.TH "Parsing" 3 "Thu Jan 28 2021" "Version 1.0.5" "libnetfilter_queue" \" -*- nroff -*- .ad l .nh .SH NAME Parsing \- Message parsing functions [DEPRECATED] .SH SYNOPSIS .br .PP .SS "Functions" .in +1c .ti -1c .RI "struct nfqnl_msg_packet_hdr * \fBnfq_get_msg_packet_hdr\fP (struct nfq_data *nfad)" .br .ti -1c .RI "uint32_t \fBnfq_get_nfmark\fP (struct nfq_data *nfad)" .br .ti -1c .RI "int \fBnfq_get_timestamp\fP (struct nfq_data *nfad, struct timeval *tv)" .br .ti -1c .RI "uint32_t \fBnfq_get_indev\fP (struct nfq_data *nfad)" .br .ti -1c .RI "uint32_t \fBnfq_get_physindev\fP (struct nfq_data *nfad)" .br .ti -1c .RI "uint32_t \fBnfq_get_outdev\fP (struct nfq_data *nfad)" .br .ti -1c .RI "uint32_t \fBnfq_get_physoutdev\fP (struct nfq_data *nfad)" .br .ti -1c .RI "int \fBnfq_get_indev_name\fP (struct nlif_handle *nlif_handle, struct nfq_data *nfad, char *name)" .br .ti -1c .RI "int \fBnfq_get_physindev_name\fP (struct nlif_handle *nlif_handle, struct nfq_data *nfad, char *name)" .br .ti -1c .RI "int \fBnfq_get_outdev_name\fP (struct nlif_handle *nlif_handle, struct nfq_data *nfad, char *name)" .br .ti -1c .RI "int \fBnfq_get_physoutdev_name\fP (struct nlif_handle *nlif_handle, struct nfq_data *nfad, char *name)" .br .ti -1c .RI "struct nfqnl_msg_packet_hw * \fBnfq_get_packet_hw\fP (struct nfq_data *nfad)" .br .ti -1c .RI "uint32_t \fBnfq_get_skbinfo\fP (struct nfq_data *nfad)" .br .ti -1c .RI "int \fBnfq_get_uid\fP (struct nfq_data *nfad, uint32_t *uid)" .br .ti -1c .RI "int \fBnfq_get_gid\fP (struct nfq_data *nfad, uint32_t *gid)" .br .ti -1c .RI "int \fBnfq_get_secctx\fP (struct nfq_data *nfad, unsigned char **secdata)" .br .ti -1c .RI "int \fBnfq_get_payload\fP (struct nfq_data *nfad, unsigned char **data)" .br .in -1c .SH "Detailed Description" .PP .SH "Function Documentation" .PP .SS "int nfq_get_gid (struct nfq_data * nfad, uint32_t * gid)" nfq_get_gid - get the GID of the user the packet belongs to .PP \fBParameters\fP .RS 4 \fInfad\fP Netlink packet data handle passed to callback function .br \fIgid\fP Set to GID on return .RE .PP \fBWarning\fP .RS 4 If the NFQA_CFG_F_GSO flag is not set, then fragmented packets may be pushed into the queue\&. In this case, only one fragment will have the GID field set\&. To deal with this issue always set NFQA_CFG_F_GSO\&. .RE .PP \fBReturns\fP .RS 4 1 if there is a GID available, 0 otherwise\&. .RE .PP .PP Definition at line 1277 of file libnetfilter_queue\&.c\&. .SS "uint32_t nfq_get_indev (struct nfq_data * nfad)" nfq_get_indev - get the interface that the packet was received through .PP \fBParameters\fP .RS 4 \fInfad\fP Netlink packet data handle passed to callback function .RE .PP \fBReturns\fP .RS 4 The index of the device the queued packet was received via\&. If the returned index is 0, the packet was locally generated or the input interface is not known (ie\&. POSTROUTING?)\&. .RE .PP \fBWarning\fP .RS 4 all nfq_get_dev() functions return 0 if not set, since linux only allows ifindex >= 1, see net/core/dev\&.c:2600 (in 2\&.6\&.13\&.1) .RE .PP .PP Definition at line 1028 of file libnetfilter_queue\&.c\&. .SS "int nfq_get_indev_name (struct nlif_handle * nlif_handle, struct nfq_data * nfad, char * name)" nfq_get_indev_name - get the name of the interface the packet was received through .PP \fBParameters\fP .RS 4 \fInlif_handle\fP pointer to a nlif interface resolving handle .br \fInfad\fP Netlink packet data handle passed to callback function .br \fIname\fP pointer to the buffer to receive the interface name; not more than \fCIFNAMSIZ\fP bytes will be copied to it\&. .RE .PP \fBReturns\fP .RS 4 -1 in case of error, >0 if it succeed\&. .RE .PP To use a nlif_handle, You need first to call nlif_open() and to open an handler\&. Don't forget to store the result as it will be used during all your program life: .PP .nf h = nlif_open(); if (h == NULL) { perror("nlif_open"); exit(EXIT_FAILURE); } .fi .PP Once the handler is open, you need to fetch the interface table at a whole via a call to nlif_query\&. .PP .nf nlif_query(h); .fi .PP libnfnetlink is able to update the interface mapping when a new interface appears\&. To do so, you need to call nlif_catch() on the handler after each interface related event\&. The simplest way to get and treat event is to run a select() or poll() against the nlif file descriptor\&. To get this file descriptor, you need to use nlif_fd: .PP .nf if_fd = nlif_fd(h); .fi .PP Don't forget to close the handler when you don't need the feature anymore: .PP .nf nlif_close(h); .fi .PP .PP Definition at line 1116 of file libnetfilter_queue\&.c\&. .SS "struct nfqnl_msg_packet_hdr* nfq_get_msg_packet_hdr (struct nfq_data * nfad)" nfqnl_msg_packet_hdr - return the metaheader that wraps the packet .PP \fBParameters\fP .RS 4 \fInfad\fP Netlink packet data handle passed to callback function .RE .PP \fBReturns\fP .RS 4 the netfilter queue netlink packet header for the given nfq_data argument\&. Typically, the nfq_data value is passed as the 3rd parameter to the callback function set by a call to \fBnfq_create_queue()\fP\&. .RE .PP The nfqnl_msg_packet_hdr structure is defined in libnetfilter_queue\&.h as: .PP .PP .nf struct nfqnl_msg_packet_hdr { uint32_t packet_id; // unique ID of packet in queue uint16_t hw_protocol; // hw protocol (network order) uint8_t hook; // netfilter hook } __attribute__ ((packed)); .fi .PP .PP Definition at line 974 of file libnetfilter_queue\&.c\&. .SS "uint32_t nfq_get_nfmark (struct nfq_data * nfad)" nfq_get_nfmark - get the packet mark .PP \fBParameters\fP .RS 4 \fInfad\fP Netlink packet data handle passed to callback function .RE .PP \fBReturns\fP .RS 4 the netfilter mark currently assigned to the given queued packet\&. .RE .PP .PP Definition at line 987 of file libnetfilter_queue\&.c\&. .SS "uint32_t nfq_get_outdev (struct nfq_data * nfad)" nfq_get_outdev - gets the interface that the packet will be routed out .PP \fBParameters\fP .RS 4 \fInfad\fP Netlink packet data handle passed to callback function .RE .PP \fBReturns\fP .RS 4 The index of the device the queued packet will be sent out\&. If the returned index is 0, the packet is destined for localhost or the output interface is not yet known (ie\&. PREROUTING?)\&. .RE .PP .PP Definition at line 1056 of file libnetfilter_queue\&.c\&. .SS "int nfq_get_outdev_name (struct nlif_handle * nlif_handle, struct nfq_data * nfad, char * name)" nfq_get_outdev_name - get the name of the physical interface the packet will be sent to .PP \fBParameters\fP .RS 4 \fInlif_handle\fP pointer to a nlif interface resolving handle .br \fInfad\fP Netlink packet data handle passed to callback function .br \fIname\fP pointer to the buffer to receive the interface name; not more than \fCIFNAMSIZ\fP bytes will be copied to it\&. .RE .PP See \fBnfq_get_indev_name()\fP documentation for nlif_handle usage\&. .PP \fBReturns\fP .RS 4 -1 in case of error, > 0 if it succeed\&. .RE .PP .PP Definition at line 1156 of file libnetfilter_queue\&.c\&. .SS "struct nfqnl_msg_packet_hw* nfq_get_packet_hw (struct nfq_data * nfad)" nfq_get_packet_hw .PP get hardware address .PP \fBParameters\fP .RS 4 \fInfad\fP Netlink packet data handle passed to callback function .RE .PP Retrieves the hardware address associated with the given queued packet\&. For ethernet packets, the hardware address returned (if any) will be the MAC address of the packet source host\&. The destination MAC address is not known until after POSTROUTING and a successful ARP request, so cannot currently be retrieved\&. .PP The nfqnl_msg_packet_hw structure is defined in libnetfilter_queue\&.h as: .PP .nf struct nfqnl_msg_packet_hw { uint16_t hw_addrlen; uint16_t _pad; uint8_t hw_addr[8]; } __attribute__ ((packed)); .fi .PP .PP Definition at line 1207 of file libnetfilter_queue\&.c\&. .SS "int nfq_get_payload (struct nfq_data * nfad, unsigned char ** data)" nfq_get_payload - get payload .PP \fBParameters\fP .RS 4 \fInfad\fP Netlink packet data handle passed to callback function .br \fIdata\fP Pointer of pointer that will be pointed to the payload .RE .PP Retrieve the payload for a queued packet\&. The actual amount and type of data retrieved by this function will depend on the mode set with the \fBnfq_set_mode()\fP function\&. .PP \fBReturns\fP .RS 4 -1 on error, otherwise > 0\&. .RE .PP .PP Definition at line 1324 of file libnetfilter_queue\&.c\&. .SS "uint32_t nfq_get_physindev (struct nfq_data * nfad)" nfq_get_physindev - get the physical interface that the packet was received .PP \fBParameters\fP .RS 4 \fInfad\fP Netlink packet data handle passed to callback function .RE .PP \fBReturns\fP .RS 4 The index of the physical device the queued packet was received via\&. If the returned index is 0, the packet was locally generated or the physical input interface is no longer known (ie\&. POSTROUTING?)\&. .RE .PP .PP Definition at line 1042 of file libnetfilter_queue\&.c\&. .SS "int nfq_get_physindev_name (struct nlif_handle * nlif_handle, struct nfq_data * nfad, char * name)" nfq_get_physindev_name - get the name of the physical interface the packet was received through .PP \fBParameters\fP .RS 4 \fInlif_handle\fP pointer to a nlif interface resolving handle .br \fInfad\fP Netlink packet data handle passed to callback function .br \fIname\fP pointer to the buffer to receive the interface name; not more than \fCIFNAMSIZ\fP bytes will be copied to it\&. .RE .PP See \fBnfq_get_indev_name()\fP documentation for nlif_handle usage\&. .PP \fBReturns\fP .RS 4 -1 in case of error, > 0 if it succeed\&. .RE .PP .PP Definition at line 1136 of file libnetfilter_queue\&.c\&. .SS "uint32_t nfq_get_physoutdev (struct nfq_data * nfad)" nfq_get_physoutdev - get the physical interface that the packet output .PP \fBParameters\fP .RS 4 \fInfad\fP Netlink packet data handle passed to callback function .RE .PP The index of the physical device the queued packet will be sent out\&. If the returned index is 0, the packet is destined for localhost or the physical output interface is not yet known (ie\&. PREROUTING?)\&. .PP \fBReturns\fP .RS 4 The index of physical interface that the packet output will be routed out\&. .RE .PP .PP Definition at line 1072 of file libnetfilter_queue\&.c\&. .SS "int nfq_get_physoutdev_name (struct nlif_handle * nlif_handle, struct nfq_data * nfad, char * name)" nfq_get_physoutdev_name - get the name of the interface the packet will be sent to .PP \fBParameters\fP .RS 4 \fInlif_handle\fP pointer to a nlif interface resolving handle .br \fInfad\fP Netlink packet data handle passed to callback function .br \fIname\fP pointer to the buffer to receive the interface name; not more than \fCIFNAMSIZ\fP bytes will be copied to it\&. .RE .PP See \fBnfq_get_indev_name()\fP documentation for nlif_handle usage\&. .PP \fBReturns\fP .RS 4 -1 in case of error, > 0 if it succeed\&. .RE .PP .PP Definition at line 1177 of file libnetfilter_queue\&.c\&. .SS "int nfq_get_secctx (struct nfq_data * nfad, unsigned char ** secdata)" nfq_get_secctx - get the security context for this packet .PP \fBParameters\fP .RS 4 \fInfad\fP Netlink packet data handle passed to callback function .br \fIsecdata\fP data to write the security context to .RE .PP \fBWarning\fP .RS 4 If the NFQA_CFG_F_GSO flag is not set, then fragmented packets may be pushed into the queue\&. In this case, only one fragment will have the SECCTX field set\&. To deal with this issue always set NFQA_CFG_F_GSO\&. .RE .PP \fBReturns\fP .RS 4 -1 on error, otherwise > 0 .RE .PP .PP Definition at line 1298 of file libnetfilter_queue\&.c\&. .SS "uint32_t nfq_get_skbinfo (struct nfq_data * nfad)" nfq_get_skbinfo - return the NFQA_SKB_INFO meta information .PP \fBParameters\fP .RS 4 \fInfad\fP Netlink packet data handle passed to callback function .RE .PP This can be used to obtain extra information about a packet by testing the returned integer for any of the following bit flags: .PP .IP "\(bu" 2 NFQA_SKB_CSUMNOTREADY packet header checksums will be computed by hardware later on, i\&.e\&. tcp/ip checksums in the packet must not be validated, application should pretend they are correct\&. .IP "\(bu" 2 NFQA_SKB_GSO packet is an aggregated super-packet\&. It exceeds device mtu and will be (re-)split on transmit by hardware\&. .IP "\(bu" 2 NFQA_SKB_CSUM_NOTVERIFIED packet checksum was not yet verified by the kernel/hardware, for example because this is an incoming packet and the NIC does not perform checksum validation at hardware level\&. .PP .PP \fBReturns\fP .RS 4 the skbinfo value .RE .PP \fBSee also\fP .RS 4 \fB\fBnfq_set_queue_flags\fP\fP(3) .RE .PP .PP Definition at line 1236 of file libnetfilter_queue\&.c\&. .SS "int nfq_get_timestamp (struct nfq_data * nfad, struct timeval * tv)" nfq_get_timestamp - get the packet timestamp .PP \fBParameters\fP .RS 4 \fInfad\fP Netlink packet data handle passed to callback function .br \fItv\fP structure to fill with timestamp info .RE .PP Retrieves the received timestamp when the given queued packet\&. .PP \fBReturns\fP .RS 4 0 on success, non-zero on failure\&. .RE .PP .PP Definition at line 1002 of file libnetfilter_queue\&.c\&. .SS "int nfq_get_uid (struct nfq_data * nfad, uint32_t * uid)" nfq_get_uid - get the UID of the user the packet belongs to .PP \fBParameters\fP .RS 4 \fInfad\fP Netlink packet data handle passed to callback function .br \fIuid\fP Set to UID on return .RE .PP \fBWarning\fP .RS 4 If the NFQA_CFG_F_GSO flag is not set, then fragmented packets may be pushed into the queue\&. In this case, only one fragment will have the UID field set\&. To deal with this issue always set NFQA_CFG_F_GSO\&. .RE .PP \fBReturns\fP .RS 4 1 if there is a UID available, 0 otherwise\&. .RE .PP .PP Definition at line 1256 of file libnetfilter_queue\&.c\&. .SH "Author" .PP Generated automatically by Doxygen for libnetfilter_queue from the source code\&.