libnetfilter_conntrack: conntrack

00001 #include <stdio.h>
00002 #include <stdlib.h>
00003 #include <string.h>
00004 #include <errno.h>
00005 #include <arpa/inet.h>
00006 
00007 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
00008 #include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
00009 
00010 int main(void)
00011 {
00012         int ret;
00013         struct nfct_handle *h;
00014         struct nf_conntrack *ct, *expected;
00015 
00016         /* create master conntrack */
00017         ct = nfct_new();
00018         if (!ct) {
00019                 perror("nfct_new");
00020                 return 0;
00021         }
00022 
00023         nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
00024         nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
00025         nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
00026         
00027         nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP);
00028         nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(20));
00029         nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(10));
00030 
00031         nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
00032 
00033         nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT);
00034         nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100);
00035 
00036         h = nfct_open(CONNTRACK, 0);
00037         if (!h) {
00038                 perror("nfct_open");
00039                 return -1;
00040         }
00041 
00042         ret = nfct_query(h, NFCT_Q_CREATE, ct);
00043 
00044         printf("TEST: create conntrack ");
00045         if (ret == -1)
00046                 printf("(%d)(%s)\n", ret, strerror(errno));
00047         else
00048                 printf("(OK)\n");
00049 
00050         if (ret == -1)
00051                 exit(EXIT_FAILURE);
00052 
00053         /* setup confirmed conntrack */
00054 
00055         expected = nfct_new();
00056         if (!expected) {
00057                 perror("nfct_new");
00058                 return 0;
00059         }
00060 
00061         nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
00062         nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
00063         nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
00064         
00065         nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP);
00066         nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(1024));
00067         nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(1025));
00068 
00069         nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
00070 
00071         nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT);
00072         nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100);
00073 
00074         /* my conntrack master is ... */
00075 
00076         nfct_set_attr_u8(ct, ATTR_MASTER_L3PROTO, AF_INET);
00077         nfct_set_attr_u32(ct, ATTR_MASTER_IPV4_SRC, inet_addr("1.1.1.1"));
00078         nfct_set_attr_u32(ct, ATTR_MASTER_IPV4_DST, inet_addr("2.2.2.2"));
00079         
00080         nfct_set_attr_u8(ct, ATTR_MASTER_L4PROTO, IPPROTO_TCP);
00081         nfct_set_attr_u16(ct, ATTR_MASTER_PORT_SRC, htons(20));
00082         nfct_set_attr_u16(ct, ATTR_MASTER_PORT_DST, htons(10));
00083 
00084         ret = nfct_query(h, NFCT_Q_CREATE, ct);
00085 
00086         printf("TEST: create confirmed conntrack ");
00087         if (ret == -1)
00088                 printf("(%d)(%s)\n", ret, strerror(errno));
00089         else
00090                 printf("(OK)\n");
00091 
00092         nfct_close(h);
00093 
00094         ret == -1 ? exit(EXIT_FAILURE) : exit(EXIT_SUCCESS);
00095 }
conntrack_master.c
