2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 * Author : Maxim Mamontov <faust@stargazer.dp.ua>
23 #include "stg/traffcounter.h"
24 #include "stg/plugin_creator.h"
25 #include "stg/common.h"
26 #include "stg/raw_ip_packet.h"
30 #include <linux/netfilter.h> /* Defines verdicts (NF_ACCEPT, etc) */
31 #include <libnetfilter_queue/libnetfilter_queue.h>
38 #include <arpa/inet.h> // ntohl
40 #include <unistd.h> // read
42 //-----------------------------------------------------------------------------
43 //-----------------------------------------------------------------------------
44 //-----------------------------------------------------------------------------
48 PLUGIN_CREATOR<NFQ_CAP> ncc;
50 int Callback(struct nfq_q_handle * queueHandle, struct nfgenmsg * /*msg*/,
51 struct nfq_data * nfqData, void *data)
55 struct nfqnl_msg_packet_hdr * packetHeader = nfq_get_msg_packet_hdr(nfqData);
56 if (packetHeader == NULL)
59 id = ntohl(packetHeader->packet_id);
61 unsigned char * payload = NULL;
63 if (nfq_get_payload(nfqData, &payload) < 0 || payload == NULL)
68 memcpy(&packet.rawPacket, payload, sizeof(packet.rawPacket));
70 NFQ_CAP * cap = static_cast<NFQ_CAP *>(data);
74 return nfq_set_verdict(queueHandle, id, NF_ACCEPT, 0, NULL);
79 extern "C" PLUGIN * GetPlugin();
80 //-----------------------------------------------------------------------------
81 //-----------------------------------------------------------------------------
82 //-----------------------------------------------------------------------------
85 return ncc.GetPlugin();
87 //-----------------------------------------------------------------------------
88 //-----------------------------------------------------------------------------
89 //-----------------------------------------------------------------------------
90 std::string NFQ_CAP::GetVersion() const
92 return "cap_nfqueue v.1.0";
94 //-----------------------------------------------------------------------------
102 logger(GetPluginLogger(GetStgLogger(), "cap_nfqueue"))
105 //-----------------------------------------------------------------------------
106 int NFQ_CAP::ParseSettings()
108 for (size_t i = 0; i < settings.moduleParams.size(); i++)
109 if (settings.moduleParams[i].param == "queueNumber" && !settings.moduleParams[i].value.empty())
110 if (str2x(settings.moduleParams[i].value[0], queueNumber) < 0)
112 errorStr = "Queue number should be a number. Got: '" + settings.moduleParams[i].param + "'";
118 //-----------------------------------------------------------------------------
124 nfqHandle = nfq_open();
125 if (nfqHandle == NULL)
127 errorStr = "Failed to initialize netfilter queue.";
132 if (nfq_unbind_pf(nfqHandle, AF_INET) < 0)
134 errorStr = "Failed to unbind netfilter queue from IP handling.";
139 if (nfq_bind_pf(nfqHandle, AF_INET) < 0)
141 errorStr = "Failed to bind netfilter queue to IP handling.";
146 queueHandle = nfq_create_queue(nfqHandle, queueNumber, &Callback, this);
147 if (queueHandle == NULL)
149 errorStr = "Failed to create queue " + std::to_string(queueNumber) + ".";
154 if (nfq_set_mode(queueHandle, NFQNL_COPY_PACKET, 0xffFF) < 0)
156 errorStr = "Failed to set queue " + std::to_string(queueNumber) + " mode.";
163 if (pthread_create(&thread, NULL, Run, this))
165 errorStr = "Cannot create thread.";
166 logger("Cannot create thread.");
167 printfd(__FILE__, "Cannot create thread\n");
173 //-----------------------------------------------------------------------------
181 //5 seconds to thread stops itself
182 for (int i = 0; i < 25 && isRunning; i++)
184 struct timespec ts = {0, 200000000};
185 nanosleep(&ts, NULL);
187 //after 5 seconds waiting thread still running. now killing it
190 if (pthread_kill(thread, SIGUSR1))
192 errorStr = "Cannot kill thread.";
193 logger("Cannot send signal to thread.");
196 for (int i = 0; i < 25 && isRunning; ++i)
198 struct timespec ts = {0, 200000000};
199 nanosleep(&ts, NULL);
203 errorStr = "NFQ_CAP not stopped.";
204 logger("Cannot stop thread.");
205 printfd(__FILE__, "Cannot stop thread\n");
210 pthread_join(thread, NULL);
212 nfq_destroy_queue(queueHandle);
213 nfq_close(nfqHandle);
217 //-----------------------------------------------------------------------------
218 void * NFQ_CAP::Run(void * d)
221 sigfillset(&signalSet);
222 pthread_sigmask(SIG_BLOCK, &signalSet, NULL);
224 NFQ_CAP * dc = static_cast<NFQ_CAP *>(d);
225 dc->isRunning = true;
227 int fd = nfq_fd(dc->nfqHandle);
232 if (!WaitPackets(fd))
235 int rv = read(fd, buf, sizeof(buf));
238 dc->errorStr = std::string("Read error: ") + strerror(errno);
239 dc->logger(dc->errorStr);
242 nfq_handle_packet(dc->nfqHandle, buf, rv);
245 dc->isRunning = false;
248 //-----------------------------------------------------------------------------
249 void NFQ_CAP::Process(const RAW_PACKET & packet)
251 traffCnt->Process(packet);