ruby-ipqueue 0.1.3

data/Rakefile

@@ -0,0 +1,26 @@
+require 'rake'
+require 'rake/packagetask'
+require 'rake/gempackagetask'
+
+PKG_VERSION = "0.1.3"
+
+desc "Create gem"
+spec = Gem::Specification.new do |s|
+  s.email = 'nullguid@gmail.com'
+  s.extensions = 'ext/ipqueue/extconf.rb'
+  s.homepage = 'http://ruby-ipqueue.rubyforge.org/'
+  s.name = 'ruby-ipqueue'
+  s.require_paths << 'ext'
+  s.requirements << 'libipq'
+  s.rubyforge_project = 'ruby-ipqueue'
+  s.summary = 'Rubyish interface to libipq'
+  s.description = 'Ruby-ipqueue provides ruby-way object-oriented interface to linux libipq packet mangling library'
+  s.version = PKG_VERSION
+  s.files = FileList['**/*'].to_a.select{|v| v !~ /pkg|CVS/}
+end
+
+Rake::GemPackageTask.new(spec) do |p|
+  p.gem_spec = spec
+  p.need_tar_gz = false
+  p.need_zip = false
+end

data/ext/ipqueue/extconf.rb

@@ -0,0 +1,7 @@
+require 'mkmf'
+
+dir_config('ipqueue')
+
+if have_header('linux/netfilter.h') and have_header('libipq/libipq.h') and have_library('ipq', 'ipq_create_handle')
+  create_makefile('ipqueue')
+end

data/ext/ipqueue/ipqueue.c

@@ -0,0 +1,208 @@
+#include <ruby.h>
+#include <libipq/libipq.h>
+#include <linux/netfilter.h>
+
+/* FIXME - I don't know how to handle this */
+#define IPQ_MESSAGE_OVERHEAD 256
+
+static VALUE cIPQueue, cIPQueuePacket, eTimeout;
+
+struct ipqueue_object
+{
+  struct ipq_handle *handle;
+  size_t range;
+  unsigned char *buf;
+  size_t len;
+};
+
+static void fipq_destroy_ipqueue(struct ipqueue_object *ipqueue)
+{
+  if(ipq_destroy_handle(ipqueue->handle) == -1)
+    rb_raise(rb_eRuntimeError, "%s: %s", ipq_errstr(), strerror(errno));
+  xfree(ipqueue->buf);
+  xfree(ipqueue);
+}
+
+static VALUE fipq_create_handle(klass, flags, protocol)
+  VALUE klass, flags, protocol;
+{
+  VALUE obj;
+  struct ipq_handle *handle;
+  struct ipqueue_object *ipqueue;
+
+  handle = ipq_create_handle(NUM2INT(flags), NUM2INT(protocol));
+
+  if(!handle) {
+     rb_raise(rb_eRuntimeError, "%s: %s", ipq_errstr(), strerror(errno));
+  }
+
+  obj = Data_Make_Struct(klass, struct ipqueue_object, 0, fipq_destroy_ipqueue, ipqueue);
+
+  /* set default to copy only metainformation */
+  ipq_set_mode(handle, IPQ_COPY_META, 0);
+
+  ipqueue->handle = handle;
+  ipqueue->range = 0;
+  ipqueue->len = IPQ_MESSAGE_OVERHEAD;
+  ipqueue->buf = ALLOC_N(unsigned char, IPQ_MESSAGE_OVERHEAD);
+
+  return obj;
+}
+
+/* Assume IPQ_COPY_META when range is zero */
+static VALUE fipq_set_range(obj, range)
+  VALUE obj, range;
+{
+  struct ipqueue_object *ipqueue;
+
+  size_t c_range = NUM2INT(range);
+
+  if(c_range > 65535) {
+    rb_raise(rb_eArgError, "invalid range '%d', should be between 0 and 65535", c_range);
+  }
+
+  Data_Get_Struct(obj, struct ipqueue_object, ipqueue);
+
+  if(ipq_set_mode(ipqueue->handle, c_range ? IPQ_COPY_PACKET : IPQ_COPY_META, c_range) < 0)
+    rb_raise(rb_eRuntimeError, "%s: %s", ipq_errstr(), strerror(errno));
+
+  ipqueue->range = c_range;
+
+  ipqueue->len = c_range + IPQ_MESSAGE_OVERHEAD;
+  REALLOC_N(ipqueue->buf, unsigned char, ipqueue->len);
+
+  return Qnil;
+}
+
+static VALUE fipq_get_range(VALUE obj)
+{
+  struct ipqueue_object *ipqueue;
+  Data_Get_Struct(obj, struct ipqueue_object, ipqueue);
+
+  return INT2FIX(ipqueue->range);
+}
+
+static VALUE create_ipqueuepacket(ipq_packet_msg_t *packet_msg, VALUE queue)
+{
+  VALUE packet;
+  VALUE data[12];
+
+  /* queue, packet_id, mark, timestamp, hook, indev_name, outdev_name, hw_protocol, hw_type, hw_addr, payload */
+  data[0] = queue;
+  data[1] = INT2NUM(packet_msg->packet_id);
+  data[2] = INT2NUM(packet_msg->mark);
+  data[3] = INT2NUM(packet_msg->timestamp_sec);
+  data[4] = INT2NUM(packet_msg->timestamp_usec);
+  data[5] = INT2FIX(packet_msg->hook);
+  data[6] = rb_str_new2(packet_msg->indev_name);
+  data[7] = rb_str_new2(packet_msg->outdev_name);
+  data[8] = INT2FIX(packet_msg->hw_protocol);
+  data[9] = INT2FIX(packet_msg->hw_type);
+  data[10] = rb_str_new(packet_msg->hw_addr, packet_msg->hw_addrlen);
+  data[11] = rb_str_new(packet_msg->payload, packet_msg->data_len);
+
+  packet = rb_class_new_instance(12, data, cIPQueuePacket);
+
+  return packet;
+}
+
+static VALUE fipq_read(int argc, VALUE *argv, VALUE obj)
+{
+  struct ipqueue_object *ipqueue;
+  int ret;
+  ipq_packet_msg_t *packet_msg;
+
+  VALUE timeout, payload, packet;
+  VALUE error[2];
+
+  if(rb_scan_args(argc, argv, "01", &timeout) == 0)
+    timeout = INT2NUM(0);
+
+  Data_Get_Struct(obj, struct ipqueue_object, ipqueue);
+
+  ret = ipq_read(ipqueue->handle, ipqueue->buf, ipqueue->len, NUM2INT(timeout));
+
+  if(ret < 0)
+    rb_raise(rb_eRuntimeError, "%s: %s", ipq_errstr(), strerror(errno));
+  if(ret == 0)
+    if(errno == EINTR)
+      rb_raise(rb_eSignal, "non-blocked signal caught");
+    else
+      rb_raise(eTimeout, "timeout exceeded");
+
+  /* dirty hack? */
+  if(ipq_message_type(ipqueue->buf) == NLMSG_ERROR) {
+    error[0] = rb_str_new2("netlink layer");
+    error[1] = INT2FIX(ipq_get_msgerr(ipqueue->buf));
+    rb_exc_raise(rb_class_new_instance(2, error, rb_eSystemCallError));
+  }
+
+  /* finally, we've got it */
+  packet_msg = ipq_get_packet(ipqueue->buf);
+
+  return create_ipqueuepacket(packet_msg, obj);
+}
+
+static VALUE fipq_accept(int argc, VALUE *argv, VALUE obj)
+{
+  struct ipqueue_object *ipqueue;
+  VALUE packet_id, payload;
+  unsigned char *buf = NULL;
+  size_t data_len = 0;
+
+  if(rb_scan_args(argc, argv, "11", &packet_id, &payload) == 2) {
+    Check_Type(payload, T_STRING);
+    buf = RSTRING(payload)->ptr;
+    data_len = RSTRING(payload)->len;
+  }
+
+  Data_Get_Struct(obj, struct ipqueue_object, ipqueue);
+  
+  if(ipq_set_verdict(ipqueue->handle, NUM2INT(packet_id), NF_ACCEPT, data_len, buf) < 0)
+    rb_raise(rb_eRuntimeError, "%s: %s", ipq_errstr(), strerror(errno));
+
+  return Qtrue;
+}
+
+static VALUE fipq_drop(obj, packet_id)
+  VALUE obj, packet_id;
+{
+  struct ipqueue_object *ipqueue;
+
+  Data_Get_Struct(obj, struct ipqueue_object, ipqueue);
+  
+  if(ipq_set_verdict(ipqueue->handle, NUM2INT(packet_id), NF_DROP, 0, NULL) < 0)
+    rb_raise(rb_eRuntimeError, "%s: %s", ipq_errstr(), strerror(errno));
+
+  return Qtrue;
+}
+
+void Init_ipqueue()
+{
+  cIPQueue = rb_define_class("IPQueue", rb_cObject);
+
+  /* require our IPQueuePacket class */
+  rb_require("ipqueuepacket");
+
+  cIPQueuePacket = rb_const_get(cIPQueue, rb_intern("Packet"));
+
+  eTimeout = rb_define_class("Timeout", rb_eException);
+  
+  rb_define_singleton_method(cIPQueue, "new", fipq_create_handle, 2);
+  
+  rb_define_method(cIPQueue, "range=", fipq_set_range, 1);
+  rb_define_method(cIPQueue, "range", fipq_get_range, 0);
+  rb_define_method(cIPQueue, "read", fipq_read, -1);
+
+  rb_define_method(cIPQueue, "accept", fipq_accept, -1);
+  rb_define_method(cIPQueue, "drop", fipq_drop, 1);
+
+#define rb_define_ipq_const(var) \
+  rb_define_const(cIPQueue, #var, INT2NUM(var))
+
+  rb_define_ipq_const(PF_INET);
+  rb_define_ipq_const(PF_INET6);
+
+  rb_define_ipq_const(IPQ_COPY_META);
+  rb_define_ipq_const(IPQ_COPY_PACKET);
+}

data/lib/ipqueuepacket.rb

@@ -0,0 +1,36 @@
+class IPQueue::Packet
+  attr :packet_id
+  attr :mark
+  attr :timestamp_sec
+  attr :timestamp_usec
+  attr :indev_name
+  attr :outdev_name
+  attr :hw_protocol
+  attr :hw_type
+  attr :hw_addr
+  attr :payload
+
+  def initialize queue, packet_id, mark, timestamp_sec, timestamp_usec, hook, indev_name, outdev_name, hw_protocol, hw_type, hw_addr, payload
+    @queue = queue
+    @packet_id = packet_id
+    @mark = mark
+    @timestamp_sec = timestamp_sec
+    @timestamp_usec = timestamp_usec
+    @hook = hook
+    @indev_name = indev_name
+    @outdev_name = outdev_name
+    @hw_protocol = hw_protocol
+    @hw_type = hw_type
+    @hw_addr = hw_addr
+    @payload = payload
+  end
+  def accept(modify = false)
+    if modify then @queue.accept(@packet_id, @payload) else @queue.accept(@packet_id) end
+  end
+  def drop
+    @queue.drop(@packet_id)
+  end
+  def payload
+    return @payload
+  end
+end

data/test/test.rb

@@ -0,0 +1,13 @@
+#!/usr/bin/ruby
+
+require 'ipqueue'
+require 'ip-proto'
+
+queue = IPQueue.new(0, IPQueue::PF_INET)
+queue.range = 1024
+while true do
+packet = queue.read
+packet.accept true
+ippacket = IP::decode(packet.payload)
+puts ippacket.inspect_detailed
+end

data/test/test.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+iptables -t mangle -A FORWARD -j QUEUE
+./test.rb
+iptables -t mangle -D FORWARD -j QUEUE

metadata

@@ -0,0 +1,56 @@
+--- !ruby/object:Gem::Specification 
+rubygems_version: 0.9.0
+specification_version: 1
+name: ruby-ipqueue
+version: !ruby/object:Gem::Version 
+  version: 0.1.3
+date: 2007-01-29 00:00:00 +05:00
+summary: Rubyish interface to libipq
+require_paths: 
+- lib
+- ext
+email: nullguid@gmail.com
+homepage: http://ruby-ipqueue.rubyforge.org/
+rubyforge_project: ruby-ipqueue
+description: Ruby-ipqueue provides ruby-way object-oriented interface to linux libipq packet mangling library
+autorequire: 
+default_executable: 
+bindir: bin
+has_rdoc: false
+required_ruby_version: !ruby/object:Gem::Version::Requirement 
+  requirements: 
+  - - ">"
+    - !ruby/object:Gem::Version 
+      version: 0.0.0
+  version: 
+platform: ruby
+signing_key: 
+cert_chain: 
+post_install_message: 
+authors: []
+
+files: 
+- ext
+- lib
+- test
+- Rakefile
+- ext/ipqueue
+- ext/ipqueue/extconf.rb
+- ext/ipqueue/ipqueue.c
+- lib/ipqueuepacket.rb
+- test/test.rb
+- test/test.sh
+test_files: []
+
+rdoc_options: []
+
+extra_rdoc_files: []
+
+executables: []
+
+extensions: 
+- ext/ipqueue/extconf.rb
+requirements: 
+- libipq
+dependencies: []
+