[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[Duncan Roe]

Hi Pablo,

This is the first step towards moving to 100% libmnl use.

AFAICS these 2 funtions just have to go otherwise we are stuck with
libnfnetlink for ever.

Cheers ... Duncan.

Duncan Roe (1):
  Retire 2 libnfnetlink-specific functions

 .gitignore                                      | 1 +
 include/libnetfilter_queue/libnetfilter_queue.h | 2 --
 src/libnetfilter_queue.c                        | 5 +++--
 3 files changed, 4 insertions(+), 4 deletions(-)

-- 
2.35.8

[PATCH libnetfilter_queue 1/1] Retire 2 libnfnetlink-specific functions

[Duncan Roe]

Remove nfq_nfnlh() and nfq_open_nfnl() from public access.

As outlined near the foot of
https://www.spinics.net/lists/netfilter-devel/msg82762.html,
nfq_open_nfnl() and nfq_nfnlh() are "problematic" to move to libmnl.

These functions are only of use to users writing libnfnetlink programs,
and libnfnetlink is going away.

Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
---
 .gitignore                                      | 1 +
 include/libnetfilter_queue/libnetfilter_queue.h | 2 --
 src/libnetfilter_queue.c                        | 5 +++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.gitignore b/.gitignore
index ae3e740..b64534a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,6 +19,7 @@ Makefile.in
 /libnetfilter_queue.pc
 
 /examples/nf-queue
+/examples/nfq6
 /doxygen/doxyfile.stamp
 /doxygen/html/
 /doxygen/man/
diff --git a/include/libnetfilter_queue/libnetfilter_queue.h b/include/libnetfilter_queue/libnetfilter_queue.h
index ec727fc..c5d4cc7 100644
--- a/include/libnetfilter_queue/libnetfilter_queue.h
+++ b/include/libnetfilter_queue/libnetfilter_queue.h
@@ -28,7 +28,6 @@ struct nfq_data;
 
 extern int nfq_errno;
 
-extern struct nfnl_handle *nfq_nfnlh(struct nfq_handle *h);
 extern int nfq_fd(struct nfq_handle *h);
 
 typedef int  nfq_callback(struct nfq_q_handle *gh, struct nfgenmsg *nfmsg,
@@ -36,7 +35,6 @@ typedef int  nfq_callback(struct nfq_q_handle *gh, struct nfgenmsg *nfmsg,
 
 
 extern struct nfq_handle *nfq_open(void);
-extern struct nfq_handle *nfq_open_nfnl(struct nfnl_handle *nfnlh);
 extern int nfq_close(struct nfq_handle *h);
 
 extern int nfq_bind_pf(struct nfq_handle *h, uint16_t pf);
diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c
index bf67a19..e8de90a 100644
--- a/src/libnetfilter_queue.c
+++ b/src/libnetfilter_queue.c
@@ -237,9 +237,11 @@ static int __nfq_rcv_pkt(struct nlmsghdr *nlh, struct nfattr *nfa[],
 	return qh->cb(qh, nfmsg, &nfqa, qh->data);
 }
 
+static struct nfq_handle *nfq_open_nfnl(struct nfnl_handle *nfnlh);
+static struct nfnl_handle *nfq_nfnlh(struct nfq_handle *h);
+
 /* public interface */
 
-EXPORT_SYMBOL
 struct nfnl_handle *nfq_nfnlh(struct nfq_handle *h)
 {
 	return h->nfnlh;
@@ -413,7 +415,6 @@ struct nfq_handle *nfq_open(void)
  *
  * \return a pointer to a new queue handle or NULL on failure.
  */
-EXPORT_SYMBOL
 struct nfq_handle *nfq_open_nfnl(struct nfnl_handle *nfnlh)
 {
 	struct nfnl_callback pkt_cb = {
-- 
2.35.8

Re: [PATCH libnetfilter_queue 1/1] Retire 2 libnfnetlink-specific functions

[Pablo Neira Ayuso]

On Tue, Oct 24, 2023 at 11:51:10AM +1100, Duncan Roe wrote:
> Remove nfq_nfnlh() and nfq_open_nfnl() from public access.
> 
> As outlined near the foot of
> https://www.spinics.net/lists/netfilter-devel/msg82762.html,
> nfq_open_nfnl() and nfq_nfnlh() are "problematic" to move to libmnl.
> 
> These functions are only of use to users writing libnfnetlink programs,
> and libnfnetlink is going away.

This is the last thing, first this API needs to be adapted to use
libmnl.

Re: [PATCH libnetfilter_queue 1/1] Retire 2 libnfnetlink-specific functions

[Duncan Roe]

On Tue, Oct 24, 2023 at 10:57:08AM +0200, Pablo Neira Ayuso wrote:
> On Tue, Oct 24, 2023 at 11:51:10AM +1100, Duncan Roe wrote:
> > Remove nfq_nfnlh() and nfq_open_nfnl() from public access.
> >
> > As outlined near the foot of
> > https://www.spinics.net/lists/netfilter-devel/msg82762.html,
> > nfq_open_nfnl() and nfq_nfnlh() are "problematic" to move to libmnl.
> >
> > These functions are only of use to users writing libnfnetlink programs,
> > and libnfnetlink is going away.
>
> This is the last thing, first this API needs to be adapted to use
> libmnl.

Yes, you can apply the patch any time - I just wanted to make sure it was
acceptable.

Could you in the meantime please apply
https://patchwork.ozlabs.org/project/netfilter-devel/patch/20231023022555.18740-1-duncan_roe@optusnet.com.au/
(canonical whitespace in headers) before it gets forgottten?

Cheers ... Duncan.

[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[Duncan Roe]

Hi Pablo,

We need this patch for mnl cut-over of nfnl API.
It's just an added function, should be fine to apply straight away(?)

Cheers ... Duncan.

Duncan Roe (1):
  src: Add nfq_nlmsg_put2() - header flags include NLM_F_ACK

 .../libnetfilter_queue/libnetfilter_queue.h   |  1 +
 src/nlmsg.c                                   | 72 ++++++++++++++++---
 2 files changed, 65 insertions(+), 8 deletions(-)

-- 
2.35.8

[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[Duncan Roe]

Hi Pablo,

Maybe park this one until mnl cut-over is complete(?)

Cheers ... Duncan.

Duncan Roe (1):
  Remove libnfnetlink from the build

 Make_global.am           | 2 +-
 configure.ac             | 1 -
 libnetfilter_queue.pc.in | 1 -
 src/Makefile.am          | 2 +-
 4 files changed, 2 insertions(+), 4 deletions(-)

-- 
2.35.8

[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[Duncan Roe]

Hi Pablo,

This patch enables nfqnl_test to run up to the line
> printf("binding this socket to queue '%d'\n", queue);
nfnl_rcvbufsiz() also succeeds.
https://patchwork.ozlabs.org/project/netfilter-devel/patch/20231110041604.11564-1-duncan_roe@optusnet.com.au/
nfqnl_test will crash if allowed to run further.

In nfq_open(), I renamed qh to h: it was just too annoying having the
nfq_handle called qh while everywhere else qh is a nfq_q_handle. Sorry if
that makes review harder.

For now I just made the obsolete functions nfq_{,un}bind_pf return 0. Can
do them properly later if you would prefer.

The patch is obviously not ready to apply yet so just for your review ATM.
Please suggest changes as you see fit.

Cheers ... Duncan.

Duncan Roe (1):
  Convert nfq_open(), nfq_bind_pf() & nfq_unbind_pf() to use libmnl

 doxygen/doxygen.cfg.in   |  1 +
 src/libnetfilter_queue.c | 43 ++++++++++++++++++++++++++++++----------
 2 files changed, 33 insertions(+), 11 deletions(-)

-- 
2.35.8

[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[Duncan Roe]

Hi Pablo,

This is the next one for parking as RFC. LMK if I should leave nfq_errno
(would only be set in 1 place now).

Cheers ... Duncan.

Duncan Roe (1):
  Convert nfq_create_queue(), nfq_bind_pf() & nfq_unbind_pf() to use
    libmnl

 .../libnetfilter_queue/libnetfilter_queue.h   |  4 +-
 src/libnetfilter_queue.c                      | 37 ++++++++-----------
 2 files changed, 17 insertions(+), 24 deletions(-)

-- 
2.35.8

[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[Duncan Roe]

Hi Pablo,

This is the next one for parking as RFC. LMK if I should leave nfq_errno
(would only be set in 1 place now).

Cheers ... Duncan.

Duncan Roe (1):
  Convert nfq_create_queue(), nfq_bind_pf() & nfq_unbind_pf() to use
    libmnl

 .../libnetfilter_queue/libnetfilter_queue.h   |  4 +-
 src/libnetfilter_queue.c                      | 37 ++++++++-----------
 2 files changed, 17 insertions(+), 24 deletions(-)

-- 
2.35.8