#include <stdio.h>
#include <stdlib.h>
#include <inttypes.h>
#include <time.h>
#include <string.h>
#include <stddef.h>
#include <syslog.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/queue.h>
#include <errno.h>
#include <linux/netfilter.h>
#include <linux/netfilter/nfnetlink.h>
#include <linux/netfilter/nf_tables.h>
#include <linux/ipv6.h>
#include <libmnl/libmnl.h>
#include <libnftnl/table.h>
#include <libnftnl/chain.h>
#include <libnftnl/rule.h>
#include <libnftnl/expr.h>
#include "../commonrdr.h"
#include "nftnlrdr_misc.h"
#include "../macros.h"

Include dependency graph for nftnlrdr_misc.c:

Classes
struct	table_cb_data

Macros
#define	d_printf(x)

#define	log_error(args...) syslog(LOG_ERR, args)

#define	log_debug(args...) syslog(LOG_DEBUG, args)

#define	RULE_CACHE_INVALID 0

#define	RULE_CACHE_VALID 1

#define	CB_DATA(field) ((struct table_cb_data *)data)->field

Functions
int	nft_mnl_connect (void)

void	nft_mnl_disconnect (void)

static enum rule_reg_type *	get_reg_type_ptr (rule_t *r, uint32_t dreg)

static uint32_t *	get_reg_val_ptr (rule_t *r, uint32_t dreg)

static void	set_reg (rule_t *r, uint32_t dreg, enum rule_reg_type type, uint32_t val)

static void	parse_rule_immediate (struct nftnl_expr e, rule_t r)

static void	parse_rule_counter (struct nftnl_expr e, rule_t r)

static void	parse_rule_meta (struct nftnl_expr e, rule_t r)

static void	parse_rule_nat (struct nftnl_expr e, rule_t r)

static void	parse_rule_payload (struct nftnl_expr e, rule_t r)

static void	parse_rule_cmp (struct nftnl_expr e, rule_t r)

static int	rule_expr_cb (struct nftnl_expr e, rule_t r)

static int	table_cb (const struct nlmsghdr nlh, void data)

int	refresh_nft_cache_filter (void)

int	refresh_nft_cache_peer (void)

int	refresh_nft_cache_redirect (void)

void	flush_nft_cache (struct rule_list *head)

int	refresh_nft_cache (struct rule_list head, const char table, const char *chain, uint32_t family, enum rule_type type)

static void	expr_add_payload (struct nftnl_rule *r, uint32_t base, uint32_t dreg, uint32_t offset, uint32_t len)

static void	expr_add_cmp (struct nftnl_rule r, uint32_t sreg, uint32_t op, const void data, uint32_t data_len)

static void	expr_add_meta (struct nftnl_rule *r, uint32_t meta_key, uint32_t dreg)

static void	expr_set_reg_val_u32 (struct nftnl_rule *r, enum nft_registers dreg, uint32_t val)

static void	expr_set_reg_val_u16 (struct nftnl_rule *r, enum nft_registers dreg, uint32_t val)

static void	expr_set_reg_verdict (struct nftnl_rule *r, uint32_t val)

static void	expr_add_nat (struct nftnl_rule *r, uint32_t t, uint32_t family, in_addr_t addr_min, uint32_t proto_min, uint32_t flags)

struct nftnl_rule *	rule_set_snat (uint8_t family, uint8_t proto, in_addr_t rhost, unsigned short rport, in_addr_t ehost, unsigned short eport, in_addr_t ihost, unsigned short iport, const char descr, const char handle)

struct nftnl_rule *	rule_set_dnat (uint8_t family, const char ifname, uint8_t proto, in_addr_t rhost, unsigned short eport, in_addr_t ihost, uint32_t iport, const char descr, const char *handle)

struct nftnl_rule *	rule_set_filter (uint8_t family, const char ifname, uint8_t proto, in_addr_t rhost, in_addr_t iaddr, unsigned short eport, unsigned short iport, unsigned short rport, const char descr, const char *handle)

struct nftnl_rule *	rule_set_filter6 (uint8_t family, const char ifname, uint8_t proto, struct in6_addr rhost6, struct in6_addr iaddr6, unsigned short eport, unsigned short iport, unsigned short rport, const char descr, const char *handle)

struct nftnl_rule *	rule_set_filter_common (struct nftnl_rule r, uint8_t family, const char ifname, uint8_t proto, unsigned short eport, unsigned short iport, unsigned short rport, const char descr, const char handle)

struct nftnl_rule *	rule_del_handle (rule_t *rule)

static void	nft_mnl_batch_put (char *buf, uint16_t type, uint32_t seq)

int	nft_send_rule (struct nftnl_rule *rule, uint16_t cmd, enum rule_chain_type chain_type)

int	table_op (enum nf_tables_msg_types op, uint16_t family, const char *name)

int	chain_op (enum nf_tables_msg_types op, uint16_t family, const char table, const char name, const char *type, uint32_t hooknum, signed int priority)

struct mnl_nlmsg_batch *	start_batch (char *buf, size_t buf_size)

int	send_batch (struct mnl_nlmsg_batch *batch)

Variables
const char *	nft_table = "miniupnpd"

const char *	nft_prerouting_chain = "prerouting"

const char *	nft_postrouting_chain = "postrouting"

const char *	nft_forward_chain = "forward"

static struct mnl_socket *	mnl_sock = NULL

static uint32_t	mnl_portid = 0

static uint32_t	mnl_seq = 0

struct rule_list	head_filter = LIST_HEAD_INITIALIZER(head_filter)

struct rule_list	head_redirect = LIST_HEAD_INITIALIZER(head_redirect)

struct rule_list	head_peer = LIST_HEAD_INITIALIZER(head_peer)

static uint32_t	rule_list_filter_validate = RULE_CACHE_INVALID

static uint32_t	rule_list_redirect_validate = RULE_CACHE_INVALID

static uint32_t	rule_list_peer_validate = RULE_CACHE_INVALID

Macro Definition Documentation

◆ CB_DATA

#define CB_DATA ( field ) ((struct table_cb_data *)data)->field

◆ d_printf

#define d_printf ( x )

◆ log_debug

#define log_debug ( args... ) syslog(LOG_DEBUG, args)

◆ log_error

#define log_error ( args... ) syslog(LOG_ERR, args)

◆ RULE_CACHE_INVALID

#define RULE_CACHE_INVALID 0

◆ RULE_CACHE_VALID

#define RULE_CACHE_VALID 1

Function Documentation

◆ chain_op()

int chain_op	(	enum nf_tables_msg_types	op,
		uint16_t	family,
		const char *	table,
		const char *	name,
		const char *	type,
		uint32_t	hooknum,
		signed int	priority
	)

◆ expr_add_cmp()

static void expr_add_cmp	(	struct nftnl_rule *	r,
		uint32_t	sreg,
		uint32_t	op,
		const void *	data,
		uint32_t	data_len
	)

static

◆ expr_add_meta()

static void expr_add_meta	(	struct nftnl_rule *	r,
		uint32_t	meta_key,
		uint32_t	dreg
	)

static

◆ expr_add_nat()

static void expr_add_nat	(	struct nftnl_rule *	r,
		uint32_t	t,
		uint32_t	family,
		in_addr_t	addr_min,
		uint32_t	proto_min,
		uint32_t	flags
	)

static

◆ expr_add_payload()

static void expr_add_payload	(	struct nftnl_rule *	r,
		uint32_t	base,
		uint32_t	dreg,
		uint32_t	offset,
		uint32_t	len
	)

static

◆ expr_set_reg_val_u16()

static void expr_set_reg_val_u16	(	struct nftnl_rule *	r,
		enum nft_registers	dreg,
		uint32_t	val
	)

static

◆ expr_set_reg_val_u32()

static void expr_set_reg_val_u32	(	struct nftnl_rule *	r,
		enum nft_registers	dreg,
		uint32_t	val
	)

static

◆ expr_set_reg_verdict()

static void expr_set_reg_verdict	(	struct nftnl_rule *	r,
		uint32_t	val
	)

static

◆ flush_nft_cache()

void flush_nft_cache ( struct rule_list * head )

◆ get_reg_type_ptr()

static enum rule_reg_type* get_reg_type_ptr	(	rule_t *	r,
		uint32_t	dreg
	)

static

◆ get_reg_val_ptr()

static uint32_t* get_reg_val_ptr	(	rule_t *	r,
		uint32_t	dreg
	)

static

◆ nft_mnl_batch_put()

static void nft_mnl_batch_put	(	char *	buf,
		uint16_t	type,
		uint32_t	seq
	)

static

◆ nft_mnl_connect()

int nft_mnl_connect ( void )

called at initialization. establishes persistent connection to mnl/netfilter socket, needs elevated privilege

◆ nft_mnl_disconnect()

void nft_mnl_disconnect ( void )

called at shutdown, to release the mnl/netfilter socket

◆ nft_send_rule()

int nft_send_rule	(	struct nftnl_rule *	rule,
		uint16_t	cmd,
		enum rule_chain_type	chain_type
	)

◆ parse_rule_cmp()

static void parse_rule_cmp	(	struct nftnl_expr *	e,
		rule_t *	r
	)

static

◆ parse_rule_counter()

static void parse_rule_counter	(	struct nftnl_expr *	e,
		rule_t *	r
	)

static

◆ parse_rule_immediate()

static void parse_rule_immediate	(	struct nftnl_expr *	e,
		rule_t *	r
	)

static

◆ parse_rule_meta()

static void parse_rule_meta	(	struct nftnl_expr *	e,
		rule_t *	r
	)

static

◆ parse_rule_nat()

static void parse_rule_nat	(	struct nftnl_expr *	e,
		rule_t *	r
	)

static

◆ parse_rule_payload()

static void parse_rule_payload	(	struct nftnl_expr *	e,
		rule_t *	r
	)

static

◆ refresh_nft_cache()

int refresh_nft_cache	(	struct rule_list *	head,
		const char *	table,
		const char *	chain,
		uint32_t	family,
		enum rule_type	type
	)

◆ refresh_nft_cache_filter()

int refresh_nft_cache_filter ( void )

◆ refresh_nft_cache_peer()

int refresh_nft_cache_peer ( void )

◆ refresh_nft_cache_redirect()

int refresh_nft_cache_redirect ( void )

◆ rule_del_handle()

struct nftnl_rule* rule_del_handle ( rule_t * rule )

◆ rule_expr_cb()

static int rule_expr_cb	(	struct nftnl_expr *	e,
		rule_t *	r
	)

static

◆ rule_set_dnat()

struct nftnl_rule* rule_set_dnat	(	uint8_t	family,
		const char *	ifname,
		uint8_t	proto,
		in_addr_t	rhost,
		unsigned short	eport,
		in_addr_t	ihost,
		uint32_t	iport,
		const char *	descr,
		const char *	handle
	)

◆ rule_set_filter()

struct nftnl_rule* rule_set_filter	(	uint8_t	family,
		const char *	ifname,
		uint8_t	proto,
		in_addr_t	rhost,
		in_addr_t	iaddr,
		unsigned short	eport,
		unsigned short	iport,
		unsigned short	rport,
		const char *	descr,
		const char *	handle
	)

◆ rule_set_filter6()

struct nftnl_rule* rule_set_filter6	(	uint8_t	family,
		const char *	ifname,
		uint8_t	proto,
		struct in6_addr *	rhost6,
		struct in6_addr *	iaddr6,
		unsigned short	eport,
		unsigned short	iport,
		unsigned short	rport,
		const char *	descr,
		const char *	handle
	)

◆ rule_set_filter_common()

struct nftnl_rule* rule_set_filter_common	(	struct nftnl_rule *	r,
		uint8_t	family,
		const char *	ifname,
		uint8_t	proto,
		unsigned short	eport,
		unsigned short	iport,
		unsigned short	rport,
		const char *	descr,
		const char *	handle
	)

◆ rule_set_snat()

struct nftnl_rule* rule_set_snat	(	uint8_t	family,
		uint8_t	proto,
		in_addr_t	rhost,
		unsigned short	rport,
		in_addr_t	ehost,
		unsigned short	eport,
		in_addr_t	ihost,
		unsigned short	iport,
		const char *	descr,
		const char *	handle
	)

◆ send_batch()

int send_batch ( struct mnl_nlmsg_batch * batch )

return codes : 0 : OK -1 : netlink not connected -2 : mnl_socket_sendto() error -3 : mnl_socket_recvfrom() error -4 : mnl_cb_run() error

◆ set_reg()

static void set_reg	(	rule_t *	r,
		uint32_t	dreg,
		enum rule_reg_type	type,
		uint32_t	val
	)

static

◆ start_batch()

struct mnl_nlmsg_batch* start_batch	(	char *	buf,
		size_t	buf_size
	)

the buffer that you have to use to store the batch must be double of MNL_SOCKET_BUFFER_SIZE

See also: https://www.netfilter.org/projects/libmnl/doxygen/html/group__batch.html

◆ table_cb()

static int table_cb	(	const struct nlmsghdr *	nlh,
		void *	data
	)

static

◆ table_op()

int table_op	(	enum nf_tables_msg_types	op,
		uint16_t	family,
		const char *	name
	)

Variable Documentation

◆ head_filter

struct rule_list head_filter = LIST_HEAD_INITIALIZER(head_filter)

◆ head_peer

struct rule_list head_peer = LIST_HEAD_INITIALIZER(head_peer)

◆ head_redirect

struct rule_list head_redirect = LIST_HEAD_INITIALIZER(head_redirect)

◆ mnl_portid

uint32_t mnl_portid = 0

static

◆ mnl_seq

uint32_t mnl_seq = 0

static

◆ mnl_sock

struct mnl_socket* mnl_sock = NULL

static

◆ nft_forward_chain

const char* nft_forward_chain = "forward"

◆ nft_postrouting_chain

const char* nft_postrouting_chain = "postrouting"

◆ nft_prerouting_chain

const char* nft_prerouting_chain = "prerouting"

◆ nft_table

const char* nft_table = "miniupnpd"

◆ rule_list_filter_validate

uint32_t rule_list_filter_validate = RULE_CACHE_INVALID

static

◆ rule_list_peer_validate

uint32_t rule_list_peer_validate = RULE_CACHE_INVALID

static

◆ rule_list_redirect_validate

uint32_t rule_list_redirect_validate = RULE_CACHE_INVALID

static

Classes

Macros

Functions

Variables

Macro Definition Documentation

◆ CB_DATA

◆ d_printf

◆ log_debug

◆ log_error

◆ RULE_CACHE_INVALID

◆ RULE_CACHE_VALID

Function Documentation

◆ chain_op()

◆ expr_add_cmp()

◆ expr_add_meta()

◆ expr_add_nat()

◆ expr_add_payload()

◆ expr_set_reg_val_u16()

◆ expr_set_reg_val_u32()

◆ expr_set_reg_verdict()

◆ flush_nft_cache()

◆ get_reg_type_ptr()

◆ get_reg_val_ptr()

◆ nft_mnl_batch_put()

◆ nft_mnl_connect()

◆ nft_mnl_disconnect()

◆ nft_send_rule()

◆ parse_rule_cmp()

◆ parse_rule_counter()

◆ parse_rule_immediate()

◆ parse_rule_meta()

◆ parse_rule_nat()

◆ parse_rule_payload()

◆ refresh_nft_cache()

◆ refresh_nft_cache_filter()

◆ refresh_nft_cache_peer()

◆ refresh_nft_cache_redirect()

◆ rule_del_handle()

◆ rule_expr_cb()

◆ rule_set_dnat()

◆ rule_set_filter()

◆ rule_set_filter6()

◆ rule_set_filter_common()

◆ rule_set_snat()

◆ send_batch()

◆ set_reg()

◆ start_batch()

◆ table_cb()

◆ table_op()

Variable Documentation

◆ head_filter

◆ head_peer

◆ head_redirect

◆ mnl_portid

◆ mnl_seq

◆ mnl_sock

◆ nft_forward_chain

◆ nft_postrouting_chain

◆ nft_prerouting_chain

◆ nft_table

◆ rule_list_filter_validate

◆ rule_list_peer_validate

◆ rule_list_redirect_validate