ebt_ulog based arpwatch
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

114 lines
3.4KB

  1. /***************************************************************************
  2. * Copyright (C) 07/2007 by Olaf Rempel *
  3. * razzor@kopf-tisch.de *
  4. * *
  5. * This program is free software; you can redistribute it and/or modify *
  6. * it under the terms of the GNU General Public License as published by *
  7. * the Free Software Foundation; version 2 of the License *
  8. * *
  9. * This program is distributed in the hope that it will be useful, *
  10. * but WITHOUT ANY WARRANTY; without even the implied warranty of *
  11. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
  12. * GNU General Public License for more details. *
  13. * *
  14. * You should have received a copy of the GNU General Public License *
  15. * along with this program; if not, write to the *
  16. * Free Software Foundation, Inc., *
  17. * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
  18. ***************************************************************************/
  19. #include <stdio.h>
  20. #include <stdlib.h>
  21. #include <unistd.h>
  22. #include <sys/socket.h>
  23. #include <linux/netlink.h>
  24. #include "configfile.h"
  25. #include "event.h"
  26. #include "logging.h"
  27. #include "ulogparse.h"
  28. static struct event_fd *nl_event;
  29. #define BUFLEN 65536
  30. static char buf[BUFLEN];
  31. static int netlink_cb(int fd, void *privdata)
  32. {
  33. int len = recv(fd, buf, BUFLEN, 0);
  34. if (len <= 0) {
  35. log_print(LOG_WARN, "netlink_cb(): recv()");
  36. return 0;
  37. }
  38. struct nlmsghdr *nlh = (struct nlmsghdr *)buf;
  39. if (nlh->nlmsg_flags & MSG_TRUNC || len > BUFLEN) {
  40. log_print(LOG_WARN, "netlink_cb(): message truncated");
  41. return 0;
  42. }
  43. if (!NLMSG_OK(nlh, BUFLEN)) {
  44. log_print(LOG_WARN, "netlink_cb(): parse error");
  45. return 0;
  46. }
  47. while (nlh != NULL) {
  48. parse_ulog_packet(NLMSG_DATA(nlh));
  49. if (nlh->nlmsg_flags & NLM_F_MULTI && nlh->nlmsg_type != NLMSG_DONE) {
  50. int remain_len = (len - ((char *)nlh - buf));
  51. nlh = NLMSG_NEXT(nlh, remain_len);
  52. } else {
  53. nlh = NULL;
  54. }
  55. }
  56. return 0;
  57. }
  58. int netlink_init(void)
  59. {
  60. int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_NFLOG);
  61. if (fd == 0) {
  62. log_print(LOG_ERROR, "netlink_init(): socket()");
  63. return -1;
  64. }
  65. struct sockaddr_nl local;
  66. local.nl_family = AF_NETLINK;
  67. local.nl_pid = 0;
  68. local.nl_groups = 0;
  69. if (bind(fd, (struct sockaddr *)&local, sizeof(local)) < 0) {
  70. log_print(LOG_ERROR, "netlink_init(): bind()");
  71. close(fd);
  72. return -1;
  73. }
  74. socklen_t addrlen = sizeof(local);
  75. if (getsockname(fd, (struct sockaddr *)&local, &addrlen) < 0) {
  76. log_print(LOG_ERROR, "netlink_init(): getsockname()");
  77. close(fd);
  78. return -1;
  79. }
  80. /* second bind with correct pid (assigned from kernel) */
  81. local.nl_groups = config_get_int("global", "netlink_group", 1);
  82. if (bind(fd, (struct sockaddr *)&local, sizeof(local)) < 0) {
  83. log_print(LOG_ERROR, "netlink_init(): bind()");
  84. close(fd);
  85. return -1;
  86. }
  87. log_print(LOG_INFO, "netlink: listening on group %d", local.nl_groups);
  88. nl_event = event_add_readfd(NULL, fd, netlink_cb, NULL);
  89. return 0;
  90. }
  91. void netlink_close(void)
  92. {
  93. int fd = event_get_fd(nl_event);
  94. event_remove_fd(nl_event);
  95. close(fd);
  96. }