misc: small fix or general refactoring i did not bother commenting

2025-03-04 08:34:40 +01:00 · 2018-04-10 13:06:02 +02:00 · 2018-04-10 13:06:02 +02:00 · fc97f5b431
commit fc97f5b431
parent de1d7cd414
4 changed files with 38 additions and 31 deletions
--- a/daemon/conman/connection.go
+++ b/daemon/conman/connection.go
@ -25,10 +25,10 @@ type Connection struct {
 	Entry    *netstat.Entry
 	Process  *procmon.Process

-	pkt *netfilter.NFPacket
+	pkt *netfilter.Packet
 }

-func Parse(nfp netfilter.NFPacket) *Connection {
+func Parse(nfp netfilter.Packet) *Connection {
 	ipLayer := nfp.Packet.Layer(layers.LayerTypeIPv4)
 	if ipLayer == nil {
 		return nil
@ -89,7 +89,7 @@ func (c *Connection) checkLayers() bool {
 	return false
 }

-func NewConnection(nfp *netfilter.NFPacket, ip *layers.IPv4) (c *Connection, err error) {
+func NewConnection(nfp *netfilter.Packet, ip *layers.IPv4) (c *Connection, err error) {
 	c = &Connection{
 		SrcIP:   ip.SrcIP,
 		DstIP:   ip.DstIP,
--- a/daemon/main.go
+++ b/daemon/main.go
@ -34,8 +34,8 @@ var (
 	rules   = (*rule.Loader)(nil)
 	stats   = (*statistics.Statistics)(nil)
 	queue   = (*netfilter.Queue)(nil)
-	pktChan = (<-chan netfilter.NFPacket)(nil)
-	wrkChan = (chan netfilter.NFPacket)(nil)
+	pktChan = (<-chan netfilter.Packet)(nil)
+	wrkChan = (chan netfilter.Packet)(nil)
 	sigChan = (chan os.Signal)(nil)
 )

@ -94,7 +94,7 @@ func worker(id int) {
 func setupWorkers() {
 	log.Debug("Starting %d workers ...", workers)
 	// setup the workers
-	wrkChan = make(chan netfilter.NFPacket)
+	wrkChan = make(chan netfilter.Packet)
 	for i := 0; i < workers; i++ {
 		go worker(i)
 	}
@ -107,7 +107,7 @@ func doCleanup() {
 	firewall.RejectMarked(false)
 }

-func onPacket(packet netfilter.NFPacket) {
+func onPacket(packet netfilter.Packet) {
 	// DNS response, just parse, track and accept.
 	if dns.TrackAnswers(packet.Packet) == true {
 		packet.SetVerdict(netfilter.NF_ACCEPT)
@ -208,7 +208,7 @@ func main() {

 	// prepare the queue
 	setupWorkers()
-	queue, err := netfilter.NewQueue(uint16(queueNum), 4096, netfilter.NF_DEFAULT_PACKET_SIZE)
+	queue, err := netfilter.NewQueue(uint16(queueNum), 0xffff, netfilter.NF_DEFAULT_PACKET_SIZE)
 	if err != nil {
 		log.Fatal("Error while creating queue #%d: %s", queueNum, err)
 	}
--- a/daemon/netfilter/packet.go
+++ b/daemon/netfilter/packet.go
@ -14,27 +14,27 @@ type VerdictContainer struct {
 	Packet  []byte
 }

-type NFPacket struct {
+type Packet struct {
 	Packet         gopacket.Packet
 	Mark           uint32
 	verdictChannel chan VerdictContainer
 }

-func (p *NFPacket) SetVerdict(v Verdict) {
+func (p *Packet) SetVerdict(v Verdict) {
 	p.verdictChannel <- VerdictContainer{Verdict: v, Packet: nil, Mark: 0}
 }

-func (p *NFPacket) SetVerdictAndMark(v Verdict, mark uint32) {
+func (p *Packet) SetVerdictAndMark(v Verdict, mark uint32) {
 	p.verdictChannel <- VerdictContainer{Verdict: v, Packet: nil, Mark: mark}
 }

-func (p *NFPacket) SetRequeueVerdict(newQueueId uint16) {
+func (p *Packet) SetRequeueVerdict(newQueueId uint16) {
 	v := uint(NF_QUEUE)
 	q := (uint(newQueueId) << 16)
 	v = v | q
 	p.verdictChannel <- VerdictContainer{Verdict: Verdict(v), Packet: nil, Mark: 0}
 }

-func (p *NFPacket) SetVerdictWithPacket(v Verdict, packet []byte) {
+func (p *Packet) SetVerdictWithPacket(v Verdict, packet []byte) {
 	p.verdictChannel <- VerdictContainer{Verdict: v, Packet: packet, Mark: 0}
 }
--- a/daemon/netfilter/queue.go
+++ b/daemon/netfilter/queue.go
@ -31,13 +31,13 @@ const (
 	NF_REPEAT Verdict = 4
 	NF_STOP   Verdict = 5

-	NF_DEFAULT_PACKET_SIZE uint32 = 0xffff
+	NF_DEFAULT_PACKET_SIZE uint32 = 4096

 	ipv4version = 0x40
 )

 var (
-	queueIndex     = make(map[uint32]*chan NFPacket, 0)
+	queueIndex     = make(map[uint32]*chan Packet, 0)
 	queueIndexLock = sync.RWMutex{}

 	gopacketDecodeOptions = gopacket.DecodeOptions{Lazy: true, NoCopy: true}
@ -49,7 +49,7 @@ type Queue struct {
 	h       *C.struct_nfq_handle
 	qh      *C.struct_nfq_q_handle
 	fd      C.int
-	packets chan NFPacket
+	packets chan Packet
 	idx     uint32
 }

@ -57,42 +57,49 @@ type Queue struct {
 func NewQueue(queueId uint16, maxPacketsInQueue uint32, packetSize uint32) (*Queue, error) {
 	var q = Queue{
 		idx:     uint32(time.Now().UnixNano()),
-		packets: make(chan NFPacket),
+		packets: make(chan Packet),
 	}
 	var err error
 	var ret C.int

 	if q.h, err = C.nfq_open(); err != nil {
-		return nil, fmt.Errorf("Error opening Queue handle: %v\n", err)
+		return nil, fmt.Errorf("Error opening Queue handle: %v", err)
 	} else if ret, err = C.nfq_unbind_pf(q.h, AF_INET); err != nil || ret < 0 {
-		return nil, fmt.Errorf("Error unbinding existing q handler from AF_INET protocol family: %v\n", err)
+		return nil, fmt.Errorf("Error unbinding existing q handler from AF_INET protocol family: %v", err)
 	} else if ret, err = C.nfq_unbind_pf(q.h, AF_INET6); err != nil || ret < 0 {
-		return nil, fmt.Errorf("Error unbinding existing q handler from AF_INET6 protocol family: %v\n", err)
+		return nil, fmt.Errorf("Error unbinding existing q handler from AF_INET6 protocol family: %v", err)
 	} else if ret, err := C.nfq_bind_pf(q.h, AF_INET); err != nil || ret < 0 {
-		return nil, fmt.Errorf("Error binding to AF_INET protocol family: %v\n", err)
+		return nil, fmt.Errorf("Error binding to AF_INET protocol family: %v", err)
 	} else if ret, err := C.nfq_bind_pf(q.h, AF_INET6); err != nil || ret < 0 {
-		return nil, fmt.Errorf("Error binding to AF_INET6 protocol family: %v\n", err)
+		return nil, fmt.Errorf("Error binding to AF_INET6 protocol family: %v", err)
 	}

 	queueIndexLock.Lock()
 	queueIndex[q.idx] = &q.packets
 	queueIndexLock.Unlock()

+	qLen := C.u_int32_t(maxPacketsInQueue)
+	bufSize := C.uint(packetSize)
+
 	if q.qh, err = C.CreateQueue(q.h, C.u_int16_t(queueId), C.u_int32_t(q.idx)); err != nil || q.qh == nil {
 		C.nfq_close(q.h)
-		return nil, fmt.Errorf("Error binding to queue: %v\n", err)
-	} else if ret, err = C.nfq_set_queue_maxlen(q.qh, C.u_int32_t(maxPacketsInQueue)); err != nil || ret < 0 {
+		return nil, fmt.Errorf("Error binding to queue: %v", err)
+	} else if ret, err = C.nfq_set_queue_maxlen(q.qh, qLen); err != nil || ret < 0 {
 		C.nfq_destroy_queue(q.qh)
 		C.nfq_close(q.h)
-		return nil, fmt.Errorf("Unable to set max packets in queue: %v\n", err)
-	} else if C.nfq_set_mode(q.qh, C.u_int8_t(2), C.uint(packetSize)) < 0 {
+		return nil, fmt.Errorf("Unable to set max packets in queue: %v", err)
+	} else if C.nfq_set_mode(q.qh, C.u_int8_t(2), bufSize) < 0 {
 		C.nfq_destroy_queue(q.qh)
 		C.nfq_close(q.h)
-		return nil, fmt.Errorf("Unable to set packets copy mode: %v\n", err)
+		return nil, fmt.Errorf("Unable to set packets copy mode: %v", err)
 	} else if q.fd, err = C.nfq_fd(q.h); err != nil {
 		C.nfq_destroy_queue(q.qh)
 		C.nfq_close(q.h)
-		return nil, fmt.Errorf("Unable to get queue file-descriptor. %v\n", err)
+		return nil, fmt.Errorf("Unable to get queue file-descriptor. %v", err)
+	} else if C.nfnl_rcvbufsiz(C.nfq_nfnlh(q.h), qLen*bufSize) < 0 {
+		C.nfq_destroy_queue(q.qh)
+		C.nfq_close(q.h)
+		return nil, fmt.Errorf("Unable to increase netfilter buffer space size.")
 	}

 	go q.run()
@ -110,13 +117,13 @@ func (q *Queue) Close() {
 }

 //Get the channel for packets
-func (q *Queue) Packets() <-chan NFPacket {
+func (q *Queue) Packets() <-chan Packet {
 	return q.packets
 }

 func (q *Queue) run() {
 	if errno := C.Run(q.h, q.fd); errno != 0 {
-		fmt.Fprintf(os.Stderr, "Terminating, unable to receive packet due to errno=%d\n", errno)
+		fmt.Fprintf(os.Stderr, "Terminating, unable to receive packet due to errno=%d", errno)
 	}
 }

@ -144,7 +151,7 @@ func go_callback(queueId C.int, data *C.uchar, length C.int, mark C.uint, idx ui
 		packet = gopacket.NewPacket(xdata, layers.LayerTypeIPv6, gopacketDecodeOptions)
 	}

-	p := NFPacket{
+	p := Packet{
 		verdictChannel: make(chan VerdictContainer),
 		Mark:           uint32(mark),
 		Packet:         packet,