netfilter

http://www.netfilter.org/

: 네트웍 정보를 확인할 수 있다
netlink: memory mapped I/O https://lwn.net/Articles/512442/
참조:https://hydra.geht.net/tino/howto/linux/net/netfilter/

http://netfilter.org/projects/libnetfilter_queue/doxygen/nfqnl__test_8c_source.html

nfqnl_test.c 00001 00002 #include <stdio .h=""> 00003 #include <stdlib .h=""> 00004 #include <unistd .h=""> 00005 #include <netinet in.h=""> 00006 #include <linux types.h=""> 00007 #include <linux netfilter.h=""> /* for NF_ACCEPT */ 00008 00009 #include <libnetfilter_queue libnetfilter_queue.h=""> 00010 00011 /* returns packet id */ 00012 static u_int32_t print_pkt (struct nfq_data *tb) 00013 { 00014 int id = 0; 00015 struct nfqnl_msg_packet_hdr *ph; 00016 struct nfqnl_msg_packet_hw *hwph; 00017 u_int32_t mark,ifi; 00018 int ret; 00019 unsigned char *data; 00020 00021 ph = nfq_get_msg_packet_hdr(tb); 00022 if (ph) { 00023 id = ntohl(ph-&gt;packet_id); 00024 printf("hw_protocol=0x%04x hook=%u id=%u ", 00025 ntohs(ph-&gt;hw_protocol), ph-&gt;hook, id); 00026 } 00027 00028 hwph = nfq_get_packet_hw(tb); 00029 if (hwph) { 00030 int i, hlen = ntohs(hwph-&gt;hw_addrlen); 00031 00032 printf("hw_src_addr="); 00033 for (i = 0; i &lt; hlen-1; i++) 00034 printf("%02x:", hwph-&gt;hw_addr[i]); 00035 printf("%02x ", hwph-&gt;hw_addr[hlen-1]); 00036 } 00037 00038 mark = nfq_get_nfmark(tb); 00039 if (mark) 00040 printf("mark=%u ", mark); 00041 00042 ifi = nfq_get_indev(tb); 00043 if (ifi) 00044 printf("indev=%u ", ifi); 00045 00046 ifi = nfq_get_outdev(tb); 00047 if (ifi) 00048 printf("outdev=%u ", ifi); 00049 ifi = nfq_get_physindev(tb); 00050 if (ifi) 00051 printf("physindev=%u ", ifi); 00052 00053 ifi = nfq_get_physoutdev(tb); 00054 if (ifi) 00055 printf("physoutdev=%u ", ifi); 00056 00057 ret = nfq_get_payload(tb, &amp;data); 00058 if (ret &gt;= 0) 00059 printf("payload_len=%d ", ret); 00060 00061 fputc('\n', stdout); 00062 00063 return id; 00064 } 00065 00066 00067 static int cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, 00068 struct nfq_data *nfa, void *data) 00069 { 00070 u_int32_t id = print_pkt(nfa); 00071 printf("entering callback\n"); 00072 return nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL); 00073 } 00074 00075 int main(int argc, char **argv) 00076 { 00077 struct nfq_handle *h; 00078 struct nfq_q_handle *qh; 00079 struct nfnl_handle *nh; 00080 int fd; 00081 int rv; 00082 char buf[4096] __attribute__ ((aligned)); 00083 00084 printf("opening library handle\n"); 00085 h = nfq_open(); 00086 if (!h) { 00087 fprintf(stderr, "error during nfq_open()\n"); 00088 exit(1); 00089 } 00090 00091 printf("unbinding existing nf_queue handler for AF_INET (if any)\n"); 00092 if (nfq_unbind_pf(h, AF_INET) &lt; 0) { 00093 fprintf(stderr, "error during nfq_unbind_pf()\n"); 00094 exit(1); 00095 } 00096 00097 printf("binding nfnetlink_queue as nf_queue handler for AF_INET\n"); 00098 if (nfq_bind_pf(h, AF_INET) &lt; 0) { 00099 fprintf(stderr, "error during nfq_bind_pf()\n"); 00100 exit(1); 00101 } 00102 00103 printf("binding this socket to queue '0'\n"); 00104 qh = nfq_create_queue(h, 0, &amp;cb, NULL); 00105 if (!qh) { 00106 fprintf(stderr, "error during nfq_create_queue()\n"); 00107 exit(1); 00108 } 00109 00110 printf("setting copy_packet mode\n"); 00111 if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) &lt; 0) { 00112 fprintf(stderr, "can't set packet_copy mode\n"); 00113 exit(1); 00114 } 00115 00116 fd = nfq_fd(h); 00117 00118 while ((rv = recv(fd, buf, sizeof(buf), 0)) &amp;&amp; rv &gt;= 0) { 00119 printf("pkt received\n"); 00120 nfq_handle_packet(h, buf, rv); 00121 } 00122 00123 printf("unbinding from queue 0\n"); 00124 nfq_destroy_queue(qh); 00125 00126 #ifdef INSANE 00127 /* normally, applications SHOULD NOT issue this command, since 00128 * it detaches other programs/sockets from AF_INET, too ! */ 00129 printf("unbinding from AF_INET\n"); 00130 nfq_unbind_pf(h, AF_INET); 00131 #endif 00132 00133 printf("closing library handle\n"); 00134 nfq_close(h); 00135 00136 exit(0); 00137 } </libnetfilter_queue></linux></linux></netinet></unistd></stdlib></stdio>