Modernize, add tests, allow Packet to outlive the callback it's passed to

oremanj · oremanj · commit 9587d75affe7 · 2022-01-11T21:28:21.000-07:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,34 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+
+jobs:
+  Ubuntu:
+    name: 'Ubuntu (${{ matrix.python }})'
+    timeout-minutes: 10
+    runs-on: 'ubuntu-latest'
+    strategy:
+      fail-fast: false
+      matrix:
+        python:
+          - '3.6'
+          - '3.7'
+          - '3.8'
+          - '3.9'
+          - '3.10'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Setup python
+        uses: actions/setup-python@v2
+        with:
+          python-version: ${{ fromJSON(format('["{0}", "{1}"]', format('{0}.0-alpha - {0}.X', matrix.python), matrix.python))[startsWith(matrix.python, 'pypy')] }}
+      - name: Run tests
+        run: ./ci.sh
+        env:
+          # Should match 'name:' up above
+          JOB_NAME: 'Ubuntu (${{ matrix.python }})'
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -1,4 +1,10 @@
-v0.8.1 30 Jan 2017
+v0.9.0, unreleased
+    Improve usability when Packet objects are retained past the callback
+    Add Packet.retain() to save the packet contents in such cases
+    Eliminate warnings during build on py3
+    Add CI and basic test suite
+
+v0.8.1, 30 Jan 2017
     Fix bug #25- crashing when used in OUTPUT or POSTROUTING chains
 
 v0.8, 15 Dec 2016
diff --git a/ci.sh b/ci.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -ex -o pipefail
+
+pip install -U pip setuptools wheel
+sudo apt-get install libnetfilterqueue-dev
+python setup.py sdist --formats=zip
+pip install dist/*.zip
+pip install -r test-requirements.txt
+
+cd tests
+pytest -W error -ra -v .
diff --git a/netfilterqueue.pxd b/netfilterqueue.pxd
@@ -141,7 +141,7 @@ cdef extern from "libnetfilter_queue/libnetfilter_queue.h":
 
     int nfq_fd(nfq_handle *h)
     nfqnl_msg_packet_hdr *nfq_get_msg_packet_hdr(nfq_data *nfad)
-    int nfq_get_payload(nfq_data *nfad, char **data)
+    int nfq_get_payload(nfq_data *nfad, unsigned char **data)
     int nfq_get_timestamp(nfq_data *nfad, timeval *tv)
     nfqnl_msg_packet_hw *nfq_get_packet_hw(nfq_data *nfad)
     int nfq_get_nfmark (nfq_data *nfad)
@@ -168,14 +168,13 @@ cdef enum:
 
 cdef class Packet:
     cdef nfq_q_handle *_qh
-    cdef nfq_data *_nfa
-    cdef nfqnl_msg_packet_hdr *_hdr
-    cdef nfqnl_msg_packet_hw *_hw
     cdef bint _verdict_is_set # True if verdict has been issued,
         # false otherwise
     cdef bint _mark_is_set # True if a mark has been given, false otherwise
+    cdef bint _hwaddr_is_set
     cdef u_int32_t _given_mark # Mark given to packet
     cdef bytes _given_payload # New payload of packet, or null
+    cdef bytes _owned_payload
 
     # From NFQ packet header:
     cdef readonly u_int32_t id
@@ -185,7 +184,7 @@ cdef class Packet:
 
     # Packet details:
     cdef Py_ssize_t payload_len
-    cdef readonly char *payload
+    cdef readonly unsigned char *payload
     cdef timeval timestamp
     cdef u_int8_t hw_addr[8]
 
@@ -198,12 +197,15 @@ cdef class Packet:
     #cdef readonly u_int32_t physoutdev
 
     cdef set_nfq_data(self, nfq_q_handle *qh, nfq_data *nfa)
+    cdef drop_refs(self)
     cdef void verdict(self, u_int8_t verdict)
     cpdef Py_ssize_t get_payload_len(self)
     cpdef double get_timestamp(self)
+    cpdef bytes get_payload(self)
     cpdef set_payload(self, bytes payload)
     cpdef set_mark(self, u_int32_t mark)
     cpdef get_mark(self)
+    cpdef retain(self)
     cpdef accept(self)
     cpdef drop(self)
     cpdef repeat(self)
diff --git a/netfilterqueue.pyx b/netfilterqueue.pyx
@@ -22,7 +22,14 @@ DEF MaxCopySize = BufferSize - MetadataSize
 DEF SockOverhead = 760+20
 DEF SockCopySize = MaxCopySize + SockOverhead
 # Socket queue should hold max number of packets of copysize bytes
-DEF SockRcvSize = DEFAULT_MAX_QUEUELEN * SockCopySize / 2
+DEF SockRcvSize = DEFAULT_MAX_QUEUELEN * SockCopySize // 2
+
+cdef extern from *:
+    """
+    #if PY_MAJOR_VERSION < 3
+    #define PyBytes_FromStringAndSize PyString_FromStringAndSize
+    #endif
+    """
 
 import socket
 cimport cpython.version
@@ -35,6 +42,7 @@ cdef int global_callback(nfq_q_handle *qh, nfgenmsg *nfmsg,
     packet = Packet()
     packet.set_nfq_data(qh, nfa)
     user_callback(packet)
+    packet.drop_refs()
     return 1
 
 cdef class Packet:
@@ -54,21 +62,37 @@ cdef class Packet:
         Assign a packet from NFQ to this object. Parse the header and load
         local values.
         """
+        cdef nfqnl_msg_packet_hw *hw
+        cdef nfqnl_msg_packet_hdr *hdr
+
+        hdr = nfq_get_msg_packet_hdr(nfa)
         self._qh = qh
-        self._nfa = nfa
-        self._hdr = nfq_get_msg_packet_hdr(nfa)
+        self.id = ntohl(hdr.packet_id)
+        self.hw_protocol = ntohs(hdr.hw_protocol)
+        self.hook = hdr.hook
 
-        self.id = ntohl(self._hdr.packet_id)
-        self.hw_protocol = ntohs(self._hdr.hw_protocol)
-        self.hook = self._hdr.hook
+        hw = nfq_get_packet_hw(nfa)
+        if hw == NULL:
+            # nfq_get_packet_hw doesn't work on OUTPUT and PREROUTING chains
+            self._hwaddr_is_set = False
+        else:
+            self.hw_addr = hw.hw_addr
+            self._hwaddr_is_set = True
 
-        self.payload_len = nfq_get_payload(self._nfa, &self.payload)
+        self.payload_len = nfq_get_payload(nfa, &self.payload)
         if self.payload_len < 0:
             raise OSError("Failed to get payload of packet.")
 
-        nfq_get_timestamp(self._nfa, &self.timestamp)
+        nfq_get_timestamp(nfa, &self.timestamp)
         self.mark = nfq_get_nfmark(nfa)
 
+    cdef drop_refs(self):
+        """
+        Called at the end of the user_callback, when the storage passed to
+        set_nfq_data() is about to be deallocated.
+        """
+        self.payload = NULL
+
     cdef void verdict(self, u_int8_t verdict):
         """Call appropriate set_verdict... function on packet."""
         if self._verdict_is_set:
@@ -99,23 +123,23 @@ cdef class Packet:
 
     def get_hw(self):
         """Return the hardware address as Python string."""
-        self._hw = nfq_get_packet_hw(self._nfa)
-        if self._hw == NULL:
-            # nfq_get_packet_hw doesn't work on OUTPUT and PREROUTING chains
-            return None
-        self.hw_addr = self._hw.hw_addr
         cdef object py_string
-        if cpython.version.PY_MAJOR_VERSION >= 3:
-            py_string = PyBytes_FromStringAndSize(<char*>self.hw_addr, 8)
-        else:
-            py_string = PyString_FromStringAndSize(<char*>self.hw_addr, 8)
+        py_string = PyBytes_FromStringAndSize(<char*>self.hw_addr, 8)
         return py_string
 
-    def get_payload(self):
+    cpdef bytes get_payload(self):
         """Return payload as Python string."""
-        cdef object py_string
-        py_string = self.payload[:self.payload_len]
-        return py_string
+        if self._owned_payload:
+            return self._owned_payload
+        elif self.payload != NULL:
+            return self.payload[:self.payload_len]
+        else:
+            raise RuntimeError(
+                "Payload data is no longer available. You must call "
+                "retain() within the user_callback in order to copy "
+                "the payload if you need to expect it after your "
+                "callback has returned."
+            )
 
     cpdef Py_ssize_t get_payload_len(self):
         return self.payload_len
@@ -136,6 +160,9 @@ cdef class Packet:
             return self._given_mark
         return self.mark
 
+    cpdef retain(self):
+        self._owned_payload = self.get_payload()
+
     cpdef accept(self):
         """Accept the packet."""
         self.verdict(NF_ACCEPT)
@@ -191,7 +218,7 @@ cdef class NetfilterQueue:
         newsiz = nfnl_rcvbufsiz(nfq_nfnlh(self.h),sock_len)
         if newsiz != sock_len*2:
             raise RuntimeWarning("Socket rcvbuf limit is now %d, requested %d." % (newsiz,sock_len))
-    
+
     def unbind(self):
         """Destroy the queue."""
         if self.qh != NULL:
diff --git a/setup.py b/setup.py
@@ -1,38 +1,34 @@
-from distutils.core import setup, Extension
+from setuptools import setup, Extension
 
 VERSION = "0.8.1" # Remember to change CHANGES.txt and netfilterqueue.pyx when version changes.
 
 try:
     # Use Cython
-    from Cython.Distutils import build_ext
-    cmd = {"build_ext": build_ext}
-    ext = Extension(
-            "netfilterqueue",
-            sources=["netfilterqueue.pyx",],
-            libraries=["netfilter_queue"],
-        )
+    from Cython.Build import cythonize
+    ext_modules = cythonize(
+        Extension(
+            "netfilterqueue", ["netfilterqueue.pyx"], libraries=["netfilter_queue"]
+        ),
+        compiler_directives={"language_level": "3str"},
+    )
 except ImportError:
     # No Cython
-    cmd = {}
-    ext = Extension(
-            "netfilterqueue",
-            sources = ["netfilterqueue.c"],
-            libraries=["netfilter_queue"],
-        )
+    ext_modules = [
+        Extension("netfilterqueue", ["netfilterqueue.c"], libraries=["netfilter_queue"])
+    ]
 
 setup(
-    cmdclass = cmd,
-    ext_modules = [ext],
+    ext_modules=ext_modules,
     name="NetfilterQueue",
     version=VERSION,
     license="MIT",
     author="Matthew Fox",
     author_email="matt@tansen.ca",
-    url="https://github.com/kti/python-netfilterqueue",
+    url="https://github.com/oremanj/python-netfilterqueue",
     description="Python bindings for libnetfilter_queue",
     long_description=open("README.rst").read(),
     download_url="http://pypi.python.org/packages/source/N/NetfilterQueue/NetfilterQueue-%s.tar.gz" % VERSION,
-    classifiers = [
+    classifiers=[
         "Development Status :: 5 - Production/Stable",
         "License :: OSI Approved :: MIT License",
         "Operating System :: POSIX :: Linux",
diff --git a/test-requirements.in b/test-requirements.in
@@ -0,0 +1,5 @@
+git+https://github.com/NightTsarina/python-unshare.git@4e98c177bdeb24c5dcfcd66c457845a776bbb75c
+pytest
+trio
+pytest-trio
+async_generator
diff --git a/test-requirements.txt b/test-requirements.txt
@@ -0,0 +1,50 @@
+#
+# This file is autogenerated by pip-compile with python 3.9
+# To update, run:
+#
+#    pip-compile test-requirements.in
+#
+async-generator==1.10
+    # via
+    #   -r test-requirements.in
+    #   pytest-trio
+    #   trio
+attrs==21.4.0
+    # via
+    #   outcome
+    #   pytest
+    #   trio
+idna==3.3
+    # via trio
+iniconfig==1.1.1
+    # via pytest
+outcome==1.1.0
+    # via
+    #   pytest-trio
+    #   trio
+packaging==21.3
+    # via pytest
+pluggy==1.0.0
+    # via pytest
+py==1.11.0
+    # via pytest
+pyparsing==3.0.6
+    # via packaging
+pytest==6.2.5
+    # via
+    #   -r test-requirements.in
+    #   pytest-trio
+pytest-trio==0.7.0
+    # via -r test-requirements.in
+python-unshare @ git+https://github.com/NightTsarina/python-unshare.git@4e98c177bdeb24c5dcfcd66c457845a776bbb75c
+    # via -r test-requirements.in
+sniffio==1.2.0
+    # via trio
+sortedcontainers==2.4.0
+    # via trio
+toml==0.10.2
+    # via pytest
+trio==0.19.0
+    # via
+    #   -r test-requirements.in
+    #   pytest-trio
diff --git a/tests/conftest.py b/tests/conftest.py
diff --git a/tests/test_basic.py b/tests/test_basic.py
