From 1b5b6308f853ecd0a53c259b95fbf5ba8a99d14f Mon Sep 17 00:00:00 2001 From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org" Date: Sun, 7 Aug 2005 14:55:15 +0000 Subject: really implement a full test program. returns NF_ACCEPT verdict for all packets --- utils/nfqnl_test.c | 112 +++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 100 insertions(+), 12 deletions(-) (limited to 'utils') diff --git a/utils/nfqnl_test.c b/utils/nfqnl_test.c index ddc5fe9..accd127 100644 --- a/utils/nfqnl_test.c +++ b/utils/nfqnl_test.c @@ -3,32 +3,120 @@ #include #include #include +#include /* for NF_ACCEPT */ #include +/* returns packet id */ +static u_int32_t print_pkt (struct nfattr *tb[]) +{ + int id = 0; + + if (tb[NFQA_PACKET_HDR-1]) { + struct nfqnl_msg_packet_hdr *ph = + NFA_DATA(tb[NFQA_PACKET_HDR-1]); + id = ntohl(ph->packet_id); + printf("hw_protocol=0x%04x hook=%u id=%u ", + ntohs(ph->hw_protocol), ph->hook, id); + } + + if (tb[NFQA_MARK-1]) { + u_int32_t mark = + ntohl(*(u_int32_t *)NFA_DATA(tb[NFQA_MARK-1])); + printf("mark=%u ", mark); + } + + if (tb[NFQA_IFINDEX_INDEV-1]) { + u_int32_t ifi = + ntohl(*(u_int32_t *)NFA_DATA(tb[NFQA_IFINDEX_INDEV-1])); + printf("indev=%u ", ifi); + } + + if (tb[NFQA_IFINDEX_OUTDEV-1]) { + u_int32_t ifi = + ntohl(*(u_int32_t *)NFA_DATA(tb[NFQA_IFINDEX_OUTDEV-1])); + printf("outdev=%u ", ifi); + } + + if (tb[NFQA_PAYLOAD-1]) { + printf("payload_len=%d ", NFA_PAYLOAD(tb[NFQA_PAYLOAD-1])); + } + + fputc('\n', stdout); + + return id; +} + + +static int cb(struct nfqnl_q_handle *qh, struct nfgenmsg *nfmsg, + struct nfattr *nfa[], void *data) +{ + u_int32_t id = print_pkt(nfa); + printf("entering callback\n"); + return nfqnl_set_verdict(qh, id, NF_ACCEPT, 0, NULL); +} + int main(int argc, char **argv) { - struct nfqnl_handle h; - struct nfqnl_q_handle qh; + struct nfqnl_handle *h; + struct nfqnl_q_handle *qh; + struct nfnl_handle *nh; + int fd; int rv; char buf[4096]; - rv = nfqnl_open(&h); - if (rv < 0) - exit(rv); + printf("opening library handle\n"); + h = nfqnl_open(); + if (!h) { + fprintf(stderr, "error during nfqnl_open()\n"); + exit(1); + } + + printf("unbinding existing nf_queue handler for AF_INET (if any)\n"); + if (nfqnl_unbind_pf(h, AF_INET) < 0) { + fprintf(stderr, "error during nfqnl_unbind_pf()\n"); + exit(1); + } + + printf("binding nfnetlink_queue as nf_queue handler for AF_INET\n"); + if (nfqnl_bind_pf(h, AF_INET) < 0) { + fprintf(stderr, "error during nfqnl_bind_pf()\n"); + exit(1); + } - nfqnl_bind_pf(&h, AF_INET); - nfqnl_create_queue(&h, &qh, 0); - nfqnl_set_mode(&qh, NFQNL_COPY_PACKET, 0xffff); + printf("binding this socket to queue '0'\n"); + qh = nfqnl_create_queue(h, 0, &cb, NULL); + if (!qh) { + fprintf(stderr, "error during nfqnl_create_queue()\n"); + exit(1); + } - while (recv(h.nfnlh.fd, buf, sizeof(buf), 0) > 0) { + printf("setting copy_packet mode\n"); + if (nfqnl_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) { + fprintf(stderr, "can't set packet_copy mode\n"); + exit(1); + } + + nh = nfqnl_nfnlh(h); + fd = nfnl_fd(nh); + + while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) { printf("pkt received\n"); + nfqnl_handle_packet(h, buf, rv); } - nfqnl_destroy_queue(&qh); - nfqnl_unbind_pf(&h, AF_INET); + printf("unbinding from queue 0\n"); + nfqnl_destroy_queue(qh); + +#ifdef INSANE + /* normally, applications SHOULD NOT issue this command, since + * it detaches other programs/sockets from AF_INET, too ! */ + printf("unbinding from AF_INET\n"); + nfqnl_unbind_pf(h, AF_INET); +#endif - nfqnl_close(&h); + printf("closing library handle\n"); + nfqnl_close(h); exit(0); } -- cgit v1.2.3