/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
* Author : Boris Mikhailenko <stg34@stargazer.dp.ua>
*/
#include <netinet/in.h>
#include <linux/netfilter.h>
#include <csignal>
#include <cerrno>
#include <cstring>
#include "stg/raw_ip_packet.h"
#include "stg/traffcounter.h"
#include "stg/plugin_creator.h"
#include "stg/common.h"
#include "ipq_cap.h"
extern "C"
{
#include "libipq.h"
}
//-----------------------------------------------------------------------------
//-----------------------------------------------------------------------------
//-----------------------------------------------------------------------------
namespace
{
PLUGIN_CREATOR<IPQ_CAP> icc;
}
extern "C" PLUGIN * GetPlugin();
//-----------------------------------------------------------------------------
//-----------------------------------------------------------------------------
//-----------------------------------------------------------------------------
PLUGIN * GetPlugin()
{
return icc.GetPlugin();
}
//-----------------------------------------------------------------------------
//-----------------------------------------------------------------------------
//-----------------------------------------------------------------------------
std::string IPQ_CAP::GetVersion() const
{
return "ipq_cap v.1.2";
}
//-----------------------------------------------------------------------------
IPQ_CAP::IPQ_CAP()
: ipq_h(NULL),
errorStr(),
thread(),
nonstop(false),
isRunning(false),
capSock(-1),
traffCnt(NULL),
buf(),
logger(GetPluginLogger(GetStgLogger(), "cap_ipq"))
{
memset(buf, 0, BUFSIZE);
}
//-----------------------------------------------------------------------------
int IPQ_CAP::Start()
{
if (isRunning)
return 0;
if (IPQCapOpen() < 0)
{
errorStr = "Cannot open socket!";
printfd(__FILE__, "Cannot open socket\n");
return -1;
}
nonstop = true;
if (pthread_create(&thread, NULL, Run, this) == 0)
{
return 0;
}
errorStr = "Cannot create thread.";
printfd(__FILE__, "Cannot create thread\n");
return -1;
}
//-----------------------------------------------------------------------------
int IPQ_CAP::Stop()
{
if (!isRunning)
return 0;
nonstop = false;
//5 seconds to thread stops itself
for (int i = 0; i < 25; i++)
{
if (!isRunning)
break;
struct timespec ts = {0, 200000000};
nanosleep(&ts, NULL);
}
//after 5 seconds waiting thread still running. now killing it
if (isRunning)
{
if (pthread_kill(thread, SIGINT))
{
errorStr = "Cannot kill thread.";
return -1;
}
for (int i = 0; i < 25 && isRunning; ++i)
{
struct timespec ts = {0, 200000000};
nanosleep(&ts, NULL);
}
if (isRunning)
{
printfd(__FILE__, "Thread not stopped\n");
}
else
{
pthread_join(thread, NULL);
}
}
IPQCapClose();
return 0;
}
//-----------------------------------------------------------------------------
void * IPQ_CAP::Run(void * d)
{
sigset_t signalSet;
sigfillset(&signalSet);
pthread_sigmask(SIG_BLOCK, &signalSet, NULL);
RAW_PACKET raw_packet;
IPQ_CAP * dc = static_cast<IPQ_CAP *>(d);
dc->isRunning = true;
memset(&raw_packet, 0, sizeof(raw_packet));
raw_packet.dataLen = -1;
while (dc->nonstop)
{
int status = dc->IPQCapRead(&raw_packet, 68);
if (status == -1 ||
status == -2 ||
status == -3 ||
status == -4)
continue;
dc->traffCnt->Process(raw_packet);
}
dc->isRunning = false;
return NULL;
}
//-----------------------------------------------------------------------------
int IPQ_CAP::IPQCapOpen()
{
ipq_h = ipq_create_handle(0, PF_INET);
if (ipq_h == NULL)
{
ipq_destroy_handle(ipq_h);
logger("Cannot create IPQ handle. Error: '%s', '%s'", ipq_errstr(), strerror(errno));
errorStr = "Cannot create ipq handle!";
return -1;
}
int status = ipq_set_mode(ipq_h, IPQ_COPY_PACKET, PAYLOAD_LEN);
if (status < 0)
{
ipq_destroy_handle(ipq_h);
logger("Cannot set IPQ_COPY_PACKET mode.");
errorStr = "Cannot set IPQ_COPY_PACKET mode!";
return -1;
}
return 0;
}
//-----------------------------------------------------------------------------
int IPQ_CAP::IPQCapClose()
{
ipq_destroy_handle(ipq_h);
return 0;
}
//-----------------------------------------------------------------------------
int IPQ_CAP::IPQCapRead(void * buffer, int blen)
{
memset(buf, 0, BUFSIZE);
int status = ipq_read(ipq_h, buf, BUFSIZE, 1);
if (status == 0)
return -4;
if (errno == EINTR)
return -3;
if (status < 0)
return -1;
if (ipq_message_type(buf) != IPQM_PACKET)
return -2;
static ipq_packet_msg_t * m = ipq_get_packet(buf);
memcpy(buffer, m->payload, blen);
ipq_set_verdict(ipq_h, m->packet_id, NF_ACCEPT, 0, NULL);
return 0;
}
//-----------------------------------------------------------------------------