libnetfilter_log  1.0.1
nfulnl_test.c
1 
2 #include <stdio.h>
3 #include <stdlib.h>
4 #include <unistd.h>
5 #include <netinet/in.h>
6 
7 #include <libnetfilter_log/libnetfilter_log.h>
8 
9 static int print_pkt(struct nflog_data *ldata)
10 {
11  struct nfulnl_msg_packet_hdr *ph = nflog_get_msg_packet_hdr(ldata);
12  uint32_t mark = nflog_get_nfmark(ldata);
13  uint32_t indev = nflog_get_indev(ldata);
14  uint32_t outdev = nflog_get_outdev(ldata);
15  char *prefix = nflog_get_prefix(ldata);
16  char *payload;
17  int payload_len = nflog_get_payload(ldata, &payload);
18 
19  if (ph) {
20  printf("hw_protocol=0x%04x hook=%u ",
21  ntohs(ph->hw_protocol), ph->hook);
22  }
23 
24  printf("mark=%u ", mark);
25 
26  if (indev > 0)
27  printf("indev=%u ", indev);
28 
29  if (outdev > 0)
30  printf("outdev=%u ", outdev);
31 
32 
33  if (prefix) {
34  printf("prefix=\"%s\" ", prefix);
35  }
36  if (payload_len >= 0)
37  printf("payload_len=%d ", payload_len);
38 
39  fputc('\n', stdout);
40  return 0;
41 }
42 
43 static int cb(struct nflog_g_handle *gh, struct nfgenmsg *nfmsg,
44  struct nflog_data *nfa, void *data)
45 {
46  print_pkt(nfa);
47  return 0;
48 }
49 
50 
51 int main(int argc, char **argv)
52 {
53  struct nflog_handle *h;
54  struct nflog_g_handle *qh;
55  struct nflog_g_handle *qh100;
56  int rv, fd;
57  char buf[4096];
58 
59  h = nflog_open();
60  if (!h) {
61  fprintf(stderr, "error during nflog_open()\n");
62  exit(1);
63  }
64 
65  printf("unbinding existing nf_log handler for AF_INET (if any)\n");
66  if (nflog_unbind_pf(h, AF_INET) < 0) {
67  fprintf(stderr, "error nflog_unbind_pf()\n");
68  exit(1);
69  }
70 
71  printf("binding nfnetlink_log to AF_INET\n");
72  if (nflog_bind_pf(h, AF_INET) < 0) {
73  fprintf(stderr, "error during nflog_bind_pf()\n");
74  exit(1);
75  }
76  printf("binding this socket to group 0\n");
77  qh = nflog_bind_group(h, 0);
78  if (!qh) {
79  fprintf(stderr, "no handle for grup 0\n");
80  exit(1);
81  }
82 
83  printf("binding this socket to group 100\n");
84  qh100 = nflog_bind_group(h, 100);
85  if (!qh100) {
86  fprintf(stderr, "no handle for group 100\n");
87  exit(1);
88  }
89 
90  printf("setting copy_packet mode\n");
91  if (nflog_set_mode(qh, NFULNL_COPY_PACKET, 0xffff) < 0) {
92  fprintf(stderr, "can't set packet copy mode\n");
93  exit(1);
94  }
95 
96  fd = nflog_fd(h);
97 
98  printf("registering callback for group 0\n");
99  nflog_callback_register(qh, &cb, NULL);
100 
101  printf("going into main loop\n");
102  while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
103  printf("pkt received (len=%u)\n", rv);
104 
105  /* handle messages in just-received packet */
106  nflog_handle_packet(h, buf, rv);
107  }
108 
109  printf("unbinding from group 100\n");
110  nflog_unbind_group(qh100);
111  printf("unbinding from group 0\n");
112  nflog_unbind_group(qh);
113 
114 #ifdef INSANE
115  /* norally, applications SHOULD NOT issue this command,
116  * since it detaches other programs/sockets from AF_INET, too ! */
117  printf("unbinding from AF_INET\n");
118  nflog_unbind_pf(h, AF_INET);
119 #endif
120 
121  printf("closing handle\n");
122  nflog_close(h);
123 
124  return EXIT_SUCCESS;
125 }
uint32_t nflog_get_outdev(struct nflog_data *nfad)
struct nflog_handle * nflog_open(void)
int nflog_set_mode(struct nflog_g_handle *gh, uint8_t mode, uint32_t range)
int nflog_get_payload(struct nflog_data *nfad, char **data)
uint32_t nflog_get_indev(struct nflog_data *nfad)
int nflog_unbind_pf(struct nflog_handle *h, uint16_t pf)
uint32_t nflog_get_nfmark(struct nflog_data *nfad)
struct nflog_g_handle * nflog_bind_group(struct nflog_handle *h, uint16_t num)
int nflog_bind_pf(struct nflog_handle *h, uint16_t pf)
int nflog_unbind_group(struct nflog_g_handle *gh)
int nflog_close(struct nflog_handle *h)
char * nflog_get_prefix(struct nflog_data *nfad)
int nflog_fd(struct nflog_handle *h)
struct nfulnl_msg_packet_hdr * nflog_get_msg_packet_hdr(struct nflog_data *nfad)