Avoid golang/go#14210

AkihiroSuda · AkihiroSuda · commit f2d32d47190a · 2016-03-03T18:05:37.000+09:00
diff --git a/netfilter.go b/netfilter.go
@@ -35,6 +35,9 @@ import (
 	"fmt"
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/layers"
+	"os"
+	"sync"
+	"time"
 	"unsafe"
 )
 
@@ -61,6 +64,7 @@ type NFQueue struct {
 	qh      *C.struct_nfq_q_handle
 	fd      C.int
 	packets chan NFPacket
+	idx     uint32
 }
 
 //Verdict for a packet
@@ -79,6 +83,9 @@ const (
 	NF_DEFAULT_PACKET_SIZE uint32 = 0xffff
 )
 
+var theTable = make(map[uint32]*chan NFPacket, 0)
+var theTabeLock sync.RWMutex
+
 //Create and bind to queue specified by queueId
 func NewNFQueue(queueId uint16, maxPacketsInQueue uint32, packetSize uint32) (*NFQueue, error) {
 	var nfq = NFQueue{}
@@ -98,7 +105,11 @@ func NewNFQueue(queueId uint16, maxPacketsInQueue uint32, packetSize uint32) (*N
 	}
 
 	nfq.packets = make(chan NFPacket)
-	if nfq.qh, err = C.CreateQueue(nfq.h, C.u_int16_t(queueId), unsafe.Pointer(&nfq.packets)); err != nil || nfq.qh == nil {
+	nfq.idx = uint32(time.Now().UnixNano())
+	theTabeLock.Lock()
+	theTable[nfq.idx] = &nfq.packets
+	theTabeLock.Unlock()
+	if nfq.qh, err = C.CreateQueue(nfq.h, C.u_int16_t(queueId), C.u_int32_t(nfq.idx)); err != nil || nfq.qh == nil {
 		C.nfq_close(nfq.h)
 		return nil, fmt.Errorf("Error binding to queue: %v\n", err)
 	}
@@ -130,6 +141,9 @@ func NewNFQueue(queueId uint16, maxPacketsInQueue uint32, packetSize uint32) (*N
 func (nfq *NFQueue) Close() {
 	C.nfq_destroy_queue(nfq.qh)
 	C.nfq_close(nfq.h)
+	theTabeLock.Lock()
+	delete(theTable, nfq.idx)
+	theTabeLock.Unlock()
 }
 
 //Get the channel for packets
@@ -142,15 +156,23 @@ func (nfq *NFQueue) run() {
 }
 
 //export go_callback
-func go_callback(queueId C.int, data *C.uchar, len C.int, cb *chan NFPacket) Verdict {
+func go_callback(queueId C.int, data *C.uchar, len C.int, idx uint32) Verdict {
 	xdata := C.GoBytes(unsafe.Pointer(data), len)
 	packet := gopacket.NewPacket(xdata, layers.LayerTypeIPv4, gopacket.DecodeOptions{Lazy: true, NoCopy: true})
 	p := NFPacket{verdictChannel: make(chan Verdict), Packet: packet}
+	theTabeLock.RLock()
+	cb, ok := theTable[idx]
+	theTabeLock.RUnlock()
+	if !ok {
+		fmt.Fprintf(os.Stderr, "Dropping, unexpectedly due to bad idx=%d\n", idx)
+		return NF_DROP
+	}
 	select {
 	case (*cb) <- p:
 		v := <-p.verdictChannel
 		return v
 	default:
+		fmt.Fprintf(os.Stderr, "Dropping, unexpectedly due to no recv, idx=%d\n", idx)
 		return NF_DROP
 	}
 }
diff --git a/netfilter.h b/netfilter.h
@@ -27,27 +27,29 @@
 #include <linux/netfilter.h>
 #include <libnetfilter_queue/libnetfilter_queue.h>
 
-extern uint go_callback(int id, unsigned char* data, int len, void** cb_func);
+extern uint go_callback(int id, unsigned char* data, int len, u_int32_t idx);
 
 static int nf_callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, struct nfq_data *nfa, void *cb_func){
     uint32_t id = -1;
     struct nfqnl_msg_packet_hdr *ph = NULL;
     unsigned char *buffer = NULL;
     int ret = 0;
     int verdict = 0;
+    u_int32_t idx;
 
     ph = nfq_get_msg_packet_hdr(nfa);
     id = ntohl(ph->packet_id);
 
     ret = nfq_get_payload(nfa, &buffer);
-    verdict = go_callback(id, buffer, ret, cb_func);
+    idx = (uint32_t)((uintptr_t)cb_func);
+    verdict = go_callback(id, buffer, ret, idx);
 
     return nfq_set_verdict(qh, id, verdict, 0, NULL);
 }
 
-static inline struct nfq_q_handle* CreateQueue(struct nfq_handle *h, u_int16_t queue, void* cb_func)
+static inline struct nfq_q_handle* CreateQueue(struct nfq_handle *h, u_int16_t queue, u_int32_t idx)
 {
-    return nfq_create_queue(h, queue, &nf_callback, cb_func);
+  return nfq_create_queue(h, queue, &nf_callback, (void*)((uintptr_t)idx));
 }
 
 static inline void Run(struct nfq_handle *h, int fd)
