libnetfilter_log  1.0.1
libipulog_compat.c
1 #include <stdlib.h>
2 #include <stdio.h>
3 #include <string.h>
4 #include <unistd.h>
5 #include <sys/types.h>
6 #include <sys/socket.h>
7 #include <netinet/in.h>
8 #include <libnfnetlink/libnfnetlink.h>
9 #include <libnetfilter_log/libnetfilter_log.h>
10 #include <libnetfilter_log/libipulog.h>
11 
12 /* private */
13 #define PAYLOAD_SIZE 0xffff
14 
15 
17 {
18  struct nflog_handle *nfulh;
19  struct nflog_g_handle *nful_gh;
20  struct nlmsghdr *last_nlh;
21 #if 0
22  int fd;
23  uint8_t blocking;
24  struct sockaddr_nl local;
25  struct sockaddr_nl peer;
26 #endif
27  struct ulog_packet_msg upmsg; /* has to be last in structure */
28 };
29 
30 static const struct ipulog_errmap_t
31 {
32  int errcode;
33  const char *message;
34 } ipulog_errmap[] =
35 {
36  { IPULOG_ERR_NONE, "No error" },
37  { IPULOG_ERR_IMPL, "Not implemented yet" },
38  { IPULOG_ERR_HANDLE, "Unable to create netlink handle" },
39  { IPULOG_ERR_SOCKET, "Unable to create netlink socket" },
40  { IPULOG_ERR_BIND, "Unable to bind netlink socket" },
41  { IPULOG_ERR_RECVBUF, "Receive buffer size invalid" },
42  { IPULOG_ERR_RECV, "Error during netlink receive" },
43  { IPULOG_ERR_NLEOF, "Received EOF on netlink socket" },
44  { IPULOG_ERR_TRUNC, "Receive message truncated" },
45  { IPULOG_ERR_INVGR, "Invalid group specified" },
46  { IPULOG_ERR_INVNL, "Invalid netlink message" },
47 };
48 
49 /* obviously this only finds the highest group in the mask */
50 static unsigned int gmask2group(unsigned int gmask)
51 {
52  int bit;
53 
54  for (bit = sizeof(gmask)*4 -1; bit >= 0; bit--) {
55  if (gmask & (1 << bit))
56  return bit+1;
57  }
58  return 0;
59 }
60 
61 
62 
63 /* public */
64 
65 int ipulog_errno = IPULOG_ERR_NONE;
66 
67 const char *ipulog_strerror(int errcode)
68 {
69  if (errcode < 0 || errcode > IPULOG_MAXERR)
70  errcode = IPULOG_ERR_IMPL;
71  return ipulog_errmap[errcode].message;
72 }
73 
74 /* convert a netlink group (1-32) to a group_mask suitable for create_handle */
75 uint32_t ipulog_group2gmask(uint32_t group)
76 {
77  if (group < 1 || group > 32)
78  {
79  ipulog_errno = IPULOG_ERR_INVGR;
80  return 0;
81  }
82  return (1 << (group - 1));
83 }
84 
85 /* create a ipulog handle for the reception of packets sent to gmask */
86 struct ipulog_handle *ipulog_create_handle(uint32_t gmask,
87  uint32_t rcvbufsize)
88 {
89  int rv;
90  struct ipulog_handle *h;
91  unsigned int group = gmask2group(gmask);
92 
93  h = malloc(sizeof(*h)+PAYLOAD_SIZE);
94  if (! h) {
95  ipulog_errno = IPULOG_ERR_HANDLE;
96  return NULL;
97  }
98  memset(h, 0, sizeof(*h));
99  h->nfulh = nflog_open();
100  if (!h->nfulh)
101  goto out_free;
102 
103  /* bind_pf returns EEXIST if we are already registered */
104  rv = nflog_bind_pf(h->nfulh, AF_INET);
105  if (rv < 0 && rv != -EEXIST)
106  goto out_free;
107 
108  h->nful_gh = nflog_bind_group(h->nfulh, group);
109  if (!h->nful_gh)
110  goto out_free;
111 
112  return h;
113 
114 out_free:
115  ipulog_errno = IPULOG_ERR_HANDLE;
116  free(h);
117  return NULL;
118 }
119 
120 void ipulog_destroy_handle(struct ipulog_handle *h)
121 {
122  nflog_unbind_group(h->nful_gh);
123  nflog_close(h->nfulh);
124  free(h);
125 }
126 
127 ulog_packet_msg_t *ipulog_get_packet(struct ipulog_handle *h,
128  const unsigned char *buf,
129  size_t len)
130 {
131  struct nlmsghdr *nlh;
132  struct nfattr *tb[NFULA_MAX];
133  struct nfulnl_msg_packet_hdr *hdr;
134 
135  if (!h->last_nlh) {
136  printf("first\n");
137  nlh = nfnl_get_msg_first(nflog_nfnlh(h->nfulh), buf, len);
138  }else {
139 next_msg: printf("next\n");
140  nlh = nfnl_get_msg_next(nflog_nfnlh(h->nfulh), buf, len);
141  }
142  h->last_nlh = nlh;
143 
144  if (!nlh)
145  return NULL;
146 
147  nfnl_parse_attr(tb, NFULA_MAX, NFM_NFA(NLMSG_DATA(nlh)),
148  NFM_PAYLOAD(nlh));
149 
150  if (!tb[NFULA_PACKET_HDR-1])
151  goto next_msg;
152 
153  /* now build the fake ulog_packet_msg */
154  hdr = NFA_DATA(tb[NFULA_PACKET_HDR-1]);
155  h->upmsg.hook = hdr->hook;
156 
157  if (tb[NFULA_MARK-1])
158  h->upmsg.mark = ntohl(*(uint32_t *)NFA_DATA(tb[NFULA_MARK-1]));
159  else
160  h->upmsg.mark = 0;
161 
162  if (tb[NFULA_TIMESTAMP]) {
163  /* FIXME: 64bit network-to-host */
164  h->upmsg.timestamp_sec = h->upmsg.timestamp_usec = 0;
165  } else
166  h->upmsg.timestamp_sec = h->upmsg.timestamp_usec = 0;
167 
168  if (tb[NFULA_IFINDEX_INDEV-1]) {
169  /* FIXME: ifindex lookup */
170  h->upmsg.indev_name[0] = '\0';
171  } else
172  h->upmsg.indev_name[0] = '\0';
173 
174  if (tb[NFULA_IFINDEX_OUTDEV-1]) {
175  /* FIXME: ifindex lookup */
176  h->upmsg.outdev_name[0] = '\0';
177  } else
178  h->upmsg.outdev_name[0] = '\0';
179 
180  if (tb[NFULA_HWADDR-1]) {
181  struct nfulnl_msg_packet_hw *phw = NFA_DATA(tb[NFULA_HWADDR-1]);
182  h->upmsg.mac_len = ntohs(phw->hw_addrlen);
183  memcpy(h->upmsg.mac, phw->hw_addr, 8);
184  } else
185  h->upmsg.mac_len = 0;
186 
187  if (tb[NFULA_PREFIX-1]) {
188  int plen = NFA_PAYLOAD(tb[NFULA_PREFIX-1]);
189  if (ULOG_PREFIX_LEN < plen)
190  plen = ULOG_PREFIX_LEN;
191  memcpy(h->upmsg.prefix, NFA_DATA(tb[NFULA_PREFIX-1]), plen);
192  h->upmsg.prefix[ULOG_PREFIX_LEN-1] = '\0';
193  }
194 
195  if (tb[NFULA_PAYLOAD-1]) {
196  memcpy(h->upmsg.payload, NFA_DATA(tb[NFULA_PAYLOAD-1]),
197  NFA_PAYLOAD(tb[NFULA_PAYLOAD-1]));
198  h->upmsg.data_len = NFA_PAYLOAD(tb[NFULA_PAYLOAD-1]);
199  } else
200  h->upmsg.data_len = 0;
201 
202  return &h->upmsg;
203 }
204 
205 ssize_t ipulog_read(struct ipulog_handle *h, unsigned char *buf,
206  size_t len, int timeout)
207 {
208  /* 'timeout' was never implemented in the original libipulog,
209  * so we don't bother emulating it */
210  return nfnl_recv(nflog_nfnlh(h->nfulh), buf, len);
211 }
212 
213 /* print a human readable description of the last error to stderr */
214 void ipulog_perror(const char *s)
215 {
216  if (s)
217  fputs(s, stderr);
218  else
219  fputs("ERROR", stderr);
220  if (ipulog_errno)
221  fprintf(stderr, ": %s", ipulog_strerror(ipulog_errno));
222  if (errno)
223  fprintf(stderr, ": %s", strerror(errno));
224  fputc('\n', stderr);
225 }
226 
struct nflog_handle * nflog_open(void)
struct nflog_g_handle * nflog_bind_group(struct nflog_handle *h, uint16_t num)
int nflog_bind_pf(struct nflog_handle *h, uint16_t pf)
int nflog_unbind_group(struct nflog_g_handle *gh)
int nflog_close(struct nflog_handle *h)