[netfilter-cvslog] r4226 - trunk/libnfnetlink_queue/utils

[laforge at netfilter.org]

Author: laforge at netfilter.org
Date: 2005-08-07 16:55:15 +0200 (Sun, 07 Aug 2005)
New Revision: 4226

Modified:
   trunk/libnfnetlink_queue/utils/nfqnl_test.c
Log:
really implement a full test program.  returns NF_ACCEPT verdict for all packets


Modified: trunk/libnfnetlink_queue/utils/nfqnl_test.c
===================================================================
--- trunk/libnfnetlink_queue/utils/nfqnl_test.c	2005-08-07 14:54:58 UTC (rev 4225)
+++ trunk/libnfnetlink_queue/utils/nfqnl_test.c	2005-08-07 14:55:15 UTC (rev 4226)
@@ -3,32 +3,120 @@
 #include <stdlib.h>
 #include <unistd.h>
 #include <netinet/in.h>
+#include <linux/netfilter.h>		/* for NF_ACCEPT */
 
 #include <libnfnetlink_queue/libnfnetlink_queue.h>
 
+/* returns packet id */
+static u_int32_t print_pkt (struct nfattr *tb[])
+{
+	int id = 0;
+
+	if (tb[NFQA_PACKET_HDR-1]) {
+		struct nfqnl_msg_packet_hdr *ph = 
+					NFA_DATA(tb[NFQA_PACKET_HDR-1]);
+		id = ntohl(ph->packet_id);
+		printf("hw_protocol=0x%04x hook=%u id=%u ",
+			ntohs(ph->hw_protocol), ph->hook, id);
+	}
+
+	if (tb[NFQA_MARK-1]) {
+		u_int32_t mark = 
+			ntohl(*(u_int32_t *)NFA_DATA(tb[NFQA_MARK-1]));
+		printf("mark=%u ", mark);
+	}
+
+	if (tb[NFQA_IFINDEX_INDEV-1]) {
+		u_int32_t ifi = 
+			ntohl(*(u_int32_t *)NFA_DATA(tb[NFQA_IFINDEX_INDEV-1]));
+		printf("indev=%u ", ifi);
+	}
+
+	if (tb[NFQA_IFINDEX_OUTDEV-1]) {
+		u_int32_t ifi =
+			ntohl(*(u_int32_t *)NFA_DATA(tb[NFQA_IFINDEX_OUTDEV-1]));
+		printf("outdev=%u ", ifi);
+	}
+
+	if (tb[NFQA_PAYLOAD-1]) {
+		printf("payload_len=%d ", NFA_PAYLOAD(tb[NFQA_PAYLOAD-1]));
+	}
+
+	fputc('\n', stdout);
+
+	return id;
+}
+	
+
+static int cb(struct nfqnl_q_handle *qh, struct nfgenmsg *nfmsg,
+	      struct nfattr *nfa[], void *data)
+{
+	u_int32_t id = print_pkt(nfa);
+	printf("entering callback\n");
+	return nfqnl_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
+}
+
 int main(int argc, char **argv)
 {
-	struct nfqnl_handle h;
-	struct nfqnl_q_handle qh;
+	struct nfqnl_handle *h;
+	struct nfqnl_q_handle *qh;
+	struct nfnl_handle *nh;
+	int fd;
 	int rv;
 	char buf[4096];
 
-	rv = nfqnl_open(&h);
-	if (rv < 0)
-		exit(rv);
+	printf("opening library handle\n");
+	h = nfqnl_open();
+	if (!h) {
+		fprintf(stderr, "error during nfqnl_open()\n");
+		exit(1);
+	}
 
-	nfqnl_bind_pf(&h, AF_INET);
-	nfqnl_create_queue(&h, &qh, 0);
-	nfqnl_set_mode(&qh, NFQNL_COPY_PACKET, 0xffff);
+	printf("unbinding existing nf_queue handler for AF_INET (if any)\n");
+	if (nfqnl_unbind_pf(h, AF_INET) < 0) {
+		fprintf(stderr, "error during nfqnl_unbind_pf()\n");
+		exit(1);
+	}
 
-	while (recv(h.nfnlh.fd, buf, sizeof(buf), 0) > 0) {
+	printf("binding nfnetlink_queue as nf_queue handler for AF_INET\n");
+	if (nfqnl_bind_pf(h, AF_INET) < 0) {
+		fprintf(stderr, "error during nfqnl_bind_pf()\n");
+		exit(1);
+	}
+
+	printf("binding this socket to queue '0'\n");
+	qh = nfqnl_create_queue(h,  0, &cb, NULL);
+	if (!qh) {
+		fprintf(stderr, "error during nfqnl_create_queue()\n");
+		exit(1);
+	}
+
+	printf("setting copy_packet mode\n");
+	if (nfqnl_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
+		fprintf(stderr, "can't set packet_copy mode\n");
+		exit(1);
+	}
+
+	nh = nfqnl_nfnlh(h);
+	fd = nfnl_fd(nh);
+
+	while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
 		printf("pkt received\n");
+		nfqnl_handle_packet(h, buf, rv);
 	}
 
-	nfqnl_destroy_queue(&qh);
-	nfqnl_unbind_pf(&h, AF_INET);
+	printf("unbinding from queue 0\n");
+	nfqnl_destroy_queue(qh);
 
-	nfqnl_close(&h);
+#ifdef INSANE
+	/* normally, applications SHOULD NOT issue this command, since
+	 * it detaches other programs/sockets from AF_INET, too ! */
+	printf("unbinding from AF_INET\n");
+	nfqnl_unbind_pf(h, AF_INET);
+#endif
 
+	printf("closing library handle\n");
+	nfqnl_close(h);
+
 	exit(0);
 }