Change Packet Payload

Change Packet Payload

[Luis Campo Giralte]

Hi every one!

I have the next dude :D

im using libnetfilter_queue lib, its posible to change any value of the
packet, source address, icmp types, payload chars, or any data of the
packet received on the Handler (nfq_create_queue(h,0,&MyHandler,NULL))
and send it again with the correct checksum?

Thanks in advanced!

Re: Change Packet Payload

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 467 bytes --]

Hi,

Le vendredi 09 février 2007 à 10:10 +0100, Luis Campo Giralte a écrit :
> Hi every one!
> im using libnetfilter_queue lib, its posible to change any value of the
> packet, source address, icmp types, payload chars, or any data of the
> packet received on the Handler (nfq_create_queue(h,0,&MyHandler,NULL))
> and send it again with the correct checksum?

Yes, but you have to compute the checksum yourself.

BR,
-- 
Eric Leblond <eric@inl.fr>
INL

[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: Change Packet Payload

[Henrik Nordstrom]

[-- Attachment #1: Type: text/plain, Size: 690 bytes --]

fre 2007-02-09 klockan 10:31 +0100 skrev Eric Leblond:
> Hi,
> 
> Le vendredi 09 février 2007 à 10:10 +0100, Luis Campo Giralte a écrit :
> > Hi every one!
> > im using libnetfilter_queue lib, its posible to change any value of the
> > packet, source address, icmp types, payload chars, or any data of the
> > packet received on the Handler (nfq_create_queue(h,0,&MyHandler,NULL))
> > and send it again with the correct checksum?
> 
> Yes, but you have to compute the checksum yourself.

And also make sure conntrack isn't loaded as it does not expect QUEUE to
rewrite things.. unless you QUEUE in the raw table PREROUTING before
conntrack is invoked..

Regards
Henrik

[-- Attachment #2: Detta är en digitalt signerad meddelandedel --]
[-- Type: application/pgp-signature, Size: 307 bytes --]

Re: Change Packet Payload

[Pablo Neira Ayuso]

Hi Eric,

Eric Leblond wrote:
> Le vendredi 09 février 2007 à 10:10 +0100, Luis Campo Giralte a écrit :
>> Hi every one!
>> im using libnetfilter_queue lib, its posible to change any value of the
>> packet, source address, icmp types, payload chars, or any data of the
>> packet received on the Handler (nfq_create_queue(h,0,&MyHandler,NULL))
>> and send it again with the correct checksum?
> 
> Yes, but you have to compute the checksum yourself.

I would accept a patch to introduce a function that computes the
checksum. I think that the library should provide as much helper
functions as possible. We can group such helper functions by protocols
in different files inside the libnetfilter_queue tree. I have already
seen several post in the mailing list on how to retrieve data from the
header and such.

-- 
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris

Re: Change Packet Payload

[Sebastien Tricaud]

[-- Attachment #1: Type: text/plain, Size: 519 bytes --]

Hi Pablo,

I wrote this simple patch.
Any comment on it, naming conventions, better approach, etc.. appreciated

Pablo Neira Ayuso wrote:
>
> I would accept a patch to introduce a function that computes the
> checksum. I think that the library should provide as much helper
> functions as possible. We can group such helper functions by protocols
> in different files inside the libnetfilter_queue tree. I have already
> seen several post in the mailing list on how to retrieve data from the
> header and such.
>
>   


[-- Attachment #2: nfq-compute_cksum.1.patch --]
[-- Type: text/x-patch, Size: 4605 bytes --]

Index: include/libnetfilter_queue/Makefile.am
===================================================================
--- include/libnetfilter_queue/Makefile.am	(revision 6757)
+++ include/libnetfilter_queue/Makefile.am	(working copy)
@@ -1,3 +1,3 @@
 
-pkginclude_HEADERS = libnetfilter_queue.h libipq.h linux_nfnetlink_queue.h
+pkginclude_HEADERS = libnetfilter_queue.h libipq.h linux_nfnetlink_queue.h protocol_any_helper.h
 
Index: include/libnetfilter_queue/libnetfilter_queue.h
===================================================================
--- include/libnetfilter_queue/libnetfilter_queue.h	(revision 6757)
+++ include/libnetfilter_queue/libnetfilter_queue.h	(working copy)
@@ -14,9 +14,8 @@
 #define __LIBCTNETLINK_H
 
 #include <libnfnetlink/libnfnetlink.h>
-// #include <libnfnetlink/liunx_nfnetlink.h>
-
 #include <libnetfilter_queue/linux_nfnetlink_queue.h>
+#include <libnetfilter_queue/protocol_any_helper.h>
 
 struct nfq_handle;
 struct nfq_q_handle;
Index: include/libnetfilter_queue/protocol_any_helper.h
===================================================================
--- include/libnetfilter_queue/protocol_any_helper.h	(revision 0)
+++ include/libnetfilter_queue/protocol_any_helper.h	(revision 0)
@@ -0,0 +1,17 @@
+/* 
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2 
+ *  as published by the Free Software Foundation
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+extern unsigned short nfq_compute_cksum(struct nfq_data *nfad);
+
Index: src/protocol_any_helper.c
===================================================================
--- src/protocol_any_helper.c	(revision 0)
+++ src/protocol_any_helper.c	(revision 0)
@@ -0,0 +1,53 @@
+/* 
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2 
+ *  as published by the Free Software Foundation
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/** 
+ * nfq_compute_cksum - returns the checksum computed 
+ * @data: packet payload
+ * @len: packet lenght (header+payload)
+ *
+ * Helper function to compute packet checkum.
+ */
+/* (c) Richard W. Stevens */
+unsigned short nfq_compute_cksum(unsigned short *data, int len)
+{
+        int nleft             = len;
+        int sum               = 0;
+        unsigned short *w     = data;
+        unsigned short answer = 0;
+
+        /*
+	 * Our algorithm is simple, using a 32 bits accumulator (sum), we add
+	 * sequential 16 bit words to it, and at the end, fold back all the
+	 * carry bits from the top 16 bits into the lower 16 bits.
+	 */
+        while ( nleft > 1 ) {
+                sum   += *w++;
+                nleft -= 2;
+        }
+
+        /* mop up an odd byte, if necessary */
+        if ( nleft == 1 ) {
+                *(unsigned char *) (&answer) = *(unsigned char *) w;
+                sum += answer;
+        }
+
+        /* add back carry outs from top 16 bits to low 16 bits */
+        sum    =  (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
+        sum    += (sum >> 16);  /* and carry */
+        answer =  ~sum;         /* truncate to 16 bits */
+
+        return answer;
+}
Index: src/Makefile.am
===================================================================
--- src/Makefile.am	(revision 6757)
+++ src/Makefile.am	(working copy)
@@ -10,7 +10,7 @@
 
 libnetfilter_queue_la_LDFLAGS = -Wc,-nostartfiles -lnfnetlink \
 				-version-info $(LIBVERSION)
-libnetfilter_queue_la_SOURCES = libnetfilter_queue.c 
+libnetfilter_queue_la_SOURCES = libnetfilter_queue.c protocol_any_helper.c
 
 libnetfilter_queue_libipq_la_LDFLAGS = -Wc,-nostartfiles \
 				-version-info 1:0:0

Re: Change Packet Payload

[Sebastien Tricaud]

[-- Attachment #1: Type: text/plain, Size: 518 bytes --]

Hi Pablo,

I wrote this simple patch.
Any comment on it, naming conventions, better approach, etc.. appreciated


Pablo Neira Ayuso wrote:
> I would accept a patch to introduce a function that computes the
> checksum. I think that the library should provide as much helper
> functions as possible. We can group such helper functions by protocols
> in different files inside the libnetfilter_queue tree. I have already
> seen several post in the mailing list on how to retrieve data from the
> header and such.
>
>   


[-- Attachment #2: nfq-compute_cksum.1.patch --]
[-- Type: text/x-patch, Size: 4605 bytes --]

Index: include/libnetfilter_queue/Makefile.am
===================================================================
--- include/libnetfilter_queue/Makefile.am	(revision 6757)
+++ include/libnetfilter_queue/Makefile.am	(working copy)
@@ -1,3 +1,3 @@
 
-pkginclude_HEADERS = libnetfilter_queue.h libipq.h linux_nfnetlink_queue.h
+pkginclude_HEADERS = libnetfilter_queue.h libipq.h linux_nfnetlink_queue.h protocol_any_helper.h
 
Index: include/libnetfilter_queue/libnetfilter_queue.h
===================================================================
--- include/libnetfilter_queue/libnetfilter_queue.h	(revision 6757)
+++ include/libnetfilter_queue/libnetfilter_queue.h	(working copy)
@@ -14,9 +14,8 @@
 #define __LIBCTNETLINK_H
 
 #include <libnfnetlink/libnfnetlink.h>
-// #include <libnfnetlink/liunx_nfnetlink.h>
-
 #include <libnetfilter_queue/linux_nfnetlink_queue.h>
+#include <libnetfilter_queue/protocol_any_helper.h>
 
 struct nfq_handle;
 struct nfq_q_handle;
Index: include/libnetfilter_queue/protocol_any_helper.h
===================================================================
--- include/libnetfilter_queue/protocol_any_helper.h	(revision 0)
+++ include/libnetfilter_queue/protocol_any_helper.h	(revision 0)
@@ -0,0 +1,17 @@
+/* 
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2 
+ *  as published by the Free Software Foundation
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+extern unsigned short nfq_compute_cksum(struct nfq_data *nfad);
+
Index: src/protocol_any_helper.c
===================================================================
--- src/protocol_any_helper.c	(revision 0)
+++ src/protocol_any_helper.c	(revision 0)
@@ -0,0 +1,53 @@
+/* 
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2 
+ *  as published by the Free Software Foundation
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/** 
+ * nfq_compute_cksum - returns the checksum computed 
+ * @data: packet payload
+ * @len: packet lenght (header+payload)
+ *
+ * Helper function to compute packet checkum.
+ */
+/* (c) Richard W. Stevens */
+unsigned short nfq_compute_cksum(unsigned short *data, int len)
+{
+        int nleft             = len;
+        int sum               = 0;
+        unsigned short *w     = data;
+        unsigned short answer = 0;
+
+        /*
+	 * Our algorithm is simple, using a 32 bits accumulator (sum), we add
+	 * sequential 16 bit words to it, and at the end, fold back all the
+	 * carry bits from the top 16 bits into the lower 16 bits.
+	 */
+        while ( nleft > 1 ) {
+                sum   += *w++;
+                nleft -= 2;
+        }
+
+        /* mop up an odd byte, if necessary */
+        if ( nleft == 1 ) {
+                *(unsigned char *) (&answer) = *(unsigned char *) w;
+                sum += answer;
+        }
+
+        /* add back carry outs from top 16 bits to low 16 bits */
+        sum    =  (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
+        sum    += (sum >> 16);  /* and carry */
+        answer =  ~sum;         /* truncate to 16 bits */
+
+        return answer;
+}
Index: src/Makefile.am
===================================================================
--- src/Makefile.am	(revision 6757)
+++ src/Makefile.am	(working copy)
@@ -10,7 +10,7 @@
 
 libnetfilter_queue_la_LDFLAGS = -Wc,-nostartfiles -lnfnetlink \
 				-version-info $(LIBVERSION)
-libnetfilter_queue_la_SOURCES = libnetfilter_queue.c 
+libnetfilter_queue_la_SOURCES = libnetfilter_queue.c protocol_any_helper.c
 
 libnetfilter_queue_libipq_la_LDFLAGS = -Wc,-nostartfiles \
 				-version-info 1:0:0

Re: Change Packet Payload

[Patrick McHardy]

Sebastien Tricaud wrote:

> Index: src/protocol_any_helper.c
> ===================================================================
> --- src/protocol_any_helper.c	(revision 0)
> +++ src/protocol_any_helper.c	(revision 0)
> @@ -0,0 +1,53 @@
> +/* 
> + *  This program is free software; you can redistribute it and/or modify
> + *  it under the terms of the GNU General Public License version 2 
> + *  as published by the Free Software Foundation
> + */


> +/* (c) Richard W. Stevens */
> +unsigned short nfq_compute_cksum(unsigned short *data, int len)

Do you have permission to put this under the GPL?

Re: Change Packet Payload

[Sebastien Tricaud]

Patrick McHardy wrote:
>> +/* (c) Richard W. Stevens */
>> +unsigned short nfq_compute_cksum(unsigned short *data, int len)
>>     
>
> Do you have permission to put this under the GPL?
>
>
>   

Good point.
As far as I know, this is public domain. However I will make sure of it
and be back with an answer.

Re: Change Packet Payload

[Sebastien Tricaud]

This code is in several public domain or GPL tools.
For example nessus uses it :
http://cvsweb.nessus.org/cgi-bin/viewcvs.cgi/nessus-libraries/libnessus/network.c?rev=1.28

It is not a proof yet but I'm pretty confident. I have the book at home
and I will look at it tonight (Appendix F : Source code availability).



Sebastien Tricaud wrote:
> Patrick McHardy wrote:
>   
>>> +/* (c) Richard W. Stevens */
>>> +unsigned short nfq_compute_cksum(unsigned short *data, int len)
>>>     
>>>       
>> Do you have permission to put this under the GPL?
>>
>>
>>   
>>     
>
> Good point.
> As far as I know, this is public domain. However I will make sure of it
> and be back with an answer.
>
>
>
>   

Re: Change Packet Payload

[Patrick McHardy]

Sebastien Tricaud wrote:
> This code is in several public domain or GPL tools.
> For example nessus uses it :
> http://cvsweb.nessus.org/cgi-bin/viewcvs.cgi/nessus-libraries/libnessus/network.c?rev=1.28

Yes, I found some other users of this as well, but as you say,
that doesn't necessarily mean its OK to use.

> It is not a proof yet but I'm pretty confident. I have the book at home
> and I will look at it tonight (Appendix F : Source code availability).

Thanks.

Re: Change Packet Payload

[Pablo Neira Ayuso]

Patrick McHardy wrote:
> Sebastien Tricaud wrote:
>> This code is in several public domain or GPL tools.
>> For example nessus uses it :
>> http://cvsweb.nessus.org/cgi-bin/viewcvs.cgi/nessus-libraries/libnessus/network.c?rev=1.28
> 
> Yes, I found some other users of this as well, but as you say,
> that doesn't necessarily mean its OK to use.

The code seems very similar to the one that is available in RFC1071. I
recently added initial support for message checksumming to conntrackd
and used that code (slightely modified) indicating the source, thus not
explicitely licensing that part as GPL since I don't own the copyright
of it. Can we consider examples available in a RFC as public domain code?

-- 
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris

Re: Change Packet Payload

[Sebastien Tricaud]

Hi Pablo,


I can't find any information for licensing issues for Stevens material.
However for IETF stuff, reading RFC 3978 section 3.3 seems pretty clear.

In short :

"the Contributor, and each named co-Contributor, and the organization he
or she represents or is sponsored by (if any) grant a perpetual,
irrevocable, non-exclusive, royalty-free, world-wide right and license
to the ISOC and the IETF under all intellectual property rights in the
Contribution:"

"to extract, copy, publish, display, distribute, modify and incorporate
into other works, for any purpose (and not limited to use within the
IETF Standards Process) any executable code or code fragments that are
included in any IETF Document (such as MIB and PIB modules)"


Then there is a follow up to section 5 which states that taking code or
quotes requires the following :
"Copyright (C) The Internet Society <year>. This version of this MIB
module is part of RFC XXXX; see the RFC itself for full legal notices."


As for checksum computation. I think it is bad to have shared code in
several libraries. How about putting everything in nfnetlink ? I that
appropriated ?



Thanks,
Sebastien.


Pablo Neira Ayuso wrote:
>
> The code seems very similar to the one that is available in RFC1071. I
> recently added initial support for message checksumming to conntrackd
> and used that code (slightely modified) indicating the source, thus not
> explicitely licensing that part as GPL since I don't own the copyright
> of it. Can we consider examples available in a RFC as public domain code?
>
>   

Re: Change Packet Payload

[Sebastien Tricaud]

[-- Attachment #1: Type: text/plain, Size: 105 bytes --]

Hi folks,

this is patch adds the checksum computation feature in netfilter_queue.


Thanks,
Sebastien.


[-- Attachment #2: nfq-compute_cksum.2.patch --]
[-- Type: text/x-patch, Size: 5324 bytes --]

Index: include/libnetfilter_queue/Makefile.am
===================================================================
--- include/libnetfilter_queue/Makefile.am	(revision 6757)
+++ include/libnetfilter_queue/Makefile.am	(working copy)
@@ -1,3 +1,3 @@
 
-pkginclude_HEADERS = libnetfilter_queue.h libipq.h linux_nfnetlink_queue.h
+pkginclude_HEADERS = libnetfilter_queue.h libipq.h linux_nfnetlink_queue.h protocol_any_helper.h
 
Index: include/libnetfilter_queue/libnetfilter_queue.h
===================================================================
--- include/libnetfilter_queue/libnetfilter_queue.h	(revision 6757)
+++ include/libnetfilter_queue/libnetfilter_queue.h	(working copy)
@@ -14,9 +14,8 @@
 #define __LIBCTNETLINK_H
 
 #include <libnfnetlink/libnfnetlink.h>
-// #include <libnfnetlink/liunx_nfnetlink.h>
-
 #include <libnetfilter_queue/linux_nfnetlink_queue.h>
+#include <libnetfilter_queue/protocol_any_helper.h>
 
 struct nfq_handle;
 struct nfq_q_handle;
@@ -79,8 +78,7 @@
 extern u_int32_t nfq_get_physindev(struct nfq_data *nfad);
 extern u_int32_t nfq_get_outdev(struct nfq_data *nfad);
 extern u_int32_t nfq_get_physoutdev(struct nfq_data *nfad);
-
-extern int nfq_get_indev_name(struct nlif_handle *nlif_handle,
+extern int nfq_get_indev_name(struct nlif_handle *nlif_handle, 
 			      struct nfq_data *nfad, char *name);
 extern int nfq_get_physindev_name(struct nlif_handle *nlif_handle,
 			          struct nfq_data *nfad, char *name);
Index: include/libnetfilter_queue/protocol_any_helper.h
===================================================================
--- include/libnetfilter_queue/protocol_any_helper.h	(revision 0)
+++ include/libnetfilter_queue/protocol_any_helper.h	(revision 0)
@@ -0,0 +1,17 @@
+/* 
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2 
+ *  as published by the Free Software Foundation
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+extern unsigned short nfq_compute_cksum(unsigned short *addr, int count);
+
Index: configure.in
===================================================================
--- configure.in	(revision 6757)
+++ configure.in	(working copy)
@@ -23,7 +23,7 @@
 PKG_CHECK_MODULES(LIBNFNETLINK, libnfnetlink >= $LIBNFNETLINK_REQUIRED,,
 	AC_MSG_ERROR(Cannot find libnfnetlink >= $LIBNFNETLINK_REQUIRED))
  
-CFLAGS="$CFLAGS $LIBNFNETLINK_CFLAGS"
+CFLAGS="$CFLAGS $LIBNFNETLINK_CFLAGS -Wpadded"
 LIBNFQUEUE_LIBS="$LIBNFNETLINK_LIBS"
  
 AC_SUBST(LIBNFQUEUE_LIBS)
Index: src/protocol_any_helper.c
===================================================================
--- src/protocol_any_helper.c	(revision 0)
+++ src/protocol_any_helper.c	(revision 0)
@@ -0,0 +1,53 @@
+/* 
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2 
+ *  as published by the Free Software Foundation
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <libnetfilter_queue/protocol_any_helper.h>
+
+/** 
+ * nfq_compute_cksum - returns the checksum computed 
+ * @addr: Address of stored data pointer
+ * @count: packet lenght (header+payload)
+ *
+ * Helper function to compute packet checkum.
+ */
+/* Copyright (C) The Internet Society 1988. This version of this code
+ * is part of RFC 1071; see the RFC itself for full legal notices.
+ *
+ * The original code has been slightly changed
+ */
+unsigned short nfq_compute_cksum(unsigned short *addr, int count)
+{
+
+	/* Compute Internet Checksum for "count" bytes
+	 *         beginning at location "addr".
+	 */
+	unsigned short sum = 0;
+
+        while( count > 1 ) {
+		/*  This is the inner loop */
+		sum += (unsigned short *) addr++;
+		count -= 2;
+	}
+
+	/*  Add left-over byte, if any */
+	if( count > 0 )
+		sum += * (unsigned char *) addr;
+
+	/*  Fold 32-bit sum to 16 bits */
+	while (sum>>16)
+		sum = (sum & 0xffff) + (sum >> 16);
+
+	return ~sum;
+}
Index: src/Makefile.am
===================================================================
--- src/Makefile.am	(revision 6757)
+++ src/Makefile.am	(working copy)
@@ -10,7 +10,7 @@
 
 libnetfilter_queue_la_LDFLAGS = -Wc,-nostartfiles -lnfnetlink \
 				-version-info $(LIBVERSION)
-libnetfilter_queue_la_SOURCES = libnetfilter_queue.c 
+libnetfilter_queue_la_SOURCES = libnetfilter_queue.c protocol_any_helper.c
 
 libnetfilter_queue_libipq_la_LDFLAGS = -Wc,-nostartfiles \
 				-version-info 1:0:0