mirror of
https://github.com/bol-van/zapret.git
synced 2025-04-21 22:42:57 +03:00
Compare commits
No commits in common. "0f1721d2c4ee2d135310aaa607be6902c243c547" and "4e5caf4087d79ada0715387dbb14035783b6be41" have entirely different histories.
0f1721d2c4
...
4e5caf4087
93
nfq/nfqws.c
93
nfq/nfqws.c
@ -152,62 +152,50 @@ static int nfq_cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, struct nfq_da
|
||||
DLOG("packet: id=%d pass unmodified\n", id);
|
||||
return nfq_set_verdict2(qh, id, NF_ACCEPT, mark, 0, NULL);
|
||||
}
|
||||
static void nfq_deinit(struct nfq_handle **h,struct nfq_q_handle **qh)
|
||||
static int nfq_main(void)
|
||||
{
|
||||
if (*qh)
|
||||
{
|
||||
DLOG_CONDUP("unbinding from queue %u\n", params.qnum);
|
||||
nfq_destroy_queue(*qh);
|
||||
*qh = NULL;
|
||||
}
|
||||
if (*h)
|
||||
{
|
||||
DLOG_CONDUP("closing library handle\n");
|
||||
nfq_close(*h);
|
||||
*h = NULL;
|
||||
}
|
||||
}
|
||||
static bool nfq_init(struct nfq_handle **h,struct nfq_q_handle **qh)
|
||||
{
|
||||
nfq_deinit(h,qh);
|
||||
struct nfq_handle *h = NULL;
|
||||
struct nfq_q_handle *qh = NULL;
|
||||
int fd,rv;
|
||||
uint8_t buf[16384] __attribute__((aligned));
|
||||
|
||||
DLOG_CONDUP("opening library handle\n");
|
||||
*h = nfq_open();
|
||||
if (!*h) {
|
||||
h = nfq_open();
|
||||
if (!h) {
|
||||
DLOG_PERROR("nfq_open()");
|
||||
goto exiterr;
|
||||
}
|
||||
|
||||
DLOG_CONDUP("unbinding existing nf_queue handler for AF_INET (if any)\n");
|
||||
if (nfq_unbind_pf(*h, AF_INET) < 0) {
|
||||
if (nfq_unbind_pf(h, AF_INET) < 0) {
|
||||
DLOG_PERROR("nfq_unbind_pf()");
|
||||
goto exiterr;
|
||||
}
|
||||
|
||||
DLOG_CONDUP("binding nfnetlink_queue as nf_queue handler for AF_INET\n");
|
||||
if (nfq_bind_pf(*h, AF_INET) < 0) {
|
||||
if (nfq_bind_pf(h, AF_INET) < 0) {
|
||||
DLOG_PERROR("nfq_bind_pf()");
|
||||
goto exiterr;
|
||||
}
|
||||
|
||||
DLOG_CONDUP("binding this socket to queue '%u'\n", params.qnum);
|
||||
*qh = nfq_create_queue(*h, params.qnum, &nfq_cb, ¶ms);
|
||||
qh = nfq_create_queue(h, params.qnum, &nfq_cb, ¶ms);
|
||||
if (!qh) {
|
||||
DLOG_PERROR("nfq_create_queue()");
|
||||
goto exiterr;
|
||||
}
|
||||
|
||||
DLOG_CONDUP("setting copy_packet mode\n");
|
||||
if (nfq_set_mode(*qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
|
||||
if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
|
||||
DLOG_PERROR("can't set packet_copy mode");
|
||||
goto exiterr;
|
||||
}
|
||||
if (nfq_set_queue_maxlen(*qh, Q_MAXLEN) < 0) {
|
||||
if (nfq_set_queue_maxlen(qh, Q_MAXLEN) < 0) {
|
||||
DLOG_PERROR("can't set queue maxlen");
|
||||
goto exiterr;
|
||||
}
|
||||
// accept packets if they cant be handled
|
||||
if (nfq_set_queue_flags(*qh, NFQA_CFG_F_FAIL_OPEN , NFQA_CFG_F_FAIL_OPEN))
|
||||
if (nfq_set_queue_flags(qh, NFQA_CFG_F_FAIL_OPEN , NFQA_CFG_F_FAIL_OPEN))
|
||||
{
|
||||
DLOG_ERR("can't set queue flags. its OK on linux <3.6\n");
|
||||
// dot not fail. not supported on old linuxes <3.6
|
||||
@ -217,25 +205,6 @@ static bool nfq_init(struct nfq_handle **h,struct nfq_q_handle **qh)
|
||||
if (!rawsend_preinit(params.bind_fix4,params.bind_fix6))
|
||||
goto exiterr;
|
||||
|
||||
// increase socket buffer size. on slow systems reloading hostlist can take a while.
|
||||
// if too many unhandled packets are received its possible to get "no buffer space available" error
|
||||
if (!set_socket_buffers(nfq_fd(*h),Q_RCVBUF/2,Q_SNDBUF/2))
|
||||
goto exiterr;
|
||||
|
||||
return true;
|
||||
exiterr:
|
||||
nfq_deinit(h,qh);
|
||||
return false;
|
||||
}
|
||||
|
||||
static int nfq_main(void)
|
||||
{
|
||||
uint8_t buf[16384] __attribute__((aligned));
|
||||
struct nfq_handle *h = NULL;
|
||||
struct nfq_q_handle *qh = NULL;
|
||||
int fd,e;
|
||||
ssize_t rd;
|
||||
|
||||
#ifndef __CYGWIN__
|
||||
sec_harden();
|
||||
|
||||
@ -247,30 +216,36 @@ static int nfq_main(void)
|
||||
|
||||
pre_desync();
|
||||
|
||||
nfq_init(&h,&qh);
|
||||
|
||||
fd = nfq_fd(h);
|
||||
|
||||
// increase socket buffer size. on slow systems reloading hostlist can take a while.
|
||||
// if too many unhandled packets are received its possible to get "no buffer space available" error
|
||||
if (!set_socket_buffers(fd,Q_RCVBUF/2,Q_SNDBUF/2))
|
||||
goto exiterr;
|
||||
do
|
||||
{
|
||||
while ((rd = recv(fd, buf, sizeof(buf), 0)) >= 0)
|
||||
while ((rv = recv(fd, buf, sizeof(buf), 0)) > 0)
|
||||
{
|
||||
if (rd)
|
||||
{
|
||||
int r = nfq_handle_packet(h, (char *)buf, (int)rd);
|
||||
if (r) DLOG_ERR("nfq_handle_packet error %d\n", r);
|
||||
}
|
||||
else
|
||||
DLOG("recv from nfq returned 0 !\n");
|
||||
int r = nfq_handle_packet(h, (char *)buf, rv);
|
||||
if (r) DLOG_ERR("nfq_handle_packet error %d\n", r);
|
||||
}
|
||||
e=errno;
|
||||
DLOG_ERR("recv: recv=%zd errno %d\n",rd,e);
|
||||
errno=e;
|
||||
DLOG_ERR("recv: errno %d\n",errno);
|
||||
DLOG_PERROR("recv");
|
||||
// do not fail on ENOBUFS
|
||||
} while(errno==ENOBUFS);
|
||||
|
||||
nfq_deinit(&h,&qh);
|
||||
DLOG_CONDUP("unbinding from queue %u\n", params.qnum);
|
||||
nfq_destroy_queue(qh);
|
||||
|
||||
#ifdef INSANE
|
||||
/* normally, applications SHOULD NOT issue this command, since
|
||||
* it detaches other programs/sockets from AF_INET, too ! */
|
||||
DLOG_CONDUP("unbinding from AF_INET\n");
|
||||
nfq_unbind_pf(h, AF_INET);
|
||||
#endif
|
||||
|
||||
DLOG_CONDUP("closing library handle\n");
|
||||
nfq_close(h);
|
||||
return 0;
|
||||
|
||||
exiterr:
|
||||
@ -1392,12 +1367,10 @@ int main(int argc, char **argv)
|
||||
while ((v = getopt_long_only(argc, argv, "", long_options, &option_index)) != -1)
|
||||
{
|
||||
if (v)
|
||||
{
|
||||
if (bDry)
|
||||
exit_clean(1);
|
||||
else
|
||||
exithelp_clean();
|
||||
}
|
||||
switch (option_index)
|
||||
{
|
||||
case 0: /* debug */
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user