From 2960dc340124759644e52e74188423195bce4cb1 Mon Sep 17 00:00:00 2001 From: Matt Fox Date: Mon, 27 Jun 2016 21:27:12 -0700 Subject: [PATCH] Use nfq_set_verdict2 instead of nfq_set_verdict_mark, like the libnetfilter_queue documentation says to do. --- README.rst | 5 ----- netfilterqueue.c | 10 +++++----- netfilterqueue.pxd | 2 +- netfilterqueue.pyx | 2 +- 4 files changed, 7 insertions(+), 12 deletions(-) diff --git a/README.rst b/README.rst index 604e9c6..b416d20 100644 --- a/README.rst +++ b/README.rst @@ -203,11 +203,6 @@ More details coming soon... arrived on or is leaving on * Probably other stuff is omitted too -* When a packet has been marked, we use nfq_set_verdict_mark rather than - nfq_set_verdict2. Apparently nfq_set_verdict_mark is - `broken `_, - although it works for me. - Source ====== diff --git a/netfilterqueue.c b/netfilterqueue.c index 2b7c80d..cd86808 100644 --- a/netfilterqueue.c +++ b/netfilterqueue.c @@ -2032,7 +2032,7 @@ static void __pyx_f_14netfilterqueue_6Packet_verdict(struct __pyx_obj_14netfilte * modified_payload_len = len(self._given_payload) * modified_payload = self._given_payload # <<<<<<<<<<<<<< * if self._mark_is_set: - * nfq_set_verdict_mark( + * nfq_set_verdict2( */ __pyx_t_4 = __Pyx_PyObject_AsUString(__pyx_v_self->_given_payload); if (unlikely((!__pyx_t_4) && PyErr_Occurred())) __PYX_ERR(0, 81, __pyx_L1_error) __pyx_v_modified_payload = __pyx_t_4; @@ -2050,7 +2050,7 @@ static void __pyx_f_14netfilterqueue_6Packet_verdict(struct __pyx_obj_14netfilte * modified_payload_len = len(self._given_payload) * modified_payload = self._given_payload * if self._mark_is_set: # <<<<<<<<<<<<<< - * nfq_set_verdict_mark( + * nfq_set_verdict2( * self._qh, */ __pyx_t_1 = (__pyx_v_self->_mark_is_set != 0); @@ -2059,17 +2059,17 @@ static void __pyx_f_14netfilterqueue_6Packet_verdict(struct __pyx_obj_14netfilte /* "netfilterqueue.pyx":83 * modified_payload = self._given_payload * if self._mark_is_set: - * nfq_set_verdict_mark( # <<<<<<<<<<<<<< + * nfq_set_verdict2( # <<<<<<<<<<<<<< * self._qh, * self.id, */ - nfq_set_verdict_mark(__pyx_v_self->_qh, __pyx_v_self->id, __pyx_v_verdict, htonl(__pyx_v_self->_given_mark), __pyx_v_modified_payload_len, __pyx_v_modified_payload); + nfq_set_verdict2(__pyx_v_self->_qh, __pyx_v_self->id, __pyx_v_verdict, htonl(__pyx_v_self->_given_mark), __pyx_v_modified_payload_len, __pyx_v_modified_payload); /* "netfilterqueue.pyx":82 * modified_payload_len = len(self._given_payload) * modified_payload = self._given_payload * if self._mark_is_set: # <<<<<<<<<<<<<< - * nfq_set_verdict_mark( + * nfq_set_verdict2( * self._qh, */ goto __pyx_L5; diff --git a/netfilterqueue.pxd b/netfilterqueue.pxd index 5827c11..dddf726 100644 --- a/netfilterqueue.pxd +++ b/netfilterqueue.pxd @@ -129,7 +129,7 @@ cdef extern from "libnetfilter_queue/libnetfilter_queue.h": u_int32_t data_len, unsigned char *buf) nogil - int nfq_set_verdict_mark(nfq_q_handle *qh, + int nfq_set_verdict2(nfq_q_handle *qh, u_int32_t id, u_int32_t verdict, u_int32_t mark, diff --git a/netfilterqueue.pyx b/netfilterqueue.pyx index dc9e31e..9c97c2c 100644 --- a/netfilterqueue.pyx +++ b/netfilterqueue.pyx @@ -80,7 +80,7 @@ cdef class Packet: modified_payload_len = len(self._given_payload) modified_payload = self._given_payload if self._mark_is_set: - nfq_set_verdict_mark( + nfq_set_verdict2( self._qh, self.id, verdict,