summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/Makefile.am7
-rw-r--r--src/internal.h12
-rw-r--r--src/nlmsg.c174
3 files changed, 191 insertions, 2 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index 2196aef..884311f 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -24,7 +24,10 @@ include ${top_srcdir}/Make_global.am
lib_LTLIBRARIES = libnetfilter_queue.la
+include_HEADERS = internal.h
+
libnetfilter_queue_la_LDFLAGS = -Wc,-nostartfiles -lnfnetlink \
-version-info $(LIBVERSION)
-libnetfilter_queue_la_SOURCES = libnetfilter_queue.c
-libnetfilter_queue_la_LIBADD = ${LIBNFNETLINK_LIBS}
+libnetfilter_queue_la_SOURCES = libnetfilter_queue.c \
+ nlmsg.c
+libnetfilter_queue_la_LIBADD = ${LIBNFNETLINK_LIBS} ${LIBMNL_LIBS}
diff --git a/src/internal.h b/src/internal.h
new file mode 100644
index 0000000..3a88d1a
--- /dev/null
+++ b/src/internal.h
@@ -0,0 +1,12 @@
+#ifndef INTERNAL_H
+#define INTERNAL_H 1
+
+#include "config.h"
+#ifdef HAVE_VISIBILITY_HIDDEN
+# define __visible __attribute__((visibility("default")))
+# define EXPORT_SYMBOL(x) typeof(x) (x) __visible
+#else
+# define EXPORT_SYMBOL
+#endif
+
+#endif
diff --git a/src/nlmsg.c b/src/nlmsg.c
new file mode 100644
index 0000000..4637fd5
--- /dev/null
+++ b/src/nlmsg.c
@@ -0,0 +1,174 @@
+/*
+ * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+#include <arpa/inet.h>
+#include <time.h>
+#include <endian.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <libmnl/libmnl.h>
+
+#ifndef __aligned_be64
+#define __aligned_be64 __be64 __attribute__((aligned(8)))
+#define __aligned_le64 __le64 __attribute__((aligned(8)))
+#endif
+
+#include <linux/netfilter/nfnetlink_queue.h>
+
+#include <libnetfilter_queue/libnetfilter_queue.h>
+
+#include "internal.h"
+
+/**
+ * \defgroup nfq_verd Queue verdict object handling
+ * @{
+ */
+
+void nfq_nlmsg_verdict_put(struct nlmsghdr *nlh, int id, int verdict)
+{
+ struct nfqnl_msg_verdict_hdr vh = {
+ .verdict = htonl(verdict),
+ .id = htonl(id),
+ };
+ mnl_attr_put(nlh, NFQA_VERDICT_HDR, sizeof(vh), &vh);
+}
+EXPORT_SYMBOL(nfq_nlmsg_verdict_put);
+
+void nfq_nlmsg_verdict_put_mark(struct nlmsghdr *nlh, uint32_t mark)
+{
+ mnl_attr_put_u32(nlh, NFQA_MARK, htonl(mark));
+}
+EXPORT_SYMBOL(nfq_nlmsg_verdict_put_mark);
+
+void
+nfq_nlmsg_verdict_put_pkt(struct nlmsghdr *nlh, const void *pkt, uint32_t plen)
+{
+ mnl_attr_put(nlh, NFQA_PAYLOAD, plen, pkt);
+}
+EXPORT_SYMBOL(nfq_nlmsg_verdict_put_pkt);
+
+/**
+ * @}
+ */
+
+/**
+ * \defgroup nfq_cfg Queue config object handling
+ * @{
+ */
+
+/**
+ * nfq_nlmsg_cfg_build_request- build netlink config message
+ * \param buf Buffer where netlink message is going to be written.
+ * \param cfg Structure that contains the config parameters.
+ * \param command nfqueue nfnetlink command.
+ *
+ * This function returns a pointer to the netlink message. If something goes
+ * wrong it returns NULL.
+ *
+ * Possible commands are:
+ *
+ * - NFQNL_CFG_CMD_NONE: Do nothing. It can be useful to know if the queue
+ * subsystem is working.
+ * - NFQNL_CFG_CMD_BIND: Binds the program to a specific queue.
+ * - NFQNL_CFG_CMD_UNBIND: Unbinds the program to a specifiq queue.
+ * - NFQNL_CFG_CMD_PF_BIND: Binds to process packets belonging to the given
+ * protocol family (ie. PF_INET, PF_INET6, etc).
+ * - NFQNL_CFG_CMD_PF_UNBIND: Unbinds from processing packets belonging to the
+ * given protocol family.
+ */
+void nfq_nlmsg_cfg_put_cmd(struct nlmsghdr *nlh, uint16_t pf, uint8_t cmd)
+{
+ struct nfqnl_msg_config_cmd command = {
+ .command = cmd,
+ .pf = htons(pf),
+ };
+ mnl_attr_put(nlh, NFQA_CFG_CMD, sizeof(command), &command);
+}
+EXPORT_SYMBOL(nfq_nlmsg_cfg_put_cmd);
+
+void nfq_nlmsg_cfg_put_params(struct nlmsghdr *nlh, uint8_t mode, int range)
+{
+ struct nfqnl_msg_config_params params = {
+ .copy_range = htonl(range),
+ .copy_mode = mode,
+ };
+ mnl_attr_put(nlh, NFQA_CFG_PARAMS, sizeof(params), &params);
+}
+EXPORT_SYMBOL(nfq_nlmsg_cfg_put_params);
+
+void nfq_nlmsg_cfg_put_qmaxlen(struct nlmsghdr *nlh, uint32_t queue_maxlen)
+{
+ mnl_attr_put_u32(nlh, NFQA_CFG_QUEUE_MAXLEN, htonl(queue_maxlen));
+}
+EXPORT_SYMBOL(nfq_nlmsg_cfg_put_qmaxlen);
+
+/**
+ * @}
+ */
+
+/**
+ * \defgroup nlmsg Netlink message helper functions
+ * @{
+ */
+
+static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data)
+{
+ const struct nlattr **tb = data;
+ int type = mnl_attr_get_type(attr);
+
+ /* skip unsupported attribute in user-space */
+ if (mnl_attr_type_valid(attr, NFQA_MAX) < 0)
+ return MNL_CB_OK;
+
+ switch(type) {
+ case NFQA_MARK:
+ case NFQA_IFINDEX_INDEV:
+ case NFQA_IFINDEX_OUTDEV:
+ case NFQA_IFINDEX_PHYSINDEV:
+ case NFQA_IFINDEX_PHYSOUTDEV:
+ if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
+ return MNL_CB_ERROR;
+ break;
+ case NFQA_TIMESTAMP:
+ if (mnl_attr_validate2(attr, MNL_TYPE_UNSPEC,
+ sizeof(struct nfqnl_msg_packet_timestamp)) < 0) {
+ return MNL_CB_ERROR;
+ }
+ break;
+ case NFQA_HWADDR:
+ if (mnl_attr_validate2(attr, MNL_TYPE_UNSPEC,
+ sizeof(struct nfqnl_msg_packet_hw)) < 0) {
+ return MNL_CB_ERROR;
+ }
+ break;
+ case NFQA_PAYLOAD:
+ break;
+ }
+ tb[type] = attr;
+ return MNL_CB_OK;
+}
+
+/**
+ * nfq_pkt_parse - set packet attributes from netlink message
+ * \param nlh netlink message that you want to read.
+ * \param pkt pointer to the packet to set.
+ *
+ * This function returns MNL_CB_ERROR if any error occurs, or MNL_CB_OK on
+ * success.
+ */
+int nfq_nlmsg_parse(const struct nlmsghdr *nlh, struct nlattr **attr)
+{
+ return mnl_attr_parse(nlh, sizeof(struct nfgenmsg),
+ nfq_pkt_parse_attr_cb, attr);
+}
+EXPORT_SYMBOL(nfq_nlmsg_parse);
+
+/**
+ * @}
+ */