Pablo Neira Ayuso wrote:
Pablo Neira Ayuso wrote:
I have applied your patch but I have mangled this part:
@@ -699,10 +705,12 @@ int nfq_set_verdict2(struct nfq_q_handle *qh,
u_int32_t id,
* \param qh Netfilter queue handle obtained by call to nfq_create_queue().
* \param id ID assigned to packet by netfilter.
* \param verdict verdict to return to netfilter (NF_ACCEPT, NF_DROP)
- * \param mark mark to put on packet
+ * \param mark the mark to put on the packet, in network byte order.
The mark parameter in nfq_set_verdict2() is in host-byte order. It must
be in network-byte order in the deprecated nfq_set_verdict_mark().
Sorry, it's fine. I got confused with the patch context information.
That change applies to nfq_set_verdict_mark().
I might have munged it somehow when I rebased it to follow the commit
that created nfq_set_verdict2(), that context does look strange.
Anyhow, it was supposed to be on nfq_set_verdict_mark().
While we're at it, here's an update to the documentation which changes
references to nfq_set_verdict_mark() to nfq_set_verdict2(). Please
forgive me if it seems picayune, but there's nothing wrong with having
accurate documentation.
Thanks,
David Favro
Documentation update: refers to "nfq_set_verdict2()" rather than "nfq_set_verdict_mark()" which is now deprecated.
From: David Favro <netfilter@xxxxxxxxxxxxxxxx>
Signed-off-by: David Favro <netfilter@xxxxxxxxxxxxxxxx>
---
src/libnetfilter_queue.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c
index 7d0fb45..09cde59 100644
--- a/src/libnetfilter_queue.c
+++ b/src/libnetfilter_queue.c
@@ -216,8 +216,8 @@ struct nfnl_handle *nfq_nfnlh(struct nfq_handle *h)
nfq_handle_packet(h, buf, rv);
}
\endverbatim
- * When the decision on a packet has been choosed, the verdict has to be given
- * by calling nfq_set_verdict() or nfq_set_verdict_mark().
+ * When the decision on a packet has been chosen, the verdict has to be given
+ * by calling nfq_set_verdict() or nfq_set_verdict2().
*
* Data and information about the packet can be fetch by using message parsing
* functions (See \link Parsing \endlink).
@@ -673,7 +673,7 @@ static int __set_verdict(struct nfq_q_handle *qh, u_int32_t id,
*
* Notifies netfilter of the userspace verdict for the given packet. Every
* queued packet _must_ have a verdict specified by userspace, either by
- * calling this function, or by calling the nfq_set_verdict_mark() function.
+ * calling this function, or by calling the nfq_set_verdict2() function.
*
* \return -1 on error; >= 0 otherwise.
*/
--
1.6.3.3
