diff options
Diffstat (limited to 'libipulog')
| -rw-r--r-- | libipulog/Makefile.in | 23 | ||||
| -rw-r--r-- | libipulog/include/libipulog/libipulog.h | 58 | ||||
| -rw-r--r-- | libipulog/include/linux/netfilter_ipv4/ipt_ULOG.h | 62 | ||||
| -rw-r--r-- | libipulog/libipulog.c | 256 | ||||
| -rw-r--r-- | libipulog/ulog_test.c | 84 |
5 files changed, 483 insertions, 0 deletions
diff --git a/libipulog/Makefile.in b/libipulog/Makefile.in new file mode 100644 index 0000000..52a3394 --- /dev/null +++ b/libipulog/Makefile.in @@ -0,0 +1,23 @@ +# + +include @top_srcdir@/Rules.make +CFLAGS+=-Iinclude -I/usr/src/linux/include + +libipulog.a: libipulog.o + $(LD) -i $< -o $@ + +distrib: + +ulog_test: ulog_test.c libipulog.a + $(CC) $(CFLAGS) ulog_test.c libipulog.a -o ulog_test + +libipulog.o: libipulog.c + $(CC) $(CFLAGS) -c $< -o $@ + +clean: + $(RM) ulog_test libipulog.o libipulog.a + +distclean: clean + $(RM) Makefile + +install: libipulog.a diff --git a/libipulog/include/libipulog/libipulog.h b/libipulog/include/libipulog/libipulog.h new file mode 100644 index 0000000..b3805d7 --- /dev/null +++ b/libipulog/include/libipulog/libipulog.h @@ -0,0 +1,58 @@ +#ifndef _LIBIPULOG_H +#define _LIBIPULOG_H + +/* $Id$ */ + +#include <errno.h> +#include <unistd.h> +#include <fcntl.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/uio.h> +#include <asm/types.h> +#include <linux/netlink.h> +#include <net/if.h> +#include "linux/netfilter_ipv4/ipt_ULOG.h" + +/* FIXME: glibc sucks */ +#ifndef MSG_TRUNC +#define MSG_TRUNC 0x20 +#endif + +struct ipulog_handle; +extern int ipulog_errno; + +u_int32_t ipulog_group2gmask(u_int32_t group); + +struct ipulog_handle *ipulog_create_handle(u_int32_t gmask, u_int32_t rmem); + +void ipulog_destroy_handle(struct ipulog_handle *h); + +ssize_t ipulog_read(struct ipulog_handle *h, + unsigned char *buf, size_t len, int timeout); + +ulog_packet_msg_t *ipulog_get_packet(struct ipulog_handle *h, + const unsigned char *buf, + size_t len); + +char *ipulog_strerror(int errcode); + +void ipulog_perror(const char *s); + +enum +{ + IPULOG_ERR_NONE = 0, + IPULOG_ERR_IMPL, + IPULOG_ERR_HANDLE, + IPULOG_ERR_SOCKET, + IPULOG_ERR_BIND, + IPULOG_ERR_RECVBUF, + IPULOG_ERR_RECV, + IPULOG_ERR_NLEOF, + IPULOG_ERR_TRUNC, + IPULOG_ERR_INVGR, + IPULOG_ERR_INVNL, +}; +#define IPULOG_MAXERR IPULOG_ERR_INVNL + +#endif /* _LIBULOG_H */ diff --git a/libipulog/include/linux/netfilter_ipv4/ipt_ULOG.h b/libipulog/include/linux/netfilter_ipv4/ipt_ULOG.h new file mode 100644 index 0000000..de062cd --- /dev/null +++ b/libipulog/include/linux/netfilter_ipv4/ipt_ULOG.h @@ -0,0 +1,62 @@ +/* Header file for IP tables userspace logging, Version 1.8 + * + * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org> + * + * Distributed under the terms of GNU GPL */ +#ifndef _IPT_ULOG_H +#define _IPT_ULOG_H + +#ifndef NETLINK_NFLOG +#define NETLINK_NFLOG 5 +#endif + +#define ULOG_DEFAULT_NLGROUP 1 +#define ULOG_DEFAULT_QTHRESHOLD 1 + +#define ULOG_MAC_LEN 80 +#define ULOG_PREFIX_LEN 32 + +#define ULOG_MAX_QLEN 50 +/* Why 50? Well... there is a limit imposed by the slab cache 131000 + * bytes. So the multipart netlink-message has to be < 131000 bytes. + * Assuming a standard ethernet-mtu of 1500, we could define this up + * to 80... but even 50 seems to be big enough. */ + +/* private data structure for each rule with a ULOG target */ +struct ipt_ulog_info { + unsigned int nl_group; +#ifdef KERNEL_64_USERSPACE_32 + unsigned long long copy_range; + unsigned long long qthreshold; +#else + size_t copy_range; + size_t qthreshold; +#endif + char prefix[ULOG_PREFIX_LEN]; +}; + +/* Format of the ULOG packets passed through netlink */ +typedef struct ulog_packet_msg { + unsigned long mark; +#ifdef KERNEL_64_USERSPACE_32 + long long timestamp_sec; + long long timestamp_usec; +#else + long timestamp_sec; + long timestamp_usec; +#endif + unsigned int hook; + char indev_name[IFNAMSIZ]; + char outdev_name[IFNAMSIZ]; +#ifdef KERNEL_64_USERSPACE_32 + unsigned long long data_len; +#else + size_t data_len; +#endif + char prefix[ULOG_PREFIX_LEN]; + unsigned char mac_len; + unsigned char mac[ULOG_MAC_LEN]; + unsigned char payload[0]; +} ulog_packet_msg_t; + +#endif /*_IPT_ULOG_H*/ diff --git a/libipulog/libipulog.c b/libipulog/libipulog.c new file mode 100644 index 0000000..415b712 --- /dev/null +++ b/libipulog/libipulog.c @@ -0,0 +1,256 @@ +/* + * libipulog.c, $Revision$ + * + * netfilter ULOG userspace library. + * + * (C) 2000-2001 by Harald Welte <laforge@gnumonks.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * This library is still under development, so be aware of sudden interface + * changes + * + * $Id$ + */ + +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <unistd.h> +#include <net/if.h> +#include <libipulog/libipulog.h> + +struct ipulog_handle +{ + int fd; + u_int8_t blocking; + struct sockaddr_nl local; + struct sockaddr_nl peer; + struct nlmsghdr* last_nlhdr; +}; + +/* internal */ + + +int ipulog_errno = IPULOG_ERR_NONE; + +struct ipulog_errmap_t +{ + int errcode; + char *message; +} ipulog_errmap[] = +{ + { IPULOG_ERR_NONE, "No error" }, + { IPULOG_ERR_IMPL, "Not implemented yet" }, + { IPULOG_ERR_HANDLE, "Unable to create netlink handle" }, + { IPULOG_ERR_SOCKET, "Unable to create netlink socket" }, + { IPULOG_ERR_BIND, "Unable to bind netlink socket" }, + { IPULOG_ERR_RECVBUF, "Receive buffer size invalid" }, + { IPULOG_ERR_RECV, "Error during netlink receive" }, + { IPULOG_ERR_NLEOF, "Received EOF on netlink socket" }, + { IPULOG_ERR_TRUNC, "Receive message truncated" }, + { IPULOG_ERR_INVGR, "Invalid group specified" }, + { IPULOG_ERR_INVNL, "Invalid netlink message" }, +}; + +static ssize_t +ipulog_netlink_recvfrom(const struct ipulog_handle *h, + unsigned char *buf, size_t len) +{ + socklen_t addrlen; + int status; + struct nlmsghdr *nlh; + + if (len < sizeof(struct nlmsgerr)) { + ipulog_errno = IPULOG_ERR_RECVBUF; + return -1; + } + addrlen = sizeof(h->peer); + status = recvfrom(h->fd, buf, len, 0, (struct sockaddr *)&h->peer, + &addrlen); + if (status < 0) { + ipulog_errno = IPULOG_ERR_RECV; + return status; + } + if (addrlen != sizeof (h->peer)) { + ipulog_errno = IPULOG_ERR_RECV; + return -1; + } + if (h->peer.nl_pid != 0) { + ipulog_errno = IPULOG_ERR_RECV; + return -1; + } + if (status == 0) { + ipulog_errno = IPULOG_ERR_NLEOF; + return -1; + } + nlh = (struct nlmsghdr *)buf; + if (nlh->nlmsg_flags & MSG_TRUNC || status > len) { + ipulog_errno = IPULOG_ERR_TRUNC; + return -1; + } + return status; +} + +/* public */ + +char *ipulog_strerror(int errcode) +{ + if (errcode < 0 || errcode > IPULOG_MAXERR) + errcode = IPULOG_ERR_IMPL; + return ipulog_errmap[errcode].message; +} + +/* convert a netlink group (1-32) to a group_mask suitable for create_handle */ +u_int32_t ipulog_group2gmask(u_int32_t group) +{ + if (group < 1 || group > 32) + { + ipulog_errno = IPULOG_ERR_INVGR; + return 0; + } + return (1 << (group - 1)); +} + +/* create a ipulog handle for the reception of packets sent to gmask */ +struct ipulog_handle *ipulog_create_handle(u_int32_t gmask, + u_int32_t rcvbufsize) +{ + struct ipulog_handle *h; + int status; + + h = (struct ipulog_handle *) malloc(sizeof(struct ipulog_handle)); + if (h == NULL) + { + ipulog_errno = IPULOG_ERR_HANDLE; + return NULL; + } + memset(h, 0, sizeof(struct ipulog_handle)); + h->fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_NFLOG); + if (h->fd == -1) + { + ipulog_errno = IPULOG_ERR_SOCKET; + close(h->fd); + free(h); + return NULL; + } + memset(&h->local, 0, sizeof(struct sockaddr_nl)); + h->local.nl_family = AF_NETLINK; + h->local.nl_pid = getpid(); + h->local.nl_groups = gmask; + status = bind(h->fd, (struct sockaddr *)&h->local, sizeof(h->local)); + if (status == -1) + { + ipulog_errno = IPULOG_ERR_BIND; + close(h->fd); + free(h); + return NULL; + } + memset(&h->peer, 0, sizeof(struct sockaddr_nl)); + h->peer.nl_family = AF_NETLINK; + h->peer.nl_pid = 0; + h->peer.nl_groups = gmask; + + status = setsockopt(h->fd, SOL_SOCKET, SO_RCVBUF, &rcvbufsize, + sizeof(rcvbufsize)); + if (status == -1) + { + ipulog_errno = IPULOG_ERR_RECVBUF; + close(h->fd); + free(h); + return NULL; + } + + return h; +} + +/* destroy a ipulog handle */ +void ipulog_destroy_handle(struct ipulog_handle *h) +{ + close(h->fd); + free(h); +} + +#if 0 +int ipulog_set_mode() +{ +} +#endif + +/* do a BLOCKING read on an ipulog handle */ +ssize_t ipulog_read(struct ipulog_handle *h, unsigned char *buf, + size_t len, int timeout) +{ + return ipulog_netlink_recvfrom(h, buf, len); +} + +/* get a pointer to the actual start of the ipulog packet, + use this to strip netlink header */ +ulog_packet_msg_t *ipulog_get_packet(struct ipulog_handle *h, + const unsigned char *buf, + size_t len) +{ + struct nlmsghdr *nlh; + size_t remain_len; + + /* if last header in handle not inside this buffer, + * drop reference to last header */ + if ((unsigned char *)h->last_nlhdr > (buf + len) || + (unsigned char *)h->last_nlhdr < buf) { + h->last_nlhdr = NULL; + } + + if (!h->last_nlhdr) { + /* fist message in buffer */ + nlh = (struct nlmsghdr *) buf; + if (!NLMSG_OK(nlh, len)) { + /* ERROR */ + ipulog_errno = IPULOG_ERR_INVNL; + return NULL; + } + } else { + /* we are in n-th part of multilink message */ + if (h->last_nlhdr->nlmsg_type == NLMSG_DONE || + !(h->last_nlhdr->nlmsg_flags & NLM_F_MULTI)) { + /* if last part in multilink message, + * or no multipart message at all: return */ + h->last_nlhdr = NULL; + return NULL; + } + + /* calculate remaining lenght from lasthdr to end of buffer */ + remain_len = (len - + ((unsigned char *)h->last_nlhdr - buf)); + nlh = NLMSG_NEXT(h->last_nlhdr, remain_len); + } + + h->last_nlhdr = nlh; + + return NLMSG_DATA(nlh); +} + +/* print a human readable description of the last error to stderr */ +void ipulog_perror(const char *s) +{ + if (s) + fputs(s, stderr); + else + fputs("ERROR", stderr); + if (ipulog_errno) + fprintf(stderr, ": %s", ipulog_strerror(ipulog_errno)); + if (errno) + fprintf(stderr, ": %s", strerror(errno)); + fputc('\n', stderr); +} + diff --git a/libipulog/ulog_test.c b/libipulog/ulog_test.c new file mode 100644 index 0000000..792a793 --- /dev/null +++ b/libipulog/ulog_test.c @@ -0,0 +1,84 @@ +/* ulog_test, $Revision$ + * + * small testing program for libipulog, part of the netfilter ULOG target + * for the linux 2.4 netfilter subsystem. + * + * (C) 2000-2005 by Harald Welte <laforge@gnumonks.org> + * + * this code is released under the terms of GNU GPL + * + * $Id$ + */ + +#include <stdio.h> +#include <stdlib.h> +#include <libipulog/libipulog.h> + +#define MYBUFSIZ 2048 + +/* prints some logging about a single packet */ +void handle_packet(ulog_packet_msg_t *pkt) +{ + unsigned char *p; + int i; + + printf("Hook=%u Mark=%lu len=%d ", + pkt->hook, pkt->mark, pkt->data_len); + if (strlen(pkt->prefix)) + printf("Prefix=%s ", pkt->prefix); + + if (pkt->mac_len) + { + printf("mac="); + p = pkt->mac; + for (i = 0; i < pkt->mac_len; i++, p++) + printf("%02x%c", *p, i==pkt->mac_len-1 ? ' ':':'); + } + printf("\n"); + +} + +int main(int argc, char *argv[]) +{ + struct ipulog_handle *h; + unsigned char* buf; + int len; + ulog_packet_msg_t *upkt; + int i; + + if (argc != 4) { + fprintf(stderr, "Usage: %s count group timeout\n", argv[0]); + exit(1); + } + + /* allocate a receive buffer */ + buf = (unsigned char *) malloc(MYBUFSIZ); + + /* create ipulog handle */ + h = ipulog_create_handle(ipulog_group2gmask(atoi(argv[2])),150000); + if (!h) + { + /* if some error occurrs, print it to stderr */ + ipulog_perror(NULL); + exit(1); + } + + alarm(atoi(argv[3])); + + /* loop receiving packets and handling them over to handle_packet */ + for (i = 0; i < atoi(argv[1]); i++) { + len = ipulog_read(h, buf, MYBUFSIZ, 1); + if (len <= 0) { + ipulog_perror("ulog_test: short read"); + exit(1); + } + printf("%d bytes received\n", len); + while (upkt = ipulog_get_packet(h, buf, len)) { + handle_packet(upkt); + } + } + + /* just to give it a cleaner look */ + ipulog_destroy_handle(h); + return 0; +} |