]> git.stg.codes - stg.git/commitdiff
Implemented NFQ capturing.
authorMaxim Mamontov <faust.madf@gmail.com>
Sun, 8 Jun 2014 10:33:42 +0000 (13:33 +0300)
committerMaxim Mamontov <faust.madf@gmail.com>
Sun, 8 Jun 2014 10:33:42 +0000 (13:33 +0300)
projects/stargazer/plugins/capture/nfqueue/nfqueue.cpp
projects/stargazer/plugins/capture/nfqueue/nfqueue.h

index a007c890e4647005b0ffe2f6d4f994889a87c0c2..245fc64925837f937f4e13664658fbc5027fe37f 100644 (file)
 #include "stg/common.h"
 #include "stg/raw_ip_packet.h"
 
 #include "stg/common.h"
 #include "stg/raw_ip_packet.h"
 
+extern "C" {
+
+#include <linux/netfilter.h>  /* Defines verdicts (NF_ACCEPT, etc) */
+#include <libnetfilter_queue/libnetfilter_queue.h>
+
+}
+
+#include <arpa/inet.h> // ntohl
 #include <signal.h>
 
 //-----------------------------------------------------------------------------
 #include <signal.h>
 
 //-----------------------------------------------------------------------------
 //-----------------------------------------------------------------------------
 namespace
 {
 //-----------------------------------------------------------------------------
 namespace
 {
+
 PLUGIN_CREATOR<NFQ_CAP> ncc;
 PLUGIN_CREATOR<NFQ_CAP> ncc;
+
+int callback(struct nfq_q_handle * /*queueHandle*/, struct nfgenmsg * /*msg*/,
+             struct nfq_data * nfqData, void *data)
+{
+int id = 0;
+
+struct nfqnl_msg_packet_hdr * packetHeader = nfq_get_msg_packet_hdr(nfqData);
+if (packetHeader == NULL)
+    return 0;
+
+id = ntohl(packetHeader->packet_id);
+
+unsigned char * payload = NULL;
+
+if (nfq_get_payload(nfqData) < 0)
+    return id;
+
+RAW_PACKET packet;
+
+memcpy(&packet.rawPacket, payload, sizeof(ip.rawPacket));
+
+NFQ_CAP * cap = static_cast<NFQ_CAP *>(data);
+
+cap->Process(packet);
+
+return nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
+}
+
 }
 
 extern "C" PLUGIN * GetPlugin();
 }
 
 extern "C" PLUGIN * GetPlugin();
@@ -71,6 +108,43 @@ int NFQ_CAP::Start()
 if (isRunning)
     return 0;
 
 if (isRunning)
     return 0;
 
+nfqHandle = nfq_open();
+if (nfqHandle == NULL)
+    {
+    errorStr = "Failed to initialize netfilter queue.";
+    logger(errorStr);
+    return -1;
+    }
+
+if (nfq_unbind_pf(nfqHandle, AF_INET) < 0)
+    {
+    errorStr = "Failed to unbind netfilter queue from IP handling.";
+    logger(errorStr);
+    return -1;
+    }
+
+if (nfq_bind_pf(nfqHandle, AF_INET) < 0)
+    {
+    errorStr = "Failed to bind netfilter queue to IP handling.";
+    logger(errorStr);
+    return -1;
+    }
+
+queueHandle = nfq_create_queue(nfqHandle, queueNumber, &Callback, this);
+if (queueHandle == NULL)
+    {
+    errorStr = "Failed to create queue " + x2str(queueNumber) + ".";
+    logger(errorStr);
+    return -1;
+    }
+
+if (nfq_set_mode(queueHandle, NFQNL_COPY_PACKET, 0xffFF) < 0)
+    {
+    errorStr = "Failed to set queue " + x2str(queueNumber) + " mode.";
+    logger(errorStr);
+    return -1;
+    }
+
 nonstop = true;
 
 if (pthread_create(&thread, NULL, Run, this))
 nonstop = true;
 
 if (pthread_create(&thread, NULL, Run, this))
@@ -122,6 +196,9 @@ if (isRunning)
 
 pthread_join(thread, NULL);
 
 
 pthread_join(thread, NULL);
 
+nfq_destroy_queue(queueHandle);
+nfq_close(nfqHandle);
+
 return 0;
 }
 //-----------------------------------------------------------------------------
 return 0;
 }
 //-----------------------------------------------------------------------------
@@ -134,8 +211,22 @@ pthread_sigmask(SIG_BLOCK, &signalSet, NULL);
 NFQ_CAP * dc = static_cast<NFQ_CAP *>(d);
 dc->isRunning = true;
 
 NFQ_CAP * dc = static_cast<NFQ_CAP *>(d);
 dc->isRunning = true;
 
+int fd = nfq_fd(nfqHandle);
+char buf[4096];
+
 while (dc->nonstop)
     {
 while (dc->nonstop)
     {
+        if (!WaitPackets(fd))
+            continue;
+
+        int rv = read(fd, buf, sizeof(buf), 0);
+        if (rv < 0)
+            {
+            errorStr = "Read error: " + strerror(errno);
+            logger(errorStr);
+            break;
+            }
+        nfq_handle_packet(nfqHandle, buf, rv);
     }
 
 dc->isRunning = false;
     }
 
 dc->isRunning = false;
index 02452bb87f6e2f8781d3c53323f275c5d1bed20f..45342be012db250273f002bffe78fb3ff6ab1c12 100644 (file)
@@ -38,6 +38,9 @@ class SETTINGS;
 
 class TRAFFCOUNTER;
 
 
 class TRAFFCOUNTER;
 
+struct nfq_handle;
+struct nfq_q_handle;
+
 class NFQ_CAP : public PLUGIN {
 public:
     NFQ_CAP();
 class NFQ_CAP : public PLUGIN {
 public:
     NFQ_CAP();
@@ -58,6 +61,8 @@ public:
     uint16_t            GetStartPosition() const { return 40; }
     uint16_t            GetStopPosition() const { return 40; }
 
     uint16_t            GetStartPosition() const { return 40; }
     uint16_t            GetStopPosition() const { return 40; }
 
+    void                Process(const RAW_PACKET & packet) { traffCnt->Process(packet); }
+
 private:
     NFQ_CAP(const NFQ_CAP & rvalue);
     NFQ_CAP & operator=(const NFQ_CAP & rvalue);
 private:
     NFQ_CAP(const NFQ_CAP & rvalue);
     NFQ_CAP & operator=(const NFQ_CAP & rvalue);
@@ -71,6 +76,9 @@ private:
     bool                isRunning;
     MODULE_SETTINGS     settings;
 
     bool                isRunning;
     MODULE_SETTINGS     settings;
 
+    struct nfq_handle * nfqHandle;
+    struct nfq_q_handle * queueHandle;
+
     TRAFFCOUNTER *      traffCnt;
 
     PLUGIN_LOGGER       logger;
     TRAFFCOUNTER *      traffCnt;
 
     PLUGIN_LOGGER       logger;