From: Eric Leblond <eric@inl.fr>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Harald Welte <laforge@netfilter.org>,
netfilter-devel@lists.netfilter.org,
Patrick McHardy <kaber@trash.net>,
Vincent Deffontaines <vincent@inl.fr>
Subject: Re: [RFC] libnfnetlink and iface conversion to string
Date: Fri, 29 Dec 2006 00:40:47 +0100 [thread overview]
Message-ID: <1167349247.15420.13.camel@localhost> (raw)
In-Reply-To: <45940145.3020003@netfilter.org>
[-- Attachment #1.1: Type: text/plain, Size: 1063 bytes --]
Hi,
Le jeudi 28 décembre 2006 à 18:39 +0100, Pablo Neira Ayuso a écrit :
> Eric Leblond wrote:
> > I'm currently working on NuFW where I try to do iface conversion from
> > integer to string to be able to filter "naturally" on interfaces.
> Interesting question. Since this is related with the rtnetlink
> subsystem, I'm unsure that this feature naturally belongs to
> libnfnetlink nor to libnetfilter_queue.
I agree that this does not seem to be the correct place.
> However, IMO libnetfilter_queue should provide enough features to let
> userspace apps implement filtering without requiring extra dependencies.
> BTW, what are the benefits of dumping the index instead of the interface
> name in this particular case?
This is interesting !
I've looked at kernel code and the information was easy to add. I attach
a small patch against kernel.
It will add 4*IFNAMSIZ = 64 octets to each nfnetlink_queue message but
this is not impressive as a part of the packet payload is usually sent.
BR,
--
Eric Leblond <eric@inl.fr>
INL
[-- Attachment #1.2: nfnetlink_queue-iface-name.diff --]
[-- Type: text/x-patch, Size: 3609 bytes --]
diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
index 83e7896..8318105 100644
--- a/include/linux/netfilter/nfnetlink_queue.h
+++ b/include/linux/netfilter/nfnetlink_queue.h
@@ -41,6 +41,10 @@ enum nfqnl_attr_type {
NFQA_IFINDEX_PHYSOUTDEV, /* u_int32_t ifindex */
NFQA_HWADDR, /* nfqnl_msg_packet_hw */
NFQA_PAYLOAD, /* opaque data payload */
+ NFQA_IFNAME_INDEV, /* string name of iface */
+ NFQA_IFNAME_OUTDEV, /* string name of iface */
+ NFQA_IFNAME_PHYSINDEV, /* string name of iface */
+ NFQA_IFNAME_PHYSOUTDEV, /* string name of iface */
__NFQA_MAX
};
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index a88a017..9b86b9d 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -424,6 +424,7 @@ #endif
tmp_uint = htonl(indev->ifindex);
#ifndef CONFIG_BRIDGE_NETFILTER
NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), &tmp_uint);
+ NFA_PUT(skb, NFQA_IFNAME_INDEV, IFNAMSIZ, indev->name);
#else
if (entinf->pf == PF_BRIDGE) {
/* Case 1: indev is physical input device, we need to
@@ -431,20 +432,28 @@ #else
* netfilter_bridge) */
NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV, sizeof(tmp_uint),
&tmp_uint);
+ NFA_PUT(skb, NFQA_IFNAME_PHYSINDEV, IFNAMSIZ,
+ indev->name);
/* this is the bridge group "brX" */
tmp_uint = htonl(indev->br_port->br->dev->ifindex);
NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint),
&tmp_uint);
+ NFA_PUT(skb, NFQA_IFNAME_INDEV, IFNAMSIZ,
+ indev->name);
} else {
/* Case 2: indev is bridge group, we need to look for
* physical device (when called from ipv4) */
NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint),
&tmp_uint);
+ NFA_PUT(skb, NFQA_IFNAME_INDEV, IFNAMSIZ,
+ indev->name);
if (entskb->nf_bridge
&& entskb->nf_bridge->physindev) {
tmp_uint = htonl(entskb->nf_bridge->physindev->ifindex);
NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV,
sizeof(tmp_uint), &tmp_uint);
+ NFA_PUT(skb, NFQA_IFNAME_PHYSINDEV, IFNAMSIZ,
+ entskb->nf_bridge->physindev->name);
}
}
#endif
@@ -454,6 +463,7 @@ #endif
tmp_uint = htonl(outdev->ifindex);
#ifndef CONFIG_BRIDGE_NETFILTER
NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), &tmp_uint);
+ NFA_PUT(skb, NFQA_IFNAME_OUTDEV, IFNAMSIZ, outdev->name);
#else
if (entinf->pf == PF_BRIDGE) {
/* Case 1: outdev is physical output device, we need to
@@ -461,20 +471,28 @@ #else
* netfilter_bridge) */
NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV, sizeof(tmp_uint),
&tmp_uint);
+ NFA_PUT(skb, NFQA_IFNAME_PHYSOUTDEV, IFNAMSIZ,
+ outdev->name);
/* this is the bridge group "brX" */
tmp_uint = htonl(outdev->br_port->br->dev->ifindex);
NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint),
&tmp_uint);
+ NFA_PUT(skb, NFQA_IFNAME_OUTDEV, IFNAMSIZ,
+ outdev->name);
} else {
/* Case 2: outdev is bridge group, we need to look for
* physical output device (when called from ipv4) */
NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint),
&tmp_uint);
+ NFA_PUT(skb, NFQA_IFNAME_OUTDEV, IFNAMSIZ,
+ outdev->name);
if (entskb->nf_bridge
&& entskb->nf_bridge->physoutdev) {
tmp_uint = htonl(entskb->nf_bridge->physoutdev->ifindex);
NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV,
sizeof(tmp_uint), &tmp_uint);
+ NFA_PUT(skb, NFQA_IFNAME_PHYSOUTDEV, IFNAMSIZ,
+ entskb->nf_bridge->physoutdev->name);
}
}
#endif
[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2006-12-28 23:40 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-27 22:17 [RFC] libnfnetlink and iface conversion to string Eric Leblond
2006-12-28 17:39 ` Pablo Neira Ayuso
2006-12-28 23:40 ` Eric Leblond [this message]
2007-01-02 8:46 ` [Patch 1/2] Resend : sending iface name from nfnetlink_queue Eric Leblond
2007-01-10 6:52 ` Patrick McHardy
2007-01-02 8:48 ` [Patch 2/2] getting iface name from libnetfilter_queue Eric Leblond
2007-01-07 14:26 ` [RFC] libnfnetlink and iface conversion to string Harald Welte
2007-01-08 22:41 ` Eric Leblond
2007-01-09 0:53 ` Pablo Neira Ayuso
2007-01-09 2:50 ` Eric Leblond
2007-01-09 11:51 ` Harald Welte
2007-01-18 23:24 ` [Patch 0/2] " Eric Leblond
2007-01-18 23:30 ` [Patch 1/2] libnfnetlink, " Eric Leblond
2007-01-19 15:22 ` Patrick McHardy
2007-01-19 17:38 ` Pablo Neira Ayuso
2007-01-19 22:46 ` Eric Leblond
2007-01-22 12:36 ` Harald Welte
2007-01-23 21:13 ` Eric Leblond
2007-01-24 16:50 ` Patrick McHardy
2007-01-25 1:46 ` Pablo Neira Ayuso
2007-01-25 12:11 ` Eric Leblond
2007-01-25 15:59 ` Harald Welte
2007-01-26 2:24 ` Pablo Neira Ayuso
2007-01-25 12:16 ` [Patch 2/2] libnetfilter_queue, " Eric Leblond
2007-01-26 2:26 ` Pablo Neira Ayuso
2007-01-29 10:36 ` Eric Leblond
2007-01-31 1:49 ` Pablo Neira Ayuso
2007-01-18 23:33 ` [Patch 2/2] libnetfilter_queue and " Eric Leblond
2007-01-19 15:25 ` Patrick McHardy
2007-01-19 16:17 ` Resend: " Eric Leblond
2007-01-23 21:17 ` Eric Leblond
2007-01-09 10:22 ` [RFC] libnfnetlink " Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1167349247.15420.13.camel@localhost \
--to=eric@inl.fr \
--cc=kaber@trash.net \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=pablo@netfilter.org \
--cc=vincent@inl.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.