X-Git-Url: https://git.stg.codes/stg.git/blobdiff_plain/1acd024a6ba46ab0d9f9c25c089f79a4cba93f25..2196a3a0cdc5384c082febb7f4aa5994cc7d80db:/projects/stargazer/plugins/capture/nfqueue/nfqueue.cpp?ds=sidebyside diff --git a/projects/stargazer/plugins/capture/nfqueue/nfqueue.cpp b/projects/stargazer/plugins/capture/nfqueue/nfqueue.cpp index a007c890..0a5d8712 100644 --- a/projects/stargazer/plugins/capture/nfqueue/nfqueue.cpp +++ b/projects/stargazer/plugins/capture/nfqueue/nfqueue.cpp @@ -21,27 +21,62 @@ #include "nfqueue.h" #include "stg/traffcounter.h" -#include "stg/plugin_creator.h" #include "stg/common.h" #include "stg/raw_ip_packet.h" -#include +extern "C" { + +#include /* Defines verdicts (NF_ACCEPT, etc) */ +#include + +} + +#include +#include + +#include // ntohl + +#include // read //----------------------------------------------------------------------------- //----------------------------------------------------------------------------- //----------------------------------------------------------------------------- namespace { -PLUGIN_CREATOR ncc; + +int Callback(struct nfq_q_handle * queueHandle, struct nfgenmsg * /*msg*/, + struct nfq_data * nfqData, void *data) +{ +int id = 0; + +struct nfqnl_msg_packet_hdr * packetHeader = nfq_get_msg_packet_hdr(nfqData); +if (packetHeader == NULL) + return 0; + +id = ntohl(packetHeader->packet_id); + +unsigned char * payload = NULL; + +if (nfq_get_payload(nfqData, &payload) < 0 || payload == NULL) + return id; + +STG::RawPacket packet; + +memcpy(&packet.rawPacket, payload, sizeof(packet.rawPacket)); + +NFQ_CAP * cap = static_cast(data); + +cap->Process(packet); + +return nfq_set_verdict(queueHandle, id, NF_ACCEPT, 0, NULL); } -extern "C" PLUGIN * GetPlugin(); -//----------------------------------------------------------------------------- -//----------------------------------------------------------------------------- -//----------------------------------------------------------------------------- -PLUGIN * GetPlugin() +} + +extern "C" STG::Plugin* GetPlugin() { -return ncc.GetPlugin(); + static NFQ_CAP plugin; + return &plugin; } //----------------------------------------------------------------------------- //----------------------------------------------------------------------------- @@ -52,17 +87,25 @@ return "cap_nfqueue v.1.0"; } //----------------------------------------------------------------------------- NFQ_CAP::NFQ_CAP() - : errorStr(), - thread(), - nonstop(false), - isRunning(false), + : isRunning(false), + queueNumber(0), + nfqHandle(NULL), + queueHandle(NULL), traffCnt(NULL), - logger(GetPluginLogger(GetStgLogger(), "cap_nfqueue")) + logger(STG::PluginLogger::get("cap_nfqueue")) { } //----------------------------------------------------------------------------- int NFQ_CAP::ParseSettings() { +for (size_t i = 0; i < settings.moduleParams.size(); i++) + if (settings.moduleParams[i].param == "queueNumber" && !settings.moduleParams[i].value.empty()) + if (str2x(settings.moduleParams[i].value[0], queueNumber) < 0) + { + errorStr = "Queue number should be a number. Got: '" + settings.moduleParams[i].param + "'"; + logger(errorStr); + return -1; + } return 0; } //----------------------------------------------------------------------------- @@ -71,16 +114,45 @@ int NFQ_CAP::Start() if (isRunning) return 0; -nonstop = true; +nfqHandle = nfq_open(); +if (nfqHandle == NULL) + { + errorStr = "Failed to initialize netfilter queue."; + logger(errorStr); + return -1; + } + +if (nfq_unbind_pf(nfqHandle, AF_INET) < 0) + { + errorStr = "Failed to unbind netfilter queue from IP handling."; + logger(errorStr); + return -1; + } + +if (nfq_bind_pf(nfqHandle, AF_INET) < 0) + { + errorStr = "Failed to bind netfilter queue to IP handling."; + logger(errorStr); + return -1; + } -if (pthread_create(&thread, NULL, Run, this)) +queueHandle = nfq_create_queue(nfqHandle, queueNumber, &Callback, this); +if (queueHandle == NULL) { - errorStr = "Cannot create thread."; - logger("Cannot create thread."); - printfd(__FILE__, "Cannot create thread\n"); + errorStr = "Failed to create queue " + std::to_string(queueNumber) + "."; + logger(errorStr); return -1; } +if (nfq_set_mode(queueHandle, NFQNL_COPY_PACKET, 0xffFF) < 0) + { + errorStr = "Failed to set queue " + std::to_string(queueNumber) + " mode."; + logger(errorStr); + return -1; + } + +m_thread = std::jthread([this](auto token){ Run(std::move(token)); }); + return 0; } //----------------------------------------------------------------------------- @@ -89,7 +161,7 @@ int NFQ_CAP::Stop() if (!isRunning) return 0; -nonstop = false; +m_thread.request_stop(); //5 seconds to thread stops itself for (int i = 0; i < 25 && isRunning; i++) @@ -99,45 +171,46 @@ for (int i = 0; i < 25 && isRunning; i++) } //after 5 seconds waiting thread still running. now killing it if (isRunning) - { - if (pthread_kill(thread, SIGUSR1)) - { - errorStr = "Cannot kill thread."; - logger("Cannot send signal to thread."); - return -1; - } - for (int i = 0; i < 25 && isRunning; ++i) - { - struct timespec ts = {0, 200000000}; - nanosleep(&ts, NULL); - } - if (isRunning) - { - errorStr = "NFQ_CAP not stopped."; - logger("Cannot stop thread."); - printfd(__FILE__, "Cannot stop thread\n"); - return -1; - } - } + m_thread.detach(); +else + m_thread.join(); -pthread_join(thread, NULL); +nfq_destroy_queue(queueHandle); +nfq_close(nfqHandle); return 0; } //----------------------------------------------------------------------------- -void * NFQ_CAP::Run(void * d) +void NFQ_CAP::Run(std::stop_token token) { sigset_t signalSet; sigfillset(&signalSet); pthread_sigmask(SIG_BLOCK, &signalSet, NULL); -NFQ_CAP * dc = static_cast(d); -dc->isRunning = true; +isRunning = true; + +int fd = nfq_fd(nfqHandle); +char buf[4096]; -while (dc->nonstop) +while (!token.stop_requested()) { + if (!WaitPackets(fd)) + continue; + + int rv = read(fd, buf, sizeof(buf)); + if (rv < 0) + { + errorStr = std::string("Read error: ") + strerror(errno); + logger(errorStr); + break; + } + nfq_handle_packet(nfqHandle, buf, rv); } -dc->isRunning = false; -return NULL; +isRunning = false; +} +//----------------------------------------------------------------------------- +void NFQ_CAP::Process(const STG::RawPacket & packet) +{ +traffCnt->process(packet); }