I compiled and tried to execute below program . But it exit with an
error message "unable to send mode message: connection refused" .
I have registered NETLINK_FIREWALL by loading ip_queue.ko module .
Thanks,
Ratheesh
#include <unistd.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <linux/rtnetlink.h>
//#include <linux/if.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
#include <stdio.h>
#include <getopt.h>
#include <sys/ioctl.h>
#include <syslog.h>
#include <net/if.h>
#include <linux/netfilter_ipv4/ip_queue.h>
#include <linux/in.h>
#include <linux/in6.h>
int main(int argc, char **argv)
{
int netlink_socket;
int seq=0;
struct sockaddr_nl addr;
struct nlmsghdr *nl_header = NULL;
struct ipq_mode_msg *mode_data = NULL;
struct ipq_packet_msg *pkt_data = NULL;
struct ipq_verdict_msg *ver_data = NULL;
unsigned char buf1[128];
unsigned char buf2[128];
/*create the socket*/
netlink_socket = socket(AF_NETLINK,SOCK_RAW,NETLINK_FIREWALL);
/*set up the socket address structure*/
memset(&addr,0,sizeof(struct sockaddr_nl));
addr.nl_family=AF_NETLINK;
addr.nl_pid=0;/*packets are destined for the kernel*/
addr.nl_groups=0;/*we don’t need any multicast groups*/
nl_header=(struct nlsmghdr *)buf1;
nl_header->nlmsg_type=IPQM_MODE;
nl_header->nlmsg_len=NLMSG_LENGTH(sizeof(struct ipq_mode_msg));
nl_header->nlmsg_flags=(NLM_F_REQUEST);
nl_header->nlmsg_pid=getpid();
nl_header->nlmsg_seq=seq++;
mode_data=NLMSG_DATA(nl_header);
mode_data->value=IPQ_COPY_META;
mode_data->range=0;/*when mode is PACKET, 0 here means copy whole packet*/
if(sendto(netlink_socket,(void
*)nl_header,nl_header->nlmsg_len,0,(struct sockaddr
*)&addr,sizeof(struct sockaddr_nl)) < 0) {
perror("unable to send mode message");
exit(0);
}
/*
* *we’re ready to fileter packets
* */
for(;;) {
if(recvfrom(netlink_socket,buf1,NLMSG_LENGTH(sizeof(struct
ipq_packet_msg)),0,&addr,sizeof(struct sockaddr_nl)) < 0) {
perror("Unable to receive packet message");
exit(0);
}
nl_header=(struct nlmsghdr *)buf1;
pkt_data=NLMSG_DATA(nl_header);
/*for the example just forward all packets*/
nl_header=buf2;
nl_header->nlmsg_type=IPQM_VERDICT;
nl_header->nlmsg_len=NLMSG_LENGTH(sizeof(struct ipq_verdict_msg));
nl_header->nlmsg_flags=(NLM_F_REQUEST);
nl_header->nlmsg_pid=getpid();
nl_header->nlmsg_seq=seq++;
ver_data=(struct ipq_verdict_msg *)NLMSG_DATA(nl_header);
ver_data->value=NF_ACCEPT;
ver_data->id=pkt_data->packet_id;
if(sendto(netlink_socket,(void *)nl_header,nl_header->nlmsg_len,0,
(struct sockaddr *)&addr,sizeof(struct sockaddr_nl)) < 0){
perror("unable to send mode message");
exit(0);
}
}
}
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
