diff options
Diffstat (limited to '_queue/src')
-rw-r--r-- | _queue/src/Makefile.am | 13 | ||||
-rw-r--r-- | _queue/src/libipq_compat.c | 352 | ||||
-rw-r--r-- | _queue/src/libnfnetlink_queue.c | 375 |
3 files changed, 0 insertions, 740 deletions
diff --git a/_queue/src/Makefile.am b/_queue/src/Makefile.am deleted file mode 100644 index c75d708..0000000 --- a/_queue/src/Makefile.am +++ /dev/null @@ -1,13 +0,0 @@ - -INCLUDES = $(all_includes) -I$(top_srcdir)/include -I${KERNELDIR} -AM_CFLAGS=-fPIC -Wall -LIBS= - -lib_LTLIBRARIES = libnfnetlink_queue.la libnfnetlink_queue_libipq.la - -libnfnetlink_queue_la_LDFLAGS = -Wc,-nostartfiles -libnfnetlink_queue_la_SOURCES = libnfnetlink_queue.c - -libnfnetlink_queue_libipq_la_LDFLAGS = -Wc,-nostartfiles -libnfnetlink_queue_libipq_la_SOURCES = libipq_compat.c - diff --git a/_queue/src/libipq_compat.c b/_queue/src/libipq_compat.c deleted file mode 100644 index d263aed..0000000 --- a/_queue/src/libipq_compat.c +++ /dev/null @@ -1,352 +0,0 @@ -/* - * libipq - backwards compatibility library for libnfnetlink_queue - * - * (C) 2005 by Harald Welte <laforge@netfilter.org> - * - * Based on original libipq.c, - * Author: James Morris <jmorris@intercode.com.au> - * 07-11-2001 Modified by Fernando Anton to add support for IPv6. - * Copyright (c) 2000-2001 Netfilter Core Team - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - */ - -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <unistd.h> -#include <sys/time.h> -#include <sys/types.h> - -#include <libnfnetlink_queue/libnfnetlink_queue.h> -#include <libnfnetlink_queue/libipq.h> - -/**************************************************************************** - * - * Private interface - * - ****************************************************************************/ - -enum { - IPQ_ERR_NONE = 0, - IPQ_ERR_IMPL, - IPQ_ERR_HANDLE, - IPQ_ERR_SOCKET, - IPQ_ERR_BIND, - IPQ_ERR_BUFFER, - IPQ_ERR_RECV, - IPQ_ERR_NLEOF, - IPQ_ERR_ADDRLEN, - IPQ_ERR_STRUNC, - IPQ_ERR_RTRUNC, - IPQ_ERR_NLRECV, - IPQ_ERR_SEND, - IPQ_ERR_SUPP, - IPQ_ERR_RECVBUF, - IPQ_ERR_TIMEOUT, - IPQ_ERR_PROTOCOL -}; -#define IPQ_MAXERR IPQ_ERR_PROTOCOL - -struct ipq_errmap_t { - int errcode; - char *message; -} ipq_errmap[] = { - { IPQ_ERR_NONE, "Unknown error" }, - { IPQ_ERR_IMPL, "Implementation error" }, - { IPQ_ERR_HANDLE, "Unable to create netlink handle" }, - { IPQ_ERR_SOCKET, "Unable to create netlink socket" }, - { IPQ_ERR_BIND, "Unable to bind netlink socket" }, - { IPQ_ERR_BUFFER, "Unable to allocate buffer" }, - { IPQ_ERR_RECV, "Failed to receive netlink message" }, - { IPQ_ERR_NLEOF, "Received EOF on netlink socket" }, - { IPQ_ERR_ADDRLEN, "Invalid peer address length" }, - { IPQ_ERR_STRUNC, "Sent message truncated" }, - { IPQ_ERR_RTRUNC, "Received message truncated" }, - { IPQ_ERR_NLRECV, "Received error from netlink" }, - { IPQ_ERR_SEND, "Failed to send netlink message" }, - { IPQ_ERR_SUPP, "Operation not supported" }, - { IPQ_ERR_RECVBUF, "Receive buffer size invalid" }, - { IPQ_ERR_TIMEOUT, "Timeout"}, - { IPQ_ERR_PROTOCOL, "Invalid protocol specified" } -}; - -static int ipq_errno = IPQ_ERR_NONE; - -#if 0 -static ssize_t ipq_netlink_sendto(const struct ipq_handle *h, - const void *msg, size_t len); - -static ssize_t ipq_netlink_recvfrom(const struct ipq_handle *h, - unsigned char *buf, size_t len, - int timeout); - -static ssize_t ipq_netlink_sendmsg(const struct ipq_handle *h, - const struct msghdr *msg, - unsigned int flags); - -static char *ipq_strerror(int errcode); - -static ssize_t ipq_netlink_sendto(const struct ipq_handle *h, - const void *msg, size_t len) -{ - int status = sendto(h->fd, msg, len, 0, - (struct sockaddr *)&h->peer, sizeof(h->peer)); - if (status < 0) - ipq_errno = IPQ_ERR_SEND; - return status; -} - -static ssize_t ipq_netlink_sendmsg(const struct ipq_handle *h, - const struct msghdr *msg, - unsigned int flags) -{ - int status = sendmsg(h->fd, msg, flags); - if (status < 0) - ipq_errno = IPQ_ERR_SEND; - return status; -} - -static ssize_t ipq_netlink_recvfrom(const struct ipq_handle *h, - unsigned char *buf, size_t len, - int timeout) -{ - unsigned int addrlen; - int status; - struct nlmsghdr *nlh; - - if (len < sizeof(struct nlmsgerr)) { - ipq_errno = IPQ_ERR_RECVBUF; - return -1; - } - addrlen = sizeof(h->peer); - - if (timeout != 0) { - int ret; - struct timeval tv; - fd_set read_fds; - - if (timeout < 0) { - /* non-block non-timeout */ - tv.tv_sec = 0; - tv.tv_usec = 0; - } else { - tv.tv_sec = timeout / 1000000; - tv.tv_usec = timeout % 1000000; - } - - FD_ZERO(&read_fds); - FD_SET(h->fd, &read_fds); - ret = select(h->fd+1, &read_fds, NULL, NULL, &tv); - if (ret < 0) { - if (errno == EINTR) { - return 0; - } else { - ipq_errno = IPQ_ERR_RECV; - return -1; - } - } - if (!FD_ISSET(h->fd, &read_fds)) { - ipq_errno = IPQ_ERR_TIMEOUT; - return 0; - } - } - status = recvfrom(h->fd, buf, len, 0, - (struct sockaddr *)&h->peer, &addrlen); - if (status < 0) { - ipq_errno = IPQ_ERR_RECV; - return status; - } - if (addrlen != sizeof(h->peer)) { - ipq_errno = IPQ_ERR_RECV; - return -1; - } - if (h->peer.nl_pid != 0) { - ipq_errno = IPQ_ERR_RECV; - return -1; - } - if (status == 0) { - ipq_errno = IPQ_ERR_NLEOF; - return -1; - } - nlh = (struct nlmsghdr *)buf; - if (nlh->nlmsg_flags & MSG_TRUNC || nlh->nlmsg_len > status) { - ipq_errno = IPQ_ERR_RTRUNC; - return -1; - } - return status; -} -#endif - -static char *ipq_strerror(int errcode) -{ - if (errcode < 0 || errcode > IPQ_MAXERR) - errcode = IPQ_ERR_IMPL; - return ipq_errmap[errcode].message; -} - -/**************************************************************************** - * - * Public interface - * - ****************************************************************************/ - -/* - * Create and initialise an ipq handle. - */ -struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol) -{ - int status; - struct ipq_handle *h; - - h = (struct ipq_handle *)malloc(sizeof(struct ipq_handle)); - if (h == NULL) { - ipq_errno = IPQ_ERR_HANDLE; - return NULL; - } - - memset(h, 0, sizeof(struct ipq_handle)); - - h->nfqnlh = nfqnl_open(); - if (!h->nfqnlh) { - ipq_errno = IPQ_ERR_SOCKET; - goto err_free; - } - - if (protocol == PF_INET) - status = nfqnl_bind_pf(h->nfqnlh, PF_INET); - else if (protocol == PF_INET6) - status = nfqnl_bind_pf(h->nfqnlh, PF_INET6); - else { - ipq_errno = IPQ_ERR_PROTOCOL; - goto err_close; - } - h->family = protocol; - if (status < 0) { - ipq_errno = IPQ_ERR_BIND; - goto err_close; - } - - h->qh = nfqnl_create_queue(h->nfqnlh, 0, NULL, NULL); - if (!h->qh) { - ipq_errno = IPQ_ERR_BIND; - goto err_close; - } - - return h; - -err_close: - nfqnl_close(h->nfqnlh); -err_free: - free(h); - return NULL; -} - -/* - * No error condition is checked here at this stage, but it may happen - * if/when reliable messaging is implemented. - */ -int ipq_destroy_handle(struct ipq_handle *h) -{ - if (h) { - nfqnl_close(h->nfqnlh); - free(h); - } - return 0; -} - -int ipq_set_mode(const struct ipq_handle *h, - u_int8_t mode, size_t range) -{ - return nfqnl_set_mode(h->qh, mode, range); -} - -/* - * timeout is in microseconds (1 second is 1000000 (1 million) microseconds) - * - */ -ssize_t ipq_read(const struct ipq_handle *h, - unsigned char *buf, size_t len, int timeout) -{ - struct nfattr *tb[NFQA_MAX]; - struct nlmsghdr *nlh = (struct nlmsghdr *)buf; - struct nfgenmsg *msg = NULL; - struct nfattr *nfa; - - //return ipq_netlink_recvfrom(h, buf, len, timeout); - - /* This really sucks. We have to copy the whole packet - * in order to build a data structure that is compatible to - * the old ipq interface... */ - - nfa = nfnl_parse_hdr(nfqnl_nfnlh(h->nfqnlh), nlh, &msg); - if (!msg || !nfa) - return 0; - - if (msg->nfgen_family != h->family) - return 0; - - nfnl_parse_attr(tb, NFQA_MAX, nfa, 0xffff); - - - return 0; -} - -int ipq_message_type(const unsigned char *buf) -{ - return ((struct nlmsghdr*)buf)->nlmsg_type; -} - -int ipq_get_msgerr(const unsigned char *buf) -{ - struct nlmsghdr *h = (struct nlmsghdr *)buf; - struct nlmsgerr *err = (struct nlmsgerr*)NLMSG_DATA(h); - return -err->error; -} - -ipq_packet_msg_t *ipq_get_packet(const unsigned char *buf) -{ - return NLMSG_DATA((struct nlmsghdr *)(buf)); -} - -int ipq_set_verdict(const struct ipq_handle *h, - ipq_id_t id, - unsigned int verdict, - size_t data_len, - unsigned char *buf) -{ - return nfqnl_set_verdict(h->qh, id, verdict, data_len, buf); -} - -/* Not implemented yet */ -int ipq_ctl(const struct ipq_handle *h, int request, ...) -{ - return 1; -} - -char *ipq_errstr(void) -{ - return ipq_strerror(ipq_errno); -} - -void ipq_perror(const char *s) -{ - if (s) - fputs(s, stderr); - else - fputs("ERROR", stderr); - if (ipq_errno) - fprintf(stderr, ": %s", ipq_errstr()); - if (errno) - fprintf(stderr, ": %s", strerror(errno)); - fputc('\n', stderr); -} diff --git a/_queue/src/libnfnetlink_queue.c b/_queue/src/libnfnetlink_queue.c deleted file mode 100644 index 10ece48..0000000 --- a/_queue/src/libnfnetlink_queue.c +++ /dev/null @@ -1,375 +0,0 @@ -/* libnfqnetlink.c: generic library for access to nf_queue - * - * (C) 2005 by Harald Welte <laforge@gnumonks.org> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <string.h> -#include <ctype.h> -#include <time.h> -#include <errno.h> -#include <netinet/in.h> -#include <sys/socket.h> - -#include <libnfnetlink/libnfnetlink.h> -#include <libnfnetlink_queue/libnfnetlink_queue.h> - -struct nfqnl_handle -{ - struct nfnl_handle nfnlh; - struct nfqnl_q_handle *qh_list; -}; - -struct nfqnl_q_handle -{ - struct nfqnl_q_handle *next; - struct nfqnl_handle *h; - u_int16_t id; - - nfqnl_callback *cb; - void *data; -}; - - -int nfqnl_errno; - -/*********************************************************************** - * low level stuff - ***********************************************************************/ - -static void del_qh(struct nfqnl_q_handle *qh) -{ - struct nfqnl_q_handle *cur_qh, *prev_qh = NULL; - - for (cur_qh = qh->h->qh_list; cur_qh; cur_qh = cur_qh->next) { - if (cur_qh == qh) { - if (prev_qh) - prev_qh->next = qh->next; - else - qh->h->qh_list = qh->next; - return; - } - prev_qh = cur_qh; - } -} - -static void add_qh(struct nfqnl_q_handle *qh) -{ - qh->next = qh->h->qh_list; - qh->h->qh_list = qh; -} - -static struct nfqnl_q_handle *find_qh(struct nfqnl_handle *h, u_int16_t id) -{ - struct nfqnl_q_handle *qh; - - for (qh = h->qh_list; qh; qh = qh->next) { - if (qh->id == id) - return qh; - } - return NULL; -} - -/* build a NFQNL_MSG_CONFIG message */ - static int -__build_send_cfg_msg(struct nfqnl_handle *h, u_int8_t command, - u_int16_t queuenum, u_int16_t pf) -{ - char buf[NFNL_HEADER_LEN - +NFA_LENGTH(sizeof(struct nfqnl_msg_config_cmd))]; - struct nfqnl_msg_config_cmd cmd; - struct nlmsghdr *nmh = (struct nlmsghdr *) buf; - - nfnl_fill_hdr(&h->nfnlh, nmh, 0, AF_UNSPEC, queuenum, - NFQNL_MSG_CONFIG, NLM_F_REQUEST|NLM_F_ACK); - - cmd.command = command; - cmd.pf = htons(pf); - nfnl_addattr_l(nmh, sizeof(buf), NFQA_CFG_CMD, &cmd, sizeof(cmd)); - - return nfnl_talk(&h->nfnlh, nmh, 0, 0, NULL, NULL, NULL); -} - -static int __nfqnl_rcv_pkt(struct nlmsghdr *nlh, struct nfattr *nfa[], - void *data) -{ - struct nfgenmsg *nfmsg = NLMSG_DATA(nlh); - struct nfqnl_handle *h = data; - u_int16_t queue_num = ntohs(nfmsg->res_id); - struct nfqnl_q_handle *qh = find_qh(h, queue_num); - - if (!qh) - return -ENODEV; - - if (!qh->cb) - return -ENODEV; - - return qh->cb(qh, nfmsg, nfa, qh->data); -} - -static struct nfnl_callback pkt_cb = { - .call = &__nfqnl_rcv_pkt, - .attr_count = NFQA_MAX, -}; - -/* public interface */ - -struct nfnl_handle *nfqnl_nfnlh(struct nfqnl_handle *h) -{ - return &h->nfnlh; -} - -int nfqnl_fd(struct nfqnl_handle *h) -{ - return nfnl_fd(nfqnl_nfnlh(h)); -} - -struct nfqnl_handle *nfqnl_open(void) -{ - struct nfqnl_handle *h; - int err; - - h = malloc(sizeof(*h)); - if (!h) - return NULL; - - memset(h, 0, sizeof(*h)); - - err = nfnl_open(&h->nfnlh, NFNL_SUBSYS_QUEUE, NFQNL_MSG_MAX, 0); - if (err < 0) { - nfqnl_errno = err; - goto out_free; - } - - pkt_cb.data = h; - err = nfnl_callback_register(&h->nfnlh, NFQNL_MSG_PACKET, &pkt_cb); - if (err < 0) { - nfqnl_errno = err; - goto out_close; - } - - return h; -out_close: - nfnl_close(&h->nfnlh); -out_free: - free(h); - return NULL; -} - -int nfqnl_close(struct nfqnl_handle *h) -{ - int ret = nfnl_close(&h->nfnlh); - if (ret == 0) - free(h); - return ret; -} - -/* bind nf_queue from a specific protocol family */ -int nfqnl_bind_pf(struct nfqnl_handle *h, u_int16_t pf) -{ - return __build_send_cfg_msg(h, NFQNL_CFG_CMD_PF_BIND, 0, pf); -} - -/* unbind nf_queue from a specific protocol family */ -int nfqnl_unbind_pf(struct nfqnl_handle *h, u_int16_t pf) -{ - return __build_send_cfg_msg(h, NFQNL_CFG_CMD_PF_UNBIND, 0, pf); -} - -/* bind this socket to a specific queue number */ -struct nfqnl_q_handle *nfqnl_create_queue(struct nfqnl_handle *h, - u_int16_t num, - nfqnl_callback *cb, - void *data) -{ - int ret; - struct nfqnl_q_handle *qh; - - if (find_qh(h, num)) - return NULL; - - qh = malloc(sizeof(*qh)); - - memset(qh, 0, sizeof(*qh)); - qh->h = h; - qh->id = num; - qh->cb = cb; - qh->data = data; - - ret = __build_send_cfg_msg(h, NFQNL_CFG_CMD_BIND, num, 0); - if (ret < 0) { - nfqnl_errno = ret; - free(qh); - return NULL; - } - - add_qh(qh); - return qh; -} - -/* unbind this socket from a specific queue number */ -int nfqnl_destroy_queue(struct nfqnl_q_handle *qh) -{ - int ret = __build_send_cfg_msg(qh->h, NFQNL_CFG_CMD_UNBIND, qh->id, 0); - if (ret == 0) { - del_qh(qh); - free(qh); - } - - return ret; -} - -int nfqnl_handle_packet(struct nfqnl_handle *h, char *buf, int len) -{ - return nfnl_handle_packet(&h->nfnlh, buf, len); -} - -int nfqnl_set_mode(struct nfqnl_q_handle *qh, - u_int8_t mode, u_int32_t range) -{ - char buf[NFNL_HEADER_LEN - +NFA_LENGTH(sizeof(struct nfqnl_msg_config_params))]; - struct nfqnl_msg_config_params params; - struct nlmsghdr *nmh = (struct nlmsghdr *) buf; - - nfnl_fill_hdr(&qh->h->nfnlh, nmh, 0, AF_UNSPEC, qh->id, - NFQNL_MSG_CONFIG, NLM_F_REQUEST|NLM_F_ACK); - - params.copy_range = htonl(range); - params.copy_mode = mode; - nfnl_addattr_l(nmh, sizeof(buf), NFQA_CFG_PARAMS, ¶ms, - sizeof(params)); - - return nfnl_talk(&qh->h->nfnlh, nmh, 0, 0, NULL, NULL, NULL); -} - -static int __set_verdict(struct nfqnl_q_handle *qh, u_int32_t id, - u_int32_t verdict, u_int32_t mark, int set_mark, - u_int32_t data_len, unsigned char *data) -{ - struct nfqnl_msg_verdict_hdr vh; - char buf[NFNL_HEADER_LEN - +NFA_LENGTH(sizeof(mark)) - +NFA_LENGTH(sizeof(vh))]; - struct nlmsghdr *nmh = (struct nlmsghdr *) buf; - - struct iovec iov[3]; - int nvecs; - - memset(iov, 0, sizeof(iov)); - - vh.verdict = htonl(verdict); - vh.id = htonl(id); - - nfnl_fill_hdr(&qh->h->nfnlh, nmh, 0, AF_UNSPEC, qh->id, - NFQNL_MSG_VERDICT, NLM_F_REQUEST); - - /* add verdict header */ - nfnl_addattr_l(nmh, sizeof(buf), NFQA_VERDICT_HDR, &vh, sizeof(vh)); - - if (set_mark) - nfnl_addattr32(nmh, sizeof(buf), NFQA_MARK, mark); - - iov[0].iov_base = nmh; - iov[0].iov_len = NLMSG_TAIL(nmh) - (void *)nmh; - nvecs = 1; - - if (data_len) { - struct nfattr data_attr; - - nfnl_build_nfa_iovec(&iov[1], &data_attr, NFQA_PAYLOAD, - data_len, data); - nvecs += 2; - } - - return nfnl_sendiov(&qh->h->nfnlh, iov, nvecs, 0); -} - -int nfqnl_set_verdict(struct nfqnl_q_handle *qh, u_int32_t id, - u_int32_t verdict, u_int32_t data_len, - unsigned char *buf) -{ - return __set_verdict(qh, id, verdict, 0, 0, data_len, buf); -} - -int nfqnl_set_verdict_mark(struct nfqnl_q_handle *qh, u_int32_t id, - u_int32_t verdict, u_int32_t mark, - u_int32_t datalen, unsigned char *buf) -{ - return __set_verdict(qh, id, verdict, mark, 1, datalen, buf); -} - -/************************************************************* - * Message parsing functions - *************************************************************/ - -struct nfqnl_msg_packet_hdr *nfqnl_get_msg_packet_hdr(struct nfattr *nfa[]) -{ - return nfnl_get_pointer_to_data(nfa, NFQA_PACKET_HDR, - struct nfqnl_msg_packet_hdr); -} - -uint32_t nfqnl_get_nfmark(struct nfattr *nfa[]) -{ - return ntohl(nfnl_get_data(nfa, NFQA_MARK, u_int32_t)); -} - -struct nfqnl_msg_packet_timestamp *nfqnl_get_timestamp(struct nfattr *nfa[]) -{ - return nfnl_get_pointer_to_data(nfa, NFQA_TIMESTAMP, - struct nfqnl_msg_packet_timestamp); -} - -/* all nfqnl_get_*dev() functions return 0 if not set, since linux only allows - * ifindex >= 1, see net/core/dev.c:2600 (in 2.6.13.1) */ -u_int32_t nfqnl_get_indev(struct nfattr *nfa[]) -{ - return ntohl(nfnl_get_data(nfa, NFQA_IFINDEX_INDEV, u_int32_t)); -} - -u_int32_t nfqnl_get_physindev(struct nfattr *nfa[]) -{ - return ntohl(nfnl_get_data(nfa, NFQA_IFINDEX_PHYSINDEV, u_int32_t)); -} - -u_int32_t nfqnl_get_outdev(struct nfattr *nfa[]) -{ - return ntohl(nfnl_get_data(nfa, NFQA_IFINDEX_OUTDEV, u_int32_t)); -} - -u_int32_t nfqnl_get_physoutdev(struct nfattr *nfa[]) -{ - return ntohl(nfnl_get_data(nfa, NFQA_IFINDEX_PHYSOUTDEV, u_int32_t)); -} - -struct nfqnl_msg_packet_hw *nfqnl_get_packet_hw(struct nfattr *nfa[]) -{ - return nfnl_get_pointer_to_data(nfa, NFQA_HWADDR, - struct nfqnl_msg_packet_hw); -} - -int nfqnl_get_payload(struct nfattr *nfa[], char **data, - unsigned int *datalen) -{ - *data = nfnl_get_pointer_to_data(nfa, NFQA_PAYLOAD, char*); - if (*data) { - *datalen = NFA_PAYLOAD(nfa[NFQA_PAYLOAD-1]); - return 1; - } - return 0; -} |