Once libnetfilter_log library has been initialised (See LibrarySetup), it is possible to bind the program to a specific group. More...
Functions | |
int | nflog_fd (struct nflog_handle *h) |
nflog_fd - get the file descriptor associated with the nflog handler More... | |
struct nflog_g_handle * | nflog_bind_group (struct nflog_handle *h, u_int16_t num) |
nflog_bind_group - bind a new handle to a specific group number. More... | |
int | nflog_unbind_group (struct nflog_g_handle *gh) |
nflog_unbind_group - unbind a group handle. More... | |
int | nflog_set_mode (struct nflog_g_handle *gh, u_int8_t mode, u_int32_t range) |
nflog_set_mode - set the amount of packet data that nflog copies to userspace More... | |
int | nflog_set_timeout (struct nflog_g_handle *gh, u_int32_t timeout) |
nflog_set_timeout - set the maximum time to push log buffer for this group More... | |
int | nflog_set_qthresh (struct nflog_g_handle *gh, u_int32_t qthresh) |
nflog_set_qthresh - set the maximum amount of logs in buffer for this group More... | |
int | nflog_set_nlbufsiz (struct nflog_g_handle *gh, u_int32_t nlbufsiz) |
nflog_set_nlbufsiz - set the size of the nflog buffer for this group More... | |
int | nflog_set_flags (struct nflog_g_handle *gh, u_int16_t flags) |
nflog_set_flags - set the nflog flags for this group More... | |
Once libnetfilter_log library has been initialised (See LibrarySetup), it is possible to bind the program to a specific group.
This can be done using nflog_bind_group().
The group can then be tuned via nflog_set_mode() among many others.
Here's a little code snippet that binds to the group 100:
printf("binding this socket to group 0\n"); qh = nflog_bind_group(h, 0); if (!qh) { fprintf(stderr, "no handle for grup 0\n"); exit(1); } printf("setting copy_packet mode\n"); if (nflog_set_mode(qh, NFULNL_COPY_PACKET, 0xffff) < 0) { fprintf(stderr, "can't set packet copy mode\n"); exit(1); }
Next step is the handling of incoming packets which can be done via a loop:
fd = nflog_fd(h); while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) { printf("pkt received (len=%u)\n", rv); nflog_handle_packet(h, buf, rv); }
Data and information about the packet can be fetch by using message parsing functions (See Parsing).
struct nflog_g_handle* nflog_bind_group | ( | struct nflog_handle * | h, |
u_int16_t | num | ||
) |
nflog_bind_group - bind a new handle to a specific group number.
h | Netfilter log handle obtained via call to nflog_open() |
num | the number of the group to bind to |
References nflog_g_handle::h, nflog_g_handle::id, NFULNL_CFG_CMD_BIND, and NULL.
Referenced by ipulog_create_handle(), and main().
int nflog_fd | ( | struct nflog_handle * | h | ) |
nflog_fd - get the file descriptor associated with the nflog handler
log | handler obtained via call to nflog_open() |
This function returns a file descriptor that can be used for communication over the netlink connection associated with the given log connection handle.
References nflog_nfnlh(), and nfnl_fd().
Referenced by main().
int nflog_set_flags | ( | struct nflog_g_handle * | gh, |
u_int16_t | flags | ||
) |
nflog_set_flags - set the nflog flags for this group
gh | Netfilter log handle obtained by call to nflog_bind_group(). |
flags | Flags that you want to set |
There are two existing flags:
References buf, nflog_g_handle::h, nflog_g_handle::id, NFA_LENGTH, nfnl_addattr16(), nfnl_fill_hdr(), NFNL_HEADER_LEN, nfnl_query(), nflog_handle::nfnlh, nflog_handle::nfnlssh, NFULA_CFG_FLAGS, NFULNL_MSG_CONFIG, NLM_F_ACK, and NLM_F_REQUEST.
int nflog_set_mode | ( | struct nflog_g_handle * | gh, |
u_int8_t | mode, | ||
u_int32_t | range | ||
) |
nflog_set_mode - set the amount of packet data that nflog copies to userspace
qh | Netfilter log handle obtained by call to nflog_bind_group(). |
mode | the part of the packet that we are interested in |
range | size of the packet that we want to get |
Sets the amount of data to be copied to userspace for each packet logged to the given group.
References buf, nfulnl_msg_config_mode::copy_mode, nfulnl_msg_config_mode::copy_range, nflog_g_handle::h, nflog_g_handle::id, NFA_LENGTH, nfnl_addattr_l(), nfnl_fill_hdr(), NFNL_HEADER_LEN, nfnl_query(), nflog_handle::nfnlh, nflog_handle::nfnlssh, NFULA_CFG_MODE, NFULNL_MSG_CONFIG, NLM_F_ACK, and NLM_F_REQUEST.
int nflog_set_nlbufsiz | ( | struct nflog_g_handle * | gh, |
u_int32_t | nlbufsiz | ||
) |
nflog_set_nlbufsiz - set the size of the nflog buffer for this group
gh | Netfilter log handle obtained by call to nflog_bind_group(). |
nlbufsiz | Size of the nflog buffer |
This function sets the size (in bytes) of the buffer that is used to stack log messages in nflog.
NOTE: The use of this function is strongly discouraged. The default buffer size (which is one memory page) provides the optimum results in terms of performance. Do not use this function in your applications.
References buf, nflog_g_handle::h, nflog_g_handle::id, NFA_LENGTH, nfnl_addattr32(), nfnl_fill_hdr(), NFNL_HEADER_LEN, nfnl_query(), nfnl_rcvbufsiz(), nflog_handle::nfnlh, nflog_handle::nfnlssh, NFULA_CFG_NLBUFSIZ, NFULNL_MSG_CONFIG, NLM_F_ACK, and NLM_F_REQUEST.
int nflog_set_qthresh | ( | struct nflog_g_handle * | gh, |
u_int32_t | qthresh | ||
) |
nflog_set_qthresh - set the maximum amount of logs in buffer for this group
gh | Netfilter log handle obtained by call to nflog_bind_group(). |
qthresh | Maximum number of log entries |
This function determines the maximum number of log entries in the buffer until it is pushed to userspace.
References buf, nflog_g_handle::h, nflog_g_handle::id, NFA_LENGTH, nfnl_addattr32(), nfnl_fill_hdr(), NFNL_HEADER_LEN, nfnl_query(), nflog_handle::nfnlh, nflog_handle::nfnlssh, NFULA_CFG_QTHRESH, NFULNL_MSG_CONFIG, NLM_F_ACK, and NLM_F_REQUEST.
int nflog_set_timeout | ( | struct nflog_g_handle * | gh, |
u_int32_t | timeout | ||
) |
nflog_set_timeout - set the maximum time to push log buffer for this group
gh | Netfilter log handle obtained by call to nflog_bind_group(). |
timeout | Time to wait until the log buffer is pushed to userspace |
This function allows to set the maximum time that nflog waits until it pushes the log buffer to userspace if no new logged packets have occured. Basically, nflog implements a buffer to reduce the computational cost of delivering the log message to userspace.
References buf, nflog_g_handle::h, nflog_g_handle::id, NFA_LENGTH, nfnl_addattr32(), nfnl_fill_hdr(), NFNL_HEADER_LEN, nfnl_query(), nflog_handle::nfnlh, nflog_handle::nfnlssh, NFULA_CFG_TIMEOUT, NFULNL_MSG_CONFIG, NLM_F_ACK, and NLM_F_REQUEST.
int nflog_unbind_group | ( | struct nflog_g_handle * | gh | ) |
nflog_unbind_group - unbind a group handle.
gh | Netfilter log group handle obtained via nflog_bind_group() |
References nflog_g_handle::h, nflog_g_handle::id, and NFULNL_CFG_CMD_UNBIND.
Referenced by ipulog_destroy_handle(), and main().