Logo Search packages:      
Sourcecode: libnetfilter-queue version File versions  Download package

Functions

Queue handling

Functions

struct nfq_q_handlenfq_create_queue (struct nfq_handle *h, u_int16_t num, nfq_callback *cb, void *data)
int nfq_destroy_queue (struct nfq_q_handle *qh)
int nfq_fd (struct nfq_handle *h)
int nfq_handle_packet (struct nfq_handle *h, char *buf, int len)
int nfq_set_mode (struct nfq_q_handle *qh, u_int8_t mode, u_int32_t range)
int nfq_set_queue_maxlen (struct nfq_q_handle *qh, u_int32_t queuelen)
int nfq_set_verdict (struct nfq_q_handle *qh, u_int32_t id, u_int32_t verdict, u_int32_t data_len, const unsigned char *buf)
int nfq_set_verdict2 (struct nfq_q_handle *qh, u_int32_t id, u_int32_t verdict, u_int32_t mark, u_int32_t data_len, const unsigned char *buf)
int nfq_set_verdict_mark (struct nfq_q_handle *qh, u_int32_t id, u_int32_t verdict, u_int32_t mark, u_int32_t data_len, const unsigned char *buf)

Detailed Description

Once libnetfilter_queue library has been initialised (See LibrarySetup), it is possible to bind the program to a specific queue. This can be done by using nfq_create_queue().

The queue can then be tuned via nfq_set_mode() or nfq_set_queue_maxlen().

Here's a little code snippet that create queue numbered 0:

	printf("binding this socket to queue '0'\n");
	qh = nfq_create_queue(h,  0, &cb, NULL);
	if (!qh) {
		fprintf(stderr, "error during nfq_create_queue()\n");
		exit(1);
	}

	printf("setting copy_packet mode\n");
	if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
		fprintf(stderr, "can't set packet_copy mode\n");
		exit(1);
	}

Next step is the handling of incoming packets which can be done via a loop:

	fd = nfq_fd(h);

	while ((rv = recv(fd, buf, sizeof(buf), 0)) >= 0) {
		printf("pkt received\n");
		nfq_handle_packet(h, buf, rv);
	}

When the decision on a packet has been choosed, the verdict has to be given by calling nfq_set_verdict() or nfq_set_verdict2(). The verdict determines the destiny of the packet as follows:

Data and information about the packet can be fetch by using message parsing functions (See Parsing).


Generated by  Doxygen 1.6.0   Back to index