forked from oremanj/python-netfilterqueue
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dnx_nfqueue.pxd
194 lines (160 loc) · 5.27 KB
/
dnx_nfqueue.pxd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
cdef extern from "sys/types.h":
ctypedef unsigned char u_int8_t
ctypedef unsigned short int u_int16_t
ctypedef unsigned int u_int32_t
cdef extern from "<errno.h>":
int errno
cdef extern from "time.h" nogil:
ctypedef long time_t
time_t time(time_t*)
struct timeval:
time_t tv_sec
time_t tv_usec
struct timezone:
pass
# dummy defines from asm-generic/errno.h:
cdef enum:
EAGAIN = 11 # Try again
EWOULDBLOCK = EAGAIN
ENOBUFS = 105 # No buffer space available
# cython define
cdef struct iphdr:
u_int8_t ver_ihl
u_int8_t tos
u_int16_t tot_len
u_int16_t id
u_int16_t frag_off
u_int8_t ttl
u_int8_t protocol
u_int16_t check
u_int32_t saddr
u_int32_t daddr
# cython define
cdef struct tcphdr:
u_int16_t th_sport
u_int16_t th_dport
u_int32_t th_seq
u_int32_t th_ack
u_int8_t th_off
u_int8_t th_flags
u_int16_t th_win
u_int16_t th_sum
u_int16_t th_urp
# cython define
cdef struct udphdr:
u_int16_t uh_sport
u_int16_t uh_dport
u_int16_t uh_ulen
u_int16_t uh_sum
cdef struct icmphdr:
u_int8_t type
u_int8_t code
# from netinet/in.h:
cdef enum:
IPPROTO_IP = 0 # Dummy protocol for TCP.
IPPROTO_ICMP = 1 # Internet Control Message Protocol.
IPPROTO_TCP = 6 # Transmission Control Protocol.
IPPROTO_UDP = 17 # User Datagram Protocol.
cdef extern from "netinet/in.h":
u_int32_t ntohl (u_int32_t __netlong) nogil
u_int16_t ntohs (u_int16_t __netshort) nogil
u_int32_t htonl (u_int32_t __hostlong) nogil
u_int16_t htons (u_int16_t __hostshort) nogil
cdef extern from "libnfnetlink/linux_nfnetlink.h":
struct nfgenmsg:
u_int8_t nfgen_family
u_int8_t version
u_int16_t res_id
cdef extern from "libnfnetlink/libnfnetlink.h":
struct nfnl_handle:
pass
unsigned int nfnl_rcvbufsiz(nfnl_handle *h, unsigned int size)
cdef extern from "libnetfilter_queue/linux_nfnetlink_queue.h":
enum nfqnl_config_mode:
NFQNL_COPY_NONE
NFQNL_COPY_META
NFQNL_COPY_PACKET
struct nfqnl_msg_packet_hdr:
u_int32_t packet_id
u_int16_t hw_protocol
u_int8_t hook
cdef extern from "libnetfilter_queue/libnetfilter_queue.h":
struct nfq_handle:
pass
struct nfq_q_handle:
pass
struct nfq_data:
pass
struct nfqnl_msg_packet_hw:
u_int8_t hw_addr[8]
nfq_handle *nfq_open()
int nfq_close(nfq_handle *h)
int nfq_bind_pf(nfq_handle *h, u_int16_t pf)
int nfq_unbind_pf(nfq_handle *h, u_int16_t pf)
ctypedef int *nfq_callback(nfq_q_handle *gh, nfgenmsg *nfmsg, nfq_data *nfad, void *data)
nfq_q_handle *nfq_create_queue(nfq_handle *h, u_int16_t num, nfq_callback *cb, void *data)
int nfq_destroy_queue(nfq_q_handle *qh)
int nfq_handle_packet(nfq_handle *h, char *buf, int len)
int nfq_set_mode(nfq_q_handle *qh, u_int8_t mode, unsigned int len)
q_set_queue_maxlen(nfq_q_handle *qh, u_int32_t queuelen)
int nfq_set_verdict(nfq_q_handle *qh, u_int32_t id, u_int32_t verdict, u_int32_t data_len, unsigned char *buf) nogil
int nfq_set_verdict2(nfq_q_handle *qh, u_int32_t id, u_int32_t verdict, u_int32_t mark,
u_int32_t datalen, unsigned char *buf) nogil
int nfq_set_queue_maxlen(nfq_q_handle *qh, u_int32_t queuelen)
int nfq_fd(nfq_handle *h)
nfqnl_msg_packet_hdr *nfq_get_msg_packet_hdr(nfq_data *nfad) nogil
int nfq_get_payload(nfq_data *nfad, unsigned char **data) nogil
int nfq_get_timestamp(nfq_data *nfad, timeval *tv) nogil
nfqnl_msg_packet_hw *nfq_get_packet_hw(nfq_data *nfad)
int nfq_get_nfmark (nfq_data *nfad) nogil
u_int8_t nfq_get_indev(nfq_data *nfad)
u_int8_t nfq_get_outdev(nfq_data *nfad)
nfnl_handle *nfq_nfnlh(nfq_handle *h)
# Dummy defines from linux/socket.h:
cdef enum: # Protocol families, same as address families.
PF_INET = 2
PF_INET6 = 10
cdef extern from "sys/socket.h":
ssize_t recv(int __fd, void *__buf, size_t __n, int __flags) nogil
int MSG_DONTWAIT
# Dummy defines from linux/netfilter.h
cdef enum:
NF_DROP
NF_ACCEPT
NF_STOLEN
NF_QUEUE
NF_REPEAT
NF_STOP
NF_MAX_VERDICT = NF_STOP
cdef class CPacket:
cdef nfq_q_handle *_qh
cdef nfq_data *_nfa
cdef nfqnl_msg_packet_hdr *_hdr
cdef nfqnl_msg_packet_hw *_hw
cdef u_int32_t _id
# protocol headers
cdef iphdr *ip_header
cdef tcphdr *tcp_header
cdef udphdr *udp_header
cdef icmphdr *icmp_header
cdef bint _verdict
cdef u_int32_t _mark
# Packet details
cdef int _data_len
cdef u_int8_t _cmbhdr_len
cdef readonly unsigned char *data
cdef readonly unsigned char *payload
cdef time_t _timestamp
cdef u_int32_t parse(self, nfq_q_handle *qh, nfq_data *nfa) nogil
cdef void _parse(self) nogil
cdef void verdict(self, u_int32_t verdict)
cpdef update_mark(self, u_int32_t mark)
cpdef accept(self)
cpdef drop(self)
cpdef forward(self, u_int16_t queue_num)
cpdef repeat(self)
cdef class NetfilterQueue:
cdef nfq_handle *h # Handle to NFQueue library
cdef nfq_q_handle *qh # A handle to the queue
cdef u_int16_t af # Address family
cdef packet_copy_size # Amount of packet metadata + data copied to buffer