[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[Duncan Roe]

Hi Pablo,

This is the first step towards moving to 100% libmnl use.

AFAICS these 2 funtions just have to go otherwise we are stuck with
libnfnetlink for ever.

Cheers ... Duncan.

Duncan Roe (1):
  Retire 2 libnfnetlink-specific functions

 .gitignore                                      | 1 +
 include/libnetfilter_queue/libnetfilter_queue.h | 2 --
 src/libnetfilter_queue.c                        | 5 +++--
 3 files changed, 4 insertions(+), 4 deletions(-)

-- 
2.35.8

[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[Duncan Roe]

Hi Pablo,

We need this patch for mnl cut-over of nfnl API.
It's just an added function, should be fine to apply straight away(?)

Cheers ... Duncan.

Duncan Roe (1):
  src: Add nfq_nlmsg_put2() - header flags include NLM_F_ACK

 .../libnetfilter_queue/libnetfilter_queue.h   |  1 +
 src/nlmsg.c                                   | 72 ++++++++++++++++---
 2 files changed, 65 insertions(+), 8 deletions(-)

-- 
2.35.8

[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[Duncan Roe]

Hi Pablo,

Maybe park this one until mnl cut-over is complete(?)

Cheers ... Duncan.

Duncan Roe (1):
  Remove libnfnetlink from the build

 Make_global.am           | 2 +-
 configure.ac             | 1 -
 libnetfilter_queue.pc.in | 1 -
 src/Makefile.am          | 2 +-
 4 files changed, 2 insertions(+), 4 deletions(-)

-- 
2.35.8

[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[Duncan Roe]

Hi Pablo,

This patch enables nfqnl_test to run up to the line
> printf("binding this socket to queue '%d'\n", queue);
nfnl_rcvbufsiz() also succeeds.
https://patchwork.ozlabs.org/project/netfilter-devel/patch/20231110041604.11564-1-duncan_roe@optusnet.com.au/
nfqnl_test will crash if allowed to run further.

In nfq_open(), I renamed qh to h: it was just too annoying having the
nfq_handle called qh while everywhere else qh is a nfq_q_handle. Sorry if
that makes review harder.

For now I just made the obsolete functions nfq_{,un}bind_pf return 0. Can
do them properly later if you would prefer.

The patch is obviously not ready to apply yet so just for your review ATM.
Please suggest changes as you see fit.

Cheers ... Duncan.

Duncan Roe (1):
  Convert nfq_open(), nfq_bind_pf() & nfq_unbind_pf() to use libmnl

 doxygen/doxygen.cfg.in   |  1 +
 src/libnetfilter_queue.c | 43 ++++++++++++++++++++++++++++++----------
 2 files changed, 33 insertions(+), 11 deletions(-)

-- 
2.35.8

[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[Duncan Roe]

Hi Pablo,

This is the next one for parking as RFC. LMK if I should leave nfq_errno
(would only be set in 1 place now).

Cheers ... Duncan.

Duncan Roe (1):
  Convert nfq_create_queue(), nfq_bind_pf() & nfq_unbind_pf() to use
    libmnl

 .../libnetfilter_queue/libnetfilter_queue.h   |  4 +-
 src/libnetfilter_queue.c                      | 37 ++++++++-----------
 2 files changed, 17 insertions(+), 24 deletions(-)

-- 
2.35.8

[PATCH libnetfilter_queue 1/1] Convert nfq_create_queue(), nfq_bind_pf() & nfq_unbind_pf() to use libmnl

[Duncan Roe]

Also remove nfq_errno (incomplete project, never documented).

Main change is to static function __build_send_cfg_msg(). After doing that,
I reinstated nfq_bind_pf() & nfq_unbind_pf() to do what the doc claims
rather than simply returning zero.

Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
---
 .../libnetfilter_queue/libnetfilter_queue.h   |  4 +-
 src/libnetfilter_queue.c                      | 37 ++++++++-----------
 2 files changed, 17 insertions(+), 24 deletions(-)

diff --git a/include/libnetfilter_queue/libnetfilter_queue.h b/include/libnetfilter_queue/libnetfilter_queue.h
index f254984..9b54489 100644
--- a/include/libnetfilter_queue/libnetfilter_queue.h
+++ b/include/libnetfilter_queue/libnetfilter_queue.h
@@ -18,6 +18,8 @@
 
 #include <libnetfilter_queue/linux_nfnetlink_queue.h>
 
+#define NFQ_BUFFSIZE 8192
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -26,8 +28,6 @@ struct nfq_handle;
 struct nfq_q_handle;
 struct nfq_data;
 
-extern int nfq_errno;
-
 extern struct nfnl_handle *nfq_nfnlh(struct nfq_handle *h);
 extern int nfq_fd(struct nfq_handle *h);
 
diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c
index ca44a6c..73969ce 100644
--- a/src/libnetfilter_queue.c
+++ b/src/libnetfilter_queue.c
@@ -166,8 +166,6 @@ struct nfq_data {
 	struct nfattr **data;
 };
 
-EXPORT_SYMBOL int nfq_errno;
-
 /***********************************************************************
  * low level stuff
  ***********************************************************************/
@@ -210,22 +208,20 @@ static struct nfq_q_handle *find_qh(struct nfq_handle *h, uint16_t id)
 __build_send_cfg_msg(struct nfq_handle *h, uint8_t command,
 		uint16_t queuenum, uint16_t pf)
 {
-	union {
-		char buf[NFNL_HEADER_LEN
-			+NFA_LENGTH(sizeof(struct nfqnl_msg_config_cmd))];
-		struct nlmsghdr nmh;
-	} u;
-	struct nfqnl_msg_config_cmd cmd;
+	char buf[NFQ_BUFFSIZE];
+	struct nlmsghdr *nlh;
+	int ret;
 
-	nfnl_fill_hdr(h->nfnlssh, &u.nmh, 0, AF_UNSPEC, queuenum,
-			NFQNL_MSG_CONFIG, NLM_F_REQUEST|NLM_F_ACK);
+	nlh = nfq_nlmsg_put2(buf, NFQNL_MSG_CONFIG, queuenum, NLM_F_ACK);
 
-	cmd._pad = 0;
-	cmd.command = command;
-	cmd.pf = htons(pf);
-	nfnl_addattr_l(&u.nmh, sizeof(u), NFQA_CFG_CMD, &cmd, sizeof(cmd));
+	nfq_nlmsg_cfg_put_cmd(nlh, AF_UNSPEC, command);
 
-	return nfnl_query(h->nfnlh, &u.nmh);
+	ret = mnl_socket_sendto(h->nl, nlh, nlh->nlmsg_len);
+	if (ret != -1)
+		ret = mnl_socket_recvfrom(h->nl, buf, sizeof(buf));
+	if (ret != -1)
+		ret = mnl_cb_run(buf, ret, 0, h->portid, NULL, NULL);
+	return ret;
 }
 
 static int __nfq_rcv_pkt(struct nlmsghdr *nlh, struct nfattr *nfa[],
@@ -453,15 +449,13 @@ struct nfq_handle *nfq_open_nfnl(struct nfnl_handle *nfnlh)
 
 	h->nfnlssh = nfnl_subsys_open(h->nfnlh, NFNL_SUBSYS_QUEUE,
 				      NFQNL_MSG_MAX, 0);
-	if (!h->nfnlssh) {
-		/* FIXME: nfq_errno */
+	if (!h->nfnlssh)
 		goto out_free;
-	}
+// THIS IS nfq_open_nfnl() - ENTIRE FUNCTION WILL BE REMOVED EVENTUALLY
 
 	pkt_cb.data = h;
 	err = nfnl_callback_register(h->nfnlssh, NFQNL_MSG_PACKET, &pkt_cb);
 	if (err < 0) {
-		nfq_errno = err;
 		goto out_close;
 	}
 
@@ -523,7 +517,7 @@ int nfq_close(struct nfq_handle *h)
 EXPORT_SYMBOL
 int nfq_bind_pf(struct nfq_handle *h, uint16_t pf)
 {
-	return 0;
+	return __build_send_cfg_msg(h, NFQNL_CFG_CMD_PF_BIND, 0, pf);
 }
 
 /**
@@ -539,7 +533,7 @@ int nfq_bind_pf(struct nfq_handle *h, uint16_t pf)
 EXPORT_SYMBOL
 int nfq_unbind_pf(struct nfq_handle *h, uint16_t pf)
 {
-	return 0;
+	return __build_send_cfg_msg(h, NFQNL_CFG_CMD_PF_UNBIND, 0, pf);
 }
 
 
@@ -606,7 +600,6 @@ struct nfq_q_handle *nfq_create_queue(struct nfq_handle *h, uint16_t num,
 
 	ret = __build_send_cfg_msg(h, NFQNL_CFG_CMD_BIND, num, 0);
 	if (ret < 0) {
-		nfq_errno = ret;
 		free(qh);
 		return NULL;
 	}
-- 
2.35.8

[PATCH libnetfilter_queue 0/1] libnfnetlink dependency elimination

[Duncan Roe]

Hi Pablo,

This is the next one for parking as RFC. LMK if I should leave nfq_errno
(would only be set in 1 place now).

Cheers ... Duncan.

Duncan Roe (1):
  Convert nfq_create_queue(), nfq_bind_pf() & nfq_unbind_pf() to use
    libmnl

 .../libnetfilter_queue/libnetfilter_queue.h   |  4 +-
 src/libnetfilter_queue.c                      | 37 ++++++++-----------
 2 files changed, 17 insertions(+), 24 deletions(-)

-- 
2.35.8