From 0c312ef7f7db1be91655ee1b00491a729b33a4dd Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Thu, 5 Nov 2020 08:56:32 +0800
Subject: [PATCH] feat: add nfqueue

---
 __network/nfqueue/Cargo.lock  | 24 ++++++++++++++++++
 __network/nfqueue/Cargo.toml  | 12 +++++++++
 __network/nfqueue/README.md   | 19 ++++++++++++++
 __network/nfqueue/src/main.rs | 47 +++++++++++++++++++++++++++++++++++
 4 files changed, 102 insertions(+)
 create mode 100644 __network/nfqueue/Cargo.lock
 create mode 100644 __network/nfqueue/Cargo.toml
 create mode 100644 __network/nfqueue/README.md
 create mode 100644 __network/nfqueue/src/main.rs

diff --git a/__network/nfqueue/Cargo.lock b/__network/nfqueue/Cargo.lock
new file mode 100644
index 0000000..8df9832
--- /dev/null
+++ b/__network/nfqueue/Cargo.lock
@@ -0,0 +1,24 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+[[package]]
+name = "libc"
+version = "0.2.80"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4d58d1b70b004888f764dfbf6a26a3b0342a1632d33968e4a179d8011c760614"
+
+[[package]]
+name = "nfqueue"
+version = "0.1.0"
+dependencies = [
+ "libc",
+ "nfqueue 0.9.1",
+]
+
+[[package]]
+name = "nfqueue"
+version = "0.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8684696e66ae4f74e6b2fe8868bf317bc4cd0e0e53aabddf7c40dad930111bca"
+dependencies = [
+ "libc",
+]
diff --git a/__network/nfqueue/Cargo.toml b/__network/nfqueue/Cargo.toml
new file mode 100644
index 0000000..7d36f3c
--- /dev/null
+++ b/__network/nfqueue/Cargo.toml
@@ -0,0 +1,12 @@
+[package]
+name = "nfqueue"
+version = "0.1.0"
+authors = ["Hatter Jiang <jht5945@gmail.com>"]
+edition = "2018"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+libc = "*"
+nfqueue = "*"
+
diff --git a/__network/nfqueue/README.md b/__network/nfqueue/README.md
new file mode 100644
index 0000000..986f871
--- /dev/null
+++ b/__network/nfqueue/README.md
@@ -0,0 +1,19 @@
+
+https://github.com/chifflier/nfqueue-rs
+
+* git://git.netfilter.org/libmnl
+* git://git.netfilter.org/libnfnetlink
+* git://git.netfilter.org/libnetfilter_queue
+
+<br>
+
+Install netfilter_queue in CentOS7
+
+https://centos.pkgs.org/7/centos-x86_64/libnetfilter_queue-1.0.2-2.el7_2.x86_64.rpm.html
+
+
+<br>
+
+```
+iptables -A OUTPUT --destination 1.2.3.4 -j NFQUEUE --queue-num 0
+```
diff --git a/__network/nfqueue/src/main.rs b/__network/nfqueue/src/main.rs
new file mode 100644
index 0000000..af6bf3a
--- /dev/null
+++ b/__network/nfqueue/src/main.rs
@@ -0,0 +1,47 @@
+
+use libc;
+use nfqueue;
+
+struct State {
+    count: u32,
+}
+
+impl State {
+    pub fn new() -> State {
+        State { count: 0 }
+    }
+}
+
+fn queue_callback(msg: &nfqueue::Message, state: &mut State) {
+    println!("Packet received [id: 0x{:x}]\n", msg.get_id());
+
+    println!(" -> msg: {}", msg);
+
+    println!(
+        "XML\n{}",
+        msg.as_xml_str(&[nfqueue::XMLFormatFlags::XmlAll]).unwrap()
+    );
+
+    state.count += 1;
+    println!("count: {}", state.count);
+
+    msg.set_verdict(nfqueue::Verdict::Accept);
+}
+
+fn main() {
+    let mut q = nfqueue::Queue::new(State::new());// .unwrap();
+
+    println!("nfqueue example program: print packets metadata and accept packets");
+
+    q.open();
+    q.unbind(libc::AF_INET); // ignore result, failure is not critical here
+
+    let rc = q.bind(libc::AF_INET);
+    assert!(rc == 0);
+
+    q.create_queue(0, queue_callback);
+    q.set_mode(nfqueue::CopyMode::CopyPacket, 0xffff);
+
+    q.run_loop();
+}
+