mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fixed daemon running with old libnetfilter_queue libs

Browse source 
In old libnetfilter_queue libs, we can't know the UID of the packet
because the function nfq_get_uid is not present.

We check it dynamically on run time, but we were doing it wrong, so the
daemon didn't run with old libs.

Thaks to Pain-Patate for reporting it in #18.
This commit is contained in:
Gustavo Iñiguez Goia 2020-06-14 12:01:34 +02:00
parent d152af45e2
commit 506b9b6d87
1 changed files with 26 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
daemon/netfilter/queue.h
View file

@ -26,6 +26,28 @@ static void *get_uid = NULL;
extern void go_callback(int id, unsigned char* data, int len, uint mark, u_int32_t idx, verdictContainer *vc, uint32_t uid);
static inline void configure_uid_if_available(struct nfq_q_handle *qh){
void *hndl = dlopen("libnetfilter_queue.so.1", RTLD_LAZY);
if (!hndl) {
hndl = dlopen("libnetfilter_queue.so", RTLD_LAZY);
if (!hndl){
printf("WARNING: libnetfilter_queue not available\n");
return;
}
}
if ((get_uid = dlsym(hndl, "nfq_get_uid")) == NULL){
printf("WARNING: nfq_get_uid not available\n");
return;
} else {
printf("OK: libnetfiler_queue supports nfq_get_uid\n");
}
#ifdef NFQA_CFG_F_UID_GID
if (qh != NULL && nfq_set_queue_flags(qh, NFQA_CFG_F_UID_GID, NFQA_CFG_F_UID_GID)){
printf("WARNING: UID not available on this kernel/libnetfilter_queue\n");
}
#endif
}
static int nf_callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, struct nfq_data *nfa, void *arg){
uint32_t id = -1, idx = 0, mark = 0;
struct nfqnl_msg_packet_hdr *ph = NULL;
@ -56,11 +78,11 @@ static int nf_callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, struct n
static inline struct nfq_q_handle* CreateQueue(struct nfq_handle *h, u_int16_t queue, u_int32_t idx) {
struct nfq_q_handle* qh = nfq_create_queue(h, queue, &nf_callback, (void*)((uintptr_t)idx));
#ifdef NFQA_CFG_F_UID_GID
if (qh != NULL && nfq_set_queue_flags(qh, NFQA_CFG_F_UID_GID, NFQA_CFG_F_UID_GID)){
printf("queue.Run() no UID allowed by this kernel\n");
if (qh == NULL){
printf("ERROR: nfq_create_queue() queue not created\n");
} else {
configure_uid_if_available(qh);
}
#endif
return qh;
}
@ -68,16 +90,6 @@ static inline int Run(struct nfq_handle *h, int fd) {
char buf[4096] __attribute__ ((aligned));
int rcvd, opt = 1;
void *hndl = dlopen("libnetfilter_queue.so.1", RTLD_LAZY);
if (!hndl) {
hndl = dlopen("libnetfilter_queue.so", RTLD_LAZY);
}
if (hndl) {
if ((get_uid = dlsym(hndl, "nfq_get_uid")) == NULL){
printf("Warning: nfq_get_uid not available\n");
}
}
setsockopt(fd, SOL_NETLINK, NETLINK_NO_ENOBUFS, &opt, sizeof(int));
while ((rcvd = recv(fd, buf, sizeof(buf), 0)) && rcvd >= 0) {