From: Victor Julien Date: Tue, 2 May 2017 15:28:15 +0000 (+0200) Subject: nfq: remove obsolete and broken netfilterforwin support X-Git-Tag: suricata-4.0.0-beta1~104 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2687%2Fhead;p=thirdparty%2Fsuricata.git nfq: remove obsolete and broken netfilterforwin support --- diff --git a/configure.ac b/configure.ac index 24d8a2516e..aa7900d86c 100644 --- a/configure.ac +++ b/configure.ac @@ -821,45 +821,28 @@ fi # enable support for NFQUEUE - AS_IF([test "x$enable_nfqueue" = "xyes"], [ + if test "x$enable_nfqueue" = "xyes"; then AC_DEFINE_UNQUOTED([NFQ],[1],[Enable Linux Netfilter NFQUEUE support for inline IDP]) - #libnetfilter_queue - AC_ARG_WITH(libnetfilter_queue_includes, + #libnetfilter_queue + AC_ARG_WITH(libnetfilter_queue_includes, [ --with-libnetfilter_queue-includes=DIR libnetfilter_queue include directory], [with_libnetfilter_queue_includes="$withval"],[with_libnetfilter_queue_includes=no]) - AC_ARG_WITH(libnetfilter_queue_libraries, + AC_ARG_WITH(libnetfilter_queue_libraries, [ --with-libnetfilter_queue-libraries=DIR libnetfilter_queue library directory], [with_libnetfilter_queue_libraries="$withval"],[with_libnetfilter_queue_libraries="no"]) - if test "$with_libnetfilter_queue_includes" != "no"; then - CPPFLAGS="${CPPFLAGS} -I${with_libnetfilter_queue_includes}" - fi - - AC_CHECK_HEADER(libnetfilter_queue/libnetfilter_queue.h,,[AC_ERROR(libnetfilter_queue/libnetfilter_queue.h not found ...)]) - - if test "$with_libnetfilter_queue_libraries" != "no"; then - LDFLAGS="${LDFLAGS} -L${with_libnetfilter_queue_libraries}" - fi - - #LDFLAGS="${LDFLAGS} -lnetfilter_queue" - - NFQ="" - case $host in - *-*-mingw32*) - AC_CHECK_LIB(netfilter_queue, nfq_open,, NFQ="no",-lws2_32) + if test "$with_libnetfilter_queue_includes" != "no"; then + CPPFLAGS="${CPPFLAGS} -I${with_libnetfilter_queue_includes}" + fi - AC_ARG_WITH(netfilterforwin_includes, - [ --with-netfilterforwin-includes=DIR netfilterforwin include directory], - [with_netfilterforwin_includes="$withval"],[with_netfilterforwin_includes=no]) + AC_CHECK_HEADER(libnetfilter_queue/libnetfilter_queue.h,,[AC_ERROR(libnetfilter_queue/libnetfilter_queue.h not found ...)]) - if test "$with_netfilterforwin_includes" != "no"; then - CPPFLAGS="${CPPFLAGS} -I${with_netfilterforwin_includes}" - else - CPPFLAGS="${CPPFLAGS} -I../../netfilterforwin" + if test "$with_libnetfilter_queue_libraries" != "no"; then + LDFLAGS="${LDFLAGS} -L${with_libnetfilter_queue_libraries}" fi - ;; - *) + + NFQ="" AC_CHECK_LIB(netfilter_queue, nfq_open,, NFQ="no",) AC_CHECK_LIB([netfilter_queue], [nfq_set_queue_maxlen],AC_DEFINE_UNQUOTED([HAVE_NFQ_MAXLEN],[1],[Found queue max length support in netfilter_queue]) ,,[-lnfnetlink]) AC_CHECK_LIB([netfilter_queue], [nfq_set_verdict2],AC_DEFINE_UNQUOTED([HAVE_NFQ_SET_VERDICT2],[1],[Found nfq_set_verdict2 function in netfilter_queue]) ,,[-lnfnetlink]) @@ -877,12 +860,12 @@ AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [ - #include - #include + #include + #include ], [ - char *pktdata; - nfq_get_payload(NULL, &pktdata); + char *pktdata; + nfq_get_payload(NULL, &pktdata); ])], [libnetfilter_queue_nfq_get_payload_signed="yes"], [libnetfilter_queue_nfq_get_payload_signed="no"]) @@ -891,20 +874,18 @@ AC_DEFINE([NFQ_GET_PAYLOAD_SIGNED], [1], [For signed version of nfq_get_payload]) fi CFLAGS="${STORECFLAGS}" - ;; - esac - if test "$NFQ" = "no"; then - echo - echo " ERROR! libnetfilter_queue library not found, go get it" - echo " from www.netfilter.org." - echo " we automatically append libnetfilter_queue/ when searching" - echo " for headers etc. when the --with-libnfq-includes directive" - echo " is used" - echo - exit 1 + if test "$NFQ" = "no"; then + echo + echo " ERROR! libnetfilter_queue library not found, go get it" + echo " from www.netfilter.org." + echo " we automatically append libnetfilter_queue/ when searching" + echo " for headers etc. when the --with-libnfq-includes directive" + echo " is used" + echo + exit 1 + fi fi - ]) # libnetfilter_log AC_ARG_WITH(libnetfilter_log_includes, diff --git a/src/source-nfq.c b/src/source-nfq.c index 7c163bd9ef..9059e552a1 100644 --- a/src/source-nfq.c +++ b/src/source-nfq.c @@ -589,10 +589,8 @@ static int NFQCallBack(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, static TmEcode NFQInitThread(NFQThreadVars *t, uint32_t queue_maxlen) { -#ifndef OS_WIN32 struct timeval tv; int opt; -#endif NFQQueueVars *q = NFQGetQueue(t->nfq_index); if (q == NULL) { SCLogError(SC_ERR_NFQ_OPEN, "no queue for given index"); @@ -663,7 +661,6 @@ static TmEcode NFQInitThread(NFQThreadVars *t, uint32_t queue_maxlen) } #endif /* HAVE_NFQ_MAXLEN */ -#ifndef OS_WIN32 /* set netlink buffer size to a decent value */ nfnl_rcvbufsiz(nfq_nfnlh(q->h), queue_maxlen * 1500); SCLogInfo("setting nfnl bufsize to %" PRId32 "", queue_maxlen * 1500); @@ -728,12 +725,6 @@ static TmEcode NFQInitThread(NFQThreadVars *t, uint32_t queue_maxlen) SCLogDebug("nfq_q->h %p, nfq_q->nh %p, nfq_q->qh %p, nfq_q->fd %" PRId32 "", q->h, q->nh, q->qh, q->fd); -#else /* OS_WIN32 */ - NFQMutexInit(q); - q->ovr.hEvent = CreateEvent(NULL, FALSE, FALSE, NULL); - q->fd = nfq_fd(q->h); - SCLogDebug("q->h %p, q->qh %p, q->fd %p", q->h, q->qh, q->fd); -#endif /* OS_WIN32 */ return TM_ECODE_OK; } @@ -742,11 +733,9 @@ TmEcode ReceiveNFQThreadInit(ThreadVars *tv, const void *initdata, void **data) { SCMutexLock(&nfq_init_lock); -#ifndef OS_WIN32 sigset_t sigs; sigfillset(&sigs); pthread_sigmask(SIG_BLOCK, &sigs, NULL); -#endif /* OS_WIN32 */ NFQThreadVars *ntv = (NFQThreadVars *) initdata; /* store the ThreadVars pointer in our NFQ thread context @@ -914,7 +903,6 @@ void *NFQGetThread(int number) * * \note separate functions for Linux and Win32 for readability. */ -#ifndef OS_WIN32 static void NFQRecvPkt(NFQQueueVars *t, NFQThreadVars *tv) { int rv, ret; @@ -959,75 +947,6 @@ static void NFQRecvPkt(NFQQueueVars *t, NFQThreadVars *tv) } } } -#else /* WIN32 version of NFQRecvPkt */ -void NFQRecvPkt(NFQQueueVars *t, NFQThreadVars *tv) -{ - int rv, ret; - static int timeouted = 0; - - if (timeouted) { - if (WaitForSingleObject(t->ovr.hEvent, 1000) == WAIT_TIMEOUT) { - rv = -1; - errno = EINTR; - goto process_rv; - } - timeouted = 0; - } - -read_packet_again: - - if (!ReadFile(t->fd, tv->buf, sizeof(tv->buf), (DWORD*)&rv, &t->ovr)) { - if (GetLastError() != ERROR_IO_PENDING) { - rv = -1; - errno = EIO; - } else { - if (WaitForSingleObject(t->ovr.hEvent, 1000) == WAIT_TIMEOUT) { - rv = -1; - errno = EINTR; - timeouted = 1; - } else { - /* We needn't to call GetOverlappedResult() because it always - * fail with our error code ERROR_MORE_DATA. */ - goto read_packet_again; - } - } - } - -process_rv: - - if (rv < 0) { - if (errno == EINTR) { - /* no error on timeout */ - } else { -#ifdef COUNTERS - t->errs++; -#endif /* COUNTERS */ - } - } else if(rv == 0) { - SCLogWarning(SC_ERR_NFQ_RECV, "recv got returncode 0"); - } else { -#ifdef DBG_PERF - if (rv > t->dbg_maxreadsize) - t->dbg_maxreadsize = rv; -#endif /* DBG_PERF */ - - //printf("NFQRecvPkt: t %p, rv = %" PRId32 "\n", t, rv); - - NFQMutexLock(t); - if (t->qh) { - ret = nfq_handle_packet(t->h, buf, rv); - } else { - SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "NFQ handle has been destroyed"); - ret = -1; - } - NFQMutexUnlock(t); - - if (ret != 0) { - SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "nfq_handle_packet error %" PRId32 "", ret); - } - } -} -#endif /* OS_WIN32 */ /** * \brief Main NFQ reading Loop function diff --git a/src/source-nfq.h b/src/source-nfq.h index 41a54b78d1..374b3332bb 100644 --- a/src/source-nfq.h +++ b/src/source-nfq.h @@ -27,11 +27,7 @@ #ifdef NFQ #include "threads.h" -#ifdef OS_WIN32 -#include -#else #include /* for NF_ACCEPT */ -#endif #include #define NFQ_MAX_QUEUE 16 @@ -54,13 +50,8 @@ typedef struct NFQPacketVars_ typedef struct NFQQueueVars_ { struct nfq_handle *h; -#ifndef OS_WIN32 struct nfnl_handle *nh; int fd; -#else - HANDLE fd; - OVERLAPPED ovr; -#endif uint8_t use_mutex; /* 2 threads deal with the queue handle, so add a mutex */ struct nfq_q_handle *qh; @@ -92,8 +83,6 @@ typedef struct NFQQueueVars_ } NFQQueueVars; - - typedef struct NFQGlobalVars_ { char unbind;