Monero
Loading...
Searching...
No Matches
Classes | Macros | Functions | Variables
nftnlrdr_misc.c File Reference
#include <stdio.h>
#include <stdlib.h>
#include <inttypes.h>
#include <time.h>
#include <string.h>
#include <stddef.h>
#include <syslog.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/queue.h>
#include <errno.h>
#include <linux/netfilter.h>
#include <linux/netfilter/nfnetlink.h>
#include <linux/netfilter/nf_tables.h>
#include <linux/ipv6.h>
#include <libmnl/libmnl.h>
#include <libnftnl/table.h>
#include <libnftnl/chain.h>
#include <libnftnl/rule.h>
#include <libnftnl/expr.h>
#include "../commonrdr.h"
#include "nftnlrdr_misc.h"
#include "../macros.h"
Include dependency graph for nftnlrdr_misc.c:

Classes

struct  table_cb_data

Macros

#define d_printf(x)
#define log_error(args...)
#define log_debug(args...)
#define RULE_CACHE_INVALID   0
#define RULE_CACHE_VALID   1
#define CB_DATA(field)

Functions

int nft_mnl_connect (void)
void nft_mnl_disconnect (void)
static enum rule_reg_typeget_reg_type_ptr (rule_t *r, uint32_t dreg)
static uint32_tget_reg_val_ptr (rule_t *r, uint32_t dreg)
static void set_reg (rule_t *r, uint32_t dreg, enum rule_reg_type type, uint32_t val)
static void parse_rule_immediate (struct nftnl_expr *e, rule_t *r)
static void parse_rule_counter (struct nftnl_expr *e, rule_t *r)
static void parse_rule_meta (struct nftnl_expr *e, rule_t *r)
static void parse_rule_nat (struct nftnl_expr *e, rule_t *r)
static void parse_rule_payload (struct nftnl_expr *e, rule_t *r)
static void parse_rule_cmp (struct nftnl_expr *e, rule_t *r)
static int rule_expr_cb (struct nftnl_expr *e, rule_t *r)
static int table_cb (const struct nlmsghdr *nlh, void *data)
int refresh_nft_cache_filter (void)
int refresh_nft_cache_peer (void)
int refresh_nft_cache_redirect (void)
void flush_nft_cache (struct rule_list *head)
int refresh_nft_cache (struct rule_list *head, const char *table, const char *chain, uint32_t family, enum rule_type type)
static void expr_add_payload (struct nftnl_rule *r, uint32_t base, uint32_t dreg, uint32_t offset, uint32_t len)
static void expr_add_cmp (struct nftnl_rule *r, uint32_t sreg, uint32_t op, const void *data, uint32_t data_len)
static void expr_add_meta (struct nftnl_rule *r, uint32_t meta_key, uint32_t dreg)
static void expr_set_reg_val_u32 (struct nftnl_rule *r, enum nft_registers dreg, uint32_t val)
static void expr_set_reg_val_u16 (struct nftnl_rule *r, enum nft_registers dreg, uint32_t val)
static void expr_set_reg_verdict (struct nftnl_rule *r, uint32_t val)
static void expr_add_nat (struct nftnl_rule *r, uint32_t t, uint32_t family, in_addr_t addr_min, uint32_t proto_min, uint32_t flags)
struct nftnl_rule * rule_set_snat (uint8_t family, uint8_t proto, in_addr_t rhost, unsigned short rport, in_addr_t ehost, unsigned short eport, in_addr_t ihost, unsigned short iport, const char *descr, const char *handle)
struct nftnl_rule * rule_set_dnat (uint8_t family, const char *ifname, uint8_t proto, in_addr_t rhost, unsigned short eport, in_addr_t ihost, uint32_t iport, const char *descr, const char *handle)
struct nftnl_rule * rule_set_filter (uint8_t family, const char *ifname, uint8_t proto, in_addr_t rhost, in_addr_t iaddr, unsigned short eport, unsigned short iport, unsigned short rport, const char *descr, const char *handle)
struct nftnl_rule * rule_set_filter6 (uint8_t family, const char *ifname, uint8_t proto, struct in6_addr *rhost6, struct in6_addr *iaddr6, unsigned short eport, unsigned short iport, unsigned short rport, const char *descr, const char *handle)
struct nftnl_rule * rule_set_filter_common (struct nftnl_rule *r, uint8_t family, const char *ifname, uint8_t proto, unsigned short eport, unsigned short iport, unsigned short rport, const char *descr, const char *handle)
struct nftnl_rule * rule_del_handle (rule_t *rule)
static void nft_mnl_batch_put (char *buf, uint16_t type, uint32_t seq)
int nft_send_rule (struct nftnl_rule *rule, uint16_t cmd, enum rule_chain_type chain_type)
int table_op (enum nf_tables_msg_types op, uint16_t family, const char *name)
int chain_op (enum nf_tables_msg_types op, uint16_t family, const char *table, const char *name, const char *type, uint32_t hooknum, signed int priority)
struct mnl_nlmsg_batch * start_batch (char *buf, size_t buf_size)
int send_batch (struct mnl_nlmsg_batch *batch)

Variables

const char * nft_table = "miniupnpd"
const char * nft_prerouting_chain = "prerouting"
const char * nft_postrouting_chain = "postrouting"
const char * nft_forward_chain = "forward"
static struct mnl_socket * mnl_sock = NULL
static uint32_t mnl_portid = 0
static uint32_t mnl_seq = 0
struct rule_list head_filter = LIST_HEAD_INITIALIZER(head_filter)
struct rule_list head_redirect = LIST_HEAD_INITIALIZER(head_redirect)
struct rule_list head_peer = LIST_HEAD_INITIALIZER(head_peer)
static uint32_t rule_list_filter_validate = RULE_CACHE_INVALID
static uint32_t rule_list_redirect_validate = RULE_CACHE_INVALID
static uint32_t rule_list_peer_validate = RULE_CACHE_INVALID

Macro Definition Documentation

◆ CB_DATA

#define CB_DATA ( field)
Value:
((struct table_cb_data *)data)->field
table_cb_data
Definition nftnlrdr_misc.c:497
data
std::string data
Definition base58.cpp:37

◆ d_printf

#define d_printf ( x)

◆ log_debug

#define log_debug ( args...)
Value:
syslog(LOG_DEBUG, args)

◆ log_error

#define log_error ( args...)
Value:
syslog(LOG_ERR, args)

◆ RULE_CACHE_INVALID

#define RULE_CACHE_INVALID   0

◆ RULE_CACHE_VALID

#define RULE_CACHE_VALID   1

Function Documentation

◆ chain_op()

int chain_op ( enum nf_tables_msg_types op,
uint16_t family,
const char * table,
const char * name,
const char * type,
uint32_t hooknum,
signed int priority )

◆ expr_add_cmp()

void expr_add_cmp ( struct nftnl_rule * r,
uint32_t sreg,
uint32_t op,
const void * data,
uint32_t data_len )
static

◆ expr_add_meta()

void expr_add_meta ( struct nftnl_rule * r,
uint32_t meta_key,
uint32_t dreg )
static

◆ expr_add_nat()

void expr_add_nat ( struct nftnl_rule * r,
uint32_t t,
uint32_t family,
in_addr_t addr_min,
uint32_t proto_min,
uint32_t flags )
static

◆ expr_add_payload()

void expr_add_payload ( struct nftnl_rule * r,
uint32_t base,
uint32_t dreg,
uint32_t offset,
uint32_t len )
static

◆ expr_set_reg_val_u16()

void expr_set_reg_val_u16 ( struct nftnl_rule * r,
enum nft_registers dreg,
uint32_t val )
static

◆ expr_set_reg_val_u32()

void expr_set_reg_val_u32 ( struct nftnl_rule * r,
enum nft_registers dreg,
uint32_t val )
static

◆ expr_set_reg_verdict()

void expr_set_reg_verdict ( struct nftnl_rule * r,
uint32_t val )
static

◆ flush_nft_cache()

void flush_nft_cache ( struct rule_list * head)

◆ get_reg_type_ptr()

enum rule_reg_type * get_reg_type_ptr ( rule_t * r,
uint32_t dreg )
static

◆ get_reg_val_ptr()

uint32_t * get_reg_val_ptr ( rule_t * r,
uint32_t dreg )
static

◆ nft_mnl_batch_put()

void nft_mnl_batch_put ( char * buf,
uint16_t type,
uint32_t seq )
static

◆ nft_mnl_connect()

int nft_mnl_connect ( void )

called at initialization. establishes persistent connection to mnl/netfilter socket, needs elevated privilege

◆ nft_mnl_disconnect()

void nft_mnl_disconnect ( void )

called at shutdown, to release the mnl/netfilter socket

◆ nft_send_rule()

int nft_send_rule ( struct nftnl_rule * rule,
uint16_t cmd,
enum rule_chain_type chain_type )

◆ parse_rule_cmp()

void parse_rule_cmp ( struct nftnl_expr * e,
rule_t * r )
static

◆ parse_rule_counter()

void parse_rule_counter ( struct nftnl_expr * e,
rule_t * r )
static

◆ parse_rule_immediate()

void parse_rule_immediate ( struct nftnl_expr * e,
rule_t * r )
static

◆ parse_rule_meta()

void parse_rule_meta ( struct nftnl_expr * e,
rule_t * r )
static

◆ parse_rule_nat()

void parse_rule_nat ( struct nftnl_expr * e,
rule_t * r )
static

◆ parse_rule_payload()

void parse_rule_payload ( struct nftnl_expr * e,
rule_t * r )
static

◆ refresh_nft_cache()

int refresh_nft_cache ( struct rule_list * head,
const char * table,
const char * chain,
uint32_t family,
enum rule_type type )

◆ refresh_nft_cache_filter()

int refresh_nft_cache_filter ( void )

◆ refresh_nft_cache_peer()

int refresh_nft_cache_peer ( void )

◆ refresh_nft_cache_redirect()

int refresh_nft_cache_redirect ( void )

◆ rule_del_handle()

struct nftnl_rule * rule_del_handle ( rule_t * rule)

◆ rule_expr_cb()

int rule_expr_cb ( struct nftnl_expr * e,
rule_t * r )
static

◆ rule_set_dnat()

struct nftnl_rule * rule_set_dnat ( uint8_t family,
const char * ifname,
uint8_t proto,
in_addr_t rhost,
unsigned short eport,
in_addr_t ihost,
uint32_t iport,
const char * descr,
const char * handle )

◆ rule_set_filter()

struct nftnl_rule * rule_set_filter ( uint8_t family,
const char * ifname,
uint8_t proto,
in_addr_t rhost,
in_addr_t iaddr,
unsigned short eport,
unsigned short iport,
unsigned short rport,
const char * descr,
const char * handle )

◆ rule_set_filter6()

struct nftnl_rule * rule_set_filter6 ( uint8_t family,
const char * ifname,
uint8_t proto,
struct in6_addr * rhost6,
struct in6_addr * iaddr6,
unsigned short eport,
unsigned short iport,
unsigned short rport,
const char * descr,
const char * handle )

◆ rule_set_filter_common()

struct nftnl_rule * rule_set_filter_common ( struct nftnl_rule * r,
uint8_t family,
const char * ifname,
uint8_t proto,
unsigned short eport,
unsigned short iport,
unsigned short rport,
const char * descr,
const char * handle )

◆ rule_set_snat()

struct nftnl_rule * rule_set_snat ( uint8_t family,
uint8_t proto,
in_addr_t rhost,
unsigned short rport,
in_addr_t ehost,
unsigned short eport,
in_addr_t ihost,
unsigned short iport,
const char * descr,
const char * handle )

◆ send_batch()

int send_batch ( struct mnl_nlmsg_batch * batch)

return codes : 0 : OK -1 : netlink not connected -2 : mnl_socket_sendto() error -3 : mnl_socket_recvfrom() error -4 : mnl_cb_run() error

◆ set_reg()

void set_reg ( rule_t * r,
uint32_t dreg,
enum rule_reg_type type,
uint32_t val )
static

◆ start_batch()

struct mnl_nlmsg_batch * start_batch ( char * buf,
size_t buf_size )

the buffer that you have to use to store the batch must be double of MNL_SOCKET_BUFFER_SIZE

See also
https://www.netfilter.org/projects/libmnl/doxygen/html/group__batch.html

◆ table_cb()

int table_cb ( const struct nlmsghdr * nlh,
void * data )
static

◆ table_op()

int table_op ( enum nf_tables_msg_types op,
uint16_t family,
const char * name )

Variable Documentation

◆ head_filter

struct rule_list head_filter = LIST_HEAD_INITIALIZER(head_filter)

◆ head_peer

struct rule_list head_peer = LIST_HEAD_INITIALIZER(head_peer)

◆ head_redirect

struct rule_list head_redirect = LIST_HEAD_INITIALIZER(head_redirect)

◆ mnl_portid

uint32_t mnl_portid = 0
static

◆ mnl_seq

uint32_t mnl_seq = 0
static

◆ mnl_sock

struct mnl_socket* mnl_sock = NULL
static

◆ nft_forward_chain

const char* nft_forward_chain = "forward"

◆ nft_postrouting_chain

const char* nft_postrouting_chain = "postrouting"

◆ nft_prerouting_chain

const char* nft_prerouting_chain = "prerouting"

◆ nft_table

const char* nft_table = "miniupnpd"

◆ rule_list_filter_validate

uint32_t rule_list_filter_validate = RULE_CACHE_INVALID
static

◆ rule_list_peer_validate

uint32_t rule_list_peer_validate = RULE_CACHE_INVALID
static

◆ rule_list_redirect_validate

uint32_t rule_list_redirect_validate = RULE_CACHE_INVALID
static
Generated on for Monero by doxygen 1.16.1