From: Duncan Roe <duncan_roe@optusnet.com.au>
To: pablo@netfilter.org
Cc: netfilter-devel@vger.kernel.org
Subject: [PATCH libnetfilter_queue 01/32] src: Convert nfq_open() to use libmnl
Date: Fri, 15 Mar 2024 18:33:16 +1100 [thread overview]
Message-ID: <20240315073347.22628-2-duncan_roe@optusnet.com.au> (raw)
In-Reply-To: <ZcyaQvJ1SvnYgakf@calendula>
Add copies of nfnl_handle, nfnl_subsys_handle & mnl_socket to
libnetfilter_queue.c. After calling mnl_socket_open() & mnl_socket_bind(),
it fills in the libnfnetlink structs as if nfnl_open() had been called.
The rest of the system still uses libnfnetlink functions but they keep
working.
Where possible, code is copied exactly from libnfnetlink. checkpatch
warns about space before tabs but these warnings are addressed in a
later commit.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
---
doxygen/doxygen.cfg.in | 3 ++
src/libnetfilter_queue.c | 88 ++++++++++++++++++++++++++++++++++++----
2 files changed, 82 insertions(+), 9 deletions(-)
diff --git a/doxygen/doxygen.cfg.in b/doxygen/doxygen.cfg.in
index 97174ff..6dd7017 100644
--- a/doxygen/doxygen.cfg.in
+++ b/doxygen/doxygen.cfg.in
@@ -13,6 +13,9 @@ EXCLUDE_SYMBOLS = EXPORT_SYMBOL \
nfq_handle \
nfq_data \
nfq_q_handle \
+ nfnl_handle \
+ nfnl_subsys_handle \
+ mnl_socket \
tcp_flag_word
EXAMPLE_PATTERNS =
INPUT_FILTER = "sed 's/EXPORT_SYMBOL//g'"
diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c
index bf67a19..2aba68d 100644
--- a/src/libnetfilter_queue.c
+++ b/src/libnetfilter_queue.c
@@ -31,6 +31,7 @@
#include <sys/socket.h>
#include <linux/netfilter/nfnetlink_queue.h>
+#include <libmnl/libmnl.h>
#include <libnfnetlink/libnfnetlink.h>
#include <libnetfilter_queue/libnetfilter_queue.h>
#include "internal.h"
@@ -134,11 +135,43 @@ gcc -g3 -ggdb -Wall -lmnl -lnetfilter_queue -o nf-queue nf-queue.c
* burst
*/
+/* Copy of private libnfnetlink structures */
+
+#define NFNL_MAX_SUBSYS 16
+
+struct nfnl_subsys_handle {
+ struct nfnl_handle *nfnlh;
+ uint32_t subscriptions;
+ uint8_t subsys_id;
+ uint8_t cb_count;
+ struct nfnl_callback *cb; /* array of callbacks */
+};
+
+struct nfnl_handle {
+ int fd;
+ struct sockaddr_nl local;
+ struct sockaddr_nl peer;
+ uint32_t subscriptions;
+ uint32_t seq;
+ uint32_t dump;
+ uint32_t rcv_buffer_size; /* for nfnl_catch */
+ uint32_t flags;
+ struct nlmsghdr *last_nlhdr;
+ struct nfnl_subsys_handle subsys[NFNL_MAX_SUBSYS+1];
+};
+
+/* Copy of private libmnl structure */
+struct mnl_socket {
+ int fd;
+ struct sockaddr_nl addr;
+};
+
struct nfq_handle
{
struct nfnl_handle *nfnlh;
struct nfnl_subsys_handle *nfnlssh;
struct nfq_q_handle *qh_list;
+ struct mnl_socket *nl;
};
struct nfq_q_handle
@@ -383,20 +416,57 @@ int nfq_fd(struct nfq_handle *h)
EXPORT_SYMBOL
struct nfq_handle *nfq_open(void)
{
- struct nfnl_handle *nfnlh = nfnl_open();
- struct nfq_handle *qh;
+ struct nfnl_callback pkt_cb = {
+ .call = __nfq_rcv_pkt,
+ .attr_count = NFQA_MAX,
+ };
+ struct nfq_handle *h = malloc(sizeof(*h));
- if (!nfnlh)
+ if (!h)
return NULL;
+ memset(h, 0, sizeof(*h));
- /* unset netlink sequence tracking by default */
- nfnl_unset_sequence_tracking(nfnlh);
+ h->nfnlh = malloc(sizeof(*h->nfnlh));
+ if (!h->nfnlh)
+ goto err_free;
+ memset(h->nfnlh, 0, sizeof(*h->nfnlh));
+
+ h->nl = mnl_socket_open(NETLINK_NETFILTER);
+ if (!h->nl)
+ goto err_free2;
+
+ if (mnl_socket_bind(h->nl, 0, MNL_SOCKET_AUTOPID) < 0)
+ goto err_close;
+
+ /* Fill in nfnl handle */
+ h->nfnlh->fd = h->nl->fd;
+ h->nfnlh->local = h->nl->addr;
+ h->nfnlh->peer.nl_family = AF_NETLINK;
+ //h->nfnlh->seq = time(NULL);
+ h->nfnlh->rcv_buffer_size = NFNL_BUFFSIZE;
+
+ /* Fill in nfnl subsys handle with code adapted from libnfnetlink */
+ h->nfnlssh = &h->nfnlh->subsys[NFNL_SUBSYS_QUEUE];
+ h->nfnlssh->cb = calloc(NFQNL_MSG_MAX, sizeof(*(h->nfnlssh->cb)));
+ if (!h->nfnlssh->cb)
+ goto err_close;
+
+ h->nfnlssh->nfnlh = h->nfnlh;
+ h->nfnlssh->cb_count = NFQNL_MSG_MAX;
+ h->nfnlssh->subscriptions = 0;
+ h->nfnlssh->subsys_id = NFNL_SUBSYS_QUEUE;
+ pkt_cb.data = h;
+ memcpy(&h->nfnlssh->cb[NFQNL_MSG_PACKET], &pkt_cb, sizeof(pkt_cb));
- qh = nfq_open_nfnl(nfnlh);
- if (!qh)
- nfnl_close(nfnlh);
+ return h;
- return qh;
+err_close:
+ mnl_socket_close(h->nl);
+err_free2:
+ free(h->nfnlh);
+err_free:
+ free(h);
+ return NULL;
}
/**
--
2.35.8
next prev parent reply other threads:[~2024-03-15 7:33 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-13 21:07 [PATCH libnetfilter_queue 0/1] Convert libnetfilter_queue to use entirely libmnl functions Duncan Roe
2024-02-13 21:07 ` [PATCH libnetfilter_queue 1/1] " Duncan Roe
2024-02-14 10:47 ` Pablo Neira Ayuso
2024-02-16 1:41 ` Duncan Roe
2024-02-19 2:27 ` Duncan Roe
2024-03-19 23:58 ` [PATCH libnetfilter_queue 00/32] Convert libnetfilter_queue to not need libnfnetlink Duncan Roe
2024-03-15 7:33 ` Duncan Roe
2024-03-15 7:33 ` Duncan Roe [this message]
2024-03-15 7:33 ` [PATCH libnetfilter_queue 02/32] src: Convert nfq_open_nfnl() to use libmnl Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 03/32] src: Convert nfq_close() " Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 04/32] src: Convert nfq_create_queue(), nfq_bind_pf() & nfq_unbind_pf() " Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 05/32] src: Convert nfq_set_queue_flags() & nfq_set_queue_maxlen() " Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 06/32] src: Convert nfq_handle_packet(), nfq_get_secctx(), nfq_get_payload() and all the nfq_get_ functions " Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 07/32] src: Convert nfq_set_verdict() and nfq_set_verdict2() to use libmnl if there is no data Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 08/32] src: Incorporate nfnl_rcvbufsiz() in libnetfilter_queue Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 09/32] src: Convert nfq_fd() to use libmnl Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 10/32] src: Convert remaining nfq_* functions " Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 11/32] src: Fix checkpatch whitespace and block comment warnings Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 12/32] src: Copy nlif-related code from libnfnetlink Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 13/32] include: Cherry-pick macros and functions that nlif will need Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 14/32] doc: Add linux_list.h to the doxygen system Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 15/32] doc: Eliminate doxygen warnings from linux_list.h Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 16/32] doc: Eliminate doxygen warnings from iftable.c Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 17/32] whitespace: remove trailing spaces " Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 18/32] include: Use libmnl.h instead of libnfnetlink.h Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 19/32] src: Convert all nlif_* functions to use libmnl Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 20/32] src: Delete rtnl.c Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 21/32] build: Remove libnfnetlink from the build Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 22/32] include: Remove the last remaining use of a libnfnetlink header Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 23/32] doc: Get doxygen to document useful static inline functions Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 24/32] doc: SYNOPSIS of linux_list.h nominates libnetfilter_queue/libnetfilter_queue.h Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 25/32] doc: Move nlif usage description from libnetfilter_queue.c to iftable.c Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 26/32] build: Shave some time off build Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 27/32] doc: Resolve most issues with man page generated from linux_list.h Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 28/32] build: Get real & user times back to what they were Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 29/32] doc: Cater for doxygen variants w.r.t. #define stmts Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 30/32] doc: Fix list_empty() doxygen comments Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 31/32] src: Use a cast in place of convoluted construct Duncan Roe
2024-03-15 7:33 ` [PATCH libnetfilter_queue 32/32] whitespace: Fix more checkpatch errors & warnings Duncan Roe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240315073347.22628-2-duncan_roe@optusnet.com.au \
--to=duncan_roe@optusnet.com.au \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).