void operator()(struct nflog_data *nfa)
{
//struct nfulnl_msg_packet_hdr *ph = nflog_get_msg_packet_hdr(nfa);
char *prefix = nflog_get_prefix(nfa);
char *payload = 0;
int payload_len = nflog_get_payload(nfa, &payload);
struct timeval tv;
memset(&tv, 0, sizeof(tv));
nflog_get_timestamp(nfa, &tv);
std::cout
<< (unsigned)tv.tv_sec << "."
<< tv.tv_usec;
std::cout << "\t" << nflog_get_indev(nfa);
std::cout << "\t" << nflog_get_outdev(nfa);
std::cout << "\t" << payload_len;
if (payload_len > 0)
handle_packet(payload, payload_len);
if (prefix && strlen(prefix)) {
std::cout << "\t\"" << prefix << "\"";
}
std::cout << std::endl;
// write a pcap file here if required
if (pcap_writer) {
const size_t pcap_len = payload_len+sizeof(ether_header);
pcap_pkthdr head;
memset(&head, 0, sizeof(head));
head.ts = tv;
head.caplen = pcap_len;
head.len = pcap_len;
// make pcap header
unsigned char tbuf[pcap_len];
ether_header* ehead = reinterpret_cast<ether_header*>(&tbuf[0]);
memset(ehead, 0, sizeof(ehead));
ehead->ether_dhost[0]=0xFA; ehead->ether_dhost[1]=0xCE;
ehead->ether_shost[0]=0xFA; ehead->ether_shost[1]=0xCE;
*reinterpret_cast<u_int32_t*>(&ehead->ether_dhost[2]) = nflog_get_outdev(nfa);
*reinterpret_cast<u_int32_t*>(&ehead->ether_shost[2]) = nflog_get_indev(nfa);
ehead->ether_type=htons(ETHERTYPE_IP);
// copy payload and dump
memcpy(tbuf+sizeof(ether_header), payload, payload_len);
pcap_dump(reinterpret_cast<u_char*>(pcap_writer), &head, reinterpret_cast<const u_char*>(tbuf));
}
}
int log_payload_get_outdev(struct log_payload *self)
{
return nflog_get_outdev(self->nfad);
}
/* Functions */
static int nflog_incoming(struct nflog_g_handle *gh, struct nfgenmsg *nfmsg,
struct nflog_data *nfa, void *p)
{
static char jumbo_container[10000];
struct timeval tv = {};
struct pcap_pkthdr hdr;
char *pkt = NULL;
ssize_t pkt_len = nflog_get_payload(nfa, &pkt);
ssize_t mac_len = nflog_get_msg_packet_hwhdrlen(nfa);
struct pcap_callback_data *cb_data = p;
/* Check we can handle this packet */
switch (nfmsg->nfgen_family) {
case AF_INET:
break;
#ifdef ENABLE_IPV6
case AF_INET6:
break;
#endif
default:
return 0;
}
if (pkt_len == -1)
return -1;
nflog_get_timestamp(nfa, &tv);
hdr.ts = tv;
hdr.caplen = MIN(pkt_len, config.snaplen);
hdr.len = pkt_len;
cb_data->ifindex_in = nflog_get_physindev(nfa);
if (cb_data->ifindex_in == 0)
cb_data->ifindex_in = nflog_get_indev(nfa);
cb_data->ifindex_out = nflog_get_physoutdev(nfa);
if (cb_data->ifindex_out == 0)
cb_data->ifindex_out = nflog_get_outdev(nfa);
#if defined (HAVE_L2)
if (mac_len) {
memcpy(jumbo_container, nflog_get_msg_packet_hwhdr(nfa), mac_len);
memcpy(jumbo_container + mac_len, pkt, hdr.caplen);
hdr.caplen += mac_len;
hdr.len += mac_len;
} else {
memset(jumbo_container, 0, ETHER_HDRLEN);
memcpy(jumbo_container+ETHER_HDRLEN, pkt, hdr.caplen);
hdr.caplen += ETHER_HDRLEN;
hdr.len += ETHER_HDRLEN;
switch (nfmsg->nfgen_family) {
case AF_INET:
((struct eth_header *)jumbo_container)->ether_type = ntohs(ETHERTYPE_IP);
break;
case AF_INET6:
((struct eth_header *)jumbo_container)->ether_type = ntohs(ETHERTYPE_IPV6);
break;
}
}
pcap_cb((u_char *) cb_data, &hdr, jumbo_container);
#else
pcap_cb((u_char *) cb_data, &hdr, pkt);
#endif
}