00001 #include <stdio.h>
00002 #include <stdlib.h>
00003 #include <string.h>
00004 #include <errno.h>
00005 #include <arpa/inet.h>
00006
00007 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
00008 #include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
00009
00010
00011
00012
00013
00014
00015 int main(void)
00016 {
00017 int ret;
00018 struct nfct_handle *h;
00019 struct nf_conntrack *master, *expected, *mask;
00020 struct nf_expect *exp;
00021
00022
00023
00024
00025
00026 master = nfct_new();
00027 if (!master) {
00028 perror("nfct_new");
00029 exit(EXIT_FAILURE);
00030 }
00031
00032 nfct_set_attr_u8(master, ATTR_L3PROTO, AF_INET);
00033 nfct_set_attr_u32(master, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
00034 nfct_set_attr_u32(master, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
00035
00036 nfct_set_attr_u8(master, ATTR_L4PROTO, IPPROTO_TCP);
00037 nfct_set_attr_u16(master, ATTR_PORT_SRC, htons(1025));
00038 nfct_set_attr_u16(master, ATTR_PORT_DST, htons(21));
00039
00040 nfct_setobjopt(master, NFCT_SOPT_SETUP_REPLY);
00041
00042 nfct_set_attr_u8(master, ATTR_TCP_STATE, TCP_CONNTRACK_ESTABLISHED);
00043 nfct_set_attr_u32(master, ATTR_TIMEOUT, 200);
00044 nfct_set_attr(master, ATTR_HELPER_NAME, "ftp");
00045
00046 h = nfct_open(CONNTRACK, 0);
00047 if (!h) {
00048 perror("nfct_open");
00049 return -1;
00050 }
00051
00052 ret = nfct_query(h, NFCT_Q_CREATE, master);
00053
00054 printf("TEST: add master conntrack ");
00055 if (ret == -1)
00056 printf("(%d)(%s)\n", ret, strerror(errno));
00057 else
00058 printf("(OK)\n");
00059
00060 nfct_close(h);
00061
00062 expected = nfct_new();
00063 if (!expected) {
00064 perror("nfct_new");
00065 exit(EXIT_FAILURE);
00066 }
00067
00068 nfct_set_attr_u8(expected, ATTR_L3PROTO, AF_INET);
00069 nfct_set_attr_u32(expected, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
00070 nfct_set_attr_u32(expected, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
00071
00072 nfct_set_attr_u8(expected, ATTR_L4PROTO, IPPROTO_TCP);
00073 nfct_set_attr_u16(expected, ATTR_PORT_SRC, 0);
00074 nfct_set_attr_u16(expected, ATTR_PORT_DST, htons(10241));
00075
00076 mask = nfct_new();
00077 if (!mask) {
00078 perror("nfct_new");
00079 exit(EXIT_FAILURE);
00080 }
00081
00082 nfct_set_attr_u8(mask, ATTR_L3PROTO, AF_INET);
00083 nfct_set_attr_u32(mask, ATTR_IPV4_SRC, 0xffffffff);
00084 nfct_set_attr_u32(mask, ATTR_IPV4_DST, 0xffffffff);
00085
00086 nfct_set_attr_u8(mask, ATTR_L4PROTO, IPPROTO_TCP);
00087 nfct_set_attr_u16(mask, ATTR_PORT_SRC, 0x0000);
00088 nfct_set_attr_u16(mask, ATTR_PORT_DST, 0xffff);
00089
00090
00091
00092
00093
00094 exp = nfexp_new();
00095 if (!exp) {
00096 perror("nfexp_new");
00097 exit(EXIT_FAILURE);
00098 }
00099
00100 nfexp_set_attr(exp, ATTR_EXP_MASTER, master);
00101 nfexp_set_attr(exp, ATTR_EXP_EXPECTED, expected);
00102 nfexp_set_attr(exp, ATTR_EXP_MASK, mask);
00103 nfexp_set_attr_u32(exp, ATTR_EXP_TIMEOUT, 200);
00104
00105 nfct_destroy(master);
00106 nfct_destroy(expected);
00107 nfct_destroy(mask);
00108
00109 h = nfct_open(EXPECT, 0);
00110 if (!h) {
00111 perror("nfct_open");
00112 return -1;
00113 }
00114
00115 ret = nfexp_query(h, NFCT_Q_CREATE, exp);
00116
00117 printf("TEST: create expectation ");
00118 if (ret == -1)
00119 printf("(%d)(%s)\n", ret, strerror(errno));
00120 else
00121 printf("(OK)\n");
00122
00123 nfct_close(h);
00124
00125 ret == -1 ? exit(EXIT_FAILURE) : exit(EXIT_SUCCESS);
00126 }