[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[Duncan Roe]

Hi Pablo,

This is the first step towards moving to 100% libmnl use.

AFAICS these 2 funtions just have to go otherwise we are stuck with
libnfnetlink for ever.

Cheers ... Duncan.

Duncan Roe (1):
  Retire 2 libnfnetlink-specific functions

 .gitignore                                      | 1 +
 include/libnetfilter_queue/libnetfilter_queue.h | 2 --
 src/libnetfilter_queue.c                        | 5 +++--
 3 files changed, 4 insertions(+), 4 deletions(-)

-- 
2.35.8

[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[Duncan Roe]

Hi Pablo,

We need this patch for mnl cut-over of nfnl API.
It's just an added function, should be fine to apply straight away(?)

Cheers ... Duncan.

Duncan Roe (1):
  src: Add nfq_nlmsg_put2() - header flags include NLM_F_ACK

 .../libnetfilter_queue/libnetfilter_queue.h   |  1 +
 src/nlmsg.c                                   | 72 ++++++++++++++++---
 2 files changed, 65 insertions(+), 8 deletions(-)

-- 
2.35.8

[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[Duncan Roe]

Hi Pablo,

Maybe park this one until mnl cut-over is complete(?)

Cheers ... Duncan.

Duncan Roe (1):
  Remove libnfnetlink from the build

 Make_global.am           | 2 +-
 configure.ac             | 1 -
 libnetfilter_queue.pc.in | 1 -
 src/Makefile.am          | 2 +-
 4 files changed, 2 insertions(+), 4 deletions(-)

-- 
2.35.8

[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[Duncan Roe]

Hi Pablo,

This patch enables nfqnl_test to run up to the line
> printf("binding this socket to queue '%d'\n", queue);
nfnl_rcvbufsiz() also succeeds.
https://patchwork.ozlabs.org/project/netfilter-devel/patch/20231110041604.11564-1-duncan_roe@optusnet.com.au/
nfqnl_test will crash if allowed to run further.

In nfq_open(), I renamed qh to h: it was just too annoying having the
nfq_handle called qh while everywhere else qh is a nfq_q_handle. Sorry if
that makes review harder.

For now I just made the obsolete functions nfq_{,un}bind_pf return 0. Can
do them properly later if you would prefer.

The patch is obviously not ready to apply yet so just for your review ATM.
Please suggest changes as you see fit.

Cheers ... Duncan.

Duncan Roe (1):
  Convert nfq_open(), nfq_bind_pf() & nfq_unbind_pf() to use libmnl

 doxygen/doxygen.cfg.in   |  1 +
 src/libnetfilter_queue.c | 43 ++++++++++++++++++++++++++++++----------
 2 files changed, 33 insertions(+), 11 deletions(-)

-- 
2.35.8

[PATCH libnetfilter_queue 1/1] Convert nfq_open(), nfq_bind_pf() & nfq_unbind_pf() to use libmnl

[Duncan Roe]

Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
---
 doxygen/doxygen.cfg.in   |  1 +
 src/libnetfilter_queue.c | 43 ++++++++++++++++++++++++++++++----------
 2 files changed, 33 insertions(+), 11 deletions(-)

diff --git a/doxygen/doxygen.cfg.in b/doxygen/doxygen.cfg.in
index 97174ff..3e06bd8 100644
--- a/doxygen/doxygen.cfg.in
+++ b/doxygen/doxygen.cfg.in
@@ -13,6 +13,7 @@ EXCLUDE_SYMBOLS        = EXPORT_SYMBOL \
                          nfq_handle \
                          nfq_data \
                          nfq_q_handle \
+                         nfnl_handle \
                          tcp_flag_word
 EXAMPLE_PATTERNS       =
 INPUT_FILTER           = "sed 's/EXPORT_SYMBOL//g'"
diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c
index bf67a19..ca44a6c 100644
--- a/src/libnetfilter_queue.c
+++ b/src/libnetfilter_queue.c
@@ -31,6 +31,7 @@
 #include <sys/socket.h>
 #include <linux/netfilter/nfnetlink_queue.h>
 
+#include <libmnl/libmnl.h>
 #include <libnfnetlink/libnfnetlink.h>
 #include <libnetfilter_queue/libnetfilter_queue.h>
 #include "internal.h"
@@ -134,11 +135,21 @@ gcc -g3 -ggdb -Wall -lmnl -lnetfilter_queue -o nf-queue nf-queue.c
  * burst
  */
 
+/* We need a rump nfnl_handle to support nfnl_rcvbufsiz() */
+/* Luckily fd is the 1st item and that's all we need */
+
+struct nfnl_handle {
+	int			fd;
+};
+
 struct nfq_handle
 {
+	unsigned int portid;
 	struct nfnl_handle *nfnlh;
 	struct nfnl_subsys_handle *nfnlssh;
 	struct nfq_q_handle *qh_list;
+	struct mnl_socket *nl;
+	struct nfnl_handle rump_nfnl_handle;
 };
 
 struct nfq_q_handle
@@ -383,20 +394,30 @@ int nfq_fd(struct nfq_handle *h)
 EXPORT_SYMBOL
 struct nfq_handle *nfq_open(void)
 {
-	struct nfnl_handle *nfnlh = nfnl_open();
-	struct nfq_handle *qh;
+	struct nfq_handle *h = malloc(sizeof(*h));
 
-	if (!nfnlh)
+	if (!h)
 		return NULL;
+	memset(h, 0, sizeof(*h));
 
-	/* unset netlink sequence tracking by default */
-	nfnl_unset_sequence_tracking(nfnlh);
+	h->nl = mnl_socket_open(NETLINK_NETFILTER);
+	if (!h->nl) {
+		free(h);
+		return NULL;
+	}
 
-	qh = nfq_open_nfnl(nfnlh);
-	if (!qh)
-		nfnl_close(nfnlh);
+	if (mnl_socket_bind(h->nl, 0, MNL_SOCKET_AUTOPID) < 0) {
+		mnl_socket_close(h->nl);
+		free(h);
+		return NULL;
+	}
+	h->portid = mnl_socket_get_portid(h->nl);
 
-	return qh;
+	/* fudges for nfnl_rcvbufsiz() */
+	h->nfnlh = &h->rump_nfnl_handle;
+	h->rump_nfnl_handle.fd = mnl_socket_get_fd(h->nl);
+
+	return h;
 }
 
 /**
@@ -502,7 +523,7 @@ int nfq_close(struct nfq_handle *h)
 EXPORT_SYMBOL
 int nfq_bind_pf(struct nfq_handle *h, uint16_t pf)
 {
-	return __build_send_cfg_msg(h, NFQNL_CFG_CMD_PF_BIND, 0, pf);
+	return 0;
 }
 
 /**
@@ -518,7 +539,7 @@ int nfq_bind_pf(struct nfq_handle *h, uint16_t pf)
 EXPORT_SYMBOL
 int nfq_unbind_pf(struct nfq_handle *h, uint16_t pf)
 {
-	return __build_send_cfg_msg(h, NFQNL_CFG_CMD_PF_UNBIND, 0, pf);
+	return 0;
 }
 
 
-- 
2.35.8

[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[Duncan Roe]

Hi Pablo,

This is the next one for parking as RFC. LMK if I should leave nfq_errno
(would only be set in 1 place now).

Cheers ... Duncan.

Duncan Roe (1):
  Convert nfq_create_queue(), nfq_bind_pf() & nfq_unbind_pf() to use
    libmnl

 .../libnetfilter_queue/libnetfilter_queue.h   |  4 +-
 src/libnetfilter_queue.c                      | 37 ++++++++-----------
 2 files changed, 17 insertions(+), 24 deletions(-)

-- 
2.35.8

[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[Duncan Roe]

Hi Pablo,

This is the next one for parking as RFC. LMK if I should leave nfq_errno
(would only be set in 1 place now).

Cheers ... Duncan.

Duncan Roe (1):
  Convert nfq_create_queue(), nfq_bind_pf() & nfq_unbind_pf() to use
    libmnl

 .../libnetfilter_queue/libnetfilter_queue.h   |  4 +-
 src/libnetfilter_queue.c                      | 37 ++++++++-----------
 2 files changed, 17 insertions(+), 24 deletions(-)

-- 
2.35.8