fi
# enable support for NFQUEUE
- AS_IF([test "x$enable_nfqueue" = "xyes"], [
+ if test "x$enable_nfqueue" = "xyes"; then
AC_DEFINE_UNQUOTED([NFQ],[1],[Enable Linux Netfilter NFQUEUE support for inline IDP])
- #libnetfilter_queue
- AC_ARG_WITH(libnetfilter_queue_includes,
+ #libnetfilter_queue
+ AC_ARG_WITH(libnetfilter_queue_includes,
[ --with-libnetfilter_queue-includes=DIR libnetfilter_queue include directory],
[with_libnetfilter_queue_includes="$withval"],[with_libnetfilter_queue_includes=no])
- AC_ARG_WITH(libnetfilter_queue_libraries,
+ AC_ARG_WITH(libnetfilter_queue_libraries,
[ --with-libnetfilter_queue-libraries=DIR libnetfilter_queue library directory],
[with_libnetfilter_queue_libraries="$withval"],[with_libnetfilter_queue_libraries="no"])
- if test "$with_libnetfilter_queue_includes" != "no"; then
- CPPFLAGS="${CPPFLAGS} -I${with_libnetfilter_queue_includes}"
- fi
-
- AC_CHECK_HEADER(libnetfilter_queue/libnetfilter_queue.h,,[AC_ERROR(libnetfilter_queue/libnetfilter_queue.h not found ...)])
-
- if test "$with_libnetfilter_queue_libraries" != "no"; then
- LDFLAGS="${LDFLAGS} -L${with_libnetfilter_queue_libraries}"
- fi
-
- #LDFLAGS="${LDFLAGS} -lnetfilter_queue"
-
- NFQ=""
- case $host in
- *-*-mingw32*)
- AC_CHECK_LIB(netfilter_queue, nfq_open,, NFQ="no",-lws2_32)
+ if test "$with_libnetfilter_queue_includes" != "no"; then
+ CPPFLAGS="${CPPFLAGS} -I${with_libnetfilter_queue_includes}"
+ fi
- AC_ARG_WITH(netfilterforwin_includes,
- [ --with-netfilterforwin-includes=DIR netfilterforwin include directory],
- [with_netfilterforwin_includes="$withval"],[with_netfilterforwin_includes=no])
+ AC_CHECK_HEADER(libnetfilter_queue/libnetfilter_queue.h,,[AC_ERROR(libnetfilter_queue/libnetfilter_queue.h not found ...)])
- if test "$with_netfilterforwin_includes" != "no"; then
- CPPFLAGS="${CPPFLAGS} -I${with_netfilterforwin_includes}"
- else
- CPPFLAGS="${CPPFLAGS} -I../../netfilterforwin"
+ if test "$with_libnetfilter_queue_libraries" != "no"; then
+ LDFLAGS="${LDFLAGS} -L${with_libnetfilter_queue_libraries}"
fi
- ;;
- *)
+
+ NFQ=""
AC_CHECK_LIB(netfilter_queue, nfq_open,, NFQ="no",)
AC_CHECK_LIB([netfilter_queue], [nfq_set_queue_maxlen],AC_DEFINE_UNQUOTED([HAVE_NFQ_MAXLEN],[1],[Found queue max length support in netfilter_queue]) ,,[-lnfnetlink])
AC_CHECK_LIB([netfilter_queue], [nfq_set_verdict2],AC_DEFINE_UNQUOTED([HAVE_NFQ_SET_VERDICT2],[1],[Found nfq_set_verdict2 function in netfilter_queue]) ,,[-lnfnetlink])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[
- #include <stdio.h>
- #include <libnetfilter_queue/libnetfilter_queue.h>
+ #include <stdio.h>
+ #include <libnetfilter_queue/libnetfilter_queue.h>
],
[
- char *pktdata;
- nfq_get_payload(NULL, &pktdata);
+ char *pktdata;
+ nfq_get_payload(NULL, &pktdata);
])],
[libnetfilter_queue_nfq_get_payload_signed="yes"],
[libnetfilter_queue_nfq_get_payload_signed="no"])
AC_DEFINE([NFQ_GET_PAYLOAD_SIGNED], [1], [For signed version of nfq_get_payload])
fi
CFLAGS="${STORECFLAGS}"
- ;;
- esac
- if test "$NFQ" = "no"; then
- echo
- echo " ERROR! libnetfilter_queue library not found, go get it"
- echo " from www.netfilter.org."
- echo " we automatically append libnetfilter_queue/ when searching"
- echo " for headers etc. when the --with-libnfq-includes directive"
- echo " is used"
- echo
- exit 1
+ if test "$NFQ" = "no"; then
+ echo
+ echo " ERROR! libnetfilter_queue library not found, go get it"
+ echo " from www.netfilter.org."
+ echo " we automatically append libnetfilter_queue/ when searching"
+ echo " for headers etc. when the --with-libnfq-includes directive"
+ echo " is used"
+ echo
+ exit 1
+ fi
fi
- ])
# libnetfilter_log
AC_ARG_WITH(libnetfilter_log_includes,
static TmEcode NFQInitThread(NFQThreadVars *t, uint32_t queue_maxlen)
{
-#ifndef OS_WIN32
struct timeval tv;
int opt;
-#endif
NFQQueueVars *q = NFQGetQueue(t->nfq_index);
if (q == NULL) {
SCLogError(SC_ERR_NFQ_OPEN, "no queue for given index");
}
#endif /* HAVE_NFQ_MAXLEN */
-#ifndef OS_WIN32
/* set netlink buffer size to a decent value */
nfnl_rcvbufsiz(nfq_nfnlh(q->h), queue_maxlen * 1500);
SCLogInfo("setting nfnl bufsize to %" PRId32 "", queue_maxlen * 1500);
SCLogDebug("nfq_q->h %p, nfq_q->nh %p, nfq_q->qh %p, nfq_q->fd %" PRId32 "",
q->h, q->nh, q->qh, q->fd);
-#else /* OS_WIN32 */
- NFQMutexInit(q);
- q->ovr.hEvent = CreateEvent(NULL, FALSE, FALSE, NULL);
- q->fd = nfq_fd(q->h);
- SCLogDebug("q->h %p, q->qh %p, q->fd %p", q->h, q->qh, q->fd);
-#endif /* OS_WIN32 */
return TM_ECODE_OK;
}
{
SCMutexLock(&nfq_init_lock);
-#ifndef OS_WIN32
sigset_t sigs;
sigfillset(&sigs);
pthread_sigmask(SIG_BLOCK, &sigs, NULL);
-#endif /* OS_WIN32 */
NFQThreadVars *ntv = (NFQThreadVars *) initdata;
/* store the ThreadVars pointer in our NFQ thread context
*
* \note separate functions for Linux and Win32 for readability.
*/
-#ifndef OS_WIN32
static void NFQRecvPkt(NFQQueueVars *t, NFQThreadVars *tv)
{
int rv, ret;
}
}
}
-#else /* WIN32 version of NFQRecvPkt */
-void NFQRecvPkt(NFQQueueVars *t, NFQThreadVars *tv)
-{
- int rv, ret;
- static int timeouted = 0;
-
- if (timeouted) {
- if (WaitForSingleObject(t->ovr.hEvent, 1000) == WAIT_TIMEOUT) {
- rv = -1;
- errno = EINTR;
- goto process_rv;
- }
- timeouted = 0;
- }
-
-read_packet_again:
-
- if (!ReadFile(t->fd, tv->buf, sizeof(tv->buf), (DWORD*)&rv, &t->ovr)) {
- if (GetLastError() != ERROR_IO_PENDING) {
- rv = -1;
- errno = EIO;
- } else {
- if (WaitForSingleObject(t->ovr.hEvent, 1000) == WAIT_TIMEOUT) {
- rv = -1;
- errno = EINTR;
- timeouted = 1;
- } else {
- /* We needn't to call GetOverlappedResult() because it always
- * fail with our error code ERROR_MORE_DATA. */
- goto read_packet_again;
- }
- }
- }
-
-process_rv:
-
- if (rv < 0) {
- if (errno == EINTR) {
- /* no error on timeout */
- } else {
-#ifdef COUNTERS
- t->errs++;
-#endif /* COUNTERS */
- }
- } else if(rv == 0) {
- SCLogWarning(SC_ERR_NFQ_RECV, "recv got returncode 0");
- } else {
-#ifdef DBG_PERF
- if (rv > t->dbg_maxreadsize)
- t->dbg_maxreadsize = rv;
-#endif /* DBG_PERF */
-
- //printf("NFQRecvPkt: t %p, rv = %" PRId32 "\n", t, rv);
-
- NFQMutexLock(t);
- if (t->qh) {
- ret = nfq_handle_packet(t->h, buf, rv);
- } else {
- SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "NFQ handle has been destroyed");
- ret = -1;
- }
- NFQMutexUnlock(t);
-
- if (ret != 0) {
- SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "nfq_handle_packet error %" PRId32 "", ret);
- }
- }
-}
-#endif /* OS_WIN32 */
/**
* \brief Main NFQ reading Loop function
projects / thirdparty / suricata.git / commitdiff
