/************************* main *******************************/ int main() { new_packet = (unsigned char *)malloc(MTU); if(new_packet == NULL) { printf("Malloc failed\n"); exit(EXIT_FAILURE); } struct nfq_handle *h = get_handle(); fd_set rfds; // start the downstream code, later move to a thread initializeRabin(powers); int max_fd = 0; int down_fd = createQueue(h, DOWN_MOBILE_QUEUE, &cbDown); if(down_fd > max_fd) max_fd = down_fd; int up_fd = createQueue(h, UP_MOBILE_QUEUE, &cbUp); if(up_fd > max_fd) max_fd = up_fd; printlog(logfile, system_loglevel, LOG_DEBUG, "Queue packet descriptors, down_fd: %d, up_fd: %d\n", down_fd, up_fd); int n = 0, rv = 0; char buf[4096] __attribute__ ((aligned)); nfnl_rcvbufsiz(nfq_nfnlh(h), 4096 * 4096); while(true) { FD_ZERO(&rfds); FD_SET(down_fd, &rfds); FD_SET(up_fd, &rfds); n = select(max_fd + 1, &rfds, NULL, NULL, NULL); if(n == -1) { printlog(logfile, system_loglevel, LOG_CRITICAL, "Select returned error: %s\n", strerror(errno)); } if(FD_ISSET(down_fd, &rfds)) { rv = recv(down_fd, buf, sizeof(buf), 0); if(rv < 0) { printlog(logfile, system_loglevel, LOG_CRITICAL, "recv call failed: %s\n", strerror(errno)); } else { nfq_handle_packet(h, buf, rv); } } if(FD_ISSET(up_fd, &rfds)) { rv = recv(up_fd, buf, sizeof(buf), 0); if(rv < 0) { printlog(logfile, system_loglevel, LOG_CRITICAL, "recv call failed: %s\n", strerror(errno)); } else { nfq_handle_packet(h, buf, rv); } } } // start the upstream code, later move to a thread return 0; }
int main(int argc, char **argv) { int rv; char buf[4096] __attribute__ ((aligned)); q_setup(); while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) { printf("pkt received\n"); nfq_handle_packet(h, buf, rv); } printf("unbinding from queue 0\n"); nfq_destroy_queue(qh); #ifdef INSANE /* normally, applications SHOULD NOT issue this command, since * it detaches other programs/sockets from AF_INET, too ! */ printf("unbinding from AF_INET\n"); nfq_unbind_pf(h, AF_INET); #endif printf("closing library handle\n"); nfq_close(h); exit(0); }
static int packet_do_receive(struct packet_module_state *state, struct packet **pkt) { const int rv = recv(state->fd, state->receive_buffer, sizeof(state->receive_buffer), 0); if (rv < 0) { messagef(HAKA_LOG_ERROR, MODULE_NAME, L"packet reception failed, %s", errno_error(errno)); return 0; } if (nfq_handle_packet(state->handle, state->receive_buffer, rv) == 0) { if (state->current_packet) { state->current_packet->state = state; *pkt = (struct packet*)state->current_packet; if (pcap) { dump_pcap(&pcap->in, state->current_packet); } state->current_packet = NULL; return 0; } else { return state->error; } } else { message(HAKA_LOG_ERROR, MODULE_NAME, L"packet processing failed"); return 0; } }
int main(int argc, char **argv) { struct nfq_handle *h; struct nfq_q_handle *qh; struct nfnl_handle *nh; int fd; int rv; char buf[4096] __attribute__ ((aligned)); printf("Simple latency simulator\n"); printf("(C) 2009, 2010 by Holger Freyther\n"); printf("(C) 2005 by Harald Welte\n"); handle_options(argc, argv); h = nfq_open(); if (!h) { fprintf(stderr, "error during nfq_open()\n"); exit(1); } printf("unbinding existing nf_queue handler for AF_INET (if any)\n"); if (nfq_unbind_pf(h, AF_INET) < 0) { fprintf(stderr, "error during nfq_unbind_pf()\n"); exit(1); } printf("binding nfnetlink_queue as nf_queue handler for AF_INET\n"); if (nfq_bind_pf(h, AF_INET) < 0) { fprintf(stderr, "error during nfq_bind_pf()\n"); exit(1); } printf("binding this socket to queue '0'\n"); qh = nfq_create_queue(h, 0, &cb, NULL); if (!qh) { fprintf(stderr, "error during nfq_create_queue()\n"); exit(1); } printf("setting copy_packet mode\n"); if (nfq_set_mode(qh, NFQNL_COPY_META, 0xffff) < 0) { fprintf(stderr, "can't set packet_copy mode\n"); exit(1); } fd = nfq_fd(h); while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) { nfq_handle_packet(h, buf, rv); } printf("unbinding from queue 0\n"); nfq_destroy_queue(qh); printf("closing library handle\n"); nfq_close(h); exit(0); }
void disruptor_nfq_handle_traffic() { /*handle the incoming packets*/ d_nfq.fd = nfq_fd(d_nfq.h); while ((d_nfq.recv_pkt_sz = recv(d_nfq.fd, d_nfq.buf, sizeof(d_nfq.buf), 0)) >= 0) { nfq_handle_packet(d_nfq.h, d_nfq.buf, d_nfq.recv_pkt_sz); /* send packet to callback */ } }
static void packetsrv_activity_cb(struct ev_loop *loop, ev_io *w, int revents) { if (revents & EV_READ) { unsigned char buffer[BUFSIZ]; int rv; int fd = nfq_fd(h); /* read one packet */ rv = recv(fd, buffer, sizeof(buffer), 0); if (rv < 0) { struct nlif_handle *nlif_handle = (struct nlif_handle *) w->data; log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, "[!] Error of read on netfilter queue socket (code %i, errno %d): %s!", rv, errno, strerror(errno)); log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_SERIOUS_MESSAGE, "Reopen netlink connection."); packetsrv_close(0); #ifdef HAVE_NFQ_INDEV_NAME fd = packetsrv_open(nlif_handle); #else fd = packetsrv_open(NULL); #endif if (fd < 0) { log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_CRITICAL, "[!] FATAL ERROR: Fail to reopen netlink connection!"); exit(EXIT_FAILURE); } ev_io_stop(loop, w); ev_io_set(w, fd, EV_READ); ev_io_start(loop, w); return; } ev_io_stop(loop, &tls.ev_io); /* process the packet */ nfq_handle_packet(h, (char *) buffer, rv); pckt_rx++; ev_io_start(loop, &tls.ev_io); } if (revents & EV_ERROR) { struct nlif_handle *nlif_handle = (struct nlif_handle *) w->data; int fd; packetsrv_close(0); ev_io_stop(loop, w); #ifdef HAVE_NFQ_INDEV_NAME fd = packetsrv_open(nlif_handle); #else fd = packetsrv_open(NULL); #endif ev_io_set(w, fd, EV_READ); ev_io_start(loop, w); } }
int main(int argc, char **argv) { struct nfq_handle *qh; struct nfq_q_handle *qqh; // struct nfnl_handle *nh; int fd; int rv; char buf[4096] __attribute__ ((aligned)); struct nfct_handle *cth; if (init_nfct(&cth) != 0) { exit(1); } if (init_nfq(&qh, &qqh, cth) != 0) { exit(1); } fd = nfq_fd(qh); for (;;) { if ((rv = recv(fd, buf, sizeof(buf), 0)) >= 0) { printf("pkt received\n"); nfq_handle_packet(qh, buf, rv); continue; } /* if your application is too slow to digest the packets that * are sent from kernel-space, the socket buffer that we use * to enqueue packets may fill up returning ENOBUFS. Depending * on your application, this error may be ignored. Please, see * the doxygen documentation of this library on how to improve * this situation. */ if (rv < 0 && errno == ENOBUFS) { printf("losing packets!\n"); continue; } perror("recv failed"); break; } printf("unbinding from queue 0\n"); nfq_destroy_queue(qqh); #ifdef INSANE /* normally, applications SHOULD NOT issue this command, since * it detaches other programs/sockets from AF_INET, too ! */ printf("unbinding from AF_INET\n"); nfq_unbind_pf(h, AF_INET); #endif printf("closing library handle\n"); nfq_close(qh); nfct_close(cth); exit(0); }
int nfq() { int len, fd; char buf[BUFSIZE]= {0}; struct nfq_handle *h; //call nfq_open() to open a NFQUEUE handler h = nfq_open(); if(!h) { fprintf(stderr, "error during nfq_open()\n"); exit(1); } //unbinging existing nf_queue handler for PE_INET(if any) if(nfq_unbind_pf(h, PF_INET) < 0) { fprintf(stderr, "error during nfq_unbind_pf()\n"); exit(1); } //binding nfnetlink_queue as nf_queue handler for PF_INET if(nfq_bind_pf(h, PF_INET) < 0) { fprintf(stderr, "error during nfq_bind_pf()\n"); exit(1); } //binding this socket to queue '0' gqh = nfq_create_queue(h, 0, &queue_cb, NULL); if(!gqh) { fprintf(stderr,"error during nfq_create_queue()\n"); exit(1); } //setting copy_packet mode if(nfq_set_mode(gqh, NFQNL_COPY_PACKET, 0xffff) < 0) { fprintf(stderr, "can't set packet_copy_mode\n"); exit(1); } //get the file descriptor associated with the nfqueue handler fd = nfq_fd(h); //handle a packet received from the nfqueue subsystem CONTINUE: while ((len = recv(fd, buf, BUFSIZE, 0)) && len >= 0) { nfq_handle_packet(h, buf, len); } debug_log("error len=%d" ,len); sleep(2); goto CONTINUE; nfq_destroy_queue(gqh); nfq_close(h); return 0; }
static int nfq_daq_acquire ( void* handle, int c, DAQ_Analysis_Func_t callback, void* user) { NfqImpl *impl = (NfqImpl*)handle; int n = 0; fd_set fdset; struct timeval tv; tv.tv_usec = 0; // If c is <= 0, don't limit the packets acquired. However, // impl->count = 0 has a special meaning, so interpret accordingly. impl->count = (c == 0) ? -1 : c; impl->user_data = user; impl->user_func = callback; while ( (impl->count < 0) || (n < impl->count) ) { FD_ZERO(&fdset); FD_SET(impl->sock, &fdset); // set this per call tv.tv_sec = impl->timeout; tv.tv_usec = 0; // at least ipq had a timeout! if ( select(impl->sock+1, &fdset, NULL, NULL, &tv) < 0 ) { if ( errno == EINTR ) break; DPE(impl->error, "%s: select = %s", __FUNCTION__, strerror(errno)); return DAQ_ERROR; } if (FD_ISSET(impl->sock, &fdset)) { int len = recv(impl->sock, impl->buf, MSG_BUF_SIZE, 0); if ( len > 0) { int stat = nfq_handle_packet( impl->nf_handle, (char*)impl->buf, len); impl->stats.hw_packets_received++; if ( stat < 0 ) { DPE(impl->error, "%s: nfq_handle_packet = %s", __FUNCTION__, strerror(errno)); return DAQ_ERROR; } n++; } } } return 0; }
bool NetherNetlink::processPacket(char *packetBuffer, const int packetReadSize) { if(nfq_handle_packet(nfqHandle, packetBuffer, packetReadSize)) { LOGE("nfq_handle_packet failed"); return (false); } return (true); }
/* ---------------------------------------------------------------------------- */ void fwnfq_loop(void) { gchar buf[4096]; gint rv; while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) { printf("=====================================================================\n"); printf("* pkt received *\n"); nfq_handle_packet(h, buf, rv); } }
/** * This is the main function used by each worker thread that is spawned * when the startFilterThread() method of the HostFilter class is used. * @return 0 upon success, 1 upon failure. */ void* hostFilterMain(void* arg) { // declaration of local variables int fd; int bytes; char packetBuffer[1500]; struct nfq_handle *handle; struct nfq_q_handle *queueHandle; // attempt to open a queue connection handle from the netfilter module if (!(handle = nfq_open())) { std::cerr << "ERROR: nfq_open()" << std::endl; exit(1); } // unbind the handle to prevent any inability to bind if (nfq_unbind_pf(handle, AF_INET) < 0) { std::cerr << "ERROR: nfq_unbind_pf()" << std::endl; exit(1); } // bind the handle so that it can process IPv4 packets if (nfq_bind_pf(handle, AF_INET) < 0) { std::cerr << "ERROR: nfq_bind_pf()" << std::endl; exit(1); } // create the handle for the nfq queue and ensure that it is linked to a callback if (!(queueHandle = nfq_create_queue(handle, 0, &cb, arg))) { std::cerr << "ERROR: nfq_create_queue()" << std::endl; exit(1); } // enable all packet data for every queued packet to be copied and read into user space if (nfq_set_mode(queueHandle, NFQNL_COPY_PACKET, 0xffff) < 0) { std::cerr << "ERROR: packet copy mode" << std::endl; exit(1); } // create a file descriptor that can be used to read from the queue fd = nfq_fd(handle); if (fd == -1) { std::cerr << "ERROR: nfq_fd()" << std::endl; exit(1); } // when a packet is received from the queue go and handle it with the callback while (true) { if ((bytes = recv(fd, packetBuffer, sizeof(packetBuffer), 0)) >= 0) { std::cout << "A packet has been received at the queue" << std::endl; nfq_handle_packet(handle, packetBuffer, bytes); } } return NULL; }
void* routeRecordMain(void* arg){ randomValue = createLongRandomValue(); char* gatewayIP = getIPAddress(INTERFACE); gatewayAddr = getInAddr(gatewayIP); initializeRRFilterList(); struct nfq_handle* h = nfq_open(); if (!h) { fprintf(stderr, "error during nfq_open()\n"); exit(1); } printf("unbinding existing nf_queue handler for AF_INET (if any)\n"); if (nfq_unbind_pf(h, AF_INET) < 0) { fprintf(stderr, "error during nfq_unbind_pf()\n"); exit(1); } printf("binding nfnetlink_queue as nf_queue handler for AF_INET\n"); if (nfq_bind_pf(h, AF_INET) < 0) { fprintf(stderr, "error during nfq_bind_pf()\n"); exit(1); } //nfq_callback* cb = (nfq_callback*) calloc(1, sizeof(nfq_callback)); printf("binding this socket to queue '0'\n"); struct nfq_q_handle* qh = nfq_create_queue(h, 0, &cb, NULL); if (!qh) { fprintf(stderr, "error during nfq_create_queue()\n"); exit(1); } printf("setting copy_packet mode\n"); if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) { fprintf(stderr, "can't set packet_copy mode\n"); exit(1); } int fd = nfq_fd(h); int rv = -1; char* buf = (char*) calloc(1, 100001); while ((rv = recv(fd, buf, 10000, 0)) >= 0) { printf("pkt received\n received: [%d]\n\n", rv); nfq_handle_packet(h, buf, rv); } printf("unbinding from queue 0\n"); nfq_destroy_queue(qh); printf("closing library handle\n"); nfq_close(h); pthread_exit(NULL); }
/* * Initialize stdin and nfq hook, then loop forever. Callback() does all the real work. */ int main(int argc, char **argv) { int fd; int rv; char buf[4096] __attribute__ ((aligned)); if(getuid() != 0) { fail("Only root can use me."); } /* make stdin non-blocking, i.e. optional */ int flags = fcntl(0, F_GETFL, 0); flags |= O_NONBLOCK; fcntl(0, F_SETFL, flags); /* signal handler will close nfq hooks on exit */ if(signal(SIGINT, sig_handler) == SIG_IGN) signal(SIGINT, SIG_IGN); if(signal(SIGHUP, sig_handler) == SIG_IGN) signal(SIGINT, SIG_IGN); if(signal(SIGTERM, sig_handler) == SIG_IGN) signal(SIGINT, SIG_IGN); /* hook callback() into userspace netlink queue */ if (!(nfqh = nfq_open())) fail("nfq_open() failed"); if (0 > nfq_unbind_pf(nfqh, AF_INET)) fail("nfq_unbind_pf failed"); if (0 > nfq_bind_pf(nfqh, AF_INET)) fail("nfq_bind_pf failed"); if (!(qh = nfq_create_queue(nfqh, 0, &callback, NULL))) fail("nfq_create_queue failed"); if (0 > nfq_set_mode(qh, NFQNL_COPY_META, 0xffff)) fail("nfq_set_mode failed"); nh = nfq_nfnlh(nfqh); fd = nfnl_fd(nh); printf("Commencing packet mangling..\n"); clock_gettime(CLOCK_REALTIME, &last_time); while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) nfq_handle_packet(nfqh, buf, rv); printf("Exiting..\n"); return 0; }
static void ProcessNFQUEUE(int fd){ char buf[4096]; socklen_t len_r; struct sockaddr_in sendername; len_r = sizeof(struct sockaddr_in); int res = recvfrom(fd, buf, sizeof(buf), 0, (struct sockaddr *)&sendername, &len_r); nfq_handle_packet(nfqHandle, buf, res); }
void QHandler::HandleMessage() { char buf[4096]; int rv = recv(sock, buf, sizeof(buf), 0); if (rv > 0) { nfq_handle_packet(h, buf, rv); } else { if (errno != EAGAIN) { throw std::runtime_error("recv failed"); } } }
static int tc_nfq_event_process(tc_event_t *rev) { int rv = 0; char buffer[65536]; if (tc_nfq_socket_recv(rev->fd, buffer, 65536, &rv) == TC_ERROR) { return TC_ERROR; } nfq_handle_packet(srv_settings.nfq_handler, buffer, rv); return TC_OK; }
int main(int argc, char** argv) { int fd; ssize_t rv; char buf[4096]; struct nfq_handle* h; struct nfq_q_handle* qh; int i=0; h = nfq_open(); if (!h) { fprintf(stderr, "error during nfq_open()\n"); exit(1); } if (nfq_unbind_pf(h, AF_INET) < 0) { fprintf(stderr, "error during nfq_unbind_pf()\n"); exit(1); } if (nfq_bind_pf(h, AF_INET) < 0) { fprintf(stderr, "error during nfq_bind_pf()\n"); exit(1); } printf("Binding to queue 0...\n"); qh = nfq_create_queue(h, 0, &cb, NULL); if (!qh) { fprintf(stderr, "error during nfq_create_queue()\n"); exit(1); } printf("Copying packets...\n"); if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) { fprintf(stderr, "error during nfq_set_mode()\n"); exit(1); } fd = nfq_fd(h); memset(buf, 0, 4096); while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) { for (i = 0; i < rv; i++) printf("%02x\n", *(buf+i)); printf("\n\n"); nfq_handle_packet(h, buf, rv); } nfq_destroy_queue(qh); nfq_close(h); }
/** * \brief NFQ function to get a packet from the kernel * * \note separate functions for Linux and Win32 for readability. */ static void NFQRecvPkt(NFQQueueVars *t, NFQThreadVars *tv) { int rv, ret; int flag = NFQVerdictCacheLen(t) ? MSG_DONTWAIT : 0; /* XXX what happens on rv == 0? */ rv = recv(t->fd, tv->data, tv->datalen, flag); if (rv < 0) { if (errno == EINTR || errno == EWOULDBLOCK) { /* no error on timeout */ if (flag) NFQVerdictCacheFlush(t); /* inject a fake packet on timeout */ TmThreadsCaptureInjectPacket(tv->tv, tv->slot, NULL); } else { #ifdef COUNTERS NFQMutexLock(t); t->errs++; NFQMutexUnlock(t); #endif /* COUNTERS */ } } else if(rv == 0) { SCLogWarning(SC_ERR_NFQ_RECV, "recv got returncode 0"); } else { #ifdef DBG_PERF if (rv > t->dbg_maxreadsize) t->dbg_maxreadsize = rv; #endif /* DBG_PERF */ //printf("NFQRecvPkt: t %p, rv = %" PRId32 "\n", t, rv); NFQMutexLock(t); if (t->qh != NULL) { ret = nfq_handle_packet(t->h, tv->data, rv); } else { SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "NFQ handle has been destroyed"); ret = -1; } NFQMutexUnlock(t); if (ret != 0) { SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "nfq_handle_packet error %"PRId32" %s", ret, strerror(errno)); } } }
int main(int argc, char **argv) { int fd, rv; char buf[BUFSIZE]; strcpy(listtype, argv[1]); if (get_url_info()) { printf("error during get_url_info()\n"); return 0; } memset(buf, 0, sizeof(buf)); /* open a netlink connection to get packet from kernel */ fd = netlink_open_connection(NULL); while (1) { rv = recv(fd, buf, sizeof(buf), 0); if ( rv >= 0) { #ifdef UFD_DEBUG printf("pkt received\n"); #endif nfq_handle_packet(h, buf, rv); memset(buf, 0, sizeof(buf)); } else { nfq_close(h); #ifdef UFD_DEBUG printf("nfq close done\n"); #endif fd = netlink_open_connection(NULL); #ifdef UFD_DEBUG printf("need to rebind to netfilter queue 0\n"); #endif } } #ifdef UFD_DEBUG printf("unbinding from queue 0\n"); #endif nfq_destroy_queue(qh); nfq_close(h); return 0; }
int _process_loop(struct queue *self, int fd, int flags, int max_count) { int rv; char buf[65535]; int count; count = 0; while ((rv = recv(fd, buf, sizeof(buf), flags)) >= 0) { nfq_handle_packet(self->_h, buf, rv); count++; if (max_count > 0 && count >= max_count) { break; } } return count; }
void divert_next_packet(int s) { char buf[2048]; int rc; rc = read(s, buf, sizeof(buf)); if (rc == -1) { if (errno == ENOBUFS) { printf("F**K - we're dropping packets\n"); return; } err(1, "read(divert) %d", errno); } if (rc == 0) errx(1, "EOF"); nfq_handle_packet(_h, buf, rc); }
int main(int argc, char** argv) { struct nfq_handle* nfq_h; struct nfq_q_handle* qh; int fd, rv; nfq_h = setup_netfilter_queue(); if(!nfq_h) return -1; qh = create_q_handle(nfq_h, &log_packet, NULL); if(!qh) return -1; fd = nfq_fd(nfq_h); while((rv = recv(fd, nfq_buffer, sizeof(nfq_buffer), 0))) { nfq_handle_packet(nfq_h, (char*)nfq_buffer, rv); } return 0; }
void *read_queue_loop(void *arg) { q_data_t *data = (q_data_t *)arg; int rv, fd; char buf[4096] __attribute__ ((aligned)); data->pid = syscall(SYS_gettid); fd = nfq_fd(data->h); syslog(LOG_NOTICE, "Packet read thread started, queue: %d, TID: %d...\n\r", data->q_num, data->pid); while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) { pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL); nfq_handle_packet(data->h, buf, rv); pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL); } pthread_exit(NULL); }
void NFQRecvPkt(NFQQueueVars *t, NFQThreadVars *tv) { int rv, ret; /* XXX what happens on rv == 0? */ rv = recv(t->fd, tv->data, tv->datalen, 0); if (rv < 0) { if (errno == EINTR || errno == EWOULDBLOCK) { /* no error on timeout */ } else { #ifdef COUNTERS NFQMutexLock(t); t->errs++; NFQMutexUnlock(t); #endif /* COUNTERS */ } } else if(rv == 0) { SCLogWarning(SC_ERR_NFQ_RECV, "recv got returncode 0"); } else { #ifdef DBG_PERF if (rv > t->dbg_maxreadsize) t->dbg_maxreadsize = rv; #endif /* DBG_PERF */ //printf("NFQRecvPkt: t %p, rv = %" PRId32 "\n", t, rv); NFQMutexLock(t); if (t->qh != NULL) { ret = nfq_handle_packet(t->h, tv->data, rv); } else { SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "NFQ handle has been destroyed"); ret = -1; } NFQMutexUnlock(t); if (ret != 0) { SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "nfq_handle_packet error %" PRId32 "", ret); } } }
/* no error on timeout */ } else { #ifdef COUNTERS NFQMutexLock(t); t->errs++; NFQMutexUnlock(t); #endif /* COUNTERS */ } } else if(rv == 0) { SCLogWarning(SC_ERR_NFQ_RECV, "recv got returncode 0"); } else { #ifdef DBG_PERF if (rv > t->dbg_maxreadsize) t->dbg_maxreadsize = rv; #endif /* DBG_PERF */ //printf("NFQRecvPkt: t %p, rv = %" PRId32 "\n", t, rv); NFQMutexLock(t); if (t->qh != NULL) { ret = nfq_handle_packet(t->h, tv->data, rv); } else { SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "NFQ handle has been destroyed"); ret = -1; } NFQMutexUnlock(t); if (ret != 0) { SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "nfq_handle_packet error %" PRId32 "", ret); } } } #else /* WIN32 version of NFQRecvPkt */ void NFQRecvPkt(NFQQueueVars *t, NFQThreadVars *tv) { int rv, ret; static int timeouted = 0; if (timeouted) { if (WaitForSingleObject(t->ovr.hEvent, 1000) == WAIT_TIMEOUT) { rv = -1; errno = EINTR; goto process_rv; } timeouted = 0; } read_packet_again: if (!ReadFile(t->fd, tv->buf, sizeof(tv->buf), (DWORD*)&rv, &t->ovr)) { if (GetLastError() != ERROR_IO_PENDING) { rv = -1; errno = EIO; } else { if (WaitForSingleObject(t->ovr.hEvent, 1000) == WAIT_TIMEOUT) { rv = -1; errno = EINTR; timeouted = 1; } else { /* We needn't to call GetOverlappedResult() because it always * fail with our error code ERROR_MORE_DATA. */ goto read_packet_again; } } } process_rv: if (rv < 0) { if (errno == EINTR) { /* no error on timeout */ } else { #ifdef COUNTERS t->errs++; #endif /* COUNTERS */ } } else if(rv == 0) { SCLogWarning(SC_ERR_NFQ_RECV, "recv got returncode 0"); } else { #ifdef DBG_PERF if (rv > t->dbg_maxreadsize) t->dbg_maxreadsize = rv; #endif /* DBG_PERF */ //printf("NFQRecvPkt: t %p, rv = %" PRId32 "\n", t, rv); NFQMutexLock(t); if (t->qh) { ret = nfq_handle_packet(t->h, buf, rv); } else { SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "NFQ handle has been destroyed"); ret = -1; } NFQMutexUnlock(t); if (ret != 0) { SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "nfq_handle_packet error %" PRId32 "", ret); } } }
/* The nfq capture routine. */ int nfq_capture(fko_srv_options_t *opts) { int res, child_pid, fd_flags; int nfq_errcnt = 0; int pending_break = 0; int status; char nfq_buf[1500]; int chk_rm_all = 0; /* Netfilter-related handles */ int nfq_fd; struct nfq_handle *nfq_h; struct nfq_q_handle *nfq_qh; struct nfnl_handle *nfq_nh; nfq_h = nfq_open(); if (!nfq_h) { log_msg(LOG_ERR, "[*] nfq_open error\n"); clean_exit(opts, FW_CLEANUP, EXIT_FAILURE); } /* Unbind existing nf_queue handler for AF_INET (if any) */ res = nfq_unbind_pf(nfq_h, AF_INET); if (res < 0) { log_msg(LOG_WARNING, "[*] Error during nfq_unbind_pf() error: %d\n", res); } /* Bind the given queue connection handle to process packets. */ res = nfq_bind_pf(nfq_h, AF_INET); if ( res < 0) { log_msg(LOG_ERR, "Error during nfq_bind_pf(), error: %d\n", res); clean_exit(opts, FW_CLEANUP, EXIT_FAILURE); } /* Create queue */ nfq_qh = nfq_create_queue(nfq_h, atoi(opts->config[CONF_NFQ_QUEUE_NUMBER]), &process_nfq_packet, opts); if (!nfq_qh) { log_msg(LOG_ERR, "Error during nfq_create_queue()\n"); clean_exit(opts, FW_CLEANUP, EXIT_FAILURE); } /* Set the amount of data to be copied to userspace for each packet * queued to the given queue. */ if (nfq_set_mode(nfq_qh, NFQNL_COPY_PACKET, 0xffff) < 0) { log_msg(LOG_ERR, "Can't set packet_copy mode\n"); clean_exit(opts, FW_CLEANUP, EXIT_FAILURE); } /* Get the netlink handle associated with the given queue connection * handle. Then use it to get the file descriptor we will use for * receiving the queued packets */ nfq_nh = nfq_nfnlh(nfq_h); nfq_fd = nfnl_fd(nfq_nh); /* Set our nfq handle nonblocking mode. * */ if((fd_flags = fcntl(nfq_fd, F_GETFL, 0)) < 0) { log_msg(LOG_ERR, "nfq_capture: fcntl F_GETFL error: %s", strerror(errno)); clean_exit(opts, FW_CLEANUP, EXIT_FAILURE); } fd_flags |= O_NONBLOCK; if(fcntl(nfq_fd, F_SETFL, fd_flags) < 0) { log_msg(LOG_ERR, "nfq_capture: fcntl F_SETFL error setting O_NONBLOCK: %s", strerror(errno)); exit(EXIT_FAILURE); } /* Initialize our signal handlers. You can check the return value for * the number of signals that were *not* set. Those that were not set * will be listed in the log/stderr output. */ if(set_sig_handlers() > 0) log_msg(LOG_ERR, "Errors encountered when setting signal handlers."); log_msg(LOG_INFO, "Starting fwknopd main event loop."); /* Jump into our home-grown packet cature loop. */ while(1) { /* If we got a SIGCHLD and it was the tcp server, then handle it here. ** XXX: --DSS Do we need this here? I'm guessing we would not be using ** the TCP server in NF_QUEUE capture mode. */ if(got_sigchld) { if(opts->tcp_server_pid > 0) { child_pid = waitpid(0, &status, WNOHANG); if(child_pid == opts->tcp_server_pid) { if(WIFSIGNALED(status)) log_msg(LOG_WARNING, "TCP server got signal: %i", WTERMSIG(status)); log_msg(LOG_WARNING, "TCP server exited with status of %i. Attempting restart.", WEXITSTATUS(status) ); opts->tcp_server_pid = 0; /* Attempt to restart tcp server ? */ usleep(1000000); run_tcp_server(opts); } } got_sigchld = 0; } /* Any signal except USR1, USR2, and SIGCHLD mean break the loop. */ if(got_signal != 0) { if(got_sigint || got_sigterm || got_sighup) { pending_break = 1; } else if(got_sigusr1 || got_sigusr2) { /* Not doing anything with these yet. */ got_sigusr1 = got_sigusr2 = 0; got_signal = 0; } else got_signal = 0; } res = recv(nfq_fd, nfq_buf, sizeof(nfq_buf), 0); /* Count processed packets */ if(res > 0) { nfq_handle_packet(nfq_h, nfq_buf, res); /* Count the set of processed packets (nfq_dispatch() return * value) - we use this as a comparison for --packet-limit regardless * of SPA packet validity at this point. */ opts->packet_ctr += res; if (opts->packet_ctr_limit && opts->packet_ctr >= opts->packet_ctr_limit) { log_msg(LOG_WARNING, "* Incoming packet count limit of %i reached", opts->packet_ctr_limit ); pending_break = 1; } } /* If there was an error, complain and go on (to an extent before * giving up). */ else if(res < 0 && errno != EAGAIN) { log_msg(LOG_ERR, "[*] Error reading from nfq descriptor: %s", strerror); if(nfq_errcnt++ > MAX_NFQ_ERRORS_BEFORE_BAIL) { log_msg(LOG_ERR, "[*] %i consecutive nfq errors. Giving up", nfq_errcnt ); clean_exit(opts, FW_CLEANUP, EXIT_FAILURE); } } else if(pending_break == 1 || res == -2) { log_msg(LOG_INFO, "Gracefully leaving the fwknopd event loop."); break; } else nfq_errcnt = 0; /* Check for any expired firewall rules and deal with them. */ check_firewall_rules(opts, chk_rm_all); usleep(atoi(opts->config[CONF_NFQ_LOOP_SLEEP])); } nfq_destroy_queue(nfq_qh); nfq_close(nfq_h); return(0); }
int main(int argc, char **argv) { struct nfq_handle *h; struct nfq_q_handle *qh; struct nfnl_handle *nh; int fd; int rv; char buf[4096]; printf("opening library handle\n"); h = nfq_open(); if (!h) { fprintf(stderr, "error during nfq_open()\n"); exit(1); } printf("unbinding existing nf_queue handler for AF_INET (if any)\n"); if (nfq_unbind_pf(h, AF_INET) < 0) { fprintf(stderr, "error during nfq_unbind_pf()\n"); exit(1); } printf("binding nfnetlink_queue as nf_queue handler for AF_INET\n"); if (nfq_bind_pf(h, AF_INET) < 0) { fprintf(stderr, "error during nfq_bind_pf()\n"); exit(1); } printf("binding this socket to queue '0'\n"); qh = nfq_create_queue(h, 0, &cb, NULL); if (!qh) { fprintf(stderr, "error during nfq_create_queue()\n"); exit(1); } printf("setting copy_packet mode\n"); if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) { fprintf(stderr, "can't set packet_copy mode\n"); exit(1); } nh = nfq_nfnlh(h); fd = nfnl_fd(nh); while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) { printf("pkt received\n"); nfq_handle_packet(h, buf, rv); } printf("unbinding from queue 0\n"); nfq_destroy_queue(qh); #ifdef INSANE /* normally, applications SHOULD NOT issue this command, since * it detaches other programs/sockets from AF_INET, too ! */ printf("unbinding from AF_INET\n"); nfq_unbind_pf(h, AF_INET); #endif printf("closing library handle\n"); nfq_close(h); exit(0); }
int main(int argc, char **argv) { struct nfq_handle *nfqHandle; struct nfq_q_handle *myQueue; struct nfnl_handle *netlinkHandle; int fd, res; char buf[BUFF_SIZE]; if (argc!=4) { fprintf(stderr,"Error in number of arguments\n"); exit(-1); } // get the public IP address. And the public IP address is host byte order. publicIP = inet_network(argv[1]); if (publicIP == 0) { fprintf(stderr,"Error in public IP\n"); exit(-1); } fprintf(stdout,"publicIP: %u\n",publicIP); // get the subnet IP address. And the subnet IP address is host byte order. internalIP = inet_network(argv[2]); if (internalIP == 0) { fprintf(stderr,"Error in internal IP\n"); exit(-1); } fprintf(stdout,"internalIP: %u\n",internalIP); mask = mask << (32-atoi(argv[3])); subnetIP = internalIP & mask; fprintf(stdout,"subnetIP: %u\n",subnetIP); initUdp( &udpHead ); initTcp( &tcpHead ); if ( !(nfqHandle = nfq_open())) { fprintf(stderr, "Error in nfq_open()\n"); exit(-1); } if ( nfq_unbind_pf(nfqHandle, AF_INET) < 0 ) { fprintf(stderr, "Error in nfq_unbind_pf()\n"); exit(-1); } if ( nfq_bind_pf(nfqHandle, AF_INET) < 0) { fprintf(stderr, "Error in nfq_bind_pf()\n"); exit(-1); } if ( !(myQueue = nfq_create_queue(nfqHandle, 0, &Callback123, NULL)) ) { fprintf(stderr, "Error in nfq_create_queue()\n"); exit(1); } if ( nfq_set_mode(myQueue, NFQNL_COPY_PACKET, 0xffff) <0 ) { fprintf(stderr, "Could not set packet copy mode\n"); exit(1); } netlinkHandle = nfq_nfnlh(nfqHandle); fd = nfnl_fd(netlinkHandle); fprintf(stdout,"ready to receive packets\n"); //Start to process the packet we receive. while ( (res = recv(fd, buf , sizeof(buf), 0)) && res>=0 ) { printf("\n\n\n*******NEW ONE*******\n"); fprintf(stdout,"in the loop\n"); nfq_handle_packet(nfqHandle, buf , res); } //End the process nfq_destroy_queue(myQueue); nfq_close(nfqHandle); return 0; }
int main(int argc, char **argv) { struct nfq_handle *h; struct nfq_q_handle *qh; int fd; int rv; char buf[4096] __attribute__ ((aligned)); printf("Obteniendo el handle de la libreria: "); h = nfq_open(); if (!h) { fprintf(stderr, "Ha fallado\n"); exit(1); } else printf(" OK !\n"); printf("Haciendo unbind (por si existe alguno de AF_INET): "); if (nfq_unbind_pf(h, AF_INET) < 0) { fprintf(stderr, "error nfq_unbind_pf()\n"); exit(1); } else printf(" OK!\n"); printf("Vinculando nfnetlink_queue de tipo nf_queue handler para AF_INET:"); if (nfq_bind_pf(h, AF_INET) < 0) { fprintf(stderr, "error nfq_bind_pf()\n"); exit(1); } else printf(" OK!\n"); printf("Creando la vinculacion de la funcion callback con Queue 0, socket receptor: "); qh = nfq_create_queue(h, 0, &cb, NULL); if (!qh) { fprintf(stderr, "error during nfq_create_queue()\n"); exit(1); } else printf(" OK !\n"); printf("Definiendo que cantidad de paquete queremos recibir (no queremos todo para estas pruebas): "); if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) { fprintf(stderr, "FALLO el COPY_META mode\n"); exit(1); } else printf("OK\n"); fd = nfq_fd(h); printf("Realizando conexión a memcache: "); memc= memcached_create(NULL); servers= memcached_server_list_append(servers, "localhost", 11211, &rc); rc= memcached_server_push(memc, servers); if (rc == MEMCACHED_SUCCESS) printf(" OK ! \n"); else { printf("error conectando a memcache: %s\n",memcached_strerror(memc, rc)); exit(0); } printf("Realizando INIT de MySQL: "); con = mysql_init(NULL); if (con == NULL) { printf(" FAIL\n"); exit(1); } else printf("OK\n"); printf("Realizando Conexion a MYQSL: "); if (mysql_real_connect(con, "localhost", "root", "FIXMEPASSWORD", "nfqueue", 0, NULL, 0) == NULL) { printf(" FAILED\n"); exit(1); } else printf(" OKI\n"); printf("Todo Listo !\n Entrando en bucle principal de recepcion ..\n"); while ((rv = recv(fd, buf, sizeof(buf), 0))) { // Si todo ha ido bien, gestionamos el paquete: if (rv>=0) nfq_handle_packet(h, buf, rv); // es posible que tengamos packet loss porque // nuestro codigo es lento y se llena la queue: else if ( errno == ENOBUFS) { fflush(stdout); printf("!"); } // O "simplemente", que algo haya ido mal: else { printf("ERROR \n"); fflush(stdout); break; } } // Teoricamente, nunca llegaremos aqui, pero si llegamos // Habra que liberar bien y tal: printf("unbinding de queue 0\n"); nfq_destroy_queue(qh); printf("cerrando library handle\n"); nfq_close(h); exit(0); }