libnl  3.5.0
nf-queue.c
1 /* SPDX-License-Identifier: LGPL-2.1-only */
2 /*
3  * src/nf-queue.c Monitor netfilter queue events
4  *
5  * This library is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU Lesser General Public
7  * License as published by the Free Software Foundation version 2.1
8  * of the License.
9  *
10  * Copyright (c) 2007, 2008 Patrick McHardy <kaber@trash.net>
11  * Copyright (c) 2010 Karl Hiramoto <karl@hiramoto.org>
12  */
13 
14 
15 #include <netlink/cli/utils.h>
16 #include <netlink/cli/link.h>
17 #include <netinet/in.h>
18 #include <linux/netfilter.h>
19 #include <linux/netfilter/nfnetlink_queue.h>
20 #include <netlink/netfilter/nfnl.h>
21 #include <netlink/netfilter/queue.h>
22 #include <netlink/netfilter/queue_msg.h>
23 
24 #include <linux/netlink.h>
25 
26 static struct nl_sock *nf_sock;
27 
28 static struct nfnl_queue *alloc_queue(void)
29 {
30  struct nfnl_queue *queue;
31 
32  queue = nfnl_queue_alloc();
33  if (!queue)
34  nl_cli_fatal(ENOMEM, "Unable to allocate queue object");
35 
36  return queue;
37 }
38 
39 
40 static void obj_input(struct nl_object *obj, void *arg)
41 {
42  struct nfnl_queue_msg *msg = (struct nfnl_queue_msg *) obj;
43  struct nl_dump_params dp = {
45  .dp_fd = stdout,
46  .dp_dump_msgtype = 1,
47  };
48 
49  nfnl_queue_msg_set_verdict(msg, NF_ACCEPT);
50  nl_object_dump(obj, &dp);
51  nfnl_queue_msg_send_verdict(nf_sock, msg);
52 }
53 
54 static int event_input(struct nl_msg *msg, void *arg)
55 {
56  if (nl_msg_parse(msg, &obj_input, NULL) < 0)
57  fprintf(stderr, "<<EVENT>> Unknown message type\n");
58 
59  /* Exit nl_recvmsgs_def() and return to the main select() */
60  return NL_STOP;
61 }
62 
63 int main(int argc, char *argv[])
64 {
65  struct nl_sock *rt_sock;
66  struct nfnl_queue *queue;
67  int copy_mode;
68  uint32_t copy_range;
69  int err = 1;
70  int family;
71 
72  nf_sock = nfnl_queue_socket_alloc();
73  if (nf_sock == NULL)
74  nl_cli_fatal(ENOBUFS, "Unable to allocate netlink socket");
75 
77  nl_socket_modify_cb(nf_sock, NL_CB_VALID, NL_CB_CUSTOM, event_input, NULL);
78 
79  if ((argc > 1 && !strcasecmp(argv[1], "-h")) || argc < 3) {
80  printf("Usage: nf-queue family group [ copy_mode ] "
81  "[ copy_range ]\n");
82  printf("family: [ inet | inet6 | ... ] \n");
83  printf("group: the --queue-num arg that you gave to iptables\n");
84  printf("copy_mode: [ none | meta | packet ] \n");
85  return 2;
86  }
87 
88  nl_cli_connect(nf_sock, NETLINK_NETFILTER);
89 
90  if ((family = nl_str2af(argv[1])) == AF_UNSPEC)
91  nl_cli_fatal(NLE_INVAL, "Unknown family \"%s\"", argv[1]);
92 
93  nfnl_queue_pf_unbind(nf_sock, family);
94  if ((err = nfnl_queue_pf_bind(nf_sock, family)) < 0)
95  nl_cli_fatal(err, "Unable to bind logger: %s",
96  nl_geterror(err));
97 
98  queue = alloc_queue();
99  nfnl_queue_set_group(queue, atoi(argv[2]));
100 
101  copy_mode = NFNL_QUEUE_COPY_PACKET;
102  if (argc > 3) {
103  copy_mode = nfnl_queue_str2copy_mode(argv[3]);
104  if (copy_mode < 0)
105  nl_cli_fatal(copy_mode,
106  "Unable to parse copy mode \"%s\": %s",
107  argv[3], nl_geterror(copy_mode));
108  }
109  nfnl_queue_set_copy_mode(queue, copy_mode);
110 
111  copy_range = 0xFFFF;
112  if (argc > 4)
113  copy_range = atoi(argv[4]);
114  nfnl_queue_set_copy_range(queue, copy_range);
115 
116  if ((err = nfnl_queue_create(nf_sock, queue)) < 0)
117  nl_cli_fatal(err, "Unable to bind queue: %s", nl_geterror(err));
118 
119  rt_sock = nl_cli_alloc_socket();
120  nl_cli_connect(rt_sock, NETLINK_ROUTE);
121  nl_cli_link_alloc_cache(rt_sock);
122 
123  nl_socket_set_buffer_size(nf_sock, 1024*127, 1024*127);
124 
125  while (1) {
126  fd_set rfds;
127  int nffd, rtfd, maxfd, retval;
128 
129  FD_ZERO(&rfds);
130 
131  maxfd = nffd = nl_socket_get_fd(nf_sock);
132  FD_SET(nffd, &rfds);
133 
134  rtfd = nl_socket_get_fd(rt_sock);
135  FD_SET(rtfd, &rfds);
136  if (maxfd < rtfd)
137  maxfd = rtfd;
138 
139  /* wait for an incoming message on the netlink socket */
140  retval = select(maxfd+1, &rfds, NULL, NULL, NULL);
141 
142  if (retval) {
143  if (FD_ISSET(nffd, &rfds))
144  nl_recvmsgs_default(nf_sock);
145  if (FD_ISSET(rtfd, &rfds))
146  nl_recvmsgs_default(rt_sock);
147  }
148  }
149 
150  return 0;
151 }
Customized handler specified by the user.
Definition: handlers.h:83
int nl_socket_get_fd(const struct nl_sock *sk)
Return the file descriptor of the backing socket.
Definition: socket.c:584
enum nl_dump_type dp_type
Specifies the type of dump that is requested.
Definition: types.h:38
Stop parsing altogether and discard remaining messages.
Definition: handlers.h:68
int nl_socket_modify_cb(struct nl_sock *sk, enum nl_cb_type type, enum nl_cb_kind kind, nl_recvmsg_msg_cb_t func, void *arg)
Modify the callback handler associated with the socket.
Definition: socket.c:771
void nl_object_dump(struct nl_object *obj, struct nl_dump_params *params)
Dump this object according to the specified parameters.
Definition: object.c:289
void nl_socket_disable_seq_check(struct nl_sock *sk)
Disable sequence number checking.
Definition: socket.c:283
int nl_recvmsgs_default(struct nl_sock *sk)
Receive a set of message from a netlink socket using handlers in nl_sock.
Definition: nl.c:1094
Message is valid.
Definition: handlers.h:95
void nl_cli_fatal(int err, const char *fmt,...)
Print error message and quit application.
Definition: utils.c:78
Dumping parameters.
Definition: types.h:33
int nl_socket_set_buffer_size(struct nl_sock *sk, int rxbuf, int txbuf)
Set socket buffer size of netlink socket.
Definition: socket.c:813
Dump all attributes including statistics.
Definition: types.h:24