• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #include <stdio.h>
2 #include <stdlib.h>
3 #include <string.h>
4 #include <errno.h>
5 #include <arpa/inet.h>
6 
7 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
8 #include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
9 
event_cb(enum nf_conntrack_msg_type type,struct nf_conntrack * ct,void * data)10 static int event_cb(enum nf_conntrack_msg_type type,
11 		    struct nf_conntrack *ct,
12 		    void *data)
13 {
14 	static int n = 0;
15 	char buf[1024];
16 
17 	nfct_snprintf(buf, sizeof(buf), ct, type, NFCT_O_PLAIN, NFCT_OF_TIME);
18 	printf("%s\n", buf);
19 
20 	if (++n == 10)
21 		return NFCT_CB_STOP;
22 
23 	return NFCT_CB_CONTINUE;
24 }
25 
main(void)26 int main(void)
27 {
28 	int ret;
29 	struct nfct_handle *h;
30 	struct nfct_filter *filter;
31 
32 	h = nfct_open(CONNTRACK, NF_NETLINK_CONNTRACK_NEW |
33 				 NF_NETLINK_CONNTRACK_UPDATE);
34 	if (!h) {
35 		perror("nfct_open");
36 		return 0;
37 	}
38 
39 	filter = nfct_filter_create();
40 	if (!filter) {
41 		perror("nfct_create_filter");
42 		return 0;
43 	}
44 
45 	nfct_filter_add_attr_u32(filter, NFCT_FILTER_L4PROTO, IPPROTO_UDP);
46 	nfct_filter_add_attr_u32(filter, NFCT_FILTER_L4PROTO, IPPROTO_TCP);
47 
48 	struct nfct_filter_proto filter_proto = {
49 		.proto = IPPROTO_TCP,
50 		.state = TCP_CONNTRACK_ESTABLISHED
51 	};
52 
53 	nfct_filter_add_attr(filter, NFCT_FILTER_L4PROTO_STATE, &filter_proto);
54 
55 	/* BSF always wants data in host-byte order */
56 	struct nfct_filter_ipv4 filter_ipv4 = {
57 		.addr = ntohl(inet_addr("127.0.0.1")),
58 		.mask = 0xffffffff,
59 	};
60 
61 	/* ignore whatever that comes from 127.0.0.1 */
62 	nfct_filter_set_logic(filter,
63 			      NFCT_FILTER_SRC_IPV4,
64 			      NFCT_FILTER_LOGIC_NEGATIVE);
65 
66 	nfct_filter_add_attr(filter, NFCT_FILTER_SRC_IPV4, &filter_ipv4);
67 
68 	/* BSF always wants data in host-byte order */
69 	struct nfct_filter_ipv6 filter_ipv6 = {
70 		.addr = { 0x0, 0x0, 0x0, 0x1 },
71 		.mask = { 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff },
72 	};
73 
74 	/* ignore whatever that comes from ::1 (loopback) */
75 	nfct_filter_set_logic(filter,
76 			      NFCT_FILTER_SRC_IPV6,
77 			      NFCT_FILTER_LOGIC_NEGATIVE);
78 
79 	nfct_filter_add_attr(filter, NFCT_FILTER_SRC_IPV6, &filter_ipv6);
80 
81 	if (nfct_filter_attach(nfct_fd(h), filter) == -1) {
82 		perror("nfct_filter_attach");
83 		return 0;
84 	}
85 
86 	/* release the filter object, this does not detach the filter */
87 	nfct_filter_destroy(filter);
88 
89 	nfct_callback_register(h, NFCT_T_ALL, event_cb, NULL);
90 
91 	printf("TEST: waiting for 10 events...\n");
92 
93 	ret = nfct_catch(h);
94 
95 	printf("TEST: conntrack events ");
96 	if (ret == -1)
97 		printf("(%d)(%s)\n", ret, strerror(errno));
98 	else
99 		printf("(OK)\n");
100 
101 	nfct_close(h);
102 
103 	ret == -1 ? exit(EXIT_FAILURE) : exit(EXIT_SUCCESS);
104 }
105