[PATCH libnetfilter_queue 0/1] src: Add nfq_hdr_put to library

[PATCH libnetfilter_queue 0/1] src: Add nfq_hdr_put to library

[Duncan Roe]

This is the first of a number of proposed additions to libnetfilter_queue.

The plan is to minimise the need for direct calls to libmnl functions in a
libnetfilter_queue program.

 - example program nf-queue.c is shorter
 - calling sequences are simplaer
 - documentation is mostly in one place

Other planned functions include:

 Function                  Purpose
 ========                  =======
 nfq_socket_sendto         Eliminate mnl_socket_sendto arg 3 (nlh->nlmsg_len)
 nfq_socket_open           Eliminate mnl_socket_open arg (NETLINK_NETFILTER)
 nfq_socket_bind           Eliminate mnl_socket_bind args 2 & 3
                           (0, MNL_SOCKET_AUTOPID)
 nfq_socket_setsockopt     Eliminate mnl_socket_setsockopt args 3 & 4
                           (&ret, sizeof(int))
 nfq_cb_run                Eliminate mnl_cb_run arg 3 (0). Also:
                           Replace mnl_cb_run arg 4 (unsigned int portid) with
                           (struct nlmsghdr *nlh). This eliminates the call to
                           mnl_socket_get_portid and the need to declare portid
 nfq_attr_put_config_flags Avoid having to call mnl_attr_put_u32 twice, also
                           avoid having to use htonl.
                           Implementation note: copy nfq_set_queue_flags
                                                documentation
 nfq_attr_put_u32          Avoid call to htonl
 nfq_attr_get_u32          Avoid call to ntohl

Leading eventually to the new top-level module:

Library Setup [CURRENT]

Duncan Roe (1):
  src: move static nfq_hdr_put from examples/nf-queue.c into the library
    since everyone is going to want it.

 examples/nf-queue.c                             | 15 -------------
 include/libnetfilter_queue/libnetfilter_queue.h |  1 +
 src/nlmsg.c                                     | 28 ++++++++++++++++++++++---
 3 files changed, 26 insertions(+), 18 deletions(-)

-- 
2.14.5

[PATCH libnetfilter_queue 1/1] src: move static nfq_hdr_put from examples/nf-queue.c into the library since everyone is going to want it.

[Duncan Roe]

Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
---
 examples/nf-queue.c                             | 15 -------------
 include/libnetfilter_queue/libnetfilter_queue.h |  1 +
 src/nlmsg.c                                     | 28 ++++++++++++++++++++++---
 3 files changed, 26 insertions(+), 18 deletions(-)

diff --git a/examples/nf-queue.c b/examples/nf-queue.c
index 960e244..112c3bf 100644
--- a/examples/nf-queue.c
+++ b/examples/nf-queue.c
@@ -20,21 +20,6 @@
 
 static struct mnl_socket *nl;
 
-static struct nlmsghdr *
-nfq_hdr_put(char *buf, int type, uint32_t queue_num)
-{
-	struct nlmsghdr *nlh = mnl_nlmsg_put_header(buf);
-	nlh->nlmsg_type	= (NFNL_SUBSYS_QUEUE << 8) | type;
-	nlh->nlmsg_flags = NLM_F_REQUEST;
-
-	struct nfgenmsg *nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg));
-	nfg->nfgen_family = AF_UNSPEC;
-	nfg->version = NFNETLINK_V0;
-	nfg->res_id = htons(queue_num);
-
-	return nlh;
-}
-
 static void
 nfq_send_verdict(int queue_num, uint32_t id)
 {
diff --git a/include/libnetfilter_queue/libnetfilter_queue.h b/include/libnetfilter_queue/libnetfilter_queue.h
index 092c57d..3372099 100644
--- a/include/libnetfilter_queue/libnetfilter_queue.h
+++ b/include/libnetfilter_queue/libnetfilter_queue.h
@@ -149,6 +149,7 @@ void nfq_nlmsg_verdict_put_mark(struct nlmsghdr *nlh, uint32_t mark);
 void nfq_nlmsg_verdict_put_pkt(struct nlmsghdr *nlh, const void *pkt, uint32_t pktlen);
 
 int nfq_nlmsg_parse(const struct nlmsghdr *nlh, struct nlattr **attr);
+struct nlmsghdr *nfq_hdr_put(char *buf, int type, uint32_t queue_num);
 
 #ifdef __cplusplus
 } /* extern "C" */
diff --git a/src/nlmsg.c b/src/nlmsg.c
index 4f09bf6..f4123f3 100644
--- a/src/nlmsg.c
+++ b/src/nlmsg.c
@@ -261,9 +261,9 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data)
 
 /**
  * nfq_nlmsg_parse - set packet attributes from netlink message
- * \param nlh netlink message that you want to read.
- * \param attr pointer to array of attributes to set.
- * \returns MNL_CB_OK on success or MNL_CB_ERROR if any error occurs.
+ * \param nlh Pointer to netlink message
+ * \param attr Pointer to array of attributes to set
+ * \returns MNL_CB_OK on success or MNL_CB_ERROR if any error occurs
  */
 EXPORT_SYMBOL
 int nfq_nlmsg_parse(const struct nlmsghdr *nlh, struct nlattr **attr)
@@ -272,6 +272,28 @@ int nfq_nlmsg_parse(const struct nlmsghdr *nlh, struct nlattr **attr)
 			      nfq_pkt_parse_attr_cb, attr);
 }
 
+/**
+ * nfq_hdr_put - Convert memory buffer into a Netlink buffer
+ * \param *buf Pointer to memory buffer
+ * \param type Either NFQNL_MSG_CONFIG or NFQNL_MSG_VERDICT
+ * \param queue_num Queue number
+ * \returns Pointer to netlink message
+ */
+EXPORT_SYMBOL
+struct nlmsghdr *nfq_hdr_put(char *buf, int type, uint32_t queue_num)
+{
+	struct nlmsghdr *nlh = mnl_nlmsg_put_header(buf);
+	nlh->nlmsg_type = (NFNL_SUBSYS_QUEUE << 8) | type;
+	nlh->nlmsg_flags = NLM_F_REQUEST;
+
+	struct nfgenmsg *nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg));
+	nfg->nfgen_family = AF_UNSPEC;
+	nfg->version = NFNETLINK_V0;
+	nfg->res_id = htons(queue_num);
+
+	return nlh;
+}
+
 /**
  * @}
  */
-- 
2.14.5

Re: [PATCH libnetfilter_queue 1/1] src: move static nfq_hdr_put from examples/nf-queue.c into the library since everyone is going to want it.

[Pablo Neira Ayuso]

On Tue, Feb 04, 2020 at 01:00:03PM +1100, Duncan Roe wrote:
> Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
> ---
>  examples/nf-queue.c                             | 15 -------------
>  include/libnetfilter_queue/libnetfilter_queue.h |  1 +
>  src/nlmsg.c                                     | 28 ++++++++++++++++++++++---
>  3 files changed, 26 insertions(+), 18 deletions(-)
> 
> diff --git a/examples/nf-queue.c b/examples/nf-queue.c
> index 960e244..112c3bf 100644
> --- a/examples/nf-queue.c
> +++ b/examples/nf-queue.c
> @@ -20,21 +20,6 @@
>  
>  static struct mnl_socket *nl;
>  
> -static struct nlmsghdr *
> -nfq_hdr_put(char *buf, int type, uint32_t queue_num)
> -{
> -	struct nlmsghdr *nlh = mnl_nlmsg_put_header(buf);
> -	nlh->nlmsg_type	= (NFNL_SUBSYS_QUEUE << 8) | type;
> -	nlh->nlmsg_flags = NLM_F_REQUEST;
> -
> -	struct nfgenmsg *nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg));
> -	nfg->nfgen_family = AF_UNSPEC;
> -	nfg->version = NFNETLINK_V0;
> -	nfg->res_id = htons(queue_num);
> -
> -	return nlh;
> -}
> -
>  static void
>  nfq_send_verdict(int queue_num, uint32_t id)
>  {
> diff --git a/include/libnetfilter_queue/libnetfilter_queue.h b/include/libnetfilter_queue/libnetfilter_queue.h
> index 092c57d..3372099 100644
> --- a/include/libnetfilter_queue/libnetfilter_queue.h
> +++ b/include/libnetfilter_queue/libnetfilter_queue.h
> @@ -149,6 +149,7 @@ void nfq_nlmsg_verdict_put_mark(struct nlmsghdr *nlh, uint32_t mark);
>  void nfq_nlmsg_verdict_put_pkt(struct nlmsghdr *nlh, const void *pkt, uint32_t pktlen);
>  
>  int nfq_nlmsg_parse(const struct nlmsghdr *nlh, struct nlattr **attr);
> +struct nlmsghdr *nfq_hdr_put(char *buf, int type, uint32_t queue_num);
>  
>  #ifdef __cplusplus
>  } /* extern "C" */
> diff --git a/src/nlmsg.c b/src/nlmsg.c
> index 4f09bf6..f4123f3 100644
> --- a/src/nlmsg.c
> +++ b/src/nlmsg.c
> @@ -261,9 +261,9 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data)
>  
>  /**
>   * nfq_nlmsg_parse - set packet attributes from netlink message
> - * \param nlh netlink message that you want to read.
> - * \param attr pointer to array of attributes to set.
> - * \returns MNL_CB_OK on success or MNL_CB_ERROR if any error occurs.
> + * \param nlh Pointer to netlink message
> + * \param attr Pointer to array of attributes to set
> + * \returns MNL_CB_OK on success or MNL_CB_ERROR if any error occurs
>   */
>  EXPORT_SYMBOL
>  int nfq_nlmsg_parse(const struct nlmsghdr *nlh, struct nlattr **attr)
> @@ -272,6 +272,28 @@ int nfq_nlmsg_parse(const struct nlmsghdr *nlh, struct nlattr **attr)
>  			      nfq_pkt_parse_attr_cb, attr);
>  }
>  
> +/**
> + * nfq_hdr_put - Convert memory buffer into a Netlink buffer

Looks good. Just one small change: I'd suggest you rename this to
nfq_nlmsg_put.

Thanks.

[PATCH libnetfilter_queue v2] src: move static nfq_hdr_put from examples/nf-queue.c into the library since everyone is going to want it.

[Duncan Roe]

Also rename nfq_hdr_put to nfq_nlmsg_put

Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>

v2: Rename nfq_hdr_put to nfq_nlmsg_put on Pablo's suggestion
---
 examples/nf-queue.c                             | 21 +++----------------
 include/libnetfilter_queue/libnetfilter_queue.h |  1 +
 src/nlmsg.c                                     | 28 ++++++++++++++++++++++---
 3 files changed, 29 insertions(+), 21 deletions(-)

diff --git a/examples/nf-queue.c b/examples/nf-queue.c
index 960e244..3da2c24 100644
--- a/examples/nf-queue.c
+++ b/examples/nf-queue.c
@@ -20,21 +20,6 @@
 
 static struct mnl_socket *nl;
 
-static struct nlmsghdr *
-nfq_hdr_put(char *buf, int type, uint32_t queue_num)
-{
-	struct nlmsghdr *nlh = mnl_nlmsg_put_header(buf);
-	nlh->nlmsg_type	= (NFNL_SUBSYS_QUEUE << 8) | type;
-	nlh->nlmsg_flags = NLM_F_REQUEST;
-
-	struct nfgenmsg *nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg));
-	nfg->nfgen_family = AF_UNSPEC;
-	nfg->version = NFNETLINK_V0;
-	nfg->res_id = htons(queue_num);
-
-	return nlh;
-}
-
 static void
 nfq_send_verdict(int queue_num, uint32_t id)
 {
@@ -42,7 +27,7 @@ nfq_send_verdict(int queue_num, uint32_t id)
 	struct nlmsghdr *nlh;
 	struct nlattr *nest;
 
-	nlh = nfq_hdr_put(buf, NFQNL_MSG_VERDICT, queue_num);
+	nlh = nfq_nlmsg_put(buf, NFQNL_MSG_VERDICT, queue_num);
 	nfq_nlmsg_verdict_put(nlh, id, NF_ACCEPT);
 
 	/* example to set the connmark. First, start NFQA_CT section: */
@@ -150,7 +135,7 @@ int main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
-	nlh = nfq_hdr_put(buf, NFQNL_MSG_CONFIG, queue_num);
+	nlh = nfq_nlmsg_put(buf, NFQNL_MSG_CONFIG, queue_num);
 	nfq_nlmsg_cfg_put_cmd(nlh, AF_INET, NFQNL_CFG_CMD_BIND);
 
 	if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
@@ -158,7 +143,7 @@ int main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
-	nlh = nfq_hdr_put(buf, NFQNL_MSG_CONFIG, queue_num);
+	nlh = nfq_nlmsg_put(buf, NFQNL_MSG_CONFIG, queue_num);
 	nfq_nlmsg_cfg_put_params(nlh, NFQNL_COPY_PACKET, 0xffff);
 
 	mnl_attr_put_u32(nlh, NFQA_CFG_FLAGS, htonl(NFQA_CFG_F_GSO));
diff --git a/include/libnetfilter_queue/libnetfilter_queue.h b/include/libnetfilter_queue/libnetfilter_queue.h
index 092c57d..34385a7 100644
--- a/include/libnetfilter_queue/libnetfilter_queue.h
+++ b/include/libnetfilter_queue/libnetfilter_queue.h
@@ -149,6 +149,7 @@ void nfq_nlmsg_verdict_put_mark(struct nlmsghdr *nlh, uint32_t mark);
 void nfq_nlmsg_verdict_put_pkt(struct nlmsghdr *nlh, const void *pkt, uint32_t pktlen);
 
 int nfq_nlmsg_parse(const struct nlmsghdr *nlh, struct nlattr **attr);
+struct nlmsghdr *nfq_nlmsg_put(char *buf, int type, uint32_t queue_num);
 
 #ifdef __cplusplus
 } /* extern "C" */
diff --git a/src/nlmsg.c b/src/nlmsg.c
index 4f09bf6..e141156 100644
--- a/src/nlmsg.c
+++ b/src/nlmsg.c
@@ -261,9 +261,9 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data)
 
 /**
  * nfq_nlmsg_parse - set packet attributes from netlink message
- * \param nlh netlink message that you want to read.
- * \param attr pointer to array of attributes to set.
- * \returns MNL_CB_OK on success or MNL_CB_ERROR if any error occurs.
+ * \param nlh Pointer to netlink message
+ * \param attr Pointer to array of attributes to set
+ * \returns MNL_CB_OK on success or MNL_CB_ERROR if any error occurs
  */
 EXPORT_SYMBOL
 int nfq_nlmsg_parse(const struct nlmsghdr *nlh, struct nlattr **attr)
@@ -272,6 +272,28 @@ int nfq_nlmsg_parse(const struct nlmsghdr *nlh, struct nlattr **attr)
 			      nfq_pkt_parse_attr_cb, attr);
 }
 
+/**
+ * nfq_nlmsg_put - Convert memory buffer into a Netlink buffer
+ * \param *buf Pointer to memory buffer
+ * \param type Either NFQNL_MSG_CONFIG or NFQNL_MSG_VERDICT
+ * \param queue_num Queue number
+ * \returns Pointer to netlink message
+ */
+EXPORT_SYMBOL
+struct nlmsghdr *nfq_nlmsg_put(char *buf, int type, uint32_t queue_num)
+{
+	struct nlmsghdr *nlh = mnl_nlmsg_put_header(buf);
+	nlh->nlmsg_type = (NFNL_SUBSYS_QUEUE << 8) | type;
+	nlh->nlmsg_flags = NLM_F_REQUEST;
+
+	struct nfgenmsg *nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg));
+	nfg->nfgen_family = AF_UNSPEC;
+	nfg->version = NFNETLINK_V0;
+	nfg->res_id = htons(queue_num);
+
+	return nlh;
+}
+
 /**
  * @}
  */
-- 
2.14.5

[PATCH libnetfilter_queue v3] src: move static nfq_hdr_put from examples/nf-queue.c into the library since everyone is going to want it.

[Duncan Roe]

Also rename nfq_hdr_put to nfq_nlmsg_put

Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>

v2: Rename nfq_hdr_put to nfq_nlmsg_put on Pablo's suggestion
v3: Update fixmanpages.sh now it has been committed (including whitespace fix)
---
 examples/nf-queue.c                             | 21 +++----------------
 fixmanpages.sh                                  |  3 ++-
 include/libnetfilter_queue/libnetfilter_queue.h |  1 +
 src/nlmsg.c                                     | 28 ++++++++++++++++++++++---
 4 files changed, 31 insertions(+), 22 deletions(-)

diff --git a/examples/nf-queue.c b/examples/nf-queue.c
index 960e244..3da2c24 100644
--- a/examples/nf-queue.c
+++ b/examples/nf-queue.c
@@ -20,21 +20,6 @@
 
 static struct mnl_socket *nl;
 
-static struct nlmsghdr *
-nfq_hdr_put(char *buf, int type, uint32_t queue_num)
-{
-	struct nlmsghdr *nlh = mnl_nlmsg_put_header(buf);
-	nlh->nlmsg_type	= (NFNL_SUBSYS_QUEUE << 8) | type;
-	nlh->nlmsg_flags = NLM_F_REQUEST;
-
-	struct nfgenmsg *nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg));
-	nfg->nfgen_family = AF_UNSPEC;
-	nfg->version = NFNETLINK_V0;
-	nfg->res_id = htons(queue_num);
-
-	return nlh;
-}
-
 static void
 nfq_send_verdict(int queue_num, uint32_t id)
 {
@@ -42,7 +27,7 @@ nfq_send_verdict(int queue_num, uint32_t id)
 	struct nlmsghdr *nlh;
 	struct nlattr *nest;
 
-	nlh = nfq_hdr_put(buf, NFQNL_MSG_VERDICT, queue_num);
+	nlh = nfq_nlmsg_put(buf, NFQNL_MSG_VERDICT, queue_num);
 	nfq_nlmsg_verdict_put(nlh, id, NF_ACCEPT);
 
 	/* example to set the connmark. First, start NFQA_CT section: */
@@ -150,7 +135,7 @@ int main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
-	nlh = nfq_hdr_put(buf, NFQNL_MSG_CONFIG, queue_num);
+	nlh = nfq_nlmsg_put(buf, NFQNL_MSG_CONFIG, queue_num);
 	nfq_nlmsg_cfg_put_cmd(nlh, AF_INET, NFQNL_CFG_CMD_BIND);
 
 	if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
@@ -158,7 +143,7 @@ int main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
-	nlh = nfq_hdr_put(buf, NFQNL_MSG_CONFIG, queue_num);
+	nlh = nfq_nlmsg_put(buf, NFQNL_MSG_CONFIG, queue_num);
 	nfq_nlmsg_cfg_put_params(nlh, NFQNL_COPY_PACKET, 0xffff);
 
 	mnl_attr_put_u32(nlh, NFQA_CFG_FLAGS, htonl(NFQA_CFG_F_GSO));
diff --git a/fixmanpages.sh b/fixmanpages.sh
index 897086b..2592f5e 100755
--- a/fixmanpages.sh
+++ b/fixmanpages.sh
@@ -28,6 +28,7 @@ function main
   setgroup nfq_verd nfq_nlmsg_verdict_put
     add2group nfq_nlmsg_verdict_put_mark nfq_nlmsg_verdict_put_pkt
   setgroup nlmsg nfq_nlmsg_parse
+    add2group nfq_nlmsg_put
   setgroup pktbuff pktb_alloc
     add2group pktb_data pktb_len pktb_mangle pktb_mangled
     add2group pktb_free
@@ -52,7 +53,7 @@ function setgroup
   mv $1.3 $2.3
   BASE=$2
 }
-function   add2group
+function add2group
 {
   for i in $@
   do
diff --git a/include/libnetfilter_queue/libnetfilter_queue.h b/include/libnetfilter_queue/libnetfilter_queue.h
index 092c57d..34385a7 100644
--- a/include/libnetfilter_queue/libnetfilter_queue.h
+++ b/include/libnetfilter_queue/libnetfilter_queue.h
@@ -149,6 +149,7 @@ void nfq_nlmsg_verdict_put_mark(struct nlmsghdr *nlh, uint32_t mark);
 void nfq_nlmsg_verdict_put_pkt(struct nlmsghdr *nlh, const void *pkt, uint32_t pktlen);
 
 int nfq_nlmsg_parse(const struct nlmsghdr *nlh, struct nlattr **attr);
+struct nlmsghdr *nfq_nlmsg_put(char *buf, int type, uint32_t queue_num);
 
 #ifdef __cplusplus
 } /* extern "C" */
diff --git a/src/nlmsg.c b/src/nlmsg.c
index 4f09bf6..e141156 100644
--- a/src/nlmsg.c
+++ b/src/nlmsg.c
@@ -261,9 +261,9 @@ static int nfq_pkt_parse_attr_cb(const struct nlattr *attr, void *data)
 
 /**
  * nfq_nlmsg_parse - set packet attributes from netlink message
- * \param nlh netlink message that you want to read.
- * \param attr pointer to array of attributes to set.
- * \returns MNL_CB_OK on success or MNL_CB_ERROR if any error occurs.
+ * \param nlh Pointer to netlink message
+ * \param attr Pointer to array of attributes to set
+ * \returns MNL_CB_OK on success or MNL_CB_ERROR if any error occurs
  */
 EXPORT_SYMBOL
 int nfq_nlmsg_parse(const struct nlmsghdr *nlh, struct nlattr **attr)
@@ -272,6 +272,28 @@ int nfq_nlmsg_parse(const struct nlmsghdr *nlh, struct nlattr **attr)
 			      nfq_pkt_parse_attr_cb, attr);
 }
 
+/**
+ * nfq_nlmsg_put - Convert memory buffer into a Netlink buffer
+ * \param *buf Pointer to memory buffer
+ * \param type Either NFQNL_MSG_CONFIG or NFQNL_MSG_VERDICT
+ * \param queue_num Queue number
+ * \returns Pointer to netlink message
+ */
+EXPORT_SYMBOL
+struct nlmsghdr *nfq_nlmsg_put(char *buf, int type, uint32_t queue_num)
+{
+	struct nlmsghdr *nlh = mnl_nlmsg_put_header(buf);
+	nlh->nlmsg_type = (NFNL_SUBSYS_QUEUE << 8) | type;
+	nlh->nlmsg_flags = NLM_F_REQUEST;
+
+	struct nfgenmsg *nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg));
+	nfg->nfgen_family = AF_UNSPEC;
+	nfg->version = NFNETLINK_V0;
+	nfg->res_id = htons(queue_num);
+
+	return nlh;
+}
+
 /**
  * @}
  */
-- 
2.14.5

Re: [PATCH libnetfilter_queue v3] src: move static nfq_hdr_put from examples/nf-queue.c into the library since everyone is going to want it.

[Pablo Neira Ayuso]

On Mon, Feb 24, 2020 at 01:21:51PM +1100, Duncan Roe wrote:
> Also rename nfq_hdr_put to nfq_nlmsg_put

Applied, thanks.