00001 #include <stdio.h>
00002 #include <stdlib.h>
00003 #include <string.h>
00004 #include <errno.h>
00005 #include <arpa/inet.h>
00006
00007 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
00008 #include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
00009
00010 int main(void)
00011 {
00012 int ret;
00013 struct nfct_handle *h;
00014 struct nf_conntrack *ct, *expected;
00015
00016
00017 ct = nfct_new();
00018 if (!ct) {
00019 perror("nfct_new");
00020 return 0;
00021 }
00022
00023 nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
00024 nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
00025 nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
00026
00027 nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP);
00028 nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(20));
00029 nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(10));
00030
00031 nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
00032
00033 nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT);
00034 nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100);
00035
00036 h = nfct_open(CONNTRACK, 0);
00037 if (!h) {
00038 perror("nfct_open");
00039 return -1;
00040 }
00041
00042 ret = nfct_query(h, NFCT_Q_CREATE, ct);
00043
00044 printf("TEST: create conntrack ");
00045 if (ret == -1)
00046 printf("(%d)(%s)\n", ret, strerror(errno));
00047 else
00048 printf("(OK)\n");
00049
00050 if (ret == -1)
00051 exit(EXIT_FAILURE);
00052
00053
00054
00055 expected = nfct_new();
00056 if (!expected) {
00057 perror("nfct_new");
00058 return 0;
00059 }
00060
00061 nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
00062 nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
00063 nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
00064
00065 nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP);
00066 nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(1024));
00067 nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(1025));
00068
00069 nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
00070
00071 nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT);
00072 nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100);
00073
00074
00075
00076 nfct_set_attr_u8(ct, ATTR_MASTER_L3PROTO, AF_INET);
00077 nfct_set_attr_u32(ct, ATTR_MASTER_IPV4_SRC, inet_addr("1.1.1.1"));
00078 nfct_set_attr_u32(ct, ATTR_MASTER_IPV4_DST, inet_addr("2.2.2.2"));
00079
00080 nfct_set_attr_u8(ct, ATTR_MASTER_L4PROTO, IPPROTO_TCP);
00081 nfct_set_attr_u16(ct, ATTR_MASTER_PORT_SRC, htons(20));
00082 nfct_set_attr_u16(ct, ATTR_MASTER_PORT_DST, htons(10));
00083
00084 ret = nfct_query(h, NFCT_Q_CREATE, ct);
00085
00086 printf("TEST: create confirmed conntrack ");
00087 if (ret == -1)
00088 printf("(%d)(%s)\n", ret, strerror(errno));
00089 else
00090 printf("(OK)\n");
00091
00092 nfct_close(h);
00093
00094 ret == -1 ? exit(EXIT_FAILURE) : exit(EXIT_SUCCESS);
00095 }