[Patch 2/2] getting iface name from libnetfilter_queue

[Eric Leblond <eleblond@inl.fr>]

[-- Attachment #1.1: Type: text/plain, Size: 1376 bytes --]

Hi,

here's a patch against libnetfilter_queue.

It adds functions that can be used to get interface name.

BR,

Le vendredi 29 décembre 2006 à 00:40 +0100, Eric Leblond a écrit :
> Hi,
> 
> Le jeudi 28 décembre 2006 à 18:39 +0100, Pablo Neira Ayuso a écrit :
> > Eric Leblond wrote:
> > > I'm currently working on NuFW where I try to do iface conversion from
> > > integer to string to be able to filter "naturally" on interfaces.
> > Interesting question. Since this is related with the rtnetlink
> > subsystem, I'm unsure that this feature naturally belongs to
> > libnfnetlink nor to libnetfilter_queue.
> 
> I agree that this does not seem to be the correct place.
> 
> > However, IMO libnetfilter_queue should provide enough features to let
> > userspace apps implement filtering without requiring extra dependencies.
> > BTW, what are the benefits of dumping the index instead of the interface
> > name in this particular case?
> 
> This is interesting !
> 
> I've looked at kernel code and the information was easy to add. I attach
> a small patch against kernel.
> 
> It will add 4*IFNAMSIZ = 64 octets to each nfnetlink_queue message but
> this is not impressive as a part of the packet payload is usually sent.
> 
> BR,
-- 
Éric Leblond, eleblond@inl.fr
Téléphone : 01 44 89 46 39, Fax : 01 44 89 45 01
INL, http://www.inl.fr

[-- Attachment #1.2: libnetfilter_queue-ifacename.diff --]
[-- Type: text/x-patch, Size: 4472 bytes --]

Index: utils/nfqnl_test.c
===================================================================
--- utils/nfqnl_test.c	(révision 6720)
+++ utils/nfqnl_test.c	(copie de travail)
@@ -2,11 +2,14 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <errno.h>
 #include <netinet/in.h>
 #include <linux/netfilter.h>		/* for NF_ACCEPT */
 
 #include <libnetfilter_queue/libnetfilter_queue.h>
 
+/* #define PRINT_INFOS  */
+
 /* returns packet id */
 static u_int32_t print_pkt (struct nfq_data *tb)
 {
@@ -16,13 +19,17 @@
 	int ret;
 	char *data;
 	
+    id = ntohl(ph->packet_id);
 	ph = nfq_get_msg_packet_hdr(tb);
 	if (ph){
 		id = ntohl(ph->packet_id);
+#ifdef PRINT_INFOS
 		printf("hw_protocol=0x%04x hook=%u id=%u ",
 			ntohs(ph->hw_protocol), ph->hook, id);
+#endif
 	}
 	
+#ifdef PRINT_INFOS
 	mark = nfq_get_nfmark(tb);
 	if (mark)
 		printf("mark=%u ", mark);
@@ -40,7 +47,7 @@
 		printf("payload_len=%d ", ret);
 
 	fputc('\n', stdout);
-
+#endif
 	return id;
 }
 	
@@ -49,7 +56,9 @@
 	      struct nfq_data *nfa, void *data)
 {
 	u_int32_t id = print_pkt(nfa);
+#ifdef PRINT_INFOS
 	printf("entering callback\n");
+#endif
 	return nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
 }
 
@@ -96,11 +105,22 @@
 
 	nh = nfq_nfnlh(h);
 	fd = nfnl_fd(nh);
+    while ((rv = recv(fd, buf, sizeof(buf), 0))) {
+        if (rv<0){
+            printf("got error %d during recv\n",errno);
+            if (errno != ENOBUFS){
+                break;
+            } else {
+                printf("got error %d restart recv\n",errno);
+                continue;
+            }
+        }
+#ifdef PRINT_INFOS
+        printf("pkt received\n");
+#endif
+        nfq_handle_packet(h, buf, rv);
+    }
 
-	while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
-		printf("pkt received\n");
-		nfq_handle_packet(h, buf, rv);
-	}
 
 	printf("unbinding from queue 0\n");
 	nfq_destroy_queue(qh);
Index: include/libnetfilter_queue/linux_nfnetlink_queue.h
===================================================================
--- include/libnetfilter_queue/linux_nfnetlink_queue.h	(révision 6720)
+++ include/libnetfilter_queue/linux_nfnetlink_queue.h	(copie de travail)
@@ -45,6 +45,10 @@
 	NFQA_IFINDEX_PHYSOUTDEV,	/* u_int32_t ifindex */
 	NFQA_HWADDR,			/* nfqnl_msg_packet_hw */
 	NFQA_PAYLOAD,			/* opaque data payload */
+	NFQA_IFNAME_INDEV,		/* string name of iface */
+	NFQA_IFNAME_OUTDEV,		/*  string name of iface  */
+	NFQA_IFNAME_PHYSINDEV,	/* string name of iface */
+	NFQA_IFNAME_PHYSOUTDEV,	/* string name of iface */
 
 	__NFQA_MAX
 };
Index: include/libnetfilter_queue/libnetfilter_queue.h
===================================================================
--- include/libnetfilter_queue/libnetfilter_queue.h	(révision 6720)
+++ include/libnetfilter_queue/libnetfilter_queue.h	(copie de travail)
@@ -80,6 +80,13 @@
 extern u_int32_t nfq_get_outdev(struct nfq_data *nfad);
 extern u_int32_t nfq_get_physoutdev(struct nfq_data *nfad);
 
+/* return NULL if not set */
+extern char* nfq_get_indev_name(struct nfq_data *nfad);
+extern char* nfq_get_physindev_name(struct nfq_data *nfad);
+extern char* nfq_get_outdev_name(struct nfq_data *nfad);
+extern char* nfq_get_physoutdev_name(struct nfq_data *nfad);
+
+
 extern struct nfqnl_msg_packet_hw *nfq_get_packet_hw(struct nfq_data *nfad);
 
 /* return -1 if problem, length otherwise */
Index: src/libnetfilter_queue.c
===================================================================
--- src/libnetfilter_queue.c	(révision 6720)
+++ src/libnetfilter_queue.c	(copie de travail)
@@ -419,6 +419,26 @@
 	return ntohl(nfnl_get_data(nfad->data, NFQA_IFINDEX_PHYSOUTDEV, u_int32_t));
 }
 
+char* nfq_get_indev_name(struct nfq_data *nfad)
+{
+	return nfnl_get_pointer_to_data(nfad->data, NFQA_IFNAME_INDEV, char);
+}
+
+char* nfq_get_physindev_name(struct nfq_data *nfad)
+{
+	return nfnl_get_pointer_to_data(nfad->data, NFQA_IFNAME_PHYSINDEV, char);
+}
+
+char* nfq_get_outdev_name(struct nfq_data *nfad)
+{
+	return nfnl_get_pointer_to_data(nfad->data, NFQA_IFNAME_OUTDEV, char);
+}
+
+char* nfq_get_physoutdev_name(struct nfq_data *nfad)
+{
+	return nfnl_get_pointer_to_data(nfad->data, NFQA_IFNAME_PHYSOUTDEV, char);
+}
+
 struct nfqnl_msg_packet_hw *nfq_get_packet_hw(struct nfq_data *nfad)
 {
 	return nfnl_get_pointer_to_data(nfad->data, NFQA_HWADDR,

[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 189 bytes --]