libnetfilter_queue  1.0.3
Functions
Message parsing functions [DEPRECATED]

Functions

struct nfqnl_msg_packet_hdr * nfq_get_msg_packet_hdr (struct nfq_data *nfad)
 
uint32_t nfq_get_nfmark (struct nfq_data *nfad)
 
int nfq_get_timestamp (struct nfq_data *nfad, struct timeval *tv)
 
uint32_t nfq_get_indev (struct nfq_data *nfad)
 
uint32_t nfq_get_physindev (struct nfq_data *nfad)
 
uint32_t nfq_get_outdev (struct nfq_data *nfad)
 
uint32_t nfq_get_physoutdev (struct nfq_data *nfad)
 
int nfq_get_indev_name (struct nlif_handle *nlif_handle, struct nfq_data *nfad, char *name)
 
int nfq_get_physindev_name (struct nlif_handle *nlif_handle, struct nfq_data *nfad, char *name)
 
int nfq_get_outdev_name (struct nlif_handle *nlif_handle, struct nfq_data *nfad, char *name)
 
int nfq_get_physoutdev_name (struct nlif_handle *nlif_handle, struct nfq_data *nfad, char *name)
 
struct nfqnl_msg_packet_hw * nfq_get_packet_hw (struct nfq_data *nfad)
 
int nfq_get_uid (struct nfq_data *nfad, uint32_t *uid)
 
int nfq_get_gid (struct nfq_data *nfad, uint32_t *gid)
 
int nfq_get_secctx (struct nfq_data *nfad, unsigned char **secdata)
 
int nfq_get_payload (struct nfq_data *nfad, unsigned char **data)
 

Detailed Description

Function Documentation

int nfq_get_gid ( struct nfq_data nfad,
uint32_t *  gid 
)

nfq_get_gid - get the GID of the user the packet belongs to

Parameters
nfadNetlink packet data handle passed to callback function
Warning
If the NFQA_CFG_F_GSO flag is not set, then fragmented packets may be pushed into the queue. In this case, only one fragment will have the GID field set. To deal with this issue always set NFQA_CFG_F_GSO.
Returns
1 if there is a GID available, 0 otherwise.

Definition at line 1238 of file libnetfilter_queue.c.

uint32_t nfq_get_indev ( struct nfq_data nfad)

nfq_get_indev - get the interface that the packet was received through

Parameters
nfadNetlink packet data handle passed to callback function
Returns
The index of the device the queued packet was received via. If the returned index is 0, the packet was locally generated or the input interface is not known (ie. POSTROUTING?).
Warning
all nfq_get_dev() functions return 0 if not set, since linux only allows ifindex >= 1, see net/core/dev.c:2600 (in 2.6.13.1)

Definition at line 1022 of file libnetfilter_queue.c.

int nfq_get_indev_name ( struct nlif_handle *  nlif_handle,
struct nfq_data nfad,
char *  name 
)

nfq_get_indev_name - get the name of the interface the packet was received through

Parameters
nlif_handlepointer to a nlif interface resolving handle
nfadNetlink packet data handle passed to callback function
namepointer to the buffer to receive the interface name; not more than IFNAMSIZ bytes will be copied to it.
Returns
-1 in case of error, >0 if it succeed.

To use a nlif_handle, You need first to call nlif_open() and to open an handler. Don't forget to store the result as it will be used during all your program life:

        h = nlif_open();
        if (h == NULL) {
                perror("nlif_open");
                exit(EXIT_FAILURE);
        }

Once the handler is open, you need to fetch the interface table at a whole via a call to nlif_query.

        nlif_query(h);

libnfnetlink is able to update the interface mapping when a new interface appears. To do so, you need to call nlif_catch() on the handler after each interface related event. The simplest way to get and treat event is to run a select() or poll() against the nlif file descriptor. To get this file descriptor, you need to use nlif_fd:

        if_fd = nlif_fd(h);

Don't forget to close the handler when you don't need the feature anymore:

        nlif_close(h);

Definition at line 1110 of file libnetfilter_queue.c.

struct nfqnl_msg_packet_hdr* nfq_get_msg_packet_hdr ( struct nfq_data nfad)

nfqnl_msg_packet_hdr - return the metaheader that wraps the packet

Parameters
nfadNetlink packet data handle passed to callback function
Returns
the netfilter queue netlink packet header for the given nfq_data argument. Typically, the nfq_data value is passed as the 3rd parameter to the callback function set by a call to nfq_create_queue().

The nfqnl_msg_packet_hdr structure is defined in libnetfilter_queue.h as:

        struct nfqnl_msg_packet_hdr {
                uint32_t        packet_id;      // unique ID of packet in queue
                uint16_t        hw_protocol;    // hw protocol (network order)
                uint8_t         hook;           // netfilter hook
        } __attribute__ ((packed));

Definition at line 968 of file libnetfilter_queue.c.

uint32_t nfq_get_nfmark ( struct nfq_data nfad)

nfq_get_nfmark - get the packet mark

Parameters
nfadNetlink packet data handle passed to callback function
Returns
the netfilter mark currently assigned to the given queued packet.

Definition at line 981 of file libnetfilter_queue.c.

uint32_t nfq_get_outdev ( struct nfq_data nfad)

nfq_get_outdev - gets the interface that the packet will be routed out

Parameters
nfadNetlink packet data handle passed to callback function
Returns
The index of the device the queued packet will be sent out. If the returned index is 0, the packet is destined for localhost or the output interface is not yet known (ie. PREROUTING?).

Definition at line 1050 of file libnetfilter_queue.c.

int nfq_get_outdev_name ( struct nlif_handle *  nlif_handle,
struct nfq_data nfad,
char *  name 
)

nfq_get_outdev_name - get the name of the physical interface the packet will be sent to

Parameters
nlif_handlepointer to a nlif interface resolving handle
nfadNetlink packet data handle passed to callback function
namepointer to the buffer to receive the interface name; not more than IFNAMSIZ bytes will be copied to it.

See nfq_get_indev_name() documentation for nlif_handle usage.

Returns
-1 in case of error, > 0 if it succeed.

Definition at line 1150 of file libnetfilter_queue.c.

struct nfqnl_msg_packet_hw* nfq_get_packet_hw ( struct nfq_data nfad)

nfq_get_packet_hw

get hardware address

Parameters
nfadNetlink packet data handle passed to callback function

Retrieves the hardware address associated with the given queued packet. For ethernet packets, the hardware address returned (if any) will be the MAC address of the packet source host. The destination MAC address is not known until after POSTROUTING and a successful ARP request, so cannot currently be retrieved.

The nfqnl_msg_packet_hw structure is defined in libnetfilter_queue.h as:

        struct nfqnl_msg_packet_hw {
                uint16_t        hw_addrlen;
                uint16_t        _pad;
                uint8_t hw_addr[8];
        } __attribute__ ((packed));

Definition at line 1201 of file libnetfilter_queue.c.

int nfq_get_payload ( struct nfq_data nfad,
unsigned char **  data 
)

nfq_get_payload - get payload

Parameters
nfadNetlink packet data handle passed to callback function
dataPointer of pointer that will be pointed to the payload

Retrieve the payload for a queued packet. The actual amount and type of data retrieved by this function will depend on the mode set with the nfq_set_mode() function.

Returns
-1 on error, otherwise > 0.

Definition at line 1285 of file libnetfilter_queue.c.

uint32_t nfq_get_physindev ( struct nfq_data nfad)

nfq_get_physindev - get the physical interface that the packet was received

Parameters
nfadNetlink packet data handle passed to callback function
Returns
The index of the physical device the queued packet was received via. If the returned index is 0, the packet was locally generated or the physical input interface is no longer known (ie. POSTROUTING?).

Definition at line 1036 of file libnetfilter_queue.c.

int nfq_get_physindev_name ( struct nlif_handle *  nlif_handle,
struct nfq_data nfad,
char *  name 
)

nfq_get_physindev_name - get the name of the physical interface the packet was received through

Parameters
nlif_handlepointer to a nlif interface resolving handle
nfadNetlink packet data handle passed to callback function
namepointer to the buffer to receive the interface name; not more than IFNAMSIZ bytes will be copied to it.

See nfq_get_indev_name() documentation for nlif_handle usage.

Returns
-1 in case of error, > 0 if it succeed.

Definition at line 1130 of file libnetfilter_queue.c.

uint32_t nfq_get_physoutdev ( struct nfq_data nfad)

nfq_get_physoutdev - get the physical interface that the packet output

Parameters
nfadNetlink packet data handle passed to callback function

The index of the physical device the queued packet will be sent out. If the returned index is 0, the packet is destined for localhost or the physical output interface is not yet known (ie. PREROUTING?).

Returns
The index of physical interface that the packet output will be routed out.

Definition at line 1066 of file libnetfilter_queue.c.

int nfq_get_physoutdev_name ( struct nlif_handle *  nlif_handle,
struct nfq_data nfad,
char *  name 
)

nfq_get_physoutdev_name - get the name of the interface the packet will be sent to

Parameters
nlif_handlepointer to a nlif interface resolving handle
nfadNetlink packet data handle passed to callback function
namepointer to the buffer to receive the interface name; not more than IFNAMSIZ bytes will be copied to it.

See nfq_get_indev_name() documentation for nlif_handle usage.

Returns
-1 in case of error, > 0 if it succeed.

Definition at line 1171 of file libnetfilter_queue.c.

int nfq_get_secctx ( struct nfq_data nfad,
unsigned char **  secdata 
)

nfq_get_secctx - get the security context for this packet

Parameters
nfadNetlink packet data handle passed to callback function
secdatadata to write the security context to
Warning
If the NFQA_CFG_F_GSO flag is not set, then fragmented packets may be pushed into the queue. In this case, only one fragment will have the SECCTX field set. To deal with this issue always set NFQA_CFG_F_GSO.
Returns
-1 on error, otherwise > 0

Definition at line 1259 of file libnetfilter_queue.c.

int nfq_get_timestamp ( struct nfq_data nfad,
struct timeval *  tv 
)

nfq_get_timestamp - get the packet timestamp

Parameters
nfadNetlink packet data handle passed to callback function
tvstructure to fill with timestamp info

Retrieves the received timestamp when the given queued packet.

Returns
0 on success, non-zero on failure.

Definition at line 996 of file libnetfilter_queue.c.

int nfq_get_uid ( struct nfq_data nfad,
uint32_t *  uid 
)

nfq_get_uid - get the UID of the user the packet belongs to

Parameters
nfadNetlink packet data handle passed to callback function
Warning
If the NFQA_CFG_F_GSO flag is not set, then fragmented packets may be pushed into the queue. In this case, only one fragment will have the UID field set. To deal with this issue always set NFQA_CFG_F_GSO.
Returns
1 if there is a UID available, 0 otherwise.

Definition at line 1218 of file libnetfilter_queue.c.