00001 #include <stdio.h>
00002 #include <stdlib.h>
00003 #include <string.h>
00004 #include <errno.h>
00005 #include <arpa/inet.h>
00006
00007 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
00008 #include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
00009
00010 static int event_cb(enum nf_conntrack_msg_type type,
00011 struct nf_conntrack *ct,
00012 void *data)
00013 {
00014 static int n = 0;
00015 char buf[1024];
00016
00017 nfct_snprintf(buf, sizeof(buf), ct, type, NFCT_O_PLAIN, NFCT_OF_TIME);
00018 printf("%s\n", buf);
00019
00020 if (++n == 10)
00021 return NFCT_CB_STOP;
00022
00023 return NFCT_CB_CONTINUE;
00024 }
00025
00026 int main(void)
00027 {
00028 int ret;
00029 struct nfct_handle *h;
00030 struct nfct_filter *filter;
00031
00032 h = nfct_open(CONNTRACK, NF_NETLINK_CONNTRACK_NEW |
00033 NF_NETLINK_CONNTRACK_UPDATE);
00034 if (!h) {
00035 perror("nfct_open");
00036 return 0;
00037 }
00038
00039 filter = nfct_filter_create();
00040 if (!filter) {
00041 perror("nfct_create_filter");
00042 return 0;
00043 }
00044
00045 nfct_filter_add_attr_u32(filter, NFCT_FILTER_L4PROTO, IPPROTO_UDP);
00046 nfct_filter_add_attr_u32(filter, NFCT_FILTER_L4PROTO, IPPROTO_TCP);
00047
00048 struct nfct_filter_proto filter_proto = {
00049 .proto = IPPROTO_TCP,
00050 .state = TCP_CONNTRACK_ESTABLISHED
00051 };
00052
00053 nfct_filter_add_attr(filter, NFCT_FILTER_L4PROTO_STATE, &filter_proto);
00054
00055
00056 struct nfct_filter_ipv4 filter_ipv4 = {
00057 .addr = ntohl(inet_addr("127.0.0.1")),
00058 .mask = 0xffffffff,
00059 };
00060
00061
00062 nfct_filter_set_logic(filter,
00063 NFCT_FILTER_SRC_IPV4,
00064 NFCT_FILTER_LOGIC_NEGATIVE);
00065
00066 nfct_filter_add_attr(filter, NFCT_FILTER_SRC_IPV4, &filter_ipv4);
00067
00068
00069 struct nfct_filter_ipv6 filter_ipv6 = {
00070 .addr = { 0x0, 0x0, 0x0, 0x1 },
00071 .mask = { 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff },
00072 };
00073
00074
00075 nfct_filter_set_logic(filter,
00076 NFCT_FILTER_SRC_IPV6,
00077 NFCT_FILTER_LOGIC_NEGATIVE);
00078
00079 nfct_filter_add_attr(filter, NFCT_FILTER_SRC_IPV6, &filter_ipv6);
00080
00081 if (nfct_filter_attach(nfct_fd(h), filter) == -1) {
00082 perror("nfct_filter_attach");
00083 return 0;
00084 }
00085
00086
00087 nfct_filter_destroy(filter);
00088
00089 nfct_callback_register(h, NFCT_T_ALL, event_cb, NULL);
00090
00091 printf("TEST: waiting for 10 events...\n");
00092
00093 ret = nfct_catch(h);
00094
00095 printf("TEST: conntrack events ");
00096 if (ret == -1)
00097 printf("(%d)(%s)\n", ret, strerror(errno));
00098 else
00099 printf("(OK)\n");
00100
00101 nfct_close(h);
00102
00103 ret == -1 ? exit(EXIT_FAILURE) : exit(EXIT_SUCCESS);
00104 }