I use libnetfilter_queueand iptableswith the goal of NFQUEUEstoring incoming packets in three different queues using --queue-num x.
I successfully create three queues with functions libnetfilter_queue, bind them, listen to them and read from them as follows:
fd = nfq_fd(h);
while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
nfq_handle_packet(h, buf, rv);
}
The callback function initiated with the help nfq_handle_packethas a command nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);where it sends the packet as soon as it is processed. The problem is that I do not want every packet to be sent immediately, since I need to store them in a user structure (see below).
So, I came across a potential solution: I can name the NF_DROPverdict instead NF_ACCEPTfor every packet that I want to queue (so that it will not be sent immediately), save it in my custom structure, and then (sooner or later) re-enter it according to my need.
It sounds great, but the situation is this: I don’t know how to reinsert my queue packages from my pleasure for my user space application. Is it correct to use nfq_set_verdictagain at the same point in my code, but with NF_ACCEPTverdict? Or should I open a socket (possibly raw)?
This is my custom structure.
struct List {
int queue;
int pktsize;
unsigned char *buffer;
struct nfq_q_handle *qh;
struct nfqnl_msg_packet_hdr *hdr;
struct List *next;
};
representing a package caught with the rule above.
These are my lines where to store packages.
struct List *List0 = NULL;
struct List *List1 = NULL;
struct List *List2 = NULL;
I have one Ubuntu 14.04 3.13.0-57-generic.
Any suggestions would be appreciated.