00001 #include <stdio.h>
00002 #include <stdlib.h>
00003 #include <string.h>
00004 #include <errno.h>
00005 #include <arpa/inet.h>
00006
00007 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
00008 #include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
00009
00010
00011
00012
00013
00014
00015 int main(void)
00016 {
00017 int ret;
00018 struct nfct_handle *h;
00019 struct nf_conntrack *master, *expected, *mask;
00020 struct nf_expect *exp;
00021
00022
00023
00024
00025
00026 master = nfct_new();
00027 if (!master) {
00028 perror("nfct_new");
00029 exit(EXIT_FAILURE);
00030 }
00031
00032 nfct_set_attr_u8(master, ATTR_L3PROTO, AF_INET);
00033 nfct_set_attr_u32(master, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
00034 nfct_set_attr_u32(master, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
00035
00036 nfct_set_attr_u8(master, ATTR_L4PROTO, IPPROTO_TCP);
00037 nfct_set_attr_u16(master, ATTR_PORT_SRC, htons(1025));
00038 nfct_set_attr_u16(master, ATTR_PORT_DST, htons(21));
00039
00040 nfct_setobjopt(master, NFCT_SOPT_SETUP_REPLY);
00041
00042 nfct_set_attr_u8(master, ATTR_TCP_STATE, TCP_CONNTRACK_ESTABLISHED);
00043 nfct_set_attr_u32(master, ATTR_TIMEOUT, 200);
00044
00045 h = nfct_open(CONNTRACK, 0);
00046 if (!h) {
00047 perror("nfct_open");
00048 return -1;
00049 }
00050
00051
00052
00053
00054
00055
00056 ret = nfct_query(h, NFCT_Q_CREATE, master);
00057
00058 printf("TEST: add master conntrack ");
00059 if (ret == -1)
00060 printf("(%d)(%s)\n", ret, strerror(errno));
00061 else
00062 printf("(OK)\n");
00063
00064 nfct_close(h);
00065
00066 expected = nfct_new();
00067 if (!expected) {
00068 perror("nfct_new");
00069 exit(EXIT_FAILURE);
00070 }
00071
00072 nfct_set_attr_u8(expected, ATTR_L3PROTO, AF_INET);
00073 nfct_set_attr_u32(expected, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
00074 nfct_set_attr_u32(expected, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
00075
00076 nfct_set_attr_u8(expected, ATTR_L4PROTO, IPPROTO_TCP);
00077 nfct_set_attr_u16(expected, ATTR_PORT_SRC, 0);
00078 nfct_set_attr_u16(expected, ATTR_PORT_DST, htons(10241));
00079
00080 mask = nfct_new();
00081 if (!mask) {
00082 perror("nfct_new");
00083 exit(EXIT_FAILURE);
00084 }
00085
00086 nfct_set_attr_u8(mask, ATTR_L3PROTO, AF_INET);
00087 nfct_set_attr_u32(mask, ATTR_IPV4_SRC, 0xffffffff);
00088 nfct_set_attr_u32(mask, ATTR_IPV4_DST, 0xffffffff);
00089
00090 nfct_set_attr_u8(mask, ATTR_L4PROTO, IPPROTO_TCP);
00091 nfct_set_attr_u16(mask, ATTR_PORT_SRC, 0x0000);
00092 nfct_set_attr_u16(mask, ATTR_PORT_DST, 0xffff);
00093
00094
00095
00096
00097
00098 exp = nfexp_new();
00099 if (!exp) {
00100 perror("nfexp_new");
00101 exit(EXIT_FAILURE);
00102 }
00103
00104 nfexp_set_attr(exp, ATTR_EXP_MASTER, master);
00105 nfexp_set_attr(exp, ATTR_EXP_EXPECTED, expected);
00106 nfexp_set_attr(exp, ATTR_EXP_MASK, mask);
00107 nfexp_set_attr_u32(exp, ATTR_EXP_TIMEOUT, 200);
00108
00109 nfct_destroy(master);
00110 nfct_destroy(expected);
00111 nfct_destroy(mask);
00112
00113 h = nfct_open(EXPECT, 0);
00114 if (!h) {
00115 perror("nfct_open");
00116 return -1;
00117 }
00118
00119 ret = nfexp_query(h, NFCT_Q_CREATE, exp);
00120
00121 printf("TEST: create expectation ");
00122 if (ret == -1)
00123 printf("(%d)(%s)\n", ret, strerror(errno));
00124 else
00125 printf("(OK)\n");
00126
00127 nfct_close(h);
00128
00129 ret == -1 ? exit(EXIT_FAILURE) : exit(EXIT_SUCCESS);
00130 }