int main(int argc, char **argv)
{
int fd, rv;
char buf[BUFSIZE];
strcpy(listtype, argv[1]);
if (get_url_info())
{
printf("error during get_url_info()\n");
return 0;
}
memset(buf, 0, sizeof(buf));
/* open a netlink connection to get packet from kernel */
fd = netlink_open_connection(NULL);
while (1)
{
rv = recv(fd, buf, sizeof(buf), 0);
if ( rv >= 0)
{
#ifdef UFD_DEBUG
printf("pkt received\n");
#endif
nfq_handle_packet(h, buf, rv);
memset(buf, 0, sizeof(buf));
}
else
{
nfq_close(h);
#ifdef UFD_DEBUG
printf("nfq close done\n");
#endif
fd = netlink_open_connection(NULL);
#ifdef UFD_DEBUG
printf("need to rebind to netfilter queue 0\n");
#endif
}
}
#ifdef UFD_DEBUG
printf("unbinding from queue 0\n");
#endif
nfq_destroy_queue(qh);
nfq_close(h);
return 0;
}
int main(int argc, char **argv)
{
struct nfq_handle *h;
struct nfq_q_handle *qh;
struct nfnl_handle *nh;
int fd;
int rv;
char buf[4096] __attribute__ ((aligned));
printf("Simple latency simulator\n");
printf("(C) 2009, 2010 by Holger Freyther\n");
printf("(C) 2005 by Harald Welte\n");
handle_options(argc, argv);
h = nfq_open();
if (!h) {
fprintf(stderr, "error during nfq_open()\n");
exit(1);
}
printf("unbinding existing nf_queue handler for AF_INET (if any)\n");
if (nfq_unbind_pf(h, AF_INET) < 0) {
fprintf(stderr, "error during nfq_unbind_pf()\n");
exit(1);
}
printf("binding nfnetlink_queue as nf_queue handler for AF_INET\n");
if (nfq_bind_pf(h, AF_INET) < 0) {
fprintf(stderr, "error during nfq_bind_pf()\n");
exit(1);
}
printf("binding this socket to queue '0'\n");
qh = nfq_create_queue(h, 0, &cb, NULL);
if (!qh) {
fprintf(stderr, "error during nfq_create_queue()\n");
exit(1);
}
printf("setting copy_packet mode\n");
if (nfq_set_mode(qh, NFQNL_COPY_META, 0xffff) < 0) {
fprintf(stderr, "can't set packet_copy mode\n");
exit(1);
}
fd = nfq_fd(h);
while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
nfq_handle_packet(h, buf, rv);
}
printf("unbinding from queue 0\n");
nfq_destroy_queue(qh);
printf("closing library handle\n");
nfq_close(h);
exit(0);
}
static void nfq_daq_shutdown (void* handle)
{
NfqImpl *impl = (NfqImpl*)handle;
impl->state = DAQ_STATE_UNINITIALIZED;
if (impl->nf_queue)
nfq_destroy_queue(impl->nf_queue);
// note that we don't unbind here because
// we will unbind other programs too
if(impl->nf_handle)
nfq_close(impl->nf_handle);
if ( impl->link )
eth_close(impl->link);
if ( impl->net )
ip_close(impl->net);
if ( impl->filter )
free(impl->filter);
if ( impl->buf )
free(impl->buf);
free(impl);
}
static struct nfq_handle* setup_netfilter_queue()
{
struct nfq_handle* nfq_h = NULL;
if(UNLIKELY(NULL == (nfq_h = nfq_open())))
{
fprintf(stderr,"Error: unable to initialize netfilter queue\n");
goto error;
}
if(UNLIKELY(0 > nfq_unbind_pf(nfq_h,AF_INET)))
{
fprintf(stderr,"Error: unable to unbind netfilter handle\n");
goto error;
}
if(UNLIKELY(0 > nfq_bind_pf(nfq_h,AF_INET)))
{
fprintf(stderr,"Error: unable to bind netfilter handle\n");
goto error;
}
return nfq_h;
error:
if(nfq_h) nfq_close(nfq_h);
return NULL;
}
void garbage_collect() {
struct udps_config_t *conf;
struct usock_t *usock;
struct queues_t *queue;
void *tmp;
/* free all allocated memory */
conf = default_config;
while (conf) {
tmp = (void *)conf;
conf = conf->next;
}
usock = default_usock;
while (usock) {
close(usock->sk);
tmp = (void *)usock;
remove_connections(usock, NULL);
usock = usock->next;
free(tmp);
}
queue = queues;
while (queue) {
//nfq_destroy_queue(queue->qh);
nfq_close(queue->nfqh);
//queue = queue->next;
tmp = (void *)queue;
queue = queue->next;
free(tmp);
}
}
void queue_close(struct queue *self)
{
nfq_close(self->_h);
self->_qh = NULL;
self->_h = NULL;
self->_cb = NULL;
}
int main(int argc, char **argv) {
int rv;
char buf[4096] __attribute__ ((aligned));
q_setup();
while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
printf("pkt received\n");
nfq_handle_packet(h, buf, rv);
}
printf("unbinding from queue 0\n");
nfq_destroy_queue(qh);
#ifdef INSANE
/* normally, applications SHOULD NOT issue this command, since
* it detaches other programs/sockets from AF_INET, too ! */
printf("unbinding from AF_INET\n");
nfq_unbind_pf(h, AF_INET);
#endif
printf("closing library handle\n");
nfq_close(h);
exit(0);
}
/* clear resources for interception */
void
interception_over()
{
#if (INTERCEPT_NFQUEUE)
if (srv_settings.nfq_q_handler != NULL) {
tc_log_info(LOG_NOTICE, 0, "unbinding from queue");
nfq_destroy_queue(srv_settings.nfq_q_handler);
srv_settings.nfq_q_handler = NULL;
}
if (srv_settings.nfq_handler != NULL) {
tc_log_info(LOG_NOTICE, 0, "closing nfq library handle");
nfq_close(srv_settings.nfq_handler);
srv_settings.nfq_handler = NULL;
}
#endif
#if (INTERCEPT_COMBINED)
release_combined_resouces();
#endif
#if (!TCPCOPY_SINGLE)
router_destroy();
delay_table_destroy();
#endif
}
response_t destroy_queue(int q_num, q_data_t **q_data, thread_data_t *data) {
int cq_idx;
response_t r;
syslog(LOG_NOTICE,"[%d] q_num: %d\n\r", data->idx, q_num);
if((cq_idx = get_queue_idx(q_num, q_data)) >= 0) {
if(q_data[cq_idx]->pid > 0)
pthread_cancel(q_data[cq_idx]->thread);
nfq_destroy_queue(q_data[cq_idx]->qh);
nfq_unbind_pf(q_data[cq_idx]->h, AF_INET);
nfq_close(q_data[cq_idx]->h);
q_data[cq_idx]->pid = 0;
q_data[cq_idx]->q_num = -1;
q_data[cq_idx]->qh = NULL;
q_data[cq_idx]->h = NULL;
r.cs = erl_mk_atom("ok");
r.rsp = erl_mk_atom("ok");
} else {
r.cs = erl_mk_atom("error");
r.rsp = erl_mk_estring("no such queue", strlen("no such queue"));
}
return r;
}
void divert_close(void)
{
if (_q)
nfq_destroy_queue(_q);
if (_h)
nfq_close(_h);
}
int main(int argc, char **argv)
{
struct nfq_handle *qh;
struct nfq_q_handle *qqh;
// struct nfnl_handle *nh;
int fd;
int rv;
char buf[4096] __attribute__ ((aligned));
struct nfct_handle *cth;
if (init_nfct(&cth) != 0) {
exit(1);
}
if (init_nfq(&qh, &qqh, cth) != 0) {
exit(1);
}
fd = nfq_fd(qh);
for (;;) {
if ((rv = recv(fd, buf, sizeof(buf), 0)) >= 0) {
printf("pkt received\n");
nfq_handle_packet(qh, buf, rv);
continue;
}
/* if your application is too slow to digest the packets that
* are sent from kernel-space, the socket buffer that we use
* to enqueue packets may fill up returning ENOBUFS. Depending
* on your application, this error may be ignored. Please, see
* the doxygen documentation of this library on how to improve
* this situation.
*/
if (rv < 0 && errno == ENOBUFS) {
printf("losing packets!\n");
continue;
}
perror("recv failed");
break;
}
printf("unbinding from queue 0\n");
nfq_destroy_queue(qqh);
#ifdef INSANE
/* normally, applications SHOULD NOT issue this command, since
* it detaches other programs/sockets from AF_INET, too ! */
printf("unbinding from AF_INET\n");
nfq_unbind_pf(h, AF_INET);
#endif
printf("closing library handle\n");
nfq_close(qh);
nfct_close(cth);
exit(0);
}
int nfq()
{
int len, fd;
char buf[BUFSIZE]= {0};
struct nfq_handle *h;
//call nfq_open() to open a NFQUEUE handler
h = nfq_open();
if(!h)
{
fprintf(stderr, "error during nfq_open()\n");
exit(1);
}
//unbinging existing nf_queue handler for PE_INET(if any)
if(nfq_unbind_pf(h, PF_INET) < 0)
{
fprintf(stderr, "error during nfq_unbind_pf()\n");
exit(1);
}
//binding nfnetlink_queue as nf_queue handler for PF_INET
if(nfq_bind_pf(h, PF_INET) < 0)
{
fprintf(stderr, "error during nfq_bind_pf()\n");
exit(1);
}
//binding this socket to queue '0'
gqh = nfq_create_queue(h, 0, &queue_cb, NULL);
if(!gqh)
{
fprintf(stderr,"error during nfq_create_queue()\n");
exit(1);
}
//setting copy_packet mode
if(nfq_set_mode(gqh, NFQNL_COPY_PACKET, 0xffff) < 0)
{
fprintf(stderr, "can't set packet_copy_mode\n");
exit(1);
}
//get the file descriptor associated with the nfqueue handler
fd = nfq_fd(h);
//handle a packet received from the nfqueue subsystem
CONTINUE:
while ((len = recv(fd, buf, BUFSIZE, 0)) && len >= 0)
{
nfq_handle_packet(h, buf, len);
}
debug_log("error len=%d" ,len);
sleep(2);
goto CONTINUE;
nfq_destroy_queue(gqh);
nfq_close(h);
return 0;
}
/* Basic signal handler: closes nfq hooks on exit */
static void sig_handler(int signum) {
printf("\nIPD caught signal ...\n\n");
nfq_destroy_queue(qh);
nfq_close(nfqh);
exit(OK);
}
void* routeRecordMain(void* arg){
randomValue = createLongRandomValue();
char* gatewayIP = getIPAddress(INTERFACE);
gatewayAddr = getInAddr(gatewayIP);
initializeRRFilterList();
struct nfq_handle* h = nfq_open();
if (!h) {
fprintf(stderr, "error during nfq_open()\n");
exit(1);
}
printf("unbinding existing nf_queue handler for AF_INET (if any)\n");
if (nfq_unbind_pf(h, AF_INET) < 0) {
fprintf(stderr, "error during nfq_unbind_pf()\n");
exit(1);
}
printf("binding nfnetlink_queue as nf_queue handler for AF_INET\n");
if (nfq_bind_pf(h, AF_INET) < 0) {
fprintf(stderr, "error during nfq_bind_pf()\n");
exit(1);
}
//nfq_callback* cb = (nfq_callback*) calloc(1, sizeof(nfq_callback));
printf("binding this socket to queue '0'\n");
struct nfq_q_handle* qh = nfq_create_queue(h, 0, &cb, NULL);
if (!qh) {
fprintf(stderr, "error during nfq_create_queue()\n");
exit(1);
}
printf("setting copy_packet mode\n");
if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
fprintf(stderr, "can't set packet_copy mode\n");
exit(1);
}
int fd = nfq_fd(h);
int rv = -1;
char* buf = (char*) calloc(1, 100001);
while ((rv = recv(fd, buf, 10000, 0)) >= 0) {
printf("pkt received\n received: [%d]\n\n", rv);
nfq_handle_packet(h, buf, rv);
}
printf("unbinding from queue 0\n");
nfq_destroy_queue(qh);
printf("closing library handle\n");
nfq_close(h);
pthread_exit(NULL);
}
void packetsrv_close(int smart)
{
log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_SERIOUS_MESSAGE,
"Destroy netfilter queue socket");
if (smart)
nfq_destroy_queue(hndl);
nfq_close(h);
/* packet id will be reset after restart, we discard
waiting packets */
clear_packet_list();
}
int main(int argc, char** argv) {
int fd;
ssize_t rv;
char buf[4096];
struct nfq_handle* h;
struct nfq_q_handle* qh;
int i=0;
h = nfq_open();
if (!h) {
fprintf(stderr, "error during nfq_open()\n");
exit(1);
}
if (nfq_unbind_pf(h, AF_INET) < 0) {
fprintf(stderr, "error during nfq_unbind_pf()\n");
exit(1);
}
if (nfq_bind_pf(h, AF_INET) < 0) {
fprintf(stderr, "error during nfq_bind_pf()\n");
exit(1);
}
printf("Binding to queue 0...\n");
qh = nfq_create_queue(h, 0, &cb, NULL);
if (!qh) {
fprintf(stderr, "error during nfq_create_queue()\n");
exit(1);
}
printf("Copying packets...\n");
if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
fprintf(stderr, "error during nfq_set_mode()\n");
exit(1);
}
fd = nfq_fd(h);
memset(buf, 0, 4096);
while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0)
{
for (i = 0; i < rv; i++) printf("%02x\n", *(buf+i));
printf("\n\n");
nfq_handle_packet(h, buf, rv);
}
nfq_destroy_queue(qh);
nfq_close(h);
}
static void cleanup_state(struct packet_module_state *state)
{
if (state->queue)
nfq_destroy_queue(state->queue);
if (state->handle)
nfq_close(state->handle);
state->queue = NULL;
state->handle = NULL;
close(state->send_fd);
close(state->send_mark_fd);
free(state);
}
/* ---------------------------------------------------------------------------- */
void fwnfq_destroy(void)
{
g_message("Unbinding from queue 0");
nfq_destroy_queue(qh);
#ifdef INSANE
/* normally, applications SHOULD NOT issue this command, since
* it detaches other programs/sockets from AF_INET, too ! */
g_message("Unbinding from AF_INET");
nfq_unbind_pf(h, AF_INET);
#endif
g_message("Closing library handle");
nfq_close(h);
}
static void NFQDestroyQueue(NFQQueueVars *nq)
{
if (unlikely(nq == NULL)) {
return;
}
SCLogDebug("starting... will close queuenum %" PRIu32 "", nq->queue_num);
NFQMutexLock(nq);
if (nq->qh != NULL) {
nfq_destroy_queue(nq->qh);
nq->qh = NULL;
nfq_close(nq->h);
nq->h = NULL;
}
NFQMutexUnlock(nq);
}
/* clear resources for interception */
void
interception_over()
{
#if (INTERCEPT_NFQUEUE)
if (srv_settings.nfq_q_handler != NULL) {
tc_log_info(LOG_NOTICE, 0, "unbinding from queue");
nfq_destroy_queue(srv_settings.nfq_q_handler);
srv_settings.nfq_q_handler = NULL;
}
if (srv_settings.nfq_handler != NULL) {
tc_log_info(LOG_NOTICE, 0, "closing nfq library handle");
nfq_close(srv_settings.nfq_handler);
srv_settings.nfq_handler = NULL;
}
#endif
router_destroy();
}
int teardown_nfq()
{
log_debug("unbinding from queue %d", NF_QUEUE_NUM);
if (nfq_destroy_queue(g_nfq_qh) != 0) {
log_error("error during nfq_destroy_queue()");
return -1;
}
#ifdef INSANE
// normally, applications SHOULD NOT issue this command, since
// it detaches other programs/sockets from AF_INET, too ! */
log_debug("unbinding from AF_INET");
nfq_unbind_pf(g_nfq_h, AF_INET);
#endif
log_debug("closing library handle");
if (nfq_close(g_nfq_h) != 0) {
log_error("error during nfq_close()");
return -1;
}
return 0;
}
/*-
- nfq.loop(cb, copy)
cb - a function called for every queued packet, it returns
"accept" or "drop" meaning to do that to the packet. For
no return value, the default is "accept". If it returns a second
argument, it must be a string, and replaces the current
packet.
copy - "none", "meta", "packet", default to "packet"
*/
static int loop(lua_State *L)
{
static const char* copy_opt[] = {
"none", "meta", "packet", NULL
};
static int copy_val[] = {
NFQNL_COPY_NONE, NFQNL_COPY_META, NFQNL_COPY_PACKET
};
int copy = copy_val[luaL_checkoption(L, 2, "packet", copy_opt)];
int af = AF_INET; /* Could be an argument, if we ever did non-INET. */
struct nfq_handle *h = NULL;
struct nfq_q_handle *qh = NULL;
int fd = -1;
int nreturn = 0;
char buf[4096] __attribute__ ((aligned));
ssize_t recvsz;
h = nfq_open();
if(!h)
goto err;
if (nfq_unbind_pf(h, af) < 0)
goto err;
if (nfq_bind_pf(h, af) < 0)
goto err;
qh = nfq_create_queue(h, 0, &cb, L);
if(!qh)
goto err;
if (nfq_set_mode(qh, copy, 0xffff /* larger than an ethernet frame */) < 0)
goto err;
fd = nfq_fd(h);
while ((recvsz = recv(fd, buf, sizeof(buf), 0)) >= 0) {
nfq_handle_packet(h, buf, recvsz);
}
if(recvsz < 0)
goto err;
goto cleanup;
err:
lua_pushnil(L);
lua_pushstring(L, strerror(errno));
nreturn = 2;
cleanup:
if(qh)
nfq_destroy_queue(qh);
if(h)
nfq_close(h);
return nreturn;
}
/* The nfq capture routine.
*/
int
nfq_capture(fko_srv_options_t *opts)
{
int res, child_pid, fd_flags;
int nfq_errcnt = 0;
int pending_break = 0;
int status;
char nfq_buf[1500];
int chk_rm_all = 0;
/* Netfilter-related handles
*/
int nfq_fd;
struct nfq_handle *nfq_h;
struct nfq_q_handle *nfq_qh;
struct nfnl_handle *nfq_nh;
nfq_h = nfq_open();
if (!nfq_h) {
log_msg(LOG_ERR, "[*] nfq_open error\n");
clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
}
/* Unbind existing nf_queue handler for AF_INET (if any)
*/
res = nfq_unbind_pf(nfq_h, AF_INET);
if (res < 0) {
log_msg(LOG_WARNING, "[*] Error during nfq_unbind_pf() error: %d\n", res);
}
/* Bind the given queue connection handle to process packets.
*/
res = nfq_bind_pf(nfq_h, AF_INET);
if ( res < 0) {
log_msg(LOG_ERR, "Error during nfq_bind_pf(), error: %d\n", res);
clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
}
/* Create queue
*/
nfq_qh = nfq_create_queue(nfq_h, atoi(opts->config[CONF_NFQ_QUEUE_NUMBER]), &process_nfq_packet, opts);
if (!nfq_qh) {
log_msg(LOG_ERR, "Error during nfq_create_queue()\n");
clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
}
/* Set the amount of data to be copied to userspace for each packet
* queued to the given queue.
*/
if (nfq_set_mode(nfq_qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
log_msg(LOG_ERR, "Can't set packet_copy mode\n");
clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
}
/* Get the netlink handle associated with the given queue connection
* handle. Then use it to get the file descriptor we will use for
* receiving the queued packets
*/
nfq_nh = nfq_nfnlh(nfq_h);
nfq_fd = nfnl_fd(nfq_nh);
/* Set our nfq handle nonblocking mode.
*
*/
if((fd_flags = fcntl(nfq_fd, F_GETFL, 0)) < 0)
{
log_msg(LOG_ERR, "nfq_capture: fcntl F_GETFL error: %s",
strerror(errno));
clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
}
fd_flags |= O_NONBLOCK;
if(fcntl(nfq_fd, F_SETFL, fd_flags) < 0)
{
log_msg(LOG_ERR, "nfq_capture: fcntl F_SETFL error setting O_NONBLOCK: %s",
strerror(errno));
exit(EXIT_FAILURE);
}
/* Initialize our signal handlers. You can check the return value for
* the number of signals that were *not* set. Those that were not set
* will be listed in the log/stderr output.
*/
if(set_sig_handlers() > 0)
log_msg(LOG_ERR, "Errors encountered when setting signal handlers.");
log_msg(LOG_INFO, "Starting fwknopd main event loop.");
/* Jump into our home-grown packet cature loop.
*/
while(1)
{
/* If we got a SIGCHLD and it was the tcp server, then handle it here.
** XXX: --DSS Do we need this here? I'm guessing we would not be using
** the TCP server in NF_QUEUE capture mode.
*/
if(got_sigchld)
{
if(opts->tcp_server_pid > 0)
{
child_pid = waitpid(0, &status, WNOHANG);
if(child_pid == opts->tcp_server_pid)
{
if(WIFSIGNALED(status))
log_msg(LOG_WARNING, "TCP server got signal: %i", WTERMSIG(status));
log_msg(LOG_WARNING,
"TCP server exited with status of %i. Attempting restart.",
WEXITSTATUS(status)
);
opts->tcp_server_pid = 0;
/* Attempt to restart tcp server ? */
usleep(1000000);
run_tcp_server(opts);
}
}
got_sigchld = 0;
}
/* Any signal except USR1, USR2, and SIGCHLD mean break the loop.
*/
if(got_signal != 0)
{
if(got_sigint || got_sigterm || got_sighup)
{
pending_break = 1;
}
else if(got_sigusr1 || got_sigusr2)
{
/* Not doing anything with these yet.
*/
got_sigusr1 = got_sigusr2 = 0;
got_signal = 0;
}
else
got_signal = 0;
}
res = recv(nfq_fd, nfq_buf, sizeof(nfq_buf), 0);
/* Count processed packets
*/
if(res > 0)
{
nfq_handle_packet(nfq_h, nfq_buf, res);
/* Count the set of processed packets (nfq_dispatch() return
* value) - we use this as a comparison for --packet-limit regardless
* of SPA packet validity at this point.
*/
opts->packet_ctr += res;
if (opts->packet_ctr_limit && opts->packet_ctr >= opts->packet_ctr_limit)
{
log_msg(LOG_WARNING,
"* Incoming packet count limit of %i reached",
opts->packet_ctr_limit
);
pending_break = 1;
}
}
/* If there was an error, complain and go on (to an extent before
* giving up).
*/
else if(res < 0 && errno != EAGAIN)
{
log_msg(LOG_ERR, "[*] Error reading from nfq descriptor: %s", strerror);
if(nfq_errcnt++ > MAX_NFQ_ERRORS_BEFORE_BAIL)
{
log_msg(LOG_ERR, "[*] %i consecutive nfq errors. Giving up",
nfq_errcnt
);
clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
}
}
else if(pending_break == 1 || res == -2)
{
log_msg(LOG_INFO, "Gracefully leaving the fwknopd event loop.");
break;
}
else
nfq_errcnt = 0;
/* Check for any expired firewall rules and deal with them.
*/
check_firewall_rules(opts, chk_rm_all);
usleep(atoi(opts->config[CONF_NFQ_LOOP_SLEEP]));
}
nfq_destroy_queue(nfq_qh);
nfq_close(nfq_h);
return(0);
}
int main(int argc, char **argv)
{
struct nfq_handle *h;
struct nfq_q_handle *qh;
struct nfnl_handle *nh;
int fd;
int rv;
char buf[4096];
printf("opening library handle\n");
h = nfq_open();
if (!h) {
fprintf(stderr, "error during nfq_open()\n");
exit(1);
}
printf("unbinding existing nf_queue handler for AF_INET (if any)\n");
if (nfq_unbind_pf(h, AF_INET) < 0) {
fprintf(stderr, "error during nfq_unbind_pf()\n");
exit(1);
}
printf("binding nfnetlink_queue as nf_queue handler for AF_INET\n");
if (nfq_bind_pf(h, AF_INET) < 0) {
fprintf(stderr, "error during nfq_bind_pf()\n");
exit(1);
}
printf("binding this socket to queue '0'\n");
qh = nfq_create_queue(h, 0, &cb, NULL);
if (!qh) {
fprintf(stderr, "error during nfq_create_queue()\n");
exit(1);
}
printf("setting copy_packet mode\n");
if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
fprintf(stderr, "can't set packet_copy mode\n");
exit(1);
}
nh = nfq_nfnlh(h);
fd = nfnl_fd(nh);
while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
printf("pkt received\n");
nfq_handle_packet(h, buf, rv);
}
printf("unbinding from queue 0\n");
nfq_destroy_queue(qh);
#ifdef INSANE
/* normally, applications SHOULD NOT issue this command, since
* it detaches other programs/sockets from AF_INET, too ! */
printf("unbinding from AF_INET\n");
nfq_unbind_pf(h, AF_INET);
#endif
printf("closing library handle\n");
nfq_close(h);
exit(0);
}
NetherNetlink::~NetherNetlink()
{
if(queueHandle) nfq_destroy_queue(queueHandle);
if(nfqHandle) nfq_close(nfqHandle);
}
QHandler::~QHandler()
{
std::cout << "unbinding from queue\n";
nfq_destroy_queue(qh);
nfq_close(h);
}
/*
* NFQUEUE main loop
* Reads packet and calls callback
*/
static void *nkn_nfqueue_thread(void *arg)
{
struct nfq_handle *nfq_h;
struct nfq_q_handle *nfq_q_h;
int64_t thread_id = (int64_t) arg;
char buf[65536] __attribute__ ((aligned));
int fd, rv, opt, ret;
int queue_created;
char t_name[50];
#if 0
char mem_pool_str[64];
#endif
snprintf(t_name, 50, "nfqueue-%ld", thread_id);
prctl(PR_SET_NAME, t_name, 0, 0, 0);
#if 0
snprintf(mem_pool_str, sizeof(mem_pool_str), "nfqueuemempool-%ld",
thread_id);
nkn_mem_create_thread_pool(mem_pool_str);
#endif
#ifdef PROCESS_IN_NF_THREAD
nkn_dpi_event_handle_init(thread_id);
#endif
UNUSED_ARGUMENT(arg);
while (1) {
queue_created = 0;
nfq_h = nfq_open();
if (!nfq_h) {
DBG_LOG(ERROR, MOD_DPI_URIF, "error during nfq_open()\n");
goto end;
}
if (nfq_unbind_pf(nfq_h, AF_INET) < 0) {
DBG_LOG(ERROR, MOD_DPI_URIF, "error during nfq_unbind_pf()\n");
goto end;
}
if (nfq_bind_pf(nfq_h, AF_INET) < 0) {
if (errno != EEXIST) {
DBG_LOG(ERROR, MOD_DPI_URIF, "error during nfq_bind_pf()\n");
goto end;
}
}
nfq_q_h = nfq_create_queue(nfq_h, thread_id,
&nkn_nfqueue_callback, arg);
if (!nfq_q_h) {
DBG_LOG(ERROR, MOD_DPI_URIF, "error during nfq_create_queue()\n");
goto end;
}
queue_created = 1;
if (nfq_set_mode(nfq_q_h, NFQNL_COPY_PACKET, 0xffff) < 0) {
DBG_LOG(ERROR, MOD_DPI_URIF, "can't set packet_copy mode\n");
goto end;
}
fd = nfq_fd(nfq_h);
opt = 0;
ret = setsockopt(fd, SOL_NETLINK, NETLINK_BROADCAST_SEND_ERROR,
&opt, sizeof(int));
if (ret < 0) {
DBG_LOG(ERROR, MOD_DPI_URIF,
"Failed to un set broadcast send error\n");
}
opt = 1;
ret = setsockopt(fd, SOL_NETLINK, NETLINK_NO_ENOBUFS, &opt,
sizeof(int));
if (ret < 0) {
DBG_LOG(ERROR, MOD_DPI_URIF, "Failed to set no enobug\n");
}
opt = 1024 * 1024 * 256;
ret = setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(int));
if (ret < 0) {
DBG_LOG(ERROR, MOD_DPI_URIF, "Failed to set recv buf size\n");
}
ret = setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &opt, sizeof(int));
if (ret < 0) {
DBG_LOG(ERROR, MOD_DPI_URIF, "Failed to set send buf size\n");
}
while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
nfq_handle_packet(nfq_h, buf, rv);
}
end:;
if (queue_created)
nfq_destroy_queue(nfq_q_h);
nfq_close(nfq_h);
/*
* Wait for 2 secs before retrying
*/
sleep(2);
}
return NULL;
}
int main(int argc, char **argv)
{
struct nfq_handle *h;
struct nfq_q_handle *qh;
int fd;
int rv;
char buf[4096] __attribute__ ((aligned));
printf("Obteniendo el handle de la libreria: ");
h = nfq_open();
if (!h)
{
fprintf(stderr, "Ha fallado\n");
exit(1);
}
else printf(" OK !\n");
printf("Haciendo unbind (por si existe alguno de AF_INET): ");
if (nfq_unbind_pf(h, AF_INET) < 0)
{
fprintf(stderr, "error nfq_unbind_pf()\n");
exit(1);
}
else printf(" OK!\n");
printf("Vinculando nfnetlink_queue de tipo nf_queue handler para AF_INET:");
if (nfq_bind_pf(h, AF_INET) < 0)
{
fprintf(stderr, "error nfq_bind_pf()\n");
exit(1);
}
else printf(" OK!\n");
printf("Creando la vinculacion de la funcion callback con Queue 0, socket receptor: ");
qh = nfq_create_queue(h, 0, &cb, NULL);
if (!qh) {
fprintf(stderr, "error during nfq_create_queue()\n");
exit(1);
}
else printf(" OK !\n");
printf("Definiendo que cantidad de paquete queremos recibir (no queremos todo para estas pruebas): ");
if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
fprintf(stderr, "FALLO el COPY_META mode\n");
exit(1);
}
else printf("OK\n");
fd = nfq_fd(h);
printf("Realizando conexión a memcache: ");
memc= memcached_create(NULL);
servers= memcached_server_list_append(servers, "localhost", 11211, &rc);
rc= memcached_server_push(memc, servers);
if (rc == MEMCACHED_SUCCESS)
printf(" OK ! \n");
else {
printf("error conectando a memcache: %s\n",memcached_strerror(memc, rc));
exit(0);
}
printf("Realizando INIT de MySQL: ");
con = mysql_init(NULL);
if (con == NULL)
{
printf(" FAIL\n");
exit(1);
}
else printf("OK\n");
printf("Realizando Conexion a MYQSL: ");
if (mysql_real_connect(con, "localhost", "root", "FIXMEPASSWORD", "nfqueue", 0, NULL, 0) == NULL)
{
printf(" FAILED\n");
exit(1);
}
else printf(" OKI\n");
printf("Todo Listo !\n Entrando en bucle principal de recepcion ..\n");
while ((rv = recv(fd, buf, sizeof(buf), 0)))
{
// Si todo ha ido bien, gestionamos el paquete:
if (rv>=0)
nfq_handle_packet(h, buf, rv);
// es posible que tengamos packet loss porque
// nuestro codigo es lento y se llena la queue:
else if ( errno == ENOBUFS)
{
fflush(stdout);
printf("!");
}
// O "simplemente", que algo haya ido mal:
else {
printf("ERROR \n");
fflush(stdout);
break;
}
}
// Teoricamente, nunca llegaremos aqui, pero si llegamos
// Habra que liberar bien y tal:
printf("unbinding de queue 0\n");
nfq_destroy_queue(qh);
printf("cerrando library handle\n");
nfq_close(h);
exit(0);
}
int main(int argc, char **argv) {
struct nfq_handle *nfqHandle;
struct nfq_q_handle *myQueue;
struct nfnl_handle *netlinkHandle;
int fd, res;
char buf[BUFF_SIZE];
if (argc!=4) {
fprintf(stderr,"Error in number of arguments\n");
exit(-1);
}
// get the public IP address. And the public IP address is host byte order.
publicIP = inet_network(argv[1]);
if (publicIP == 0) {
fprintf(stderr,"Error in public IP\n");
exit(-1);
}
fprintf(stdout,"publicIP: %u\n",publicIP);
// get the subnet IP address. And the subnet IP address is host byte order.
internalIP = inet_network(argv[2]);
if (internalIP == 0) {
fprintf(stderr,"Error in internal IP\n");
exit(-1);
}
fprintf(stdout,"internalIP: %u\n",internalIP);
mask = mask << (32-atoi(argv[3]));
subnetIP = internalIP & mask;
fprintf(stdout,"subnetIP: %u\n",subnetIP);
initUdp( &udpHead );
initTcp( &tcpHead );
if ( !(nfqHandle = nfq_open())) {
fprintf(stderr, "Error in nfq_open()\n");
exit(-1);
}
if ( nfq_unbind_pf(nfqHandle, AF_INET) < 0 ) {
fprintf(stderr, "Error in nfq_unbind_pf()\n");
exit(-1);
}
if ( nfq_bind_pf(nfqHandle, AF_INET) < 0) {
fprintf(stderr, "Error in nfq_bind_pf()\n");
exit(-1);
}
if ( !(myQueue = nfq_create_queue(nfqHandle, 0, &Callback123, NULL)) ) {
fprintf(stderr, "Error in nfq_create_queue()\n");
exit(1);
}
if ( nfq_set_mode(myQueue, NFQNL_COPY_PACKET, 0xffff) <0 ) {
fprintf(stderr, "Could not set packet copy mode\n");
exit(1);
}
netlinkHandle = nfq_nfnlh(nfqHandle);
fd = nfnl_fd(netlinkHandle);
fprintf(stdout,"ready to receive packets\n");
//Start to process the packet we receive.
while ( (res = recv(fd, buf , sizeof(buf), 0)) && res>=0 ) {
printf("\n\n\n*******NEW ONE*******\n");
fprintf(stdout,"in the loop\n");
nfq_handle_packet(nfqHandle, buf , res);
}
//End the process
nfq_destroy_queue(myQueue);
nfq_close(nfqHandle);
return 0;
}
void *erl_message_read_loop(void *arg_data) {
thread_data_t *data = (thread_data_t *)arg_data;
ErlMessage emsg; // Incoming message
unsigned char buf[BUFSIZE]; // Buffer for incoming message
int got; // Result of receive
ETERM *fromp, *tuplep, *fun, *arg, *resp; // Erlang terms
int loop = 1; // Loop flag
char *f_name_atom;
int q_num;
int i = 0, temp;
q_data_t *q_data[MAX_Q_NUMS]; // Per queue data
response_t r;
/*
Exepected Erlang term:
{from_pid(), {fun_name_atom, argument}}}
or
{from_pid(), {fun_name_atom, argument1, argument2}}}
and returned term:
{call_state, response}
*/
syslog(LOG_NOTICE,"[%d] Connection with node: %s\n\r",data->idx, data->node);
for(i = 0; i < MAX_Q_NUMS; i++) {
q_data[i] = malloc(sizeof(q_data_t));
q_data[i]->q_num = -1;
q_data[i]->h = NULL;
q_data[i]->qh = NULL;
q_data[i]->pid = 0;
}
pthread_setname_np(pthread_self(), "msg_read_loop");
while (loop) {
got = erl_receive_msg(data->fd, buf, BUFSIZE, &emsg);
switch (got) {
case ERL_TICK:
syslog(LOG_NOTICE,"[%d] %s tick\n\r",data->idx, data->node);
break;
case ERL_ERROR:
syslog(LOG_NOTICE,"[%d] %s erl_receive_msg error or node down\n\r",data->idx, data->node);
loop = 0;
break;
case ERL_MSG:
if (emsg.type == ERL_REG_SEND || emsg.type == ERL_SEND) {
fromp = erl_element(1, emsg.msg);
tuplep = erl_element(2, emsg.msg);
fun = erl_element(1, tuplep);
arg = erl_element(2, tuplep);
f_name_atom = ERL_ATOM_PTR(fun);
syslog(LOG_NOTICE,"[%d] %s %s()\n\r", data->idx, data->node, f_name_atom);
if(strcmp(f_name_atom, "create_queue") == 0) {
q_num = ERL_INT_VALUE(arg);
r = create_queue(q_num, q_data, data);
} else if(strcmp(f_name_atom, "destroy_queue") == 0) {
q_num = ERL_INT_VALUE(arg);
r = destroy_queue(q_num, q_data, data);
} else if(strcmp(f_name_atom, "queue_list") == 0) {
r = queue_list(q_data);
} else if(strcmp(f_name_atom, "set_mode") == 0) {
temp = ERL_INT_VALUE(arg);
r = set_mode(temp, tuplep, q_data, data);
} else if(strcmp(f_name_atom, "set_queue_len") == 0) {
temp = ERL_INT_VALUE(arg);
r = set_queue_len(temp, tuplep, q_data, data);
} else if(strcmp(f_name_atom, "read_pkt_start") == 0) {
q_num = ERL_INT_VALUE(arg);
r = read_pkt_start(q_num, q_data, data);
} else if(strcmp(f_name_atom, "read_pkt_stop") == 0) {
q_num = ERL_INT_VALUE(arg);
r = read_pkt_stop(q_num, q_data, data);
}
else {
r.cs = erl_mk_atom("error");
r.rsp = erl_mk_estring("no such function", strlen("no such function"));
}
if ((resp = erl_format("{cnode, {reply, {~w, ~w}}}", r.cs, r.rsp)) != NULL) {
if(!erl_send(data->fd, fromp, resp)) {
syslog(LOG_ERR,"[%d] %s send reply error, exit loop\n\r", data->idx, data->node);
loop = 0;
}
} else {
syslog(LOG_ERR,"[%d] %s term format error\n\r", data->idx, data->node);
loop = 0;
}
erl_free_term(emsg.from);
erl_free_term(emsg.msg);
erl_free_term(fromp);
erl_free_term(tuplep);
erl_free_term(fun);
erl_free_term(arg);
erl_free_term(resp);
erl_free_term(r.rsp);
erl_free_term(r.cs);
}
break;
default:
syslog(LOG_ERR,"[%d] %s something wrong! :(\n\r", data->idx, data->node);
loop = 0;
break;
}
} /* while */
for(i = 0; i < MAX_Q_NUMS; i++) {
if(q_data[i]->pid > 0)
pthread_cancel(q_data[i]->thread);
if (q_data[i]->q_num >= 0) {
nfq_destroy_queue(q_data[i]->qh);
nfq_close(q_data[i]->h);
}
free(q_data[i]);
}
syslog(LOG_ERR,"[%d] %s thread stop\n\r", data->idx, data->node);
free(data->node);
free(data);
pthread_exit(NULL);
}
