netfilter
firewalling, NAT, and packet mangling for linux
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Modules Pages
Group handling

Once libnetfilter_log library has been initialised (See LibrarySetup), it is possible to bind the program to a specific group. More...

Functions

int nflog_fd (struct nflog_handle *h)
 nflog_fd - get the file descriptor associated with the nflog handler More...
 
struct nflog_g_handlenflog_bind_group (struct nflog_handle *h, u_int16_t num)
 nflog_bind_group - bind a new handle to a specific group number. More...
 
int nflog_unbind_group (struct nflog_g_handle *gh)
 nflog_unbind_group - unbind a group handle. More...
 
int nflog_set_mode (struct nflog_g_handle *gh, u_int8_t mode, u_int32_t range)
 nflog_set_mode - set the amount of packet data that nflog copies to userspace More...
 
int nflog_set_timeout (struct nflog_g_handle *gh, u_int32_t timeout)
 nflog_set_timeout - set the maximum time to push log buffer for this group More...
 
int nflog_set_qthresh (struct nflog_g_handle *gh, u_int32_t qthresh)
 nflog_set_qthresh - set the maximum amount of logs in buffer for this group More...
 
int nflog_set_nlbufsiz (struct nflog_g_handle *gh, u_int32_t nlbufsiz)
 nflog_set_nlbufsiz - set the size of the nflog buffer for this group More...
 
int nflog_set_flags (struct nflog_g_handle *gh, u_int16_t flags)
 nflog_set_flags - set the nflog flags for this group More...
 

Detailed Description

Once libnetfilter_log library has been initialised (See LibrarySetup), it is possible to bind the program to a specific group.

This can be done using nflog_bind_group().

The group can then be tuned via nflog_set_mode() among many others.

Here's a little code snippet that binds to the group 100:

    printf("binding this socket to group 0\n");
    qh = nflog_bind_group(h, 0);
    if (!qh) {
        fprintf(stderr, "no handle for grup 0\n");
        exit(1);
    }

    printf("setting copy_packet mode\n");
    if (nflog_set_mode(qh, NFULNL_COPY_PACKET, 0xffff) < 0) {
        fprintf(stderr, "can't set packet copy mode\n");
        exit(1);
    }

Next step is the handling of incoming packets which can be done via a loop:

    fd = nflog_fd(h);

    while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
        printf("pkt received (len=%u)\n", rv);
        nflog_handle_packet(h, buf, rv);
    }

Data and information about the packet can be fetch by using message parsing functions (See Parsing).

Function Documentation

struct nflog_g_handle* nflog_bind_group ( struct nflog_handle h,
u_int16_t  num 
)

nflog_bind_group - bind a new handle to a specific group number.

Parameters
hNetfilter log handle obtained via call to nflog_open()
numthe number of the group to bind to
Returns
a nflog_g_handle pointing to the newly created group

References nflog_g_handle::h, nflog_g_handle::id, NFULNL_CFG_CMD_BIND, and NULL.

Referenced by ipulog_create_handle(), and main().

Here is the caller graph for this function:

int nflog_fd ( struct nflog_handle h)

nflog_fd - get the file descriptor associated with the nflog handler

Parameters
loghandler obtained via call to nflog_open()
Returns
a file descriptor for the netlink connection associated with the given log connection handle. The file descriptor can then be used for receiving the logged packets for processing.

This function returns a file descriptor that can be used for communication over the netlink connection associated with the given log connection handle.

References nflog_nfnlh(), and nfnl_fd().

Referenced by main().

Here is the call graph for this function:

Here is the caller graph for this function:

int nflog_set_flags ( struct nflog_g_handle gh,
u_int16_t  flags 
)

nflog_set_flags - set the nflog flags for this group

Parameters
ghNetfilter log handle obtained by call to nflog_bind_group().
flagsFlags that you want to set

There are two existing flags:

  • NFULNL_CFG_F_SEQ: This enables local nflog sequence numbering.
  • NFULNL_CFG_F_SEQ_GLOBAL: This enables global nflog sequence numbering.
Returns
-1 in case of error and errno is explicity set.

References buf, nflog_g_handle::h, nflog_g_handle::id, NFA_LENGTH, nfnl_addattr16(), nfnl_fill_hdr(), NFNL_HEADER_LEN, nfnl_query(), nflog_handle::nfnlh, nflog_handle::nfnlssh, NFULA_CFG_FLAGS, NFULNL_MSG_CONFIG, NLM_F_ACK, and NLM_F_REQUEST.

Here is the call graph for this function:

int nflog_set_mode ( struct nflog_g_handle gh,
u_int8_t  mode,
u_int32_t  range 
)

nflog_set_mode - set the amount of packet data that nflog copies to userspace

Parameters
qhNetfilter log handle obtained by call to nflog_bind_group().
modethe part of the packet that we are interested in
rangesize of the packet that we want to get

Sets the amount of data to be copied to userspace for each packet logged to the given group.

  • NFULNL_COPY_NONE - do not copy any data
  • NFULNL_COPY_META - copy only packet metadata
  • NFULNL_COPY_PACKET - copy entire packet
Returns
-1 on error; >= otherwise.

References buf, nfulnl_msg_config_mode::copy_mode, nfulnl_msg_config_mode::copy_range, nflog_g_handle::h, nflog_g_handle::id, NFA_LENGTH, nfnl_addattr_l(), nfnl_fill_hdr(), NFNL_HEADER_LEN, nfnl_query(), nflog_handle::nfnlh, nflog_handle::nfnlssh, NFULA_CFG_MODE, NFULNL_MSG_CONFIG, NLM_F_ACK, and NLM_F_REQUEST.

Here is the call graph for this function:

int nflog_set_nlbufsiz ( struct nflog_g_handle gh,
u_int32_t  nlbufsiz 
)

nflog_set_nlbufsiz - set the size of the nflog buffer for this group

Parameters
ghNetfilter log handle obtained by call to nflog_bind_group().
nlbufsizSize of the nflog buffer

This function sets the size (in bytes) of the buffer that is used to stack log messages in nflog.

NOTE: The use of this function is strongly discouraged. The default buffer size (which is one memory page) provides the optimum results in terms of performance. Do not use this function in your applications.

Returns
-1 in case of error and errno is explicity set.

References buf, nflog_g_handle::h, nflog_g_handle::id, NFA_LENGTH, nfnl_addattr32(), nfnl_fill_hdr(), NFNL_HEADER_LEN, nfnl_query(), nfnl_rcvbufsiz(), nflog_handle::nfnlh, nflog_handle::nfnlssh, NFULA_CFG_NLBUFSIZ, NFULNL_MSG_CONFIG, NLM_F_ACK, and NLM_F_REQUEST.

Here is the call graph for this function:

int nflog_set_qthresh ( struct nflog_g_handle gh,
u_int32_t  qthresh 
)

nflog_set_qthresh - set the maximum amount of logs in buffer for this group

Parameters
ghNetfilter log handle obtained by call to nflog_bind_group().
qthreshMaximum number of log entries

This function determines the maximum number of log entries in the buffer until it is pushed to userspace.

Returns
-1 in case of error and errno is explicity set.

References buf, nflog_g_handle::h, nflog_g_handle::id, NFA_LENGTH, nfnl_addattr32(), nfnl_fill_hdr(), NFNL_HEADER_LEN, nfnl_query(), nflog_handle::nfnlh, nflog_handle::nfnlssh, NFULA_CFG_QTHRESH, NFULNL_MSG_CONFIG, NLM_F_ACK, and NLM_F_REQUEST.

Here is the call graph for this function:

int nflog_set_timeout ( struct nflog_g_handle gh,
u_int32_t  timeout 
)

nflog_set_timeout - set the maximum time to push log buffer for this group

Parameters
ghNetfilter log handle obtained by call to nflog_bind_group().
timeoutTime to wait until the log buffer is pushed to userspace

This function allows to set the maximum time that nflog waits until it pushes the log buffer to userspace if no new logged packets have occured. Basically, nflog implements a buffer to reduce the computational cost of delivering the log message to userspace.

Returns
-1 in case of error and errno is explicity set.

References buf, nflog_g_handle::h, nflog_g_handle::id, NFA_LENGTH, nfnl_addattr32(), nfnl_fill_hdr(), NFNL_HEADER_LEN, nfnl_query(), nflog_handle::nfnlh, nflog_handle::nfnlssh, NFULA_CFG_TIMEOUT, NFULNL_MSG_CONFIG, NLM_F_ACK, and NLM_F_REQUEST.

Here is the call graph for this function:

int nflog_unbind_group ( struct nflog_g_handle gh)

nflog_unbind_group - unbind a group handle.

Parameters
ghNetfilter log group handle obtained via nflog_bind_group()
Returns
-1 in case of error and errno is explicity in case of error.

References nflog_g_handle::h, nflog_g_handle::id, and NFULNL_CFG_CMD_UNBIND.

Referenced by ipulog_destroy_handle(), and main().

Here is the caller graph for this function: