Group handling

Once libnetfilter_log library has been initialised (See LibrarySetup), it is possible to bind the program to a specific group. More...

Functions
int	nflog_fd (struct nflog_handle *h)
	nflog_fd - get the file descriptor associated with the nflog handler More...
struct nflog_g_handle *	nflog_bind_group (struct nflog_handle *h, u_int16_t num)
	nflog_bind_group - bind a new handle to a specific group number. More...
int	nflog_unbind_group (struct nflog_g_handle *gh)
	nflog_unbind_group - unbind a group handle. More...
int	nflog_set_mode (struct nflog_g_handle *gh, u_int8_t mode, u_int32_t range)
	nflog_set_mode - set the amount of packet data that nflog copies to userspace More...
int	nflog_set_timeout (struct nflog_g_handle *gh, u_int32_t timeout)
	nflog_set_timeout - set the maximum time to push log buffer for this group More...
int	nflog_set_qthresh (struct nflog_g_handle *gh, u_int32_t qthresh)
	nflog_set_qthresh - set the maximum amount of logs in buffer for this group More...
int	nflog_set_nlbufsiz (struct nflog_g_handle *gh, u_int32_t nlbufsiz)
	nflog_set_nlbufsiz - set the size of the nflog buffer for this group More...
int	nflog_set_flags (struct nflog_g_handle *gh, u_int16_t flags)
	nflog_set_flags - set the nflog flags for this group More...

Detailed Description

Once libnetfilter_log library has been initialised (See LibrarySetup), it is possible to bind the program to a specific group.

This can be done using nflog_bind_group().

The group can then be tuned via nflog_set_mode() among many others.

Here's a little code snippet that binds to the group 100:

    printf("binding this socket to group 0\n");
    qh = nflog_bind_group(h, 0);
    if (!qh) {
        fprintf(stderr, "no handle for grup 0\n");
        exit(1);
    }

    printf("setting copy_packet mode\n");
    if (nflog_set_mode(qh, NFULNL_COPY_PACKET, 0xffff) < 0) {
        fprintf(stderr, "can't set packet copy mode\n");
        exit(1);
    }

Next step is the handling of incoming packets which can be done via a loop:

    fd = nflog_fd(h);

    while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
        printf("pkt received (len=%u)\n", rv);
        nflog_handle_packet(h, buf, rv);
    }

Data and information about the packet can be fetch by using message parsing functions (See Parsing).

Function Documentation

struct nflog_g_handle* nflog_bind_group	(	struct nflog_handle *	h,
		u_int16_t	num
	)

nflog_bind_group - bind a new handle to a specific group number.

Parameters

h	Netfilter log handle obtained via call to nflog_open()
num	the number of the group to bind to

Returns

a nflog_g_handle pointing to the newly created group

References nflog_g_handle::h, nflog_g_handle::id, NFULNL_CFG_CMD_BIND, and NULL.

Referenced by ipulog_create_handle(), and main().

Here is the caller graph for this function:

int nflog_fd

(

struct nflog_handle *

h

)

nflog_fd - get the file descriptor associated with the nflog handler

Parameters

log	handler obtained via call to nflog_open()

Returns

a file descriptor for the netlink connection associated with the given log connection handle. The file descriptor can then be used for receiving the logged packets for processing.

This function returns a file descriptor that can be used for communication over the netlink connection associated with the given log connection handle.

References nflog_nfnlh(), and nfnl_fd().

Referenced by main().

Here is the call graph for this function:

Here is the caller graph for this function:

int nflog_set_flags	(	struct nflog_g_handle *	gh,
		u_int16_t	flags
	)

nflog_set_flags - set the nflog flags for this group

Parameters

gh	Netfilter log handle obtained by call to nflog_bind_group().
flags	Flags that you want to set

There are two existing flags:

• NFULNL_CFG_F_SEQ: This enables local nflog sequence numbering.
• NFULNL_CFG_F_SEQ_GLOBAL: This enables global nflog sequence numbering.

Returns

-1 in case of error and errno is explicity set.

References buf, nflog_g_handle::h, nflog_g_handle::id, NFA_LENGTH, nfnl_addattr16(), nfnl_fill_hdr(), NFNL_HEADER_LEN, nfnl_query(), nflog_handle::nfnlh, nflog_handle::nfnlssh, NFULA_CFG_FLAGS, NFULNL_MSG_CONFIG, NLM_F_ACK, and NLM_F_REQUEST.

Here is the call graph for this function:

int nflog_set_mode	(	struct nflog_g_handle *	gh,
		u_int8_t	mode,
		u_int32_t	range
	)

nflog_set_mode - set the amount of packet data that nflog copies to userspace

Parameters

qh	Netfilter log handle obtained by call to nflog_bind_group().
mode	the part of the packet that we are interested in
range	size of the packet that we want to get

Sets the amount of data to be copied to userspace for each packet logged to the given group.

• NFULNL_COPY_NONE - do not copy any data
• NFULNL_COPY_META - copy only packet metadata
• NFULNL_COPY_PACKET - copy entire packet

Returns

-1 on error; >= otherwise.

References buf, nfulnl_msg_config_mode::copy_mode, nfulnl_msg_config_mode::copy_range, nflog_g_handle::h, nflog_g_handle::id, NFA_LENGTH, nfnl_addattr_l(), nfnl_fill_hdr(), NFNL_HEADER_LEN, nfnl_query(), nflog_handle::nfnlh, nflog_handle::nfnlssh, NFULA_CFG_MODE, NFULNL_MSG_CONFIG, NLM_F_ACK, and NLM_F_REQUEST.

Here is the call graph for this function:

int nflog_set_nlbufsiz	(	struct nflog_g_handle *	gh,
		u_int32_t	nlbufsiz
	)

nflog_set_nlbufsiz - set the size of the nflog buffer for this group

Parameters

gh	Netfilter log handle obtained by call to nflog_bind_group().
nlbufsiz	Size of the nflog buffer

This function sets the size (in bytes) of the buffer that is used to stack log messages in nflog.

NOTE: The use of this function is strongly discouraged. The default buffer size (which is one memory page) provides the optimum results in terms of performance. Do not use this function in your applications.

Returns

-1 in case of error and errno is explicity set.

References buf, nflog_g_handle::h, nflog_g_handle::id, NFA_LENGTH, nfnl_addattr32(), nfnl_fill_hdr(), NFNL_HEADER_LEN, nfnl_query(), nfnl_rcvbufsiz(), nflog_handle::nfnlh, nflog_handle::nfnlssh, NFULA_CFG_NLBUFSIZ, NFULNL_MSG_CONFIG, NLM_F_ACK, and NLM_F_REQUEST.

Here is the call graph for this function:

int nflog_set_qthresh	(	struct nflog_g_handle *	gh,
		u_int32_t	qthresh
	)

nflog_set_qthresh - set the maximum amount of logs in buffer for this group

Parameters

gh	Netfilter log handle obtained by call to nflog_bind_group().
qthresh	Maximum number of log entries

This function determines the maximum number of log entries in the buffer until it is pushed to userspace.

Returns

-1 in case of error and errno is explicity set.

References buf, nflog_g_handle::h, nflog_g_handle::id, NFA_LENGTH, nfnl_addattr32(), nfnl_fill_hdr(), NFNL_HEADER_LEN, nfnl_query(), nflog_handle::nfnlh, nflog_handle::nfnlssh, NFULA_CFG_QTHRESH, NFULNL_MSG_CONFIG, NLM_F_ACK, and NLM_F_REQUEST.

Here is the call graph for this function:

int nflog_set_timeout	(	struct nflog_g_handle *	gh,
		u_int32_t	timeout
	)

nflog_set_timeout - set the maximum time to push log buffer for this group

Parameters

gh	Netfilter log handle obtained by call to nflog_bind_group().
timeout	Time to wait until the log buffer is pushed to userspace

This function allows to set the maximum time that nflog waits until it pushes the log buffer to userspace if no new logged packets have occured. Basically, nflog implements a buffer to reduce the computational cost of delivering the log message to userspace.

Returns

-1 in case of error and errno is explicity set.

References buf, nflog_g_handle::h, nflog_g_handle::id, NFA_LENGTH, nfnl_addattr32(), nfnl_fill_hdr(), NFNL_HEADER_LEN, nfnl_query(), nflog_handle::nfnlh, nflog_handle::nfnlssh, NFULA_CFG_TIMEOUT, NFULNL_MSG_CONFIG, NLM_F_ACK, and NLM_F_REQUEST.

Here is the call graph for this function:

int nflog_unbind_group

(

struct nflog_g_handle *

gh

)

nflog_unbind_group - unbind a group handle.

Parameters

gh	Netfilter log group handle obtained via nflog_bind_group()

Returns

-1 in case of error and errno is explicity in case of error.

References nflog_g_handle::h, nflog_g_handle::id, and NFULNL_CFG_CMD_UNBIND.

Referenced by ipulog_destroy_handle(), and main().

Here is the caller graph for this function: