Use nfq_set_verdict2 instead of nfq_set_verdict_mark, like the libnetfilter_queue documentation says to do.

2016-06-27 21:27:12 -07:00 · 2016-06-27 21:27:12 -07:00 · 2960dc3401
parent 405747fe36
commit 2960dc3401
4 changed files with 7 additions and 12 deletions
--- a/README.rst
+++ b/README.rst
@ -203,11 +203,6 @@ More details coming soon...
      arrived on or is leaving on
    * Probably other stuff is omitted too
    
-* When a packet has been marked, we use nfq_set_verdict_mark rather than
-  nfq_set_verdict2. Apparently nfq_set_verdict_mark is 
-  `broken <http://netfilter.org/projects/libnetfilter_queue/doxygen/group__Queue.html#ga1986d6387c5aa2a837c02e87ae3b45ff>`_,
-  although it works for me.
-
 Source
 ======

--- a/netfilterqueue.c
+++ b/netfilterqueue.c
@ -2032,7 +2032,7 @@ static void __pyx_f_14netfilterqueue_6Packet_verdict(struct __pyx_obj_14netfilte
 *             modified_payload_len = len(self._given_payload)
 *             modified_payload = self._given_payload             # <<<<<<<<<<<<<<
 *         if self._mark_is_set:
- *             nfq_set_verdict_mark(
+ *             nfq_set_verdict2(
 */
    __pyx_t_4 = __Pyx_PyObject_AsUString(__pyx_v_self->_given_payload); if (unlikely((!__pyx_t_4) && PyErr_Occurred())) __PYX_ERR(0, 81, __pyx_L1_error)
    __pyx_v_modified_payload = __pyx_t_4;
@ -2050,7 +2050,7 @@ static void __pyx_f_14netfilterqueue_6Packet_verdict(struct __pyx_obj_14netfilte
 *             modified_payload_len = len(self._given_payload)
 *             modified_payload = self._given_payload
 *         if self._mark_is_set:             # <<<<<<<<<<<<<<
- *             nfq_set_verdict_mark(
+ *             nfq_set_verdict2(
 *                 self._qh,
 */
  __pyx_t_1 = (__pyx_v_self->_mark_is_set != 0);
@ -2059,17 +2059,17 @@ static void __pyx_f_14netfilterqueue_6Packet_verdict(struct __pyx_obj_14netfilte
    /* "netfilterqueue.pyx":83
 *             modified_payload = self._given_payload
 *         if self._mark_is_set:
- *             nfq_set_verdict_mark(             # <<<<<<<<<<<<<<
+ *             nfq_set_verdict2(             # <<<<<<<<<<<<<<
 *                 self._qh,
 *                 self.id,
 */
-    nfq_set_verdict_mark(__pyx_v_self->_qh, __pyx_v_self->id, __pyx_v_verdict, htonl(__pyx_v_self->_given_mark), __pyx_v_modified_payload_len, __pyx_v_modified_payload);
+    nfq_set_verdict2(__pyx_v_self->_qh, __pyx_v_self->id, __pyx_v_verdict, htonl(__pyx_v_self->_given_mark), __pyx_v_modified_payload_len, __pyx_v_modified_payload);

    /* "netfilterqueue.pyx":82
 *             modified_payload_len = len(self._given_payload)
 *             modified_payload = self._given_payload
 *         if self._mark_is_set:             # <<<<<<<<<<<<<<
- *             nfq_set_verdict_mark(
+ *             nfq_set_verdict2(
 *                 self._qh,
 */
    goto __pyx_L5;
--- a/netfilterqueue.pxd
+++ b/netfilterqueue.pxd
@ -129,7 +129,7 @@ cdef extern from "libnetfilter_queue/libnetfilter_queue.h":
                          u_int32_t data_len,
                          unsigned char *buf) nogil

-    int nfq_set_verdict_mark(nfq_q_handle *qh,
+    int nfq_set_verdict2(nfq_q_handle *qh,
                            u_int32_t id,
                            u_int32_t verdict,
                            u_int32_t mark,
--- a/netfilterqueue.pyx
+++ b/netfilterqueue.pyx
@ -80,7 +80,7 @@ cdef class Packet:
            modified_payload_len = len(self._given_payload)
            modified_payload = self._given_payload
        if self._mark_is_set:
-            nfq_set_verdict_mark(
+            nfq_set_verdict2(
                self._qh,
                self.id,
                verdict,