00001 #include <stdio.h> 00002 #include <stdlib.h> 00003 #include <string.h> 00004 #include <errno.h> 00005 #include <arpa/inet.h> 00006 00007 #include <libnetfilter_conntrack/libnetfilter_conntrack.h> 00008 #include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h> 00009 00010 int main(void) 00011 { 00012 int ret; 00013 struct nfct_handle *h; 00014 struct nf_conntrack *ct; 00015 00016 ct = nfct_new(); 00017 if (!ct) { 00018 perror("nfct_new"); 00019 return 0; 00020 } 00021 00022 struct nfct_attr_grp_ipv4 grp_ipv4 = { 00023 .src = inet_addr("1.1.1.1"), 00024 .dst = inet_addr("2.2.2.2") 00025 }; 00026 nfct_set_attr_grp(ct, ATTR_GRP_ORIG_IPV4, &grp_ipv4); 00027 00028 struct nfct_attr_grp_port grp_port = { 00029 .sport = htons(20), 00030 .dport = htons(10) 00031 }; 00032 nfct_set_attr_grp(ct, ATTR_GRP_ORIG_PORT, &grp_port); 00033 nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP); 00034 00035 nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY); 00036 00037 nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT); 00038 nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100); 00039 nfct_set_attr(ct, ATTR_HELPER_NAME, "ftp"); 00040 00041 h = nfct_open(CONNTRACK, 0); 00042 if (!h) { 00043 perror("nfct_open"); 00044 return -1; 00045 } 00046 00047 ret = nfct_query(h, NFCT_Q_CREATE, ct); 00048 00049 printf("TEST: create conntrack "); 00050 if (ret == -1) 00051 printf("(%d)(%s)\n", ret, strerror(errno)); 00052 else 00053 printf("(OK)\n"); 00054 00055 nfct_close(h); 00056 00057 ret == -1 ? exit(EXIT_FAILURE) : exit(EXIT_SUCCESS); 00058 }