From: Eric Leblond <eric@inl.fr>
To: Harald Welte <laforge@netfilter.org>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
netfilter-devel@lists.netfilter.org,
Patrick McHardy <kaber@trash.net>,
Vincent Deffontaines <vincent@inl.fr>
Subject: [Patch 0/2] libnfnetlink and iface conversion to string
Date: Fri, 19 Jan 2007 00:24:36 +0100 [thread overview]
Message-ID: <1169162676.8926.14.camel@localhost> (raw)
In-Reply-To: <20070109115120.GX7655@prithivi.gnumonks.org>
[-- Attachment #1.1: Type: text/plain, Size: 1331 bytes --]
Hi,
Le mardi 09 janvier 2007 à 12:51 +0100, Harald Welte a écrit :
> On Mon, Jan 08, 2007 at 11:41:26PM +0100, Eric Leblond wrote:
> > Hi,
> I have committed that code to svn:
> http://svn.netfilter.org/cgi-bin/viewcvs.cgi/trunk/libnfnetlink/src/
> rtnl.c and iftable.c
>
> However, I never found the time to integrate them intl libnfnetlink, so
> they remained dead code for the last 16 months :(
Here's an attempt to add iface name resolution to libnfnetlink. It works
and it is not too difficult to use.
> > In fact, if we omit the thread approach which is somehow intrusive, I
> > don't see a way to do this via a simple call to added functions.
>
> It isn't all that difficult to keep a in-memory list of name-ifindex
> mappings. You once dump at startup, and then listen to events...
This can be translated like that :
1. get netlink_fd with nlif_table_init()
2. use nlif_treat_msg(netlink_fd) to parse initial message
3. put netlink_fd in a select, and call nlif_treat_msg(netlink_fd)
when data arrives
4. cleanup with nlif_table_fini(void) when feature is not needed
any more
I join the patch for NuFW as code example.
To follow :
* Patch for libnfnetlink
* Patch for libnetfilter_queue
BR,
--
Eric Leblond <eric@inl.fr>
INL
[-- Attachment #1.2: nufw_iface_name.diff --]
[-- Type: text/x-patch, Size: 3222 bytes --]
Index: src/nufw/packetsrv.c
===================================================================
--- src/nufw/packetsrv.c (révision 2596)
+++ src/nufw/packetsrv.c (copie de travail)
@@ -18,6 +18,8 @@
#include "nufw.h"
+#include "iface.h"
+
/** \file packetsrv.c
* \brief Packet server thread
*
@@ -159,6 +161,7 @@
return 1;
}
+
/**
* Open a netlink connection and returns file descriptor
*/
@@ -335,6 +338,7 @@
unsigned char buffer[BUFSIZ];
struct timeval tv;
int fd;
+ int if_fd;
int rv;
int select_result;
fd_set wk_set;
@@ -345,6 +349,12 @@
exit(EXIT_FAILURE);
}
+ if_fd = iface_table_open();
+
+ if (if_fd < 0) {
+ exit(EXIT_FAILURE);
+ }
+
log_area_printf (DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING,
"[+] Packet server started");
@@ -360,6 +370,7 @@
/* wait new event on socket */
FD_ZERO(&wk_set);
FD_SET(fd,&wk_set);
+ FD_SET(if_fd,&wk_set);
select_result = select(fd+1,&wk_set,NULL,NULL,&tv);
if (select_result == -1)
{
@@ -380,6 +391,10 @@
continue;
}
+ if (FD_ISSET(if_fd,&wk_set)){
+ iface_treat_message(if_fd);
+ continue;
+ }
/* read one packet */
rv = recv(fd, buffer, sizeof(buffer), 0);
if (rv < 0)
Index: src/nufw/iface.c
===================================================================
--- src/nufw/iface.c (révision 2596)
+++ src/nufw/iface.c (copie de travail)
@@ -42,4 +42,24 @@
return 1;
}
+int iface_table_open()
+{
+ int iftable_fd;
+ /* opening ifname resolution handle */
+ iftable_fd = nlif_table_init();
+ if (iftable_fd <= 0) {
+ log_area_printf (DEBUG_AREA_MAIN, DEBUG_LEVEL_CRITICAL,
+ "[!] Error during nlif_table_init()");
+ return -1;
+ }
+ /* treat initial rtnetlink message */
+ nlif_treat_msg(iftable_fd);
+
+ return iftable_fd;
+}
+
+int iface_treat_message(int fd)
+{
+ return nlif_treat_msg(fd);
+}
#endif
Index: src/nufw/Makefile.am
===================================================================
--- src/nufw/Makefile.am (révision 2596)
+++ src/nufw/Makefile.am (copie de travail)
@@ -4,8 +4,8 @@
sbin_PROGRAMS = nufw
# nufw
-nufw_SOURCES = authsrv.c common.c main.c packetsrv.c proto.h structure.h\
- tls.c audit.c conntrack.c log.c iface.c
+nufw_SOURCES = authsrv.c common.c main.c iface.c packetsrv.c proto.h structure.h\
+ tls.c audit.c conntrack.c log.c
if HAVE_IPQ
nufw_LDADD = -lipq -lpthread -lgnutls
endif
Index: ChangeLog
===================================================================
--- ChangeLog (révision 2596)
+++ ChangeLog (copie de travail)
@@ -1,6 +1,9 @@
2.1.2
- log_mysql: add option to log by default in SQL
database with IPV4 schema
+ - libnuclient: add nu_get_home_dir function which is not
+ dependant of HOME environment variable
+ - nufw: fix compilation in ipq mode (workaround ipq.h problem)
2.1.1 (2007/01/03)
- suppress ldap authentication code
- add support for log prefix
[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2007-01-18 23:24 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-27 22:17 [RFC] libnfnetlink and iface conversion to string Eric Leblond
2006-12-28 17:39 ` Pablo Neira Ayuso
2006-12-28 23:40 ` Eric Leblond
2007-01-02 8:46 ` [Patch 1/2] Resend : sending iface name from nfnetlink_queue Eric Leblond
2007-01-10 6:52 ` Patrick McHardy
2007-01-02 8:48 ` [Patch 2/2] getting iface name from libnetfilter_queue Eric Leblond
2007-01-07 14:26 ` [RFC] libnfnetlink and iface conversion to string Harald Welte
2007-01-08 22:41 ` Eric Leblond
2007-01-09 0:53 ` Pablo Neira Ayuso
2007-01-09 2:50 ` Eric Leblond
2007-01-09 11:51 ` Harald Welte
2007-01-18 23:24 ` Eric Leblond [this message]
2007-01-18 23:30 ` [Patch 1/2] libnfnetlink, " Eric Leblond
2007-01-19 15:22 ` Patrick McHardy
2007-01-19 17:38 ` Pablo Neira Ayuso
2007-01-19 22:46 ` Eric Leblond
2007-01-22 12:36 ` Harald Welte
2007-01-23 21:13 ` Eric Leblond
2007-01-24 16:50 ` Patrick McHardy
2007-01-25 1:46 ` Pablo Neira Ayuso
2007-01-25 12:11 ` Eric Leblond
2007-01-25 15:59 ` Harald Welte
2007-01-26 2:24 ` Pablo Neira Ayuso
2007-01-25 12:16 ` [Patch 2/2] libnetfilter_queue, " Eric Leblond
2007-01-26 2:26 ` Pablo Neira Ayuso
2007-01-29 10:36 ` Eric Leblond
2007-01-31 1:49 ` Pablo Neira Ayuso
2007-01-18 23:33 ` [Patch 2/2] libnetfilter_queue and " Eric Leblond
2007-01-19 15:25 ` Patrick McHardy
2007-01-19 16:17 ` Resend: " Eric Leblond
2007-01-23 21:17 ` Eric Leblond
2007-01-09 10:22 ` [RFC] libnfnetlink " Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1169162676.8926.14.camel@localhost \
--to=eric@inl.fr \
--cc=kaber@trash.net \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=pablo@netfilter.org \
--cc=vincent@inl.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.