libnetfilter_conntrack  1.0.6
conntrack_master.c
1 #include <stdio.h>
2 #include <stdlib.h>
3 #include <string.h>
4 #include <errno.h>
5 #include <arpa/inet.h>
6 
7 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
8 #include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
9 
10 int main(void)
11 {
12  int ret;
13  struct nfct_handle *h;
14  struct nf_conntrack *ct, *expected;
15 
16  /* create master conntrack */
17  ct = nfct_new();
18  if (!ct) {
19  perror("nfct_new");
20  return 0;
21  }
22 
23  nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
24  nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
25  nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
26 
27  nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP);
28  nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(20));
29  nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(10));
30 
31  nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
32 
33  nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT);
34  nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100);
35 
36  h = nfct_open(CONNTRACK, 0);
37  if (!h) {
38  perror("nfct_open");
39  nfct_destroy(ct);
40  return -1;
41  }
42 
43  ret = nfct_query(h, NFCT_Q_CREATE, ct);
44 
45  printf("TEST: create conntrack ");
46  if (ret == -1)
47  printf("(%d)(%s)\n", ret, strerror(errno));
48  else
49  printf("(OK)\n");
50 
51  nfct_destroy(ct);
52 
53  if (ret == -1)
54  exit(EXIT_FAILURE);
55 
56  /* setup confirmed conntrack */
57 
58  expected = nfct_new();
59  if (!expected) {
60  perror("nfct_new");
61  return 0;
62  }
63 
64  nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
65  nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
66  nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
67 
68  nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP);
69  nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(1024));
70  nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(1025));
71 
72  nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
73 
74  nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT);
75  nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100);
76 
77  /* my conntrack master is ... */
78 
79  nfct_set_attr_u8(ct, ATTR_MASTER_L3PROTO, AF_INET);
80  nfct_set_attr_u32(ct, ATTR_MASTER_IPV4_SRC, inet_addr("1.1.1.1"));
81  nfct_set_attr_u32(ct, ATTR_MASTER_IPV4_DST, inet_addr("2.2.2.2"));
82 
83  nfct_set_attr_u8(ct, ATTR_MASTER_L4PROTO, IPPROTO_TCP);
84  nfct_set_attr_u16(ct, ATTR_MASTER_PORT_SRC, htons(20));
85  nfct_set_attr_u16(ct, ATTR_MASTER_PORT_DST, htons(10));
86 
87  ret = nfct_query(h, NFCT_Q_CREATE, ct);
88 
89  printf("TEST: create confirmed conntrack ");
90  if (ret == -1)
91  printf("(%d)(%s)\n", ret, strerror(errno));
92  else
93  printf("(OK)\n");
94 
95  nfct_close(h);
96 
97  nfct_destroy(expected);
98 
99  ret == -1 ? exit(EXIT_FAILURE) : exit(EXIT_SUCCESS);
100 }
void nfct_set_attr_u32(struct nf_conntrack *ct, const enum nf_conntrack_attr type, uint32_t value)
int nfct_query(struct nfct_handle *h, const enum nf_conntrack_query query, const void *data)
int nfct_close(struct nfct_handle *cth)
Definition: main.c:105
void nfct_destroy(struct nf_conntrack *ct)
Definition: conntrack/api.c:92
int nfct_setobjopt(struct nf_conntrack *ct, unsigned int option)
void nfct_set_attr_u16(struct nf_conntrack *ct, const enum nf_conntrack_attr type, uint16_t value)
struct nf_conntrack * nfct_new(void)
Definition: conntrack/api.c:75
void nfct_set_attr_u8(struct nf_conntrack *ct, const enum nf_conntrack_attr type, uint8_t value)
struct nfct_handle * nfct_open(uint8_t, unsigned)
Definition: main.c:84