 |
netfilter
firewalling, NAT, and packet mangling for linux
|
|
|
netfilter
firewalling, NAT, and packet mangling for linux
|
|
Functions | |
| struct nfulnl_msg_packet_hdr * | nflog_get_msg_packet_hdr (struct nflog_data *nfad) |
| nflog_get_msg_packet_hdr - return the metaheader that wraps the packet More... | |
| u_int16_t | nflog_get_hwtype (struct nflog_data *nfad) |
| nflog_get_hwtype - get the hardware link layer type from logging data More... | |
| u_int16_t | nflog_get_msg_packet_hwhdrlen (struct nflog_data *nfad) |
| nflog_get_hwhdrlen - get the length of the hardware link layer header More... | |
| char * | nflog_get_msg_packet_hwhdr (struct nflog_data *nfad) |
| nflog_get_msg_packet_hwhdr - get the hardware link layer header More... | |
| u_int32_t | nflog_get_nfmark (struct nflog_data *nfad) |
| nflog_get_nfmark - get the packet mark More... | |
| int | nflog_get_timestamp (struct nflog_data *nfad, struct timeval *tv) |
| nflog_get_timestamp - get the packet timestamp More... | |
| u_int32_t | nflog_get_indev (struct nflog_data *nfad) |
| nflog_get_indev - get the interface that the packet was received through More... | |
| u_int32_t | nflog_get_physindev (struct nflog_data *nfad) |
| nflog_get_physindev - get the physical interface that the packet was received More... | |
| u_int32_t | nflog_get_outdev (struct nflog_data *nfad) |
| nflog_get_outdev - gets the interface that the packet will be routed out More... | |
| u_int32_t | nflog_get_physoutdev (struct nflog_data *nfad) |
| nflog_get_physoutdev - get the physical interface that the packet output More... | |
| struct nfulnl_msg_packet_hw * | nflog_get_packet_hw (struct nflog_data *nfad) |
| nflog_get_packet_hw - get hardware address More... | |
| int | nflog_get_payload (struct nflog_data *nfad, char **data) |
| nflog_get_payload - get payload of the logged packet More... | |
| char * | nflog_get_prefix (struct nflog_data *nfad) |
| nflog_get_prefix - get the logging string prefix More... | |
| int | nflog_get_uid (struct nflog_data *nfad, u_int32_t *uid) |
| nflog_get_uid - get the UID of the user that has generated the packet More... | |
| int | nflog_get_gid (struct nflog_data *nfad, u_int32_t *gid) |
| nflog_get_gid - get the GID of the user that has generated the packet More... | |
| int | nflog_get_seq (struct nflog_data *nfad, u_int32_t *seq) |
| nflog_get_seq - get the local nflog sequence number More... | |
| int | nflog_get_seq_global (struct nflog_data *nfad, u_int32_t *seq) |
| nflog_get_seq_global - get the global nflog sequence number More... | |
| struct nfqnl_msg_packet_hdr * | nfq_get_msg_packet_hdr (struct nfq_data *nfad) |
| nfqnl_msg_packet_hdr - return the metaheader that wraps the packet More... | |
| EXPORT_SYMBOL (nfq_get_msg_packet_hdr) | |
| uint32_t | nfq_get_nfmark (struct nfq_data *nfad) |
| nfq_get_nfmark - get the packet mark More... | |
| EXPORT_SYMBOL (nfq_get_nfmark) | |
| int | nfq_get_timestamp (struct nfq_data *nfad, struct timeval *tv) |
| nfq_get_timestamp - get the packet timestamp More... | |
| EXPORT_SYMBOL (nfq_get_timestamp) | |
| u_int32_t | nfq_get_indev (struct nfq_data *nfad) |
| nfq_get_indev - get the interface that the packet was received through More... | |
| EXPORT_SYMBOL (nfq_get_indev) | |
| u_int32_t | nfq_get_physindev (struct nfq_data *nfad) |
| nfq_get_physindev - get the physical interface that the packet was received More... | |
| EXPORT_SYMBOL (nfq_get_physindev) | |
| u_int32_t | nfq_get_outdev (struct nfq_data *nfad) |
| nfq_get_outdev - gets the interface that the packet will be routed out More... | |
| EXPORT_SYMBOL (nfq_get_outdev) | |
| u_int32_t | nfq_get_physoutdev (struct nfq_data *nfad) |
| nfq_get_physoutdev - get the physical interface that the packet output More... | |
| EXPORT_SYMBOL (nfq_get_physoutdev) | |
| int | nfq_get_indev_name (struct nlif_handle *nlif_handle, struct nfq_data *nfad, char *name) |
| nfq_get_indev_name - get the name of the interface the packet was received through More... | |
| EXPORT_SYMBOL (nfq_get_indev_name) | |
| int | nfq_get_physindev_name (struct nlif_handle *nlif_handle, struct nfq_data *nfad, char *name) |
| nfq_get_physindev_name - get the name of the physical interface the packet was received through More... | |
| EXPORT_SYMBOL (nfq_get_physindev_name) | |
| int | nfq_get_outdev_name (struct nlif_handle *nlif_handle, struct nfq_data *nfad, char *name) |
| nfq_get_outdev_name - get the name of the physical interface the packet will be sent to More... | |
| EXPORT_SYMBOL (nfq_get_outdev_name) | |
| int | nfq_get_physoutdev_name (struct nlif_handle *nlif_handle, struct nfq_data *nfad, char *name) |
| nfq_get_physoutdev_name - get the name of the interface the packet will be sent to More... | |
| EXPORT_SYMBOL (nfq_get_physoutdev_name) | |
| struct nfqnl_msg_packet_hw * | nfq_get_packet_hw (struct nfq_data *nfad) |
| nfq_get_packet_hw More... | |
| EXPORT_SYMBOL (nfq_get_packet_hw) | |
| int | nfq_get_uid (struct nfq_data *nfad, u_int32_t *uid) |
| nfq_get_uid - get the UID of the user the packet belongs to More... | |
| EXPORT_SYMBOL (nfq_get_uid) | |
| int | nfq_get_gid (struct nfq_data *nfad, u_int32_t *gid) |
| nfq_get_gid - get the GID of the user the packet belongs to More... | |
| EXPORT_SYMBOL (nfq_get_gid) | |
| int | nfq_get_payload (struct nfq_data *nfad, unsigned char **data) |
| nfq_get_payload - get payload More... | |
| EXPORT_SYMBOL (nfq_get_payload) | |
| EXPORT_SYMBOL | ( | nfq_get_msg_packet_hdr | ) |
| EXPORT_SYMBOL | ( | nfq_get_nfmark | ) |
| EXPORT_SYMBOL | ( | nfq_get_timestamp | ) |
| EXPORT_SYMBOL | ( | nfq_get_indev | ) |
| EXPORT_SYMBOL | ( | nfq_get_physindev | ) |
| EXPORT_SYMBOL | ( | nfq_get_outdev | ) |
| EXPORT_SYMBOL | ( | nfq_get_physoutdev | ) |
| EXPORT_SYMBOL | ( | nfq_get_indev_name | ) |
| EXPORT_SYMBOL | ( | nfq_get_physindev_name | ) |
| EXPORT_SYMBOL | ( | nfq_get_outdev_name | ) |
| EXPORT_SYMBOL | ( | nfq_get_physoutdev_name | ) |
| EXPORT_SYMBOL | ( | nfq_get_packet_hw | ) |
| EXPORT_SYMBOL | ( | nfq_get_uid | ) |
| EXPORT_SYMBOL | ( | nfq_get_gid | ) |
| EXPORT_SYMBOL | ( | nfq_get_payload | ) |
| int nflog_get_gid | ( | struct nflog_data * | nfad, |
| u_int32_t * | gid | ||
| ) |
nflog_get_gid - get the GID of the user that has generated the packet
| nfad | Netlink packet data handle passed to callback function |
References nflog_data::nfa, nfnl_attr_present, nfnl_get_data, and NFULA_GID.
| u_int16_t nflog_get_hwtype | ( | struct nflog_data * | nfad | ) |
nflog_get_hwtype - get the hardware link layer type from logging data
| nfad | pointer to logging data |
References nflog_data::nfa, nfnl_get_data, and NFULA_HWTYPE.
| u_int32_t nflog_get_indev | ( | struct nflog_data * | nfad | ) |
nflog_get_indev - get the interface that the packet was received through
| nfad | Netlink packet data handle passed to callback function |
References nflog_data::nfa, nfnl_get_data, and NFULA_IFINDEX_INDEV.
Referenced by nflog_snprintf_xml().
| struct nfulnl_msg_packet_hdr* nflog_get_msg_packet_hdr | ( | struct nflog_data * | nfad | ) |
nflog_get_msg_packet_hdr - return the metaheader that wraps the packet
| nfad | Netlink packet data handle passed to callback function |
The nfulnl_msg_packet_hdr structure is defined in libnetfilter_log.h as:
struct nfulnl_msg_packet_hdr {
u_int16_t hw_protocol; // hw protocol (network order)
u_int8_t hook; // netfilter hook
u_int8_t _pad;
} __attribute__ ((packed));
References nflog_data::nfa, nfnl_get_pointer_to_data, and NFULA_PACKET_HDR.
Referenced by nflog_snprintf_xml().
| char* nflog_get_msg_packet_hwhdr | ( | struct nflog_data * | nfad | ) |
nflog_get_msg_packet_hwhdr - get the hardware link layer header
| nfad | pointer to logging data |
References nflog_data::nfa, nfnl_get_pointer_to_data, and NFULA_HWHEADER.
| u_int16_t nflog_get_msg_packet_hwhdrlen | ( | struct nflog_data * | nfad | ) |
nflog_get_hwhdrlen - get the length of the hardware link layer header
| nfad | pointer to logging data |
References nflog_data::nfa, nfnl_get_data, and NFULA_HWLEN.
| u_int32_t nflog_get_nfmark | ( | struct nflog_data * | nfad | ) |
nflog_get_nfmark - get the packet mark
| nfad | Netlink packet data handle passed to callback function |
References nflog_data::nfa, nfnl_get_data, and NFULA_MARK.
Referenced by nflog_snprintf_xml().
| u_int32_t nflog_get_outdev | ( | struct nflog_data * | nfad | ) |
nflog_get_outdev - gets the interface that the packet will be routed out
| nfad | Netlink packet data handle passed to callback function |
References nflog_data::nfa, nfnl_get_data, and NFULA_IFINDEX_OUTDEV.
Referenced by nflog_snprintf_xml().
| struct nfulnl_msg_packet_hw* nflog_get_packet_hw | ( | struct nflog_data * | nfad | ) |
nflog_get_packet_hw - get hardware address
| nfad | Netlink packet data handle passed to callback function |
Retrieves the hardware address associated with the given packet. For ethernet packets, the hardware address returned (if any) will be the MAC address of the packet source host. The destination MAC address is not known until after POSTROUTING and a successful ARP request, so cannot currently be retrieved.
The nfulnl_msg_packet_hw structure is defined in libnetfilter_log.h as:
struct nfulnl_msg_packet_hw {
u_int16_t hw_addrlen;
u_int16_t _pad;
u_int8_t hw_addr[8];
} __attribute__ ((packed));
References nflog_data::nfa, nfnl_get_pointer_to_data, and NFULA_HWADDR.
Referenced by nflog_snprintf_xml().
| int nflog_get_payload | ( | struct nflog_data * | nfad, |
| char ** | data | ||
| ) |
nflog_get_payload - get payload of the logged packet
| nfad | Netlink packet data handle passed to callback function |
| data | Pointer of pointer that will be pointed to the payload |
Retrieve the payload for a logged packet. The actual amount and type of data retrieved by this function will depend on the mode set with the nflog_set_mode() function.
References nflog_data::nfa, NFA_PAYLOAD, nfnl_get_pointer_to_data, and NFULA_PAYLOAD.
Referenced by nflog_snprintf_xml().
| u_int32_t nflog_get_physindev | ( | struct nflog_data * | nfad | ) |
nflog_get_physindev - get the physical interface that the packet was received
| nfad | Netlink packet data handle passed to callback function |
References nflog_data::nfa, nfnl_get_data, and NFULA_IFINDEX_PHYSINDEV.
Referenced by nflog_snprintf_xml().
| u_int32_t nflog_get_physoutdev | ( | struct nflog_data * | nfad | ) |
nflog_get_physoutdev - get the physical interface that the packet output
| nfad | Netlink packet data handle passed to callback function |
The index of the physical device the packet will be sent out. If the returned index is 0, the packet is destined for localhost or the physical output interface is not yet known (ie. PREROUTING?).
References nflog_data::nfa, nfnl_get_data, and NFULA_IFINDEX_PHYSOUTDEV.
Referenced by nflog_snprintf_xml().
| char* nflog_get_prefix | ( | struct nflog_data * | nfad | ) |
nflog_get_prefix - get the logging string prefix
| nfad | Netlink packet data handle passed to callback function |
References nflog_data::nfa, nfnl_get_pointer_to_data, and NFULA_PREFIX.
Referenced by nflog_snprintf_xml().
| int nflog_get_seq | ( | struct nflog_data * | nfad, |
| u_int32_t * | seq | ||
| ) |
nflog_get_seq - get the local nflog sequence number
| nfad | Netlink packet data handle passed to callback function |
You must enable this via nflog_set_flags().
References nflog_data::nfa, nfnl_attr_present, nfnl_get_data, and NFULA_SEQ.
| int nflog_get_seq_global | ( | struct nflog_data * | nfad, |
| u_int32_t * | seq | ||
| ) |
nflog_get_seq_global - get the global nflog sequence number
| nfad | Netlink packet data handle passed to callback function |
You must enable this via nflog_set_flags().
References nflog_data::nfa, nfnl_attr_present, nfnl_get_data, and NFULA_SEQ_GLOBAL.
| int nflog_get_timestamp | ( | struct nflog_data * | nfad, |
| struct timeval * | tv | ||
| ) |
nflog_get_timestamp - get the packet timestamp
| nfad | Netlink packet data handle passed to callback function |
| tv | structure to fill with timestamp info |
Retrieves the received timestamp when the given logged packet.
References __be64_to_cpu, nflog_data::nfa, nfnl_get_pointer_to_data, NFULA_TIMESTAMP, nfulnl_msg_packet_timestamp::sec, and nfulnl_msg_packet_timestamp::usec.
| int nflog_get_uid | ( | struct nflog_data * | nfad, |
| u_int32_t * | uid | ||
| ) |
nflog_get_uid - get the UID of the user that has generated the packet
| nfad | Netlink packet data handle passed to callback function |
References nflog_data::nfa, nfnl_attr_present, nfnl_get_data, and NFULA_UID.
nfq_get_gid - get the GID of the user the packet belongs to
| nfad | Netlink packet data handle passed to callback function |
References nfq_data::data, nfnl_attr_present, nfnl_get_data, and NFQA_GID.
Referenced by nfq_snprintf_xml().
nfq_get_indev - get the interface that the packet was received through
| nfad | Netlink packet data handle passed to callback function |
References nfq_data::data, nfnl_get_data, and NFQA_IFINDEX_INDEV.
Referenced by nfq_get_indev_name(), and nfq_snprintf_xml().
| int nfq_get_indev_name | ( | struct nlif_handle * | nlif_handle, |
| struct nfq_data * | nfad, | ||
| char * | name | ||
| ) |
nfq_get_indev_name - get the name of the interface the packet was received through
| nlif_handle | pointer to a nlif interface resolving handle |
| nfad | Netlink packet data handle passed to callback function |
| name | pointer to the buffer to receive the interface name; not more than IFNAMSIZ bytes will be copied to it. |
To use a nlif_handle, You need first to call nlif_open() and to open an handler. Don't forget to store the result as it will be used during all your program life:
h = nlif_open();
if (h == NULL) {
perror("nlif_open");
exit(EXIT_FAILURE);
}
Once the handler is open, you need to fetch the interface table at a whole via a call to nlif_query.
nlif_query(h);
libnfnetlink is able to update the interface mapping when a new interface appears. To do so, you need to call nlif_catch() on the handler after each interface related event. The simplest way to get and treat event is to run a select() or poll() against the nlif file descriptor. To get this file descriptor, you need to use nlif_fd:
if_fd = nlif_fd(h);
Don't forget to close the handler when you don't need the feature anymore:
nlif_close(h);
References nfq_get_indev(), and nlif_index2name().
| struct nfqnl_msg_packet_hdr* nfq_get_msg_packet_hdr | ( | struct nfq_data * | nfad | ) |
nfqnl_msg_packet_hdr - return the metaheader that wraps the packet
| nfad | Netlink packet data handle passed to callback function |
The nfqnl_msg_packet_hdr structure is defined in libnetfilter_queue.h as:
struct nfqnl_msg_packet_hdr {
u_int32_t packet_id; // unique ID of packet in queue
u_int16_t hw_protocol; // hw protocol (network order)
u_int8_t hook; // netfilter hook
} __attribute__ ((packed));
References nfq_data::data, nfnl_get_pointer_to_data, and NFQA_PACKET_HDR.
Referenced by nfq_snprintf_xml().
nfq_get_nfmark - get the packet mark
| nfad | Netlink packet data handle passed to callback function |
References nfq_data::data, nfnl_get_data, and NFQA_MARK.
Referenced by nfq_snprintf_xml().
nfq_get_outdev - gets the interface that the packet will be routed out
| nfad | Netlink packet data handle passed to callback function |
References nfq_data::data, nfnl_get_data, and NFQA_IFINDEX_OUTDEV.
Referenced by nfq_get_outdev_name(), and nfq_snprintf_xml().
| int nfq_get_outdev_name | ( | struct nlif_handle * | nlif_handle, |
| struct nfq_data * | nfad, | ||
| char * | name | ||
| ) |
nfq_get_outdev_name - get the name of the physical interface the packet will be sent to
| nlif_handle | pointer to a nlif interface resolving handle |
| nfad | Netlink packet data handle passed to callback function |
| name | pointer to the buffer to receive the interface name; not more than IFNAMSIZ bytes will be copied to it. |
See nfq_get_indev_name() documentation for nlif_handle usage.
References nfq_get_outdev(), and nlif_index2name().
| struct nfqnl_msg_packet_hw* nfq_get_packet_hw | ( | struct nfq_data * | nfad | ) |
nfq_get_packet_hw
get hardware address
| nfad | Netlink packet data handle passed to callback function |
Retrieves the hardware address associated with the given queued packet. For ethernet packets, the hardware address returned (if any) will be the MAC address of the packet source host. The destination MAC address is not known until after POSTROUTING and a successful ARP request, so cannot currently be retrieved.
The nfqnl_msg_packet_hw structure is defined in libnetfilter_queue.h as:
struct nfqnl_msg_packet_hw {
u_int16_t hw_addrlen;
u_int16_t _pad;
u_int8_t hw_addr[8];
} __attribute__ ((packed));
References nfq_data::data, nfnl_get_pointer_to_data, and NFQA_HWADDR.
Referenced by nfq_snprintf_xml().
nfq_get_payload - get payload
| nfad | Netlink packet data handle passed to callback function |
| data | Pointer of pointer that will be pointed to the payload |
Retrieve the payload for a queued packet. The actual amount and type of data retrieved by this function will depend on the mode set with the nfq_set_mode() function.
References nfq_data::data, NFA_PAYLOAD, nfnl_get_pointer_to_data, and NFQA_PAYLOAD.
Referenced by nfq_snprintf_xml().
nfq_get_physindev - get the physical interface that the packet was received
| nfad | Netlink packet data handle passed to callback function |
References nfq_data::data, nfnl_get_data, and NFQA_IFINDEX_PHYSINDEV.
Referenced by nfq_get_physindev_name(), and nfq_snprintf_xml().
| int nfq_get_physindev_name | ( | struct nlif_handle * | nlif_handle, |
| struct nfq_data * | nfad, | ||
| char * | name | ||
| ) |
nfq_get_physindev_name - get the name of the physical interface the packet was received through
| nlif_handle | pointer to a nlif interface resolving handle |
| nfad | Netlink packet data handle passed to callback function |
| name | pointer to the buffer to receive the interface name; not more than IFNAMSIZ bytes will be copied to it. |
See nfq_get_indev_name() documentation for nlif_handle usage.
References nfq_get_physindev(), and nlif_index2name().
nfq_get_physoutdev - get the physical interface that the packet output
| nfad | Netlink packet data handle passed to callback function |
The index of the physical device the queued packet will be sent out. If the returned index is 0, the packet is destined for localhost or the physical output interface is not yet known (ie. PREROUTING?).
References nfq_data::data, nfnl_get_data, and NFQA_IFINDEX_PHYSOUTDEV.
Referenced by nfq_get_physoutdev_name(), and nfq_snprintf_xml().
| int nfq_get_physoutdev_name | ( | struct nlif_handle * | nlif_handle, |
| struct nfq_data * | nfad, | ||
| char * | name | ||
| ) |
nfq_get_physoutdev_name - get the name of the interface the packet will be sent to
| nlif_handle | pointer to a nlif interface resolving handle |
| nfad | Netlink packet data handle passed to callback function |
| name | pointer to the buffer to receive the interface name; not more than IFNAMSIZ bytes will be copied to it. |
See nfq_get_indev_name() documentation for nlif_handle usage.
References nfq_get_physoutdev(), and nlif_index2name().
nfq_get_timestamp - get the packet timestamp
| nfad | Netlink packet data handle passed to callback function |
| tv | structure to fill with timestamp info |
Retrieves the received timestamp when the given queued packet.
References __be64_to_cpu, nfq_data::data, nfnl_get_pointer_to_data, NFQA_TIMESTAMP, nfqnl_msg_packet_timestamp::sec, and nfqnl_msg_packet_timestamp::usec.
nfq_get_uid - get the UID of the user the packet belongs to
| nfad | Netlink packet data handle passed to callback function |
References nfq_data::data, nfnl_attr_present, nfnl_get_data, and NFQA_UID.
Referenced by nfq_snprintf_xml().
1.8.8