 |
netfilter
firewalling, NAT, and packet mangling for linux
|
|
|
netfilter
firewalling, NAT, and packet mangling for linux
|
|
#include <stdlib.h>#include <stdio.h>#include <unistd.h>#include <errno.h>#include <string.h>#include <time.h>#include <netinet/in.h>#include <assert.h>#include <linux/types.h>#include <sys/socket.h>#include <sys/uio.h>#include <linux/netlink.h>#include <libnfnetlink/libnfnetlink.h>
Data Structures | |
| struct | nfnl_subsys_handle |
| struct | nfnl_handle |
| struct | nfnl_iterator |
Macros | |
| #define | NETLINK_ADD_MEMBERSHIP 1 |
| #define | SOL_NETLINK 270 |
| #define | nfnl_error(format, args...) fprintf(stderr, "%s: " format "\n", __FUNCTION__, ## args) |
| #define | nfnl_debug_dump_packet(a, b,...) |
| #define | NFNL_MAX_SUBSYS 16 /* enough for now */ |
| #define | NFNL_F_SEQTRACK_ENABLED (1 << 0) |
| #define | SO_RCVBUFFORCE (33) |
Functions | |
| void | nfnl_dump_packet (struct nlmsghdr *nlh, int received_len, char *desc) |
| int | nfnl_fd (struct nfnl_handle *h) |
| nfnl_fd - returns the descriptor that identifies the socket : nfnetlink handler More... | |
| unsigned int | nfnl_portid (const struct nfnl_handle *h) |
| nfnl_portid - returns the Netlink port ID of this socket : nfnetlink handler More... | |
| struct nfnl_handle * | nfnl_open (void) |
| nfnl_open - open a nfnetlink handler More... | |
| void | nfnl_set_sequence_tracking (struct nfnl_handle *h) |
| nfnl_set_sequence_tracking - set netlink sequence tracking : nfnetlink handler More... | |
| void | nfnl_unset_sequence_tracking (struct nfnl_handle *h) |
| nfnl_unset_sequence_tracking - set netlink sequence tracking : nfnetlink handler More... | |
| void | nfnl_set_rcv_buffer_size (struct nfnl_handle *h, unsigned int size) |
| nfnl_set_rcv_buffer_size - set the size of the receive buffer : libnfnetlink handler : buffer size More... | |
| struct nfnl_subsys_handle * | nfnl_subsys_open (struct nfnl_handle *nfnlh, u_int8_t subsys_id, u_int8_t cb_count, u_int32_t subscriptions) |
| nfnl_subsys_open - open a netlink subsystem : libnfnetlink handle : which nfnetlink subsystem we are interested in : number of callbacks that are used maximum. More... | |
| void | nfnl_subsys_close (struct nfnl_subsys_handle *ssh) |
| nfnl_subsys_close - close a nfnetlink subsys handler : nfnetlink subsystem handler More... | |
| int | nfnl_close (struct nfnl_handle *nfnlh) |
| nfnl_close - close a nfnetlink handler : nfnetlink handler More... | |
| int | nfnl_join (const struct nfnl_handle *nfnlh, unsigned int group) |
| nfnl_join - join a nfnetlink multicast group : nfnetlink handler : group we want to join More... | |
| int | nfnl_send (struct nfnl_handle *nfnlh, struct nlmsghdr *n) |
| nfnl_send - send a nfnetlink message through netlink socket : nfnetlink handler : netlink message More... | |
| int | nfnl_sendmsg (const struct nfnl_handle *nfnlh, const struct msghdr *msg, unsigned int flags) |
| int | nfnl_sendiov (const struct nfnl_handle *nfnlh, const struct iovec *iov, unsigned int num, unsigned int flags) |
| void | nfnl_fill_hdr (struct nfnl_subsys_handle *ssh, struct nlmsghdr *nlh, unsigned int len, u_int8_t family, u_int16_t res_id, u_int16_t msg_type, u_int16_t msg_flags) |
| nfnl_fill_hdr - fill in netlink and nfnetlink header : nfnetlink handle : netlink message to be filled in : length of payload bytes (not including nfgenmsg) : AF_INET / ... More... | |
| struct nfattr * | nfnl_parse_hdr (const struct nfnl_handle *nfnlh, const struct nlmsghdr *nlh, struct nfgenmsg **genmsg) |
| ssize_t | nfnl_recv (const struct nfnl_handle *h, unsigned char *buf, size_t len) |
| nfnl_recv - receive data from a nfnetlink subsystem : nfnetlink handler : buffer where the data will be stored : size of the buffer More... | |
| int | nfnl_listen (struct nfnl_handle *nfnlh, int(*handler)(struct sockaddr_nl *, struct nlmsghdr *n, void *), void *jarg) |
| nfnl_listen: listen for one or more netlink messages : libnfnetlink handle : callback function to be called for every netlink message More... | |
| int | nfnl_talk (struct nfnl_handle *nfnlh, struct nlmsghdr *n, pid_t peer, unsigned groups, struct nlmsghdr *answer, int(*junk)(struct sockaddr_nl *, struct nlmsghdr *n, void *), void *jarg) |
| nfnl_talk - send a request and then receive and process messages returned : nfnetelink handler : netlink message that contains the request : peer PID : netlink groups : callback called if out-of-sequence messages were received : data for the junk callback More... | |
| int | nfnl_addattr_l (struct nlmsghdr *n, int maxlen, int type, const void *data, int alen) |
| nfnl_addattr_l - Add variable length attribute to nlmsghdr : netlink message header to which attribute is to be added : maximum length of netlink message header : type of new attribute : content of new attribute : attribute length More... | |
| int | nfnl_nfa_addattr_l (struct nfattr *nfa, int maxlen, int type, const void *data, int alen) |
| nfnl_nfa_addattr_l - Add variable length attribute to struct nfattr More... | |
| int | nfnl_addattr8 (struct nlmsghdr *n, int maxlen, int type, u_int8_t data) |
| nfnl_addattr8 - Add u_int8_t attribute to nlmsghdr More... | |
| int | nfnl_nfa_addattr16 (struct nfattr *nfa, int maxlen, int type, u_int16_t data) |
| nfnl_nfa_addattr16 - Add u_int16_t attribute to struct nfattr More... | |
| int | nfnl_addattr16 (struct nlmsghdr *n, int maxlen, int type, u_int16_t data) |
| nfnl_addattr16 - Add u_int16_t attribute to nlmsghdr More... | |
| int | nfnl_nfa_addattr32 (struct nfattr *nfa, int maxlen, int type, u_int32_t data) |
| nfnl_nfa_addattr32 - Add u_int32_t attribute to struct nfattr More... | |
| int | nfnl_addattr32 (struct nlmsghdr *n, int maxlen, int type, u_int32_t data) |
| nfnl_addattr32 - Add u_int32_t attribute to nlmsghdr More... | |
| int | nfnl_parse_attr (struct nfattr *tb[], int max, struct nfattr *nfa, int len) |
| nfnl_parse_attr - Parse a list of nfattrs into a pointer array More... | |
| void | nfnl_build_nfa_iovec (struct iovec *iov, struct nfattr *nfa, u_int16_t type, u_int32_t len, unsigned char *val) |
| nfnl_build_nfa_iovec - Build two iovec's from tag, length and value More... | |
| unsigned int | nfnl_rcvbufsiz (const struct nfnl_handle *h, unsigned int size) |
| nfnl_rcvbufsiz - set the socket buffer size : nfnetlink handler : size of the buffer we want to set More... | |
| struct nlmsghdr * | nfnl_get_msg_first (struct nfnl_handle *h, const unsigned char *buf, size_t len) |
| nfnl_get_msg_first - get the first message of a multipart netlink message : nfnetlink handle : data received that we want to process : size of the data received More... | |
| struct nlmsghdr * | nfnl_get_msg_next (struct nfnl_handle *h, const unsigned char *buf, size_t len) |
| int | nfnl_callback_register (struct nfnl_subsys_handle *ssh, u_int8_t type, struct nfnl_callback *cb) |
| nfnl_callback_register - register a callback for a certain message type : nfnetlink subsys handler : subsys call : nfnetlink callback to be registered More... | |
| int | nfnl_callback_unregister (struct nfnl_subsys_handle *ssh, u_int8_t type) |
| nfnl_callback_unregister - unregister a certain callback : nfnetlink subsys handler : subsys call More... | |
| int | nfnl_check_attributes (const struct nfnl_handle *h, const struct nlmsghdr *nlh, struct nfattr *nfa[]) |
| int | nfnl_handle_packet (struct nfnl_handle *h, char *buf, int len) |
| int | nfnl_process (struct nfnl_handle *h, const unsigned char *buf, size_t len) |
| nfnl_process - process data coming from a nfnetlink system : nfnetlink handler : buffer that contains the netlink message : size of the data contained in the buffer (not the buffer size) More... | |
| struct nfnl_iterator * | nfnl_iterator_create (const struct nfnl_handle *h, const char *buf, size_t len) |
| nfnl_iterator_create: create an nfnetlink iterator : nfnetlink handler : buffer that contains data received from a nfnetlink system : size of the data contained in the buffer (not the buffer size) More... | |
| void | nfnl_iterator_destroy (struct nfnl_iterator *it) |
| nfnl_iterator_destroy - destroy a nfnetlink iterator : nfnetlink iterator More... | |
| int | nfnl_iterator_process (struct nfnl_handle *h, struct nfnl_iterator *it) |
| nfnl_iterator_process - process a nfnetlink message : nfnetlink handler : nfnetlink iterator that contains the current message to be proccesed More... | |
| int | nfnl_iterator_next (const struct nfnl_handle *h, struct nfnl_iterator *it) |
| nfnl_iterator_next - get the next message hold by the iterator : nfnetlink handler : nfnetlink iterator that contains the current message processed More... | |
| int | nfnl_catch (struct nfnl_handle *h) |
| nfnl_catch - get responses from the nfnetlink system and process them : nfnetlink handler More... | |
| int | nfnl_query (struct nfnl_handle *h, struct nlmsghdr *nlh) |
| nfnl_query - request/response communication challenge : nfnetlink handler : nfnetlink message to be sent More... | |
| #define NETLINK_ADD_MEMBERSHIP 1 |
Referenced by nfnl_join().
| #define nfnl_debug_dump_packet | ( | a, | |
| b, | |||
| ... | |||
| ) |
Referenced by nfnl_send().
| #define nfnl_error | ( | format, | |
| args... | |||
| ) | fprintf(stderr, "%s: " format "\n", __FUNCTION__, ## args) |
Referenced by nfnl_listen(), and nfnl_talk().
| #define NFNL_F_SEQTRACK_ENABLED (1 << 0) |
Referenced by nfnl_fill_hdr(), nfnl_open(), nfnl_set_sequence_tracking(), and nfnl_unset_sequence_tracking().
| #define NFNL_MAX_SUBSYS 16 /* enough for now */ |
Referenced by nfnl_close().
| #define SO_RCVBUFFORCE (33) |
Referenced by nfnl_rcvbufsiz().
| #define SOL_NETLINK 270 |
Referenced by nfnl_join().
nfnl_addattr16 - Add u_int16_t attribute to nlmsghdr
: netlink message header to which attribute is to be added : maximum length of netlink message header : type of new attribute : content of new attribute
References nfnl_addattr_l().
Referenced by nflog_set_flags().
nfnl_addattr32 - Add u_int32_t attribute to nlmsghdr
: netlink message header to which attribute is to be added : maximum length of netlink message header : type of new attribute : content of new attribute
References nfnl_addattr_l().
Referenced by __build_expect(), __build_filter_dump(), nflog_set_nlbufsiz(), nflog_set_qthresh(), nflog_set_timeout(), and nfq_set_queue_flags().
nfnl_addattr8 - Add u_int8_t attribute to nlmsghdr
: netlink message header to which attribute is to be added : maximum length of netlink message header : type of new attribute : content of new attribute
References nfnl_addattr_l().
nfnl_addattr_l - Add variable length attribute to nlmsghdr
: netlink message header to which attribute is to be added : maximum length of netlink message header : type of new attribute : content of new attribute : attribute length
References len, NFA_ALIGN, NFA_DATA, nfattr::nfa_len, NFA_LENGTH, nfattr::nfa_type, NLMSG_ALIGN, nlmsghdr::nlmsg_len, NLMSG_TAIL, and type.
Referenced by nflog_set_mode(), nfnl_addattr16(), nfnl_addattr32(), nfnl_addattr8(), nfq_set_mode(), and nfq_set_queue_maxlen().
| void nfnl_build_nfa_iovec | ( | struct iovec * | iov, |
| struct nfattr * | nfa, | ||
| u_int16_t | type, | ||
| u_int32_t | len, | ||
| unsigned char * | val | ||
| ) |
nfnl_build_nfa_iovec - Build two iovec's from tag, length and value
: pointer to array of two 'struct iovec' (caller-allocated) : pointer to 'struct nfattr' (caller-allocated) : type (tag) of attribute : length of value : pointer to buffer containing 'value'
References NFA_ALIGN, nfattr::nfa_len, nfattr::nfa_type, and type.
| int nfnl_callback_register | ( | struct nfnl_subsys_handle * | ssh, |
| u_int8_t | type, | ||
| struct nfnl_callback * | cb | ||
| ) |
nfnl_callback_register - register a callback for a certain message type : nfnetlink subsys handler : subsys call : nfnetlink callback to be registered
On success, 0 is returned. On error, -1 is returned and errno is set appropiately.
References nfnl_subsys_handle::cb, and nfnl_subsys_handle::cb_count.
Referenced by nfct_callback_register(), nfct_callback_register2(), nfexp_callback_register(), nfexp_callback_register2(), nflog_open_nfnl(), and nfq_open_nfnl().
| int nfnl_callback_unregister | ( | struct nfnl_subsys_handle * | ssh, |
| u_int8_t | type | ||
| ) |
nfnl_callback_unregister - unregister a certain callback : nfnetlink subsys handler : subsys call
On sucess, 0 is returned. On error, -1 is returned and errno is set appropiately.
References nfnl_callback::call, nfnl_subsys_handle::cb, nfnl_subsys_handle::cb_count, NULL, and type.
Referenced by nfct_callback_unregister(), nfct_callback_unregister2(), nfexp_callback_unregister(), and nfexp_callback_unregister2().
| int nfnl_catch | ( | struct nfnl_handle * | h | ) |
nfnl_catch - get responses from the nfnetlink system and process them : nfnetlink handler
This function handles the data received from the nfnetlink system. For example, events generated by one of the subsystems. The message is passed to the callback registered via callback_register(). Note that this a replacement of nfnl_listen and its use is recommended.
On success, 0 is returned. On error, a -1 is returned. If you do not want to listen to events anymore, then your callback must return NFNL_CB_STOP.
Note that ENOBUFS is returned in case that nfnetlink is exhausted. In that case is possible that the information requested is incomplete.
References __attribute__, buf, NFNL_CB_STOP, nfnl_process(), nfnl_recv(), and nfnl_handle::rcv_buffer_size.
Referenced by nfct_catch(), nfexp_catch(), and nfnl_query().
| int nfnl_close | ( | struct nfnl_handle * | nfnlh | ) |
nfnl_close - close a nfnetlink handler : nfnetlink handler
This function closes the nfnetlink handler. On success, 0 is returned. On error, -1 is returned and errno is set appropiately.
References nfnl_handle::fd, NFNL_MAX_SUBSYS, nfnl_subsys_close(), and nfnl_handle::subsys.
Referenced by main(), nfct_close(), nfct_open(), nflog_close(), nflog_open(), nflog_open_nfnl(), nfq_close(), and nfq_open().
References len, nfattr::nfa_len, NFA_NEXT, NFA_OK, NFA_TYPE, NFM_NFA, NFM_PAYLOAD, nlmsg_data(), NLMSG_DATA, nlmsghdr::nlmsg_flags, nlmsghdr::nlmsg_len, nlmsghdr::nlmsg_seq, and nlmsghdr::nlmsg_type.
| int nfnl_fd | ( | struct nfnl_handle * | h | ) |
nfnl_fd - returns the descriptor that identifies the socket : nfnetlink handler
Use this function if you need to interact with the socket. Common scenarios are the use of poll()/select() to achieve multiplexation.
References nfnl_handle::fd.
Referenced by nfct_fd(), nflog_fd(), and nfq_fd().
| void nfnl_fill_hdr | ( | struct nfnl_subsys_handle * | ssh, |
| struct nlmsghdr * | nlh, | ||
| unsigned int | len, | ||
| u_int8_t | family, | ||
| u_int16_t | res_id, | ||
| u_int16_t | msg_type, | ||
| u_int16_t | msg_flags | ||
| ) |
nfnl_fill_hdr - fill in netlink and nfnetlink header : nfnetlink handle : netlink message to be filled in : length of payload bytes (not including nfgenmsg) : AF_INET / ...
: resource id : nfnetlink message type (without subsystem) : netlink message flags
This function sets up appropiately the nfnetlink header. See that the pointer to the netlink message passed must point to a memory region of at least the size of struct nlmsghdr + struct nfgenmsg.
References nfnl_handle::flags, nfgenmsg::nfgen_family, NFNETLINK_V0, NFNL_F_SEQTRACK_ENABLED, nfnl_subsys_handle::nfnlh, nlmsghdr::nlmsg_flags, nlmsghdr::nlmsg_len, NLMSG_LENGTH, nlmsghdr::nlmsg_pid, nlmsghdr::nlmsg_seq, nlmsghdr::nlmsg_type, NULL, nfgenmsg::res_id, nfnl_handle::seq, nfnl_subsys_handle::subsys_id, and nfgenmsg::version.
Referenced by __build_conntrack(), __build_expect(), nflog_set_flags(), nflog_set_mode(), nflog_set_nlbufsiz(), nflog_set_qthresh(), nflog_set_timeout(), nfq_set_mode(), nfq_set_queue_flags(), and nfq_set_queue_maxlen().
| struct nlmsghdr* nfnl_get_msg_first | ( | struct nfnl_handle * | h, |
| const unsigned char * | buf, | ||
| size_t | len | ||
| ) |
nfnl_get_msg_first - get the first message of a multipart netlink message : nfnetlink handle : data received that we want to process : size of the data received
This function returns a pointer to the first netlink message contained in the chunk of data received from certain nfnetlink subsystem.
On success, a valid address that points to the netlink message is returned. On error, NULL is returned.
References nfnl_handle::last_nlhdr, nlh, NLMSG_OK, and NULL.
Referenced by ipulog_get_packet().
| struct nlmsghdr* nfnl_get_msg_next | ( | struct nfnl_handle * | h, |
| const unsigned char * | buf, | ||
| size_t | len | ||
| ) |
References nfnl_handle::last_nlhdr, nlh, NLM_F_MULTI, NLMSG_DONE, nlmsghdr::nlmsg_flags, NLMSG_NEXT, NLMSG_OK, nlmsghdr::nlmsg_type, and NULL.
Referenced by ipulog_get_packet().
| int nfnl_handle_packet | ( | struct nfnl_handle * | h, |
| char * | buf, | ||
| int | len | ||
| ) |
References len, NLMSG_ALIGN, nlmsghdr::nlmsg_len, and NLMSG_SPACE.
Referenced by nflog_handle_packet(), and nfq_handle_packet().
| struct nfnl_iterator* nfnl_iterator_create | ( | const struct nfnl_handle * | h, |
| const char * | buf, | ||
| size_t | len | ||
| ) |
nfnl_iterator_create: create an nfnetlink iterator : nfnetlink handler : buffer that contains data received from a nfnetlink system : size of the data contained in the buffer (not the buffer size)
This function creates an iterator that can be used to parse nfnetlink message one by one. The iterator gives more control to the programmer in the messages processing.
On success, a valid address is returned. On error, NULL is returned and errno is set to the appropiate value.
References len, nfnl_iterator::len, nlh, nfnl_iterator::nlh, NLMSG_OK, NLMSG_SPACE, and NULL.
| void nfnl_iterator_destroy | ( | struct nfnl_iterator * | it | ) |
nfnl_iterator_destroy - destroy a nfnetlink iterator : nfnetlink iterator
This function destroys a certain iterator. Nothing is returned.
| int nfnl_iterator_next | ( | const struct nfnl_handle * | h, |
| struct nfnl_iterator * | it | ||
| ) |
nfnl_iterator_next - get the next message hold by the iterator : nfnetlink handler : nfnetlink iterator that contains the current message processed
This function update the current message to be processed pointer. It returns NFNL_CB_CONTINUE if there is still more messages to be processed, otherwise NFNL_CB_STOP is returned.
References nfnl_iterator::len, nfnl_iterator::nlh, and NLMSG_NEXT.
| int nfnl_iterator_process | ( | struct nfnl_handle * | h, |
| struct nfnl_iterator * | it | ||
| ) |
nfnl_iterator_process - process a nfnetlink message : nfnetlink handler : nfnetlink iterator that contains the current message to be proccesed
This function process just the current message selected by the iterator. On success, a value greater or equal to zero is returned. On error, -1 is returned and errno is appropiately set.
References nfnl_iterator::len, nfnl_iterator::nlh, NLMSG_OK, nlmsghdr::nlmsg_seq, NLMSG_SPACE, and nfnl_handle::seq.
| int nfnl_join | ( | const struct nfnl_handle * | nfnlh, |
| unsigned int | group | ||
| ) |
nfnl_join - join a nfnetlink multicast group : nfnetlink handler : group we want to join
This function is used to join a certain multicast group. It must be called once the nfnetlink handler has been created. If any doubt, just use it if you have to listen to nfnetlink events.
On success, 0 is returned. On error, -1 is returned and errno is set approapiately.
References nfnl_handle::fd, NETLINK_ADD_MEMBERSHIP, and SOL_NETLINK.
| int nfnl_listen | ( | struct nfnl_handle * | nfnlh, |
| int(*)(struct sockaddr_nl *, struct nlmsghdr *n, void *) | handler, | ||
| void * | jarg | ||
| ) |
nfnl_listen: listen for one or more netlink messages : libnfnetlink handle : callback function to be called for every netlink message
This function is used to receive and process messages coming from an open nfnetlink handler like events or information request via nfnl_send().
On error, -1 is returned, unfortunately errno is not always set appropiately. For that reason, the use of this function is DEPRECATED. Please, use nfnl_receive_process() instead.
References __attribute__, buf, nlmsgerr::error, nfnl_handle::fd, len, MSG_TRUNC, NFNL_BUFFSIZE, nfnl_error, sockaddr_nl::nl_family, NLMSG_ALIGN, NLMSG_DATA, NLMSG_DONE, NLMSG_ERROR, and nlmsghdr::nlmsg_len.
nfnl_nfa_addattr16 - Add u_int16_t attribute to struct nfattr
: struct nfattr : maximal length of nfattr buffer : type for new attribute : content of new attribute
References nfnl_nfa_addattr_l().
nfnl_nfa_addattr32 - Add u_int32_t attribute to struct nfattr
: struct nfattr : maximal length of nfattr buffer : type for new attribute : content of new attribute
References nfnl_nfa_addattr_l().
nfnl_nfa_addattr_l - Add variable length attribute to struct nfattr
: struct nfattr : maximal length of nfattr buffer : type for new attribute : content of new attribute : length of new attribute
References len, NFA_ALIGN, NFA_DATA, nfattr::nfa_len, NFA_LENGTH, nfattr::nfa_type, and type.
Referenced by nfnl_nfa_addattr16(), and nfnl_nfa_addattr32().
| struct nfnl_handle* nfnl_open | ( | void | ) |
nfnl_open - open a nfnetlink handler
This function creates a nfnetlink handler, this is required to establish a communication between the userspace and the nfnetlink system.
On success, a valid address that points to a nfnl_handle structure is returned. On error, NULL is returned and errno is set approapiately.
References nfnl_handle::fd, nfnl_handle::flags, nfnl_handle::local, NETLINK_NETFILTER, NFNL_BUFFSIZE, NFNL_F_SEQTRACK_ENABLED, sockaddr_nl::nl_family, NULL, nfnl_handle::peer, nfnl_handle::rcv_buffer_size, and nfnl_handle::seq.
Referenced by main(), nfct_open(), nflog_open(), and nfq_open().
nfnl_parse_attr - Parse a list of nfattrs into a pointer array
: pointer array, will be filled in (output) : size of pointer array : pointer to list of nfattrs : length of 'nfa'
The returned value is equal to the number of remaining bytes of the netlink message that cannot be parsed.
| struct nfattr* nfnl_parse_hdr | ( | const struct nfnl_handle * | nfnlh, |
| const struct nlmsghdr * | nlh, | ||
| struct nfgenmsg ** | genmsg | ||
| ) |
References nlmsghdr::nlmsg_len, NLMSG_LENGTH, and NULL.
| unsigned int nfnl_portid | ( | const struct nfnl_handle * | h | ) |
nfnl_portid - returns the Netlink port ID of this socket : nfnetlink handler
References nfnl_handle::local, and sockaddr_nl::nl_pid.
Referenced by origin_register(), and origin_unregister().
| int nfnl_process | ( | struct nfnl_handle * | h, |
| const unsigned char * | buf, | ||
| size_t | len | ||
| ) |
nfnl_process - process data coming from a nfnetlink system : nfnetlink handler : buffer that contains the netlink message : size of the data contained in the buffer (not the buffer size)
This function processes all the nfnetlink messages contained inside a buffer. It performs the appropiate sanity checks and passes the message to a certain handler that is registered via register_callback().
On success, NFNL_CB_STOP is returned if the data processing has finished. If a value NFNL_CB_CONTINUE is returned, then there is more data to process. On error, NFNL_CB_CONTINUE is returned and errno is set to the appropiate value.
In case that the callback returns NFNL_CB_FAILURE, errno may be set by the library client. If your callback decides not to process data anymore for any reason, then it must return NFNL_CB_STOP. Otherwise, if the callback continues the processing NFNL_CB_CONTINUE is returned.
References NFNL_CB_STOP, NLMSG_NEXT, NLMSG_OK, nlmsghdr::nlmsg_seq, NLMSG_SPACE, and nfnl_handle::seq.
Referenced by nfnl_catch().
| int nfnl_query | ( | struct nfnl_handle * | h, |
| struct nlmsghdr * | nlh | ||
| ) |
nfnl_query - request/response communication challenge : nfnetlink handler : nfnetlink message to be sent
This function sends a nfnetlink message to a certain subsystem and receives the response messages associated, such messages are passed to the callback registered via register_callback(). Note that this function is a replacement for nfnl_talk, its use is recommended.
On success, 0 is returned. On error, a negative is returned. If your does not want to listen to events anymore, then your callback must return NFNL_CB_STOP.
Note that ENOBUFS is returned in case that nfnetlink is exhausted. In that case is possible that the information requested is incomplete.
References nfnl_catch(), and nfnl_send().
Referenced by nfct_query(), nfexp_query(), nflog_set_flags(), nflog_set_mode(), nflog_set_nlbufsiz(), nflog_set_qthresh(), nflog_set_timeout(), nfq_set_mode(), nfq_set_queue_flags(), and nfq_set_queue_maxlen().
| unsigned int nfnl_rcvbufsiz | ( | const struct nfnl_handle * | h, |
| unsigned int | size | ||
| ) |
nfnl_rcvbufsiz - set the socket buffer size : nfnetlink handler : size of the buffer we want to set
This function sets the new size of the socket buffer. Use this setting to increase the socket buffer size if your system is reporting ENOBUFS errors.
This function returns the new size of the socket buffer.
References nfnl_handle::fd, size, and SO_RCVBUFFORCE.
Referenced by main(), nflog_set_nlbufsiz(), nl_init_event_handler(), and nl_resize_socket_buffer().
| ssize_t nfnl_recv | ( | const struct nfnl_handle * | h, |
| unsigned char * | buf, | ||
| size_t | len | ||
| ) |
nfnl_recv - receive data from a nfnetlink subsystem : nfnetlink handler : buffer where the data will be stored : size of the buffer
This function doesn't perform any sanity checking. So do no expect that the data is well-formed. Such checkings are done by the parsing functions.
On success, 0 is returned. On error, -1 is returned and errno is set appropiately.
Note that ENOBUFS is returned in case that nfnetlink is exhausted. In that case is possible that the information requested is incomplete.
References nfnl_handle::fd, sockaddr_nl::nl_pid, and nfnl_handle::peer.
Referenced by ipulog_read(), and nfnl_catch().
| int nfnl_send | ( | struct nfnl_handle * | nfnlh, |
| struct nlmsghdr * | n | ||
| ) |
nfnl_send - send a nfnetlink message through netlink socket : nfnetlink handler
: netlink message
On success, the number of bytes is returned. On error, -1 is returned and errno is set appropiately.
References nfnl_handle::fd, nfnl_debug_dump_packet, nlmsghdr::nlmsg_len, and nfnl_handle::peer.
Referenced by nfct_send(), nfexp_send(), and nfnl_query().
| int nfnl_sendiov | ( | const struct nfnl_handle * | nfnlh, |
| const struct iovec * | iov, | ||
| unsigned int | num, | ||
| unsigned int | flags | ||
| ) |
| int nfnl_sendmsg | ( | const struct nfnl_handle * | nfnlh, |
| const struct msghdr * | msg, | ||
| unsigned int | flags | ||
| ) |
References nfnl_handle::fd.
Referenced by nfnl_sendiov().
| void nfnl_set_rcv_buffer_size | ( | struct nfnl_handle * | h, |
| unsigned int | size | ||
| ) |
nfnl_set_rcv_buffer_size - set the size of the receive buffer : libnfnetlink handler : buffer size
This function sets the size of the receive buffer size, i.e. the size of the buffer used by nfnl_recv. Default value is 4096 bytes.
References nfnl_handle::rcv_buffer_size, and size.
| void nfnl_set_sequence_tracking | ( | struct nfnl_handle * | h | ) |
nfnl_set_sequence_tracking - set netlink sequence tracking : nfnetlink handler
References nfnl_handle::flags, and NFNL_F_SEQTRACK_ENABLED.
| void nfnl_subsys_close | ( | struct nfnl_subsys_handle * | ssh | ) |
nfnl_subsys_close - close a nfnetlink subsys handler : nfnetlink subsystem handler
Release all the callbacks registered in a subsystem handler.
References nfnl_subsys_handle::cb, nfnl_subsys_handle::cb_count, NULL, and nfnl_subsys_handle::subscriptions.
Referenced by main(), nfct_close(), nfct_open_nfnl(), nfnl_close(), and nfq_open_nfnl().
| struct nfnl_subsys_handle* nfnl_subsys_open | ( | struct nfnl_handle * | nfnlh, |
| u_int8_t | subsys_id, | ||
| u_int8_t | cb_count, | ||
| u_int32_t | subscriptions | ||
| ) |
nfnl_subsys_open - open a netlink subsystem : libnfnetlink handle : which nfnetlink subsystem we are interested in : number of callbacks that are used maximum.
: netlink groups we want to be subscribed to
This function creates a subsystem handler that contains the set of callbacks that handle certain types of messages coming from a netfilter subsystem. Initially the callback set is empty, you can register callbacks via nfnl_callback_register().
On error, NULL is returned and errno is set appropiately. On success, a valid address that points to a nfnl_subsys_handle structure is returned.
References nfnl_subsys_handle::cb, nfnl_subsys_handle::cb_count, nfnl_subsys_handle::nfnlh, NULL, nfnl_subsys_handle::subscriptions, nfnl_handle::subsys, and nfnl_subsys_handle::subsys_id.
| int nfnl_talk | ( | struct nfnl_handle * | nfnlh, |
| struct nlmsghdr * | n, | ||
| pid_t | peer, | ||
| unsigned | groups, | ||
| struct nlmsghdr * | answer, | ||
| int(*)(struct sockaddr_nl *, struct nlmsghdr *n, void *) | junk, | ||
| void * | jarg | ||
| ) |
nfnl_talk - send a request and then receive and process messages returned : nfnetelink handler
: netlink message that contains the request : peer PID : netlink groups : callback called if out-of-sequence messages were received : data for the junk callback
This function is used to request an action that does not returns any information. On error, a negative value is returned, errno could be set appropiately. For that reason, the use of this function is DEPRECATED. Please, use nfnl_query() instead.
References __attribute__, buf, nlmsgerr::error, nfnl_handle::fd, len, nfnl_handle::local, MSG_TRUNC, NFNL_BUFFSIZE, nfnl_error, sockaddr_nl::nl_family, sockaddr_nl::nl_groups, sockaddr_nl::nl_pid, NLM_F_ACK, NLMSG_ALIGN, NLMSG_DATA, NLMSG_ERROR, nlmsghdr::nlmsg_flags, nlmsghdr::nlmsg_len, nlmsghdr::nlmsg_seq, and nfnl_handle::seq.
| void nfnl_unset_sequence_tracking | ( | struct nfnl_handle * | h | ) |
nfnl_unset_sequence_tracking - set netlink sequence tracking : nfnetlink handler
References nfnl_handle::flags, and NFNL_F_SEQTRACK_ENABLED.
Referenced by nflog_open(), and nfq_open().
1.8.8 