X-Git-Url: https://git.stg.codes/stg.git/blobdiff_plain/1acd024a6ba46ab0d9f9c25c089f79a4cba93f25..22e3e39be9fa6422a0167995299c341fd5ac5607:/projects/stargazer/plugins/capture/nfqueue/nfqueue.cpp?ds=inline diff --git a/projects/stargazer/plugins/capture/nfqueue/nfqueue.cpp b/projects/stargazer/plugins/capture/nfqueue/nfqueue.cpp index a007c890..68f7270c 100644 --- a/projects/stargazer/plugins/capture/nfqueue/nfqueue.cpp +++ b/projects/stargazer/plugins/capture/nfqueue/nfqueue.cpp @@ -25,14 +25,55 @@ #include "stg/common.h" #include "stg/raw_ip_packet.h" -#include +extern "C" { + +#include /* Defines verdicts (NF_ACCEPT, etc) */ +#include + +} + +#include +#include + +#include // ntohl + +#include // read //----------------------------------------------------------------------------- //----------------------------------------------------------------------------- //----------------------------------------------------------------------------- namespace { + PLUGIN_CREATOR ncc; + +int Callback(struct nfq_q_handle * queueHandle, struct nfgenmsg * /*msg*/, + struct nfq_data * nfqData, void *data) +{ +int id = 0; + +struct nfqnl_msg_packet_hdr * packetHeader = nfq_get_msg_packet_hdr(nfqData); +if (packetHeader == NULL) + return 0; + +id = ntohl(packetHeader->packet_id); + +unsigned char * payload = NULL; + +if (nfq_get_payload(nfqData, &payload) < 0 || payload == NULL) + return id; + +RAW_PACKET packet; + +memcpy(&packet.rawPacket, payload, sizeof(packet.rawPacket)); + +NFQ_CAP * cap = static_cast(data); + +cap->Process(packet); + +return nfq_set_verdict(queueHandle, id, NF_ACCEPT, 0, NULL); +} + } extern "C" PLUGIN * GetPlugin(); @@ -56,6 +97,9 @@ NFQ_CAP::NFQ_CAP() thread(), nonstop(false), isRunning(false), + queueNumber(0), + nfqHandle(NULL), + queueHandle(NULL), traffCnt(NULL), logger(GetPluginLogger(GetStgLogger(), "cap_nfqueue")) { @@ -63,6 +107,14 @@ NFQ_CAP::NFQ_CAP() //----------------------------------------------------------------------------- int NFQ_CAP::ParseSettings() { +for (size_t i = 0; i < settings.moduleParams.size(); i++) + if (settings.moduleParams[i].param == "queueNumber") + if (str2x(settings.moduleParams[i].param, queueNumber) < 0) + { + errorStr = "Queue number should be a number. Got: '" + settings.moduleParams[i].param + "'"; + logger(errorStr); + return -1; + } return 0; } //----------------------------------------------------------------------------- @@ -71,6 +123,43 @@ int NFQ_CAP::Start() if (isRunning) return 0; +nfqHandle = nfq_open(); +if (nfqHandle == NULL) + { + errorStr = "Failed to initialize netfilter queue."; + logger(errorStr); + return -1; + } + +if (nfq_unbind_pf(nfqHandle, AF_INET) < 0) + { + errorStr = "Failed to unbind netfilter queue from IP handling."; + logger(errorStr); + return -1; + } + +if (nfq_bind_pf(nfqHandle, AF_INET) < 0) + { + errorStr = "Failed to bind netfilter queue to IP handling."; + logger(errorStr); + return -1; + } + +queueHandle = nfq_create_queue(nfqHandle, queueNumber, &Callback, this); +if (queueHandle == NULL) + { + errorStr = "Failed to create queue " + x2str(queueNumber) + "."; + logger(errorStr); + return -1; + } + +if (nfq_set_mode(queueHandle, NFQNL_COPY_PACKET, 0xffFF) < 0) + { + errorStr = "Failed to set queue " + x2str(queueNumber) + " mode."; + logger(errorStr); + return -1; + } + nonstop = true; if (pthread_create(&thread, NULL, Run, this)) @@ -122,6 +211,9 @@ if (isRunning) pthread_join(thread, NULL); +nfq_destroy_queue(queueHandle); +nfq_close(nfqHandle); + return 0; } //----------------------------------------------------------------------------- @@ -134,10 +226,29 @@ pthread_sigmask(SIG_BLOCK, &signalSet, NULL); NFQ_CAP * dc = static_cast(d); dc->isRunning = true; +int fd = nfq_fd(dc->nfqHandle); +char buf[4096]; + while (dc->nonstop) { + if (!WaitPackets(fd)) + continue; + + int rv = read(fd, buf, sizeof(buf)); + if (rv < 0) + { + dc->errorStr = std::string("Read error: ") + strerror(errno); + dc->logger(dc->errorStr); + break; + } + nfq_handle_packet(dc->nfqHandle, buf, rv); } dc->isRunning = false; return NULL; } +//----------------------------------------------------------------------------- +void NFQ_CAP::Process(const RAW_PACKET & packet) +{ +traffCnt->Process(packet); +}