libnetfilter_conntrack: test_filter.c Source File

00001 /*
00002  * Test for the filter API
00003  */
00004 
00005 #include <stdio.h>
00006 #include <stdlib.h>
00007 #include <string.h>
00008 #include <arpa/inet.h>
00009 #include <errno.h>
00010 
00011 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
00012 
00013 static int event_cb(enum nf_conntrack_msg_type type,
00014                     struct nf_conntrack *ct,
00015                     void *data)
00016 {
00017         static int n = 0;
00018         char buf[1024];
00019 
00020         nfct_snprintf(buf, sizeof(buf), ct, type, NFCT_O_PLAIN, NFCT_OF_TIME);
00021         printf("%s\n", buf);
00022 
00023         if (++n == 10)
00024                 return NFCT_CB_STOP;
00025 
00026         return NFCT_CB_CONTINUE;
00027 }
00028 
00029 int main(void)
00030 {
00031         int i, ret;
00032         struct nfct_handle *h;
00033         struct nfct_filter *filter;
00034 
00035         h = nfct_open(CONNTRACK, NF_NETLINK_CONNTRACK_NEW |
00036                                  NF_NETLINK_CONNTRACK_UPDATE);
00037         if (!h) {
00038                 perror("nfct_open");
00039                 return 0;
00040         }
00041 
00042         filter = nfct_filter_create();
00043         if (!filter) {
00044                 perror("nfct_create_filter");
00045                 return 0;
00046         }
00047 
00048         if (nfct_filter_attach(nfct_fd(h), filter) == -1) {
00049                 perror("nfct_filter_attach");
00050                 return 0;
00051         }
00052 
00053         /* protocol 255 is skipped since we support up to 255 protocols max */
00054         for (i=0; i<IPPROTO_MAX; i++)
00055                 nfct_filter_add_attr_u32(filter,NFCT_FILTER_L4PROTO,i);
00056 
00057         /* up to 127 IP addresses, above that adding is noop */
00058         for (i=0; i<128; i++) {
00059                 /* BSF always wants data in host-byte order */
00060                 struct nfct_filter_ipv4 fltr_ipv4 = {
00061                         .addr = ntohl(inet_addr("127.0.0.1")) + i,
00062                         .mask = 0xffffffff,
00063                 };
00064                 nfct_filter_add_attr(filter, NFCT_FILTER_SRC_IPV4, &fltr_ipv4);
00065         };
00066 
00067         if (nfct_filter_attach(nfct_fd(h), filter) == -1) {
00068                 perror("nfct_filter_attach");
00069                 return 0;
00070         }
00071 
00072         nfct_filter_destroy(filter);
00073 
00074         nfct_callback_register(h, NFCT_T_ALL, event_cb, NULL);
00075 
00076         ret = nfct_catch(h);
00077         printf("test ret=%d (%s)\n", ret, strerror(errno));
00078         return EXIT_SUCCESS;
00079 }