static void packet_verdict(struct packet *orig_pkt, filter_result result)
{
int ret;
struct nfqueue_packet *pkt = (struct nfqueue_packet*)orig_pkt;
if (pkt->data) {
if (pkt->id == -1) {
if (result == FILTER_ACCEPT) {
ret = socket_send_packet(pkt->state->send_mark_fd, pkt->data, pkt->length);
}
else {
ret = 0;
}
}
else {
/* Convert verdict to netfilter */
int verdict;
switch (result) {
case FILTER_ACCEPT: verdict = NF_ACCEPT; break;
case FILTER_DROP: verdict = NF_DROP; break;
default:
message(HAKA_LOG_DEBUG, MODULE_NAME, L"unknown verdict");
verdict = NF_DROP;
break;
}
if (pkt->modified)
ret = nfq_set_verdict(pkt->state->queue, pkt->id, verdict, pkt->length, pkt->data);
else
ret = nfq_set_verdict(pkt->state->queue, pkt->id, verdict, 0, NULL);
}
if (pcap) {
switch (result) {
case FILTER_ACCEPT:
dump_pcap(&pcap->out, pkt);
break;
case FILTER_DROP:
default:
dump_pcap(&pcap->drop, pkt);
break;
}
}
if (ret == -1) {
message(HAKA_LOG_ERROR, MODULE_NAME, L"packet verdict failed");
}
free(pkt->data);
pkt->data = NULL;
}
}
static int packet_do_receive(struct packet_module_state *state, struct packet **pkt)
{
const int rv = recv(state->fd, state->receive_buffer,
sizeof(state->receive_buffer), 0);
if (rv < 0) {
messagef(HAKA_LOG_ERROR, MODULE_NAME, L"packet reception failed, %s", errno_error(errno));
return 0;
}
if (nfq_handle_packet(state->handle, state->receive_buffer, rv) == 0) {
if (state->current_packet) {
state->current_packet->state = state;
*pkt = (struct packet*)state->current_packet;
if (pcap) {
dump_pcap(&pcap->in, state->current_packet);
}
state->current_packet = NULL;
return 0;
}
else {
return state->error;
}
}
else {
message(HAKA_LOG_ERROR, MODULE_NAME, L"packet processing failed");
return 0;
}
}
void dump_event(struct mtp_event *event)
{
FILE *dump_fh;
ast_mutex_lock(&dump_mutex);
if(event->dump.out) {
dump_fh = dump_out_fh;
} else {
dump_fh = dump_in_fh;
}
if (dump_enabled(event))
dump_pcap(dump_fh, event);
ast_mutex_unlock(&dump_mutex);
}
