static void packet_verdict(struct packet *orig_pkt, filter_result result) { int ret; struct nfqueue_packet *pkt = (struct nfqueue_packet*)orig_pkt; if (pkt->data) { if (pkt->id == -1) { if (result == FILTER_ACCEPT) { ret = socket_send_packet(pkt->state->send_mark_fd, pkt->data, pkt->length); } else { ret = 0; } } else { /* Convert verdict to netfilter */ int verdict; switch (result) { case FILTER_ACCEPT: verdict = NF_ACCEPT; break; case FILTER_DROP: verdict = NF_DROP; break; default: message(HAKA_LOG_DEBUG, MODULE_NAME, L"unknown verdict"); verdict = NF_DROP; break; } if (pkt->modified) ret = nfq_set_verdict(pkt->state->queue, pkt->id, verdict, pkt->length, pkt->data); else ret = nfq_set_verdict(pkt->state->queue, pkt->id, verdict, 0, NULL); } if (pcap) { switch (result) { case FILTER_ACCEPT: dump_pcap(&pcap->out, pkt); break; case FILTER_DROP: default: dump_pcap(&pcap->drop, pkt); break; } } if (ret == -1) { message(HAKA_LOG_ERROR, MODULE_NAME, L"packet verdict failed"); } free(pkt->data); pkt->data = NULL; } }
static int packet_do_receive(struct packet_module_state *state, struct packet **pkt) { const int rv = recv(state->fd, state->receive_buffer, sizeof(state->receive_buffer), 0); if (rv < 0) { messagef(HAKA_LOG_ERROR, MODULE_NAME, L"packet reception failed, %s", errno_error(errno)); return 0; } if (nfq_handle_packet(state->handle, state->receive_buffer, rv) == 0) { if (state->current_packet) { state->current_packet->state = state; *pkt = (struct packet*)state->current_packet; if (pcap) { dump_pcap(&pcap->in, state->current_packet); } state->current_packet = NULL; return 0; } else { return state->error; } } else { message(HAKA_LOG_ERROR, MODULE_NAME, L"packet processing failed"); return 0; } }
void dump_event(struct mtp_event *event) { FILE *dump_fh; ast_mutex_lock(&dump_mutex); if(event->dump.out) { dump_fh = dump_out_fh; } else { dump_fh = dump_in_fh; } if (dump_enabled(event)) dump_pcap(dump_fh, event); ast_mutex_unlock(&dump_mutex); }