Add support for capturing from Linux iptables NFLOG log groups.

Reviewed-By: Guy Harris <guy@alum.mit.edu>

Makefile.in

@@ -82,7 +82,7 @@ YACC = @V_YACC@
 	@rm -f $@
 	$(CC) $(FULL_CFLAGS) -c $(srcdir)/$*.c
 
-PSRC =	pcap-@V_PCAP@.c @USB_SRC@ @BT_SRC@ @CAN_SRC@
+PSRC =	pcap-@V_PCAP@.c @USB_SRC@ @BT_SRC@ @CAN_SRC@ @NETFILTER_SRC@
 FSRC =  fad-@V_FINDALLDEVS@.c
 SSRC =  @SSRC@
 CSRC =	pcap.c inet.c gencode.c optimize.c nametoaddr.c etherent.c \
@@ -299,6 +299,7 @@ EXTRA_DIST = \
 	pcap-libdlpi.c \
 	pcap-linux.c \
 	pcap-namedb.h \
+	pcap-netfilter-linux.c \
 	pcap-nit.c \
 	pcap-null.c \
 	pcap-pf.c \

config.h.in

@@ -244,6 +244,9 @@
 /* target host supports CAN sniffing */
 #undef PCAP_SUPPORT_CAN
 
+/* target host supports netfilter sniffing */
+#undef PCAP_SUPPORT_NETFILTER
+
 /* target host supports USB sniffing */
 #undef PCAP_SUPPORT_USB
 

configure

@@ -697,6 +697,8 @@ MAN_FILE_FORMATS
 MAN_MISC_INFO
 PCAP_SUPPORT_USB
 USB_SRC
+PCAP_SUPPORT_NETFILTER
+NETFILTER_SRC
 PCAP_SUPPORT_BT
 BT_SRC
 PCAP_SUPPORT_CAN
@@ -11187,6 +11189,27 @@ esac
 
 
 
+{ echo "$as_me:$LINENO: checking for netfilter sniffing support" >&5
+echo $ECHO_N "checking for netfilter sniffing support... $ECHO_C" >&6; }
+case "$host_os" in
+linux*)
+
+cat >>confdefs.h <<\_ACEOF
+#define PCAP_SUPPORT_NETFILTER 1
+_ACEOF
+
+       NETFILTER_SRC=pcap-netfilter-linux.c
+       { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+       ;;
+*)
+       { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+       ;;
+esac
+
+
+
 # Check whether --enable-bluetooth was given.
 if test "${enable_bluetooth+set}" = set; then
   enableval=$enable_bluetooth;
@@ -12379,6 +12402,8 @@ MAN_FILE_FORMATS!$MAN_FILE_FORMATS$ac_delim
 MAN_MISC_INFO!$MAN_MISC_INFO$ac_delim
 PCAP_SUPPORT_USB!$PCAP_SUPPORT_USB$ac_delim
 USB_SRC!$USB_SRC$ac_delim
+PCAP_SUPPORT_NETFILTER!$PCAP_SUPPORT_NETFILTER$ac_delim
+NETFILTER_SRC!$NETFILTER_SRC$ac_delim
 PCAP_SUPPORT_BT!$PCAP_SUPPORT_BT$ac_delim
 BT_SRC!$BT_SRC$ac_delim
 PCAP_SUPPORT_CAN!$PCAP_SUPPORT_CAN$ac_delim
@@ -12389,7 +12414,7 @@ INSTALL_DATA!$INSTALL_DATA$ac_delim
 LTLIBOBJS!$LTLIBOBJS$ac_delim
 _ACEOF
 
-  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 91; then
+  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 93; then
     break
   elif $ac_last_try; then
     { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5

configure.in

@@ -1311,6 +1311,21 @@ esac
 AC_SUBST(PCAP_SUPPORT_USB)
 AC_SUBST(USB_SRC)
 
+dnl check for netfilter sniffing support
+AC_MSG_CHECKING(for netfilter sniffing support)
+case "$host_os" in
+linux*)
+       AC_DEFINE(PCAP_SUPPORT_NETFILTER, 1, [target host supports netfilter sniffing])
+       NETFILTER_SRC=pcap-netfilter-linux.c
+       AC_MSG_RESULT(yes)
+       ;;
+*)
+       AC_MSG_RESULT(no)
+       ;;
+esac
+AC_SUBST(PCAP_SUPPORT_NETFILTER)
+AC_SUBST(NETFILTER_SRC)
+
 AC_ARG_ENABLE([bluetooth],
 [AC_HELP_STRING([--enable-bluetooth],[enable Bluetooth support @<:@default=yes, if support available@:>@])],
 ,enable_bluetooth=yes)

pcap-linux.c

@@ -199,6 +199,11 @@ static const char rcsid[] _U_ =
 #include "pcap-can-linux.h"
 #endif
 
+#ifdef PCAP_SUPPORT_NETFILTER
+int netfilter_platform_finddevs(pcap_if_t **alldevsp, char *err_str);
+pcap_t *nflog_create(const char *device, char *ebuf);
+#endif
+
 /*
  * If PF_PACKET is defined, we can use {SOCK_RAW,SOCK_DGRAM}/PF_PACKET
  * sockets rather than SOCK_PACKET sockets.
@@ -419,6 +424,12 @@ pcap_create(const char *device, char *ebuf)
 	}
 #endif
 
+#ifdef PCAP_SUPPORT_NETFILTER
+	if (strncmp(device, "nflog", strlen("nflog")) == 0) {
+		return nflog_create(device, ebuf);
+	}
+#endif
+
 	handle = pcap_create_common(device, ebuf);
 	if (handle == NULL)
 		return NULL;
@@ -2199,6 +2210,14 @@ pcap_platform_finddevs(pcap_if_t **alldevsp, char *errbuf)
 		return (-1);
 #endif
 
+#ifdef PCAP_SUPPORT_NETFILTER
+	/*
+	 * Add netfilter devices.
+	 */
+	if (netfilter_platform_finddevs(alldevsp, errbuf) < 0)
+		return (-1);
+#endif
+
 	return (0);
 }