.TH "Log" 3 "Wed Aug 9 2023" "Version 1.0.2" "libnetfilter_log" \" -*- nroff -*-
.ad l
.nh
.SH NAME
nflog_fd, nflog_callback_register, nflog_handle_packet, nflog_bind_group, nflog_unbind_group, nflog_set_mode, nflog_set_timeout, nflog_set_qthresh, nflog_set_nlbufsiz, nflog_set_flags \- Group handling
.SH SYNOPSIS
.nf
\fB
#include <stddef.h>
#include <libnetfilter_log/libnetfilter_log.h>

.in +1c
.ti -1c
.RI "int \fBnflog_fd\fP (struct nflog_handle *h)"
.br
.ti -1c
.RI "int \fBnflog_callback_register\fP (struct nflog_g_handle *gh, nflog_callback *cb, void *data)"
.br
.ti -1c
.RI "int \fBnflog_handle_packet\fP (struct nflog_handle *h, char *buf, int len)"
.br
.ti -1c
.RI "struct nflog_g_handle * \fBnflog_bind_group\fP (struct nflog_handle *h, uint16_t num)"
.br
.ti -1c
.RI "int \fBnflog_unbind_group\fP (struct nflog_g_handle *gh)"
.br
.ti -1c
.RI "int \fBnflog_set_mode\fP (struct nflog_g_handle *gh, uint8_t mode, uint32_t range)"
.br
.ti -1c
.RI "int \fBnflog_set_timeout\fP (struct nflog_g_handle *gh, uint32_t timeout)"
.br
.ti -1c
.RI "int \fBnflog_set_qthresh\fP (struct nflog_g_handle *gh, uint32_t qthresh)"
.br
.ti -1c
.RI "int \fBnflog_set_nlbufsiz\fP (struct nflog_g_handle *gh, uint32_t nlbufsiz)"
.br
.ti -1c
.RI "int \fBnflog_set_flags\fP (struct nflog_g_handle *gh, uint16_t flags)"
.br
.in -1c
.SH "Detailed Description"
.PP 
Once libnetfilter_log library has been initialised (See \fBLibrarySetup\fP), it is possible to bind the program to a specific group\&. This can be done using \fBnflog_bind_group()\fP\&.
.PP
The group can then be tuned via \fBnflog_set_mode()\fP among many others\&.
.PP
Here's a little code snippet that binds to the group 100: 
.PP
.nf
        printf('binding this socket to group 100\\\n');
        gh = nflog_bind_group(h, 100);
        if (!gh) {
                fprintf(stderr, 'no handle for group 100\\\n');
                exit(1);
        }

        printf('setting copy_packet mode\\\n');
        if (nflog_set_mode(gh, NFULNL_COPY_PACKET, 0xffff) < 0) {
                fprintf(stderr, 'can't set packet copy mode\\\n');
                exit(1);
        }

.fi
.PP
.PP
Next step is the handling of incoming packets which can be done via a loop:
.PP
.PP
.nf
        fd = nflog_fd(h);

        while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
                printf('pkt received (len=%u)\\\n', rv);
                nflog_handle_packet(h, buf, rv);
        }
.fi
.PP
.PP
Data and information about the packet can be fetched by using message parsing   
functions.
.PP
\fBSee also:\fP
.RS 4
\fBLibrarySetup\fP man page (\fBman nflog_open\fP)
.br
\fBParsing\fP man page (\fBman nflog_get_gid\fP)
.RE
.PP
.SH "Function Documentation"
.PP 
.SS "struct nflog_g_handle * nflog_bind_group (struct nflog_handle * h, uint16_t num)"
nflog_bind_group - bind a new handle to a specific group number\&. 
.PP
\fBParameters\fP
.RS 4
\fIh\fP Netfilter log handle obtained via call to \fBnflog_open()\fP 
.br
\fInum\fP the number of the group to bind to
.RE
.PP
\fBReturns\fP
.RS 4
an nflog_g_handle for the newly created group or NULL on failure\&. 
.RE
.PP
\fBErrors\fP
.RS 4
\fBEBUSY\fP This process has already binded to the group 
.br
\fBEOPNOTSUPP\fP Request rejected by kernel\&. Another process has already binded to the group, or this process is not running as root 
.RE
.PP

.PP
Definition at line \fB464\fP of file \fBlibnetfilter_log\&.c\fP\&.
.SS "int nflog_callback_register (struct nflog_g_handle * gh, nflog_callback * cb, void * data)"
nflog_callback_register - register function to process packets
.PP
\fBParameters\fP
.RS 4
\fIgh\fP Netfilter log group handle obtained by call to \fBnflog_bind_group()\fP 
.br
\fIcb\fP callback function to call for each logged packet 
.br
\fIdata\fP custom data to pass to the callback function 
.RE
.PP
\fBReturns\fP
.RS 4
0 
.RE
.PP

.PP
Definition at line \fB343\fP of file \fBlibnetfilter_log\&.c\fP\&.
.SS "int nflog_fd (struct nflog_handle * h)"
nflog_fd - get the file descriptor associated with the nflog handler 
.PP
\fBParameters\fP
.RS 4
\fIh\fP handler obtained via call to \fBnflog_open()\fP
.RE
.PP
\fBReturns\fP
.RS 4
a file descriptor for the netlink connection associated with the given log connection handle\&. The file descriptor can then be used for receiving the logged packets for processing\&. 
.RE
.PP

.PP
Definition at line \fB245\fP of file \fBlibnetfilter_log\&.c\fP\&.
.SS "int nflog_handle_packet (struct nflog_handle * h, char * buf, int len)"
nflog_handle_packet - handle a packet received from the nflog subsystem 
.PP
\fBParameters\fP
.RS 4
\fIh\fP Netfilter log handle obtained via call to \fBnflog_open()\fP 
.br
\fIbuf\fP nflog data received from the kernel 
.br
\fIlen\fP length of packet data in buffer
.RE
.PP
Triggers an associated callback for each packet contained in \fBbuf\fP\&. Data can be read from the queue using \fBnflog_fd()\fP and \fBrecv()\fP\&. See example code in the Detailed Description\&. 
.PP
\fBReturns\fP
.RS 4
0 on success, -1 if either the callback returned -ve or \fBbuf\fP contains corrupt data\&. \fBerrno\fP is not reliably set: caller should zeroise first if interested\&. 
.RE
.PP

.PP
Definition at line \fB366\fP of file \fBlibnetfilter_log\&.c\fP\&.
.SS "int nflog_set_flags (struct nflog_g_handle * gh, uint16_t flags)"
nflog_set_flags - set the nflog flags for this group 
.PP
\fBParameters\fP
.RS 4
\fIgh\fP Netfilter log group handle obtained by call to \fBnflog_bind_group()\fP\&. 
.br
\fIflags\fP Flags that you want to set
.RE
.PP
There are two existing flags: 
.PP
.nf
 - NFULNL_CFG_F_SEQ: This enables local nflog sequence numbering\&.
 - NFULNL_CFG_F_SEQ_GLOBAL: This enables global nflog sequence numbering\&.
 - NFULNL_CFG_F_CONNTRACK: This enables to acquire related conntrack\&.

.fi
.PP
 
.PP
\fBReturns\fP
.RS 4
0 on success, -1 on failure with \fBerrno\fP set\&. 
.RE
.PP
\fBErrors\fP
.RS 4
from underlying calls, in exceptional circumstances 
.RE
.PP

.PP
Definition at line \fB664\fP of file \fBlibnetfilter_log\&.c\fP\&.
.SS "int nflog_set_mode (struct nflog_g_handle * gh, uint8_t mode, uint32_t range)"
nflog_set_mode - set the amount of packet data that nflog copies to userspace 
.PP
\fBParameters\fP
.RS 4
\fIgh\fP Netfilter log group handle obtained by call to \fBnflog_bind_group()\fP\&. 
.br
\fImode\fP the part of the packet that we are interested in 
.br
\fIrange\fP size of the packet that we want to get
.RE
.PP
Sets the amount of data to be copied to userspace for each packet logged to the given group\&.
.PP
.IP "\(bu" 2
NFULNL_COPY_NONE - do not copy any data
.IP "\(bu" 2
NFULNL_COPY_META - copy only packet metadata
.IP "\(bu" 2
NFULNL_COPY_PACKET - copy entire packet
.PP
.PP
\fBReturns\fP
.RS 4
0 on success, -1 on failure with \fBerrno\fP set\&. 
.RE
.PP
\fBErrors\fP
.RS 4
from underlying calls, in exceptional circumstances 
.RE
.PP

.PP
Definition at line \fB534\fP of file \fBlibnetfilter_log\&.c\fP\&.
.SS "int nflog_set_nlbufsiz (struct nflog_g_handle * gh, uint32_t nlbufsiz)"
nflog_set_nlbufsiz - set the size of the nflog buffer for this group 
.PP
\fBParameters\fP
.RS 4
\fIgh\fP Netfilter log group handle obtained by call to \fBnflog_bind_group()\fP\&. 
.br
\fInlbufsiz\fP Size of the nflog buffer
.RE
.PP
This function sets the size (in bytes) of the buffer that is used to stack log messages in nflog\&.
.PP
\fBWarning\fP
.RS 4
The use of this function is strongly discouraged\&. The default buffer size (which is one memory page) provides the optimum results in terms of performance\&. Do not use this function in your applications\&.
.RE
.PP
\fBReturns\fP
.RS 4
0 on success, -1 on failure with \fBerrno\fP set\&. 
.RE
.PP
\fBErrors\fP
.RS 4
from underlying calls, in exceptional circumstances 
.RE
.PP

.PP
Definition at line \fB627\fP of file \fBlibnetfilter_log\&.c\fP\&.
.SS "int nflog_set_qthresh (struct nflog_g_handle * gh, uint32_t qthresh)"
nflog_set_qthresh - set the maximum amount of logs in buffer for this group 
.PP
\fBParameters\fP
.RS 4
\fIgh\fP Netfilter log group handle obtained by call to \fBnflog_bind_group()\fP\&. 
.br
\fIqthresh\fP Maximum number of log entries
.RE
.PP
This function determines the maximum number of log entries in the buffer until it is pushed to userspace\&.
.PP
\fBReturns\fP
.RS 4
0 on success, -1 on failure with \fBerrno\fP set\&. 
.RE
.PP
\fBErrors\fP
.RS 4
from underlying calls, in exceptional circumstances 
.RE
.PP

.PP
Definition at line \fB596\fP of file \fBlibnetfilter_log\&.c\fP\&.
.SS "int nflog_set_timeout (struct nflog_g_handle * gh, uint32_t timeout)"
nflog_set_timeout - set the maximum time to push log buffer for this group 
.PP
\fBParameters\fP
.RS 4
\fIgh\fP Netfilter log group handle obtained by call to \fBnflog_bind_group()\fP\&. 
.br
\fItimeout\fP Time to wait until the log buffer is pushed to userspace
.RE
.PP
This function allows one to set the maximum time that nflog waits until it pushes the log buffer to userspace if no new logged packets have occured\&. Basically, nflog implements a buffer to reduce the computational cost of delivering the log message to userspace\&.
.PP
\fBReturns\fP
.RS 4
0 on success, -1 on failure with \fBerrno\fP set\&. 
.RE
.PP
\fBErrors\fP
.RS 4
from underlying calls, in exceptional circumstances 
.RE
.PP

.PP
Definition at line \fB569\fP of file \fBlibnetfilter_log\&.c\fP\&.
.SS "int nflog_unbind_group (struct nflog_g_handle * gh)"
nflog_unbind_group - unbind a group handle\&. 
.PP
\fBParameters\fP
.RS 4
\fIgh\fP Netfilter log group handle obtained via \fBnflog_bind_group()\fP
.RE
.PP
\fBReturns\fP
.RS 4
0 on success, -1 on failure with \fBerrno\fP set\&. 
.RE
.PP
\fBErrors\fP
.RS 4
from underlying calls, in exceptional circumstances 
.RE
.PP

.PP
Definition at line \fB506\fP of file \fBlibnetfilter_log\&.c\fP\&.
.SH "Author"
.PP 
Generated automatically by Doxygen for libnetfilter_log from the source code\&.