Пример #1
0
/************************* main *******************************/
int main() {
    new_packet = (unsigned char *)malloc(MTU);
    if(new_packet == NULL) {
        printf("Malloc failed\n");
        exit(EXIT_FAILURE);
    }

    struct nfq_handle *h = get_handle();
    fd_set rfds;

    // start the downstream code, later move to a thread
    initializeRabin(powers);
    int max_fd = 0;
    int down_fd = createQueue(h, DOWN_MOBILE_QUEUE, &cbDown);
    if(down_fd > max_fd)
        max_fd = down_fd;
    int up_fd = createQueue(h, UP_MOBILE_QUEUE, &cbUp);
    if(up_fd > max_fd)
        max_fd = up_fd;

    printlog(logfile, system_loglevel, LOG_DEBUG, 
            "Queue packet descriptors, down_fd: %d, up_fd: %d\n",
            down_fd, up_fd);

    int n = 0, rv = 0;
    char buf[4096] __attribute__ ((aligned));
    nfnl_rcvbufsiz(nfq_nfnlh(h), 4096 * 4096);
    while(true) {
        FD_ZERO(&rfds);
        FD_SET(down_fd, &rfds);
        FD_SET(up_fd, &rfds);
        n = select(max_fd + 1, &rfds, NULL, NULL, NULL);
        if(n == -1) {
            printlog(logfile, system_loglevel, LOG_CRITICAL, 
                    "Select returned error: %s\n", strerror(errno));
        } 
        if(FD_ISSET(down_fd, &rfds)) {
            rv = recv(down_fd, buf, sizeof(buf), 0);
            if(rv < 0) {
                printlog(logfile, system_loglevel, LOG_CRITICAL, 
                        "recv call failed: %s\n", strerror(errno));
            } else {
                nfq_handle_packet(h, buf, rv);
            }
        } 
        if(FD_ISSET(up_fd, &rfds)) {
            rv = recv(up_fd, buf, sizeof(buf), 0);
            if(rv < 0) {
                printlog(logfile, system_loglevel, LOG_CRITICAL, 
                        "recv call failed: %s\n", strerror(errno));
            } else {
                nfq_handle_packet(h, buf, rv);
            }
        }
    }

    // start the upstream code, later move to a thread
    return 0;
}
Пример #2
0
int main(int argc, char **argv) {
  int rv;
  char buf[4096] __attribute__ ((aligned));

  q_setup();

  while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
    printf("pkt received\n");
    nfq_handle_packet(h, buf, rv);
  }

  printf("unbinding from queue 0\n");
  nfq_destroy_queue(qh);

#ifdef INSANE
  /* normally, applications SHOULD NOT issue this command, since
   * it detaches other programs/sockets from AF_INET, too ! */
  printf("unbinding from AF_INET\n");
  nfq_unbind_pf(h, AF_INET);
#endif

  printf("closing library handle\n");
  nfq_close(h);

  exit(0);
}
Пример #3
0
static int packet_do_receive(struct packet_module_state *state, struct packet **pkt)
{
	const int rv = recv(state->fd, state->receive_buffer,
			sizeof(state->receive_buffer), 0);
	if (rv < 0) {
		messagef(HAKA_LOG_ERROR, MODULE_NAME, L"packet reception failed, %s", errno_error(errno));
		return 0;
	}

	if (nfq_handle_packet(state->handle, state->receive_buffer, rv) == 0) {
		if (state->current_packet) {
			state->current_packet->state = state;
			*pkt = (struct packet*)state->current_packet;

			if (pcap) {
				dump_pcap(&pcap->in, state->current_packet);
			}

			state->current_packet = NULL;
			return 0;
		}
		else {
			return state->error;
		}
	}
	else {
		message(HAKA_LOG_ERROR, MODULE_NAME, L"packet processing failed");
		return 0;
	}
}
Пример #4
0
int main(int argc, char **argv)
{
	struct nfq_handle *h;
	struct nfq_q_handle *qh;
	struct nfnl_handle *nh;
	int fd;
	int rv;
	char buf[4096] __attribute__ ((aligned));

	printf("Simple latency simulator\n");
	printf("(C) 2009, 2010 by Holger Freyther\n");
	printf("(C) 2005 by Harald Welte\n");

	handle_options(argc, argv);

	h = nfq_open();
	if (!h) {
		fprintf(stderr, "error during nfq_open()\n");
		exit(1);
	}

	printf("unbinding existing nf_queue handler for AF_INET (if any)\n");
	if (nfq_unbind_pf(h, AF_INET) < 0) {
		fprintf(stderr, "error during nfq_unbind_pf()\n");
		exit(1);
	}

	printf("binding nfnetlink_queue as nf_queue handler for AF_INET\n");
	if (nfq_bind_pf(h, AF_INET) < 0) {
		fprintf(stderr, "error during nfq_bind_pf()\n");
		exit(1);
	}

	printf("binding this socket to queue '0'\n");
	qh = nfq_create_queue(h,  0, &cb, NULL);
	if (!qh) {
		fprintf(stderr, "error during nfq_create_queue()\n");
		exit(1);
	}

	printf("setting copy_packet mode\n");
	if (nfq_set_mode(qh, NFQNL_COPY_META, 0xffff) < 0) {
		fprintf(stderr, "can't set packet_copy mode\n");
		exit(1);
	}

	fd = nfq_fd(h);

	while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
		nfq_handle_packet(h, buf, rv);
	}

	printf("unbinding from queue 0\n");
	nfq_destroy_queue(qh);

	printf("closing library handle\n");
	nfq_close(h);

	exit(0);
}
Пример #5
0
void disruptor_nfq_handle_traffic() {
	/*handle the incoming packets*/

	d_nfq.fd = nfq_fd(d_nfq.h);
	while ((d_nfq.recv_pkt_sz = recv(d_nfq.fd, d_nfq.buf, sizeof(d_nfq.buf), 0)) >= 0) {
			nfq_handle_packet(d_nfq.h, d_nfq.buf, d_nfq.recv_pkt_sz); /* send packet to callback */
	}
}
Пример #6
0
static void packetsrv_activity_cb(struct ev_loop *loop, ev_io *w, int revents)
{
	if (revents & EV_READ) {
		unsigned char buffer[BUFSIZ];
		int rv;
		int fd = nfq_fd(h);
		/* read one packet */
		rv = recv(fd, buffer, sizeof(buffer), 0);
		if (rv < 0) {
			struct nlif_handle *nlif_handle = (struct nlif_handle *) w->data;
			log_area_printf(DEBUG_AREA_MAIN,
					DEBUG_LEVEL_WARNING,
					"[!] Error of read on netfilter queue socket (code %i, errno %d): %s!",
					rv,
					errno,
					strerror(errno));
			log_area_printf(DEBUG_AREA_MAIN,
					DEBUG_LEVEL_SERIOUS_MESSAGE,
					"Reopen netlink connection.");
			packetsrv_close(0);
#ifdef HAVE_NFQ_INDEV_NAME
			fd = packetsrv_open(nlif_handle);
#else
			fd = packetsrv_open(NULL);
#endif
			if (fd < 0) {
				log_area_printf(DEBUG_AREA_MAIN,
						DEBUG_LEVEL_CRITICAL,
						"[!] FATAL ERROR: Fail to reopen netlink connection!");
				exit(EXIT_FAILURE);
			}
			ev_io_stop(loop, w);
			ev_io_set(w, fd, EV_READ);
			ev_io_start(loop, w);
			return;
		}

		ev_io_stop(loop, &tls.ev_io);
		/* process the packet */
		nfq_handle_packet(h, (char *) buffer, rv);
		pckt_rx++;
		ev_io_start(loop, &tls.ev_io);
	}

	if (revents & EV_ERROR) {
		struct nlif_handle *nlif_handle = (struct nlif_handle *) w->data;
		int fd;
		packetsrv_close(0);
		ev_io_stop(loop, w);
#ifdef HAVE_NFQ_INDEV_NAME
		fd = packetsrv_open(nlif_handle);
#else
		fd = packetsrv_open(NULL);
#endif
		ev_io_set(w, fd, EV_READ);
		ev_io_start(loop, w);
	}
}
Пример #7
0
int main(int argc, char **argv)
{
	struct nfq_handle *qh;
	struct nfq_q_handle *qqh;
//	struct nfnl_handle *nh;
	int fd;
	int rv;
	char buf[4096] __attribute__ ((aligned));

	struct nfct_handle *cth;

	if (init_nfct(&cth) != 0) {
	  exit(1);
	}

	if (init_nfq(&qh, &qqh, cth) != 0) {
	  exit(1);
	}

	fd = nfq_fd(qh);

	for (;;) {
		if ((rv = recv(fd, buf, sizeof(buf), 0)) >= 0) {
			printf("pkt received\n");
			nfq_handle_packet(qh, buf, rv);
			continue;
		}
		/* if your application is too slow to digest the packets that
		 * are sent from kernel-space, the socket buffer that we use
		 * to enqueue packets may fill up returning ENOBUFS. Depending
		 * on your application, this error may be ignored. Please, see
		 * the doxygen documentation of this library on how to improve
		 * this situation.
		 */
		if (rv < 0 && errno == ENOBUFS) {
			printf("losing packets!\n");
			continue;
		}
		perror("recv failed");
		break;
	}

	printf("unbinding from queue 0\n");
	nfq_destroy_queue(qqh);

#ifdef INSANE
	/* normally, applications SHOULD NOT issue this command, since
	 * it detaches other programs/sockets from AF_INET, too ! */
	printf("unbinding from AF_INET\n");
	nfq_unbind_pf(h, AF_INET);
#endif

	printf("closing library handle\n");
	nfq_close(qh);
	nfct_close(cth);

	exit(0);
}
Пример #8
0
int nfq()
{
    int len, fd;
    char buf[BUFSIZE]= {0};
    struct nfq_handle *h;
    //call nfq_open() to open a NFQUEUE handler
    h = nfq_open();
    if(!h)
    {
        fprintf(stderr, "error during nfq_open()\n");
        exit(1);
    }

    //unbinging existing nf_queue handler for PE_INET(if any)
    if(nfq_unbind_pf(h, PF_INET) < 0)
    {
        fprintf(stderr, "error during nfq_unbind_pf()\n");
        exit(1);
    }

    //binding nfnetlink_queue as nf_queue handler for PF_INET
    if(nfq_bind_pf(h, PF_INET) < 0)
    {
        fprintf(stderr, "error during nfq_bind_pf()\n");
        exit(1);
    }

    //binding this socket to queue '0'
    gqh = nfq_create_queue(h, 0, &queue_cb, NULL);
    if(!gqh)
    {
        fprintf(stderr,"error during nfq_create_queue()\n");
        exit(1);
    }

    //setting copy_packet mode
    if(nfq_set_mode(gqh, NFQNL_COPY_PACKET, 0xffff) < 0)
    {
        fprintf(stderr, "can't set packet_copy_mode\n");
        exit(1);
    }

    //get the file descriptor associated with the nfqueue handler
    fd = nfq_fd(h);

    //handle a packet received from the nfqueue subsystem
CONTINUE:
    while ((len = recv(fd, buf, BUFSIZE, 0)) && len >= 0)
    {
        nfq_handle_packet(h, buf, len);
    }
    debug_log("error len=%d" ,len);
    sleep(2);
    goto CONTINUE;
    nfq_destroy_queue(gqh);
    nfq_close(h);
    return 0;
}
Пример #9
0
static int nfq_daq_acquire (
    void* handle, int c, DAQ_Analysis_Func_t callback, void* user)
{
    NfqImpl *impl = (NfqImpl*)handle;

    int n = 0;
    fd_set fdset;
    struct timeval tv;
    tv.tv_usec = 0;

    // If c is <= 0, don't limit the packets acquired.  However,
    // impl->count = 0 has a special meaning, so interpret accordingly.
    impl->count = (c == 0) ? -1 : c;
    impl->user_data = user;
    impl->user_func = callback;

    while ( (impl->count < 0) || (n < impl->count) )
    {
        FD_ZERO(&fdset);
        FD_SET(impl->sock, &fdset);

        // set this per call
        tv.tv_sec = impl->timeout;
        tv.tv_usec = 0;

        // at least ipq had a timeout!
        if ( select(impl->sock+1, &fdset, NULL, NULL, &tv) < 0 )
        {
            if ( errno == EINTR )
                break;
            DPE(impl->error, "%s: select = %s",
                __FUNCTION__, strerror(errno));
            return DAQ_ERROR;
        }

        if (FD_ISSET(impl->sock, &fdset))
        {
            int len = recv(impl->sock, impl->buf, MSG_BUF_SIZE, 0);

            if ( len > 0)
            {
                int stat = nfq_handle_packet(
                    impl->nf_handle, (char*)impl->buf, len);

                impl->stats.hw_packets_received++;

                if ( stat < 0 )
                {
                    DPE(impl->error, "%s: nfq_handle_packet = %s",
                        __FUNCTION__, strerror(errno));
                    return DAQ_ERROR;
                }
                n++;
            }
        }
    }
    return 0;
}
Пример #10
0
bool NetherNetlink::processPacket(char *packetBuffer, const int packetReadSize)
{
	if(nfq_handle_packet(nfqHandle, packetBuffer, packetReadSize))
	{
		LOGE("nfq_handle_packet failed");
		return (false);
	}

	return (true);
}
Пример #11
0
/* ---------------------------------------------------------------------------- */
void              fwnfq_loop(void)
{
	gchar buf[4096];
	gint  rv;
	while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
		printf("=====================================================================\n");
		printf("* pkt received *\n");
		nfq_handle_packet(h, buf, rv);
	}
}
Пример #12
0
/**
 * This is the main function used by each worker thread that is spawned
 * when the startFilterThread() method of the HostFilter class is used.
 * @return 0 upon success, 1 upon failure.
 */
void* hostFilterMain(void* arg) {
    
    // declaration of local variables
    int fd;
    int bytes;
    char packetBuffer[1500];
    struct nfq_handle *handle;
    struct nfq_q_handle *queueHandle;
    
    // attempt to open a queue connection handle from the netfilter module
    if (!(handle = nfq_open())) {
        std::cerr << "ERROR: nfq_open()" << std::endl;
        exit(1);
    }
    
    // unbind the handle to prevent any inability to bind
    if (nfq_unbind_pf(handle, AF_INET) < 0) {
        std::cerr << "ERROR: nfq_unbind_pf()" << std::endl;
        exit(1);
    }
    
    // bind the handle so that it can process IPv4 packets
    if (nfq_bind_pf(handle, AF_INET) < 0) {
        std::cerr << "ERROR: nfq_bind_pf()" << std::endl;
        exit(1);
    }
    
    // create the handle for the nfq queue and ensure that it is linked to a callback
    if (!(queueHandle = nfq_create_queue(handle, 0, &cb, arg))) {
        std::cerr << "ERROR: nfq_create_queue()" << std::endl;
        exit(1);
    }
    
    // enable all packet data for every queued packet to be copied and read into user space
    if (nfq_set_mode(queueHandle, NFQNL_COPY_PACKET, 0xffff) < 0) {
        std::cerr << "ERROR: packet copy mode" << std::endl;
        exit(1);
    }
    
    // create a file descriptor that can be used to read from the queue
    fd = nfq_fd(handle);
    if (fd == -1) {
        std::cerr << "ERROR: nfq_fd()" << std::endl;
        exit(1);
    }
    
    // when a packet is received from the queue go and handle it with the callback
    while (true) {
        if ((bytes = recv(fd, packetBuffer, sizeof(packetBuffer), 0)) >= 0) {
            std::cout << "A packet has been received at the queue" << std::endl;
            nfq_handle_packet(handle, packetBuffer, bytes);
        }
    }
    return NULL;
}
Пример #13
0
void* routeRecordMain(void* arg){

	randomValue = createLongRandomValue();
	char* gatewayIP = getIPAddress(INTERFACE);
	gatewayAddr = getInAddr(gatewayIP);

	initializeRRFilterList();

	struct nfq_handle* h = nfq_open();
	if (!h) {
		fprintf(stderr, "error during nfq_open()\n");
		exit(1);
	}

	printf("unbinding existing nf_queue handler for AF_INET (if any)\n");
	if (nfq_unbind_pf(h, AF_INET) < 0) {
		fprintf(stderr, "error during nfq_unbind_pf()\n");
		exit(1);
	}

	printf("binding nfnetlink_queue as nf_queue handler for AF_INET\n");
	if (nfq_bind_pf(h, AF_INET) < 0) {
		fprintf(stderr, "error during nfq_bind_pf()\n");
		exit(1);
	}

	//nfq_callback* cb = (nfq_callback*) calloc(1, sizeof(nfq_callback));
	printf("binding this socket to queue '0'\n");
	struct nfq_q_handle* qh = nfq_create_queue(h,  0, &cb, NULL);
	if (!qh) {
		fprintf(stderr, "error during nfq_create_queue()\n");
		exit(1);
	}

	printf("setting copy_packet mode\n");
	if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
		fprintf(stderr, "can't set packet_copy mode\n");
		exit(1);
	}
	int fd = nfq_fd(h);
	int rv = -1;
	char* buf = (char*) calloc(1, 100001);
	while ((rv = recv(fd, buf, 10000, 0)) >= 0) {
		printf("pkt received\n received: [%d]\n\n", rv);
		nfq_handle_packet(h, buf, rv);
	}

	printf("unbinding from queue 0\n");
	nfq_destroy_queue(qh);

	printf("closing library handle\n");
	nfq_close(h);

	pthread_exit(NULL);
}
Пример #14
0
/*
 * Initialize stdin and nfq hook, then loop forever. Callback() does all the real work.
 */
int main(int argc, char **argv) {

	int fd;
    int rv;
    char buf[4096] __attribute__ ((aligned));

	if(getuid() != 0) {
        fail("Only root can use me.");
    }

	/* make stdin non-blocking, i.e. optional */
	int flags = fcntl(0, F_GETFL, 0);
	flags |= O_NONBLOCK;
	fcntl(0, F_SETFL, flags);


	/* signal handler will close nfq hooks on exit */
	if(signal(SIGINT, sig_handler) == SIG_IGN)
        signal(SIGINT, SIG_IGN);
    if(signal(SIGHUP, sig_handler) == SIG_IGN)
        signal(SIGINT, SIG_IGN);
    if(signal(SIGTERM, sig_handler) == SIG_IGN)
        signal(SIGINT, SIG_IGN);

	/* hook callback() into userspace netlink queue */
	if (!(nfqh = nfq_open()))
		fail("nfq_open() failed");

	if (0 > nfq_unbind_pf(nfqh, AF_INET))
		fail("nfq_unbind_pf failed");

	if (0 > nfq_bind_pf(nfqh, AF_INET))
		fail("nfq_bind_pf failed");

	if (!(qh = nfq_create_queue(nfqh, 0, &callback, NULL)))
		fail("nfq_create_queue failed");

	if (0 > nfq_set_mode(qh, NFQNL_COPY_META, 0xffff))
		fail("nfq_set_mode failed");

	nh = nfq_nfnlh(nfqh);
	fd = nfnl_fd(nh);


	printf("Commencing packet mangling..\n");

	clock_gettime(CLOCK_REALTIME, &last_time);

	while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0)
		nfq_handle_packet(nfqh, buf, rv);


    printf("Exiting..\n");
    return 0;
}
Пример #15
0
static void ProcessNFQUEUE(int fd){
	char buf[4096];

	socklen_t len_r;
	struct sockaddr_in sendername;
	len_r = sizeof(struct sockaddr_in);

        int res = recvfrom(fd, buf, sizeof(buf), 0,
			(struct sockaddr *)&sendername, &len_r);

	nfq_handle_packet(nfqHandle, buf, res);
}
Пример #16
0
void QHandler::HandleMessage()
{
 	char buf[4096];
	int rv = recv(sock, buf, sizeof(buf), 0);
	if (rv > 0) {
	   nfq_handle_packet(h, buf, rv);
	} else {
		if (errno != EAGAIN) {
			throw std::runtime_error("recv failed");
		}
	}
}
Пример #17
0
static int
tc_nfq_event_process(tc_event_t *rev)
{
    int             rv = 0;
    char            buffer[65536];

    if (tc_nfq_socket_recv(rev->fd, buffer, 65536, &rv) == TC_ERROR) {
        return TC_ERROR;
    }

    nfq_handle_packet(srv_settings.nfq_handler, buffer, rv);

    return TC_OK;
}
Пример #18
0
int main(int argc, char** argv) {
    int fd;
    ssize_t rv;
    char buf[4096];
    struct nfq_handle* h;
    struct nfq_q_handle* qh;
int i=0;
    h = nfq_open();
    if (!h) {
        fprintf(stderr, "error during nfq_open()\n");
        exit(1);
    }

    if (nfq_unbind_pf(h, AF_INET) < 0) {
        fprintf(stderr, "error during nfq_unbind_pf()\n");
        exit(1);
    }

    if (nfq_bind_pf(h, AF_INET) < 0) {
        fprintf(stderr, "error during nfq_bind_pf()\n");
        exit(1);
    }

    printf("Binding to queue 0...\n");
    qh = nfq_create_queue(h, 0, &cb, NULL);
    if (!qh) {
        fprintf(stderr, "error during nfq_create_queue()\n");
        exit(1);
    }

    printf("Copying packets...\n");
    if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
        fprintf(stderr, "error during nfq_set_mode()\n");
        exit(1);
    }

    fd = nfq_fd(h);

    memset(buf, 0, 4096);
    while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) 
    {
      for (i = 0; i < rv; i++) printf("%02x\n", *(buf+i));
      printf("\n\n");
      nfq_handle_packet(h, buf, rv);
    }

    nfq_destroy_queue(qh);
    nfq_close(h);
}
Пример #19
0
/**
 * \brief NFQ function to get a packet from the kernel
 *
 * \note separate functions for Linux and Win32 for readability.
 */
static void NFQRecvPkt(NFQQueueVars *t, NFQThreadVars *tv)
{
    int rv, ret;
    int flag = NFQVerdictCacheLen(t) ? MSG_DONTWAIT : 0;

    /* XXX what happens on rv == 0? */
    rv = recv(t->fd, tv->data, tv->datalen, flag);

    if (rv < 0) {
        if (errno == EINTR || errno == EWOULDBLOCK) {
            /* no error on timeout */
            if (flag)
                NFQVerdictCacheFlush(t);

            /* inject a fake packet on timeout */
            TmThreadsCaptureInjectPacket(tv->tv, tv->slot, NULL);
        } else {
#ifdef COUNTERS
            NFQMutexLock(t);
            t->errs++;
            NFQMutexUnlock(t);
#endif /* COUNTERS */
        }
    } else if(rv == 0) {
        SCLogWarning(SC_ERR_NFQ_RECV, "recv got returncode 0");
    } else {
#ifdef DBG_PERF
        if (rv > t->dbg_maxreadsize)
            t->dbg_maxreadsize = rv;
#endif /* DBG_PERF */

        //printf("NFQRecvPkt: t %p, rv = %" PRId32 "\n", t, rv);

        NFQMutexLock(t);
        if (t->qh != NULL) {
            ret = nfq_handle_packet(t->h, tv->data, rv);
        } else {
            SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "NFQ handle has been destroyed");
            ret = -1;
        }
        NFQMutexUnlock(t);

        if (ret != 0) {
            SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "nfq_handle_packet error %"PRId32" %s",
                    ret, strerror(errno));
        }
    }
}
Пример #20
0
int main(int argc, char **argv)
{
    int fd, rv;
    char buf[BUFSIZE];

    strcpy(listtype, argv[1]);
    if (get_url_info())
    {
        printf("error during get_url_info()\n");
        return 0;
    }

    memset(buf, 0, sizeof(buf));

    /* open a netlink connection to get packet from kernel */
    fd = netlink_open_connection(NULL);

    while (1)
    {
        rv = recv(fd, buf, sizeof(buf), 0);
        if ( rv >= 0)
        {
#ifdef UFD_DEBUG
            printf("pkt received\n");
#endif
            nfq_handle_packet(h, buf, rv);
            memset(buf, 0, sizeof(buf));
        }
        else
        {
            nfq_close(h);
#ifdef UFD_DEBUG
            printf("nfq close done\n");
#endif
            fd = netlink_open_connection(NULL);
#ifdef UFD_DEBUG
            printf("need to rebind to netfilter queue 0\n");
#endif
        }
    }
#ifdef UFD_DEBUG
    printf("unbinding from queue 0\n");
#endif
    nfq_destroy_queue(qh);
    nfq_close(h);

    return 0;
}
Пример #21
0
int _process_loop(struct queue *self, int fd, int flags, int max_count)
{
        int rv;
        char buf[65535];
        int count;

        count = 0;

        while ((rv = recv(fd, buf, sizeof(buf), flags)) >= 0) {
                nfq_handle_packet(self->_h, buf, rv);
                count++;
                if (max_count > 0 && count >= max_count) {
                        break;
                }
        }
        return count;
}
Пример #22
0
void divert_next_packet(int s)
{
	char buf[2048];
	int rc;

	rc = read(s, buf, sizeof(buf));
	if (rc == -1) {
		if (errno == ENOBUFS) {
			printf("F**K - we're dropping packets\n");
			return;
		}

		err(1, "read(divert) %d", errno);
	}

	if (rc == 0)
		errx(1, "EOF");

	nfq_handle_packet(_h, buf, rc);
}
Пример #23
0
int main(int argc, char** argv)
{
    struct nfq_handle* nfq_h;
    struct nfq_q_handle* qh;
    int fd, rv;

    nfq_h = setup_netfilter_queue();
    if(!nfq_h) return -1;

    qh = create_q_handle(nfq_h, &log_packet, NULL);
    if(!qh) return -1;

    fd = nfq_fd(nfq_h);
    while((rv = recv(fd, nfq_buffer, sizeof(nfq_buffer), 0)))
    {
        nfq_handle_packet(nfq_h, (char*)nfq_buffer, rv);
    }

    return 0;
}
Пример #24
0
void *read_queue_loop(void *arg) {

    q_data_t *data = (q_data_t *)arg;
    int rv, fd;
    char buf[4096] __attribute__ ((aligned));

    data->pid = syscall(SYS_gettid);

    fd = nfq_fd(data->h);

    syslog(LOG_NOTICE, "Packet read thread started, queue: %d, TID: %d...\n\r", data->q_num, data->pid);

    while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
        pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
        nfq_handle_packet(data->h, buf, rv);
        pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
    }

    pthread_exit(NULL);
}
Пример #25
0
void NFQRecvPkt(NFQQueueVars *t, NFQThreadVars *tv) {
    int rv, ret;

    /* XXX what happens on rv == 0? */
    rv = recv(t->fd, tv->data, tv->datalen, 0);

    if (rv < 0) {
        if (errno == EINTR || errno == EWOULDBLOCK) {
            /* no error on timeout */
        } else {
#ifdef COUNTERS
            NFQMutexLock(t);
            t->errs++;
            NFQMutexUnlock(t);
#endif /* COUNTERS */
        }
    } else if(rv == 0) {
        SCLogWarning(SC_ERR_NFQ_RECV, "recv got returncode 0");
    } else {
#ifdef DBG_PERF
        if (rv > t->dbg_maxreadsize)
            t->dbg_maxreadsize = rv;
#endif /* DBG_PERF */

        //printf("NFQRecvPkt: t %p, rv = %" PRId32 "\n", t, rv);

        NFQMutexLock(t);
        if (t->qh != NULL) {
            ret = nfq_handle_packet(t->h, tv->data, rv);
        } else {
            SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "NFQ handle has been destroyed");
            ret = -1;
        }
        NFQMutexUnlock(t);

        if (ret != 0) {
            SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "nfq_handle_packet error %" PRId32 "", ret);
        }
    }
}
Пример #26
0
            /* no error on timeout */
        } else {
#ifdef COUNTERS
            NFQMutexLock(t);
            t->errs++;
            NFQMutexUnlock(t);
#endif /* COUNTERS */
        }
    } else if(rv == 0) {
        SCLogWarning(SC_ERR_NFQ_RECV, "recv got returncode 0");
    } else {
#ifdef DBG_PERF
        if (rv > t->dbg_maxreadsize)
            t->dbg_maxreadsize = rv;
#endif /* DBG_PERF */

        //printf("NFQRecvPkt: t %p, rv = %" PRId32 "\n", t, rv);

        NFQMutexLock(t);
        if (t->qh != NULL) {
            ret = nfq_handle_packet(t->h, tv->data, rv);
        } else {
            SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "NFQ handle has been destroyed");
            ret = -1;
        }
        NFQMutexUnlock(t);

        if (ret != 0) {
            SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "nfq_handle_packet error %" PRId32 "", ret);
        }
    }
}
#else /* WIN32 version of NFQRecvPkt */
void NFQRecvPkt(NFQQueueVars *t, NFQThreadVars *tv) {
    int rv, ret;
    static int timeouted = 0;

    if (timeouted) {
        if (WaitForSingleObject(t->ovr.hEvent, 1000) == WAIT_TIMEOUT) {
            rv = -1;
            errno = EINTR;
            goto process_rv;
        }
        timeouted = 0;
    }

read_packet_again:

    if (!ReadFile(t->fd, tv->buf, sizeof(tv->buf), (DWORD*)&rv, &t->ovr)) {
        if (GetLastError() != ERROR_IO_PENDING) {
            rv = -1;
            errno = EIO;
        } else {
            if (WaitForSingleObject(t->ovr.hEvent, 1000) == WAIT_TIMEOUT) {
                rv = -1;
                errno = EINTR;
                timeouted = 1;
            } else {
                /* We needn't to call GetOverlappedResult() because it always
                 * fail with our error code ERROR_MORE_DATA. */
                goto read_packet_again;
            }
        }
    }

process_rv:

    if (rv < 0) {
        if (errno == EINTR) {
            /* no error on timeout */
        } else {
#ifdef COUNTERS
            t->errs++;
#endif /* COUNTERS */
        }
    } else if(rv == 0) {
        SCLogWarning(SC_ERR_NFQ_RECV, "recv got returncode 0");
    } else {
#ifdef DBG_PERF
        if (rv > t->dbg_maxreadsize)
            t->dbg_maxreadsize = rv;
#endif /* DBG_PERF */

        //printf("NFQRecvPkt: t %p, rv = %" PRId32 "\n", t, rv);

        NFQMutexLock(t);
        if (t->qh) {
            ret = nfq_handle_packet(t->h, buf, rv);
        } else {
            SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "NFQ handle has been destroyed");
            ret = -1;
        }
        NFQMutexUnlock(t);

        if (ret != 0) {
            SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "nfq_handle_packet error %" PRId32 "", ret);
        }
    }
}
Пример #27
0
/* The nfq capture routine.
*/
int
nfq_capture(fko_srv_options_t *opts)
{
    int                 res, child_pid, fd_flags;
    int                 nfq_errcnt = 0;
    int                 pending_break = 0;
    int                 status;
    char                nfq_buf[1500];
    int                 chk_rm_all = 0;

    /* Netfilter-related handles
    */
    int                  nfq_fd;
    struct nfq_handle   *nfq_h;
    struct nfq_q_handle *nfq_qh;
    struct nfnl_handle  *nfq_nh;

    nfq_h = nfq_open();
    if (!nfq_h) {
        log_msg(LOG_ERR, "[*] nfq_open error\n");
        clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
    }

    /* Unbind existing nf_queue handler for AF_INET (if any)
    */
    res = nfq_unbind_pf(nfq_h, AF_INET);
    if (res < 0)  {
        log_msg(LOG_WARNING, "[*] Error during nfq_unbind_pf() error: %d\n", res);
    }

    /* Bind the given queue connection handle to process packets.
    */
    res =  nfq_bind_pf(nfq_h, AF_INET);
    if ( res < 0) {
        log_msg(LOG_ERR, "Error during nfq_bind_pf(), error: %d\n", res);
        clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
    }

    /* Create queue
    */
    nfq_qh = nfq_create_queue(nfq_h,  atoi(opts->config[CONF_NFQ_QUEUE_NUMBER]), &process_nfq_packet, opts);
    if (!nfq_qh) {
        log_msg(LOG_ERR, "Error during nfq_create_queue()\n");
        clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
    }

    /* Set the amount of data to be copied to userspace for each packet
     * queued to the given queue.
    */
    if (nfq_set_mode(nfq_qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
        log_msg(LOG_ERR, "Can't set packet_copy mode\n");
        clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
    }

    /* Get the netlink handle associated with the given queue connection
     * handle. Then use it to get the file descriptor we will use for
     * receiving the queued packets
    */
    nfq_nh = nfq_nfnlh(nfq_h);
    nfq_fd = nfnl_fd(nfq_nh);

    /* Set our nfq handle nonblocking mode.
     *
    */
    if((fd_flags = fcntl(nfq_fd, F_GETFL, 0)) < 0)
    {
        log_msg(LOG_ERR, "nfq_capture: fcntl F_GETFL error: %s",
            strerror(errno));
        clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
    }

    fd_flags |= O_NONBLOCK;

    if(fcntl(nfq_fd, F_SETFL, fd_flags) < 0)
    {
        log_msg(LOG_ERR, "nfq_capture: fcntl F_SETFL error setting O_NONBLOCK: %s",
            strerror(errno));
        exit(EXIT_FAILURE);
    }

    /* Initialize our signal handlers. You can check the return value for
     * the number of signals that were *not* set.  Those that were not set
     * will be listed in the log/stderr output.
    */
    if(set_sig_handlers() > 0)
        log_msg(LOG_ERR, "Errors encountered when setting signal handlers.");

    log_msg(LOG_INFO, "Starting fwknopd main event loop.");

    /* Jump into our home-grown packet cature loop.
    */
    while(1)
    {
        /* If we got a SIGCHLD and it was the tcp server, then handle it here.
        ** XXX: --DSS Do we need this here?  I'm guessing we would not be using
        **            the TCP server in NF_QUEUE capture mode.
        */
        if(got_sigchld)
        {
            if(opts->tcp_server_pid > 0)
            {
                child_pid = waitpid(0, &status, WNOHANG);

                if(child_pid == opts->tcp_server_pid)
                {
                    if(WIFSIGNALED(status))
                        log_msg(LOG_WARNING, "TCP server got signal: %i",  WTERMSIG(status));

                    log_msg(LOG_WARNING,
                        "TCP server exited with status of %i. Attempting restart.",
                        WEXITSTATUS(status)
                    );

                    opts->tcp_server_pid = 0;

                    /* Attempt to restart tcp server ? */
                    usleep(1000000);
                    run_tcp_server(opts);
                }
            }

            got_sigchld = 0;
        }

        /* Any signal except USR1, USR2, and SIGCHLD mean break the loop.
        */
        if(got_signal != 0)
        {
            if(got_sigint || got_sigterm || got_sighup)
            {
                pending_break = 1;
            }
            else if(got_sigusr1 || got_sigusr2)
            {
                /* Not doing anything with these yet.
                */
                got_sigusr1 = got_sigusr2 = 0;
                got_signal = 0;
            }
            else
                got_signal = 0;
        }

        res = recv(nfq_fd, nfq_buf, sizeof(nfq_buf), 0);

        /* Count processed packets
        */
        if(res > 0)
        {
            nfq_handle_packet(nfq_h, nfq_buf, res);

            /* Count the set of processed packets (nfq_dispatch() return
             * value) - we use this as a comparison for --packet-limit regardless
             * of SPA packet validity at this point.
            */
            opts->packet_ctr += res;
            if (opts->packet_ctr_limit && opts->packet_ctr >= opts->packet_ctr_limit)
            {
                log_msg(LOG_WARNING,
                    "* Incoming packet count limit of %i reached",
                    opts->packet_ctr_limit
                );

                pending_break = 1;
            }
        }
        /* If there was an error, complain and go on (to an extent before
         * giving up).
        */
        else if(res < 0 && errno != EAGAIN)
        {

            log_msg(LOG_ERR, "[*] Error reading from  nfq descriptor: %s", strerror);

            if(nfq_errcnt++ > MAX_NFQ_ERRORS_BEFORE_BAIL)
            {
                log_msg(LOG_ERR, "[*] %i consecutive nfq errors.  Giving up",
                    nfq_errcnt
                );
                clean_exit(opts, FW_CLEANUP, EXIT_FAILURE);
            }

        }
        else if(pending_break == 1 || res == -2)
        {
            log_msg(LOG_INFO, "Gracefully leaving the fwknopd event loop.");
            break;
        }
        else
            nfq_errcnt = 0;

        /* Check for any expired firewall rules and deal with them.
        */
        check_firewall_rules(opts, chk_rm_all);

        usleep(atoi(opts->config[CONF_NFQ_LOOP_SLEEP]));
    }

    nfq_destroy_queue(nfq_qh);
    nfq_close(nfq_h);

    return(0);
}
Пример #28
0
int main(int argc, char **argv)
{
	struct nfq_handle *h;
	struct nfq_q_handle *qh;
	struct nfnl_handle *nh;
	int fd;
	int rv;
	char buf[4096];

	printf("opening library handle\n");
	h = nfq_open();
	if (!h) {
		fprintf(stderr, "error during nfq_open()\n");
		exit(1);
	}

	printf("unbinding existing nf_queue handler for AF_INET (if any)\n");
	if (nfq_unbind_pf(h, AF_INET) < 0) {
		fprintf(stderr, "error during nfq_unbind_pf()\n");
		exit(1);
	}

	printf("binding nfnetlink_queue as nf_queue handler for AF_INET\n");
	if (nfq_bind_pf(h, AF_INET) < 0) {
		fprintf(stderr, "error during nfq_bind_pf()\n");
		exit(1);
	}

	printf("binding this socket to queue '0'\n");
	qh = nfq_create_queue(h,  0, &cb, NULL);
	if (!qh) {
		fprintf(stderr, "error during nfq_create_queue()\n");
		exit(1);
	}

	printf("setting copy_packet mode\n");
	if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
		fprintf(stderr, "can't set packet_copy mode\n");
		exit(1);
	}

	nh = nfq_nfnlh(h);
	fd = nfnl_fd(nh);

	while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
		printf("pkt received\n");
		nfq_handle_packet(h, buf, rv);
	}

	printf("unbinding from queue 0\n");
	nfq_destroy_queue(qh);

#ifdef INSANE
	/* normally, applications SHOULD NOT issue this command, since
	 * it detaches other programs/sockets from AF_INET, too ! */
	printf("unbinding from AF_INET\n");
	nfq_unbind_pf(h, AF_INET);
#endif

	printf("closing library handle\n");
	nfq_close(h);

	exit(0);
}
Пример #29
0
Файл: main.c Проект: lmatz/NAT
int main(int argc, char **argv) {

	struct nfq_handle *nfqHandle;
	struct nfq_q_handle *myQueue;
	struct nfnl_handle *netlinkHandle;

	int fd, res;
	char buf[BUFF_SIZE];

	if (argc!=4) {
		fprintf(stderr,"Error in number of arguments\n");
		exit(-1);
	}

	// get the public IP address. And the public IP address is host byte order.
	publicIP = inet_network(argv[1]);
	if (publicIP == 0) {
		fprintf(stderr,"Error in public IP\n");
		exit(-1);
	}
	fprintf(stdout,"publicIP: %u\n",publicIP);

	// get the subnet IP address. And the subnet IP address is host byte order.
	internalIP = inet_network(argv[2]);
	if (internalIP == 0) {
		fprintf(stderr,"Error in internal IP\n");
		exit(-1);
	}
	fprintf(stdout,"internalIP: %u\n",internalIP);
	mask = mask << (32-atoi(argv[3]));
	subnetIP = internalIP & mask;
	fprintf(stdout,"subnetIP: %u\n",subnetIP);

	initUdp( &udpHead );
	initTcp( &tcpHead );

	if ( !(nfqHandle = nfq_open())) {
		fprintf(stderr, "Error in nfq_open()\n");
		exit(-1);
	}

	if ( nfq_unbind_pf(nfqHandle, AF_INET) < 0 ) {
		fprintf(stderr, "Error in nfq_unbind_pf()\n");
		exit(-1);
	}

	if ( nfq_bind_pf(nfqHandle, AF_INET) < 0) {
		fprintf(stderr, "Error in nfq_bind_pf()\n");
		exit(-1);
	}

	if ( !(myQueue = nfq_create_queue(nfqHandle, 0, &Callback123, NULL)) ) {
		fprintf(stderr, "Error in nfq_create_queue()\n");
		exit(1);
	}

	if ( nfq_set_mode(myQueue, NFQNL_COPY_PACKET, 0xffff) <0 ) {
		fprintf(stderr, "Could not set packet copy mode\n");
		exit(1);
	}

	netlinkHandle = nfq_nfnlh(nfqHandle);
	fd = nfnl_fd(netlinkHandle);

	
	fprintf(stdout,"ready to receive packets\n");

	//Start to process the packet we receive.
	while ( (res = recv(fd, buf , sizeof(buf), 0))  && res>=0 ) {
		
		printf("\n\n\n*******NEW ONE*******\n");
		fprintf(stdout,"in the loop\n");
		nfq_handle_packet(nfqHandle, buf , res);
	}
	//End the process


	nfq_destroy_queue(myQueue);

	nfq_close(nfqHandle);

	return 0;

}
int main(int argc, char **argv)
{
	struct nfq_handle *h;
	struct nfq_q_handle *qh;
	int fd;
	int rv;
	char buf[4096] __attribute__ ((aligned));

	printf("Obteniendo el handle de la libreria: ");
	h = nfq_open();
	if (!h) 
	{
		fprintf(stderr, "Ha fallado\n");
		exit(1);
	}
	else	printf(" OK !\n");

	printf("Haciendo unbind (por si existe alguno de AF_INET): ");
	if (nfq_unbind_pf(h, AF_INET) < 0) 
	{
		fprintf(stderr, "error nfq_unbind_pf()\n");
		exit(1);
	}
	else	printf(" OK!\n");

	printf("Vinculando nfnetlink_queue de tipo nf_queue handler para AF_INET:");
	if (nfq_bind_pf(h, AF_INET) < 0) 
	{
		fprintf(stderr, "error nfq_bind_pf()\n");
		exit(1);
	}
	else	printf(" OK!\n");

	printf("Creando la vinculacion de la funcion callback con Queue 0, socket receptor: ");
	qh = nfq_create_queue(h,  0, &cb, NULL);
	if (!qh) {
		fprintf(stderr, "error during nfq_create_queue()\n");
		exit(1);
	}
	else	printf(" OK !\n");

	printf("Definiendo que cantidad de paquete queremos recibir (no queremos todo para estas pruebas): ");
	if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
		fprintf(stderr, "FALLO el COPY_META mode\n");
		exit(1);
	}
	else	printf("OK\n");


	fd = nfq_fd(h);

	printf("Realizando conexión a memcache: ");
	memc= memcached_create(NULL);
	servers= memcached_server_list_append(servers, "localhost", 11211, &rc);
	rc= memcached_server_push(memc, servers);

	if (rc == MEMCACHED_SUCCESS)
		printf(" OK ! \n");
	else	{
			printf("error conectando a memcache: %s\n",memcached_strerror(memc, rc));
			exit(0);
		}

	printf("Realizando INIT de MySQL: ");
	con = mysql_init(NULL);
  	if (con == NULL)
  	{
      		printf(" FAIL\n");
      		exit(1);
  	}  
  	else	printf("OK\n");
	printf("Realizando Conexion a MYQSL: ");
	if (mysql_real_connect(con, "localhost", "root", "FIXMEPASSWORD", "nfqueue", 0, NULL, 0) == NULL) 
	  {
      		printf(" FAILED\n");
		exit(1);
	  }  
	else	printf(" OKI\n");


	printf("Todo Listo !\n Entrando en bucle principal de recepcion ..\n");
	while ((rv = recv(fd, buf, sizeof(buf), 0)))
	{
		// Si todo ha ido bien, gestionamos el paquete:
		if (rv>=0)
			nfq_handle_packet(h, buf, rv);
		
			// es posible que tengamos packet loss porque 
			// nuestro codigo es lento y se llena la queue:
		else if ( errno == ENOBUFS)
			{
				fflush(stdout);
				printf("!");
			}
			// O "simplemente", que algo haya ido mal:
		else {
				printf("ERROR \n");
				fflush(stdout);
				break;
			}
		
	}

	// Teoricamente, nunca llegaremos aqui, pero si llegamos

	// Habra que liberar bien y tal:
	printf("unbinding de queue 0\n");
	nfq_destroy_queue(qh);
	printf("cerrando library handle\n");
	nfq_close(h);

	exit(0);
}