From: Eric Leblond <eric@inl.fr>
To: Harald Welte <laforge@netfilter.org>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
netfilter-devel@lists.netfilter.org,
Patrick McHardy <kaber@trash.net>,
Vincent Deffontaines <vincent@inl.fr>
Subject: [Patch 0/2] libnfnetlink and iface conversion to string
Date: Fri, 19 Jan 2007 00:24:36 +0100 [thread overview]
Message-ID: <1169162676.8926.14.camel@localhost> (raw)
In-Reply-To: <20070109115120.GX7655@prithivi.gnumonks.org>
[-- Attachment #1.1: Type: text/plain, Size: 1331 bytes --]
Hi,
Le mardi 09 janvier 2007 à 12:51 +0100, Harald Welte a écrit :
> On Mon, Jan 08, 2007 at 11:41:26PM +0100, Eric Leblond wrote:
> > Hi,
> I have committed that code to svn:
> http://svn.netfilter.org/cgi-bin/viewcvs.cgi/trunk/libnfnetlink/src/
> rtnl.c and iftable.c
>
> However, I never found the time to integrate them intl libnfnetlink, so
> they remained dead code for the last 16 months :(
Here's an attempt to add iface name resolution to libnfnetlink. It works
and it is not too difficult to use.
> > In fact, if we omit the thread approach which is somehow intrusive, I
> > don't see a way to do this via a simple call to added functions.
>
> It isn't all that difficult to keep a in-memory list of name-ifindex
> mappings. You once dump at startup, and then listen to events...
This can be translated like that :
1. get netlink_fd with nlif_table_init()
2. use nlif_treat_msg(netlink_fd) to parse initial message
3. put netlink_fd in a select, and call nlif_treat_msg(netlink_fd)
when data arrives
4. cleanup with nlif_table_fini(void) when feature is not needed
any more
I join the patch for NuFW as code example.
To follow :
* Patch for libnfnetlink
* Patch for libnetfilter_queue
BR,
--
Eric Leblond <eric@inl.fr>
INL
[-- Attachment #1.2: nufw_iface_name.diff --]
[-- Type: text/x-patch, Size: 3222 bytes --]
Index: src/nufw/packetsrv.c
===================================================================
--- src/nufw/packetsrv.c (révision 2596)
+++ src/nufw/packetsrv.c (copie de travail)
@@ -18,6 +18,8 @@
#include "nufw.h"
+#include "iface.h"
+
/** \file packetsrv.c
* \brief Packet server thread
*
@@ -159,6 +161,7 @@
return 1;
}
+
/**
* Open a netlink connection and returns file descriptor
*/
@@ -335,6 +338,7 @@
unsigned char buffer[BUFSIZ];
struct timeval tv;
int fd;
+ int if_fd;
int rv;
int select_result;
fd_set wk_set;
@@ -345,6 +349,12 @@
exit(EXIT_FAILURE);
}
+ if_fd = iface_table_open();
+
+ if (if_fd < 0) {
+ exit(EXIT_FAILURE);
+ }
+
log_area_printf (DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING,
"[+] Packet server started");
@@ -360,6 +370,7 @@
/* wait new event on socket */
FD_ZERO(&wk_set);
FD_SET(fd,&wk_set);
+ FD_SET(if_fd,&wk_set);
select_result = select(fd+1,&wk_set,NULL,NULL,&tv);
if (select_result == -1)
{
@@ -380,6 +391,10 @@
continue;
}
+ if (FD_ISSET(if_fd,&wk_set)){
+ iface_treat_message(if_fd);
+ continue;
+ }
/* read one packet */
rv = recv(fd, buffer, sizeof(buffer), 0);
if (rv < 0)
Index: src/nufw/iface.c
===================================================================
--- src/nufw/iface.c (révision 2596)
+++ src/nufw/iface.c (copie de travail)
@@ -42,4 +42,24 @@
return 1;
}
+int iface_table_open()
+{
+ int iftable_fd;
+ /* opening ifname resolution handle */
+ iftable_fd = nlif_table_init();
+ if (iftable_fd <= 0) {
+ log_area_printf (DEBUG_AREA_MAIN, DEBUG_LEVEL_CRITICAL,
+ "[!] Error during nlif_table_init()");
+ return -1;
+ }
+ /* treat initial rtnetlink message */
+ nlif_treat_msg(iftable_fd);
+
+ return iftable_fd;
+}
+
+int iface_treat_message(int fd)
+{
+ return nlif_treat_msg(fd);
+}
#endif
Index: src/nufw/Makefile.am
===================================================================
--- src/nufw/Makefile.am (révision 2596)
+++ src/nufw/Makefile.am (copie de travail)
@@ -4,8 +4,8 @@
sbin_PROGRAMS = nufw
# nufw
-nufw_SOURCES = authsrv.c common.c main.c packetsrv.c proto.h structure.h\
- tls.c audit.c conntrack.c log.c iface.c
+nufw_SOURCES = authsrv.c common.c main.c iface.c packetsrv.c proto.h structure.h\
+ tls.c audit.c conntrack.c log.c
if HAVE_IPQ
nufw_LDADD = -lipq -lpthread -lgnutls
endif
Index: ChangeLog
===================================================================
--- ChangeLog (révision 2596)
+++ ChangeLog (copie de travail)
@@ -1,6 +1,9 @@
2.1.2
- log_mysql: add option to log by default in SQL
database with IPV4 schema
+ - libnuclient: add nu_get_home_dir function which is not
+ dependant of HOME environment variable
+ - nufw: fix compilation in ipq mode (workaround ipq.h problem)
2.1.1 (2007/01/03)
- suppress ldap authentication code
- add support for log prefix
[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2007-01-18 23:24 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-27 22:17 [RFC] libnfnetlink and iface conversion to string Eric Leblond
2006-12-28 17:39 ` Pablo Neira Ayuso
2006-12-28 23:40 ` Eric Leblond
2007-01-02 8:46 ` [Patch 1/2] Resend : sending iface name from nfnetlink_queue Eric Leblond
2007-01-10 6:52 ` Patrick McHardy
2007-01-02 8:48 ` [Patch 2/2] getting iface name from libnetfilter_queue Eric Leblond
2007-01-07 14:26 ` [RFC] libnfnetlink and iface conversion to string Harald Welte
2007-01-08 22:41 ` Eric Leblond
2007-01-09 0:53 ` Pablo Neira Ayuso
2007-01-09 2:50 ` Eric Leblond
2007-01-09 11:51 ` Harald Welte
2007-01-18 23:24 ` Eric Leblond [this message]
2007-01-18 23:30 ` [Patch 1/2] libnfnetlink, " Eric Leblond
2007-01-19 15:22 ` Patrick McHardy
2007-01-19 17:38 ` Pablo Neira Ayuso
2007-01-19 22:46 ` Eric Leblond
2007-01-22 12:36 ` Harald Welte
2007-01-23 21:13 ` Eric Leblond
2007-01-24 16:50 ` Patrick McHardy
2007-01-25 1:46 ` Pablo Neira Ayuso
2007-01-25 12:11 ` Eric Leblond
2007-01-25 15:59 ` Harald Welte
2007-01-26 2:24 ` Pablo Neira Ayuso
2007-01-25 12:16 ` [Patch 2/2] libnetfilter_queue, " Eric Leblond
2007-01-26 2:26 ` Pablo Neira Ayuso
2007-01-29 10:36 ` Eric Leblond
2007-01-31 1:49 ` Pablo Neira Ayuso
2007-01-18 23:33 ` [Patch 2/2] libnetfilter_queue and " Eric Leblond
2007-01-19 15:25 ` Patrick McHardy
2007-01-19 16:17 ` Resend: " Eric Leblond
2007-01-23 21:17 ` Eric Leblond
2007-01-09 10:22 ` [RFC] libnfnetlink " Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1169162676.8926.14.camel@localhost \
--to=eric@inl.fr \
--cc=kaber@trash.net \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=pablo@netfilter.org \
--cc=vincent@inl.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).