +0200, Patrick McHardy wrote: > Eric Leblond wrote: > > Attach patch is against current git kernel tree. > > > > > > > > ------------------------------------------------------------------------ > > > > Signed-off-by: Eric Leblond <eric@inl.fr> > > > > > > --- > > > > include/linux/netfilter/nfnetlink_queue.h | 2 ++ > > net/netfilter/nfnetlink_queue.c | 7 ++++++- > > 2 files changed, 8 insertions(+), 1 deletions(-) > > > > 1fb988dc51e2465500df50ff4e085f80acb7b6a3 > > diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h > > index 9e77437..ce32c54 100644 > > --- a/include/linux/netfilter/nfnetlink_queue.h > > +++ b/include/linux/netfilter/nfnetlink_queue.h > > @@ -67,6 +67,7 @@ struct nfqnl_msg_config_cmd { > > } __attribute__ ((packed)); > > > > enum nfqnl_config_mode { > > + NFQNL_COPY_UNSPEC, > > NFQNL_COPY_NONE, > > NFQNL_COPY_META, > > NFQNL_COPY_PACKET, > > Looks like an ABI breaker. > > > @@ -75,6 +76,7 @@ enum nfqnl_config_mode { > > struct nfqnl_msg_config_params { > > u_int32_t copy_range; > > u_int8_t copy_mode; /* enum nfqnl_config_mode */ > > + u_int32_t queue_maxlen; > > } __attribute__ ((packed)); > > This too. Why not just use a new attribute? -- Eric Leblond <eric@inl.fr> INL [-- Attachment #1.2: libnetfilter_queue-specify-queue-max-length-from-userspace.patch --] [-- Type: text/x-patch, Size: 2712 bytes --] ------------------------------------------------------------------------ Signed-off-by: Eric Leblond <eric@inl.fr> --- Index: include/libnetfilter_queue/linux_nfnetlink_queue.h =================================================================== --- include/libnetfilter_queue/linux_nfnetlink_queue.h (révision 6470) +++ include/libnetfilter_queue/linux_nfnetlink_queue.h (copie de travail) @@ -1,13 +1,13 @@ #ifndef _NFNETLINK_QUEUE_H #define _NFNETLINK_QUEUE_H -#include <linux/types.h> -#include <libnfnetlink/linux_nfnetlink.h> - #ifndef aligned_u64 #define aligned_u64 unsigned long long __attribute__((aligned(8))) #endif +#include <linux/types.h> +#include <libnfnetlink/linux_nfnetlink.h> + enum nfqnl_msg_types { NFQNL_MSG_PACKET, /* packet from kernel to userspace */ NFQNL_MSG_VERDICT, /* verdict from userspace to kernel */ @@ -86,6 +86,7 @@ NFQA_CFG_UNSPEC, NFQA_CFG_CMD, /* nfqnl_msg_config_cmd */ NFQA_CFG_PARAMS, /* nfqnl_msg_config_params */ + NFQA_CFG_QUEUE_MAXLEN, /* u_int32_t */ __NFQA_CFG_MAX }; #define NFQA_CFG_MAX (__NFQA_CFG_MAX-1) Index: include/libnetfilter_queue/libnetfilter_queue.h =================================================================== --- include/libnetfilter_queue/libnetfilter_queue.h (révision 6470) +++ include/libnetfilter_queue/libnetfilter_queue.h (copie de travail) @@ -49,6 +49,9 @@ extern int nfq_set_mode(struct nfq_q_handle *qh, u_int8_t mode, unsigned int len); +int nfq_set_queue_maxlen(struct nfq_q_handle *qh, + u_int32_t queuelen); + extern int nfq_set_verdict(struct nfq_q_handle *qh, u_int32_t id, u_int32_t verdict, Index: src/libnetfilter_queue.c =================================================================== --- src/libnetfilter_queue.c (révision 6470) +++ src/libnetfilter_queue.c (copie de travail) @@ -288,6 +288,23 @@ return nfnl_talk(qh->h->nfnlh, nmh, 0, 0, NULL, NULL, NULL); } +int nfq_set_queue_maxlen(struct nfq_q_handle *qh, + u_int32_t queuelen) +{ + char buf[NFNL_HEADER_LEN + +NFA_LENGTH(sizeof(struct nfqnl_msg_config_params))]; + u_int32_t queue_maxlen = htonl(queuelen); + struct nlmsghdr *nmh = (struct nlmsghdr *) buf; + + nfnl_fill_hdr(qh->h->nfnlssh, nmh, 0, AF_UNSPEC, qh->id, + NFQNL_MSG_CONFIG, NLM_F_REQUEST|NLM_F_ACK); + + nfnl_addattr_l(nmh, sizeof(buf), NFQA_CFG_QUEUE_MAXLEN, &queue_maxlen, + sizeof(queue_maxlen)); + + return nfnl_talk(qh->h->nfnlh, nmh, 0, 0, NULL, NULL, NULL); +} + static int __set_verdict(struct nfq_q_handle *qh, u_int32_t id, u_int32_t verdict, u_int32_t mark, int set_mark, u_int32_t data_len, unsigned char *data) [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 2/2] [libnetfilter_queue] Specify nf_queue max length from userspace 2006-06-13 16:56 [PATCH 0/2] Specify nf_queue max length from userspace Eric Leblond 2006-06-13 17:06 ` [PATCH 1/2] " Eric Leblond @ 2006-06-13 17:07 ` Eric Leblond 1 sibling, 0 replies; 10+ messages in thread From: Eric Leblond @ 2006-06-13 17:07 UTC (permalink / raw) To: netfilter-devel [-- Attachment #1.1: Type: text/plain, Size: 96 bytes --] Attached patch is against libnetfilter_queue svn. BR, -- Eric Leblond <eric@inl.fr> INL [-- Attachment #1.2: libnetfilter_queue-specify-queue-max-length-from-userspace.txt --] [-- Type: text/x-patch, Size: 2300 bytes --] Index: include/libnetfilter_queue/linux_nfnetlink_queue.h =================================================================== --- include/libnetfilter_queue/linux_nfnetlink_queue.h (révision 6470) +++ include/libnetfilter_queue/linux_nfnetlink_queue.h (copie de travail) @@ -71,6 +71,7 @@ } __attribute__ ((packed)); enum nfqnl_config_mode { + NFQNL_COPY_UNSPEC, NFQNL_COPY_NONE, NFQNL_COPY_META, NFQNL_COPY_PACKET, @@ -79,6 +80,7 @@ struct nfqnl_msg_config_params { u_int32_t copy_range; u_int8_t copy_mode; /* enum nfqnl_config_mode */ + u_int32_t queue_maxlen; } __attribute__ ((packed)); Index: include/libnetfilter_queue/libnetfilter_queue.h =================================================================== --- include/libnetfilter_queue/libnetfilter_queue.h (révision 6470) +++ include/libnetfilter_queue/libnetfilter_queue.h (copie de travail) @@ -49,6 +49,9 @@ extern int nfq_set_mode(struct nfq_q_handle *qh, u_int8_t mode, unsigned int len); +int nfq_set_queue_maxlen(struct nfq_q_handle *qh, + u_int32_t queuelen); + extern int nfq_set_verdict(struct nfq_q_handle *qh, u_int32_t id, u_int32_t verdict, Index: src/libnetfilter_queue.c =================================================================== --- src/libnetfilter_queue.c (révision 6470) +++ src/libnetfilter_queue.c (copie de travail) @@ -288,6 +288,26 @@ return nfnl_talk(qh->h->nfnlh, nmh, 0, 0, NULL, NULL, NULL); } +int nfq_set_queue_maxlen(struct nfq_q_handle *qh, + u_int32_t queuelen) +{ + char buf[NFNL_HEADER_LEN + +NFA_LENGTH(sizeof(struct nfqnl_msg_config_params))]; + struct nfqnl_msg_config_params params; + struct nlmsghdr *nmh = (struct nlmsghdr *) buf; + + nfnl_fill_hdr(qh->h->nfnlssh, nmh, 0, AF_UNSPEC, qh->id, + NFQNL_MSG_CONFIG, NLM_F_REQUEST|NLM_F_ACK); + + params.copy_range = 0; + params.copy_mode = NFQNL_COPY_UNSPEC; + params.queue_maxlen=htonl(queuelen); + nfnl_addattr_l(nmh, sizeof(buf), NFQA_CFG_PARAMS, ¶ms, + sizeof(params)); + + return nfnl_talk(qh->h->nfnlh, nmh, 0, 0, NULL, NULL, NULL); +} + static int __set_verdict(struct nfq_q_handle *qh, u_int32_t id, u_int32_t verdict, u_int32_t mark, int set_mark, u_int32_t data_len, unsigned char *data) [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2006-06-20 1:21 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2006-06-13 16:56 [PATCH 0/2] Specify nf_queue max length from userspace Eric Leblond 2006-06-13 17:06 ` [PATCH 1/2] " Eric Leblond 2006-06-16 12:36 ` Pablo Neira Ayuso 2006-06-17 21:24 ` Eric Leblond 2006-06-18 17:13 ` Pablo Neira Ayuso 2006-06-19 16:26 ` Patrick McHardy 2006-06-19 19:57 ` Eric Leblond 2006-06-20 1:21 ` Patrick McHardy 2006-06-19 20:01 ` [PATCH 2/2] " Eric Leblond 2006-06-13 17:07 ` [PATCH 2/2] [libnetfilter_queue] " Eric Leblond
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.