4 * IPQ userspace library.
6 * Please note that this library is still developmental, and there may
9 * Author: James Morris <jmorris@intercode.com.au>
11 * 07-11-2001 Modified by Fernando Anton to add support for IPv6.
13 * Copyright (c) 2000-2001 Netfilter Core Team
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License as published by
17 * the Free Software Foundation; either version 2 of the License, or
18 * (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
32 #include <sys/types.h>
34 #include <libipq/libipq.h>
36 /****************************************************************************
40 ****************************************************************************/
61 #define IPQ_MAXERR IPQ_ERR_PROTOCOL
67 { IPQ_ERR_NONE, "Unknown error" },
68 { IPQ_ERR_IMPL, "Implementation error" },
69 { IPQ_ERR_HANDLE, "Unable to create netlink handle" },
70 { IPQ_ERR_SOCKET, "Unable to create netlink socket" },
71 { IPQ_ERR_BIND, "Unable to bind netlink socket" },
72 { IPQ_ERR_BUFFER, "Unable to allocate buffer" },
73 { IPQ_ERR_RECV, "Failed to receive netlink message" },
74 { IPQ_ERR_NLEOF, "Received EOF on netlink socket" },
75 { IPQ_ERR_ADDRLEN, "Invalid peer address length" },
76 { IPQ_ERR_STRUNC, "Sent message truncated" },
77 { IPQ_ERR_RTRUNC, "Received message truncated" },
78 { IPQ_ERR_NLRECV, "Received error from netlink" },
79 { IPQ_ERR_SEND, "Failed to send netlink message" },
80 { IPQ_ERR_SUPP, "Operation not supported" },
81 { IPQ_ERR_RECVBUF, "Receive buffer size invalid" },
82 { IPQ_ERR_TIMEOUT, "Timeout"},
83 { IPQ_ERR_PROTOCOL, "Invalid protocol specified" }
86 static int ipq_errno = IPQ_ERR_NONE;
88 static ssize_t ipq_netlink_sendto(const struct ipq_handle *h,
89 const void *msg, size_t len);
91 static ssize_t ipq_netlink_recvfrom(const struct ipq_handle *h,
92 unsigned char *buf, size_t len,
95 static ssize_t ipq_netlink_sendmsg(const struct ipq_handle *h,
96 const struct msghdr *msg,
99 static char *ipq_strerror(int errcode);
101 static ssize_t ipq_netlink_sendto(const struct ipq_handle *h,
102 const void *msg, size_t len)
104 int status = sendto(h->fd, msg, len, 0,
105 (struct sockaddr *)&h->peer, sizeof(h->peer));
107 ipq_errno = IPQ_ERR_SEND;
111 static ssize_t ipq_netlink_sendmsg(const struct ipq_handle *h,
112 const struct msghdr *msg,
115 int status = sendmsg(h->fd, msg, flags);
117 ipq_errno = IPQ_ERR_SEND;
121 static ssize_t ipq_netlink_recvfrom(const struct ipq_handle *h,
122 unsigned char *buf, size_t len,
126 struct nlmsghdr *nlh;
128 if (len < sizeof(struct nlmsgerr)) {
129 ipq_errno = IPQ_ERR_RECVBUF;
132 addrlen = sizeof(h->peer);
140 /* non-block non-timeout */
144 tv.tv_sec = timeout / 1000000;
145 tv.tv_usec = timeout % 1000000;
149 FD_SET(h->fd, &read_fds);
150 ret = select(h->fd+1, &read_fds, NULL, NULL, &tv);
152 if (errno == EINTR) {
155 ipq_errno = IPQ_ERR_RECV;
159 if (!FD_ISSET(h->fd, &read_fds)) {
160 ipq_errno = IPQ_ERR_TIMEOUT;
164 status = recvfrom(h->fd, buf, len, 0,
165 (struct sockaddr *)&h->peer, &addrlen);
167 ipq_errno = IPQ_ERR_RECV;
170 if (addrlen != sizeof(h->peer)) {
171 ipq_errno = IPQ_ERR_RECV;
175 ipq_errno = IPQ_ERR_NLEOF;
178 nlh = (struct nlmsghdr *)buf;
179 if (nlh->nlmsg_flags & MSG_TRUNC || nlh->nlmsg_len > status) {
180 ipq_errno = IPQ_ERR_RTRUNC;
186 static char *ipq_strerror(int errcode)
188 if (errcode < 0 || errcode > IPQ_MAXERR)
189 errcode = IPQ_ERR_IMPL;
190 return ipq_errmap[errcode].message;
193 /****************************************************************************
197 ****************************************************************************/
200 * Create and initialise an ipq handle.
202 struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol)
205 struct ipq_handle *h;
207 h = (struct ipq_handle *)malloc(sizeof(struct ipq_handle));
209 ipq_errno = IPQ_ERR_HANDLE;
213 memset(h, 0, sizeof(struct ipq_handle));
215 if (protocol == PF_INET)
216 h->fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_FIREWALL);
217 else if (protocol == PF_INET6)
218 h->fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_IP6_FW);
220 ipq_errno = IPQ_ERR_PROTOCOL;
226 ipq_errno = IPQ_ERR_SOCKET;
231 memset(&h->local, 0, sizeof(struct sockaddr_nl));
232 h->local.nl_family = AF_NETLINK;
233 h->local.nl_pid = getpid();
234 h->local.nl_groups = 0;
235 status = bind(h->fd, (struct sockaddr *)&h->local, sizeof(h->local));
237 ipq_errno = IPQ_ERR_BIND;
242 memset(&h->peer, 0, sizeof(struct sockaddr_nl));
243 h->peer.nl_family = AF_NETLINK;
245 h->peer.nl_groups = 0;
250 * No error condition is checked here at this stage, but it may happen
251 * if/when reliable messaging is implemented.
253 int ipq_destroy_handle(struct ipq_handle *h)
262 int ipq_set_mode(const struct ipq_handle *h,
263 u_int8_t mode, size_t range)
270 memset(&req, 0, sizeof(req));
271 req.nlh.nlmsg_len = NLMSG_LENGTH(sizeof(req));
272 req.nlh.nlmsg_flags = NLM_F_REQUEST;
273 req.nlh.nlmsg_type = IPQM_MODE;
274 req.nlh.nlmsg_pid = h->local.nl_pid;
275 req.pm.msg.mode.value = mode;
276 req.pm.msg.mode.range = range;
277 return ipq_netlink_sendto(h, (void *)&req, req.nlh.nlmsg_len);
281 * timeout is in microseconds (1 second is 1000000 (1 million) microseconds)
284 ssize_t ipq_read(const struct ipq_handle *h,
285 unsigned char *buf, size_t len, int timeout)
287 return ipq_netlink_recvfrom(h, buf, len, timeout);
290 int ipq_message_type(const unsigned char *buf)
292 return ((struct nlmsghdr*)buf)->nlmsg_type;
295 int ipq_get_msgerr(const unsigned char *buf)
297 struct nlmsghdr *h = (struct nlmsghdr *)buf;
298 struct nlmsgerr *err = (struct nlmsgerr*)NLMSG_DATA(h);
302 ipq_packet_msg_t *ipq_get_packet(const unsigned char *buf)
304 return NLMSG_DATA((struct nlmsghdr *)(buf));
307 int ipq_set_verdict(const struct ipq_handle *h,
309 unsigned int verdict,
320 memset(&nlh, 0, sizeof(nlh));
321 nlh.nlmsg_flags = NLM_F_REQUEST;
322 nlh.nlmsg_type = IPQM_VERDICT;
323 nlh.nlmsg_pid = h->local.nl_pid;
324 memset(&pm, 0, sizeof(pm));
325 pm.msg.verdict.value = verdict;
326 pm.msg.verdict.id = id;
327 pm.msg.verdict.data_len = data_len;
328 iov[0].iov_base = &nlh;
329 iov[0].iov_len = sizeof(nlh);
330 iov[1].iov_base = ±
331 iov[1].iov_len = sizeof(pm);
332 tlen = sizeof(nlh) + sizeof(pm);
334 if (data_len && buf) {
335 iov[2].iov_base = buf;
336 iov[2].iov_len = data_len;
340 msg.msg_name = (void *)&h->peer;
341 msg.msg_namelen = sizeof(h->peer);
343 msg.msg_iovlen = nvecs;
344 msg.msg_control = NULL;
345 msg.msg_controllen = 0;
347 nlh.nlmsg_len = tlen;
348 return ipq_netlink_sendmsg(h, &msg, 0);
351 /* Not implemented yet */
352 int ipq_ctl(const struct ipq_handle *h, int request, ...)
357 char *ipq_errstr(void)
359 return ipq_strerror(ipq_errno);
362 void ipq_perror(const char *s)
367 fputs("ERROR", stderr);
369 fprintf(stderr, ": %s", ipq_errstr());
371 fprintf(stderr, ": %s", strerror(errno));