libnetfilter_conntrack  1.0.6
test_filter.c
1 /*
2  * Test for the filter API
3  */
4 
5 #include <stdio.h>
6 #include <stdlib.h>
7 #include <string.h>
8 #include <arpa/inet.h>
9 #include <errno.h>
10 
11 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
12 
13 static int event_cb(enum nf_conntrack_msg_type type,
14  struct nf_conntrack *ct,
15  void *data)
16 {
17  static int n = 0;
18  char buf[1024];
19 
20  nfct_snprintf(buf, sizeof(buf), ct, type, NFCT_O_PLAIN, NFCT_OF_TIME);
21  printf("%s\n", buf);
22 
23  if (++n == 10)
24  return NFCT_CB_STOP;
25 
26  return NFCT_CB_CONTINUE;
27 }
28 
29 int main(void)
30 {
31  int i, ret;
32  struct nfct_handle *h;
33  struct nfct_filter *filter;
34 
35  h = nfct_open(CONNTRACK, NF_NETLINK_CONNTRACK_NEW |
36  NF_NETLINK_CONNTRACK_UPDATE);
37  if (!h) {
38  perror("nfct_open");
39  return 0;
40  }
41 
42  filter = nfct_filter_create();
43  if (!filter) {
44  perror("nfct_create_filter");
45  return 0;
46  }
47 
48  if (nfct_filter_attach(nfct_fd(h), filter) == -1) {
49  perror("nfct_filter_attach");
50  return 0;
51  }
52 
53  /* protocol 255 is skipped since we support up to 255 protocols max */
54  for (i=0; i<IPPROTO_MAX; i++)
55  nfct_filter_add_attr_u32(filter,NFCT_FILTER_L4PROTO,i);
56 
57  /* up to 127 IP addresses, above that adding is noop */
58  for (i=0; i<128; i++) {
59  /* BSF always wants data in host-byte order */
60  struct nfct_filter_ipv4 fltr_ipv4 = {
61  .addr = ntohl(inet_addr("127.0.0.1")) + i,
62  .mask = 0xffffffff,
63  };
64  nfct_filter_add_attr(filter, NFCT_FILTER_SRC_IPV4, &fltr_ipv4);
65  };
66 
67  if (nfct_filter_attach(nfct_fd(h), filter) == -1) {
68  perror("nfct_filter_attach");
69  return 0;
70  }
71 
72  nfct_filter_destroy(filter);
73 
74  nfct_callback_register(h, NFCT_T_ALL, event_cb, NULL);
75 
76  ret = nfct_catch(h);
77  printf("test ret=%d (%s)\n", ret, strerror(errno));
78  return EXIT_SUCCESS;
79 }
void nfct_filter_destroy(struct nfct_filter *filter)
void nfct_filter_add_attr_u32(struct nfct_filter *filter, const enum nfct_filter_attr attr, const uint32_t value)
int nfct_fd(struct nfct_handle *cth)
Definition: main.c:144
int nfct_snprintf(char *buf, unsigned int size, const struct nf_conntrack *ct, const unsigned int msg_type, const unsigned int out_type, const unsigned int out_flags)
void nfct_filter_add_attr(struct nfct_filter *filter, const enum nfct_filter_attr attr, const void *value)
struct nfct_filter * nfct_filter_create(void)
int nfct_callback_register(struct nfct_handle *h, enum nf_conntrack_msg_type type, int(*cb)(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data), void *data)
int nfct_filter_attach(int fd, struct nfct_filter *filter)
int nfct_catch(struct nfct_handle *h)
struct nfct_handle * nfct_open(uint8_t, unsigned)
Definition: main.c:84