From: Eric Leblond <eleblond@inl.fr>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Harald Welte <laforge@netfilter.org>,
netfilter-devel@lists.netfilter.org,
Patrick McHardy <kaber@trash.net>,
Vincent Deffontaines <vincent@inl.fr>
Subject: [Patch 1/2] Resend : sending iface name from nfnetlink_queue
Date: Tue, 02 Jan 2007 09:46:22 +0100 [thread overview]
Message-ID: <1167727582.13797.5.camel@localhost.localdomain> (raw)
In-Reply-To: <1167349247.15420.13.camel@localhost>
[-- Attachment #1.1: Type: text/plain, Size: 825 bytes --]
Hi,
Le vendredi 29 décembre 2006 à 00:40 +0100, Eric Leblond a écrit :
> Hi,
>
> Le jeudi 28 décembre 2006 à 18:39 +0100, Pablo Neira Ayuso a écrit :
> > Eric Leblond wrote:
> > > I'm currently working on NuFW where I try to do iface conversion from
> > > integer to string to be able to filter "naturally" on interfaces.
> > Interesting question. Since this is related with the rtnetlink
> > subsystem, I'm unsure that this feature naturally belongs to
> > libnfnetlink nor to libnetfilter_queue.
>
> I've looked at kernel code and the information was easy to add. I attach
> a small patch against kernel.
I resend a modified version of my kernel patch. It fixes a bug on fields
size.
BR,
--
Éric Leblond, eleblond@inl.fr
Téléphone : 01 44 89 46 39, Fax : 01 44 89 45 01
INL, http://www.inl.fr
[-- Attachment #1.2: nfnetlink_queue-ifacename.diff --]
[-- Type: text/x-patch, Size: 3739 bytes --]
diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
index 83e7896..8318105 100644
--- a/include/linux/netfilter/nfnetlink_queue.h
+++ b/include/linux/netfilter/nfnetlink_queue.h
@@ -41,6 +41,10 @@ enum nfqnl_attr_type {
NFQA_IFINDEX_PHYSOUTDEV, /* u_int32_t ifindex */
NFQA_HWADDR, /* nfqnl_msg_packet_hw */
NFQA_PAYLOAD, /* opaque data payload */
+ NFQA_IFNAME_INDEV, /* string name of iface */
+ NFQA_IFNAME_OUTDEV, /* string name of iface */
+ NFQA_IFNAME_PHYSINDEV, /* string name of iface */
+ NFQA_IFNAME_PHYSOUTDEV, /* string name of iface */
__NFQA_MAX
};
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index a88a017..6cc301a 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -424,6 +424,7 @@ #endif
tmp_uint = htonl(indev->ifindex);
#ifndef CONFIG_BRIDGE_NETFILTER
NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), &tmp_uint);
+ NFA_PUT(skb, NFQA_IFNAME_INDEV, IFNAMSIZ*sizeof(char), indev->name);
#else
if (entinf->pf == PF_BRIDGE) {
/* Case 1: indev is physical input device, we need to
@@ -431,20 +432,28 @@ #else
* netfilter_bridge) */
NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV, sizeof(tmp_uint),
&tmp_uint);
+ NFA_PUT(skb, NFQA_IFNAME_PHYSINDEV, IFNAMSIZ*sizeof(char),
+ indev->name);
/* this is the bridge group "brX" */
tmp_uint = htonl(indev->br_port->br->dev->ifindex);
NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint),
&tmp_uint);
+ NFA_PUT(skb, NFQA_IFNAME_INDEV, IFNAMSIZ*sizeof(char),
+ indev->name);
} else {
/* Case 2: indev is bridge group, we need to look for
* physical device (when called from ipv4) */
NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint),
&tmp_uint);
+ NFA_PUT(skb, NFQA_IFNAME_INDEV, IFNAMSIZ*sizeof(char),
+ indev->name);
if (entskb->nf_bridge
&& entskb->nf_bridge->physindev) {
tmp_uint = htonl(entskb->nf_bridge->physindev->ifindex);
NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV,
sizeof(tmp_uint), &tmp_uint);
+ NFA_PUT(skb, NFQA_IFNAME_PHYSINDEV, IFNAMSIZ*sizeof(char),
+ entskb->nf_bridge->physindev->name);
}
}
#endif
@@ -454,6 +463,7 @@ #endif
tmp_uint = htonl(outdev->ifindex);
#ifndef CONFIG_BRIDGE_NETFILTER
NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), &tmp_uint);
+ NFA_PUT(skb, NFQA_IFNAME_OUTDEV, IFNAMSIZ*sizeof(char), outdev->name);
#else
if (entinf->pf == PF_BRIDGE) {
/* Case 1: outdev is physical output device, we need to
@@ -461,20 +471,28 @@ #else
* netfilter_bridge) */
NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV, sizeof(tmp_uint),
&tmp_uint);
+ NFA_PUT(skb, NFQA_IFNAME_PHYSOUTDEV, IFNAMSIZ*sizeof(char),
+ outdev->name);
/* this is the bridge group "brX" */
tmp_uint = htonl(outdev->br_port->br->dev->ifindex);
NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint),
&tmp_uint);
+ NFA_PUT(skb, NFQA_IFNAME_OUTDEV, IFNAMSIZ*sizeof(char),
+ outdev->name);
} else {
/* Case 2: outdev is bridge group, we need to look for
* physical output device (when called from ipv4) */
NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint),
&tmp_uint);
+ NFA_PUT(skb, NFQA_IFNAME_OUTDEV, IFNAMSIZ*sizeof(char),
+ outdev->name);
if (entskb->nf_bridge
&& entskb->nf_bridge->physoutdev) {
tmp_uint = htonl(entskb->nf_bridge->physoutdev->ifindex);
NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV,
sizeof(tmp_uint), &tmp_uint);
+ NFA_PUT(skb, NFQA_IFNAME_PHYSOUTDEV, IFNAMSIZ*sizeof(char),
+ entskb->nf_bridge->physoutdev->name);
}
}
#endif
[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2007-01-02 8:46 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-27 22:17 [RFC] libnfnetlink and iface conversion to string Eric Leblond
2006-12-28 17:39 ` Pablo Neira Ayuso
2006-12-28 23:40 ` Eric Leblond
2007-01-02 8:46 ` Eric Leblond [this message]
2007-01-10 6:52 ` [Patch 1/2] Resend : sending iface name from nfnetlink_queue Patrick McHardy
2007-01-02 8:48 ` [Patch 2/2] getting iface name from libnetfilter_queue Eric Leblond
2007-01-07 14:26 ` [RFC] libnfnetlink and iface conversion to string Harald Welte
2007-01-08 22:41 ` Eric Leblond
2007-01-09 0:53 ` Pablo Neira Ayuso
2007-01-09 2:50 ` Eric Leblond
2007-01-09 11:51 ` Harald Welte
2007-01-18 23:24 ` [Patch 0/2] " Eric Leblond
2007-01-18 23:30 ` [Patch 1/2] libnfnetlink, " Eric Leblond
2007-01-19 15:22 ` Patrick McHardy
2007-01-19 17:38 ` Pablo Neira Ayuso
2007-01-19 22:46 ` Eric Leblond
2007-01-22 12:36 ` Harald Welte
2007-01-23 21:13 ` Eric Leblond
2007-01-24 16:50 ` Patrick McHardy
2007-01-25 1:46 ` Pablo Neira Ayuso
2007-01-25 12:11 ` Eric Leblond
2007-01-25 15:59 ` Harald Welte
2007-01-26 2:24 ` Pablo Neira Ayuso
2007-01-25 12:16 ` [Patch 2/2] libnetfilter_queue, " Eric Leblond
2007-01-26 2:26 ` Pablo Neira Ayuso
2007-01-29 10:36 ` Eric Leblond
2007-01-31 1:49 ` Pablo Neira Ayuso
2007-01-18 23:33 ` [Patch 2/2] libnetfilter_queue and " Eric Leblond
2007-01-19 15:25 ` Patrick McHardy
2007-01-19 16:17 ` Resend: " Eric Leblond
2007-01-23 21:17 ` Eric Leblond
2007-01-09 10:22 ` [RFC] libnfnetlink " Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1167727582.13797.5.camel@localhost.localdomain \
--to=eleblond@inl.fr \
--cc=kaber@trash.net \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=pablo@netfilter.org \
--cc=vincent@inl.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.