Add support for NFLOG groups and "Operation not permitted" error (#1169)

seladb · Aug 2, 2023 · 65974d7 · 65974d7
1 parent 609fcea
commit 65974d7
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 4 deletions.
diff --git a/Pcap++/header/PcapLiveDevice.h b/Pcap++/header/PcapLiveDevice.h
@@ -211,6 +211,12 @@ namespace pcpp
 			*/
 			int snapshotLength;
 
+			/**
+			 * Set NFLOG group. Which NFLOG group to be listened to when connecting to NFLOG device. If device is not of type NFLOG this
+			 * attribute is ignored.
+			*/
+			unsigned int nflogGroup;
+
 			/**
 			 * A c'tor for this struct
 			 * @param[in] mode The mode to open the device: promiscuous or non-promiscuous. Default value is promiscuous
@@ -224,15 +230,17 @@ namespace pcpp
 			 * A snapshot length of 262144 should be big enough for maximum-size Linux loopback packets (65549) and some USB packets
 			 * captured with USBPcap (> 131072, < 262144). A snapshot length of 65535 should be sufficient, on most if not all networks,
 			 * to capture all the data available from the packet.
+			 * @param[in] nflogGroup NFLOG group for NFLOG devices. Default value is 0.
 			*/
 			explicit DeviceConfiguration(DeviceMode mode = Promiscuous, int packetBufferTimeoutMs = 0, int packetBufferSize = 0,
-				                PcapDirection direction = PCPP_INOUT, int snapshotLength = 0)
+				                PcapDirection direction = PCPP_INOUT, int snapshotLength = 0, unsigned int nflogGroup = 0)
 			{
 				this->mode = mode;
 				this->packetBufferTimeoutMs = packetBufferTimeoutMs;
 				this->packetBufferSize = packetBufferSize;
 				this->direction = direction;
 				this->snapshotLength = snapshotLength;
+				this->nflogGroup = nflogGroup;
 			}
 		};
 

diff --git a/Pcap++/src/PcapLiveDevice.cpp b/Pcap++/src/PcapLiveDevice.cpp
@@ -44,6 +44,7 @@
 #define LIBPCAP_OPEN_LIVE_TIMEOUT -1
 #endif
 
+static const char *NFLOG_IFACE = "nflog";
 static const int DEFAULT_SNAPLEN = 9000;
 
 namespace pcpp
@@ -202,7 +203,14 @@ void PcapLiveDevice::statsThreadMain()
 pcap_t* PcapLiveDevice::doOpen(const DeviceConfiguration& config)
 {
 	char errbuf[PCAP_ERRBUF_SIZE] = {'\0'};
-	pcap_t* pcap = pcap_create(m_Name.c_str(), errbuf);
+	std::string device_name = m_Name;
+
+	if (device_name == NFLOG_IFACE)
+	{
+		device_name += ":" + std::to_string(config.nflogGroup & 0xffff);
+	}
+
+	pcap_t* pcap = pcap_create(device_name.c_str(), errbuf);
 	if (!pcap)
 	{
 		PCPP_LOG_ERROR(errbuf);
@@ -306,8 +314,18 @@ bool PcapLiveDevice::open(const DeviceConfiguration& config)
 	}
 
 	m_PcapDescriptor = doOpen(config);
-	m_PcapSendDescriptor = doOpen(config);
-	if (m_PcapDescriptor == nullptr || m_PcapSendDescriptor == nullptr)
+
+	// It's not possible to have two open instances of the same NFLOG device:group
+	if (m_Name == NFLOG_IFACE)
+	{
+		m_PcapSendDescriptor = nullptr;
+	}
+	else
+	{
+		m_PcapSendDescriptor = doOpen(config);
+	}
+
+	if (m_PcapDescriptor == nullptr || (m_Name != NFLOG_IFACE && m_PcapSendDescriptor == nullptr))
 	{
 		m_DeviceOpened = false;
 		return false;