summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
author/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org>2005-08-07 14:55:15 +0000
committer/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org>2005-08-07 14:55:15 +0000
commit1b5b6308f853ecd0a53c259b95fbf5ba8a99d14f (patch)
treef3a0034be97d266bff6c978d9b408a462284f1dd
parent0c5e5fb15205d1be968d84058d0b91f5c727c454 (diff)
really implement a full test program. returns NF_ACCEPT verdict for all packets
-rw-r--r--utils/nfqnl_test.c112
1 files changed, 100 insertions, 12 deletions
diff --git a/utils/nfqnl_test.c b/utils/nfqnl_test.c
index ddc5fe9..accd127 100644
--- a/utils/nfqnl_test.c
+++ b/utils/nfqnl_test.c
@@ -3,32 +3,120 @@
#include <stdlib.h>
#include <unistd.h>
#include <netinet/in.h>
+#include <linux/netfilter.h> /* for NF_ACCEPT */
#include <libnfnetlink_queue/libnfnetlink_queue.h>
+/* returns packet id */
+static u_int32_t print_pkt (struct nfattr *tb[])
+{
+ int id = 0;
+
+ if (tb[NFQA_PACKET_HDR-1]) {
+ struct nfqnl_msg_packet_hdr *ph =
+ NFA_DATA(tb[NFQA_PACKET_HDR-1]);
+ id = ntohl(ph->packet_id);
+ printf("hw_protocol=0x%04x hook=%u id=%u ",
+ ntohs(ph->hw_protocol), ph->hook, id);
+ }
+
+ if (tb[NFQA_MARK-1]) {
+ u_int32_t mark =
+ ntohl(*(u_int32_t *)NFA_DATA(tb[NFQA_MARK-1]));
+ printf("mark=%u ", mark);
+ }
+
+ if (tb[NFQA_IFINDEX_INDEV-1]) {
+ u_int32_t ifi =
+ ntohl(*(u_int32_t *)NFA_DATA(tb[NFQA_IFINDEX_INDEV-1]));
+ printf("indev=%u ", ifi);
+ }
+
+ if (tb[NFQA_IFINDEX_OUTDEV-1]) {
+ u_int32_t ifi =
+ ntohl(*(u_int32_t *)NFA_DATA(tb[NFQA_IFINDEX_OUTDEV-1]));
+ printf("outdev=%u ", ifi);
+ }
+
+ if (tb[NFQA_PAYLOAD-1]) {
+ printf("payload_len=%d ", NFA_PAYLOAD(tb[NFQA_PAYLOAD-1]));
+ }
+
+ fputc('\n', stdout);
+
+ return id;
+}
+
+
+static int cb(struct nfqnl_q_handle *qh, struct nfgenmsg *nfmsg,
+ struct nfattr *nfa[], void *data)
+{
+ u_int32_t id = print_pkt(nfa);
+ printf("entering callback\n");
+ return nfqnl_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
+}
+
int main(int argc, char **argv)
{
- struct nfqnl_handle h;
- struct nfqnl_q_handle qh;
+ struct nfqnl_handle *h;
+ struct nfqnl_q_handle *qh;
+ struct nfnl_handle *nh;
+ int fd;
int rv;
char buf[4096];
- rv = nfqnl_open(&h);
- if (rv < 0)
- exit(rv);
+ printf("opening library handle\n");
+ h = nfqnl_open();
+ if (!h) {
+ fprintf(stderr, "error during nfqnl_open()\n");
+ exit(1);
+ }
+
+ printf("unbinding existing nf_queue handler for AF_INET (if any)\n");
+ if (nfqnl_unbind_pf(h, AF_INET) < 0) {
+ fprintf(stderr, "error during nfqnl_unbind_pf()\n");
+ exit(1);
+ }
+
+ printf("binding nfnetlink_queue as nf_queue handler for AF_INET\n");
+ if (nfqnl_bind_pf(h, AF_INET) < 0) {
+ fprintf(stderr, "error during nfqnl_bind_pf()\n");
+ exit(1);
+ }
- nfqnl_bind_pf(&h, AF_INET);
- nfqnl_create_queue(&h, &qh, 0);
- nfqnl_set_mode(&qh, NFQNL_COPY_PACKET, 0xffff);
+ printf("binding this socket to queue '0'\n");
+ qh = nfqnl_create_queue(h, 0, &cb, NULL);
+ if (!qh) {
+ fprintf(stderr, "error during nfqnl_create_queue()\n");
+ exit(1);
+ }
- while (recv(h.nfnlh.fd, buf, sizeof(buf), 0) > 0) {
+ printf("setting copy_packet mode\n");
+ if (nfqnl_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
+ fprintf(stderr, "can't set packet_copy mode\n");
+ exit(1);
+ }
+
+ nh = nfqnl_nfnlh(h);
+ fd = nfnl_fd(nh);
+
+ while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
printf("pkt received\n");
+ nfqnl_handle_packet(h, buf, rv);
}
- nfqnl_destroy_queue(&qh);
- nfqnl_unbind_pf(&h, AF_INET);
+ printf("unbinding from queue 0\n");
+ nfqnl_destroy_queue(qh);
+
+#ifdef INSANE
+ /* normally, applications SHOULD NOT issue this command, since
+ * it detaches other programs/sockets from AF_INET, too ! */
+ printf("unbinding from AF_INET\n");
+ nfqnl_unbind_pf(h, AF_INET);
+#endif
- nfqnl_close(&h);
+ printf("closing library handle\n");
+ nfqnl_close(h);
exit(0);
}