#endif
#include "pcap-int.h"
+#include "diag-control.h"
#ifdef NEED_STRERROR_H
#include "strerror.h"
#include <linux/netfilter/nfnetlink_log.h>
#include <linux/netfilter/nfnetlink_queue.h>
-/* NOTE: if your program drops privilages after pcap_activate() it WON'T work with nfqueue.
+/* NOTE: if your program drops privileges after pcap_activate() it WON'T work with nfqueue.
* It took me quite some time to debug ;/
*
- * Sending any data to nfnetlink socket requires CAP_NET_ADMIN privilages,
+ * Sending any data to nfnetlink socket requires CAP_NET_ADMIN privileges,
* and in nfqueue we need to send verdict reply after recving packet.
*
- * In tcpdump you can disable dropping privilages with -Z root
+ * In tcpdump you can disable dropping privileges with -Z root
*/
#include "pcap-netfilter-linux.h"
bp = (unsigned char *)handle->buffer;
} else
bp = handle->bp;
+
+ /*
+ * Loop through each message.
+ *
+ * This assumes that a single buffer of message will have
+ * <= INT_MAX packets, so the message count doesn't overflow.
+ */
ep = bp + len;
while (bp < ep) {
const struct nlmsghdr *nlh = (const struct nlmsghdr *) bp;
static unsigned int seq_id;
if (!seq_id)
+DIAG_OFF_NARROWING
seq_id = time(NULL);
+DIAG_ON_NARROWING
++seq_id;
nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct nfgenmsg));
if (nflog_send_config_cmd(handle, groups[i], NFULNL_CFG_CMD_BIND, AF_UNSPEC) < 0) {
pcap_fmt_errmsg_for_errno(handle->errbuf,
PCAP_ERRBUF_SIZE, errno,
- "Can't listen on group group index");
+ "Can't listen on group index");
goto close_fail;
}
if (nfqueue_send_config_cmd(handle, groups[i], NFQNL_CFG_CMD_BIND, AF_UNSPEC) < 0) {
pcap_fmt_errmsg_for_errno(handle->errbuf,
PCAP_ERRBUF_SIZE, errno,
- "Can't listen on group group index");
+ "Can't listen on group index");
goto close_fail;
}
/* OK, it's probably ours. */
*is_ours = 1;
- p = pcap_create_common(ebuf, sizeof (struct pcap_netfilter));
+ p = PCAP_CREATE_COMMON(ebuf, struct pcap_netfilter);
if (p == NULL)
return (NULL);
projects / libpcap / blobdiff