static int packet_callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
              struct nfq_data *nfa, void *data)
{
	QHandler *handler = (QHandler *) data;

	u_int32_t id = get_pkt_id(nfa);
	char *payload;
	int payload_len;
	payload_len = nfq_get_payload(nfa, &payload);

	// Determine addresses
	IpAddress srcaddr((struct in_addr *) (payload + 12));
	IpAddress dstaddr((struct in_addr *) (payload + 16));
	// std::cout << "Got packet ID " << id << 
	// 	" from " << srcaddr << " to " << dstaddr << std::endl;
	// Work out what proto it is...
	int proto = (int) (unsigned char) payload[9];
	FnvHash hash;
	hash.addData(payload + 12, 8); // src + dst addr
	if (proto == IPPROTO_TCP) {
		// unsigned short sport = ntohs( *(unsigned short *) (payload+20));
		// unsigned short dport = ntohs( *(unsigned short *) (payload+22));
		// std::cout << "TCP sport " << sport << " dport " << dport
		// 	<< std::endl;
		hash.addData(payload + 20, 4); // src + dst ports
	}
	int hashvalue = hash.get16rev();
	// std::cout << "Hash value=" << hashvalue << std::endl;
	u_int32_t verdict = NF_DROP;
	if ((hashvalue >= handler->lowerHashLimit) && (hashvalue < handler->upperHashLimit))
		verdict = NF_ACCEPT;
	std::cout << "Connection from " << srcaddr << " Hash value=" << hashvalue << " Accept: " << (verdict == NF_ACCEPT ? "yes" : "no") << std::endl;
	return nfq_set_verdict(handler->GetQh(), id, verdict, 0, NULL);
}
Example #2
0
int cb (struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
    struct nfq_data *nfa, void *data)
{
  int id;
  int len;
  int hlen;
  char *pkt;
  struct nfqnl_msg_packet_hdr *ph;
  struct nfqnl_msg_packet_hw *hwph;
  struct timeval tv;

  tv.tv_sec = 0; // init

  if ((ph = nfq_get_msg_packet_hdr(nfa)))
    id = ntohl(ph->packet_id);
  else
    id = 0;

  if ((hwph = nfq_get_packet_hw(nfa)))
    hlen = ntohs(hwph->hw_addrlen);
  else
    hlen = 0;

  /* hole payload ... falls es nicht klappt ... Paket durchreichen */
  if ((len = nfq_get_payload (nfa, (char **) &pkt)) < 0)
    return nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);

  nfq_get_timestamp(nfa,&tv);
  return nfq_set_verdict(qh, id, myworker (data, pkt, len,&tv) ? NF_DROP :
                          NF_ACCEPT, 0, NULL);
}
static u_int32_t record_pkt (struct nfq_data *tb){

    /*! create pcap specific header
     */
    struct pcap_pkthdr phdr;

    /*! init capture time
     */
    static struct timeval t;
    memset (&t, 0, sizeof(struct timeval));
    gettimeofday(&t, NULL);
    phdr.ts.tv_sec = t.tv_sec;
    phdr.ts.tv_usec = t.tv_usec;

    /*! populate pcap struct with packet headers
     */
    char *nf_packet;
    phdr.caplen = nfq_get_payload(tb,&nf_packet);
    phdr.len = phdr.caplen;

    /*! dump packet data to the file */
    pcap_dump((u_char *)p_output, &phdr, (const u_char *)nf_packet);

    return 0;
}
Example #4
0
static int process_nfq_packet(struct nfq_q_handle *qh,
        struct nfgenmsg *nfmsg,
        struct nfq_data *nfa,
        void *data)
{
    struct nfqnl_msg_packet_hdr *ph;
    int pkt_len = 0;
    int verdict;
    unsigned char *full_packet;
    fko_srv_options_t   *opts = (fko_srv_options_t *)data;

    ph = nfq_get_msg_packet_hdr(nfa);
    if (ph) {

        /* --DSS for ref
          id = ntohl(ph->packet_id);
          hook = ph->hook;
          hw_proto = ph->protocol;
        */

        /* Retrieve packet payload
        */
        pkt_len = nfq_get_payload(nfa, &full_packet);

        process_packet(opts, pkt_len, full_packet);

        /* Verdict on what to do with the packet.  If it is coming from
         * the INPUT chain (NF_IP_LOCAL_IN), then it is assumed to be
         * a spa packet and can be dropped. Otherwise, let it through.
        */
        verdict = (ph->hook == NF_IP_LOCAL_IN) ? NF_DROP : NF_ACCEPT;
        nfq_set_verdict(qh, ph->packet_id, verdict, 0, NULL);
    }
    return 0;
}
Example #5
0
static int redirect_pkt(struct nfq_data* tb, int sockdes)
{
	int id = 0;
	int len;
	unsigned char* data;
	struct nfqnl_msg_packet_hdr *ph;

	package_with_header curr_package;

	
	ph = nfq_get_msg_packet_hdr(tb);
	if (ph) {
		id = ntohl(ph->packet_id);
	}

		
	len = nfq_get_payload(tb, &data);
	if (len < 0) {
		perror("payload");
		exit(1);
	}
	
	curr_package.packet_id = id;
	printf("%i\n", id);
	memcpy(curr_package.data, data, len); 
	if (send(sockdes, &curr_package, sizeof(package_with_header), 0) == -1) {
            perror("send");
            exit(1);
        }
	
	return id;				
	
}
Example #6
0
static int queue_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, struct nfq_data *nfa, void *data)
{
    struct nfqnl_msg_packet_hdr *ph;
    struct skb_buf skb;

    //get unique ID of packet in queue
    ph = nfq_get_msg_packet_hdr(nfa);
    if(!ph)
    {
        return -1;
    }
    skb.packet_id= ntohl(ph->packet_id);

    //get payload
    skb.pload_len = nfq_get_payload(nfa, &(skb.pload));
    if(skb.pload_len <=0)
    {
        nfq_set_verdict(qh, skb.packet_id, NF_ACCEPT, skb.pload_len, skb.pload);
        return -1;
    }

    skb.pload[skb.pload_len]='\0';

    process_tcp(&skb ,tcp_stream_handle);

    return 0;

}
Example #7
0
static inline int SetPktHdr (
    NfqImpl* impl,
    struct nfq_data* nfad,
    DAQ_PktHdr_t* hdr,
    uint8_t** pkt
) {
    int len = nfq_get_payload(nfad, (char**)pkt);

    if ( len <= 0 )
        return -1;

    hdr->caplen = ((uint32_t)len <= impl->snaplen) ? (uint32_t)len : impl->snaplen;
    hdr->pktlen = len;
    hdr->flags = 0;
    hdr->address_space_id = 0;

    // if nfq fails to provide a timestamp, we fall back on tod
    if ( nfq_get_timestamp(nfad, &hdr->ts) )
        gettimeofday(&hdr->ts, NULL);

    hdr->ingress_index = nfq_get_physindev(nfad);
    hdr->egress_index = -1;
    hdr->ingress_group = -1;
    hdr->egress_group = -1;

    return 0;
}
Example #8
0
/* returns packet id */
static u_int32_t print_pkt (struct nfq_data *tb)
{
	int id = 0;
	struct nfqnl_msg_packet_hdr *ph;
	u_int32_t mark,ifi;
	int ret;
	char *data;

	ph = nfq_get_msg_packet_hdr(tb);
	if (ph){
		id = ntohl(ph->packet_id);
		printf("hw_protocol=0x%04x hook=%u id=%u ",
			ntohs(ph->hw_protocol), ph->hook, id);
	}

	mark = nfq_get_nfmark(tb);
	if (mark)
		printf("mark=%u ", mark);

	ifi = nfq_get_indev(tb);
	if (ifi)
		printf("indev=%u ", ifi);

	ifi = nfq_get_outdev(tb);
	if (ifi)
		printf("outdev=%u ", ifi);

	ret = nfq_get_payload(tb, &data);
	if (ret >= 0)
		printf("payload_len=%d ", ret);

	fputc('\n', stdout);

	return id;
}
Example #9
0
// function callback for packet processing
// ---------------------------------------
static int nfqueue_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
                      struct nfq_data *nfa, void *data) {
    struct nfqnl_msg_packet_hdr *ph;
    int id_protocol = 0, id = 0, len = 0;
    unsigned char *full_packet; // get data of packet (payload)
    unsigned char *new_packet = NULL;
    
    ph = nfq_get_msg_packet_hdr(nfa);
    if (ph) {
        len = nfq_get_payload(nfa, &full_packet);
        id = ntohl(ph->packet_id);
        id_protocol = identify_ip_protocol(full_packet);
        if (id_protocol == IPPROTO_UDP) { /* Only UDP packets */
            printf("Packet from %s:%d", get_src_ip_str(full_packet), get_udp_src_port(full_packet));
            printf(" to %s:%d\n", get_dst_ip_str(full_packet), get_tcp_dst_port(full_packet));
            /* Process packet... */
            new_packet = process_packet(full_packet, &len, ph->hook);
        }
        // let the packet continue on.  NF_ACCEPT will pass the packet
        // -----------------------------------------------------------
        if (new_packet) {
            nfq_set_verdict(qh, id, NF_ACCEPT, len, new_packet);
            free(new_packet);
        }
        else
            nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
    } else {
        printf("NFQUEUE: can't get msg packet header.\n");
        return ERR;		// from nfqueue source: 0 = ok, >0 = soft error, <0 hard error
    }

    return OK;
}
Example #10
0
static int cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
	      struct nfq_data *nfa, void *data)
{
	unsigned char *payload;
	int pay_len, match, rlen; 
	u_int32_t id = display_pkt(nfa);
	pay_len = nfq_get_payload(nfa, &payload);  
#ifdef DEBUG
        printf("Content inspection...pay_len=%d\n", pay_len); 
#endif
        match = inspect_tcp(payload, pay_len);  // return 1 if matched, 0 otherwise 
        if (match && p_queue.count < QSIZE) {  // if queue is full, let them pass 
           //print_ip_pkt(payload, pay_len); 
           // now lock the queue
           pthread_mutex_lock (&lock_queue); 
           enqueue(&p_queue, payload, pay_len, id);  
#ifdef DEBUG
	   printf("Matched packet. Queue size: %d\n", p_queue.count); 
#endif
           pthread_mutex_unlock (&lock_queue); 
           sem_post(&sem_queue);   // wake up sending threads 
	   return 0; 
       } else {
#ifdef DEBUG
	   printf("No match found\n");         // should be ok for not locking the queue
#endif
           pthread_mutex_lock (&lock_qh); 
	   rlen = nfq_set_verdict(qh, id, NF_ACCEPT, pay_len, payload);
           pthread_mutex_unlock (&lock_qh); 
	   return rlen; 
       }
}
Example #11
0
static int packet_callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
		struct nfq_data *nfad, void *data)
{
	struct packet_module_state *state = data;
	struct nfqnl_msg_packet_hdr* packet_hdr;

#if NFQ_GET_PAYLOAD_UNSIGNED_CHAR
	unsigned char *packet_data;
#else
	char *packet_data;
#endif

	int packet_len;

	state->error = 0;

	packet_hdr = nfq_get_msg_packet_hdr(nfad);
	if (!packet_hdr) {
		message(HAKA_LOG_ERROR, MODULE_NAME, L"unable to get packet header");
		return 0;
	}

	packet_len = nfq_get_payload(nfad, &packet_data);
	if (packet_len > PACKET_BUFFER_SIZE) {
		message(HAKA_LOG_WARNING, MODULE_NAME, L"received packet is too large");
		return 0;
	}
	else if (packet_len < 0) {
		message(HAKA_LOG_ERROR, MODULE_NAME, L"unable to get packet payload");
		return 0;
	}

	state->current_packet = malloc(sizeof(struct nfqueue_packet));
	if (!state->current_packet) {
		state->error = ENOMEM;
		return 0;
	}

	memset(state->current_packet,0,sizeof(struct nfqueue_packet));

	state->current_packet->data = malloc(packet_len);
	if (!state->current_packet->data) {
		free(state->current_packet);
		state->error = ENOMEM;
		return 0;
	}

	state->current_packet->timestamp = time_gettimestamp();
	state->current_packet->length = packet_len;
	state->current_packet->modified = 0;
	state->current_packet->id = ntohl(packet_hdr->packet_id);

	/* The copy is needed as the packet buffer will be overridden when the next
	 * packet will arrive.
	 */
	memcpy(state->current_packet->data, packet_data, packet_len);

	return 0;
}
static int cbUp(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
        struct nfq_data *nfa, void *payload) {
    char *send_data;
    int i = 0, newSize = 0;
    u_int32_t id = build_advertisement(nfa, &newSize);
    i = nfq_get_payload(nfa, &send_data);
    return nfq_set_verdict(qh, id, NF_ACCEPT, newSize, (unsigned char *)send_data);
}
Example #13
0
static u_int32_t fwnfq_process_pkt (struct nfq_data *tb, FWAction *action)
{
	struct nfqnl_msg_packet_hdr *ph;
	gint           id = 0;
	u_int32_t      mark, ifi, ifo, ifaceidx; 
	gint           ret, iphdrlen;
	gchar         *data;

	FWDirection     dir;
	struct ip      *hdr;
	
	ph = nfq_get_msg_packet_hdr(tb);
	if ( ph ) {
		id = ntohl(ph->packet_id);
		printf("hw_protocol=0x%04x hook=%u id=%u ", ntohs(ph->hw_protocol), ph->hook, id);
	}
	
	mark = nfq_get_nfmark(tb);
	if ( mark )
		printf("mark=%u ", mark);
	
	ifi = nfq_get_indev(tb);
	if ( ifi ) {
		printf("indev=%u ", ifi-1);
		dir   = DIR_INCOMING;
		ifaceidx = ifi - 1;
	}

	ifo = nfq_get_outdev(tb);
	if ( ifo ) {
		printf("outdev=%u ", ifo-1);
		dir   = DIR_OUTGOING;
		ifaceidx = ifo - 1;
	}

	ret = nfq_get_payload(tb, &data);
	if ( ret >= 0 )
		printf("payload_len=%d ", ret);

	printf("\n\n");

	/* Refresh every 50 packet */
	//  if ( (id % 50) == 0 ) {
	//    fwproc_netentries_process(PROTO_TCP);
	//    fwproc_netentries_process(PROTO_UDP);
	//    fwproc_scan_procdir();
	//  }

	hdr      = (struct ip *) data;
	iphdrlen = hdr->ip_hl * 4; // IP header len = ip_hl * 4 (32 bits)
	printf("*** PACKET PROTOCOL: %s ***\n", TxtProto[hdr->ip_p]);
	
	*action = fwnfq_process_rules(ifaceidx, dir, data, id);

	return id;
}
Example #14
0
static int log_packet(struct nfq_q_handle* qh, struct nfgenmsg* nfmsg, struct nfq_data* dat, void* data)
{
    struct nfqnl_msg_packet_hdr* nfq_hdr = nfq_get_msg_packet_hdr(dat);
    unsigned char* payload;
    int len = nfq_get_payload(dat,&payload);
    printf("---\n");
    printf("got a packet - len %d\n",len);
    nfq_set_verdict(qh, ntohl(nfq_hdr->packet_id), NF_ACCEPT, 0, NULL);
    return 0;
}
static u_int32_t print_pkt (struct nfq_data *tb)
{
	int id = 0;
	struct nfqnl_msg_packet_hdr *ph;
	struct nfqnl_msg_packet_hw *hwph;
	u_int32_t mark,ifi; 
	int ret;
	char *data;

	ph = nfq_get_msg_packet_hdr(tb);
	if (ph) {
		id = ntohl(ph->packet_id);
		printf("hw_protocol=0x%04x hook=%u id=%u ",
			ntohs(ph->hw_protocol), ph->hook, id);
	}

	hwph = nfq_get_packet_hw(tb);
	if (hwph) {
		int i, hlen = ntohs(hwph->hw_addrlen);

		printf("hw_src_addr=");
		for (i = 0; i < hlen-1; i++)
			printf("%02x:", hwph->hw_addr[i]);
		printf("%02x ", hwph->hw_addr[hlen-1]);
	}

	mark = nfq_get_nfmark(tb);
	if (mark)
		printf("mark=%u ", mark);

	ifi = nfq_get_indev(tb);
	if (ifi)
		printf("indev=%u ", ifi);

	ifi = nfq_get_outdev(tb);
	if (ifi)
		printf("outdev=%u ", ifi);
	ifi = nfq_get_physindev(tb);
	if (ifi)
		printf("physindev=%u ", ifi);

	ifi = nfq_get_physoutdev(tb);
	if (ifi)
		printf("physoutdev=%u ", ifi);

	ret = nfq_get_payload(tb, &data);
	if (ret >= 0) {
		printf("payload_len=%d ", ret);
		//processPacketData (data, ret);
	}
	fputc('\n', stdout);

	return id;
}
Example #16
0
static int tc_nfq_process_packet(struct nfq_q_handle *qh, 
        struct nfgenmsg *nfmsg, struct nfq_data *nfa, void *data)
{
    int                          i, id = 0, payload_len = 0, ret,
                                 pass_through_flag = 0;
    unsigned char               *payload;
    tc_ip_header_t              *ip_hdr;
    struct nfqnl_msg_packet_hdr *ph;

    ph = nfq_get_msg_packet_hdr(nfa);
    if (ph) {
        id = ntohl(ph->packet_id);
    }

    payload_len = nfq_get_payload(nfa, &payload);
    if (payload_len < 40) {
        tc_log_info(LOG_WARN, 0, "payload len wrong:%d", payload_len);
        return TC_ERROR;
    }

    ip_hdr = (tc_ip_header_t *)payload;

    if (ip_hdr != NULL) {
        /* check if it is the valid user to pass through firewall */
        for (i = 0; i < srv_settings.passed_ips.num; i++) {
            if (srv_settings.passed_ips.ips[i] == ip_hdr->daddr) {
                pass_through_flag = 1;
                break;
            }
        }

        tot_resp_packs++;

        if (pass_through_flag) {

            /* pass through the firewall */
            ret = nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
        } else {

            tot_copy_resp_packs++;
            router_update(srv_settings.router_fd, ip_hdr);

            tc_check_cleaning();

            /* drop the packet */
            ret = nfq_set_verdict(qh, id, NF_DROP, 0, NULL);
        }
    } else {
        ret = TC_ERROR;
    }


    return ret;
}
Example #17
0
File: nfq.c Project: uweber/libnet
/*-
 * str = nfq.get_payload(cbctx)
 *
 * str is the IP payload, it has been stripped of link-layer headers!
 */
static int get_payload(lua_State* L)
{
    struct nfq_data *nfqdata = checkudata(L);
    char* data = NULL;
    int datasz = nfq_get_payload(nfqdata, &data);
    luaL_argcheck(L, datasz >= 0, 1, "nfqdata not available");

    lua_pushlstring(L, data, datasz);

    return 1;
}
/*
	::::	Funcion callback	:::
		================
	Es invocada cada vez que hay un paquete en la cola
*/
static int cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, struct nfq_data *nfa, void *data)
{
	u_int32_t id;
        struct nfqnl_msg_packet_hdr *ph;
	struct nfqnl_msg_packet_hw *hwph;
	unsigned char *nf_packet;
	char saddr[2048];
	int ret;
	char *valor_memcache;
	size_t len_memcache;
	char *key_memcache="autorizada";
	uint32_t flags;

	// Obtenemos las headers:
	ph = nfq_get_msg_packet_hdr(nfa);	
	// Y el ID de paquete, que hace falta para el veredicto final:
	id = ntohl(ph->packet_id);
     	// Obtenemos la IP origen del paquete:
	// - Primero hay que obtener el paquete en si:
	ret = nfq_get_payload(nfa, &nf_packet);
	if ((ret <= 0))
	{
		printf("Error, no hay paquete que recibir - wtf \n");
		return;
    	}

	struct iphdr *iph = ((struct iphdr *) nf_packet);
	inet_ntop(AF_INET, &(iph->saddr), saddr, sizeof(saddr));
//    	fprintf(stdout,"Recibido con origen%s\n",saddr);

  	valor_memcache  = memcached_get(memc, key_memcache, strlen(key_memcache), &len_memcache, &flags, &rc);

	if (rc == MEMCACHED_SUCCESS) 
	{
		if (strcmp(saddr,valor_memcache) == 0)
		{
			free(valor_memcache);
			return nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
		}
		else
		{
			free(valor_memcache);
			return nfq_set_verdict(qh, id, NF_DROP, 0, NULL);
		}
	}
	else
	{
		printf("Key %s no se ha podido encontrar en memcached\n",key_memcache);
		return nfq_set_verdict(qh, id, NF_DROP, 0, NULL);
	}

}
Example #19
0
static int cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
              struct nfq_data *nfa, void *data) {
  struct nfqnl_msg_packet_hdr *ph;
  u_int32_t id;

  ph = nfq_get_msg_packet_hdr(nfa);
  assert (ph);

  id = ntohl(ph->packet_id);

  uint8_t *pkt;
  int len = nfq_get_payload(nfa, &pkt);
  printf("id %d: got %d bytes payload\n", id, len);

  u_int32_t verdict = NF_REPEAT;  /* by default, just mark so we can REJECT */
  if (len >= (signed)sizeof(struct iphdr)) {
    struct iphdr *iph = (struct iphdr *)pkt;

    if (iph->version == 4) {
      struct in_addr haddr = {.s_addr = iph->saddr};
      printf("host: %s\n", inet_ntoa(haddr));

      for (const char **host = hosts; *host; ++host) {
        printf("trying %s\n", *host);
        struct hostent *he = gethostbyname(*host);
        if (he) {
          for (char **alp = he->h_addr_list; *alp; ++alp) {
            if (((struct in_addr *)*alp)->s_addr == haddr.s_addr) {
              printf("ok\n");
              verdict = NF_ACCEPT;
              break;
            }
          }
        }

        if (verdict == NF_ACCEPT) break;
      }
    }
  }

  int rv;
  rv = nfq_set_verdict2(qh, id, verdict, 1, 0, NULL);
  fprintf(stderr, "set_verdict2: %d\n", rv);
  assert (rv >= 0);

  return 0;
}

static void usage() {
  fprintf(stderr, "Usage: namematch [-h dest_hostname ...]\n");
}
Example #20
0
static int verify_pkt (struct nfq_data *tb) {
  struct nfqnl_msg_packet_hdr *ph;
  struct nfqnl_msg_packet_hw *hwph;
  struct iphdr *iph;
  struct tcphdr *tcph;
  
  ph = nfq_get_msg_packet_hdr(tb);
  if(!ph) return -1;

  // check for IP
  if(ntohs(ph->hw_protocol) != 0x800)
    return -1;

  hwph = nfq_get_packet_hw(tb);
  if(!hwph) return -1;

  // only accept 6 byte hw addresses
  // this may fail with USB net. But we don't want to restricht that
  // anyway
  if(ntohs(hwph->hw_addrlen) != 6)
    return -1;

  // the rest are payload checks
  // error or less than ip+tcp headers
  if(nfq_get_payload(tb, (unsigned char **)&iph) < 40)
    return -1;

  // check for valid ipv4 header
  if((iph->version != 4) || (iph->ihl != 5))
    return -1;

  // don't allow fragmentation
  if((ntohs(iph->frag_off) & 0x1fff) != 0)
    return -1;

  // only deal with tcp
  if(iph->protocol != 6)
    return -1;

  // and take a peak into the tcp header
  tcph = (struct tcphdr*)(((char*)iph)+20);

  // ignore anything that doesn't have a syn flag
  if(!tcph->syn)
    return -1;
  
  return 0;
}
Example #21
0
static int cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, struct nfq_data *nfa, void *data)
{
    struct nfqnl_msg_packet_hdr *ph;
    //m_stack_t *st = (m_stack_t *)data;
    unsigned char *packet;
    u_int32_t id, ret;

    ph = nfq_get_msg_packet_hdr(nfa);
    id = ntohl(ph->packet_id);

    if ((ret = nfq_get_payload(nfa, &packet)) >= 0){
        syslog(LOG_NOTICE, "packet catched id: %d, payload_len=%d\n\r", id, ret);

    }

    return nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
}
Example #22
0
static int cb(
    struct nfq_q_handle *q,
    struct nfgenmsg *nfmsg,
    struct nfq_data *nfa,
    void *arg
) {
    int id = 0;
    struct nfqnl_msg_packet_hdr *ph;
    
    size_t packet_length;
    unsigned char   *packet_data;
    struct pkt_buff *packet;
    struct iphdr    *ip_header;
    struct tcphdr   *tcp_header;
    
    ph = nfq_get_msg_packet_hdr(nfa);
    if (ph) {
        id = ntohl(ph->packet_id);
    }
    
    packet_length = nfq_get_payload(nfa, &packet_data);
    packet = pktb_alloc(AF_INET, packet_data, packet_length, 4096);
    
    ip_header = nfq_ip_get_hdr(packet);
    nfq_ip_set_transport_header(packet, ip_header);
    tcp_header = nfq_tcp_get_hdr(packet);
    
    if (ip_header) {
        struct in_addr *target;
        if (src_or_dst == src) {
            target = (struct in_addr *) &ip_header->saddr;
        } else if (src_or_dst == dst) {
            target = (struct in_addr *) &ip_header->daddr;
        }
        inet_aton(target_ip_address, target);
        
        nfq_ip_set_checksum(ip_header);
        nfq_tcp_compute_checksum_ipv4(tcp_header, ip_header);
        memcpy(packet_data, pktb_data(packet), packet_length);
    }
    
    pktb_free(packet);
    
    return nfq_set_verdict(q, id, NF_ACCEPT, packet_length, packet_data);
}
Example #23
0
int get_info(struct nfq_data *tb, device_t *dev, char *ip_addr, uint16_t *port) {
  struct nfqnl_msg_packet_hw *hwph;
  struct iphdr *iph;
  struct tcphdr *tcph;

  hwph = nfq_get_packet_hw(tb);
  if(!hwph) return -1;
  memcpy(dev->hw_addr, hwph->hw_addr, 6);
  
  if(nfq_get_payload(tb, (unsigned char **)&iph) < 40)
    return -1;
  memcpy(ip_addr, &iph->saddr, 4);
	 
  tcph = (struct tcphdr*)(((char*)iph)+20);
  *port = ntohs(tcph->dest);
  
  return 0;
}
Example #24
0
static inline int SetPktHdr (
    NfqImpl* impl,
    struct nfq_data* nfad,
    DAQ_PktHdr_t* hdr,
    uint8_t** pkt
) {
    int len = nfq_get_payload(nfad, (char**)pkt);

    if ( len <= 0 )
        return -1;

    hdr->caplen = ((uint32_t)len <= impl->snaplen) ? (uint32_t)len : impl->snaplen;
    hdr->pktlen = len;
    hdr->flags = 0;

    nfq_get_timestamp(nfad, &hdr->ts);
    hdr->device_index = nfq_get_physindev(nfad);

    return 0;
}
Example #25
0
int disrupt_ip_packet_analysis(struct nfq_data *nfa, int32_t pkt_id) {
	#ifdef NFQ_V0
		char *payload_data;
	#else
		unsigned char *payload_data;
	#endif

	uint16_t payload_len = nfq_get_payload(nfa, &payload_data);
	struct iphdr * ip_hdr = (struct iphdr *)(payload_data);

	packet.size= payload_len + DATALINK_OVERHEAD;

	/* Detect transport protocol */
	if ( ip_hdr->protocol == IPPROTO_TCP ) {
		return disrupt_tcp_packet_analysis(payload_data + sizeof(struct iphdr), pkt_id);
	} else if ( ip_hdr->protocol == IPPROTO_UDP ) {
		disrupt_stream_detection(ip_hdr, (struct udphdr *) (payload_data + sizeof(struct iphdr)) );
		return disrupt_udp_packet_analysis(payload_data + sizeof(struct iphdr), pkt_id);
	}
}
Example #26
0
int NetherNetlink::callback(struct nfq_q_handle *, struct nfgenmsg *, struct nfq_data *nfa, void *data)
{
	NetherNetlink *me = static_cast<NetherNetlink *>(data);
	NetherPacket packet;
	unsigned char *secctx;
	int secctxSize = 0;
	struct nfqnl_msg_packet_hdr *ph;
	unsigned char *payload;

	if((ph = nfq_get_msg_packet_hdr(nfa)))
	{
		packet.id = ntohl(ph->packet_id);
	}
	else
	{
		LOGI("Failed to get packet id");
		return (1);
	}

	/* get interface information if requested */
	me->getInterfaceInfo(nfa, packet);

	if(nfq_get_uid(nfa, &packet.uid) == 0)
		LOGW("Failed to get uid for packet id=" << packet.id);

	nfq_get_gid(nfa, &packet.gid);

	secctxSize = nfq_get_secctx(nfa, &secctx);

	if(secctxSize > 0)
		packet.securityContext = std::string((char *)secctx, secctxSize);
	else
		LOGD("Failed to get security context for packet id=" << packet.id);

	if(me->netherConfig.copyPackets && nfq_get_payload(nfa, &payload) > 0)
		decodePacket(packet, payload);

	me->processNetherPacket(packet);  /* this call if from the NetherPacketProcessor class */

	return (0);
}
Example #27
0
/* returns packet id */
static u_int32_t display_pkt (struct nfq_data *tb)
{
	int id = 0;
	struct nfqnl_msg_packet_hdr *ph;
	int ret;
	unsigned char *data;

	ph = nfq_get_msg_packet_hdr(tb);
	if (ph) {
		id = ntohl(ph->packet_id);
#ifdef DEBUG
		printf("hw_protocol=0x%04x hook=%u id=%u \n",
			ntohs(ph->hw_protocol), ph->hook, id);
#endif
	}

	ret = nfq_get_payload(tb, &data);
	// if (ret >= 0) print_ip_pkt(data, ret); 

	return id;
}
Example #28
0
File: main.c Project: lmatz/NAT
static int Callback123(nfq_q_handle* myQueue, struct nfgenmsg* msg, nfq_data* pkt, void *cbData) {
	unsigned int id=0;
	nfqnl_msg_packet_hdr *header;
	double currentTime=0;
	
	fprintf(stdout,"enter the callback\n");	
  
  fprintf(stdout,"***********ALL entry in UDP table\n");
  printAllUdp(&udpHead);
  fprintf(stdout,"\n**********All entry in tCP table\n");
  printAllTcp(&tcpHead);
  fprintf(stdout,"\n*****end***************\n\n");


	//get time
//	struct timeval tv;
//	if (!nfq_get_timestamp(pkt,&tv) ) {
//		double currentTime = tv.tv_sec + (double) tv.tv_usec / 1000000;
//		printf(" Timestamp: %lf\n",currentTime);
//	}
//	else {
//		printf(" Timestamp: nil\n");
//	}
	
  time_t now;
  now=time(0);
  currentTime=(double)now;


		printf("pkt recvd: ");
		if ( (header = nfq_get_msg_packet_hdr(pkt) )) {
			id = ntohl(header->packet_id);
			printf("  id: %u\n", id);
			printf("  hw_protocol: %u\n", ntohs(header->hw_protocol));		
			printf("  hook: %u\n", header->hook);
		}
		

	unsigned char *pktData;
	int len=nfq_get_payload(pkt, (char**)&pktData);

	/*
		convert the pktData to ip header and check the ip header's protocol:
		TCP :  process
		UDP :  process
		Neither TCP or UDP: drop
	*/
	struct ip* ip_hdr = (struct ip *) pktData;
	switch(ip_hdr->ip_p) {
		case IPPROTO_TCP:
		{
//			struct tcphdr* tcp_hdr = (struct tcphdr*) ( (unsigned char*)pktData + (ip_hdr->ip_hl << 2) );
			
			int processResult = processTcp(&tcpHead,ip_hdr);
			
			if ( processResult==1 ) {
				return nfq_set_verdict(myQueue, id, NF_ACCEPT, len, pktData);
			}
			else if ( processResult==0 ) {
				return nfq_set_verdict(myQueue, id, NF_DROP, 0, NULL);
			}
			else {
				fprintf(stderr,"The processUdp gives a wrong number, don't know whether to drop or accept\n");
				return nfq_set_verdict(myQueue, id, NF_DROP, 0, NULL);
			}
			break;
		}
		
		case IPPROTO_UDP:
		{
		//	struct udphdr* udp_hdr = (struct udphdr*) ( (unsigned char*)pktData + (ip_hdr->ip_hl << 2) );
			/*
				UDP part
			*/

			int processResult = processUdp(&udpHead,ip_hdr,currentTime);
			if ( processResult==1 ) {
				printf("Packet Source: %u\n",ntohl(ip_hdr->ip_src.s_addr));
				fprintf(stdout,"Packet Accepted. \n");
				return nfq_set_verdict(myQueue, id, NF_ACCEPT, len, pktData);
			}
			else if ( processResult ==0 ) {
				fprintf(stdout,"Packet Dropped. \n");
				return nfq_set_verdict(myQueue, id, NF_DROP, 0, NULL);
			}
			else {
				fprintf(stderr,"The processUdp gives a wrong number, don't know whether to drop or accept\n");
				return nfq_set_verdict(myQueue, id, NF_DROP, 0, NULL);
			}
			break;
		}
		default:
		{
			printf("Neither TCP or UDP, just drop it");
			return 	nfq_set_verdict(myQueue, id, NF_DROP, 0, NULL);
			break;
		}
	}

}
Example #29
0
int NFQSetupPkt (Packet *p, struct nfq_q_handle *qh, void *data)
{
    struct nfq_data *tb = (struct nfq_data *)data;
    int ret;
    char *pktdata;
    struct nfqnl_msg_packet_hdr *ph;

    ph = nfq_get_msg_packet_hdr(tb);
    if (ph != NULL) {
        p->nfq_v.id = ntohl(ph->packet_id);
        //p->nfq_v.hw_protocol = ntohs(p->nfq_v.ph->hw_protocol);
        p->nfq_v.hw_protocol = ph->hw_protocol;
    }
    p->nfq_v.mark = nfq_get_nfmark(tb);
    if (nfq_config.mode == NFQ_REPEAT_MODE) {
        if ((nfq_config.mark & nfq_config.mask) ==
                (p->nfq_v.mark & nfq_config.mask)) {
            int iter = 0;
            if (already_seen_warning < MAX_ALREADY_TREATED)
                SCLogInfo("Packet seems already treated by suricata");
            already_seen_warning++;
            do {
                ret = nfq_set_verdict(qh, p->nfq_v.id, NF_ACCEPT, 0, NULL);
            } while ((ret < 0) && (iter++ < NFQ_VERDICT_RETRY_TIME));
            if (ret < 0) {
                SCLogWarning(SC_ERR_NFQ_SET_VERDICT,
                             "nfq_set_verdict of %p failed %" PRId32 "",
                             p, ret);
            }
            return -1 ;
        }
    }
    p->nfq_v.ifi  = nfq_get_indev(tb);
    p->nfq_v.ifo  = nfq_get_outdev(tb);

#ifdef NFQ_GET_PAYLOAD_SIGNED
    ret = nfq_get_payload(tb, &pktdata);
#else
    ret = nfq_get_payload(tb, (unsigned char **) &pktdata);
#endif /* NFQ_GET_PAYLOAD_SIGNED */
    if (ret > 0) {
        /* nfq_get_payload returns a pointer to a part of memory
         * that is not preserved over the lifetime of our packet.
         * So we need to copy it. */
        if (ret > 65536) {
            /* Will not be able to copy data ! Set length to 0
             * to trigger an error in packet decoding.
             * This is unlikely to happen */
            SCLogWarning(SC_ERR_INVALID_ARGUMENTS, "NFQ sent too big packet");
            SET_PKT_LEN(p, 0);
        } else {
            PacketCopyData(p, (uint8_t *)pktdata, ret);
        }
    } else if (ret ==  -1) {
        /* unable to get pointer to data, ensure packet length is zero.
         * This will trigger an error in packet decoding */
        SET_PKT_LEN(p, 0);
    }

    ret = nfq_get_timestamp(tb, &p->ts);
    if (ret != 0) {
        memset (&p->ts, 0, sizeof(struct timeval));
        gettimeofday(&p->ts, NULL);
    }

    p->datalink = DLT_RAW;
    return 0;
}
Example #30
-1
static int cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
	struct nfq_data *nfa, void *data)
{
	u_int32_t id = -1;
	struct nfqnl_msg_packet_hdr* ph = nfq_get_msg_packet_hdr(nfa);
	if (ph) {
		id = ntohl(ph->packet_id);
		printf("hw_protocol=0x%04x hook=%u id=%u ",
		ntohs(ph->hw_protocol), ph->hook, id);

		char* packet_data = (char*) calloc(1, 10000);
		char* packet_data_2 = (char*) calloc(1, 10000);
		int count = nfq_get_payload(nfa, (unsigned char**)&packet_data);
		printf("count: [%d], ", count);

		int protocol = (int) packet_data[9];
		printf("protocol: [%d]", protocol);

		//Get the source and destination IPs
		char srcIP[33];
		inet_ntop(AF_INET, packet_data+12, srcIP, INET_ADDRSTRLEN);
		srcIP[32] = '\0';
		char destIP[33];
		inet_ntop(AF_INET, packet_data+16, destIP, INET_ADDRSTRLEN);
		destIP[32] = '\0';

		struct in_addr* destAddr = getInAddr(destIP);
		struct in_addr* sourceAddr = getInAddr(srcIP);

		//If we're blocking the flow, drop the packet.
		if(checkForFilteredFlows(sourceAddr, destAddr) == TRUE){
			return nfq_set_verdict(qh, id, NF_DROP, 0, NULL);
		}

		//Means the route record shim is not already there, so add it.
		if(protocol != ROUTE_RECORD_PROTOCOL){
			RouteRecord* rr = createRouteRecord(gatewayAddr, randomValue);
			char* rr_buf = writeRouteRecordAsNetworkBuffer(rr);

			memcpy(packet_data_2, packet_data + 20, count - 20);
			memcpy(packet_data + 20, rr_buf, MAX_RR_HEADER_SIZE);
			memcpy(packet_data + 20 + MAX_RR_HEADER_SIZE, packet_data_2, count - 20);
			packet_data[9] = (char) ROUTE_RECORD_PROTOCOL;
			printf("Modifying Packet\n\n");
		}
		else{
			// CHange the route record to add new gateway information
			RouteRecord* rr = readRouteRecord(packet_data + 20);
			addGatewayInfo(rr, gatewayAddr, -1l);

			char* rr_buf = writeRouteRecordAsNetworkBuffer(rr);
			memcpy(packet_data + 20, rr_buf, MAX_RR_HEADER_SIZE);
		}

		return nfq_set_verdict(qh, id, NF_ACCEPT, count + MAX_RR_HEADER_SIZE, (unsigned char*) packet_data);
	}

	printf("entering callback\n\n");
	return nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
}