1 Index: sendd-0.2/Makefile.config
2 ===================================================================
3 --- sendd-0.2.orig/Makefile.config 2008-05-27 16:53:49.238160776 +0200
4 +++ sendd-0.2/Makefile.config 2008-05-27 16:53:52.866156255 +0200
10 +prefix=$(DESTDIR)/usr
12 # Set to "y" to build MT versions of sendd and cgatool
14 Index: sendd-0.2/README
15 ===================================================================
16 --- sendd-0.2.orig/README 2008-05-27 16:53:49.246168775 +0200
17 +++ sendd-0.2/README 2008-05-27 16:53:52.866156255 +0200
19 o CONFIG_NETFILTER, CONFIG_IPV6, CONFIG_IP6_NF_QUEUE, CONFIG_IP6_NF_IPTABLES,
20 CONFIG_IP6_NF_FILTER enabled in your kernel config.
21 o netfilter ip6tables command
22 - o netfilter libipq development library and headers
23 + o netfilter libnetfilter_queue development library and headers
26 o NETGRAPH, NETGRAPH_BPF, NETGRAPH_ETHER, NETGRAPH_SOCKET enabled in
27 Index: sendd-0.2/cgatool/Makefile
28 ===================================================================
29 --- sendd-0.2.orig/cgatool/Makefile 2008-05-27 16:53:49.278164104 +0200
30 +++ sendd-0.2/cgatool/Makefile 2008-05-27 16:53:52.866156255 +0200
33 ifeq ($(USE_CONSOLE),y)
34 ifeq ($(USE_READLINE),y)
35 -LDLIBS += -lreadline -lncurses
40 Index: sendd-0.2/sendd/Makefile
41 ===================================================================
42 --- sendd-0.2.orig/sendd/Makefile 2008-05-27 16:53:49.286173430 +0200
43 +++ sendd-0.2/sendd/Makefile 2008-05-27 16:53:52.878156241 +0200
46 ifeq ($(USE_CONSOLE),y)
47 ifeq ($(USE_READLINE),y)
48 -LDLIBS += -lreadline -lncurses
53 Index: sendd-0.2/sendd/os-linux/Makefile
54 ===================================================================
55 --- sendd-0.2.orig/sendd/os-linux/Makefile 2008-05-27 16:53:49.294197424 +0200
56 +++ sendd-0.2/sendd/os-linux/Makefile 2008-05-27 16:53:52.910156597 +0200
59 OBJS += os/addr.o os/ipq.o os/rand.o os/snd_linux.o
61 +OSLIBS= -lnetfilter_queue
63 -OSEXTRA= os/sendd os/snd_upd_fw
66 -EXTRAINSTALL= $(ETCINIT)/sendd $(ETCINIT)/snd_upd_fw $(ETCINIT)/snd_fw_functions.sh
67 -EXTRAUNINSTALL=$(EXTRAINSTALL)
68 -EXTRACLEAN= os/sendd os/snd_upd_fw os/snd_fw_functions.sh
74 - sed "s/@etcinit@/\/etc\/init.d/g" $< > $@
77 - @./os/find_ip6tables.sh
79 -# Sometimes libipq.h is installed in include/libipq.h, other times it is
80 -# installed in include/libipq/libipq.h. This rule helps cpp to find it.
81 -os/ipq.o: CPPFLAGS += -I/usr/include/libipq -I/usr/local/include/libipq
82 +os/ipq.o: CPPFLAGS += -I/usr/include/libnetfilter_queue
83 Index: sendd-0.2/sendd/os-linux/ipq.c
84 ===================================================================
85 --- sendd-0.2.orig/sendd/os-linux/ipq.c 2008-05-27 16:53:49.306181136 +0200
86 +++ sendd-0.2/sendd/os-linux/ipq.c 2008-05-27 16:55:57.602168158 +0200
88 #include <sys/select.h>
89 #include <netinet/in.h>
90 #include <linux/netfilter.h>
92 +#include <libnetfilter_queue.h>
97 #include "../sendd_local.h"
98 #include "snd_linux.h"
100 -static struct ipq_handle *qh;
102 extern unsigned if_nametoindex(const char *);
105 -process_pkt(ipq_packet_msg_t *pkt, struct sbuff *b)
107 +struct nfq_handle *h = NULL;
108 +struct nfq_q_handle *qh = NULL;
110 +/* This is the default queue number used in our init script */
111 +#define SND_DEFAULT_NFQUEUE_NUMBER 13
113 +/* The sbuff is must be made available to the callback function that will
114 + handle the packet */
115 +struct callback_data {
119 +struct callback_data process_pkt_data;
121 +/* nfqueue callback */
122 +static int process_pkt(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
123 + struct nfq_data *nfa, void *data)
125 + struct callback_data * d = (struct callback_data *)data;
126 + struct nfqnl_msg_packet_hdr *ph;
127 + struct sbuff *b = d->b;
131 - b->data = pkt->payload;
132 - b->len = pkt->data_len;
133 + b->len = nfq_get_payload(nfa, &pkt_data);
134 + if (b->len == -1) {
135 + applog(LOG_ERR, "%s: nfq_get_payload() failed.", __FUNCTION__);
138 + b->data = (unsigned char *)pkt_data;
140 - if (*(pkt->indev_name)) {
141 + if ((ifidx = nfq_get_indev(nfa)) && ifidx != 0)
143 - ifidx = if_nametoindex(pkt->indev_name);
144 - } else if (*(pkt->outdev_name)) {
145 + else if ((ifidx = nfq_get_outdev(nfa)) && ifidx != 0)
147 - ifidx = if_nametoindex(pkt->outdev_name);
150 applog(LOG_ERR, "%s: pkt has neither indev nor outdev",
157 - snd_recv_pkt(b, ifidx, in, pkt);
159 + /* Grab packet header to get its id later */
160 + ph = nfq_get_msg_packet_hdr(nfa); /* FIXME Check return value */
166 - struct sbuff *b = snd_get_buf();
167 + snd_recv_pkt(b, ifidx, in, (void *)ph);
172 - if ((r = ipq_read(qh, b->head, b->rem, -1)) < 0) {
173 - applog(LOG_ERR, "%s: ipq_read(): %s", __FUNCTION__,
176 - } else if (r == 0) {
181 - switch ((r = ipq_message_type(b->head))) {
183 - applog(LOG_ERR, "%s: nlmsg error: %s", __FUNCTION__,
184 - strerror(ipq_get_msgerr(b->head)));
187 - process_pkt(ipq_get_packet(b->head), b);
199 -linux_ipq_add_fds(fd_set *fds, int *maxfd)
200 +linux_nfq_add_fds(fd_set *fds, int *maxfd)
202 - FD_SET(qh->fd, fds);
203 - *maxfd = sendd_max(*maxfd, qh->fd);
204 + int fd = nfnl_fd(nfq_nfnlh(h));
207 + *maxfd = sendd_max(*maxfd, fd);
211 -linux_ipq_dispatch_fds(fd_set *fds)
212 +linux_nfq_dispatch_fds(fd_set *fds)
214 - if (FD_ISSET(qh->fd, fds)) {
216 + int fd = nfnl_fd(nfq_nfnlh(h));
219 + if (FD_ISSET(fd, fds)) {
220 + struct sbuff *b = snd_get_buf();
226 + if ((r = recv(fd, b->head, b->rem, 0)) && r <= 0) {
227 + if (r < 0) /* not a timeout */
228 + applog(LOG_ERR, "%s: recv failed.",
234 + process_pkt_data.b = b; /* make sbuff available to
235 + callback function */
236 + nfq_handle_packet(h, (char *)b->head, r);
241 os_specific_deliver_pkt(void *p, struct sbuff *b, int drop, int changed)
243 - ipq_packet_msg_t *pkt = p;
244 - void *newpkt = NULL;
245 + struct nfqnl_msg_packet_hdr *ph = (struct nfqnl_msg_packet_hdr *)p;
246 + unsigned char *newpkt = NULL;
251 + id = ntohl(ph->packet_id);
253 if (changed && !drop) {
254 - newpkt = sbuff_data(b);
255 + newpkt = (unsigned char *)b->data;
259 - ipq_set_verdict(qh, pkt->packet_id, drop ? NF_DROP : NF_ACCEPT,
261 + nfq_set_verdict(qh, id, drop ? NF_DROP : NF_ACCEPT, plen, newpkt);
266 -linux_ipq_init(void)
267 +linux_nfq_init(void)
269 - if ((qh = ipq_create_handle(0, PF_INET6)) == NULL) {
270 - applog(LOG_ERR, "%s: ipq_create_handle() failed: %s",
271 - __FUNCTION__, ipq_errstr());
274 - if (ipq_set_mode(qh, IPQ_COPY_PACKET, SND_MAX_PKT) < 0) {
275 - applog(LOG_ERR, "%s: ipq_set_mode() failed: %s",
276 - __FUNCTION__, ipq_errstr());
277 - if (errno == ECONNREFUSED) {
278 - applog(LOG_ERR, "%s: perhaps you need to modprobe "
279 - "ip6_queue?", __FUNCTION__);
282 + struct nfnl_handle *nh;
283 + u_int16_t nfqueue_num = SND_DEFAULT_NFQUEUE_NUMBER;
285 + /* Get netfilter queue connection handle */
288 + applog(LOG_ERR, "%s: nfq_open() failed.", __FUNCTION__);
292 + /* Unbinding existing nfqueue handlers for AF_INET6. We ignore the
293 + return value: http://www.spinics.net/lists/netfilter/msg42063.html.
294 + Note that this call is required, otherwise, nfq_bind_pf() fails. */
295 + nfq_unbind_pf(h, PF_INET6);
297 + if (nfq_bind_pf(h, PF_INET6) < 0) {
298 + applog(LOG_ERR, "%s: nfq_bind_pf failed.\n", __FUNCTION__);
302 + /* Binding this socket to queue number nfqueue_num and installing
303 + our packet handler */
304 + qh = nfq_create_queue(h, nfqueue_num,
305 + (nfq_callback *) &process_pkt,
306 + (void *)&process_pkt_data);
308 + applog(LOG_ERR, "%s: nfq_create_queue() failed.\n",
313 + /* Asking for entire copy of queued packets */
314 + if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) { /* XXX was SND_MAX_PKT */
315 + fprintf(stderr, "nfq_set_mode() failed.\n");
320 + /* XXX - Check if we have an interest in setting queue length */
322 + /* The netlink handle associated with our queue connection handle */
329 -linux_ipq_fini(void)
330 +linux_nfq_fini(void)
332 - ipq_destroy_handle(qh);
333 + /* Remove the binding for our queue handler*/
335 + nfq_destroy_queue(qh);
337 + /* Close connection associated with our connection handler */
341 Index: sendd-0.2/sendd/os-linux/snd_linux.c
342 ===================================================================
343 --- sendd-0.2.orig/sendd/os-linux/snd_linux.c 2008-05-27 16:53:49.314164060 +0200
344 +++ sendd-0.2/sendd/os-linux/snd_linux.c 2008-05-27 16:53:52.914160667 +0200
347 os_specific_add_fds(fd_set *fds, int *maxfd)
349 - linux_ipq_add_fds(fds, maxfd);
350 + linux_nfq_add_fds(fds, maxfd);
354 os_specific_dispatch_fds(fd_set *fds)
356 - linux_ipq_dispatch_fds(fds);
357 + linux_nfq_dispatch_fds(fds);
362 os_specific_init(void)
364 if (linux_rand_init() < 0 ||
365 - linux_ipq_init() < 0) {
366 + linux_nfq_init() < 0) {
372 os_specific_fini(void)
378 Index: sendd-0.2/sendd/os-linux/snd_linux.h
379 ===================================================================
380 --- sendd-0.2.orig/sendd/os-linux/snd_linux.h 2008-05-27 16:53:49.330169232 +0200
381 +++ sendd-0.2/sendd/os-linux/snd_linux.h 2008-05-27 16:53:52.914160667 +0200
383 #ifndef _SEND_LINUX_H
384 #define _SEND_LINUX_H
386 -extern void linux_ipq_add_fds(fd_set *, int *);
387 -extern void linux_ipq_dispatch_fds(fd_set *);
388 -extern int linux_ipq_init(void);
389 -extern void linux_ipq_fini(void);
390 +extern void linux_nfq_add_fds(fd_set *, int *);
391 +extern void linux_nfq_dispatch_fds(fd_set *);
392 +extern int linux_nfq_init(void);
393 +extern void linux_nfq_fini(void);
395 extern void linux_rand_fini(void);
396 extern int linux_rand_init(void);